github.com/xiaqingdoc/fabric@v2.1.1+incompatible/core/handlers/auth/filter/expiration_test.go

github.com/xiaqingdoc/fabric@v2.1.1+incompatible/core/handlers/auth/filter/expiration_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package filter
     8  
     9  import (
    10  	"context"
    11  	"io/ioutil"
    12  	"path/filepath"
    13  	"testing"
    14  
    15  	"github.com/golang/protobuf/proto"
    16  	"github.com/hyperledger/fabric-protos-go/common"
    17  	"github.com/hyperledger/fabric-protos-go/msp"
    18  	"github.com/hyperledger/fabric-protos-go/peer"
    19  	"github.com/hyperledger/fabric/protoutil"
    20  	"github.com/stretchr/testify/assert"
    21  )
    22  
    23  type mutator func([]byte) []byte
    24  
    25  func noopMutator(b []byte) []byte {
    26  	return b
    27  }
    28  
    29  func corruptMutator(b []byte) []byte {
    30  	b = append(b, 0)
    31  	return b
    32  }
    33  
    34  func createX509Identity(t *testing.T, certFileName string) []byte {
    35  	certBytes, err := ioutil.ReadFile(filepath.Join("testdata", certFileName))
    36  	assert.NoError(t, err)
    37  	sId := &msp.SerializedIdentity{
    38  		IdBytes: certBytes,
    39  	}
    40  	idBytes, err := proto.Marshal(sId)
    41  	assert.NoError(t, err)
    42  	return idBytes
    43  }
    44  
    45  func createIdemixIdentity(t *testing.T) []byte {
    46  	idemixId := &msp.SerializedIdemixIdentity{
    47  		NymX: []byte{1, 2, 3},
    48  		NymY: []byte{1, 2, 3},
    49  		Ou:   []byte("OU1"),
    50  	}
    51  	idemixBytes, err := proto.Marshal(idemixId)
    52  	assert.NoError(t, err)
    53  	sId := &msp.SerializedIdentity{
    54  		IdBytes: idemixBytes,
    55  	}
    56  	idBytes, err := proto.Marshal(sId)
    57  	assert.NoError(t, err)
    58  	return idBytes
    59  }
    60  
    61  func createSignedProposal(t *testing.T, serializedIdentity []byte, corruptSigHdr mutator, corruptHdr mutator) *peer.SignedProposal {
    62  	sHdr := protoutil.MakeSignatureHeader(serializedIdentity, nil)
    63  	hdr := protoutil.MakePayloadHeader(&common.ChannelHeader{}, sHdr)
    64  	hdr.SignatureHeader = corruptSigHdr(hdr.SignatureHeader)
    65  	hdrBytes, err := proto.Marshal(hdr)
    66  	assert.NoError(t, err)
    67  	prop := &peer.Proposal{
    68  		Header: hdrBytes,
    69  	}
    70  	prop.Header = corruptHdr(prop.Header)
    71  	propBytes, err := proto.Marshal(prop)
    72  	assert.NoError(t, err)
    73  	return &peer.SignedProposal{
    74  		ProposalBytes: propBytes,
    75  	}
    76  }
    77  
    78  func createValidSignedProposal(t *testing.T, serializedIdentity []byte) *peer.SignedProposal {
    79  	return createSignedProposal(t, serializedIdentity, noopMutator, noopMutator)
    80  }
    81  
    82  func createSignedProposalWithInvalidSigHeader(t *testing.T, serializedIdentity []byte) *peer.SignedProposal {
    83  	return createSignedProposal(t, serializedIdentity, corruptMutator, noopMutator)
    84  }
    85  
    86  func createSignedProposalWithInvalidHeader(t *testing.T, serializedIdentity []byte) *peer.SignedProposal {
    87  	return createSignedProposal(t, serializedIdentity, noopMutator, corruptMutator)
    88  }
    89  
    90  func TestExpirationCheckFilter(t *testing.T) {
    91  	nextEndorser := &mockEndorserServer{}
    92  	auth := NewExpirationCheckFilter()
    93  	auth.Init(nextEndorser)
    94  
    95  	// Scenario I: Expired x509 identity
    96  	sp := createValidSignedProposal(t, createX509Identity(t, "expiredCert.pem"))
    97  	_, err := auth.ProcessProposal(context.Background(), sp)
    98  	assert.Equal(t, err.Error(), "identity expired")
    99  	assert.False(t, nextEndorser.invoked)
   100  
   101  	// Scenario II: Not expired x509 identity
   102  	sp = createValidSignedProposal(t, createX509Identity(t, "notExpiredCert.pem"))
   103  	_, err = auth.ProcessProposal(context.Background(), sp)
   104  	assert.NoError(t, err)
   105  	assert.True(t, nextEndorser.invoked)
   106  	nextEndorser.invoked = false
   107  
   108  	// Scenario III: Idemix identity
   109  	sp = createValidSignedProposal(t, createIdemixIdentity(t))
   110  	_, err = auth.ProcessProposal(context.Background(), sp)
   111  	assert.NoError(t, err)
   112  	assert.True(t, nextEndorser.invoked)
   113  	nextEndorser.invoked = false
   114  
   115  	// Scenario IV: Malformed proposal
   116  	sp = createValidSignedProposal(t, createX509Identity(t, "notExpiredCert.pem"))
   117  	sp.ProposalBytes = append(sp.ProposalBytes, 0)
   118  	_, err = auth.ProcessProposal(context.Background(), sp)
   119  	assert.Error(t, err)
   120  	assert.Contains(t, err.Error(), "failed parsing proposal")
   121  	assert.False(t, nextEndorser.invoked)
   122  
   123  	// Scenario V: Malformed signature header
   124  	sp = createSignedProposalWithInvalidSigHeader(t, createX509Identity(t, "notExpiredCert.pem"))
   125  	_, err = auth.ProcessProposal(context.Background(), sp)
   126  	assert.Error(t, err)
   127  	assert.Contains(t, err.Error(), "failed parsing signature header")
   128  	assert.False(t, nextEndorser.invoked)
   129  
   130  	// Scenario VI: Malformed header
   131  	sp = createSignedProposalWithInvalidHeader(t, createX509Identity(t, "notExpiredCert.pem"))
   132  	_, err = auth.ProcessProposal(context.Background(), sp)
   133  	assert.Error(t, err)
   134  	assert.Contains(t, err.Error(), "failed parsing header")
   135  	assert.False(t, nextEndorser.invoked)
   136  }