def testGeneratedRequestSequencing(tdir_for_func): """ Request ids must be generated in an increasing order """ with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet: w = Wallet("test") w.addIdentifier() operation = randomOperation() request = w.signOp(operation) assert request.reqId == 1 request = w.signOp(operation) assert request.reqId == 2 request = w.signOp(randomOperation()) assert request.reqId == 3 idr, _ = w.addIdentifier() request = w.signOp(randomOperation(), idr) assert request.reqId == 1 request = w.signOp(randomOperation()) assert request.reqId == 4
def testGeneratedRequestSequencing(tdir_for_func): """ Request ids must be generated in an increasing order """ with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet: w = Wallet("test") w.addIdentifier() operation = randomOperation() request = w.signOp(operation) assert request.reqId == 1 request = w.signOp(operation) assert request.reqId == 2 request = w.signOp(randomOperation()) assert request.reqId == 3 idr, _ = w.addIdentifier() request = w.signOp(randomOperation(), idr) assert request.reqId == 1 request = w.signOp(randomOperation()) assert request.reqId == 4
def test_wallet_multisig(): wallet = Wallet() idr1, signer1 = wallet.addIdentifier() idr2, signer2 = wallet.addIdentifier() idr3, signer3 = wallet.addIdentifier() authnr = CoreAuthNr() for idr, signer in [(idr1, signer1), (idr2, signer2), (idr3, signer3)]: authnr.addIdr(idr, signer.verkey) def serz(req): return {k: v for k, v in req.as_dict.items() if k not in authnr.excluded_from_signing} op = randomOperation() req = wallet.sign_using_multi_sig(op=op, identifier=idr1) assert len(req.signatures) == 1 req_data = serz(req) assert set(authnr.authenticate_multi(req_data, req.signatures, 1)) == {idr1, } with pytest.raises(InsufficientSignatures): authnr.authenticate_multi(req_data, req.signatures, 2) req = wallet.sign_using_multi_sig(request=req, identifier=idr2) assert len(req.signatures) == 2 req_data = serz(req) assert set(authnr.authenticate_multi(req_data, req.signatures, 2)) == {idr1, idr2} with pytest.raises(InsufficientSignatures): authnr.authenticate_multi(req_data, req.signatures, 3) wallet.do_multi_sig_on_req(req, identifier=idr3) assert len(req.signatures) == 3 req_data = serz(req) assert set(authnr.authenticate_multi(req_data, req.signatures, 3)) == {idr1, idr2, idr3}
def test_make_result_no_protocol_version(looper, txnPoolNodeSet): request = SafeRequest(identifier="1" * 16, reqId=1, operation=randomOperation(), signature="signature") request.protocolVersion = False check_result(txnPoolNodeSet, request, False)
def build_req_multi_signed_by_non_author_only(author_role, non_author_role): return Request( identifier=get_idr_by_role_author(author_role), reqId=1, operation=randomOperation(), signatures={get_idr_by_role_endorser(non_author_role): "sig"}, protocolVersion=CURRENT_PROTOCOL_VERSION)
def build_req_signed_by_author_only(author_role): idr = get_idr_by_role_author(author_role) return Request(identifier=idr, reqId=1, operation=randomOperation(), signature="sig2", protocolVersion=CURRENT_PROTOCOL_VERSION)
def build_req_and_action(action: Action): sig = None sigs = None identifier = IDENTIFIERS[action.author][0] endorser_did = None # if there is only 1 sig from the Author - use `signature` instead of `signatures` if len(action.sigs) == 1 and next(iter(action.sigs.values())) == 1 and next( iter(action.sigs.keys())) == action.author: sig = 'signature' else: sigs = {IDENTIFIERS[role][i]: 'signature' for role, sig_count in action.sigs.items() for i in range(sig_count)} if action.endorser is not None: endorser_did = IDENTIFIERS[action.endorser][0] operation = randomOperation() if action.amount is not None: operation[PLUGIN_FIELD] = action.amount req = Request(identifier=identifier, operation=operation, signature=sig, signatures=sigs, endorser=endorser_did) action = AuthActionAdd(txn_type=req.operation[TYPE], field='some_field', value='new_value', is_owner=action.is_owner) return req, [action]
def test_make_result_no_protocol_version_in_request_by_default( looper, txnPoolNodeSet, client1, client1Connected, wallet1): request = SafeRequest(identifier="1" * 16, reqId=1, operation=randomOperation(), signature="signature") check_result(txnPoolNodeSet, request, client1, False)
