github.com/lzy4123/fabric@v2.1.1+incompatible/integration/pvtdata/pvtdata_test.go (about) 1 /* 2 Copyright IBM Corp All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package pvtdata 8 9 import ( 10 "bytes" 11 "context" 12 "encoding/base64" 13 "encoding/json" 14 "fmt" 15 "io/ioutil" 16 "os" 17 "os/exec" 18 "path/filepath" 19 "strconv" 20 "strings" 21 "syscall" 22 "time" 23 24 "github.com/golang/protobuf/proto" 25 "github.com/golang/protobuf/ptypes" 26 . "github.com/onsi/ginkgo" 27 . "github.com/onsi/gomega" 28 "github.com/pkg/errors" 29 "google.golang.org/grpc" 30 31 docker "github.com/fsouza/go-dockerclient" 32 cb "github.com/hyperledger/fabric-protos-go/common" 33 "github.com/hyperledger/fabric-protos-go/ledger/rwset" 34 "github.com/hyperledger/fabric-protos-go/ledger/rwset/kvrwset" 35 mspp "github.com/hyperledger/fabric-protos-go/msp" 36 ab "github.com/hyperledger/fabric-protos-go/orderer" 37 pb "github.com/hyperledger/fabric-protos-go/peer" 38 "github.com/hyperledger/fabric/bccsp/sw" 39 "github.com/hyperledger/fabric/common/crypto" 40 "github.com/hyperledger/fabric/core/ledger/util" 41 "github.com/hyperledger/fabric/integration/nwo" 42 "github.com/hyperledger/fabric/integration/nwo/commands" 43 "github.com/hyperledger/fabric/internal/pkg/comm" 44 "github.com/hyperledger/fabric/msp" 45 "github.com/hyperledger/fabric/protoutil" 46 "github.com/onsi/gomega/gbytes" 47 "github.com/onsi/gomega/gexec" 48 "github.com/tedsuo/ifrit" 49 "github.com/tedsuo/ifrit/grouper" 50 ) 51 52 // The chaincode used in these tests has two collections defined: 53 // collectionMarbles and collectionMarblePrivateDetails 54 // when calling QueryChaincode with first arg "readMarble", it will query collectionMarbles 55 // when calling QueryChaincode with first arg "readMarblePrivateDetails", it will query collectionMarblePrivateDetails 56 57 const channelID = "testchannel" 58 59 var _ bool = Describe("PrivateData", func() { 60 var ( 61 network *nwo.Network 62 process ifrit.Process 63 64 orderer *nwo.Orderer 65 ) 66 67 AfterEach(func() { 68 testCleanup(network, process) 69 }) 70 71 Describe("Dissemination when pulling and reconciliation are disabled", func() { 72 BeforeEach(func() { 73 By("setting up the network") 74 network = initThreeOrgsSetup(true) 75 76 By("setting the pull retry threshold to 0 and disabling reconciliation on all peers") 77 for _, p := range network.Peers { 78 core := network.ReadPeerConfig(p) 79 core.Peer.Gossip.PvtData.PullRetryThreshold = 0 80 core.Peer.Gossip.PvtData.ReconciliationEnabled = false 81 network.WritePeerConfig(p, core) 82 } 83 84 By("starting the network") 85 process, orderer = startNetwork(network) 86 }) 87 88 It("disseminates private data per collections_config1 (positive test) and collections_config8 (negative test)", func() { 89 90 By("deploying legacy chaincode and adding marble1") 91 testChaincode := chaincode{ 92 Chaincode: nwo.Chaincode{ 93 Name: "marblesp", 94 Version: "1.0", 95 Path: "github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd", 96 Ctor: `{"Args":["init"]}`, 97 Policy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 98 // collections_config1.json defines the access as follows: 99 // 1. collectionMarbles - Org1, Org2 have access to this collection 100 // 2. collectionMarblePrivateDetails - Org2 and Org3 have access to this collection 101 CollectionsConfig: collectionConfig("collections_config1.json"), 102 }, 103 isLegacy: true, 104 } 105 deployChaincode(network, orderer, testChaincode) 106 addMarble(network, orderer, testChaincode.Name, 107 `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}`, 108 network.Peer("Org1", "peer0"), 109 ) 110 111 assertPvtdataPresencePerCollectionConfig1(network, testChaincode.Name, "marble1") 112 113 By("deploying chaincode with RequiredPeerCount greater than number of peers, endorsement will fail") 114 testChaincodeHighRequiredPeerCount := chaincode{ 115 Chaincode: nwo.Chaincode{ 116 Name: "marblespHighRequiredPeerCount", 117 Version: "1.0", 118 Path: "github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd", 119 Ctor: `{"Args":["init"]}`, 120 Policy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 121 CollectionsConfig: collectionConfig("collections_config8_high_requiredPeerCount.json"), 122 }, 123 isLegacy: true, 124 } 125 deployChaincode(network, orderer, testChaincodeHighRequiredPeerCount) 126 127 // attempt to add a marble with insufficient dissemination to meet RequiredPeerCount 128 marbleDetailsBase64 := base64.StdEncoding.EncodeToString([]byte(`{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}`)) 129 130 command := commands.ChaincodeInvoke{ 131 ChannelID: channelID, 132 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 133 Name: testChaincodeHighRequiredPeerCount.Name, 134 Ctor: fmt.Sprintf(`{"Args":["initMarble"]}`), 135 Transient: fmt.Sprintf(`{"marble":"%s"}`, marbleDetailsBase64), 136 PeerAddresses: []string{ 137 network.PeerAddress(network.Peer("Org1", "peer0"), nwo.ListenPort), 138 }, 139 WaitForEvent: true, 140 } 141 expectedErrMsg := `Error: endorsement failure during invoke. response: status:500 message:"error in simulation: failed to distribute private collection` 142 invokeChaincodeExpectErr(network, network.Peer("Org1", "peer0"), command, expectedErrMsg) 143 }) 144 145 When("collection config does not have maxPeerCount or requiredPeerCount", func() { 146 It("disseminates private data per collections_config7 with default maxPeerCount and requiredPeerCount", func() { 147 By("deploying legacy chaincode and adding marble1") 148 testChaincode := chaincode{ 149 Chaincode: nwo.Chaincode{ 150 Name: "marblesp", 151 Version: "1.0", 152 Path: "github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd", 153 Ctor: `{"Args":["init"]}`, 154 Policy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 155 // collections_config1.json defines the access as follows: 156 // 1. collectionMarbles - Org1, Org2 have access to this collection 157 // 2. collectionMarblePrivateDetails - Org2 and Org3 have access to this collection 158 CollectionsConfig: collectionConfig("collections_config7.json"), 159 }, 160 isLegacy: true, 161 } 162 deployChaincode(network, orderer, testChaincode) 163 peer := network.Peer("Org1", "peer0") 164 By("adding marble1") 165 addMarble(network, orderer, testChaincode.Name, 166 `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}`, 167 peer, 168 ) 169 170 By("asserting pvtdata in each collection for config7") 171 assertPvtdataPresencePerCollectionConfig7(network, testChaincode.Name, "marble1", peer) 172 }) 173 }) 174 }) 175 176 Describe("Pvtdata behavior when a peer with new certs joins the network", func() { 177 var ( 178 peerProcesses map[string]ifrit.Process 179 ) 180 181 BeforeEach(func() { 182 By("setting up the network") 183 network = initThreeOrgsSetup(true) 184 185 By("starting the network") 186 peerProcesses = make(map[string]ifrit.Process) 187 network.Bootstrap() 188 189 members := grouper.Members{ 190 {Name: "brokers", Runner: network.BrokerGroupRunner()}, 191 {Name: "orderers", Runner: network.OrdererGroupRunner()}, 192 } 193 networkRunner := grouper.NewOrdered(syscall.SIGTERM, members) 194 process = ifrit.Invoke(networkRunner) 195 Eventually(process.Ready()).Should(BeClosed()) 196 197 org1peer0 := network.Peer("Org1", "peer0") 198 org2peer0 := network.Peer("Org2", "peer0") 199 org3peer0 := network.Peer("Org3", "peer0") 200 201 testPeers := []*nwo.Peer{org1peer0, org2peer0, org3peer0} 202 for _, peer := range testPeers { 203 pr := network.PeerRunner(peer) 204 p := ifrit.Invoke(pr) 205 peerProcesses[peer.ID()] = p 206 Eventually(p.Ready(), network.EventuallyTimeout).Should(BeClosed()) 207 } 208 209 orderer = network.Orderer("orderer") 210 network.CreateAndJoinChannel(orderer, channelID) 211 network.UpdateChannelAnchors(orderer, channelID) 212 213 By("verifying membership") 214 network.VerifyMembership(network.Peers, channelID) 215 216 By("installing and instantiating chaincode on all peers") 217 testChaincode := chaincode{ 218 Chaincode: nwo.Chaincode{ 219 Name: "marblesp", 220 Version: "1.0", 221 Path: "github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd", 222 Ctor: `{"Args":["init"]}`, 223 Policy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 224 CollectionsConfig: filepath.Join("testdata", "collection_configs", "collections_config1.json"), 225 }, 226 isLegacy: true, 227 } 228 deployChaincode(network, orderer, testChaincode) 229 230 By("adding marble1 with an org 1 peer as endorser") 231 peer := network.Peer("Org1", "peer0") 232 marbleDetails := `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}` 233 addMarble(network, orderer, testChaincode.Name, marbleDetails, peer) 234 235 By("waiting for block to propagate") 236 nwo.WaitUntilEqualLedgerHeight(network, channelID, nwo.GetLedgerHeight(network, network.Peers[0], channelID), network.Peers...) 