From 7abd8514c81093f02583403fb63d62553e4db393 Mon Sep 17 00:00:00 2001 From: Peter Broadhurst Date: Mon, 16 Jan 2023 15:58:50 +0000 Subject: [PATCH] Verify the default key in all cases Signed-off-by: Peter Broadhurst --- internal/identity/identitymanager.go | 26 +++++----------- internal/identity/identitymanager_test.go | 37 +++++++++++------------ 2 files changed, 26 insertions(+), 37 deletions(-) diff --git a/internal/identity/identitymanager.go b/internal/identity/identitymanager.go index 9ff0e3705c..79eb8f676e 100644 --- a/internal/identity/identitymanager.go +++ b/internal/identity/identitymanager.go @@ -56,13 +56,12 @@ type Manager interface { } type identityManager struct { - database database.Plugin - blockchain blockchain.Plugin // optional - multiparty multiparty.Manager // optional - namespace string - defaultKey string - multipartyRootVerifier *core.VerifierRef - identityCache cache.CInterface + database database.Plugin + blockchain blockchain.Plugin // optional + multiparty multiparty.Manager // optional + namespace string + defaultKey string + identityCache cache.CInterface } func NewIdentityManager(ctx context.Context, ns, defaultKey string, di database.Plugin, bi blockchain.Plugin, mp multiparty.Manager, cacheManager cache.Manager) (Manager, error) { @@ -118,7 +117,7 @@ func (im *identityManager) ResolveInputSigningKey(ctx context.Context, inputKey if im.defaultKey == "" { return "", i18n.NewError(ctx, coremsgs.MsgNodeMissingBlockchainKey) } - + // There is no blockchain plugin defined here, so no additional verification possible, or required return im.defaultKey, nil } @@ -286,21 +285,12 @@ func (im *identityManager) getDefaultVerifier(ctx context.Context) (verifier *co // GetMultipartyRootVerifier gets the blockchain verifier of the root org via the configuration, // resolving it for use as a signing key for the purpose of signing a child identity func (im *identityManager) GetMultipartyRootVerifier(ctx context.Context) (*core.VerifierRef, error) { - if im.multipartyRootVerifier != nil { - return im.multipartyRootVerifier, nil - } - orgKey := im.multiparty.RootOrg().Key if orgKey == "" { return nil, i18n.NewError(ctx, coremsgs.MsgNodeMissingBlockchainKey) } - verifier, err := im.resolveInputKeyViaBlockchainPlugin(ctx, orgKey) - if err != nil { - return nil, err - } - im.multipartyRootVerifier = verifier - return verifier, nil + return im.resolveInputKeyViaBlockchainPlugin(ctx, orgKey) } // resolveInputKeyViaBlockchainPlugin calls the blockchain plugin to resolve an input key string, to the diff --git a/internal/identity/identitymanager_test.go b/internal/identity/identitymanager_test.go index 5e522d58b8..2ee2f452c5 100644 --- a/internal/identity/identitymanager_test.go +++ b/internal/identity/identitymanager_test.go @@ -579,10 +579,10 @@ func TestResolveInputSigningIdentityByOrgVerifierFail(t *testing.T) { } -func TestResolveInputSigningKeyDefault(t *testing.T) { +func TestResolveInputSigningKeyDefaultNoBlockchain(t *testing.T) { ctx, im := newTestIdentityManager(t) - im.blockchain = nil + im.blockchain = nil im.defaultKey = "key123" resolvedKey, err := im.ResolveInputSigningKey(ctx, "", KeyNormalizationBlockchainPlugin) @@ -622,12 +622,15 @@ func TestResolveInputSigningKeyDefaultNoBlockchainInputFallback(t *testing.T) { func TestResolveInputSigningKeyDefaultNoBlockchainDefaultKeyFallback(t *testing.T) { ctx, im := newTestIdentityManager(t) - im.blockchain = nil + im.defaultKey = "key123" + mbi := im.blockchain.(*blockchainmocks.Plugin) + mbi.On("ResolveInputSigningKey", ctx, "key123").Return("fullkey123", nil) + resolvedKey, err := im.ResolveInputSigningKey(ctx, "", KeyNormalizationBlockchainPlugin) assert.NoError(t, err) - assert.Equal(t, "key123", resolvedKey) + assert.Equal(t, "fullkey123", resolvedKey) } func TestResolveInputSigningKeyOrgFallbackOk(t *testing.T) { @@ -741,15 +744,14 @@ func TestFirstVerifierForIdentityNotFound(t *testing.T) { func TestResolveDefaultSigningIdentityNotFound(t *testing.T) { ctx, im := newTestIdentityManager(t) - im.multipartyRootVerifier = &core.VerifierRef{ - Type: core.VerifierTypeEthAddress, - Value: "key12345", - } mbi := im.blockchain.(*blockchainmocks.Plugin) mmp := im.multiparty.(*multipartymocks.Manager) mmp.On("GetNetworkVersion").Return(1) - mmp.On("RootOrg").Return(multiparty.RootOrg{}) + mmp.On("RootOrg").Return(multiparty.RootOrg{ + Key: "key12345", + }) + mbi.On("ResolveInputSigningKey", ctx, "key12345").Return("key12345", nil) mdi := im.database.(*databasemocks.Plugin) mdi.On("GetVerifierByValue", ctx, core.VerifierTypeEthAddress, "ns1", "key12345").Return(nil, nil) @@ -767,10 +769,6 @@ func TestResolveDefaultSigningIdentityNotFound(t *testing.T) { func TestResolveDefaultSigningIdentitySystemFallback(t *testing.T) { ctx, im := newTestIdentityManager(t) - im.multipartyRootVerifier = &core.VerifierRef{ - Type: core.VerifierTypeEthAddress, - Value: "key12345", - } id := &core.Identity{ IdentityBase: core.IdentityBase{ @@ -791,7 +789,8 @@ func TestResolveDefaultSigningIdentitySystemFallback(t *testing.T) { mbi := im.blockchain.(*blockchainmocks.Plugin) mmp := im.multiparty.(*multipartymocks.Manager) mmp.On("GetNetworkVersion").Return(1) - mmp.On("RootOrg").Return(multiparty.RootOrg{Name: "org1"}) + mmp.On("RootOrg").Return(multiparty.RootOrg{Name: "org1", Key: "key12345"}) + mbi.On("ResolveInputSigningKey", ctx, "key12345").Return("key12345", nil) mdi := im.database.(*databasemocks.Plugin) mdi.On("GetVerifierByValue", ctx, core.VerifierTypeEthAddress, "ns1", "key12345").Return(nil, nil) @@ -845,13 +844,13 @@ func TestGetMultipartyRootVerifierNotSet(t *testing.T) { func TestGetMultipartyRootOrgMismatch(t *testing.T) { ctx, im := newTestIdentityManager(t) - im.multipartyRootVerifier = &core.VerifierRef{ - Type: core.VerifierTypeEthAddress, - Value: "fullkey123", - } mmp := im.multiparty.(*multipartymocks.Manager) - mmp.On("RootOrg").Return(multiparty.RootOrg{}) + mmp.On("RootOrg").Return(multiparty.RootOrg{ + Key: "key12345", + }) + mbi := im.blockchain.(*blockchainmocks.Plugin) + mbi.On("ResolveInputSigningKey", ctx, "key12345").Return("fullkey123", nil) orgID := fftypes.NewUUID() mdi := im.database.(*databasemocks.Plugin)