From 55e766ce072de8a11862bd278e5058e33258f6bf Mon Sep 17 00:00:00 2001 From: vrde Date: Wed, 14 Jun 2017 11:49:05 +0200 Subject: [PATCH 01/54] Add exception handling --- bigchaindb/web/websocket_server.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index 0aa51ecb..b8a73cd7 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -111,10 +111,15 @@ def websocket_handler(request): while True: # Consume input buffer - msg = yield from websocket.receive() + try: + msg = yield from websocket.receive() + except RuntimeError as e: + logger.debug('Websocket exception: %s', str(e)) + return websocket + if msg.type == aiohttp.WSMsgType.ERROR: logger.debug('Websocket exception: %s', websocket.exception()) - return + return websocket def init_app(event_source, *, loop=None): From e41ac6c6344c96ce199e234e5eaca865ba36c95d Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 16 Jun 2017 13:22:01 +0200 Subject: [PATCH 02/54] Added docs about the wsserver.scheme config setting --- docs/server/source/server-reference/configuration.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 04fed917..7eeb6508 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -182,12 +182,14 @@ export BIGCHAINDB_SERVER_THREADS=5 ``` -## wsserver.host and wsserver.port +## wsserver.scheme, wsserver.host and wsserver.port These settings are for the [aiohttp server](https://aiohttp.readthedocs.io/en/stable/index.html), which is used to serve the [WebSocket Event Stream API](../websocket-event-stream-api.html). +`wsserver.scheme` should be either `"ws"` or `"wss"` +(but setting it to `"wss"` does *not* enable SSL/TLS). `wsserver.host` is where to bind the aiohttp server socket and `wsserver.port` is the corresponding port. If you want to allow connections from anyone, on port 9985, @@ -195,6 +197,7 @@ set `wsserver.host` to 0.0.0.0 and `wsserver.port` to 9985. **Example using environment variables** ```text +export BIGCHAINDB_WSSERVER_SCHEME=ws export BIGCHAINDB_WSSERVER_HOST=0.0.0.0 export BIGCHAINDB_WSSERVER_PORT=9985 ``` @@ -202,6 +205,7 @@ export BIGCHAINDB_WSSERVER_PORT=9985 **Example config file snippet** ```js "wsserver": { + "scheme": "wss", "host": "0.0.0.0", "port": 65000 } @@ -210,6 +214,7 @@ export BIGCHAINDB_WSSERVER_PORT=9985 **Default values (from a config file)** ```js "wsserver": { + "scheme": "ws", "host": "localhost", "port": 9985 } From 0e8d6944a8b450fbb00f097b5cfc8a6679e9785c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 10:03:54 +0200 Subject: [PATCH 03/54] First draft of change log for v1.0.0rc1 --- CHANGELOG.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4bfbd8dd..ddbd4a4e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Change Log (Release Notes) All _notable_ changes to this project will be documented in this file (`CHANGELOG.md`). -This project adheres to [Semantic Versioning](http://semver.org/) (or at least we try). +This project adheres to [the Python form of Semantic Versioning](https://packaging.python.org/tutorials/distributing-packages/#choosing-a-versioning-scheme) (or at least we try). Contributors to this file, please follow the guidelines on [keepachangelog.com](http://keepachangelog.com/). Note that each version (or "release") is the name of a [Git _tag_](https://git-scm.com/book/en/v2/Git-Basics-Tagging) of a particular commit, so the associated date and time are the date and time of that commit (as reported by GitHub), _not_ the "Uploaded on" date listed on PyPI (which may differ). For reference, the possible headings are: @@ -15,14 +15,71 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [1.0.0rc1] - 2017-06-?? +Tag name: v1.0.0rc1 + +### Added +* Support for SSL/TLS auth and communications between MongoDB and BigchainDB, MongoDB Backup Agent, MongoDB Monitoring Agent, and MongoDB Cloud Manager. Pull Requests +[#1456](https://github.com/bigchaindb/bigchaindb/pull/1456), +[#1497](https://github.com/bigchaindb/bigchaindb/pull/1497), +[#1510](https://github.com/bigchaindb/bigchaindb/pull/1510), +[#1536](https://github.com/bigchaindb/bigchaindb/pull/1536), and +[#1551](https://github.com/bigchaindb/bigchaindb/pull/1551). +* Text search support (only if using MongoDB). Pull Requests [#1469](https://github.com/bigchaindb/bigchaindb/pull/1469) and [#1471](https://github.com/bigchaindb/bigchaindb/pull/1471) +* The `database.connection_timeout` configuration setting now works with RethinkDB too. [#1512](https://github.com/bigchaindb/bigchaindb/pull/1512) +* New code and tools for benchmarking CREATE transactions. [Pull Request #1511](https://github.com/bigchaindb/bigchaindb/pull/1511) + + +### Changed +* There's an upgrade guide in `docs/upgrade-guides/v0.10-->v1.0.md`. It only covers changes to the transaction model and HTTP API. If that file hasn't been merged yet, see [Pull Request #1547](https://github.com/bigchaindb/bigchaindb/pull/1547) +* Cryptographic signatures now sign the whole (serialized) transaction body, including the transaction ID, but with all `"fulfillment"` values changed to `None`. [Pull Request #1225](https://github.com/bigchaindb/bigchaindb/pull/1225) +* In transactions, the value of `"amount"` must be a string. (Before, it was supposed to be a number.) [Pull Request #1286](https://github.com/bigchaindb/bigchaindb/pull/1286) +* In `setup.py`, the "Development Status" (as reported on PyPI) was changed from Alpha to Beta. [Pull Request #1437](https://github.com/bigchaindb/bigchaindb/pull/1437) +* If you explicitly specify a config file, e.g. `bigchaindb -c path/to/config start` and that file can't be found, then BigchainDB Server will fail with a helpful error message. [Pull Request #1486](https://github.com/bigchaindb/bigchaindb/pull/1486) +* Reduced the response time on the HTTP API endpoint to get all the unspent outputs associated with a given public key (a.k.a. "fast unspents"). [Pull Request #1411](https://github.com/bigchaindb/bigchaindb/pull/1411) +* Internally, the value of an asset's `"data"` is now stored in a separate assets table. This enabled the new text search. Each asset data is stored along with the associated CREATE transaction ID (asset ID). That data gets written when the containing block gets written to the bigchain table. [Pull Request #1460](https://github.com/bigchaindb/bigchaindb/pull/1460) +* Schema validation was sped up by switching to `rapidjson-schema`. [Pull Request #1494](https://github.com/bigchaindb/bigchaindb/pull/1494) +* If a node comes back from being down for a while, it will resume voting on blocks in the order determined by the MongoDB oplog, in the case of MongoDB. (In the case of RethinkDB, blocks missed in the changefeed will not be voted on.) [Pull Request #1389](https://github.com/bigchaindb/bigchaindb/pull/1389) +* Parallelized transaction schema validation in the vote pipeline. [Pull Request #1492](https://github.com/bigchaindb/bigchaindb/pull/1492) +* `asset.data` or `asset.id` are now *required* in a CREATE or TRANSFER transaction, respectively. [Pull Request #1518](https://github.com/bigchaindb/bigchaindb/pull/1518) +* The HTTP response body, in the response to the `GET /` and the `GET /api/v1` endpoints, was changed substantially. [Pull Request #1529](https://github.com/bigchaindb/bigchaindb/pull/1529) +* Changed the HTTP `GET /api/v1/transactions/{transaction_id}` endpoint. It now only returns the transaction if it's in a valid block. It also returns a new header with a relative link to a status monitor. [Pull Request #1543](https://github.com/bigchaindb/bigchaindb/pull/1543) +* All instances of `txid` and `tx_id` were replaced with `transaction_id`, in the transaction model and the HTTP API. [Pull Request #1532](https://github.com/bigchaindb/bigchaindb/pull/1532) +* The hostname and port were removed from all URLs in all HTTP API responses. [Pull Request #1538](https://github.com/bigchaindb/bigchaindb/pull/1538) +* Relative links were replaced with JSON objects in HTTP API responses. [Pull Request #1541](https://github.com/bigchaindb/bigchaindb/pull/1541) +* In the outputs endpoint of the HTTP API, the query parameter `unspent` was changed to `spent` (so no more double negatives). If that query parameter isn't included, then all outputs matching the specificed public key will be returned. If `spent=true`, then only the spent outputs will be returned. If `spent=false`, then only the unspent outputs will be returned. [Pull Request #1545](https://github.com/bigchaindb/bigchaindb/pull/1545) + + +### Removed +* The `server.threads` configuration setting (for the Gunicorn HTTP server) was removed from the default set of BigchainDB configuration settings. [Pull Request #1488](https://github.com/bigchaindb/bigchaindb/pull/1488) + + +### Fixed +* TODO: Pull Request #1450 fixed a bug but then it came back later? See [pull request #1470](https://github.com/bigchaindb/bigchaindb/pull/1470) ("#1450 unrevert") + + +### External Contributors +* @elopio - Pull Requests [#1415](https://github.com/bigchaindb/bigchaindb/pull/1415) and [#1491](https://github.com/bigchaindb/bigchaindb/pull/1491) +* @CsterKuroi - [Pull Request #1447](https://github.com/bigchaindb/bigchaindb/pull/1447) +* @tdsgit - [Pull Request #1512](https://github.com/bigchaindb/bigchaindb/pull/1512) +* @lavinasachdev3 - [Pull Request #1357](https://github.com/bigchaindb/bigchaindb/pull/1357) + + +### Notes +* There were many improvements to our Kubernetes-based production deployment template (and the associated documentaiton). +* There is now a [BigchainDB Ruby driver](https://github.com/LicenseRocks/bigchaindb_ruby), created by @addywaddy at [license.rocks](https://github.com/bigchaindb/bigchaindb/pull/1437). +* The [BigchainDB JavaScript driver](https://github.com/bigchaindb/js-bigchaindb-driver) was moved to a different GitHub repo and is now officially maintained by the BigchainDB team. +* We continue to recommend using MongoDB. + + ## [0.10.2] - 2017-05-16 Tag name: v0.10.2 -## Added +### Added * Add Cross Origin Resource Sharing (CORS) support for the HTTP API. [Commit 6cb7596](https://github.com/bigchaindb/bigchaindb/commit/6cb75960b05403c77bdae0fd327612482589efcb) -## Fixed +### Fixed * Fixed `streams_v1` API link in response to `GET /api/v1`. [Pull Request #1466](https://github.com/bigchaindb/bigchaindb/pull/1466) * Fixed mismatch between docs and implementation for `GET /blocks?status=` @@ -32,10 +89,10 @@ Tag name: v0.10.2 ## [0.10.1] - 2017-04-19 Tag name: v0.10.1 -## Added +### Added * Documentation for the BigchainDB settings `wsserver.host` and `wsserver.port`. [Pull Request #1408](https://github.com/bigchaindb/bigchaindb/pull/1408) -## Fixed +### Fixed * Fixed `Dockerfile`, which was failing to build. It now starts `FROM python:3.6` (instead of `FROM ubuntu:xenial`). [Pull Request #1410](https://github.com/bigchaindb/bigchaindb/pull/1410) * Fixed the `Makefile` so that `release` depends on `dist`. [Pull Request #1405](https://github.com/bigchaindb/bigchaindb/pull/1405) From 8f46f51e977f1961bac75dc0b35276b0f51ebb38 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 16:14:51 +0200 Subject: [PATCH 04/54] Made CHANGELOG edit suggested by @krish7919 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ddbd4a4e..ebb0ba2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ For reference, the possible headings are: Tag name: v1.0.0rc1 ### Added -* Support for SSL/TLS auth and communications between MongoDB and BigchainDB, MongoDB Backup Agent, MongoDB Monitoring Agent, and MongoDB Cloud Manager. Pull Requests +* Support for secure TLS/SSL communication between MongoDB and {BigchainDB, MongoDB Backup Agent, MongoDB Monitoring Agent}. Pull Requests [#1456](https://github.com/bigchaindb/bigchaindb/pull/1456), [#1497](https://github.com/bigchaindb/bigchaindb/pull/1497), [#1510](https://github.com/bigchaindb/bigchaindb/pull/1510), From 2c53dfcd57e7b5fd715f2f8f464680b9da105ec1 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 16:20:44 +0200 Subject: [PATCH 05/54] Added note re dropping support for Python 3.4 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ebb0ba2b..5d0f64d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -66,6 +66,7 @@ Tag name: v1.0.0rc1 ### Notes +* We dropped support for Python 3.4. [Pull Request #1564](https://github.com/bigchaindb/bigchaindb/pull/1564) * There were many improvements to our Kubernetes-based production deployment template (and the associated documentaiton). * There is now a [BigchainDB Ruby driver](https://github.com/LicenseRocks/bigchaindb_ruby), created by @addywaddy at [license.rocks](https://github.com/bigchaindb/bigchaindb/pull/1437). * The [BigchainDB JavaScript driver](https://github.com/bigchaindb/js-bigchaindb-driver) was moved to a different GitHub repo and is now officially maintained by the BigchainDB team. From 9e247f9318fc1b3a4531ff7ec66c2520555d9450 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 17:22:40 +0200 Subject: [PATCH 06/54] Removed all mentions of BIGCHAINDB_SERVER_THREADS --- docs/server/source/server-reference/configuration.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 9766688e..1674f6e5 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -21,7 +21,6 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_SERVER_BIND`
`BIGCHAINDB_SERVER_LOGLEVEL`
`BIGCHAINDB_SERVER_WORKERS`
-`BIGCHAINDB_SERVER_THREADS`
`BIGCHAINDB_WSSERVER_SCHEME`
`BIGCHAINDB_WSSERVER_HOST`
`BIGCHAINDB_WSSERVER_PORT`
@@ -189,7 +188,6 @@ for more information. export BIGCHAINDB_SERVER_BIND=0.0.0.0:9984 export BIGCHAINDB_SERVER_LOGLEVEL=debug export BIGCHAINDB_SERVER_WORKERS=5 -export BIGCHAINDB_SERVER_THREADS=5 ``` **Example config file snippet** From 3aeb20afd3741f562f3a4f7d1efe17bb2aa98f5e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 17:27:51 +0200 Subject: [PATCH 07/54] Changed some ticks to backticks in configuration.md --- docs/server/source/server-reference/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 1674f6e5..f0ce46dc 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -175,7 +175,7 @@ If you used `bigchaindb -y configure mongodb` to create a default local config f These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which is used to serve the [HTTP client-server API](../http-client-server-api.html). -`server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use '0.0.0.0:9984'. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use 'localhost:PORT' where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use 'A.B.C.D:9984' where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.) +`server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use `0.0.0.0:9984`. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use `localhost:PORT` where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use `A.B.C.D:9984` where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.) `server.loglevel` sets the log level of Gunicorn's Error log outputs. See [Gunicorn's documentation](http://docs.gunicorn.org/en/latest/settings.html#loglevel) From 3229e2e26244b6c37d69b4533f6b6d575c9e75c2 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 17:32:22 +0200 Subject: [PATCH 08/54] =?UTF-8?q?docs:=20changed=20the=20*=20symbol=20to?= =?UTF-8?q?=20=C3=97=20for=20multiplication.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/server/source/server-reference/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index f0ce46dc..2ec4bf04 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -181,7 +181,7 @@ These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which i [Gunicorn's documentation](http://docs.gunicorn.org/en/latest/settings.html#loglevel) for more information. -`server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (cpu_count * 2 + 1). Each worker process has a single thread. The HTTP server will be able to handle `server.workers` requests simultaneously. +`server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (2 × cpu_count + 1). Each worker process has a single thread. The HTTP server will be able to handle `server.workers` requests simultaneously. **Example using environment variables** ```text From 3ca11c1f6936a8e3bd19bb473cd32b6bbbd24f3c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 20 Jun 2017 17:40:08 +0200 Subject: [PATCH 09/54] Emphasize MongoDB over RethinkDB in configuration.md --- docs/server/source/server-reference/configuration.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 2ec4bf04..9a86f3e4 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -51,7 +51,7 @@ Note that the `-c` command line option will always take precedence if both the ` You can read the current default values in the file [bigchaindb/\_\_init\_\_.py](https://github.com/bigchaindb/bigchaindb/blob/master/bigchaindb/__init__.py). (The link is to the latest version.) -Running `bigchaindb -y configure rethinkdb` will generate a local config file in `$HOME/.bigchaindb` with all the default values, with two exceptions: It will generate a valid private/public keypair, rather than using the default keypair (`None` and `None`). +Running `bigchaindb -y configure mongodb` will generate a local config file in `$HOME/.bigchaindb` with all the default values (for using MongoDB as the database backend), with two exceptions: it will generate a valid private/public keypair, rather than using the default keypair (`None` and `None`). ## keypair.public & keypair.private @@ -72,7 +72,7 @@ export BIGCHAINDB_KEYPAIR_PRIVATE=5C5Cknco7YxBRP9AgB1cbUVTL4FAcooxErLygw1DeG2D } ``` -Internally (i.e. in the Python code), both keys have a default value of `None`, but that's not a valid key. Therefore you can't rely on the defaults for the keypair. If you want to run BigchainDB, you must provide a valid keypair, either in the environment variables or in the local config file. You can generate a local config file with a valid keypair (and default everything else) using `bigchaindb -y configure rethinkdb`. +Internally (i.e. in the Python code), both keys have a default value of `None`, but that's not a valid key. Therefore you can't rely on the defaults for the keypair. If you want to run BigchainDB, you must provide a valid keypair, either in the environment variables or in the local config file. You can generate a local config file with a valid keypair (and default everything else) using `bigchaindb -y configure mongodb`. ## keyring @@ -101,12 +101,12 @@ Note how the keys in the list are separated by colons. ## database.