github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/revoke_test.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright IBM Corp. All Rights Reserved.
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
     9  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    10  TESTDATA="$FABRIC_CA/testdata"
    11  export CA_CFG_PATH="/tmp/revoke_test"
    12  RC=0
    13  DB="fabric_ca"
    14  USERS=("admin" "admin2" "notadmin" "testUser" "testUser2" "testUser3" )
    15  PSWDS=("adminpw" "adminpw2" "pass" "user1" "user2" "user3" )
    16  #USERS=("admin" "admin2" "notadmin")
    17  #PSWDS=("adminpw" "adminpw2" "pass")
    18  HTTP_PORT="3755"
    19  
    20  . $SCRIPTDIR/fabric-ca_utils
    21  setTLS
    22  # FIXME should not require user:pass
    23  URI="${PROTO}user:pass@localhost:$PROXY_PORT"
    24  
    25  genAffYaml() {
    26     local Planet=(0 1)
    27     local Landmass=(0)
    28     local Country=(0 1)
    29     local Province=(0 1 2)
    30     local Locale=(0)
    31     local City=(0 1)
    32     local Hood=(0 1 2 3 4 5 6)
    33     echo "affiliations:"
    34     indent="${indent}  "
    35     for P in ${Planet[@]}; do
    36       echo "${indent}Planet$P:"
    37       indent="${indent}  "
    38       for L in ${Landmass[@]}; do
    39         echo "${indent}Landmass$L:"
    40         indent="${indent}  "
    41          for C in ${Country[@]}; do
    42           echo "${indent}Country$C:"
    43           indent="${indent}  "
    44           for R in ${Province[@]}; do
    45              echo "${indent}Province$R:"
    46              indent="${indent}  "
    47             for O in ${Locale[@]}; do
    48               echo "${indent}Locale$O:"
    49               indent="${indent}  "
    50               for I in ${City[@]}; do
    51                 echo "${indent}City$I:"
    52                 indent="${indent}  "
    53                 for H in ${Hood[@]}; do
    54                   echo "${indent}- Hood$H"
    55                 done
    56                 indent="${indent#  }"
    57               done
    58               indent="${indent#  }"
    59             done
    60             indent="${indent#  }"
    61           done
    62           indent="${indent#  }"
    63         done
    64         indent="${indent#  }"
    65       done
    66       indent="${indent#  }"
    67     done
    68     indent="${indent}  "
    69  }
    70  
    71  # Expected codes
    72              # user  cert
    73  enrolledGood="1 good"
    74  enrolledRevoked="1 revoked"
    75  revokedRevoked="-1 revoked"
    76  TEST_RESULTS=("$revokedRevoked" "$revokedRevoked" "$enrolledRevoked" "$enrolledRevoked" "$enrolledGood" "$enrolledGood" )
    77  
    78  cd $TESTDATA
    79  python -m SimpleHTTPServer $HTTP_PORT &
    80  HTTP_PID=$!
    81  pollSimpleHttp
    82  echo $HTTP_PID
    83  trap "kill $HTTP_PID; CleanUp; exit 1" INT
    84  
    85  
    86  for driver in mysql postgres sqlite3; do
    87     echo ""
    88     echo ""
    89     echo ""
    90     echo ""
    91     echo "=====================> TESTING $driver"
    92     # Kill any running servers
    93     $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver
    94  
    95     # Setup CA server
    96     $SCRIPTDIR/fabric-ca_setup.sh -D -I -d $driver
    97     genAffYaml >> $CA_CFG_PATH/runFabricCaFvt.yaml
    98     $SCRIPTDIR/fabric-ca_setup.sh -D -S -X -d $driver -x $CA_CFG_PATH
    99     if test "$?" -ne 0; then
   100        kill $HTTP_PID
   101        wait $HTTP_PID
   102        ErrorExit "Failed to setup server" RC
   103     fi
   104     sleep 5
   105     # Enroll admin, admin2, notadmin, testUser
   106     i=-1
   107     while test $((i++)) -lt 5; do
   108        enroll "${USERS[i]}" "${PSWDS[i]}" "$CA_CFG_PATH/${USERS[i]}"
   109     done
   110  
   111     # notadmin cannot revoke
   112     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[2]}"
   113     $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT
   114     test "$?" -eq 0 && ErrorMsg "Non-revoker successfully revoked cert"
   115  
   116     # Check the DB contents
   117     while test $((i++)) -lt 3; do
   118        test "$(testStatus ${USERS[i]} $driver)" = "$enrolledGood" ||
   119        ErrorMsg "Incorrect user/certificate status for ${USERS[i]}" RC
   120     done
   121  
   122     ### Ensure case-insensitivity by using both upper/lower case
   123     ###  in two separate instances
   124     # Grab the serial number of notadmin cert
   125     SN_UC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem | awk -F'=' '{print toupper($2)}')"
   126     # and the auth keyid of notadmin cert - translate upper to lower case
   127     AKI_UC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print toupper($0)}')
   128  
   129     # Grab the serial number of testUser cert
   130     SN_LC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem | awk -F'=' '{print tolower($2)}')"
   131     # and the auth keyid of testUser cert - translate upper to lower case
   132     AKI_LC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print tolower($0)}')
   133  
   134     # Revoke the certs
   135     echo "=========================> REVOKING by --eid"
   136     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
   137     #### Blanket revoke all of admin2 certs
   138     $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT
   139  
   140     #### Revoke notadmin's cert by serial number and authority keyid
   141     #### using upper-case hexidecimal
   142     echo "=========================> REVOKING by -s -a (UPPERCASE)"
   143     $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT
   144  
   145     #### Ensure that revoking an already revoked cert doesn't blow up
   146     echo "=========================> Issuing duplicate revoke by -s -a"
   147     $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT
   148  
   149     #### Revoke using lower-case hexadeciaml
   150     # FIXME - should allow combination of SN + AKI + EID
   151     #$FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI -e${USERS[3]}
   152     echo "=========================> REVOKING by -s -a (LOWERCASE)"
   153     $FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI $TLSOPT
   154  
   155     echo "=========================> REVOKING by --eid"
   156     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
   157     #### Revoke across affiliations not allowed
   158     $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[5]} $TLSOPT
   159  
   160     #### Revoke my own cert
   161     echo "=========================> REVOKING self"
   162     $FABRIC_CA_CLIENTEXEC revoke -e${USERS[0]} -u $URI $TLSOPT
   163  
   164     # Verify the DB update
   165     for ((i=${#USERS[@]}; i<=0; i--)); do
   166        test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" ||
   167           ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC
   168     done
   169  
   170     # Veriy that the cert is no longer usable
   171     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
   172     register ${USERS[0]} 'user100'
   173     test "$?" -eq 0 && ErrorMsg "${USERS[0]} authenticated with revoked certificate" RC
   174     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[1]}"
   175     register ${USERS[1]} 'user101'
   176     test "$?" -eq 0 && ErrorMsg "${USERS[1]} authenticated with revoked certificate" RC
   177  
   178     # Verify the DB update
   179     for ((i=${#USERS[@]}; i<=0; i--)); do
   180        test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" ||
   181           ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC
   182     done
   183  done
   184  CleanUp $RC
   185  kill $HTTP_PID
   186  wait $HTTP_PID
   187  exit $RC