github.com/yacovm/fabric@v2.0.0-alpha.0.20191128145320-c5d4087dc723+incompatible/common/policies/convert_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package policies_test 8 9 import ( 10 "testing" 11 12 cb "github.com/hyperledger/fabric-protos-go/common" 13 mb "github.com/hyperledger/fabric-protos-go/msp" 14 "github.com/hyperledger/fabric/common/cauthdsl" 15 "github.com/hyperledger/fabric/common/policies" 16 "github.com/hyperledger/fabric/msp" 17 "github.com/hyperledger/fabric/protoutil" 18 "github.com/pkg/errors" 19 "github.com/stretchr/testify/assert" 20 ) 21 22 func TestImplicitMetaPolicy_Convert(t *testing.T) { 23 24 // Scenario: we attempt the conversion of a simple metapolicy requiring 25 // ALL of 2 sub-policies, each of which are plain signedby 26 27 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 28 29 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 30 Version: 0, 31 Rule: cauthdsl.SignedBy(0), 32 Identities: []*mb.MSPPrincipal{ 33 { 34 PrincipalClassification: mb.MSPPrincipal_ROLE, 35 Principal: protoutil.MarshalOrPanic( 36 &mb.MSPRole{ 37 Role: mb.MSPRole_MEMBER, 38 MspIdentifier: "A", 39 }, 40 ), 41 }, 42 }, 43 }) 44 assert.NotNil(t, p1) 45 assert.NoError(t, err) 46 47 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 48 Version: 0, 49 Rule: cauthdsl.SignedBy(0), 50 Identities: []*mb.MSPPrincipal{ 51 { 52 PrincipalClassification: mb.MSPPrincipal_ROLE, 53 Principal: protoutil.MarshalOrPanic( 54 &mb.MSPRole{ 55 Role: mb.MSPRole_MEMBER, 56 MspIdentifier: "B", 57 }, 58 ), 59 }, 60 }, 61 }) 62 assert.NotNil(t, p2) 63 assert.NoError(t, err) 64 65 p := &policies.PolicyLogger{ 66 Policy: &policies.ImplicitMetaPolicy{ 67 Threshold: 2, 68 SubPolicyName: "mypolicy", 69 SubPolicies: []policies.Policy{p1, p2}, 70 }, 71 } 72 73 spe, err := p.Convert() 74 assert.NoError(t, err) 75 assert.NotNil(t, spe) 76 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 77 Version: 0, 78 Rule: cauthdsl.And( 79 cauthdsl.SignedBy(0), 80 cauthdsl.SignedBy(1), 81 ), 82 Identities: []*mb.MSPPrincipal{ 83 { 84 PrincipalClassification: mb.MSPPrincipal_ROLE, 85 Principal: protoutil.MarshalOrPanic( 86 &mb.MSPRole{ 87 Role: mb.MSPRole_MEMBER, 88 MspIdentifier: "A", 89 }, 90 ), 91 }, 92 { 93 PrincipalClassification: mb.MSPPrincipal_ROLE, 94 Principal: protoutil.MarshalOrPanic( 95 &mb.MSPRole{ 96 Role: mb.MSPRole_MEMBER, 97 MspIdentifier: "B", 98 }, 99 ), 100 }, 101 }, 102 }, spe) 103 } 104 105 func TestImplicitMetaPolicy_Convert1(t *testing.T) { 106 107 // Scenario: we attempt the conversion of a metapolicy requiring 108 // ALL of 2 sub-policies, where the first one is an OR of 2 and 109 // the second one is an OR of 1, with a principal that is already 110 // referenced by the first 111 112 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 113 114 p1, err := pfs.NewPolicy(cauthdsl.SignedByAnyMember([]string{"A", "B"})) 115 assert.NotNil(t, p1) 116 assert.NoError(t, err) 117 118 p2, err := pfs.NewPolicy(cauthdsl.SignedByAnyMember([]string{"B"})) 119 assert.NotNil(t, p2) 120 assert.NoError(t, err) 