237 238 org2Peer1 := &nwo.Peer{ 239 Name: "peer1", 240 Organization: "Org2", 241 Channels: []*nwo.PeerChannel{}, // Don't set channels here so the UpdateConfig call doesn't try to fetch blocks for org2Peer1 with the default Admin user 242 } 243 network.Peers = append(network.Peers, org2Peer1) 244 }) 245 246 AfterEach(func() { 247 for _, peerProcess := range peerProcesses { 248 if peerProcess != nil { 249 peerProcess.Signal(syscall.SIGTERM) 250 Eventually(peerProcess.Wait(), network.EventuallyTimeout).Should(Receive()) 251 } 252 } 253 }) 254 255 It("verifies private data is pulled when joining a new peer with new certs", func() { 256 By("generating new certs for org2Peer1") 257 org2Peer1 := network.Peer("Org2", "peer1") 258 tempCryptoDir, err := ioutil.TempDir("", "crypto") 259 Expect(err).NotTo(HaveOccurred()) 260 defer os.RemoveAll(tempCryptoDir) 261 generateNewCertsForPeer(network, tempCryptoDir, org2Peer1) 262 263 By("updating the channel config with the new certs") 264 updateConfigWithNewCertsForPeer(network, tempCryptoDir, orderer, org2Peer1) 265 266 By("starting the peer1.org2 process") 267 pr := network.PeerRunner(org2Peer1) 268 p := ifrit.Invoke(pr) 269 peerProcesses[org2Peer1.ID()] = p 270 Eventually(p.Ready(), network.EventuallyTimeout).Should(BeClosed()) 271 272 By("joining peer1.org2 to the channel with its Admin2 user") 273 tempFile, err := ioutil.TempFile("", "genesis-block") 274 Expect(err).NotTo(HaveOccurred()) 275 tempFile.Close() 276 defer os.Remove(tempFile.Name()) 277 278 sess, err := network.PeerUserSession(org2Peer1, "Admin2", commands.ChannelFetch{ 279 Block: "0", 280 ChannelID: channelID, 281 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 282 OutputFile: tempFile.Name(), 283 }) 284 Expect(err).NotTo(HaveOccurred()) 285 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 286 287 sess, err = network.PeerUserSession(org2Peer1, "Admin2", commands.ChannelJoin{ 288 BlockPath: tempFile.Name(), 289 }) 290 Expect(err).NotTo(HaveOccurred()) 291 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 292 293 org2Peer1.Channels = append(org2Peer1.Channels, &nwo.PeerChannel{Name: channelID, Anchor: false}) 294 295 ledgerHeight := nwo.GetLedgerHeight(network, network.Peers[0], channelID) 296 297 By("fetching latest blocks to peer1.org2") 298 // Retry channel fetch until peer1.org2 retrieves latest block 299 // Channel Fetch will repeatedly fail until org2Peer1 commits the config update adding its new cert 300 Eventually(fetchBlocksForPeer(network, org2Peer1, "Admin2"), network.EventuallyTimeout).Should(gbytes.Say(fmt.Sprintf("Received block: %d", ledgerHeight-1))) 301 302 By("installing chaincode on peer1.org2 to be able to query it") 303 chaincode := nwo.Chaincode{ 304 Name: "marblesp", 305 Version: "1.0", 306 Path: "github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd", 307 Ctor: `{"Args":["init"]}`, 308 Policy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 309 CollectionsConfig: filepath.Join("testdata", "collection_configs", "collections_config1.json")} 310 311 sess, err = network.PeerUserSession(org2Peer1, "Admin2", commands.ChaincodeInstallLegacy{ 312 Name: chaincode.Name, 313 Version: chaincode.Version, 314 Path: chaincode.Path, 315 Lang: chaincode.Lang, 316 PackageFile: chaincode.PackageFile, 317 ClientAuth: network.ClientAuthRequired, 318 }) 319 Expect(err).NotTo(HaveOccurred()) 320 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 321 322 sess, err = network.PeerUserSession(org2Peer1, "Admin2", commands.ChaincodeListInstalledLegacy{ 323 ClientAuth: network.ClientAuthRequired, 324 }) 325 Expect(err).NotTo(HaveOccurred()) 326 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 327 Expect(sess).To(gbytes.Say(fmt.Sprintf("Name: %s, Version: %s,", chaincode.Name, chaincode.Version))) 328 329 expectedPeers := []*nwo.Peer{ 330 network.Peer("Org1", "peer0"), 331 network.Peer("Org2", "peer0"), 332 network.Peer("Org2", "peer1"), 333 network.Peer("Org3", "peer0"), 334 } 335 336 By("making sure all peers have the same ledger height") 337 for _, peer := range expectedPeers { 338 Eventually(func() int { 339 var ( 340 sess *gexec.Session 341 err error 342 ) 343 if peer.ID() == "Org2.peer1" { 344 // use Admin2 user for peer1.org2 345 sess, err = network.PeerUserSession(peer, "Admin2", commands.ChannelInfo{ 346 ChannelID: channelID, 347 }) 348 Expect(err).NotTo(HaveOccurred()) 349 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 350 channelInfoStr := strings.TrimPrefix(string(sess.Buffer().Contents()[:]), "Blockchain info:") 351 var channelInfo = cb.BlockchainInfo{} 352 err = json.Unmarshal([]byte(channelInfoStr), &channelInfo) 353 Expect(err).NotTo(HaveOccurred()) 354 return int(channelInfo.Height) 355 } 356 357 // If not Org2.peer1, just use regular getLedgerHeight call with User1 358 return nwo.GetLedgerHeight(network, peer, channelID) 359 }(), network.EventuallyTimeout).Should(Equal(ledgerHeight)) 360 } 361 362 By("verifying membership") 363 expectedDiscoveredPeers := make([]nwo.DiscoveredPeer, 0, len(expectedPeers)) 364 for _, peer := range expectedPeers { 365 expectedDiscoveredPeers = append(expectedDiscoveredPeers, network.DiscoveredPeer(peer, "_lifecycle", "marblesp")) 366 } 367 for _, peer := range expectedPeers { 368 By(fmt.Sprintf("checking expected peers for peer: %s", peer.ID())) 369 if peer.ID() == "Org2.peer1" { 370 // use Admin2 user for peer1.org2 371 Eventually(nwo.DiscoverPeers(network, peer, "Admin2", channelID), network.EventuallyTimeout).Should(ConsistOf(expectedDiscoveredPeers)) 372 } else { 373 Eventually(nwo.DiscoverPeers(network, peer, "User1", channelID), network.EventuallyTimeout).Should(ConsistOf(expectedDiscoveredPeers)) 374 } 375 } 376 377 By("verifying peer1.org2 got the private data that was created historically") 378 sess, err = network.PeerUserSession(org2Peer1, "Admin2", commands.ChaincodeQuery{ 379 ChannelID: channelID, 380 Name: "marblesp", 381 Ctor: `{"Args":["readMarble","marble1"]}`, 382 }) 383 Expect(err).NotTo(HaveOccurred()) 384 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 385 Expect(sess).To(gbytes.Say(`{"docType":"marble","name":"marble1","color":"blue","size":35,"owner":"tom"}`)) 386 387 sess, err = network.PeerUserSession(org2Peer1, "Admin2", commands.ChaincodeQuery{ 388 ChannelID: channelID, 389 Name: "marblesp", 390 Ctor: `{"Args":["readMarblePrivateDetails","marble1"]}`, 391 }) 392 Expect(err).NotTo(HaveOccurred()) 393 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 394 Expect(sess).To(gbytes.Say(`{"docType":"marblePrivateDetails","name":"marble1","price":99}`)) 395 }) 396 }) 397 398 Describe("Pvtdata behavior with untouched peer configs", func() { 399 var ( 400 legacyChaincode nwo.Chaincode 401 newLifecycleChaincode nwo.Chaincode 402 testChaincode chaincode 403 404 org1Peer1, org2Peer1 *nwo.Peer 405 ) 406 407 BeforeEach(func() { 408 By("setting up the network") 409 network = initThreeOrgsSetup(true) 410 legacyChaincode = nwo.Chaincode{ 411 Name: "marblesp", 412 Version: "1.0", 413 Path: "github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd", 414 Ctor: `{"Args":["init"]}`, 415 Policy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 416 // collections_config1.json defines the access as follows: 417 // 1. collectionMarbles - Org1, Org2 have access to this collection 418 // 2. collectionMarblePrivateDetails - Org2 and Org3 have access to this collection 419 CollectionsConfig: collectionConfig("collections_config1.json"), 420 } 421 422 newLifecycleChaincode = nwo.Chaincode{ 423 Name: "marblesp", 424 Version: "1.0", 425 Path: components.Build("github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd"), 426 Lang: "binary", 427 PackageFile: filepath.Join(network.RootDir, "marbles-pvtdata.tar.gz"), 428 Label: "marbles-private-20", 429 SignaturePolicy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 430 CollectionsConfig: collectionConfig("collections_config1.json"), 431 Sequence: "1", 432 } 433 org1Peer1 = &nwo.Peer{ 434 Name: "peer1", 435 Organization: "Org1", 436 Channels: []*nwo.PeerChannel{ 437 {Name: channelID}, 438 }, 439 } 440 org2Peer1 = &nwo.Peer{ 441 Name: "peer1", 442 Organization: "Org2", 443 Channels: []*nwo.PeerChannel{ 444 {Name: channelID}, 445 }, 446 } 447 448 process, orderer = startNetwork(network) 449 }) 450 451 Describe("Reconciliation and pulling", func() { 452 var newPeerProcess ifrit.Process 453 454 BeforeEach(func() { 455 By("deploying legacy chaincode and adding marble1") 456 testChaincode = chaincode{ 457 Chaincode: legacyChaincode, 458 isLegacy: true, 459 } 460 deployChaincode(network, orderer, testChaincode) 461 addMarble(network, orderer, testChaincode.Name, 462 `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}`, 463 network.Peer("Org1", "peer0"), 464 ) 465 }) 466 467 AfterEach(func() { 468 if newPeerProcess != nil { 469 newPeerProcess.Signal(syscall.SIGTERM) 470 Eventually(newPeerProcess.Wait(), network.EventuallyTimeout).Should(Receive()) 471 } 472 }) 473 474 assertReconcileBehavior := func() { 475 It("disseminates private data per collections_config1", func() { 476 assertPvtdataPresencePerCollectionConfig1(network, testChaincode.Name, "marble1") 477 }) 478 479 When("org3 is added to collectionMarbles via chaincode upgrade with collections_config2", func() { 480 It("distributes and allows access to newly added private data per collections_config2", func() { 481 By("upgrading the chaincode and adding marble2") 482 // collections_config2.json defines the access as follows: 483 // 