github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/scripts/fvt/fabric-ca_utils (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 export FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 8 export FABRIC_CA_CLIENTEXEC="/usr/local/bin/fabric-ca-client" 9 export FABRIC_CA_SERVEREXEC="/usr/local/bin/fabric-ca-server" 10 export TESTDATA="$FABRIC_CA/testdata" 11 export SCRIPTDIR="$FABRIC_CA/scripts/fvt" 12 export MYSQL_PORT="3306" 13 export LDAP_PORT="389" 14 export LDAP_PROTO="ldap://" 15 export LDAP_TLS_PROTO="ldaps://" 16 export POSTGRES_PORT="5432" 17 export PGPASSWORD='postgres' 18 export MSP_KEY_DIR='msp/keystore' 19 export MSP_CERT_DIR='msp/signcerts' 20 export FABRIC_CA_DATA="/etc/hyperledger/fabric-ca" 21 export TLS_ROOTCERT="$FABRIC_CA_DATA/FabricTlsPkiBundle.pem" 22 export TLS_SUBCACERT="$FABRIC_CA_DATA/FabricTlsSubCa-cert.pem" 23 export TLS_RACERT="$FABRIC_CA_DATA/FabricTlsRa-cert.pem" 24 export TLS_SERVERCERT="$FABRIC_CA_DATA/FabricTlsServerEEcert.pem" 25 export TLS_SERVERKEY="$FABRIC_CA_DATA/FabricTlsServerEEkey.pem" 26 export TLS_CLIENTCERT="$FABRIC_CA_DATA/FabricTlsClientEEcert.pem" 27 export TLS_CLIENTKEY="$FABRIC_CA_DATA/FabricTlsClientEEkey.pem" 28 export CA_HOST_ADDRESS="localhost" 29 export PROXY_PORT="7054" 30 export CA_DEFAULT_PORT="1${PROXY_PORT}" 31 export PROFILING_PORT="2${PROXY_PORT}" 32 export DEFAULT_TIMEOUT="180" 33 export DEFAULT_CA_TIMEOUT="150" 34 export DEFAULT_HTTP_TIMEOUT="30" 35 export DEFAULT_MSG_TIMEOUT="30" 36 export DEFAULT_DB_TIMEOUT="30" 37 export INTERMEDIATE_PROXY_PORT="8054" 38 export INTERMEDIATE_CA_DEFAULT_PORT="1${INTERMEDIATE_PROXY_PORT}" 39 40 DATE='date +%Y-%m-%d' 41 TIME='date +%I:%M:%S%p' 42 43 TimeStamp() { 44 printf "TIMESTAMP--%s %s\n" $($DATE) $($TIME) 45 } 46 47 tolower() { 48 echo "$1" | tr [:upper:] [:lower:] 49 } 50 51 runPSQL() { 52 local cmd="$1" 53 local opts="$2" 54 local wrk_dir="$(pwd)" 55 cd /tmp 56 /usr/bin/psql "$opts" -U postgres -h localhost -c "$cmd" 57 local rc=$? 58 cd $wrk_dir 59 return $rc 60 } 61 62 setTLS() { 63 PROTO="http://" 64 TLSOPT="" 65 # if not set, default to OFF 66 if test -n "$FABRIC_TLS"; then 67 # otherwise, set TLS-related stuff 68 if $($FABRIC_TLS); then 69 PROTO="https://" 70 LDAP_PROTO="ldaps://" 71 LDAP_PORT=636 72 TLSOPT="--tls.certfiles $TLS_ROOTCERT" 73 INTTLSOPT="--intermediate.tls.certfiles $TLS_ROOTCERT" 74 fi 75 fi 76 } 77 78 ErrorMsg() { 79 local msg="$1" 80 local rc="$2" 81 : ${rc:="RC"} 82 echo -e "\033[31m ****** ERROR ****** $msg \033[0m" 83 let $rc+=1 84 } 85 86 ErrorExit() { 87 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 88 local msg="$1" 89 local rc="$2" 90 : ${rc:="RC"} 91 ErrorMsg "$msg" "$rc" 92 CleanUp $(eval echo \$$rc) 93 exit $(eval echo \$$rc) 94 } 95 96 isReachable() { 97 # a test to see if there is a listener on 98 # specified host:port 99 # netcat would be *far* simpler: 100 # nc -nzvt host port 101 # but not guaranteed to be installed 102 # so use python, since it is ubiquitious 103 local host="$1" 104 local port="$2" 105 test -z "$host" -o -z "$port" && return 