github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/passwordsInLog_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 function rmConfigFiles() { 9 rm -rf $TESTDIR/ca-cert.pem \ 10 $TESTDIR/fabric-ca-server-config.yaml \ 11 $TESTDIR/fabric-ca-server.db $TESTDIR/msp \ 12 $TESTDIR/fabric-ca-cert.pem $TESTDIR/fabric_ca \ 13 $TESTDIR/runFabricCaFvt.yaml 14 } 15 16 function checkPasswd() { 17 local pswd="$1" 18 local Type="$2" 19 : ${Type:="user"} 20 21 set -f 22 # Extract password value(s) from logfile 23 case "$Type" in 24 user) passwd=$(egrep -ao "Pass:[^[:space:]]+" $LOGFILE| awk -F':' '{print $2}') ;; 25 ldap) passwd=$(egrep -aio "ldap.*@" $LOGFILE| awk -v FS=[:@] '{print $(NF-1)}') ;; 26 mysql) passwd=$(egrep -ao "[a-z0-9*]+@tcp" $LOGFILE| awk -v FS=@ '{print $(NF-1)}') ;; 27 postgres) passwd=$(egrep -ao "password=[^ ]+ " $LOGFILE| awk -F '=' '{print $2}') ;; 28 register) passwd=$(egrep -oar 'Received registration.*Secret[^ ]+' $LOGFILE | awk -F':' '{print $NF}') ;; 29 intermediateCa) passwd=$(egrep -ao "Enrolling.*Secret:[^ ]+ " $LOGFILE | awk -F':' '{print $NF}') ;; 30 esac 31 32 # Fail if password is empty 33 if [[ -z "$passwd" ]] ; then 34 ErrorMsg "Unable to extract password value(s) for type $Type" 35 fi 36 37 # Fail if password matches anything other than '*' 38 for p in $passwd; do 39 if ! [[ "$p" =~ \*+ ]]; then 40 ErrorMsg "Password '$passwd' was not masked in the log" 41 fi 42 done 43 44 # ensure any string passed in doesn't appear anywhere in logfile 45 if [[ -n "$pswd" ]]; then 46 grep "$pswd" "$LOGFILE" && ErrorMsg "$pswd was not masked in the log" 47 fi 48 set +f 49 } 50 51 function passWordSub() { 52 sed -i "/datasource:/ s/\(password=\)[[:alnum:]]\+\(.*\)/\1$PSWD\2/ 53 s/dc=com:$LDAP_PASSWD/dc=com:$PSWD/ 54 /enrollment:/ a\ name: user\n secret: $PSWD 55 s/datasource:\(.*\)mysql@/datasource:\1$PSWD@/" $TESTDIR/runFabricCaFvt.yaml 56 } 57 58 function testBootstrap() { 59 > $LOGFILE 60 # Test using bootstrap ID 61 fabric-ca-server init -b $USER:$PSWD -d 2>&1 | tee $LOGFILE 62 test ${PIPESTATUS[0]} -eq 0 && checkPasswd "$PSWD" || ErrorMsg "Init of CA failed" 63 cp $LOGFILE $FABRIC_CA_SERVER_HOME/testBootstrap.log 64 } 65 66 function testCaRegistry() { 67 > $LOGFILE 68 # Test using multiple IDs from pre-supplied config file 69 $SCRIPTDIR/fabric-ca_setup.sh -I -X -n1 -D 2>&1 | tee $LOGFILE 70 test ${PIPESTATUS[0]} -eq 0 && checkPasswd "$PSWD" || ErrorMsg "Init of CA failed" 71 cp $LOGFILE $FABRIC_CA_SERVER_HOME/testCaRegistry.log 72 } 73 74 function testExternalServers() { 75 for server in mysql postgres ldap; do 76 rmConfigFiles 77 case $server in 78 ldap) $SCRIPTDIR/fabric-ca_setup.sh -a -I -D > $LOGFILE 2>&1 ;; 79 *) $SCRIPTDIR/fabric-ca_setup.sh -I -D -d $server > $LOGFILE 2>&1 ;; 80 esac 81 passWordSub 82 $SCRIPTDIR/fabric-ca_setup.sh -D -X -S >> $LOGFILE 2>&1 83 test $? -eq 0 && checkPasswd "$PSWD" $server || ErrorMsg "Start of CA failed" 84 cp $LOGFILE $FABRIC_CA_SERVER_HOME/test${server}.log 85 $SCRIPTDIR/fabric-ca_setup.sh -K 86 done 87 } 88 89 function testRegister() { 90 rmConfigFiles 91 $SCRIPTDIR/fabric-ca_setup.sh -D -X -I -S > $LOGFILE 2>&1 92 test $? -eq 0 && checkPasswd "$PSWD" $server || ErrorMsg "Start of CA failed" 93 enroll 94 register 95 checkPasswd "" register 96 cat $LOGFILE 97 cp $LOGFILE $FABRIC_CA_SERVER_HOME/testRegisterGeneratedPswd.log 98 > $LOGFILE 99 register "" Testuser2 "" "" "" "" "$PSWD" 100 checkPasswd "$PSWD" register 101 cp $LOGFILE $FABRIC_CA_SERVER_HOME/testRegisterSuppliedPswd.log 102 } 103 104 function testIntermediateCa() { 105 FABRIC_CA_SERVER_HOME="$FABRIC_CA_SERVER_HOME/intCa1" 106 LOGFILE=$TESTDIR/testIntermediateCa.log 107 fabric-ca-server start --csr.hosts 127.0.0.2 --address 127.0.0.2 --port 7055 -b admin:adminpw $INTTLSOPT \ 108 -u ${PROTO}intermediateCa1:intermediateCa1pw@127.0.0.1:$CA_DEFAULT_PORT -d > $LOGFILE 2>&1 & 109 pollFabricCa "" 127.0.0.2 7055 || ErrorMsg "Failed to start intermediate CA" 110 checkPasswd intermediateCa1pw intermediateCa 111 cp $LOGFILE $FABRIC_CA_SERVER_HOME/testIntermediateCa.log 112 } 113 114 ### Start Main Test ### 115 RC=0 116 : ${TESTCASE:="passwordsInLog"} 117 TESTDIR="/tmp/$TESTCASE" 118 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 119 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 120 . $SCRIPTDIR/fabric-ca_utils 121 export CA_CFG_PATH="$TESTDIR" 122 export FABRIC_CA_SERVER_HOME="$TESTDIR" 123 LOGFILE=$FABRIC_CA_SERVER_HOME/log.txt 124 125 USER=administrator 126 PSWD=thisIs_aLongUniquePasswordWith_aMinisculePossibilityOfBeingDuplicated 127 128 $SCRIPTDIR/fabric-ca_setup.sh -R 129 mkdir -p $TESTDIR 130 testBootstrap 131 testCaRegistry 132 testExternalServers 133 testRegister 134 testIntermediateCa 135 136 CleanUp $RC 137 exit $RC