1. collectionMarbles - Org1, Org2 and Org3 have access to this collection 484 // 2. collectionMarblePrivateDetails - Org2 and Org3 have access to this collection 485 // the change from collections_config1 - org3 was added to collectionMarbles 486 testChaincode.Version = "1.1" 487 testChaincode.CollectionsConfig = collectionConfig("collections_config2.json") 488 if !testChaincode.isLegacy { 489 testChaincode.Sequence = "2" 490 } 491 upgradeChaincode(network, orderer, testChaincode) 492 addMarble(network, orderer, testChaincode.Name, 493 `{"name":"marble2", "color":"yellow", "size":53, "owner":"jerry", "price":22}`, 494 network.Peer("Org2", "peer0"), 495 ) 496 497 assertPvtdataPresencePerCollectionConfig2(network, testChaincode.Name, "marble2") 498 }) 499 }) 500 501 When("a new peer in org1 joins the channel", func() { 502 It("causes the new peer to pull the existing private data only for collectionMarbles", func() { 503 By("adding a new peer") 504 newPeerProcess = addPeer(network, orderer, org1Peer1) 505 installChaincode(network, testChaincode, org1Peer1) 506 network.VerifyMembership(network.Peers, channelID, "marblesp") 507 508 assertPvtdataPresencePerCollectionConfig1(network, testChaincode.Name, "marble1", org1Peer1) 509 }) 510 }) 511 } 512 513 When("chaincode is migrated from legacy to new lifecycle with same collection config", func() { 514 BeforeEach(func() { 515 testChaincode = chaincode{ 516 Chaincode: newLifecycleChaincode, 517 isLegacy: false, 518 } 519 nwo.EnableCapabilities(network, channelID, "Application", "V2_0", orderer, network.Peers...) 520 upgradeChaincode(network, orderer, testChaincode) 521 }) 522 assertReconcileBehavior() 523 }) 524 }) 525 526 Describe("BlockToLive", func() { 527 var newPeerProcess ifrit.Process 528 529 AfterEach(func() { 530 if newPeerProcess != nil { 531 newPeerProcess.Signal(syscall.SIGTERM) 532 Eventually(newPeerProcess.Wait(), network.EventuallyTimeout).Should(Receive()) 533 } 534 }) 535 536 It("purges private data after BTL and causes new peer not to pull the purged private data", func() { 537 By("deploying new lifecycle chaincode and adding marble1") 538 testChaincode = chaincode{ 539 Chaincode: newLifecycleChaincode, 540 isLegacy: false, 541 } 542 nwo.EnableCapabilities(network, channelID, "Application", "V2_0", orderer, network.Peers...) 543 544 testChaincode.CollectionsConfig = collectionConfig("short_btl_config.json") 545 deployChaincode(network, orderer, testChaincode) 546 addMarble(network, orderer, testChaincode.Name, `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}`, network.Peer("Org2", "peer0")) 547 548 eligiblePeer := network.Peer("Org2", "peer0") 549 ccName := testChaincode.Name 550 By("adding three blocks") 551 for i := 0; i < 3; i++ { 552 addMarble(network, orderer, ccName, fmt.Sprintf(`{"name":"test-marble-%d", "color":"blue", "size":35, "owner":"tom", "price":99}`, i), eligiblePeer) 553 } 554 555 By("verifying that marble1 still not purged in collection MarblesPD") 556 assertPresentInCollectionMPD(network, ccName, "marble1", eligiblePeer) 557 558 By("adding one more block") 559 addMarble(network, orderer, ccName, `{"name":"fun-marble-3", "color":"blue", "size":35, "owner":"tom", "price":99}`, eligiblePeer) 560 561 By("verifying that marble1 purged in collection MarblesPD") 562 assertDoesNotExistInCollectionMPD(network, ccName, "marble1", eligiblePeer) 563 564 By("verifying that marble1 still not purged in collection Marbles") 565 assertPresentInCollectionM(network, ccName, "marble1", eligiblePeer) 566 567 By("adding new peer that is eligible to receive data") 568 newPeerProcess = addPeer(network, orderer, org2Peer1) 569 installChaincode(network, testChaincode, org2Peer1) 570 network.VerifyMembership(network.Peers, channelID, ccName) 571 assertPresentInCollectionM(network, ccName, "marble1", org2Peer1) 572 assertDoesNotExistInCollectionMPD(network, ccName, "marble1", org2Peer1) 573 }) 574 }) 575 576 Describe("Org removal from collection", func() { 577 assertOrgRemovalBehavior := func() { 578 By("upgrading chaincode to remove org3 from collectionMarbles") 579 testChaincode.CollectionsConfig = collectionConfig("collections_config1.json") 580 testChaincode.Version = "1.1" 581 if !testChaincode.isLegacy { 582 testChaincode.Sequence = "2" 583 } 584 upgradeChaincode(network, orderer, testChaincode) 585 addMarble(network, orderer, testChaincode.Name, `{"name":"marble2", "color":"yellow", "size":53, "owner":"jerry", "price":22}`, network.Peer("Org2", "peer0")) 586 assertPvtdataPresencePerCollectionConfig1(network, testChaincode.Name, "marble2") 587 } 588 589 It("causes removed org not to get new data", func() { 590 By("deploying new lifecycle chaincode and adding marble1") 591 testChaincode = chaincode{ 592 Chaincode: newLifecycleChaincode, 593 isLegacy: false, 594 } 595 nwo.EnableCapabilities(network, channelID, "Application", "V2_0", orderer, network.Peers...) 596 testChaincode.CollectionsConfig = collectionConfig("collections_config2.json") 597 deployChaincode(network, orderer, testChaincode) 598 addMarble(network, orderer, testChaincode.Name, `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}`, network.Peer("Org2", "peer0")) 599 assertPvtdataPresencePerCollectionConfig2(network, testChaincode.Name, "marble1") 600 601 assertOrgRemovalBehavior() 602 }) 603 }) 604 605 When("migrating a chaincode from legacy lifecycle to new lifecycle", func() { 606 It("performs check against collection config from legacy lifecycle", func() { 607 By("deploying legacy chaincode") 608 testChaincode = chaincode{ 609 Chaincode: legacyChaincode, 610 isLegacy: true, 611 } 612 deployChaincode(network, orderer, testChaincode) 613 nwo.EnableCapabilities(network, channelID, "Application", "V2_0", orderer, network.Peers...) 614 615 newLifecycleChaincode.CollectionsConfig = collectionConfig("short_btl_config.json") 616 newLifecycleChaincode.PackageID = "test-package-id" 617 618 approveChaincodeForMyOrgExpectErr( 619 network, 620 orderer, 621 newLifecycleChaincode, 622 `the BlockToLive in an existing collection \[collectionMarblePrivateDetails\] modified. Existing value \[1000000\]`, 623 network.Peer("Org2", "peer0")) 624 }) 625 }) 626 627 Describe("Collection Config Endorsement Policy", func() { 628 When("using legacy lifecycle chaincode", func() { 629 It("ignores the collection config endorsement policy and successfully invokes the chaincode", func() { 630 testChaincode = chaincode{ 631 Chaincode: legacyChaincode, 632 isLegacy: true, 633 } 634 By("setting the collection config endorsement policy to org2 or org3 peers") 635 testChaincode.CollectionsConfig = collectionConfig("collections_config4.json") 636 637 By("deploying legacy chaincode") 638 deployChaincode(network, orderer, testChaincode) 639 640 By("adding marble1 with an org 1 peer as endorser") 641 peer := network.Peer("Org1", "peer0") 642 marbleDetails := `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}` 643 addMarble(network, orderer, testChaincode.Name, marbleDetails, peer) 644 }) 645 }) 646 647 When("using new lifecycle chaincode", func() { 648 BeforeEach(func() { 649 testChaincode = chaincode{ 650 Chaincode: newLifecycleChaincode, 651 isLegacy: false, 652 } 653 nwo.EnableCapabilities(network, "testchannel", "Application", "V2_0", orderer, network.Peers...) 654 }) 655 656 When("a peer specified in the chaincode endorsement policy but not in the collection config endorsement policy is used to invoke the chaincode", func() { 657 It("fails validation", func() { 658 By("setting the collection config endorsement policy to org2 or org3 peers") 659 testChaincode.CollectionsConfig = collectionConfig("collections_config4.json") 660 661 By("deploying new lifecycle chaincode") 662 // set collection endorsement policy to org2 or org3 663 deployChaincode(network, orderer, testChaincode) 664 665 By("adding marble1 with an org1 peer as endorser") 666 peer := network.Peer("Org1", "peer0") 667 marbleDetails := `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}` 668 marbleDetailsBase64 := base64.StdEncoding.EncodeToString([]byte(marbleDetails)) 669 670 command := commands.ChaincodeInvoke{ 671 ChannelID: channelID, 672 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 673 Name: testChaincode.Name, 674 Ctor: fmt.Sprintf(`{"Args":["initMarble"]}`), 675 Transient: fmt.Sprintf(`{"marble":"%s"}`, marbleDetailsBase64), 676 PeerAddresses: []string{ 677 network.PeerAddress(peer, nwo.ListenPort), 678 }, 679 WaitForEvent: true, 680 } 681 682 sess, err := network.PeerUserSession(peer, "User1", command) 683 Expect(err).NotTo(HaveOccurred()) 684 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit()) 685 Expect(sess.Err).To(gbytes.Say("ENDORSEMENT_POLICY_FAILURE")) 686 }) 687 }) 688 689 When("a peer specified in the collection endorsement policy but not in the chaincode endorsement policy is used to invoke the chaincode", func() { 690 When("the collection endorsement policy is a signature policy", func() { 691 It("successfully invokes the chaincode", func() { 692 // collection config endorsement policy specifies org2 or org3 peers for endorsement 693 By("setting the collection config endorsement policy to use a signature policy") 