github.com/yacovm/fabric@v2.0.0-alpha.0.20191128145320-c5d4087dc723+incompatible/integration/msp/msp_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package msp
     8  
     9  import (
    10  	"fmt"
    11  	"io"
    12  	"io/ioutil"
    13  	"os"
    14  	"path/filepath"
    15  	"syscall"
    16  
    17  	docker "github.com/fsouza/go-dockerclient"
    18  	"github.com/hyperledger/fabric/integration/nwo"
    19  	"github.com/hyperledger/fabric/integration/nwo/commands"
    20  	. "github.com/onsi/ginkgo"
    21  	. "github.com/onsi/gomega"
    22  	"github.com/onsi/gomega/gbytes"
    23  	"github.com/onsi/gomega/gexec"
    24  	"github.com/tedsuo/ifrit"
    25  )
    26  
    27  var _ = Describe("MSP identity test on a network with mutual TLS required", func() {
    28  	var (
    29  		client  *docker.Client
    30  		tempDir string
    31  		network *nwo.Network
    32  		process ifrit.Process
    33  	)
    34  
    35  	BeforeEach(func() {
    36  		var err error
    37  		tempDir, err = ioutil.TempDir("", "msp")
    38  		Expect(err).NotTo(HaveOccurred())
    39  
    40  		client, err = docker.NewClientFromEnv()
    41  		Expect(err).NotTo(HaveOccurred())
    42  
    43  		network = nwo.New(nwo.BasicSolo(), tempDir, client, StartPort(), components)
    44  	})
    45  
    46  	AfterEach(func() {
    47  		// Shutdown processes and cleanup
    48  		process.Signal(syscall.SIGTERM)
    49  		Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive())
    50  
    51  		if network != nil {
    52  			network.Cleanup()
    53  		}
    54  		os.RemoveAll(tempDir)
    55  	})
    56  
    57  	It("invokes chaincode on a peer that does not have a valid endorser identity", func() {
    58  		By("setting TLS ClientAuthRequired to be true for all peers and orderers")
    59  		network.ClientAuthRequired = true
    60  
    61  		network.GenerateConfigTree()
    62  		network.Bootstrap()
    63  
    64  		By("starting all processes for fabric")
    65  		networkRunner := network.NetworkGroupRunner()
    66  		process = ifrit.Invoke(networkRunner)
    67  		Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed())
    68  
    69  		peer := network.Peers[0]
    70  		orderer := network.Orderer("orderer")
    71  
    72  		By("creating and joining channels")
    73  		network.CreateAndJoinChannels(orderer)
    74  		By("enabling new lifecycle capabilities")
    75  		nwo.EnableCapabilities(network, "testchannel", "Application", "V2_0", orderer, network.Peer("Org1", "peer1"), network.Peer("Org2", "peer1"))
    76  
    77  		chaincode := nwo.Chaincode{
    78  			Name:            "mycc",
    79  			Version:         "0.0",
    80  			Path:            "github.com/hyperledger/fabric/integration/chaincode/simple/cmd",
    81  			Lang:            "golang",
    82  			PackageFile:     filepath.Join(tempDir, "simplecc.tar.gz"),
    83  			Ctor:            `{"Args":["init","a","100","b","200"]}`,
    84  			SignaturePolicy: `OR ('Org1MSP.peer', 'Org2MSP.peer')`,
    85  			Sequence:        "1",
    86  			InitRequired:    true,
    87  			Label:           "my_simple_chaincode",
    88  		}
    89  
    90  		By("deploying the chaincode")
    91  		nwo.DeployChaincode(network, "testchannel", orderer, chaincode)
    92  
    93  		By("querying and invoking chaincode with mutual TLS enabled")
    94  		RunQueryInvokeQuery(network, orderer, peer, 100)
    95  
    96  		By("replacing org2peer0's identity with a client identity")
    97  		org2Peer0 := network.Peer("Org2", "peer0")
    98  		org2Peer0MSPDir := network.PeerLocalMSPDir(org2Peer0)
    99  		org2User1MSPDir := network.PeerUserMSPDir(org2Peer0, "User1")
   100  
   101  		_, err := copyFile(filepath.Join(org2User1MSPDir, "signcerts", "User1@org2.example.com-cert.pem"), filepath.Join(org2Peer0MSPDir, "signcerts", "peer0.org2.example.com-cert.pem"))
   102  		Expect(err).NotTo(HaveOccurred())
