integration test

Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

Diff for: .github/workflows/tests.yml

@@ -81,6 +81,7 @@ jobs:
         tests: [
           dlog-fabric-t1,
           dlog-fabric-t2,
+          dlog-fabric-t2.1,
           dlog-fabric-t3,
           dlog-fabric-t4,
           dlog-fabric-t5,

Diff for: cmd/tokengen/cobra/pp/dlog/update.go

@@ -13,7 +13,6 @@ import (
 
 	"github.com/hyperledger-labs/fabric-token-sdk/cmd/tokengen/cobra/pp/common"
 	v1 "github.com/hyperledger-labs/fabric-token-sdk/token/core/zkatdlog/nogh/v1/setup"
-	"github.com/hyperledger-labs/fabric-token-sdk/token/driver"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -90,10 +89,10 @@ func Update(args *UpdateArgs) error {
 	// Clear auditor and issuers if provided, and add them again.
 	// If not provided, do not change them.
 	if len(args.Auditors) > 0 {
-		pp.AuditorIDs = []driver.Identity{}
+		pp.SetAuditors(nil)
 	}
 	if len(args.Issuers) > 0 {
-		pp.IssuerIDs = []driver.Identity{}
+		pp.SetIssuers(nil)
 	}
 	if err := common.SetupIssuersAndAuditors(pp, args.Auditors, args.Issuers); err != nil {
 		return err

Diff for: cmd/tokengen/main_test.go

@@ -227,7 +227,7 @@ func validateOutputEquivalent(gt *WithT, tempOutput, auditorsMSPdir, issuersMSPd
 	gt.Expect(err).NotTo(HaveOccurred())
 	gt.Expect(auditors[0]).To(Equal(auditor))
 
-	issuers := pp.IssuerIDs
+	issuers := pp.Issuers()
 	issuer, err := common.GetX509Identity(issuersMSPdir)
 	gt.Expect(err).NotTo(HaveOccurred())
 	gt.Expect(issuers[0]).To(BeEquivalentTo(issuer))

Diff for: fungible.mk

@@ -6,6 +6,10 @@ integration-tests-dlog-fabric-t1:
 integration-tests-dlog-fabric-t2:
 	make integration-tests-dlog-fabric TEST_FILTER="T2"
 
+.PHONY: integration-tests-dlog-fabric-t2.1
+integration-tests-dlog-fabric-t2.1:
+	make integration-tests-dlog-fabric TEST_FILTER="T2.1"
+
 .PHONY: integration-tests-dlog-fabric-t3
 integration-tests-dlog-fabric-t3:
 	make integration-tests-dlog-fabric TEST_FILTER="T3"

Diff for: integration/token/fungible/dlog/dlog_test.go

@@ -41,14 +41,26 @@ var _ = Describe("EndToEnd", func() {
 			ts, selector := newTestSuite(t.CommType, Aries|WebEnabled, t.ReplicationFactor, "", "alice", "bob", "charlie")
 			BeforeEach(ts.Setup)
 			AfterEach(ts.TearDown)
-			It("Update public params", Label("T2"), func() {
+			It("Update public params (new auditor and issuer)", Label("T2"), func() {
 				fungible.TestPublicParamsUpdate(
 					ts.II,
 					"newAuditor",
-					fungible.PrepareUpdatedPublicParams(ts.II, "newAuditor", "default"),
+					fungible.PrepareUpdatedPublicParams(ts.II, "newAuditor", "newIssuer", "default", false),
 					"default",
 					false,
 					selector,
+					false,
+				)
+			})
+			It("Update public params (append new auditor and issuer)", Label("T2.1"), func() {
+				fungible.TestPublicParamsUpdate(
+					ts.II,
+					"newAuditor",
+					fungible.PrepareUpdatedPublicParams(ts.II, "newAuditor", "newIssuer", "default", true),
+					"default",
+					false,
+					selector,
+					true,
 				)
 			})
 			It("Test Identity Revocation", Label("T3"), func() { fungible.TestRevokeIdentity(ts.II, "auditor", selector) })
@@ -65,10 +77,11 @@ var _ = Describe("EndToEnd", func() {
 				fungible.TestPublicParamsUpdate(
 					ts.II,
 					"newIssuer",
-					fungible.PrepareUpdatedPublicParams(ts.II, "newIssuer", "default"),
+					fungible.PrepareUpdatedPublicParams(ts.II, "newIssuer", "newIssuer", "default", false),
 					"default",
 					true,
 					selector,
+					false,
 				)
 			})
 		})

