github.com/zhouxv/fabric@v2.1.1+incompatible/msp/msp_test.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 6 */ 7 8 package msp 9 10 import ( 11 "crypto/ecdsa" 12 "crypto/x509" 13 "encoding/hex" 14 "encoding/pem" 15 "errors" 16 "fmt" 17 "os" 18 "path/filepath" 19 "reflect" 20 "testing" 21 "time" 22 23 "github.com/golang/protobuf/proto" 24 "github.com/hyperledger/fabric-protos-go/msp" 25 "github.com/hyperledger/fabric/bccsp" 26 "github.com/hyperledger/fabric/bccsp/factory" 27 "github.com/hyperledger/fabric/bccsp/sw" 28 "github.com/hyperledger/fabric/bccsp/utils" 29 "github.com/hyperledger/fabric/core/config/configtest" 30 "github.com/stretchr/testify/assert" 31 ) 32 33 var notACert = `-----BEGIN X509 CRL----- 34 MIIBYzCCAQgCAQEwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgT 35 CkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFklu 36 dGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhh 37 bXBsZS5jb20XDTE3MDEyMzIwNTYyMFoXDTE3MDEyNjIwNTYyMFowJzAlAhQERXCx 38 LHROap1vM3CV40EHOghPTBcNMTcwMTIzMjA0NzMxWqAvMC0wHwYDVR0jBBgwFoAU 39 F2dCPaqegj/ExR2fW8OZ0bWcSBAwCgYDVR0UBAMCAQgwCgYIKoZIzj0EAwIDSQAw 40 RgIhAOTTpQYkGO+gwVe1LQOcNMD5fzFViOwBUraMrk6dRMlmAiEA8z2dpXKGwHrj 41 FRBbKkDnSpaVcZgjns+mLdHV2JkF0gk= 42 -----END X509 CRL-----` 43 44 func TestMSPParsers(t *testing.T) { 45 _, _, err := localMsp.(*bccspmsp).getIdentityFromConf(nil) 46 assert.Error(t, err) 47 _, _, err = localMsp.(*bccspmsp).getIdentityFromConf([]byte("barf")) 48 assert.Error(t, err) 49 _, _, err = localMsp.(*bccspmsp).getIdentityFromConf([]byte(notACert)) 50 assert.Error(t, err) 51 52 _, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(nil) 53 assert.Error(t, err) 54 55 sigid := &msp.SigningIdentityInfo{PublicSigner: []byte("barf"), PrivateSigner: nil} 56 _, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid) 57 assert.Error(t, err) 58 59 keyinfo := &msp.KeyInfo{KeyIdentifier: "PEER", KeyMaterial: nil} 60 sigid = &msp.SigningIdentityInfo{PublicSigner: []byte("barf"), PrivateSigner: keyinfo} 61 _, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid) 62 assert.Error(t, err) 63 } 64 65 func TestGetSigningIdentityFromConfWithWrongPrivateCert(t *testing.T) { 66 // Temporary Replace root certs 67 oldRoots := localMsp.(*bccspmsp).opts.Roots 68 defer func() { 69 // Restore original root certs 70 localMsp.(*bccspmsp).opts.Roots = oldRoots 71 }() 72 _, cert := generateSelfSignedCert(t, time.Now()) 73 localMsp.(*bccspmsp).opts.Roots = x509.NewCertPool() 74 localMsp.(*bccspmsp).opts.Roots.AddCert(cert) 75 76 // Use self signed cert as public key. Convert DER to PEM format 77 pem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) 78 79 // Use wrong formatted private cert 80 keyinfo := &msp.KeyInfo{ 81 KeyMaterial: []byte("wrong encoding"), 82 KeyIdentifier: "MyPrivateKey", 83 } 84 sigid := &msp.SigningIdentityInfo{PublicSigner: pem, PrivateSigner: keyinfo} 85 _, err := localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid) 86 assert.EqualError(t, err, "MyPrivateKey: wrong PEM encoding") 87 } 88 89 func TestMSPSetupNoCryptoConf(t *testing.T) { 90 mspDir := configtest.GetDevMspDir() 91 conf, err := GetLocalMspConfig(mspDir, nil, "SampleOrg") 92 if err != nil { 93 fmt.Printf("Setup should have succeeded, got err %s instead", err) 94 os.Exit(-1) 95 } 96 97 mspconf := &msp.FabricMSPConfig{} 98 err = proto.Unmarshal(conf.Config, mspconf) 99 assert.NoError(t, err) 100 101 // here we test the case of an MSP configuration 102 // where the hash function to be used to obtain 103 // the identity identifier is unspecified - a 104 // sane default should be picked 105 mspconf.CryptoConfig.IdentityIdentifierHashFunction = "" 106 b, err := proto.Marshal(mspconf) 107 assert.NoError(t, err) 108 conf.Config = b 109 newmsp, err := newBccspMsp(MSPv1_0, factory.GetDefault()) 110 assert.NoError(t, err) 111 err = newmsp.Setup(conf) 112 assert.NoError(t, err) 113 114 // here we test the case of an MSP configuration 115 // where the hash function to be used to compute 116 // signatures is unspecified - a sane default 117 // should be picked 118 mspconf.CryptoConfig.SignatureHashFamily = "" 119 b, err = proto.Marshal(mspconf) 120 assert.NoError(t, err) 121 conf.Config = b 122 newmsp, err = newBccspMsp(MSPv1_0, factory.GetDefault()) 123 assert.NoError(t, err) 124 err = newmsp.Setup(conf) 125 assert.NoError(t, err) 126 127 // here we test the case of an MSP configuration 128 // that has NO crypto configuration specified; 129 // the code will use appropriate defaults 130 mspconf.CryptoConfig = nil 131 b, err = proto.Marshal(mspconf) 132 assert.NoError(t, err) 133 conf.Config = b 134 newmsp, err = newBccspMsp(MSPv1_0, factory.GetDefault()) 135 assert.NoError(t, err) 136 err = newmsp.Setup(conf) 137 assert.NoError(t, err) 138 } 139 140 func TestGetters(t *testing.T) { 141 typ := localMsp.GetType() 142 assert.Equal(t, typ, FABRIC) 143 assert.NotNil(t, localMsp.GetTLSRootCerts()) 144 assert.NotNil(t, localMsp.GetTLSIntermediateCerts()) 145 } 146 147 func TestMSPSetupBad(t *testing.T) { 148 _, err := GetLocalMspConfig("barf", nil, "SampleOrg") 149 if err == nil { 150 t.Fatalf("Setup should have failed on an invalid config file") 151 return 152 } 153 154 mgr := NewMSPManager() 155 err = mgr.Setup(nil) 156 assert.NoError(t, err) 157 err = mgr.Setup([]MSP{}) 158 assert.NoError(t, err) 159 } 160 161 func TestDoubleSetup(t *testing.T) { 162 // note that we've already called setup once on this 163 err := mspMgr.Setup(nil) 164 assert.NoError(t, err) 165 } 166 167 type bccspNoKeyLookupKS struct { 168 bccsp.BCCSP 169 } 170 171 func (*bccspNoKeyLookupKS) GetKey(ski []byte) (k bccsp.Key, err error) { 172 return nil, errors.New("not found") 173 } 174 175 func TestNotFoundInBCCSP(t *testing.T) { 176 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 177 assert.NoError(t, err) 178 179 dir := configtest.GetDevMspDir() 180 conf, err := GetLocalMspConfig(dir, nil, "SampleOrg") 181 182 assert.NoError(t, err) 183 184 thisMSP, err := newBccspMsp(MSPv1_0, cryptoProvider) 185 assert.NoError(t, err) 186 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 187 assert.NoError(t, err) 188 csp, err := sw.NewWithParams(256, "SHA2", ks) 189 assert.NoError(t, err) 190 thisMSP.