Example #1
0
def test_reject_auth_rule_transaction(looper, sdk_wallet_steward,
                                      sdk_pool_handle):
    with pytest.raises(RequestRejectedException) as e:
        sdk_send_and_check_auth_rule_request(looper, sdk_wallet_steward,
                                             sdk_pool_handle)
    e.match('UnauthorizedClientRequest')
    e.match('can not do this action')
Example #2
0
def test_auth_rule_transaction_with_large_constraint(looper,
                                                     sdk_wallet_trustee,
                                                     sdk_pool_handle):
    constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
                                                            generate_constraint_entity(role=STEWARD)])
    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_wallet_trustee,
                                         sdk_pool_handle,
                                         constraint=constraint)
Example #3
0
def test_reqnack_auth_rule_transaction_with_wrong_key(looper,
                                                      sdk_wallet_trustee,
                                                      sdk_pool_handle):
    with pytest.raises(RequestNackedException) as e:
        sdk_send_and_check_auth_rule_request(looper,
                                             sdk_wallet_trustee,
                                             sdk_pool_handle,
                                             auth_type="*")
    e.match("InvalidClientRequest")
    e.match("is not found in authorization map")
Example #4
0
def test_reqnack_auth_rule_add_transaction_with_wrong_format(
        looper, sdk_wallet_trustee, sdk_pool_handle):
    with pytest.raises(RequestNackedException) as e:
        sdk_send_and_check_auth_rule_request(looper,
                                             sdk_wallet_trustee,
                                             sdk_pool_handle,
                                             old_value="*")
    e.match("InvalidClientRequest")
    e.match("Transaction for change authentication "
            "rule for {}={} must not contain field {}".format(
                AUTH_ACTION, ADD_PREFIX, OLD_VALUE))
Example #5
0
def test_reject_with_unacceptable_role_in_constraint(looper,
                                                     sdk_wallet_trustee,
                                                     sdk_pool_handle):
    constraint = generate_constraint_entity()
    unacceptable_role = 'olololo'
    constraint[ROLE] = unacceptable_role
    with pytest.raises(RequestNackedException) as e:
        sdk_send_and_check_auth_rule_request(looper,
                                             sdk_wallet_trustee,
                                             sdk_pool_handle,
                                             constraint=constraint)
    e.match('InvalidClientRequest')
    e.match('Role {} is not acceptable'.format(unacceptable_role))
Example #6
0
def test_use_modified_rules_from_uncommitted(looper, txnPoolNodeSet,
                                             sdk_wallet_trustee,
                                             sdk_wallet_steward,
                                             sdk_pool_handle):
    node_stashers = [n.nodeIbStasher for n in txnPoolNodeSet]
    wh, _ = sdk_wallet_trustee
    new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
    changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
    with delay_rules(node_stashers, cDelay()):
        r_auth = sdk_send_and_check_auth_rule_request(
            looper,
            sdk_wallet_trustee,
            sdk_pool_handle,
            auth_action=ADD_PREFIX,
            auth_type=NYM,
            field=ROLE,
            new_value=STEWARD,
            old_value=None,
            constraint=changed_constraint.as_dict,
            no_wait=True)
        looper.runFor(waits.expectedPrePrepareTime(len(txnPoolNodeSet)))
        r_add_steward = sdk_add_new_nym(looper,
                                        sdk_pool_handle,
                                        sdk_wallet_steward,
                                        'newSteward2',
                                        STEWARD_STRING,
                                        dest=new_steward_did,
                                        verkey=new_steward_verkey,
                                        no_wait=True)

    sdk_get_and_check_replies(looper, [r_auth])
    sdk_get_and_check_replies(looper, [r_add_steward])
Example #7
0
def test_check_rule_for_add_action_changing(looper, sdk_wallet_trustee,
                                            sdk_wallet_steward,
                                            sdk_pool_handle):
    wh, _ = sdk_wallet_trustee
    did1, verkey1 = create_verkey_did(looper, wh)
    """Adding new steward for old auth rules"""
    sdk_add_new_nym(looper,
                    sdk_pool_handle,
                    sdk_wallet_trustee,
                    'newSteward1',
                    STEWARD_STRING,
                    dest=did1,
                    verkey=verkey1)

    constraint = AuthConstraint(role=STEWARD, sig_count=1)
    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_wallet_trustee,
                                         sdk_pool_handle,
                                         auth_action=ADD_PREFIX,
                                         auth_type=NYM,
                                         field=ROLE,
                                         new_value=STEWARD,
                                         old_value=None,
                                         constraint=constraint.as_dict)

    did2, verkey2 = create_verkey_did(looper, wh)
    with pytest.raises(RequestRejectedException,
                       match="TRUSTEE can not do this action"):
        """Adding new steward for changed auth rules"""
        sdk_add_new_nym(looper,
                        sdk_pool_handle,
                        sdk_wallet_trustee,
                        'newSteward2',
                        STEWARD_STRING,
                        dest=did2,
                        verkey=verkey2)
    """We change auth rules and for now only steward can add new steward"""
    sdk_add_new_nym(looper,
                    sdk_pool_handle,
                    sdk_wallet_steward,
                    'newSteward2',
                    STEWARD_STRING,
                    dest=did2,
                    verkey=verkey2)
Example #8
0
def test_catching_up_auth_rule_txn(looper,
                                   txnPoolNodeSet,
                                   sdk_wallet_trustee,
                                   sdk_wallet_steward,
                                   sdk_pool_handle):
    delayed_node = txnPoolNodeSet[-1]
    wh, _ = sdk_wallet_trustee
    new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
    changed_constraint = AuthConstraint(role=STEWARD,
                                        sig_count=1)
    action = AuthActionAdd(txn_type=NYM,
                           field=ROLE,
                           value=STEWARD)
    with pytest.raises(RequestRejectedException, match="STEWARD can not do this action"):
        sdk_add_new_nym(looper,
                        sdk_pool_handle,
                        sdk_wallet_steward,
                        'newSteward2',
                        STEWARD_STRING,
                        dest=new_steward_did, verkey=new_steward_verkey)
    with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(), pDelay(), ppDelay()):
        sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee,
                                             sdk_pool_handle, auth_action=ADD_PREFIX,
                                             auth_type=action.txn_type, field=action.field,
                                             new_value=action.value, old_value=None,
                                             constraint=changed_constraint.as_dict)
        delayed_node.start_catchup()
        looper.run(eventually(lambda: assertExp(delayed_node.mode == Mode.participating)))
    sdk_add_new_nym(looper,
                    sdk_pool_handle,
                    sdk_wallet_steward,
                    'newSteward2',
                    STEWARD_STRING,
                    dest=new_steward_did, verkey=new_steward_verkey)
    ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
    config_state = delayed_node.states[CONFIG_LEDGER_ID]
    config_req_handler = delayed_node.get_req_handler(CONFIG_LEDGER_ID)
    from_state = config_state.get(action.get_action_id().encode(), isCommitted=True)
    assert changed_constraint == config_req_handler.constraint_serializer.deserialize(from_state)
Example #9
0
def test_check_rule_for_edit_action_changing(looper, sdk_wallet_trustee,
                                             sdk_wallet_steward,
                                             sdk_pool_handle):
    wh, _ = sdk_wallet_trustee
    new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
    """Adding new steward for old auth rules"""
    sdk_add_new_nym(looper,
                    sdk_pool_handle,
                    sdk_wallet_trustee,
                    'newSteward1',
                    STEWARD_STRING,
                    dest=new_steward_did,
                    verkey=new_steward_verkey)

    constraint = AuthConstraint(role=STEWARD, sig_count=1)
    """Change role from steward to '' (blacklisting STEWARD) can only STEWARD"""
    sdk_send_and_check_auth_rule_request(looper,
                                         sdk_wallet_trustee,
                                         sdk_pool_handle,
                                         auth_action=EDIT_PREFIX,
                                         auth_type=NYM,
                                         field=ROLE,
                                         new_value='',
                                         old_value=STEWARD,
                                         constraint=constraint.as_dict)
    op = {'type': '1', 'dest': new_steward_did, 'role': None}
    with pytest.raises(RequestRejectedException,
                       match="TRUSTEE can not do this action"):
        """Blacklisting new steward by TRUSTEE"""
        req = sdk_sign_and_submit_op(looper, sdk_pool_handle,
                                     sdk_wallet_trustee, op)
        sdk_get_and_check_replies(looper, [req])
    """We change auth rules and for now only steward can add new steward"""
    req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_steward,
                                 op)
    sdk_get_and_check_replies(looper, [req])
Example #10
0
def test_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle):
    sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee,
                                         sdk_pool_handle)