github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/gencsr_test.sh

github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/gencsr_test.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright IBM Corp. All Rights Reserved.
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  : ${TESTCASE:=gencsr}
     9  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
    10  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    11  CA_CFG_PATH="/tmp/$TESTCASE"
    12  ADMINUSER="admin"
    13  USERDIR="$CA_CFG_PATH/$ADMINUSER"
    14  CONFIGFILE="$USERDIR/fabric-ca-client-config.yaml"
    15  ADMINCERT="$USERDIR/admincert.pem"
    16  CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr
    17  . $SCRIPTDIR/fabric-ca_utils
    18  RC=0
    19  export CA_CFG_PATH
    20  rm -rf /tmp/${TESTCASE}
    21  rm -rf /tmp/CAs/${TESTCASE}
    22  
    23  function signReq() {
    24     # sign CSR
    25     HOME=$CA_CFG_PATH/$ADMINUSER reqout=$CSR \
    26     /etc/hyperledger/fabric-ca/pki -f signreq -a $TESTCASE -p $ADMINUSER <<EOF
    27  y
    28  y
    29  EOF
    30  }
    31  
    32  function verifyResult() {
    33     artifact="$1"
    34     expected_subject="$2"
    35     case $artifact in
    36        cert)  actual_subject="$(openssl x509 -in $ADMINCERT -noout -subject -nameopt rfc2253 |sed 's/subject=//')"
    37        ;;
    38        csr) actual_subject="$(openssl req -in $CSR -noout -subject -nameopt rfc2253 |sed 's/subject=//')"
    39        ;;
    40     esac
    41     echo expected_subject: $expected_subject
    42     test "$expected_subject" = "$actual_subject" || ErrorMsg "expected \n\"$expected_subject\"\n found \"$actual_subject\""
    43  }
    44  
    45  # Create a new external PKI CA
    46  /etc/hyperledger/fabric-ca/pki -f newca -a $TESTCASE
    47  
    48  # supply CN at the command line
    49  expected="CN=$ADMINUSER,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US"
    50  fabric-ca-client gencsr --csr.cn "$ADMINUSER" -H $CA_CFG_PATH/$ADMINUSER
    51  openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//'
    52  openssl req -noout -in $CSR -subject | sed 's/subject=//'
    53  verifyResult csr "$expected"
    54  signReq
    55  verifyResult cert "$expected"
    56  
    57  # supply CN from a file
    58  sed -i "s/cn:.*/cn: $ADMINUSER/" $USERDIR/fabric-ca-client-config.yaml | grep cn:
    59  fabric-ca-client gencsr -H $CA_CFG_PATH/$ADMINUSER
    60  openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//'
    61  openssl req -noout -in $CSR -subject | sed 's/subject=//'
    62  verifyResult csr "$expected"
    63  signReq
    64  verifyResult cert "$expected"
    65  
    66  # CN from command line overrides file
    67  CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/new$ADMINUSER.csr
    68  expected="CN=new$ADMINUSER,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US"
    69  fabric-ca-client gencsr --csr.cn "new$ADMINUSER" -H $CA_CFG_PATH/$ADMINUSER
    70  openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//'
    71  openssl req -noout -in $CSR -subject | sed 's/subject=//'
    72  verifyResult csr "$expected"
    73  signReq
    74  verifyResult cert "$expected"
    75  
    76  ## Supply names from file
    77  sed -i "s/C:.*/C: FR/
    78          s/ST:.*/ST: Cantal/
    79          s/ST:.*/ST: Cantal/
    80          s/L:.*/L: Salers/
    81          s/O:.*/O: Gourmet/
    82          s/serialnumber:.*/serialnumber: ABCDEFGHIJKLMNOPQRSTUVWXYZ/" $USERDIR/fabric-ca-client-config.yaml
    83  CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr
    84  expected="serialNumber=ABCDEFGHIJKLMNOPQRSTUVWXYZ,CN=admin,OU=Fabric,O=Gourmet,L=Salers,ST=Cantal,C=FR"
    85  fabric-ca-client gencsr -H $CA_CFG_PATH/$ADMINUSER
    86  openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//'
    87  openssl req -noout -in $CSR -subject | sed 's/subject=//'
    88  verifyResult csr "$expected"
    89  signReq
    90  verifyResult cert "$expected"
    91  cat  $USERDIR/fabric-ca-client-config.yaml
    92  # Names from command line overrides file
    93  CSR=$CA_CFG_PATH/$ADMINUSER/msp/signcerts/$ADMINUSER.csr
    94  expected='serialNumber=0123456789,CN=admin,OU=Vieux,O=Moulin,L=Charleville-M\C3\A9zi\C3\A8rs,ST=Ardennes,C=FR'
    95  fabric-ca-client gencsr --csr.names C=FR,ST=Ardennes,L=Charleville-Mézièrs,O=Moulin,OU=Vieux \
    96                          --csr.hosts 1.1.1.1,::1,example.com,me@example.com \
    97                          --csr.serialnumber "0123456789" \
    98                          --csr.cn admin \
    99                          -H $CA_CFG_PATH/$ADMINUSER
   100  openssl req -noout -in /tmp/gencsr/admin/msp/signcerts/admin.csr -subject | sed 's/subject=//'
   101  openssl req -noout -in $CSR -subject | sed 's/subject=//'
   102  verifyResult csr "$expected"
   103  signReq
   104  verifyResult cert "$expected"
   105  
   106  CleanUp $RC
   107  exit $RC