github.com/yacovm/fabric@v2.0.0-alpha.0.20191128145320-c5d4087dc723+incompatible/integration/msp/msp_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package msp 8 9 import ( 10 "fmt" 11 "io" 12 "io/ioutil" 13 "os" 14 "path/filepath" 15 "syscall" 16 17 docker "github.com/fsouza/go-dockerclient" 18 "github.com/hyperledger/fabric/integration/nwo" 19 "github.com/hyperledger/fabric/integration/nwo/commands" 20 . "github.com/onsi/ginkgo" 21 . "github.com/onsi/gomega" 22 "github.com/onsi/gomega/gbytes" 23 "github.com/onsi/gomega/gexec" 24 "github.com/tedsuo/ifrit" 25 ) 26 27 var _ = Describe("MSP identity test on a network with mutual TLS required", func() { 28 var ( 29 client *docker.Client 30 tempDir string 31 network *nwo.Network 32 process ifrit.Process 33 ) 34 35 BeforeEach(func() { 36 var err error 37 tempDir, err = ioutil.TempDir("", "msp") 38 Expect(err).NotTo(HaveOccurred()) 39 40 client, err = docker.NewClientFromEnv() 41 Expect(err).NotTo(HaveOccurred()) 42 43 network = nwo.New(nwo.BasicSolo(), tempDir, client, StartPort(), components) 44 }) 45 46 AfterEach(func() { 47 // Shutdown processes and cleanup 48 process.Signal(syscall.SIGTERM) 49 Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive()) 50 51 if network != nil { 52 network.Cleanup() 53 } 54 os.RemoveAll(tempDir) 55 }) 56 57 It("invokes chaincode on a peer that does not have a valid endorser identity", func() { 58 By("setting TLS ClientAuthRequired to be true for all peers and orderers") 59 network.ClientAuthRequired = true 60 61 network.GenerateConfigTree() 62 network.Bootstrap() 63 64 By("starting all processes for fabric") 65 networkRunner := network.NetworkGroupRunner() 66 process = ifrit.Invoke(networkRunner) 67 Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed()) 68 69 peer := network.Peers[0] 70 orderer := network.Orderer("orderer") 71 72 By("creating and joining channels") 73 network.CreateAndJoinChannels(orderer) 74 By("enabling new lifecycle capabilities") 75 nwo.EnableCapabilities(network, "testchannel", "Application", "V2_0", orderer, network.Peer("Org1", "peer1"), network.Peer("Org2", "peer1")) 76 77 chaincode := nwo.Chaincode{ 78 Name: "mycc", 79 Version: "0.0", 80 Path: "github.com/hyperledger/fabric/integration/chaincode/simple/cmd", 81 Lang: "golang", 82 PackageFile: filepath.Join(tempDir, "simplecc.tar.gz"), 83 Ctor: `{"Args":["init","a","100","b","200"]}`, 84 SignaturePolicy: `OR ('Org1MSP.peer', 'Org2MSP.peer')`, 85 Sequence: "1", 86 InitRequired: true, 87 Label: "my_simple_chaincode", 88 } 89 90 By("deploying the chaincode") 91 nwo.DeployChaincode(network, "testchannel", orderer, chaincode) 92 93 By("querying and invoking chaincode with mutual TLS enabled") 94 RunQueryInvokeQuery(network, orderer, peer, 100) 95 96 By("replacing org2peer0's identity with a client identity") 97 org2Peer0 := network.Peer("Org2", "peer0") 98 org2Peer0MSPDir := network.PeerLocalMSPDir(org2Peer0) 99 org2User1MSPDir := network.PeerUserMSPDir(org2Peer0, "User1") 100 101 _, err := copyFile(filepath.Join(org2User1MSPDir, "signcerts", "User1@org2.example.com-cert.pem"), filepath.Join(org2Peer0MSPDir, "signcerts", "peer0.org2.example.com-cert.pem")) 102 Expect(err).NotTo(HaveOccurred()) 103 _, err = copyFile(filepath.Join(org2User1MSPDir, "keystore", "priv_sk"), filepath.Join(org2Peer0MSPDir, "keystore", "priv_sk")) 104 Expect(err).NotTo(HaveOccurred()) 105 106 By("restarting all fabric processes to reload MSP identities") 107 process.Signal(syscall.SIGTERM) 108 Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive()) 109 networkRunner = network.NetworkGroupRunner() 110 process = ifrit.Invoke(networkRunner) 111 Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed()) 112 113 By("attempting to invoke chaincode on a peer that does not have a valid endorser identity") 114 sess, err := network.PeerUserSession(peer, "User1", commands.ChaincodeInvoke{ 115 ChannelID: "testchannel", 116 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 117 Name: "mycc", 118 Ctor: `{"Args":["invoke","a","b","10"]}`, 119 PeerAddresses: []string{ 120 network.PeerAddress(network.Peer("Org2", "peer0"), nwo.ListenPort), 121 }, 122 WaitForEvent: true, 123 ClientAuth: network.ClientAuthRequired, 124 }) 125 Expect(err).NotTo(HaveOccurred()) 126 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(1)) 127 Expect(sess.Err).To(gbytes.Say(`(ENDORSEMENT_POLICY_FAILURE)`)) 128 129 By("reverifying the channel was not affected by the unauthorized endorsement") 130 sess, err = network.PeerUserSession(peer, "User1", commands.ChaincodeQuery{ 131 ChannelID: "testchannel", 132 Name: "mycc", 133 Ctor: `{"Args":["query","a"]}`, 134 }) 135 Expect(err).NotTo(HaveOccurred()) 136 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 137 Expect(sess).To(gbytes.Say("90")) 138 }) 139 }) 140 141 func RunQueryInvokeQuery(n *nwo.Network, orderer *nwo.Orderer, peer *nwo.Peer, initialQueryResult int) { 142 sess, err := n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{ 143 ChannelID: "testchannel", 144 Name: "mycc", 145 Ctor: `{"Args":["query","a"]}`, 146 }) 147 Expect(err).NotTo(HaveOccurred()) 148 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 149 Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult))) 150 151 sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeInvoke{ 152 ChannelID: "testchannel", 153 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 154 Name: "mycc", 155 Ctor: `{"Args":["invoke","a","b","10"]}`, 156 PeerAddresses: []string{ 157 n.PeerAddress(n.Peer("Org1", "peer1"), nwo.ListenPort), 158 n.PeerAddress(n.Peer("Org2", "peer1"), nwo.ListenPort), 159 }, 160 WaitForEvent: true, 161 ClientAuth: n.ClientAuthRequired, 162 }) 163 Expect(err).NotTo(HaveOccurred()) 164 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 165 Expect(sess.Err).To(gbytes.Say("Chaincode invoke successful. result: status:200")) 166 167 sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{ 168 ChannelID: "testchannel", 169 Name: "mycc", 170 Ctor: `{"Args":["query","a"]}`, 171 }) 172 Expect(err).NotTo(HaveOccurred()) 173 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 174 Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult - 10))) 175 } 176 177 func copyFile(src, dst string) (int64, error) { 178 source, err := os.Open(src) 179 if err != nil { 180 return 0, err 181 } 182 defer source.Close() 183 184 err = os.Remove(dst) 185 if err != nil { 186 return 0, err 187 } 188 destination, err := os.Create(dst) 189 if err != nil { 190 return 0, err 191 } 192 defer destination.Close() 193 nBytes, err := io.Copy(destination, source) 194 return nBytes, err 195 }