github.com/lzy4123/fabric@v2.1.1+incompatible/gossip/comm/comm_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package comm
     8  
     9  import (
    10  	"bytes"
    11  	"context"
    12  	"crypto/hmac"
    13  	"crypto/sha256"
    14  	"crypto/tls"
    15  	"errors"
    16  	"fmt"
    17  	"io"
    18  	"math/rand"
    19  	"net"
    20  	"strconv"
    21  	"sync"
    22  	"sync/atomic"
    23  	"testing"
    24  	"time"
    25  
    26  	cb "github.com/hyperledger/fabric-protos-go/common"
    27  	proto "github.com/hyperledger/fabric-protos-go/gossip"
    28  	"github.com/hyperledger/fabric/bccsp/factory"
    29  	"github.com/hyperledger/fabric/common/flogging"
    30  	"github.com/hyperledger/fabric/common/metrics/disabled"
    31  	"github.com/hyperledger/fabric/gossip/api"
    32  	"github.com/hyperledger/fabric/gossip/api/mocks"
    33  	gmocks "github.com/hyperledger/fabric/gossip/comm/mocks"
    34  	"github.com/hyperledger/fabric/gossip/common"
    35  	"github.com/hyperledger/fabric/gossip/identity"
    36  	"github.com/hyperledger/fabric/gossip/metrics"
    37  	"github.com/hyperledger/fabric/gossip/protoext"
    38  	"github.com/hyperledger/fabric/gossip/util"
    39  	"github.com/hyperledger/fabric/internal/pkg/comm"
    40  	"github.com/stretchr/testify/assert"
    41  	"github.com/stretchr/testify/mock"
    42  	"google.golang.org/grpc"
    43  	"google.golang.org/grpc/credentials"
    44  )
    45  
    46  func init() {
    47  	util.SetupTestLogging()
    48  	rand.Seed(time.Now().UnixNano())
    49  	factory.InitFactories(nil)
    50  	naiveSec.On("OrgByPeerIdentity", mock.Anything).Return(api.OrgIdentityType{})
    51  }
    52  
    53  var testCommConfig = CommConfig{
    54  	DialTimeout:  300 * time.Millisecond,
    55  	ConnTimeout:  DefConnTimeout,
    56  	RecvBuffSize: DefRecvBuffSize,
    57  	SendBuffSize: DefSendBuffSize,
    58  }
    59  
    60  func acceptAll(msg interface{}) bool {
    61  	return true
    62  }
    63  
    64  var noopPurgeIdentity = func(_ common.PKIidType, _ api.PeerIdentityType) {
    65  
    66  }
    67  
    68  var (
    69  	naiveSec        = &naiveSecProvider{}
    70  	hmacKey         = []byte{0, 0, 0}
    71  	disabledMetrics = metrics.NewGossipMetrics(&disabled.Provider{}).CommMetrics
    72  )
    73  
    74  type naiveSecProvider struct {
    75  	mocks.SecurityAdvisor
    76  }
    77  
    78  func (nsp *naiveSecProvider) OrgByPeerIdentity(identity api.PeerIdentityType) api.OrgIdentityType {
    79  	return nsp.SecurityAdvisor.Called(identity).Get(0).(api.OrgIdentityType)
    80  }
    81  
    82  func (*naiveSecProvider) Expiration(peerIdentity api.PeerIdentityType) (time.Time, error) {
    83  	return time.Now().Add(time.Hour), nil
    84  }
    85  
    86  func (*naiveSecProvider) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
    87  	return nil
    88  }
    89  
    90  // GetPKIidOfCert returns the PKI-ID of a peer's identity
    91  func (*naiveSecProvider) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType {
    92  	return common.PKIidType(peerIdentity)
    93  }
    94  
    95  // VerifyBlock returns nil if the block is properly signed,
    96  // else returns error
    97  func (*naiveSecProvider) VerifyBlock(channelID common.ChannelID, seqNum uint64, signedBlock *cb.Block) error {
    98  	return nil
    99  }
   100  
   101  // Sign signs msg with this peer's signing key and outputs
   102  // the signature if no error occurred.
   103  func (*naiveSecProvider) Sign(msg []byte) ([]byte, error) {
   104  	mac := hmac.New(sha256.New, hmacKey)
   105  	mac.Write(msg)
   106  	return mac.Sum(nil), nil
   107  }
   108  
   109  // Verify checks that signature is a valid signature of message under a peer's verification key.
   110  // If the verification succeeded, Verify returns nil meaning no error occurred.
   111  // If peerCert is nil, then the signature is verified against this peer's verification key.
   112  func (*naiveSecProvider) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
   113  	mac := hmac.New(sha256.New, hmacKey)
   114  	mac.Write(message)
   115  	expected := mac.Sum(nil)
   116  	if !bytes.Equal(signature, expected) {
   117  		return fmt.Errorf("Wrong certificate:%v, %v", signature, message)
   118  	}
   119  	return nil
   120  }
   121  
   122  // VerifyByChannel verifies a peer's signature on a message in the context
   123  // of a specific channel
   124  func (*naiveSecProvider) VerifyByChannel(_ common.ChannelID, _ api.PeerIdentityType, _, _ []byte) error {
   125  	return nil
   126  }
   127  
   128  func newCommInstanceOnlyWithMetrics(t *testing.T, commMetrics *metrics.CommMetrics, sec *naiveSecProvider,
   129  	gRPCServer *comm.GRPCServer, certs *common.TLSCertificates,
   130  	secureDialOpts api.PeerSecureDialOpts, dialOpts ...grpc.DialOption) Comm {
   131  
   132  	_, portString, err := net.SplitHostPort(gRPCServer.Address())
   133  	assert.NoError(t, err)
   134  
   135  	endpoint := fmt.Sprintf("127.0.0.1:%s", portString)
   136  	id := []byte(endpoint)
   137  	identityMapper := identity.NewIdentityMapper(sec, id, noopPurgeIdentity, sec)
   138  
   139  	commInst, err := NewCommInstance(gRPCServer.Server(), certs, identityMapper, id, secureDialOpts,
   140  		sec, commMetrics, testCommConfig, dialOpts...)
