github.com/true-sqn/fabric@v2.1.1+incompatible/core/common/privdata/simplecollection_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package privdata
     8  
     9  import (
    10  	"bytes"
    11  	"errors"
    12  	"testing"
    13  	"time"
    14  
    15  	cb "github.com/hyperledger/fabric-protos-go/common"
    16  	mb "github.com/hyperledger/fabric-protos-go/msp"
    17  	pb "github.com/hyperledger/fabric-protos-go/peer"
    18  	"github.com/hyperledger/fabric/common/policydsl"
    19  	"github.com/hyperledger/fabric/msp"
    20  	"github.com/hyperledger/fabric/protoutil"
    21  	"github.com/stretchr/testify/assert"
    22  )
    23  
    24  func createCollectionPolicyConfig(accessPolicy *cb.SignaturePolicyEnvelope) *pb.CollectionPolicyConfig {
    25  	cpcSp := &pb.CollectionPolicyConfig_SignaturePolicy{
    26  		SignaturePolicy: accessPolicy,
    27  	}
    28  	cpc := &pb.CollectionPolicyConfig{
    29  		Payload: cpcSp,
    30  	}
    31  	return cpc
    32  }
    33  
    34  type mockIdentity struct {
    35  	idBytes []byte
    36  }
    37  
    38  func (id *mockIdentity) Anonymous() bool {
    39  	panic("implement me")
    40  }
    41  
    42  func (id *mockIdentity) ExpiresAt() time.Time {
    43  	return time.Time{}
    44  }
    45  
    46  func (id *mockIdentity) SatisfiesPrincipal(p *mb.MSPPrincipal) error {
    47  	if bytes.Equal(id.idBytes, p.Principal) {
    48  		return nil
    49  	}
    50  	return errors.New("Principals do not match")
    51  }
    52  
    53  func (id *mockIdentity) GetIdentifier() *msp.IdentityIdentifier {
    54  	return &msp.IdentityIdentifier{Mspid: "Mock", Id: string(id.idBytes)}
    55  }
    56  
    57  func (id *mockIdentity) GetMSPIdentifier() string {
    58  	return string(id.idBytes)
    59  }
    60  
    61  func (id *mockIdentity) Validate() error {
    62  	return nil
    63  }
    64  
    65  func (id *mockIdentity) GetOrganizationalUnits() []*msp.OUIdentifier {
    66  	return nil
    67  }
    68  
    69  func (id *mockIdentity) Verify(msg []byte, sig []byte) error {
    70  	if bytes.Equal(sig, []byte("badsigned")) {
    71  		return errors.New("Invalid signature")
    72  	}
    73  	return nil
    74  }
    75  
    76  func (id *mockIdentity) Serialize() ([]byte, error) {
    77  	return id.idBytes, nil
    78  }
    79  
    80  type mockDeserializer struct {
    81  	fail error
    82  }
    83  
    84  func (md *mockDeserializer) DeserializeIdentity(serializedIdentity []byte) (msp.Identity, error) {
    85  	if md.fail != nil {
    86  		return nil, md.fail
    87  	}
    88  	return &mockIdentity{idBytes: serializedIdentity}, nil
    89  }
    90  
    91  func (md *mockDeserializer) IsWellFormed(_ *mb.SerializedIdentity) error {
    92  	return nil
    93  }
    94  
    95  func TestNewSimpleCollectionWithBadConfig(t *testing.T) {
    96  	// set up simple collection with nil collection config
    97  	_, err := NewSimpleCollection(nil, &mockDeserializer{})
    98  	assert.Error(t, err)
    99  
   100  	// create static collection config with faulty policy
   101  	collectionConfig := &pb.StaticCollectionConfig{
   102  		Name:              "test collection",
   103  		RequiredPeerCount: 1,
   104  		MemberOrgsPolicy:  getBadAccessPolicy([]string{"peer0", "peer1"}, 3),
   105  	}
   106  	_, err = NewSimpleCollection(collectionConfig, &mockDeserializer{})
   107  	assert.Error(t, err)
   108  	assert.EqualError(t, err, "failed constructing policy object out of collection policy config: identity index out of range, requested 3, but identities length is 2")
   109  }
   110  
   111  func TestNewSimpleCollectionWithGoodConfig(t *testing.T) {
   112  	// create member access policy
   113  	var signers = [][]byte{[]byte("signer0"), []byte("signer1")}
   114  	policyEnvelope := policydsl.Envelope(policydsl.Or(policydsl.SignedBy(0), policydsl.SignedBy(1)), signers)
   115  	accessPolicy := createCollectionPolicyConfig(policyEnvelope)
   116  
   117  	// create static collection config
   118  	collectionConfig := &pb.StaticCollectionConfig{
