testing, update and security

adding layer of security for transaction & setBalance
testing and updating test
This commit is contained in:
GME 2019-04-05 19:44:43 +02:00
parent 4972d615e2
commit fe7ebfdea3
14 changed files with 245 additions and 70 deletions

View file

@ -35,9 +35,7 @@ public class Config {
//CHANNEL - CHAINCODE
public static final String CHANNEL_NAME = "mychannel";
//public static final String CHAINCODE_NAME = "mycc";
public static final String CHAINCODE_NAME = "monnethic_4";
//public static final String CHAINCODE_NAME = "monnethic-dev-4";
public static final String CHAINCODE_NAME = "monnethic_5";
//public static final String CHAINCODE_PROD = "monnethic-prod";
//PEER 0

View file

@ -0,0 +1,50 @@
package database.Wallet;
public class BalanceWallet {
private String association_hash;
private String assocation_pwd;
private String wallet_hash;
private double amount;
public BalanceWallet() {
}
public BalanceWallet(String association_hash, String assocation_pwd, String wallet_hash, double amount) {
this.association_hash = association_hash;
this.assocation_pwd = assocation_pwd;
this.wallet_hash = wallet_hash;
this.amount = amount;
}
public String getAssociation_hash() {
return association_hash;
}
public void setAssociation_hash(String association_hash) {
this.association_hash = association_hash;
}
public String getAssocation_pwd() {
return assocation_pwd;
}
public void setAssocation_pwd(String assocation_pwd) {
this.assocation_pwd = assocation_pwd;
}
public String getWallet_hash() {
return wallet_hash;
}
public void setWallet_hash(String wallet_hash) {
this.wallet_hash = wallet_hash;
}
public double getAmount() {
return amount;
}
public void setAmount(double amount) {
this.amount = amount;
}
}

View file

@ -0,0 +1,71 @@
package database.transaction;
public class SendingTransaction {
private String source_user_hash;
private String source_user_pwd;
private String transaction_from;
private String transaction_to;
private double transaction_amount;
private String transaction_unit;
public SendingTransaction() {
}
public SendingTransaction(String source_user_hash, String source_user_pwd, String transaction_from, String transaction_to, double transaction_amount, String transaction_unit) {
this.source_user_hash = source_user_hash;
this.source_user_pwd = source_user_pwd;
this.transaction_from = transaction_from;
this.transaction_to = transaction_to;
this.transaction_amount = transaction_amount;
this.transaction_unit = transaction_unit;
}
public String getSource_user_hash() {
return source_user_hash;
}
public void setSource_user_hash(String source_user_hash) {
this.source_user_hash = source_user_hash;
}
public String getSource_user_pwd() {
return source_user_pwd;
}
public void setSource_user_pwd(String source_user_pwd) {
this.source_user_pwd = source_user_pwd;
}
public String getTransaction_from() {
return transaction_from;
}
public void setTransaction_from(String transaction_from) {
this.transaction_from = transaction_from;
}
public String getTransaction_to() {
return transaction_to;
}
public void setTransaction_to(String transaction_to) {
this.transaction_to = transaction_to;
}
public double getTransaction_amount() {
return transaction_amount;
}
public void setTransaction_amount(double transaction_amount) {
this.transaction_amount = transaction_amount;
}
public String getTransaction_unit() {
return transaction_unit;
}
public void setTransaction_unit(String transaction_unit) {
this.transaction_unit = transaction_unit;
}
}

