def two_requests(looper, sdk_wallet_steward):
wh, did = sdk_wallet_steward
op = {TXN_TYPE: AUCTION_START, DATA: {'id': 'xyz'}}
req1 = sdk_gen_request(op,
protocol_version=CURRENT_PROTOCOL_VERSION,
identifier=did).as_dict
field = list(PLUGIN_CLIENT_REQUEST_FIELDS.keys())[0]
req1[field] = 'x' * 10
req2 = copy.deepcopy(req1)
req2[field] = 'z' * 10
req1 = sdk_multisign_request_object(looper, sdk_wallet_steward,
json.dumps(req1))
req_obj1 = Request(**json.loads(req1))
req2 = sdk_multisign_request_object(looper, sdk_wallet_steward,
json.dumps(req2))
req_obj2 = Request(**json.loads(req2))
assert req_obj1.payload_digest == req_obj2.payload_digest
assert req_obj1.digest != req_obj2.digest
return req1, req2
def test_create_did_without_endorser_sig_count_2_one_on_ledger(
looper, txnPoolNodeSet, nym_txn_data, sdk_pool_handle,
sdk_wallet_trustee):
change_auth_rule(looper,
sdk_pool_handle,
sdk_wallet_trustee,
constraint=AuthConstraint(role='*',
sig_count=2,
off_ledger_signature=True))
wh, alias, sender_did, sender_verkey = nym_txn_data
nym_request = looper.loop.run_until_complete(
build_nym_request(sender_did, sender_did, sender_verkey, alias,
NEW_ROLE))
nym_request = sdk_multisign_request_object(looper, (wh, sender_did),
nym_request)
nym_request = sdk_multisign_request_object(looper, sdk_wallet_trustee,
nym_request)
request_couple = sdk_send_signed_requests(sdk_pool_handle,
[nym_request])[0]
sdk_get_and_check_replies(looper, [request_couple])
details = get_nym_details(txnPoolNodeSet[0].states[1],
sender_did,
is_committed=True)
assert details[ROLE] == NEW_ROLE
assert details[VERKEY] == sender_verkey
def test_both_author_and_endorser_must_sign(looper, sdk_pool_handle, sdk_wallet_trustee, sdk_wallet_endorser):
'''
Both author and endorser must sign the request even if the author can send the request without Endorser
'''
req_json = sdk_build_schema_request(looper, sdk_wallet_trustee,
["attr1", "attr2"], "name1", "2.0")
req_json = sdk_append_request_endorser(looper, req_json, sdk_wallet_endorser[1])
# sign by Author only
req_json_author_only = sdk_multisign_request_object(looper, sdk_wallet_trustee, req_json)
with pytest.raises(RequestNackedException):
request_couple = sdk_send_signed_requests(sdk_pool_handle, [req_json_author_only])[0]
sdk_get_and_check_replies(looper, [request_couple])
# sign by Endorser only
req_json_endorser_only = sdk_multisign_request_object(looper, sdk_wallet_endorser, req_json)
with pytest.raises(RequestNackedException):
request_couple = sdk_send_signed_requests(sdk_pool_handle, [req_json_endorser_only])[0]
sdk_get_and_check_replies(looper, [request_couple])
# sign by both
req_json_both = sdk_multisign_request_object(looper, sdk_wallet_trustee, req_json)
req_json_both = sdk_multisign_request_object(looper, sdk_wallet_endorser, req_json_both)
request_couple = sdk_send_signed_requests(sdk_pool_handle, [req_json_both])[0]
sdk_get_and_check_replies(looper, [request_couple])
def test_old_txn_metadata_multisig_digest_fallback(looper, sdk_wallet_client, sdk_wallet_client2):
# Create signed request and convert to legacy txn
req_str = json.dumps(sdk_random_request_objects(1, CURRENT_PROTOCOL_VERSION, sdk_wallet_client[1])[0].as_dict)
req_str = sdk_multisign_request_object(looper, sdk_wallet_client, req_str)
req_str = sdk_multisign_request_object(looper, sdk_wallet_client2, req_str)
