Commit c3da031b authored by Cédric Moreau's avatar Cédric Moreau
Browse files

TDD: Block:Local: memberships signatures must be valid

parent 003d796e
var crypto = require('./crypto');
var common = require('./common');
var mongoose = require('mongoose');
var Identity = mongoose.model('Identity', require('../models/identity'));
var crypto = require('./crypto');
var common = require('./common');
var mongoose = require('mongoose');
var Identity = mongoose.model('Identity', require('../models/identity'));
var Membership = mongoose.model('Membership', require('../models/membership'));
module.exports = function () {
......@@ -15,12 +16,12 @@ function LocalValidator () {
done('Identity\'s signature must match');
return;
}
if (!crypto.verify(block.getRaw(), block.signature, block.issuer)) {
done('Signature must match');
if (hasWrongSignatureForMemberships(block)) {
done('Membership\'s signature must match');
return;
}
if (false) {
done('Membership\'s signature must match');
if (!crypto.verify(block.getRaw(), block.signature, block.issuer)) {
done('Signature must match');
return;
}
done(null, true);
......@@ -174,3 +175,22 @@ function hasWrongSignatureForIdentities (block) {
}
return wrongSig;
}
function hasWrongSignatureForMemberships (block) {
var i = 0;
var wrongSig = false;
// Joiners
while (!wrongSig && i < block.joiners.length) {
var ms = Membership.fromInline(block.joiners[i], 'IN', block.currency);
wrongSig = !crypto.verify(ms.getRaw(), ms.signature, ms.issuer);
i++;
}
// Leavers
i = 0;
while (!wrongSig && i < block.leavers.length) {
var ms = Membership.fromInline(block.leavers[i], 'OUT', block.currency);
wrongSig = !crypto.verify(ms.getRaw(), ms.signature, ms.issuer);
i++;
}
return wrongSig;
}
......@@ -66,7 +66,7 @@ module.exports = new function() {
raw += "Membership: " + json.membership + "\n";
if (json.userid)
raw += "UserID: " + json.userid + "\n";
if (json.certts)
if (!isNaN(json.certts))
raw += "CertTS: " + json.certts.timestamp() + "\n";
return dos2unix(raw);
};
......
......@@ -110,16 +110,18 @@ MembershipSchema.methods = {
}
}
MembershipSchema.statics.fromInline = function (inlineMS, type) {
MembershipSchema.statics.fromInline = function (inlineMS, type, currency) {
var Membership = this.model('Membership');
var sp = inlineMS.split(':');
return new Membership({
version: 1,
currency: currency,
issuer: sp[0],
membership: type,
type: type,
date: new Date(parseInt(sp[2])*1000),
userid: '',
certts: new Date(parseInt(sp[3])*1000),
userid: sp[4],
signature: sp[1]
});
}
......
......@@ -353,4 +353,89 @@ module.exports = {
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1411844659:kr2JA6wCGfbNKGpyM86BscsFk22aA9oiAon8mWRPl4G8UpJKZs3tjuPRAw5+04KLCRWl/TT1TumDCkeEjev7DA==\n" +
"Transactions:\n" +
"kNsKdC8eH0d4zdHh1djyMzRXjFrwk3Bc3M8wo4DV/7clE9J66K/U0FljyS79SI78ZZUPaVmrImKJ9SNiubCiBg==\n",
WRONGLY_SIGNED_JOIN:
"Version: 1\n" +
"Type: Block\n" +
"Currency: beta_brousouf\n" +
"Nonce: 11\n" +
"Number: 0\n" +
"Date: 1411776000\n" +
"ConfirmedDate: 1411776000\n" +
"Issuer: HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd\n" +
"MembersCount: 3\n" +
"Identities:\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:Die9lYNW1u/w50AfuaXwb4MJc3aKA3WfJwiy+31TqHIGC+VNnRKjMmrwMptN+a+dL6INjLrhMrPqoK60IkTlDQ==:1411837451:CAT\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:NJE8nYU4Im+KQDRdoAn5gcfic+Gjjzp0Pp0iji/Fzh9JIThoQeUDDew4Q5vJBEg/Aw7gPnIg+11TbLkIGa/ODQ==:1411837452:TAC\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1V/QnQcnJtQSSvhOFBhl7kGXBea8gKEQ6iqPNCVb41yI9gN79XGtUeHhjlumhQkPeizlzpkcNBkL8bhokiNcBQ==:1411837457:SNOW\n" +