async def go(ctx): client1, wallet = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir) # remove the client's ability to sign assert wallet.defaultId ctx.looper.add(client1) await client1.ensureConnectedToNodes() request = wallet.signOp(op=randomOperation()) request.signature = None request = client1.submitReqs(request)[0][0] timeout = waits.expectedClientRequestPropagationTime(nodeCount) with pytest.raises(AssertionError): for node in ctx.nodeset: await eventually(checkLastClientReqForNode, node, request, retryWait=1, timeout=timeout) for n in ctx.nodeset: params = n.spylog.getLastParams(Node.handleInvalidClientMsg) ex = params['ex'] msg, _ = params['wrappedMsg'] assert isinstance(ex, MissingSignature) assert msg.get(f.IDENTIFIER.nm) == request.identifier params = n.spylog.getLastParams(Node.discard) reason = params["reason"] (msg, frm) = params["msg"] assert msg == request.as_dict assert msg.get(f.IDENTIFIER.nm) == request.identifier assert "MissingSignature" in reason
async def go(ctx): client1, wallet = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir) # remove the client's ability to sign assert wallet.defaultId ctx.looper.add(client1) await client1.ensureConnectedToNodes() request = wallet.signOp(op=randomOperation()) request.signature = None request = client1.submitReqs(request)[0] with pytest.raises(AssertionError): for node in ctx.nodeset: await eventually(checkLastClientReqForNode, node, request, retryWait=1, timeout=10) for n in ctx.nodeset: params = n.spylog.getLastParams(Node.handleInvalidClientMsg) ex = params['ex'] _, frm = params['wrappedMsg'] assert isinstance(ex, EmptySignature) assert frm == client1.stackName params = n.spylog.getLastParams(Node.discard) reason = params["reason"] (msg, frm) = params["msg"] assert msg == request.__dict__ assert frm == client1.stackName assert "EmptySignature" in reason
async def go(ctx): client1 = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir) # remove the client's ability to sign assert client1.getSigner() client1.signers[client1.defaultIdentifier] = None assert not client1.getSigner() ctx.looper.add(client1) await client1.ensureConnectedToNodes() operation = randomOperation() request = client1.submit(operation)[0] with pytest.raises(AssertionError): for node in ctx.nodeset: await eventually( checkLastClientReqForNode, node, request, retryWait=1, timeout=10) for n in ctx.nodeset: params = n.spylog.getLastParams(Node.reportSuspiciousClient) frm = params['clientName'] reason = params['reason'] assert frm == client1.name assert isinstance(reason, EmptySignature) params = n.spylog.getLastParams(Node.discard) reason = params["reason"] (msg, frm) = params["msg"] assert msg == request.__dict__ assert frm == client1.name assert isinstance(reason, EmptySignature)
def build_req_and_action(signatures, need_to_be_owner, amount=None): sig = None sigs = None identifier = None if signatures: role = next(iter(signatures.keys())) identifier = IDENTIFIERS[role][0] if len(signatures) == 1 and next(iter(signatures.values())) == 1: sig = 'signature' else: sigs = { IDENTIFIERS[role][i]: 'signature' for role, sig_count in signatures.items() for i in range(sig_count) } operation = randomOperation() if amount is not None: operation[PLUGIN_FIELD] = amount req = Request(identifier=identifier, operation=operation, signature=sig, signatures=sigs) action = AuthActionAdd(txn_type=req.operation[TYPE], field='some_field', value='new_value', is_owner=need_to_be_owner) return req, [action]
async def go(ctx): client1, wallet = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir) # remove the client's ability to sign assert wallet.defaultId ctx.looper.add(client1) await client1.ensureConnectedToNodes() request = wallet.signOp(op=randomOperation()) request.signature = None request = client1.submitReqs(request)[0] with pytest.raises(AssertionError): for node in ctx.nodeset: await eventually( checkLastClientReqForNode, node, request, retryWait=1, timeout=10) for n in ctx.nodeset: params = n.spylog.getLastParams(Node.handleInvalidClientMsg) ex = params['ex'] _, frm = params['wrappedMsg'] assert isinstance(ex, EmptySignature) assert frm == client1.stackName params = n.spylog.getLastParams(Node.discard) reason = params["reason"] (msg, frm) = params["msg"] assert msg == request.__dict__ assert frm == client1.stackName assert "EmptySignature" in reason