req = deserialize_req(req_str)
txn = req_to_legacy_txn(req_str)
# Check that digests still can be extracted correctly
assert get_payload_digest(txn) == req.payload_digest
assert get_digest(txn) == None
def test_second_digest_is_written(
looper, txnPoolNodeSet, sdk_pool_handle, sdk_wallet_stewards):
req = json.dumps(sdk_random_request_objects(1, CURRENT_PROTOCOL_VERSION, sdk_wallet_stewards[0][1])[0].as_dict)
req = sdk_multisign_request_object(looper, sdk_wallet_stewards[0], req)
req = sdk_multisign_request_object(looper, sdk_wallet_stewards[1], req)
sdk_get_and_check_replies(looper, sdk_send_signed_requests(sdk_pool_handle, [req]))
req = Request(**json.loads(req))
ledger_id, _ = txnPoolNodeSet[0].seqNoDB.get_by_payload_digest(req.payload_digest)
assert ledger_id == DOMAIN_LEDGER_ID
payload_digest = txnPoolNodeSet[0].seqNoDB.get_by_full_digest(req.digest)
assert payload_digest == req.payload_digest
def two_requests(looper, op, sdk_wallet_stewards):
wh, did = sdk_wallet_stewards[0]
req = json.dumps(sdk_gen_request(op, protocol_version=CURRENT_PROTOCOL_VERSION,
identifier=did).as_dict)
req1 = sdk_multisign_request_object(looper, sdk_wallet_stewards[0], req)
req_obj1 = Request(**json.loads(req1))
req2 = sdk_multisign_request_object(looper, sdk_wallet_stewards[1], req1)
req_obj2 = Request(**json.loads(req2))
assert req_obj1.payload_digest == req_obj2.payload_digest
assert req_obj1.digest != req_obj2.digest
return req1, req2
def test_request_with_incorrect_multisig_signatures(looper, sdk_pool_handle, sdk_wallet_client, sdk_wallet_client2):
req = sdk_random_request_objects(1, identifier=sdk_wallet_client[1], protocol_version=CURRENT_PROTOCOL_VERSION)[0]
req = sdk_multisign_request_object(looper, sdk_wallet_client, json.dumps(req.as_dict))
req = deserialize_req(req)
req.signatures[req.identifier] = 'garbage'
multisig_req = sdk_multisign_request_object(looper, sdk_wallet_client2, json.dumps(req.as_dict))
rep1 = sdk_send_signed_requests(sdk_pool_handle, [multisig_req])
invalid_signatures = 'did={}, signature={}'.format(req.identifier, req.signatures[req.identifier])
expected_error_message = 'Reason: client request invalid: {}'.\
format(InsufficientCorrectSignatures.reason.format(2, 1, 1, invalid_signatures))
with pytest.raises(RequestNackedException, match=expected_error_message):
sdk_get_and_check_replies(looper, rep1)
def test_endorser_not_required_when_two_trustee_sigs(looper, sdk_pool_handle,
sdk_wallet_trustee_list):
change_new_schema_auth_rule(looper,
sdk_pool_handle,
sdk_wallet_trustee_list[0],
constraint=AuthConstraint(role=TRUSTEE,
sig_count=2))
req_json = sdk_build_schema_request(looper, sdk_wallet_trustee_list[1],
["attr1", "attr2"], "name4", "5.0")
# sign by both
req_json = sdk_multisign_request_object(looper, sdk_wallet_trustee_list[1],
req_json)
req_json = sdk_multisign_request_object(looper, sdk_wallet_trustee_list[2],
req_json)
request_couple = sdk_send_signed_requests(sdk_pool_handle, [req_json])[0]
sdk_get_and_check_replies(looper, [request_couple])
def test_endorser_required_when_multi_sig_with_off_ledger_signature(
looper, txnPoolNodeSet, sdk_wallet_client, sdk_pool_handle,
sdk_wallet_trustee, sdk_wallet_endorser):
change_new_did_auth_rule(looper,
sdk_pool_handle,
sdk_wallet_trustee,
constraint=AuthConstraint(
