hyperledger · nguyer · Jan 16, 2023 · Jan 16, 2023
@@ -56,13 +56,12 @@ type Manager interface {
 }
 
 type identityManager struct {
-	database               database.Plugin
-	blockchain             blockchain.Plugin  // optional
-	multiparty             multiparty.Manager // optional
-	namespace              string
-	defaultKey             string
-	multipartyRootVerifier *core.VerifierRef
-	identityCache          cache.CInterface
+	database      database.Plugin
+	blockchain    blockchain.Plugin  // optional
+	multiparty    multiparty.Manager // optional
+	namespace     string
+	defaultKey    string
+	identityCache cache.CInterface
 }
 
 func NewIdentityManager(ctx context.Context, ns, defaultKey string, di database.Plugin, bi blockchain.Plugin, mp multiparty.Manager, cacheManager cache.Manager) (Manager, error) {
@@ -118,7 +117,7 @@ func (im *identityManager) ResolveInputSigningKey(ctx context.Context, inputKey
 			if im.defaultKey == "" {
 				return "", i18n.NewError(ctx, coremsgs.MsgNodeMissingBlockchainKey)
 			}
-
+			// There is no blockchain plugin defined here, so no additional verification possible, or required
 			return im.defaultKey, nil
 		}
 
@@ -286,21 +285,12 @@ func (im *identityManager) getDefaultVerifier(ctx context.Context) (verifier *co
 // GetMultipartyRootVerifier gets the blockchain verifier of the root org via the configuration,
 // resolving it for use as a signing key for the purpose of signing a child identity
 func (im *identityManager) GetMultipartyRootVerifier(ctx context.Context) (*core.VerifierRef, error) {
-	if im.multipartyRootVerifier != nil {
-		return im.multipartyRootVerifier, nil
-	}
-
 	orgKey := im.multiparty.RootOrg().Key
 	if orgKey == "" {
 		return nil, i18n.NewError(ctx, coremsgs.MsgNodeMissingBlockchainKey)
 	}
 
-	verifier, err := im.resolveInputKeyViaBlockchainPlugin(ctx, orgKey)
-	if err != nil {
-		return nil, err
-	}
-	im.multipartyRootVerifier = verifier
-	return verifier, nil
+	return im.resolveInputKeyViaBlockchainPlugin(ctx, orgKey)
 }
 
 // resolveInputKeyViaBlockchainPlugin calls the blockchain plugin to resolve an input key string, to the

@@ -579,10 +579,10 @@ func TestResolveInputSigningIdentityByOrgVerifierFail(t *testing.T) {
 
 }
 
-func TestResolveInputSigningKeyDefault(t *testing.T) {
+func TestResolveInputSigningKeyDefaultNoBlockchain(t *testing.T) {
 	ctx, im := newTestIdentityManager(t)
-	im.blockchain = nil
 
+	im.blockchain = nil
 	im.defaultKey = "key123"
 
 	resolvedKey, err := im.ResolveInputSigningKey(ctx, "", KeyNormalizationBlockchainPlugin)
@@ -622,12 +622,15 @@ func TestResolveInputSigningKeyDefaultNoBlockchainInputFallback(t *testing.T) {
 
 func TestResolveInputSigningKeyDefaultNoBlockchainDefaultKeyFallback(t *testing.T) {
 	ctx, im := newTestIdentityManager(t)
-	im.blockchain = nil
+
 	im.defaultKey = "key123"
 
+	mbi := im.blockchain.(*blockchainmocks.Plugin)
+	mbi.On("ResolveInputSigningKey", ctx, "key123").Return("fullkey123", nil)
+
 	resolvedKey, err := im.ResolveInputSigningKey(ctx, "", KeyNormalizationBlockchainPlugin)
 	assert.NoError(t, err)
-	assert.Equal(t, "key123", resolvedKey)
+	assert.Equal(t, "fullkey123", resolvedKey)
 }
 
 func TestResolveInputSigningKeyOrgFallbackOk(t *testing.T) {
@@ -741,15 +744,14 @@ func TestFirstVerifierForIdentityNotFound(t *testing.T) {
 func TestResolveDefaultSigningIdentityNotFound(t *testing.T) {
 
 	ctx, im := newTestIdentityManager(t)
-	im.multipartyRootVerifier = &core.VerifierRef{
-		Type:  core.VerifierTypeEthAddress,
-		Value: "key12345",
-	}
 
 	mbi := im.blockchain.(*blockchainmocks.Plugin)
 	mmp := im.multiparty.(*multipartymocks.Manager)
 	mmp.On("GetNetworkVersion").Return(1)
-	mmp.On("RootOrg").Return(multiparty.RootOrg{})
+	mmp.On("RootOrg").Return(multiparty.RootOrg{
+		Key: "key12345",
+	})
+	mbi.On("ResolveInputSigningKey", ctx, "key12345").Return("key12345", nil)
 
 	mdi := im.database.(*databasemocks.Plugin)
 	mdi.On("GetVerifierByValue", ctx, core.VerifierTypeEthAddress, "ns1", "key12345").Return(nil, nil)
@@ -767,10 +769,6 @@ func TestResolveDefaultSigningIdentityNotFound(t *testing.T) {
 func TestResolveDefaultSigningIdentitySystemFallback(t *testing.T) {
 
 	ctx, im := newTestIdentityManager(t)
-	im.multipartyRootVerifier = &core.VerifierRef{
-		Type:  core.VerifierTypeEthAddress,
-		Value: "key12345",
-	}
 
 	id := &core.Identity{
 		IdentityBase: core.IdentityBase{
@@ -791,7 +789,8 @@ func TestResolveDefaultSigningIdentitySystemFallback(t *testing.T) {
 	mbi := im.blockchain.(*blockchainmocks.Plugin)
 	mmp := im.multiparty.(*multipartymocks.Manager)
 	mmp.On("GetNetworkVersion").Return(1)
-	mmp.On("RootOrg").Return(multiparty.RootOrg{Name: "org1"})
+	mmp.On("RootOrg").Return(multiparty.RootOrg{Name: "org1", Key: "key12345"})
+	mbi.On("ResolveInputSigningKey", ctx, "key12345").Return("key12345", nil)
 
 	mdi := im.database.(*databasemocks.Plugin)
 	mdi.On("GetVerifierByValue", ctx, core.VerifierTypeEthAddress, "ns1", "key12345").Return(nil, nil)
@@ -845,13 +844,13 @@ func TestGetMultipartyRootVerifierNotSet(t *testing.T) {
 func TestGetMultipartyRootOrgMismatch(t *testing.T) {
 
 	ctx, im := newTestIdentityManager(t)
-	im.multipartyRootVerifier = &core.VerifierRef{
-		Type:  core.VerifierTypeEthAddress,
-		Value: "fullkey123",
-	}
 
 	mmp := im.multiparty.(*multipartymocks.Manager)
-	mmp.On("RootOrg").Return(multiparty.RootOrg{})
+	mmp.On("RootOrg").Return(multiparty.RootOrg{
+		Key: "key12345",
+	})
+	mbi := im.blockchain.(*blockchainmocks.Plugin)
+	mbi.On("ResolveInputSigningKey", ctx, "key12345").Return("fullkey123", nil)
 
 	orgID := fftypes.NewUUID()
 	mdi := im.database.(*databasemocks.Plugin)