* The settings with names of the form `database.*` are for the database backend -(currently either RethinkDB or MongoDB). They are: +(currently either MongoDB or RethinkDB). They are: -* `database.backend` is either `rethinkdb` or `mongodb`. +* `database.backend` is either `mongodb` or `rethinkdb`. * `database.host` is the hostname (FQDN) of the backend database. * `database.port` is self-explanatory. -* `database.name` is a user-chosen name for the database inside RethinkDB or MongoDB, e.g. `bigchain`. +* `database.name` is a user-chosen name for the database inside MongoDB or RethinkDB, e.g. `bigchain`. * `database.replicaset` is only relevant if using MongoDB; it's the name of the MongoDB replica set, e.g. `bigchain-rs`. * `database.connection_timeout` is the maximum number of milliseconds that BigchainDB will wait before giving up on one attempt to connect to the database backend. * `database.max_tries` is the maximum number of times that BigchainDB will try to establish a connection with the database backend. If 0, then it will try forever. From 1efb3e6db41ab403a038005990b8eb698be78bec Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 21 Jun 2017 15:01:35 +0200 Subject: [PATCH 10/54] Updated CC-related root docs --- docs/root/source/smart-contracts.rst | 9 ++-- docs/root/source/transaction-concepts.md | 65 ++++++++++++++++++------ 2 files changed, 53 insertions(+), 21 deletions(-) diff --git a/docs/root/source/smart-contracts.rst b/docs/root/source/smart-contracts.rst index 0ae1f964..1669fff9 100644 --- a/docs/root/source/smart-contracts.rst +++ b/docs/root/source/smart-contracts.rst @@ -7,15 +7,12 @@ BigchainDB will run the subset of smart contracts expressible using "crypto-cond The owners of an asset can impose conditions on it that must be met for the asset to be transferred to new owners. Examples of possible conditions (crypto-conditions) include: -- The current owner must sign the transfer transaction (one which transfers ownership to new owners) -- Three out of five current owners must sign the transfer transaction -- (Shannon and Kelly) or Morgan must sign the transfer transaction -- Anyone who provides the secret password (technically, the preimage of a known hash) can create a valid transfer transaction +- The current owner must sign the transfer transaction (one which transfers ownership to new owners). +- Three out of five current owners must sign the transfer transaction. +- (Shannon and Kelly) or Morgan must sign the transfer transaction. Crypto-conditions can be quite complex if-this-then-that type conditions, where the "this" can be a long boolean expression. Crypto-conditions can't include loops or recursion and are therefore will always run/check in finite time. -BigchainDB also supports a timeout condition which enables it to support a form of escrow. - .. note:: We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 `_. diff --git a/docs/root/source/transaction-concepts.md b/docs/root/source/transaction-concepts.md index 4ee68ae2..629c64ff 100644 --- a/docs/root/source/transaction-concepts.md +++ b/docs/root/source/transaction-concepts.md @@ -15,30 +15,57 @@ one might register an identity or a creative work. The things are often called "assets" but they might not be literal assets. BigchainDB supports divisible assets as of BigchainDB Server v0.8.0. -That means you can create/register an asset with an initial quantity, -e.g. 700 oak trees. Divisible assets can be split apart or recombined -by transfer transactions (described more below). +That means you can create/register an asset with an initial number of "shares." +For example, A CREATE transaction could register a truckload of 50 oak trees. +Each share of a divisible asset must be interchangeable with each other share; +the shares must be fungible. -A CREATE transaction also establishes, in its outputs, the conditions that must -be met to transfer the asset(s). The conditions may also be associated with a -list of public keys that, depending on the condition, may have full or partial -control over the asset(s). For example, there may be a condition that any -transfer must be signed (cryptographically) by the private key associated with a -given public key. More sophisticated conditions are possible. BigchainDB's -conditions are based on the crypto-conditions of the [Interledger Protocol -(ILP)](https://interledger.org/). +A CREATE transaction can have one or more outputs. +Each output has an associated amount: the number of shares tied to that output. +For example, if the asset consists of 50 oak trees, +one output might have 35 oak trees for one set of owners, +and the other output might have 15 oak trees for another set of owners. + +Each output also has an associated condition: the condition that must be met +(by a TRANSFER transaction) to transfer/spend the output. +BigchainDB supports a variety of conditions, +a subset of the [Interledger Protocol (ILP)](https://interledger.org/) +crypto-conditions. For details, see +[the documentation about Inputs and Outputs](https://docs.bigchaindb.com/projects/server/en/latest/data-models/inputs-outputs.html). + +Each output also has a list of all the public keys associated +with the conditions on that output. +Loosely speaking, that list might be interpreted as the list of "owners." +A more accurate word might be fulfillers, signers, controllers, +or tranfer-enablers. +See BigchainDB Server [issue #626](https://github.com/bigchaindb/bigchaindb/issues/626). + +A CREATE transaction must be signed by all the owners. +(If you're looking for that signature, +it's in the one "fulfillment" of the one input.) ## TRANSFER Transactions -A TRANSFER transaction can transfer an asset -by providing inputs which fulfill the current output conditions on the asset. -It must also specify new transfer conditions. +A TRANSFER transaction can transfer/spend one or more outputs +on other transactions (CREATE transactions or other TRANSFER transactions). +Those outputs must all be associated with the same asset; +a TRANSFER transaction can only transfer shares of one asset at a time. + +Each input on a TRANSFER transaction connects to one output +on another transaction. +Each input must satisfy the condition on the output it's trying +to transfer/spend. + +A TRANSFER transaction can have one or more outputs, +just like a CREATE transaction (described above). +The total number of shares coming in on the inputs must equal +the total number of shares going out on the outputs. **Example 1:** Suppose a red car is owned and controlled by Joe. Suppose the current transfer condition on the car says that any valid transfer must be signed by Joe. -Joe and a buyer named Rae could build a TRANSFER transaction containing +Joe could build a TRANSFER transaction containing an input with Joe's signature (to fulfill the current output condition) plus a new output condition saying that any valid transfer must be signed by Rae. @@ -62,3 +89,11 @@ When a node is asked to check if a transaction is valid, it checks several things. We documented those things in a post on *The BigchainDB Blog*: ["What is a Valid Transaction in BigchainDB?"](https://blog.bigchaindb.com/what-is-a-valid-transaction-in-bigchaindb-9a1a075a9598) (Note: That post was about BigchainDB Server v1.0.0.) + + +## Example Transactions + +There are example BigchainDB transactions in +[the HTTP API documentation](https://docs.bigchaindb.com/projects/server/en/latest/http-client-server-api.html) +and +[the Python Driver documentation](https://docs.bigchaindb.com/projects/py-driver/en/latest/usage.html). From 99a73cfeae84360c15884114913dc0c8f3956d4c Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 20 Jun 2017 13:50:26 +0200 Subject: [PATCH 11/54] Add support for Python 3.6 closes #1565 --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index c1ae7909..44fb5749 100644 --- a/setup.py +++ b/setup.py @@ -113,6 +113,7 @@ setup( 'License :: OSI Approved :: GNU Affero General Public License v3', 'Programming Language :: Python :: 3 :: Only', 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', 'Operating System :: MacOS :: MacOS X', 'Operating System :: POSIX :: Linux', ], From a175f371b06799f4f603ef7d8bbf5f5a46bda068 Mon Sep 17 00:00:00 2001 From: Krish Date: Thu, 22 Jun 2017 14:05:37 +0200 Subject: [PATCH 12/54] Bump up nginx-3scale version number (#1575) --- k8s/nginx-3scale/nginx-3scale-dep.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/nginx-3scale/nginx-3scale-dep.yaml b/k8s/nginx-3scale/nginx-3scale-dep.yaml index a815d1c7..1dacf617 100644 --- a/k8s/nginx-3scale/nginx-3scale-dep.yaml +++ b/k8s/nginx-3scale/nginx-3scale-dep.yaml @@ -19,7 +19,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: nginx-3scale - image: bigchaindb/nginx_3scale:1.4 + image: bigchaindb/nginx_3scale:1.5 imagePullPolicy: Always env: - name: MONGODB_FRONTEND_PORT From 02fe712c343fa21bcb34d195fefced207119d0a3 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 14 Jun 2017 18:42:07 +0200 Subject: [PATCH 13/54] Integrate cryptoconditions version 02 --- .ci/travis-install.sh | 2 +- bigchaindb/common/schema/transaction.yaml | 4 +- bigchaindb/common/transaction.py | 94 +++++++++--------- docker-compose.yml | 1 + setup.py | 4 +- tests/common/conftest.py | 26 +++-- tests/common/test_transaction.py | 110 +++++++++++----------- tests/db/test_bigchain_api.py | 7 +- tests/pipelines/test_vote.py | 2 +- tests/web/test_transactions.py | 2 +- tox.ini | 1 + 11 files changed, 134 insertions(+), 119 deletions(-) diff --git a/.ci/travis-install.sh b/.ci/travis-install.sh index 7adc217f..097f81dc 100755 --- a/.ci/travis-install.sh +++ b/.ci/travis-install.sh @@ -7,6 +7,6 @@ pip install --upgrade pip if [[ -n ${TOXENV} ]]; then pip install --upgrade tox else - pip install -e .[test] + pip install .[test] pip install --upgrade codecov fi diff --git a/bigchaindb/common/schema/transaction.yaml b/bigchaindb/common/schema/transaction.yaml index e58b5403..4fb8ce78 100644 --- a/bigchaindb/common/schema/transaction.yaml +++ b/bigchaindb/common/schema/transaction.yaml @@ -154,7 +154,7 @@ definitions: additionalProperties: true uri: type: string - pattern: "^cc:([1-9a-f][0-9a-f]{0,3}|0):[1-9a-f][0-9a-f]{0,15}:[a-zA-Z0-9_-]{0,86}:([1-9][0-9]{0,17}|0)$" + pattern: "^ni:///sha-256;([a-zA-Z0-9_-]{0,86})?(.+)$" public_keys: "$ref": "#/definitions/public_keys" description: | @@ -195,7 +195,7 @@ definitions: that satisfies the condition of a previous output to prove that the creator(s) of this transaction have control over the listed asset. - type: string - pattern: "^cf:([1-9a-f][0-9a-f]{0,3}|0):[a-zA-Z0-9_-]*$" + pattern: "^[a-zA-Z0-9_-]*$" fulfills: anyOf: - type: 'object' diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index b021c66e..a4472944 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -1,15 +1,16 @@ from copy import deepcopy from functools import reduce -from cryptoconditions import (Fulfillment, ThresholdSha256Fulfillment, - Ed25519Fulfillment) -from cryptoconditions.exceptions import ParsingError +import base58 +from cryptoconditions import Fulfillment, ThresholdSha256, Ed25519Sha256 +from cryptoconditions.exceptions import ( + ParsingError, ASN1DecodeError, ASN1EncodeError) from bigchaindb.common.crypto import PrivateKey, hash_data from bigchaindb.common.exceptions import (KeypairMismatchException, InvalidHash, InvalidSignature, AmountError, AssetIdMismatch) -from bigchaindb.common.utils import serialize, gen_timestamp +from bigchaindb.common.utils import serialize import bigchaindb.version @@ -65,7 +66,7 @@ class Input(object): """ try: fulfillment = self.fulfillment.serialize_uri() - except (TypeError, AttributeError): + except (TypeError, AttributeError, ASN1EncodeError): # NOTE: When a non-signed transaction is casted to a dict, # `self.inputs` value is lost, as in the node's # transaction model that is saved to the database, does not @@ -114,15 +115,18 @@ class Input(object): Raises: InvalidSignature: If an Input's URI couldn't be parsed. """ - try: - fulfillment = Fulfillment.from_uri(data['fulfillment']) - except ValueError: - # TODO FOR CC: Throw an `InvalidSignature` error in this case. - raise InvalidSignature("Fulfillment URI couldn't been parsed") - except TypeError: - # NOTE: See comment about this special case in - # `Input.to_dict` - fulfillment = Fulfillment.from_dict(data['fulfillment']) + fulfillment = data['fulfillment'] + if not isinstance(fulfillment, Fulfillment): + try: + fulfillment = Fulfillment.from_uri(data['fulfillment']) + except ASN1DecodeError: + # TODO Remove as it is legacy code, and simply fall back on + # ASN1DecodeError + raise InvalidSignature("Fulfillment URI couldn't been parsed") + except TypeError: + # NOTE: See comment about this special case in + # `Input.to_dict` + fulfillment = Fulfillment.from_dict(data['fulfillment']) fulfills = TransactionLink.from_dict(data['fulfills']) return cls(fulfillment, data['owners_before'], fulfills) @@ -310,13 +314,14 @@ class Output(object): raise ValueError('`public_keys` needs to contain at least one' 'owner') elif len(public_keys) == 1 and not isinstance(public_keys[0], list): - try: - ffill = Ed25519Fulfillment(public_key=public_keys[0]) - except TypeError: + if isinstance(public_keys[0], Fulfillment): ffill = public_keys[0] + else: + ffill = Ed25519Sha256( + public_key=base58.b58decode(public_keys[0])) return cls(ffill, public_keys, amount=amount) else: - initial_cond = ThresholdSha256Fulfillment(threshold=threshold) + initial_cond = ThresholdSha256(threshold=threshold) threshold_cond = reduce(cls._gen_condition, public_keys, initial_cond) return cls(threshold_cond, public_keys, amount=amount) @@ -331,13 +336,13 @@ class Output(object): :meth:`~.Output.generate`. Args: - initial (:class:`cryptoconditions.ThresholdSha256Fulfillment`): + initial (:class:`cryptoconditions.ThresholdSha256`): A Condition representing the overall root. new_public_keys (:obj:`list` of :obj:`str`|str): A list of new owners or a single new owner. Returns: - :class:`cryptoconditions.ThresholdSha256Fulfillment`: + :class:`cryptoconditions.ThresholdSha256`: """ try: threshold = len(new_public_keys) @@ -345,7 +350,7 @@ class Output(object): threshold = None if isinstance(new_public_keys, list) and len(new_public_keys) > 1: - ffill = ThresholdSha256Fulfillment(threshold=threshold) + ffill = ThresholdSha256(threshold=threshold) reduce(cls._gen_condition, new_public_keys, ffill) elif isinstance(new_public_keys, list) and len(new_public_keys) <= 1: raise ValueError('Sublist cannot contain single owner') @@ -354,16 +359,17 @@ class Output(object): new_public_keys = new_public_keys.pop() except AttributeError: pass - try: - ffill = Ed25519Fulfillment(public_key=new_public_keys) - except TypeError: - # NOTE: Instead of submitting base58 encoded addresses, a user - # of this class can also submit fully instantiated - # Cryptoconditions. In the case of casting - # `new_public_keys` to a Ed25519Fulfillment with the - # result of a `TypeError`, we're assuming that - # `new_public_keys` is a Cryptocondition then. + # NOTE: Instead of submitting base58 encoded addresses, a user + # of this class can also submit fully instantiated + # Cryptoconditions. In the case of casting + # `new_public_keys` to a Ed25519Fulfillment with the + # result of a `TypeError`, we're assuming that + # `new_public_keys` is a Cryptocondition then. + if isinstance(new_public_keys, Fulfillment): ffill = new_public_keys + else: + ffill = Ed25519Sha256( + public_key=base58.b58decode(new_public_keys)) initial.add_subfulfillment(ffill) return initial @@ -661,7 +667,7 @@ class Transaction(object): This method works only for the following Cryptoconditions currently: - Ed25519Fulfillment - - ThresholdSha256Fulfillment + - ThresholdSha256 Furthermore, note that all keys required to fully sign the Transaction have to be passed to this method. A subset of all will cause this method to fail. @@ -712,7 +718,7 @@ class Transaction(object): This method works only for the following Cryptoconditions currently: - Ed25519Fulfillment - - ThresholdSha256Fulfillment. + - ThresholdSha256. Args: input_ (:class:`~bigchaindb.common.transaction. @@ -720,10 +726,10 @@ class Transaction(object): message (str): The message to be signed key_pairs (dict): The keys to sign the Transaction with. """ - if isinstance(input_.fulfillment, Ed25519Fulfillment): + if isinstance(input_.fulfillment, Ed25519Sha256): return cls._sign_simple_signature_fulfillment(input_, message, key_pairs) - elif isinstance(input_.fulfillment, ThresholdSha256Fulfillment): + elif isinstance(input_.fulfillment, ThresholdSha256): return cls._sign_threshold_signature_fulfillment(input_, message, key_pairs) else: @@ -749,7 +755,10 @@ class Transaction(object): try: # cryptoconditions makes no assumptions of the encoding of the # message to sign or verify. It only accepts bytestrings - input_.fulfillment.sign(message.encode(), key_pairs[public_key]) + input_.fulfillment.sign( + message.encode(), + base58.b58decode(key_pairs[public_key].encode()), + ) except KeyError: raise KeypairMismatchException('Public key {} is not a pair to ' 'any of the private keys' @@ -758,7 +767,7 @@ class Transaction(object): @classmethod def _sign_threshold_signature_fulfillment(cls, input_, message, key_pairs): - """Signs a ThresholdSha256Fulfillment. + """Signs a ThresholdSha256. Args: input_ (:class:`~bigchaindb.common.transaction. @@ -778,7 +787,8 @@ class Transaction(object): # TODO FOR CC: `get_subcondition` is singular. One would not # expect to get a list back. ccffill = input_.fulfillment - subffills = ccffill.get_subcondition_from_vk(owner_before) + subffills = ccffill.get_subcondition_from_vk( + base58.b58decode(owner_before)) if