   141  	assert.NoError(t, err)
   142  
   143  	go func() {
   144  		err := gRPCServer.Start()
   145  		assert.NoError(t, err)
   146  	}()
   147  
   148  	return &commGRPC{commInst.(*commImpl), gRPCServer}
   149  }
   150  
   151  type commGRPC struct {
   152  	*commImpl
   153  	gRPCServer *comm.GRPCServer
   154  }
   155  
   156  func (c *commGRPC) Stop() {
   157  	c.commImpl.Stop()
   158  	c.commImpl.idMapper.Stop()
   159  	c.gRPCServer.Stop()
   160  }
   161  
   162  func newCommInstanceOnly(t *testing.T, sec *naiveSecProvider,
   163  	gRPCServer *comm.GRPCServer, certs *common.TLSCertificates,
   164  	secureDialOpts api.PeerSecureDialOpts, dialOpts ...grpc.DialOption) Comm {
   165  	return newCommInstanceOnlyWithMetrics(t, disabledMetrics, sec, gRPCServer, certs, secureDialOpts, dialOpts...)
   166  }
   167  
   168  func newCommInstance(t *testing.T, sec *naiveSecProvider) (c Comm, port int) {
   169  	port, gRPCServer, certs, secureDialOpts, dialOpts := util.CreateGRPCLayer()
   170  	comm := newCommInstanceOnly(t, sec, gRPCServer, certs, secureDialOpts, dialOpts...)
   171  	return comm, port
   172  }
   173  
   174  type msgMutator func(*protoext.SignedGossipMessage) *protoext.SignedGossipMessage
   175  
   176  type tlsType int
   177  
   178  const (
   179  	none tlsType = iota
   180  	oneWayTLS
   181  	mutualTLS
   182  )
   183  
   184  func handshaker(port int, endpoint string, comm Comm, t *testing.T, connMutator msgMutator, connType tlsType) <-chan protoext.ReceivedMessage {
   185  	c := &commImpl{}
   186  	cert := GenerateCertificatesOrPanic()
   187  	tlsCfg := &tls.Config{
   188  		InsecureSkipVerify: true,
   189  	}
   190  	if connType == mutualTLS {
   191  		tlsCfg.Certificates = []tls.Certificate{cert}
   192  	}
   193  	ta := credentials.NewTLS(tlsCfg)
   194  	secureOpts := grpc.WithTransportCredentials(ta)
   195  	if connType == none {
   196  		secureOpts = grpc.WithInsecure()
   197  	}
   198  	acceptChan := comm.Accept(acceptAll)
   199  	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
   200  	defer cancel()
   201  	target := fmt.Sprintf("127.0.0.1:%d", port)
   202  	conn, err := grpc.DialContext(ctx, target, secureOpts, grpc.WithBlock())
   203  	assert.NoError(t, err, "%v", err)
   204  	if err != nil {
   205  		return nil
   206  	}
   207  	cl := proto.NewGossipClient(conn)
   208  	stream, err := cl.GossipStream(context.Background())
   209  	assert.NoError(t, err, "%v", err)
   210  	if err != nil {
   211  		return nil
   212  	}
   213  
   214  	var clientCertHash []byte
   215  	if len(tlsCfg.Certificates) > 0 {
   216  		clientCertHash = certHashFromRawCert(tlsCfg.Certificates[0].Certificate[0])
   217  	}
   218  
   219  	pkiID := common.PKIidType(endpoint)
   220  	assert.NoError(t, err, "%v", err)
   221  	msg, _ := c.createConnectionMsg(pkiID, clientCertHash, []byte(endpoint), func(msg []byte) ([]byte, error) {
   222  		mac := hmac.New(sha256.New, hmacKey)
   223  		mac.Write(msg)
   224  		return mac.Sum(nil), nil
   225  	}, false)
   226  	// Mutate connection message to test negative paths
   227  	msg = connMutator(msg)
   228  	// Send your own connection message
   229  	stream.Send(msg.Envelope)
   230  	// Wait for connection message from the other side
   231  	envelope, err := stream.Recv()
   232  	if err != nil {
   233  		return acceptChan
   234  	}
   235  	assert.NoError(t, err, "%v", err)
   236  	msg, err = protoext.EnvelopeToGossipMessage(envelope)
   237  	assert.NoError(t, err, "%v", err)
   238  	assert.Equal(t, []byte(target), msg.GetConn().PkiId)
   239  	assert.Equal(t, extractCertificateHashFromContext(stream.Context()), msg.GetConn().TlsCertHash)
   240  	msg2Send := createGossipMsg()
   241  	nonce := uint64(rand.Int())
   242  	msg2Send.Nonce = nonce
   243  	go stream.Send(msg2Send.Envelope)
   244  	return acceptChan
   245  }
   246  
   247  func TestMutualParallelSendWithAck(t *testing.T) {
   248  	t.Parallel()
   249  
   250  	// This test tests concurrent and parallel sending of many (1000) messages
   251  	// from 2 instances to one another at the same time.
