github.com/simranvc/fabric-ca@v0.0.0-20191030094829-acc364294dde/scripts/fvt/enrollments_test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 CA_CFG_PATH="/tmp/fabric-ca/enrollments" 12 SERVERCONFIG="$CA_CFG_PATH/serverConfig.json" 13 CLIENTCONFIG="$CA_CFG_PATH/fabric-ca_client.json" 14 CLIENTCERT="$CA_CFG_PATH/admin/$MSP_CERT_DIR/cert.pem" 15 PKI="$SCRIPTDIR/utils/pki" 16 MAX_ENROLL="$1" 17 UNLIMITED=10 18 RC=0 19 : ${MAX_ENROLL:="32"} 20 : ${DRIVER:="sqlite3"} 21 : ${DATASRC:="fabric-ca-server.db"} 22 : ${FABRIC_CA_DEBUG:="false"} 23 export CA_CFG_PATH 24 25 function genServerConfig { 26 case "$1" in 27 implicit) cat > $SERVERCONFIG <<EOF 28 debug: true 29 db: 30 type: $DRIVER 31 datasource: $DATASRC 32 tls: 33 enabled: true 34 certfile: $TLS_SERVERCERT 35 keyfile: $TLS_SERVERKEY 36 ca: 37 certfile: $CA_CFG_PATH/fabric-ca-key.pem 38 keyfile: $CA_CFG_PATH/fabric-ca-cert.pem 39 registry: 40 identities: 41 - name: admin 42 pass: adminpw 43 type: client 44 affiliation: bank_a 45 attributes: 46 - hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 47 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 48 hf.Revoker: true 49 ldap: 50 enabled: false 51 url: ${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com 52 tls: 53 certfiles: 54 - $TLS_ROOTCERT 55 client: 56 certfile: $TLS_CLIENTCERT 57 keyfile: $TLS_CLIENTKEY 58 affiliations: 59 bank_a: 60 signing: 61 profiles: 62 default: 63 usage: 64 - cert sign 65 expiry: 8000h 66 csr: 67 cn: fabric-ca-server 68 names: 69 - C: US 70 ST: "North Carolina" 71 L: 72 O: Hyperledger 73 OU: Fabric 74 hosts: 75 - amphion 76 ca: 77 pathlen: 78 pathlenzero: 79 expiry: 80 crypto: 81 software: 82 hash_family: SHA2 83 security_level: 256 84 ephemeral: false 85 key_store_dir: keys 86 EOF 87 ;; 88 # Max enroll for identities cannot surpass global setting 89 invalid) cat > $SERVERCONFIG <<EOF 90 debug: true 91 db: 92 type: $DRIVER 93 datasource: $DATASRC 94 95 tls: 96 enabled: true 97 certfile: $TLS_SERVERCERT 98 keyfile: $TLS_SERVERKEY 99 ca: 100 certfile: $CA_CFG_PATH/fabric-ca-key.pem 101 keyfile: $CA_CFG_PATH/fabric-ca-cert.pem 102 registry: 103 maxEnrollments: 15 104 identities: 105 - name: admin 106 maxEnrollments: 16 107 pass: adminpw 108 type: client 109 affiliation: bank_a 110 attributes: 111 - hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 112 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 113 hf.Revoker: true 114 ldap: 115 enabled: false 116 url: ${LDAP_PROTO}CN=admin,dc=example,dc=com:adminpw@localhost:$LDAP_PORT/dc=example,dc=com 117 tls: 118 certfiles: 119 - $TLS_ROOTCERT 120 client: 121 certfile: $TLS_CLIENTCERT 122 keyfile: $TLS_CLIENTKEY 123 affiliations: 124 bank_a: 125 signing: 126 profiles: 127 default: 128 usage: 129 - cert sign 130 expiry: 8000h 131 csr: 132 cn: fabric-ca-server 133 names: 134 - C: US 135 ST: "North Carolina" 136 L: 137 O: Hyperledger 138 OU: Fabric 139 hosts: 140 - amphion 141 ca: 142 pathlen: 143 pathlenzero: 144 expiry: 145 crypto: 146 software: 147 hash_family: SHA2 148 security_level: 256 149 ephemeral: false 150 key_store_dir: keys 151 EOF 152 ;; 153 esac 154 } 155 156 trap "CleanUp 1; exit 1" INT 157 # explicitly set value 158 # user can only enroll MAX_ENROLL times 159 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 160 $SCRIPTDIR/fabric-ca_setup.sh -D -I -S -X -m $MAX_ENROLL 161 i=0 162 while test $((i++)) -lt "$MAX_ENROLL"; do 163 enroll 164 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 165 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 166 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 167 prevId="$currId" 168 done 169 # max reached -- should fail 170 enroll 171 test "$?" -eq 0 && ErrorMsg "Surpassed enrollment maximum" 172 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 173 test "$currId" != "$prevId" && ErrorMsg "Prior and current certificates are different" 174 prevId="$currId" 175 176 177 # explicitly set value to '1' 178 # user can only enroll once 179 MAX_ENROLL=1 180 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 181 $SCRIPTDIR/fabric-ca_setup.sh -D -I -S -X -m $MAX_ENROLL 182 i=0 183 while test $((i++)) -lt "$MAX_ENROLL"; do 184 enroll 185 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 186 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 187 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 188 prevId="$currId" 189 done 190 # max reached -- should fail 191 enroll 192 test "$?" -eq 0 && ErrorMsg "Surpassed enrollment maximum" 193 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 194 test "$currId" != "$prevId" && ErrorMsg "Prior and current certificates are different" 195 prevId="$currId" 196 197 # explicitly set value to '-1' 198 # user enrollment unlimited 199 MAX_ENROLL=-1 200 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 201 $SCRIPTDIR/fabric-ca_setup.sh -D -I -S -X -m $MAX_ENROLL 202 i=0 203 while test $((i++)) -lt "$UNLIMITED"; do 204 enroll 205 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 206 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 207 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 208 prevId="$currId" 209 done 210 211 # implicitly set value to '-1' (default) 212 # user enrollment unlimited 213 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 214 test -d $CA_CFG_PATH || mkdir $CA_CFG_PATH 215 genServerConfig implicit 216 $SCRIPTDIR/fabric-ca_setup.sh -S -X -g $SERVERCONFIG 217 i=0 218 while test $((i++)) -lt "$UNLIMITED"; do 219 enroll 220 test $? -eq 0 || ErrorMsg "Failed enrollment prematurely" 221 currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}') 222 test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ" 223 prevId="$currId" 224 done 225 226 # user enrollment > global 227 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 228 test -d $CA_CFG_PATH || mkdir $CA_CFG_PATH 229 genServerConfig invalid 230 $SCRIPTDIR/fabric-ca_setup.sh -o 0 -S -X -g $SERVERCONFIG | grep 'Configuration Error: Requested enrollments (16) exceeds maximum allowable enrollments (15)' 231 test $? -ne 0 && ErrorMsg "user enrollment > global setting" 232 233 $SCRIPTDIR/fabric-ca_setup.sh -L 234 $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 235 CleanUp $RC 236 exit $RC