def testGeneratedRequestSequencing(tdir_for_func):
"""
Request ids must be generated in an increasing order
"""
with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet:
w = Wallet("test")
w.addIdentifier()
operation = randomOperation()
request = w.signOp(operation)
assert request.reqId == 1
request = w.signOp(operation)
assert request.reqId == 2
request = w.signOp(randomOperation())
assert request.reqId == 3
idr, _ = w.addIdentifier()
request = w.signOp(randomOperation(), idr)
assert request.reqId == 1
request = w.signOp(randomOperation())
assert request.reqId == 4
def testGeneratedRequestSequencing(tdir_for_func):
"""
Request ids must be generated in an increasing order
"""
with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet:
w = Wallet("test")
w.addIdentifier()
operation = randomOperation()
request = w.signOp(operation)
assert request.reqId == 1
request = w.signOp(operation)
assert request.reqId == 2
request = w.signOp(randomOperation())
assert request.reqId == 3
idr, _ = w.addIdentifier()
request = w.signOp(randomOperation(), idr)
assert request.reqId == 1
request = w.signOp(randomOperation())
assert request.reqId == 4
def test_wallet_multisig():
wallet = Wallet()
idr1, signer1 = wallet.addIdentifier()
idr2, signer2 = wallet.addIdentifier()
idr3, signer3 = wallet.addIdentifier()
authnr = CoreAuthNr()
for idr, signer in [(idr1, signer1), (idr2, signer2), (idr3, signer3)]:
authnr.addIdr(idr, signer.verkey)
def serz(req):
return {k: v for k, v in req.as_dict.items()
if k not in authnr.excluded_from_signing}
op = randomOperation()
req = wallet.sign_using_multi_sig(op=op, identifier=idr1)
assert len(req.signatures) == 1
req_data = serz(req)
assert set(authnr.authenticate_multi(req_data, req.signatures, 1)) == {idr1, }
with pytest.raises(InsufficientSignatures):
authnr.authenticate_multi(req_data, req.signatures, 2)
req = wallet.sign_using_multi_sig(request=req, identifier=idr2)
assert len(req.signatures) == 2
req_data = serz(req)
assert set(authnr.authenticate_multi(req_data, req.signatures, 2)) == {idr1,
idr2}
with pytest.raises(InsufficientSignatures):
authnr.authenticate_multi(req_data, req.signatures, 3)
wallet.do_multi_sig_on_req(req, identifier=idr3)
assert len(req.signatures) == 3
req_data = serz(req)
assert set(authnr.authenticate_multi(req_data, req.signatures, 3)) == {idr1,
idr2,
idr3}
def test_make_result_no_protocol_version(looper, txnPoolNodeSet):
request = SafeRequest(identifier="1" * 16,
reqId=1,
operation=randomOperation(),
signature="signature")
request.protocolVersion = False
check_result(txnPoolNodeSet, request, False)
def build_req_multi_signed_by_non_author_only(author_role, non_author_role):
return Request(
identifier=get_idr_by_role_author(author_role),
reqId=1,
operation=randomOperation(),
signatures={get_idr_by_role_endorser(non_author_role): "sig"},
protocolVersion=CURRENT_PROTOCOL_VERSION)
def build_req_signed_by_author_only(author_role):
idr = get_idr_by_role_author(author_role)
return Request(identifier=idr,
reqId=1,
operation=randomOperation(),
signature="sig2",
protocolVersion=CURRENT_PROTOCOL_VERSION)
def build_req_and_action(action: Action):
sig = None
sigs = None
identifier = IDENTIFIERS[action.author][0]
endorser_did = None
# if there is only 1 sig from the Author - use `signature` instead of `signatures`
if len(action.sigs) == 1 and next(iter(action.sigs.values())) == 1 and next(
iter(action.sigs.keys())) == action.author:
sig = 'signature'
else:
sigs = {IDENTIFIERS[role][i]: 'signature' for role, sig_count in action.sigs.items() for i in
range(sig_count)}
if action.endorser is not None:
endorser_did = IDENTIFIERS[action.endorser][0]
operation = randomOperation()
if action.amount is not None:
operation[PLUGIN_FIELD] = action.amount
req = Request(identifier=identifier,
operation=operation,
signature=sig,
signatures=sigs,
endorser=endorser_did)
action = AuthActionAdd(txn_type=req.operation[TYPE],
field='some_field',
value='new_value',
is_owner=action.is_owner)
return req, [action]
def test_make_result_no_protocol_version_in_request_by_default(
looper, txnPoolNodeSet, client1, client1Connected, wallet1):
request = SafeRequest(identifier="1" * 16,
reqId=1,
operation=randomOperation(),
signature="signature")
check_result(txnPoolNodeSet, request, client1, False)
async def go(ctx):
client1, wallet = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir)