not subffills: raise KeypairMismatchException('Public key {} cannot be found ' 'in the fulfillment' @@ -793,7 +803,7 @@ class Transaction(object): # cryptoconditions makes no assumptions of the encoding of the # message to sign or verify. It only accepts bytestrings for subffill in subffills: - subffill.sign(message.encode(), private_key) + subffill.sign(message.encode(), base58.b58decode(private_key.encode())) return input_ def inputs_valid(self, outputs=None): @@ -882,7 +892,8 @@ class Transaction(object): ccffill = input_.fulfillment try: parsed_ffill = Fulfillment.from_uri(ccffill.serialize_uri()) - except (TypeError, ValueError, ParsingError): + except (TypeError, ValueError, + ParsingError, ASN1DecodeError, ASN1EncodeError): return False if operation in (Transaction.CREATE, Transaction.GENESIS): @@ -897,8 +908,7 @@ class Transaction(object): # cryptoconditions makes no assumptions of the encoding of the # message to sign or verify. It only accepts bytestrings - ffill_valid = parsed_ffill.validate(message=tx_serialized.encode(), - now=gen_timestamp()) + ffill_valid = parsed_ffill.validate(message=tx_serialized.encode()) return output_valid and ffill_valid def to_dict(self): @@ -940,7 +950,7 @@ class Transaction(object): tx_dict = deepcopy(tx_dict) for input_ in tx_dict['inputs']: # NOTE: Not all Cryptoconditions return a `signature` key (e.g. - # ThresholdSha256Fulfillment), so setting it to `None` in any + # ThresholdSha256), so setting it to `None` in any # case could yield incorrect signatures. This is why we only # set it to `None` if it's set in the dict. input_['fulfillment'] = None diff --git a/docker-compose.yml b/docker-compose.yml index 67953b49..ae988aba 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,6 +22,7 @@ services: - ./setup.cfg:/usr/src/app/setup.cfg - ./pytest.ini:/usr/src/app/pytest.ini - ./tox.ini:/usr/src/app/tox.ini + - ../cryptoconditions:/usr/src/app/cryptoconditions environment: BIGCHAINDB_DATABASE_BACKEND: mongodb BIGCHAINDB_DATABASE_HOST: mdb diff --git a/setup.py b/setup.py index 44fb5749..1b6297c7 100644 --- a/setup.py +++ b/setup.py @@ -67,7 +67,7 @@ install_requires = [ 'rethinkdb~=2.3', # i.e. a version between 2.3 and 3.0 'pymongo~=3.4', 'pysha3~=1.0.2', - 'cryptoconditions>=0.5.0', + 'cryptoconditions>=0.6.0.dev', 'python-rapidjson==0.0.11', 'logstats>=0.2.1', 'flask>=0.10.1', @@ -126,7 +126,7 @@ setup( ], }, install_requires=install_requires, - setup_requires=['pytest-runner'], + setup_requires=['pytest-runner', 'cryptoconditions'], tests_require=tests_require, extras_require={ 'test': tests_require, diff --git a/tests/common/conftest.py b/tests/common/conftest.py index e8c4f9c6..8dfabf30 100644 --- a/tests/common/conftest.py +++ b/tests/common/conftest.py @@ -1,3 +1,4 @@ +from base58 import b58decode import pytest @@ -11,8 +12,13 @@ USER3_PRIVATE_KEY = '4rNQFzWQbVwuTiDVxwuFMvLG5zd8AhrQKCtVovBvcYsB' USER3_PUBLIC_KEY = 'Gbrg7JtxdjedQRmr81ZZbh1BozS7fBW88ZyxNDy7WLNC' -CC_FULFILLMENT_URI = 'cf:0:' -CC_CONDITION_URI = 'cc:0:3:47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU:0' +CC_FULFILLMENT_URI = ( + 'pGSAINdamAGCsQq31Uv-08lkBzoO4XLz2qYjJa8CGmj3B1EagUDlVkMAw2CscpCG4syAboKKh' + 'Id_Hrjl2XTYc-BlIkkBVV-4ghWQozusxh45cBz5tGvSW_XwWVu-JGVRQUOOehAL' +) +CC_CONDITION_URI = ('ni:///sha-256;' + 'eZI5q6j8T_fqv7xMROaei9_tmTMk4S7WR5Kr4onPHV8' + '?fpt=ed25519-sha-256&cost=131072') ASSET_DEFINITION = { 'data': { @@ -71,25 +77,25 @@ def cond_uri(): @pytest.fixture def user_Ed25519(user_pub): - from cryptoconditions import Ed25519Fulfillment - return Ed25519Fulfillment(public_key=user_pub) + from cryptoconditions import Ed25519Sha256 + return Ed25519Sha256(public_key=b58decode(user_pub)) @pytest.fixture def user_user2_threshold(user_pub, user2_pub): - from cryptoconditions import (ThresholdSha256Fulfillment, - Ed25519Fulfillment) + from cryptoconditions import ThresholdSha256, Ed25519Sha256 user_pub_keys = [user_pub, user2_pub] - threshold = ThresholdSha256Fulfillment(threshold=len(user_pub_keys)) + threshold = ThresholdSha256(threshold=len(user_pub_keys)) for user_pub in user_pub_keys: - threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub)) + threshold.add_subfulfillment( + Ed25519Sha256(public_key=b58decode(user_pub))) return threshold @pytest.fixture def user2_Ed25519(user2_pub): - from cryptoconditions import Ed25519Fulfillment - return Ed25519Fulfillment(public_key=user2_pub) + from cryptoconditions import Ed25519Sha256 + return Ed25519Sha256(public_key=b58decode(user2_pub)) @pytest.fixture diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index 6855bf3a..368789bb 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -2,7 +2,9 @@ These are tests of the API of the Transaction class and associated classes. Tests for transaction validation are separate. """ +from copy import deepcopy +from base58 import b58decode from pytest import raises @@ -110,10 +112,10 @@ def test_output_deserialization(user_Ed25519, user_pub): def test_output_hashlock_serialization(): from bigchaindb.common.transaction import Output - from cryptoconditions import PreimageSha256Fulfillment + from cryptoconditions import PreimageSha256 secret = b'wow much secret' - hashlock = PreimageSha256Fulfillment(preimage=secret).condition_uri + hashlock = PreimageSha256(preimage=secret).condition_uri expected = { 'condition': { @@ -129,10 +131,10 @@ def test_output_hashlock_serialization(): def test_output_hashlock_deserialization(): from bigchaindb.common.transaction import Output - from cryptoconditions import PreimageSha256Fulfillment + from cryptoconditions import PreimageSha256 secret = b'wow much secret' - hashlock = PreimageSha256Fulfillment(preimage=secret).condition_uri + hashlock = PreimageSha256(preimage=secret).condition_uri expected = Output(hashlock, amount=1) cond = { @@ -161,15 +163,15 @@ def test_invalid_output_initialization(cond_uri, user_pub): def test_generate_output_split_half_recursive(user_pub, user2_pub, user3_pub): from bigchaindb.common.transaction import Output - from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment + from cryptoconditions import Ed25519Sha256, ThresholdSha256 - expected_simple1 = Ed25519Fulfillment(public_key=user_pub) - expected_simple2 = Ed25519Fulfillment(public_key=user2_pub) - expected_simple3 = Ed25519Fulfillment(public_key=user3_pub) + expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub)) + expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub)) + expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub)) - expected = ThresholdSha256Fulfillment(threshold=2) + expected = ThresholdSha256(threshold=2) expected.add_subfulfillment(expected_simple1) - expected_threshold = ThresholdSha256Fulfillment(threshold=2) + expected_threshold = ThresholdSha256(threshold=2) expected_threshold.add_subfulfillment(expected_simple2) expected_threshold.add_subfulfillment(expected_simple3) expected.add_subfulfillment(expected_threshold) @@ -181,14 +183,14 @@ def test_generate_output_split_half_recursive(user_pub, user2_pub, user3_pub): def test_generate_outputs_split_half_single_owner(user_pub, user2_pub, user3_pub): from bigchaindb.common.transaction import Output - from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment + from cryptoconditions import Ed25519Sha256, ThresholdSha256 - expected_simple1 = Ed25519Fulfillment(public_key=user_pub) - expected_simple2 = Ed25519Fulfillment(public_key=user2_pub) - expected_simple3 = Ed25519Fulfillment(public_key=user3_pub) + expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub)) + expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub)) + expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub)) - expected = ThresholdSha256Fulfillment(threshold=2) - expected_threshold = ThresholdSha256Fulfillment(threshold=2) + expected = ThresholdSha256(threshold=2) + expected_threshold = ThresholdSha256(threshold=2) expected_threshold.add_subfulfillment(expected_simple2) expected_threshold.add_subfulfillment(expected_simple3) expected.add_subfulfillment(expected_threshold) @@ -200,13 +202,13 @@ def test_generate_outputs_split_half_single_owner(user_pub, def test_generate_outputs_flat_ownage(user_pub, user2_pub, user3_pub): from bigchaindb.common.transaction import Output - from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment + from cryptoconditions import Ed25519Sha256, ThresholdSha256 - expected_simple1 = Ed25519Fulfillment(public_key=user_pub) - expected_simple2 = Ed25519Fulfillment(public_key=user2_pub) - expected_simple3 = Ed25519Fulfillment(public_key=user3_pub) + expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub)) + expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub)) + expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub)) - expected = ThresholdSha256Fulfillment(threshold=3) + expected = ThresholdSha256(threshold=3) expected.add_subfulfillment(expected_simple1) expected.add_subfulfillment(expected_simple2) expected.add_subfulfillment(expected_simple3) @@ -217,9 +219,9 @@ def test_generate_outputs_flat_ownage(user_pub, user2_pub, user3_pub): def test_generate_output_single_owner(user_pub): from bigchaindb.common.transaction import Output - from cryptoconditions import Ed25519Fulfillment + from cryptoconditions import Ed25519Sha256 - expected = Ed25519Fulfillment(public_key=user_pub) + expected = Ed25519Sha256(public_key=b58decode(user_pub)) cond = Output.generate([user_pub], 1) assert cond.fulfillment.to_dict() == expected.to_dict() @@ -227,9 +229,9 @@ def test_generate_output_single_owner(user_pub): def test_generate_output_single_owner_with_output(user_pub): from bigchaindb.common.transaction import Output - from cryptoconditions import Ed25519Fulfillment + from cryptoconditions import Ed25519Sha256 - expected = Ed25519Fulfillment(public_key=user_pub) + expected = Ed25519Sha256(public_key=b58decode(user_pub)) cond = Output.generate([expected], 1) assert cond.fulfillment.to_dict() == expected.to_dict() @@ -489,15 +491,13 @@ def test_sign_with_invalid_parameters(utx, user_priv): def test_validate_tx_simple_create_signature(user_input, user_output, user_priv, asset_definition): - from copy import deepcopy - from bigchaindb.common.crypto import PrivateKey from bigchaindb.common.transaction import Transaction from .utils import validate_transaction_model tx = Transaction(Transaction.CREATE, asset_definition, [user_input], [user_output]) expected = deepcopy(user_output) message = str(tx).encode() - expected.fulfillment.sign(message, PrivateKey(user_priv)) + expected.fulfillment.sign(message, b58decode(user_priv)) tx.sign([user_priv]) assert tx.inputs[0].to_dict()['fulfillment'] == \ @@ -527,7 +527,7 @@ def test_sign_threshold_with_invalid_params(utx, user_user2_threshold_input, 'somemessage', {user3_pub: user3_priv}) with raises(KeypairMismatchException): - user_user2_threshold_input.owners_before = ['somewrongvalue'] + user_user2_threshold_input.owners_before = [58 * 'a'] utx._sign_threshold_signature_fulfillment(user_user2_threshold_input, 'somemessage', None) @@ -551,9 +551,6 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input, user_priv, user2_priv, asset_definition): - from copy import deepcopy - - from bigchaindb.common.crypto import PrivateKey from bigchaindb.common.transaction import Transaction from .utils import validate_transaction_model @@ -562,10 +559,10 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input, [user_user2_threshold_output]) message = str(tx).encode() expected = deepcopy(user_user2_threshold_output) - expected.fulfillment.subconditions[0]['body'].sign(message, - PrivateKey(user_priv)) - expected.fulfillment.subconditions[1]['body'].sign(message, - PrivateKey(user2_priv)) + expected.fulfillment.subconditions[0]['body'].sign( + message, b58decode(user_priv)) + expected.fulfillment.subconditions[1]['body'].sign( + message, b58decode(user2_priv)) tx.sign([user_priv, user2_priv]) assert tx.inputs[0].to_dict()['fulfillment'] == \ @@ -577,14 +574,14 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input, def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv, asset_definition): - from copy import deepcopy - from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment + from cryptoconditions import Ed25519Sha256, ThresholdSha256 from bigchaindb.common.transaction import Input, Output, Transaction - from bigchaindb.common.crypto import PrivateKey - threshold = ThresholdSha256Fulfillment(threshold=2) - threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub)) - threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub)) + threshold = ThresholdSha256(threshold=2) + threshold.add_subfulfillment( + Ed25519Sha256(public_key=b58decode(user_pub))) + threshold.add_subfulfillment( + Ed25519Sha256(public_key=b58decode(user_pub))) threshold_input = Input(threshold, [user_pub, user_pub]) threshold_output = Output(threshold, [user_pub, user_pub]) @@ -592,10 +589,10 @@ def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv, tx = Transaction(Transaction.CREATE, asset_definition, [threshold_input], [threshold_output]) expected = deepcopy(threshold_input) - expected.fulfillment.subconditions[0]['body'].sign(str(tx).encode(), - PrivateKey(user_priv)) - expected.fulfillment.subconditions[1]['body'].sign(str(tx).encode(), - PrivateKey(user_priv)) + expected.fulfillment.subconditions[0]['body'].sign( + str(tx).encode(), b58decode(user_priv)) + expected.fulfillment.subconditions[1]['body'].sign( + str(tx).encode(), b58decode(user_priv)) tx.sign([user_priv, user_priv]) @@ -616,10 +613,9 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output, user2_priv, user3_pub, user3_priv, asset_definition): - from copy import deepcopy from bigchaindb.common.transaction import (Transaction, TransactionLink, Input, Output) - from cryptoconditions import Ed25519Fulfillment + from cryptoconditions import Ed25519Sha256 from .utils import validate_transaction_model tx = Transaction(Transaction.CREATE, asset_definition, [user_input], @@ -629,8 +625,10 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output, inputs = [Input(cond.fulfillment, cond.public_keys, TransactionLink(tx.id, index)) for index, cond in enumerate(tx.outputs)] - outputs = [Output(Ed25519Fulfillment(public_key=user3_pub), [user3_pub]), - Output(Ed25519Fulfillment(public_key=user3_pub), [user3_pub])] + outputs = [Output(Ed25519Sha256(public_key=b58decode(user3_pub)), + [user3_pub]), + Output(Ed25519Sha256(public_key=b58decode(user3_pub)), + [user3_pub])] transfer_tx = Transaction('TRANSFER', {'id': tx.id}, inputs, outputs) transfer_tx = transfer_tx.sign([user_priv]) @@ -640,11 +638,11 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output, def test_validate_inputs_of_transfer_tx_with_invalid_params( - transfer_tx, cond_uri, utx, user2_pub, user_priv): + transfer_tx, cond_uri, utx, user2_pub, user_priv, ffill_uri): from bigchaindb.common.transaction import Output - from cryptoconditions import Ed25519Fulfillment + from cryptoconditions import Ed25519Sha256 - invalid_out = Output(Ed25519Fulfillment.from_uri('cf:0:'), ['invalid']) + invalid_out = Output(Ed25519Sha256.from_uri(ffill_uri), ['invalid']) assert transfer_tx.inputs_valid([invalid_out]) is False invalid_out = utx.outputs[0] invalid_out.public_key = 'invalid' @@ -826,8 +824,6 @@ def test_outputs_to_inputs(tx): def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub, user2_output, user_priv): - from copy import deepcopy - from bigchaindb.common.crypto import PrivateKey from bigchaindb.common.transaction import Transaction from bigchaindb.common.utils import serialize from .utils import validate_transaction_model @@ -861,8 +857,8 @@ def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub, expected_input = deepcopy(inputs[0]) expected['id'] = transfer_tx['id'] - expected_input.fulfillment.sign(serialize(expected).encode(), - PrivateKey(user_priv)) + expected_input.fulfillment.sign( + serialize(expected).encode(), b58decode(user_priv)) expected_ffill = expected_input.fulfillment.serialize_uri() transfer_ffill = transfer_tx['inputs'][0]['fulfillment'] diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index 5f906c5c..34374837 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -1,7 +1,8 @@ from time import sleep +from unittest.mock import patch import pytest -from unittest.mock import patch +from base58 import b58decode pytestmark = pytest.mark.bdb @@ -577,14 +578,14 @@ class TestBigchainApi(object): @pytest.mark.usefixtures('inputs') def test_non_create_input_not_found(self, b, user_pk): - from cryptoconditions import Ed25519Fulfillment + from cryptoconditions import Ed25519Sha256 from bigchaindb.common.exceptions import InputDoesNotExist from bigchaindb.common.transaction import Input, TransactionLink from bigchaindb.models import Transaction from bigchaindb import Bigchain # Create an input for a non existing transaction - input = Input(Ed25519Fulfillment(public_key=user_pk), + input = Input(Ed25519Sha256(public_key=b58decode(user_pk)), [user_pk], TransactionLink('somethingsomething', 0)) tx = Transaction.transfer([input], [([user_pk], 1)], diff --git a/tests/pipelines/test_vote.py b/tests/pipelines/test_vote.py index cb9a131a..21bbc0bf 100644 --- a/tests/pipelines/test_vote.py +++ b/tests/pipelines/test_vote.py @@ -180,7 +180,7 @@ def test_vote_accumulates_transactions(b): validation = vote_obj.validate_tx(tx.to_dict(), 123, 1) assert validation == (True, 123, 1) - tx.inputs[0].fulfillment.signature = None + tx.inputs[0].fulfillment.signature = 64*b'z' validation = vote_obj.validate_tx(tx.to_dict(), 456, 10) assert validation == (False, 456, 10) diff --git a/tests/web/test_transactions.py b/tests/web/test_transactions.py index ce269110..03eaaa3e 100644 --- a/tests/web/test_transactions.py +++ b/tests/web/test_transactions.py @@ -89,7 +89,7 @@ def test_post_create_transaction_with_invalid_signature(mock_logger, tx = Transaction.create([user_pub], [([user_pub], 1)]) tx = tx.sign([user_priv]).to_dict() - tx['inputs'][0]['fulfillment'] = 'cf:0:0' + tx['inputs'][0]['fulfillment'] = 64 * '0' res = client.post(TX_ENDPOINT, data=json.dumps(tx)) expected_status_code = 400 diff --git a/tox.ini b/tox.ini index 257f3859..d92c84c5 100644 --- a/tox.ini +++ b/tox.ini @@ -13,6 +13,7 @@ setenv = rethinkdb: BIGCHAINDB_DATABASE_BACKEND=rethinkdb mongodb: BIGCHAINDB_DATABASE_BACKEND=mongodb deps = {[base]deps} +install_command = pip install {opts} {packages} extras = test commands = pytest -v -n auto --cov=bigchaindb --basetemp={envtmpdir} From 31e3dd224c7ee2981c8e1ce77fd3eeaaff9dd07a Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 22 Jun 2017 15:10:10 +0200 Subject: [PATCH 14/54] Note re PR #1450 in CHANGELOG --- CHANGELOG.