github.com/extrame/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/certificates_test.sh

github.com/extrame/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/certificates_test.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright IBM Corp. All Rights Reserved.
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  : ${TESTCASE:="certificates"}
     9  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
    10  FABRIC_CAEXEC="$FABRIC_CA/bin/fabric-ca"
    11  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    12  TESTDATA="$FABRIC_CA/testdata"
    13  . $SCRIPTDIR/fabric-ca_utils
    14  RC=0
    15  
    16  USERNAME="admin"
    17  USERPSWD="adminpw"
    18  
    19  DBNAME=fabric_ca
    20  
    21  function postgresDBCleanup() {
    22      psql -d $DBNAME -c "TRUNCATE TABLE certificates" &> /dev/null
    23  }
    24  
    25  function populatePostgresCertsTable() {
    26      # Expired and Not Revoked
    27      insertCertsTable "user1" "1111" "2222" "11/18/2017" "01/01/0001"
    28      insertCertsTable "user2" "1112" "2223" "1/18/2018" "01/01/0001"
    29      insertCertsTable "user3" "1111" "2223" "1/18/2018" "01/01/0001"
    30      insertCertsTable "user3" "1111" "2224" "1/18/2018" "01/01/0001"
    31      insertCertsTable "user4" "1113" "2224" "1/25/2018" "01/01/0001"
    32  
    33      # Not Expired and Not Revoked
    34      NewDate=$(date "+%Y-%m-%d %H:%M:%S" -d "+20 days")
    35      insertCertsTable "user5" "1114" "2225" "$NewDate" "01/01/0001"
    36  
    37      # Revoked and Not Expired
    38      insertCertsTable "user5" "1115" "2225" "$NewDate" "2/18/2018"
    39      insertCertsTable "user6" "1116" "2225" "$NewDate" "2/18/2017"
    40      insertCertsTable "user7" "1117" "2225" "$NewDate" "1/18/2018"
    41  
    42      # Revoked and Expired
    43      insertCertsTable "user8" "1118" "2225" "1/30/2018" "1/18/2018"
    44  }
    45  
    46  function insertCertsTable() {
    47      local id="$1"
    48      local serial="$2"
    49      local aki="$3"
    50      local expiry="$4"
    51      local revokedAt="$5"
    52  
    53      # Generate certificates with the common name set to a user
    54      echo "Generating certificate for $id"
    55      openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=$id"
    56      pem=`cat cert.pem`
    57  
    58      # Store the generated certificate in the certificates table
    59      psql -d $DBNAME -c "INSERT INTO certificates (id, serial_number, authority_key_identifier, ca_label, status, reason, expiry, revoked_at, pem, level) VALUES ('$id', '$serial', '$aki', 'ca', 'active', '0', '$expiry', '$revokedAt', '$pem', '1')"
    60  }
    61  
    62  function assertContainsUserCert() {
    63      local testing="$1"
    64      shift
    65      local users=("$@")
    66  
    67      for i in "${users[@]}"; do
    68          grep "$i" output.txt
    69          test $? == 0 || ErrorMsg "Failed to complete 'certificates list' command with '$testing' flags, $i certificate not returned"
    70      done
    71  
    72  }
    73  
    74  function assertNotContainsUserCert() {
    75      local testing="$1"
    76      shift
    77      local users=("$@")
    78  
    79      for i in "${users[@]}"; do
    80          grep "$i" output.txt
    81          test $? == 1 || ErrorMsg "Incorrect results using 'certificate list' command with '$testing' flags, $i certificate should not be returned"
    82      done
    83  }
    84  
    85  function assertNumberOfCerts() {
    86      local count=$1
    87      tail -n 5 server.txt | grep "Number of certificates found: $count"
    88      test $? == 0 || ErrorMsg "Failed return correct number of certificates, expecting $count"
    89  }
    90  
    91  #####################################################################
    92  # Testing Certificates API with Postgres
    93  #####################################################################
    94  
    95  ###### Start Fabric CA Server with Postgres Database #######
    96  
    97  postgresDBCleanup
    98  $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -D -d postgres 2>&1 | tee server.txt &
    99  pollFabricCa
   100  populatePostgresCertsTable
   101  
   102  #### Enroll user first, so subsequent commands can be called ####
   103  $FABRIC_CA_CLIENTEXEC enroll -u "http://$USERNAME:$USERPSWD@$CA_HOST_ADDRESS:$PROXY_PORT" -H $CA_CFG_PATH/$USERNAME
   104  if [ $? != 0 ]; then