121 122 p := &policies.ImplicitMetaPolicy{ 123 Threshold: 2, 124 SubPolicyName: "mypolicy", 125 SubPolicies: []policies.Policy{p1, p2}, 126 } 127 128 spe, err := p.Convert() 129 assert.NoError(t, err) 130 assert.NotNil(t, spe) 131 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 132 Version: 0, 133 Rule: cauthdsl.And( 134 cauthdsl.Or( 135 cauthdsl.SignedBy(0), 136 cauthdsl.SignedBy(1), 137 ), 138 cauthdsl.NOutOf(1, 139 []*cb.SignaturePolicy{cauthdsl.SignedBy(1)}, 140 ), 141 ), 142 Identities: []*mb.MSPPrincipal{ 143 { 144 PrincipalClassification: mb.MSPPrincipal_ROLE, 145 Principal: protoutil.MarshalOrPanic( 146 &mb.MSPRole{ 147 Role: mb.MSPRole_MEMBER, 148 MspIdentifier: "A", 149 }, 150 ), 151 }, 152 { 153 PrincipalClassification: mb.MSPPrincipal_ROLE, 154 Principal: protoutil.MarshalOrPanic( 155 &mb.MSPRole{ 156 Role: mb.MSPRole_MEMBER, 157 MspIdentifier: "B", 158 }, 159 ), 160 }, 161 }, 162 }, spe) 163 } 164 165 func TestImplicitMetaPolicy_Convert2(t *testing.T) { 166 167 // Scenario: we attempt the conversion of a metapolicy requiring 168 // ALL of 2 sub-policies, where the first one is an OR of an AND 169 // of 2 and an OR of 1 and the second one is an AND of 2, with 170 // principal deduplication required 171 172 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 173 174 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 175 Version: 0, 176 Rule: cauthdsl.NOutOf(1, 177 []*cb.SignaturePolicy{ 178 cauthdsl.NOutOf(2, 179 []*cb.SignaturePolicy{ 180 cauthdsl.SignedBy(0), 181 cauthdsl.SignedBy(1), 182 }, 183 ), 184 cauthdsl.NOutOf(1, 185 []*cb.SignaturePolicy{ 186 cauthdsl.SignedBy(2), 187 }, 188 ), 189 }, 190 ), 191 Identities: []*mb.MSPPrincipal{ 192 { 193 PrincipalClassification: mb.MSPPrincipal_ROLE, 194 Principal: protoutil.MarshalOrPanic( 195 &mb.MSPRole{ 196 Role: mb.MSPRole_MEMBER, 197 MspIdentifier: "B", 198 }, 199 ), 200 }, 201 { 202 PrincipalClassification: mb.MSPPrincipal_ROLE, 203 Principal: protoutil.MarshalOrPanic( 204 &mb.MSPRole{ 205 Role: mb.MSPRole_MEMBER, 206 MspIdentifier: "C", 207 }, 208 ), 209 }, 210 { 211 PrincipalClassification: mb.MSPPrincipal_ROLE, 212 Principal: protoutil.MarshalOrPanic( 213 &mb.MSPRole{ 214 Role: mb.MSPRole_MEMBER, 215 MspIdentifier: "D", 216 }, 217 ), 218 }, 219 }, 220 }) 221 assert.NotNil(t, p1) 222 assert.NoError(t, err) 223 224 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 225 Version: 0, 226 Rule: cauthdsl.NOutOf(2, 227 []*cb.SignaturePolicy{ 228 cauthdsl.SignedBy(0), 229 cauthdsl.SignedBy(1), 230 }, 231 ), 232 Identities: []*mb.MSPPrincipal{ 233 { 234 PrincipalClassification: mb.MSPPrincipal_ROLE, 235 Principal: protoutil.MarshalOrPanic( 236 &mb.MSPRole{ 237 Role: mb.MSPRole_MEMBER, 238 MspIdentifier: "A", 239 }, 240 ), 241 }, 242 { 243 PrincipalClassification: mb.MSPPrincipal_ROLE, 244 Principal: protoutil.MarshalOrPanic( 245 &mb.MSPRole{ 246 Role: mb.MSPRole_MEMBER, 247 MspIdentifier: "B", 248 }, 249 ), 250 }, 251 }, 252 }) 253 assert.NotNil(t, p2) 254 assert.NoError(t, err) 255 256 p := &policies.ImplicitMetaPolicy{ 257 