github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/handlers/cred_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 package handlers_test 7 8 import ( 9 "crypto/rand" 10 11 "github.com/hyperledger/fabric/bccsp" 12 "github.com/hyperledger/fabric/bccsp/idemix/handlers" 13 "github.com/hyperledger/fabric/bccsp/idemix/handlers/mock" 14 . "github.com/onsi/ginkgo" 15 . "github.com/onsi/gomega" 16 "github.com/pkg/errors" 17 ) 18 19 var _ = Describe("Credential Request", func() { 20 21 Describe("when creating a credential request", func() { 22 23 var ( 24 CredentialRequestSigner *handlers.CredentialRequestSigner 25 fakeCredRequest *mock.CredRequest 26 ) 27 28 BeforeEach(func() { 29 fakeCredRequest = &mock.CredRequest{} 30 CredentialRequestSigner = &handlers.CredentialRequestSigner{CredRequest: fakeCredRequest} 31 }) 32 33 Context("and the underlying cryptographic algorithm succeed", func() { 34 var ( 35 fakeSignature []byte 36 ) 37 BeforeEach(func() { 38 fakeSignature = []byte("fake signature") 39 fakeCredRequest.SignReturns(fakeSignature, nil) 40 }) 41 42 It("returns no error and a signature", func() { 43 signature, err := CredentialRequestSigner.Sign( 44 handlers.NewUserSecretKey(nil, false), 45 nil, 46 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 47 ) 48 Expect(err).NotTo(HaveOccurred()) 49 Expect(signature).To(BeEquivalentTo(fakeSignature)) 50 51 }) 52 }) 53 54 Context("and the underlying cryptographic algorithm fails", func() { 55 BeforeEach(func() { 56 fakeCredRequest.SignReturns(nil, errors.New("sign error")) 57 }) 58 59 It("returns an error", func() { 60 signature, err := CredentialRequestSigner.Sign( 61 handlers.NewUserSecretKey(nil, false), 62 nil, 63 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 64 ) 65 Expect(err).To(MatchError("sign error")) 66 Expect(signature).To(BeNil()) 67 }) 68 }) 69 70 Context("and the options are not well formed", func() { 71 72 Context("and the user secret key is nil", func() { 73 It("returns error", func() { 74 signature, err := CredentialRequestSigner.Sign( 75 nil, 76 nil, 77 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 78 ) 79 Expect(err).To(MatchError("invalid key, expected *userSecretKey")) 80 Expect(signature).To(BeNil()) 81 }) 82 }) 83 84 Context("and the user secret key is not of type *userSecretKey", func() { 85 It("returns error", func() { 86 signature, err := CredentialRequestSigner.Sign( 87 handlers.NewIssuerPublicKey(nil), 88 nil, 89 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 90 ) 91 Expect(err).To(MatchError("invalid key, expected *userSecretKey")) 92 Expect(signature).To(BeNil()) 93 }) 94 }) 95 96 Context("and the option is missing", func() { 97 It("returns error", func() { 98 signature, err := CredentialRequestSigner.Sign( 99 handlers.NewUserSecretKey(nil, false), 100 nil, 101 nil, 102 ) 103 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialRequestSignerOpts")) 104 Expect(signature).To(BeNil()) 105 }) 106 }) 107 108 Context("and the option is not of type *bccsp.IdemixCredentialRequestSignerOpts", func() { 109 It("returns error", func() { 110 signature, err := CredentialRequestSigner.Sign( 111 handlers.NewUserSecretKey(nil, false), 112 nil, 113 &bccsp.IdemixSignerOpts{}, 114 ) 115 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialRequestSignerOpts")) 116 Expect(signature).To(BeNil()) 117 }) 118 }) 119 120 Context("and the issuer public key is missing", func() { 121 It("returns error", func() { 122 signature, err := CredentialRequestSigner.Sign( 123 handlers.NewUserSecretKey(nil, false), 124 nil, 125 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: nil}, 126 ) 127 