   103  		_, err = copyFile(filepath.Join(org2User1MSPDir, "keystore", "priv_sk"), filepath.Join(org2Peer0MSPDir, "keystore", "priv_sk"))
   104  		Expect(err).NotTo(HaveOccurred())
   105  
   106  		By("restarting all fabric processes to reload MSP identities")
   107  		process.Signal(syscall.SIGTERM)
   108  		Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive())
   109  		networkRunner = network.NetworkGroupRunner()
   110  		process = ifrit.Invoke(networkRunner)
   111  		Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed())
   112  
   113  		By("attempting to invoke chaincode on a peer that does not have a valid endorser identity")
   114  		sess, err := network.PeerUserSession(peer, "User1", commands.ChaincodeInvoke{
   115  			ChannelID: "testchannel",
   116  			Orderer:   network.OrdererAddress(orderer, nwo.ListenPort),
   117  			Name:      "mycc",
   118  			Ctor:      `{"Args":["invoke","a","b","10"]}`,
   119  			PeerAddresses: []string{
   120  				network.PeerAddress(network.Peer("Org2", "peer0"), nwo.ListenPort),
   121  			},
   122  			WaitForEvent: true,
   123  			ClientAuth:   network.ClientAuthRequired,
   124  		})
   125  		Expect(err).NotTo(HaveOccurred())
   126  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(1))
   127  		Expect(sess.Err).To(gbytes.Say(`(ENDORSEMENT_POLICY_FAILURE)`))
   128  
   129  		By("reverifying the channel was not affected by the unauthorized endorsement")
   130  		sess, err = network.PeerUserSession(peer, "User1", commands.ChaincodeQuery{
   131  			ChannelID: "testchannel",
   132  			Name:      "mycc",
   133  			Ctor:      `{"Args":["query","a"]}`,
   134  		})
   135  		Expect(err).NotTo(HaveOccurred())
   136  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0))
   137  		Expect(sess).To(gbytes.Say("90"))
   138  	})
   139  })
   140  
   141  func RunQueryInvokeQuery(n *nwo.Network, orderer *nwo.Orderer, peer *nwo.Peer, initialQueryResult int) {
   142  	sess, err := n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{
   143  		ChannelID: "testchannel",
   144  		Name:      "mycc",
   145  		Ctor:      `{"Args":["query","a"]}`,
   146  	})
   147  	Expect(err).NotTo(HaveOccurred())
   148  	Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0))
   149  	Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult)))
   150  
   151  	sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeInvoke{
   152  		ChannelID: "testchannel",
   153  		Orderer:   n.OrdererAddress(orderer, nwo.ListenPort),
   154  		Name:      "mycc",
   155  		Ctor:      `{"Args":["invoke","a","b","10"]}`,
   156  		PeerAddresses: []string{
   157  			n.PeerAddress(n.Peer("Org1", "peer1"), nwo.ListenPort),
   158  			n.PeerAddress(n.Peer("Org2", "peer1"), nwo.ListenPort),
   159  		},
   160  		WaitForEvent: true,
   161  		ClientAuth:   n.ClientAuthRequired,
   162  	})
   163  	Expect(err).NotTo(HaveOccurred())
   164  	Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0))
   165  	Expect(sess.Err).To(gbytes.Say("Chaincode invoke successful. result: status:200"))
   166  
   167  	sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{
   168  		ChannelID: "testchannel",
   169  		Name:      "mycc",
   170  		Ctor:      `{"Args":["query","a"]}`,
   171  	})
   172  	Expect(err).NotTo(HaveOccurred())
   173  	Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0))
   174  	Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult - 10)))
   175  }
   176  
   177  func copyFile(src, dst string) (int64, error) {
   178  	source, err := os.Open(src)
   179  	if err != nil {
   180  		return 0, err
   181  	}
   182  	defer source.Close()
   183  
   184  	err = os.Remove(dst)
   185  	if err != nil {
   186  		return 0, err
   187  	}
   188  	destination, err := os.Create(dst)
   189  	if err != nil {
   190  		return 0, err
   191  	}
   192  	defer destination.Close()
   193  	nBytes, err := io.Copy(destination, source)
   194  	return nBytes, err
   195  }