Commit 2313d4f8 authored by Jonathan Levi (HACERA)'s avatar Jonathan Levi (HACERA) Committed by Gerrit Code Review
Browse files

Merge "[FAB-11196] idemixmsp supports roles client, peer"

parents b2bf181f 02358c3d
......@@ -366,6 +366,16 @@ func (msp *idemixmsp) satisfiesPrincipalValidated(id Identity, principal *m.MSPP
return errors.Errorf("user is not an admin")
}
return nil
case m.MSPRole_PEER:
if msp.version >= MSPv1_3 {
return errors.Errorf("idemixmsp only supports client use, so it cannot satisfy an MSPRole PEER principal")
}
fallthrough
case m.MSPRole_CLIENT:
if msp.version >= MSPv1_3 {
return nil // any valid idemixmsp member must be a client
}
fallthrough
default:
return errors.Errorf("invalid MSP role type %d", int32(mspRole.Role))
}
......
......@@ -457,6 +457,17 @@ func TestPrincipalRoleMember(t *testing.T) {
err = id1.SatisfiesPrincipal(principal)
assert.NoError(t, err)
// Member should also satisfy client
principalBytes, err = proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_CLIENT, MspIdentifier: id1.GetMSPIdentifier()})
assert.NoError(t, err)
principal = &msp.MSPPrincipal{
PrincipalClassification: msp.MSPPrincipal_ROLE,
Principal: principalBytes}
err = id1.SatisfiesPrincipal(principal)
assert.NoError(t, err)
}
func TestPrincipalRoleAdmin(t *testing.T) {
......@@ -488,6 +499,25 @@ func TestPrincipalRoleAdmin(t *testing.T) {
assert.NoError(t, err)
}
func TestPrincipalRoleNotPeer(t *testing.T) {
msp1, err := setup("testdata/idemix/MSP1OU1Admin", "MSP1OU1")
assert.NoError(t, err)
id1, err := getDefaultSigner(msp1)
assert.NoError(t, err)
principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_PEER, MspIdentifier: id1.GetMSPIdentifier()})
assert.NoError(t, err)
principal := &msp.MSPPrincipal{
PrincipalClassification: msp.MSPPrincipal_ROLE,
Principal: principalBytes}
err = id1.SatisfiesPrincipal(principal)
assert.Error(t, err, "Admin should not satisfy PEER principal")
assert.Contains(t, err.Error(), "idemixmsp only supports client use, so it cannot satisfy an MSPRole PEER principal")
}
func TestPrincipalRoleNotAdmin(t *testing.T) {
msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1")
assert.NoError(t, err)
......@@ -681,3 +711,35 @@ func TestPrincipalCombinedV11(t *testing.T) {
assert.Error(t, err)
assert.Contains(t, err.Error(), "Combined MSP Principals are unsupported in MSPv1_1")
}
func TestRoleClientV11(t *testing.T) {
msp1, err := setupWithVersion("testdata/idemix/MSP1OU1", "MSP1OU1", MSPv1_1)
assert.NoError(t, err)
id1, err := getDefaultSigner(msp1)
assert.NoError(t, err)
principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_CLIENT, MspIdentifier: id1.GetMSPIdentifier()})
assert.NoError(t, err)
principalRole := &msp.MSPPrincipal{
PrincipalClassification: msp.MSPPrincipal_ROLE,
Principal: principalBytes}
err = id1.SatisfiesPrincipal(principalRole)
assert.Error(t, err)
assert.Contains(t, err.Error(), "invalid MSP role type")
}
func TestRolePeerV11(t *testing.T) {
msp1, err := setupWithVersion("testdata/idemix/MSP1OU1", "MSP1OU1", MSPv1_1)
assert.NoError(t, err)
id1, err := getDefaultSigner(msp1)
assert.NoError(t, err)
principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_PEER, MspIdentifier: id1.GetMSPIdentifier()})
assert.NoError(t, err)
principalRole := &msp.MSPPrincipal{
PrincipalClassification: msp.MSPPrincipal_ROLE,
Principal: principalBytes}
err = id1.SatisfiesPrincipal(principalRole)
assert.Error(t, err)
assert.Contains(t, err.Error(), "invalid MSP role type")
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment