github.com/simranvc/fabric-ca@v0.0.0-20191030094829-acc364294dde/images/fabric-ca-fvt/payload/fabric-ca_utils (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 export FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 8 export FABRIC_CA_CLIENTEXEC="/usr/local/bin/fabric-ca-client" 9 export FABRIC_CA_SERVEREXEC="/usr/local/bin/fabric-ca-server" 10 export TESTDATA="$FABRIC_CA/testdata" 11 export SCRIPTDIR="$FABRIC_CA/scripts/fvt" 12 export MYSQL_PORT="3306" 13 export LDAP_PORT="636" 14 export LDAP_PROTO="ldaps://" 15 export POSTGRES_PORT="5432" 16 export PGPASSWORD='postgres' 17 export MSP_KEY_DIR='msp/keystore' 18 export MSP_CERT_DIR='msp/signcerts' 19 export FABRIC_CA_DATA="/etc/hyperledger/fabric-ca" 20 export TLS_ROOTCERT="$FABRIC_CA_DATA/FabricTlsPkiBundle.pem" 21 export TLS_SUBCACERT="$FABRIC_CA_DATA/FabricTlsSubCa-cert.pem" 22 export TLS_RACERT="$FABRIC_CA_DATA/FabricTlsRa-cert.pem" 23 export TLS_SERVERCERT="$FABRIC_CA_DATA/FabricTlsServerEEcert.pem" 24 export TLS_SERVERKEY="$FABRIC_CA_DATA/FabricTlsServerEEkey.pem" 25 export TLS_CLIENTCERT="$FABRIC_CA_DATA/FabricTlsClientEEcert.pem" 26 export TLS_CLIENTKEY="$FABRIC_CA_DATA/FabricTlsClientEEkey.pem" 27 export CA_HOST_ADDRESS="localhost" 28 export PROXY_PORT="7054" 29 export CA_DEFAULT_PORT="1${PROXY_PORT}" 30 export PROTO="https://" 31 32 DATE='date +%Y-%m-%d' 33 TIME='date +%I:%M:%S%p' 34 35 TimeStamp() { 36 printf "TIMESTAMP--%s %s\n" $($DATE) $($TIME) 37 } 38 39 tolower() { 40 echo "$1" | tr [:upper:] [:lower:] 41 } 42 43 ErrorMsg() { 44 local msg="$1" 45 local rc="$2" 46 : ${rc:="RC"} 47 echo -e "\033[31m ****** ERROR ****** $msg \033[0m" 48 let $rc+=1 49 } 50 51 ErrorExit() { 52 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH -d $driver 53 local msg="$1" 54 local rc="$2" 55 : ${rc:="RC"} 56 let $rc+=1 57 echo -e "\033[31m ****** ERROR ****** $msg \033[0m" 58 CleanUp $(eval echo \$$rc) 59 exit $(eval echo \$$rc) 60 } 61 62 isReachable() { 63 # a test to see if there is a listener on 64 # specified host:port 65 # netcat would be *far* simpler: 66 # nc -nzvt host port 67 # but not guaranteed to be installed 68 # so use python, since it is ubiquitious 69 local host="$1" 70 local port="$2" 71 test -z "$host" -o -z "$port" && return 1 72 73 python - <<END 74 import socket 75 import sys 76 import os 77 remoteServer = "$host" 78 port = int("$port"); 79 remoteServerIP = socket.gethostbyname(remoteServer) 80 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 81 result = sock.connect_ex((remoteServerIP, port)) 82 sock.close() 83 os._exit(result) 84 END 85 } 86 87 pollServer() { 88 local app="$1" 89 local host="$2" 90 local port="$3" 91 local timeout="$4" 92 : ${timeout:="10"} 93 local rc=1 94 local starttime=$(date +%s) 95 96 # continue to poll host:port until 97 # we either get a response, or reach timeout 98 while test "$(($(date +%s)-starttime))" -lt "$((timeout*2))" -a $rc -ne 0 99 do 100 printf "\r%s%03d" "Waiting for $app start on $host:$port ..." "$(($(date +%s)-starttime))" 101 ss -lpnt "src $host:$port" 102 isReachable "$host" "$port" 103 rc=$? 