def test_plugin_or_rule_one_amount_diff_roles(write_auth_req_validator, write_request_validation,
                                              signatures, is_owner, amount):
    validate(
        auth_constraint=AuthConstraintOr(auth_constraints=[
            AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
            AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True,
                           metadata={PLUGIN_FIELD: 1}),
        ]),
        valid_actions=[
            ({ENDORSER: 1}, False, None),
            ({ENDORSER: 2}, False, None),
            ({ENDORSER: 3}, False, None),

            ({ENDORSER: 1}, True, None),
            ({ENDORSER: 2}, True, None),
            ({ENDORSER: 3}, True, None),

            ({IDENTITY_OWNER: 1}, True, 1),
            ({IDENTITY_OWNER: 2}, True, 1),
            ({IDENTITY_OWNER: 3}, True, 1),
        ],
        all_signatures=signatures, is_owner=is_owner, amount=amount,
        write_auth_req_validator=write_auth_req_validator,
        write_request_validation=write_request_validation
    )
def test_authorize_with_or_constraint_with_one_fail(composite_authorizer,
                                                    req_auth):
    composite_authorizer.authorize(
        req_auth,
        AuthConstraintOr(
            [AuthConstraint(STEWARD, 1),
             AuthConstraint(TRUSTEE, 1)]), None)
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth):
    with pytest.raises(AuthValidationError):
        composite_authorizer.authorize(
            req_auth,
            AuthConstraintAnd(
                [AuthConstraint(STEWARD, 1),
                 AuthConstraint(TRUSTEE, 1)]), None)
def test_not_authorized_with_or_constraint(composite_authorizer, req_auth):
    with pytest.raises(AuthValidationError):
        composite_authorizer.authorize(
            req_auth,
            AuthConstraintOr(
                [AuthConstraint(TRUSTEE, 1),
                 AuthConstraint(TRUSTEE, 1)]), None)
def test_plugin_or_rule_all_amount(write_auth_req_validator, write_request_validation,
                                   signatures, is_owner, amount):
    validate(
        auth_constraint=AuthConstraintOr(auth_constraints=[
            AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False,
                           metadata={PLUGIN_FIELD: 1}),
            AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False,
                           metadata={PLUGIN_FIELD: 2}),
            AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=True,
                           metadata={PLUGIN_FIELD: 3}),
        ]),
        valid_actions=[
            ({TRUSTEE: 1}, False, 1),
            ({TRUSTEE: 2}, False, 1),
            ({TRUSTEE: 3}, False, 1),
            ({TRUSTEE: 1}, True, 1),
            ({TRUSTEE: 2}, True, 1),
            ({TRUSTEE: 3}, True, 1),

            ({STEWARD: 1}, False, 2),
            ({STEWARD: 2}, False, 2),
            ({STEWARD: 3}, False, 2),
            ({STEWARD: 1}, True, 2),
            ({STEWARD: 2}, True, 2),
            ({STEWARD: 3}, True, 2),

            ({ENDORSER: 1}, True, 3),
            ({ENDORSER: 2}, True, 3),
            ({ENDORSER: 3}, True, 3),
        ],
        all_signatures=signatures, is_owner=is_owner, amount=amount,
        write_auth_req_validator=write_auth_req_validator,
        write_request_validation=write_request_validation
    )
def test_plugin_or_error_msg_not_enough_amount_multiple_metadata_fields(write_auth_req_validator):
    set_auth_constraint(write_auth_req_validator,
                        AuthConstraintOr(auth_constraints=[
                            AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False),
                            AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False,
                                           metadata=OrderedDict([
                                               (PLUGIN_FIELD, 10),
                                               ("aaa", "bbb")
                                           ]))
                        ]))
    req, actions = build_req_and_action(Action(author=STEWARD, endorser=None,
                                               sigs={STEWARD: 1},
                                               is_owner=True,
                                               amount=5,
                                               extra_sigs=False))