# remove the client's ability to sign
assert wallet.defaultId
ctx.looper.add(client1)
await client1.ensureConnectedToNodes()
request = wallet.signOp(op=randomOperation())
request.signature = None
request = client1.submitReqs(request)[0][0]
timeout = waits.expectedClientRequestPropagationTime(nodeCount)
with pytest.raises(AssertionError):
for node in ctx.nodeset:
await eventually(checkLastClientReqForNode,
node,
request,
retryWait=1,
timeout=timeout)
for n in ctx.nodeset:
params = n.spylog.getLastParams(Node.handleInvalidClientMsg)
ex = params['ex']
msg, _ = params['wrappedMsg']
assert isinstance(ex, MissingSignature)
assert msg.get(f.IDENTIFIER.nm) == request.identifier
params = n.spylog.getLastParams(Node.discard)
reason = params["reason"]
(msg, frm) = params["msg"]
assert msg == request.as_dict
assert msg.get(f.IDENTIFIER.nm) == request.identifier
assert "MissingSignature" in reason
async def go(ctx):
client1, wallet = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir)
# remove the client's ability to sign
assert wallet.defaultId
ctx.looper.add(client1)
await client1.ensureConnectedToNodes()
request = wallet.signOp(op=randomOperation())
request.signature = None
request = client1.submitReqs(request)[0]
with pytest.raises(AssertionError):
for node in ctx.nodeset:
await eventually(checkLastClientReqForNode,
node,
request,
retryWait=1,
timeout=10)
for n in ctx.nodeset:
params = n.spylog.getLastParams(Node.handleInvalidClientMsg)
ex = params['ex']
_, frm = params['wrappedMsg']
assert isinstance(ex, EmptySignature)
assert frm == client1.stackName
params = n.spylog.getLastParams(Node.discard)
reason = params["reason"]
(msg, frm) = params["msg"]
assert msg == request.__dict__
assert frm == client1.stackName
assert "EmptySignature" in reason
async def go(ctx):
client1 = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir)
# remove the client's ability to sign
assert client1.getSigner()
client1.signers[client1.defaultIdentifier] = None
assert not client1.getSigner()
ctx.looper.add(client1)
await client1.ensureConnectedToNodes()
operation = randomOperation()
request = client1.submit(operation)[0]
with pytest.raises(AssertionError):
for node in ctx.nodeset:
await eventually(
checkLastClientReqForNode, node, request,
retryWait=1, timeout=10)
for n in ctx.nodeset:
params = n.spylog.getLastParams(Node.reportSuspiciousClient)
frm = params['clientName']
reason = params['reason']
assert frm == client1.name
assert isinstance(reason, EmptySignature)
params = n.spylog.getLastParams(Node.discard)
reason = params["reason"]
(msg, frm) = params["msg"]
assert msg == request.__dict__
assert frm == client1.name
assert isinstance(reason, EmptySignature)
def build_req_and_action(signatures, need_to_be_owner, amount=None):
sig = None
sigs = None
identifier = None
if signatures:
role = next(iter(signatures.keys()))
identifier = IDENTIFIERS[role][0]
if len(signatures) == 1 and next(iter(signatures.values())) == 1:
sig = 'signature'
else:
sigs = {
IDENTIFIERS[role][i]: 'signature'
for role, sig_count in signatures.items() for i in range(sig_count)
}
operation = randomOperation()
if amount is not None:
operation[PLUGIN_FIELD] = amount
req = Request(identifier=identifier,
operation=operation,
signature=sig,
signatures=sigs)
action = AuthActionAdd(txn_type=req.operation[TYPE],
field='some_field',
value='new_value',
is_owner=need_to_be_owner)
return req, [action]
async def go(ctx):
client1, wallet = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir)
# remove the client's ability to sign
assert wallet.defaultId
ctx.looper.add(client1)
await client1.ensureConnectedToNodes()
request = wallet.signOp(op=randomOperation())
request.signature = None
request = client1.submitReqs(request)[0]
with pytest.raises(AssertionError):
for node in ctx.nodeset:
await eventually(
checkLastClientReqForNode, node, request,
retryWait=1, timeout=10)
for n in ctx.nodeset:
params = n.spylog.getLastParams(Node.handleInvalidClientMsg)
ex = params['ex']
_, frm = params['wrappedMsg']
assert isinstance(ex, EmptySignature)
assert frm == client1.stackName
params = n.spylog.getLastParams(Node.discard)
reason = params["reason"]
(msg, frm) = params["msg"]
assert msg == request.__dict__
assert frm == client1.stackName
assert "EmptySignature" in reason
def test_make_result_no_protocol_version(looper, txnPoolNodeSet):