1 106 107 python - <<END 108 import socket 109 import sys 110 import os 111 remoteServer = "$host" 112 port = int("$port"); 113 remoteServerIP = socket.gethostbyname(remoteServer) 114 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 115 result = sock.connect_ex((remoteServerIP, port)) 116 sock.close() 117 os._exit(result) 118 END 119 } 120 121 pollServer() { 122 local app="$1" 123 local host="$2" 124 local port="$3" 125 local timeout="$4" 126 : ${timeout:=$DEFAULT_TIMEOUT} 127 local action="$5" 128 : ${action:="start"} 129 local rc=1 130 local starttime=$(date +%s) 131 local searcHost=$host 132 test host = "0.0.0.0" && searcHost='*' 133 134 # continue to poll host:port until 135 # we either get a response, or reach timeout 136 while test "$(($(date +%s)-starttime))" -lt "$timeout" -a $rc -ne 0 137 do 138 printf "\r%s%03d" "Waiting for $app to $action on $host:$port... " "$(($(date +%s)-starttime))" 139 # ss -lpnt "src $searchHost:$port" 140 isReachable "$host" "$port" 141 rc=$? 142 # invert the normal sense of 'success' for stop 143 if test "$action" == "stop"; then 144 test $rc -ne 0 && rc=0 || rc=1 145 fi 146 test $rc -eq 0 && break 147 done 148 return $rc 149 } 150 151 pollLogForMsg() { 152 local msg="$1" 153 local log="$2" 154 local timeout="$3" 155 : ${timeout:=$DEFAULT_MSG_TIMEOUT} 156 local rc=1 157 local starttime=$(date +%s) 158 159 # continue to poll until 160 # we find $msg in $log, or reach timeout 161 while test "$(($(date +%s)-starttime))" -lt "$timeout" -a $rc -ne 0 162 do 163 egrep "$msg" "$log" 164 rc=$? 165 test $rc -eq 0 && break 166 sleep .1 167 done 168 return $rc 169 } 170 171 pollFabricCa() { 172 local app="$1" 173 local host="$2" 174 local port="$3" 175 local action="$4" 176 local timeout="$5" 177 : ${app:="$FABRIC_CA_SERVEREXEC"} 178 : ${host:="$CA_HOST_ADDRESS"} 179 : ${port:="$PROXY_PORT"} 180 : ${action:="start"} 181 : ${timeout:=$DEFAULT_CA_TIMEOUT} 182 183 pollServer "$app" "$host" "$port" "$timeout" "$action" 184 return $? 185 } 186 187 pollSimpleHttp() { 188 local app="$1" 189 local host="$2" 190 local port="$3" 191 local action="$4" 192 local timeout="$5" 193 : ${app:="python"} 194 : ${host:="localhost"} 195 : ${port:="3755"} 196 : ${action:="start"} 197 : ${timeout:=$DEFAULT_HTTP_TIMEOUT} 198 199 pollServer "$app" "$host" "$port" "$timeout" "$action" 200 return $? 201 } 202 203 pollMySql() { 204 local app="$1" 205 local host="$2" 206 local port="$3" 207 local action="$4" 208 local timeout="$5" 209 : ${app:="/usr/sbin/mysqld"} 210 : ${host:="localhost"} 211 : ${port:="$MYSQL_PORT"} 212 : ${action:="start"} 213 : ${timeout:=$DEFAULT_DB_TIMEOUT} 214 215 pollServer "$app" "$host" "$port" "$timeout" "$action" 216 return $? 217 } 218 219 pollPostgres() { 220 local app="$1" 221 local host="$2" 222 local port="$3" 223 local action="$4" 224 local timeout="$5" 225 : ${app:="postgres -D /usr/local/pgsql/data"} 226 : ${host:="localhost"} 227 : ${port:="$POSTGRES_PORT"} 228 : ${action:="start"} 229 : ${timeout:=$DEFAULT_DB_TIMEOUT} 230 231 pollServer "$app" "$host" "$port" "$timeout" "$action" 232 return $? 