   252  
   253  	msgNum := 1000
   254  
   255  	comm1, port1 := newCommInstance(t, naiveSec)
   256  	comm2, port2 := newCommInstance(t, naiveSec)
   257  	defer comm1.Stop()
   258  	defer comm2.Stop()
   259  
   260  	acceptData := func(o interface{}) bool {
   261  		m := o.(protoext.ReceivedMessage).GetGossipMessage()
   262  		return protoext.IsDataMsg(m.GossipMessage)
   263  	}
   264  
   265  	inc1 := comm1.Accept(acceptData)
   266  	inc2 := comm2.Accept(acceptData)
   267  
   268  	// Send a message from comm1 to comm2, to make the instances establish a preliminary connection
   269  	comm1.Send(createGossipMsg(), remotePeer(port2))
   270  	// Wait for the message to be received in comm2
   271  	<-inc2
   272  
   273  	for i := 0; i < msgNum; i++ {
   274  		go comm1.SendWithAck(createGossipMsg(), time.Second*5, 1, remotePeer(port2))
   275  	}
   276  
   277  	for i := 0; i < msgNum; i++ {
   278  		go comm2.SendWithAck(createGossipMsg(), time.Second*5, 1, remotePeer(port1))
   279  	}
   280  
   281  	go func() {
   282  		for i := 0; i < msgNum; i++ {
   283  			<-inc1
   284  		}
   285  	}()
   286  
   287  	for i := 0; i < msgNum; i++ {
   288  		<-inc2
   289  	}
   290  }
   291  
   292  func getAvailablePort(t *testing.T) (port int, endpoint string, ll net.Listener) {
   293  	ll, err := net.Listen("tcp", "127.0.0.1:0")
   294  	assert.NoError(t, err)
   295  	endpoint = ll.Addr().String()
   296  	_, portS, err := net.SplitHostPort(endpoint)
   297  	assert.NoError(t, err)
   298  	portInt, err := strconv.Atoi(portS)
   299  	assert.NoError(t, err)
   300  	return portInt, endpoint, ll
   301  }
   302  
   303  func TestHandshake(t *testing.T) {
   304  	t.Parallel()
   305  	signer := func(msg []byte) ([]byte, error) {
   306  		mac := hmac.New(sha256.New, hmacKey)
   307  		mac.Write(msg)
   308  		return mac.Sum(nil), nil
   309  	}
   310  	mutator := func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   311  		return msg
   312  	}
   313  	assertPositivePath := func(msg protoext.ReceivedMessage, endpoint string) {
   314  		expectedPKIID := common.PKIidType(endpoint)
   315  		assert.Equal(t, expectedPKIID, msg.GetConnectionInfo().ID)
   316  		assert.Equal(t, api.PeerIdentityType(endpoint), msg.GetConnectionInfo().Identity)
   317  		assert.NotNil(t, msg.GetConnectionInfo().Auth)
   318  		sig, _ := (&naiveSecProvider{}).Sign(msg.GetConnectionInfo().Auth.SignedData)
   319  		assert.Equal(t, sig, msg.GetConnectionInfo().Auth.Signature)
   320  	}
   321  
   322  	// Positive path 1 - check authentication without TLS
   323  	port, endpoint, ll := getAvailablePort(t)
   324  	s := grpc.NewServer()
   325  	id := []byte(endpoint)
   326  	idMapper := identity.NewIdentityMapper(naiveSec, id, noopPurgeIdentity, naiveSec)
   327  	inst, err := NewCommInstance(s, nil, idMapper, api.PeerIdentityType(endpoint), func() []grpc.DialOption {
   328  		return []grpc.DialOption{grpc.WithInsecure()}
   329  	}, naiveSec, disabledMetrics, testCommConfig)
   330  	go s.Serve(ll)
   331  	assert.NoError(t, err)
   332  	var msg protoext.ReceivedMessage
   333  
   334  	_, tempEndpoint, tempL := getAvailablePort(t)
   335  	acceptChan := handshaker(port, tempEndpoint, inst, t, mutator, none)
   336  	select {
   337  	case <-time.After(time.Duration(time.Second * 4)):
   338  		assert.FailNow(t, "Didn't receive a message, seems like handshake failed")
   339  	case msg = <-acceptChan:
   340  	}
   341  	assert.Equal(t, common.PKIidType(tempEndpoint), msg.GetConnectionInfo().ID)
   342  	assert.Equal(t, api.PeerIdentityType(tempEndpoint), msg.GetConnectionInfo().Identity)
   343  	sig, _ := (&naiveSecProvider{}).Sign(msg.GetConnectionInfo().Auth.SignedData)
   344  	assert.Equal(t, sig, msg.GetConnectionInfo().Auth.Signature)
   345  
   346  	inst.Stop()
   347  	s.Stop()
   348  	ll.Close()
   349  	tempL.Close()
   350  	time.Sleep(time.Second)
   351  
   352  	comm, port := newCommInstance(t, naiveSec)
   353  	defer comm.Stop()
   354  	// Positive path 2: initiating peer sends its own certificate
   355  	_, tempEndpoint, tempL = getAvailablePort(t)
   356  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, mutualTLS)
   357  
   358  	select {
   359  	case <-time.After(time.Second * 2):
   360  		assert.FailNow(t, "Didn't receive a message, seems like handshake failed")
   361  	case msg = <-acceptChan:
   362  	}
   363  	assertPositivePath(msg, tempEndpoint)
   364  	tempL.Close()
   365  
   366  	// Negative path: initiating peer doesn't send its own certificate
   367  	_, tempEndpoint, tempL = getAvailablePort(t)
   368  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, oneWayTLS)
   369  	time.Sleep(time.Second)
   370  	assert.Equal(t, 0, len(acceptChan))
   371  	tempL.Close()
   372  
   373  	// Negative path, signature is wrong
   374  	_, tempEndpoint, tempL = getAvailablePort(t)
   375  	mutator = func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   376  		msg.Signature = append(msg.Signature, 0)
   377  		return msg
   378  	}
   379  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, mutualTLS)
   380  	time.Sleep(time.Second)
   381  	assert.Equal(t, 0, len(acceptChan))
   382  	tempL.Close()
   383  
   384  	// Negative path, the PKIid doesn't match the identity
   385  	_, tempEndpoint, tempL = getAvailablePort(t)
   386  	mutator = func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   387  		msg.GetConn().PkiId = []byte(tempEndpoint)
   388  		// Sign the message again
   389  		msg.Sign(signer)
   390  		return msg
   391  	}
   392  	_, tempEndpoint2, tempL2 := getAvailablePort(t)
   393  	acceptChan = handshaker(port, tempEndpoint2, comm, t, mutator, mutualTLS)
   394  	time.Sleep(time.Second)
   395  	assert.Equal(t, 0, len(acceptChan))
   396  	tempL.Close()
   397  	tempL2.Close()
   398  
   399  	// Negative path, the cert hash isn't what is expected
   400  	_, tempEndpoint, tempL = getAvailablePort(t)
   401  	mutator = func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   402  		msg.GetConn().TlsCertHash = append(msg.GetConn().TlsCertHash, 0)
   403  		msg.Sign(signer)
   404  		return msg
   405  	}
   406  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, mutualTLS)
   407  	time.Sleep(time.Second)
   408  	assert.Equal(t, 0, len(acceptChan))
   409  	tempL.Close()
   410  
   411  	// Negative path, no PKI-ID was sent
   412  	_, tempEndpoint, tempL = getAvailablePort(t)
   413  	mutator = func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   414  		msg.GetConn().PkiId = nil
   415  		msg.Sign(signer)
   416  		return msg
   417  	}
   418  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, mutualTLS)
   419  	time.Sleep(time.Second)
   420  	assert.Equal(t, 0, len(acceptChan))
   421  	tempL.Close()
   422  
   423  	// Negative path, connection message is of a different type
   424  	_, tempEndpoint, tempL = getAvailablePort(t)
   425  	mutator = func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   426  		msg.Content = &proto.GossipMessage_Empty{
   427  			Empty: &proto.Empty{},
   428  		}
   429  		msg.Sign(signer)
   430  		return msg
   431  	}
   432  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, mutualTLS)
   433  	time.Sleep(time.Second)
   434  	assert.Equal(t, 0, len(acceptChan))
   435  	tempL.Close()
   436  
   437  	// Negative path, the peer didn't respond to the handshake in due time
   438  	_, tempEndpoint, tempL = getAvailablePort(t)
   439  	mutator = func(msg *protoext.SignedGossipMessage) *protoext.SignedGossipMessage {
   440  		time.Sleep(time.Second * 5)
   441  		return msg
   442  	}
   443  	acceptChan = handshaker(port, tempEndpoint, comm, t, mutator, mutualTLS)
   444  	time.Sleep(time.Second)
   445  	assert.Equal(t, 0, len(acceptChan))
   446  	tempL.Close()
   447  }
   448  
   449  func TestConnectUnexpectedPeer(t *testing.T) {
   450  	t.Parallel()
   451  	// Scenarios: In both scenarios, comm1 connects to comm2 or comm3.
