diff --git a/core/peer/peer_test.go b/core/peer/peer_test.go index e5a566d3ba4..d3da64b4567 100644 --- a/core/peer/peer_test.go +++ b/core/peer/peer_test.go @@ -96,7 +96,11 @@ func TestCreateChainFromBlock(t *testing.T) { identity, _ := mgmt.GetLocalSigningIdentityOrPanic().Serialize() messageCryptoService := peergossip.NewMCS(&mocks.ChannelPolicyManagerGetter{}, localmsp.NewSigner(), mgmt.NewDeserializersManager()) - service.InitGossipServiceCustomDeliveryFactory(identity, "localhost:13611", grpcServer, &mockDeliveryClientFactory{}, messageCryptoService) + secAdv := peergossip.NewSecurityAdvisor(mgmt.NewDeserializersManager()) + service.InitGossipServiceCustomDeliveryFactory( + identity, "localhost:13611", grpcServer, + &mockDeliveryClientFactory{}, + messageCryptoService, secAdv) err = CreateChainFromBlock(block) if err != nil { diff --git a/core/scc/cscc/configure_test.go b/core/scc/cscc/configure_test.go index 43065742825..fad5b0a5b92 100644 --- a/core/scc/cscc/configure_test.go +++ b/core/scc/cscc/configure_test.go @@ -166,7 +166,8 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) { identity, _ := mgmt.GetLocalSigningIdentityOrPanic().Serialize() messageCryptoService := peergossip.NewMCS(&mocks.ChannelPolicyManagerGetter{}, localmsp.NewSigner(), mgmt.NewDeserializersManager()) - service.InitGossipServiceCustomDeliveryFactory(identity, peerEndpoint, nil, &mockDeliveryClientFactory{}, messageCryptoService) + secAdv := peergossip.NewSecurityAdvisor(mgmt.NewDeserializersManager()) + service.InitGossipServiceCustomDeliveryFactory(identity, peerEndpoint, nil, &mockDeliveryClientFactory{}, messageCryptoService, secAdv) // Successful path for JoinChain blockBytes := mockConfigBlock() diff --git a/gossip/service/gossip_service.go b/gossip/service/gossip_service.go index ab550390382..c1289038389 100644 --- a/gossip/service/gossip_service.go +++ b/gossip/service/gossip_service.go @@ -31,7 +31,6 @@ import ( "github.com/hyperledger/fabric/gossip/integration" "github.com/hyperledger/fabric/gossip/state" "github.com/hyperledger/fabric/gossip/util" - peergossip "github.com/hyperledger/fabric/peer/gossip" "github.com/hyperledger/fabric/protos/common" proto "github.com/hyperledger/fabric/protos/gossip" "github.com/spf13/viper" @@ -121,17 +120,17 @@ func (jcm *joinChannelMessage) AnchorPeersOf(org api.OrgIdentityType) []api.Anch var logger = util.GetLogger(util.LoggingServiceModule, "") // InitGossipService initialize gossip service -func InitGossipService(peerIdentity []byte, endpoint string, s *grpc.Server, mcs api.MessageCryptoService, bootPeers ...string) { +func InitGossipService(peerIdentity []byte, endpoint string, s *grpc.Server, mcs api.MessageCryptoService, secAdv api.SecurityAdvisor, bootPeers ...string) { // TODO: Remove this. // TODO: This is a temporary work-around to make the gossip leader election module load its logger at startup // TODO: in order for the flogging package to register this logger in time so it can set the log levels as requested in the config util.GetLogger(util.LoggingElectionModule, "") - InitGossipServiceCustomDeliveryFactory(peerIdentity, endpoint, s, &deliveryFactoryImpl{}, mcs, bootPeers...) + InitGossipServiceCustomDeliveryFactory(peerIdentity, endpoint, s, &deliveryFactoryImpl{}, mcs, secAdv, bootPeers...) } // InitGossipServiceCustomDeliveryFactory initialize gossip service with customize delivery factory // implementation, might be useful for testing and mocking purposes -func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string, s *grpc.Server, factory DeliveryServiceFactory, mcs api.MessageCryptoService, bootPeers ...string) { +func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string, s *grpc.Server, factory DeliveryServiceFactory, mcs api.MessageCryptoService, secAdv api.SecurityAdvisor, bootPeers ...string) { once.Do(func() { logger.Info("Initialize gossip with endpoint", endpoint, "and bootstrap set", bootPeers) dialOpts := []grpc.DialOption{} @@ -141,8 +140,6 @@ func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string dialOpts = append(dialOpts, grpc.WithInsecure()) } - secAdv := peergossip.NewSecurityAdvisor() - if overrideEndpoint := viper.GetString("peer.gossip.endpoint"); overrideEndpoint != "" { endpoint = overrideEndpoint } diff --git a/gossip/service/gossip_service_test.go b/gossip/service/gossip_service_test.go index f6bf91d005c..4b5b18e03ac 100644 --- a/gossip/service/gossip_service_test.go +++ b/gossip/service/gossip_service_test.go @@ -68,7 +68,8 @@ func TestInitGossipService(t *testing.T) { for i := 0; i < 10; i++ { go func() { messageCryptoService := peergossip.NewMCS(&mocks.ChannelPolicyManagerGetter{}, localmsp.NewSigner(), mgmt.NewDeserializersManager()) - InitGossipService(identity, "localhost:5611", grpcServer, messageCryptoService) + secAdv := peergossip.NewSecurityAdvisor(mgmt.NewDeserializersManager()) + InitGossipService(identity, "localhost:5611", grpcServer, messageCryptoService, secAdv) wg.Done() }() @@ -702,7 +703,8 @@ func TestInvalidInitialization(t *testing.T) { go grpcServer.Serve(socket) defer grpcServer.Stop() - InitGossipService(api.PeerIdentityType("IDENTITY"), "localhost:7611", grpcServer, &naiveCryptoService{}) + secAdv := peergossip.NewSecurityAdvisor(mgmt.NewDeserializersManager()) + InitGossipService(api.PeerIdentityType("IDENTITY"), "localhost:7611", grpcServer, &naiveCryptoService{}, secAdv) gService := GetGossipService().(*gossipServiceImpl) defer gService.Stop() @@ -724,7 +726,8 @@ func TestChannelConfig(t *testing.T) { go grpcServer.Serve(socket) defer grpcServer.Stop() - InitGossipService(api.PeerIdentityType("IDENTITY"), "localhost:6611", grpcServer, &naiveCryptoService{}) + secAdv := peergossip.NewSecurityAdvisor(mgmt.NewDeserializersManager()) + InitGossipService(api.PeerIdentityType("IDENTITY"), "localhost:6611", grpcServer, &naiveCryptoService{}, secAdv) gService := GetGossipService().(*gossipServiceImpl) defer gService.Stop() diff --git a/peer/gossip/mcs_test.go b/peer/gossip/mcs_test.go index 468c15fc8a0..ad97643f941 100644 --- a/peer/gossip/mcs_test.go +++ b/peer/gossip/mcs_test.go @@ -76,6 +76,32 @@ func TestPKIidOfNil(t *testing.T) { assert.Nil(t, pkid, "PKID must be nil") } +func TestValidateIdentity(t *testing.T) { + deserializersManager := &mocks.DeserializersManager{ + LocalDeserializer: &mocks.IdentityDeserializer{[]byte("Alice"), []byte("msg1")}, + ChannelDeserializers: map[string]msp.IdentityDeserializer{ + "A": &mocks.IdentityDeserializer{[]byte("Bob"), []byte("msg2")}, + }, + } + msgCryptoService := NewMCS( + &mocks.ChannelPolicyManagerGetterWithManager{}, + &mockscrypto.LocalSigner{Identity: []byte("Charlie")}, + deserializersManager, + ) + + err := msgCryptoService.ValidateIdentity([]byte("Alice")) + assert.NoError(t, err) + + err = msgCryptoService.ValidateIdentity([]byte("Bob")) + assert.NoError(t, err) + + err = msgCryptoService.ValidateIdentity([]byte("Charlie")) + assert.Error(t, err) + + err = msgCryptoService.ValidateIdentity(nil) + assert.Error(t, err) +} + func TestSign(t *testing.T) { msgCryptoService := NewMCS( &mocks.ChannelPolicyManagerGetter{}, @@ -127,6 +153,9 @@ func TestVerify(t *testing.T) { err = msgCryptoService.Verify(api.PeerIdentityType("Dave"), sigma, msg) assert.Error(t, err) assert.Contains(t, fmt.Sprintf("%v", err), "Could not acquire policy manager") + + // Check invalid args + assert.Error(t, msgCryptoService.Verify(nil, sigma, msg)) } func TestVerifyBlock(t *testing.T) { @@ -173,6 +202,10 @@ func TestVerifyBlock(t *testing.T) { // - Verify block assert.Error(t, msgCryptoService.VerifyBlock([]byte("C"), blockRaw)) + + // Check invalid args + assert.Error(t, msgCryptoService.VerifyBlock([]byte("C"), []byte{0, 1, 2, 3, 4})) + assert.Error(t, msgCryptoService.VerifyBlock([]byte("C"), nil)) } func mockBlock(t *testing.T, channel string, localSigner crypto.LocalSigner, dataHash []byte) ([]byte, []byte) { diff --git a/peer/gossip/sa.go b/peer/gossip/sa.go index 778466d63ce..898ba271749 