104 test $rc -eq 0 && break 105 sleep .5 106 done 107 echo "Server rc $rc" 108 return $rc 109 } 110 111 CleanUp() { 112 local RC=$1 113 : ${RC:=0} 114 ############################################################################### 115 # Summary 116 ############################################################################### 117 echo "" 118 echo "#########################################################################" 119 printf "RC: $RC, $TESTCASE " 120 121 if test "$RC" -eq 0; then 122 RESULT="PASSED" 123 else 124 RESULT="FAILED" 125 fi 126 127 printf "%s\n" $RESULT 128 RUNTIME_S="$((SECONDS-STARTIME))" 129 echo "$((RUNTIME_S/60)) minutes, $((RUNTIME_S%60)) seconds runtime" 130 printf "$(TimeStamp) $TESTCASE ENDED\n" 131 echo "#########################################################################" 132 133 TimeStamp 134 printf "%s test ended.\n" $TESTCASE 135 } 136 137 verifyServerTraffic() { 138 # verifyServerTraffic 139 # validate that backend <server_name> 140 # got at least <num_requests> requests from client 141 # with a minimum of <percent> HTTP status code <code> 142 local haproxy_addr="$1" 143 local server_name="$2" 144 local num_requests="$3" 145 local percent="$4" 146 local code="$5" 147 local op="$6" 148 local rc=0 149 150 # default 151 # server got at least one request 152 # all received requests were successfully served 153 : ${haproxy_addr:="localhost:10888"} 154 : ${server_name:="server1"} 155 : ${num_requests:="1"} 156 : ${percent:="100"} 157 : ${code:="HTTP 2xx"} 158 : ${op:="eq"} 159 160 result=$(curl -s http://${haproxy_addr}/ | 161 awk -v s="$server_name\"" '$0~s'|html2text| 162 awk -v c="$code" ' 163 /Cum. sessions:/ {sessions=$NF} 164 $0~c {gsub(/[(%)]/,"",$NF);status=$NF} 165 END {print sessions" "status}') 166 eval test "${result%% *}" -$op "$num_requests" 2>/dev/null; rc=$((rc+$?)) 167 eval test "${result##* }" -$op "$percent" 2>/dev/null; rc=$((rc+$?)) 168 169 return $rc 170 } 171 172 printAuth() { 173 local CLIENTCERT="$1" 174 local CLIENTKEY="$2" 175 176 : ${CLIENTCERT:="$HOME/fabric-ca/cert.pem"} 177 : ${CLIENTKEY:="$HOME/fabric-ca/key.pem"} 178 179 echo CERT: 180 openssl x509 -in $CLIENTCERT -text 2>&1 | sed 's/^/ /' 181 type=$(cat $CLIENTKEY | head -n1 | awk '{print tolower($2)}') 182 test -z "$type" && type=rsa 183 echo KEY: 184 openssl $type -in $CLIENTKEY -text 2>/dev/null| sed 's/^/ /' 185 } 186 187 startHttp() { 188 local port="$1" 189 local rootdir="$2" 190 cd $rootdir 191 python -m SimpleHTTPServer $port & 192 HTTP_PID=$! 193 pollServer python localhost "$HTTP_PORT" && return $HTTP_PID || return -1 194 } 195 196 keyCheck() { 197 local cert="$1" 198 local key="$2" 199 local alg="$3" 200 : ${alg:="rsa"} 201 test -f "$cert" -a -f "$key" || return 1 202 203 # check to see that the public/private key pair match 204 case "$alg" in 205 rsa|dsa) 206 k_hash=$(openssl $alg -noout -modulus -in $key 2>&1| awk -F'=' '/=/ {print $2}' | openssl md5 | awk '{print $NF}') 207 c_hash=$(openssl x509 -noout -modulus -in $cert 2>&1| awk -F'=' '/=/ {print $2}' | openssl md5 | awk '{print $NF}') 208 ;; 209 *) 210 k_hash=$(openssl $alg -pubout -in $key 2>/dev/null| openssl md5 | awk '{print $NF}') 211 c_hash=$(openssl x509 -noout -pubkey -in $cert | openssl md5 | awk '{print $NF}') 212 ;; 213 esac 214 215 test -z "$k_hash" -o -z "$c_hash" && return 1 216 test "$k_hash" == "$c_hash" || return 1 217 218 return 0 219 } 220 221 enroll() { 222 # Input : username, password 223 # Output: cert to filename1, key to filename2 224 local username="$1" 225 : ${username:="admin"} 226 local userpswd="$2" 227 : ${userpswd:="adminpw"} 228 local FABRIC_CA_ENROLLMENT_DIR="$CA_CFG_PATH/$username" 229 local FABRIC_CA_CERT_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_CERT_DIR/cert.pem" 230 local FABRIC_CA_KEY_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_KEY_DIR/key.pem" 231 local FABRIC_CA_CLIENT_HOME=$FABRIC_CA_ENROLLMENT_DIR 232 local HOST="localhost" 233 local PORT="$PROXY_PORT" 234 local RC=0 235 export FABRIC_CA_CLIENT_HOME 236 export FABRIC_CA_ENROLLMENT_DIR 237 238 test -d "$FABRIC_CA_ENROLLMENT_DIR" || mkdir -p "$FABRIC_CA_ENROLLMENT_DIR" 239 ENROLLCONFIG="$FABRIC_CA_ENROLLMENT_DIR/enroll.yaml" 240 241 $FABRIC_CA_CLIENTEXEC enroll -u "${PROTO}${username}:${userpswd}@${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT \ 242 -c $ENROLLCONFIG \ 243 --csr.hosts "$username@fab-client.raleigh.ibm.com" \ 244 --csr.hosts "$username.fabric.raleigh.ibm.com,127.0.0.2" 245 RC=$? 246 if test -n "$FABRIC_CA_DEBUG"; then 247 $(test "$RC" -eq 0 && $($FABRIC_CA_DEBUG)) && printAuth $FABRIC_CA_CERT_FILE $FABRIC_CA_KEY_FILE 248 fi 249 return $RC 250 } 251 252 reenroll() { 253 local USERNAME="$1" 254 : ${USERNAME:="admin"} 255 local FABRIC_CA_ENROLLMENT_DIR="$CA_CFG_PATH/$USERNAME" 256 local FABRIC_CA_CERT_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_CERT_DIR/cert.pem" 257 local FABRIC_CA_KEY_FILE="$FABRIC_CA_ENROLLMENT_DIR/$MSP_KEY_DIR/key.pem" 258 local FABRIC_CA_CLIENT_HOME=$FABRIC_CA_ENROLLMENT_DIR 259 local HOST="localhost" 260 local PORT="$PROXY_PORT" 261 local RC=0 262 export FABRIC_CA_CLIENT_HOME 263 export FABRIC_CA_ENROLLMENT_DIR 264 265 test -d "$FABRIC_CA_ENROLLMENT_DIR" || mkdir -p "$FABRIC_CA_ENROLLMENT_DIR" 266 FABRIC_CA_CERT_FILE="$FABRIC_CA_CLIENT_HOME/$MSP_CERT_DIR/cert.pem" 267 FABRIC_CA_KEY_FILE="$FABRIC_CA_CLIENT_HOME/$MSP_KEY_DIR/key.pem" 268 269 : ${KEYTYPE="ecdsa"} 270 : ${KEYLEN="256"} 271 test -d "$FABRIC_CA_CLIENT_HOME" || mkdir -p "$FABRIC_CA_CLIENT_HOME" 272 ENROLLCONFIG="$FABRIC_CA_CLIENT_HOME/enroll.yaml" 273 export FABRIC_CA_CLIENT_HOME 274 275 $FABRIC_CA_CLIENTEXEC reenroll -u $PROTO${CA_HOST_ADDRESS}:$PROXY_PORT $TLSOPT -c $ENROLLCONFIG 276 RC=$? 277 $($FABRIC_CA_DEBUG) && printAuth $FABRIC_CA_CERT_FILE $FABRIC_CA_KEY_FILE 278 $SCRIPTDIR/fabric-ca_setup.sh -L -d $driver 279 return $RC 280 } 281 282 283 register() { 284 local REGISTRAR="$1" 285 : ${REGISTRAR:="admin"} 286 local USERNAME="$2" 287 : ${USERNAME:="testuser"} 288 local USERTYPE="$3" 289 : ${USERTYPE:="client"} 290 local USERGRP="$4" 291 : ${USERGRP:="bank_a"} 292 test "$USERGRP" = '[]' && USERGRP_OPT="" || USERGRP_OPT="--id.affiliation $USERGRP" 293 local USERATTR="$5" 294 : ${USERATTR:='test=testValue'} 295 local FABRIC_CA_ENROLLMENT_DIR="$6" 296 297 : ${FABRIC_CA_ENROLLMENT_DIR:="$CA_CFG_PATH/$REGISTRAR"} 298 : ${FABRIC_CA_CLIENT_HOME:="$CA_CFG_PATH/$REGISTRAR"} 299 300 export FABRIC_CA_ENROLLMENT_DIR 301 $FABRIC_CA_CLIENTEXEC register -u "$PROTO${CA_HOST_ADDRESS}:$PROXY_PORT" $TLSOPT \ 302 --id.name "$USERNAME" \ 303 --id.type "$USERTYPE" \ 304 --id.maxenrollments 1 \ 305 $USERGRP_OPT \ 306 --id.attrs "$USERATTR" \ 307 -c $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml 308 local rc=$? 