Added basic fvt tests and utilities

FAB-1892 Add functional tests for fabric-ca CI testing

Change-Id: Icc40f742970133c6f1bc5aada2458e160905fb5d
Signed-off-by: Allen Bailey <[email protected]>

Makefile

@@ -139,6 +139,9 @@ container-tests: ldap-tests
 ldap-tests:
 	@scripts/run_ldap_tests
 
+fvt-tests:
+	@scripts/run_fvt_tests
+
 %-docker-clean:
 	$(eval TARGET = ${patsubst %-docker-clean,%,${@}})
 	-docker images -q $(DOCKER_ORG)/$(TARGET):latest | xargs -I '{}' docker rmi -f '{}'

scripts/fvt/README.md

@@ -0,0 +1,47 @@
+# Fabric CA FVT tests for Continuous Integration
+
+The tests that will run are in ``$GOPATH/src/github.com/hyperledger/fabric-ca/scripts/fvt``
+
+Once the prerequites have been satisfied (see below), run
+
+``make fvt-tests``
+
+from the ``$GOPATH/src/github.com/hyperledger/fabric-ca/`` directory.
+Depending on the security settings and options requested, root authority may be required. Precede the
+
+``su -c 'make fvt-tests'``
+
+This is also true of the ``fabric-ca_setup.sh`` documented below.
+
+Tests have been verified to run on Ubuntu linux.
+
+### Prerequisites
+* Go 1.6+ installation or later
+* GOPATH environment variable is set correctly
+* ``fabric-ca`` executable is in ``$GOPATH/src/github.com/hyperledger/fabric-ca/bin/``
+* haproxy for high availability testing
+* python 2.7
+* jq for JSON processing
+
+Optionally, to run the tests using external database support (postgres, mysql), install the appropriate packages (mysql-server, mysql-server-core, mysql-common, postgresql)
+
+All of the above prerequisites can met by running the setup script ``fabric-ca_setup.sh`` in ``$GOPATH/src/github.com/hyperledger/fabric-ca/scripts/``:
+```
+   fabric-ca_setup.sh -I   # install prerequsites
+   fabric-ca_setup.sh -B   # build the CA executable
+```
+
+For example, to initialze the fabric-ca server, run haproxy, and four instances of the server using postgres:
+```
+   fabric-ca_setup.sh -X -S -I -d postgres -n4
+```
+
+To list all running instances of the server and the active database from the above command:
+```
+   fabric-ca_setup.sh -L -d postgress
+```
+
+To stop haproxy and all running instances of the server:
+```
+   fabric-ca_setup.sh -R
+```

