def test_plugin_or_rule_one_amount_diff_roles(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True,
metadata={PLUGIN_FIELD: 1}),
]),
valid_actions=[
({ENDORSER: 1}, False, None),
({ENDORSER: 2}, False, None),
({ENDORSER: 3}, False, None),
({ENDORSER: 1}, True, None),
({ENDORSER: 2}, True, None),
({ENDORSER: 3}, True, None),
({IDENTITY_OWNER: 1}, True, 1),
({IDENTITY_OWNER: 2}, True, 1),
({IDENTITY_OWNER: 3}, True, 1),
],
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_authorize_with_or_constraint_with_one_fail(composite_authorizer,
req_auth):
composite_authorizer.authorize(
req_auth,
AuthConstraintOr(
[AuthConstraint(STEWARD, 1),
AuthConstraint(TRUSTEE, 1)]), None)
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth):
with pytest.raises(AuthValidationError):
composite_authorizer.authorize(
req_auth,
AuthConstraintAnd(
[AuthConstraint(STEWARD, 1),
AuthConstraint(TRUSTEE, 1)]), None)
def test_not_authorized_with_or_constraint(composite_authorizer, req_auth):
with pytest.raises(AuthValidationError):
composite_authorizer.authorize(
req_auth,
AuthConstraintOr(
[AuthConstraint(TRUSTEE, 1),
AuthConstraint(TRUSTEE, 1)]), None)
def test_plugin_or_rule_all_amount(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3}),
]),
valid_actions=[
({TRUSTEE: 1}, False, 1),
({TRUSTEE: 2}, False, 1),
({TRUSTEE: 3}, False, 1),
({TRUSTEE: 1}, True, 1),
({TRUSTEE: 2}, True, 1),
({TRUSTEE: 3}, True, 1),
({STEWARD: 1}, False, 2),
({STEWARD: 2}, False, 2),
({STEWARD: 3}, False, 2),
({STEWARD: 1}, True, 2),
({STEWARD: 2}, True, 2),
({STEWARD: 3}, True, 2),
({ENDORSER: 1}, True, 3),
({ENDORSER: 2}, True, 3),
({ENDORSER: 3}, True, 3),
],
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_plugin_or_error_msg_not_enough_amount_multiple_metadata_fields(write_auth_req_validator):
set_auth_constraint(write_auth_req_validator,
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False,
metadata=OrderedDict([
(PLUGIN_FIELD, 10),
("aaa", "bbb")
]))
]))
req, actions = build_req_and_action(Action(author=STEWARD, endorser=None,
sigs={STEWARD: 1},
is_owner=True,
amount=5,
extra_sigs=False))
with pytest.raises(UnauthorizedClientRequest) as excinfo:
write_auth_req_validator.validate(req, actions)
expected = os.linesep.join([
"Rule for this action is: 1 TRUSTEE signature is required OR 1 STEWARD signature is required with additional metadata new_field 10 aaa bbb",
"Failed checks:",
"Constraint: 1 TRUSTEE signature is required, Error: Not enough TRUSTEE signatures",
"Constraint: 1 STEWARD signature is required with additional metadata new_field 10 aaa bbb, Error: not enough amount in plugin field"
])
assert expected in str(excinfo.value.args[0])
def test_plugin_or_rule_diff_amount_same_role(write_auth_req_validator,
write_request_validation,
signatures, is_owner, amount):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUST_ANCHOR,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=TRUST_ANCHOR,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
]),
valid_actions=[
({
TRUST_ANCHOR: 2
}, True, 2),
({
TRUST_ANCHOR: 3
}, True, 1),
({
TRUST_ANCHOR: 2
}, False, 2),
({
TRUST_ANCHOR: 3
}, False, 1),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_all_roles_owner_no_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, amount, off_ledger_signature):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
AuthConstraint(role='*',
sig_count=1,
need_to_be_owner=True,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: '3'}),
]),
valid_actions=[
Action(author=IDENTITY_OWNER,
endorser=None,
sigs={IDENTITY_OWNER: s},
is_owner=True,
amount=3,
extra_sigs=False) for s in range(1, MAX_SIG_COUNT + 1)
],
author=IDENTITY_OWNER,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_and_rule(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=STEWARD,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2})
]),
valid_actions=[
({
TRUSTEE: 2,
STEWARD: 3
}, False, 2),
({
TRUSTEE: 3,
STEWARD: 3
}, False, 2),
({
TRUSTEE: 2,
STEWARD: 3
}, True, 2),
({
TRUSTEE: 3,
STEWARD: 3
}, True, 2),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_and_or_rule_same_role_trustee_no_endorser(write_auth_req_validator, write_request_validation,
signatures, amount):
validate(
auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False),
AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
]),
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False),
AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
])
]),
valid_actions=[
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3},
is_owner=False, amount=2, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3},
is_owner=False, amount=2, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3},
is_owner=False, amount=None, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3},
is_owner=False, amount=None, extra_sigs=True),
],
