github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/gencsr_test.sh (about) 1 #!/bin/bash 2 3 : ${TESTCASE:=gencsr} 4 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 5 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 6 CA_CFG_PATH="/tmp/$TESTCASE" 7 ADMINUSER="admin" 8 USERDIR="$CA_CFG_PATH/$ADMINUSER" 9 CONFIGFILE="$USERDIR/fabric-ca-client-config.yaml" 10 ADMINCERT="$USERDIR/admincert.pem" 11 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr 12 . $SCRIPTDIR/fabric-ca_utils 13 RC=0 14 export CA_CFG_PATH 15 rm -rf /tmp/${TESTCASE} 16 rm -rf /tmp/CAs/${TESTCASE} 17 18 function signReq() { 19 # sign CSR 20 HOME=$CA_CFG_PATH/$ADMINUSER reqout=$CSR \ 21 /etc/hyperledger/fabric-ca/pki -f signreq -a $TESTCASE -p $ADMINUSER <<EOF 22 y 23 y 24 EOF 25 } 26 27 function verifyResult() { 28 artifact="$1" 29 expected_subject="$2" 30 case $artifact in 31 cert) actual_subject="$(openssl x509 -in $ADMINCERT -noout -subject -nameopt rfc2253 |sed 's/subject= //')" 32 ;; 33 csr) actual_subject="$(openssl req -in $CSR -noout -subject -nameopt rfc2253 |sed 's/subject=//')" 34 ;; 35 esac 36 echo expected_subject: $expected_subject 37 test "$expected_subject" = "$actual_subject" || ErrorMsg "expected \n\"$expected_subject\"\n found \"$actual_subject\"" 38 } 39 40 # Create a new external PKI CA 41 /etc/hyperledger/fabric-ca/pki -f newca -a $TESTCASE 42 43 # supply CN at the command line 44 expected="CN=$ADMINUSER,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US" 45 fabric-ca-client gencsr --csr.cn "$ADMINUSER" -H $CA_CFG_PATH/$ADMINUSER 46 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 47 openssl req -noout -in $CSR -subject | sed 's/subject=//' 48 verifyResult csr "$expected" 49 signReq 50 verifyResult cert "$expected" 51 52 # supply CN from a file 53 sed -i "s/cn:.*/cn: $ADMINUSER/" $USERDIR/fabric-ca-client-config.yaml | grep cn: 54 fabric-ca-client gencsr -H $CA_CFG_PATH/$ADMINUSER 55 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 56 openssl req -noout -in $CSR -subject | sed 's/subject=//' 57 verifyResult csr "$expected" 58 signReq 59 verifyResult cert "$expected" 60 61 # CN from command line overrides file 62 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/new$ADMINUSER.csr 63 expected="CN=new$ADMINUSER,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US" 64 fabric-ca-client gencsr --csr.cn "new$ADMINUSER" -H $CA_CFG_PATH/$ADMINUSER 65 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 66 openssl req -noout -in $CSR -subject | sed 's/subject=//' 67 verifyResult csr "$expected" 68 signReq 69 verifyResult cert "$expected" 70 71 ## Supply names from file 72 sed -i "s/C:.*/C: FR/ 73 s/ST:.*/ST: Cantal/ 74 s/ST:.*/ST: Cantal/ 75 s/L:.*/L: Salers/ 76 s/O:.*/O: Gourmet/ 77 s/serialnumber:.*/serialnumber: ABCDEFGHIJKLMNOPQRSTUVWXYZ/" $USERDIR/fabric-ca-client-config.yaml 78 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr 79 expected="serialNumber=ABCDEFGHIJKLMNOPQRSTUVWXYZ,CN=admin,OU=Fabric,O=Gourmet,L=Salers,ST=Cantal,C=FR" 80 fabric-ca-client gencsr -H $CA_CFG_PATH/$ADMINUSER 81 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 82 openssl req -noout -in $CSR -subject | sed 's/subject=//' 83 verifyResult csr "$expected" 84 signReq 85 verifyResult cert "$expected" 86 cat $USERDIR/fabric-ca-client-config.yaml 87 # Names from command line overrides file 88 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr 89 expected='serialNumber=0123456789,CN=admin,OU=Vieux,O=Moulin,L=Charleville-M\C3\A9zi\C3\A8rs,ST=Ardennes,C=FR' 90 fabric-ca-client gencsr --csr.names C=FR,ST=Ardennes,L=Charleville-Mézièrs,O=Moulin,OU=Vieux \ 91 --csr.hosts 1.1.1.1,::1,example.com,me@example.com \ 92 --csr.serialnumber "0123456789" \ 93 --csr.cn admin \ 94 -H $CA_CFG_PATH/$ADMINUSER 95 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 96 openssl req -noout -in $CSR -subject | sed 's/subject=//' 97 verifyResult csr "$expected" 98 signReq 99 verifyResult cert "$expected" 100 101 CleanUp $RC 102 exit $RC