694 testChaincode.CollectionsConfig = collectionConfig("collections_config4.json") 695 696 By("setting the chaincode endorsement policy to org1 or org2 peers") 697 testChaincode.SignaturePolicy = `OR ('Org1MSP.member','Org2MSP.member')` 698 699 By("deploying new lifecycle chaincode") 700 // set collection endorsement policy to org2 or org3 701 deployChaincode(network, orderer, testChaincode) 702 703 By("adding marble1 with an org3 peer as endorser") 704 peer := network.Peer("Org3", "peer0") 705 marbleDetails := `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}` 706 addMarble(network, orderer, testChaincode.Name, marbleDetails, peer) 707 }) 708 }) 709 710 When("the collection endorsement policy is a channel config policy reference", func() { 711 It("successfully invokes the chaincode", func() { 712 // collection config endorsement policy specifies channel config policy reference /Channel/Application/Readers 713 By("setting the collection config endorsement policy to use a channel config policy reference") 714 testChaincode.CollectionsConfig = collectionConfig("collections_config5.json") 715 716 By("setting the channel endorsement policy to org1 or org2 peers") 717 testChaincode.SignaturePolicy = `OR ('Org1MSP.member','Org2MSP.member')` 718 719 By("deploying new lifecycle chaincode") 720 deployChaincode(network, orderer, testChaincode) 721 722 By("adding marble1 with an org3 peer as endorser") 723 peer := network.Peer("Org3", "peer0") 724 marbleDetails := `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}` 725 addMarble(network, orderer, testChaincode.Name, marbleDetails, peer) 726 }) 727 }) 728 }) 729 730 When("the collection config endorsement policy specifies a semantically wrong, but well formed signature policy", func() { 731 It("fails to invoke the chaincode with an endorsement policy failure", func() { 732 By("setting the collection config endorsement policy to non existent org4 peers") 733 testChaincode.CollectionsConfig = collectionConfig("collections_config6.json") 734 735 By("deploying new lifecycle chaincode") 736 deployChaincode(network, orderer, testChaincode) 737 738 By("adding marble1 with an org1 peer as endorser") 739 peer := network.Peer("Org1", "peer0") 740 marbleDetails := `{"name":"marble1", "color":"blue", "size":35, "owner":"tom", "price":99}` 741 marbleDetailsBase64 := base64.StdEncoding.EncodeToString([]byte(marbleDetails)) 742 743 command := commands.ChaincodeInvoke{ 744 ChannelID: channelID, 745 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 746 Name: testChaincode.Name, 747 Ctor: fmt.Sprintf(`{"Args":["initMarble"]}`), 748 Transient: fmt.Sprintf(`{"marble":"%s"}`, marbleDetailsBase64), 749 PeerAddresses: []string{ 750 network.PeerAddress(peer, nwo.ListenPort), 751 }, 752 WaitForEvent: true, 753 } 754 755 sess, err := network.PeerUserSession(peer, "User1", command) 756 Expect(err).NotTo(HaveOccurred()) 757 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit()) 758 Expect(sess.Err).To(gbytes.Say("ENDORSEMENT_POLICY_FAILURE")) 759 }) 760 }) 761 }) 762 }) 763 }) 764 765 Describe("marble APIs invocation and private data delivery", func() { 766 var ( 767 newLifecycleChaincode nwo.Chaincode 768 testChaincode chaincode 769 ) 770 771 BeforeEach(func() { 772 By("setting up the network") 773 network = initThreeOrgsSetup(true) 774 775 newLifecycleChaincode = nwo.Chaincode{ 776 Name: "marblesp", 777 Version: "1.0", 778 Path: components.Build("github.com/hyperledger/fabric/integration/chaincode/marbles_private/cmd"), 779 Lang: "binary", 780 PackageFile: filepath.Join(network.RootDir, "marbles-pvtdata.tar.gz"), 781 Label: "marbles-private-20", 782 SignaturePolicy: `OR ('Org1MSP.member','Org2MSP.member', 'Org3MSP.member')`, 783 CollectionsConfig: collectionConfig("collections_config1.json"), 784 Sequence: "1", 785 } 786 787 // In assertDeliverWithPrivateDataACLBehavior, there is a single goroutine that communicates to DeliverService. 788 // Set DeliverService concurrency limit to 1 in order to verify that the grpc server in a peer works correctly 789 // when reaching (but not exceeding) the concurrency limit. 790 By("setting deliverservice concurrency limit to 1") 791 for _, p := range network.Peers { 792 core := network.ReadPeerConfig(p) 793 core.Peer.Limits.Concurrency.DeliverService = 1 794 network.WritePeerConfig(p, core) 795 } 796 process, orderer = startNetwork(network) 797 }) 798 799 // call marble APIs: getMarblesByRange, transferMarble, delete, getMarbleHash, getMarblePrivateDetailsHash and verify ACL Behavior 800 assertMarbleAPIs := func() { 801 eligiblePeer := network.Peer("Org2", "peer0") 802 ccName := testChaincode.Name 803 804 // Verifies marble private chaincode APIs: getMarblesByRange, transferMarble, delete 805 806 By("adding five marbles") 807 for i := 0; i < 5; i++ { 808 addMarble(network, orderer, ccName, fmt.Sprintf(`{"name":"test-marble-%d", "color":"blue", "size":35, "owner":"tom", "price":99}`, i), eligiblePeer) 809 } 810 811 By("getting marbles by range") 812 assertGetMarblesByRange(network, ccName, `"test-marble-0", "test-marble-2"`, eligiblePeer) 813 814 By("transferring test-marble-0 to jerry") 815 transferMarble(network, orderer, ccName, `{"name":"test-marble-0", "owner":"jerry"}`, eligiblePeer) 816 817 By("verifying the new ownership of test-marble-0") 818 assertOwnershipInCollectionM(network, ccName, `test-marble-0`, eligiblePeer) 819 820 By("deleting test-marble-0") 821 deleteMarble(network, orderer, ccName, `{"name":"test-marble-0"}`, eligiblePeer) 822 823 By("verifying the deletion of test-marble-0") 824 assertDoesNotExistInCollectionM(network, ccName, `test-marble-0`, eligiblePeer) 825 826 // This section verifies that chaincode can return private data hash. 827 // Unlike private data that can only be accessed from authorized peers as defined in the collection config, 828 // private data hash can be queried on any peer in the channel that has the chaincode instantiated. 829 // When calling QueryChaincode with "getMarbleHash", the cc will return the private data hash in collectionMarbles. 830 // When calling QueryChaincode with "getMarblePrivateDetailsHash", the cc will return the private data hash in collectionMarblePrivateDetails. 831 832 peerList := []*nwo.Peer{ 833 network.Peer("Org1", "peer0"), 834 network.Peer("Org2", "peer0"), 835 network.Peer("Org3", "peer0")} 836 837 By("verifying getMarbleHash is accessible from all peers that has the chaincode instantiated") 838 expectedBytes := util.ComputeStringHash(`{"docType":"marble","name":"test-marble-1","color":"blue","size":35,"owner":"tom"}`) 839 assertMarblesPrivateHashM(network, ccName, "test-marble-1", expectedBytes, peerList) 840 841 By("verifying getMarblePrivateDetailsHash is accessible from all peers that has the chaincode instantiated") 842 expectedBytes = util.ComputeStringHash(`{"docType":"marblePrivateDetails","name":"test-marble-1","price":99}`) 843 assertMarblesPrivateDetailsHashMPD(network, ccName, "test-marble-1", expectedBytes, peerList) 844 845 // collection ACL while reading private data: not allowed to non-members 846 // collections_config3: collectionMarblePrivateDetails - member_only_read is set to true 847 848 By("querying collectionMarblePrivateDetails on org1-peer0 by org1-user1, shouldn't have read access") 849 assertNoReadAccessToCollectionMPD(network, testChaincode.Name, "test-marble-1", network.Peer("Org1", "peer0")) 850 } 851 852 // verify DeliverWithPrivateData sends private data based on the ACL in collection config 853 // before and after upgrade. 854 assertDeliverWithPrivateDataACLBehavior := func() { 855 By("getting signing identity for a user in org1") 856 signingIdentity := getSigningIdentity(network, "Org1", "User1", "Org1MSP", "bccsp") 857 858 By("adding a marble") 859 peer := network.Peer("Org2", "peer0") 860 addMarble(network, orderer, testChaincode.Name, `{"name":"marble11", "color":"blue", "size":35, "owner":"tom", "price":99}`, peer) 861 862 By("getting the deliver event for newest block") 863 event := getEventFromDeliverService(network, peer, channelID, signingIdentity, 0) 864 865 By("verifying private data in deliver event contains 'collectionMarbles' only") 866 // it should receive pvtdata for 'collectionMarbles' only because memberOnlyRead is true 867 expectedKVWritesMap := map[string]map[string][]byte{ 868 "collectionMarbles": { 869 "\000color~name\000blue\000marble11\000": []byte("\000"), 870 "marble11": getValueForCollectionMarbles("marble11", "blue", "tom", 35), 871 }, 872 } 873 assertPrivateDataAsExpected(event.BlockAndPvtData.PrivateDataMap, expectedKVWritesMap) 874 875 By("upgrading chaincode with collections_config1.json where isMemberOnlyRead is false") 876 testChaincode.CollectionsConfig = collectionConfig("collections_config1.json") 877 testChaincode.Version = "1.1" 878 if !testChaincode.isLegacy { 879 testChaincode.Sequence = "2" 880 } 881 upgradeChaincode(network, orderer, testChaincode) 882 883 By("getting the deliver event for an old block committed before upgrade") 884 event = getEventFromDeliverService(network, peer, channelID, signingIdentity, event.BlockNum) 885 886 By("verifying the deliver event for the old block uses old