   452  	// and expects to see a PKI-ID which is equal to comm4's PKI-ID.
   453  	// The connection attempt would succeed or fail based on whether comm2 or comm3
   454  	// are in the same org as comm4
   455  
   456  	identityByPort := func(port int) api.PeerIdentityType {
   457  		return api.PeerIdentityType(fmt.Sprintf("127.0.0.1:%d", port))
   458  	}
   459  
   460  	customNaiveSec := &naiveSecProvider{}
   461  
   462  	comm1Port, gRPCServer1, certs1, secureDialOpts1, dialOpts1 := util.CreateGRPCLayer()
   463  	comm2Port, gRPCServer2, certs2, secureDialOpts2, dialOpts2 := util.CreateGRPCLayer()
   464  	comm3Port, gRPCServer3, certs3, secureDialOpts3, dialOpts3 := util.CreateGRPCLayer()
   465  	comm4Port, gRPCServer4, certs4, secureDialOpts4, dialOpts4 := util.CreateGRPCLayer()
   466  
   467  	customNaiveSec.On("OrgByPeerIdentity", identityByPort(comm1Port)).Return(api.OrgIdentityType("O"))
   468  	customNaiveSec.On("OrgByPeerIdentity", identityByPort(comm2Port)).Return(api.OrgIdentityType("A"))
   469  	customNaiveSec.On("OrgByPeerIdentity", identityByPort(comm3Port)).Return(api.OrgIdentityType("B"))
   470  	customNaiveSec.On("OrgByPeerIdentity", identityByPort(comm4Port)).Return(api.OrgIdentityType("A"))
   471  
   472  	comm1 := newCommInstanceOnly(t, customNaiveSec, gRPCServer1, certs1, secureDialOpts1, dialOpts1...)
   473  	comm2 := newCommInstanceOnly(t, naiveSec, gRPCServer2, certs2, secureDialOpts2, dialOpts2...)
   474  	comm3 := newCommInstanceOnly(t, naiveSec, gRPCServer3, certs3, secureDialOpts3, dialOpts3...)
   475  	comm4 := newCommInstanceOnly(t, naiveSec, gRPCServer4, certs4, secureDialOpts4, dialOpts4...)
   476  
   477  	defer comm1.Stop()
   478  	defer comm2.Stop()
   479  	defer comm3.Stop()
   480  	defer comm4.Stop()
   481  
   482  	messagesForComm1 := comm1.Accept(acceptAll)
   483  	messagesForComm2 := comm2.Accept(acceptAll)
   484  	messagesForComm3 := comm3.Accept(acceptAll)
   485  
   486  	// Have comm4 send a message to comm1
   487  	// in order for comm1 to know comm4
   488  	comm4.Send(createGossipMsg(), remotePeer(comm1Port))
   489  	<-messagesForComm1
   490  	// Close the connection with comm4
   491  	comm1.CloseConn(remotePeer(comm4Port))
   492  	// At this point, comm1 knows comm4's identity and organization
   493  
   494  	t.Run("Same organization", func(t *testing.T) {
   495  		unexpectedRemotePeer := remotePeer(comm2Port)
   496  		unexpectedRemotePeer.PKIID = remotePeer(comm4Port).PKIID
   497  		comm1.Send(createGossipMsg(), unexpectedRemotePeer)
   498  		select {
   499  		case <-messagesForComm2:
   500  		case <-time.After(time.Second * 5):
   501  			assert.Fail(t, "Didn't receive a message within a timely manner")
   502  			util.PrintStackTrace()
   503  		}
   504  	})
   505  
   506  	t.Run("Unexpected organization", func(t *testing.T) {
   507  		unexpectedRemotePeer := remotePeer(comm3Port)
   508  		unexpectedRemotePeer.PKIID = remotePeer(comm4Port).PKIID
   509  		comm1.Send(createGossipMsg(), unexpectedRemotePeer)
   510  		select {
   511  		case <-messagesForComm3:
   512  			assert.Fail(t, "Message shouldn't have been received")
   513  		case <-time.After(time.Second * 5):
   514  		}
   515  	})
   516  }
   517  
   518  func TestGetConnectionInfo(t *testing.T) {
   519  	t.Parallel()
   520  	comm1, port1 := newCommInstance(t, naiveSec)
   521  	comm2, _ := newCommInstance(t, naiveSec)
   522  	defer comm1.Stop()
   523  	defer comm2.Stop()
   524  	m1 := comm1.Accept(acceptAll)
   525  	comm2.Send(createGossipMsg(), remotePeer(port1))
   526  	select {
   527  	case <-time.After(time.Second * 10):
   528  		t.Fatal("Didn't receive a message in time")
   529  	case msg := <-m1:
   530  		assert.Equal(t, comm2.GetPKIid(), msg.GetConnectionInfo().ID)
   531  		assert.NotNil(t, msg.GetSourceEnvelope())