(*bccspmsp).bccsp = &bccspNoKeyLookupKS{csp} 191 192 err = thisMSP.Setup(conf) 193 assert.Error(t, err) 194 assert.Contains(t, "KeyMaterial not found in SigningIdentityInfo", err.Error()) 195 } 196 197 func TestGetIdentities(t *testing.T) { 198 _, err := localMsp.GetDefaultSigningIdentity() 199 if err != nil { 200 t.Fatalf("GetDefaultSigningIdentity failed with err %s", err) 201 return 202 } 203 } 204 205 func TestDeserializeIdentityFails(t *testing.T) { 206 _, err := localMsp.DeserializeIdentity([]byte("barf")) 207 assert.Error(t, err) 208 209 id := &msp.SerializedIdentity{Mspid: "SampleOrg", IdBytes: []byte("barfr")} 210 b, err := proto.Marshal(id) 211 assert.NoError(t, err) 212 _, err = localMsp.DeserializeIdentity(b) 213 assert.Error(t, err) 214 215 id = &msp.SerializedIdentity{Mspid: "SampleOrg", IdBytes: []byte(notACert)} 216 b, err = proto.Marshal(id) 217 assert.NoError(t, err) 218 _, err = localMsp.DeserializeIdentity(b) 219 assert.Error(t, err) 220 } 221 222 func TestGetSigningIdentityFromVerifyingMSP(t *testing.T) { 223 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 224 assert.NoError(t, err) 225 226 mspDir := configtest.GetDevMspDir() 227 conf, err = GetVerifyingMspConfig(mspDir, "SampleOrg", ProviderTypeToString(FABRIC)) 228 if err != nil { 229 fmt.Printf("Setup should have succeeded, got err %s instead", err) 230 os.Exit(-1) 231 } 232 233 newmsp, err := newBccspMsp(MSPv1_0, cryptoProvider) 234 assert.NoError(t, err) 235 err = newmsp.Setup(conf) 236 assert.NoError(t, err) 237 238 _, err = newmsp.GetDefaultSigningIdentity() 239 assert.Error(t, err) 240 _, err = newmsp.GetSigningIdentity(nil) 241 assert.Error(t, err) 242 } 243 244 func TestValidateDefaultSigningIdentity(t *testing.T) { 245 id, err := localMsp.GetDefaultSigningIdentity() 246 assert.NoError(t, err) 247 248 err = localMsp.Validate(id.GetPublicVersion()) 249 assert.NoError(t, err) 250 } 251 252 func TestSerializeIdentities(t *testing.T) { 253 id, err := localMsp.GetDefaultSigningIdentity() 254 if err != nil { 255 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 256 return 257 } 258 259 serializedID, err := id.Serialize() 260 if err != nil { 261 t.Fatalf("Serialize should have succeeded, got err %s", err) 262 return 263 } 264 265 idBack, err := localMsp.DeserializeIdentity(serializedID) 266 if err != nil { 267 t.Fatalf("DeserializeIdentity should have succeeded, got err %s", err) 268 return 269 } 270 271 err = localMsp.Validate(idBack) 272 if err != nil { 273 t.Fatalf("The identity should be valid, got err %s", err) 274 return 275 } 276 277 if !reflect.DeepEqual(id.GetPublicVersion(), idBack) { 278 t.Fatalf("Identities should be equal (%s) (%s)", id, idBack) 279 return 280 } 281 } 282 283 func TestIsWellFormed(t *testing.T) { 284 mspMgr := NewMSPManager() 285 286 id, err := localMsp.GetDefaultSigningIdentity() 287 if err != nil { 288 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 289 return 290 } 291 292 serializedID, err := id.Serialize() 293 if err != nil { 294 t.Fatalf("Serialize should have succeeded, got err %s", err) 295 return 296 } 297 298 sId := &msp.SerializedIdentity{} 299 err = proto.Unmarshal(serializedID, sId) 300 assert.NoError(t, err) 301 302 // An MSP Manager without any MSPs should not recognize the identity since 303 // not providers are registered 304 err = mspMgr.IsWellFormed(sId) 305 assert.Error(t, err) 306 assert.Equal(t, "no MSP provider recognizes the identity", err.Error()) 307 308 // Add the MSP to the MSP Manager 309 mspMgr.Setup([]MSP{localMsp}) 310 311 err = localMsp.IsWellFormed(sId) 312 assert.NoError(t, err) 313 err = mspMgr.IsWellFormed(sId) 314 assert.NoError(t, err) 315 316 bl, _ := pem.Decode(sId.IdBytes) 317 assert.Equal(t, "CERTIFICATE", bl.Type) 318 319 // Now, strip off the type from the PEM block. It should still be valid 320 bl.Type = "" 321 sId.IdBytes = pem.EncodeToMemory(bl) 322 323 err = localMsp.IsWellFormed(sId) 324 assert.NoError(t, err) 325 326 // Now, corrupt the type of the PEM block. 327 // make sure it isn't considered well formed by both an MSP and an MSP Manager 328 bl.Type = "foo" 329 sId.IdBytes = pem.EncodeToMemory(bl) 330 err = localMsp.IsWellFormed(sId) 331 332 assert.Error(t, err) 333 assert.Contains(t, err.Error(), "pem type is") 334 assert.Contains(t, err.Error(), "should be 'CERTIFICATE' or missing") 335 336 err = mspMgr.IsWellFormed(sId) 337 assert.Error(t, err) 338 assert.Equal(t, "no MSP provider recognizes the identity", err.Error()) 339 } 340 341 func TestValidateCAIdentity(t *testing.T) { 342 caID := getIdentity(t, cacerts) 343 344 err := localMsp.Validate(caID) 345 assert.Error(t, err) 346 } 347 348 func TestBadAdminIdentity(t *testing.T) { 349 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 350 assert.NoError(t, err) 351 352 conf, err := GetLocalMspConfig("testdata/badadmin", nil, "SampleOrg") 353 assert.NoError(t, err) 354 355 thisMSP, err := newBccspMsp(MSPv1_0, cryptoProvider) 356 assert.NoError(t, err) 357 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join("testdata/badadmin", "keystore"), true) 358 assert.NoError(t, err) 359 csp, err := sw.NewWithParams(256, "SHA2", ks) 360 assert.NoError(t, err) 361 thisMSP.