   105      ErrorMsg "Failed to enroll user"
   106  fi
   107  
   108  #### Test various filters for the list certificates commands #####
   109  
   110  ## List all certificates ##
   111  $FABRIC_CA_CLIENTEXEC certificate list -H $CA_CFG_PATH/$USERNAME > output.txt
   112  assertContainsUserCert "all" user1 user2 user3 user4 user5 user6 user7 user8
   113  assertNumberOfCerts 11
   114  
   115  ## List certificate by ID ##
   116  
   117  $FABRIC_CA_CLIENTEXEC certificate list --id user1 -H $CA_CFG_PATH/$USERNAME > output.txt
   118  assertContainsUserCert "--id" user1
   119  assertNumberOfCerts 1
   120  
   121  ## List certificate by Serial Number ##
   122  
   123  $FABRIC_CA_CLIENTEXEC certificate list --serial 1111 -H $CA_CFG_PATH/$USERNAME > output.txt
   124  users=(user1 user3)
   125  assertContainsUserCert "--serial" user1 user3
   126  assertNumberOfCerts 3
   127  
   128  ## List certificate by Serial Number and ID ##
   129  
   130  $FABRIC_CA_CLIENTEXEC certificate list --serial 1111 --id user1 -H $CA_CFG_PATH/$USERNAME --store $CA_CFG_PATH/$USERNAME > output.txt
   131  assertContainsUserCert "--serial --id" user1
   132  assertNotContainsUserCert "--serial --id" user3
   133  assertNumberOfCerts 1
   134  if [ ! -f $CA_CFG_PATH/$USERNAME/user1.pem ]; then
   135      ErrorMsg "Failed to store certificate in the specified location"
   136  fi
   137  
   138  ## List certificate by AKI ##
   139  
   140  $FABRIC_CA_CLIENTEXEC certificate list --aki 2223 -H $CA_CFG_PATH/$USERNAME > output.txt
   141  assertContainsUserCert "--aki" user2 user3
   142  assertNumberOfCerts 2
   143  
   144  ## List certificate by Serial Number, AKI, and ID ##
   145  
   146  $FABRIC_CA_CLIENTEXEC certificate list --serial 1111 --aki 2224 --id user3 -H $CA_CFG_PATH/$USERNAME > output.txt
   147  assertContainsUserCert "--serial --aki --id" user3
   148  assertNumberOfCerts 1
   149  grep "2223" output.txt
   150  test $? == 1 || ErrorMsg "Incorrectly got certificate for 'user3'"
   151  
   152  ## List certificate within expiration range ##
   153  
   154  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-03-01:: -H $CA_CFG_PATH/$USERNAME > output.txt
   155  assertContainsUserCert "--expiration date::" user5 user6 user7
   156  assertNotContainsUserCert "--expiration date::" user1 user2 user3 user4
   157  assertNumberOfCerts 5
   158  
   159  $FABRIC_CA_CLIENTEXEC certificate list --expiration ::2018-01-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   160  assertContainsUserCert "--expiration ::date" user1
   161  assertNotContainsUserCert "--expiration ::date" user2
   162  assertNumberOfCerts 1
   163  
   164  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-01-01::2018-03-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   165  assertContainsUserCert "--expiration date1::date2" user2 user3 user4 user8
   166  assertNotContainsUserCert "--expiration data1::date2" user1
   167  assertNumberOfCerts 5
   168  
   169  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-01-01::2018-03-01 --id user3 -H $CA_CFG_PATH/$USERNAME > output.txt
   170  assertContainsUserCert "--expiration date1::date2" user3
   171  assertNotContainsUserCert "--expiration date1::date2" user2
   172  assertNumberOfCerts 2
   173  
   174  ## List certificate within revocation range ##
   175  
   176  $FABRIC_CA_CLIENTEXEC certificate list --revocation 2018-02-01:: -H $CA_CFG_PATH/$USERNAME > output.txt
   177  assertContainsUserCert "--revocation date::" user5
   178  assertNumberOfCerts 1
   179  
   180  $FABRIC_CA_CLIENTEXEC certificate list --revocation ::2018-01-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   181  assertContainsUserCert "--revocation ::date" user6
   182  assertNotContainsUserCert "--revocation ::date" user5
   183  assertNumberOfCerts 1
   184  
   185  $FABRIC_CA_CLIENTEXEC certificate list --revocation 2018-01-01::2018-02-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   186  assertContainsUserCert "--revocation date1::date2" user7
   187  assertNotContainsUserCert "--revocation data1::date2" user5 user6
   188  assertNumberOfCerts 2
   189  
   190  ## List certificates within expiration range but have not been revoked ##
   191  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-01-20::2018-01-30 --notrevoked -H $CA_CFG_PATH/$USERNAME > output.txt
   192  assertContainsUserCert "--expiration --notrevoekd" user4
