epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 07:25:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
fabric-samples/test-network-nano-bash/ca/ca_utils.sh
David Enyeart 5fa5abbbcf Improve logging for test-network-nano-bash CA 
Make the CA script logging more readable for users
trying to understand the fabric-ca-client commands.

Print the actual command to the log and remove the
debug logging which adds noise.

Signed-off-by: David Enyeart <enyeart@us.ibm.com>
2025-04-15 09:07:30 +09:00

159 lines
6.4 KiB
Bash
Executable file
Raw Permalink Blame History

#!/usr/bin/env sh
#
# SPDX-License-Identifier: Apache-2.0
#
######################################################################################
# createEnrollment()
#
# This is a convenience method for creating enrollments only
# Primary purpose it to create enrollment certificates for CA admins.
######################################################################################
createEnrollment() {
echo "createEnrollment $1 $2 $3 $4 $5 $6"
local port=$1 # port of the CA used for creating the enrollment
local username=$2 # username of the registered user on the CA
local password=$3 # password of the registered user on the CA
local orgname=$4 # name of the org (e.g. Org1, Org2) can be blank
local component_dir=$5 # path of the component, this will be the directory where the artifacts will be created
local tlscert=$6 # tls cert for connecting to the CA
set -x
# Enroll the identity
fabric-ca-client enroll -u https://${username}:${password}@localhost:${port} --caname ca --mspdir "${component_dir}/msp" --tls.certfiles $tlscert
if [ $? -ne 0 ]; then
echo "fabric-ca-client admin enroll failed, make sure CA service is available. Exiting..."
exit 1
fi
{ set +x; } 2>/dev/null
# Rename private key to mimic cryptogen
find ${component_dir} -type f -name '*_sk' | sed -e 'p;s/\(.*\)\/\(.*\)$/\1\/priv_sk/' | xargs -n2 mv -v
# Rename the cacert to mimic cryptogen
mv ${component_dir}/msp/cacerts/localhost-${port}-ca.pem ${component_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem
echo "\n\n"
}
######################################################################################
# createMSP()
#
# This is a convenience method for creating the Membership Service Provider directories
#
######################################################################################
createMSP() {
echo "createMSP $1 $2 $3"
local caname=$1 # name of the ca (ordererca, org1ca, org2ca)
local orgname=$2 # name of the org (org1, org2) Ordering Org is blank
local org_dir=$3 # directory of the organizatio
mkdir -p ${org_dir}/msp/admincerts
mkdir -p ${org_dir}/msp/cacerts
mkdir -p ${org_dir}/msp/tlscacerts
cp data_ca/${caname}/ca/ca-cert.pem ${org_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem
cp data_ca/${caname}/tlsca/ca-cert.pem ${org_dir}/msp/tlscacerts/tlsca.${orgname:+$orgname.}example.com-cert.pem
awk -v cacert_name="ca.${orgname:+$orgname.}example.com-cert" '{gsub(/ca.example.com-cert/,cacert_name)}1' ca/config.yaml > ${org_dir}/msp/config.yaml
echo "\n\n"
}
######################################################################################
# registerAndEnroll()
#
# This is a convenience method for creating enrollments and TLS certificates
# Primary purpose it to create enrollment certificates for org admin identities, and
# enrollent and TLS certificates for peers and orderers.
######################################################################################
registerAndEnroll() {
echo "registerAndEnroll $1 $2 $3 $4 $5 $6 $7 $8"
local port=$1 # port of the CA used for creating the enrollment
local username=$2 # username of the user to register on the CA
local password=$3 # password of the user to register on the CA
local type=$4 # type of registation, must be one of (peer, orderer, admin)
local orgname=$5 # name of the org (e.g. Org1, Org2) can be blank
local component_dir=$6 # directory of the component, this will be the directory where the artifacts will be created
local org_dir=$7 # directory of the organization, this is the directory that contains the credentials for the registration
local tlscert=$8 # tls cert for connecting to the CA
if [ "$type" = "admin" ]; then
local attrs="hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"
else
local attrs=""
fi
set -x
# Register the username
fabric-ca-client register -u https://localhost:${port} --id.name ${username} --id.secret ${password} --id.type ${type} --id.attrs "${attrs}" --caname ca --tls.certfiles $tlscert --mspdir "${org_dir}/ca/msp"
if [ $? -ne 0 ]; then
echo "fabric-ca-client register failed, make sure CA service is available. Exiting..."
exit 1
fi
# Enroll the identity
fabric-ca-client enroll -u https://${username}:${password}@localhost:${port} --caname ca --mspdir "${component_dir}/msp" --tls.certfiles $tlscert
if [ $? -ne 0 ]; then
echo "fabric-ca-client enroll failed, make sure CA service is available. Exiting..."
exit 1
fi
{ set +x; } 2>/dev/null
# Rename private key to mimic cryptogen
find ${component_dir} -type f -name '*_sk' | sed -e 'p;s/\(.*\)\/\(.*\)$/\1\/priv_sk/' | xargs -n2 mv -v
# Rename the cacert to mimic cryptogen
mv ${component_dir}/msp/cacerts/localhost-${port}-ca.pem ${component_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem
# Set the cacert name and copy the config.json for NodeOU
awk -v cacert_name="ca.${orgname:+$orgname.}example.com-cert" '{gsub(/ca.example.com-cert/,cacert_name)}1' ca/config.yaml > ${component_dir}/msp/config.yaml
# If this is a peer or orderer type then create a TLS cert
if [ "$type" = "peer" ] || [ "$type" = "orderer" ]; then
set -x
# Enroll the TLS cert
fabric-ca-client enroll -u https://${username}:${password}@localhost:${port} --caname tlsca --mspdir "${component_dir}/tls" --tls.certfiles $tlscert --csr.hosts 'localhost,127.0.0.1'
if [ $? -ne 0 ]; then
echo "fabric-ca-client TLS enroll failed, make sure CA service is available. Exiting..."
exit 1
fi
{ set +x; } 2>/dev/null
# Rename private key to mimic cryptogen
find ${component_dir} -type f -name '*_sk' | sed -e 'p;s/\(.*\)\/\(.*\)$/\1\/priv_sk/' | xargs -n2 mv -v
# Copy and rename TLS certs and keys to mimic cryptogen
cp ${component_dir}/tls/cacerts/localhost-${port}-tlsca.pem ${component_dir}/tls/ca.crt
cp ${component_dir}/tls/keystore/priv_sk ${component_dir}/tls/server.key
cp ${component_dir}/tls/signcerts/cert.pem ${component_dir}/tls/server.crt
# Rename the tls cacert to mimic cryptogen
mv ${component_dir}/tls/cacerts/localhost-${port}-tlsca.pem ${component_dir}/tls/cacerts/tlsca.${orgname:+$orgname.}example.com-cert.pem
fi
echo "\n\n"
}
Reference in a new issue View git blame Copy permalink