Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add servers' signature verification. #24

Merged
merged 1 commit into from
Jul 2, 2021
Merged

Add servers' signature verification. #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions examples/cars/commands/init.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,8 @@ func initUsers(demoDir string, session bcdb.DBSession, logger *logger.SugarLogge
DBPermission: map[string]types.Privilege_Access{CarDBName: 1},
},
}, &types.AccessControl{
ReadWriteUsers: bcdb.UsersMap("admin"),
ReadUsers: bcdb.UsersMap("admin"),
ReadWriteUsers: usersMap("admin"),
ReadUsers: usersMap("admin"),
})
if err != nil {
usersTx.Abort()
Expand Down
9 changes: 4 additions & 5 deletions examples/cars/commands/mint.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"encoding/json"
"fmt"

"github.com/IBM-Blockchain/bcdb-sdk/pkg/bcdb"
"github.com/IBM-Blockchain/bcdb-server/pkg/logger"
"github.com/IBM-Blockchain/bcdb-server/pkg/types"
"github.com/pkg/errors"
Expand Down Expand Up @@ -54,8 +53,8 @@ func MintRequest(demoDir, dealerID, carRegistration string, lg *logger.SugarLogg

err = dataTx.Put(CarDBName, key, recordBytes,
&types.AccessControl{
ReadUsers: bcdb.UsersMap("dmv"),
ReadWriteUsers: bcdb.UsersMap(dealerID),
ReadUsers: usersMap("dmv"),
ReadWriteUsers: usersMap(dealerID),
},
)
if err != nil {
Expand Down Expand Up @@ -146,8 +145,8 @@ func MintApprove(demoDir, dmvID, mintReqRecordKey string, lg *logger.SugarLogger

err = dataTx.Put(CarDBName, carKey, carRecordBytes,
&types.AccessControl{
ReadUsers: bcdb.UsersMap(mintReqRec.Dealer),
ReadWriteUsers: bcdb.UsersMap(dmvID),
ReadUsers: usersMap(mintReqRec.Dealer),
ReadWriteUsers: usersMap(dmvID),
},
)
if err != nil {
Expand Down
13 changes: 6 additions & 7 deletions examples/cars/commands/transafer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"encoding/json"
"fmt"

"github.com/IBM-Blockchain/bcdb-sdk/pkg/bcdb"
"github.com/IBM-Blockchain/bcdb-server/pkg/logger"
"github.com/IBM-Blockchain/bcdb-server/pkg/types"
"github.com/pkg/errors"
Expand Down Expand Up @@ -62,8 +61,8 @@ func TransferTo(demoDir, ownerID, buyerID, carRegistration string, lg *logger.Su
ttRecKey := ttRecord.Key()
err = dataTx.Put(CarDBName, ttRecKey, ttRecBytes,
&types.AccessControl{
ReadUsers: bcdb.UsersMap("dmv", buyerID),
ReadWriteUsers: bcdb.UsersMap(ownerID),
ReadUsers: usersMap("dmv", buyerID),
ReadWriteUsers: usersMap(ownerID),
},
)
if err != nil {
Expand Down Expand Up @@ -152,8 +151,8 @@ func TransferReceive(demoDir, buyerID, carRegistration, transferToRecordKey stri
trRecKey := trRec.Key()

err = dataTx.Put(CarDBName, trRecKey, trRecBytes, &types.AccessControl{
ReadUsers: bcdb.UsersMap("dmv", ttRec.Owner),
ReadWriteUsers: bcdb.UsersMap(buyerID),
ReadUsers: usersMap("dmv", ttRec.Owner),
ReadWriteUsers: usersMap(buyerID),
})
if err != nil {
return "", errors.Wrap(err, "error during data transaction")
Expand Down Expand Up @@ -247,8 +246,8 @@ func Transfer(demoDir, dmvID, transferToRecordKey, transferRcvRecordKey string,

err = dataTx.Put(CarDBName, carKey, recordBytes,
&types.AccessControl{
ReadUsers: bcdb.UsersMap(ttRec.Buyer),
ReadWriteUsers: bcdb.UsersMap(dmvID),
ReadUsers: usersMap(ttRec.Buyer),
ReadWriteUsers: usersMap(dmvID),
},
)
if err != nil {
Expand Down
12 changes: 10 additions & 2 deletions examples/cars/commands/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ import (
"io/ioutil"
"path"