scripts/fvt/auth_test.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
+SCRIPTDIR="$FABRIC_CA/scripts/fvt"
+. $SCRIPTDIR/fabric-ca_utils
+RC=0
+HOST="localhost:10888"
+SERVERCONFIG="/tmp/config.json.$RANDOM"
+
+# default value
+cat > "$SERVERCONFIG" <<EOF
+{
+ "tls_disable":true,
+ "driver":"sqlite3",
+ "data_source":"fabric-ca.db",
+ "users": {
+    "admin": {
+      "pass": "adminpw",
+      "type": "client",
+      "group": "bank_a",
+      "attrs": [{"name":"hf.Registrar.Roles","value":"client,user,peer,validator,auditor"},
+                {"name":"hf.Registrar.DelegateRoles", "value": "client,user,validator,auditor"},
+                {"name":"hf.Revoker", "value": "true"}]
+    }
+ },
+ "groups": {
+   "banks_and_institutions": {
+     "banks": ["bank_a"]
+   }
+ },
+ "signing": {
+    "default": {
+       "usages": ["cert sign"],
+       "expiry": "8000h",
+       "ca_constraint": {"is_ca": true, "max_path_len":1},
+       "ocsp_no_check": true,
+       "not_before": "2016-12-30T00:00:00Z"
+    },
+    "expiry": {
+       "usages": ["cert sign"],
+       "expiry": "1s"
+    }
+ }
+}
+EOF
+trap "rm $SERVERCONFIG; CleanUp" INT
+#for driver in sqlite3 postgres mysql; do
+for driver in sqlite3 ; do
+
+   # - auth enabled
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -d $driver
+   test $? -ne 0 && ErrorExit "Failed to setup server"
+   # Success case - send passwd
+   $SCRIPTDIR/enroll.sh -u admin -p adminpw
+   RC=$((RC+$?))
+   # Fail case - send null passwd
+   $SCRIPTDIR/enroll.sh -u admin -p ""
+   test $? -eq 0 && RC=$((RC+1))
+   # Fail case - send bogus passwd
+   $SCRIPTDIR/enroll.sh -u admin -p xxxxxx
+   test $? -eq 0 && RC=$((RC+1))
+
+   # - auth disabled
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -A -I -S -X -d $driver
+   # Success case - send correct passwd
+   $SCRIPTDIR/enroll.sh -u admin -p adminpw
+   RC=$((RC+$?))
+   # Success case - send null passwd
+   $SCRIPTDIR/enroll.sh -u admin -p ""
+   RC=$((RC+$?))
+   # Success case - send bogus passwd
+   $SCRIPTDIR/enroll.sh -u admin -p xxxxxx
+   RC=$((RC+$?))
+
+   # - default (auth enabled)
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -d $driver -g "$SERVERCONFIG"
+   test $? -ne 0 && ErrorExit "Failed to setup server"
+   # Success case - send passwd
+   $SCRIPTDIR/enroll.sh -u admin -p adminpw
+   RC=$((RC+$?))
+   # Fail case - send null passwd
+   $SCRIPTDIR/enroll.sh -u admin -p ""
+   test $? -eq 0 && RC=$((RC+1))
+   # Fail case - send bogus passwd
+   $SCRIPTDIR/enroll.sh -u admin -p xxxxxx
+   test $? -eq 0 && RC=$((RC+1))
+
+done
+rm $SERVERCONFIG
+CleanUp $RC
+exit $RC

scripts/fvt/enrollments_test.sh

@@ -0,0 +1,125 @@
+#!/bin/bash
+FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
+SCRIPTDIR="$FABRIC_CA/scripts/fvt"
+TESTDATA="$FABRIC_CA/testdata"
+. $SCRIPTDIR/fabric-ca_utils
+RC=0
+HOST="localhost:10888"
+SERVERCONFIG="/tmp/serverConfig.json"
+export FABRIC_CA_HOME="$HOME/fabric-ca"
+CLIENTCONFIG="$FABRIC_CA_HOME/fabric-ca/fabric-ca_client.json"
+CLIENTCERT="$FABRIC_CA_HOME/cert.pem"
+PKI="$SCRIPTDIR/utils/pki"
+
+MAX_ENROLL="$1"
+: ${MAX_ENROLL:="32"}
+UNLIMITED=100
+
+# default value
+cat > "$SERVERCONFIG" <<EOF
+{
+ "tls_disable":true,
+ "authentication": true,
+ "driver":"sqlite3",
+ "data_source":"fabric-ca.db",
+ "users": {
+    "admin": {
+      "pass": "adminpw",
+      "type": "client",
+      "group": "bank_a",
+      "attrs": [{"name":"hf.Registrar.Roles","value":"client,user,peer,validator,auditor"},
+                {"name":"hf.Registrar.DelegateRoles", "value": "client,user,validator,auditor"},
+                {"name":"hf.Revoker", "value": "true"}]
+    }
+ },
+ "groups": {
+   "banks_and_institutions": {
+     "banks": ["bank_a"]
+   }
+ },
+ "signing": {
+    "default": {
+       "usages": ["cert sign"],
+       "expiry": "8000h",
+       "ca_constraint": {"is_ca": true, "max_path_len":1},
+       "ocsp_no_check": true,
+       "not_before": "2016-12-30T00:00:00Z"
+    },
+    "expiry": {
+       "usages": ["cert sign"],
+       "expiry": "1s"
+    }
+ }
+}
+EOF
+
+trap "rm $SERVERCONFIG; CleanUp" INT
+# explicitly set value
+   # user can only enroll MAX_ENROLL times
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -m $MAX_ENROLL
+   i=0
+   while test $((i++)) -lt "$MAX_ENROLL"; do
+      $SCRIPTDIR/enroll.sh
+      RC=$((RC+$?))
+      currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
+      test "$currId" == "$prevId" && RC=$((RC+1))
+      prevId="$currId"
+   done
+   # max reached -- should fail
+   $SCRIPTDIR/enroll.sh
+   test "$?" -eq 0 && RC=$((RC+1))
+   currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
+   test "$currId" != "$prevId" && RC=$((RC+1))
+   prevId="$currId"
+
+
+# explicitly set value to '1'
+   # user can only enroll once
+   MAX_ENROLL=1
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -m $MAX_ENROLL
+   i=0
+   while test $((i++)) -lt "$MAX_ENROLL"; do
+      $SCRIPTDIR/enroll.sh
+      RC=$((RC+$?))
+      currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
+      test "$currId" == "$prevId" && RC=$((RC+1))
+      prevId="$currId"
+   done
+   # max reached -- should fail
+   $SCRIPTDIR/enroll.sh
+   test "$?" -eq 0 && RC=$((RC+1))
+   currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
+   test "$currId" != "$prevId" && RC=$((RC+1))
+   prevId="$currId"
+
+# explicitly set value to '0'
+   # user enrollment unlimited
+   MAX_ENROLL=0
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -m $MAX_ENROLL
+   i=0
+   while test $((i++)) -lt "$UNLIMITED"; do
+      $SCRIPTDIR/enroll.sh
+      RC=$((RC+$?))
+      currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
+      test "$currId" == "$prevId" && RC=$((RC+1))
+      prevId="$currId"
+   done
+
+# implicitly set value to '0' (default)
+   # user enrollment unlimited
+   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -g $SERVERCONFIG
+   i=0
+   while test $((i++)) -lt "$UNLIMITED"; do
+      $SCRIPTDIR/enroll.sh
+      RC=$((RC+$?))
+      currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
+      test "$currId" == "$prevId" && RC=$((RC+1))
+      prevId="$currId"
+   done
+rm $SERVERCONFIG
+CleanUp $RC
+exit $RC