309 return $rc 310 } 311 312 function genRunconfig() { 313 local runconfig="$1" 314 local driver="$2" 315 local datasrc="$3" 316 local serverCert="$4" 317 local serverKey="$5" 318 local maxEnroll="$6" 319 local version="$7" 320 : ${FABRIC_CA_DEBUG:='false'} 321 local registry="" 322 323 case ${version:-"yaml"} in 324 json) if ! $($LDAP_ENABLE); then registry=" 325 \"registry\": { 326 \"maxEnrollments\": \"$maxEnroll\", 327 \"identities\": [ 328 { 329 \"name\": \"admin\", 330 \"pass\": \"adminpw\", 331 \"type\": \"client\", 332 \"affiliation\": \"bank_a\", 333 \"maxEnrollments\": \"$maxEnroll\", 334 \"attrs\": { 335 \"hf.Registrar.Roles\": \"client,user,peer,validator,auditor,ca\", 336 \"hf.Registrar.DelegateRoles\": \"client,user,validator,auditor\", 337 \"hf.Revoker\": true 338 } 339 }, 340 { 341 \"name\": \"admin2\", 342 \"pass\": \"adminpw2\", 343 \"type\": \"client\", 344 \"affiliation\": \"bank_a\", 345 \"maxEnrollments\": \"$maxEnroll\", 346 \"attrs\": { 347 \"hf.Registrar.Roles\": \"client,user,peer,validator,auditor,ca\", 348 \"hf.Registrar.DelegateRoles\": \"client,user,validator,auditor\", 349 \"hf.Revoker\": true 350 } 351 }, 352 { 353 \"name\": \"revoker\", 354 \"pass\": \"revokerpw\", 355 \"type\": \"client\", 356 \"affiliation\": \"bank_a\", 357 \"maxEnrollments\": \"$maxEnroll\", 358 \"attrs\": { 359 \"hf.Revoker\": true 360 } 361 }, 362 { 363 \"name\": \"revoker2\", 364 \"pass\": \"revokerpw2\", 365 \"type\": \"client\", 366 \"affiliation\": \"bank_a\", 367 \"maxEnrollments\": \"$maxEnroll\", 368 \"attrs\": { 369 \"hf.Revoker\": true 370 } 371 }, 372 { 373 \"name\": \"nonrevoker\", 374 \"pass\": \"nonrevokerpw\", 375 \"type\": \"client\", 376 \"affiliation\": \"bank_a\", 377 \"maxEnrollments\": \"$maxEnroll\" 378 }, 379 { 380 \"name\": \"nonrevoker2\", 381 \"pass\": \"nonrevokerpw2\", 382 \"type\": \"client\", 383 \"affiliation\": \"bank_a\", 384 \"maxEnrollments\": \"$maxEnroll\" 385 }, 386 { 387 \"name\": \"notadmin\", 388 \"pass\": \"pass\", 389 \"type\": \"client\", 390 \"affiliation\": \"bank_a\", 391 \"maxEnrollments\": \"$maxEnroll\", 392 \"attrs\": { 393 \"hf.Registrar.Roles\": \"client,user,peer,validator,auditor,ca\", 394 \"hf.Registrar.DelegateRoles\": \"client\" 395 } 396 }, 397 { 398 \"name\": \"expiryUser\", 399 \"pass\": \"expirypw\", 400 \"type\": \"client\", 401 \"affiliation\": \"bank_a\", 402 \"maxEnrollments\": \"$maxEnroll\" 403 }, 404 { 405 \"name\": \"testUser\", 406 \"pass\": \"user1\", 407 \"type\": \"client\", 408 \"affiliation\": \"bank_b\", 409 \"maxEnrollments\": \"$maxEnroll\", 410 \"attrs\": [] 411 }, 412 { 413 \"name\": \"testUser2\", 414 \"pass\": \"user2\", 415 \"type\": \"client\", 416 \"affiliation\": \"bank_c\", 417 \"maxEnrollments\": \"$maxEnroll\", 418 \"attrs\": [] 419 }, 420 { 421 \"name\": \"testUser3\", 422 \"pass\": \"user3\", 423 \"type\": \"client\", 424 \"affiliation\": \"bank_a\", 425 \"maxEnrollments\": \"$maxEnroll\", 