config") 887 assertPrivateDataAsExpected(event.BlockAndPvtData.PrivateDataMap, expectedKVWritesMap) 888 889 By("adding a new marble after upgrade") 890 addMarble(network, orderer, testChaincode.Name, 891 `{"name":"marble12", "color":"blue", "size":35, "owner":"tom", "price":99}`, 892 network.Peer("Org1", "peer0"), 893 ) 894 By("getting the deliver event for a new block committed after upgrade") 895 event = getEventFromDeliverService(network, peer, channelID, signingIdentity, 0) 896 897 // it should receive pvtdata for both collections because memberOnlyRead is false 898 By("verifying the deliver event for the new block uses new config") 899 expectedKVWritesMap = map[string]map[string][]byte{ 900 "collectionMarbles": { 901 "\000color~name\000blue\000marble12\000": []byte("\000"), 902 "marble12": getValueForCollectionMarbles("marble12", "blue", "tom", 35), 903 }, 904 "collectionMarblePrivateDetails": { 905 "marble12": getValueForCollectionMarblePrivateDetails("marble12", 99), 906 }, 907 } 908 assertPrivateDataAsExpected(event.BlockAndPvtData.PrivateDataMap, expectedKVWritesMap) 909 } 910 911 It("calls marbles APIs and delivers private data", func() { 912 By("deploying new lifecycle chaincode") 913 testChaincode = chaincode{ 914 Chaincode: newLifecycleChaincode, 915 isLegacy: false, 916 } 917 nwo.EnableCapabilities(network, channelID, "Application", "V2_0", orderer, network.Peers...) 918 testChaincode.CollectionsConfig = collectionConfig("collections_config3.json") 919 deployChaincode(network, orderer, testChaincode) 920 921 By("attempting to invoke chaincode from a user (org1) not in any collection member orgs (org2 and org3)") 922 peer2 := network.Peer("Org2", "peer0") 923 marbleDetailsBase64 := base64.StdEncoding.EncodeToString([]byte(`{"name":"memberonly-marble", "color":"blue", "size":35, "owner":"tom", "price":99}`)) 924 command := commands.ChaincodeInvoke{ 925 ChannelID: channelID, 926 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 927 Name: "marblesp", 928 Ctor: fmt.Sprintf(`{"Args":["initMarble"]}`), 929 Transient: fmt.Sprintf(`{"marble":"%s"}`, marbleDetailsBase64), 930 PeerAddresses: []string{network.PeerAddress(peer2, nwo.ListenPort)}, 931 WaitForEvent: true, 932 } 933 peer1 := network.Peer("Org1", "peer0") 934 expectedErrMsg := "tx creator does not have write access permission" 935 invokeChaincodeExpectErr(network, peer1, command, expectedErrMsg) 936 937 assertMarbleAPIs() 938 assertDeliverWithPrivateDataACLBehavior() 939 }) 940 }) 941 }) 942 943 func initThreeOrgsSetup(removePeer1 bool) *nwo.Network { 944 var err error 945 testDir, err := ioutil.TempDir("", "e2e-pvtdata") 946 Expect(err).NotTo(HaveOccurred()) 947 948 client, err := docker.NewClientFromEnv() 949 Expect(err).NotTo(HaveOccurred()) 950 951 config := nwo.FullSolo() 952 953 // add org3 with one peer 954 config.Organizations = append(config.Organizations, &nwo.Organization{ 955 Name: "Org3", 956 MSPID: "Org3MSP", 957 Domain: "org3.example.com", 958 EnableNodeOUs: true, 959 Users: 2, 960 CA: &nwo.CA{Hostname: "ca"}, 961 }) 962 config.Consortiums[0].Organizations = append(config.Consortiums[0].Organizations, "Org3") 963 config.Profiles[1].Organizations = append(config.Profiles[1].Organizations, "Org3") 964 config.Peers = append(config.Peers, &nwo.Peer{ 965 Name: "peer0", 966 Organization: "Org3", 967 Channels: []*nwo.PeerChannel{ 968 {Name: channelID, Anchor: true}, 969 }, 970 }) 971 972 n := nwo.New(config, testDir, client, StartPort(), components) 973 n.GenerateConfigTree() 974 975 if !removePeer1 { 976 Expect(n.Peers).To(HaveLen(5)) 977 return n 978 } 979 980 // remove peer1 from org1 and org2 so we can add it back later, we generate the config tree above 981 // with the two peers so the config files exist later when adding the peer back 982 peers := []*nwo.Peer{} 983 for _, p := range n.Peers { 984 if p.Name != "peer1" { 985 peers = append(peers, p) 986 } 987 } 988 n.Peers = peers 989 Expect(n.Peers).To(HaveLen(3)) 990 991 return n 992 } 993 994 func startNetwork(n *nwo.Network) (ifrit.Process, *nwo.Orderer) { 995 n.Bootstrap() 996 networkRunner := n.NetworkGroupRunner() 997 process := ifrit.Invoke(networkRunner) 998 Eventually(process.Ready(), n.EventuallyTimeout).Should(BeClosed()) 999 1000 orderer := n.Orderer("orderer") 1001 n.CreateAndJoinChannel(orderer, channelID) 1002 n.UpdateChannelAnchors(orderer, channelID) 1003 1004 By("verifying membership") 1005 n.VerifyMembership(n.Peers, channelID) 1006 1007 return process, orderer 1008 } 1009 1010 func testCleanup(network *nwo.Network, process ifrit.Process) { 1011 if process != nil { 1012 process.Signal(syscall.SIGTERM) 1013 Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive()) 1014 } 1015 if network != nil { 1016 network.Cleanup() 1017 } 1018 os.RemoveAll(network.RootDir) 1019 } 1020 1021 func collectionConfig(collConfigFile string) string { 1022 return filepath.Join("testdata", "collection_configs", collConfigFile) 1023 } 1024 1025 type chaincode struct { 1026 nwo.Chaincode 1027 isLegacy bool 1028 } 1029 1030 func addPeer(n *nwo.Network, orderer *nwo.Orderer, peer *nwo.Peer) ifrit.Process { 1031 process := ifrit.Invoke(n.PeerRunner(peer)) 1032 Eventually(process.Ready(), n.EventuallyTimeout).Should(BeClosed()) 1033 1034 n.JoinChannel(channelID, orderer, peer) 1035 ledgerHeight := nwo.GetLedgerHeight(n, n.Peers[0], channelID) 1036 sess, err := n.PeerAdminSession( 1037 peer, 1038 commands.ChannelFetch{ 1039 Block: "newest", 1040 ChannelID: channelID, 1041 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 1042 OutputFile: filepath.Join(n.RootDir, "newest_block.pb"), 1043 }, 1044 ) 1045 Expect(err).NotTo(HaveOccurred()) 1046 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 1047 Expect(sess.Err).To(gbytes.Say(fmt.Sprintf("Received block: %d", ledgerHeight-1))) 1048 1049 n.Peers = append(n.Peers, peer) 1050 nwo.WaitUntilEqualLedgerHeight(n, channelID, nwo.GetLedgerHeight(n, n.Peers[0], channelID), n.Peers...) 1051 1052 return process 1053 } 1054 1055 func deployChaincode(n *nwo.Network, orderer *nwo.Orderer, chaincode chaincode) { 1056 if chaincode.isLegacy { 1057 nwo.DeployChaincodeLegacy(n, channelID, orderer, chaincode.Chaincode) 1058 } else { 1059 nwo.DeployChaincode(n, channelID, orderer, chaincode.Chaincode) 1060 } 1061 } 1062 1063 func upgradeChaincode(n *nwo.Network, orderer *nwo.Orderer, chaincode chaincode) { 1064 if chaincode.isLegacy { 1065 nwo.UpgradeChaincodeLegacy(n, channelID, orderer, chaincode.Chaincode) 1066 } else { 1067 nwo.DeployChaincode(n, channelID, orderer, chaincode.Chaincode) 1068 } 1069 } 1070 1071 func installChaincode(n *nwo.Network, chaincode chaincode, peer *nwo.Peer) { 1072 if chaincode.isLegacy { 1073 nwo.InstallChaincodeLegacy(n, chaincode.Chaincode, peer) 1074 } else { 1075 nwo.PackageAndInstallChaincode(n, chaincode.Chaincode, peer) 1076 } 1077 } 1078 1079 func queryChaincode(n *nwo.Network, peer *nwo.Peer, command commands.ChaincodeQuery, expectedMessage string, expectSuccess bool) { 1080 sess, err := n.PeerUserSession(peer, "User1", command) 1081 Expect(err).NotTo(HaveOccurred()) 1082 if expectSuccess { 1083 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 1084 Expect(sess).To(gbytes.Say(expectedMessage)) 1085 } else { 1086 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit()) 1087 Expect(sess.Err).To(gbytes.Say(expectedMessage)) 1088 } 1089 } 1090 1091 func invokeChaincode(n *nwo.Network, peer *nwo.Peer, command commands.ChaincodeInvoke) { 1092 sess, err := n.PeerUserSession(peer, "User1", command) 1093 Expect(err).NotTo(HaveOccurred()) 1094 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 1095 Expect(sess.Err).To(gbytes.Say("Chaincode invoke successful.")) 1096 } 1097 1098 func invokeChaincodeExpectErr(n *nwo.Network, peer *nwo.Peer, command commands.ChaincodeInvoke, expectedErrMsg string) { 1099 sess, err := n.PeerUserSession(peer, "User1", command) 1100 Expect(err).NotTo(HaveOccurred()) 1101 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(1)) 1102 Expect(sess.Err).To(gbytes.Say(expectedErrMsg)) 1103 } 1104 1105 func approveChaincodeForMyOrgExpectErr(n *nwo.Network, orderer *nwo.Orderer, chaincode nwo.Chaincode, expectedErrMsg string, peers ...*nwo.Peer) { 1106 // used to ensure we only approve once per org 1107 approvedOrgs := map[string]bool{} 1108 for _, p := range peers { 1109 if _, ok := approvedOrgs[p.Organization]; !ok { 1110 sess, err := n.PeerAdminSession(p, commands.ChaincodeApproveForMyOrg{ 1111 ChannelID: channelID, 1112 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 1113 Name: chaincode.Name, 1114 Version: chaincode.Version, 1115 PackageID: chaincode.PackageID, 1116 Sequence: chaincode.Sequence, 1117 EndorsementPlugin: chaincode.EndorsementPlugin, 1118 ValidationPlugin: chaincode.ValidationPlugin, 1119 SignaturePolicy: chaincode.SignaturePolicy, 1120 ChannelConfigPolicy: chaincode.ChannelConfigPolicy, 1121 InitRequired: chaincode.InitRequired, 1122 CollectionsConfig: chaincode.CollectionsConfig, 1123 }) 1124 Expect(err).NotTo(HaveOccurred()) 1125 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit()) 1126 approvedOrgs[p.Organization] = true 1127 Eventually(sess.Err, n.EventuallyTimeout).Should(gbytes.Say(expectedErrMsg)) 1128 } 1129 } 1130 } 1131 1132 func addMarble(n *nwo.Network, orderer *nwo.Orderer, chaincodeName, marbleDetails string, peer *nwo.Peer) { 1133 marbleDetailsBase64 := base64.StdEncoding.EncodeToString([]byte(marbleDetails)) 1134 1135 command := commands.ChaincodeInvoke{ 1136 ChannelID: channelID, 1137 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 1138 Name: chaincodeName, 1139 Ctor: fmt.Sprintf(`{"Args":["initMarble"]}`), 1140 Transient: fmt.Sprintf(`{"marble":"%s"}`, marbleDetailsBase64), 1141 PeerAddresses: []string{ 1142 n.PeerAddress(peer, nwo.ListenPort), 1143 }, 1144 WaitForEvent: true, 1145 } 1146 invokeChaincode(n, peer, command) 1147 nwo.WaitUntilEqualLedgerHeight(n, channelID, nwo.GetLedgerHeight(n, peer, channelID), n.Peers...) 