scripts/fvt/group_test.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
+SCRIPTDIR="$FABRIC_CA/scripts/fvt"
+TESTDATA="$FABRIC_CA/testdata"
+. $SCRIPTDIR/fabric-ca_utils
+RC=0
+HOST="localhost:10888"
+HTTP_PORT="3755"
+
+
+cd $TESTDATA
+python -m SimpleHTTPServer $HTTP_PORT &
+HTTP_PID=$!
+pollServer python localhost "$HTTP_PORT" || ErrorExit "Failed to start HTTP server"
+echo $HTTP_PID
+trap "kill $HTTP_PID; CleanUp" INT
+#
+# group is required if the type is client or peer.
+$SCRIPTDIR/fabric-ca_setup.sh -R
+$SCRIPTDIR/fabric-ca_setup.sh -I -S -X
+export FABRIC_CA_HOME=/tmp/keyStore/admin
+$SCRIPTDIR/enroll.sh -u admin -p adminpw -x /tmp/keyStore/admin
+$SCRIPTDIR/register.sh -u user1 -t client -g bank_a
+RC=$((RC+$?))
+$SCRIPTDIR/register.sh -u user2 -t peer -g bank_a
+RC=$((RC+$?))
+$SCRIPTDIR/register.sh -u user3 -t client -g bogus
+test "$?" -eq 0 && RC=$((RC+1))
+$SCRIPTDIR/register.sh -u user4 -t peer -g bogus
+test "$?" -eq 0 && RC=$((RC+1))
+
+# group is not required if the type is validator or auditor.
+$SCRIPTDIR/register.sh -u user5 -t validator -g bank_a
+RC=$((RC+$?))
+$SCRIPTDIR/register.sh -u user6 -t auditor -g bank_a
+RC=$((RC+$?))
+$SCRIPTDIR/register.sh -u user7 -t validator -g bogus
+RC=$((RC+$?))
+$SCRIPTDIR/register.sh -u user8 -t auditor -g bogus
+RC=$((RC+$?))
+
+# however, one is expected to at least sumbit a group with request
+$SCRIPTDIR/register.sh -u user9 -t auditor -g ''
+test "$?" -eq 0 && RC=$((RC+1))
+kill $HTTP_PID
+wait $HTTP_PID
+CleanUp $RC
+exit $RC