[FAB-6932] Unstage key variation test

When Change 16085 - Merged
[FAB-6932] Unmarshal key request object correctly
the keys test should have been re-enabled

Change-Id: Ied91ff56be1bc2f520c6adee5908b875f16f4247
Signed-off-by: Allen Bailey <[email protected]>

images/fabric-ca-fvt/payload/slapd_setup.sh

@@ -7,7 +7,7 @@ slapd slapd/password2 password $LDAPPASWD\n\
 slapd slapd/internal/adminpw password $LDAPPASWD\n\
 slapd slapd/password1 password $LDAPPASWD\n\
 slapd slapd/domain string example.com\n\
-slapd shared/organization string example.com" | debconf-set-selections 
+slapd shared/organization string example.com" | debconf-set-selections
 apt-get -y update
 apt-get -y install --no-install-recommends slapd ldap-utils
 adduser openldap ssl-cert

images/fabric-ca-fvt/payload/tls_pki.sh

@@ -18,8 +18,8 @@ five_year=$(date +"$five%m%d%H%M%SZ")
 two_year=$(date +"$two%m%d%H%M%SZ")
 
 KeyType="$1"
-case ${KeyType:=rsa} in 
-    ec) CaKeyLength=521 
+case ${KeyType:=rsa} in
+    ec) CaKeyLength=521
         CaDigest="sha512"
         EeKeyLength=384
         EeDigest="sha384"

scripts/fvt/backwards_comp_test.sh

@@ -133,13 +133,13 @@ function loadUsers {
       psql -d $DBNAME -c "INSERT INTO users (id, token, type, affiliation, attributes, state, max_enrollments) VALUES ('notregistrar', '', 'user', 'org2', '[{\"name\": \"hf.Revoker\", \"value\": \"true\"}]', '0', '-1')"
 
       sed -i "s/type: mysql/type: postgres/
-          s/datasource:.*/datasource: host=localhost port=$POSTGRES_PORT user=postgres password=postgres dbname=$DBNAME $postgresTls/" $TESTCONFIG 
+          s/datasource:.*/datasource: host=localhost port=$POSTGRES_PORT user=postgres password=postgres dbname=$DBNAME $postgresTls/" $TESTCONFIG
       ;;
     mysql)
       mysql --host=localhost --user=root --password=mysql -e "CREATE DATABASE $DBNAME"
       mysql --host=localhost --user=root --password=mysql --database=$DBNAME -e "CREATE TABLE IF NOT EXISTS users (id VARCHAR(255) NOT NULL, token blob, type VARCHAR(256), affiliation VARCHAR(1024), attributes TEXT, state INTEGER, max_enrollments INTEGER, PRIMARY KEY (id)) DEFAULT CHARSET=utf8 COLLATE utf8_bin"
       mysql --host=localhost --user=root --password=mysql --database=$DBNAME -e "INSERT INTO users (id, token, type, affiliation, attributes, state, max_enrollments) VALUES ('registrar', '', 'user', 'org2', '[{\"name\": \"hf.Registrar.Roles\", \"value\": \"user,peer,client\"},{\"name\": \"hf.Revoker\", \"value\": \"true\"}]', '0', '-1')"
-      mysql --host=localhost --user=root --password=mysql --database=$DBNAME -e "INSERT INTO users (id, token, type, affiliation, attributes, state, max_enrollments) VALUES ('notregistrar', '', 'user', 'org2', '[{\"name\": \"hf.Revoker\", \"value\": \"true\"}]', '0', '-1')" 
+      mysql --host=localhost --user=root --password=mysql --database=$DBNAME -e "INSERT INTO users (id, token, type, affiliation, attributes, state, max_enrollments) VALUES ('notregistrar', '', 'user', 'org2', '[{\"name\": \"hf.Revoker\", \"value\": \"true\"}]', '0', '-1')"
       ;;
     *)
       echo "Invalid database type"

scripts/fvt/enroll.sh

@@ -1,75 +1,50 @@
 #!/bin/bash
+
 #
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 
 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
-FABRIC_CAEXEC="$FABRIC_CA/bin/fabric-ca"
-TESTDATA="$FABRIC_CA/testdata"
 SCRIPTDIR="$FABRIC_CA/scripts/fvt"
 . $SCRIPTDIR/fabric-ca_utils
-HOST="http://localhost:$PROXY_PORT"
 RC=0
-$($FABRIC_TLS) && HOST="https://localhost:$PROXY_PORT"
 