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d0f64d5..a2300165 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,6 @@ Tag name: v1.0.0rc1 * The `database.connection_timeout` configuration setting now works with RethinkDB too. [#1512](https://github.com/bigchaindb/bigchaindb/pull/1512) * New code and tools for benchmarking CREATE transactions. [Pull Request #1511](https://github.com/bigchaindb/bigchaindb/pull/1511) - ### Changed * There's an upgrade guide in `docs/upgrade-guides/v0.10-->v1.0.md`. It only covers changes to the transaction model and HTTP API. If that file hasn't been merged yet, see [Pull Request #1547](https://github.com/bigchaindb/bigchaindb/pull/1547) * Cryptographic signatures now sign the whole (serialized) transaction body, including the transaction ID, but with all `"fulfillment"` values changed to `None`. [Pull Request #1225](https://github.com/bigchaindb/bigchaindb/pull/1225) @@ -49,14 +48,11 @@ Tag name: v1.0.0rc1 * Relative links were replaced with JSON objects in HTTP API responses. [Pull Request #1541](https://github.com/bigchaindb/bigchaindb/pull/1541) * In the outputs endpoint of the HTTP API, the query parameter `unspent` was changed to `spent` (so no more double negatives). If that query parameter isn't included, then all outputs matching the specificed public key will be returned. If `spent=true`, then only the spent outputs will be returned. If `spent=false`, then only the unspent outputs will be returned. [Pull Request #1545](https://github.com/bigchaindb/bigchaindb/pull/1545) - ### Removed * The `server.threads` configuration setting (for the Gunicorn HTTP server) was removed from the default set of BigchainDB configuration settings. [Pull Request #1488](https://github.com/bigchaindb/bigchaindb/pull/1488) - ### Fixed -* TODO: Pull Request #1450 fixed a bug but then it came back later? See [pull request #1470](https://github.com/bigchaindb/bigchaindb/pull/1470) ("#1450 unrevert") - +* The `GET /api/v1/outputs` endpoint was failing for some transactions with threshold conditions. Fixed in [Pull Request #1450](https://github.com/bigchaindb/bigchaindb/pull/1450) ### External Contributors * @elopio - Pull Requests [#1415](https://github.com/bigchaindb/bigchaindb/pull/1415) and [#1491](https://github.com/bigchaindb/bigchaindb/pull/1491) @@ -64,7 +60,6 @@ Tag name: v1.0.0rc1 * @tdsgit - [Pull Request #1512](https://github.com/bigchaindb/bigchaindb/pull/1512) * @lavinasachdev3 - [Pull Request #1357](https://github.com/bigchaindb/bigchaindb/pull/1357) - ### Notes * We dropped support for Python 3.4. [Pull Request #1564](https://github.com/bigchaindb/bigchaindb/pull/1564) * There were many improvements to our Kubernetes-based production deployment template (and the associated documentaiton). From 4277c6b8573c5bdc416fb3ed3b84b23d0b5631a3 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 22 Jun 2017 15:14:06 +0200 Subject: [PATCH 15/54] Added note re switching to crypto-conditions version 02 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2300165..4e4dc6a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -47,6 +47,7 @@ Tag name: v1.0.0rc1 * The hostname and port were removed from all URLs in all HTTP API responses. [Pull Request #1538](https://github.com/bigchaindb/bigchaindb/pull/1538) * Relative links were replaced with JSON objects in HTTP API responses. [Pull Request #1541](https://github.com/bigchaindb/bigchaindb/pull/1541) * In the outputs endpoint of the HTTP API, the query parameter `unspent` was changed to `spent` (so no more double negatives). If that query parameter isn't included, then all outputs matching the specificed public key will be returned. If `spent=true`, then only the spent outputs will be returned. If `spent=false`, then only the unspent outputs will be returned. [Pull Request #1545](https://github.com/bigchaindb/bigchaindb/pull/1545) +* The supported crypto-conditions changed from version 01 of the crypto-conditions spec to version 02. [Pull Request #1562](https://github.com/bigchaindb/bigchaindb/pull/1562) ### Removed * The `server.threads` configuration setting (for the Gunicorn HTTP server) was removed from the default set of BigchainDB configuration settings. [Pull Request #1488](https://github.com/bigchaindb/bigchaindb/pull/1488) From 9ceea89537c1634e19a09b84c467ee00818fe4e0 Mon Sep 17 00:00:00 2001 From: Krish Date: Thu, 22 Jun 2017 16:32:04 +0200 Subject: [PATCH 16/54] Enable Auth over TLS connections (#1552) * Changes to support auth on the infrastructure * Auth over TLS/SSL support in BigchainDB, MongoDB, Monitoring Agent, Backup Agent * Update certificates: Different OUs specified now * Code formatting - Make flake happy! * Raise proper authentication failed error * Documentation changes for auth * Support auth in k8s deployment * Commit certs for monitoring and backup agents * Configuration to allow Cloud Manager Backup Agent to backup data * Update docs and remove authentication error --- Dockerfile | 2 +- bigchaindb/backend/exceptions.py | 4 - bigchaindb/backend/mongodb/connection.py | 27 +- .../add-node-on-kubernetes.rst | 2 +- .../cloud-manager.rst | 22 +- .../easy-rsa.rst | 7 +- .../node-on-kubernetes.rst | 128 ++++++- .../workflow.rst | 1 + k8s/bigchaindb/bigchaindb-dep.yaml | 21 ++ k8s/configuration/secret.yaml | 12 +- k8s/mongodb/container/README.md | 10 +- .../container/docker_build_and_push.bash | 5 + k8s/mongodb/container/mongod.conf.template | 11 +- tests/backend/mongodb-ssl/certs/ca.crt | 71 ++-- tests/backend/mongodb-ssl/certs/crl.pem | 39 +-- .../mongodb-ssl/certs/test_bdb_ssl.crt | 215 ++++++------ .../mongodb-ssl/certs/test_bdb_ssl.key | 100 +++--- .../certs/test_mdb_bak_ssl_cert_and_key.pem | 185 ++++++++++ .../certs/test_mdb_mon_ssl_cert_and_key.pem | 185 ++++++++++ .../certs/test_mdb_ssl_cert_and_key.pem | 317 +++++++++--------- .../mongodb-ssl/test_ssl_connection.py | 4 +- 21 files changed, 954 insertions(+), 414 deletions(-) create mode 100755 k8s/mongodb/container/docker_build_and_push.bash create mode 100644 tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem create mode 100644 tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem diff --git a/Dockerfile b/Dockerfile index 159fef09..bd3c8d9a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ RUN apt-get -qq update \ && pip install --no-cache-dir . \ && apt-get autoremove \ && apt-get clean -VOLUME ["/data"] +VOLUME ["/data", "/certs"] WORKDIR /data ENV BIGCHAINDB_CONFIG_PATH /data/.bigchaindb ENV BIGCHAINDB_SERVER_BIND 0.0.0.0:9984 diff --git a/bigchaindb/backend/exceptions.py b/bigchaindb/backend/exceptions.py index e59b317b..017e19e4 100644 --- a/bigchaindb/backend/exceptions.py +++ b/bigchaindb/backend/exceptions.py @@ -9,10 +9,6 @@ class ConnectionError(BackendError): """Exception raised when the connection to the backend fails.""" -class AuthenticationError(ConnectionError): - """Exception raised when MongoDB Authentication fails""" - - class OperationError(BackendError): """Exception raised when a backend operation fails.""" diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 12aa6dd1..338ee18e 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -9,8 +9,7 @@ from bigchaindb.utils import Lazy from bigchaindb.common.exceptions import ConfigurationError from bigchaindb.backend.exceptions import (DuplicateKeyError, OperationError, - ConnectionError, - AuthenticationError) + ConnectionError) from bigchaindb.backend.connection import Connection logger = logging.getLogger(__name__) @@ -113,6 +112,8 @@ class MongoDBConnection(Connection): replicaset=self.replicaset, serverselectiontimeoutms=self.connection_timeout, ssl=self.ssl) + if self.login is not None and self.password is not None: + client[self.dbname].authenticate(self.login, self.password) else: logger.info('Connecting to MongoDB over TLS/SSL...') client = pymongo.MongoClient(self.host, @@ -126,10 +127,9 @@ class MongoDBConnection(Connection): ssl_pem_passphrase=self.keyfile_passphrase, ssl_crlfile=self.crlfile, ssl_cert_reqs=CERT_REQUIRED) - - # authenticate with the specified user if the connection succeeds - if self.login is not None and self.password is not None: - client[self.dbname].authenticate(self.login, self.password) + if self.login is not None: + client[self.dbname].authenticate(self.login, + mechanism='MONGODB-X509') return client @@ -138,9 +138,7 @@ class MongoDBConnection(Connection): except (pymongo.errors.ConnectionFailure, pymongo.errors.OperationFailure) as exc: logger.info('Exception in _connect(): {}'.format(exc)) - if "Authentication fail" in str(exc): - raise AuthenticationError() from exc - raise ConnectionError() from exc + raise ConnectionError(str(exc)) from exc except pymongo.errors.ConfigurationError as exc: raise ConfigurationError from exc @@ -163,6 +161,8 @@ def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login, port, serverselectiontimeoutms=connection_timeout, ssl=ssl) + if login is not None and password is not None: + conn[dbname].authenticate(login, password) else: logger.info('Connecting to MongoDB over TLS/SSL...') conn = pymongo.MongoClient(host, @@ -175,16 +175,17 @@ def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login, ssl_pem_passphrase=keyfile_passphrase, ssl_crlfile=crlfile, ssl_cert_reqs=CERT_REQUIRED) + if login is not None: + logger.info('Authenticating to the database...') + conn[dbname].authenticate(login, mechanism='MONGODB-X509') except (pymongo.errors.ConnectionFailure, pymongo.errors.OperationFailure) as exc: - raise ConnectionError() from exc + logger.info('Exception in _connect(): {}'.format(exc)) + raise ConnectionError(str(exc)) from exc except pymongo.errors.ConfigurationError as exc: raise ConfigurationError from exc - if login is not None and password is not None: - conn[dbname].authenticate(login, password) - _check_replica_set(conn) host = '{}:{}'.format(bigchaindb.config['database']['host'], bigchaindb.config['database']['port']) diff --git a/docs/server/source/production-deployment-template/add-node-on-kubernetes.rst b/docs/server/source/production-deployment-template/add-node-on-kubernetes.rst index 7ab94ceb..fd0611e6 100644 --- a/docs/server/source/production-deployment-template/add-node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/add-node-on-kubernetes.rst @@ -173,6 +173,6 @@ set up NGINX in your new node. Step 8: Test Your New BigchainDB Node ------------------------------------- -Please refer to the testing steps :ref:`here ` to verify that your new BigchainDB node is working as expected. diff --git a/docs/server/source/production-deployment-template/cloud-manager.rst b/docs/server/source/production-deployment-template/cloud-manager.rst index cfd44fac..fb36d673 100644 --- a/docs/server/source/production-deployment-template/cloud-manager.rst +++ b/docs/server/source/production-deployment-template/cloud-manager.rst @@ -37,8 +37,14 @@ Configure MongoDB Cloud Manager for Monitoring * Enter the port number as ``27017``, with no authentication. + * If you have authentication enabled, select the option to enable + authentication and specify the authentication mechanism as per your + deployment. The default BigchainDB production deployment currently + supports ``X.509 Client Certificate`` as the authentication mechanism. + * If you have TLS enabled, select the option to enable TLS/SSL for MongoDB - connections, and click ``Continue``. + connections, and click ``Continue``. This should already be selected for + you in case you selected ``X.509 Client Certificate`` above. * Once the deployment is found, click the ``Continue`` button again. This may take about a minute or two. @@ -66,8 +72,17 @@ Configure MongoDB Cloud Manager for Backup * Hover over the ``Status`` column of your backup and click ``Start`` to start the backup. - * Select the replica set on the side pane and check the box to allow TLS/SSL - connections. + * Select the replica set on the side pane. + + * If you have authentication enabled, select the authentication mechanism as + per your deployment. The default BigchainDB production deployment currently + supports ``X.509 Client Certificate`` as the authentication mechanism. + + * If you have TLS enabled, select the checkbox ``Replica set allows TLS/SSL + connections``. This should be selected by default in case you selected + ``X.509 Client Certificate`` as the auth mechanism above. + + * Choose the ``WiredTiger`` storage engine. * Verify the details of your MongoDB instance and click on ``Start``. @@ -75,4 +90,3 @@ Configure MongoDB Cloud Manager for Backup During this process, the UI will show the status of the backup process. * Verify that data is being backed up on the UI. - diff --git a/docs/server/source/production-deployment-template/easy-rsa.rst b/docs/server/source/production-deployment-template/easy-rsa.rst index 470793e7..3c87fbbc 100644 --- a/docs/server/source/production-deployment-template/easy-rsa.rst +++ b/docs/server/source/production-deployment-template/easy-rsa.rst @@ -69,14 +69,17 @@ The comments in the file explain what each of the variables mean. echo 'set_var EASYRSA_REQ_OU "IT"' >> vars echo 'set_var EASYRSA_REQ_EMAIL "dev@bigchaindb.com"' >> vars +We follow the convention of modifying the OU to ``ROOT-CA``, +``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` and +``MongoDB-Backup-Instance`` while issuing certificates. + Step 4: Maybe Edit x509-types/server ------------------------------------ .. warning:: - Only do this step if you are setting up a self-signed CA - or creating a server/member certificate. + Only do this step if you are setting up a self-signed CA. Edit the file ``x509-types/server`` and change ``extendedKeyUsage = serverAuth`` to diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index 44c91fec..fb4219f1 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -487,7 +487,121 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB $ kubectl --context k8s-bdb-test-cluster-0 get pods -w -Step 12: Start a Kubernetes Deployment for MongoDB Monitoring Agent +Step 12: Configure Users and Access Control for MongoDB +------------------------------------------------------- + + * Create a user on MongoDB with authorization to create more users and assign + roles to them. + Note: You need to do this only when setting up the first MongoDB node of + the cluster. + + Log in to the MongoDB instance and open a mongo shell using the certificates + already present at ``/etc/mongod/ssl/`` + + .. code:: bash + + $ mongo --host localhost --port 27017 --verbose --ssl \ + --sslCAFile /etc/mongod/ssl/ca.pem \ + --sslPEMKeyFile /etc/mongod/ssl/mdb-instance.pem + + * Initialize the replica set using: + + .. code:: bash + + > rs.initiate( { + _id : "bigchain-rs", + members: [ { + _id : 0, + host :":27017" + } ] + } ) + + The ``hostname`` in this case will be the value set in + ``mdb-instance-name`` in the ConfigMap. + For example, if the value set in the ``mdb-instance-name`` is + ``mdb-instance-0``, set the ``hostname`` above to the value ``mdb-instance-0``. + + * The instance should be voted as the ``PRIMARY`` in the replica set (since + this is the only instance in the replica set till now). + This can be observed from the mongo shell prompt, + which will read ``PRIMARY>``. + + * Create a user ``adminUser`` on the ``admin`` database with the + authorization to create other users. This will only work the first time you + log in to the mongo shell. For further details, see `localhost + exception `_ + in MongoDB. + + .. code:: bash + + PRIMARY> use admin + PRIMARY> db.createUser( { + user: "adminUser", + pwd: "superstrongpassword", + roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] + } ) + + * Exit and restart the mongo shell using the above command. + Authenticate as the ``adminUser`` we created earlier: + + .. code:: bash + + PRIMARY> use admin + PRIMARY> db.auth("adminUser", "superstrongpassword") + + * We need to specify the user name *as seen in the certificate* issued to + the BigchainDB instance in order to authenticate correctly. Use + the following ``openssl`` command to extract the user name from the + certificate: + + .. code:: bash + + $ openssl x509 -in \ + -inform PEM -subject -nameopt RFC2253 + + You should see an output line that resembles: + + .. code:: bash + + subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE + + The ``subject`` line states the complete user name we need to use for + creating the user on the mongo shell as follows: + + .. code:: bash + + PRIMARY> db.getSiblingDB("$external").runCommand( { + createUser: 'emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE', + writeConcern: { w: 'majority' , wtimeout: 5000 }, + roles: [ + { role: 'clusterAdmin', db: 'admin' }, + { role: 'readWriteAnyDatabase', db: 'admin' } + ] + } ) + + * You can similarly create users for MongoDB Monitoring Agent and MongoDB + Backup Agent. For example: + + .. code:: bash + + PRIMARY> db.getSiblingDB("$external").runCommand( { + createUser: 'emailAddress=dev@bigchaindb.com,CN=test-mdb-mon-ssl,OU=MongoDB-Mon-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE', + writeConcern: { w: 'majority' , wtimeout: 5000 }, + roles: [ + { role: 'clusterMonitor', db: 'admin' } + ] + } ) + + PRIMARY> db.getSiblingDB("$external").runCommand( { + createUser: 'emailAddress=dev@bigchaindb.com,CN=test-mdb-bak-ssl,OU=MongoDB-Bak-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE', + writeConcern: { w: 'majority' , wtimeout: 5000 }, + roles: [ + { role: 