    with pytest.raises(UnauthorizedClientRequest) as excinfo:
        write_auth_req_validator.validate(req, actions)
    expected = os.linesep.join([
        "Rule for this action is: 1 TRUSTEE signature is required OR 1 STEWARD signature is required with additional metadata new_field 10 aaa bbb",
        "Failed checks:",
        "Constraint: 1 TRUSTEE signature is required, Error: Not enough TRUSTEE signatures",
        "Constraint: 1 STEWARD signature is required with additional metadata new_field 10 aaa bbb, Error: not enough amount in plugin field"
    ])
    assert expected in str(excinfo.value.args[0])
Example #7
0
def test_plugin_or_rule_diff_amount_same_role(write_auth_req_validator,
                                              write_request_validation,
                                              signatures, is_owner, amount):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraint(role=TRUST_ANCHOR,
                       sig_count=2,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: 2}),
        AuthConstraint(role=TRUST_ANCHOR,
                       sig_count=3,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: 1}),
    ]),
             valid_actions=[
                 ({
                     TRUST_ANCHOR: 2
                 }, True, 2),
                 ({
                     TRUST_ANCHOR: 3
                 }, True, 1),
                 ({
                     TRUST_ANCHOR: 2
                 }, False, 2),
                 ({
                     TRUST_ANCHOR: 3
                 }, False, 1),
             ],
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Example #8
0
def test_plugin_or_rule_one_amount_all_roles_owner_no_endorser(
        write_auth_req_validator, write_request_validation, signatures,
        is_owner, amount, off_ledger_signature):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
        AuthConstraint(role='*',
                       sig_count=1,
                       need_to_be_owner=True,
                       off_ledger_signature=off_ledger_signature,
                       metadata={PLUGIN_FIELD: '3'}),
    ]),
             valid_actions=[
                 Action(author=IDENTITY_OWNER,
                        endorser=None,
                        sigs={IDENTITY_OWNER: s},
                        is_owner=True,
                        amount=3,
                        extra_sigs=False) for s in range(1, MAX_SIG_COUNT + 1)
             ],
             author=IDENTITY_OWNER,
             endorser=None,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Example #9
0
def test_plugin_and_rule(write_auth_req_validator, write_request_validation,
                         signatures, is_owner, amount):
    validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
        AuthConstraint(role=TRUSTEE,
                       sig_count=2,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: 2}),
        AuthConstraint(role=STEWARD,
                       sig_count=3,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: 2})
    ]),
             valid_actions=[
                 ({
                     TRUSTEE: 2,
                     STEWARD: 3
                 }, False, 2),
                 ({
                     TRUSTEE: 3,
                     STEWARD: 3
                 }, False, 2),
                 ({
                     TRUSTEE: 2,
                     STEWARD: 3
                 }, True, 2),
                 ({
                     TRUSTEE: 3,
                     STEWARD: 3
                 }, True, 2),
             ],
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_plugin_and_or_rule_same_role_trustee_no_endorser(write_auth_req_validator, write_request_validation,
                                                          signatures, amount):
    validate(
        auth_constraint=AuthConstraintAnd(auth_constraints=[
            AuthConstraintOr(auth_constraints=[
                AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False),
                AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False,
                               metadata={PLUGIN_FIELD: 2}),
            ]),
            AuthConstraintOr(auth_constraints=[
                AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False),
                AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False,
                               metadata={PLUGIN_FIELD: 2}),
            ])
        ]),
        valid_actions=[
            Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3},
                   is_owner=False, amount=2, extra_sigs=True),
            Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3},
                   is_owner=False, amount=2, extra_sigs=True),

            Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3},
                   is_owner=False, amount=None, extra_sigs=True),
            Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3},
                   is_owner=False, amount=None, extra_sigs=True),
        ],
        author=TRUSTEE, endorser=None,
        all_signatures=signatures, is_owner=False, amount=amount,
        write_auth_req_validator=write_auth_req_validator,
        write_request_validation=write_request_validation
    )
Example #11
0
def test_plugin_or_rule_one_amount_same_role_endorser_endorser(
        write_auth_req_validator, write_request_validation, signatures,
        is_owner, amount):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
        AuthConstraint(role=ENDORSER,
                       sig_count=1,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: '2'}),
    ]),
             valid_actions=[
                 Action(author=ENDORSER,
                        endorser=ENDORSER,
                        sigs={ENDORSER: s},
                        is_owner=owner,
                        amount=amount,
                        extra_sigs=True) for s in range(1, 4)
                 for owner in [True, False] for amount in [2, None, 0]
             ],
             author=ENDORSER,
             endorser=ENDORSER,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Example #12
0
def test_plugin_and_rule_trustee_no_endorser(write_auth_req_validator,
                                             write_request_validation,
                                             signatures, is_owner, amount):
    validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
        AuthConstraint(role=TRUSTEE,
                       sig_count=2,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: '2'}),
        AuthConstraint(role=STEWARD,
                       sig_count=3,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: '2'})
    ]),
             valid_actions=[
                 Action(author=TRUSTEE,
                        endorser=None,
                        sigs={
                            TRUSTEE: s,
                            STEWARD: 3
                        },
                        is_owner=owner,
                        amount=2,
                        extra_sigs=True) for s in range(2, 4)
                 for owner in [True, False]
             ],
             author=TRUSTEE,
             endorser=None,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Example #13
0
def test_plugin_or_rule_one_amount_diff_roles_owner_no_endorser(
        write_auth_req_validator, write_request_validation, signatures,
        is_owner, amount):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
        AuthConstraint(role=IDENTITY_OWNER,
                       sig_count=1,
                       need_to_be_owner=True,
                       metadata={PLUGIN_FIELD: 1}),
    ]),
             valid_actions=[
                 Action(author=IDENTITY_OWNER,
                        endorser=None,
                        sigs={IDENTITY_OWNER: 1},
                        is_owner=True,
                        amount=1,
                        extra_sigs=False)
             ],
             author=IDENTITY_OWNER,
             endorser=None,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_auth_rule_for_raw_attrib_works(looper, sdk_wallet_trustee,
                                        sdk_pool_handle, sdk_user_wallet_a,
                                        sdk_wallet_endorser):
    _, did_cl = sdk_user_wallet_a