1148 } 1149 1150 func deleteMarble(n *nwo.Network, orderer *nwo.Orderer, chaincodeName, marbleDelete string, peer *nwo.Peer) { 1151 marbleDeleteBase64 := base64.StdEncoding.EncodeToString([]byte(marbleDelete)) 1152 1153 command := commands.ChaincodeInvoke{ 1154 ChannelID: channelID, 1155 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 1156 Name: chaincodeName, 1157 Ctor: fmt.Sprintf(`{"Args":["delete"]}`), 1158 Transient: fmt.Sprintf(`{"marble_delete":"%s"}`, marbleDeleteBase64), 1159 PeerAddresses: []string{ 1160 n.PeerAddress(peer, nwo.ListenPort), 1161 }, 1162 WaitForEvent: true, 1163 } 1164 invokeChaincode(n, peer, command) 1165 nwo.WaitUntilEqualLedgerHeight(n, channelID, nwo.GetLedgerHeight(n, peer, channelID), n.Peers...) 1166 } 1167 1168 func transferMarble(n *nwo.Network, orderer *nwo.Orderer, chaincodeName, marbleOwner string, peer *nwo.Peer) { 1169 marbleOwnerBase64 := base64.StdEncoding.EncodeToString([]byte(marbleOwner)) 1170 1171 command := commands.ChaincodeInvoke{ 1172 ChannelID: channelID, 1173 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 1174 Name: chaincodeName, 1175 Ctor: fmt.Sprintf(`{"Args":["transferMarble"]}`), 1176 Transient: fmt.Sprintf(`{"marble_owner":"%s"}`, marbleOwnerBase64), 1177 PeerAddresses: []string{ 1178 n.PeerAddress(peer, nwo.ListenPort), 1179 }, 1180 WaitForEvent: true, 1181 } 1182 invokeChaincode(n, peer, command) 1183 nwo.WaitUntilEqualLedgerHeight(n, channelID, nwo.GetLedgerHeight(n, peer, channelID), n.Peers...) 1184 } 1185 1186 func assertPvtdataPresencePerCollectionConfig1(n *nwo.Network, chaincodeName, marbleName string, peers ...*nwo.Peer) { 1187 if len(peers) == 0 { 1188 peers = n.Peers 1189 } 1190 for _, peer := range peers { 1191 switch peer.Organization { 1192 1193 case "Org1": 1194 assertPresentInCollectionM(n, chaincodeName, marbleName, peer) 1195 assertNotPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1196 1197 case "Org2": 1198 assertPresentInCollectionM(n, chaincodeName, marbleName, peer) 1199 assertPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1200 1201 case "Org3": 1202 assertNotPresentInCollectionM(n, chaincodeName, marbleName, peer) 1203 assertPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1204 } 1205 } 1206 } 1207 1208 func assertPvtdataPresencePerCollectionConfig2(n *nwo.Network, chaincodeName, marbleName string, peers ...*nwo.Peer) { 1209 if len(peers) == 0 { 1210 peers = n.Peers 1211 } 1212 for _, peer := range peers { 1213 switch peer.Organization { 1214 1215 case "Org1": 1216 assertPresentInCollectionM(n, chaincodeName, marbleName, peer) 1217 assertNotPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1218 1219 case "Org2", "Org3": 1220 assertPresentInCollectionM(n, chaincodeName, marbleName, peer) 1221 assertPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1222 } 1223 } 1224 } 1225 1226 func assertPvtdataPresencePerCollectionConfig7(n *nwo.Network, chaincodeName, marbleName string, excludedPeer *nwo.Peer, peers ...*nwo.Peer) { 1227 if len(peers) == 0 { 1228 peers = n.Peers 1229 } 1230 collectionMPresence := 0 1231 collectionMPDPresence := 0 1232 for _, peer := range peers { 1233 // exclude the peer that invoked originally and count number of peers disseminated to 1234 if peer != excludedPeer { 1235 switch peer.Organization { 1236 1237 case "Org1": 1238 collectionMPresence += checkPresentInCollectionM(n, chaincodeName, marbleName, peer) 1239 assertNotPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1240 1241 case "Org2": 1242 collectionMPresence += checkPresentInCollectionM(n, chaincodeName, marbleName, peer) 1243 collectionMPDPresence += checkPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1244 case "Org3": 1245 assertNotPresentInCollectionM(n, chaincodeName, marbleName, peer) 1246 collectionMPDPresence += checkPresentInCollectionMPD(n, chaincodeName, marbleName, peer) 1247 } 1248 } 1249 } 1250 Expect(collectionMPresence).To(Equal(1)) 1251 Expect(collectionMPDPresence).To(Equal(1)) 1252 1253 } 1254 1255 // assertGetMarblesByRange asserts that 1256 func assertGetMarblesByRange(n *nwo.Network, chaincodeName, marbleRange string, peer *nwo.Peer) { 1257 query := fmt.Sprintf(`{"Args":["getMarblesByRange", %s]}`, marbleRange) 1258 expectedMsg := `\Q[{"Key":"test-marble-0", "Record":{"docType":"marble","name":"test-marble-0","color":"blue","size":35,"owner":"tom"}},{"Key":"test-marble-1", "Record":{"docType":"marble","name":"test-marble-1","color":"blue","size":35,"owner":"tom"}}]\E` 1259 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, true, peer) 1260 } 1261 1262 // assertPresentInCollectionM asserts that the private data for given marble is present in collection 1263 // 'readMarble' at the given peers 1264 func assertPresentInCollectionM(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1265 query := fmt.Sprintf(`{"Args":["readMarble","%s"]}`, marbleName) 1266 expectedMsg := fmt.Sprintf(`{"docType":"marble","name":"%s"`, marbleName) 1267 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, true, peerList...) 1268 } 1269 1270 // assertPresentInCollectionMPD asserts that the private data for given marble is present 1271 // in collection 'readMarblePrivateDetails' at the given peers 1272 func assertPresentInCollectionMPD(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1273 query := fmt.Sprintf(`{"Args":["readMarblePrivateDetails","%s"]}`, marbleName) 1274 expectedMsg := fmt.Sprintf(`{"docType":"marblePrivateDetails","name":"%s"`, marbleName) 1275 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, true, peerList...) 1276 } 1277 1278 // checkPresentInCollectionM checks then number of peers that have the private data for given marble 1279 // in collection 'readMarble' 1280 func checkPresentInCollectionM(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) int { 1281 query := fmt.Sprintf(`{"Args":["readMarble","%s"]}`, marbleName) 1282 expectedMsg := fmt.Sprintf(`{"docType":"marble","name":"%s"`, marbleName) 1283 command := commands.ChaincodeQuery{ 1284 ChannelID: channelID, 1285 Name: chaincodeName, 1286 Ctor: query, 1287 } 1288 present := 0 1289 for _, peer := range peerList { 1290 sess, err := n.PeerUserSession(peer, "User1", command) 1291 Expect(err).NotTo(HaveOccurred()) 1292 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit()) 1293 if bytes.Contains(sess.Buffer().Contents(), []byte(expectedMsg)) { 1294 present++ 1295 } 1296 } 1297 return present 1298 } 1299 1300 // checkPresentInCollectionMPD checks the number of peers that have the private data for given marble 1301 // in collection 'readMarblePrivateDetails' 1302 func checkPresentInCollectionMPD(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) int { 1303 query := fmt.Sprintf(`{"Args":["readMarblePrivateDetails","%s"]}`, marbleName) 1304 expectedMsg := fmt.Sprintf(`{"docType":"marblePrivateDetails","name":"%s"`, marbleName) 1305 command := commands.ChaincodeQuery{ 1306 ChannelID: channelID, 1307 Name: chaincodeName, 1308 Ctor: query, 1309 } 1310 present := 0 1311 for _, peer := range peerList { 1312 sess, err := n.PeerUserSession(peer, "User1", command) 1313 Expect(err).NotTo(HaveOccurred()) 1314 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit()) 1315 if bytes.Contains(sess.Buffer().Contents(), []byte(expectedMsg)) { 1316 present++ 1317 } 1318 } 1319 return present 1320 } 1321 1322 // assertNotPresentInCollectionM asserts that the private data for given marble is NOT present 1323 // in collection 'readMarble' at the given peers 1324 func assertNotPresentInCollectionM(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1325 query := fmt.Sprintf(`{"Args":["readMarble","%s"]}`, marbleName) 1326 expectedMsg := "private data matching public hash version is not available" 1327 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, false, peerList...) 1328 } 1329 1330 // assertNotPresentInCollectionMPD asserts that the private data for given marble is NOT present 1331 // in collection 'readMarblePrivateDetails' at the given peers 1332 func assertNotPresentInCollectionMPD(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1333 query := fmt.Sprintf(`{"Args":["readMarblePrivateDetails","%s"]}`, marbleName) 1334 expectedMsg := "private data matching public hash version is not available" 1335 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, false, peerList...) 