(*bccspmsp).bccsp = csp 362 363 err = thisMSP.Setup(conf) 364 assert.Error(t, err) 365 } 366 367 func TestValidateAdminIdentity(t *testing.T) { 368 caID := getIdentity(t, admincerts) 369 370 err := localMsp.Validate(caID) 371 assert.NoError(t, err) 372 } 373 374 func TestSerializeIdentitiesWithWrongMSP(t *testing.T) { 375 id, err := localMsp.GetDefaultSigningIdentity() 376 if err != nil { 377 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 378 return 379 } 380 381 serializedID, err := id.Serialize() 382 if err != nil { 383 t.Fatalf("Serialize should have succeeded, got err %s", err) 384 return 385 } 386 387 sid := &msp.SerializedIdentity{} 388 err = proto.Unmarshal(serializedID, sid) 389 assert.NoError(t, err) 390 391 sid.Mspid += "BARF" 392 393 serializedID, err = proto.Marshal(sid) 394 assert.NoError(t, err) 395 396 _, err = localMsp.DeserializeIdentity(serializedID) 397 assert.Error(t, err) 398 } 399 400 func TestSerializeIdentitiesWithMSPManager(t *testing.T) { 401 id, err := localMsp.GetDefaultSigningIdentity() 402 if err != nil { 403 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 404 return 405 } 406 407 serializedID, err := id.Serialize() 408 if err != nil { 409 t.Fatalf("Serialize should have succeeded, got err %s", err) 410 return 411 } 412 413 _, err = mspMgr.DeserializeIdentity(serializedID) 414 assert.NoError(t, err) 415 416 sid := &msp.SerializedIdentity{} 417 err = proto.Unmarshal(serializedID, sid) 418 assert.NoError(t, err) 419 420 sid.Mspid += "BARF" 421 422 serializedID, err = proto.Marshal(sid) 423 assert.NoError(t, err) 424 425 _, err = mspMgr.DeserializeIdentity(serializedID) 426 assert.Error(t, err) 427 assert.Contains(t, err.Error(), fmt.Sprintf("MSP %s is unknown", sid.Mspid)) 428 429 _, err = mspMgr.DeserializeIdentity([]byte("barf")) 430 assert.Error(t, err) 431 assert.Contains(t, err.Error(), "could not deserialize") 432 } 433 434 func TestIdentitiesGetters(t *testing.T) { 435 id, err := localMsp.GetDefaultSigningIdentity() 436 if err != nil { 437 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 438 return 439 } 440 441 idid := id.GetIdentifier() 442 assert.NotNil(t, idid) 443 mspid := id.GetMSPIdentifier() 444 assert.NotNil(t, mspid) 445 assert.False(t, id.Anonymous()) 446 } 447 448 func TestSignAndVerify(t *testing.T) { 449 id, err := localMsp.GetDefaultSigningIdentity() 450 if err != nil { 451 t.Fatalf("GetSigningIdentity should have succeeded") 452 return 453 } 454 455 serializedID, err := id.Serialize() 456 if err != nil { 457 t.Fatalf("Serialize should have succeeded") 458 return 459 } 460 461 idBack, err := localMsp.DeserializeIdentity(serializedID) 462 if err != nil { 463 t.Fatalf("DeserializeIdentity should have succeeded") 464 return 465 } 466 467 msg := []byte("foo") 468 sig, err := id.Sign(msg) 469 if err != nil { 470 t.Fatalf("Sign should have succeeded") 471 return 472 } 473 474 err = id.Verify(msg, sig) 475 if err != nil { 476 t.Fatalf("The signature should be valid") 477 return 478 } 479 480 err = idBack.Verify(msg, sig) 481 if err != nil { 482 t.Fatalf("The signature should be valid") 483 return 484 } 485 486 err = id.Verify(msg[1:], sig) 487 assert.Error(t, err) 488 err = id.Verify(msg, sig[1:]) 489 assert.Error(t, err) 490 } 491 492 func TestSignAndVerifyFailures(t *testing.T) { 493 msg := []byte("foo") 494 495 id, err := localMspBad.GetDefaultSigningIdentity() 496 if err != nil { 497 t.Fatalf("GetSigningIdentity should have succeeded") 498 return 499 } 500 501 hash := id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily 502 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = "barf" 503 504 sig, err := id.Sign(msg) 505 assert.Error(t, err) 506 507 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash 508 509 sig, err = id.Sign(msg) 510 if err != nil { 511 t.Fatalf("Sign should have succeeded") 512 return 513 } 514 515 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = "barf" 516 517 err = id.Verify(msg, sig) 518 assert.Error(t, err) 519 520 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash 521 } 522 523 func TestSignAndVerifyOtherHash(t *testing.T) { 524 id, err := localMsp.GetDefaultSigningIdentity() 525 if err != nil { 526 t.Fatalf("GetSigningIdentity should have succeeded") 527 return 528 } 529 530 hash := id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily 531 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = bccsp.SHA3 532 533 msg := []byte("foo") 534 sig, err := id.Sign(msg) 535 if err != nil { 536 t.Fatalf("Sign should have succeeded") 537 return 538 } 539 540 err = id.Verify(msg, sig) 541 assert.NoError(t, err) 542 543 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash 544 } 545 546 func TestSignAndVerify_longMessage(t *testing.T) { 547 id, err := localMsp.GetDefaultSigningIdentity() 548 if err != nil { 549 t.Fatalf("GetSigningIdentity should have succeeded") 550 return 551 } 552 553 serializedID, err := id.Serialize() 554 if err != nil { 555 t.Fatalf("Serialize should have succeeded") 556 return 557 } 558 559 idBack, err := localMsp.DeserializeIdentity(serializedID) 560 if err != nil { 561 t.Fatalf("DeserializeIdentity should have succeeded") 562 return 563 } 564 565 msg := []byte("ABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFG") 566 sig, err := id.Sign(msg) 567 if err != nil { 568 t.Fatalf("Sign should have succeeded") 569 return 570 } 571 572 err = id.Verify(msg, sig) 573 if err != nil { 574 t.Fatalf("The signature should be valid") 575 return 576 } 577 578 err = idBack.Verify(msg, sig) 579 if err != nil { 580 t.Fatalf("The signature should be valid") 581 return 582 } 583 } 584 585 func TestGetOU(t *testing.T) { 586 id, err := localMsp.GetDefaultSigningIdentity() 587 if err != nil { 588 t.Fatalf("GetSigningIdentity should have succeeded") 589 return 590 } 591 592 assert.Equal(t, "COP", id.