author=TRUSTEE, endorser=None,
all_signatures=signatures, is_owner=False, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_plugin_or_rule_one_amount_same_role_endorser_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
AuthConstraint(role=ENDORSER,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'}),
]),
valid_actions=[
Action(author=ENDORSER,
endorser=ENDORSER,
sigs={ENDORSER: s},
is_owner=owner,
amount=amount,
extra_sigs=True) for s in range(1, 4)
for owner in [True, False] for amount in [2, None, 0]
],
author=ENDORSER,
endorser=ENDORSER,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_and_rule_trustee_no_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'}),
AuthConstraint(role=STEWARD,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'})
]),
valid_actions=[
Action(author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: s,
STEWARD: 3
},
is_owner=owner,
amount=2,
extra_sigs=True) for s in range(2, 4)
for owner in [True, False]
],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_diff_roles_owner_no_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 1}),
]),
valid_actions=[
Action(author=IDENTITY_OWNER,
endorser=None,
sigs={IDENTITY_OWNER: 1},
is_owner=True,
amount=1,
extra_sigs=False)
],
author=IDENTITY_OWNER,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_auth_rule_for_raw_attrib_works(looper, sdk_wallet_trustee,
sdk_pool_handle, sdk_user_wallet_a,
sdk_wallet_endorser):
_, did_cl = sdk_user_wallet_a
# We can add and modify attribs
data = dict()
data['a'] = {'John': 'Snow'}
data = json.dumps(data)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
data, did_cl)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
data, did_cl)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
old_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We still can add, but cannot edit attrib
data = dict()
data['b'] = {'John': 'Snow'}
data = json.dumps(data)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
data, did_cl)
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle,
sdk_wallet_endorser, data, did_cl)
e.match('Not enough STEWARD signatures')
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We cannot add or edit attrib
data = dict()
data['c'] = {'John': 'Snow'}
data = json.dumps(data)
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle,
sdk_wallet_endorser, data, did_cl)
e.match('Not enough STEWARD signatures')
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle,
sdk_wallet_endorser, data, did_cl)
e.match('Not enough STEWARD signatures')
def set_attrib_auth_to_none(looper, sdk_wallet_trustee, sdk_pool_handle):
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
constraint=AuthConstraint(
role='*',
sig_count=1,
need_to_be_owner=True).as_dict)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
old_value='*',
constraint=AuthConstraint(
role='*',
sig_count=1,
need_to_be_owner=True).as_dict)
def test_authorize_with_or_constraint_with_one_fail(composite_authorizer,
req_auth):
composite_authorizer.authorize(
req_auth,
AuthConstraintOr([
AuthConstraint("SomeRole", 1),
AuthConstraint("SomeOtherRole", 1)
]), None)
def constraints():
role_constraints = [
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
]
and_constraint = AuthConstraintAnd(role_constraints)
or_constraint = AuthConstraintOr(role_constraints)
return role_constraints[0], and_constraint, or_constraint
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth):
with pytest.raises(AuthValidationError):
composite_authorizer.authorize(
req_auth,
AuthConstraintAnd([
AuthConstraint("SomeRole", 1),
AuthConstraint("SomeOtherRole", 1)
]), None)
def test_str_for_auth_constraint_and():
constraint = AuthConstraintAnd([
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
])
assert str(constraint) == '1 TRUSTEE signature is required and needs to be owner ' \
'AND ' \
'1 STEWARD signature is required and needs to be owner'
def auth_map(action_add, action_edit):
"""
action_ids:
for add: "ADD--SomeType--some_field--*--new_value"
for edit: "EDIT--SomeType--some_field--old_value--new_value"
"""
return {action_add.get_action_id(): AuthConstraint(role=STEWARD,
sig_count=3),
action_edit.get_action_id(): AuthConstraint(role=STEWARD,
sig_count=2)}
def test_plugin_or_rule_all_amount_trustee_no_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '1'}),
AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'}),
AuthConstraint(role=ENDORSER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: '3'}),
]),
valid_actions=[
Action(author=TRUSTEE,
endorser=None,
sigs={TRUSTEE: s},
is_owner=owner,
amount=1,
extra_sigs=True) for s in range(1, 4)
for owner in [True, False]
] + [
Action(author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: s1,
STEWARD: s2
},
is_owner=owner,
amount=2,
extra_sigs=True) for s1 in range(1, 4)
for s2 in range(1, 4) for owner in [True, False]
