added sample for certifiate renewal in test-network

Signed-off-by: Aditya Joshi <[email protected]>
hyperledger · Jan 9, 2024 · ef871b9 · ef871b9
1 parent 02d9f8c
commit ef871b9
Show file tree

Hide file tree

Showing 3 changed files with 179 additions and 0 deletions.
diff --git a/test-network/network.sh b/test-network/network.sh
@@ -414,6 +414,25 @@ function queryChaincode() {
 
 }
 
+function renewCerts(){
+    . ./organizations/fabric-ca/reEnroll.sh
+
+    rm "${PWD}"/organizations/fabric-ca/ordererOrg/tls-cert.pem
+    docker restart ca_orderer
+    sleep 10
+    reEnrollOrderer
+
+    rm "${PWD}"/organizations/fabric-ca/org1/tls-cert.pem
+    docker restart ca_org1
+    sleep 10
+    reEnrollOrg1
+
+    rm "${PWD}"/organizations/fabric-ca/org2/tls-cert.pem
+    docker restart ca_org2
+    sleep 10
+    reEnrollOrg2
+}
+
 
 # Tear down running network
 function networkDown() {
@@ -668,6 +687,8 @@ elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "invoke" ]; then
   invokeChaincode
 elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "query" ]; then
   queryChaincode
+elif [ "$MODE" == "renewCerts" ]; then
+  renewCerts
 else
   printHelp
   exit 1

diff --git a/test-network/organizations/fabric-ca/reEnroll.sh b/test-network/organizations/fabric-ca/reEnroll.sh
@@ -0,0 +1,157 @@
+#!/bin/bash
+
+function reEnrollOrg1() {
+  infoln "Re-enrolling the CA admin"
+  mkdir -p organizations/peerOrganizations/org1.example.com/
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
+
+  set -x
+  fabric-ca-client reenroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy org1's CA cert to org1's /msp/tlscacerts directory (for use in the channel MSP definition)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt"
+
+  # Copy org1's CA cert to org1's /tlsca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca"
+  cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
+
+  # Copy org1's CA cert to org1's /ca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca"
+  cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"
+
+
+  infoln "Generating the peer0 msp"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --csr.hosts peer0.org1.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml"
+
+  infoln "Generating the peer0-tls certificates"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt"
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key"
+
+  infoln "Generating the user msp"
+  set -x
+  fabric-ca-client reenroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml"
+
+  infoln "Generating the org admin msp"
+  set -x
+  fabric-ca-client reenroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml"
+}
+
+function reEnrollOrg2() {
+  infoln "Re-enrolling the CA admin"
+  mkdir -p organizations/peerOrganizations/org2.example.com/
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
+
+  set -x
+  fabric-ca-client reenroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy org2's CA cert to org2's /msp/tlscacerts directory (for use in the channel MSP definition)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt"
+
+  # Copy org2's CA cert to org2's /tlsca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca"
+  cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
+
+  # Copy org2's CA cert to org2's /ca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca"
+  cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"
+
+  infoln "Generating the peer0 msp"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --csr.hosts peer0.org2.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml"
+
+  infoln "Generating the peer0-tls certificates"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt"
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key"
+
+  infoln "Generating the user msp"
+  set -x
+  fabric-ca-client reenroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml"
+
+  infoln "Generating the org admin msp"
+  set -x
+  fabric-ca-client reenroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml"
+}
+
+function reEnrollOrderer() {
+  infoln "Re-enrolling the CA admin"
+  mkdir -p organizations/ordererOrganizations/example.com
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
+
+  set -x
+  fabric-ca-client reenroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy orderer org's CA cert to orderer org's /msp/tlscacerts directory (for use in the channel MSP definition)
+  mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
+
+  # Copy orderer org's CA cert to orderer org's /tlsca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
+  cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
+
+  infoln "Generating the orderer msp"
+  set -x
+  fabric-ca-client reenroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"
+
+  infoln "Generating the orderer-tls certificates"
+  set -x
+  fabric-ca-client reenroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
+
+  # Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
+  mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
+
+  infoln "Generating the admin msp"
+  set -x
+  fabric-ca-client reenroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp/config.yaml"
+}
diff --git a/test-network/scripts/utils.sh b/test-network/scripts/utils.sh
@@ -198,6 +198,7 @@ function printHelp() {
     println "   network.sh createChannel -c channelName"
     println "   network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-javascript/ -ccl javascript"
     println "   network.sh deployCC -ccn mychaincode -ccp ./user/mychaincode -ccv 1 -ccl javascript"
+    println "   network.sh renewCerts"
     println
     println " NOTE: Default settings can be changed in network.config"
   fi