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier) 593 } 594 595 func TestGetOUFail(t *testing.T) { 596 id, err := localMspBad.GetDefaultSigningIdentity() 597 if err != nil { 598 t.Fatalf("GetSigningIdentity should have succeeded") 599 return 600 } 601 602 certTmp := id.(*signingidentity).cert 603 id.(*signingidentity).cert = nil 604 ou := id.GetOrganizationalUnits() 605 assert.Nil(t, ou) 606 607 id.(*signingidentity).cert = certTmp 608 609 opts := id.(*signingidentity).msp.opts 610 id.(*signingidentity).msp.opts = nil 611 ou = id.GetOrganizationalUnits() 612 assert.Nil(t, ou) 613 614 id.(*signingidentity).msp.opts = opts 615 } 616 617 func TestCertificationIdentifierComputation(t *testing.T) { 618 id, err := localMsp.GetDefaultSigningIdentity() 619 assert.NoError(t, err) 620 621 chain, err := localMsp.(*bccspmsp).getCertificationChain(id.GetPublicVersion()) 622 assert.NoError(t, err) 623 624 // Hash the chain 625 // Use the hash of the identity's certificate as id in the IdentityIdentifier 626 hashOpt, err := bccsp.GetHashOpt(localMsp.(*bccspmsp).cryptoConfig.IdentityIdentifierHashFunction) 627 assert.NoError(t, err) 628 629 hf, err := localMsp.(*bccspmsp).bccsp.GetHash(hashOpt) 630 assert.NoError(t, err) 631 // Skipping first cert because it belongs to the identity 632 for i := 1; i < len(chain); i++ { 633 hf.Write(chain[i].Raw) 634 } 635 sum := hf.Sum(nil) 636 637 assert.Equal(t, sum, id.GetOrganizationalUnits()[0].CertifiersIdentifier) 638 } 639 640 func TestOUPolicyPrincipal(t *testing.T) { 641 id, err := localMsp.GetDefaultSigningIdentity() 642 assert.NoError(t, err) 643 644 cid, err := localMsp.(*bccspmsp).getCertificationChainIdentifier(id.GetPublicVersion()) 645 assert.NoError(t, err) 646 647 ou := &msp.OrganizationUnit{ 648 OrganizationalUnitIdentifier: "COP", 649 MspIdentifier: "SampleOrg", 650 CertifiersIdentifier: cid, 651 } 652 bytes, err := proto.Marshal(ou) 653 assert.NoError(t, err) 654 655 principal := &msp.MSPPrincipal{ 656 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 657 Principal: bytes, 658 } 659 660 err = id.SatisfiesPrincipal(principal) 661 assert.NoError(t, err) 662 } 663 664 func TestOUPolicyPrincipalBadPrincipal(t *testing.T) { 665 id, err := localMsp.GetDefaultSigningIdentity() 666 assert.NoError(t, err) 667 668 principal := &msp.MSPPrincipal{ 669 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 670 Principal: []byte("barf"), 671 } 672 673 err = id.SatisfiesPrincipal(principal) 674 assert.Error(t, err) 675 } 676 677 func TestOUPolicyPrincipalBadMSPID(t *testing.T) { 678 id, err := localMsp.GetDefaultSigningIdentity() 679 assert.NoError(t, err) 680 681 cid, err := localMsp.(*bccspmsp).getCertificationChainIdentifier(id.GetPublicVersion()) 682 assert.NoError(t, err) 683 684 ou := &msp.OrganizationUnit{ 685 OrganizationalUnitIdentifier: "COP", 686 MspIdentifier: "SampleOrgbarfbarf", 687 CertifiersIdentifier: cid, 688 } 689 bytes, err := proto.Marshal(ou) 690 assert.NoError(t, err) 691 692 principal := &msp.MSPPrincipal{ 693 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 694 Principal: bytes, 695 } 696 697 err = id.SatisfiesPrincipal(principal) 698 assert.Error(t, err) 699 } 700 701 func TestOUPolicyPrincipalBadPath(t *testing.T) { 702 id, err := localMsp.GetDefaultSigningIdentity() 703 assert.NoError(t, err) 704 705 ou := &msp.OrganizationUnit{ 706 OrganizationalUnitIdentifier: "COP", 707 MspIdentifier: "SampleOrg", 708 CertifiersIdentifier: nil, 709 } 710 bytes, err := proto.Marshal(ou) 711 assert.NoError(t, err) 712 713 principal := &msp.MSPPrincipal{ 714 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 715 Principal: bytes, 716 } 717 718 err = id.SatisfiesPrincipal(principal) 719 assert.Error(t, err) 720 721 ou = &msp.OrganizationUnit{ 722 OrganizationalUnitIdentifier: "COP", 723 MspIdentifier: "SampleOrg", 724 CertifiersIdentifier: []byte{0, 1, 2, 3, 4}, 725 } 726 bytes, err = proto.Marshal(ou) 727 assert.NoError(t, err) 728 729 principal = &msp.MSPPrincipal{ 730 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 731 Principal: bytes, 732 } 733 734 err = id.SatisfiesPrincipal(principal) 735 assert.Error(t, err) 736 } 737 738 func TestPolicyPrincipalBogusType(t *testing.T) { 739 id, err := localMsp.GetDefaultSigningIdentity() 740 assert.NoError(t, err) 741 742 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 35, MspIdentifier: "SampleOrg"}) 743 assert.NoError(t, err) 744 745 principal := &msp.MSPPrincipal{ 746 PrincipalClassification: 35, 747 Principal: principalBytes} 748 749 err = id.SatisfiesPrincipal(principal) 750 assert.Error(t, err) 751 } 752 753 func TestPolicyPrincipalBogusRole(t *testing.T) { 754 id, err := localMsp.GetDefaultSigningIdentity() 755 assert.NoError(t, err) 756 757 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 35, MspIdentifier: "SampleOrg"}) 758 assert.NoError(t, err) 759 760 principal := &msp.MSPPrincipal{ 