github.com/myafeier/fabric@v1.0.1-0.20170722181825-3a4b1f2bce86/core/policy/policy_test.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package policy 18 19 import ( 20 "testing" 21 22 "github.com/hyperledger/fabric/common/policies" 23 "github.com/hyperledger/fabric/core/policy/mocks" 24 "github.com/hyperledger/fabric/msp/mgmt" 25 "github.com/hyperledger/fabric/protos/common" 26 "github.com/hyperledger/fabric/protos/peer" 27 "github.com/hyperledger/fabric/protos/utils" 28 "github.com/stretchr/testify/assert" 29 "github.com/stretchr/testify/mock" 30 ) 31 32 func TestCheckPolicyInvalidArgs(t *testing.T) { 33 policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{ 34 Managers: map[string]policies.Manager{ 35 "A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}}, 36 }, 37 } 38 pc := &policyChecker{channelPolicyManagerGetter: policyManagerGetter} 39 40 err := pc.CheckPolicy("B", "admin", &peer.SignedProposal{}) 41 assert.Error(t, err) 42 assert.Contains(t, err.Error(), "Failed to get policy manager for channel [B]") 43 } 44 45 func TestRegisterPolicyCheckerFactoryInvalidArgs(t *testing.T) { 46 RegisterPolicyCheckerFactory(nil) 47 assert.Panics(t, func() { 48 GetPolicyChecker() 49 }) 50 51 RegisterPolicyCheckerFactory(nil) 52 } 53 54 func TestRegisterPolicyCheckerFactory(t *testing.T) { 55 policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{ 56 Managers: map[string]policies.Manager{ 57 "A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}}, 58 }, 59 } 60 pc := &policyChecker{channelPolicyManagerGetter: policyManagerGetter} 61 62 factory := &MockPolicyCheckerFactory{} 63 factory.On("NewPolicyChecker").Return(pc) 64 65 RegisterPolicyCheckerFactory(factory) 66 pc2 := GetPolicyChecker() 67 assert.Equal(t, pc, pc2) 68 } 69 70 func TestCheckPolicyBySignedDataInvalidArgs(t *testing.T) { 71 policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{ 72 Managers: map[string]policies.Manager{ 73 "A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}}, 74 }, 75 } 76 pc := &policyChecker{channelPolicyManagerGetter: policyManagerGetter} 77 78 err := pc.CheckPolicyBySignedData("", "admin", []*common.SignedData{&common.SignedData{}}) 79 assert.Error(t, err) 80 assert.Contains(t, err.Error(), "Invalid channel ID name during check policy on signed data. Name must be different from nil.") 81 82 err = pc.CheckPolicyBySignedData("A", "", []*common.SignedData{&common.SignedData{}}) 83 assert.Error(t, err) 84 assert.Contains(t, err.Error(), "Invalid policy name during check policy on signed data on channel [A]. Name must be different from nil.") 85 86 err = pc.CheckPolicyBySignedData("A", "admin", nil) 87 assert.Error(t, err) 88 assert.Contains(t, err.Error(), "Invalid signed data during check policy on channel [A] with policy [admin]") 89 90 err = pc.CheckPolicyBySignedData("B", "admin", []*common.SignedData{&common.SignedData{}}) 91 assert.Error(t, err) 92 assert.Contains(t, err.Error(), "Failed to get policy manager for channel [B]") 93 94 err = pc.CheckPolicyBySignedData("A", "admin", []*common.SignedData{&common.SignedData{}}) 95 assert.Error(t, err) 96 assert.Contains(t, err.Error(), "Failed evaluating policy on signed data during check policy on channel [A] with policy [admin]") 97 } 98 99 func TestPolicyCheckerInvalidArgs(t *testing.T) { 100 policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{ 101 map[string]policies.Manager{ 102 "A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}}, 103 "B": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}}, 104 "C": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}}, 105 }, 106 } 107 identityDeserializer := &mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")} 