github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/idemix_test.sh

github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/idemix_test.sh (about)

     1  #!/bin/bash
     2  
     3  #
     4  # Copyright IBM Corp. All Rights Reserved.
     5  #
     6  # SPDX-License-Identifier: Apache-2.0
     7  #
     8  
     9  : ${TESTCASE:="idemix"}
    10  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
    11  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    12  CA_CFG_PATH="/tmp/idemixTesting"
    13  . $SCRIPTDIR/fabric-ca_utils
    14  RC=0
    15  
    16  USERNAME="admin"
    17  USERPSWD="adminpw"
    18  
    19  function idemixCleanUp() {
    20      if [ "$1" = "postgres" ]; then
    21          psql -d postgres -c "DROP DATABASE fabric_ca"
    22      else
    23          mysql --host=localhost --user=root --password=mysql -e "drop database fabric_ca;"
    24      fi
    25      rm -rf $CA_CFG_PATH
    26  }
    27  
    28  function getCAInfo() {
    29      $FABRIC_CA_CLIENTEXEC getcainfo -H $CA_CFG_PATH/$USERNAME -u $PROTO${CA_HOST_ADDRESS}:$PROXY_PORT $TLSOPT
    30      test $? -eq 0 || ErrorMsg "Failed to complete 'getcainfo' command"
    31  
    32      PUBKEY="$CA_CFG_PATH/$USERNAME/msp/IssuerPublicKey"
    33      if [ ! -f $PUBKEY ]; then
    34          ErrorMsg "Issuer Public Key was not stored in the correct location"
    35      fi
    36  }
    37  
    38  function getIdemixCred() {
    39      $FABRIC_CA_CLIENTEXEC enroll -u "${PROTO}${USERNAME}:$USERPSWD@$CA_HOST_ADDRESS:$PROXY_PORT" -H $CA_CFG_PATH/$USERNAME --enrollment.type idemix -d $TLSOPT
    40      test $? -eq 0 || ErrorMsg "Failed to complete 'enroll' command"
    41  
    42      CLIENTCERT="$CA_CFG_PATH/$USERNAME/msp/user/SignerConfig"
    43      if [ ! -f $CLIENTCERT ]; then
    44          ErrorMsg "Idemix credential was not stored in the correct location"
    45      fi
    46  }
    47  
    48  function runCommandsUsingIdemix() {
    49      $FABRIC_CA_CLIENTEXEC register -H $CA_CFG_PATH/$USERNAME --id.name testuser1 -d -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    50      test $? -eq 0 || ErrorMsg "Failed to complete 'register' command"
    51  
    52      $FABRIC_CA_CLIENTEXEC affiliation list -H $CA_CFG_PATH/$USERNAME -d -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    53      test $? -eq 0 || ErrorMsg "Failed to complete 'affiliation list' command"
    54  
    55      $FABRIC_CA_CLIENTEXEC identity list -H $CA_CFG_PATH/$USERNAME -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    56      test $? -eq 0 || ErrorMsg "Failed to complete 'identity list' command"
    57  
    58      $FABRIC_CA_CLIENTEXEC certificate list -H $CA_CFG_PATH/$USERNAME -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    59      test $? -eq 0 || ErrorMsg "Failed to complete 'certificate list' command"
    60  
    61      $FABRIC_CA_CLIENTEXEC gencrl -H $CA_CFG_PATH/$USERNAME -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    62      test $? -eq 0 || ErrorMsg "Failed to complete 'gencrl' command"
    63  
    64      $FABRIC_CA_CLIENTEXEC gencsr --csr.cn testGenCSR -H $CA_CFG_PATH/$USERNAME -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    65      test $? -eq 0 || ErrorMsg "Failed to complete 'gencsr' command"
    66  }
    67  
    68  function testIdemixWithRevokedID() {
    69      USERNAME2="admin2"
    70      USERPSWD2="adminpw2"
    71  
    72      $FABRIC_CA_CLIENTEXEC enroll -u "${PROTO}${USERNAME2}:$USERPSWD2@$CA_HOST_ADDRESS:$PROXY_PORT" -H $CA_CFG_PATH/$USERNAME2 --enrollment.type idemix $TLSOPT
    73      test $? -eq 0 || ErrorMsg "Failed to complete 'enroll' command for 'admin2' - idemix"