   532  	}
   533  }
   534  
   535  func TestCloseConn(t *testing.T) {
   536  	t.Parallel()
   537  	comm1, port1 := newCommInstance(t, naiveSec)
   538  	defer comm1.Stop()
   539  	acceptChan := comm1.Accept(acceptAll)
   540  
   541  	cert := GenerateCertificatesOrPanic()
   542  	tlsCfg := &tls.Config{
   543  		InsecureSkipVerify: true,
   544  		Certificates:       []tls.Certificate{cert},
   545  	}
   546  	ta := credentials.NewTLS(tlsCfg)
   547  
   548  	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
   549  	defer cancel()
   550  	target := fmt.Sprintf("127.0.0.1:%d", port1)
   551  	conn, err := grpc.DialContext(ctx, target, grpc.WithTransportCredentials(ta), grpc.WithBlock())
   552  	assert.NoError(t, err, "%v", err)
   553  	cl := proto.NewGossipClient(conn)
   554  	stream, err := cl.GossipStream(context.Background())
   555  	assert.NoError(t, err, "%v", err)
   556  	c := &commImpl{}
   557  	tlsCertHash := certHashFromRawCert(tlsCfg.Certificates[0].Certificate[0])
   558  	connMsg, _ := c.createConnectionMsg(common.PKIidType("pkiID"), tlsCertHash, api.PeerIdentityType("pkiID"), func(msg []byte) ([]byte, error) {
   559  		mac := hmac.New(sha256.New, hmacKey)
   560  		mac.Write(msg)
   561  		return mac.Sum(nil), nil
   562  	}, false)
   563  	assert.NoError(t, stream.Send(connMsg.Envelope))
   564  	stream.Send(createGossipMsg().Envelope)
   565  	select {
   566  	case <-acceptChan:
   567  	case <-time.After(time.Second):
   568  		assert.Fail(t, "Didn't receive a message within a timely period")
   569  	}
   570  	comm1.CloseConn(&RemotePeer{PKIID: common.PKIidType("pkiID")})
   571  	time.Sleep(time.Second * 10)
   572  	gotErr := false
   573  	msg2Send := createGossipMsg()
   574  	msg2Send.GetDataMsg().Payload = &proto.Payload{
   575  		Data: make([]byte, 1024*1024),
   576  	}
   577  	protoext.NoopSign(msg2Send.GossipMessage)
   578  	for i := 0; i < DefRecvBuffSize; i++ {
   579  		err := stream.Send(msg2Send.Envelope)
   580  		if err != nil {
   581  			gotErr = true
   582  			break
   583  		}
   584  	}
   585  	assert.True(t, gotErr, "Should have failed because connection is closed")
   586  }
   587  
   588  // TestCommSend makes sure that enough messages get through
   589  // eventually. Comm.Send() is both asynchronous and best-effort, so this test
   590  // case assumes some will fail, but that eventually enough messages will get
   591  // through that the test will end.
   592  func TestCommSend(t *testing.T) {
   593  	t.Parallel()
   594  	comm1, port1 := newCommInstance(t, naiveSec)
   595  	comm2, port2 := newCommInstance(t, naiveSec)
   596  	defer comm1.Stop()
   597  	defer comm2.Stop()
   598  
   599  	// Create the receive channel before sending the messages
   600  	ch1 := comm1.Accept(acceptAll)
   601  	ch2 := comm2.Accept(acceptAll)
   602  
   603  	// control channels for background senders
   604  	stopch1 := make(chan struct{})
   605  	stopch2 := make(chan struct{})
   606  
   607  	go func() {
   608  		for {
   609  			emptyMsg := createGossipMsg()
   610  			select {
   611  			case <-stopch1:
   612  				return
   613  			default:
   614  				comm1.Send(emptyMsg, remotePeer(port2))
   615  			}
   616  		}
   617  	}()
   618  
   619  	go func() {
   620  		for {
   621  			emptyMsg := createGossipMsg()
   622  			select {
   623  			case <-stopch2:
   624  				return
   625  			default:
   626  				comm2.Send(emptyMsg, remotePeer(port1))
   627  			}
   628  		}
   629  	}()
   630  
   631  	c1recieved := 0
   632  	c2recieved := 0
   633  	// hopefully in some runs we'll fill both send and receive buffers and
   634  	// drop overflowing messages, but still finish, because the endless
   635  	// stream of messages inexorably gets through unless something is very
   636  	// broken.