"github.com/golang/protobuf/jsonpb"
"github.com/golang/protobuf/proto"
"github.com/IBM-Blockchain/bcdb-server/pkg/logger"
"github.com/IBM-Blockchain/bcdb-server/pkg/types"
"github.com/golang/protobuf/jsonpb"
"github.com/golang/protobuf/proto"
)

func marshalOrPanic(msg proto.Message) []byte {
Expand Down Expand Up @@ -81,3 +81,11 @@ func loadTxEvidence(demoDir, txID string, lg *logger.SugarLogger) (*types.DataTx

return env, rct, nil
}

func usersMap(users ...string) map[string]bool {
m := make(map[string]bool)
for _, u := range users {
m[u] = true
}
return m
}
9 changes: 3 additions & 6 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOv
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/IBM-Blockchain/bcdb-server v0.0.0-20210609180532-d6c2c4edaed9 h1:pXBFUqoQndojNnTFd1ZgVD6amzmsYHxZogA0xuNLYu0=
github.com/IBM-Blockchain/bcdb-server v0.0.0-20210609180532-d6c2c4edaed9/go.mod h1:3/eL2aR2AxiitHtzet++d1b1kgtmfgHdoezwYXZivwc=
github.com/IBM-Blockchain/bcdb-server v0.0.0-20210617023424-769c72bf3ee7 h1:sxICIV8raTrRCXFNJ3xBQ6SJ/cv6g4TUo4PPveHxbLo=
github.com/IBM-Blockchain/bcdb-server v0.0.0-20210617023424-769c72bf3ee7/go.mod h1:mtuB0GJek4elh+cUs7DGtdsUrzcjX4JJznIeRjcDJko=
github.com/IBM-Blockchain/bcdb-server v0.0.0-20210620090414-7807cc5304c5 h1:F+hv8hDlAvyl0L5vDgtHwp4wxqGUScsBbNGi7VnD/fk=
github.com/IBM-Blockchain/bcdb-server v0.0.0-20210620090414-7807cc5304c5/go.mod h1:mtuB0GJek4elh+cUs7DGtdsUrzcjX4JJznIeRjcDJko=
github.com/IBM-Blockchain/bcdb-server v0.1.0 h1:jp/x3m+l7HroeoO0t4yNKVZaTeAmQOAL3KOWFGmQKGE=
github.com/IBM-Blockchain/bcdb-server v0.1.0/go.mod h1:mtuB0GJek4elh+cUs7DGtdsUrzcjX4JJznIeRjcDJko=
github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
Expand Down Expand Up @@ -157,6 +151,7 @@ github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/gopherjs/gopherjs v0.0.0-20190411002643-bd77b112433e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c h1:7lF+Vz0LqiRidnzC1Oq86fpX1q/iEv2KJdrCtttYjT4=
github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/jsbuiltin v0.0.0-20180426082241-50091555e127/go.mod h1:7X1acUyFRf+oVFTU6SWw9mnb57Vxn+Nbh8iPbKg95hs=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
Expand Down Expand Up @@ -220,6 +215,7 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
Expand Down Expand Up @@ -383,6 +379,7 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7 h1:rTIdg5QFRR7XCaK4LCjBiPbx8j4DQRpdYMnGn/bJUEU=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
Expand Down
36 changes: 23 additions & 13 deletions pkg/bcdb/config_tx_context_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,10 +183,7 @@ func TestConfigTxContext_DeleteAdmin(t *testing.T) {
require.NoError(t, err)

adminCert, _ := testutils.LoadTestClientCrypto(t, clientCryptoDir, "admin")
admin := &types.Admin{
ID: "admin",
Certificate: adminCert.Raw,
}
admin := &types.Admin{ID: "admin", Certificate: adminCert.Raw}

admin2Cert, _ := testutils.LoadTestClientCrypto(t, clientCryptoDir, "admin2")
admin3Cert, _ := testutils.LoadTestClientCrypto(t, clientCryptoDir, "admin3")
Expand Down Expand Up @@ -251,7 +248,7 @@ func TestConfigTxContext_DeleteAdmin(t *testing.T) {