Threshold: 2, 258 SubPolicyName: "mypolicy", 259 SubPolicies: []policies.Policy{p1, p2}, 260 } 261 262 spe, err := p.Convert() 263 assert.NoError(t, err) 264 assert.NotNil(t, spe) 265 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 266 Version: 0, 267 Rule: cauthdsl.And( 268 cauthdsl.NOutOf(1, 269 []*cb.SignaturePolicy{ 270 cauthdsl.NOutOf(2, 271 []*cb.SignaturePolicy{ 272 cauthdsl.SignedBy(0), 273 cauthdsl.SignedBy(1), 274 }, 275 ), 276 cauthdsl.NOutOf(1, 277 []*cb.SignaturePolicy{ 278 cauthdsl.SignedBy(2), 279 }, 280 ), 281 }, 282 ), 283 cauthdsl.NOutOf(2, 284 []*cb.SignaturePolicy{ 285 cauthdsl.SignedBy(3), 286 cauthdsl.SignedBy(0), 287 }, 288 ), 289 ), 290 Identities: []*mb.MSPPrincipal{ 291 { 292 PrincipalClassification: mb.MSPPrincipal_ROLE, 293 Principal: protoutil.MarshalOrPanic( 294 &mb.MSPRole{ 295 Role: mb.MSPRole_MEMBER, 296 MspIdentifier: "B", 297 }, 298 ), 299 }, 300 { 301 PrincipalClassification: mb.MSPPrincipal_ROLE, 302 Principal: protoutil.MarshalOrPanic( 303 &mb.MSPRole{ 304 Role: mb.MSPRole_MEMBER, 305 MspIdentifier: "C", 306 }, 307 ), 308 }, 309 { 310 PrincipalClassification: mb.MSPPrincipal_ROLE, 311 Principal: protoutil.MarshalOrPanic( 312 &mb.MSPRole{ 313 Role: mb.MSPRole_MEMBER, 314 MspIdentifier: "D", 315 }, 316 ), 317 }, 318 { 319 PrincipalClassification: mb.MSPPrincipal_ROLE, 320 Principal: protoutil.MarshalOrPanic( 321 &mb.MSPRole{ 322 Role: mb.MSPRole_MEMBER, 323 MspIdentifier: "A", 324 }, 325 ), 326 }, 327 }, 328 }, spe) 329 } 330 331 func TestImplicitMetaPolicy_Convert3(t *testing.T) { 332 333 // Scenario: we attempt the conversion of a metapolicy requiring 334 // ALL of 2 sub-policies, where the first one is a metapolicy itself, 335 // requiring ALL of 2 simple subpolicies to be satisfied and the 336 // second is a simple subpolicy, with no principal deduplication 337 338 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 339 340 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 341 Version: 0, 342 Rule: cauthdsl.SignedBy(0), 343 Identities: []*mb.MSPPrincipal{ 344 { 345 PrincipalClassification: mb.MSPPrincipal_ROLE, 346 Principal: protoutil.MarshalOrPanic( 347 &mb.MSPRole{ 348 Role: mb.MSPRole_MEMBER, 349 MspIdentifier: "A", 350 }, 351 ), 352 }, 353 }, 354 }) 355 assert.NotNil(t, p1) 356 assert.NoError(t, err) 357 358 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 359 Version: 0, 360 Rule: cauthdsl.SignedBy(0), 361 Identities: []*mb.MSPPrincipal{ 362 { 363 PrincipalClassification: mb.MSPPrincipal_ROLE, 364 Principal: protoutil.MarshalOrPanic( 365 &mb.MSPRole{ 366 Role: mb.MSPRole_MEMBER, 367 MspIdentifier: "B", 368 }, 369 ), 370 }, 371 }, 372 }) 373 assert.NotNil(t, p2) 374 assert.NoError(t, err) 375 376 p3, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 377 Version: 0, 378 Rule: cauthdsl.SignedBy(0), 379 Identities: []*mb.MSPPrincipal{ 380 { 381 PrincipalClassification: mb.MSPPrincipal_ROLE, 382 Principal: protoutil.MarshalOrPanic( 383 &mb.MSPRole{ 384 Role: mb.MSPRole_MEMBER, 385 MspIdentifier: "C", 386 }, 387 ), 388 }, 389 }, 390 }) 391 