   637  	totalMessagesRecieved := (DefSendBuffSize + DefRecvBuffSize) * 2
   638  RECV:
   639  	for {
   640  		select {
   641  		case <-ch1:
   642  			c1recieved++
   643  			if c1recieved == totalMessagesRecieved {
   644  				close(stopch2)
   645  			}
   646  		case <-ch2:
   647  			c2recieved++
   648  			if c2recieved == totalMessagesRecieved {
   649  				close(stopch1)
   650  			}
   651  		case <-time.After(30 * time.Second):
   652  			t.Fatalf("timed out waiting for messages to be recieved.\nc1 got %d messages\nc2 got %d messages", c1recieved, c2recieved)
   653  		default:
   654  			if c1recieved > totalMessagesRecieved && c2recieved > totalMessagesRecieved {
   655  				break RECV
   656  			}
   657  		}
   658  	}
   659  	t.Logf("c1 got %d messages\nc2 got %d messages", c1recieved, c2recieved)
   660  }
   661  
   662  type nonResponsivePeer struct {
   663  	*grpc.Server
   664  	port int
   665  }
   666  
   667  func newNonResponsivePeer(t *testing.T) *nonResponsivePeer {
   668  	port, gRPCServer, _, _, _ := util.CreateGRPCLayer()
   669  	nrp := &nonResponsivePeer{
   670  		Server: gRPCServer.Server(),
   671  		port:   port,
   672  	}
   673  	proto.RegisterGossipServer(gRPCServer.Server(), nrp)
   674  	return nrp
   675  }
   676  
   677  func (bp *nonResponsivePeer) Ping(context.Context, *proto.Empty) (*proto.Empty, error) {
   678  	time.Sleep(time.Second * 15)
   679  	return &proto.Empty{}, nil
   680  }
   681  
   682  func (bp *nonResponsivePeer) GossipStream(stream proto.Gossip_GossipStreamServer) error {
   683  	return nil
   684  }
   685  
   686  func (bp *nonResponsivePeer) stop() {
   687  	bp.Server.Stop()
   688  }
   689  
   690  func TestNonResponsivePing(t *testing.T) {
   691  	t.Parallel()
   692  	c, _ := newCommInstance(t, naiveSec)
   693  	defer c.Stop()
   694  	nonRespPeer := newNonResponsivePeer(t)
   695  	defer nonRespPeer.stop()
   696  	s := make(chan struct{})
   697  	go func() {
   698  		c.Probe(remotePeer(nonRespPeer.port))
   699  		s <- struct{}{}
   700  	}()
   701  	select {
   702  	case <-time.After(time.Second * 10):
   703  		assert.Fail(t, "Request wasn't cancelled on time")
   704  	case <-s:
   705  	}
   706  
   707  }
   708  
   709  func TestResponses(t *testing.T) {
   710  	t.Parallel()
   711  	comm1, port1 := newCommInstance(t, naiveSec)
   712  	comm2, _ := newCommInstance(t, naiveSec)
   713  
   714  	defer comm1.Stop()
   715  	defer comm2.Stop()
   716  
   717  	wg := sync.WaitGroup{}
   718  
   719  	msg := createGossipMsg()
   720  	wg.Add(1)
   721  	go func() {
   722  		inChan := comm1.Accept(acceptAll)
   723  		wg.Done()
   724  		for m := range inChan {
   725  			reply := createGossipMsg()
   726  			reply.Nonce = m.GetGossipMessage().Nonce + 1
   727  			m.Respond(reply.GossipMessage)
   728  		}
   729  	}()
   730  	expectedNOnce := uint64(msg.Nonce + 1)
   731  	responsesFromComm1 := comm2.Accept(acceptAll)
   732  
   733  	ticker := time.NewTicker(10 * time.Second)
   734  	wg.Wait()
   735  	comm2.Send(msg, remotePeer(port1))
   736  
   737  	select {
   738  	case <-ticker.C:
   739  		assert.Fail(t, "Haven't got response from comm1 within a timely manner")
   740  		break
   741  	case resp := <-responsesFromComm1:
   742  		ticker.Stop()
   743  		assert.Equal(t, expectedNOnce, resp.GetGossipMessage().Nonce)
   744  		break
   745  	}
   746  }
   747  
   748  // TestAccept makes sure that accept filters work. The probability of the parity
   749  // of all nonces being 0 or 1 is very low.
   750  func TestAccept(t *testing.T) {
   751  	t.Parallel()
   752  	comm1, port1 := newCommInstance(t, naiveSec)
   753  	comm2, _ := newCommInstance(t, naiveSec)
   754  
   755  	evenNONCESelector := func(m interface{}) bool {
   756  		return m.(protoext.ReceivedMessage).GetGossipMessage().Nonce%2 == 0
   757  	}
   758  
   759  	oddNONCESelector := func(m interface{}) bool {
   760  		return m.(protoext.ReceivedMessage).GetGossipMessage().Nonce%2 != 0
   761  	}
   762  
   763  	evenNONCES := comm1.Accept(evenNONCESelector)
   764  	oddNONCES := comm1.Accept(oddNONCESelector)
   765  
   766  	var evenResults []uint64
   767  	var oddResults []uint64
   768  
   769  	out := make(chan uint64)
   770  	sem := make(chan struct{})
   771  
   772  	readIntoSlice := func(a *[]uint64, ch <-chan protoext.ReceivedMessage) {
   773  		for m := range ch {
   774  			*a = append(*a, m.GetGossipMessage().Nonce)
   775  			select {
   776  			case out <- m.GetGossipMessage().Nonce:
   777  			default: // avoid blocking when we stop reading from out
   778  			}
   779  		}
   780  		sem <- struct{}{}
   781  	}
   782  
   783  	go readIntoSlice(&evenResults, evenNONCES)
   784  	go readIntoSlice(&oddResults, oddNONCES)
   785  
   786  	stopSend := make(chan struct{})
   787  	go func() {
   788  		for {
   789  			select {
   790  			case <-stopSend:
   791  				return
   792  			default:
   793  				comm2.Send(createGossipMsg(), remotePeer(port1))
   794  			}
   795  		}
   796  	}()
   797  
   798  	waitForMessages(t, out, (DefSendBuffSize+DefRecvBuffSize)*2, "Didn't receive all messages sent")
   799  	close(stopSend)
   800  
   801  	comm1.Stop()
   802  	comm2.Stop()
   803  
   804  	<-sem
   805  	<-sem
   806  
   807  	t.Logf("%d even nonces received", len(evenResults))