    # We can add and modify attribs
    data = dict()
    data['a'] = {'John': 'Snow'}
    data = json.dumps(data)
    sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
                                data, did_cl)

    sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
                                data, did_cl)

    sdk_send_and_check_auth_rule_request(
        looper,
        sdk_pool_handle,
        sdk_wallet_trustee,
        auth_action=EDIT_PREFIX,
        auth_type=ATTRIB,
        field='*',
        new_value='*',
        old_value='*',
        constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)

    # We still can add, but cannot edit attrib
    data = dict()
    data['b'] = {'John': 'Snow'}
    data = json.dumps(data)
    sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
                                data, did_cl)

    with pytest.raises(RequestRejectedException) as e:
        sdk_add_attribute_and_check(looper, sdk_pool_handle,
                                    sdk_wallet_endorser, data, did_cl)
    e.match('Not enough STEWARD signatures')

    sdk_send_and_check_auth_rule_request(
        looper,
        sdk_pool_handle,
        sdk_wallet_trustee,
        auth_action=ADD_PREFIX,
        auth_type=ATTRIB,
        field='*',
        new_value='*',
        constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
    # We cannot add or edit attrib
    data = dict()
    data['c'] = {'John': 'Snow'}
    data = json.dumps(data)
    with pytest.raises(RequestRejectedException) as e:
        sdk_add_attribute_and_check(looper, sdk_pool_handle,
                                    sdk_wallet_endorser, data, did_cl)
    e.match('Not enough STEWARD signatures')

    with pytest.raises(RequestRejectedException) as e:
        sdk_add_attribute_and_check(looper, sdk_pool_handle,
                                    sdk_wallet_endorser, data, did_cl)
    e.match('Not enough STEWARD signatures')
def set_attrib_auth_to_none(looper, sdk_wallet_trustee, sdk_pool_handle):
    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_pool_handle,
                                         sdk_wallet_trustee,
                                         auth_action=ADD_PREFIX,
                                         auth_type=ATTRIB,
                                         field='*',
                                         new_value='*',
                                         constraint=AuthConstraint(
                                             role='*',
                                             sig_count=1,
                                             need_to_be_owner=True).as_dict)