1336 } 1337 1338 // assertDoesNotExistInCollectionM asserts that the private data for given marble 1339 // does not exist in collection 'readMarble' (i.e., is never created/has been deleted/has been purged) 1340 func assertDoesNotExistInCollectionM(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1341 query := fmt.Sprintf(`{"Args":["readMarble","%s"]}`, marbleName) 1342 expectedMsg := "Marble does not exist" 1343 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, false, peerList...) 1344 } 1345 1346 // assertDoesNotExistInCollectionMPD asserts that the private data for given marble 1347 // does not exist in collection 'readMarblePrivateDetails' (i.e., is never created/has been deleted/has been purged) 1348 func assertDoesNotExistInCollectionMPD(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1349 query := fmt.Sprintf(`{"Args":["readMarblePrivateDetails","%s"]}`, marbleName) 1350 expectedMsg := "Marble private details does not exist" 1351 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, false, peerList...) 1352 } 1353 1354 // assertOwnershipInCollectionM asserts that the private data for given marble is present 1355 // in collection 'readMarble' at the given peers 1356 func assertOwnershipInCollectionM(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1357 query := fmt.Sprintf(`{"Args":["readMarble","%s"]}`, marbleName) 1358 expectedMsg := fmt.Sprintf(`{"docType":"marble","name":"test-marble-0","color":"blue","size":35,"owner":"jerry"}`) 1359 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, true, peerList...) 1360 } 1361 1362 // assertNoReadAccessToCollectionMPD asserts that the orgs of the given peers do not have 1363 // read access to private data for the collection readMarblePrivateDetails 1364 func assertNoReadAccessToCollectionMPD(n *nwo.Network, chaincodeName, marbleName string, peerList ...*nwo.Peer) { 1365 query := fmt.Sprintf(`{"Args":["readMarblePrivateDetails","%s"]}`, marbleName) 1366 expectedMsg := "tx creator does not have read access permission" 1367 queryChaincodePerPeer(n, query, chaincodeName, expectedMsg, false, peerList...) 1368 } 1369 1370 func queryChaincodePerPeer(n *nwo.Network, query, chaincodeName, expectedMsg string, expectSuccess bool, peerList ...*nwo.Peer) { 1371 command := commands.ChaincodeQuery{ 1372 ChannelID: channelID, 1373 Name: chaincodeName, 1374 Ctor: query, 1375 } 1376 for _, peer := range peerList { 1377 queryChaincode(n, peer, command, expectedMsg, expectSuccess) 1378 } 1379 } 1380 1381 // assertMarblesPrivateHashM asserts that getMarbleHash is accessible from all peers that has the chaincode instantiated 1382 func assertMarblesPrivateHashM(n *nwo.Network, chaincodeName, marbleName string, expectedBytes []byte, peerList []*nwo.Peer) { 1383 query := fmt.Sprintf(`{"Args":["getMarbleHash","%s"]}`, marbleName) 1384 verifyPvtdataHash(n, query, chaincodeName, peerList, expectedBytes) 1385 } 1386 1387 // assertMarblesPrivateDetailsHashMPD asserts that getMarblePrivateDetailsHash is accessible from all peers that has the chaincode instantiated 1388 func assertMarblesPrivateDetailsHashMPD(n *nwo.Network, chaincodeName, marbleName string, expectedBytes []byte, peerList []*nwo.Peer) { 1389 query := fmt.Sprintf(`{"Args":["getMarblePrivateDetailsHash","%s"]}`, marbleName) 1390 verifyPvtdataHash(n, query, chaincodeName, peerList, expectedBytes) 1391 } 1392 1393 // verifyPvtdataHash verifies the private data hash matches the expected bytes. 1394 // Cannot reuse verifyAccess because the hash bytes are not valid utf8 causing gbytes.Say to fail. 1395 func verifyPvtdataHash(n *nwo.Network, query, chaincodeName string, peers []*nwo.Peer, expected []byte) { 1396 command := commands.ChaincodeQuery{ 1397 ChannelID: channelID, 1398 Name: chaincodeName, 1399 Ctor: query, 1400 } 1401 1402 for _, peer := range peers { 1403 sess, err := n.PeerUserSession(peer, "User1", command) 1404 Expect(err).NotTo(HaveOccurred()) 1405 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 1406 actual := sess.Buffer().Contents() 1407 // verify actual bytes contain expected bytes - cannot use equal because session may contain extra bytes 1408 Expect(bytes.Contains(actual, expected)).To(Equal(true)) 1409 } 1410 } 1411 1412 // deliverEvent contains the response and related info from a DeliverWithPrivateData call 1413 type deliverEvent struct { 1414 BlockAndPvtData *pb.BlockAndPrivateData 1415 BlockNum uint64 1416 Err error 1417 } 1418 1419 // getEventFromDeliverService send a request to DeliverWithPrivateData grpc service 1420 // and receive the response 1421 func getEventFromDeliverService(network *nwo.Network, peer *nwo.Peer, channelID string, signingIdentity msp.SigningIdentity, blockNum uint64) *deliverEvent { 1422 ctx, cancelFunc1 := context.WithTimeout(context.Background(), network.EventuallyTimeout) 1423 defer cancelFunc1() 1424 eventCh, conn := registerForDeliverEvent(ctx, network, peer, channelID, signingIdentity, blockNum) 1425 defer conn.Close() 1426 event := &deliverEvent{} 1427 Eventually(eventCh, network.EventuallyTimeout).Should(Receive(event)) 1428 Expect(event.Err).NotTo(HaveOccurred()) 1429 return event 1430 } 1431 1432 func registerForDeliverEvent( 1433 ctx context.Context, 1434 network *nwo.Network, 1435 peer *nwo.Peer, 1436 channelID string, 1437 signingIdentity msp.SigningIdentity, 1438 blockNum uint64, 1439 ) (<-chan deliverEvent, *grpc.ClientConn) { 1440 // create a comm.GRPCClient 1441 tlsRootCertFile := filepath.Join(network.PeerLocalTLSDir(peer), "ca.crt") 1442 caPEM, err := ioutil.ReadFile(tlsRootCertFile) 1443 Expect(err).NotTo(HaveOccurred()) 1444 clientConfig := comm.ClientConfig{Timeout: 10 * time.Second} 1445 clientConfig.SecOpts = comm.SecureOptions{ 1446 UseTLS: true, 1447 ServerRootCAs: [][]byte{caPEM}, 1448 RequireClientCert: false, 1449 } 1450 grpcClient, err := comm.NewGRPCClient(clientConfig) 1451 Expect(err).NotTo(HaveOccurred()) 1452 // create a client for DeliverWithPrivateData 1453 address := network.PeerAddress(peer, nwo.ListenPort) 1454 conn, err := grpcClient.NewConnection(address) 1455 Expect(err).NotTo(HaveOccurred()) 1456 dp, err := pb.NewDeliverClient(conn).DeliverWithPrivateData(ctx) 1457 Expect(err).NotTo(HaveOccurred()) 1458 // send a deliver request 1459 envelope, err := createDeliverEnvelope(channelID, signingIdentity, blockNum) 1460 Expect(err).NotTo(HaveOccurred()) 1461 err = dp.Send(envelope) 1462 dp.CloseSend() 1463 Expect(err).NotTo(HaveOccurred()) 1464 // create a goroutine to receive the response in a separate thread 1465 eventCh := make(chan deliverEvent, 1) 1466 go receiveDeliverResponse(dp, address, eventCh) 1467 1468 return eventCh, conn 1469 } 1470 1471 func getSigningIdentity(network *nwo.Network, org, user, mspID, mspType string) msp.SigningIdentity { 1472 peerForOrg := network.Peer(org, "peer0") 1473 mspConfigPath := network.PeerUserMSPDir(peerForOrg, user) 1474 mspInstance, err := loadLocalMSPAt(mspConfigPath, mspID, mspType) 1475 Expect(err).NotTo(HaveOccurred()) 1476 1477 signingIdentity, err := mspInstance.GetDefaultSigningIdentity() 1478 Expect(err).NotTo(HaveOccurred()) 1479 return signingIdentity 1480 } 1481 1482 // loadLocalMSPAt loads an MSP whose configuration is stored at 'dir', and whose 1483 // id and type are the passed as arguments. 1484 func loadLocalMSPAt(dir, id, mspType string) (msp.MSP, error) { 1485 if mspType != "bccsp" { 1486 return nil, errors.Errorf("invalid msp type, expected 'bccsp', got %s", mspType) 1487 } 1488 conf, err := msp.GetLocalMspConfig(dir, nil, id) 1489 if err != nil { 1490 return nil, err 1491 } 1492 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 1493 if err != nil { 1494 return nil, err 1495 } 1496 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 1497 if err != nil { 1498 return nil, err 1499 } 1500 thisMSP, err := msp.NewBccspMspWithKeyStore(msp.MSPv1_0, ks, cryptoProvider) 1501 if err != nil { 1502 return nil, err 1503 } 1504 err = thisMSP.Setup(conf) 1505 if err != nil { 1506 return nil, err 1507 } 1508 return thisMSP, nil 1509 } 1510 1511 // receiveDeliverResponse expects to receive the BlockAndPrivateData response for the requested block. 1512 func receiveDeliverResponse(dp pb.Deliver_DeliverWithPrivateDataClient, address string, eventCh chan<- deliverEvent) error { 1513 event := deliverEvent{} 1514 1515 resp, err := dp.Recv() 1516 if err != nil { 1517 event.Err = errors.WithMessagef(err, "error receiving deliver response from peer %s\n", address) 1518 } 1519 switch r := resp.Type.(type) { 1520 case *pb.DeliverResponse_BlockAndPrivateData: 1521 event.BlockAndPvtData = r.BlockAndPrivateData 1522 event.BlockNum = r.BlockAndPrivateData.Block.Header.Number 1523 case *pb.DeliverResponse_Status: 1524 event.Err = errors.Errorf("deliver completed with status (%s) before DeliverResponse_BlockAndPrivateData received from peer %s", r.Status, address) 1525 default: 1526 event.Err = errors.Errorf("received unexpected response type (%T) from peer %s", r, address) 1527 } 1528 1529 select { 1530 case eventCh <- event: 1531 default: 1532 } 1533 return nil 1534 } 1535 1536 // createDeliverEnvelope creates a deliver request based on the block number. 