diff --git a/scripts/fvt/reenroll_test.sh b/scripts/fvt/reenroll_test.sh index 6a700afa9..8703e247d 100755 --- a/scripts/fvt/reenroll_test.sh +++ b/scripts/fvt/reenroll_test.sh @@ -1,8 +1,7 @@ #!/bin/bash FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" SCRIPTDIR="$FABRIC_CA/scripts/fvt" -TESTDATA="$FABRIC_CA/testdata" -KEYSTORE="/tmp/keyStore" +. $SCRIPTDIR/fabric-ca_utils PKI="$SCRIPTDIR/utils/pki" CERT_HOME="/tmp/CAs/" REGISTRAR="admin" @@ -19,43 +18,25 @@ future=$(date +"$next_year%m%d%H%M%SZ") . $SCRIPTDIR/fabric-ca_utils -function enrollUser() { - local USERNAME=$1 - mkdir -p $KEYSTORE/$USERNAME - export CA_CFG_PATH=$KEYSTORE/$REGISTRAR - OUT=$($SCRIPTDIR/register.sh -u $USERNAME -t $USERTYPE -g $USERGRP -x $CA_CFG_PATH) - echo "$OUT" - PASSWD="$(echo "$OUT" | head -n1 | awk '{print $NF}')" - export CA_CFG_PATH=$KEYSTORE/$USERNAME - test -d $CA_CFG_PATH || mkdir -p $CA_CFG_PATH - $SCRIPTDIR/enroll.sh -u $USERNAME -p $PASSWD -x $CA_CFG_PATH -} - -while getopts "du:t:k:l:" option; do +while getopts "dx:" option; do case "$option" in d) FABRIC_CA_DEBUG="true" ;; - u) USERNAME="$OPTARG" ;; - t) USERTYPE="$OPTARG" ;; - g) USERGRP="$OPTARG" ;; - k) KEYTYPE="$OPTARG" ;; - l) KEYLEN="$OPTARG" ;; + x) CA_CFG_PATH="$OPTARG" ;; esac done +: ${CA_CFG_PATH:="/tmp/reenroll"} : ${FABRIC_CA_DEBUG="false"} -: ${USERNAME="newclient"} -: ${USERTYPE="client"} -: ${USERGRP="bank_a"} -: ${KEYTYPE="ecdsa"} -: ${KEYLEN="256"} : ${HOST="localhost:10888"} +export CA_CFG_PATH +export FABRIC_CA_CLIENT_HOME="$CA_CFG_PATH/admin" HTTP_PORT="3755" rm -rf $CERT_HOME/ROOT_CERT $HOME/ROOT_CERT* rm -rf $CERT_HOME/UNSUPPORTED $HOME/UNSUPPORTED- $PKI -f newca -d sha256 -a ROOT_CERT -t ec -l 256 ROOT_CERT -n "/CN=ROOT_CERT/" -$PKI -f newcert -d sha256 -a ROOT_CERT -t ec -l 256 -p UNSUPPORTED- -n "/CN=UNSUPPORTED/" < BEGIN TESTING $driver <----------" # note MAX_ENROLLMENTS defaults to '1' - $SCRIPTDIR/fabric-ca_setup.sh -R -x $KEYSTORE - $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -n4 -d $driver + $SCRIPTDIR/fabric-ca_setup.sh -R -d $driver -x $CA_CFG_PATH + $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -n4 -d $driver -x $CA_CFG_PATH if test $? -ne 0; then ErrorMsg "Failed to setup server" continue fi - - CA_CFG_PATH=$KEYSTORE/$REGISTRAR - $SCRIPTDIR/enroll.sh -u $REGISTRAR -p $REGISTRARPWD -x $CA_CFG_PATH + enroll $REGISTRAR if test $? -ne 0; then ErrorMsg "Failed to enroll $REGISTRAR" continue fi for i in {1..4}; do - enrollUser user${i} - if test $? -ne 0; then - echo "Failed to enroll user${i}" - else - CA_CFG_PATH=$KEYSTORE/user${i} - test -d $CA_CFG_PATH || mkdir -p $CA_CFG_PATH - # user can be reenrolled even though