233 } 234 235 CleanUp() { 236 local RC=$1 237 : ${RC:=0} 238 ############################################################################### 239 # Summary 240 ############################################################################### 241 echo "" 242 echo "#########################################################################" 243 printf "RC: $RC, $TESTCASE " 244 245 if test "$RC" -eq 0; then 246 RESULT="PASSED" 247 else 248 RESULT="FAILED" 249 fi 250 251 printf "%s\n" $RESULT 252 RUNTIME_S="$((SECONDS-STARTIME))" 253 echo "$((RUNTIME_S/60)) minutes, $((RUNTIME_S%60)) seconds runtime" 254 printf "$(TimeStamp) $TESTCASE ENDED\n" 255 echo "#########################################################################" 256 257 TimeStamp 258 printf "%s test ended.\n" $TESTCASE 259 } 260 261 verifyServerTraffic() { 262 # verifyServerTraffic 263 # validate that backend <server_name> 264 # got at least <num_requests> requests from client 265 # with a minimum of <percent> HTTP status code <code> 266 local haproxy_addr="$1" 267 local server_name="$2" 268 local num_requests="$3" 269 local percent="$4" 270 local code="$5" 271 local op="$6" 272 local rc=0 273 274 # default 275 # server got at least one request 276 # all received requests were successfully served 277 : ${haproxy_addr:="localhost:10888"} 278 : ${server_name:="server1"} 279 : ${num_requests:="1"} 280 : ${percent:="100"} 281 : ${code:="HTTP 2xx"} 282 : ${op:="eq"} 283 284 result=$(curl -s http://${haproxy_addr}/ | 285 awk -v s="$server_name\"" '$0~s'|html2text| 286 awk -v c="$code" ' 287 /Cum. sessions:/ {sessions=$NF} 288 $0~c {gsub(/[(%)]/,"",$NF);status=$NF} 289 END {print sessions" "status}') 290 eval test "${result%% *}" -$op "$num_requests" 2>/dev/null; rc=$((rc+$?)) 291 eval test "${result##* }" -$op "$percent" 2>/dev/null; rc=$((rc+$?)) 292 return $rc 293 } 294 295 printAuth() { 296 test "$#" -eq 2 || return 1 297 local CLIENTCERT="$1" 298 local CLIENTKEY="$2" 299 300 echo CERT: 301 openssl x509 -in $CLIENTCERT -text 2>&1 | sed 's/^/ /' 302 type=$(cat $CLIENTKEY | head -n1 | awk '{print tolower($2)}') 303 test "$type" = "private" && type=ec 304 echo KEY: 305 openssl $type -in $CLIENTKEY -text 2>/dev/null| sed 's/^/ /' 306 } 307 308 startHttp() { 309 local port="$1" 310 local rootdir="$2" 311 cd $rootdir 312 python -m SimpleHTTPServer $port & 313 HTTP_PID=$! 314 pollSimpleHttp 315 } 316 317 keyCheck() { 318 local cert="$1" 319 local key="$2" 320 local alg="$3" 321 : ${alg:="rsa"} 322 test -f "$cert" -a -f "$key" || return 1 323 324 # check to see that the public/private key pair match 325 case "$alg" in 326 rsa|dsa) 327 k_hash=$(openssl $alg -noout -modulus -in $key 2>&1| awk -F'=' '/=/ {print $2}' | openssl md5 | awk '{print $NF}') 328 c_hash=$(openssl x509 -noout -modulus -in $cert 2>&1| awk -F'=' '/=/ {print $2}' | openssl md5 | awk '{print $NF}') 329 ;; 330 *) 331 k_hash=$(openssl $alg -pubout -in $key 2>/dev/null| openssl md5 | awk '{print $NF}') 332 c_hash=$(openssl x509 -noout -pubkey -in $cert | openssl md5 | awk '{print $NF}') 333 ;; 334 esac 335 336 test -z "$k_hash" -o -z "$c_hash" && return 1 337 test "$k_hash" == "$c_hash" || return 1 338 339 return 0 340 } 341 342 enroll() { 343 # Input : username, password 344 # Output: cert to filename1, key to filename2 345 local username="$1" 346 : ${username:="admin"} 347 local userpswd="$2" 348 : ${userpswd:="adminpw"} 349 if [ $# -gt 2 ]; then 350 ATTRS="--enrollment.attrs $3" 351 fi 352 local FABRIC_CA_ENROLLMENT_DIR="$CA_CFG_PATH/$username" 353 local FABRIC_CA_CERT_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_CERT_DIR/cert.pem" 354 local FABRIC_CA_KEY_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_KEY_DIR/key.pem" 355 local FABRIC_CA_CLIENT_HOME=$FABRIC_CA_ENROLLMENT_DIR 356 local HOST="localhost" 357 local PORT="$PROXY_PORT" 358 local RC=0 359 export FABRIC_CA_CLIENT_HOME 360 export FABRIC_CA_ENROLLMENT_DIR 361 362 test -d "$FABRIC_CA_ENROLLMENT_DIR" || mkdir -p "$FABRIC_CA_ENROLLMENT_DIR" 363 ENROLLCONFIG="$FABRIC_CA_ENROLLMENT_DIR/enroll.yaml" 364 365 # Determines the PROTO and TLSOPT values based on FABRIC_TLS setting 366 setTLS 367 $FABRIC_CA_CLIENTEXEC enroll -u "${PROTO}${username}:${userpswd}@${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT \ 368 -c $ENROLLCONFIG $ATTRS \ 369 --csr.hosts "$username@fab-client.raleigh.ibm.com" \ 370 --csr.hosts "$username.fabric.raleigh.ibm.com,127.0.0.2" 371 RC=$? 372 if test -n "$FABRIC_CA_DEBUG"; then 373 $(test "$RC" -eq 0 && $($FABRIC_CA_DEBUG)) && printAuth $FABRIC_CA_CERT_FILE $FABRIC_CA_KEY_FILE 374 fi 375 return $RC 376 } 377 378 reenroll() { 379 local USERNAME="$1" 380 : ${USERNAME:="admin"} 381 local FABRIC_CA_ENROLLMENT_DIR="$CA_CFG_PATH/$USERNAME" 382 local FABRIC_CA_CERT_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_CERT_DIR/cert.pem" 383 local FABRIC_CA_KEY_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_KEY_DIR/key.pem" 384 local FABRIC_CA_CLIENT_HOME=$FABRIC_CA_ENROLLMENT_DIR 385 local HOST="localhost" 386 local PORT="$PROXY_PORT" 387 local RC=0 388 export FABRIC_CA_CLIENT_HOME 389 export FABRIC_CA_ENROLLMENT_DIR 390 391 test -d "$FABRIC_CA_ENROLLMENT_DIR" || mkdir -p "$FABRIC_CA_ENROLLMENT_DIR" 392 FABRIC_CA_CERT_FILE="$FABRIC_CA_CLIENT_HOME/$MSP_CERT_DIR/cert.pem" 393 FABRIC_CA_KEY_FILE="$FABRIC_CA_CLIENT_HOME/$MSP_KEY_DIR/key.pem" 394 395 : ${KEYTYPE="ecdsa"} 396 : ${KEYLEN="256"} 397 test -d "$FABRIC_CA_CLIENT_HOME" || mkdir -p "$FABRIC_CA_CLIENT_HOME" 398 ENROLLCONFIG="$FABRIC_CA_CLIENT_HOME/enroll.yaml" 399 export FABRIC_CA_CLIENT_HOME 400 setTLS 401 $FABRIC_CA_CLIENTEXEC reenroll -u $PROTO${CA_HOST_ADDRESS}:$PROXY_PORT $TLSOPT -c $ENROLLCONFIG 402 RC=$? 