1537 // blockNum=0 means newest block 1538 func createDeliverEnvelope(channelID string, signingIdentity msp.SigningIdentity, blockNum uint64) (*cb.Envelope, error) { 1539 creator, err := signingIdentity.Serialize() 1540 if err != nil { 1541 return nil, err 1542 } 1543 header, err := createHeader(cb.HeaderType_DELIVER_SEEK_INFO, channelID, creator) 1544 if err != nil { 1545 return nil, err 1546 } 1547 1548 // if blockNum is not greater than 0, seek the newest block 1549 var seekInfo *ab.SeekInfo 1550 if blockNum > 0 { 1551 seekInfo = &ab.SeekInfo{ 1552 Start: &ab.SeekPosition{ 1553 Type: &ab.SeekPosition_Specified{ 1554 Specified: &ab.SeekSpecified{Number: blockNum}, 1555 }, 1556 }, 1557 Stop: &ab.SeekPosition{ 1558 Type: &ab.SeekPosition_Specified{ 1559 Specified: &ab.SeekSpecified{Number: blockNum}, 1560 }, 1561 }, 1562 } 1563 } else { 1564 seekInfo = &ab.SeekInfo{ 1565 Start: &ab.SeekPosition{ 1566 Type: &ab.SeekPosition_Newest{ 1567 Newest: &ab.SeekNewest{}, 1568 }, 1569 }, 1570 Stop: &ab.SeekPosition{ 1571 Type: &ab.SeekPosition_Newest{ 1572 Newest: &ab.SeekNewest{}, 1573 }, 1574 }, 1575 } 1576 } 1577 1578 // create the envelope 1579 raw := protoutil.MarshalOrPanic(seekInfo) 1580 payload := &cb.Payload{ 1581 Header: header, 1582 Data: raw, 1583 } 1584 payloadBytes := protoutil.MarshalOrPanic(payload) 1585 signature, err := signingIdentity.Sign(payloadBytes) 1586 if err != nil { 1587 return nil, err 1588 } 1589 return &cb.Envelope{ 1590 Payload: payloadBytes, 1591 Signature: signature, 1592 }, nil 1593 } 1594 1595 func createHeader(txType cb.HeaderType, channelID string, creator []byte) (*cb.Header, error) { 1596 ts, err := ptypes.TimestampProto(time.Now()) 1597 if err != nil { 1598 return nil, err 1599 } 1600 nonce, err := crypto.GetRandomNonce() 1601 if err != nil { 1602 return nil, err 1603 } 1604 chdr := &cb.ChannelHeader{ 1605 Type: int32(txType), 1606 ChannelId: channelID, 1607 TxId: protoutil.ComputeTxID(nonce, creator), 1608 Epoch: 0, 1609 Timestamp: ts, 1610 } 1611 chdrBytes := protoutil.MarshalOrPanic(chdr) 1612 1613 shdr := &cb.SignatureHeader{ 1614 Creator: creator, 1615 Nonce: nonce, 1616 } 1617 shdrBytes := protoutil.MarshalOrPanic(shdr) 1618 header := &cb.Header{ 1619 ChannelHeader: chdrBytes, 1620 SignatureHeader: shdrBytes, 1621 } 1622 return header, nil 1623 } 1624 1625 // verify collection names and pvtdataMap match expectedKVWritesMap 1626 func assertPrivateDataAsExpected(pvtdataMap map[uint64]*rwset.TxPvtReadWriteSet, expectedKVWritesMap map[string]map[string][]byte) { 1627 // In the test, each block has only 1 tx, so txSeqInBlock is 0 1628 txPvtRwset := pvtdataMap[uint64(0)] 1629 Expect(txPvtRwset.NsPvtRwset).To(HaveLen(1)) 1630 Expect(txPvtRwset.NsPvtRwset[0].Namespace).To(Equal("marblesp")) 1631 Expect(txPvtRwset.NsPvtRwset[0].CollectionPvtRwset).To(HaveLen(len(expectedKVWritesMap))) 1632 1633 // verify the collections returned in private data have expected collection names and kvRwset.Writes 1634 for _, col := range txPvtRwset.NsPvtRwset[0].CollectionPvtRwset { 1635 Expect(expectedKVWritesMap).To(HaveKey(col.CollectionName)) 1636 expectedKvWrites := expectedKVWritesMap[col.CollectionName] 1637 kvRwset := kvrwset.KVRWSet{} 1638 err := proto.Unmarshal(col.GetRwset(), &kvRwset) 1639 Expect(err).NotTo(HaveOccurred()) 1640 Expect(kvRwset.Writes).To(HaveLen(len(expectedKvWrites))) 1641 for _, kvWrite := range kvRwset.Writes { 1642 Expect(expectedKvWrites).To(HaveKey(kvWrite.Key)) 1643 Expect(kvWrite.Value).To(Equal(expectedKvWrites[kvWrite.Key])) 1644 } 1645 } 1646 } 1647 1648 func getValueForCollectionMarbles(marbleName, color, owner string, size int) []byte { 1649 marbleJSONasString := `{"docType":"marble","name":"` + marbleName + `","color":"` + color + `","size":` + strconv.Itoa(size) + `,"owner":"` + owner + `"}` 1650 return []byte(marbleJSONasString) 1651 } 1652 1653 func getValueForCollectionMarblePrivateDetails(marbleName string, price int) []byte { 1654 marbleJSONasString := `{"docType":"marblePrivateDetails","name":"` + marbleName + `","price":` + strconv.Itoa(price) + `}` 1655 return []byte(marbleJSONasString) 1656 } 1657 1658 // fetchBlocksForPeer attempts to fetch the newest block on the given peer. 1659 // It skips the orderer and returns the session's Err buffer for parsing. 1660 func fetchBlocksForPeer(n *nwo.Network, peer *nwo.Peer, user string) func() *gbytes.Buffer { 1661 return func() *gbytes.Buffer { 1662 sess, err := n.PeerUserSession(peer, user, commands.ChannelFetch{ 1663 Block: "newest", 1664 ChannelID: channelID, 1665 OutputFile: filepath.Join(n.RootDir, "newest_block.pb"), 1666 }) 1667 Expect(err).NotTo(HaveOccurred()) 1668 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit()) 1669 return sess.Err 1670 } 1671 } 1672 1673 // updateConfigWithNewCertsForPeer updates the channel config with new certs for the designated peer 1674 func updateConfigWithNewCertsForPeer(network *nwo.Network, tempCryptoDir string, orderer *nwo.Orderer, peer *nwo.Peer) { 1675 org := network.Organization(peer.Organization) 1676 1677 By("fetching the channel policy") 1678 currentConfig := nwo.GetConfig(network, network.Peers[0], orderer, channelID) 1679 updatedConfig := proto.Clone(currentConfig).(*cb.Config) 1680 1681 By("parsing the old and new MSP configs") 1682 oldConfig := &mspp.MSPConfig{} 1683 err := proto.Unmarshal( 1684 updatedConfig.ChannelGroup.Groups["Application"].Groups[org.Name].Values["MSP"].Value, 1685 oldConfig) 1686 Expect(err).NotTo(HaveOccurred()) 1687 1688 tempOrgMSPPath := filepath.Join(tempCryptoDir, "peerOrganizations", org.Domain, "msp") 1689 newConfig, err := msp.GetVerifyingMspConfig(tempOrgMSPPath, org.MSPID, "bccsp") 1690 Expect(err).NotTo(HaveOccurred()) 1691 oldMspConfig := &mspp.FabricMSPConfig{} 1692 newMspConfig := &mspp.FabricMSPConfig{} 1693 err = proto.Unmarshal(oldConfig.Config, oldMspConfig) 1694 Expect(err).NotTo(HaveOccurred()) 1695 err = proto.Unmarshal(newConfig.Config, newMspConfig) 1696 Expect(err).NotTo(HaveOccurred()) 1697 1698 By("merging the two MSP configs") 1699 updateOldMspConfigWithNewMspConfig(oldMspConfig, newMspConfig) 1700 1701 By("updating the channel config") 1702 updatedConfig.ChannelGroup.Groups["Application"].Groups[org.Name].Values["MSP"].Value = protoutil.MarshalOrPanic( 1703 &mspp.MSPConfig{ 1704 Type: oldConfig.Type, 1705 Config: protoutil.MarshalOrPanic(oldMspConfig), 1706 }) 1707 nwo.UpdateConfig(network, orderer, channelID, currentConfig, updatedConfig, false, network.Peer(org.Name, "peer0")) 1708 } 1709 1710 // updateOldMspConfigWithNewMspConfig updates the oldMspConfig with certs from the newMspConfig 1711 func updateOldMspConfigWithNewMspConfig(oldMspConfig, newMspConfig *mspp.FabricMSPConfig) { 1712 oldMspConfig.RootCerts = append(oldMspConfig.RootCerts, newMspConfig.RootCerts...) 1713 oldMspConfig.TlsRootCerts = append(oldMspConfig.TlsRootCerts, newMspConfig.TlsRootCerts...) 1714 oldMspConfig.FabricNodeOus.PeerOuIdentifier.Certificate = nil 1715 oldMspConfig.FabricNodeOus.ClientOuIdentifier.Certificate = nil 1716 oldMspConfig.FabricNodeOus.AdminOuIdentifier.Certificate = nil 1717 } 1718 1719 // generateNewCertsForPeer generates new certs with cryptogen for the designated peer and copies 1720 // the necessary certs to the original crypto dir as well as creating an Admin2 user to use for 1721 // any peer operations involving the peer 1722 func generateNewCertsForPeer(network *nwo.Network, tempCryptoDir string, peer *nwo.Peer) { 1723 sess, err := network.Cryptogen(commands.Generate{ 1724 Config: network.CryptoConfigPath(), 1725 Output: tempCryptoDir, 1726 }) 1727 Expect(err).NotTo(HaveOccurred()) 1728 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 1729 1730 By("copying the new msp certs for the peer to the original crypto dir") 1731 oldPeerMSPPath := network.PeerLocalMSPDir(peer) 1732 org := network.Organization(peer.Organization) 1733 tempPeerMSPPath := filepath.Join( 1734 tempCryptoDir, 1735 "peerOrganizations", 1736 org.Domain, 1737 "peers", 1738 fmt.Sprintf("%s.%s", peer.Name, org.Domain), 1739 "msp", 1740 ) 1741 os.RemoveAll(oldPeerMSPPath) 1742 err = exec.Command("cp", "-r", tempPeerMSPPath, oldPeerMSPPath).Run() 1743 Expect(err).NotTo(HaveOccurred()) 1744 1745 // This lets us keep the old user certs for the org for any peers still remaining in the org 1746 // using the old certs 1747 By("copying the new Admin user cert to the original user certs dir as Admin2") 1748 oldAdminUserPath := filepath.Join( 1749 network.RootDir, 1750 "crypto", 1751 "peerOrganizations", 1752 org.Domain, 1753 "users", 1754 fmt.Sprintf("Admin2@%s", org.Domain), 1755 ) 1756 tempAdminUserPath := filepath.Join( 1757 tempCryptoDir, 1758 "peerOrganizations", 1759 org.Domain, 1760 "users", 1761 fmt.Sprintf("Admin@%s", org.Domain), 1762 ) 1763 os.RemoveAll(oldAdminUserPath) 1764 err = exec.Command("cp", "-r", tempAdminUserPath, oldAdminUserPath).Run() 1765 Expect(err).NotTo(HaveOccurred()) 1766 // We need to rename the signcert from Admin to Admin2 as well 1767 err = os.Rename( 1768 filepath.Join(oldAdminUserPath, "msp", "signcerts", fmt.Sprintf("Admin@%s-cert.pem", org.Domain)), 1769 filepath.Join(oldAdminUserPath, "msp", "signcerts", fmt.Sprintf("Admin2@%s-cert.pem", org.Domain)), 1770 ) 1771 Expect(err).NotTo(HaveOccurred()) 1772 }