View file

@ -4,7 +4,10 @@ import blockchain.query.QueryWrapper;
import blockchain.query.TransactionWrapper;
import database.transaction.Transaction;
import database.transaction.TransactionDao;
import database.user.User;
import database.user.UserDao;
import org.hyperledger.fabric.sdk.BlockEvent;
import org.springframework.security.crypto.bcrypt.BCrypt;
import javax.json.Json;
import javax.json.JsonObject;
@ -16,53 +19,64 @@ import java.util.List;
public class TransactionImplementation {
public HashMap sendTransaction(String sourceWalletHash, String destinationWalletHash, double amount, String transactionUnit) throws Exception {
public HashMap sendTransaction(String sourceUserHash, String sourceUserPwd, String sourceWalletHash, String destinationWalletHash, double amount, String transactionUnit) throws Exception {
TransactionWrapper transactionWrapper = new TransactionWrapper();
HashMap returnResponse = new HashMap();
QueryWrapper queryWrapper = new QueryWrapper();
String response = queryWrapper.sendQuery("readWallet", new String[]{sourceWalletHash});
HashMap returnResponse = new HashMap();
UserDao userDao = new UserDao();
User user = userDao.getUserWithHash(sourceUserHash);
if (response != null){
JsonReader reader = Json.createReader(new StringReader(response));
JsonObject walletInfo = reader.readObject();
double balance = walletInfo.getJsonNumber("sold").doubleValue();
if(user != null){
if(BCrypt.checkpw(sourceUserPwd, user.getPassword())){
String response = queryWrapper.sendQuery("readWallet", new String[]{sourceWalletHash});
if(balance-amount<0){ //CHECK WALLET BALANCE
returnResponse.put("success",false);
returnResponse.put("message","Not enough money");
} else {
//CHECK DEST WALLET
String responseDestWallet = queryWrapper.sendQuery("readWallet", new String[]{destinationWalletHash});
if(responseDestWallet!=null){
BlockEvent.TransactionEvent eventResponse = transactionWrapper.sendTransaction("transaction",new String[]{sourceWalletHash,destinationWalletHash,String.valueOf(amount)});
String txID = eventResponse.getTransactionID();
if (response != null){
JsonReader reader = Json.createReader(new StringReader(response));
JsonObject walletInfo = reader.readObject();
double balance = walletInfo.getJsonNumber("balance").doubleValue();
Transaction transaction = new Transaction();
long now = Instant.now().toEpochMilli();
transaction.setTransaction_date(now);
transaction.setTransaction_from(sourceWalletHash);
transaction.setTransaction_to(destinationWalletHash);
transaction.setTransaction_amount(amount);
transaction.setTransaction_hash(txID);
transaction.setTransaction_unit(transactionUnit);
if(balance-amount<0){ //CHECK WALLET BALANCE
returnResponse.put("success",false);
returnResponse.put("message","Not enough money");
} else {
//CHECK DEST WALLET
String responseDestWallet = queryWrapper.sendQuery("readWallet", new String[]{destinationWalletHash});
if(responseDestWallet!=null){
BlockEvent.TransactionEvent eventResponse = transactionWrapper.sendTransaction("transaction",new String[]{sourceWalletHash,destinationWalletHash,String.valueOf(amount)});
String txID = eventResponse.getTransactionID();
TransactionDao transactionDao = new TransactionDao();
transactionDao.addTransaction(transaction);
Transaction transaction = new Transaction();
long now = Instant.now().toEpochMilli();
transaction.setTransaction_date(now);
transaction.setTransaction_from(sourceWalletHash);
transaction.setTransaction_to(destinationWalletHash);
transaction.setTransaction_amount(amount);
transaction.setTransaction_hash(txID);
transaction.setTransaction_unit(transactionUnit);
returnResponse.put("success",true);
returnResponse.put("message",txID);
TransactionDao transactionDao = new TransactionDao();
transactionDao.addTransaction(transaction);
WalletImplementation walletImplementation = new WalletImplementation();
walletImplementation.updateWalletBalance(sourceWalletHash,destinationWalletHash,amount);
returnResponse.put("success",true);
returnResponse.put("message",txID);
WalletImplementation walletImplementation = new WalletImplementation();
walletImplementation.updateWalletBalance(sourceWalletHash,destinationWalletHash,amount);
} else {
returnResponse.put("success",false);
returnResponse.put("message","Destination wallet doesn't exist");
}
}
} else {
returnResponse.put("success",false);
returnResponse.put("message","Destination wallet doesn't exist");
returnResponse.put("message","Error in user wallet");
}
} else {
throw new Exception("NOT ALLOWED");
}
} else {
returnResponse.put("success",false);
returnResponse.put("message","Error in user wallet");
throw new Exception("NOT ALLOWED");
}
return returnResponse;
}