def test_make_result_no_protocol_version(looper, txnPoolNodeSet): request = SafeRequest(identifier="1" * 16, reqId=1, operation=randomOperation(), signature="signature", protocolVersion=CURRENT_PROTOCOL_VERSION) request.protocolVersion = None check_result(txnPoolNodeSet, request, False)
def test_make_result_protocol_version_less_than_state_proof( looper, txnPoolNodeSet, client1, client1Connected, wallet1): request = SafeRequest(identifier="1" * 16, reqId=1, operation=randomOperation(), signature="signature") request.protocolVersion = 0 check_result(txnPoolNodeSet, request, client1, False)
def testReplyMatchesRequest(looper, nodeSet, tdir, up): ''' This tests does check following things: - wallet works correctly when used by multiple clients - clients do receive responses for exactly the same request they sent ''' def makeClient(id): client, wallet = genTestClient(nodeSet, tmpdir=tdir, name="client-{}".format(id)) looper.add(client) looper.run(client.ensureConnectedToNodes()) return client, wallet # creating clients numOfClients = 3 numOfRequests = 1 clients = set() sharedWallet = None for i in range(numOfClients): client, wallet = makeClient(i) if sharedWallet is None: sharedWallet = wallet clients.add(client) for i in range(1, numOfRequests + 1): # sending requests requests = {} for client in clients: op = randomOperation() req = sharedWallet.signOp(op) request = client.submitReqs(req)[0] requests[client] = (request.reqId, request.operation['amount']) # checking results for client, (reqId, sentAmount) in requests.items(): looper.run(eventually(checkResponseRecvdFromNodes, client, 2 * nodeCount * i, reqId, retryWait=1, timeout=25)) print("Expected amount for request {} is {}". format(reqId, sentAmount)) replies = [r[0]['result']['amount'] for r in client.inBox if r[0]['op'] == 'REPLY' and r[0]['result']['reqId'] == reqId] assert all(replies[0] == r for r in replies) assert replies[0] == sentAmount
def testReplyMatchesRequest(looper, nodeSet, tdir, up): ''' This tests does check following things: - wallet works correctly when used by multiple clients - clients do receive responses for exactly the same request they sent ''' def makeClient(id): client, wallet = genTestClient(nodeSet, tmpdir=tdir, name="client-{}".format(id)) looper.add(client) looper.run(client.ensureConnectedToNodes()) return client, wallet # creating clients numOfClients = 3 numOfRequests = 1 clients = set() sharedWallet = None for i in range(numOfClients): client, wallet = makeClient(i) if sharedWallet is None: sharedWallet = wallet clients.add(client) for i in range(1, numOfRequests + 1): # sending requests requests = {} for client in clients: op = randomOperation() req = sharedWallet.signOp(op) request = client.submitReqs(req)[0] requests[client] = (request.reqId, request.operation['amount']) # checking results for client, (reqId, sentAmount) in requests.items(): looper.run( eventually(checkResponseRecvdFromNodes, client, nodeCount, reqId, retryWait=1, timeout=25)) print("Expected amount for request {} is {}".format( reqId, sentAmount)) replies = [ r[0]['result']['amount'] for r in client.inBox if r[0]['op'] == 'REPLY' and r[0]['result']['reqId'] == reqId ] assert all(replies[0] == r for r in replies) assert replies[0] == sentAmount
def test_make_result_protocol_version_less_than_state_proof( looper, txnPoolNodeSet): request = SafeRequest(identifier="1" * 16, reqId=1, operation=randomOperation(), signature="signature", protocolVersion=CURRENT_PROTOCOL_VERSION) request.protocolVersion = 0 check_result(txnPoolNodeSet, request, False)
def build_req_multi_signed_by_endorser(author_role, endorser_role=ENDORSER, append_endorser=False): author_idr = get_idr_by_role(author_role) if author_role != IDENTITY_OWNER else "author_no_role" endorser_idr = get_idr_by_role(endorser_role) req = Request(identifier=author_idr, reqId=1, operation=randomOperation(), signatures={endorser_idr: "sig1", author_idr: "sig2"}, protocolVersion=CURRENT_PROTOCOL_VERSION) if append_endorser: req.endorser = endorser_idr return req
def testGeneratedRequestSequencing(tdir_for_func): """ Request ids must be generated in an increasing order """ with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet: cli = genTestClient(nodeSet, tmpdir=tdir_for_func) operation = randomOperation() request = cli.createRequest(operation) assert request.reqId == 1 request = cli.createRequest(operation) assert request.reqId == 2 request = cli.createRequest(randomOperation()) assert request.reqId == 3 cli2 = genTestClient(nodeSet, tmpdir=tdir_for_func) request = cli2.createRequest(operation) assert request.reqId == 1