761 PrincipalClassification: msp.MSPPrincipal_ROLE, 762 Principal: principalBytes} 763 764 err = id.SatisfiesPrincipal(principal) 765 assert.Error(t, err) 766 } 767 768 func TestPolicyPrincipalWrongMSPID(t *testing.T) { 769 id, err := localMsp.GetDefaultSigningIdentity() 770 assert.NoError(t, err) 771 772 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "SampleOrgBARFBARF"}) 773 assert.NoError(t, err) 774 775 principal := &msp.MSPPrincipal{ 776 PrincipalClassification: msp.MSPPrincipal_ROLE, 777 Principal: principalBytes} 778 779 err = id.SatisfiesPrincipal(principal) 780 assert.Error(t, err) 781 } 782 783 func TestMemberPolicyPrincipal(t *testing.T) { 784 id, err := localMsp.GetDefaultSigningIdentity() 785 assert.NoError(t, err) 786 787 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "SampleOrg"}) 788 assert.NoError(t, err) 789 790 principal := &msp.MSPPrincipal{ 791 PrincipalClassification: msp.MSPPrincipal_ROLE, 792 Principal: principalBytes} 793 794 err = id.SatisfiesPrincipal(principal) 795 assert.NoError(t, err) 796 } 797 798 func TestAdminPolicyPrincipal(t *testing.T) { 799 id, err := localMsp.GetDefaultSigningIdentity() 800 assert.NoError(t, err) 801 802 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) 803 assert.NoError(t, err) 804 805 principal := &msp.MSPPrincipal{ 806 PrincipalClassification: msp.MSPPrincipal_ROLE, 807 Principal: principalBytes} 808 809 err = id.SatisfiesPrincipal(principal) 810 assert.NoError(t, err) 811 } 812 813 // Combine one or more MSPPrincipals into a MSPPrincipal of type 814 // MSPPrincipal_COMBINED. 815 func createCombinedPrincipal(principals ...*msp.MSPPrincipal) (*msp.MSPPrincipal, error) { 816 if len(principals) == 0 { 817 return nil, errors.New("no principals in CombinedPrincipal") 818 } 819 var principalsArray []*msp.MSPPrincipal 820 for _, principal := range principals { 821 principalsArray = append(principalsArray, principal) 822 } 823 combinedPrincipal := &msp.CombinedPrincipal{Principals: principalsArray} 824 combinedPrincipalBytes, err := proto.Marshal(combinedPrincipal) 825 if err != nil { 826 return nil, err 827 } 828 principalsCombined := &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_COMBINED, Principal: combinedPrincipalBytes} 829 return principalsCombined, nil 830 } 831 832 func TestMultilevelAdminAndMemberPolicyPrincipal(t *testing.T) { 833 id, err := localMspV13.GetDefaultSigningIdentity() 834 assert.NoError(t, err) 835 836 adminPrincipalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) 837 assert.NoError(t, err) 838 839 memberPrincipalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "SampleOrg"}) 840 assert.NoError(t, err) 841 842 adminPrincipal := &msp.MSPPrincipal{ 843 PrincipalClassification: msp.MSPPrincipal_ROLE, 844 Principal: adminPrincipalBytes} 845 846 memberPrincipal := &msp.MSPPrincipal{ 847 PrincipalClassification: msp.MSPPrincipal_ROLE, 848 Principal: memberPrincipalBytes} 849 850 // CombinedPrincipal with Admin and Member principals 851 levelOneCombinedPrincipal, err := createCombinedPrincipal(adminPrincipal, memberPrincipal) 852 assert.NoError(t, err) 853 err = id.SatisfiesPrincipal(levelOneCombinedPrincipal) 854 assert.NoError(t, err) 855 856 // Nested CombinedPrincipal 857 levelTwoCombinedPrincipal, err := createCombinedPrincipal(levelOneCombinedPrincipal) 858 assert.NoError(t, err) 859 err = id.SatisfiesPrincipal(levelTwoCombinedPrincipal) 860 assert.NoError(t, err) 861 862 // Double nested CombinedPrincipal 863 levelThreeCombinedPrincipal, err := createCombinedPrincipal(levelTwoCombinedPrincipal) 864 assert.NoError(t, err) 865 err = id.SatisfiesPrincipal(levelThreeCombinedPrincipal) 866 assert.NoError(t, err) 867 } 868 869 func TestMultilevelAdminAndMemberPolicyPrincipalPreV12(t *testing.T) { 870 id, err := localMspV11.GetDefaultSigningIdentity() 871 assert.NoError(t, err) 872 873 adminPrincipalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) 874 assert.NoError(t, err) 875 876 memberPrincipalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "SampleOrg"}) 877 assert.NoError(t, err) 878 879 adminPrincipal := &msp.MSPPrincipal{ 880 PrincipalClassification: msp.MSPPrincipal_ROLE, 881 Principal: adminPrincipalBytes} 882 883 memberPrincipal := &msp.MSPPrincipal{ 884 PrincipalClassification: msp.MSPPrincipal_ROLE, 885 Principal: memberPrincipalBytes} 886 887 // CombinedPrincipal with Admin and Member principals 888 levelOneCombinedPrincipal, err := createCombinedPrincipal(adminPrincipal, memberPrincipal) 889 assert.NoError(t, err) 890 err = id.SatisfiesPrincipal(levelOneCombinedPrincipal) 891 assert.Error(t, err) 892 893 // Nested CombinedPrincipal 894 levelTwoCombinedPrincipal, err := createCombinedPrincipal(levelOneCombinedPrincipal) 895 assert.NoError(t, err) 896 err = id.SatisfiesPrincipal(levelTwoCombinedPrincipal) 897 assert.Error(t, err) 898 899 // Double nested CombinedPrincipal 900 levelThreeCombinedPrincipal, err := createCombinedPrincipal(levelTwoCombinedPrincipal) 901 assert.NoError(t, err) 902 err = id.SatisfiesPrincipal(levelThreeCombinedPrincipal) 903 assert.Error(t, err) 904 } 905 906 func TestAdminPolicyPrincipalFails(t *testing.T) { 907 id, err := localMspV13.GetDefaultSigningIdentity() 908 assert.NoError(t, err) 909 910 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) 911 assert.NoError(t, err) 912 913 principal := &msp.MSPPrincipal{ 914 PrincipalClassification: msp.MSPPrincipal_ROLE, 915 Principal: principalBytes} 916 917 // remove the admin so validation will fail 918 localMspV13.