[FAB-2571] Update enrollment test

Change-Id: I2496fa3012e04eefc6c4b9a366cbb43913987f61 Signed-off-by: rennman <[email protected]>
hyperledger · Apr 6, 2017 · a8f1d79 · a8f1d79
1 parent 4456f65
commit a8f1d79
Showing 1 changed file with 167 additions and 73 deletions.
diff --git a/scripts/fvt/enrollments_test.sh b/scripts/fvt/enrollments_test.sh
@@ -1,89 +1,172 @@
 #!/bin/bash
 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
 SCRIPTDIR="$FABRIC_CA/scripts/fvt"
-TESTDATA="$FABRIC_CA/testdata"
 . $SCRIPTDIR/fabric-ca_utils
-RC=0
-SERVERCONFIG="/tmp/serverConfig.json"
-export CA_CFG_PATH="$HOME/fabric-ca"
-CLIENTCONFIG="$CA_CFG_PATH/fabric-ca/fabric-ca_client.json"
-CLIENTCERT="$CA_CFG_PATH/cert.pem"
+CA_CFG_PATH="/tmp/fabric-ca/enrollments"
+SERVERCONFIG="$CA_CFG_PATH/serverConfig.json"
+CLIENTCONFIG="$CA_CFG_PATH/fabric-ca_client.json"
+CLIENTCERT="$CA_CFG_PATH/admin/$MSP_CERT_DIR/cert.pem"
 PKI="$SCRIPTDIR/utils/pki"
-
 MAX_ENROLL="$1"
+UNLIMITED=10
+RC=0
 : ${MAX_ENROLL:="32"}
-UNLIMITED=100
+: ${DRIVER:="sqlite3"}
+: ${DATASRC:="fabric-ca-server.db"}
+: ${FABRIC_CA_DEBUG:="false"}
+export CA_CFG_PATH
 
-case "$FABRIC_TLS" in
-   true) TLS_DISABLE='false' ;;
-  false) TLS_DISABLE='true'  ;;
-      *) TLS_DISABLE='true'  ;;
+function genServerConfig {
+case "$1" in
+   implicit) cat > $SERVERCONFIG <<EOF
+database:
+  type: $DRIVER
+  datasource: $DATASRC
+  tls:
+    enabled: $FABRIC_TLS
+    certfile: $TESTDATA/tls_server-cert.pem
+    keyfile: $TESTDATA/tls_server-key.pem
+tls:
+  enabled: $FABRIC_TLS
+  certfile: $TESTDATA/tls_server-cert.pem
+  keyfile: $TESTDATA/tls_server-key.pem
+ca:
+  certfile: $CA_CFG_PATH/fabric-ca-key.pem
+  keyfile: $CA_CFG_PATH/fabric-ca-cert.pem
+registry:
+  identities:
+     - name: admin
+       pass: adminpw
+       type: client
+       affiliation: bank_a
+       attributes:
+        - hf.Registrar.Roles: "client,user,peer,validator,auditor,ca"
+          hf.Registrar.DelegateRoles: "client,user,validator,auditor"
+          hf.Revoker: true
+ldap:
+   enabled: false
+   url: ldap://admin:adminpw@localhost:7054/base
+   tls:
+      certfiles:
+        - ldap-server-cert.pem
+      client:
+         certfile: ldap-client-cert.pem
+         keyfile: ldap-client-key.pem
+affiliations:
+   bank_a:
+signing:
+    profiles:
+    default:
+      usage:
+        - cert sign
+      expiry: 8000h
+csr:
+   cn: fabric-ca-server
+   names:
+      - C: US
+        ST: "North Carolina"
+        L:
+        O: Hyperledger
+        OU: Fabric
+   hosts:
+     - amphion
+   ca:
+      pathlen:
+      pathlenzero:
+      expiry:
+crypto:
+  software:
+     hash_family: SHA2
+     security_level: 256
+     ephemeral: false
+     key_store_dir: keys
+EOF
+;;
+   # Max enroll for identities cannot surpass global setting
+   invalid) cat > $SERVERCONFIG <<EOF
+database:
+  type: $DRIVER
+  datasource: $DATASRC
+  tls:
+    enabled: $FABRIC_TLS
+    certfile: $TESTDATA/tls_server-cert.pem
+    keyfile: $TESTDATA/tls_server-key.pem
+tls:
+  enabled: $FABRIC_TLS
+  certfile: $TESTDATA/tls_server-cert.pem
+  keyfile: $TESTDATA/tls_server-key.pem
+ca:
+  certfile: $CA_CFG_PATH/fabric-ca-key.pem
+  keyfile: $CA_CFG_PATH/fabric-ca-cert.pem
+registry:
+  maxEnrollments: 15
+  identities:
+     - name: admin
+       maxEnrollments: 16
+       pass: adminpw
+       type: client
+       affiliation: bank_a
+       attributes:
+        - hf.Registrar.Roles: "client,user,peer,validator,auditor,ca"
+          hf.Registrar.DelegateRoles: "client,user,validator,auditor"
+          hf.Revoker: true
+ldap:
+   enabled: false
+   url: ldap://admin:adminpw@localhost:7054/base
+   tls:
+      certfiles:
+        - ldap-server-cert.pem
+      client:
+         certfile: ldap-client-cert.pem
+         keyfile: ldap-client-key.pem
+affiliations:
+   bank_a:
+signing:
+    profiles:
+    default:
+      usage:
+        - cert sign
+      expiry: 8000h
+csr:
+   cn: fabric-ca-server
+   names:
+      - C: US
+        ST: "North Carolina"
+        L:
+        O: Hyperledger
+        OU: Fabric
+   hosts:
+     - amphion
+   ca:
+      pathlen:
+      pathlenzero:
+      expiry:
+crypto:
+  software:
+     hash_family: SHA2
+     security_level: 256
+     ephemeral: false
+     key_store_dir: keys
+EOF
+;;
 esac
-
-# default value
-cat > "$SERVERCONFIG" <<EOF
-{
- "tls_disable":$TLS_DISABLE,
- "authentication": true,
- "driver":"sqlite3",
- "data_source":"fabric_ca.db",
- "users": {
-    "admin": {
-      "pass": "adminpw",
-      "type": "client",
-      "group": "bank_a",
-      "attrs": [{"name":"hf.Registrar.Roles","value":"client,user,peer,validator,auditor"},
-                {"name":"hf.Registrar.DelegateRoles", "value": "client,user,validator,auditor"},
-                {"name":"hf.Revoker", "value": "true"}]
-    }
- },
- "ca_cert":"ec.pem",
- "ca_key":"ec-key.pem",
- "tls":{
-   "tls_cert":"tls_server-cert.pem",
-   "tls_key":"tls_server-key.pem",
-   "mutual_tls_ca":"root.pem",
-   "db_client":{
-     "ca_certfiles":["root.pem"],
-     "client":{"keyfile":"tls_server-key.pem","certfile":"tls_server-cert.pem"}
-   }
- },
- "groups": {
-   "banks_and_institutions": {
-     "banks": ["bank_a"]
-   }
- },
- "signing": {
-    "default": {
-       "usages": ["cert sign"],
-       "expiry": "8000h",
-       "ca_constraint": {"is_ca": true, "max_path_len":1},
-       "ocsp_no_check": true,
-       "not_before": "2016-12-30T00:00:00Z"
-    },
-    "expiry": {
-       "usages": ["cert sign"],
-       "expiry": "1s"
-    }
- }
 }
-EOF
 