"Joiners:\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:iSQvl1VVc6+b1AUaBJ/VTTurGGHgaIcjASBhIlzI7M/7KVQV3Wi3oGUZUzLWqCAtGUsPcsj1HCV2/sRyxHmqAw==:1411837455:1411837451:CAT\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:25xK7+ph7IYeN9Hu8PvuIBjYdVURYtvKayPHZg7zrrYTs6ii2fMtk5J65a3bT/NKr2Qsd7I5TCL29QyiAXa7BA==:1411837456:1411837452:TAC\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:ze+ftHWFLYmjfvXyrx4a15N2VQjf6oen8kkMiYNYrVllbpb5IUcb28CenlOQbVd9cZCNGSkTP7xP5bt8KAqUAw==:1411837462:1411837457:SNOW\n" +
"Leavers:\n" +
"Excluded:\n" +
"Certifications:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:1411844654:vTvKYvjTYUT30t/9h7uNE/2LFJiYuA4YleIetFkb62XxDoxGizKC9VvVs7WRNArcfHvJ+RLyOoawQzpmw2DyCw==\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:1411844658:2KmmmIL8eK/TACjOqTqO5ZG/tgMYWWV8zRICWFQJuqWyYVg/y5wzXyHrgfpdMYhwYMRBhwbMk1sPNLo/kzp0AA==\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:1411844653:DU4JlHxJtIb2Z7Ag4Jy+z0qjNNo5jzN5EvTUWOTRRzeb6LbOClw2X+pmb0mV/wpVKd/lJrUHAWeKMDHG4MukCA==\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:1411844660:tY5J+g3sM421sx0WNUuESUL8Zz2BU0UbtXT+nRsTlYThaDubMg/GmhsxWa0ccRJcZvftEwpENtVjyd6hyPSQCw==\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1411844659:kr2JA6wCGfbNKGpyM86BscsFk22aA9oiAon8mWRPl4G8UpJKZs3tjuPRAw5+04KLCRWl/TT1TumDCkeEjev7DA==\n" +
"Transactions:\n" +
"kNsKdC8eH0d4zdHh1djyMzRXjFrwk3Bc3M8wo4DV/7clE9J66K/U0FljyS79SI78ZZUPaVmrImKJ9SNiubCiBg==\n",
WRONGLY_SIGNED_LEAVE:
"Version: 1\n" +
"Type: Block\n" +
"Currency: beta_brousouf\n" +
"Nonce: 11\n" +
"Number: 0\n" +
"Date: 1411776000\n" +
"ConfirmedDate: 1411776000\n" +
"Issuer: HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd\n" +
"MembersCount: 3\n" +
"Identities:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:NJE8nYU4Im+KQDRdoAn5gcfic+Gjjzp0Pp0iji/Fzh9JIThoQeUDDew4Q5vJBEg/Aw7gPnIg+11TbLkIGa/ODQ==:1411837452:TAC\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1V/QnQcnJtQSSvhOFBhl7kGXBea8gKEQ6iqPNCVb41yI9gN79XGtUeHhjlumhQkPeizlzpkcNBkL8bhokiNcBQ==:1411837457:SNOW\n" +
"Joiners:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:25xK7+ph7IYeN9Hu8PvuIBjYdVURYtvKayPHZg7zrrYTs6ii2fMtk5J65a3bT/NKr2Qsd7I5TCL29QyiAXa7BA==:1411837456:1411837452:TAC\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:ze+ftHWFLYmjfvXyrx4a15N2VQjf6oen8kkMiYNYrVllbpb5IUcb28CenlOQbVd9cZCNGSkTP7xP5bt8KAqUAw==:1411837462:1411837457:SNOW\n" +
"Leavers:\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:I9kYCknNTp9zYS4CflAMk4Xh1yQIaP1H3PgPHJeQZQNkBavyqddXsq5DUzscsi2kRttJw6C/MATSD8KyZYPNAg==:1411850495\n" +
"Excluded:\n" +
"Certifications:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:1411844654:vTvKYvjTYUT30t/9h7uNE/2LFJiYuA4YleIetFkb62XxDoxGizKC9VvVs7WRNArcfHvJ+RLyOoawQzpmw2DyCw==\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:1411844658:2KmmmIL8eK/TACjOqTqO5ZG/tgMYWWV8zRICWFQJuqWyYVg/y5wzXyHrgfpdMYhwYMRBhwbMk1sPNLo/kzp0AA==\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:1411844653:DU4JlHxJtIb2Z7Ag4Jy+z0qjNNo5jzN5EvTUWOTRRzeb6LbOClw2X+pmb0mV/wpVKd/lJrUHAWeKMDHG4MukCA==\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:1411844660:tY5J+g3sM421sx0WNUuESUL8Zz2BU0UbtXT+nRsTlYThaDubMg/GmhsxWa0ccRJcZvftEwpENtVjyd6hyPSQCw==\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1411844659:kr2JA6wCGfbNKGpyM86BscsFk22aA9oiAon8mWRPl4G8UpJKZs3tjuPRAw5+04KLCRWl/TT1TumDCkeEjev7DA==\n" +
