133 lines
4.0 KiB
Go
133 lines
4.0 KiB
Go
/*
|
|
Copyright IBM Corp. All Rights Reserved.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
package msgprocessor
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/golang/protobuf/proto"
|
|
"github.com/hyperledger/fabric-protos-go/common"
|
|
"github.com/hyperledger/fabric-protos-go/msp"
|
|
"github.com/hyperledger/fabric/common/channelconfig"
|
|
"github.com/hyperledger/fabric/orderer/common/msgprocessor/mocks"
|
|
"github.com/hyperledger/fabric/protoutil"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
//go:generate counterfeiter -o mocks/config_resources.go --fake-name Resources . configResources
|
|
|
|
type configResources interface {
|
|
channelconfig.Resources
|
|
}
|
|
|
|
//go:generate counterfeiter -o mocks/orderer_config.go --fake-name OrdererConfig . ordererConfig
|
|
|
|
type ordererConfig interface {
|
|
channelconfig.Orderer
|
|
}
|
|
|
|
//go:generate counterfeiter -o mocks/orderer_capabilities.go --fake-name OrdererCapabilities . ordererCapabilities
|
|
|
|
type ordererCapabilities interface {
|
|
channelconfig.OrdererCapabilities
|
|
}
|
|
|
|
func createEnvelope(t *testing.T, serializedIdentity []byte) *common.Envelope {
|
|
sHdr := protoutil.MakeSignatureHeader(serializedIdentity, nil)
|
|
hdr := protoutil.MakePayloadHeader(&common.ChannelHeader{}, sHdr)
|
|
payload := &common.Payload{
|
|
Header: hdr,
|
|
}
|
|
payloadBytes, err := proto.Marshal(payload)
|
|
require.NoError(t, err)
|
|
return &common.Envelope{
|
|
Payload: payloadBytes,
|
|
Signature: []byte{1, 2, 3},
|
|
}
|
|
}
|
|
|
|
func createX509Identity(t *testing.T, certFileName string) []byte {
|
|
certBytes, err := ioutil.ReadFile(filepath.Join("testdata", certFileName))
|
|
require.NoError(t, err)
|
|
sId := &msp.SerializedIdentity{
|
|
IdBytes: certBytes,
|
|
}
|
|
idBytes, err := proto.Marshal(sId)
|
|
require.NoError(t, err)
|
|
return idBytes
|
|
}
|
|
|
|
func createIdemixIdentity(t *testing.T) []byte {
|
|
idemixId := &msp.SerializedIdemixIdentity{
|
|
NymX: []byte{1, 2, 3},
|
|
NymY: []byte{1, 2, 3},
|
|
Ou: []byte("OU1"),
|
|
}
|
|
idemixBytes, err := proto.Marshal(idemixId)
|
|
require.NoError(t, err)
|
|
sId := &msp.SerializedIdentity{
|
|
IdBytes: idemixBytes,
|
|
}
|
|
idBytes, err := proto.Marshal(sId)
|
|
require.NoError(t, err)
|
|
return idBytes
|
|
}
|
|
|
|
func TestExpirationRejectRule(t *testing.T) {
|
|
mockResources := &mocks.Resources{}
|
|
|
|
t.Run("NoOrdererConfig", func(t *testing.T) {
|
|
require.Panics(t, func() {
|
|
NewExpirationRejectRule(mockResources).Apply(&common.Envelope{})
|
|
})
|
|
})
|
|
|
|
mockOrderer := &mocks.OrdererConfig{}
|
|
mockResources.OrdererConfigReturns(mockOrderer, true)
|
|
mockCapabilities := &mocks.OrdererCapabilities{}
|
|
mockOrderer.CapabilitiesReturns(mockCapabilities)
|
|
|
|
t.Run("BadEnvelope", func(t *testing.T) {
|
|
mockCapabilities.ExpirationCheckReturns(true)
|
|
err := NewExpirationRejectRule(mockResources).Apply(&common.Envelope{})
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "could not convert message to signedData")
|
|
|
|
mockCapabilities.ExpirationCheckReturns(false)
|
|
err = NewExpirationRejectRule(mockResources).Apply(&common.Envelope{})
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("ExpiredX509Identity", func(t *testing.T) {
|
|
env := createEnvelope(t, createX509Identity(t, "expiredCert.pem"))
|
|
mockCapabilities.ExpirationCheckReturns(true)
|
|
err := NewExpirationRejectRule(mockResources).Apply(env)
|
|
require.Error(t, err)
|
|
require.Equal(t, err.Error(), "broadcast client identity expired")
|
|
|
|
mockCapabilities.ExpirationCheckReturns(false)
|
|
err = NewExpirationRejectRule(mockResources).Apply(env)
|
|
require.NoError(t, err)
|
|
})
|
|
t.Run("IdemixIdentity", func(t *testing.T) {
|
|
env := createEnvelope(t, createIdemixIdentity(t))
|
|
mockCapabilities.ExpirationCheckReturns(true)
|
|
require.Nil(t, NewExpirationRejectRule(mockResources).Apply(env))
|
|
mockCapabilities.ExpirationCheckReturns(false)
|
|
require.Nil(t, NewExpirationRejectRule(mockResources).Apply(env))
|
|
})
|
|
t.Run("NoneExpiredX509Identity", func(t *testing.T) {
|
|
env := createEnvelope(t, createX509Identity(t, "cert.pem"))
|
|
mockCapabilities.ExpirationCheckReturns(true)
|
|
require.Nil(t, NewExpirationRejectRule(mockResources).Apply(env))
|
|
mockCapabilities.ExpirationCheckReturns(false)
|
|
require.Nil(t, NewExpirationRejectRule(mockResources).Apply(env))
|
|
})
|
|
}
|