'backup', db: 'admin' } + ] + } ) + + +Step 13: Start a Kubernetes Deployment for MongoDB Monitoring Agent ------------------------------------------------------------------- * This configuration is located in the file @@ -508,7 +622,7 @@ Step 12: Start a Kubernetes Deployment for MongoDB Monitoring Agent $ kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-monitoring-agent/mongo-mon-dep.yaml -Step 13: Start a Kubernetes Deployment for MongoDB Backup Agent +Step 14: Start a Kubernetes Deployment for MongoDB Backup Agent --------------------------------------------------------------- * This configuration is located in the file @@ -529,7 +643,7 @@ Step 13: Start a Kubernetes Deployment for MongoDB Backup Agent $ kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-backup-agent/mongo-backup-dep.yaml -Step 14: Start a Kubernetes Deployment for Bigchaindb +Step 15: Start a Kubernetes Deployment for Bigchaindb ----------------------------------------------------- * This configuration is located in the file @@ -569,7 +683,7 @@ Step 14: Start a Kubernetes Deployment for Bigchaindb * You can check its status using the command ``kubectl get deploy -w`` -Step 15: Configure the MongoDB Cloud Manager +Step 16: Configure the MongoDB Cloud Manager -------------------------------------------- * Refer to the @@ -578,10 +692,10 @@ Step 15: Configure the MongoDB Cloud Manager monitoring and backup. -Step 16: Verify the BigchainDB Node Setup +Step 17: Verify the BigchainDB Node Setup ----------------------------------------- -Step 16.1: Testing Internally +Step 17.1: Testing Internally ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Run a container that provides utilities like ``nslookup``, ``curl`` and ``dig`` @@ -670,7 +784,7 @@ themselves. * Send some transactions to BigchainDB and verify it's up and running! -Step 16.2: Testing Externally +Step 17.2: Testing Externally ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Try to access the ``:80`` diff --git a/docs/server/source/production-deployment-template/workflow.rst b/docs/server/source/production-deployment-template/workflow.rst index 8d25d15f..db3ff0b3 100644 --- a/docs/server/source/production-deployment-template/workflow.rst +++ b/docs/server/source/production-deployment-template/workflow.rst @@ -96,6 +96,7 @@ That list of public keys is known as the BigchainDB "keyring." ☐ Ask the managing organization for the FQDN used to serve the BigchainDB APIs and for a copy of the associated SSL/TLS certificate. +Also, ask for the user name to use for authenticating to MongoDB. ☐ If the cluster uses 3scale for API authentication, monitoring and billing, diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 140ef50e..80fcf0a1 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -51,6 +51,18 @@ spec: value: "120" - name: BIGCHAINDB_LOG_LEVEL_CONSOLE value: debug + - name: BIGCHAINDB_DATABASE_CA_CERT + value: /etc/bigchaindb/ssl/ca.pem + - name: BIGCHAINDB_DATABASE_CRLFILE + value: /etc/bigchaindb/ssl/crlfile + - name: BIGCHAINDB_DATABASE_CERTFILE + value: /etc/bigchaindb/ssl/bdb-instance.pem + - name: BIGCHAINDB_DATABASE_KEYFILE + value: /etc/bigchaindb/ssl/bdb-instance.key + - name: BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE + value: /etc/bigchaindb/ssl/bdb-keyfile-passphrase + - name: BIGCHAINDB_DATABASE_LOGIN + value: /etc/bigchaindb/ssl/bdb-user # The following env var is not required for the bootstrap/first node #- name: BIGCHAINDB_KEYRING # value: "" @@ -63,6 +75,10 @@ spec: hostPort: 9985 name: bdb-ws-port protocol: TCP + volumeMounts: + - name: bdb-certs + mountPath: /etc/bigchaindb/ssl/ + readOnly: true resources: limits: cpu: 200m @@ -80,3 +96,8 @@ spec: initialDelaySeconds: 15 timeoutSeconds: 10 restartPolicy: Always + volumes: + - name: bdb-certs + secret: + secretName: bdb-certs + defaultMode: 0400 diff --git a/k8s/configuration/secret.yaml b/k8s/configuration/secret.yaml index 75bdbd21..e42ac4c9 100644 --- a/k8s/configuration/secret.yaml +++ b/k8s/configuration/secret.yaml @@ -74,10 +74,18 @@ metadata: namespace: default type: Opaque data: - # Base64-encoded, concatenated certificate and private key - bdb-instance.pem: "" # Base64-encoded CA certificate (ca.crt) ca.pem: "" + # Base64-encoded CRL file + crlfile: "", + # Base64-encoded BigchainDB instance certificate + bdb-instance.pem: "" + # Base64-encoded private key + bdb-instance.key: "" + # Base64-encoded private key passphrase + bdb-keyfile-passphrase: "" + # Base64-encoded instance authentication credentials + bdb-user: "" --- apiVersion: v1 kind: Secret diff --git a/k8s/mongodb/container/README.md b/k8s/mongodb/container/README.md index 9f9c46d1..4cec6250 100644 --- a/k8s/mongodb/container/README.md +++ b/k8s/mongodb/container/README.md @@ -9,9 +9,11 @@ * We also need a way to overwrite certain parameters to suit our use case. -### Step 1: Build the Latest Container - -`docker build -t bigchaindb/mongodb:3.4.4 .` from the root of this project. +### Step 1: Build and Push the Latest Container +Use the `docker_build_and_push.bash` script to build the latest docker image +and upload it to Docker Hub. +Ensure that the image tag is updated to a new version number to properly +reflect any changes made to the container. ### Step 2: Run the Container @@ -25,7 +27,7 @@ docker run \ --volume=:/data/db \ --volume=:/data/configdb \ --volume=:/mongo-ssl:ro \ - bigchaindb/mongodb:3.4.4 \ + bigchaindb/mongodb:3.0 \ --mongodb-port \ --mongodb-key-file-path /mongo-ssl/.pem \ --mongodb-key-file-password \ diff --git a/k8s/mongodb/container/docker_build_and_push.bash b/k8s/mongodb/container/docker_build_and_push.bash new file mode 100755 index 00000000..44806682 --- /dev/null +++ b/k8s/mongodb/container/docker_build_and_push.bash @@ -0,0 +1,5 @@ +#!/bin/bash + +docker build -t bigchaindb/mongodb:3.0 . + +docker push bigchaindb/mongodb:3.0 diff --git a/k8s/mongodb/container/mongod.conf.template b/k8s/mongodb/container/mongod.conf.template index 5b5f5c1f..089313d5 100644 --- a/k8s/mongodb/container/mongod.conf.template +++ b/k8s/mongodb/container/mongod.conf.template @@ -65,14 +65,15 @@ net: #weakCertificateValidation: false #allowInvalidCertificates: false -#security: TODO -# authorization: enabled -# clusterAuthMode: x509 +security: + authorization: enabled + clusterAuthMode: x509 setParameter: enableLocalhostAuthBypass: true - #notablescan: 1 TODO - #logUserIds: 1 TODO + #notablescan: 1 + logUserIds: 1 + authenticationMechanisms: MONGODB-X509,SCRAM-SHA-1 storage: dbPath: /data/db diff --git a/tests/backend/mongodb-ssl/certs/ca.crt b/tests/backend/mongodb-ssl/certs/ca.crt index 8f39dab1..9c083efb 100644 --- a/tests/backend/mongodb-ssl/certs/ca.crt +++ b/tests/backend/mongodb-ssl/certs/ca.crt @@ -1,38 +1,39 @@ -----BEGIN CERTIFICATE----- -MIIGoDCCBIigAwIBAgIJAKTE39sa24PHMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD +MIIGzjCCBLagAwIBAgIJAOgGsskqnC78MA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNV -BAoMD0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNU -LUNBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb20wHhcNMTcwNjAy -MDcwMzUwWhcNMjcwNTMxMDcwMzUwWjCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgM -BkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdt -YkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8GCSqGSIb3DQEJ -ARYSZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAnX3DXlpfbDCemFTshrLxtlp4PDTkxRQf3uCfqPa5FlahIYQRH0+iBPg4 -KmfUynBB2ZQDOlzA/IJwFCoSsEWcua8rLj12kWeqxJFnLcbO5pgMyf/QFfZvtNiR -JIoMy4xihn8UlDOiYl4uffQyC+cEKJAHf+Gcqawx4ub+If6jJgt/jryL9n+jFVVQ -sENduy5VQjb+x1CXHtBP19419qDhj5IOJGdYEPB8LWIGSZRKZ/X5IlhnuK56Qdq9 -GVxtFsCUFamtcnw5J+E3rKYRrH1sRgysWedgm08OWnQ5/8ptiH+P+1MkwexoSg68 -9StdT90aSrya6lMzAjUpzuzOdhy+nBqXzkAIj0wiN0qQFC8QqQwfwNd/82oZo5lp -oV9n3xmds/q0kMrWXL8fKmjD1QyF20vuU6+W6dMzqkA7te6Aq+yKtJn3MKGQQ7X9 -ifgPaa8paWKeBikpYjdPstF8BT5OJaZDec8YwZYx17iCUiKPPxOCE8EEcF8rtqgV -mIHyxjB1HTmZRBQaLecGwjuiWUYgfpI2kj6Ky1HTB5BVgs81YWCMxNuvCTyjnVOH -BtVvTNUjm3LPZPIdnNZvngy6IirEc4nSBdt0UDJDo5U3rzQNKeC8yPMeU3eT/taB -dwMiHZoHy7x/a1l+jh2TM7kb8e2N6mGbC8CoGOOOqmdIv9enl1ECAwEAAaOCAQEw -gf4wHQYDVR0OBBYEFJfI3Mjur+JwxAmbGVCPhh0s/24mMIHBBgNVHSMEgbkwgbaA -FJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQGEwJERTEPMA0G -A1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWlu -REIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNBMSEwHwYJKoZI -hvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAMBgNVHRMEBTAD -AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmXclBjgbEU5RIl1d -nk3eox3QhyLAcgYnWJt4Z4gbz9F8pk2oGZP5vklIm1zezB244K7r8cAg3o5EzSyF -dTQ7yXSaYJm1Q9ljD+W/dqxpSnu1xIxJvqID9LUX+VOgyY/qw/TrUul/bWGOEzuN -+0akeMm5USv31SAJMD2pTAnxgxlRkgY5YzhTTFqMPEGMsYGXUoLyX9ghVl04NBKo -wAwC6Sp7teZ6nnziwc6MuSCiBrULVRLtiegRFX2nsYVNmRstIKTjuhx/+bajT6Gh -nN4zY5BWri7UXf0y4toLM5gM9Dgz2335iz8F6u8rJ1hz1mbkwQKWzHOQqIaBAu1P -TUlF9dLlNAsxozobuGCtYjKE4kYxBqGzSjTnuaN18yHF3PFKlzj++d15fCUWU6Fe -rXXI7VUguxWtAM7spTfsttCRW3GYW551gvCYNtrpuV64xitNUpwOK1Jbg9iyqhPT -8KUfT6cLhw1+XDxt0XqJXhY5GjfnAtZzhxWmJN0LBexNIcdgKtFt/ZxCz9rGwXIB -n1jbZdeukfVZLfAuwhFey8D3Mb+ghj3v/stBEquIAmCsB2YN+dQ5SQsUu7jVutFg -jzwoZwr+JliWPEmtR9N8v6ZWAoEkoZcIjLBlqYRHLt8uDwiSGUGJQO18NhTEii2Y -Qs3HMrZBFYSooUdps/9YA9mZtfI= +BAoMD0JpZ2NoYWluREIgR21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwS +VGVzdCBJbmZyYSBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5k +Yi5jb20wHhcNMTcwNjEzMTQzNTU1WhcNMjcwNjExMTQzNTU1WjCBmzELMAkGA1UE +BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQK +DA9CaWdjaGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRl +c3QgSW5mcmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIu +Y29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuIgbqLOkJoFtnIKF +Pq4nMY/uyLt3YRiWyWJq68EuZ5rkoQDJOzaVYGgoJDUVxunT2/MVyAbc1MQN5WGa +NU5aQZnyYAgC7Ci/u/5YfgfHz4H+uLXm6rRz6bVRAt4WY5ZIHEtp+ThX+rDCs7pE +jcZxZdFjCbyrNdZtyDvhoHUwgKBiJ3b2373tq7rihNPeThABjkYOy2qStUnpNdiN +R9IrvSOAS/MzJVO3aoKkFLnKk0hD2Gjdh4hS2o3ZeF1TVHoBk6rA4I9szikYbCKa +SXAtF8CpUqnbThESM6+PfCfNRG+d+MEOi0jiMZzOrQLyG4bPRiec8ArTR5Bv1hsh +aKfRJONuSnX+40YBfhwTMpBqdbntereBlT8ahOJNZTbot5XVxSt69KZ2PZ99UpUl +WK+M8QLmjjwZEFCo4scGEXy1+6QcgTAgY2cN1NaDrO+7FNANGSi/dDXXJfWRauSd +kdUnn6uYioL6bwqZ2gvUYEKT7ezF2/PImmyCyZ01/ovLuhB2aT/1kd51/KLeuvZ2 +8yIu5YnKSKp7Bur8d7KrQc7mf/GHUw9Kvdjb4K7OOXimHZhCjQpxOtFYHOo+lEur +zHrsMwciBcJKGQzVnuhpDh7J+JDHKSSfJJlTuOuxvVGgzVgzCzbUn57F6C9Vs7g8 +Wk+ldudK+kn9kV18ncpWnwdZl6cCAwEAAaOCAREwggENMB0GA1UdDgQWBBRpx4WA +ZOaQQOkwaIgj0k277N+YmDCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQQOkwaIgj0k27 +7N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0G +A1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxEDAOBgNVBAsM +B1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEhMB8GCSqGSIb3 +DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwDAYDVR0TBAUwAwEB +/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEsHfo6/yp38egCYiYej +b8Dm674M7/neaL/QBLTxCgnpImxE4gHRZi1yWR4im5UL6gjZ7mM7AGL7Q1D/grG2 +3rc/WoSjBQPIe6gpuQwAni/iCaNI/QTgXFCx5fWZj/eIRF6ipKzxWkem3PdSdYUz +BoDuEZaKE7j4KOZDGD4UgN8igsNzmXHYH9nMFR4OERdIlTaHXmJvQ+5/yaazzzF0 +XXvbHSv5gHrnGoveDFNj11UJKwumG+L5UvKWsMe8zoS9YjvMJ9M9yUZ1WHjEdSuB +erEbbKnkv7FITyM4urGOS6Y6CjTjV8xG5IPxkHUQjEavjVcvbMaRr8vKf5rf2iuR +hDDYNknQf5zm5qmBq/cPC4dupKQyW58Kt5JkoY4Ok1zs4n9i6EFLUCHO3NaHsnfF +5iNg48DfI2ssk2HVGLyI8AiLl/IftvAP3OOAn6gW3twvwKK6m1Yfv822odEHv9oB +SDXlvbZhnwe8ZvNRa7QCiItzE/b/bh0+c1pk9M169qQAcum8OdwljS6XBzk2o0mv +cP6VD+UlutkEpOFW10m8QAcGHPVICSpBBSnry8fX90465BvurVLgYb5VJ7l7VTjn +7j99dO0MhE0OSfHONUcbf9+nyBYMkh2Gj+/N3zWd/F/COHeZveRoSdc37dEJOWjz +lEAdkN13aos01b6Xk9Dn4bf7 -----END CERTIFICATE----- diff --git a/tests/backend/mongodb-ssl/certs/crl.pem b/tests/backend/mongodb-ssl/certs/crl.pem index 31c7de16..be129d6f 100644 --- a/tests/backend/mongodb-ssl/certs/crl.pem +++ b/tests/backend/mongodb-ssl/certs/crl.pem @@ -1,22 +1,23 @@ -----BEGIN X509 CRL----- -MIIDoTCCAYkCAQEwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkRFMQ8wDQYD +MIIDvzCCAacCAQEwDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNVBAYTAkRFMQ8wDQYD VQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5E -QiBHbWJIMQwwCgYDVQQLDANFTkcxEDAOBgNVBAMMB1RFU1QtQ0ExITAfBgkqhkiG -9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbRcNMTcwNjAyMDcwNDA3WhcNMTcxMTI5 -MDcwNDA3WqCBxzCBxDCBwQYDVR0jBIG5MIG2gBSXyNzI7q/icMQJmxlQj4YdLP9u -JqGBkqSBjzCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UE -BwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VO -RzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu -ZGIuY29tggkApMTf2xrbg8cwDQYJKoZIhvcNAQELBQADggIBAEDFXjmlQhBafb9u -IId7ZrHFeueCiDsWJd2cI7BOIU4gsJzrL+SCjvAWyADd1np0gB86M7JK1W3iUfKI -FbwAbsxgJSnwyzwoQcTCp8/vD7z7+7uTxvbaEGOEiW9sVqRs/CKIzVoSQPB/R6cM -9WHwRuXeLALPIrVsxRaeIMbhEUgmfi9R2KvzKvc6yLMxWd1mmW8xdq7zZ6nlGl9Y -mrnRwOEdfgOUvuAaQgBculK3eKZmzJzzh1t+hJstmzdjtM+0gw3bzGLg3IJJ2uTK -D6nnSLG/QGTvnOmhIlnr26sYvVSMJrPrT7EyI/pN4GYWHwJ3rIJm9ii1+4q+D6YX -a6iyywOL/T0Sb7EUXmM9KHhnoaLXQetGmP2bgMprUF+3rgj/KjPHk2eXFyW++GWs -jlcyRvBd8a5AA9L2pPmoKQEQNL65YJcJSzfT3ZpkPxw/kD08Y29Vn7i86ol+MSdz -4dYuI4dTyU5IcMX4eQi4rdTm8rS55EE3MkL0OePeq375GROoInSyKeLpqPDPdpZx -Fo0AX0Rn3lt4vXFba84Vz5EveXt/jP2c01CXjTDzwfL13B7cbNl8yjD+Qopt9qXw -BPet7/eZs9gwcpcYooRjSD0zYvW3/wngqTPY/nPMZ4Wpm6QivGZo7LfMz5regjeT -DMQWkWlP8aup1aPeoDFXC2tzQhVK +QiBHbWJIMRAwDgYDVQQLDAdST09ULUNBMRswGQYDVQQDDBJUZXN0IEluZnJhIFJv +b3QgQ0ExITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbRcNMTcwNjEz +MTQzNjU1WhcNMTcxMjEwMTQzNjU1WqCB1jCB0zCB0AYDVR0jBIHIMIHFgBRpx4WA +ZOaQQOkwaIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgM +BkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdt +YkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBD +QTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvww +DQYJKoZIhvcNAQELBQADggIBAGGHwjqvEayCkMzacIrhLlT97ra/5BGv9DIsVJUo +oEL+NuCl3lyd3lP+jr+cam+tqGJhsf43i7ZndmU4CKPS2WbZWENGSFcVIcNV05qT +YvGE62TpX74ZbFUAAsrZSyEGJFkREyrIwCc6b8O0Gr0BKCbnmlj/3XEhe9bsAu8m +bZiN6I1e89Wbz+nNzUi1cE2ZRRQgiTX4CFuvl9L37N4KvAHH1HJn6xzWx+VYP5xQ +vN1SK0SvsWHk3jiiyRazunWgJrdwmorqWApYHFybUNKw4B5btKe3ezl13ZXOIwDA +Ui6Fhi1jHj0yimZfieChD/bqGKEBFwrYp44ZRz52cg+YYcYzY72Rn6g7x8TsbNt0 +7h4jq2MEQ3We4zYEXFz7ZPxNLn7wYxx0x5h2E5vPaXXp5W/TzpCquSkpGSWF26OH +QAXaDOESAJV3e2oPFN8Wger3Oj7FTa0IZtne1aH/wnY0keDsVuvA8sHoy1Ylw72H +cv6D2ABEm4erAJ7n6BQ/unYXd+qKCYPLdxdOyd9lBGJhk6uN+Nzued/z8SjV3XEb +i6JvHwUEl/hwRWFF3k5vDaX4d5Z4kTIzO9+4ut44WRcgJ4zRd64ZKpGPEnTg3VsJ +oqQmwcfBvThKZmgrvUnvPzGYbA5LduQYRJ+elD5hGHBOEvayAof3FLKZZG8zNjip +lLJj -----END X509 CRL----- diff --git a/tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt b/tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt index 503fc01a..dcb1949e 100644 --- a/tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt +++ b/tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt @@ -3,130 +3,131 @@ Certificate: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=TEST-CA/emailAddress=dev@bigchaindb.com + Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com Validity - Not Before: Jun 2 07:13:16 2017 GMT - Not After : May 31 07:13:16 2027 GMT - Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=test-bdb-ssl/emailAddress=dev@bigchaindb.com + Not Before: Jun 13 14:44:30 2017 GMT + Not After : Jun 11 14:44:30 2027 GMT + Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=BigchainDB-Instance, CN=test-bdb-ssl/emailAddress=dev@bigchaindb.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: - 00:cb:59:21:c4:6e:b7:93:c7:d1:87:e1:8f:06:07: - c6:4f:31:35:4d:cc:43:8e:25:bf:4a:08:3e:df:3a: - b0:d8:3c:b5:45:39:49:aa:ef:17:53:2c:fa:74:73: - 4e:f6:36:ae:ad:9a:88:3c:1a:ad:c2:ac:1c:b3:14: - 39:18:8a:33:54:54:59:11:31:b8:8a:1a:0f:d5:79: - dd:6d:8d:63:a0:8f:0a:a3:5e:b2:40:d0:67:84:b7: - b6:4b:66:43:85:8a:18:a0:51:08:c9:b0:09:0b:8d: - bc:89:6c:47:a1:b2:bb:b8:1e:04:77:cb:7e:f4:ae: - c7:50:43:0b:49:48:90:4c:7d:72:17:0b:bb:57:72: - dd:ad:62:ba:8d:b4:80:c4:b8:83:a2:c9:08:f7:11: - 44:0b:67:7f:d4:df:b8:59:5b:c0:32:26:04:95:bc: - c2:eb:92:7b:e9:5d:99:d7:d9:86:be:f0:a7:c5:e5: - 1e:95:f3:86:21:74:3d:03:ca:4a:c0:4d:59:75:b5: - 62:24:04:09:8a:47:0f:a6:c3:ee:99:82:dc:02:53: - 70:f1:77:61:58:2e:9b:db:20:40:9f:15:08:de:3d: - c4:11:29:2f:6f:51:1b:36:19:b2:27:03:b8:15:ec: - 3e:56:65:77:97:46:58:07:0b:85:87:a1:f4:ee:4f: - fc:bc:22:10:da:3c:83:dd:80:26:d7:3e:23:f6:0e: - 3f:4d:f9:1a:eb:2f:ca:60:ea:97:40:23:d4:14:c3: - b5:c1:46:f2:15:2a:7e:18:56:3a:58:51:fb:a7:42: - 14:19:0d:79:1e:25:b4:1a:51:74:7b:93:e0:9e:a9: - 41:83:ab:94:6f:3c:6f:23:0c:7e:bc:14:31:54:ca: - 8a:47:0e:a8:01:bd:f6:e9:bd:54:dd:10:84:5f:3f: - 54:05:47:ae:4e:5d:e1:10:9d:a1:7b:08:b5:96:c6: - ba:fc:97:e0:22:c7:07:23:a2:ad:be:e2:7a:a8:8c: - e9:8a:e4:8e:64:4a:e9:45:b9:2b:55:e0:5c:3a:e8: - 92:fd:48:54:6b:1e:14:d9:98:72:53:6e:0b:bd:e8: - ea:a9:c1:b2:29:ac:35:7b:0d:a8:22:13:83:d7:af: - 90:ec:4a:74:41:3c:fd:32:f6:46:a7:96:02:a3:23: - a2:f1:6f:0f:55:e6:aa:8b:47:17:74:a8:c9:5f:ab: - 46:68:6e:d8:11:dc:bd:83:96:3a:a9:04:e0:4c:d2: - 03:a8:9e:fd:00:c8:09:f9:71:69:92:10:75:8e:8f: - 9e:e4:d6:1c:bd:fd:3f:32:fb:ce:a4:af:cf:9c:f6: - 29:6e:15:ed:c7:df:2d:27:8f:03:b9:fc:ac:3f:23: - ac:2a:f3 + 00:cb:8b:a5:98:f8:cb:ab:f0:c3:e3:8a:b1:92:ba: + c3:45:e0:1e:ed:d8:f2:a8:39:02:fd:8f:0f:e1:c9: + 9d:79:0c:38:38:df:a7:ef:6d:10:32:5a:1f:c8:d8: + ef:ea:a3:51:40:c3:a0:9b:67:f5:91:43:4f:05:fb: + b3:05:9a:01:47:88:53:2d:a0:67:fd:0e:1d:a3:9c: + de:1f:48:9e:e7:9f:6a:cc:04:d2:9e:36:90:e0:52: + 01:11:31:6f:db:5a:aa:4e:3d:83:5c:b8:31:7d:8d: + 06:8f:c1:f8:71:9e:71:a1:ee:54:8e:6c:77:5f:b4: + 69:4a:2d:df:8d:6a:d3:02:26:91:3a:2e:9a:58:61: + 6b:18:1a:ac:7b:c6:e4:b7:4d:ca:af:97:14:af:fa: + 16:87:78:50:98:d4:d1:50:3e:e6:d1:c2:d8:85:ee: + 06:5b:2d:43:8d:d8:3d:22:6d:28:59:52:44:79:e5: + 49:58:82:1a:0e:7f:06:80:85:79:52:1a:c1:c0:32: + d2:28:c7:b9:c0:67:9d:5c:b3:13:08:07:95:d6:91: + 87:6e:f8:53:7a:fa:67:d5:c8:07:91:d9:46:03:45: + 9e:b1:be:f7:78:fb:9a:a5:73:41:cf:b5:02:73:ed: + d5:a8:da:77:bd:3c:cf:e8:e5:dc:1f:cf:d6:93:e9: + 50:d4:76:f2:53:ec:a8:7d:7b:a7:84:4c:95:00:3e: + ab:f4:8e:0b:b1:2a:ef:7d:a1:66:d6:a1:f0:21:5c: + 0f:94:0a:12:de:82:65:55:14:47:37:61:cf:68:12: + 13:c1:f1:7b:14:5f:5c:ff:cf:b1:68:37:d6:75:5a: + 7d:cc:6c:22:e6:34:07:d1:2e:66:a7:6a:1e:9f:ee: + e9:b8:5d:da:a2:25:1b:00:70:a9:65:8d:66:54:42: + 49:85:fa:07:56:b4:77:26:af:70:4b:4f:ed:74:68: + 72:d4:f5:f9:ea:cc:23:a3:d6:8c:39:a2:79:f6:8c: + 64:4c:e3:75:17:86:6f:f1:e1:de:33:ec:28:89:e3: + 3b:a1:73:c9:da:57:fa:9c:cc:8b:51:63:10:26:f3: + 27:9a:c0:e2:67:2d:52:e7:41:a0:7e:6b:6d:7c:3d: + cc:4a:51:8a:62:c5:17:9c:88:c2:5f:38:a2:8d:ba: + bb:6f:82:11:e3:6c:ec:af:58:f8:06:b0:2d:02:4f: + dd:73:81:69:3f:cc:76:72:a1:db:73:43:8c:97:39: + 30:49:d2:9a:77:30:49:21:85:32:0a:6a:37:bf:09: + 06:60:a3:0f:e5:ba:f5:07:2a:34:e5:3b:07:1d:10: + c1:c0:38:bc:95:dc:81:b2:89:ab:d5:17:9c:21:c3: + 1a:b2:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: - 56:19:A1:BA:91:22:9C:E0:84:71:47:64:A2:CD:F9:28:C0:C0:EB:67 + B7:F5:E7:0E:F8:D8:FE:A1:56:5B:EA:80:2F:18:71:C2:44:0C:91:D0 X509v3 Authority Key Identifier: - keyid:97:C8:DC:C8:EE:AF:E2:70:C4:09:9B:19:50:8F:86:1D:2C:FF:6E:26 - DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ENG/CN=TEST-CA/emailAddress=dev@bigchaindb.com - serial:A4:C4:DF:DB:1A:DB:83:C7 + keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98 + DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com + serial:E8:06:B2:C9:2A:9C:2E:FC X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha256WithRSAEncryption - 18:50:cd:6d:2b:0f:aa:e4:25:1e:b9:16:1f:b5:39:17:b7:5c: - d8:c0:a6:97:17:3d:0b:39:6f:5f:d2:2c:42:c1:6f:06:e8:72: - a1:f6:ee:40:47:6c:d6:f0:84:dc:4d:67:07:e9:4b:dc:fe:5c: - 05:a4:af:54:ac:92:f3:14:48:4a:e1:28:b0:cb:7e:3b:68:da: - 98:b7:08:44:16:30:a8:94:32:1c:f8:2b:6a:ab:01:95:e9:10: - a1:b6:bd:08:ee:0d:27:be:95:ed:9b:ce:e0:70:e8:b2:7d:9b: - c9:4b:18:33:09:1b:91:78:29:f5:22:2f:59:18:40:95:ea:6b: - 3c:e9:e6:30:ab:f1:e2:ab:a2:0b:97:30:a1:39:f5:5f:4b:97: - f2:7d:54:e8:51:85:19:8e:09:69:93:5e:96:40:79:74:45:6f: - 93:dd:47:55:1e:7d:76:8d:ad:84:3d:d6:f4:4e:a0:62:59:e3: - 62:98:2c:c7:44:21:aa:5c:77:71:ef:8a:25:16:d9:dc:ab:32: - d1:da:aa:86:40:a4:2f:07:4a:bf:f0:45:83:8d:fe:0b:89:e6: - c9:88:42:0a:5c:ea:ba:b1:e2:e5:22:e0:17:74:7e:ae:ec:d4: - 2c:0d:4e:35:69:7b:a5:89:c6:a6:b0:44:24:b4:12:02:5c:ad: - 40:ae:ae:e2:8f:e1:aa:25:89:32:d8:ab:1e:37:00:a3:2c:43: - e2:cd:ad:8e:91:97:14:61:ff:dd:48:6f:8e:0f:07:8c:9d:c0: - dd:bc:c8:c6:4f:eb:33:d8:40:64:bb:82:56:75:78:0c:d7:40: - 9b:12:ea:2a:82:ef:70:cf:75:3e:75:45:80:18:70:c1:10:41: - 5b:7f:32:fe:f0:cc:e7:98:56:c7:7e:b3:99:a7:6a:37:1d:80: - 0d:0f:26:56:12:b9:9e:64:8b:90:39:5e:2b:f4:01:c2:9b:fc: - 34:4d:c1:be:c4:44:54:3b:f9:b9:0b:2c:ad:ac:04:f1:be:6a: - 74:70:0f:a4:fb:86:1f:81:a6:3f:69:ed:96:52:0e:1f:32:5e: - 49:8a:9d:26:2c:15:62:3a:9a:bf:da:2d:4c:31:36:7f:93:5e: - 27:b0:f4:dd:13:44:18:70:f2:97:0a:a6:69:ed:63:34:f1:fc: - 94:a1:1f:3f:1c:e2:a1:fa:4a:8d:a2:9c:46:5b:8f:d8:e6:d9: - 9f:34:d8:97:84:3f:09:be:66:74:1a:51:96:73:52:80:9c:51: - ad:78:18:15:54:90:3a:1c:18:61:90:77:b0:10:b3:18:5b:77: - 11:f3:1e:18:12:08:dd:95:22:d4:41:06:96:2a:b5:11:8c:3f: - 33:71:32:99:12:de:42:29 + 78:44:00:be:10:3b:f3:40:e1:5e:e4:3a:64:99:13:71:1d:91: + 96:f6:f1:0f:db:99:6c:65:c3:be:c9:0d:d7:a1:c8:7c:09:e6: + 56:5b:32:44:5f:e8:00:27:b5:20:28:d9:19:5a:74:21:4f:1a: + ef:5a:e9:cc:f4:97:f1:9f:97:9b:45:35:cb:df:27:6a:75:ce: + 9e:0e:11:be:03:fa:1a:91:77:9d:7d:6a:76:59:6b:98:96:09: + 21:cd:ca:54:1e:1f:75:58:68:5d:af:c2:8a:18:c5:56:d9:56: + 39:c6:a7:2a:a4:0e:0b:88:7e:55:72:7f:ec:07:0d:7f:7a:c0: + 14:8f:44:f4:cc:3b:30:97:8a:98:e2:da:7e:88:b8:a5:93:4c: + f4:92:e1:e8:84:60:bc:f9:e4:55:0f:68:ba:34:70:4f:9f:47: + 63:c1:2f:96:78:ab:43:80:87:f2:0d:10:57:a0:a0:8c:d4:93: + c3:89:ef:f0:2f:58:63:53:8c:1e:29:4c:a5:88:ec:56:af:22: + 65:54:77:6c:f8:cd:68:2d:34:f7:71:cf:12:6e:ba:50:8f:30: + a0:05:31:e7:32:27:29:e5:1b:a9:40:3c:49:45:a3:8e:2d:10: + 0b:b4:da:f5:73:e7:aa:d1:c7:a8:a6:f5:32:4a:33:f3:60:3d: + 72:4e:b9:1e:15:e9:7d:0c:a9:f8:57:72:2b:60:24:18:47:5b: + 34:f5:25:ef:93:10:4a:0b:ed:e8:39:2e:d8:9e:bd:32:67:ce: + 7c:c7:a4:0e:5f:03:1e:8d:4a:7f:ac:7f:4e:7b:f8:26:44:1c: + 9f:6b:a0:9e:4d:90:31:13:8a:46:5f:87:9e:bc:06:f2:b6:e5: + 6b:75:d1:f3:c0:4d:fe:c5:16:34:35:ce:6e:31:f3:1f:cd:4e: + 13:5d:0a:84:00:cc:72:b5:ef:a4:90:74:70:53:9b:6c:b3:58: + 5e:3b:ba:5b:ff:4c:fe:47:7e:20:1c:83:04:57:7a:a5:08:ed: + 29:51:11:e0:a5:81:92:b5:4f:32:74:35:be:8a:c6:82:7a:50: + 45:f9:ee:57:62:a5:41:57:dc:3d:f7:bd:17:59:2d:53:2c:d0: + 81:76:e8:1b:64:bd:80:94:eb:b1:f6:0f:8f:c7:50:cb:c4:c2: + 33:b0:78:78:d4:61:d2:d7:54:0a:71:24:59:0f:30:23:8c:45: + d6:b9:f1:5c:99:eb:20:11:2f:ca:36:39:36:72:e9:f5:24:47: + 54:54:20:4d:1d:aa:cd:ec:ec:4b:89:2b:67:00:62:64:2c:05: + 19:6c:91:72:01:bb:04:0c:f0:e1:27:5e:c9:9b:f1:41:09:8a: + dc:62:85:a0:87:c8:d5:ab -----BEGIN CERTIFICATE----- -MIIGsDCCBJigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUx +MIIG3jCCBMagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj -aGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8G -CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4XDTE3MDYwMjA3MTMxNloX -DTI3MDUzMTA3MTMxNlowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x -DzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5EQiBHbWJIMQwwCgYD -VQQLDANFTkcxFTATBgNVBAMMDHRlc3QtYmRiLXNzbDEhMB8GCSqGSIb3DQEJARYS -ZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEAy1khxG63k8fRh+GPBgfGTzE1TcxDjiW/Sgg+3zqw2Dy1RTlJqu8XUyz6dHNO -9jaurZqIPBqtwqwcsxQ5GIozVFRZETG4ihoP1XndbY1joI8Ko16yQNBnhLe2S2ZD -hYoYoFEIybAJC428iWxHobK7uB4Ed8t+9K7HUEMLSUiQTH1yFwu7V3LdrWK6jbSA -xLiDoskI9xFEC2d/1N+4WVvAMiYElbzC65J76V2Z19mGvvCnxeUelfOGIXQ9A8pK -wE1ZdbViJAQJikcPpsPumYLcAlNw8XdhWC6b2yBAnxUI3j3EESkvb1EbNhmyJwO4 -Few+VmV3l0ZYBwuFh6H07k/8vCIQ2jyD3YAm1z4j9g4/Tfka6y/KYOqXQCPUFMO1 -wUbyFSp+GFY6WFH7p0IUGQ15HiW0GlF0e5PgnqlBg6uUbzxvIwx+vBQxVMqKRw6o -Ab326b1U3RCEXz9UBUeuTl3hEJ2hewi1lsa6/JfgIscHI6KtvuJ6qIzpiuSOZErp -RbkrVeBcOuiS/UhUax4U2ZhyU24LvejqqcGyKaw1ew2oIhOD16+Q7Ep0QTz9MvZG -p5YCoyOi8W8PVeaqi0cXdKjJX6tGaG7YEdy9g5Y6qQTgTNIDqJ79AMgJ+XFpkhB1 -jo+e5NYcvf0/MvvOpK/PnPYpbhXtx98tJ48DufysPyOsKvMCAwEAAaOCARQwggEQ -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFFYZobqRIpzghHFHZKLN+SjAwOtnMIHBBgNV -HSMEgbkwgbaAFJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQG -EwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoM -D0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNB -MSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAT -BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQAD -ggIBABhQzW0rD6rkJR65Fh+1ORe3XNjAppcXPQs5b1/SLELBbwbocqH27kBHbNbw -hNxNZwfpS9z+XAWkr1SskvMUSErhKLDLfjto2pi3CEQWMKiUMhz4K2qrAZXpEKG2 -vQjuDSe+le2bzuBw6LJ9m8lLGDMJG5F4KfUiL1kYQJXqazzp5jCr8eKroguXMKE5 -9V9Ll/J9VOhRhRmOCWmTXpZAeXRFb5PdR1UefXaNrYQ91vROoGJZ42KYLMdEIapc -d3HviiUW2dyrMtHaqoZApC8HSr/wRYON/guJ5smIQgpc6rqx4uUi4Bd0fq7s1CwN -TjVpe6WJxqawRCS0EgJcrUCuruKP4aoliTLYqx43AKMsQ+LNrY6RlxRh/91Ib44P -B4ydwN28yMZP6zPYQGS7glZ1eAzXQJsS6iqC73DPdT51RYAYcMEQQVt/Mv7wzOeY -Vsd+s5mnajcdgA0PJlYSuZ5ki5A5Xiv0AcKb/DRNwb7ERFQ7+bkLLK2sBPG+anRw -D6T7hh+Bpj9p7ZZSDh8yXkmKnSYsFWI6mr/aLUwxNn+TXiew9N0TRBhw8pcKpmnt -YzTx/JShHz8c4qH6So2inEZbj9jm2Z802JeEPwm+ZnQaUZZzUoCcUa14GBVUkDoc -GGGQd7AQsxhbdxHzHhgSCN2VItRBBpYqtRGMPzNxMpkS3kIp +aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m +cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X +DTE3MDYxMzE0NDQzMFoXDTI3MDYxMTE0NDQzMFowgaExCzAJBgNVBAYTAkRFMQ8w +DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh +aW5EQiBHbWJIMRwwGgYDVQQLDBNCaWdjaGFpbkRCLUluc3RhbmNlMRUwEwYDVQQD +DAx0ZXN0LWJkYi1zc2wxITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNv +bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMuLpZj4y6vww+OKsZK6 +w0XgHu3Y8qg5Av2PD+HJnXkMODjfp+9tEDJaH8jY7+qjUUDDoJtn9ZFDTwX7swWa +AUeIUy2gZ/0OHaOc3h9InuefaswE0p42kOBSARExb9taqk49g1y4MX2NBo/B+HGe +caHuVI5sd1+0aUot341q0wImkToumlhhaxgarHvG5LdNyq+XFK/6Fod4UJjU0VA+ +5tHC2IXuBlstQ43YPSJtKFlSRHnlSViCGg5/BoCFeVIawcAy0ijHucBnnVyzEwgH +ldaRh274U3r6Z9XIB5HZRgNFnrG+93j7mqVzQc+1AnPt1ajad708z+jl3B/P1pPp +UNR28lPsqH17p4RMlQA+q/SOC7Eq732hZtah8CFcD5QKEt6CZVUURzdhz2gSE8Hx +exRfXP/PsWg31nVafcxsIuY0B9EuZqdqHp/u6bhd2qIlGwBwqWWNZlRCSYX6B1a0 +dyavcEtP7XRoctT1+erMI6PWjDmiefaMZEzjdReGb/Hh3jPsKInjO6FzydpX+pzM +i1FjECbzJ5rA4mctUudBoH5rbXw9zEpRimLFF5yIwl84oo26u2+CEeNs7K9Y+Aaw +LQJP3XOBaT/MdnKh23NDjJc5MEnSmncwSSGFMgpqN78JBmCjD+W69QcqNOU7Bx0Q +wcA4vJXcgbKJq9UXnCHDGrJhAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMB0GA1Ud +DgQWBBS39ecO+Nj+oVZb6oAvGHHCRAyR0DCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQ +QOkwaIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJl +cmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgx +EDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEh +MB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IC +AQB4RAC+EDvzQOFe5DpkmRNxHZGW9vEP25lsZcO+yQ3Xoch8CeZWWzJEX+gAJ7Ug +KNkZWnQhTxrvWunM9Jfxn5ebRTXL3ydqdc6eDhG+A/oakXedfWp2WWuYlgkhzcpU +Hh91WGhdr8KKGMVW2VY5xqcqpA4LiH5Vcn/sBw1/esAUj0T0zDswl4qY4tp+iLil +k0z0kuHohGC8+eRVD2i6NHBPn0djwS+WeKtDgIfyDRBXoKCM1JPDie/wL1hjU4we +KUyliOxWryJlVHds+M1oLTT3cc8SbrpQjzCgBTHnMicp5RupQDxJRaOOLRALtNr1 +c+eq0ceopvUySjPzYD1yTrkeFel9DKn4V3IrYCQYR1s09SXvkxBKC+3oOS7Ynr0y +Z858x6QOXwMejUp/rH9Oe/gmRByfa6CeTZAxE4pGX4eevAbytuVrddHzwE3+xRY0 +Nc5uMfMfzU4TXQqEAMxyte+kkHRwU5tss1heO7pb/0z+R34gHIMEV3qlCO0pURHg +pYGStU8ydDW+isaCelBF+e5XYqVBV9w9970XWS1TLNCBdugbZL2AlOux9g+Px1DL +xMIzsHh41GHS11QKcSRZDzAjjEXWufFcmesgES/KNjk2cun1JEdUVCBNHarN7OxL +iStnAGJkLAUZbJFyAbsEDPDhJ17Jm/FBCYrcYoWgh8jVqw== -----END CERTIFICATE----- diff --git a/tests/backend/mongodb-ssl/certs/test_bdb_ssl.key b/tests/backend/mongodb-ssl/certs/test_bdb_ssl.key index 647c8c21..36e91e9e 100644 --- a/tests/backend/mongodb-ssl/certs/test_bdb_ssl.key +++ b/tests/backend/mongodb-ssl/certs/test_bdb_ssl.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLWSHEbreTx9GH -4Y8GB8ZPMTVNzEOOJb9KCD7fOrDYPLVFOUmq7xdTLPp0c072Nq6tmog8Gq3CrByz -FDkYijNUVFkRMbiKGg/Ved1tjWOgjwqjXrJA0GeEt7ZLZkOFihigUQjJsAkLjbyJ -bEehsru4HgR3y370rsdQQwtJSJBMfXIXC7tXct2tYrqNtIDEuIOiyQj3EUQLZ3/U -37hZW8AyJgSVvMLrknvpXZnX2Ya+8KfF5R6V84YhdD0DykrATVl1tWIkBAmKRw+m -w+6ZgtwCU3Dxd2FYLpvbIECfFQjePcQRKS9vURs2GbInA7gV7D5WZXeXRlgHC4WH -ofTuT/y8IhDaPIPdgCbXPiP2Dj9N+RrrL8pg6pdAI9QUw7XBRvIVKn4YVjpYUfun -QhQZDXkeJbQaUXR7k+CeqUGDq5RvPG8jDH68FDFUyopHDqgBvfbpvVTdEIRfP1QF -R65OXeEQnaF7CLWWxrr8l+Aixwcjoq2+4nqojOmK5I5kSulFuStV4Fw66JL9SFRr -HhTZmHJTbgu96OqpwbIprDV7DagiE4PXr5DsSnRBPP0y9kanlgKjI6Lxbw9V5qqL -Rxd0qMlfq0ZobtgR3L2DljqpBOBM0gOonv0AyAn5cWmSEHWOj57k1hy9/T8y+86k -r8+c9iluFe3H3y0njwO5/Kw/I6wq8wIDAQABAoICAFWnHJ8WF8Nqtmpq6wiaO8Dd -tFspwAbfBX0Ujg8PNLBQmfYnlE0o2oVRe8mTTF5PWDKN1fajMi++uXQA/6/Dfq11 -vfKNI/Mf2S2NYGSl2qIlvlBkMec1IXV4wJNv5t8X9RmKKI5z1MuGDzU/Y8jLdWCv -XChtkfNUr2WyZ82dgBKIAIeOjIHgQ1mmLXhE4Lx8EA6AaYNQRX4cQW8UMR2KlSFK -fEHqOZxqnkEFCSkvWh+RVMn5oXF+GzB6Or0e92+a5SS8mzMadD5HgmM3Qohs42kj -Zn5/T4SKVWHuaunXPV4HXE/yLiXQXwrhtfXTDjZFxVg08zPIEIofI0anRHkhPg3r -+pyAGuwRH3HoRQLhb8FVhl6HRmrsMl4nW/BassFN6DB01OYl2wqO2ybzXcfb7ihg -0Gg8QaOGVaDT6mJL5F8YSY4rVYeNxvfayO0T7+QORauVNWWXHxm9IMtAUOvdArTm -+FcSwp47o+QcE5iLUJ91c+NsIhAHaJ1C4RA+2hcvfoDQSplQ24ZLR49jjHEWB/0z -vgfxNifOn+XA+hCDwOESGq51ROQSQ6MFnHsVjTReK+3VMbz3mcZTVgXCMGZTKfyr -eALEZsT6WL20Ln4A1Xo8Nb1JfQqmbfSqASasUKXofXJY0QLmcnLrGK2+S0+hyHJc -tsIHEOnLbHLuIN5xz/3xAoIBAQD1sLpN/srusaUm1V6kcHyEKY6ednqwGZjqNL4k -Q872w7eUsg0ofUJ6zlFctDp3fVXWhYYPPyMX7DhbhDPqKOA1Z1sEpacicxZ/7JDC -ymhnyjGJPyxjuNcB+NFDTt3+I4tnadq5wmik1Z1cBp/EK5u/zLV9IAYG2nJn8XYM -NhF+rZPql7WOzJR1yXEnZGAO4PiCq5H1L8uZUx3fbD+mMqjZq8BJrWKPWf1+9zjh -/qe8BiNELkpDlh5pwVSLjNWpR2/FH27JwjQYdMCgWJbK5/M23lDFpmsovkBDbs0w -z0KmV9eHGGLpFhmQ4pNu288TUvmxP3zCSqIXfSFqfTHXDPg5AoIBAQDT4Y2WHCFE -PYjlNhkoQW8KuY1U/mAnNUmU/GJGIRbayk712b23xo8miOC6PF4jhw+fynEDMeN6 -eC+5FvVQ59g/ELLLgcVpDbHCqBmSiAfgnWCpOIYhvTJFQKPNEB6XCxO0dSp8PtXA -dyzXRSCI5dYBzbYlV7Pvbgrsj9glgnOxMB/zYWhNIJEZj+UBDLR1PTs+Nx65vZ81 -wYUSs7jJN+g9yagFg3NCYWjfLm52sN3xhSpsjKk8FcaWzyUElFzq+QWh34KOxJj0 -dq8y8G817B4NqFRN58WeU2Hu5HWk7Pgc611WjZ5AyEKWdz+RFfNcM6BBna1n/jIA -KXUFB+vExISLAoIBAQDrOD+l3II89CbBfxYVKPyNK5w3agccAeW8lLJV1fWXmtlv -queeFA5JtK2Aq6wuKfi8YSlv/2qBxM5QD8oELQ47ErC5Sj8xZC3uW3Zch5xdgd7b -H3hIIPb4FFeEsUUnwq/8WgPmRJIa/ciiClV7YqTChCJdoQMkHI/bo/j4x+sH9Pbg -ak6QYJziB/IlXJv6orhJoikjLJcoO8Ml3GUzoNy3SQ/XegAabnWb0OTMuRmtkdLB -u++ttVN4vHdNA5CreJExkF5pG1z07RJecXIs4NShe0apdCKz5zFvXe1lBYkx6HeY -B2jq7xWa+NFeGWOvhIk5gSbYfMui4VHUufe1g91BAoIBAG6P5igMabeIPKUOw7Xj -3yPDi2JskpQjFFBwGn/pyFlG9EkJ5Bu/uvcqucm0spLraVXCd5JpOACyMoTs2/np -4UeXWRUklHSrNrUSrrVt0l59APGMk0GLzm2gu1jILo42s4OZGCBZUYTrKzTx13ZY -KIIsa/20dCpeS8kBjpKULfap3CJOE/UbJ1wlYCRaEtiSqRVgAeJ+dlPAtcX6jlRB -niiPz+OAomZjGixLuEyrIkVjba3TAIRgAI61bOWk3Y+nfi7nyOLi58W5INb966pB -mbUav1MfvFlPvWzBPjpfhWDh2ITPxWKcnVKSy1LUF3dnYRqcQt5fIIxBFdUYOwkk -Wt0CggEBAMDCdK1+/xzUnUI5q6MYvgCEZlxuskLRjby8EfdCGv4eaNCKB2z3d5jj -PXVXpUKbqzLb0ehmA6e2OVOrD9VJYfRCGqrileJY7GnK1d3zy0DFfPm8iRMgevv9 -Sdzxdc5U7VH5FpMuqHfwNKHVK3jMkRQw88eRLKDWYiH7Du+lITYaLa1t6Xo/0r+5 -JYoPRUXJv0LiUamTThm4zAs9JOOC2I5/UbgifH21WxllD62fCmxJqF+t0lQWMRUw -GYiU41SiczC2rvGt6PKAlm0VKwBV+iCsywCuP7ywTq5n7/tCCPKMRcdTdpsgA9Sj -ygiQ48fCpPjwXP/+v5TyNchX2aTRCqA= +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLi6WY+Mur8MPj +irGSusNF4B7t2PKoOQL9jw/hyZ15DDg436fvbRAyWh/I2O/qo1FAw6CbZ/WRQ08F ++7MFmgFHiFMtoGf9Dh2jnN4fSJ7nn2rMBNKeNpDgUgERMW/bWqpOPYNcuDF9jQaP +wfhxnnGh7lSObHdftGlKLd+NatMCJpE6LppYYWsYGqx7xuS3TcqvlxSv+haHeFCY +1NFQPubRwtiF7gZbLUON2D0ibShZUkR55UlYghoOfwaAhXlSGsHAMtIox7nAZ51c +sxMIB5XWkYdu+FN6+mfVyAeR2UYDRZ6xvvd4+5qlc0HPtQJz7dWo2ne9PM/o5dwf +z9aT6VDUdvJT7Kh9e6eETJUAPqv0jguxKu99oWbWofAhXA+UChLegmVVFEc3Yc9o +EhPB8XsUX1z/z7FoN9Z1Wn3MbCLmNAfRLmanah6f7um4XdqiJRsAcKlljWZUQkmF ++gdWtHcmr3BLT+10aHLU9fnqzCOj1ow5onn2jGRM43UXhm/x4d4z7CiJ4zuhc8na +V/qczItRYxAm8yeawOJnLVLnQaB+a218PcxKUYpixReciMJfOKKNurtvghHjbOyv +WPgGsC0CT91zgWk/zHZyodtzQ4yXOTBJ0pp3MEkhhTIKaje/CQZgow/luvUHKjTl +OwcdEMHAOLyV3IGyiavVF5whwxqyYQIDAQABAoICAQC0NvMqanWhyW0WxJCOMi98 +aX/Y5LGMAdZE+2p7ZY+4QfpxWIyOrsidXDAyGujonSrupYZIshW5RJft2zlY507k +r629gv0vD1VsrBH6LskKmJntAwQbsoI5KkHpoBTCaRbKaSoqaKbg24EIvRukNT20 +uphA9YYHxWtHkzAQPJmQmOcSVXqwb6hrUgqPGL0eEpE3QBO/7zQNQ5hQiHS+kMK6 +y8H7apBUH9Jk/yS5m14TH4SjTD/RTneViCAQoJyW9ju/WP+7vYIX+WVZUu+xt02S +CY2Y0eLPym8u14jkODQF55knFMZ1Zoc4n8CQD1qZm+UFOFC1yubl9MYdoF4C3ZuC +vABnU7UU6pSABJ3glcwWUrGPxgbWTSlCTFwJqWeUZfEwWXQPhfoGIfckOf89tDsB +9TUd8fnfKVUrqDnEVPryvMZipG1nX4pZX/nXM/22sepdyuQ21quCcUTcUGwBhhQA +gfVJMPUc2dilJyYILYgmZ9k3J1iFVwIahMtqxY7oSaQi5bD9Pcst9MzFwiGo7T2q +4CjfUTPCiQeE+kyiEo1HR6Mhzd80Nobh0BQfMuauBMmkMlA3HPeztyR2U16QdDIa +LG2DOl+Ak4OultjKtGKovsb9FnzDnr/N+ONLgRyKPMwjLgjRPBpGmxSltjfqHpC/ +72OK3QPbDe7FRa3+jzC8ZQKCAQEA+RA7fhUEQv722SVpJI1pEvyQGCede65VB3lp +tN4wWqXfdKBKzTcxx6xkojvZPQe5NQFK3743Ui5qbgNxnxuqU/+KsBngZBVAYV6k +muCmpJsucCXVULeG5Cei7Z2FoRn2zjI1+7cMX9kccq+lGjy3imJPjhy9ChTWt/GB +P4Ii6ow2f+ZNKd5Vs/BRvGurLdCWg47UTzujHWtI24nJHjYfWpGIdAmJ9cuA/QgJ +RCVs8U0vXzcRKwGkn45q9t7A9LMMZ2OIryhN3PPY4p1i4zu4kwFEQeJ1CCSrAiTn +etitPxiovo+dmCFWxXeYuY+PNsi5C6kwOHVPDYlv+YrP0cm3jwKCAQEA0TbhuDaQ +rkuVIIlzrQzLl0KqtoQ/p+5KI4WmzDdpmWvLhAGug7Xfi5AmSAmJB+ui/XeHCjyg +Vy+nyoxzJrdjg0WShRgRx2b3rYqxTDsV72sbl1ofrCyX9DOW2XaiLCXPkGQfOmkS +yYagR3xyfsVsf44bwUWj2vckXFhZFZDR2DpRWL20S852RpXvwzOoOWhfaBAqHeR+ +qBWVsDuRwo0HCkidgBYnRpg4FAitoiVM+MpB3r84pOK4bO6s0n384l1iFLhWli/d +6hLVa4Hpec5jMHQajhOjdk03gK0xmS9Trcv1aUboih7KH0FlbdlWeKWi/F7sT7P9 +3MFrs9G+Ybd/DwKCAQEAiA1t8jnY0iAlCAl/nhABTfXZYNiDFoTsveB89ehJ0bq6 +jiLhuahk8QYjEtxOlyAY8/N4yzBFWAcy7FXFQ30BVlFJmVkJUqKpQIdKs6/0WAbN +H0YLeMRIU2mzfsmFrbNZNtoG0zHy+IjJGX0JW4O/X0DE5ISeX1tyz5iFWgPkvutI ++iT8Edr6RgkJHTxTjftbvRHQuFeDixaH/iUOUAqQphDJ0VlEm5hHJfG13hvznvzi +28hhAHUtUFuj4qdcEE+efvvINqZ1ojUyTNhcpHSDJwqSFst10rT1FX7DVD/4o3b8 +9tvM4sWTeNsT+omJWgvbyZrqVG0AegyRtmc1jwv50QKCAQAjNGz/Jo9qBOXvN7Hz +aLfJmDpJxC9B/uMS3yaWLqziWDVC3VWUbEJVpcgLTy9z2b7vj/F1U4ZXpXlCqCeo +WCuypz5kjwxO1ZDP7wqunTKvuwJFkbDKtCZNvXCg30mizCoFThPDLHMw3iqSXOqX +UnlTbYJWH3XXHsdLksJK0re8/vM5T5LLPs7ASfKykjq4jkufozizFwQJHLi3kw6Q +AlMw888tAo1RX8Pv+xXctxIgu0giR2Msu8n06qTCNtka7kPW4L4RP7TD8q9fC9lR +2dzvBlqBleRnv86bJIm4ETKviCaftILk2xF/+O0scuoOGzE17nMtZkhNoW6SL7Ut +lEcZAoIBAGMtuS1SJAnJ2wt5NY3zLAIoTwOr4LQLF1ukF+ogkck/GsRaJxGQRaE/ +tupQBRzsZN3MxjRspDzH+583yIEWFWwxDzDbz8P9PuU+Dgm3vRGJ+qvzTDHvnPzd +3mTOMnNMjchi6wwV9t/SxwhtnUoIHG0FtrXE+xH4QFnXaufGqw8rWbuPRjydH9iJ +8h+U4g4oaRpvftDHZ6HUMYgqC3/BtB9yk0CQ/BnTG1FlZZw6Ybu4SNtok2QrR1xN +MdcSNvQrgkMbVJ8ysKOwJNol3yw5fqYUz6KRxzU28MdOyELhcWhWUC9/D+5ib13f +Y78+RqMxuQBGGFp1ahS075xikXeb0TE= -----END PRIVATE KEY----- diff --git a/tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem b/tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem new file mode 100644 index 00000000..da457e71 --- /dev/null +++ b/tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem @@ -0,0 +1,185 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com + Validity + Not Before: Jun 14 12:45:09 2017 GMT + Not After : Jun 12 12:45:09 2027 GMT + Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Bak-Instance, CN=test-mdb-bak-ssl/emailAddress=dev@bigchaindb.