github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/enrollments_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 CA_CFG_PATH="/tmp/fabric-ca/enrollments" 12 SERVERCONFIG="$CA_CFG_PATH/serverConfig.json" 13 CLIENTCONFIG="$CA_CFG_PATH/fabric-ca_client.json" 14 CLIENTCERT="$CA_CFG_PATH/admin/$MSP_CERT_DIR/cert.pem" 15 PKI="$SCRIPTDIR/utils/pki" 16 MAX_ENROLL="$1" 17 UNLIMITED=10 18 RC=0 19 : ${MAX_ENROLL:="32"} 20 : ${DRIVER:="sqlite3"} 21 : ${DATASRC:="fabric-ca-server.db"} 22 : ${FABRIC_CA_DEBUG:="false"} 23 export CA_CFG_PATH 24 25 function genServerConfig { 26 case "$1" in 27 implicit) cat > $SERVERCONFIG <<EOF 28 debug: true 29 db: 30 type: $DRIVER 31 datasource: $DATASRC 32 tls: 33 certfiles: 34 - $TLS_ROOTCERT 35 client: 36 certfile: $TLS_CLIENTCERT 37 keyfile: $TLS_CLIENTKEY 38 tls: 39 enabled: $FABRIC_TLS 40 certfile: $TLS_SERVERCERT 41 keyfile: $TLS_SERVERKEY 42 ca: 43 certfile: $CA_CFG_PATH/fabric-ca-key.pem 44 keyfile: $CA_CFG_PATH/fabric-ca-cert.pem 45 registry: 46 identities: 47 - name: admin 48 pass: adminpw 49 type: client 50 affiliation: bank_a 51 attributes: 52 - hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 53 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 54 hf.Revoker: true 55 ldap: 56 enabled: false 57 url: ${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com 58 tls: 59 certfiles: 60 - $TLS_ROOTCERT 61 client: 62 certfile: $TLS_CLIENTCERT 63 keyfile: $TLS_CLIENTKEY 64 affiliations: 65 bank_a: 66 signing: 67 profiles: 68 default: 69 usage: 70 - cert sign 71 expiry: 8000h 72 csr: 73 cn: fabric-ca-server 74 names: 75 - C: US 76 ST: "North Carolina" 77 L: 78 O: Hyperledger 79 OU: Fabric 80 hosts: 81 - amphion 82 ca: 83 pathlen: 84 pathlenzero: 85 expiry: 86 crypto: 87 software: 88 hash_family: SHA2 89 security_level: 256 90 ephemeral: false 91 key_store_dir: keys 92 EOF 93 ;; 94 # Max enroll for identities cannot surpass global setting 95 invalid) cat > $SERVERCONFIG <<EOF 96 debug: true 97 db: 98 type: $DRIVER 99 datasource: $DATASRC 100 tls: 101 certfiles: 102 - $TLS_ROOTCERT 103 client: 104 certfile: $TLS_CLIENTCERT 105 keyfile: $TLS_CLIENTKEY 106 tls: 107 enabled: $FABRIC_TLS 108 certfile: $TLS_SERVERCERT 109 keyfile: $TLS_SERVERKEY 110 ca: 111 certfile: $CA_CFG_PATH/fabric-ca-key.pem 112 keyfile: $CA_CFG_PATH/fabric-ca-cert.pem 113 registry: 114 maxEnrollments: 15 115 identities: 116 - name: admin 117 maxEnrollments: 16 118 pass: adminpw 119 type: client 120 affiliation: bank_a 121 attributes: 122 - hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 123 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 124 hf.Revoker: true 125 ldap: 126 enabled: false 127 url: ${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com 128 tls: 129 certfiles: 130 - $TLS_ROOTCERT 131 client: 132 certfile: $TLS_CLIENTCERT 133 keyfile: $TLS_CLIENTKEY 134 affiliations: 135 bank_a: 136 signing: 137 profiles: 138 default: 139 usage: 140 - cert sign 141 expiry: 8000h 142 csr: 143 cn: fabric-ca-server 144 names: 145 - C: US 146 ST: "North Carolina" 147 L: 148 O: Hyperledger 149 OU: Fabric 150 hosts: 151 - amphion 152 ca: 153 pathlen: 154 pathlenzero: 155 expiry: 156 crypto: 157 software: 158 hash_family: SHA2 159 security_level: 256 160 ephemeral: false 161 key_store_dir: keys 162 EOF 163 ;; 164 esac 165 } 166 167 trap "CleanUp 1; exit 1" INT 168 # explicitly set value 169 # user can only enroll MAX_ENROLL times 170 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 171 $SCRIPTDIR/fabric-ca_setup.sh -D -I -S -X -m $MAX_ENROLL 172 i=0 173 while test $((i++)) -lt "$MAX_ENROLL"; do 174 enroll 175 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 176 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 177 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 178 prevId="$currId" 179 done 180 # max reached -- should fail 181 enroll 182 test "$?" -eq 0 && ErrorMsg "Surpassed enrollment maximum" 183 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 184 test "$currId" != "$prevId" && ErrorMsg "Prior and current certificates are different" 185 prevId="$currId" 186 187 188 # explicitly set value to '1' 189 # user can only enroll once 190 MAX_ENROLL=1 191 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 192 $SCRIPTDIR/fabric-ca_setup.sh -D -I -S -X -m $MAX_ENROLL 193 i=0 194 while test $((i++)) -lt "$MAX_ENROLL"; do 195 enroll 196 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 197 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 198 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 199 prevId="$currId" 200 done 201 # max reached -- should fail 202 enroll 203 test "$?" -eq 0 && ErrorMsg "Surpassed enrollment maximum" 204 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 205 test "$currId" != "$prevId" && ErrorMsg "Prior and current certificates are different" 206 prevId="$currId" 207 208 # explicitly set value to '-1' 209 # user enrollment unlimited 210 MAX_ENROLL=-1 211 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 212 $SCRIPTDIR/fabric-ca_setup.sh -D -I -S -X -m $MAX_ENROLL 213 i=0 214 while test $((i++)) -lt "$UNLIMITED"; do 215 enroll 216 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 217 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 218 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 219 prevId="$currId" 220 done 221 222 # implicitly set value to '-1' (default) 223 # user enrollment unlimited 224 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 225 test -d $CA_CFG_PATH || mkdir $CA_CFG_PATH 226 genServerConfig implicit 227 $SCRIPTDIR/fabric-ca_setup.sh -S -X -g $SERVERCONFIG 228 i=0 229 while test $((i++)) -lt "$UNLIMITED"; do 230 enroll 231 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 232 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 233 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 234 prevId="$currId" 235 done 236 237 # user enrollment > global 238 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 239 test -d $CA_CFG_PATH || mkdir $CA_CFG_PATH 240 genServerConfig invalid 241 $SCRIPTDIR/fabric-ca_setup.sh -o 0 -S -X -g $SERVERCONFIG | grep 'Configuration Error: Requested enrollments (16) exceeds maximum allowable enrollments (15)' 242 test $? -ne 0 && ErrorMsg "user enrollment > global setting" 243 244 $SCRIPTDIR/fabric-ca_setup.sh -L 245 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 246 CleanUp $RC 247 exit $RC