assert.NotNil(t, p3) 392 assert.NoError(t, err) 393 394 mp1 := &policies.ImplicitMetaPolicy{ 395 Threshold: 2, 396 SubPolicyName: "mypolicy", 397 SubPolicies: []policies.Policy{p1, p2}, 398 } 399 400 mp2 := &policies.ImplicitMetaPolicy{ 401 Threshold: 2, 402 SubPolicyName: "mypolicy", 403 SubPolicies: []policies.Policy{mp1, p3}, 404 } 405 406 spe, err := mp2.Convert() 407 assert.NoError(t, err) 408 assert.NotNil(t, spe) 409 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 410 Version: 0, 411 Rule: cauthdsl.And( 412 cauthdsl.And( 413 cauthdsl.SignedBy(0), 414 cauthdsl.SignedBy(1), 415 ), 416 cauthdsl.SignedBy(2), 417 ), 418 Identities: []*mb.MSPPrincipal{ 419 { 420 PrincipalClassification: mb.MSPPrincipal_ROLE, 421 Principal: protoutil.MarshalOrPanic( 422 &mb.MSPRole{ 423 Role: mb.MSPRole_MEMBER, 424 MspIdentifier: "A", 425 }, 426 ), 427 }, 428 { 429 PrincipalClassification: mb.MSPPrincipal_ROLE, 430 Principal: protoutil.MarshalOrPanic( 431 &mb.MSPRole{ 432 Role: mb.MSPRole_MEMBER, 433 MspIdentifier: "B", 434 }, 435 ), 436 }, 437 { 438 PrincipalClassification: mb.MSPPrincipal_ROLE, 439 Principal: protoutil.MarshalOrPanic( 440 &mb.MSPRole{ 441 Role: mb.MSPRole_MEMBER, 442 MspIdentifier: "C", 443 }, 444 ), 445 }, 446 }, 447 }, spe) 448 } 449 450 func TestImplicitMetaPolicy_Convert4(t *testing.T) { 451 452 // Scenario: we attempt the conversion of a metapolicy requiring 453 // ALL of 2 sub-policies, where the first one is a metapolicy itself, 454 // requiring ALL of 2 simple subpolicies to be satisfied and the 455 // second is a simple subpolicy, with principal deduplication 456 457 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 458 459 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 460 Version: 0, 461 Rule: cauthdsl.SignedBy(0), 462 Identities: []*mb.MSPPrincipal{ 463 { 464 PrincipalClassification: mb.MSPPrincipal_ROLE, 465 Principal: protoutil.MarshalOrPanic( 466 &mb.MSPRole{ 467 Role: mb.MSPRole_MEMBER, 468 MspIdentifier: "A", 469 }, 470 ), 471 }, 472 }, 473 }) 474 assert.NotNil(t, p1) 475 assert.NoError(t, err) 476 477 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 478 Version: 0, 479 Rule: cauthdsl.SignedBy(0), 480 Identities: []*mb.MSPPrincipal{ 481 { 482 PrincipalClassification: mb.MSPPrincipal_ROLE, 483 Principal: protoutil.MarshalOrPanic( 484 &mb.MSPRole{ 485 Role: mb.MSPRole_MEMBER, 486 MspIdentifier: "A", 487 }, 488 ), 489 }, 490 }, 491 }) 492 assert.NotNil(t, p2) 493 assert.NoError(t, err) 494 495 p3, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 496 Version: 0, 497 Rule: cauthdsl.SignedBy(0), 498 Identities: []*mb.MSPPrincipal{ 499 { 500 PrincipalClassification: mb.MSPPrincipal_ROLE, 501 Principal: protoutil.MarshalOrPanic( 502 &mb.MSPRole{ 503 Role: mb.MSPRole_MEMBER, 504 MspIdentifier: "A", 505 }, 506 ), 507 }, 508 }, 509 }) 510 assert.NotNil(t, p3) 511 assert.NoError(t, err) 512 513 mp1 := &policies.ImplicitMetaPolicy{ 514 Threshold: 2, 515 SubPolicyName: "mypolicy", 516 SubPolicies: []policies.Policy{p1, p2}, 517 } 518 519 mp2 := &policies.ImplicitMetaPolicy{ 