role='*',
sig_count=2,
off_ledger_signature=True))
new_did, verkey = \
looper.loop.run_until_complete(
create_and_store_my_did(sdk_wallet_client[0], json.dumps({'seed': randomString(32)})))
sdk_wallet_new_client = (sdk_wallet_client[0], new_did)
nym_request = looper.loop.run_until_complete(
build_nym_request(new_did, new_did, verkey, None, IDENTITY_OWNER))
# can not send without Endorser
with pytest.raises(
RequestRejectedException,
match=
"'Endorser' field must be explicitly set for the endorsed transaction"
):
signed_req = sdk_multisign_request_object(looper,
sdk_wallet_new_client,
nym_request)
signed_req = sdk_multisign_request_object(looper, sdk_wallet_endorser,
signed_req)
request_couple = sdk_send_signed_requests(sdk_pool_handle,
[signed_req])[0]
sdk_get_and_check_replies(looper, [request_couple])
# can send with Endorser
sdk_submit_and_check_by_endorser(looper,
sdk_pool_handle,
sdk_wallet_author=sdk_wallet_new_client,
sdk_wallet_endorser=sdk_wallet_endorser,
request_json=nym_request)
details = get_nym_details(txnPoolNodeSet[0].states[1],
new_did,
is_committed=True)
assert details[ROLE] == IDENTITY_OWNER
assert details[VERKEY] == verkey
def sdk_submit_and_check_by_endorser(looper, sdk_pool_handle,
sdk_wallet_author, sdk_wallet_endorser,
request_json):
_, endorser_did = sdk_wallet_endorser
# 1. append Endorser field
request_json = sdk_append_request_endorser(looper, request_json,
endorser_did)
# 2. sign by both Author and Endorser
request_json = sdk_multisign_request_object(looper, sdk_wallet_author,
request_json)
request_json = sdk_multisign_request_object(looper, sdk_wallet_endorser,
request_json)
# 3. submit by Endorser
request_couple = sdk_send_signed_requests(sdk_pool_handle,
[request_json])[0]
sdk_get_and_check_replies(looper, [request_couple])
def test_endorser_field_must_be_explicit(looper, sdk_pool_handle,
sdk_wallet_new_client,
sdk_wallet_endorser):
req_json = sdk_build_schema_request(looper, sdk_wallet_new_client,
["attr1", "attr2"], "name2", "3.0")
# Do not append Endorser field!
# sign by both Author and Endorser
req_json = sdk_multisign_request_object(looper, sdk_wallet_new_client,
req_json)
req_json = sdk_multisign_request_object(looper, sdk_wallet_endorser,
req_json)
with pytest.raises(
RequestRejectedException,
match=
"'Endorser' field must be explicitly set for the endorsed transaction"
):
request_couple = sdk_send_signed_requests(sdk_pool_handle,
[req_json])[0]
sdk_get_and_check_replies(looper, [request_couple])
def test_seq_no_db_multisigned_request(looper, node, sdk_wallet_client,
sdk_wallet_client2):
# Create signed request and write it to ledger
req = sdk_random_request_objects(
1,
identifier=sdk_wallet_client[1],
protocol_version=CURRENT_PROTOCOL_VERSION)[0]
req = sdk_multisign_request_object(looper, sdk_wallet_client,
json.dumps(req.as_dict))
req = deserialize_req(req)
write_request(node, req)
# Make sure sending request again will return REPLY
rep = node.getReplyFromLedgerForRequest(req)
assert isinstance(rep, Reply)
# Make sure sending request with additional signature will return NACK
multisig_req = sdk_multisign_request_object(looper, sdk_wallet_client2,
json.dumps(req.as_dict))
multisig_req = deserialize_req(multisig_req)
rep = node.getReplyFromLedgerForRequest(multisig_req)
assert isinstance(rep, RequestNack)
