github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/gencsr_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 : ${TESTCASE:=gencsr} 9 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 10 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 11 CA_CFG_PATH="/tmp/$TESTCASE" 12 ADMINUSER="admin" 13 USERDIR="$CA_CFG_PATH/$ADMINUSER" 14 CONFIGFILE="$USERDIR/fabric-ca-client-config.yaml" 15 ADMINCERT="$USERDIR/admincert.pem" 16 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr 17 . $SCRIPTDIR/fabric-ca_utils 18 RC=0 19 export CA_CFG_PATH 20 rm -rf /tmp/${TESTCASE} 21 rm -rf /tmp/CAs/${TESTCASE} 22 23 function signReq() { 24 # sign CSR 25 HOME=$CA_CFG_PATH/$ADMINUSER reqout=$CSR \ 26 /etc/hyperledger/fabric-ca/pki -f signreq -a $TESTCASE -p $ADMINUSER <<EOF 27 y 28 y 29 EOF 30 } 31 32 function verifyResult() { 33 artifact="$1" 34 expected_subject="$2" 35 case $artifact in 36 cert) actual_subject="$(openssl x509 -in $ADMINCERT -noout -subject -nameopt rfc2253 |sed 's/subject=//')" 37 ;; 38 csr) actual_subject="$(openssl req -in $CSR -noout -subject -nameopt rfc2253 |sed 's/subject=//')" 39 ;; 40 esac 41 echo expected_subject: $expected_subject 42 test "$expected_subject" = "$actual_subject" || ErrorMsg "expected \n\"$expected_subject\"\n found \"$actual_subject\"" 43 } 44 45 # Create a new external PKI CA 46 /etc/hyperledger/fabric-ca/pki -f newca -a $TESTCASE 47 48 # supply CN at the command line 49 expected="CN=$ADMINUSER,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US" 50 fabric-ca-client gencsr --csr.cn "$ADMINUSER" -H $CA_CFG_PATH/$ADMINUSER 51 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 52 openssl req -noout -in $CSR -subject | sed 's/subject=//' 53 verifyResult csr "$expected" 54 signReq 55 verifyResult cert "$expected" 56 57 # supply CN from a file 58 sed -i "s/cn:.*/cn: $ADMINUSER/" $USERDIR/fabric-ca-client-config.yaml | grep cn: 59 fabric-ca-client gencsr -H $CA_CFG_PATH/$ADMINUSER 60 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 61 openssl req -noout -in $CSR -subject | sed 's/subject=//' 62 verifyResult csr "$expected" 63 signReq 64 verifyResult cert "$expected" 65 66 # CN from command line overrides file 67 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/new$ADMINUSER.csr 68 expected="CN=new$ADMINUSER,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US" 69 fabric-ca-client gencsr --csr.cn "new$ADMINUSER" -H $CA_CFG_PATH/$ADMINUSER 70 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 71 openssl req -noout -in $CSR -subject | sed 's/subject=//' 72 verifyResult csr "$expected" 73 signReq 74 verifyResult cert "$expected" 75 76 ## Supply names from file 77 sed -i "s/C:.*/C: FR/ 78 s/ST:.*/ST: Cantal/ 79 s/ST:.*/ST: Cantal/ 80 s/L:.*/L: Salers/ 81 s/O:.*/O: Gourmet/ 82 s/serialnumber:.*/serialnumber: ABCDEFGHIJKLMNOPQRSTUVWXYZ/" $USERDIR/fabric-ca-client-config.yaml 83 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr 84 expected="serialNumber=ABCDEFGHIJKLMNOPQRSTUVWXYZ,CN=admin,OU=Fabric,O=Gourmet,L=Salers,ST=Cantal,C=FR" 85 fabric-ca-client gencsr -H $CA_CFG_PATH/$ADMINUSER 86 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 87 openssl req -noout -in $CSR -subject | sed 's/subject=//' 88 verifyResult csr "$expected" 89 signReq 90 verifyResult cert "$expected" 91 cat $USERDIR/fabric-ca-client-config.yaml 92 # Names from command line overrides file 93 CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr 94 expected='serialNumber=0123456789,CN=admin,OU=Vieux,O=Moulin,L=Charleville-M\C3\A9zi\C3\A8rs,ST=Ardennes,C=FR' 95 fabric-ca-client gencsr --csr.names C=FR,ST=Ardennes,L=Charleville-Mézièrs,O=Moulin,OU=Vieux \ 96 --csr.hosts 1.1.1.1,::1,example.com,me@example.com \ 97 --csr.serialnumber "0123456789" \ 98 --csr.cn admin \ 99 -H $CA_CFG_PATH/$ADMINUSER 100 openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//' 101 openssl req -noout -in $CSR -subject | sed 's/subject=//' 102 verifyResult csr "$expected" 103 signReq 104 verifyResult cert "$expected" 105 106 CleanUp $RC 107 exit $RC