520 Threshold: 2, 521 SubPolicyName: "mypolicy", 522 SubPolicies: []policies.Policy{mp1, p3}, 523 } 524 525 spe, err := mp2.Convert() 526 assert.NoError(t, err) 527 assert.NotNil(t, spe) 528 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 529 Version: 0, 530 Rule: cauthdsl.And( 531 cauthdsl.And( 532 cauthdsl.SignedBy(0), 533 cauthdsl.SignedBy(0), 534 ), 535 cauthdsl.SignedBy(0), 536 ), 537 Identities: []*mb.MSPPrincipal{ 538 { 539 PrincipalClassification: mb.MSPPrincipal_ROLE, 540 Principal: protoutil.MarshalOrPanic( 541 &mb.MSPRole{ 542 Role: mb.MSPRole_MEMBER, 543 MspIdentifier: "A", 544 }, 545 ), 546 }, 547 }, 548 }, spe) 549 } 550 551 func TestImplicitMetaPolicy_Convert5(t *testing.T) { 552 553 // Scenario: we attempt the conversion of a metapolicy requiring 554 // ALL of 2 sub-policies, where the first one is an OR of an AND 555 // of 2 and an OR of 1 and the second one is an AND of 2, with 556 // principal deduplication required both across the two subpolicies 557 // and within the first 558 559 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 560 561 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 562 Version: 0, 563 Rule: cauthdsl.NOutOf(1, 564 []*cb.SignaturePolicy{ 565 cauthdsl.NOutOf(2, 566 []*cb.SignaturePolicy{ 567 cauthdsl.SignedBy(0), 568 cauthdsl.SignedBy(1), 569 }, 570 ), 571 cauthdsl.NOutOf(1, 572 []*cb.SignaturePolicy{ 573 cauthdsl.SignedBy(2), 574 }, 575 ), 576 }, 577 ), 578 Identities: []*mb.MSPPrincipal{ 579 { 580 PrincipalClassification: mb.MSPPrincipal_ROLE, 581 Principal: protoutil.MarshalOrPanic( 582 &mb.MSPRole{ 583 Role: mb.MSPRole_MEMBER, 584 MspIdentifier: "B", 585 }, 586 ), 587 }, 588 { 589 PrincipalClassification: mb.MSPPrincipal_ROLE, 590 Principal: protoutil.MarshalOrPanic( 591 &mb.MSPRole{ 592 Role: mb.MSPRole_MEMBER, 593 MspIdentifier: "C", 594 }, 595 ), 596 }, 597 { 598 PrincipalClassification: mb.MSPPrincipal_ROLE, 599 Principal: protoutil.MarshalOrPanic( 600 &mb.MSPRole{ 601 Role: mb.MSPRole_MEMBER, 602 MspIdentifier: "B", 603 }, 604 ), 605 }, 606 }, 607 }) 608 assert.NotNil(t, p1) 609 assert.NoError(t, err) 610 611 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 612 Version: 0, 613 Rule: cauthdsl.NOutOf(2, 614 []*cb.SignaturePolicy{ 615 cauthdsl.SignedBy(0), 616 cauthdsl.SignedBy(1), 617 }, 618 ), 619 Identities: []*mb.MSPPrincipal{ 620 { 621 PrincipalClassification: mb.MSPPrincipal_ROLE, 622 Principal: protoutil.MarshalOrPanic( 623 &mb.MSPRole{ 624 Role: mb.MSPRole_MEMBER, 625 MspIdentifier: "A", 626 }, 627 ), 628 }, 629 { 630 PrincipalClassification: mb.MSPPrincipal_ROLE, 631 Principal: protoutil.MarshalOrPanic( 632 &mb.MSPRole{ 633 Role: mb.MSPRole_MEMBER, 634 MspIdentifier: "B", 635 }, 636 ), 637 }, 638 }, 639 }) 640 assert.NotNil(t, p2) 641 assert.NoError(t, err) 642 643 p := &policies.ImplicitMetaPolicy{ 644 Threshold: 2, 645 SubPolicyName: "mypolicy", 646 SubPolicies: []policies.Policy{p1, p2}, 647 } 648 649 spe, err := p.Convert() 650 assert.NoError(t, err) 651 assert.NotNil(t, spe) 652 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 