Expect(err).To(MatchError("invalid options, missing issuer public key")) 128 Expect(signature).To(BeNil()) 129 }) 130 }) 131 132 Context("and the issuer public key is not of type *issuerPublicKey", func() { 133 It("returns error", func() { 134 signature, err := CredentialRequestSigner.Sign( 135 handlers.NewUserSecretKey(nil, false), 136 nil, 137 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: handlers.NewUserSecretKey(nil, false)}, 138 ) 139 Expect(err).To(MatchError("invalid options, expected IssuerPK as *issuerPublicKey")) 140 Expect(signature).To(BeNil()) 141 }) 142 }) 143 144 }) 145 }) 146 147 Describe("when verifying a credential request", func() { 148 149 var ( 150 CredentialRequestVerifier *handlers.CredentialRequestVerifier 151 IssuerNonce []byte 152 fakeCredRequest *mock.CredRequest 153 ) 154 155 BeforeEach(func() { 156 fakeCredRequest = &mock.CredRequest{} 157 IssuerNonce = make([]byte, 32) 158 n, err := rand.Read(IssuerNonce) 159 Expect(n).To(BeEquivalentTo(32)) 160 Expect(err).NotTo(HaveOccurred()) 161 CredentialRequestVerifier = &handlers.CredentialRequestVerifier{CredRequest: fakeCredRequest} 162 }) 163 164 Context("and the underlying cryptographic algorithm succeed", func() { 165 BeforeEach(func() { 166 fakeCredRequest.VerifyReturns(nil) 167 }) 168 169 It("returns no error and valid signature", func() { 170 valid, err := CredentialRequestVerifier.Verify( 171 handlers.NewIssuerPublicKey(nil), 172 []byte("fake signature"), 173 nil, 174 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, 175 ) 176 Expect(err).NotTo(HaveOccurred()) 177 Expect(valid).To(BeTrue()) 178 }) 179 }) 180 181 Context("and the underlying cryptographic algorithm fails", func() { 182 BeforeEach(func() { 183 fakeCredRequest.VerifyReturns(errors.New("verify error")) 184 }) 185 186 It("returns an error", func() { 187 valid, err := CredentialRequestVerifier.Verify( 188 handlers.NewIssuerPublicKey(nil), 189 []byte("fake signature"), 190 nil, 191 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, 192 ) 193 Expect(err).To(MatchError("verify error")) 194 Expect(valid).To(BeFalse()) 195 }) 196 }) 197 198 Context("and the parameters are not well formed", func() { 199 200 Context("and the issuer public key is nil", func() { 201 It("returns error", func() { 202 valid, err := CredentialRequestVerifier.Verify( 203 nil, 204 []byte("fake signature"), 205 nil, 206 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, 207 ) 208 Expect(err).To(MatchError("invalid key, expected *issuerPublicKey")) 209 Expect(valid).To(BeFalse()) 210 }) 211 }) 212 213 Context("and the issuer public key is not of type *issuerPublicKey", func() { 214 It("returns error", func() { 215 valid, err := CredentialRequestVerifier.Verify( 216 handlers.NewUserSecretKey(nil, false), 217 []byte("fake signature"), 218 nil, 219 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, 220 ) 221 Expect(err).To(MatchError("invalid key, expected *issuerPublicKey")) 222 Expect(valid).To(BeFalse()) 223 }) 224 }) 225 226 Context("and nil options are passed", func() { 227 It("returns error", func() { 228 valid, err := CredentialRequestVerifier.Verify( 229 handlers.NewIssuerPublicKey(nil), 230 []byte("fake signature"), 231 nil, 232 nil, 233 ) 234 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialRequestSignerOpts")) 235 Expect(valid).To(BeFalse()) 236 }) 237 }) 238 239 Context("and non-valid options are passed", func() { 240 It("returns error", func() { 241 valid, err := CredentialRequestVerifier.Verify( 242 handlers.NewIssuerPublicKey(nil), 243 []byte("fake signature"), 244 nil, 245 &bccsp.IdemixCRISignerOpts{}, 246 ) 247 