   808  	t.Logf("%d  odd nonces received", len(oddResults))
   809  
   810  	assert.NotEmpty(t, evenResults)
   811  	assert.NotEmpty(t, oddResults)
   812  
   813  	remainderPredicate := func(a []uint64, rem uint64) {
   814  		for _, n := range a {
   815  			assert.Equal(t, n%2, rem)
   816  		}
   817  	}
   818  
   819  	remainderPredicate(evenResults, 0)
   820  	remainderPredicate(oddResults, 1)
   821  }
   822  
   823  func TestReConnections(t *testing.T) {
   824  	t.Parallel()
   825  	comm1, port1 := newCommInstance(t, naiveSec)
   826  	comm2, port2 := newCommInstance(t, naiveSec)
   827  
   828  	reader := func(out chan uint64, in <-chan protoext.ReceivedMessage) {
   829  		for {
   830  			msg := <-in
   831  			if msg == nil {
   832  				return
   833  			}
   834  			out <- msg.GetGossipMessage().Nonce
   835  		}
   836  	}
   837  
   838  	out1 := make(chan uint64, 10)
   839  	out2 := make(chan uint64, 10)
   840  
   841  	go reader(out1, comm1.Accept(acceptAll))
   842  	go reader(out2, comm2.Accept(acceptAll))
   843  
   844  	// comm1 connects to comm2
   845  	comm1.Send(createGossipMsg(), remotePeer(port2))
   846  	waitForMessages(t, out2, 1, "Comm2 didn't receive a message from comm1 in a timely manner")
   847  	// comm2 sends to comm1
   848  	comm2.Send(createGossipMsg(), remotePeer(port1))
   849  	waitForMessages(t, out1, 1, "Comm1 didn't receive a message from comm2 in a timely manner")
   850  	comm1.Stop()
   851  
   852  	comm1, port1 = newCommInstance(t, naiveSec)
   853  	out1 = make(chan uint64, 1)
   854  	go reader(out1, comm1.Accept(acceptAll))
   855  	comm2.Send(createGossipMsg(), remotePeer(port1))
   856  	waitForMessages(t, out1, 1, "Comm1 didn't receive a message from comm2 in a timely manner")
   857  	comm1.Stop()
   858  	comm2.Stop()
   859  }
   860  
   861  func TestProbe(t *testing.T) {
   862  	t.Parallel()
   863  	comm1, port1 := newCommInstance(t, naiveSec)
   864  	defer comm1.Stop()
   865  	comm2, port2 := newCommInstance(t, naiveSec)
   866  	time.Sleep(time.Duration(1) * time.Second)
   867  	assert.NoError(t, comm1.Probe(remotePeer(port2)))
   868  	_, err := comm1.Handshake(remotePeer(port2))
   869  	assert.NoError(t, err)
   870  	tempPort, _, ll := getAvailablePort(t)
   871  	defer ll.Close()
   872  	assert.Error(t, comm1.Probe(remotePeer(tempPort)))
   873  	_, err = comm1.Handshake(remotePeer(tempPort))
   874  	assert.Error(t, err)
   875  	comm2.Stop()
   876  	time.Sleep(time.Duration(1) * time.Second)
   877  	assert.Error(t, comm1.Probe(remotePeer(port2)))
   878  	_, err = comm1.Handshake(remotePeer(port2))
   879  	assert.Error(t, err)
   880  	comm2, port2 = newCommInstance(t, naiveSec)
   881  	defer comm2.Stop()
   882  	time.Sleep(time.Duration(1) * time.Second)
   883  	assert.NoError(t, comm2.Probe(remotePeer(port1)))
   884  	_, err = comm2.Handshake(remotePeer(port1))
   885  	assert.NoError(t, err)
   886  	assert.NoError(t, comm1.Probe(remotePeer(port2)))
   887  	_, err = comm1.Handshake(remotePeer(port2))
   888  	assert.NoError(t, err)
   889  	// Now try a deep probe with an expected PKI-ID that doesn't match
   890  	wrongRemotePeer := remotePeer(port2)
   891  	if wrongRemotePeer.PKIID[0] == 0 {
   892  		wrongRemotePeer.PKIID[0] = 1
   893  	} else {
   894  		wrongRemotePeer.PKIID[0] = 0
   895  	}
   896  	_, err = comm1.Handshake(wrongRemotePeer)
   897  	assert.Error(t, err)
   898  	// Try a deep probe with a nil PKI-ID
   899  	endpoint := fmt.Sprintf("127.0.0.1:%d", port2)
   900  	id, err := comm1.Handshake(&RemotePeer{Endpoint: endpoint})
   901  	assert.NoError(t, err)
   902  	assert.Equal(t, api.PeerIdentityType(endpoint), id)
   903  }
   904  
   905  func TestPresumedDead(t *testing.T) {
   906  	t.Parallel()
   907  	comm1, _ := newCommInstance(t, naiveSec)
   908  	comm2, port2 := newCommInstance(t, naiveSec)
   909  
   910  	wg := sync.WaitGroup{}
   911  	wg.Add(1)
   912  	go func() {
   913  		wg.Wait()
   914  		comm1.Send(createGossipMsg(), remotePeer(port2))
   915  	}()
   916  
   917  	ticker := time.NewTicker(time.Duration(10) * time.Second)
   918  	acceptCh := comm2.Accept(acceptAll)
   919  	wg.Done()
   920  	select {
   921  	case <-acceptCh:
   922  		ticker.Stop()
   923  	case <-ticker.C:
   924  		assert.Fail(t, "Didn't get first message")
   925  	}
   926  
   927  	comm2.Stop()
   928  	go func() {
   929  		for i := 0; i < 5; i++ {
   930  			comm1.Send(createGossipMsg(), remotePeer(port2))
   931  			time.Sleep(time.Millisecond * 200)
   932  		}
   933  	}()
   934  
   935  	ticker = time.NewTicker(time.Second * time.Duration(3))
   936  	select {
   937  	case <-ticker.C:
   938  		assert.Fail(t, "Didn't get a presumed dead message within a timely manner")
   939  		break
   940  	case <-comm1.PresumedDead():
   941  		ticker.Stop()
   942  		break
   943  	}
   944  }
   945  
   946  func TestReadFromStream(t *testing.T) {
   947  	stream := &gmocks.MockStream{}
   948  	stream.On("CloseSend").Return(nil)
   949  	stream.On("Recv").Return(&proto.Envelope{Payload: []byte{1}}, nil).Once()
   950  	stream.On("Recv").Return(nil, errors.New("stream closed")).Once()
   951  
   952  	conn := newConnection(nil, nil, stream, disabledMetrics, ConnConfig{1, 1})
   953  	conn.logger = flogging.MustGetLogger("test")