Diff for: integration/token/fungible/fabtoken/fabtoken_test.go

@@ -53,7 +53,7 @@ func UpdatePublicParams(network *integration.Infrastructure, selector *token2.Re
 	ppBytes, err := publicParam.Serialize()
 	Expect(err).NotTo(HaveOccurred())
 
-	fungible.TestPublicParamsUpdate(network, "newAuditor", ppBytes, "default", false, selector)
+	fungible.TestPublicParamsUpdate(network, "newAuditor", ppBytes, "default", false, selector, false)
 }
 
 func newTestSuite(commType fsc.P2PCommunicationType, factor int, names ...string) (*token2.TestSuite, *token2.ReplicaSelector) {

Diff for: integration/token/fungible/support.go

@@ -93,23 +93,41 @@ func IssueCash(network *integration.Infrastructure, wallet string, typ token.Typ
 }
 
 func IssueSuccessfulCash(network *integration.Infrastructure, wallet string, typ token.Type, amount uint64, receiver *token3.NodeReference, auditor *token3.NodeReference, anonymous bool, issuer *token3.NodeReference, finalities ...*token3.NodeReference) string {
-	return issueCashForTMSID(network, wallet, typ, amount, receiver, auditor, anonymous, issuer, nil, finalities, []string{})
+	return issueCashForTMSID(network, wallet, typ, amount, receiver, auditor, anonymous, issuer, nil, finalities, false, []string{})
 }
 
 func IssueCashForTMSID(network *integration.Infrastructure, wallet string, typ token.Type, amount uint64, receiver *token3.NodeReference, auditor *token3.NodeReference, anonymous bool, issuer *token3.NodeReference, tmsId *token2.TMSID, expectedErrorMsgs ...string) string {
-	return issueCashForTMSID(network, wallet, typ, amount, receiver, auditor, anonymous, issuer, tmsId, []*token3.NodeReference{}, expectedErrorMsgs)
-}
-
-func issueCashForTMSID(network *integration.Infrastructure, wallet string, typ token.Type, amount uint64, receiver *token3.NodeReference, auditor *token3.NodeReference, anonymous bool, issuer *token3.NodeReference, tmsId *token2.TMSID, endorsers []*token3.NodeReference, expectedErrorMsgs []string) string {
+	return issueCashForTMSID(network, wallet, typ, amount, receiver, auditor, anonymous, issuer, tmsId, []*token3.NodeReference{}, false, expectedErrorMsgs)
+}
+
+func IssueCashWithNoAuditorSigVerification(network *integration.Infrastructure, wallet string, typ token.Type, amount uint64, receiver *token3.NodeReference, auditor *token3.NodeReference, anonymous bool, issuer *token3.NodeReference, expectedErrorMsgs ...string) string {
+	return issueCashForTMSID(network, wallet, typ, amount, receiver, auditor, anonymous, issuer, nil, []*token3.NodeReference{}, true, expectedErrorMsgs)
+}
+
+func issueCashForTMSID(
+	network *integration.Infrastructure,
+	wallet string,
+	typ token.Type,
+	amount uint64,
+	receiver *token3.NodeReference,
+	auditor *token3.NodeReference,
+	anonymous bool,
+	issuer *token3.NodeReference,
+	tmsId *token2.TMSID,
+	endorsers []*token3.NodeReference,
+	skipAuditorSignatureVerification bool,
+	expectedErrorMsgs []string,
+) string {
 	txIDBoxed, err := network.Client(issuer.ReplicaName()).CallView("issue", common.JSONMarshall(&views.IssueCash{
-		Anonymous:    anonymous,
-		Auditor:      auditor.Id(),
-		IssuerWallet: wallet,
-		TokenType:    typ,
-		Quantity:     amount,
-		Recipient:    network.Identity(receiver.Id()),
-		RecipientEID: receiver.Id(),
-		TMSID:        tmsId,
+		Anonymous:                        anonymous,
+		Auditor:                          auditor.Id(),
+		IssuerWallet:                     wallet,
+		TokenType:                        typ,
+		Quantity:                         amount,
+		Recipient:                        network.Identity(receiver.Id()),
+		RecipientEID:                     receiver.Id(),
+		TMSID:                            tmsId,
+		SkipAuditorSignatureVerification: skipAuditorSignatureVerification,
 	}))
 
 	topology.ToOptions(network.FscPlatform.Peers[0].Options).Endorser()
@@ -1369,10 +1387,10 @@ func MultiSigSpendCashForTMSID(network *integration.Infrastructure, sender *toke
 