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialRequestSignerOpts")) 248 Expect(valid).To(BeFalse()) 249 }) 250 }) 251 }) 252 }) 253 }) 254 255 var _ = Describe("Credential", func() { 256 257 Describe("when creating a credential", func() { 258 259 var ( 260 CredentialSigner *handlers.CredentialSigner 261 fakeCredential *mock.Credential 262 ) 263 264 BeforeEach(func() { 265 fakeCredential = &mock.Credential{} 266 CredentialSigner = &handlers.CredentialSigner{Credential: fakeCredential} 267 }) 268 269 Context("and the underlying cryptographic algorithm succeed", func() { 270 var ( 271 fakeSignature []byte 272 ) 273 BeforeEach(func() { 274 fakeSignature = []byte("fake signature") 275 fakeCredential.SignReturns(fakeSignature, nil) 276 }) 277 278 It("returns no error and a signature", func() { 279 signature, err := CredentialSigner.Sign( 280 handlers.NewIssuerSecretKey(nil, false), 281 nil, 282 &bccsp.IdemixCredentialSignerOpts{}, 283 ) 284 Expect(err).NotTo(HaveOccurred()) 285 Expect(signature).To(BeEquivalentTo(fakeSignature)) 286 287 }) 288 }) 289 290 Context("and the underlying cryptographic algorithm fails", func() { 291 BeforeEach(func() { 292 fakeCredential.SignReturns(nil, errors.New("sign error")) 293 }) 294 295 It("returns an error", func() { 296 signature, err := CredentialSigner.Sign( 297 handlers.NewIssuerSecretKey(nil, false), 298 nil, 299 &bccsp.IdemixCredentialSignerOpts{}, 300 ) 301 Expect(err).To(MatchError("sign error")) 302 Expect(signature).To(BeNil()) 303 }) 304 }) 305 306 Context("and the parameters are not well formed", func() { 307 308 Context("and the issuer secret key is nil", func() { 309 It("returns error", func() { 310 signature, err := CredentialSigner.Sign( 311 nil, 312 nil, 313 &bccsp.IdemixCredentialSignerOpts{}, 314 ) 315 Expect(err).To(MatchError("invalid key, expected *issuerSecretKey")) 316 Expect(signature).To(BeNil()) 317 }) 318 }) 319 320 Context("and the user secret key is not of type *issuerSecretKey", func() { 321 It("returns error", func() { 322 signature, err := CredentialSigner.Sign( 323 handlers.NewIssuerPublicKey(nil), 324 nil, 325 &bccsp.IdemixCredentialSignerOpts{}, 326 ) 327 Expect(err).To(MatchError("invalid key, expected *issuerSecretKey")) 328 Expect(signature).To(BeNil()) 329 }) 330 }) 331 332 Context("and the opt is nil", func() { 333 It("returns error", func() { 334 signature, err := CredentialSigner.Sign( 335 handlers.NewIssuerSecretKey(nil, false), 336 nil, 337 nil, 338 ) 339 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialSignerOpts")) 340 Expect(signature).To(BeNil()) 341 }) 342 }) 343 344 Context("and the opt is not of type *IdemixCredentialSignerOpts", func() { 345 It("returns error", func() { 346 signature, err := CredentialSigner.Sign( 347 handlers.NewIssuerSecretKey(nil, false), 348 nil, 349 &bccsp.IdemixCredentialRequestSignerOpts{}, 350 ) 351 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialSignerOpts")) 352 Expect(signature).To(BeNil()) 353 }) 354 }) 355 }) 356 }) 357 358 Describe("when verifying a credential", func() { 359 360 var ( 361 CredentialVerifier *handlers.CredentialVerifier 362 fakeCredential *mock.Credential 363 ) 364 365 BeforeEach(func() { 366 fakeCredential = &mock.Credential{} 367 CredentialVerifier = &handlers.CredentialVerifier{Credential: fakeCredential} 368 }) 369 370 Context("and the underlying cryptographic algorithm succeed", func() { 371 BeforeEach(func() { 372 fakeCredential.VerifyReturns(nil) 373 }) 374 375 It("returns no error and valid signature", func() { 376 valid, err := CredentialVerifier.Verify( 377 handlers.NewUserSecretKey(nil, false), 378 []byte("fake signature"), 379 nil, 380 &bccsp.IdemixCredentialSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 381 ) 382 Expect(err).NotTo(HaveOccurred()) 383 Expect(valid).To(BeTrue()) 384 }) 385 }) 386 387 Context("and the underlying cryptographic algorithm fails", func() { 388 BeforeEach(func() { 389 fakeCredential.VerifyReturns(errors.New("verify error")) 390 }) 391 392 It("returns an error", func() { 393 valid, err := CredentialVerifier.Verify( 394 handlers.NewUserSecretKey(nil, false), 395 []byte("fake signature"), 396 nil, 397 &bccsp.IdemixCredentialSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 398 ) 399 Expect(err).To(MatchError("verify error")) 400 Expect(valid).To(BeFalse()) 401 }) 402 }) 403 404 Context("and the parameters are not well formed", func() { 405 406 Context("and the user secret key is nil", func() { 407 It("returns error", func() { 408 valid, err := CredentialVerifier.Verify( 409 nil, 410 []byte("fake signature"), 411 nil, 412 &bccsp.IdemixCredentialSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 413 ) 414 Expect(err).To(MatchError("invalid key, expected *userSecretKey")) 415 Expect(valid).To(BeFalse()) 416 }) 417 }) 418 419 Context("and the user secret key is not of type *userSecretKey", func() { 420 It("returns error", func() { 421 valid, err := CredentialVerifier.Verify( 422 handlers.NewIssuerPublicKey(nil), 423 []byte("fake signature"), 424 nil, 425 &bccsp.IdemixCredentialSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 426 ) 427 Expect(err).To(MatchError("invalid key, expected *userSecretKey")) 428 Expect(valid).To(BeFalse()) 429 }) 430 }) 431 432 Context("and the signature is empty", func() { 433 It("returns error", func() { 434 valid, err := CredentialVerifier.Verify( 435 handlers.NewUserSecretKey(nil, false), 436 nil, 437 nil, 438 &bccsp.IdemixCredentialSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, 439 ) 440 Expect(err).To(MatchError("invalid signature, it must not be empty")) 441 Expect(valid).To(BeFalse()) 442 }) 443 }) 444 445 Context("and the option is empty", func() { 446 It("returns error", func() { 447 valid, err := CredentialVerifier.Verify( 448 handlers.NewUserSecretKey(nil, false), 449 []byte("fake signature"), 450 nil, 451 nil, 452 ) 453 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialSignerOpts")) 454 Expect(valid).To(BeFalse()) 455 }) 456 }) 457 458 Context("and the option is not of type *IdemixCredentialSignerOpts", func() { 459 It("returns error", func() { 460 valid, err := CredentialVerifier.Verify( 461 handlers.NewUserSecretKey(nil, false), 462 []byte("fake signature"), 463 nil, 464 &bccsp.IdemixCredentialRequestSignerOpts{}, 465 ) 466 Expect(err).To(MatchError("invalid options, expected *IdemixCredentialSignerOpts")) 467 Expect(valid).To(BeFalse()) 468 }) 469 }) 470 471 Context("and the option's issuer public key is empty", func() { 472 It("returns error", func() { 473 valid, err := CredentialVerifier.Verify( 474 handlers.NewUserSecretKey(nil, false), 475 []byte("fake signature"), 476 nil, 477 &bccsp.IdemixCredentialSignerOpts{}, 478 ) 479 Expect(err).To(MatchError("invalid options, missing issuer public key")) 480 Expect(valid).To(BeFalse()) 481 }) 482 }) 483 484 Context("and the option's issuer public key is not of type *issuerPublicKey", func() { 485 It("returns error", func() { 486 valid, err := CredentialVerifier.Verify( 487 handlers.NewUserSecretKey(nil, false), 488 []byte("fake signature"), 489 nil, 490 &bccsp.IdemixCredentialSignerOpts{IssuerPK: handlers.NewUserSecretKey(nil, false)}, 491 ) 492 Expect(err).To(MatchError("invalid issuer public key, expected *issuerPublicKey")) 493 Expect(valid).To(BeFalse()) 494 }) 495 }) 496 }) 497 }) 498 })