github.com/xiaqingdoc/fabric@v2.1.1+incompatible/core/handlers/auth/filter/expiration_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package filter 8 9 import ( 10 "context" 11 "io/ioutil" 12 "path/filepath" 13 "testing" 14 15 "github.com/golang/protobuf/proto" 16 "github.com/hyperledger/fabric-protos-go/common" 17 "github.com/hyperledger/fabric-protos-go/msp" 18 "github.com/hyperledger/fabric-protos-go/peer" 19 "github.com/hyperledger/fabric/protoutil" 20 "github.com/stretchr/testify/assert" 21 ) 22 23 type mutator func([]byte) []byte 24 25 func noopMutator(b []byte) []byte { 26 return b 27 } 28 29 func corruptMutator(b []byte) []byte { 30 b = append(b, 0) 31 return b 32 } 33 34 func createX509Identity(t *testing.T, certFileName string) []byte { 35 certBytes, err := ioutil.ReadFile(filepath.Join("testdata", certFileName)) 36 assert.NoError(t, err) 37 sId := &msp.SerializedIdentity{ 38 IdBytes: certBytes, 39 } 40 idBytes, err := proto.Marshal(sId) 41 assert.NoError(t, err) 42 return idBytes 43 } 44 45 func createIdemixIdentity(t *testing.T) []byte { 46 idemixId := &msp.SerializedIdemixIdentity{ 47 NymX: []byte{1, 2, 3}, 48 NymY: []byte{1, 2, 3}, 49 Ou: []byte("OU1"), 50 } 51 idemixBytes, err := proto.Marshal(idemixId) 52 assert.NoError(t, err) 53 sId := &msp.SerializedIdentity{ 54 IdBytes: idemixBytes, 55 } 56 idBytes, err := proto.Marshal(sId) 57 assert.NoError(t, err) 58 return idBytes 59 } 60 61 func createSignedProposal(t *testing.T, serializedIdentity []byte, corruptSigHdr mutator, corruptHdr mutator) *peer.SignedProposal { 62 sHdr := protoutil.MakeSignatureHeader(serializedIdentity, nil) 63 hdr := protoutil.MakePayloadHeader(&common.ChannelHeader{}, sHdr) 64 hdr.SignatureHeader = corruptSigHdr(hdr.SignatureHeader) 65 hdrBytes, err := proto.Marshal(hdr) 66 assert.NoError(t, err) 67 prop := &peer.Proposal{ 68 Header: hdrBytes, 69 } 70 prop.Header = corruptHdr(prop.Header) 71 propBytes, err := proto.Marshal(prop) 72 assert.NoError(t, err) 73 return &peer.SignedProposal{ 74 ProposalBytes: propBytes, 75 } 76 } 77 78 func createValidSignedProposal(t *testing.T, serializedIdentity []byte) *peer.SignedProposal { 79 return createSignedProposal(t, serializedIdentity, noopMutator, noopMutator) 80 } 81 82 func createSignedProposalWithInvalidSigHeader(t *testing.T, serializedIdentity []byte) *peer.SignedProposal { 83 return createSignedProposal(t, serializedIdentity, corruptMutator, noopMutator) 84 } 85 86 func createSignedProposalWithInvalidHeader(t *testing.T, serializedIdentity []byte) *peer.SignedProposal { 87 return createSignedProposal(t, serializedIdentity, noopMutator, corruptMutator) 88 } 89 90 func TestExpirationCheckFilter(t *testing.T) { 91 nextEndorser := &mockEndorserServer{} 92 auth := NewExpirationCheckFilter() 93 auth.Init(nextEndorser) 94 95 // Scenario I: Expired x509 identity 96 sp := createValidSignedProposal(t, createX509Identity(t, "expiredCert.pem")) 97 _, err := auth.ProcessProposal(context.Background(), sp) 98 assert.Equal(t, err.Error(), "identity expired") 99 assert.False(t, nextEndorser.invoked) 100 101 // Scenario II: Not expired x509 identity 102 sp = createValidSignedProposal(t, createX509Identity(t, "notExpiredCert.pem")) 103 _, err = auth.ProcessProposal(context.Background(), sp) 104 assert.NoError(t, err) 105 assert.True(t, nextEndorser.invoked) 106 nextEndorser.invoked = false 107 108 // Scenario III: Idemix identity 109 sp = createValidSignedProposal(t, createIdemixIdentity(t)) 110 _, err = auth.ProcessProposal(context.Background(), sp) 111 assert.NoError(t, err) 112 assert.True(t, nextEndorser.invoked) 113 nextEndorser.invoked = false 114 115 // Scenario IV: Malformed proposal 116 sp = createValidSignedProposal(t, createX509Identity(t, "notExpiredCert.pem")) 117 sp.ProposalBytes = append(sp.ProposalBytes, 0) 118 _, err = auth.ProcessProposal(context.Background(), sp) 119 assert.Error(t, err) 120 assert.Contains(t, err.Error(), "failed parsing proposal") 121 assert.False(t, nextEndorser.invoked) 122 123 // Scenario V: Malformed signature header 124 sp = createSignedProposalWithInvalidSigHeader(t, createX509Identity(t, "notExpiredCert.pem")) 125 _, err = auth.ProcessProposal(context.Background(), sp) 126 assert.Error(t, err) 127 assert.Contains(t, err.Error(), "failed parsing signature header") 128 assert.False(t, nextEndorser.invoked) 129 130 // Scenario VI: Malformed header 131 sp = createSignedProposalWithInvalidHeader(t, createX509Identity(t, "notExpiredCert.pem")) 132 _, err = auth.ProcessProposal(context.Background(), sp) 133 assert.Error(t, err) 134 assert.Contains(t, err.Error(), "failed parsing header") 135 assert.False(t, nextEndorser.invoked) 136 }