"Transactions:\n" +
"kNsKdC8eH0d4zdHh1djyMzRXjFrwk3Bc3M8wo4DV/7clE9J66K/U0FljyS79SI78ZZUPaVmrImKJ9SNiubCiBg==\n",
CORRECTLY_SIGNED_LEAVE:
"Version: 1\n" +
"Type: Block\n" +
"Currency: beta_brousouf\n" +
"Nonce: 11\n" +
"Number: 0\n" +
"Date: 1411776000\n" +
"ConfirmedDate: 1411776000\n" +
"Issuer: HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd\n" +
"MembersCount: 3\n" +
"Identities:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:NJE8nYU4Im+KQDRdoAn5gcfic+Gjjzp0Pp0iji/Fzh9JIThoQeUDDew4Q5vJBEg/Aw7gPnIg+11TbLkIGa/ODQ==:1411837452:TAC\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1V/QnQcnJtQSSvhOFBhl7kGXBea8gKEQ6iqPNCVb41yI9gN79XGtUeHhjlumhQkPeizlzpkcNBkL8bhokiNcBQ==:1411837457:SNOW\n" +
"Joiners:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:25xK7+ph7IYeN9Hu8PvuIBjYdVURYtvKayPHZg7zrrYTs6ii2fMtk5J65a3bT/NKr2Qsd7I5TCL29QyiAXa7BA==:1411837456:1411837452:TAC\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:ze+ftHWFLYmjfvXyrx4a15N2VQjf6oen8kkMiYNYrVllbpb5IUcb28CenlOQbVd9cZCNGSkTP7xP5bt8KAqUAw==:1411837462:1411837457:SNOW\n" +
"Leavers:\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:I9kYCknNTp9zYS4CflAMk4Xh1yQIaP1H3PgPHJeQZQNkBavyqddXsq5DUzscsi2kRttJw6C/MATSD8KyZYPNAg==:1411850496\n" +
"Excluded:\n" +
"Certifications:\n" +
"G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:1411844654:vTvKYvjTYUT30t/9h7uNE/2LFJiYuA4YleIetFkb62XxDoxGizKC9VvVs7WRNArcfHvJ+RLyOoawQzpmw2DyCw==\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:1411844658:2KmmmIL8eK/TACjOqTqO5ZG/tgMYWWV8zRICWFQJuqWyYVg/y5wzXyHrgfpdMYhwYMRBhwbMk1sPNLo/kzp0AA==\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:1411844653:DU4JlHxJtIb2Z7Ag4Jy+z0qjNNo5jzN5EvTUWOTRRzeb6LbOClw2X+pmb0mV/wpVKd/lJrUHAWeKMDHG4MukCA==\n" +
"F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU:1411844660:tY5J+g3sM421sx0WNUuESUL8Zz2BU0UbtXT+nRsTlYThaDubMg/GmhsxWa0ccRJcZvftEwpENtVjyd6hyPSQCw==\n" +
"HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd:F5PtTpt8QFYMGtpZaETygB2C2yxCSxH1UW1VopBNZ6qg:1411844659:kr2JA6wCGfbNKGpyM86BscsFk22aA9oiAon8mWRPl4G8UpJKZs3tjuPRAw5+04KLCRWl/TT1TumDCkeEjev7DA==\n" +
"Transactions:\n" +
"kNsKdC8eH0d4zdHh1djyMzRXjFrwk3Bc3M8wo4DV/7clE9J66K/U0FljyS79SI78ZZUPaVmrImKJ9SNiubCiBg==\n",
};
......@@ -15,6 +15,11 @@ describe("Block local coherence", function(){
done();
}));
it('with correct leave should pass', validate(blocks.CORRECTLY_SIGNED_LEAVE, function (err, done) {
assert.equal(err, 'Signature must match');
done();
}));
describe("should be rejected", function(){
it('block with wrong signature', validate(blocks.WRONG_SIGNATURE, function (err, done) {
......@@ -71,6 +76,16 @@ describe("Block local coherence", function(){
assert.equal(err, 'Identity\'s signature must match');
done();
}));
it('Block cannot contain wrongly signed join', validate(blocks.WRONGLY_SIGNED_JOIN, function (err, done) {
assert.equal(err, 'Membership\'s signature must match');
done();
}));
it('Block cannot contain wrongly signed leave', validate(blocks.WRONGLY_SIGNED_LEAVE, function (err, done) {
assert.equal(err, 'Membership\'s signature must match');
done();
}));
});
});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment