github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/reenroll_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 PKI="$SCRIPTDIR/utils/pki" 12 CERT_HOME="/tmp/CAs/" 13 REGISTRAR="admin" 14 REGISTRARPWD="adminpw" 15 RC=0 16 17 curr_year=$(date +"%g") 18 prev_year=$((curr_year-1)) 19 next_year=$((curr_year+1)) 20 21 past=$(date +"$prev_year%m%d%H%M%SZ") 22 now=$(date +"%g%m%d%H%M%SZ") 23 future=$(date +"$next_year%m%d%H%M%SZ") 24 25 NUM_SERVERS=4 26 USER_SERVER_RATIO=8 27 for u in $(eval echo {1..$((NUM_SERVERS*USER_SERVER_RATIO-1))}); do 28 USERS[u]="user$u" 29 done 30 NUM_USERS=${#USERS[*]} 31 EXPECTED_DISTRIBUTION=$(((NUM_USERS+1)*2/$NUM_SERVERS)) 32 33 . $SCRIPTDIR/fabric-ca_utils 34 35 while getopts "dx:" option; do 36 case "$option" in 37 d) FABRIC_CA_DEBUG="true" ;; 38 x) CA_CFG_PATH="$OPTARG" ;; 39 esac 40 done 41 42 : ${CA_CFG_PATH:="/tmp/reenroll"} 43 : ${FABRIC_CA_DEBUG="false"} 44 : ${HOST="localhost:10888"} 45 export CA_CFG_PATH 46 export FABRIC_CA_CLIENT_HOME="$CA_CFG_PATH/admin" 47 48 HTTP_PORT="3755" 49 50 rm -rf $CERT_HOME/ROOT_CERT $HOME/ROOT_CERT* 51 rm -rf $CERT_HOME/UNSUPPORTED $HOME/UNSUPPORTED- 52 $PKI -f newca -d sha256 -a ROOT_CERT -t ec -l 256 ROOT_CERT -n "/CN=ROOT_CERT/" 53 $PKI -f newcert -d sha256 -a ROOT_CERT -t dsa -l 256 -p UNSUPPORTED- -n "/CN=UNSUPPORTED/" <<EOF 54 y 55 y 56 EOF 57 $PKI -f newcert -e $past -d sha256 -a ROOT_CERT -t ec -l 256 -p EXPIRED- -n "/CN=EXPIRED/" <<EOF 58 y 59 y 60 EOF 61 $PKI -f newcert -s $future -d sha256 -a ROOT_CERT -t ec -l 256 -p UNRIPE- -n "/CN=UNRIPE/" <<EOF 62 y 63 y 64 EOF 65 66 test -f "$CERT_HOME" || mkdir -p "$CERT_HOME" 67 cd $CERT_HOME 68 cp $TESTDATA/TestCRL.crl $CERT_HOME 69 python -m SimpleHTTPServer $HTTP_PORT & 70 HTTP_PID=$! 71 pollSimpleHttp 72 echo $HTTP_PID 73 trap "kill $HTTP_PID; CleanUp 1; exit 1" INT 74 75 export FABRIC_CA_DEBUG 76 for driver in sqlite3 postgres mysql; do 77 echo "" 78 echo "" 79 echo "" 80 echo "------> BEGIN TESTING $driver <----------" 81 # note MAX_ENROLLMENTS defaults to '1' 82 $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver -x $CA_CFG_PATH 83 $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -n $NUM_SERVERS -d $driver -x $CA_CFG_PATH 84 if test $? -ne 0; then 85 ErrorMsg "Failed to setup server" 86 continue 87 fi 88 enroll $REGISTRAR 89 enroll $REGISTRAR 90 if test $? -ne 0; then 91 ErrorMsg "Failed to enroll $REGISTRAR" 92 continue 93 fi 94 95 for i in $(eval echo {1..$NUM_USERS}); do 96 OUT=$(register $REGISTRAR user${i}) 97 pswd[$i]=$(echo $OUT | tail -n1 | awk '{print $NF}') 98 echo $pswd 99 done 100 101 for i in $(eval echo {1..$NUM_USERS}); do 102 enroll user${i} ${pswd[i]} 103 test $? -ne 0 && ErrorMsg "Failed to reenroll user${i}" 104 done 105 106 keyStore="$CA_CFG_PATH/user1/$MSP_KEY_DIR" 107 certStore="$CA_CFG_PATH/user1/$MSP_CERT_DIR" 108 for cert in EXPIRED UNRIPE UNSUPPORTED; do 109 openssl x509 -in $HOME/${cert}-cert.pem -out $certStore/cert.pem 110 openssl ec -in $HOME/${cert}-key.pem -out $keyStore/key.pem 111 openssl ec -in $keyStore/key.pem -text 112 openssl x509 -in $certStore/cert.pem -text 113 reenroll user1 "$CA_CFG_PATH/user1/$MSP_CERT_DIR/cert.pem" "$CA_CFG_PATH/user1/$MSP_KEY_DIR/key.pem" 114 test $? -eq 0 && ErrorMsg "reenrolled user1 with unsupported cert" 115 done 116 $SCRIPTDIR/fabric-ca_setup.sh -L -d $driver 117 echo "------> END TESTING $driver <----------" 118 echo "***************************************" 119 echo "" 120 echo "" 121 echo "" 122 echo "" 123 done 124 $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver -x $CA_CFG_PATH 125 126 kill $HTTP_PID 127 wait $HTTP_PID 128 CleanUp $RC 129 exit $RC