View file

@ -16,7 +16,6 @@ import javax.json.JsonReader;
import java.io.StringReader;
import java.time.Instant;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class WalletImplementation {
@ -43,7 +42,7 @@ public class WalletImplementation {
response.put("walletHash",wallet.getWallet_hash());
response.put("walletType",wallet.getType());
response.put("walletSold",wallet.getBalance().toString());
response.put("walletBalance",wallet.getBalance().toString());
response.put("ownerHash",wallet.getUser_hash());
response.put("response","true");
@ -75,29 +74,37 @@ public class WalletImplementation {
wallet.setWallet_hash(walletJson.getString("id"));
wallet.setUser_hash(walletJson.getString("owner"));
wallet.setType(walletJson.getString("walletType"));
wallet.setBalance(walletJson.getJsonNumber("sold").doubleValue());
wallet.setBalance(walletJson.getJsonNumber("balance").doubleValue());
}
return wallet;
}
//setBalance
public void setBalanceToWallet(String walletHash, double amount) throws Exception {
double newBalance = 0.0;
public void setBalanceToWallet(String associationHash, String associationPwd, String walletHash, double amount) throws Exception {
TransactionWrapper transactionWrapper = new TransactionWrapper();
System.out.println("String.valueOf(amount) : "+String.valueOf(amount));
System.out.println("walletHash : "+walletHash);
transactionWrapper.sendTransaction("setSoldOnWallet",new String[]{walletHash,String.valueOf(amount)});
UserDao userDao = new UserDao();
User association = userDao.getUserWithHash(associationHash);
if(association != null){
if(BCrypt.checkpw(associationPwd, association.getPassword())){
double newBalance = 0.0;
transactionWrapper.sendTransaction("setBalanceOnWallet",new String[]{walletHash,String.valueOf(amount)});
Wallet wallet = getWallet(walletHash);
if(wallet!=null){
newBalance=wallet.getBalance();
WalletDao walletDao = new WalletDao();
walletDao.updateWalletBalance(walletHash,newBalance);
} else {
throw new Exception("ERROR QUERY WALLET");
}
}else {
throw new Exception("NOT ALLOWED");
}
Wallet wallet = getWallet(walletHash);
if(wallet!=null){
newBalance=wallet.getBalance();
WalletDao walletDao = new WalletDao();
walletDao.updateWalletBalance(walletHash,newBalance);
} else {
throw new Exception("ERROR QUERY WALLET");
}else {
throw new Exception("NOT ALLOWED");
}
}
//update DB balance after transaction

View file

@ -1,5 +1,6 @@
package restService;
import database.transaction.SendingTransaction;
import database.transaction.Transaction;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@ -16,10 +17,12 @@ public class TransactionResource {
@RequestMapping(value = "/send", method = RequestMethod.POST, produces = "application/json")
@ResponseStatus(HttpStatus.CREATED)
public ResponseEntity saveTransaction(@Valid @RequestBody Transaction transaction){
public ResponseEntity doTransaction(@Valid @RequestBody SendingTransaction SendingTransaction){
TransactionImplementation transactionImplementation = new TransactionImplementation();
try{
HashMap mapResponse = transactionImplementation.sendTransaction(transaction.getTransaction_from(),transaction.getTransaction_to(),transaction.getTransaction_amount(),transaction.getTransaction_unit());
HashMap mapResponse = transactionImplementation.sendTransaction(SendingTransaction.getSource_user_hash(), SendingTransaction.getSource_user_pwd(),
SendingTransaction.getTransaction_from(),SendingTransaction.getTransaction_to(),
SendingTransaction.getTransaction_amount(),SendingTransaction.getTransaction_unit());
if(Boolean.parseBoolean(mapResponse.get("success").toString())){
return ResponseEntity.status(HttpStatus.OK).body("{\"response\":\""+mapResponse.get("message")+"\"}");

View file

@ -1,5 +1,6 @@
package restService;
import database.Wallet.BalanceWallet;
import database.Wallet.Wallet;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@ -23,7 +24,7 @@ public class WalletResource {
Wallet returnWallet = new Wallet();
returnWallet.setWallet_hash(walletResponse.get("walletHash"));
returnWallet.setBalance(Double.parseDouble(walletResponse.get("walletSold")));
returnWallet.setBalance(Double.parseDouble(walletResponse.get("walletBalance")));
returnWallet.setType(walletResponse.get("walletType"));
if(Boolean.parseBoolean(walletResponse.get("response"))){
@ -74,10 +75,10 @@ public class WalletResource {
@RequestMapping(value = "/setBalance", method = RequestMethod.POST,produces = "application/json")
@ResponseStatus(HttpStatus.OK)
public ResponseEntity setBalance(@RequestBody Wallet wallet){
public ResponseEntity setBalance(@RequestBody BalanceWallet BalanceWallet){
WalletImplementation walletImplementation = new WalletImplementation();
try{
walletImplementation.setBalanceToWallet(wallet.getWallet_hash(),wallet.getBalance());
walletImplementation.setBalanceToWallet(BalanceWallet.getAssociation_hash(), BalanceWallet.getAssocation_pwd(), BalanceWallet.getWallet_hash(),BalanceWallet.getAmount());
return ResponseEntity.status(HttpStatus.OK).body("{\"response\":\"ok\"}");
} catch (Exception e){
StringResponse responseS = new StringResponse(e.getMessage());