(*bccspmsp).admins = make([]Identity, 0) 919 920 err = id.SatisfiesPrincipal(principal) 921 assert.Error(t, err) 922 } 923 924 func TestMultilevelAdminAndMemberPolicyPrincipalFails(t *testing.T) { 925 id, err := localMspV13.GetDefaultSigningIdentity() 926 assert.NoError(t, err) 927 928 adminPrincipalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) 929 assert.NoError(t, err) 930 931 memberPrincipalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "SampleOrg"}) 932 assert.NoError(t, err) 933 934 adminPrincipal := &msp.MSPPrincipal{ 935 PrincipalClassification: msp.MSPPrincipal_ROLE, 936 Principal: adminPrincipalBytes} 937 938 memberPrincipal := &msp.MSPPrincipal{ 939 PrincipalClassification: msp.MSPPrincipal_ROLE, 940 Principal: memberPrincipalBytes} 941 942 // remove the admin so validation will fail 943 localMspV13.(*bccspmsp).admins = make([]Identity, 0) 944 945 // CombinedPrincipal with Admin and Member principals 946 levelOneCombinedPrincipal, err := createCombinedPrincipal(adminPrincipal, memberPrincipal) 947 assert.NoError(t, err) 948 err = id.SatisfiesPrincipal(levelOneCombinedPrincipal) 949 assert.Error(t, err) 950 951 // Nested CombinedPrincipal 952 levelTwoCombinedPrincipal, err := createCombinedPrincipal(levelOneCombinedPrincipal) 953 assert.NoError(t, err) 954 err = id.SatisfiesPrincipal(levelTwoCombinedPrincipal) 955 assert.Error(t, err) 956 957 // Double nested CombinedPrincipal 958 levelThreeCombinedPrincipal, err := createCombinedPrincipal(levelTwoCombinedPrincipal) 959 assert.NoError(t, err) 960 err = id.SatisfiesPrincipal(levelThreeCombinedPrincipal) 961 assert.Error(t, err) 962 } 963 964 func TestIdentityExpiresAt(t *testing.T) { 965 thisMSP := getLocalMSP(t, "testdata/expiration") 966 assert.NotNil(t, thisMSP) 967 si, err := thisMSP.GetDefaultSigningIdentity() 968 assert.NoError(t, err) 969 expirationDate := si.GetPublicVersion().ExpiresAt() 970 assert.Equal(t, time.Date(2027, 8, 17, 12, 19, 48, 0, time.UTC), expirationDate) 971 } 972 973 func TestIdentityExpired(t *testing.T) { 974 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 975 assert.NoError(t, err) 976 977 expiredCertsDir := "testdata/expired" 978 conf, err := GetLocalMspConfig(expiredCertsDir, nil, "SampleOrg") 979 assert.NoError(t, err) 980 981 thisMSP, err := newBccspMsp(MSPv1_0, cryptoProvider) 982 assert.NoError(t, err) 983 984 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(expiredCertsDir, "keystore"), true) 985 assert.NoError(t, err) 986 987 csp, err := sw.NewWithParams(256, "SHA2", ks) 988 assert.NoError(t, err) 989 thisMSP.(*bccspmsp).bccsp = csp 990 991 err = thisMSP.Setup(conf) 992 if err != nil { 993 assert.Contains(t, err.Error(), "signing identity expired") 994 } else { 995 t.Fatal("Should have failed when loading expired certs") 996 } 997 } 998 999 func TestIdentityPolicyPrincipal(t *testing.T) { 1000 id, err := localMsp.GetDefaultSigningIdentity() 1001 assert.NoError(t, err) 1002 1003 idSerialized, err := id.Serialize() 1004 assert.NoError(t, err) 1005 1006 principal := &msp.MSPPrincipal{ 1007 PrincipalClassification: msp.MSPPrincipal_IDENTITY, 1008 Principal: idSerialized} 1009 1010 err = id.SatisfiesPrincipal(principal) 1011 assert.NoError(t, err) 1012 } 1013 1014 func TestIdentityPolicyPrincipalBadBytes(t *testing.T) { 1015 id, err := localMsp.GetDefaultSigningIdentity() 1016 assert.NoError(t, err) 1017 1018 principal := &msp.MSPPrincipal{ 1019 PrincipalClassification: msp.MSPPrincipal_IDENTITY, 1020 Principal: []byte("barf")} 1021 1022 err = id.SatisfiesPrincipal(principal) 1023 assert.Error(t, err) 1024 } 1025 1026 func TestMSPOus(t *testing.T) { 1027 // Set the OUIdentifiers 1028 backup := localMsp.(*bccspmsp).ouIdentifiers 1029 defer func() { localMsp.(*bccspmsp).ouIdentifiers = backup }() 1030 sid, err := localMsp.GetDefaultSigningIdentity() 1031 assert.NoError(t, err) 1032 sidBytes, err := sid.Serialize() 1033 assert.NoError(t, err) 1034 id, err := localMsp.DeserializeIdentity(sidBytes) 1035 assert.NoError(t, err) 1036 1037 localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{ 1038 "COP": {id.GetOrganizationalUnits()[0].CertifiersIdentifier}, 1039 } 1040 assert.NoError(t, localMsp.Validate(id)) 1041 1042 id, err = localMsp.DeserializeIdentity(sidBytes) 1043 assert.NoError(t, err) 1044 1045 localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{ 1046 "COP2": {id.GetOrganizationalUnits()[0].CertifiersIdentifier}, 1047 } 1048 assert.Error(t, localMsp.Validate(id)) 1049 1050 id, err = localMsp.DeserializeIdentity(sidBytes) 1051 assert.NoError(t, err) 1052 1053 localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{ 1054 "COP": {{0, 1, 2, 3, 4}}, 1055 } 1056 assert.Error(t, localMsp.Validate(id)) 1057 } 1058 1059 const othercert = `-----BEGIN CERTIFICATE----- 1060 MIIDAzCCAqigAwIBAgIBAjAKBggqhkjOPQQDAjBsMQswCQYDVQQGEwJHQjEQMA4G 1061 A1UECAwHRW5nbGFuZDEOMAwGA1UECgwFQmFyMTkxDjAMBgNVBAsMBUJhcjE5MQ4w 1062 DAYDVQQDDAVCYXIxOTEbMBkGCSqGSIb3DQEJARYMQmFyMTktY2xpZW50MB4XDTE3 1063 MDIwOTE2MDcxMFoXDTE4MDIxOTE2MDcxMFowfDELMAkGA1UEBhMCR0IxEDAOBgNV 1064 BAgMB0VuZ2xhbmQxEDAOBgNVBAcMB0lwc3dpY2gxDjAMBgNVBAoMBUJhcjE5MQ4w 1065 DAYDVQQLDAVCYXIxOTEOMAwGA1UEAwwFQmFyMTkxGTAXBgkqhkiG9w0BCQEWCkJh 1066 cjE5LXBlZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlRSnAyD+ND6qmaRV7 1067 AS/BPJKX5dZt3gBe1v/RewOpc1zJeXQNWACAk0ae3mv5u9l0HxI6TXJIAQSwJACu 1068 Rqsyo4IBKTCCASUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZI 1069 AYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAd 1070 BgNVHQ4EFgQUwHzbLJQMaWd1cpHdkSaEFxdKB1owgYsGA1UdIwSBgzCBgIAUYxFe 