github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/revoke_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 TESTDATA="$FABRIC_CA/testdata" 11 export CA_CFG_PATH="/tmp/revoke_test" 12 RC=0 13 DB="fabric_ca" 14 USERS=("admin" "admin2" "notadmin" "testUser" "testUser2" "testUser3" ) 15 PSWDS=("adminpw" "adminpw2" "pass" "user1" "user2" "user3" ) 16 #USERS=("admin" "admin2" "notadmin") 17 #PSWDS=("adminpw" "adminpw2" "pass") 18 HTTP_PORT="3755" 19 20 . $SCRIPTDIR/fabric-ca_utils 21 setTLS 22 # FIXME should not require user:pass 23 URI="${PROTO}user:pass@localhost:$PROXY_PORT" 24 25 genAffYaml() { 26 local Planet=(0 1) 27 local Landmass=(0) 28 local Country=(0 1) 29 local Province=(0 1 2) 30 local Locale=(0) 31 local City=(0 1) 32 local Hood=(0 1 2 3 4 5 6) 33 echo "affiliations:" 34 indent="${indent} " 35 for P in ${Planet[@]}; do 36 echo "${indent}Planet$P:" 37 indent="${indent} " 38 for L in ${Landmass[@]}; do 39 echo "${indent}Landmass$L:" 40 indent="${indent} " 41 for C in ${Country[@]}; do 42 echo "${indent}Country$C:" 43 indent="${indent} " 44 for R in ${Province[@]}; do 45 echo "${indent}Province$R:" 46 indent="${indent} " 47 for O in ${Locale[@]}; do 48 echo "${indent}Locale$O:" 49 indent="${indent} " 50 for I in ${City[@]}; do 51 echo "${indent}City$I:" 52 indent="${indent} " 53 for H in ${Hood[@]}; do 54 echo "${indent}- Hood$H" 55 done 56 indent="${indent# }" 57 done 58 indent="${indent# }" 59 done 60 indent="${indent# }" 61 done 62 indent="${indent# }" 63 done 64 indent="${indent# }" 65 done 66 indent="${indent# }" 67 done 68 indent="${indent} " 69 } 70 71 # Expected codes 72 # user cert 73 enrolledGood="1 good" 74 enrolledRevoked="1 revoked" 75 revokedRevoked="-1 revoked" 76 TEST_RESULTS=("$revokedRevoked" "$revokedRevoked" "$enrolledRevoked" "$enrolledRevoked" "$enrolledGood" "$enrolledGood" ) 77 78 cd $TESTDATA 79 python -m SimpleHTTPServer $HTTP_PORT & 80 HTTP_PID=$! 81 pollSimpleHttp 82 echo $HTTP_PID 83 trap "kill $HTTP_PID; CleanUp; exit 1" INT 84 85 86 for driver in mysql postgres sqlite3; do 87 echo "" 88 echo "" 89 echo "" 90 echo "" 91 echo "=====================> TESTING $driver" 92 # Kill any running servers 93 $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver 94 95 # Setup CA server 96 $SCRIPTDIR/fabric-ca_setup.sh -D -I -d $driver 97 genAffYaml >> $CA_CFG_PATH/runFabricCaFvt.yaml 98 $SCRIPTDIR/fabric-ca_setup.sh -D -S -X -d $driver -x $CA_CFG_PATH 99 if test "$?" -ne 0; then 100 kill $HTTP_PID 101 wait $HTTP_PID 102 ErrorExit "Failed to setup server" RC 103 fi 104 sleep 5 105 # Enroll admin, admin2, notadmin, testUser 106 i=-1 107 while test $((i++)) -lt 5; do 108 enroll "${USERS[i]}" "${PSWDS[i]}" "$CA_CFG_PATH/${USERS[i]}" 109 done 110 111 # notadmin cannot revoke 112 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[2]}" 113 $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT 114 test "$?" -eq 0 && ErrorMsg "Non-revoker successfully revoked cert" 115 116 # Check the DB contents 117 while test $((i++)) -lt 3; do 118 test "$(testStatus ${USERS[i]} $driver)" = "$enrolledGood" || 119 ErrorMsg "Incorrect user/certificate status for ${USERS[i]}" RC 120 done 121 122 ### Ensure case-insensitivity by using both upper/lower case 123 ### in two separate instances 124 # Grab the serial number of notadmin cert 125 SN_UC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem | awk -F'=' '{print toupper($2)}')" 126 # and the auth keyid of notadmin cert - translate upper to lower case 127 AKI_UC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print toupper($0)}') 128 129 # Grab the serial number of testUser cert 130 SN_LC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem | awk -F'=' '{print tolower($2)}')" 131 # and the auth keyid of testUser cert - translate upper to lower case 132 AKI_LC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print tolower($0)}') 133 134 # Revoke the certs 135 echo "=========================> REVOKING by --eid" 136 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}" 137 #### Blanket revoke all of admin2 certs 138 $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT 139 140 #### Revoke notadmin's cert by serial number and authority keyid 141 #### using upper-case hexidecimal 142 echo "=========================> REVOKING by -s -a (UPPERCASE)" 143 $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT 144 145 #### Ensure that revoking an already revoked cert doesn't blow up 146 echo "=========================> Issuing duplicate revoke by -s -a" 147 $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT 148 149 #### Revoke using lower-case hexadeciaml 150 # FIXME - should allow combination of SN + AKI + EID 151 #$FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI -e${USERS[3]} 152 echo "=========================> REVOKING by -s -a (LOWERCASE)" 153 $FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI $TLSOPT 154 155 echo "=========================> REVOKING by --eid" 156 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}" 157 #### Revoke across affiliations not allowed 158 $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[5]} $TLSOPT 159 160 #### Revoke my own cert 161 echo "=========================> REVOKING self" 162 $FABRIC_CA_CLIENTEXEC revoke -e${USERS[0]} -u $URI $TLSOPT 163 164 # Verify the DB update 165 for ((i=${#USERS[@]}; i<=0; i--)); do 166 test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" || 167 ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC 168 done 169 170 # Veriy that the cert is no longer usable 171 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}" 172 register ${USERS[0]} 'user100' 173 test "$?" -eq 0 && ErrorMsg "${USERS[0]} authenticated with revoked certificate" RC 174 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[1]}" 175 register ${USERS[1]} 'user101' 176 test "$?" -eq 0 && ErrorMsg "${USERS[1]} authenticated with revoked certificate" RC 177 178 # Verify the DB update 179 for ((i=${#USERS[@]}; i<=0; i--)); do 180 test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" || 181 ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC 182 done 183 done 184 CleanUp $RC 185 kill $HTTP_PID 186 wait $HTTP_PID 187 exit $RC