403 $($FABRIC_CA_DEBUG) && printAuth $FABRIC_CA_CERT_FILE $FABRIC_CA_KEY_FILE 404 $SCRIPTDIR/fabric-ca_setup.sh -L -d $driver 405 return $RC 406 } 407 408 register() { 409 local REGISTRAR="$1" 410 : ${REGISTRAR:="admin"} 411 local USERNAME="$2" 412 : ${USERNAME:="testuser"} 413 local USERTYPE="$3" 414 : ${USERTYPE:="client"} 415 local USERGRP="$4" 416 : ${USERGRP:="bank_a"} 417 test "$USERGRP" = '[]' && USERGRP_OPT="" || USERGRP_OPT="--id.affiliation $USERGRP" 418 local USERATTR="$5" 419 : ${USERATTR:='test=testValue'} 420 local FABRIC_CA_ENROLLMENT_DIR="$6" 421 422 : ${FABRIC_CA_ENROLLMENT_DIR:="$CA_CFG_PATH/$REGISTRAR"} 423 : ${FABRIC_CA_CLIENT_HOME:="$CA_CFG_PATH/$REGISTRAR"} 424 425 export FABRIC_CA_ENROLLMENT_DIR 426 setTLS 427 $FABRIC_CA_CLIENTEXEC register -d -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT \ 428 --id.name "$USERNAME" \ 429 --id.type "$USERTYPE" \ 430 --id.maxenrollments 1 \ 431 $USERGRP_OPT \ 432 --id.attrs "$USERATTR" \ 433 -c $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml 434 local rc=$? 435 return $rc 436 } 437 438 function genRunconfig() { 439 local runconfig="$1" 440 local driver="$2" 441 local datasrc="$3" 442 local serverCert="$4" 443 local serverKey="$5" 444 local maxEnroll="$6" 445 local version="$7" 446 : ${FABRIC_TLS:='false'} 447 : ${FABRIC_CA_DEBUG:='false'} 448 local registry="" 449 setTLS 450 451 case ${version:-"yaml"} in 452 json) if ! $($LDAP_ENABLE); then registry=" 453 \"registry\": { 454 \"maxEnrollments\": \"$maxEnroll\", 455 \"identities\": [ 456 { 457 \"name\": \"admin\", 458 \"pass\": \"adminpw\", 459 \"type\": \"client\", 460 \"affiliation\": \"bank_a\", 461 \"maxEnrollments\": \"$maxEnroll\", 462 \"attrs\": { 463 \"hf.Registrar.Roles\": \"client,user,peer,validator,auditor,ca\", 464 \"hf.Registrar.DelegateRoles\": \"client,user,validator,auditor\", 465 \"hf.Revoker\": true, 466 \"hf.GenCRL\": true 467 } 468 }, 469 { 470 \"name\": \"admin2\", 471 \"pass\": \"adminpw2\", 472 \"type\": \"client\", 473 \"affiliation\": \"bank_a\", 474 \"maxEnrollments\": \"$maxEnroll\", 475 \"attrs\": { 476 \"hf.Registrar.Roles\": \"client,user,peer,validator,auditor,ca\", 477 \"hf.Registrar.DelegateRoles\": \"client,user,validator,auditor\", 478 \"hf.Revoker\": true, 479 \"hf.GenCRL\": true 480 } 481 }, 482 { 483 \"name\": \"revoker\", 484 \"pass\": \"revokerpw\", 485 \"type\": \"client\", 486 \"affiliation\": \"bank_a\", 487 \"maxEnrollments\": \"$maxEnroll\", 488 \"attrs\": { 489 \"hf.Revoker\": true 490 } 491 }, 492 { 493 \"name\": \"revoker2\", 494 \"pass\": \"revokerpw2\", 495 \"type\": \"client\", 496 \"affiliation\": \"bank_a\", 497 \"maxEnrollments\": \"$maxEnroll\", 498 \"attrs\": { 499 \"hf.Revoker\": true 500 } 501 }, 502 { 503 \"name\": \"nonrevoker\", 504 \"pass\": \"nonrevokerpw\", 505 \"type\": \"client\", 506 \"affiliation\": \"bank_a\", 507 \"maxEnrollments\": \"$maxEnroll\" 508 }, 509 { 510 \"name\": \"nonrevoker2\", 511 \"pass\": \"nonrevokerpw2\", 512 \"type\": \"client\", 513 \"affiliation\": \"bank_a\", 514 \"maxEnrollments\": \"$maxEnroll\" 515 }, 516 { 517 \"name\": \"notadmin\", 518 \"pass\": \"pass\", 519 \"type\": \"client\", 520 \"affiliation\": \"bank_a\", 521 \"maxEnrollments\": \"$maxEnroll\", 522 \"attrs\": { 523 \"hf.Registrar.Roles\": \"client,user,peer,validator,auditor,ca\", 524 \"hf.Registrar.DelegateRoles\": \"client\" 525 } 526 }, 527 { 528 \"name\": \"expiryUser\", 529 \"pass\": \"expirypw\", 530 \"type\": \"client\", 531 \"affiliation\": \"bank_a\", 532 \"maxEnrollments\": \"$maxEnroll\" 533 }, 534 { 535 \"name\": \"testUser\", 536 \"pass\": \"user1\", 537 \"type\": \"client\", 538 \"affiliation\": \"bank_b\", 539 \"maxEnrollments\": \"$maxEnroll\", 540 \"attrs\": [] 541 }, 542 { 543 \"name\": \"testUser2\", 544 \"pass\": \"user2\", 545 \"type\": \"client\", 546 \"affiliation\": \"bank_c\", 547 \"maxEnrollments\": \"$maxEnroll\", 548 \"attrs\": [] 549 }, 550 { 551 \"name\": \"testUser3\", 552 \"pass\": \"user3\", 553 \"type\": \"client\", 554 \"affiliation\": \"bank_a\", 555 \"maxEnrollments\": \"$maxEnroll\", 556 \"attrs\": [] 557 } 558 ] 559 }, 560 " 561 fi 562 cat > $runconfig <<EOF 563 { 564 "address": "$CA_HOST_ADDRESS", 565 "port": $CA_DEFAULT_PORT, 566 "debug": "$FABRIC_CA_DEBUG", 567 "db": { 568 "type": "$driver", 569 "datasource": "$datasrc", 570 "tls": { 571 "enabled": "$TLS_ON", 572 "certfiles": [ "$TLS_ROOTCERT", $TLS_RACERT, $TLS_SUBCACERT ], 573 "client": { 574 "certfile": "$TLS_CLIENTCERT", 575 "keyfile": "$TLS_CLIENTKEY" 576 } 577 } 578 }, 579 "tls": { 580 "enabled": "$TLS_ON", 581 "certfile": "$TLS_SERVERCERT", 582 "keyfile": "$TLS_SERVERKEY" 583 }, 584 "ca": { 585 "certfile": "$serverCert", 586 "keyfile": "$serverKey" 587 }, 588 $registry 589 "ldap": { 590 "enabled": $LDAP_ENABLE, 591 "url": "${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com", 592 "tls": { 593 "certfiles": [ "$TLS_ROOTCERT", $TLS_RACERT, $TLS_SUBCACERT ], 594 "client": { 595 "certfile": "$TLS_CLIENTCERT", 596 "keyfile": "$TLS_CLIENTKEY" 597 } 598 } 599 }, 600 "affiliations": { 601 "bank_a": [ 602 "department1" 603 ], 604 "bank_b": [ 605 "department1" 606 ], 607 "bank_c": [ 608 "department1" 609 ], 610 "org1": [ 611 "department1", 612 "department2" 613 ], 614 "org2": [ 615 "department1", 616 "department2" 617 ], 618 "org3": [ 619 "department1", 620 "department2" 621 ] 622 }, 623 "signing": { 624 "profiles": null, 625 "default": { 626 "usage": [ 627 "cert sign", 628 "crl sign", 629 "digital signature", 630 "key encipherment", 631 "timestamping" 632 ], 633 "expiry": "8000h", 634 "crlurl": "http://localhost:3755/TestCRL.crl", 635 "caconstraint": { 636 "isca": true, 637 "maxpathlen": 1, 638 "ocspnocheck": true, 639 "notbefore": "2016-12-30T00:00:00.000Z" 640 } 641 } 642 }, 643 "csr": { 644 "cn": "fabric-ca-server", 645 "names": [ 646 { 647 "C": "US", 648 "ST": "North Carolina", 649 "L": null, 650 "O": "Hyperledger", 651 "OU": "Fabric" 652 } 653 ], 654 "hosts": [ 655 "fabricCa.hyperledger.example.com" 656 ], 657 "ca": { 658 "pathlen": null, 659 "pathlenzero": null, 660 "expiry": null 661 } 662 }, 663 "crypto": { 664 "software": { 665 "hash_family": "SHA2", 666 "security_level": 256, 667 "ephemeral": false, 668 "key_store_dir": "keys" 669 } 670 } 671 } 672 EOF 673 ;; 674 yaml) if ! $($LDAP_ENABLE); then registry=" 675 registry: 676 maxEnrollments: $maxEnroll 677 identities: 678 $(for i in {1..16}; do 679 echo " - name: intermediateCa$i 680 pass: intermediateCa${i}pw 681 type: client 682 affiliation: \"\" 683 maxenrollments: $maxEnroll 684 attrs: 685 