1071 +cXOD5iQ223bZNdOuKCRiTKhZaRjMGExCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdF 1072 bmdsYW5kMRAwDgYDVQQHDAdJcHN3aWNoMQ4wDAYDVQQKDAVCYXIxOTEOMAwGA1UE 1073 CwwFQmFyMTkxDjAMBgNVBAMMBUJhcjE5ggEBMA4GA1UdDwEB/wQEAwIFoDATBgNV 1074 HSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJADBGAiEAuMq65lOaie4705Ol 1075 Ow52DjbaO2YuIxK2auBCqNIu0gECIQCDoKdUQ/sa+9Ah1mzneE6iz/f/YFVWo4EP 1076 HeamPGiDTQ== 1077 -----END CERTIFICATE----- 1078 ` 1079 1080 func TestIdentityPolicyPrincipalFails(t *testing.T) { 1081 id, err := localMsp.GetDefaultSigningIdentity() 1082 assert.NoError(t, err) 1083 1084 sid, err := NewSerializedIdentity("SampleOrg", []byte(othercert)) 1085 assert.NoError(t, err) 1086 1087 principal := &msp.MSPPrincipal{ 1088 PrincipalClassification: msp.MSPPrincipal_IDENTITY, 1089 Principal: sid} 1090 1091 err = id.SatisfiesPrincipal(principal) 1092 assert.Error(t, err) 1093 } 1094 1095 var conf *msp.MSPConfig 1096 var localMsp MSP 1097 var localMspV11 MSP 1098 var localMspV13 MSP 1099 1100 // Required because deleting the cert or msp options from localMsp causes parallel tests to fail 1101 var localMspBad MSP 1102 var mspMgr MSPManager 1103 1104 func TestMain(m *testing.M) { 1105 var err error 1106 1107 mspDir := configtest.GetDevMspDir() 1108 conf, err = GetLocalMspConfig(mspDir, nil, "SampleOrg") 1109 if err != nil { 1110 fmt.Printf("Setup should have succeeded, got err %s instead", err) 1111 os.Exit(-1) 1112 } 1113 1114 localMsp, err = newBccspMsp(MSPv1_0, factory.GetDefault()) 1115 if err != nil { 1116 fmt.Printf("Constructor for msp should have succeeded, got err %s instead", err) 1117 os.Exit(-1) 1118 } 1119 1120 localMspBad, err = newBccspMsp(MSPv1_0, factory.GetDefault()) 1121 if err != nil { 1122 fmt.Printf("Constructor for msp should have succeeded, got err %s instead", err) 1123 os.Exit(-1) 1124 } 1125 1126 localMspV13, err = newBccspMsp(MSPv1_3, factory.GetDefault()) 1127 if err != nil { 1128 fmt.Printf("Constructor for V1.3 msp should have succeeded, got err %s instead", err) 1129 os.Exit(-1) 1130 } 1131 1132 localMspV11, err = newBccspMsp(MSPv1_1, factory.GetDefault()) 1133 if err != nil { 1134 fmt.Printf("Constructor for V1.1 msp should have succeeded, got err %s instead", err) 1135 os.Exit(-1) 1136 } 1137 1138 err = localMspV11.Setup(conf) 1139 if err != nil { 1140 fmt.Printf("Setup for V1.1 msp should have succeeded, got err %s instead", err) 1141 os.Exit(-1) 1142 } 1143 1144 err = localMspV13.Setup(conf) 1145 if err != nil { 1146 fmt.Printf("Setup for V1.3 msp should have succeeded, got err %s instead", err) 1147 os.Exit(-1) 1148 } 1149 1150 err = localMsp.Setup(conf) 1151 if err != nil { 1152 fmt.Printf("Setup for msp should have succeeded, got err %s instead", err) 1153 os.Exit(-1) 1154 } 1155 1156 err = localMspBad.Setup(conf) 1157 if err != nil { 1158 fmt.Printf("Setup for msp should have succeeded, got err %s instead", err) 1159 os.Exit(-1) 1160 } 1161 1162 mspMgr = NewMSPManager() 1163 err = mspMgr.Setup([]MSP{localMsp}) 1164 if err != nil { 1165 fmt.Printf("Setup for msp manager should have succeeded, got err %s instead", err) 1166 os.Exit(-1) 1167 } 1168 1169 id, err := localMsp.GetIdentifier() 1170 if err != nil { 1171 fmt.Println("Failed obtaining identifier for localMSP") 1172 os.Exit(-1) 1173 } 1174 1175 msps, err := mspMgr.GetMSPs() 1176 if err != nil { 1177 fmt.Println("Failed obtaining MSPs from MSP manager") 1178 os.Exit(-1) 1179 } 1180 1181 if msps[id] == nil { 1182 fmt.Println("Couldn't find localMSP in MSP manager") 1183 os.Exit(-1) 1184 } 1185 1186 retVal := m.Run() 1187 os.Exit(retVal) 1188 } 1189 1190 func getIdentity(t *testing.T, path string) Identity { 1191 mspDir := configtest.GetDevMspDir() 1192 pems, err := getPemMaterialFromDir(filepath.Join(mspDir, path)) 1193 assert.NoError(t, err) 1194 1195 id, _, err := localMsp.(*bccspmsp).getIdentityFromConf(pems[0]) 1196 assert.NoError(t, err) 1197 1198 return id 1199 } 1200 1201 func getLocalMSPWithVersionAndError(t *testing.T, dir string, version MSPVersion) (MSP, error) { 1202 conf, err := GetLocalMspConfig(dir, nil, "SampleOrg") 1203 assert.NoError(t, err) 1204 1205 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 1206 assert.NoError(t, err) 1207 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 1208 assert.NoError(t, err) 1209 thisMSP, err := NewBccspMspWithKeyStore(version, ks, cryptoProvider) 1210 assert.NoError(t, err) 1211 1212 return thisMSP, thisMSP.Setup(conf) 1213 } 1214 1215 func getLocalMSP(t *testing.T, dir string) MSP { 1216 conf, err := GetLocalMspConfig(dir, nil, "SampleOrg") 1217 assert.NoError(t, err) 1218 1219 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 1220 assert.NoError(t, err) 1221 1222 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 1223 assert.NoError(t, err) 1224 thisMSP, err := NewBccspMspWithKeyStore(MSPv1_0, ks, cryptoProvider) 1225 err = thisMSP.Setup(conf) 1226 assert.NoError(t, err) 1227 1228 return thisMSP 1229 } 1230 1231 func getLocalMSPWithVersion(t *testing.T, dir string, version MSPVersion) MSP { 1232 conf, err := GetLocalMspConfig(dir, nil, "SampleOrg") 1233 assert.NoError(t, err) 1234 1235 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 1236 assert.NoError(t, err) 1237 cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore()) 1238 assert.NoError(t, err) 1239 thisMSP, err := NewBccspMspWithKeyStore(version, ks, cryptoProvider) 1240 assert.NoError(t, err) 1241 1242 err = thisMSP.Setup(conf) 1243 assert.NoError(t, err) 1244 1245 return thisMSP 