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:9e:49:0d:d6:44:06:db:ad:bd:24:0c:d4:d2:f6: + 0e:e9:14:5a:52:b7:3d:72:97:ae:1c:b4:dd:6c:a6: + 2b:46:94:a9:60:29:8a:15:75:3d:35:66:a1:7e:3c: + a7:09:38:4d:30:4a:5f:d1:01:22:a5:b0:f0:43:ed: + 9e:e8:6d:b5:4b:da:3d:50:d7:67:c3:bc:a2:08:72: + 2f:fe:18:54:2a:2e:a8:6b:f4:ca:fb:4a:50:f0:48: + c3:97:62:b7:f5:a0:a2:50:2b:c5:b3:ed:6f:b4:86: + 09:a6:67:68:1f:28:69:d4:0e:73:c1:a2:6c:25:a5: + 55:37:8c:7e:a4:9e:aa:83:8d:9c:b6:29:19:6f:e9: + 86:58:9f:34:8b:92:39:9a:4d:ac:2f:1b:ee:43:a8: + 25:dc:d6:82:63:65:e6:f9:71:ea:69:ac:4f:1b:9f: + 96:ba:21:88:db:7b:87:4a:5c:84:4a:d6:39:3c:1f: + ea:e7:3a:9e:e0:31:32:e9:3d:48:da:0d:6d:47:74: + 2c:58:e6:ad:65:10:b8:64:7b:80:cb:b0:a2:f4:a6: + 16:27:b0:84:6e:09:c6:30:a3:b7:fa:34:7a:96:5d: + 61:71:7d:7d:dc:c8:69:9d:4c:2f:b6:a1:20:31:99: + b1:96:9a:9e:be:f4:ec:da:2a:6c:3a:0a:e4:94:ef: + 67:a5:f4:7c:ae:15:f2:67:8b:f4:f4:18:32:1e:7f: + 87:79:e7:87:a0:74:99:57:f2:44:62:fe:93:93:21: + 13:b5:98:dd:fb:98:67:e0:8f:e3:19:36:0b:9e:5b: + 67:a0:37:77:62:78:9b:6c:be:79:13:bd:79:ae:34: + b7:92:f1:8f:17:9c:0b:6a:42:9a:ed:23:e4:71:0d: + e6:f3:6d:9c:58:54:88:2f:ed:85:a3:5c:a4:38:6d: + a3:b9:bc:ba:56:ad:f8:2c:fa:8c:e8:83:de:1b:af: + 11:88:e9:81:08:c8:d4:03:68:d4:e7:11:c7:e6:1d: + 93:7f:02:2c:3d:42:e3:bb:f1:68:70:21:95:87:db: + c5:c8:43:64:d5:d9:10:94:cb:e4:17:e3:5c:21:38: + fb:9c:96:69:da:24:e3:59:e8:d9:f3:41:45:04:8a: + 04:c8:bd:04:85:7a:9c:72:9f:5d:34:38:1d:1c:26: + 85:6c:c3:1c:6d:df:6b:44:a4:ac:f7:27:0d:8f:1a: + 9b:d2:53:5c:15:bd:1e:f1:de:f1:45:d7:96:d0:50: + 0a:43:3b:53:ea:1a:8d:67:ad:68:d0:57:dc:3c:f5: + 63:fb:0e:ff:b2:cf:59:30:d5:12:bc:2c:62:00:cf: + c3:ae:ea:20:04:c1:67:e0:3f:92:99:e5:04:cc:7b: + a6:7f:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 95:F3:A7:FB:99:C6:9D:91:36:06:51:31:39:EC:37:42:89:07:AB:31 + X509v3 Authority Key Identifier: + keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98 + DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com + serial:E8:06:B2:C9:2A:9C:2E:FC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + 5b:42:f5:e9:cc:2a:40:8a:53:29:d9:67:2b:5d:df:25:b8:08: + 6f:6f:0f:d4:e1:b7:60:eb:d4:04:d4:3c:49:62:a5:78:59:48: + d6:4b:c3:24:04:86:51:99:01:6f:f5:ce:a1:b8:c0:d5:56:4a: + 23:86:f9:22:e6:42:3b:39:8b:66:64:21:f6:72:6b:77:79:4b: + 9f:3e:ec:0e:ba:cf:bd:72:73:02:66:bf:cf:e8:b2:75:ee:07: + 28:ae:26:98:b8:40:ec:dc:d5:12:27:27:34:3e:4f:55:b6:36: + e0:3b:58:ec:2d:fa:59:e3:c1:ec:16:93:8d:72:f6:ad:f8:dd: + 59:6e:c2:cb:51:82:f1:fc:b6:7e:67:61:f7:81:76:9d:a7:83: + 52:06:cb:b7:fe:52:f4:2a:bc:62:66:16:4b:bd:03:13:7f:e0: + f1:7e:c4:67:e4:9a:d4:1f:bf:a2:a1:f9:2a:8b:bd:d1:06:35: + 16:97:7b:93:fa:3e:e0:df:4f:60:60:74:ef:18:0c:69:10:61: + 17:4a:8b:d7:4d:0b:83:6c:de:c3:ca:34:ad:02:35:34:e5:2c: + 15:28:4c:ff:5b:e7:27:eb:87:c9:88:21:3e:ed:b3:4e:cc:80: + 2f:fe:87:e4:c7:d8:7c:5d:61:79:db:49:bc:f6:60:28:97:0d: + 17:0e:f4:7d:3a:ca:bc:d1:f2:62:70:a9:19:8b:f8:74:1e:c4: + 10:f9:7a:62:d0:65:d3:00:f4:3d:08:11:5c:d5:d0:97:3e:52: + 0c:51:1a:e6:71:bf:d9:25:c7:38:b7:d1:17:04:c3:a3:74:34: + 51:7e:3d:78:3f:e7:c9:e7:e2:37:db:33:43:26:ca:7f:2c:d5: + cd:fc:55:2d:3f:1e:7b:95:af:44:ca:b6:9f:0e:02:d3:62:e6: + 1f:96:a6:b2:0d:de:0b:31:b6:4f:de:a8:63:85:8c:c2:5d:89: + f9:ba:b2:e9:41:19:60:3b:06:18:c5:f6:9f:8c:f9:fa:36:18: + 16:3b:c4:8a:60:5e:7c:06:8c:f3:3a:c0:25:bc:3f:fc:f1:5d: + a3:81:a4:6a:48:05:f3:0b:cb:f7:45:87:4b:32:5f:b2:d4:5c: + 85:36:ec:3f:aa:23:81:fe:ce:75:7d:54:12:87:b0:95:a7:57: + 81:c5:4b:f3:d9:9a:d2:fb:af:bb:a7:6a:b2:23:92:1d:28:8f: + a7:21:bd:3c:21:fb:39:fd:73:06:84:d2:9c:6b:06:c9:3f:22: + 9d:dc:a8:74:9b:76:8d:e3:09:9d:ef:02:18:9b:1e:52:69:eb: + be:1b:bb:73:e2:36:06:4b:27:ad:0f:87:66:cc:36:81:5a:55: + e1:7b:7b:d0:4d:2f:55:95 +-----BEGIN CERTIFICATE----- +MIIG4zCCBMugAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx +DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj +aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m +cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X +DTE3MDYxNDEyNDUwOVoXDTI3MDYxMjEyNDUwOVowgaYxCzAJBgNVBAYTAkRFMQ8w +DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh +aW5EQiBHbWJIMR0wGwYDVQQLDBRNb25nb0RCLUJhay1JbnN0YW5jZTEZMBcGA1UE +AwwQdGVzdC1tZGItYmFrLXNzbDEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu +ZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnkkN1kQG2629 +JAzU0vYO6RRaUrc9cpeuHLTdbKYrRpSpYCmKFXU9NWahfjynCThNMEpf0QEipbDw +Q+2e6G21S9o9UNdnw7yiCHIv/hhUKi6oa/TK+0pQ8EjDl2K39aCiUCvFs+1vtIYJ +pmdoHyhp1A5zwaJsJaVVN4x+pJ6qg42ctikZb+mGWJ80i5I5mk2sLxvuQ6gl3NaC +Y2Xm+XHqaaxPG5+WuiGI23uHSlyEStY5PB/q5zqe4DEy6T1I2g1tR3QsWOatZRC4 +ZHuAy7Ci9KYWJ7CEbgnGMKO3+jR6ll1hcX193MhpnUwvtqEgMZmxlpqevvTs2ips +OgrklO9npfR8rhXyZ4v09BgyHn+HeeeHoHSZV/JEYv6TkyETtZjd+5hn4I/jGTYL +nltnoDd3YnibbL55E715rjS3kvGPF5wLakKa7SPkcQ3m822cWFSIL+2Fo1ykOG2j +uby6Vq34LPqM6IPeG68RiOmBCMjUA2jU5xHH5h2TfwIsPULju/FocCGVh9vFyENk +1dkQlMvkF+NcITj7nJZp2iTjWejZ80FFBIoEyL0EhXqccp9dNDgdHCaFbMMcbd9r +RKSs9ycNjxqb0lNcFb0e8d7xRdeW0FAKQztT6hqNZ61o0FfcPPVj+w7/ss9ZMNUS +vCxiAM/DruogBMFn4D+SmeUEzHumf7kCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFJXzp/uZxp2RNgZRMTnsN0KJB6sxMIHQBgNVHSMEgcgwgcWAFGnH +hYBk5pBA6TBoiCPSTbvs35iYoYGhpIGeMIGbMQswCQYDVQQGEwJERTEPMA0GA1UE +CAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWluREIg +R21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwSVGVzdCBJbmZyYSBSb290 +IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQDoBrLJKpwu +/DATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEL +BQADggIBAFtC9enMKkCKUynZZytd3yW4CG9vD9Tht2Dr1ATUPElipXhZSNZLwyQE +hlGZAW/1zqG4wNVWSiOG+SLmQjs5i2ZkIfZya3d5S58+7A66z71ycwJmv8/osnXu +ByiuJpi4QOzc1RInJzQ+T1W2NuA7WOwt+lnjwewWk41y9q343VluwstRgvH8tn5n +YfeBdp2ng1IGy7f+UvQqvGJmFku9AxN/4PF+xGfkmtQfv6Kh+SqLvdEGNRaXe5P6 +PuDfT2BgdO8YDGkQYRdKi9dNC4Ns3sPKNK0CNTTlLBUoTP9b5yfrh8mIIT7ts07M +gC/+h+TH2HxdYXnbSbz2YCiXDRcO9H06yrzR8mJwqRmL+HQexBD5emLQZdMA9D0I +EVzV0Jc+UgxRGuZxv9klxzi30RcEw6N0NFF+PXg/58nn4jfbM0Mmyn8s1c38VS0/ +HnuVr0TKtp8OAtNi5h+WprIN3gsxtk/eqGOFjMJdifm6sulBGWA7BhjF9p+M+fo2 +GBY7xIpgXnwGjPM6wCW8P/zxXaOBpGpIBfMLy/dFh0syX7LUXIU27D+qI4H+znV9 +VBKHsJWnV4HFS/PZmtL7r7unarIjkh0oj6chvTwh+zn9cwaE0pxrBsk/Ip3cqHSb +do3jCZ3vAhibHlJp674bu3PiNgZLJ60Ph2bMNoFaVeF7e9BNL1WV +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCeSQ3WRAbbrb0k +DNTS9g7pFFpStz1yl64ctN1spitGlKlgKYoVdT01ZqF+PKcJOE0wSl/RASKlsPBD +7Z7obbVL2j1Q12fDvKIIci/+GFQqLqhr9Mr7SlDwSMOXYrf1oKJQK8Wz7W+0hgmm +Z2gfKGnUDnPBomwlpVU3jH6knqqDjZy2KRlv6YZYnzSLkjmaTawvG+5DqCXc1oJj +Zeb5cepprE8bn5a6IYjbe4dKXIRK1jk8H+rnOp7gMTLpPUjaDW1HdCxY5q1lELhk +e4DLsKL0phYnsIRuCcYwo7f6NHqWXWFxfX3cyGmdTC+2oSAxmbGWmp6+9OzaKmw6 +CuSU72el9HyuFfJni/T0GDIef4d554egdJlX8kRi/pOTIRO1mN37mGfgj+MZNgue +W2egN3dieJtsvnkTvXmuNLeS8Y8XnAtqQprtI+RxDebzbZxYVIgv7YWjXKQ4baO5 +vLpWrfgs+ozog94brxGI6YEIyNQDaNTnEcfmHZN/Aiw9QuO78WhwIZWH28XIQ2TV +2RCUy+QX41whOPuclmnaJONZ6NnzQUUEigTIvQSFepxyn100OB0cJoVswxxt32tE +pKz3Jw2PGpvSU1wVvR7x3vFF15bQUApDO1PqGo1nrWjQV9w89WP7Dv+yz1kw1RK8 +LGIAz8Ou6iAEwWfgP5KZ5QTMe6Z/uQIDAQABAoICADsiR80YtQc1LUhektQNoRxq +wiPM2WQKTr3ixCZnHhvMRkrque+yUR+2K/chabYEFrJH1uwaZHtKUzjNeWSUN/sS +mX2uO9HgkxhcsJlZNXhc3gcW+Q5QgVSDmq7f7qIRVRJmiAHkXqsuuEQ2tauOSZsz +mwNoTsbxsZiDIH0X2dQz/6v+RsaMk+hf8h2Cj4qaIg2nfahBFYQfj67azyO57z1z +ZkqHoKQBC0QULkMVtUbQKanQss2YFOrk9oQ0pRbxlTXwrPC5nWX4jSrdCQ0P/JEx +y20ggRkrBaP+Rilvmay7TkA8Bd2J8gsV/21XXNOq+7GsKkpk7mfDGZPFpggOOMYs +xmp9rCZ+/0wpGQ130/ks3bQRHeVXQ0WuEXrmkdHhyyRycYocDfUhC4YB5NJOhI8H +Xl/ScebL3xwl56CNbfdyG6VeAqpJk6qxoklMw+zWJQeHtaHkXObWSSORf0KCAHV7 +5/FWH7QP93g3X4r9Cq0zVI0e9ImC81azxj335bWpZi63YTvZriStak2ucfkBPXof +zTQHVi47E8fOG6HjEQYLM/FohXRxSKodBruKEKZlzqGLaSVlfj25v1l61mS4Owjj +2VWEuCraGixRIfawK6CtuS6ZRCLZyuVISul0Xhmm9EJ9rrqaJS3rCHp40S/prnFY +TACkRoLkBqftkva2uVxBAoIBAQDQK0hEZ3jVznmybNyvscdkYnJHFqJqjQgR3DKM +1RxcOpsLcEJZv5Xw9yze1QndCplnWsHsbOYI/Bz6Bnf60DRnbiZrftNEkabEgPkE +pEnZTCWm/ynTjhJy5y5ttnrqx2CHUpLoVnwqQKQqp3p/gjXQcp9NqX8/ieA4ae63 +tPMpQERlA3ETHprZ26NkjIl35oO2Hl/vw80Inh26EHFlKZkzKRsCaqBLgIkDpbOe +vgziyBUCk3pmyKI62pPu4S3Xy7TaYtjUeZvwUI8u3hvE6v2Qjj9nS6qvTOGRg/hG +3DSBEqXUxMTYu+41zPyYZiSoUpFkReV9G/K3wO9b0Y+po+NFAoIBAQDCp4+uwo47 +90S79J2wM4nEhtPvgg5Zvv+8a1Uedng+DKokmPdcqD9RSREcbuj2BOwS/phTePKh +0UFgy43B8DrTDNrYvZPTjPalxo8ks122+vzM+Y43le072wOQkHfVZP/Y1+lOOsVf +TjGrp82keg4w784w7OuJNg+i7+rwsOwBn6iavHbHi3c8IGXDsNe5+LEwTSXSyxiF +s/NFBYOxNDV1GVATTbyi5bEKLDtrD1GXRtCU4atGf9fwYSU08KMjrhRQLP+0sYwN +lGSpJnJc7M7CuikxT646+ENTZC1vZlp1bUwsX7sjk5kxq6fkf0LM0/7hLg0yPOFV +XTBeLPYJrRflAoIBABYbgqFBG+QY+XOpfAZsqvBORDSogrcuIx1CdVvfhhOFZdHh +Kiq93f6pQWqo1VNUPNZtHQsuxX9OxwUGitdoJSiW2h2wal9t2Hgl+kwz5mPdYmJJ +1vdQr0TkqFmed49XfTjh3Bgwlx8lnkmpX6kK+wwYIDLvPURSMC3NkjyQSwKmgJz5 +sJiHN4rLeJ7FDhRdtr8wmp+r+6peoGmSNXi44jw8sVGgYUWjcOmiP2EsbdHnzdNo +NieURyZY8Dz+TRAN4jcPKFfoUldDNvGTRP+0tRkVAkbGEmprj8kUatmbqTfL8zCV +dRJPYwzzqB/HOT1nB2nOwoB251/8bW8i4k7xyMECggEANOd9sa3HIp0t3Te6s+0O +AI/0giAC7nlu4DL7y2+/dn3SsGeys0g3DUyijevG/TaRQwhXNjilGT3aWwh32sID ++uB/inDcAJ9LWfsBZKQrUFQe6UbaVFk3RRFdgqkBKMpujuz/x/dJNYH3FgRha9aQ +jNRgYgPCcGR1E3/JhulO+5H9LTETx2AsY/caMXma6DyjS9Fr+kKgw5YJBDVfeYYL +EWxzywtRvaRX3b/v1kUvk8H3Zr9+4YZVlkuQ5TaR4FyrwK66QM4QlpBCW4bLhl4G +Q/58u55AaF6ZTczoXGKhK1EtZtIN9rli5ZEV7JB6A1mK6ICvrXvGcoEFaFMn+7FD +0QKCAQB+zcumaZJ2f70TUc0cSpH5ObEdQzgLDgYk11ntogFWaXefY84R2UOAnVmT +TOAdl5CHY+iBwYVldGO9/+lSaeXzsFYeuvkoVPg8jnSoocc8H+QdgCjXwIPtalAJ +DmMo5OehmmbeZl/HYnESodqy+94DylxpoAwRwPh4m4H28lJObOkc+aP94Ij+i403 +PW9HxSK4u1OTSAXUHrsHxYTHOoO0KIx7tDQtgToWJiXIF4OcvHpVrYhZlmX8jdZB +rzfGm7L2NbXOxMyRwzkiP2u3Jy2KMDjkzzrcj/baBASw/gvTBNg0Av+hxDLHAVKc ++gk211q750iboMg2OYLjyYqcwbXn +-----END PRIVATE KEY----- diff --git a/tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem b/tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem new file mode 100644 index 00000000..92dc3c5e --- /dev/null +++ b/tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem @@ -0,0 +1,185 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com + Validity + Not Before: Jun 14 12:44:48 2017 GMT + Not After : Jun 12 12:44:48 2027 GMT + Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Mon-Instance, CN=test-mdb-mon-ssl/emailAddress=dev@bigchaindb.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:ba:24:72:5f:73:ff:ea:19:08:30:c8:91:47:01: + 2c:ec:0e:b2:81:fa:84:01:72:38:d7:17:81:b3:87: + b0:ed:91:b2:d7:b1:7c:30:c6:d3:93:5f:39:04:e6: + fc:dd:b4:f6:c3:2a:d6:ce:ce:f1:6f:bf:32:05:92: + eb:90:66:0e:95:c5:ce:5c:3a:37:ac:cc:40:c5:ef: + 3e:53:b0:49:ed:ab:3c:9f:08:88:63:fa:a7:db:d4: + 6b:e9:55:0f:f3:f9:62:45:b9:a4:a2:3d:6a:60:b5: + ee:9c:e9:7c:cb:ef:06:0d:c5:92:21:4a:79:b4:f4: + 58:20:a6:8e:82:87:05:2c:c5:94:ab:6a:56:09:9e: + 64:bb:ab:29:86:04:a3:39:fd:4d:25:da:f7:6c:c9: + c2:c4:42:66:f4:f4:4e:91:dc:09:10:3d:6b:16:0b: + a4:be:c4:52:6e:4b:fa:8a:50:74:be:54:a8:46:e2: + 0d:53:db:9b:8d:6d:58:71:71:8e:f9:4f:ca:07:48: + c2:eb:fa:d1:42:0a:33:18:9e:14:0e:a8:6d:78:f6: + 8a:76:72:db:94:1e:56:cd:02:5d:7e:6d:6f:75:35: + cc:ca:c0:be:57:2c:6e:96:7f:79:51:84:ae:95:a5: + 3d:da:bd:01:8f:6a:de:8b:d0:dc:f8:61:27:f2:a6: + cf:0d:40:89:d0:2e:db:da:e5:ad:c5:9d:95:5f:22: + a4:52:70:33:4f:df:13:8f:96:a0:9b:21:aa:15:20: + 39:c6:16:65:98:b8:97:2a:cc:47:e0:79:41:b4:a2: + 96:32:68:65:f6:8c:1b:ce:c8:38:9c:75:2c:1a:87: + d9:87:9b:f8:b7:ff:2c:15:e2:0a:12:7b:a0:ef:3a: + 39:7e:32:3d:f9:42:d7:5f:08:38:93:4e:f1:41:a0: + c2:55:30:55:40:aa:bd:68:8e:69:c3:33:6f:50:0d: + ef:44:80:da:e5:01:61:d3:71:41:de:03:ab:42:85: + a0:80:1d:2a:b7:88:15:7b:ee:43:64:20:57:f7:25: + b2:6c:47:a6:5b:15:58:13:67:47:a3:07:17:20:51: + d2:8d:7b:71:91:39:5a:1b:a2:a0:0f:15:73:84:74: + 1f:49:b8:64:4b:3d:86:99:85:a5:e3:05:63:37:c3: + bf:e7:c2:4c:fc:ff:bc:9a:8f:43:43:52:a7:cb:b8: + 91:e7:0a:10:02:ac:74:3a:8b:06:34:50:d2:a3:12: + 81:d2:7b:46:bb:ad:2f:9e:ed:9e:0d:8d:27:64:99: + e5:e2:a2:56:cb:ad:3f:48:24:9e:11:32:bf:70:44: + e2:a5:bf:39:86:5b:ed:5d:75:c2:53:40:62:da:2d: + f8:f2:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 31:63:2C:98:2F:9F:6C:44:82:A9:B8:D3:06:15:95:84:D9:52:98:71 + X509v3 Authority Key Identifier: + keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98 + DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com + serial:E8:06:B2:C9:2A:9C:2E:FC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + 1e:16:02:5b:35:f6:36:0a:54:bc:48:11:51:39:a1:b1:e5:39: + bd:26:73:bc:37:22:95:87:3f:ed:e6:e1:00:fa:e2:a7:2d:ef: + 9d:25:ee:b0:7c:c2:e5:8e:9d:ff:24:51:ee:a2:cb:2c:b9:0a: + 38:07:94:8c:12:21:e1:1f:83:5f:4d:92:a8:b1:ff:53:90:97: + 30:2d:06:d6:84:79:27:6c:34:dc:19:6e:af:dd:80:a7:66:3b: + 0d:c5:c2:0d:7a:ce:b6:12:c2:9e:6f:02:0d:d0:41:c1:7d:75: + aa:07:46:50:e0:06:22:a8:d7:d2:45:dc:d3:c1:20:01:61:c6: + 07:13:74:b3:9e:de:88:1a:75:1d:8d:0a:3f:fd:0a:56:07:92: + d6:ce:37:f5:e6:ad:d0:64:33:77:36:dd:76:06:e1:20:00:64: + 88:d0:ca:71:f2:65:7c:26:ce:2c:55:07:50:36:d9:2b:b2:80: + fa:d1:4b:fc:31:89:d9:3e:c6:50:a8:ce:cf:df:d2:54:53:e7: + 80:ab:e6:4e:66:e8:91:70:55:95:80:94:74:60:f5:e8:ff:69: + 65:c0:41:17:af:1e:8a:50:a7:4e:f3:c1:76:42:7a:62:22:0a: + 51:33:06:57:bc:6f:7f:f6:5a:9d:4f:cd:2b:21:65:63:d8:ab: + 5b:38:8f:8c:f6:37:50:ca:32:5c:9a:3a:1b:a1:db:9f:fa:10: + 4e:35:54:9c:24:42:8a:33:58:a5:3e:b4:a4:67:4a:d2:b1:8d: + 99:d5:4d:1f:f7:d9:c6:ee:60:54:7f:bc:57:2f:0a:b9:ce:04: + 96:0f:0d:9c:22:39:a2:4e:e3:c7:3d:df:9c:09:af:45:62:57: + 1e:25:67:b1:4e:e9:15:88:c5:b3:2d:88:c8:60:8e:5e:b5:28: + 49:77:63:6f:0f:9d:d2:06:94:b4:b3:d9:92:2a:32:7f:45:c8: + 32:69:12:7d:8d:47:52:5b:3e:7f:f0:bc:80:11:56:08:97:7a: + eb:fb:0d:69:5d:88:b9:bb:27:7f:de:2e:a9:63:c5:89:56:88: + ce:2f:47:f0:1f:bc:3a:60:f4:19:8a:39:82:11:51:99:7a:8d: + 1f:11:53:2f:f4:43:48:08:c9:1e:a5:3b:ed:f0:8e:cc:d6:1e: + 20:e9:2a:4d:c3:cc:3a:6c:63:29:a7:1b:c3:63:13:19:d5:82: + 61:b9:83:39:e8:60:d9:06:e4:cc:55:5e:93:70:80:97:58:f4: + 24:1f:2b:6f:e6:ff:67:f1:76:2a:b3:db:6b:1a:22:42:a0:85: + 44:de:1a:9a:9e:b5:d2:ca:95:11:2d:ba:57:4e:2e:79:67:10: + c8:ee:aa:67:61:ca:8f:25 +-----BEGIN CERTIFICATE----- +MIIG4zCCBMugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx +DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj +aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m +cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X +DTE3MDYxNDEyNDQ0OFoXDTI3MDYxMjEyNDQ0OFowgaYxCzAJBgNVBAYTAkRFMQ8w +DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh +aW5EQiBHbWJIMR0wGwYDVQQLDBRNb25nb0RCLU1vbi1JbnN0YW5jZTEZMBcGA1UE +AwwQdGVzdC1tZGItbW9uLXNzbDEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu +ZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuiRyX3P/6hkI +MMiRRwEs7A6ygfqEAXI41xeBs4ew7ZGy17F8MMbTk185BOb83bT2wyrWzs7xb78y +BZLrkGYOlcXOXDo3rMxAxe8+U7BJ7as8nwiIY/qn29Rr6VUP8/liRbmkoj1qYLXu +nOl8y+8GDcWSIUp5tPRYIKaOgocFLMWUq2pWCZ5ku6sphgSjOf1NJdr3bMnCxEJm +9PROkdwJED1rFgukvsRSbkv6ilB0vlSoRuINU9ubjW1YcXGO+U/KB0jC6/rRQgoz +GJ4UDqhtePaKdnLblB5WzQJdfm1vdTXMysC+Vyxuln95UYSulaU92r0Bj2rei9Dc ++GEn8qbPDUCJ0C7b2uWtxZ2VXyKkUnAzT98Tj5agmyGqFSA5xhZlmLiXKsxH4HlB +tKKWMmhl9owbzsg4nHUsGofZh5v4t/8sFeIKEnug7zo5fjI9+ULXXwg4k07xQaDC +VTBVQKq9aI5pwzNvUA3vRIDa5QFh03FB3gOrQoWggB0qt4gVe+5DZCBX9yWybEem +WxVYE2dHowcXIFHSjXtxkTlaG6KgDxVzhHQfSbhkSz2GmYWl4wVjN8O/58JM/P+8 +mo9DQ1Kny7iR5woQAqx0OosGNFDSoxKB0ntGu60vnu2eDY0nZJnl4qJWy60/SCSe +ETK/cETipb85hlvtXXXCU0Bi2i348h0CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFDFjLJgvn2xEgqm40wYVlYTZUphxMIHQBgNVHSMEgcgwgcWAFGnH +hYBk5pBA6TBoiCPSTbvs35iYoYGhpIGeMIGbMQswCQYDVQQGEwJERTEPMA0GA1UE +CAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWluREIg +R21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwSVGVzdCBJbmZyYSBSb290 +IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQDoBrLJKpwu +/DATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEL +BQADggIBAB4WAls19jYKVLxIEVE5obHlOb0mc7w3IpWHP+3m4QD64qct750l7rB8 +wuWOnf8kUe6iyyy5CjgHlIwSIeEfg19Nkqix/1OQlzAtBtaEeSdsNNwZbq/dgKdm +Ow3Fwg16zrYSwp5vAg3QQcF9daoHRlDgBiKo19JF3NPBIAFhxgcTdLOe3ogadR2N +Cj/9ClYHktbON/XmrdBkM3c23XYG4SAAZIjQynHyZXwmzixVB1A22SuygPrRS/wx +idk+xlCozs/f0lRT54Cr5k5m6JFwVZWAlHRg9ej/aWXAQRevHopQp07zwXZCemIi +ClEzBle8b3/2Wp1PzSshZWPYq1s4j4z2N1DKMlyaOhuh25/6EE41VJwkQoozWKU+ +tKRnStKxjZnVTR/32cbuYFR/vFcvCrnOBJYPDZwiOaJO48c935wJr0ViVx4lZ7FO +6RWIxbMtiMhgjl61KEl3Y28PndIGlLSz2ZIqMn9FyDJpEn2NR1JbPn/wvIARVgiX +euv7DWldiLm7J3/eLqljxYlWiM4vR/AfvDpg9BmKOYIRUZl6jR8RUy/0Q0gIyR6l +O+3wjszWHiDpKk3DzDpsYymnG8NjExnVgmG5gznoYNkG5MxVXpNwgJdY9CQfK2/m +/2fxdiqz22saIkKghUTeGpqetdLKlREtuldOLnlnEMjuqmdhyo8l +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC6JHJfc//qGQgw +yJFHASzsDrKB+oQBcjjXF4Gzh7DtkbLXsXwwxtOTXzkE5vzdtPbDKtbOzvFvvzIF +kuuQZg6Vxc5cOjeszEDF7z5TsEntqzyfCIhj+qfb1GvpVQ/z+WJFuaSiPWpgte6c +6XzL7wYNxZIhSnm09Fggpo6ChwUsxZSralYJnmS7qymGBKM5/U0l2vdsycLEQmb0 +9E6R3AkQPWsWC6S+xFJuS/qKUHS+VKhG4g1T25uNbVhxcY75T8oHSMLr+tFCCjMY +nhQOqG149op2ctuUHlbNAl1+bW91NczKwL5XLG6Wf3lRhK6VpT3avQGPat6L0Nz4 +YSfyps8NQInQLtva5a3FnZVfIqRScDNP3xOPlqCbIaoVIDnGFmWYuJcqzEfgeUG0 +opYyaGX2jBvOyDicdSwah9mHm/i3/ywV4goSe6DvOjl+Mj35QtdfCDiTTvFBoMJV +MFVAqr1ojmnDM29QDe9EgNrlAWHTcUHeA6tChaCAHSq3iBV77kNkIFf3JbJsR6Zb +FVgTZ0ejBxcgUdKNe3GROVoboqAPFXOEdB9JuGRLPYaZhaXjBWM3w7/nwkz8/7ya +j0NDUqfLuJHnChACrHQ6iwY0UNKjEoHSe0a7rS+e7Z4NjSdkmeXiolbLrT9IJJ4R +Mr9wROKlvzmGW+1ddcJTQGLaLfjyHQIDAQABAoICAEU5ysNPC6zPFGm4HbdPa5p6 +uM54EWHMTfFIT7cpzpX7qoxm+G3Xc9YKAtWc5gu6Ak+A/hQ5iDbr3zmNc0fnfKMc +xmssR4pfB/PUztQm6seV+FyYusib7pNlw6AqP12XsIGH0f94YbiH0K7QctYRFapH +gNoarXqrqJ6z8qn+duE4tdquGENJgeL9e9rYnK+zUV6zuXLe8i01GL8eoJ3EPCar +AMlZGTLNJm7YmNuZomEqcM6zwQsf0BDfypWeCvMTRmpBGCTUycAKtQgBuindX6Et +5z635ouGYPerWoPrRRlNIdWBqwgWgSY9UCwN8TO8GW3g/tSMhSlwSs2grE+k07lR +6d05taL8c/thZDpHBePVhKvNvJfI8ef0lqCCPc/uFnmWkY3pg2HB3Z605YqPhddL +tTqaDZVL2oc9qrnyjz/6cFOa9Mh3cdt8L1+j0hMDWxYOcYS7IJi35V25B8wDPVZj +LXCINNQtTio7hwc+jyXhPVSERfeISlU1Ki5ZomWLzMtkdDzBz8By++aEudKw+cV/ +OjLa07SLdn05j52rqYhzaZEbeXoY1L2N+V9c86iukjr8vLHStzgmzpWDYcsnHu7w +Ojy4iRtAvI2a+PSq0tdqfhFKCA5zevLcCxUUhSDxWIa81TYEE+MfqQYtEASB1/Ze +Nt6IKu9zpLXA1WFNxLktAoIBAQDvU/K+eznf/ro46WvpKqXyU0YkEoMNHDQ7ljrG +QLkDo9WfN08aKpi6tjdgKZ97yqJae16h6WJj6aDyKL+kpkhitQ8QPhvpg4Efiupz +15gqbLzlIqrmdfGH/X2H/C3i6WDdrJWMA7ERitK4TKGoKzIH+YHA3kjEwvVnAh/U +TKov47H40UP8qTTmortTC9uO+3TmbpSkDU7iGhTKd1RYcLnKj9jmI+//BZ0OYe6U +QzrCKD27YIsH0QD9pWv/Wn3Xy2yH7EnWxXzxq6Wd767JHIloHVYICrnMf/rSA/sV +8g/JjLuLCUf2U0DxauX7wcnC7XtOJ0u5PBw1lzRYA/vfNgVPAoIBAQDHHAO9K2E7 +5Gy2zVVdqxgK4NqY6pOgaEu7T95VaTchShQ3dGs5b/s8GU+gjZ+XOF4VEqjazGR5 +xUXqlF+XLp0YI7vn9yNoUYRvHtbun8hBaQ2yc4iWzxGeAQVCYr8e0w6gs7pyFIh5 +xKZzaYZFKIJhTD/NApuul0IYnRSnKXhODp4x/dElpgectkLUHlME9rrXjBdKQVFN +x50JBnopA0/npGxtuDzztSP7qq1rFp3HHMChvzM5oLoOj5b80OmaI52vCGY6Udhy +HMNbMzMiEHgekNramFEe0fZxuwUkF6+O+FIb+jPy0EP04an4IDNhjLet7PHN62qW +CEF1UIz/w87TAoIBABnY8TCNUnTUp/wZiaQHDSEcyUiAD1NNJn8A/JwIxXKVMS8e +5BYpX5FauKRUGnteKSaoiFHoSM4Nn2pH6Fq58rtmXpgcfRs9Lqbfc+7K7A447DW7 +BsYZGtrbD8GuBK6rEeEfEI+snmUMnzF0ZUkqUR73XYIc/7Lwc1yKqDFfjknZx5Dd +2P/irmnyTVTsxOuuULPKYZdOMKTOuEwdkyhyFD7CRmSkoPjj/FBfV0r/78qkWfZw +uNNBSWAbi4xqk4jI2ZHcfSUK8zGOnjZuemwR/u0VrgL0VZi2gbpI38dA+1+DKYYc +nH8IAs2QBAKqrUW2LEkGiXEaAtnu2KJg28UBqpUCggEABSMw6YGkCaKUN4dGy5rt +jOJOYaGz23C1e4jNCNElLgO2T9P+LEY6akuQ5WiiFInMy6hmmParJQU1D59yc/ks +7oGFiK+0xy1LSH64NwICbcWjJ9aZUKLZJoWKODNKESaK+xSIHAdxmgq77MBtSX2J +F6+a+dQ2ZiPa/b2X2dRVGVaBOHL/IYSOL7n4MXby127yVTt1ImJbEbGz2JbFMie2 +uRhh/9bAI92ppwW5Ycj8mzWftsyzKqp+AoAr+iv9yw9eMzT5Rkn0VsVtOP4yNI/O +OaOtMfS6Kxxpyndz44GE8yBvJe+nxX0gM8Ja218hVEQIPUGe35xSbLqbzcYdTUAl +JwKCAQBWx+ej+03fXOPHN8K2IA1a+8wEwjxsjbpGtHd/nyDVkjdqVHW+Jkmyqkne +gFbDvq2ZHQJjDYB9o/ZnwXpEXfweSz2XsdiNBMQvIUMOGRmI9yJJ1Ez1gfhlJYpW +Im+/dWQCTw0o/8cHPI32ic3iBZBuemGCxccF89bmX+GPzK/aT8F+5uG/pHjHXNU6 +S/jKxZIwDM9yW4vIRdOAAi1eya0f+VHE70ORpUXfkUV5kVQR7pLEWDFDKIF/zBGv +vRPdZOO5GOQb0kQ1eHyHDPUOimT1GlF+e9OLvy6dVDaqKRBEiVHjxfWGUnpH+Qo5 +zlmQnC98+HETU0YHNxAAMsRPvxXi +-----END PRIVATE KEY----- diff --git a/tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem b/tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem index 66888b4a..e9924e4b 100644 --- a/tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem +++ b/tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem @@ -3,60 +3,60 @@ Certificate: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=TEST-CA/emailAddress=dev@bigchaindb.com + Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com Validity - Not Before: Jun 2 07:09:28 2017 GMT - Not After : May 31 07:09:28 2027 GMT - Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=test-mdb-ssl/emailAddress=dev@bigchaindb.com + Not Before: Jun 13 14:40:55 2017 GMT + Not After : Jun 11 14:40:55 2027 GMT + Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Instance, CN=test-mdb-ssl/emailAddress=dev@bigchaindb.