653 Version: 0, 654 Rule: cauthdsl.And( 655 cauthdsl.NOutOf(1, 656 []*cb.SignaturePolicy{ 657 cauthdsl.NOutOf(2, 658 []*cb.SignaturePolicy{ 659 cauthdsl.SignedBy(0), 660 cauthdsl.SignedBy(1), 661 }, 662 ), 663 cauthdsl.NOutOf(1, 664 []*cb.SignaturePolicy{ 665 cauthdsl.SignedBy(0), 666 }, 667 ), 668 }, 669 ), 670 cauthdsl.NOutOf(2, 671 []*cb.SignaturePolicy{ 672 cauthdsl.SignedBy(2), 673 cauthdsl.SignedBy(0), 674 }, 675 ), 676 ), 677 Identities: []*mb.MSPPrincipal{ 678 { 679 PrincipalClassification: mb.MSPPrincipal_ROLE, 680 Principal: protoutil.MarshalOrPanic( 681 &mb.MSPRole{ 682 Role: mb.MSPRole_MEMBER, 683 MspIdentifier: "B", 684 }, 685 ), 686 }, 687 { 688 PrincipalClassification: mb.MSPPrincipal_ROLE, 689 Principal: protoutil.MarshalOrPanic( 690 &mb.MSPRole{ 691 Role: mb.MSPRole_MEMBER, 692 MspIdentifier: "C", 693 }, 694 ), 695 }, 696 { 697 PrincipalClassification: mb.MSPPrincipal_ROLE, 698 Principal: protoutil.MarshalOrPanic( 699 &mb.MSPRole{ 700 Role: mb.MSPRole_MEMBER, 701 MspIdentifier: "A", 702 }, 703 ), 704 }, 705 }, 706 }, spe) 707 } 708 709 func TestImplicitMetaPolicy_Convert6(t *testing.T) { 710 711 // Scenario: we attempt the conversion of a metapolicy requiring 712 // ALL of 2 sub-policies, where the first one is an OR of an AND 713 // of 2 and an OR of 1 and the second one is an AND of 2, with 714 // principal deduplication required both across the two subpolicies 715 // and within the first and the second 716 717 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 718 719 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 720 Version: 0, 721 Rule: cauthdsl.NOutOf(1, 722 []*cb.SignaturePolicy{ 723 cauthdsl.NOutOf(2, 724 []*cb.SignaturePolicy{ 725 cauthdsl.SignedBy(0), 726 cauthdsl.SignedBy(1), 727 }, 728 ), 729 cauthdsl.NOutOf(1, 730 []*cb.SignaturePolicy{ 731 cauthdsl.SignedBy(2), 732 }, 733 ), 734 }, 735 ), 736 Identities: []*mb.MSPPrincipal{ 737 { 738 PrincipalClassification: mb.MSPPrincipal_ROLE, 739 Principal: protoutil.MarshalOrPanic( 740 &mb.MSPRole{ 741 Role: mb.MSPRole_MEMBER, 742 MspIdentifier: "B", 743 }, 744 ), 745 }, 746 { 747 PrincipalClassification: mb.MSPPrincipal_ROLE, 748 Principal: protoutil.MarshalOrPanic( 749 &mb.MSPRole{ 750 Role: mb.MSPRole_MEMBER, 751 MspIdentifier: "C", 752 }, 753 ), 754 }, 755 { 756 PrincipalClassification: mb.MSPPrincipal_ROLE, 757 Principal: protoutil.MarshalOrPanic( 758 &mb.MSPRole{ 759 Role: mb.MSPRole_MEMBER, 760 MspIdentifier: "B", 761 }, 762 ), 763 }, 764 }, 765 }) 766 assert.NotNil(t, p1) 767 assert.NoError(t, err) 768 769 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 770 Version: 0, 771 Rule: cauthdsl.NOutOf(2, 772 []*cb.SignaturePolicy{ 773 cauthdsl.SignedBy(0), 774 cauthdsl.SignedBy(1), 775 }, 776 ), 777 Identities: []*mb.MSPPrincipal{ 778 { 779 PrincipalClassification: mb.MSPPrincipal_ROLE, 780 Principal: protoutil.MarshalOrPanic( 781 &mb.MSPRole{ 782 Role: mb.MSPRole_MEMBER, 783 MspIdentifier: "B", 784 }, 785 ), 786 }, 787 { 788 PrincipalClassification: mb.MSPPrincipal_ROLE, 789 Principal: protoutil.MarshalOrPanic( 790 &mb.MSPRole{ 791 Role: mb.MSPRole_MEMBER, 792 MspIdentifier: "B", 793 }, 794 ), 795 }, 796 }, 797 }) 798 assert.NotNil(t, p2) 799 assert.NoError(t, err) 800 801 p := &policies.ImplicitMetaPolicy{ 802 Threshold: 2, 803 SubPolicyName: "mypolicy", 804 SubPolicies: []policies.Policy{p1, p2}, 805 } 806 807 spe, err := p.Convert() 808 assert.NoError(t, err) 809 assert.NotNil(t, spe) 810 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 811 Version: 0, 812 Rule: cauthdsl.And( 813 cauthdsl.NOutOf(1, 814 []*cb.SignaturePolicy{ 815 cauthdsl.NOutOf(2, 816 []*cb.SignaturePolicy{ 817 cauthdsl.SignedBy(0), 818 cauthdsl.SignedBy(1), 819 }, 820 ), 821 cauthdsl.NOutOf(1, 822 []*cb.SignaturePolicy{ 823 cauthdsl.SignedBy(0), 824 }, 825 ), 826 }, 827 ), 828 cauthdsl.NOutOf(2, 829 []*cb.SignaturePolicy{ 830 cauthdsl.SignedBy(0), 831 cauthdsl.SignedBy(0), 832 }, 833 ), 834 ), 835 Identities: []*mb.MSPPrincipal{ 836 { 837 PrincipalClassification: mb.MSPPrincipal_ROLE, 838 Principal: protoutil.MarshalOrPanic( 839 &mb.MSPRole{ 840 Role: mb.MSPRole_MEMBER, 841 MspIdentifier: "B", 842 }, 843 ), 844 }, 845 { 846 PrincipalClassification: mb.MSPPrincipal_ROLE, 847 Principal: protoutil.MarshalOrPanic( 848 &mb.MSPRole{ 849 Role: mb.MSPRole_MEMBER, 850 MspIdentifier: "C", 851 }, 852 ), 853 }, 854 }, 855 }, spe) 856 } 857 858 type inconvertiblePolicy struct{} 859 860 func (i *inconvertiblePolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error { 861 return nil 862 } 863 864 func (i *inconvertiblePolicy) EvaluateIdentities(signatureSet []msp.Identity) error { 865 return nil 866 } 867 868 func TestImplicitMetaPolicy_Convert7(t *testing.T) { 869 870 // Scenario: we attempt the conversion of a metapolicy 871 // with an incovertible subpolicy 872 873 p := &policies.ImplicitMetaPolicy{ 874 Threshold: 2, 875 SubPolicyName: "mypolicy", 876 SubPolicies: []policies.Policy{&inconvertiblePolicy{}}, 877 } 878 879 spe, err := p.Convert() 880 assert.EqualError(t, err, "subpolicy number 0 type *policies_test.inconvertiblePolicy of policy mypolicy is not convertible") 881 assert.Nil(t, spe) 882 } 883 884 type convertFailurePolicy struct{} 885 886 func (i *convertFailurePolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error { 887 return nil 888 } 889 890 func (i *convertFailurePolicy) EvaluateIdentities(identities []msp.Identity) error { 891 return nil 892 } 893 894 func (i *convertFailurePolicy) Convert() (*cb.SignaturePolicyEnvelope, error) { 895 return nil, errors.New("nope") 896 } 897 898 func TestImplicitMetaPolicy_Convert8(t *testing.T) { 899 900 // Scenario: we attempt the conversion of a metapolicy 901 // with a subpolicy whose conversion fails 902 903 p := &policies.PolicyLogger{ 904 Policy: &policies.ImplicitMetaPolicy{ 905 Threshold: 2, 906 SubPolicyName: "mypolicy", 907 SubPolicies: []policies.Policy{&convertFailurePolicy{}}, 908 }, 909 } 910 911 spe, err := p.Convert() 912 assert.EqualError(t, err, "failed to convert subpolicy number 0 of policy mypolicy: nope") 913 assert.Nil(t, spe) 914 }