github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/revoke_test.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright IBM Corp. All Rights Reserved.
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
     9  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    10  TESTDATA="$FABRIC_CA/testdata"
    11  export CA_CFG_PATH="/tmp/revoke_test"
    12  RC=0
    13  DB="fabric_ca"
    14  USERS=("admin" "admin2" "notadmin" "testUser" "testUser2" "testUser3" )
    15  PSWDS=("adminpw" "adminpw2" "pass" "user1" "user2" "user3" )
    16  #USERS=("admin" "admin2" "notadmin")
    17  #PSWDS=("adminpw" "adminpw2" "pass")
    18  HTTP_PORT="3755"
    19  
    20  . $SCRIPTDIR/fabric-ca_utils
    21  # FIXME should not require user:pass
    22  URI="${PROTO}user:pass@localhost:$PROXY_PORT"
    23  
    24  genAffYaml() {
    25     local Planet=(0 1)
    26     local Landmass=(0)
    27     local Country=(0 1)
    28     local Province=(0 1 2)
    29     local Locale=(0)
    30     local City=(0 1)
    31     local Hood=(0 1 2 3 4 5 6)
    32     echo "affiliations:"
    33     indent="${indent}  "
    34     for P in ${Planet[@]}; do
    35       echo "${indent}Planet$P:"
    36       indent="${indent}  "
    37       for L in ${Landmass[@]}; do
    38         echo "${indent}Landmass$L:"
    39         indent="${indent}  "
    40          for C in ${Country[@]}; do
    41           echo "${indent}Country$C:"
    42           indent="${indent}  "
    43           for R in ${Province[@]}; do
    44              echo "${indent}Province$R:"
    45              indent="${indent}  "
    46             for O in ${Locale[@]}; do
    47               echo "${indent}Locale$O:"
    48               indent="${indent}  "
    49               for I in ${City[@]}; do
    50                 echo "${indent}City$I:"
    51                 indent="${indent}  "
    52                 for H in ${Hood[@]}; do
    53                   echo "${indent}- Hood$H"
    54                 done
    55                 indent="${indent#  }"
    56               done
    57               indent="${indent#  }"
    58             done
    59             indent="${indent#  }"
    60           done
    61           indent="${indent#  }"
    62         done
    63         indent="${indent#  }"
    64       done
    65       indent="${indent#  }"
    66     done
    67     indent="${indent}  "
    68  }
    69  
    70  # Expected codes
    71              # user  cert
    72  enrolledGood="1 good"
    73  enrolledRevoked="1 revoked"
    74  revokedRevoked="-1 revoked"
    75  TEST_RESULTS=("$revokedRevoked" "$revokedRevoked" "$enrolledRevoked" "$enrolledRevoked" "$enrolledGood" "$enrolledGood" )