108 pc := NewPolicyChecker( 109 policyManagerGetter, 110 identityDeserializer, 111 &mocks.MockMSPPrincipalGetter{Principal: []byte("Alice")}, 112 ) 113 114 // Check that (non-empty channel, empty policy) fails 115 err := pc.CheckPolicy("A", "", nil) 116 assert.Error(t, err) 117 assert.Contains(t, err.Error(), "Invalid policy name during check policy on channel [A]. Name must be different from nil.") 118 119 // Check that (empty channel, empty policy) fails 120 err = pc.CheckPolicy("", "", nil) 121 assert.Error(t, err) 122 assert.Contains(t, err.Error(), "Invalid policy name during channelless check policy. Name must be different from nil.") 123 124 // Check that (non-empty channel, non-empty policy, nil proposal) fails 125 err = pc.CheckPolicy("A", "A", nil) 126 assert.Error(t, err) 127 assert.Contains(t, err.Error(), "Invalid signed proposal during check policy on channel [A] with policy [A]") 128 129 // Check that (empty channel, non-empty policy, nil proposal) fails 130 err = pc.CheckPolicy("", "A", nil) 131 assert.Error(t, err) 132 assert.Contains(t, err.Error(), "Invalid signed proposal during channelless check policy with policy [A]") 133 } 134 135 func TestPolicyChecker(t *testing.T) { 136 policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{ 137 map[string]policies.Manager{ 138 "A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}}, 139 "B": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}}, 140 "C": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}}, 141 }, 142 } 143 identityDeserializer := &mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")} 144 pc := NewPolicyChecker( 145 policyManagerGetter, 146 identityDeserializer, 147 &mocks.MockMSPPrincipalGetter{Principal: []byte("Alice")}, 148 ) 149 150 // Validate Alice signatures against channel A's readers 151 sProp, _ := utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1")) 152 policyManagerGetter.Managers["A"].(*mocks.MockChannelPolicyManager).MockPolicy.(*mocks.MockPolicy).Deserializer.(*mocks.MockIdentityDeserializer).Msg = sProp.ProposalBytes 153 sProp.Signature = sProp.ProposalBytes 154 err := pc.CheckPolicy("A", "readers", sProp) 155 assert.NoError(t, err) 156 157 // Proposal from Alice for channel A should fail against channel B, where Alice is not involved 158 err = pc.CheckPolicy("B", "readers", sProp) 159 assert.Error(t, err) 160 assert.Contains(t, err.Error(), "Failed evaluating policy on signed data during check policy on channel [B] with policy [readers]: [Invalid Identity]") 161 162 // Proposal from Alice for channel A should fail against channel C, where Alice is involved but signature is not valid 163 err = pc.CheckPolicy("C", "readers", sProp) 164 assert.Error(t, err) 165 assert.Contains(t, err.Error(), "Failed evaluating policy on signed data during check policy on channel [C] with policy [readers]: [Invalid Signature]") 166 167 // Alice is a member of the local MSP, policy check must succeed 168 identityDeserializer.Msg = sProp.ProposalBytes 169 err = pc.CheckPolicyNoChannel(mgmt.Members, sProp) 170 assert.NoError(t, err) 171 172 sProp, _ = utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Bob"), []byte("msg2")) 173 // Bob is not a member of the local MSP, policy check must fail 174 err = pc.CheckPolicyNoChannel(mgmt.Members, sProp) 175 assert.Error(t, err) 176 assert.Contains(t, err.Error(), "Failed deserializing proposal creator during channelless check policy with policy [Members]: [Invalid Identity]") 177 } 178 179 type MockPolicyCheckerFactory struct { 180 mock.Mock 181 } 182 183 func (m *MockPolicyCheckerFactory) NewPolicyChecker() PolicyChecker { 184 args := m.Called() 185 return args.Get(0).(PolicyChecker) 186 }