1246 } 1247 1248 func TestCollectEmptyCombinedPrincipal(t *testing.T) { 1249 var principalsArray []*msp.MSPPrincipal 1250 combinedPrincipal := &msp.CombinedPrincipal{Principals: principalsArray} 1251 combinedPrincipalBytes, err := proto.Marshal(combinedPrincipal) 1252 assert.NoError(t, err, "Error marshalling empty combined principal") 1253 principalsCombined := &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_COMBINED, Principal: combinedPrincipalBytes} 1254 _, err = collectPrincipals(principalsCombined, MSPv1_3) 1255 assert.Error(t, err) 1256 } 1257 1258 func TestCollectPrincipalContainingEmptyCombinedPrincipal(t *testing.T) { 1259 var principalsArray []*msp.MSPPrincipal 1260 combinedPrincipal := &msp.CombinedPrincipal{Principals: principalsArray} 1261 combinedPrincipalBytes, err := proto.Marshal(combinedPrincipal) 1262 assert.NoError(t, err, "Error marshalling empty combined principal") 1263 emptyPrincipal := &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_COMBINED, Principal: combinedPrincipalBytes} 1264 levelOneCombinedPrincipal, err := createCombinedPrincipal(emptyPrincipal) 1265 assert.NoError(t, err) 1266 _, err = collectPrincipals(levelOneCombinedPrincipal, MSPv1_3) 1267 assert.Error(t, err) 1268 } 1269 1270 func TestMSPIdentityIdentifier(t *testing.T) { 1271 // testdata/mspid 1272 // 1) a key and a signcert (used to populate the default signing identity) with the cert having a HighS signature 1273 thisMSP := getLocalMSP(t, "testdata/mspid") 1274 1275 id, err := thisMSP.GetDefaultSigningIdentity() 1276 assert.NoError(t, err) 1277 err = id.Validate() 1278 assert.NoError(t, err) 1279 1280 // Check that the identity identifier is computed with the respect to the lowS signature 1281 1282 idid := id.GetIdentifier() 1283 assert.NotNil(t, idid) 1284 1285 // Load and parse cacaert and signcert from folder 1286 pems, err := getPemMaterialFromDir("testdata/mspid/cacerts") 1287 assert.NoError(t, err) 1288 bl, _ := pem.Decode(pems[0]) 1289 assert.NotNil(t, bl) 1290 caCertFromFile, err := x509.ParseCertificate(bl.Bytes) 1291 assert.NoError(t, err) 1292 1293 pems, err = getPemMaterialFromDir("testdata/mspid/signcerts") 1294 assert.NoError(t, err) 1295 bl, _ = pem.Decode(pems[0]) 1296 assert.NotNil(t, bl) 1297 certFromFile, err := x509.ParseCertificate(bl.Bytes) 1298 assert.NoError(t, err) 1299 // Check that the certificates' raws are different, meaning that the identity has been sanitised 1300 assert.NotEqual(t, certFromFile.Raw, id.(*signingidentity).cert) 1301 1302 // Check that certFromFile is in HighS 1303 _, S, err := utils.UnmarshalECDSASignature(certFromFile.Signature) 1304 assert.NoError(t, err) 1305 lowS, err := utils.IsLowS(caCertFromFile.PublicKey.(*ecdsa.PublicKey), S) 1306 assert.NoError(t, err) 1307 assert.False(t, lowS) 1308 1309 // Check that id.(*signingidentity).cert is in LoswS 1310 _, S, err = utils.UnmarshalECDSASignature(id.(*signingidentity).cert.Signature) 1311 assert.NoError(t, err) 1312 lowS, err = utils.IsLowS(caCertFromFile.PublicKey.(*ecdsa.PublicKey), S) 1313 assert.NoError(t, err) 1314 assert.True(t, lowS) 1315 1316 // Compute the digest for certFromFile 1317 thisBCCSPMsp := thisMSP.(*bccspmsp) 1318 hashOpt, err := bccsp.GetHashOpt(thisBCCSPMsp.cryptoConfig.IdentityIdentifierHashFunction) 1319 assert.NoError(t, err) 1320 digest, err := thisBCCSPMsp.bccsp.Hash(certFromFile.Raw, hashOpt) 1321 assert.NoError(t, err) 1322 1323 // Compare with the digest computed from the sanitised cert 1324 assert.NotEqual(t, idid.Id, hex.EncodeToString(digest)) 1325 } 1326 1327 func TestAnonymityIdentity(t *testing.T) { 1328 id, err := localMspV13.GetDefaultSigningIdentity() 1329 assert.NoError(t, err) 1330 1331 principalBytes, err := proto.Marshal(&msp.MSPIdentityAnonymity{AnonymityType: msp.MSPIdentityAnonymity_NOMINAL}) 1332 assert.NoError(t, err) 1333 1334 principal := &msp.MSPPrincipal{ 1335 PrincipalClassification: msp.MSPPrincipal_ANONYMITY, 1336 Principal: principalBytes} 1337 1338 err = id.SatisfiesPrincipal(principal) 1339 assert.NoError(t, err) 1340 } 1341 1342 func TestAnonymityIdentityPreV12Fail(t *testing.T) { 1343 id, err := localMspV11.GetDefaultSigningIdentity() 1344 assert.NoError(t, err) 1345 1346 principalBytes, err := proto.Marshal(&msp.MSPIdentityAnonymity{AnonymityType: msp.MSPIdentityAnonymity_NOMINAL}) 1347 assert.NoError(t, err) 1348 1349 principal := &msp.MSPPrincipal{ 1350 PrincipalClassification: msp.MSPPrincipal_ANONYMITY, 1351 Principal: principalBytes} 1352 1353 err = id.SatisfiesPrincipal(principal) 1354 assert.Error(t, err) 1355 } 1356 1357 func TestAnonymityIdentityFail(t *testing.T) { 1358 id, err := localMspV13.GetDefaultSigningIdentity() 1359 assert.NoError(t, err) 1360 1361 principalBytes, err := proto.Marshal(&msp.MSPIdentityAnonymity{AnonymityType: msp.MSPIdentityAnonymity_ANONYMOUS}) 1362 assert.NoError(t, err) 1363 1364 principal := &msp.MSPPrincipal{ 1365 PrincipalClassification: msp.MSPPrincipal_ANONYMITY, 1366 Principal: principalBytes} 1367 1368 err = id.SatisfiesPrincipal(principal) 1369 assert.Error(t, err) 1370 } 1371 1372 func TestProviderTypeToString(t *testing.T) { 1373 // Check that the provider type is found for FABRIC 1374 pt := ProviderTypeToString(FABRIC) 1375 assert.Equal(t, "bccsp", pt) 1376 1377 // Check that the provider type is found for IDEMIX 1378 pt = ProviderTypeToString(IDEMIX) 1379 assert.Equal(t, "idemix", pt) 1380 1381 // Check that the provider type is not found 1382 pt = ProviderTypeToString(OTHER) 1383 assert.Equal(t, "", pt) 1384 }