426 \"attrs\": [] 427 } 428 ] 429 }, 430 " 431 fi 432 cat > $runconfig <<EOF 433 { 434 "address": "$CA_HOST_ADDRESS", 435 "port": $CA_DEFAULT_PORT, 436 "debug": "$FABRIC_CA_DEBUG", 437 "db": { 438 "type": "$driver", 439 "datasource": "$datasrc", 440 "tls": { 441 "enabled": "$TLS_ON", 442 "certfiles": [ "$TLS_ROOTCERT", $TLS_RACERT, $TLS_SUBCACERT ], 443 "client": { 444 "certfile": "$TLS_CLIENTCERT", 445 "keyfile": "$TLS_CLIENTKEY" 446 } 447 } 448 }, 449 "tls": { 450 "enabled": "$TLS_ON", 451 "certfile": "$TLS_SERVERCERT", 452 "keyfile": "$TLS_SERVERKEY" 453 }, 454 "ca": { 455 "certfile": "$serverCert", 456 "keyfile": "$serverKey" 457 }, 458 $registry 459 "ldap": { 460 "enabled": $LDAP_ENABLE, 461 "url": "${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com", 462 "tls": { 463 "certfiles": [ "$TLS_ROOTCERT", $TLS_RACERT, $TLS_SUBCACERT ], 464 "client": { 465 "certfile": "$TLS_CLIENTCERT", 466 "keyfile": "$TLS_CLIENTKEY" 467 } 468 } 469 }, 470 "affiliations": { 471 "bank_a": [ 472 "department1" 473 ], 474 "bank_b": [ 475 "department1" 476 ], 477 "bank_c": [ 478 "department1" 479 ], 480 "org1": [ 481 "department1", 482 "department2" 483 ], 484 "org2": [ 485 "department1", 486 "department2" 487 ], 488 "org3": [ 489 "department1", 490 "department2" 491 ] 492 }, 493 "signing": { 494 "profiles": null, 495 "default": { 496 "usage": [ 497 "cert sign", 498 "crl sign", 499 "digital signature", 500 "key encipherment", 501 "timestamping" 502 ], 503 "expiry": "8000h", 504 "crlurl": "http://localhost:3755/TestCRL.crl", 505 "caconstraint": { 506 "isca": true, 507 "maxpathlen": 1, 508 "ocspnocheck": true, 509 "notbefore": "2016-12-30T00:00:00.000Z" 510 } 511 } 512 }, 513 "csr": { 514 "cn": "fabric-ca-server", 515 "names": [ 516 { 517 "C": "US", 518 "ST": "North Carolina", 519 "L": null, 520 "O": "Hyperledger", 521 "OU": "Fabric" 522 } 523 ], 524 "hosts": [ 525 "fabricCa.hyperledger.example.com" 526 ], 527 "ca": { 528 "pathlen": null, 529 "pathlenzero": null, 530 "expiry": null 531 } 532 }, 533 "crypto": { 534 "software": { 535 "hash_family": "SHA2", 536 "security_level": 256, 537 "ephemeral": false, 538 "key_store_dir": "keys" 539 } 540 } 541 } 542 EOF 543 ;; 544 yaml) if ! $($LDAP_ENABLE); then registry=" 545 registry: 546 maxEnrollments: $maxEnroll 547 identities: 548 $(for i in {1..16}; do 549 echo " - name: intermediateCa$i 550 pass: intermediateCa${i}pw 551 type: client 552 affiliation: \"\" 553 maxenrollments: $maxEnroll 554 attrs: 555 hf.Registrar.Roles: \"client,user,peer,validator,auditor\" 556 hf.Registrar.DelegateRoles: \"client,user,validator,auditor\" 557 hf.Revoker: true 558 hf.IntermediateCA: true" 559 done) 560 - name: admin 561 pass: adminpw 562 type: client 563 affiliation: bank_a 564 maxEnrollments: $maxEnroll 565 attrs: 566 hf.Registrar.Roles: \"client,user,peer,validator,auditor,ca\" 567 hf.Registrar.DelegateRoles: \"client,user,validator,auditor\" 568 hf.Revoker: true 569 hf.IntermediateCA: true 570 - name: admin2 571 pass: adminpw2 572 type: client 573 affiliation: bank_a 574 maxEnrollments: $maxEnroll 575 attrs: 576 hf.Registrar.Roles: \"client,user,peer,validator,auditor,ca\" 577 hf.Registrar.DelegateRoles: \"client,user,validator,auditor\" 578 hf.Revoker: true 579 - name: revoker 580 pass: revokerpw 581 type: client 582 affiliation: bank_a 583 maxEnrollments: $maxEnroll 584 attrs: 585 hf.Revoker: true 586 - name: revoker2 587 pass: revokerpw2 588 type: client 589 affiliation: bank_a 590 maxEnrollments: $maxEnroll 591 attrs: 592 hf.Revoker: true 593 - name: nonrevoker 594 pass: nonrevokerpw 595 type: client 596 affiliation: bank_a 597 maxEnrollments: $maxEnroll 598 - name: nonrevoker2 599 pass: nonrevokerpw2 600 type: client 601 affiliation: bank_a 602 maxEnrollments: $maxEnroll 603 - name: notadmin 604 pass: pass 605 type: client 606 affiliation: bank_a 607 maxEnrollments: $maxEnroll 608 attrs: 609 hf.Registrar.Roles: \"client,user,peer,validator,auditor,ca\" 610 hf.Registrar.DelegateRoles: \"client\" 611 - name: expiryUser 612 pass: expirypw 613 type: client 614 affiliation: bank_a 615 maxEnrollments: $maxEnroll 616 - name: testUser 617 pass: user1 618 type: client 619 affiliation: bank_b 620 maxEnrollments: $maxEnroll 621 attrs: [] 622 - name: testUser2 623 pass: user2 624 type: client 625 affiliation: bank_c 626 maxEnrollments: $maxEnroll 627 attrs: [] 628 - name: testUser3 629 pass: user3 630 type: client 631 affiliation: bank_a 632 maxEnrollments: $maxEnroll 633 attrs: []" 634 fi 635 cat > $runconfig <<EOF 636 address: $CA_HOST_ADDRESS 637 port: $CA_DEFAULT_PORT 638 debug: $FABRIC_CA_DEBUG 639 db: 640 type: $driver 641 datasource: $datasrc 642 tls: 643 enabled: $TLS_ON 644 certfiles: 645 - $TLS_ROOTCERT 646 client: 647 certfile: $TLS_CLIENTCERT 648 keyfile: $TLS_CLIENTKEY 649 tls: 650 enabled: $TLS_ON 651 certfile: $TLS_SERVERCERT 652 keyfile: $TLS_SERVERKEY 653 ca: 654 name: 655 certfile: $serverCert 656 keyfile: $serverKey 657 $registry 658 ldap: 659 enabled: $LDAP_ENABLE 660 url: ${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com 661 tls: 662 certfiles: 663 - $TLS_ROOTCERT 664 client: 665 certfile: $TLS_CLIENTCERT 666 keyfile: $TLS_CLIENTKEY 667 affiliations: 668 bank_a: 669 - department1 670 bank_b: 671 - department1 672 bank_c: 673 - department1 674 org1: 675 - department1 676 - department2 677 org2: 678 - department1 679 - department2 680 signing: 681 default: 682 usage: 683 - cert sign 684 - crl sign 685 - digital signature 686 - key encipherment 687 - timestamping 688 expiry: 17520h 689 caconstraint: 690 isca: true 691 maxpathlen: 1 692 ocspnocheck: true 693 notbefore: 2016-12-30T00:00:00Z 694 profiles: 695 ca: 696 usage: 697 - cert sign 698 - crl sign 699 expiry: 17520h 700 caconstraint: 701 isca: true 702 maxpathlen: 0 703 ocspnocheck: true 704 notbefore: 2016-12-30T00:00:00Z 705 csr: 706 names: 707 - C: US 708 ST: "North Carolina" 709 L: 710 O: Hyperledger 711 OU: Fabric 712 hosts: 713 - fabricCa.hyperledger.example.com 714 - localhost 715 ca: 716 expiry: 131400h 717 pathlength: 1 718 bccsp: 719 default: SW 720 sw: 721 hash: SHA2 722 security: 256 723 filekeystore: 724 keystore: 725 cacount: 726 cafiles: 727 intermediate: 728 parentserver: 729 url: 730 caname: 731 enrollment: 732 hosts: 733 profile: 734 label: 735 tls: 736 certfiles: 737 client: 738 certfile: 739 keyfile: 740 EOF 741 ;; 742 esac 743 }