 }
 
-func PrepareUpdatedPublicParams(network *integration.Infrastructure, auditor string, networkName string) []byte {
+func PrepareUpdatedPublicParams(network *integration.Infrastructure, auditor string, issuer string, networkName string, appendIdentities bool) []byte {
 	tms := GetTMSByNetworkName(network, networkName)
 	auditorId := GetAuditorIdentity(tms, auditor)
-	issuerId := GetIssuerIdentity(tms, "newIssuer")
+	issuerId := GetIssuerIdentity(tms, issuer)
 
 	tokenPlatform, ok := network.Ctx.PlatformsByName["token"].(*tplatform.Platform)
 	Expect(ok).To(BeTrue(), "failed to get token platform from context")
@@ -1389,6 +1407,8 @@ func PrepareUpdatedPublicParams(network *integration.Infrastructure, auditor str
 		Serialize() ([]byte, error)
 		SetIssuers(identities []driver.Identity)
 		SetAuditors(identities []driver.Identity)
+		AddAuditor(identity2 driver.Identity)
+		AddIssuer(identity2 driver.Identity)
 	}
 	var pp PP
 	switch genericPP.Identifier {
@@ -1399,12 +1419,17 @@ func PrepareUpdatedPublicParams(network *integration.Infrastructure, auditor str
 		pp, err = fabtokenv1.NewPublicParamsFromBytes(ppBytes, fabtokenv1.PublicParameters)
 		Expect(err).NotTo(HaveOccurred())
 	default:
-		Expect(false).To(BeTrue(), "unknown pp identitfier [%s]", genericPP.Identifier)
+		Expect(false).To(BeTrue(), "unknown pp identifier [%s]", genericPP.Identifier)
 	}
 
 	Expect(pp.Validate()).NotTo(HaveOccurred())
-	pp.SetAuditors([]driver.Identity{auditorId})
-	pp.SetIssuers([]driver.Identity{issuerId})
+	if appendIdentities {
+		pp.AddAuditor(auditorId)
+		pp.AddIssuer(issuerId)
+	} else {
+		pp.SetAuditors([]driver.Identity{auditorId})
+		pp.SetIssuers([]driver.Identity{issuerId})
+	}
 
 	// Serialize
 	ppBytes, err = pp.Serialize()

Diff for: integration/token/fungible/tests.go

@@ -847,15 +847,14 @@ func TestSelector(network *integration.Infrastructure, auditorId string, sel *to
 	TransferCash(network, alice, "", "USD", 160, bob, auditor, "insufficient funds, only [150] tokens of type [USD] are available")
 }
 
-func TestPublicParamsUpdate(network *integration.Infrastructure, newAuditorID string, ppBytes []byte, networkName string, issuerAsAuditor bool, sel *token3.ReplicaSelector) {
+func TestPublicParamsUpdate(network *integration.Infrastructure, newAuditorID string, ppBytes []byte, networkName string, issuerAsAuditor bool, sel *token3.ReplicaSelector, updateWithAppend bool) {
 	newAuditor := sel.Get(newAuditorID)
 	tms := GetTMSByNetworkName(network, networkName)
 	newIssuer := sel.Get("newIssuer")
 	issuer := sel.Get("issuer")
 	alice := sel.Get("alice")
 	manager := sel.Get("manager")
 	auditor := sel.Get("auditor")
-	errorMessage := "is not in issuers"
 	if issuerAsAuditor {
 		auditor = issuer
 	}
@@ -886,7 +885,18 @@ func TestPublicParamsUpdate(network *integration.Infrastructure, newAuditorID st
 	Expect(txId).NotTo(BeEmpty())
 	CheckBalance(network, alice, "", "USD", 220)
 	CheckHolding(network, alice, "", "USD", 110, newAuditor)
-	IssueCash(network, "", "USD", 110, alice, newAuditor, true, issuer, errorMessage)
+	if updateWithAppend {
+		IssueCash(network, "", "USD", 110, alice, newAuditor, true, issuer)
+	} else {
+		IssueCash(network, "", "USD", 110, alice, newAuditor, true, issuer, "is not in issuers")
+	}
+	if newAuditorID != "auditor" {
+		if updateWithAppend {
+			IssueCash(network, "", "USD", 110, alice, auditor, true, newIssuer)
+		} else {
+			IssueCashWithNoAuditorSigVerification(network, "", "USD", 110, alice, auditor, true, newIssuer, "is not in auditors")
+		}
+	}
 