// session1 by removed admin cannot execute additional transactions
tx4, err := session1.ConfigTx()
require.EqualError(t, err, "failed to obtain server's certificate")
require.EqualError(t, err, "error handling request, server returned: status: 401 Unauthorized, message: signature verification failed")
require.Nil(t, tx4)
}

Expand Down Expand Up @@ -317,7 +314,7 @@ func TestConfigTxContext_UpdateAdmin(t *testing.T) {

// session1 by updated admin cannot execute additional transactions, need to recreate session
tx3, err := session1.ConfigTx()
require.EqualError(t, err, "failed to obtain server's certificate")
require.EqualError(t, err, "error handling request, server returned: status: 401 Unauthorized, message: signature verification failed")
require.Nil(t, tx3)

// need to recreate session with new credentials
Expand Down Expand Up @@ -413,13 +410,14 @@ func TestConfigTxContext_DeleteClusterNode(t *testing.T) {
config, err := tx1.GetClusterConfig()
require.NoError(t, err)

id1 := config.Nodes[0].ID
node1 := config.Nodes[0]
node2 := &types.NodeConfig{
ID: "testNode2",
Address: config.Nodes[0].Address,
Port: config.Nodes[0].Port + 1,
Certificate: config.Nodes[0].Certificate,
}
peer1 := config.ConsensusConfig.Members[0]
peer2 := &types.PeerConfig{
NodeId: "testNode2",
RaftId: config.ConsensusConfig.Members[0].RaftId + 1,
Expand All @@ -437,7 +435,19 @@ func TestConfigTxContext_DeleteClusterNode(t *testing.T) {

tx2, err := session1.ConfigTx()
require.NoError(t, err)
err = tx2.DeleteClusterNode(id1)

clusterConfig, err := tx2.GetClusterConfig()
require.NoError(t, err)
require.NotNil(t, clusterConfig)
require.Len(t, clusterConfig.Nodes, 2)
found, index := NodeExists("testNode2", clusterConfig.Nodes)
require.True(t, found)
require.Equal(t, clusterConfig.Nodes[index].Port, node2.Port)
found, index = PeerExists("testNode2", clusterConfig.ConsensusConfig.Members)
require.True(t, found)
require.Equal(t, clusterConfig.ConsensusConfig.Members[index].PeerPort, peer2.PeerPort)

err = tx2.DeleteClusterNode(node2.ID)
require.NoError(t, err)

txID, receipt, err = tx2.Commit(true)
Expand All @@ -449,17 +459,17 @@ func TestConfigTxContext_DeleteClusterNode(t *testing.T) {
// verify tx was successfully committed. "Get" works once per Tx.
tx3, err := session1.ConfigTx()
require.NoError(t, err)
clusterConfig, err := tx3.GetClusterConfig()
clusterConfig, err = tx3.GetClusterConfig()
require.NoError(t, err)
require.NotNil(t, clusterConfig)
require.Len(t, clusterConfig.Nodes, 1)

found, index := NodeExists("testNode2", clusterConfig.Nodes)
found, index = NodeExists("testNode1", clusterConfig.Nodes)
require.True(t, found)
require.Equal(t, clusterConfig.Nodes[index].Port, node2.Port)
found, index = PeerExists("testNode2", clusterConfig.ConsensusConfig.Members)
require.Equal(t, clusterConfig.Nodes[index].Port, node1.Port)
found, index = PeerExists("testNode1", clusterConfig.ConsensusConfig.Members)
require.True(t, found)
require.Equal(t, clusterConfig.ConsensusConfig.Members[index].PeerPort, peer2.PeerPort)
require.Equal(t, clusterConfig.ConsensusConfig.Members[index].PeerPort, peer1.PeerPort)
}

//TODO this test will stop working once we implement quorum rules
Expand Down
Loading