[FAB-14147] TokenOwner Validation

Outputs' owners in an issue must be valid.

Change-Id: I7732356e3a8aaad3b0d52339bf2b3fa350c5966f
Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

Author: adecaro

token/tms/manager/validator_test.go

@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 package manager_test
 
 import (
+	"github.com/hyperledger/fabric/protos/token"
 	mockid "github.com/hyperledger/fabric/token/identity/mock"
 	"github.com/hyperledger/fabric/token/tms/manager"
 	. "github.com/onsi/ginkgo"
@@ -20,6 +21,7 @@ var _ = Describe("AllIssuingValidator", func() {
 		fakeIdentityDeserializer *mockid.Deserializer
 		fakeIdentity             *mockid.Identity
 		policyValidator          *manager.AllIssuingValidator
+		tokenOwnerValidator      *manager.FabricTokenOwnerValidator
 	)
 
 	BeforeEach(func() {
@@ -30,6 +32,9 @@ var _ = Describe("AllIssuingValidator", func() {
 		policyValidator = &manager.AllIssuingValidator{
 			Deserializer: fakeIdentityDeserializer,
 		}
+		tokenOwnerValidator = &manager.FabricTokenOwnerValidator{
+			Deserializer: fakeIdentityDeserializer,
+		}
 	})
 
 	Describe("Validate", func() {
@@ -76,4 +81,56 @@ var _ = Describe("AllIssuingValidator", func() {
 		})
 
 	})
+
+	Describe("Token Owner Validation", func() {
+
+		Context("when owner is valid", func() {
+			BeforeEach(func() {
+				fakeIdentityDeserializer.DeserializeIdentityReturns(fakeIdentity, nil)
+			})
+			It("returns nil", func() {
+				err := tokenOwnerValidator.Validate(&token.TokenOwner{Type: token.TokenOwner_MSP_IDENTIFIER, Raw: []byte{0, 1, 2, 3}})
+				Expect(err).ToNot(HaveOccurred())
+			})
+		})
+
+		Context("when owner is nil", func() {
+			It("returns no error", func() {
+				err := tokenOwnerValidator.Validate(nil)
+				Expect(err).To(MatchError("identity cannot be nil"))
+			})
+		})
+
+		Context("when owner has an invalid type", func() {
+			It("returns no error", func() {
+				err := tokenOwnerValidator.Validate(&token.TokenOwner{Type: 2})
+				Expect(err).To(MatchError("identity's type '2' not recognized"))
+			})
+		})
+
+		Context("when the owner cannot be deserialized", func() {
+			BeforeEach(func() {
+				fakeIdentityDeserializer.DeserializeIdentityReturns(nil, errors.New("Deserialize, no-way-man"))
+			})
+
+			It("returns an error", func() {
+				err := tokenOwnerValidator.Validate(&token.TokenOwner{Type: token.TokenOwner_MSP_IDENTIFIER, Raw: []byte{0, 1, 2, 3}})
+				Expect(err.Error()).To(BeEquivalentTo("identity [0x7261773a225c3030305c3030315c3030325c3030332220] cannot be deserialised: Deserialize, no-way-man"))
+			})
+		})
+
+		Context("when identity validation fail", func() {
+			BeforeEach(func() {
+				fakeIdentity.ValidateReturns(errors.New("Validate, no-way-man"))
+				fakeIdentityDeserializer.DeserializeIdentityReturns(fakeIdentity, nil)
+			})
+
+			It("returns an error", func() {
+				err := tokenOwnerValidator.Validate(&token.TokenOwner{Type: token.TokenOwner_MSP_IDENTIFIER, Raw: []byte{0, 1, 2, 3}})
+				Expect(err.Error()).To(BeEquivalentTo("identity [0x7261773a225c3030305c3030315c3030325c3030332220] cannot be validated: Validate, no-way-man"))
+			})
+
+		})
+
+	})
 })

token/tms/plain/verifier.go

@@ -8,7 +8,6 @@ package plain
 
 import (
 	"bytes"
-	"encoding/hex"
 	"fmt"
 	"strconv"
 	"strings"
@@ -111,8 +110,9 @@ func (v *Verifier) checkImportOutputs(outputs []*token.PlainOutput, txID string,
 			return &customtx.InvalidTxError{Msg: fmt.Sprintf("output %d quantity is 0 in transaction: %s", i, txID)}
 		}
 
-		if output.Owner == nil {
-			return &customtx.InvalidTxError{Msg: fmt.Sprintf("missing owner in output for txID '%s'", txID)}
+		err = v.TokenOwnerValidator.Validate(output.Owner)
+		if err != nil {
+			return &customtx.InvalidTxError{Msg: fmt.Sprintf("invalid owner in output for txID '%s', err '%s'", txID, err)}
 		}
 	}
 	return nil
@@ -142,8 +142,6 @@ func (v *Verifier) checkRedeemAction(creator identity.PublicInfo, redeemAction *
 
 	// if output[1] presents, its owner must be same as the creator
 	if len(outputs) == 2 && !bytes.Equal(creator.Public(), outputs[1].Owner.Raw) {
-		println(hex.EncodeToString(creator.Public()))
-		println(hex.EncodeToString(outputs[1].Owner.Raw))
 		return &customtx.InvalidTxError{Msg: fmt.Sprintf("wrong owner for remaining tokens, should be original owner %s, but got %s", creator.Public(), outputs[1].Owner.Raw)}
 	}
 

token/tms/plain/verifier_test.go

@@ -199,7 +199,19 @@ var _ = Describe("Verifier", func() {
 
 			It("returns an InvalidTxError", func() {
 				err := verifier.ProcessTx(importTxID, fakePublicInfo, importTransaction, memoryLedger)
-				Expect(err).To(Equal(&customtx.InvalidTxError{Msg: fmt.Sprintf("missing owner in output for txID '%s'", importTxID)}))
+				Expect(err).To(Equal(&customtx.InvalidTxError{Msg: fmt.Sprintf("invalid owner in output for txID '%s', err 'owner is nil'", importTxID)}))
+			})
+		})
+
+		Context("when an output has empty owner", func() {
+			BeforeEach(func() {
+				importTransaction.GetPlainAction().GetPlainImport().Outputs[0].Owner = &token.TokenOwner{}
+				importTxID = "no-owner-id"
+			})
+
+			It("returns an InvalidTxError", func() {
+				err := verifier.ProcessTx(importTxID, fakePublicInfo, importTransaction, memoryLedger)
+				Expect(err).To(Equal(&customtx.InvalidTxError{Msg: fmt.Sprintf("invalid owner in output for txID '%s', err 'raw is empty'", importTxID)}))
 			})
 		})
 
@@ -935,7 +947,8 @@ func (TestTokenOwnerValidator) Validate(owner *token.TokenOwner) error {
 	}
 
 	if len(owner.Raw) == 0 {
-		return errors.New("raw is emptyr")
+		return errors.New("raw is empty")
 	}
+
 	return nil
 }