hf.Registrar.Roles: \"client,user,peer,validator,auditor\" 686 hf.Registrar.DelegateRoles: \"client,user,validator,auditor\" 687 hf.Revoker: true 688 hf.IntermediateCA: true" 689 done) 690 - name: admin 691 pass: adminpw 692 type: client 693 affiliation: 694 maxEnrollments: $maxEnroll 695 attrs: 696 hf.Registrar.Roles: \"client,user,peer,validator,auditor,ca\" 697 hf.Registrar.DelegateRoles: \"client,user,validator,auditor\" 698 hf.Revoker: true 699 hf.IntermediateCA: true 700 hf.Registrar.Attributes: \"*\" 701 hf.GenCRL: true 702 - name: admin2 703 pass: adminpw2 704 type: client 705 affiliation: 706 maxEnrollments: $maxEnroll 707 attrs: 708 hf.Registrar.Roles: \"client,user,peer,validator,auditor,ca\" 709 hf.Registrar.DelegateRoles: \"client,user,validator,auditor\" 710 hf.Revoker: true 711 hf.IntermediateCA: true 712 hf.Registrar.Attributes: \"*\" 713 hf.GenCRL: true 714 - name: revoker 715 pass: revokerpw 716 type: client 717 affiliation: bank_a 718 maxEnrollments: $maxEnroll 719 attrs: 720 hf.Revoker: true 721 - name: revoker2 722 pass: revokerpw2 723 type: client 724 affiliation: bank_a 725 maxEnrollments: $maxEnroll 726 attrs: 727 hf.Revoker: true 728 - name: nonrevoker 729 pass: nonrevokerpw 730 type: client 731 affiliation: bank_a 732 maxEnrollments: $maxEnroll 733 - name: nonrevoker2 734 pass: nonrevokerpw2 735 type: client 736 affiliation: bank_a 737 maxEnrollments: $maxEnroll 738 - name: notadmin 739 pass: pass 740 type: client 741 affiliation: bank_a 742 maxEnrollments: $maxEnroll 743 attrs: 744 hf.Registrar.Roles: \"client,user,peer,validator,auditor,ca\" 745 hf.Registrar.DelegateRoles: \"client\" 746 - name: expiryUser 747 pass: expirypw 748 type: client 749 affiliation: bank_a 750 maxEnrollments: $maxEnroll 751 - name: testUser 752 pass: user1 753 type: client 754 affiliation: bank_b 755 maxEnrollments: $maxEnroll 756 attrs: [] 757 - name: testUser2 758 pass: user2 759 type: client 760 affiliation: bank_c 761 maxEnrollments: $maxEnroll 762 attrs: [] 763 - name: testUser3 764 pass: user3 765 type: client 766 affiliation: bank_a 767 maxEnrollments: $maxEnroll 768 attrs: []" 769 fi 770 cat > $runconfig <<EOF 771 address: $CA_HOST_ADDRESS 772 port: $CA_DEFAULT_PORT 773 debug: $FABRIC_CA_DEBUG 774 db: 775 type: $driver 776 datasource: $datasrc 777 tls: 778 enabled: $TLS_ON 779 certfiles: 780 - $TLS_ROOTCERT 781 client: 782 certfile: $TLS_CLIENTCERT 783 keyfile: $TLS_CLIENTKEY 784 tls: 785 enabled: $TLS_ON 786 certfile: $TLS_SERVERCERT 787 keyfile: $TLS_SERVERKEY 788 ca: 789 name: 790 certfile: $serverCert 791 keyfile: $serverKey 792 $registry 793 ldap: 794 enabled: $LDAP_ENABLE 795 url: ${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com 796 attribute: 797 names: ["uid"] 798 converters: 799 - name: hf.Revoker 800 value: attr("uid") =~ "revoker*" 801 - name: hf.Registrar.Roles 802 value: if( attr("uid") =~ "revoker*", "client", "") 803 - name: mapattr 804 value: map("foo1,foo2,foo3","Map1") 805 maps: 806 Map1: 807 - name: foo1 808 value: bar1 809 - name: foo2 810 value: bar2 811 tls: 812 