request = SafeRequest(identifier="1" * 16,
reqId=1,
operation=randomOperation(),
signature="signature",
protocolVersion=CURRENT_PROTOCOL_VERSION)
request.protocolVersion = None
check_result(txnPoolNodeSet, request, False)
def test_make_result_protocol_version_less_than_state_proof(
looper, txnPoolNodeSet, client1, client1Connected, wallet1):
request = SafeRequest(identifier="1" * 16,
reqId=1,
operation=randomOperation(),
signature="signature")
request.protocolVersion = 0
check_result(txnPoolNodeSet, request, client1, False)
def testReplyMatchesRequest(looper, nodeSet, tdir, up):
'''
This tests does check following things:
- wallet works correctly when used by multiple clients
- clients do receive responses for exactly the same request they sent
'''
def makeClient(id):
client, wallet = genTestClient(nodeSet,
tmpdir=tdir,
name="client-{}".format(id))
looper.add(client)
looper.run(client.ensureConnectedToNodes())
return client, wallet
# creating clients
numOfClients = 3
numOfRequests = 1
clients = set()
sharedWallet = None
for i in range(numOfClients):
client, wallet = makeClient(i)
if sharedWallet is None:
sharedWallet = wallet
clients.add(client)
for i in range(1, numOfRequests + 1):
# sending requests
requests = {}
for client in clients:
op = randomOperation()
req = sharedWallet.signOp(op)
request = client.submitReqs(req)[0]
requests[client] = (request.reqId, request.operation['amount'])
# checking results
for client, (reqId, sentAmount) in requests.items():
looper.run(eventually(checkResponseRecvdFromNodes,
client,
2 * nodeCount * i,
reqId,
retryWait=1,
timeout=25))
print("Expected amount for request {} is {}".
format(reqId, sentAmount))
replies = [r[0]['result']['amount']
for r in client.inBox
if r[0]['op'] == 'REPLY'
and r[0]['result']['reqId'] == reqId]
assert all(replies[0] == r for r in replies)
assert replies[0] == sentAmount
def testReplyMatchesRequest(looper, nodeSet, tdir, up):
'''
This tests does check following things:
- wallet works correctly when used by multiple clients
- clients do receive responses for exactly the same request they sent
'''
def makeClient(id):
client, wallet = genTestClient(nodeSet,
tmpdir=tdir,
name="client-{}".format(id))
looper.add(client)
looper.run(client.ensureConnectedToNodes())
return client, wallet
# creating clients
numOfClients = 3
numOfRequests = 1
clients = set()
sharedWallet = None
for i in range(numOfClients):
client, wallet = makeClient(i)
if sharedWallet is None:
sharedWallet = wallet
clients.add(client)
for i in range(1, numOfRequests + 1):
# sending requests
requests = {}
for client in clients:
op = randomOperation()
req = sharedWallet.signOp(op)
request = client.submitReqs(req)[0]
requests[client] = (request.reqId, request.operation['amount'])
# checking results
for client, (reqId, sentAmount) in requests.items():
looper.run(
eventually(checkResponseRecvdFromNodes,
client,
nodeCount,
reqId,
retryWait=1,
timeout=25))
print("Expected amount for request {} is {}".format(
reqId, sentAmount))
replies = [
r[0]['result']['amount'] for r in client.inBox
if r[0]['op'] == 'REPLY' and r[0]['result']['reqId'] == reqId
]
assert all(replies[0] == r for r in replies)
assert replies[0] == sentAmount
def test_make_result_protocol_version_less_than_state_proof(
looper, txnPoolNodeSet):
request = SafeRequest(identifier="1" * 16,
reqId=1,
operation=randomOperation(),
signature="signature",
protocolVersion=CURRENT_PROTOCOL_VERSION)
request.protocolVersion = 0
check_result(txnPoolNodeSet, request, False)
def build_req_multi_signed_by_endorser(author_role, endorser_role=ENDORSER, append_endorser=False):
author_idr = get_idr_by_role(author_role) if author_role != IDENTITY_OWNER else "author_no_role"
endorser_idr = get_idr_by_role(endorser_role)
req = Request(identifier=author_idr,
reqId=1,
operation=randomOperation(),
signatures={endorser_idr: "sig1", author_idr: "sig2"},
protocolVersion=CURRENT_PROTOCOL_VERSION)
if append_endorser:
req.endorser = endorser_idr
return req
def testGeneratedRequestSequencing(tdir_for_func):
"""
Request ids must be generated in an increasing order
"""
with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet:
cli = genTestClient(nodeSet, tmpdir=tdir_for_func)
operation = randomOperation()
request = cli.createRequest(operation)
assert request.reqId == 1
request = cli.createRequest(operation)
assert request.reqId == 2
request = cli.createRequest(randomOperation())
assert request.reqId == 3
cli2 = genTestClient(nodeSet, tmpdir=tdir_for_func)
request = cli2.createRequest(operation)
assert request.reqId == 1
def testGeneratedRequestSequencing(tdir_for_func):
"""
Request ids must be generated in an increasing order
"""
with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet:
cli = genTestClient(nodeSet, tmpdir=tdir_for_func)
operation = randomOperation()
request = cli.createRequest(operation)
assert request.reqId == 1
request = cli.createRequest(operation)
assert request.reqId == 2
request = cli.createRequest(randomOperation())
assert request.reqId == 3
cli2 = genTestClient(nodeSet, tmpdir=tdir_for_func)
request = cli2.createRequest(operation)
assert request.reqId == 1
def test_role_authorizer_not_authorize_unknown_nym(idr_cache):
authorizer = RolesAuthorizer(cache=idr_cache)
unknown_req_auth = Request(identifier="some_unknown_identifier",
reqId=2,
operation=randomOperation(),
signature="signature",
protocolVersion=CURRENT_PROTOCOL_VERSION)
authorized, reason = authorizer.authorize(unknown_req_auth,
AuthConstraint(role=TRUSTEE, sig_count=1))
assert not authorized
assert reason == "sender's DID {} is not found in the Ledger".format(unknown_req_auth.identifier)
def test_wallet_multisig():
wallet = Wallet()
idr1, signer1 = wallet.addIdentifier()
idr2, signer2 = wallet.addIdentifier()
idr3, signer3 = wallet.addIdentifier()
authnr = CoreAuthNr()
for idr, signer in [(idr1, signer1), (idr2, signer2), (idr3, signer3)]:
authnr.addIdr(idr, signer.verkey)
def serz(req):
return {
k: v
for k, v in req.as_dict.items()
if k not in authnr.excluded_from_signing
}
op = randomOperation()
request = Request(reqId=Request.gen_req_id(),
operation=op,
protocolVersion=CURRENT_PROTOCOL_VERSION,
identifier=idr1)
req = wallet.sign_using_multi_sig(request=request, identifier=idr1)
assert len(req.signatures) == 1
req_data = serz(req)
assert set(authnr.authenticate_multi(req_data, req.signatures, 1)) == {
idr1,
}
with pytest.raises(InsufficientSignatures):
authnr.authenticate_multi(req_data, req.signatures, 2)
req = wallet.sign_using_multi_sig(request=req, identifier=idr2)
assert len(req.signatures) == 2
req_data = serz(req)
assert set(authnr.authenticate_multi(req_data, req.signatures,
2)) == {idr1, idr2}
with pytest.raises(InsufficientSignatures):
authnr.authenticate_multi(req_data, req.signatures, 3)
wallet.do_multi_sig_on_req(req, identifier=idr3)
assert len(req.signatures) == 3
req_data = serz(req)
assert set(authnr.authenticate_multi(req_data, req.signatures,
3)) == {idr1, idr2, idr3}
async def go(ctx):
client1 = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir)
# remove the client's ability to sign
assert client1.getSigner()
client1.signers[client1.defaultIdentifier] = None
assert not client1.getSigner()
ctx.looper.add(client1)
await client1.ensureConnectedToNodes()
operation = randomOperation()
request = client1.submit(operation)[0]
with pytest.raises(AssertionError):
for node in ctx.nodeset:
await eventually(checkLastClientReqForNode,
node,
request,
retryWait=1,
timeout=10)
for n in ctx.nodeset:
params = n.spylog.getLastParams(Node.reportSuspiciousClient)
frm = params['clientName']
reason = params['reason']
assert frm == client1.name
assert isinstance(reason, EmptySignature)
params = n.spylog.getLastParams(Node.discard)
reason = params["reason"]
(msg, frm) = params["msg"]
assert msg == request.__dict__
assert frm == client1.name
assert isinstance(reason, EmptySignature)
def req(identifier):
return Request(identifier=identifier,
operation=randomOperation(),
signature='signature')
def req_auth():
return Request(identifier="some_identifier",
reqId=1,
operation=randomOperation(),
signature="signature",
protocolVersion=CURRENT_PROTOCOL_VERSION)
def req_multi_signed_by_non_author():
return Request(identifier="some_identifier",
reqId=1,
operation=randomOperation(),
signatures={"some_identifier2": "sig"},
protocolVersion=CURRENT_PROTOCOL_VERSION)
def req(identity_owners):
return Request(identifier=identity_owners[0], operation=randomOperation())
def request1():
return randomOperation()
def request1(wallet1):
op = randomOperation()
req = wallet1.signOp(op)
return req
def request1(wallet1):
op = randomOperation()
req = wallet1.signOp(op)
return req
def request1():
return randomOperation()