View file

@ -19,7 +19,7 @@ public class DeleteUserTest {
try{
TransactionWrapper transactionWrapper = new TransactionWrapper();
String functionName = "deleteUser";
String[] args = new String[]{"$2a$10$tpC8fILKiQqyApJ8/jTPE.YX0grzZsEtmWUyJAidmHOuWGQ4FBdfy"};
String[] args = new String[]{"$2a$10$wKfsus5O9C8.CI8JZxqeweSAzxgEOYpdaoRoHi85w05cGYGyDqTYK"};
BlockEvent.TransactionEvent responseEvent = transactionWrapper.sendTransaction(functionName,args);
logger.info("Event transaction id : "+responseEvent.getTransactionID()); //print transaction id
}catch (Exception e){

View file

@ -22,7 +22,7 @@ public class ReadUserTest {
try{
QueryWrapper queryWrapper = new QueryWrapper();
String functionName = "readUser";
String[] args = new String[]{"$2a$10$tdkMwJ7BQSOXO2uofu/fEOlncUfuX7SsjB.2N9KVsXJUQiarAQzpG"};
String[] args = new String[]{"$2a$10$wKfsus5O9C8.CI8JZxqeweSAzxgEOYpdaoRoHi85w05cGYGyDqTYK"};
String response = queryWrapper.sendQuery(functionName,args);
if(response != null){
JsonReader reader = Json.createReader(new StringReader(response));

View file

@ -19,7 +19,7 @@ public class DeleteWalletTest {
try{
TransactionWrapper transactionWrapper = new TransactionWrapper();
String functionName = "deleteWallet";
String[] args = new String[]{"qerh654d5f5hdsf16"};
String[] args = new String[]{"$2a$10$FxslW1US5ml6ALvvUIqeF.kGgZIMs/COuh7xz9vJTVPtXKM0ftxoq"};
BlockEvent.TransactionEvent responseEvent = transactionWrapper.sendTransaction(functionName,args);
logger.info("Event transaction id : "+responseEvent.getTransactionID()); //print transaction id
}catch (Exception e){

View file

@ -24,7 +24,7 @@ public class QueryWalletByOwnerTest {
try{
QueryWrapper queryWrapper = new QueryWrapper();
String functionName = "queryWalletsByOwner";
String[] args = new String[]{"$2a$10$EBoYmkW7mdss58LtrNvcg.Igtkx/Vyncnw3o0MA99SJi32UXyKgwe"};
String[] args = new String[]{"$2a$10$2H6rEnTlEUBk18xUjXx5YuTmgiUMtyRdxgTjfugVlAcZbtDfPiWky"};
String response = queryWrapper.sendQuery(functionName,args);
logger.info("response : "+response);

View file

@ -24,13 +24,13 @@ public class ReadWalletTest {
try{
QueryWrapper queryWrapper = new QueryWrapper();
String functionName = "readWallet";
String[] args = new String[]{"$2a$10$WN6ARfShm9bgRZ8s9bzZqejvL.VzZrjXRmZLj6N3U6No9G/YLVqVi"};
String[] args = new String[]{"$2a$10$FxslW1US5ml6ALvvUIqeF.kGgZIMs/COuh7xz9vJTVPtXKM0ftxoq"};
String response = queryWrapper.sendQuery(functionName,args);
if(response!=null){
JsonReader reader = Json.createReader(new StringReader(response));
JsonObject walletInfo = reader.readObject();
double balance = walletInfo.getJsonNumber("sold").doubleValue();
double balance = walletInfo.getJsonNumber("balance").doubleValue();
logger.info("response : "+response);
logger.info("balance : "+balance);
@ -55,7 +55,7 @@ public class ReadWalletTest {
if(response!=null){
JsonReader reader = Json.createReader(new StringReader(response));
JsonObject walletInfo = reader.readObject();
double balance = walletInfo.getJsonNumber("sold").doubleValue();
double balance = walletInfo.getJsonNumber("balance").doubleValue();
logger.info("response : "+response);
logger.info("balance : "+balance);