    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_pool_handle,
                                         sdk_wallet_trustee,
                                         auth_action=EDIT_PREFIX,
                                         auth_type=ATTRIB,
                                         field='*',
                                         new_value='*',
                                         old_value='*',
                                         constraint=AuthConstraint(
                                             role='*',
                                             sig_count=1,
                                             need_to_be_owner=True).as_dict)
def test_authorize_with_or_constraint_with_one_fail(composite_authorizer,
                                                    req_auth):
    composite_authorizer.authorize(
        req_auth,
        AuthConstraintOr([
            AuthConstraint("SomeRole", 1),
            AuthConstraint("SomeOtherRole", 1)
        ]), None)
Example #17
0
def constraints():
    role_constraints = [
        AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
        AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
    ]
    and_constraint = AuthConstraintAnd(role_constraints)
    or_constraint = AuthConstraintOr(role_constraints)
    return role_constraints[0], and_constraint, or_constraint
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth):
    with pytest.raises(AuthValidationError):
        composite_authorizer.authorize(
            req_auth,
            AuthConstraintAnd([
                AuthConstraint("SomeRole", 1),
                AuthConstraint("SomeOtherRole", 1)
            ]), None)
Example #19
0
def test_str_for_auth_constraint_and():
    constraint = AuthConstraintAnd([
        AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
        AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
    ])
    assert str(constraint) == '1 TRUSTEE signature is required and needs to be owner ' \
                              'AND ' \
                              '1 STEWARD signature is required and needs to be owner'
Example #20
0
def auth_map(action_add, action_edit):
    """
    action_ids:
    for add: "ADD--SomeType--some_field--*--new_value"
    for edit: "EDIT--SomeType--some_field--old_value--new_value"
    """
    return {action_add.get_action_id(): AuthConstraint(role=STEWARD,
                                                       sig_count=3),
            action_edit.get_action_id(): AuthConstraint(role=STEWARD,
                                                        sig_count=2)}
Example #21
0
def test_plugin_or_rule_all_amount_trustee_no_endorser(
        write_auth_req_validator, write_request_validation, signatures,
        is_owner, amount):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraint(role=TRUSTEE,
                       sig_count=1,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: '1'}),
        AuthConstraint(role=STEWARD,
                       sig_count=1,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: '2'}),
        AuthConstraint(role=ENDORSER,
                       sig_count=1,
                       need_to_be_owner=True,
                       metadata={PLUGIN_FIELD: '3'}),
    ]),
             valid_actions=[
                 Action(author=TRUSTEE,
                        endorser=None,
                        sigs={TRUSTEE: s},
                        is_owner=owner,
                        amount=1,
                        extra_sigs=True) for s in range(1, 4)
                 for owner in [True, False]
             ] + [
                 Action(author=TRUSTEE,
                        endorser=None,
                        sigs={
                            TRUSTEE: s1,
                            STEWARD: s2
                        },
                        is_owner=owner,
                        amount=2,
                        extra_sigs=True) for s1 in range(1, 4)
                 for s2 in range(1, 4) for owner in [True, False]
             ] + [
                 Action(author=TRUSTEE,
                        endorser=None,
                        sigs={
                            TRUSTEE: s1,
                            ENDORSER: s2
                        },
                        is_owner=True,
                        amount=3,
                        extra_sigs=True) for s1 in range(1, 4)
                 for s2 in range(1, 4)
             ],
             author=TRUSTEE,
             endorser=None,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Example #22
0
def test_auth_rule_for_enc_attrib_works(looper,
                                        sdk_wallet_trustee,
                                        sdk_pool_handle,
                                        sdk_user_wallet_a,
                                        sdk_wallet_trust_anchor):
    _, did_cl = sdk_user_wallet_a

    set_attrib_auth_to_none(looper, sdk_wallet_trustee, sdk_pool_handle)

    # We can add and modify attribs
    data = secretBox.encrypt(json.dumps({'name': 'Jaime'}).encode()).hex()
    sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)

    sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)

    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_wallet_trustee,
                                         sdk_pool_handle,
                                         auth_action=EDIT_PREFIX,
                                         auth_type=ATTRIB,
                                         field='*',
                                         new_value='*',
                                         old_value='*',
                                         constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)

    # We still can add, but cannot edit attrib
    data = secretBox.encrypt(json.dumps({'name': 'Cersei'}).encode()).hex()

    sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)

    with pytest.raises(RequestRejectedException) as e:
        sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
    e.match('Not enough STEWARD signatures')

    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_wallet_trustee,
                                         sdk_pool_handle,
                                         auth_action=ADD_PREFIX,
                                         auth_type=ATTRIB,
                                         field='*',
                                         new_value='*',
                                         constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
    # We cannot add or edit attrib
    data = secretBox.encrypt(json.dumps({'name': 'Tywin'}).encode()).hex()

    with pytest.raises(RequestRejectedException) as e:
        sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
    e.match('Not enough STEWARD signatures')