   119  		Name:              "test collection",
   120  		RequiredPeerCount: 1,
   121  		MemberOrgsPolicy:  accessPolicy,
   122  	}
   123  
   124  	// set up simple collection with valid data
   125  	sc, err := NewSimpleCollection(collectionConfig, &mockDeserializer{})
   126  	assert.NoError(t, err)
   127  
   128  	// check name
   129  	assert.True(t, sc.CollectionID() == "test collection")
   130  
   131  	// check members
   132  	members := sc.MemberOrgs()
   133  	assert.Contains(t, members, "signer0")
   134  	assert.Contains(t, members, "signer1")
   135  
   136  	// check required peer count
   137  	assert.True(t, sc.RequiredPeerCount() == 1)
   138  }
   139  
   140  func TestSetupWithBadConfig(t *testing.T) {
   141  	// set up simple collection with invalid data
   142  	var sc SimpleCollection
   143  	err := sc.Setup(&pb.StaticCollectionConfig{}, &mockDeserializer{})
   144  	assert.Error(t, err)
   145  
   146  	// create static collection config with faulty policy
   147  	collectionConfig := &pb.StaticCollectionConfig{
   148  		Name:              "test collection",
   149  		RequiredPeerCount: 1,
   150  		MemberOrgsPolicy:  getBadAccessPolicy([]string{"peer0", "peer1"}, 3),
   151  	}
   152  	err = sc.Setup(collectionConfig, &mockDeserializer{})
   153  	assert.Error(t, err)
   154  	assert.EqualError(t, err, "failed constructing policy object out of collection policy config: identity index out of range, requested 3, but identities length is 2")
   155  }
   156  
   157  func TestSetupGoodConfigCollection(t *testing.T) {
   158  	// create member access policy
   159  	var signers = [][]byte{[]byte("signer0"), []byte("signer1")}
   160  	policyEnvelope := policydsl.Envelope(policydsl.Or(policydsl.SignedBy(0), policydsl.SignedBy(1)), signers)
   161  	accessPolicy := createCollectionPolicyConfig(policyEnvelope)
   162  
   163  	// create static collection config
   164  	collectionConfig := &pb.StaticCollectionConfig{
   165  		Name:              "test collection",
   166  		RequiredPeerCount: 1,
   167  		MemberOrgsPolicy:  accessPolicy,
   168  	}
   169  
   170  	// set up simple collection with valid data
   171  	var sc SimpleCollection
   172  	err := sc.Setup(collectionConfig, &mockDeserializer{})
   173  	assert.NoError(t, err)
   174  
   175  	// check name
   176  	assert.True(t, sc.CollectionID() == "test collection")
   177  
   178  	// check members
   179  	members := sc.MemberOrgs()
   180  	assert.Contains(t, members, "signer0")
   181  	assert.Contains(t, members, "signer1")
   182  
   183  	// check required peer count
   184  	assert.True(t, sc.RequiredPeerCount() == 1)
   185  }
   186  
   187  func TestSimpleCollectionFilter(t *testing.T) {
   188  	// create member access policy
   189  	var signers = [][]byte{[]byte("signer0"), []byte("signer1")}
   190  	policyEnvelope := policydsl.Envelope(policydsl.Or(policydsl.SignedBy(0), policydsl.SignedBy(1)), signers)
   191  	accessPolicy := createCollectionPolicyConfig(policyEnvelope)
   192  
   193  	// create static collection config
   194  	collectionConfig := &pb.StaticCollectionConfig{
   195  		Name:              "test collection",
   196  		RequiredPeerCount: 1,
   197  		MemberOrgsPolicy:  accessPolicy,
   198  	}
   199  
   200  	// set up simple collection
   201  	var sc SimpleCollection
   202  	err := sc.Setup(collectionConfig, &mockDeserializer{})
   203  	assert.NoError(t, err)
   204  
   205  	// get the collection access filter
   206  	var cap CollectionAccessPolicy
   207  	cap = &sc
   208  	accessFilter := cap.AccessFilter()
   209  
   210  	// check filter: not a member of the collection
   211  	notMember := protoutil.SignedData{
   212  		Identity:  []byte{1, 2, 3},
   213  		Signature: []byte{},
   214  		Data:      []byte{},
   215  	}
   216  	assert.False(t, accessFilter(notMember))
   217  
   218  	// check filter: member of the collection
   219  	member := protoutil.SignedData{
   220  		Identity:  signers[0],
   221  		Signature: []byte{},
   222  		Data:      []byte{},
   223  	}
   224  	assert.True(t, accessFilter(member))
   225  }