 while getopts "du:p:t:l:x:" option; do
   case "$option" in
      d)   FABRIC_CA_DEBUG="true" ;;
      x)   CA_CFG_PATH="$OPTARG" ;;
      u)   USERNAME="$OPTARG" ;;
-     p)   USERPSWD="$OPTARG"
-          test -z "$USERPSWD" && AUTH=false
-     ;;
+     p)   USERPSWD="$OPTARG" ;;
      t)   KEYTYPE="$OPTARG" ;;
      l)   KEYLEN="$OPTARG" ;;
   esac
 done
 test -z "$CA_CFG_PATH" && CA_CFG_PATH="$HOME/fabric-ca"
-test -z "$CLIENTCERT" && CLIENTCERT="$CA_CFG_PATH/cert.pem"
-test -z "$CLIENTKEY" && CLIENTKEY="$CA_CFG_PATH/key.pem"
 test -f "$CA_CFG_PATH" || mkdir -p $CA_CFG_PATH
 
 : ${FABRIC_CA_DEBUG="false"}
-: ${AUTH="true"}
 : ${USERNAME="admin"}
 : ${USERPSWD="adminpw"}
-$($AUTH) || unset USERPSWD
 : ${KEYTYPE="ecdsa"}
 : ${KEYLEN="256"}
 
 test "$KEYTYPE" = "ecdsa" && sslcmd="ec"
 
-genClientConfig "$CA_CFG_PATH/client-config.json"
-$FABRIC_CAEXEC client enroll "$USERNAME" "$USERPSWD" "$HOST" <(echo "{
-    \"hosts\": [
-        \"[email protected]\",
-        \"fab-client.raleigh.ibm.com\",
-        \"127.0.0.2\"
-    ],
-    \"CN\": \"$USERNAME\",
-    \"key\": {
-        \"algo\": \"$KEYTYPE\",
-        \"size\": $KEYLEN
-    },
-    \"names\": [
-        {
-            \"SerialNumber\": \"$USERNAME\",
-            \"O\": \"Hyperledger\",
-            \"O\": \"Fabric\",
-            \"OU\": \"FABRIC_CA\",
-            \"OU\": \"FVT\",
-            \"STREET\": \"Miami Blvd.\",
-            \"DC\": \"peer\",
-            \"UID\": \"admin\",
-            \"L\": \"Raleigh\",
-            \"L\": \"RTP\",
-            \"ST\": \"North Carolina\",
-            \"C\": \"US\"
-        }
-    ]
-}")
+test -d "$CA_CFG_PATH/$USERNAME" || mkdir -p $CA_CFG_PATH/$USERNAME
+cat > $CA_CFG_PATH/$USERNAME/fabric-ca-client-config.yaml <<EOF
+csr:
+  cn: $USERNAME
+  keyrequest:
+    algo: $KEYTYPE
+    size: $KEYLEN
+EOF
+
+$FABRIC_CA_CLIENTEXEC enroll -u "http://$USERNAME:$USERPSWD@$CA_HOST_ADDRESS:$PROXY_PORT" -H $CA_CFG_PATH/$USERNAME
 RC=$?
-$($FABRIC_CA_DEBUG) && printAuth $CLIENTCERT $CLIENTKEY
+CLIENTCERT="$CA_CFG_PATH/$USERNAME/msp/signcerts/cert.pem"
+lastkey=$(ls -crtd $CA_CFG_PATH/$USERNAME/msp/keystore/* | tail -n1)
+test -n "$lastkey" && CLIENTKEY="$lastkey" || CLIENTKEY="$CA_CFG_PATH/$USERNAME/msp/keystore/key.pem"
+$($FABRIC_CA_DEBUG) && printAuth "$CLIENTCERT" "$CLIENTKEY"
 exit $RC

scripts/fvt/fabric-ca_utils

@@ -293,16 +293,14 @@ verifyServerTraffic() {
 }
 
 printAuth() {
+   test "$#" -eq 2 || return 1
    local CLIENTCERT="$1"
    local CLIENTKEY="$2"
 