def testGeneratedRequestSequencing(tdir_for_func): """ Request ids must be generated in an increasing order """ with TestNodeSet(count=4, tmpdir=tdir_for_func) as nodeSet: cli = genTestClient(nodeSet, tmpdir=tdir_for_func) operation = randomOperation() request = cli.createRequest(operation) assert request.reqId == 1 request = cli.createRequest(operation) assert request.reqId == 2 request = cli.createRequest(randomOperation()) assert request.reqId == 3 cli2 = genTestClient(nodeSet, tmpdir=tdir_for_func) request = cli2.createRequest(operation) assert request.reqId == 1
def test_role_authorizer_not_authorize_unknown_nym(idr_cache): authorizer = RolesAuthorizer(cache=idr_cache) unknown_req_auth = Request(identifier="some_unknown_identifier", reqId=2, operation=randomOperation(), signature="signature", protocolVersion=CURRENT_PROTOCOL_VERSION) authorized, reason = authorizer.authorize(unknown_req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "sender's DID {} is not found in the Ledger".format(unknown_req_auth.identifier)
def test_wallet_multisig(): wallet = Wallet() idr1, signer1 = wallet.addIdentifier() idr2, signer2 = wallet.addIdentifier() idr3, signer3 = wallet.addIdentifier() authnr = CoreAuthNr() for idr, signer in [(idr1, signer1), (idr2, signer2), (idr3, signer3)]: authnr.addIdr(idr, signer.verkey) def serz(req): return { k: v for k, v in req.as_dict.items() if k not in authnr.excluded_from_signing } op = randomOperation() request = Request(reqId=Request.gen_req_id(), operation=op, protocolVersion=CURRENT_PROTOCOL_VERSION, identifier=idr1) req = wallet.sign_using_multi_sig(request=request, identifier=idr1) assert len(req.signatures) == 1 req_data = serz(req) assert set(authnr.authenticate_multi(req_data, req.signatures, 1)) == { idr1, } with pytest.raises(InsufficientSignatures): authnr.authenticate_multi(req_data, req.signatures, 2) req = wallet.sign_using_multi_sig(request=req, identifier=idr2) assert len(req.signatures) == 2 req_data = serz(req) assert set(authnr.authenticate_multi(req_data, req.signatures, 2)) == {idr1, idr2} with pytest.raises(InsufficientSignatures): authnr.authenticate_multi(req_data, req.signatures, 3) wallet.do_multi_sig_on_req(req, identifier=idr3) assert len(req.signatures) == 3 req_data = serz(req) assert set(authnr.authenticate_multi(req_data, req.signatures, 3)) == {idr1, idr2, idr3}
async def go(ctx): client1 = genTestClient(ctx.nodeset, tmpdir=ctx.tmpdir) # remove the client's ability to sign assert client1.getSigner() client1.signers[client1.defaultIdentifier] = None assert not client1.getSigner() ctx.looper.add(client1) await client1.ensureConnectedToNodes() operation = randomOperation() request = client1.submit(operation)[0] with pytest.raises(AssertionError): for node in ctx.nodeset: await eventually(checkLastClientReqForNode, node, request, retryWait=1, timeout=10) for n in ctx.nodeset: params = n.spylog.getLastParams(Node.reportSuspiciousClient) frm = params['clientName'] reason = params['reason'] assert frm == client1.name assert isinstance(reason, EmptySignature) params = n.spylog.getLastParams(Node.discard) reason = params["reason"] (msg, frm) = params["msg"] assert msg == request.__dict__ assert frm == client1.name assert isinstance(reason, EmptySignature)
def req(identifier): return Request(identifier=identifier, operation=randomOperation(), signature='signature')
def req_auth(): return Request(identifier="some_identifier", reqId=1, operation=randomOperation(), signature="signature", protocolVersion=CURRENT_PROTOCOL_VERSION)
def req_multi_signed_by_non_author(): return Request(identifier="some_identifier", reqId=1, operation=randomOperation(), signatures={"some_identifier2": "sig"}, protocolVersion=CURRENT_PROTOCOL_VERSION)
def req(identity_owners): return Request(identifier=identity_owners[0], operation=randomOperation())
def request1(): return randomOperation()
def request1(wallet1): op = randomOperation() req = wallet1.signOp(op) return req
def request1(wallet1): op = randomOperation() req = wallet1.signOp(op) return req
def request1(): return randomOperation()