    76  
    77  cd $TESTDATA
    78  python -m SimpleHTTPServer $HTTP_PORT &
    79  HTTP_PID=$!
    80  pollSimpleHttp
    81  echo $HTTP_PID
    82  trap "kill $HTTP_PID; CleanUp; exit 1" INT
    83  
    84  
    85  for driver in mysql postgres sqlite3; do
    86     echo ""
    87     echo ""
    88     echo ""
    89     echo ""
    90     echo "=====================> TESTING $driver"
    91     # Kill any running servers
    92     $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver
    93  
    94     # Setup CA server
    95     $SCRIPTDIR/fabric-ca_setup.sh -D -I -d $driver
    96     genAffYaml >> $CA_CFG_PATH/runFabricCaFvt.yaml
    97     $SCRIPTDIR/fabric-ca_setup.sh -D -S -X -d $driver -x $CA_CFG_PATH
    98     if test "$?" -ne 0; then
    99        kill $HTTP_PID
   100        wait $HTTP_PID
   101        ErrorExit "Failed to setup server" RC
   102     fi
   103     sleep 5
   104     # Enroll admin, admin2, notadmin, testUser
   105     i=-1
   106     while test $((i++)) -lt 5; do
   107        enroll "${USERS[i]}" "${PSWDS[i]}" "$CA_CFG_PATH/${USERS[i]}"
   108     done
   109  
   110     # notadmin cannot revoke
   111     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[2]}"
   112     $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT
   113     test "$?" -eq 0 && ErrorMsg "Non-revoker successfully revoked cert"
   114  
   115     # Check the DB contents
   116     while test $((i++)) -lt 3; do
   117        test "$(testStatus ${USERS[i]} $driver)" = "$enrolledGood" ||
   118        ErrorMsg "Incorrect user/certificate status for ${USERS[i]}" RC
   119     done
   120  
   121     ### Ensure case-insensitivity by using both upper/lower case
   122     ###  in two separate instances
   123     # Grab the serial number of notadmin cert
   124     SN_UC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem | awk -F'=' '{print toupper($2)}')"
   125     # and the auth keyid of notadmin cert - translate upper to lower case
   126     AKI_UC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[2]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print toupper($0)}')
   127  
   128     # Grab the serial number of testUser cert
   129     SN_LC="$(openssl x509 -noout -serial -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem | awk -F'=' '{print tolower($2)}')"
   130     # and the auth keyid of testUser cert - translate upper to lower case
   131     AKI_LC=$(openssl x509 -noout -text -in $CA_CFG_PATH/${USERS[3]}/msp/signcerts/cert.pem |awk '/keyid/ {gsub(/ *keyid:|:/,"",$1);print tolower($0)}')
   132  
   133     # Revoke the certs
   134     echo "=========================> REVOKING by --eid"
   135     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
   136     #### Blanket revoke all of admin2 certs
   137     $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[1]} $TLSOPT
   138  
   139     #### Revoke notadmin's cert by serial number and authority keyid
   140     #### using upper-case hexidecimal
   141     echo "=========================> REVOKING by -s -a (UPPERCASE)"
   142     $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT
   143  
   144     #### Ensure that revoking an already revoked cert doesn't blow up
   145     echo "=========================> Issuing duplicate revoke by -s -a"
   146     $FABRIC_CA_CLIENTEXEC revoke -s $SN_UC -a $AKI_UC -u $URI $TLSOPT
   147  
   148     #### Revoke using lower-case hexadeciaml
   149     # FIXME - should allow combination of SN + AKI + EID
   150     #$FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI -e${USERS[3]}
   151     echo "=========================> REVOKING by -s -a (LOWERCASE)"
   152     $FABRIC_CA_CLIENTEXEC revoke -s $SN_LC -a $AKI_LC -u $URI $TLSOPT
   153  
   154     echo "=========================> REVOKING by --eid"
   155     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
   156     #### Revoke across affiliations not allowed
   157     $FABRIC_CA_CLIENTEXEC revoke -u $URI -e${USERS[5]} $TLSOPT
   158  
   159     #### Revoke my own cert
   160     echo "=========================> REVOKING self"
   161     $FABRIC_CA_CLIENTEXEC revoke -e${USERS[0]} -u $URI $TLSOPT
   162  
   163     # Verify the DB update
   164     for ((i=${#USERS[@]}; i<=0; i--)); do
   165        test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" ||
   166           ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC
   167     done
   168  
   169     # Veriy that the cert is no longer usable
   170     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[0]}"
   171     register ${USERS[0]} 'user100'
   172     test "$?" -eq 0 && ErrorMsg "${USERS[0]} authenticated with revoked certificate" RC
   173     export FABRIC_CA_CLIENT_HOME="/tmp/revoke_test/${USERS[1]}"
   174     register ${USERS[1]} 'user101'
   175     test "$?" -eq 0 && ErrorMsg "${USERS[1]} authenticated with revoked certificate" RC
   176  
   177     # Verify the DB update
   178     for ((i=${#USERS[@]}; i<=0; i--)); do
   179        test "$(testStatus ${USERS[i-1]} $driver)" = "${TEST_RESULTS[i-1]}" ||
   180           ErrorMsg "Incorrect user/certificate status for ${USERS[i-1]}" RC
   181     done
   182  done
   183  CleanUp $RC
   184  kill $HTTP_PID
   185  wait $HTTP_PID
   186  exit $RC