-   : ${CLIENTCERT:="$HOME/fabric-ca/cert.pem"}
-   : ${CLIENTKEY:="$HOME/fabric-ca/key.pem"}
-
    echo CERT:
    openssl x509 -in $CLIENTCERT -text 2>&1 | sed 's/^/    /'
    type=$(cat $CLIENTKEY | head -n1 | awk '{print tolower($2)}')
-   test -z "$type" && type=rsa
+   test "$type" = "private" && type=ec
    echo KEY:
    openssl $type -in $CLIENTKEY -text 2>/dev/null| sed 's/^/    /'
 }
@@ -838,6 +836,9 @@ signing:
          ocspnocheck: true
          notbefore: 2016-12-30T00:00:00Z
 csr:
+  keyrequest:
+    algo: $KEYTYPE
+    size: $KEYLEN 
   names:
     - C: US
       ST: "North Carolina"
@@ -911,4 +912,4 @@ function killserver {
     kill -9 $1
     pollFabricCa "" "" "$CA_DEFAULT_PORT" stop 30
     return $?
-}
+}

scripts/fvt/staging/keys_test.sh → scripts/fvt/keys_test.sh

@@ -5,20 +5,25 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
+: ${TESTCASE="keys"}
+CA_CFG_PATH="/tmp/keys"
 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
 TESTDATA="$FABRIC_CA/testdata"
 SCRIPTDIR="$FABRIC_CA/scripts/fvt"
-CA_KEY="$TESTDATA/fabric-ca-key.pem"
-EE_KEY="$HOME/fabric-ca/key.pem"
+EE_KEY="/tmp/keys/admin/msp/keystore/*_sk"
 EE_CERT="$HOME/abric-ca/cert.pem"
 RC=0
 . $SCRIPTDIR/fabric-ca_utils
+RC=0
+export CA_CFG_PATH
 
-ecl=(256 384 521)
+CA_KEY="$CA_CFG_PATH/msp/keystore/*_sk"
+#ecl=(256 384 521)
+ecl=(256 384)
 ecl=256
 ecOid[256]="prime256v1"
 ecOid[384]="secp384r1"
-ecOid[521]="secp521r1"
+#ecOid[521]="secp521r1"
 rsal=(2048 3072 4096)
 
 function VerifyKey() {
@@ -50,10 +55,12 @@ for len in ${ecl[*]}; do
    $SCRIPTDIR/fabric-ca_setup.sh -I -X -S -n 1 -t $ktype -l $len
    # verify CA key type and length
    VerifyKey $CA_KEY $ktype $len ${ecOid[$len]} || ErrorMsg "VerifyKey CA $ktype $len failed"
-   $SCRIPTDIR/enroll.sh -t $ktype -l $len
+   $SCRIPTDIR/enroll.sh -t $ktype -l $len -d
    # verify EE key type and length
    VerifyKey $EE_KEY $ktype $len ${ecOid[$len]} || ErrorMsg "VerifyKey EE $ktype $len failed"
+
 done
+
 ktype=rsa
 echo ""
 echo "**********************************************"
@@ -65,7 +72,7 @@ for len in ${rsal[*]}; do
    $SCRIPTDIR/fabric-ca_setup.sh -I -X -S -n 1 -t $ktype -l $len
    # verify CA key type and length
    VerifyKey $CA_KEY $ktype $len "" || ErrorMsg "VerifyKey CA $ktype $len failed"
-   $SCRIPTDIR/enroll.sh -t $ktype -l $len
+   $SCRIPTDIR/enroll.sh -t $ktype -l $len -d
    # verify EE key type and length
    VerifyKey $EE_KEY $ktype $len "" || ErrorMsg "VerifyKey CA $ktype $len failed"
    echo ""
@@ -76,6 +83,5 @@ echo ""
 echo "**********************************************"
 echo ""
 
-$SCRIPTDIR/fabric-ca_setup.sh -R
 CleanUp $RC
 exit $RC

scripts/regenDocs

@@ -3,7 +3,7 @@
 ######################################################################
 #
 # This script will use the fabric-ca-server and fabric-ca-client
-# binaries to dynamically generate the CLI flags and the 
+# binaries to dynamically generate the CLI flags and the
 # configuration files for both server and the client and place
 # them in the docs/source folder. These files are referenced for
 # in the fabric-ca documentation when talking about CLI and the

test/fabric-ca-load-tester/launchServer.sh

@@ -6,7 +6,7 @@ fi
 pushd scripts/fvt
 ./fabric-ca_setup.sh -D -X -I -S -n$numInstances -m10 -d postgres -T
 popd
-# Docker requires your command to keep running in the foreground. Otherwise, it thinks 
+# Docker requires your command to keep running in the foreground. Otherwise, it thinks
 # that command has stopped and shutsdown the container. Since fabric-ca_setup.sh starts
 # fabric ca server in background and exits, we want this script to run in foreground and
 # not return so the container in daemon mode continues to run for ever until it is stopped