    74  
    75      $FABRIC_CA_CLIENTEXEC revoke --revoke.name admin2 -H $CA_CFG_PATH/$USERNAME -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    76      test $? -eq 0 || ErrorMsg "Failed to complete 'revoke' command"
    77  
    78      $FABRIC_CA_CLIENTEXEC register -H $CA_CFG_PATH/$USERNAME2 --id.name testuser2 -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    79      test $? -eq 1 || ErrorMsg "Should fail to complete 'register' command, the user with an Idemix credential has been revoked"
    80  }
    81  
    82  function testRHPool() {
    83      # Starting count at 3 because already enrolled 2 users above (admin and admin2)
    84      for i in $(seq 3 $((RHPOOLSIZE)))
    85          do
    86          $FABRIC_CA_CLIENTEXEC register -H $CA_CFG_PATH/$USERNAME --id.name user$i --id.secret user$i -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    87          test $? -eq 0 || ErrorMsg "Failed to complete 'register' command"
    88          $FABRIC_CA_CLIENTEXEC enroll -u "${PROTO}user$i:user$i@$CA_HOST_ADDRESS:$PROXY_PORT" -H $CA_CFG_PATH/user$i --enrollment.type idemix $TLSOPT
    89          test $? -eq 0 || ErrorMsg "Failed to complete 'enroll' command for 'user$i' - idemix"
    90      done
    91  
    92      # Epoch verification is currently disabled in 1.1, even thought a RH Pool Size was exhausted
    93      # and a new Epoch verification was generated this should fail since caller has an outdated CRI
    94      # in it's singerConfig. This will start to fail when Epoch verification is enabled again.
    95      $FABRIC_CA_CLIENTEXEC register -H $CA_CFG_PATH/$USERNAME --id.name newUser --id.secret user$i -d  -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT
    96      test $? -eq 0 || ErrorMsg "Failed to complete 'register' command"
    97  }
    98  
    99  function checkExpirationSQLExec() {
   100      sleep 2 # Give some time for the expiration timeout to occur
   101      grep "Cleaning up expired nonces for CA" /tmp/serverlog.txt # Check to make sure that cleaning up has actually started
   102      test $? -ne 0 && ErrorMsg "Cleaning up expired nonces never triggered"
   103      grep "Failed to remove expired nonces" /tmp/serverlog.txt # Check that bad sql error is not seen
   104      test $? -ne 1 && ErrorMsg "Failed to remove expired nonces, the SQL query failed to execute"
   105  }
   106  
   107  RHPOOLSIZE=10
   108  export FABRIC_CA_SERVER_IDEMIX_RHPOOLSIZE=$RHPOOLSIZE
   109  export FABRIC_CA_SERVER_IDEMIX_NONCEEXPIRATION=2s
   110  export FABRIC_CA_SERVER_IDEMIX_NONCESWEEPINTERVAL=4s
   111  
   112  for driver in postgres mysql; do
   113      ##### Start Fabric CA Server with #####
   114      $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -D -d $driver 2>&1 | tee /tmp/serverlog.txt &
   115      pollFabricCa "" "" $CA_DEFAULT_PORT
   116  
   117      setTLS
   118      ###### Get Idemix Public Key ######
   119      getCAInfo
   120  
   121      ###### Get Idemix Credential ######
   122      getIdemixCred
   123  
   124      ###### Issue other client commands using Idemix Credential ######
   125      runCommandsUsingIdemix
   126  
   127      ###### Revoking an identity that has both x509 and Idemix credentials #######
   128      testIdemixWithRevokedID
   129  
   130      ###### Use up the RH Pool with idemix enrollments ######
   131      testRHPool
   132  
   133      ###### Test that no sql errors seen related to deleting expired nonces #######
   134      checkExpirationSQLExec
   135  
   136      $SCRIPTDIR/fabric-ca_setup.sh -K
   137      idemixCleanUp $driver
   138  done
   139  
   140  CleanUp $RC
   141  exit $RC