github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/revoke_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 TESTDATA="$FABRIC_CA/testdata" 11 export CA_CFG_PATH="/tmp/revoke_test" 12 RC=0 13 DB="fabric_ca" 14 USERS=("admin" "admin2" "notadmin" "testUser" "testUser2" "testUser3" ) 15 PSWDS=("adminpw" "adminpw2" "pass" "user1" "user2" "user3" ) 16 #USERS=("admin" "admin2" "notadmin") 17 #PSWDS=("adminpw" "adminpw2" "pass") 18 HTTP_PORT="3755" 19 20 . $SCRIPTDIR/fabric-ca_utils 21 # FIXME should not require user:pass 22 URI="${PROTO}user:pass@localhost:$PROXY_PORT" 23 24 genAffYaml() { 25 local Planet=(0 1) 26 local Landmass=(0) 27 local Country=(0 1) 28 local Province=(0 1 2) 29 local Locale=(0) 30 local City=(0 1) 31 local Hood=(0 1 2 3 4 5 6) 32 echo "affiliations:" 33 indent="${indent} " 34 for P in ${Planet[@]}; do 35 echo "${indent}Planet$P:" 36 indent="${indent} " 37 for L in ${Landmass[@]}; do 38 echo "${indent}Landmass$L:" 39 indent="${indent} " 40 for C in ${Country[@]}; do 41 echo "${indent}Country$C:" 42 indent="${indent} " 43 for R in ${Province[@]}; do 44 echo "${indent}Province$R:" 45 indent="${indent} " 46 for O in ${Locale[@]}; do 47 echo "${indent}Locale$O:" 48 indent="${indent} " 49 for I in ${City[@]}; do 50 echo "${indent}City$I:" 51 indent="${indent} " 52 for H in ${Hood[@]}; do 53 echo "${indent}- Hood$H" 54 done 55 indent="${indent# }" 56 done 57 indent="${indent# }" 58 done 59 indent="${indent# }" 60 done 61 indent="${indent# }" 62 done 63 indent="${indent# }" 64 done 65 indent="${indent# }" 66 done 67 indent="${indent} " 68 } 69 70 # Expected codes 71 # user cert 72 enrolledGood="1 good" 73 enrolledRevoked="1 revoked" 74 revokedRevoked="-1 revoked" 75 TEST_RESULTS=("$revokedRevoked" "$revokedRevoked" "$enrolledRevoked" "$enrolledRevoked" "$enrolledGood" "$enrolledGood" ) 76 77 cd $TESTDATA 78 python -m SimpleHTTPServer $HTTP_PORT & 79 HTTP_PID=$! 80 pollSimpleHttp 81 echo $HTTP_PID 82 trap "kill $HTTP_PID; CleanUp; exit 1" INT 83 84 85 for driver in mysql postgres sqlite3; do 86 echo "" 87 echo "" 88 echo "" 89 echo "" 90 echo "=====================> TESTING $driver" 91 # Kill any running servers 92 $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver 93 94 # Setup CA server 95 $SCRIPTDIR/fabric-ca_setup.sh -D -I -d $driver 96 genAffYaml >> $CA_CFG_PATH/runFabricCaFvt.yaml 97 $SCRIPTDIR/fabric-ca_setup.sh -D -S -X -d $driver -x $CA_CFG_PATH 98 if test "$?" -ne 0; then 99 kill $HTTP_PID 100 wait $HTTP_PID 101 ErrorExit "Failed to setup server" RC 102 fi 103 sleep 5 104 # Enroll admin, admin2, notadmin, testUser 105 i=-1 106 while test $((i++)) -lt 5; do 107 enroll "${USERS[i]}" "${PSWDS[i]}" "$CA_CFG_PATH/${USERS[i]}" 108 done 109 110 # notadmin cannot revoke 111 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[2]}" 112 $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT 113 test "$?" -eq 0 && ErrorMsg "Non-revoker successfully revoked cert" 114 115 # Check the DB contents 116 while test $((i++)) -lt 3; do 117 test "$(testStatus ${USERS[i]} $driver)" = "$enrolledGood" || 118 ErrorMsg "Incorrect user/certificate status for ${USERS[i]}" RC 119 done 120 121 ### Ensure case-insensitivity by using both upper/lower case 122 ### in two separate instances 123 # Grab the serial number of notadmin cert 124 SN_UC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem | awk -F'=' '{print toupper($2)}')" 125 # and the auth keyid of notadmin cert - translate upper to lower case 126 AKI_UC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print toupper($0)}') 127 128 # Grab the serial number of testUser cert 129 SN_LC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem | awk -F'=' '{print tolower($2)}')" 130 # and the auth keyid of testUser cert - translate upper to lower case 131 AKI_LC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print tolower($0)}') 132 133 # Revoke the certs 134 echo "=========================> REVOKING by --eid" 135 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}" 136 #### Blanket revoke all of admin2 certs 137 $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT 138 139 #### Revoke notadmin's cert by serial number and authority keyid 140 #### using upper-case hexidecimal 141 echo "=========================> REVOKING by -s -a (UPPERCASE)" 142 $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT 143 144 #### Ensure that revoking an already revoked cert doesn't blow up 145 echo "=========================> Issuing duplicate revoke by -s -a" 146 $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT 147 148 #### Revoke using lower-case hexadeciaml 149 # FIXME - should allow combination of SN + AKI + EID 150 #$FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI -e${USERS[3]} 151 echo "=========================> REVOKING by -s -a (LOWERCASE)" 152 $FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI $TLSOPT 153 154 echo "=========================> REVOKING by --eid" 155 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}" 156 #### Revoke across affiliations not allowed 157 $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[5]} $TLSOPT 158 159 #### Revoke my own cert 160 echo "=========================> REVOKING self" 161 $FABRIC_CA_CLIENTEXEC revoke -e${USERS[0]} -u $URI $TLSOPT 162 163 # Verify the DB update 164 for ((i=${#USERS[@]}; i<=0; i--)); do 165 test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" || 166 ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC 167 done 168 169 # Veriy that the cert is no longer usable 170 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}" 171 register ${USERS[0]} 'user100' 172 test "$?" -eq 0 && ErrorMsg "${USERS[0]} authenticated with revoked certificate" RC 173 export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[1]}" 174 register ${USERS[1]} 'user101' 175 test "$?" -eq 0 && ErrorMsg "${USERS[1]} authenticated with revoked certificate" RC 176 177 # Verify the DB update 178 for ((i=${#USERS[@]}; i<=0; i--)); do 179 test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" || 180 ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC 181 done 182 done 183 CleanUp $RC 184 kill $HTTP_PID 185 wait $HTTP_PID 186 exit $RC