   954  
   955  	errChan := make(chan error, 2)
   956  	msgChan := make(chan *protoext.SignedGossipMessage, 1)
   957  	var wg sync.WaitGroup
   958  	wg.Add(1)
   959  	go func() {
   960  		defer wg.Done()
   961  		conn.readFromStream(errChan, msgChan)
   962  	}()
   963  
   964  	select {
   965  	case <-msgChan:
   966  		assert.Fail(t, "malformed message shouldn't have been received")
   967  	case <-time.After(time.Millisecond * 100):
   968  		assert.Len(t, errChan, 1)
   969  	}
   970  
   971  	conn.close()
   972  	wg.Wait()
   973  }
   974  
   975  func TestSendBadEnvelope(t *testing.T) {
   976  	comm1, port := newCommInstance(t, naiveSec)
   977  	defer comm1.Stop()
   978  
   979  	stream, err := establishSession(t, port)
   980  	assert.NoError(t, err)
   981  
   982  	inc := comm1.Accept(acceptAll)
   983  
   984  	goodMsg := createGossipMsg()
   985  	err = stream.Send(goodMsg.Envelope)
   986  	assert.NoError(t, err)
   987  
   988  	select {
   989  	case goodMsgReceived := <-inc:
   990  		assert.Equal(t, goodMsg.Envelope.Payload, goodMsgReceived.GetSourceEnvelope().Payload)
   991  	case <-time.After(time.Minute):
   992  		assert.Fail(t, "Didn't receive message within a timely manner")
   993  		return
   994  	}
   995  
   996  	// Next, we corrupt a message and send it until the stream is closed forcefully from the remote peer
   997  	start := time.Now()
   998  	for {
   999  		badMsg := createGossipMsg()
  1000  		badMsg.Envelope.Payload = []byte{1}
  1001  		err = stream.Send(badMsg.Envelope)
  1002  		if err != nil {
  1003  			assert.Equal(t, io.EOF, err)
  1004  			break
  1005  		}
  1006  		if time.Now().After(start.Add(time.Second * 30)) {
  1007  			assert.Fail(t, "Didn't close stream within a timely manner")
  1008  			return
  1009  		}
  1010  	}
  1011  }
  1012  
  1013  func establishSession(t *testing.T, port int) (proto.Gossip_GossipStreamClient, error) {
  1014  	cert := GenerateCertificatesOrPanic()
  1015  	secureOpts := grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
  1016  		InsecureSkipVerify: true,
  1017  		Certificates:       []tls.Certificate{cert},
  1018  	}))
  1019  
  1020  	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
  1021  	defer cancel()
  1022  
  1023  	endpoint := fmt.Sprintf("127.0.0.1:%d", port)
  1024  	conn, err := grpc.DialContext(ctx, endpoint, secureOpts, grpc.WithBlock())
  1025  	assert.NoError(t, err, "%v", err)
  1026  	if err != nil {
  1027  		return nil, err
  1028  	}
  1029  	cl := proto.NewGossipClient(conn)
  1030  	stream, err := cl.GossipStream(context.Background())
  1031  	assert.NoError(t, err, "%v", err)
  1032  	if err != nil {
  1033  		return nil, err
  1034  	}
  1035  
  1036  	clientCertHash := certHashFromRawCert(cert.Certificate[0])
  1037  	pkiID := common.PKIidType([]byte{1, 2, 3})
  1038  	c := &commImpl{}
  1039  	assert.NoError(t, err, "%v", err)
  1040  	msg, _ := c.createConnectionMsg(pkiID, clientCertHash, []byte{1, 2, 3}, func(msg []byte) ([]byte, error) {
  1041  		mac := hmac.New(sha256.New, hmacKey)
  1042  		mac.Write(msg)
  1043  		return mac.Sum(nil), nil
  1044  	}, false)
  1045  	// Send your own connection message
  1046  	stream.Send(msg.Envelope)
  1047  	// Wait for connection message from the other side
  1048  	envelope, err := stream.Recv()
  1049  	if err != nil {
  1050  		return nil, err
  1051  	}
  1052  	assert.NotNil(t, envelope)
  1053  	return stream, nil
  1054  }
  1055  
  1056  func createGossipMsg() *protoext.SignedGossipMessage {
  1057  	msg, _ := protoext.NoopSign(&proto.GossipMessage{
  1058  		Tag:   proto.GossipMessage_EMPTY,
  1059  		Nonce: uint64(rand.Int()),
  1060  		Content: &proto.GossipMessage_DataMsg{
  1061  			DataMsg: &proto.DataMessage{},
  1062  		},
  1063  	})
  1064  	return msg
  1065  }
  1066  
  1067  func remotePeer(port int) *RemotePeer {
  1068  	endpoint := fmt.Sprintf("127.0.0.1:%d", port)
  1069  	return &RemotePeer{Endpoint: endpoint, PKIID: []byte(endpoint)}
  1070  }
  1071  
  1072  func waitForMessages(t *testing.T, msgChan chan uint64, count int, errMsg string) {
  1073  	c := 0
  1074  	waiting := true
  1075  	ticker := time.NewTicker(time.Duration(10) * time.Second)
  1076  	for waiting {
  1077  		select {
  1078  		case <-msgChan:
  1079  			c++
  1080  			if c == count {
  1081  				waiting = false
  1082  			}
  1083  		case <-ticker.C:
  1084  			waiting = false
  1085  		}
  1086  	}
  1087  	assert.Equal(t, count, c, errMsg)
  1088  }
  1089  
  1090  func TestConcurrentCloseSend(t *testing.T) {
  1091  	t.Parallel()
  1092  	var stopping int32
  1093  
  1094  	comm1, _ := newCommInstance(t, naiveSec)
  1095  	comm2, port2 := newCommInstance(t, naiveSec)
  1096  	m := comm2.Accept(acceptAll)
  1097  	comm1.Send(createGossipMsg(), remotePeer(port2))
  1098  	<-m
  1099  	ready := make(chan struct{})
  1100  	done := make(chan struct{})
  1101  	go func() {
  1102  		defer close(done)
  1103  
  1104  		comm1.Send(createGossipMsg(), remotePeer(port2))
  1105  		close(ready)
  1106  
  1107  		for atomic.LoadInt32(&stopping) == int32(0) {
  1108  			comm1.Send(createGossipMsg(), remotePeer(port2))
  1109  		}
  1110  	}()
  1111  	<-ready
  1112  	comm2.Stop()
  1113  	atomic.StoreInt32(&stopping, int32(1))
  1114  	<-done
  1115  }