   193  assertNotContainsUserCert "--expiration --notrevoked" user8
   194  assertNumberOfCerts 1
   195  
   196  ## List certificates within revocation range but have not expired ##
   197  $FABRIC_CA_CLIENTEXEC certificate list --revocation 2018-01-01::2018-01-30 --notexpired -H $CA_CFG_PATH/$USERNAME > output.txt
   198  assertContainsUserCert "--revocation --notexpired" user7
   199  assertNotContainsUserCert "--revocation --notexpired" user8
   200  assertNumberOfCerts 1
   201  
   202  $SCRIPTDIR/fabric-ca_setup.sh -K
   203  postgresDBCleanup
   204  
   205  #####################################################################
   206  # Testing Certificates API with PostgreSQL - Complete
   207  #####################################################################
   208  
   209  function mysqlDBCleanup() {
   210      mysql --host=localhost --user=root --password=mysql --database=$DBNAME -e "TRUNCATE TABLE certificates" &> /dev/null
   211  }
   212  
   213  function populateMySQLCertsTable() {
   214      # Expired and Not Revoked
   215      insertMySQLCertsTable "user1" "1111" "2222" "2017/11/18" "0000/00/00"
   216      insertMySQLCertsTable "user2" "1112" "2223" "2018/01/18" "0000/00/00"
   217      insertMySQLCertsTable "user3" "1111" "2223" "2018/01/18" "0000/00/00"
   218      insertMySQLCertsTable "user3" "1111" "2224" "2018/01/18" "0000/00/00"
   219      insertMySQLCertsTable "user4" "1113" "2224" "2018/01/25" "0000/00/00"
   220  
   221      # Not Expired and Not Revoked
   222      NewDate=$(date "+%Y-%m-%d %H:%M:%S" -d "+20 days")
   223      insertMySQLCertsTable "user5" "1114" "2225" "$NewDate" "0000/00/00"
   224  
   225      # Revoked and Not Expired
   226      insertMySQLCertsTable "user5" "1115" "2225" "$NewDate" "2018/02/18"
   227      insertMySQLCertsTable "user6" "1116" "2225" "$NewDate" "2017/02/18"
   228      insertMySQLCertsTable "user7" "1117" "2225" "$NewDate" "2018/01/18"
   229  
   230      # Revoked and Expired
   231      insertMySQLCertsTable "user8" "1118" "2225" "2018/01/30" "2018/01/18"
   232  }
   233  
   234  function insertMySQLCertsTable() {
   235      local id="$1"
   236      local serial="$2"
   237      local aki="$3"
   238      local expiry="$4"
   239      local revokedAt="$5"
   240  
   241      # Generate certificates with the common name set to a user
   242      echo "Generating certificate for $id"
   243      openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=$id"
   244      pem=`cat cert.pem`
   245  
   246      # Store the generated certificate in the certificates table
   247      mysql --host=localhost --user=root --password=mysql --database=$DBNAME -e "INSERT INTO certificates (id, serial_number, authority_key_identifier, ca_label, status, reason, expiry, revoked_at, pem, level) VALUES ('$id', '$serial', '$aki', 'ca', 'active', '0', '$expiry', '$revokedAt', '$pem', '1')"
   248  }
   249  
   250  #####################################################################
   251  # Testing Certificates API with MySQL
   252  #####################################################################
   253  
   254  ###### Start Fabric CA Server with MySQL Database #######
   255  
   256  mysqlDBCleanup
   257  $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -D -d mysql 2>&1 | tee server.txt &
   258  pollFabricCa
   259  populateMySQLCertsTable
   260  
   261  #### Enroll user first, so subsequent commands can be called ####
   262  $FABRIC_CA_CLIENTEXEC enroll -u "http://$USERNAME:$USERPSWD@$CA_HOST_ADDRESS:$PROXY_PORT" -H $CA_CFG_PATH/$USERNAME
   263  if [ $? != 0 ]; then
   264      ErrorMsg "Failed to enroll user"
   265  fi
   266  
   267  #### Test various filters for the list certificates commands #####
   268  
   269  ## List all certificates ##
   270  $FABRIC_CA_CLIENTEXEC certificate list -H $CA_CFG_PATH/$USERNAME 2>&1 | tee output.txt
   271  assertContainsUserCert "all" user1 user2 user3 user4 user5 user6 user7 user8
   272  assertNumberOfCerts 11
   273  
   274  ## List certificate by ID ##
   275  
   276  $FABRIC_CA_CLIENTEXEC certificate list --id user1 -H $CA_CFG_PATH/$USERNAME > output.txt
   277  assertContainsUserCert "--id" user1
   278  assertNumberOfCerts 1
   279  
   280  ## List certificate by Serial Number ##
   281  
   282  $FABRIC_CA_CLIENTEXEC certificate list --serial 1111 -H $CA_CFG_PATH/$USERNAME > output.txt
   283  users=(user1 user3)
   284  assertContainsUserCert "--serial" user1 user3