certfiles: 813 - $TLS_ROOTCERT 814 client: 815 certfile: $TLS_CLIENTCERT 816 keyfile: $TLS_CLIENTKEY 817 affiliations: 818 bank_a: 819 - department1 820 bank_b: 821 - department1 822 bank_c: 823 - department1 824 org1: 825 - department1 826 - department2 827 org2: 828 - department1 829 - department2 830 signing: 831 default: 832 usage: 833 - cert sign 834 - crl sign 835 - digital signature 836 - key encipherment 837 - timestamping 838 expiry: 17520h 839 caconstraint: 840 isca: true 841 maxpathlen: 1 842 ocspnocheck: true 843 notbefore: 2016-12-30T00:00:00Z 844 profiles: 845 ca: 846 usage: 847 - cert sign 848 - crl sign 849 expiry: 17520h 850 caconstraint: 851 isca: true 852 maxpathlen: 0 853 ocspnocheck: true 854 notbefore: 2016-12-30T00:00:00Z 855 csr: 856 keyrequest: 857 algo: $KEYTYPE 858 size: $KEYLEN 859 names: 860 - C: US 861 ST: "North Carolina" 862 L: 863 O: Hyperledger 864 OU: Fabric 865 hosts: 866 - fabricCa.hyperledger.example.com 867 - localhost 868 ca: 869 expiry: 131400h 870 pathlength: 1 871 bccsp: 872 default: SW 873 sw: 874 hash: SHA2 875 security: 256 876 filekeystore: 877 keystore: 878 cacount: $CACOUNT 879 cafiles: 880 intermediate: 881 parentserver: 882 url: 883 caname: 884 enrollment: 885 hosts: 886 profile: 887 label: 888 tls: 889 certfiles: 890 - $TLS_ROOTCERT 891 client: 892 certfile: $TLS_CLIENTCERT 893 keyfile: $TLS_CLIENTKEY 894 EOF 895 ;; 896 esac 897 } 898 899 function testStatus() { 900 local user="$1" 901 local driver="$2" 902 local ca_cfg_path="$3" 903 local dbname="$4" 904 : ${driver:="sqlite3"} 905 : ${ca_cfg_path:="$CA_CFG_PATH"} 906 : ${dbname:="fabric_ca"} 907 case $driver in 908 sqlite3) 909 user_status="$(sqlite3 $ca_cfg_path/$dbname "SELECT * FROM users WHERE (id=\"$user\");")" 910 cert_status="$(sqlite3 $ca_cfg_path/$dbname "SELECT * FROM certificates WHERE (id=\"$user\");")" 911 912 user_status_code="$(printf "$user_status" | awk -F'|' -v s=$user '$1~s {print $6}')" 913 cert_status_code="$(printf "$cert_status" | awk -F'|' -v s=$user '$1~s {print $5}')" 914 ;; 915 mysql) 916 user_status_code=$(mysql --host=localhost --user=root --password=mysql -e "SELECT * FROM users WHERE (id=\"$user\");" $dbname| awk -F'\t' -v u=$user '$1==u {print $6}') 917 cert_status_code=$(mysql --host=localhost --user=root --password=mysql -e "SELECT * FROM certificates WHERE (id=\"$user\") order by revoked_at;" $dbname| awk -F'\t' -v u=$user '$1==u {print $5}') 918 ;; 919 postgres) 920 user_status_code=$(/usr/bin/psql -U postgres -h localhost -c "SELECT id,state FROM users WHERE id='$user';" --dbname=$dbname | awk -v u=$user -F'|' '$1~u {gsub(/ /,"");print $2}') 921 cert_status_code=$(/usr/bin/psql -U postgres -h localhost -c "SELECT id,encode(status,'escape') FROM certificates WHERE id='$user' order by revoked_at;" --dbname=$dbname | awk -v u=$user -F'|' '$1~u {gsub(/ /,"");print $2}') 922 ;; 923 esac 924 echo "$user_status_code $cert_status_code" 925 } 926 927 function killserver { 928 echo "killing server $1" 929 kill -9 $1 930 pollFabricCa "" "" "$CA_DEFAULT_PORT" stop 30 931 return $? 932 }