View file

@ -9,6 +9,7 @@ import java.util.Map;
public class CreateDataSetProcess {
private static Logger logger = Logger.getLogger(CreateDataSetProcess.class);
private static String gonetteHash = "";
private static String userHashA = "";
private static String userHashB = "";
private static String walletHash1UserA = "";
@ -19,9 +20,12 @@ public class CreateDataSetProcess {
public static void main(String [ ] args){
BasicConfigurator.configure();
User userA = new User("TotoName","TotoFirstName","TotoEmail@gmail.com","totoPassword1234$","gonette");
User userB = new User("TataName","TataFirstName","TataEmail@gmail.com","tataPassword1234$","0607080900","gonette");
User association = new User("Gonette","Association","gonette-lyon@gmail.com","asso_GonE8977&4$*-","gonette");
User userA = new User("Meunier","Thomas","thomas.meunier@gmail.com","thomasPwd158$*","gonette");
User userB = new User("Petit","Claire","claire.petit@gmail.com","gonClaire789$*","0607080900","gonette");
registerUser(association);
association.setUser_hash(gonetteHash);
registerUser(userA);
userA.setUser_hash(userHashA);
registerUser(userB);
@ -40,6 +44,11 @@ public class CreateDataSetProcess {
createWallet(walletAUserB);
createWallet(walletBUserB);
setBalance(association.getUser_hash(), association.getPassword(), walletBUserA.getWallet_hash(),120);
setBalance(association.getUser_hash(), association.getPassword(), walletAUserB.getWallet_hash(),50);
doTransaction(userB.getUser_hash(), userB.getPassword(), walletAUserB.getWallet_hash(),walletBUserA.getWallet_hash(),10,userB.getAssociation());
}
private static void registerUser(User user){
@ -49,9 +58,11 @@ public class CreateDataSetProcess {
if(Boolean.parseBoolean(response.get("response"))){
String userHash = response.get("userHash");
if(user.getEmail().equals("TotoEmail@gmail.com")){
if(user.getEmail().equals("thomas.meunier@gmail.com")){
userHashA = userHash;
} else {
} else if (user.getEmail().equals("gonette-lyon@gmail.com")){
gonetteHash = userHash;
} else {
userHashB = userHash;
}
@ -86,7 +97,7 @@ public class CreateDataSetProcess {
}
logger.info("wallet hash: "+walletResponse.get("walletHash"));
logger.info("wallet sold: "+walletResponse.get("walletSold"));
logger.info("wallet balance: "+walletResponse.get("walletBalance"));
logger.info("wallet type: "+walletResponse.get("walletType"));
logger.info("onwer: "+walletResponse.get("ownerHash"));
@ -95,6 +106,24 @@ public class CreateDataSetProcess {
}
}
private static void setBalance(String associationHash, String associationPwd, String walletHash, double amount){
WalletImplementation walletImplementation = new WalletImplementation();
try{
walletImplementation.setBalanceToWallet(associationHash, associationPwd, walletHash,amount);
}catch (Exception e){
logger.warn("Error approveUser : "+e);
}
}
private static void doTransaction(String sourceUserHash, String sourceUserPwd, String sourceWalletHash, String destWalletHash, double amount, String unit){
TransactionImplementation transactionImplementation = new TransactionImplementation();
try {
transactionImplementation.sendTransaction(sourceUserHash, sourceUserPwd, sourceWalletHash,destWalletHash,amount,unit);
} catch (Exception e){
logger.warn("Error approveUser : "+e);
}
}
}

View file

@ -10,6 +10,7 @@ import java.util.HashMap;
public class TransactionImplementationTest {
private static Logger logger = Logger.getLogger(TransactionImplementationTest.class);
/*
@Test
public void doTransaction(){
TransactionImplementation transactionImplementation = new TransactionImplementation();
@ -24,4 +25,5 @@ public class TransactionImplementationTest {
logger.warn("Error: "+e.getMessage());
}
}
*/
}