] + [
Action(author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: s1,
ENDORSER: s2
},
is_owner=True,
amount=3,
extra_sigs=True) for s1 in range(1, 4)
for s2 in range(1, 4)
],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_auth_rule_for_enc_attrib_works(looper,
sdk_wallet_trustee,
sdk_pool_handle,
sdk_user_wallet_a,
sdk_wallet_trust_anchor):
_, did_cl = sdk_user_wallet_a
set_attrib_auth_to_none(looper, sdk_wallet_trustee, sdk_pool_handle)
# We can add and modify attribs
data = secretBox.encrypt(json.dumps({'name': 'Jaime'}).encode()).hex()
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=EDIT_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
old_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We still can add, but cannot edit attrib
data = secretBox.encrypt(json.dumps({'name': 'Cersei'}).encode()).hex()
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
e.match('Not enough STEWARD signatures')
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=ADD_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We cannot add or edit attrib
data = secretBox.encrypt(json.dumps({'name': 'Tywin'}).encode()).hex()
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
e.match('Not enough STEWARD signatures')
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
e.match('Not enough STEWARD signatures')
def test_plugin_simple_rule_1_sig_trustee_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner,
amount):
validate(auth_constraint=AuthConstraint(role=ENDORSER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=TRUSTEE,
endorser=ENDORSER,
sigs={
TRUSTEE: s2,
ENDORSER: s3
},
is_owner=True,
amount=2,
extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
for s2 in range(1, MAX_SIG_COUNT + 1)
for s3 in range(1, MAX_SIG_COUNT + 1)
],
author=TRUSTEE,
endorser=ENDORSER,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_str_any_7_off_ledger_sig():
constraint = AuthConstraint(role='*',
sig_count=7,
off_ledger_signature=True)
assert str(
constraint
) == '7 signatures of any role (off-ledger included) are required'
def get_changed_auth_rule(self):
constraint = AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=False)
params = self._generate_auth_rule_params(constraint)
return build_auth_rule_request_json(self.looper,
self.trustee_wallet[1], **params)
def test_plugin_simple_rule_0_sig_trustee_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner,
off_ledger_signature,
amount):
validate(auth_constraint=AuthConstraint(
role='*',
sig_count=0,
need_to_be_owner=False,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=TRUSTEE,
endorser=ENDORSER,
sigs={ENDORSER: s},
is_owner=owner,
amount=2,
extra_sigs=True) for s in range(1, MAX_SIG_COUNT + 1)
for owner in [True, False]
],
author=TRUSTEE,
endorser=ENDORSER,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_simple_rule_3_sig_owner_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner, amount):
validate(auth_constraint=AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=IDENTITY_OWNER,
endorser=ENDORSER,
sigs={
TRUSTEE: 3,
IDENTITY_OWNER: s1,
ENDORSER: s2
},
is_owner=owner,
amount=2,
extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
for s2 in range(1, MAX_SIG_COUNT + 1)
for owner in [True, False]
],
author=IDENTITY_OWNER,
endorser=ENDORSER,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_simple_rule_1_sig_all_roles_owner_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, off_ledger_signature, amount):
validate(auth_constraint=AuthConstraint(
role='*',
sig_count=1,
need_to_be_owner=True,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=IDENTITY_OWNER,
endorser=ENDORSER,
sigs={
IDENTITY_OWNER: s1,
ENDORSER: s2
},
is_owner=True,
amount=2,
extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
for s2 in range(1, MAX_SIG_COUNT + 1)
],
author=IDENTITY_OWNER,
endorser=ENDORSER,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_use_modified_rules_from_uncommitted(looper, txnPoolNodeSet,
sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
node_stashers = [n.nodeIbStasher for n in txnPoolNodeSet]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
with delay_rules(node_stashers, cDelay()):
r_auth = sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
old_value=None,
constraint=changed_constraint.as_dict,
no_wait=True)
looper.runFor(waits.expectedPrePrepareTime(len(txnPoolNodeSet)))
r_add_steward = sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey,
no_wait=True)
sdk_get_and_check_replies(looper, [r_auth])
sdk_get_and_check_replies(looper, [r_add_steward])
def test_role_authorizer_off_ledger_signature_pass(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
req_auth._identifier = 'id_off_ledger'
authorized, reason = authorizer.authorize(
req_auth,
AuthConstraint(role='*', sig_count=1, off_ledger_signature=True))
assert authorized