 	CheckOwnerWalletIDs(network, manager, "manager.id1", "manager.id2", "manager.id3")
 }

Diff for: integration/token/fungible/views/issue.go

@@ -38,6 +38,8 @@ type IssueCash struct {
 	RecipientWalletID string
 	// RecipientEID is the expected enrolment id of the recipient
 	RecipientEID string
+	// SkipAuditorSignatureVerification set to true to skip the verification of the auditor signature during endorsement collection
+	SkipAuditorSignatureVerification bool
 }
 
 type IssueCashView struct {
@@ -116,7 +118,11 @@ func (p *IssueCashView) Call(context view.Context) (interface{}, error) {
 	// Before completing, all recipients receive the approved transaction.
 	// Depending on the token driver implementation, the recipient's signature might or might not be needed to make
 	// the token transaction valid.
-	_, err = context.RunView(ttx.NewCollectEndorsementsView(tx))
+	var eOpts []ttx.EndorsementsOpt
+	if p.SkipAuditorSignatureVerification {
+		eOpts = append(eOpts, ttx.WithSkipAuditorSignatureVerification())
+	}
+	_, err = context.RunView(ttx.NewCollectEndorsementsView(tx, eOpts...))
 	assert.NoError(err, "failed to sign issue transaction for "+tx.ID())
 
 	// Sanity checks:

Diff for: token/core/zkatdlog/nogh/v1/validator/validator_issue.go

@@ -31,7 +31,7 @@ func IssueValidate(ctx *Context) error {
 		return err
 	}
 
-	issuers := ctx.PP.IssuerIDs
+	issuers := ctx.PP.Issuers()
 	if len(issuers) != 0 {
 		// Check the issuer is among those known
 		found := false

Diff for: token/core/zkatdlog/nogh/v1/validator/validator_test.go

@@ -92,7 +92,7 @@ var _ = Describe("validator", func() {
 		auditor = audit.NewAuditor(logging.MustGetLogger("auditor"), &noop.Tracer{}, des, pp.PedersenGenerators, asigner, c)
 		araw, err := asigner.Serialize()
 		Expect(err).NotTo(HaveOccurred())
-		pp.AuditorIDs = []driver.Identity{araw}
+		pp.SetAuditors([]driver.Identity{araw})
 
 		// initialize enginw with pp
 		deserializer, err := zkatdlog.NewDeserializer(pp)

Diff for: token/services/ttx/auditor.go

@@ -121,12 +121,13 @@ func (r *RegisterAuditorView) Call(context view.Context) (interface{}, error) {
 }
 
 type AuditingViewInitiator struct {
-	tx    *Transaction
-	local bool
+	tx                               *Transaction
+	local                            bool
+	skipAuditorSignatureVerification bool
 }
 
-func newAuditingViewInitiator(tx *Transaction, local bool) *AuditingViewInitiator {
-	return &AuditingViewInitiator{tx: tx, local: local}
+func newAuditingViewInitiator(tx *Transaction, local, skipAuditorSignatureVerification bool) *AuditingViewInitiator {
+	return &AuditingViewInitiator{tx: tx, local: local, skipAuditorSignatureVerification: skipAuditorSignatureVerification}
 }
 
 func (a *AuditingViewInitiator) Call(context view.Context) (interface{}, error) {
@@ -154,39 +155,11 @@ func (a *AuditingViewInitiator) Call(context view.Context) (interface{}, error)
 	span.AddEvent("received_message")
 	logger.Debugf("reply received from %s", a.tx.Opts.Auditor)
 
-	// Check signature
-	signed, err := a.tx.MarshallToAudit()
+	auditorIdentity, err := a.verifyAuditorSignature(context, signature)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed marshalling message to sign")
-	}
-	if logger.IsEnabledFor(zapcore.DebugLevel) {
-		logger.Debugf("Verifying auditor signature on [%s][%s][%s]", a.tx.Opts.Auditor.UniqueID(), hash.Hashable(signed).String(), a.tx.ID())
+		return nil, errors.Wrapf(err, "failed verifying auditor signature")
 	}
 