100644 --- a/peer/gossip/sa.go +++ b/peer/gossip/sa.go @@ -33,12 +33,13 @@ var saLogger = flogging.MustGetLogger("peer/gossip/sa") // // This implementation assumes that these mechanisms are all in place and working. type mspSecurityAdvisor struct { + deserializer mgmt.DeserializersManager } // NewSecurityAdvisor creates a new instance of mspSecurityAdvisor // that implements MessageCryptoService -func NewSecurityAdvisor() api.SecurityAdvisor { - return &mspSecurityAdvisor{} +func NewSecurityAdvisor(deserializer mgmt.DeserializersManager) api.SecurityAdvisor { + return &mspSecurityAdvisor{deserializer: deserializer} } // OrgByPeerIdentity returns the OrgIdentityType @@ -64,13 +65,13 @@ func (advisor *mspSecurityAdvisor) OrgByPeerIdentity(peerIdentity api.PeerIdenti // namely the identity's MSP identifier be returned (Identity.GetMSPIdentifier()) // First check against the local MSP. - identity, err := mgmt.GetLocalMSP().DeserializeIdentity([]byte(peerIdentity)) + identity, err := advisor.deserializer.GetLocalDeserializer().DeserializeIdentity([]byte(peerIdentity)) if err == nil { return []byte(identity.GetMSPIdentifier()) } // Check against managers - for chainID, mspManager := range mgmt.GetDeserializers() { + for chainID, mspManager := range advisor.deserializer.GetChannelDeserializers() { // Deserialize identity identity, err := mspManager.DeserializeIdentity([]byte(peerIdentity)) if err != nil { diff --git a/peer/gossip/sa_test.go b/peer/gossip/sa_test.go index 7fcb54910e0..338d2b6f534 100644 --- a/peer/gossip/sa_test.go +++ b/peer/gossip/sa_test.go @@ -19,32 +19,22 @@ package gossip import ( "testing" - "fmt" - "os" - - "github.com/hyperledger/fabric/gossip/api" - "github.com/hyperledger/fabric/msp/mgmt" - "github.com/hyperledger/fabric/msp/mgmt/testtools" + "github.com/hyperledger/fabric/msp" + "github.com/hyperledger/fabric/peer/gossip/mocks" "github.com/stretchr/testify/assert" ) -func TestMain(m *testing.M) { - // Setup the MSP manager so that we can sign/verify - err := msptesttools.LoadMSPSetupForTesting() - if err != nil { - fmt.Printf("Failed LoadFakeSetupWithLocalMspAndTestChainMsp [%s]", err) - os.Exit(-1) +func TestMspSecurityAdvisor_OrgByPeerIdentity(t *testing.T) { + dm := &mocks.DeserializersManager{ + LocalDeserializer: &mocks.IdentityDeserializer{[]byte("Alice"), []byte("msg1")}, + ChannelDeserializers: map[string]msp.IdentityDeserializer{ + "A": &mocks.IdentityDeserializer{[]byte("Bob"), []byte("msg2")}, + }, } - os.Exit(m.Run()) -} -func TestMspSecurityAdvisor_OrgByPeerIdentity(t *testing.T) { - id, err := mgmt.GetLocalMSP().GetDefaultSigningIdentity() - assert.NoError(t, err, "Failed getting local default signing identity") - identityRaw, err := id.Serialize() - assert.NoError(t, err, "Failed serializing local default signing identity") - - advisor := NewSecurityAdvisor() - orgIdentity := advisor.OrgByPeerIdentity(api.PeerIdentityType(identityRaw)) - assert.NotNil(t, orgIdentity, "Organization for identity must be different from nil") + advisor := NewSecurityAdvisor(dm) + assert.NotNil(t, advisor.OrgByPeerIdentity([]byte("Alice"))) + assert.NotNil(t, advisor.OrgByPeerIdentity([]byte("Bob"))) + assert.Nil(t, advisor.OrgByPeerIdentity([]byte("Charlie"))) + assert.Nil(t, advisor.OrgByPeerIdentity(nil)) } diff --git a/peer/node/start.go b/peer/node/start.go index b2c2a7e0461..51894d97269 100644 --- a/peer/node/start.go +++ b/peer/node/start.go @@ -161,7 +161,9 @@ func serve(args []string) error { peer.NewChannelPolicyManagerGetter(), localmsp.NewSigner(), mgmt.NewDeserializersManager()) - service.InitGossipService(serializedIdentity, peerEndpoint.Address, peerServer.Server(), messageCryptoService, bootstrap...) + secAdv := peergossip.NewSecurityAdvisor(mgmt.NewDeserializersManager()) + + service.InitGossipService(serializedIdentity, peerEndpoint.Address, peerServer.Server(), messageCryptoService, secAdv, bootstrap...) defer service.GetGossipService().Stop() //initialize system chaincodes