   285  assertNumberOfCerts 3
   286  
   287  ## List certificate by Serial Number and ID ##
   288  
   289  $FABRIC_CA_CLIENTEXEC certificate list --serial 1111 --id user1 -H $CA_CFG_PATH/$USERNAME --store $CA_CFG_PATH/$USERNAME > output.txt
   290  assertContainsUserCert "--serial --id" user1
   291  assertNotContainsUserCert "--serial --id" user3
   292  assertNumberOfCerts 1
   293  if [ ! -f $CA_CFG_PATH/$USERNAME/user1.pem ]; then
   294      ErrorMsg "Failed to store certificate in the specified location"
   295  fi
   296  
   297  ## List certificate by AKI ##
   298  
   299  $FABRIC_CA_CLIENTEXEC certificate list --aki 2223 -H $CA_CFG_PATH/$USERNAME > output.txt
   300  assertContainsUserCert "--aki" user2 user3
   301  assertNumberOfCerts 2
   302  
   303  ## List certificate by Serial Number, AKI, and ID ##
   304  
   305  $FABRIC_CA_CLIENTEXEC certificate list --serial 1111 --aki 2224 --id user3 -H $CA_CFG_PATH/$USERNAME > output.txt
   306  assertContainsUserCert "--serial --aki --id" user3
   307  assertNumberOfCerts 1
   308  grep "2223" output.txt
   309  test $? == 1 || ErrorMsg "Incorrectly got certificate for 'user3'"
   310  
   311  ## List certificate within expiration range ##
   312  
   313  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-03-01:: -H $CA_CFG_PATH/$USERNAME > output.txt
   314  assertContainsUserCert "--expiration date::" user5 user6 user7
   315  assertNotContainsUserCert "--expiration date::" user1 user2 user3 user4
   316  assertNumberOfCerts 5
   317  
   318  $FABRIC_CA_CLIENTEXEC certificate list --expiration ::2018-01-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   319  assertContainsUserCert "--expiration ::date" user1
   320  assertNotContainsUserCert "--expiration ::date" user2
   321  assertNumberOfCerts 1
   322  
   323  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-01-01::2018-03-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   324  assertContainsUserCert "--expiration date1::date2" user2 user3 user4 user8
   325  assertNotContainsUserCert "--expiration data1::date2" user1
   326  assertNumberOfCerts 5
   327  
   328  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-01-01::2018-03-01 --id user3 -H $CA_CFG_PATH/$USERNAME > output.txt
   329  assertContainsUserCert "--expiration date1::date2" user3
   330  assertNotContainsUserCert "--expiration date1::date2" user2
   331  assertNumberOfCerts 2
   332  
   333  ## List certificate within revocation range ##
   334  
   335  $FABRIC_CA_CLIENTEXEC certificate list --revocation 2018-02-01:: -H $CA_CFG_PATH/$USERNAME > output.txt
   336  assertContainsUserCert "--revocation date::" user5
   337  assertNumberOfCerts 1
   338  
   339  $FABRIC_CA_CLIENTEXEC certificate list --revocation ::2018-01-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   340  assertContainsUserCert "--revocation ::date" user6
   341  assertNotContainsUserCert "--revocation ::date" user5
   342  assertNumberOfCerts 1
   343  
   344  $FABRIC_CA_CLIENTEXEC certificate list --revocation 2018-01-01::2018-02-01 -H $CA_CFG_PATH/$USERNAME > output.txt
   345  assertContainsUserCert "--revocation date1::date2" user7
   346  assertNotContainsUserCert "--revocation data1::date2" user5 user6
   347  assertNumberOfCerts 2
   348  
   349  ## List certificates within expiration range but have not been revoked ##
   350  $FABRIC_CA_CLIENTEXEC certificate list --expiration 2018-01-20::2018-01-30 --notrevoked -H $CA_CFG_PATH/$USERNAME > output.txt
   351  assertContainsUserCert "--expiration --notrevoekd" user4
   352  assertNotContainsUserCert "--expiration --notrevoked" user8
   353  assertNumberOfCerts 1
   354  
   355  ## List certificates within revocation range but have not expired ##
   356  $FABRIC_CA_CLIENTEXEC certificate list --revocation 2018-01-01::2018-01-30 --notexpired -H $CA_CFG_PATH/$USERNAME > output.txt
   357  assertContainsUserCert "--revocation --notexpired" user7
   358  assertNotContainsUserCert "--revocation --notexpired" user8
   359  assertNumberOfCerts 1
   360  
   361  $SCRIPTDIR/fabric-ca_setup.sh -K
   362  mysqlDBCleanup
   363  
   364  #####################################################################
   365  # Testing Certificates API with MySQL - Complete
   366  #####################################################################
   367  
   368  rm server.txt
   369  rm output.txt
   370  rm cert.pem
   371  rm key.pem