-trap "rm $SERVERCONFIG; CleanUp" INT
+trap "CleanUp 1; exit 1" INT
 # explicitly set value
    # user can only enroll MAX_ENROLL times
-   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH
    $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -m $MAX_ENROLL
    i=0
    while test $((i++)) -lt "$MAX_ENROLL"; do
-      $SCRIPTDIR/enroll.sh
+      enroll
       test $? -eq 0 || ErrorMsg "Failed enrollment prematurely"
       currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
       test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ"
       prevId="$currId"
    done
    # max reached -- should fail
-   $SCRIPTDIR/enroll.sh
+   enroll
    test "$?" -eq 0 && ErrorMsg "Surpassed enrollment maximum"
    currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
    test "$currId" != "$prevId" && ErrorMsg "Prior and current certificates are different"
@@ -93,18 +176,18 @@ trap "rm $SERVERCONFIG; CleanUp" INT
 # explicitly set value to '1'
    # user can only enroll once
    MAX_ENROLL=1
-   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH 
    $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -m $MAX_ENROLL
    i=0
    while test $((i++)) -lt "$MAX_ENROLL"; do
-      $SCRIPTDIR/enroll.sh
+      enroll
       test $? -eq 0 || ErrorMsg "Failed enrollment prematurely"
       currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
       test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ"
       prevId="$currId"
    done
    # max reached -- should fail
-   $SCRIPTDIR/enroll.sh
+   enroll
    test "$?" -eq 0 && ErrorMsg "Surpassed enrollment maximum"
    currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
    test "$currId" != "$prevId" && ErrorMsg "Prior and current certificates are different"
@@ -113,11 +196,11 @@ trap "rm $SERVERCONFIG; CleanUp" INT
 # explicitly set value to '0'
    # user enrollment unlimited
    MAX_ENROLL=0
-   $SCRIPTDIR/fabric-ca_setup.sh -R
+   $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH
    $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -m $MAX_ENROLL
    i=0
    while test $((i++)) -lt "$UNLIMITED"; do
-      $SCRIPTDIR/enroll.sh
+      enroll
       test $? -eq 0 || ErrorMsg "Failed enrollment prematurely"
       currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
       test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ"
@@ -126,16 +209,27 @@ trap "rm $SERVERCONFIG; CleanUp" INT
 
 # implicitly set value to '0' (default)
    # user enrollment unlimited
-   $SCRIPTDIR/fabric-ca_setup.sh -R
-   $SCRIPTDIR/fabric-ca_setup.sh -I -S -X -g $SERVERCONFIG
+   $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH
+   test -d $CA_CFG_PATH || mkdir $CA_CFG_PATH
+   genServerConfig implicit
+   $SCRIPTDIR/fabric-ca_setup.sh -S -X -g $SERVERCONFIG
    i=0
    while test $((i++)) -lt "$UNLIMITED"; do
-      $SCRIPTDIR/enroll.sh
+      enroll
       test $? -eq 0 || ErrorMsg "Failed enrollment prematurely"
       currId=$($PKI -f display -c $CLIENTCERT | awk '/Subject Key Identifier:/ {getline;print $1}')
       test "$currId" == "$prevId" && ErrorMsg "Prior and current certificates do not differ"
       prevId="$currId"
    done
-rm $SERVERCONFIG
+
+   # user enrollment > global
+   $SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH
+   test -d $CA_CFG_PATH || mkdir $CA_CFG_PATH
+   genServerConfig invalid
+   $SCRIPTDIR/fabric-ca_setup.sh -S -X -g $SERVERCONFIG
+   test $? -eq 0 && ErrorMsg "user enrollment > global setting"
+
+$SCRIPTDIR/fabric-ca_setup.sh -L
+$SCRIPTDIR/fabric-ca_setup.sh -R -x $CA_CFG_PATH
 CleanUp $RC
 exit $RC