MAX_ENROLLMENTS set to '1' - $SCRIPTDIR/reenroll.sh -x $CA_CFG_PATH - test $? -ne 0 && ErrorMsg "Failed to reenroll user${i}" - fi - sleep 1 + OUT=$(register $REGISTRAR user${i}) + pswd[$i]=$(echo $OUT | tail -n1 | awk '{print $NF}') + echo $pswd done - # sqaure up the number of requests to each of 4 servers - $SCRIPTDIR/reenroll.sh -x /tmp/keyStore/$REGISTRAR - $SCRIPTDIR/reenroll.sh -x /tmp/keyStore/$REGISTRAR - $SCRIPTDIR/reenroll.sh -x /tmp/keyStore/$REGISTRAR + for i in {1..4}; do + enroll user${i} ${pswd[i]} + test $? -ne 0 && ErrorMsg "Failed to reenroll user${i}" + done + + for i in 1 2 3 4 1 2 3; do + # sqaure up the number of requests to each of 4 servers by additional requests + reenroll user${i} "$CA_CFG_PATH/user${i}/$MSP_CERT_DIR/cert.pem" "$CA_CFG_PATH/user${i}/$MSP_KEY_DIR/key.pem" + test $? -ne 0 && ErrorMsg "Failed to reenroll user${i}" + done # all servers should register 4 successful requests # but...it's only available when tls is disabled if test "$FABRIC_TLS" = 'false'; then for s in {1..4}; do curl -s http://${HOST}/ | awk -v s="server${s}" '$0~s'|html2text|grep HTTP verifyServerTraffic $HOST server${s} 4 - test $? -ne 0 && ErrorMsg echo "Distributed traffic to server FAILED" + test $? -ne 0 && ErrorMsg "Distributed traffic to server FAILED" sleep 1 done fi - #for cert in EXPIRED UNRIPE UNSUPPORTED; do - for cert in EXPIRED UNRIPE ; do - CA_CFG_PATH=$KEYSTORE/user1 - cat $HOME/${cert}-cert.pem |sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' > $CA_CFG_PATH/cert.pem - cat $HOME/${cert}-key.pem | openssl ec -outform pem -out $CA_CFG_PATH/key.pem - #cp $HOME/${cert}-key.pem $CA_CFG_PATH/key.pem - openssl ec -in $CA_CFG_PATH/key.pem -text - openssl x509 -in $CA_CFG_PATH/cert.pem -text - $SCRIPTDIR/reenroll.sh -x $CA_CFG_PATH + keyStore="$CA_CFG_PATH/user1/$MSP_KEY_DIR" + certStore="$CA_CFG_PATH/user1/$MSP_CERT_DIR" + for cert in EXPIRED UNRIPE UNSUPPORTED; do + openssl x509 -in $HOME/${cert}-cert.pem -out $certStore/cert.pem + openssl ec -in $HOME/${cert}-key.pem -out $keyStore/key.pem + openssl ec -in $keyStore/key.pem -text + openssl x509 -in $certStore/cert.pem -text + reenroll user1 "$CA_CFG_PATH/user1/$MSP_CERT_DIR/cert.pem" "$CA_CFG_PATH/user1/$MSP_KEY_DIR/key.pem" test $? -eq 0 && ErrorMsg "reenrolled user1 with unsupported cert" done - $SCRIPTDIR/fabric-ca_setup.sh -R -x $KEYSTORE + $SCRIPTDIR/fabric-ca_setup.sh -L -d $driver echo "------> END TESTING $driver <----------" echo "***************************************" echo "" @@ -151,6 +122,7 @@ for driver in sqlite3 ; do echo "" echo "" done +$SCRIPTDIR/fabric-ca_setup.sh -R -d $driver -x $CA_CFG_PATH kill $HTTP_PID wait $HTTP_PID