-	validAuditing := false
-	var auditorIdentity token.Identity
-	span.AddEvent("validate_auditing")
-	for _, auditorID := range a.tx.TokenService().PublicParametersManager().PublicParameters().Auditors() {
-		v, err := a.tx.TokenService().SigService().AuditorVerifier(auditorID)
-		if err != nil {
-			logger.Debugf("failed to get auditor verifier for [%s]", auditorID)
-			continue
-		}
-		span.AddEvent("verify_auditor_signature")
-		if err := v.Verify(signed, signature); err != nil {
-			logger.Errorf("failed verifying auditor signature [%s][%s][%s]", auditorID, hash.Hashable(signed).String(), a.tx.TokenRequest.Anchor)
-		} else {
-			if logger.IsEnabledFor(zapcore.DebugLevel) {
-				logger.Debugf("auditor signature verified [%s][%s][%s]", auditorID, base64.StdEncoding.EncodeToString(signature), hash.Hashable(signed))
-			}
-			auditorIdentity = auditorID
-			validAuditing = true
-			break
-		}
-	}
-	if !validAuditing {
-		return nil, errors.Errorf("failed verifying auditor signature [%s][%s]", hash.Hashable(signed).String(), a.tx.TokenRequest.Anchor)
-	}
 	span.AddEvent("append_auditor_signature")
 	a.tx.TokenRequest.AddAuditorSignature(auditorIdentity, signature)
 
@@ -259,6 +232,42 @@ func (a *AuditingViewInitiator) startLocal(context view.Context) (view.Session,
 	return left, nil
 }
 
+func (a *AuditingViewInitiator) verifyAuditorSignature(context view.Context, signature []byte) (token.Identity, error) {
+	span := trace.SpanFromContext(context.Context())
+	span.AddEvent("validate_auditing")
+
+	if a.skipAuditorSignatureVerification {
+		return a.tx.Opts.Auditor, nil
+	}
+
+	// check the signature
+	signed, err := a.tx.MarshallToAudit()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed marshalling message to sign")
+	}
+	if logger.IsEnabledFor(zapcore.DebugLevel) {
+		logger.Debugf("Verifying auditor signature on [%s][%s][%s]", a.tx.Opts.Auditor.UniqueID(), hash.Hashable(signed).String(), a.tx.ID())
+	}
+
+	for _, auditorID := range a.tx.TokenService().PublicParametersManager().PublicParameters().Auditors() {
+		v, err := a.tx.TokenService().SigService().AuditorVerifier(auditorID)
+		if err != nil {
+			logger.Debugf("failed to get auditor verifier for [%s]", auditorID)
+			continue
+		}
+		span.AddEvent("verify_auditor_signature")
+		if err := v.Verify(signed, signature); err != nil {
+			logger.Errorf("failed verifying auditor signature [%s][%s][%s]", auditorID, hash.Hashable(signed).String(), a.tx.TokenRequest.Anchor)
+		} else {
+			if logger.IsEnabledFor(zapcore.DebugLevel) {
+				logger.Debugf("auditor signature verified [%s][%s][%s]", auditorID, base64.StdEncoding.EncodeToString(signature), hash.Hashable(signed))
+			}
+			return auditorID, nil
+		}
+	}
+	return nil, errors.Errorf("failed verifying auditor signature [%s][%s]", hash.Hashable(signed).String(), a.tx.TokenRequest.Anchor)
+}
+
 type AuditApproveView struct {
 	w  *token.AuditorWallet
 	tx *Transaction

Diff for: token/services/ttx/endorse.go

@@ -419,7 +419,7 @@ func (c *CollectEndorsementsView) requestAudit(context view.Context) ([]view.Ide
 			logger.Debugf("ask auditing to [%s]", c.tx.Opts.Auditor)
 		}
 		local := view2.GetSigService(context).IsMe(c.tx.Opts.Auditor)
-		sessionBoxed, err := context.RunView(newAuditingViewInitiator(c.tx, local))
+		sessionBoxed, err := context.RunView(newAuditingViewInitiator(c.tx, local, c.Opts.SkipAuditorSignatureVerification))
 		if err != nil {
 			return nil, errors.WithMessagef(err, "failed requesting auditing from [%s]", c.tx.Opts.Auditor.String())
 		}