    with pytest.raises(RequestRejectedException) as e:
        sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
    e.match('Not enough STEWARD signatures')
def test_plugin_simple_rule_1_sig_trustee_endorser(write_auth_req_validator,
                                                   write_request_validation,
                                                   signatures, is_owner,
                                                   amount):
    validate(auth_constraint=AuthConstraint(role=ENDORSER,
                                            sig_count=1,
                                            need_to_be_owner=True,
                                            metadata={PLUGIN_FIELD: 2}),
             valid_actions=[
                 Action(author=TRUSTEE,
                        endorser=ENDORSER,
                        sigs={
                            TRUSTEE: s2,
                            ENDORSER: s3
                        },
                        is_owner=True,
                        amount=2,
                        extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
                 for s2 in range(1, MAX_SIG_COUNT + 1)
                 for s3 in range(1, MAX_SIG_COUNT + 1)
             ],
             author=TRUSTEE,
             endorser=ENDORSER,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Example #24
0
def test_str_any_7_off_ledger_sig():
    constraint = AuthConstraint(role='*',
                                sig_count=7,
                                off_ledger_signature=True)
    assert str(
        constraint
    ) == '7 signatures of any role (off-ledger included) are required'
 def get_changed_auth_rule(self):
     constraint = AuthConstraint(role=TRUSTEE,
                                 sig_count=1,
                                 need_to_be_owner=False)
     params = self._generate_auth_rule_params(constraint)
     return build_auth_rule_request_json(self.looper,
                                         self.trustee_wallet[1], **params)
def test_plugin_simple_rule_0_sig_trustee_endorser(write_auth_req_validator,
                                                   write_request_validation,
                                                   signatures, is_owner,
                                                   off_ledger_signature,
                                                   amount):
    validate(auth_constraint=AuthConstraint(
        role='*',
        sig_count=0,
        need_to_be_owner=False,
        off_ledger_signature=off_ledger_signature,
        metadata={PLUGIN_FIELD: 2}),
             valid_actions=[
                 Action(author=TRUSTEE,
                        endorser=ENDORSER,
                        sigs={ENDORSER: s},
                        is_owner=owner,
                        amount=2,
                        extra_sigs=True) for s in range(1, MAX_SIG_COUNT + 1)
                 for owner in [True, False]
             ],
             author=TRUSTEE,
             endorser=ENDORSER,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_plugin_simple_rule_3_sig_owner_endorser(write_auth_req_validator,
                                                 write_request_validation,
                                                 signatures, is_owner, amount):
    validate(auth_constraint=AuthConstraint(role=TRUSTEE,
                                            sig_count=3,
                                            need_to_be_owner=False,
                                            metadata={PLUGIN_FIELD: 2}),
             valid_actions=[
                 Action(author=IDENTITY_OWNER,
                        endorser=ENDORSER,
                        sigs={
                            TRUSTEE: 3,
                            IDENTITY_OWNER: s1,
                            ENDORSER: s2
                        },
                        is_owner=owner,
                        amount=2,
                        extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
                 for s2 in range(1, MAX_SIG_COUNT + 1)
                 for owner in [True, False]
             ],
             author=IDENTITY_OWNER,
             endorser=ENDORSER,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_plugin_simple_rule_1_sig_all_roles_owner_endorser(
        write_auth_req_validator, write_request_validation, signatures,
        is_owner, off_ledger_signature, amount):
    validate(auth_constraint=AuthConstraint(
        role='*',
        sig_count=1,
        need_to_be_owner=True,
        off_ledger_signature=off_ledger_signature,
        metadata={PLUGIN_FIELD: 2}),
             valid_actions=[
                 Action(author=IDENTITY_OWNER,
                        endorser=ENDORSER,
                        sigs={
                            IDENTITY_OWNER: s1,
                            ENDORSER: s2
                        },
                        is_owner=True,
                        amount=2,
                        extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
                 for s2 in range(1, MAX_SIG_COUNT + 1)
             ],
             author=IDENTITY_OWNER,
             endorser=ENDORSER,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_use_modified_rules_from_uncommitted(looper, txnPoolNodeSet,
                                             sdk_wallet_trustee,
                                             sdk_wallet_steward,
                                             sdk_pool_handle):
    node_stashers = [n.nodeIbStasher for n in txnPoolNodeSet]
    wh, _ = sdk_wallet_trustee
    new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
    changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
    with delay_rules(node_stashers, cDelay()):
        r_auth = sdk_send_and_check_auth_rule_request(
            looper,
            sdk_pool_handle,
            sdk_wallet_trustee,
            auth_action=ADD_PREFIX,
            auth_type=NYM,
            field=ROLE,
            new_value=STEWARD,
            old_value=None,
            constraint=changed_constraint.as_dict,
            no_wait=True)
        looper.runFor(waits.expectedPrePrepareTime(len(txnPoolNodeSet)))
        r_add_steward = sdk_add_new_nym(looper,
                                        sdk_pool_handle,
                                        sdk_wallet_steward,
                                        'newSteward2',
                                        STEWARD_STRING,
                                        dest=new_steward_did,
                                        verkey=new_steward_verkey,
                                        no_wait=True)

    sdk_get_and_check_replies(looper, [r_auth])
    sdk_get_and_check_replies(looper, [r_add_steward])
Example #30
0
def test_role_authorizer_off_ledger_signature_pass(idr_cache, req_auth):
    authorizer = RolesAuthorizer(cache=idr_cache)
    req_auth._identifier = 'id_off_ledger'
    authorized, reason = authorizer.authorize(
        req_auth,
        AuthConstraint(role='*', sig_count=1, off_ledger_signature=True))
    assert authorized