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: - 00:e4:71:43:91:f2:3a:26:4d:6d:61:f5:54:dd:a4: - a2:8b:e8:79:b7:44:94:9f:30:5d:86:d8:f5:9d:80: - cb:51:e8:c0:8c:9e:2f:fe:cb:9f:bb:f1:b5:97:47: - d1:9e:43:64:2b:f0:3f:99:30:1c:27:34:74:87:1e: - 73:8f:86:66:89:0b:b9:64:05:8a:95:d7:81:da:fa: - b7:d0:4c:59:0e:1c:d7:1f:07:74:7d:38:9d:b0:6d: - 02:a8:c3:63:f4:5d:d5:29:5b:df:8a:56:c5:51:29: - 32:5b:ea:cc:ea:00:a0:04:e9:8a:f5:a0:e1:c3:77: - c9:3d:1b:99:fa:e8:bb:08:e5:98:bb:ec:5d:7e:d9: - 7e:39:98:ab:16:cf:e6:e8:df:a9:6b:37:72:83:4d: - 43:94:3e:99:39:ae:1f:5a:c9:51:71:30:5e:20:70: - c9:90:ff:ba:8b:6c:d9:5f:3d:df:03:d5:fe:f7:52: - ea:41:6d:4b:fe:6e:04:30:ef:a4:19:20:a8:fd:fb: - 0c:72:76:2c:30:54:5d:f4:2b:e9:cd:96:3f:bb:e9: - 6d:7e:79:8f:fe:06:6f:40:b1:42:a8:54:80:65:56: - 50:af:c2:e2:68:e0:ac:22:90:00:ae:bc:6f:55:1a: - b7:ed:90:22:e8:c7:34:1e:4a:7d:d2:26:b0:35:16: - ec:30:45:cd:ac:f3:87:f6:8b:fe:84:8b:b3:9f:13: - 08:f2:59:9f:3f:64:ee:20:a0:dc:87:8a:28:89:87: - 1c:a1:91:63:81:01:66:43:7b:5f:5f:38:69:a7:f7: - ce:da:07:0b:7c:2c:87:df:9d:a5:12:db:b4:97:ed: - e9:2c:31:d5:14:cc:f0:f5:a4:6c:7e:59:4f:73:36: - eb:28:1c:be:69:98:1f:12:c1:e0:db:6f:f0:1a:62: - 51:45:71:58:88:68:7e:06:42:cb:b3:31:85:53:90: - 70:84:f4:08:18:d5:4e:07:8b:db:6f:d2:0f:ac:c4: - c2:52:a5:ed:07:b9:1b:1a:e9:22:4a:21:f8:1a:27: - 9f:47:b5:ef:cb:24:3a:36:29:dc:68:fa:f1:9f:2e: - 02:f8:8d:ab:25:6e:ba:3b:0a:0e:9e:c1:40:f4:56: - 74:75:fc:b8:84:fa:bb:05:17:b7:b7:d8:36:02:40: - 16:03:c9:75:a0:68:7e:e0:f4:c9:ae:fa:3d:0c:a3: - 81:3b:e8:a2:84:dd:73:6e:d4:9f:e6:1c:db:d9:9c: - d6:c2:b9:fb:34:8f:f6:46:33:9e:29:bd:0d:11:33: - 03:25:dc:1a:c7:44:00:76:83:16:5a:a5:d3:35:bb: - 47:2d:9e:77:16:e0:b0:48:9b:dd:7c:20:56:56:1e: - 1f:40:87 + 00:bb:37:f1:24:2f:83:95:2c:bf:47:a4:a0:2c:9f: + e1:bf:fb:70:f6:9b:04:a0:e8:3b:81:6f:ca:a6:22: + 6d:63:75:48:bc:fa:57:29:16:f7:2f:09:52:6c:c5: + 52:20:74:9b:27:99:5b:51:85:ea:ef:c9:5f:78:c9: + 29:b8:cc:a4:a8:46:c2:a3:64:41:84:92:36:c7:a8: + 82:e2:b6:5e:67:08:d6:bb:3d:36:06:31:10:53:7a: + 58:66:66:89:4d:46:d3:f6:3e:38:d4:84:d9:6c:c4: + 95:68:9e:66:b7:47:c6:63:dc:35:1c:46:3d:8e:c6: + 96:13:aa:65:53:3d:75:84:76:af:85:d2:6f:97:78: + 0f:d2:8a:c0:cb:3f:86:30:09:0f:bf:ae:30:cb:26: + 05:61:0c:ad:07:5e:33:cc:82:bb:46:49:86:a5:6e: + 07:1b:78:b2:71:7b:01:ee:00:97:ac:81:49:89:df: + 73:ab:d7:78:8e:a3:c5:76:5c:e9:fd:48:5f:a6:45: + b8:97:13:6a:55:05:5e:e2:00:46:27:67:93:06:fb: + 91:83:69:c7:5e:12:49:ce:39:b9:ca:69:9f:0d:ff: + 6a:79:b6:6b:6f:81:6c:51:e2:d0:01:9b:f8:7b:25: + 3e:09:4d:00:aa:89:7f:00:e3:fb:5c:35:19:8d:c2: + 11:21:87:1e:7a:11:bd:88:b2:de:ea:bf:a0:8b:fb: + 0c:c3:6d:e2:ce:1f:6c:5b:5f:4a:05:da:ff:f1:fd: + 4a:f5:de:5b:d8:93:ca:17:6b:dc:80:3e:91:6e:97: + 43:db:59:f5:80:c1:0a:54:32:cd:c3:be:87:e9:93: + 14:ae:c7:29:01:90:e8:11:32:59:1a:73:bf:42:0d: + c6:82:2c:89:2e:54:67:c8:2a:c3:3b:ce:e6:c1:09: + 48:ad:d3:a3:e1:80:f8:df:6e:4c:78:72:76:db:4e: + d9:b9:fa:5b:7c:85:73:64:c9:23:94:ae:5e:63:68: + 7f:1e:63:d3:78:85:47:0b:ec:52:1e:02:cf:7b:9d: + 96:9c:63:4f:46:f7:79:1e:90:d3:21:18:85:26:17: + f1:51:18:d6:87:1c:9b:50:0e:70:6b:f1:08:41:b6: + 3c:fc:fb:d7:1f:f1:bd:2d:3e:77:b6:66:92:0a:81: + 01:0f:4a:68:68:69:5c:0f:38:b3:46:68:1b:55:99: + 67:29:d1:03:f2:a5:5b:f1:8e:53:ed:c7:cc:79:38: + 9c:8d:a6:78:f4:3e:23:28:ee:a0:d3:55:0f:c3:f0: + 64:c1:fb:e5:85:71:b2:1e:44:d3:1d:78:87:77:76: + e2:6f:5f:54:64:14:b4:2f:14:0b:a5:3d:98:fb:68: + 99:1f:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: - F5:2B:26:62:47:74:FC:75:6A:9E:76:8F:35:EB:23:64:BF:DD:18:3F + 0B:53:E2:76:40:AD:73:C4:12:6C:85:CF:36:5B:5F:FB:6E:E8:03:A7 X509v3 Authority Key Identifier: - keyid:97:C8:DC:C8:EE:AF:E2:70:C4:09:9B:19:50:8F:86:1D:2C:FF:6E:26 - DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ENG/CN=TEST-CA/emailAddress=dev@bigchaindb.com - serial:A4:C4:DF:DB:1A:DB:83:C7 + keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98 + DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com + serial:E8:06:B2:C9:2A:9C:2E:FC X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication @@ -65,123 +65,124 @@ Certificate: X509v3 Subject Alternative Name: DNS:localhost, DNS:test-mdb-ssl Signature Algorithm: sha256WithRSAEncryption - 35:75:46:2b:6a:b9:a7:cc:24:ac:88:83:d5:e1:28:08:c1:0b: - ff:9e:c1:57:86:92:c1:63:c3:bf:82:e7:11:d2:83:89:58:78: - 94:51:87:81:e7:fb:78:53:0c:19:2e:9e:41:84:26:91:2d:4a: - e5:cf:7f:9b:4e:80:ad:5c:27:11:d7:62:81:4f:87:f4:59:d4: - 8d:ba:73:df:13:48:c5:b7:f1:21:1c:9a:59:17:d9:12:3e:4f: - 84:5a:ba:16:92:2d:5a:7a:f7:b7:af:76:c7:be:6e:96:b0:a3: - 8f:62:9a:ff:bc:16:db:e0:c5:f6:57:db:f6:1c:d7:eb:75:24: - 98:43:08:17:0c:9f:6e:42:b5:ee:74:b1:12:1e:1e:86:2d:72: - 6b:62:ab:33:ff:38:57:db:96:d5:98:c3:6e:97:36:26:f9:1b: - e7:05:0f:db:e4:a7:4c:ca:2c:4c:d8:b8:d7:92:52:b0:fa:aa: - c0:ee:b7:9c:33:25:85:77:3a:b8:50:6f:61:a4:59:54:89:fe: - 0d:f3:d2:7f:7d:91:64:7e:d1:e1:d1:02:5f:cf:e4:b1:47:70: - 98:37:4e:9f:33:94:7c:67:5a:66:11:d8:c4:33:0b:e9:a6:9a: - 86:cb:ab:27:e1:44:41:36:3d:8e:47:6f:73:eb:84:a7:90:eb: - 3a:6e:3a:16:1b:a1:68:60:6b:3a:93:47:1d:32:29:1c:d2:1b: - c5:d6:cf:11:c5:0e:b0:67:4f:c2:07:82:bc:d4:9c:b4:a8:58: - 4c:a4:47:22:09:0a:e2:72:83:4e:e9:74:14:b7:2d:04:31:f6: - 37:e4:62:48:18:63:42:31:df:f6:2f:0f:ab:f2:ef:75:a8:a4: - bf:96:5a:49:fb:ce:72:57:64:c9:c1:d3:56:67:5f:16:69:48: - 35:9c:98:14:f3:25:72:ef:18:38:38:43:f3:c4:29:55:fd:37: - c8:ae:db:00:5d:96:50:ae:50:ca:14:a3:58:ae:84:21:c2:8f: - 24:cf:ce:f2:55:e1:60:37:67:ec:5a:08:81:85:8d:9b:13:c6: - 81:e7:66:0b:4e:76:1f:3b:14:a7:c0:ce:18:16:ec:77:e5:c8: - 33:47:1b:63:03:4b:9d:dd:fb:98:ff:0f:50:25:0c:88:a4:0e: - 67:a3:26:8d:1b:38:9f:9e:7e:25:dc:4b:49:ba:75:b5:3b:ae: - 9c:68:37:09:bb:59:c4:9a:14:6a:d3:c1:6c:19:55:b3:6c:95: - bb:24:8b:55:f8:35:c6:1e:1d:fb:8f:60:33:fa:f8:94:a9:e2: - 6a:93:12:b8:d0:18:42:4e:8c:24:1f:96:2b:4c:49:fd:53:11: - a0:aa:01:30:b2:3e:2c:9f + 4c:14:3e:6b:af:f8:e8:69:11:2e:13:12:b7:9b:91:c7:68:01: + 26:00:b8:c8:35:8b:fe:d2:bb:ab:43:d1:7a:8e:24:b2:08:dd: + 1a:77:91:f0:68:35:42:56:ba:fe:26:3e:91:e2:8c:c1:01:e2: + 65:f7:3b:12:ba:7f:1e:8a:8e:5b:a1:c8:28:8c:16:b8:72:03: + 31:d6:6c:2c:ac:80:6e:7d:52:24:2e:4d:0b:e6:90:d1:7d:18: + 3f:ea:9f:7f:85:39:86:77:3b:19:3d:ba:b0:57:10:16:25:fc: + d6:be:17:7b:c4:92:0e:c7:18:3c:69:48:e0:72:2c:3e:42:2f: + 0b:70:02:a8:c1:04:2b:d8:00:72:b4:67:35:d9:79:3f:98:71: + 55:92:e6:fa:51:2c:42:2f:71:c6:4f:98:7f:d8:2c:7c:12:70: + 97:ad:cd:92:0a:66:80:2a:ec:ac:e6:9b:3a:0b:27:ca:e0:cc: + 9f:b4:07:f4:fa:f7:60:17:39:f1:46:46:eb:e5:78:2a:84:b2: + 78:87:ce:73:ad:20:8b:50:8c:d5:c5:cd:4c:b1:96:be:64:24: + e0:a9:81:c3:01:51:a2:b1:50:22:15:97:5a:e6:49:f3:1d:f1: + 72:3e:8f:0d:87:e9:05:c1:92:8e:4b:db:1b:e2:b8:3c:b4:13: + dd:3d:ce:4d:f8:1e:8e:73:ae:5a:36:ba:be:dd:11:7c:b8:b1: + ef:d2:94:84:a7:c4:0d:96:0f:e1:46:46:bb:7d:51:a9:61:13: + 98:47:b2:68:ad:85:0c:f9:32:0a:76:49:20:6f:34:72:ca:06: + fd:05:6f:16:5d:10:67:3c:50:06:f3:c2:bd:58:c8:f4:b3:96: + dc:28:26:62:e7:30:a0:0c:40:f6:7c:50:42:21:c8:e1:73:64: + 1b:9c:76:3e:78:1d:ea:54:fc:61:6c:3e:27:59:cb:c4:dd:9f: + 94:bf:b5:13:87:79:ff:28:1a:9b:7f:2f:1f:9b:22:1d:30:f6: + c9:5f:53:6f:1a:88:38:b0:44:71:79:da:a6:0f:2b:e7:42:71: + 9c:3a:20:7f:6b:bb:93:71:b4:6c:9e:2a:b7:fa:57:cf:81:bd: + 21:eb:0a:db:83:07:ac:fd:79:cb:ef:c7:fd:cd:ef:22:7f:67: + 71:7c:e2:5c:40:8e:f1:06:c3:75:67:6a:70:f4:80:b3:ad:c6: + 89:31:9b:cf:8c:ae:6e:85:fd:51:c6:40:34:a2:0c:63:55:84: + e1:a9:10:00:48:1a:64:95:80:45:09:d2:1d:3f:e2:6c:e1:e8: + 92:28:5f:da:a1:69:10:74:03:1f:f1:43:c4:43:fb:01:80:7e: + fb:0b:2c:62:ad:e5:f2:61 -----BEGIN CERTIFICATE----- -MIIG3jCCBMagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUx +MIIHCTCCBPGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj -aGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8G -CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4XDTE3MDYwMjA3MDkyOFoX -DTI3MDUzMTA3MDkyOFowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x -DzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5EQiBHbWJIMQwwCgYD -VQQLDANFTkcxFTATBgNVBAMMDHRlc3QtbWRiLXNzbDEhMB8GCSqGSIb3DQEJARYS -ZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEA5HFDkfI6Jk1tYfVU3aSii+h5t0SUnzBdhtj1nYDLUejAjJ4v/sufu/G1l0fR -nkNkK/A/mTAcJzR0hx5zj4ZmiQu5ZAWKldeB2vq30ExZDhzXHwd0fTidsG0CqMNj -9F3VKVvfilbFUSkyW+rM6gCgBOmK9aDhw3fJPRuZ+ui7COWYu+xdftl+OZirFs/m -6N+pazdyg01DlD6ZOa4fWslRcTBeIHDJkP+6i2zZXz3fA9X+91LqQW1L/m4EMO+k -GSCo/fsMcnYsMFRd9CvpzZY/u+ltfnmP/gZvQLFCqFSAZVZQr8LiaOCsIpAArrxv -VRq37ZAi6Mc0Hkp90iawNRbsMEXNrPOH9ov+hIuznxMI8lmfP2TuIKDch4ooiYcc -oZFjgQFmQ3tfXzhpp/fO2gcLfCyH352lEtu0l+3pLDHVFMzw9aRsfllPczbrKBy+ -aZgfEsHg22/wGmJRRXFYiGh+BkLLszGFU5BwhPQIGNVOB4vbb9IPrMTCUqXtB7kb -GukiSiH4GiefR7XvyyQ6NincaPrxny4C+I2rJW66OwoOnsFA9FZ0dfy4hPq7BRe3 -t9g2AkAWA8l1oGh+4PTJrvo9DKOBO+iihN1zbtSf5hzb2ZzWwrn7NI/2RjOeKb0N -ETMDJdwax0QAdoMWWqXTNbtHLZ53FuCwSJvdfCBWVh4fQIcCAwEAAaOCAUIwggE+ -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFPUrJmJHdPx1ap52jzXrI2S/3Rg/MIHBBgNV -HSMEgbkwgbaAFJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQG -EwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoM -D0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNB -MSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAd -BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMCIGA1Ud -EQQbMBmCCWxvY2FsaG9zdIIMdGVzdC1tZGItc3NsMA0GCSqGSIb3DQEBCwUAA4IC -AQA1dUYrarmnzCSsiIPV4SgIwQv/nsFXhpLBY8O/gucR0oOJWHiUUYeB5/t4UwwZ -Lp5BhCaRLUrlz3+bToCtXCcR12KBT4f0WdSNunPfE0jFt/EhHJpZF9kSPk+EWroW -ki1aeve3r3bHvm6WsKOPYpr/vBbb4MX2V9v2HNfrdSSYQwgXDJ9uQrXudLESHh6G -LXJrYqsz/zhX25bVmMNulzYm+RvnBQ/b5KdMyixM2LjXklKw+qrA7recMyWFdzq4 -UG9hpFlUif4N89J/fZFkftHh0QJfz+SxR3CYN06fM5R8Z1pmEdjEMwvpppqGy6sn -4URBNj2OR29z64SnkOs6bjoWG6FoYGs6k0cdMikc0hvF1s8RxQ6wZ0/CB4K81Jy0 -qFhMpEciCQricoNO6XQUty0EMfY35GJIGGNCMd/2Lw+r8u91qKS/llpJ+85yV2TJ -wdNWZ18WaUg1nJgU8yVy7xg4OEPzxClV/TfIrtsAXZZQrlDKFKNYroQhwo8kz87y -VeFgN2fsWgiBhY2bE8aB52YLTnYfOxSnwM4YFux35cgzRxtjA0ud3fuY/w9QJQyI -pA5noyaNGzifnn4l3EtJunW1O66caDcJu1nEmhRq08FsGVWzbJW7JItV+DXGHh37 -j2Az+viUqeJqkxK40BhCTowkH5YrTEn9UxGgqgEwsj4snw== +aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m +cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X +DTE3MDYxMzE0NDA1NVoXDTI3MDYxMTE0NDA1NVowgZ4xCzAJBgNVBAYTAkRFMQ8w +DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh +aW5EQiBHbWJIMRkwFwYDVQQLDBBNb25nb0RCLUluc3RhbmNlMRUwEwYDVQQDDAx0 +ZXN0LW1kYi1zc2wxITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALs38SQvg5Usv0ekoCyf4b/7 +cPabBKDoO4FvyqYibWN1SLz6VykW9y8JUmzFUiB0myeZW1GF6u/JX3jJKbjMpKhG +wqNkQYSSNseoguK2XmcI1rs9NgYxEFN6WGZmiU1G0/Y+ONSE2WzElWieZrdHxmPc +NRxGPY7GlhOqZVM9dYR2r4XSb5d4D9KKwMs/hjAJD7+uMMsmBWEMrQdeM8yCu0ZJ +hqVuBxt4snF7Ae4Al6yBSYnfc6vXeI6jxXZc6f1IX6ZFuJcTalUFXuIARidnkwb7 +kYNpx14SSc45ucppnw3/anm2a2+BbFHi0AGb+HslPglNAKqJfwDj+1w1GY3CESGH +HnoRvYiy3uq/oIv7DMNt4s4fbFtfSgXa//H9SvXeW9iTyhdr3IA+kW6XQ9tZ9YDB +ClQyzcO+h+mTFK7HKQGQ6BEyWRpzv0INxoIsiS5UZ8gqwzvO5sEJSK3To+GA+N9u +THhydttO2bn6W3yFc2TJI5SuXmNofx5j03iFRwvsUh4Cz3udlpxjT0b3eR6Q0yEY +hSYX8VEY1occm1AOcGvxCEG2PPz71x/xvS0+d7ZmkgqBAQ9KaGhpXA84s0ZoG1WZ +ZynRA/KlW/GOU+3HzHk4nI2mePQ+IyjuoNNVD8PwZMH75YVxsh5E0x14h3d24m9f +VGQUtC8UC6U9mPtomR8jAgMBAAGjggFRMIIBTTAJBgNVHRMEAjAAMB0GA1UdDgQW +BBQLU+J2QK1zxBJshc82W1/7bugDpzCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQQOkw +aIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxp +bjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxEDAO +BgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEhMB8G +CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAsGA1UdDwQEAwIFoDAiBgNVHREEGzAZ +gglsb2NhbGhvc3SCDHRlc3QtbWRiLXNzbDANBgkqhkiG9w0BAQsFAAOCAgEATBQ+ +a6/46GkRLhMSt5uRx2gBJgC4yDWL/tK7q0PReo4ksgjdGneR8Gg1Qla6/iY+keKM +wQHiZfc7Erp/HoqOW6HIKIwWuHIDMdZsLKyAbn1SJC5NC+aQ0X0YP+qff4U5hnc7 +GT26sFcQFiX81r4Xe8SSDscYPGlI4HIsPkIvC3ACqMEEK9gAcrRnNdl5P5hxVZLm ++lEsQi9xxk+Yf9gsfBJwl63NkgpmgCrsrOabOgsnyuDMn7QH9Pr3YBc58UZG6+V4 +KoSyeIfOc60gi1CM1cXNTLGWvmQk4KmBwwFRorFQIhWXWuZJ8x3xcj6PDYfpBcGS +jkvbG+K4PLQT3T3OTfgejnOuWja6vt0RfLix79KUhKfEDZYP4UZGu31RqWETmEey +aK2FDPkyCnZJIG80csoG/QVvFl0QZzxQBvPCvVjI9LOW3CgmYucwoAxA9nxQQiHI +4XNkG5x2Pngd6lT8YWw+J1nLxN2flL+1E4d5/ygam38vH5siHTD2yV9TbxqIOLBE +cXnapg8r50JxnDogf2u7k3G0bJ4qt/pXz4G9IesK24MHrP15y+/H/c3vIn9ncXzi +XECO8QbDdWdqcPSAs63GiTGbz4yuboX9UcZANKIMY1WE4akQAEgaZJWARQnSHT/i +bOHokihf2qFpEHQDH/FDxEP7AYB++wssYq3l8mE= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDkcUOR8jomTW1h -9VTdpKKL6Hm3RJSfMF2G2PWdgMtR6MCMni/+y5+78bWXR9GeQ2Qr8D+ZMBwnNHSH -HnOPhmaJC7lkBYqV14Ha+rfQTFkOHNcfB3R9OJ2wbQKow2P0XdUpW9+KVsVRKTJb -6szqAKAE6Yr1oOHDd8k9G5n66LsI5Zi77F1+2X45mKsWz+bo36lrN3KDTUOUPpk5 -rh9ayVFxMF4gcMmQ/7qLbNlfPd8D1f73UupBbUv+bgQw76QZIKj9+wxydiwwVF30 -K+nNlj+76W1+eY/+Bm9AsUKoVIBlVlCvwuJo4KwikACuvG9VGrftkCLoxzQeSn3S -JrA1FuwwRc2s84f2i/6Ei7OfEwjyWZ8/ZO4goNyHiiiJhxyhkWOBAWZDe19fOGmn -987aBwt8LIffnaUS27SX7eksMdUUzPD1pGx+WU9zNusoHL5pmB8SweDbb/AaYlFF -cViIaH4GQsuzMYVTkHCE9AgY1U4Hi9tv0g+sxMJSpe0HuRsa6SJKIfgaJ59Hte/L -JDo2Kdxo+vGfLgL4jaslbro7Cg6ewUD0VnR1/LiE+rsFF7e32DYCQBYDyXWgaH7g -9Mmu+j0Mo4E76KKE3XNu1J/mHNvZnNbCufs0j/ZGM54pvQ0RMwMl3BrHRAB2gxZa -pdM1u0ctnncW4LBIm918IFZWHh9AhwIDAQABAoICAQDTqYp1CN4OLUGDOSA3+VpO -jclxII8gbFzMG+x/0h0ROLpn0A4iZCMNriiWEgpMPJ7tAz66PlRnkvfBVlq2ik4o -/v74iRXePn7oGdQEoSkGpXxBGNQ7TiD1nhuPqPLNMb/XAXQ/JqTOzYAGoKjazFd4 -FbgWXMmyJiQEhbWHQOpDlRCOVrROW1DUJvunOFz4OnwshoSI2icajWHFiussYEog -uTMNldN9kSUUGHfUAmzHjhkeqem5U37NMLybZv9B9Pv/0AO5bnsFELa5DZMlVOia -wO8d956OPQIKC/P6KcmJm49JOyYzDLERmSG4xYnWbdoruJhP3HsS8exgsk4j8qhF -VchlDLQL98Bu2kLgne8v8lBgcXbkanuedYFGnOqVRTCKbl2BwS8/PqaMbOkO54bG -gsX2OYEtKMiCFyNZVZQH+dHg2kUSGMg9h953GAGfxbDuTBTLMwPCphX7dUn3u+g+ -Y/Et9Kki6PgMLwYRjU56pPe0DqHcTc0TZgpKeb1w7JFgEuQrOB2o4wPRlwjaGx8G -khA9CWhHY3zyrF5FOoy01zYyPZGYb1pUkkEzZ/MEPn0k5bqC4ZUgT/vzYKXkOFvB -RdTOVMee6VWDFLKGO0eQNi/MeFFeVVGStrOo0wNowylReP2J45UNH6EQQIL8Jm7w -fTz+65nEib0vv9D1C2QIWQKCAQEA9WUAFGQbLsr9TBeQd7h79KEkJ/cdk6iLbtN2 -DSFc1Zto5KEliZmlqkw4uT4pQIWaSPWVmINxV8QTcR/6VUzxM0McDfAw51wLZQ2w -jdMKUWfYEEmaA6MXF3JOXVpe8KuXge0s548DpxBHrSo9gWOhMjok/qUrXcQGDlxp -1hQ6qLKVUJ8Hzi3U3rwnWGNaSKHECFUn6Ic0vQo5+ontAlKfhLlkl86zmGvMd/Ut -zCWacRFpYg+Qo0TXxzopuh4DI1yjMFH3HJxptVl8Yd7CCzOLmwPWBSNmY8OUY9D6 -s3xrPPyuVz01iNMPK290zGAeLLnO5bpTIlsZBip7SjG0ayoBqwKCAQEA7lC1c1Tg -SxNZrAr0trFl+/cxguALXRocvcMm3mCXgStTGeY08GXiPRl8+TmNt9UAWbkp5Kel -cdrYI+AsaAu/Y8ri0NRJPQGsyE7JEe7PHQa7a8AcPn/1c9I7HvtWVomvxh6rXSkr -gdazSGZvixwPBmc25E4duUxQHJ+GraiYAjNS8Ox6nFqKIWTNfeT+ff7X9IAuZcAX -oJmb1xJyDjf4qPhJobO5+zqJvNBH6bkTusV9Y4kkrcs5VQx2QHH4IOyWwWA/e4Wo -jGytbe/4lUk7DKeJUSA0tUGWztWhT02KhH7x+MOJa9KHGP616rRA/RVaYxCRIju0 -YM/21iG168zYlQKCAQA8EiRp2XOaCdDlzqLr27pkUQoTyndwDQNM9vDgF/msxKVx -ykzxGS6nuI7uMdxRUiNJluyu8AZP8My9lZFnTjWBUf1NIC4ohKy5aRd+MFpHQT9w -BURxfXwKnk22poe1LJwjDxc9/BFt1RtmtX9m7CeqrvcdavtpsbG11EOIR11wrH7G -xJdZjnicqbyL845HV2owi///+REc8aLtxNPDDMzF5chNLSljt4fPGbLDVbUv1o5Q -lfTXMuQLfh521B/6iRPdoUL3uwZZgXVkU+52ZYDYSqEakubepyLtKFwmkd+Ch2x6 -KJ6xRtFg1aDm4uSgGEAglnMBZwGCM+YIbJB450iPAoIBAQDTue7LbV/sM1/aws0R -NuCFj+N0A/r0l0trqGLy9NwFjWlCPE1SOyJZ6Dgo7+IhreKm1CQNGoiZc7XNgc/S -DIXYchs7Ly92PPO17pEjFoj5n86Jd19gg6ydXuzZpLDbJ2571SmoFfiqXQZhT2jQ -LXiH1tFk2qX7x3nxRCWSSZPreI+6rk5sdN/9tSIANJ+Jbw2MEwmlqpkTPQXAeYnN -ahrIe/Zm7FdShXpzvpP1aVHHAMha0zA8G65vCihRLzAkiC2T1h/wbRoG0FLwtl+i -ujH1Fy+fXL6XPpNuZUvwOdLTzjjKK2b+3UbbhQg4YjbO4tav5rsar/KchIcnTUHk -IdVVAoIBAAk19xFa8SGaY9cKIigYkcPOFHwI/rXix8YG2n3kZmTVmevh0ebiSQ/z -++U3GXUFcUYD6lB3YqyMKVRdagQLh58J7q1EFM5hZLAH/i9KQMCKmfbXb6ekVFBY -9xhgvOKzRugVTxVv0/PqWpF/oWOJP6r/NsKdJf5y4TptlEjPXsdmXzZIKL4h3oG3 -ORpnrROD1mWQxV3krlT4jc7q4QaKxaKbVwl2SJpLNBXI0D/R+Dt1K/PMnhRmbBJl -d2G+bQP6dkKhATdyiK6XoEk0bP3meD4LWgRdsQdMTI2ayBVis8LREcMm0F3SaUgB -gHiBIz7uxpEmV18w8MA+aiVZw3Ov3lE= +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7N/EkL4OVLL9H +pKAsn+G/+3D2mwSg6DuBb8qmIm1jdUi8+lcpFvcvCVJsxVIgdJsnmVtRhervyV94 +ySm4zKSoRsKjZEGEkjbHqILitl5nCNa7PTYGMRBTelhmZolNRtP2PjjUhNlsxJVo +nma3R8Zj3DUcRj2OxpYTqmVTPXWEdq+F0m+XeA/SisDLP4YwCQ+/rjDLJgVhDK0H +XjPMgrtGSYalbgcbeLJxewHuAJesgUmJ33Or13iOo8V2XOn9SF+mRbiXE2pVBV7i +AEYnZ5MG+5GDacdeEknOObnKaZ8N/2p5tmtvgWxR4tABm/h7JT4JTQCqiX8A4/tc +NRmNwhEhhx56Eb2Ist7qv6CL+wzDbeLOH2xbX0oF2v/x/Ur13lvYk8oXa9yAPpFu +l0PbWfWAwQpUMs3DvofpkxSuxykBkOgRMlkac79CDcaCLIkuVGfIKsM7zubBCUit +06PhgPjfbkx4cnbbTtm5+lt8hXNkySOUrl5jaH8eY9N4hUcL7FIeAs97nZacY09G +93kekNMhGIUmF/FRGNaHHJtQDnBr8QhBtjz8+9cf8b0tPne2ZpIKgQEPSmhoaVwP +OLNGaBtVmWcp0QPypVvxjlPtx8x5OJyNpnj0PiMo7qDTVQ/D8GTB++WFcbIeRNMd +eId3duJvX1RkFLQvFAulPZj7aJkfIwIDAQABAoICAAI7J2+D9XB4qQrkhlghy6Hr +ECyQKlz0h4kCWQrjzCPsSOKfpRxDPszbspTDQThLy3GMXU86ZlNXNgENfKbMIYYz +2avyzOkUiPyWIIEtJTDbJRv0HcmzGfu0sIr/29EE8A+2LB00PBcUvKcThCvY+h9E +h4l/uMoTycQQOsbkK5tZgrv4hwXqE14x8xw49JNr+DkTjVdOa6/9Y657y+g7AppS +0/zys7j7Fj1N9vbsIOKYY9T1yb4ZgkFI6FiBwPQYwbMMj6eVPqYmuzu8PxnHHTRv +GQvU3eBcHW8Mtw8XdSLIkW9D4kHg6/aJ2mq6fhqRlgysUz61BsNu9BbkNxq+Xk/f +wU+Slo0UcnuU49icYo8J2yPULUgQaP4VdJc7tb9kMpklTUG7YaD5oqKX+I/jWS9U +Mta1h3GoK2zK9pj2B5YyCoUsM8o4EEb3hZ8FYf0DOuVd9XcWxLUDRGQoTWJptcSW +o5OHaP2tgcUtq6siiqPXIQQr1Yji/geSFTP/hWOZC4AFgwa9XvboD3PcKsG2gIc8 +I/HLF5tCpUXIAW4wluXQv1MveX9xwaez+PGLTIFCHidgOBmC5jZEijG9PUgRk1D1 +e8CUT9Vc3zxS/9S+RfSwXMEBX9367edoiNw1MuXvR1nwCFYKthONx8ww1psEoISF +9ZMbdac3hwqeqSW34ZoJAoIBAQDfOF6D1vWieXwQ7W3KpAxyHlNVN8tus3w+mDBc +unv3Nsn5gmDYHc/Iu5/Tyk2zgoEsfN1LZgzjmSBCUgJOz09+8yrdpsTI4awXAwoa +kaczRcutjAG5vHhHXi5+iwqAaPSTBYcAD2d5SGtxpWBJ2qywT3DMWFT25bhRj3Bp +mc3Fe6oxbz2QV2Is2SnnCnPc/Ok7cABwaP1mc3PsIZzswuJjq3JWsMAlBMZueQW1 +CxI639j2memt7ZSWU0UDLg4RAPOtcSt/NykbZgAlfQoLiKWv2hhdvip+oPsdOiDd +tYmeoseRd/7Ef8EdSwvSDh1jTugu6PG0NeK0Gfxs5Ipb1eBvAoIBAQDWtiTD8dP3 +TNbLu3nkopgJJe9gn1dVhvhBY0T4ar9pR1yl8s5L13vtmrs5wQ5/vyZ2A39OR4fH +5PcT/gcPm4GuE1BL29NBz88Qdz6033hOuY4SvZpf94yeDhY2w2Gfzm0uewGDR0z+ +EOsSGnnpEYvr+Bkdcvj3CP0ksiQPa/mAnmEhVvthlavyKhfxvwNyh07qym8Q8r3R +BiwChB/zGo6V1sSfPexy0I9kPhXByYyxoADn/lgXKXtnXpP7fuQleztPC+84bNpa +PFo5QnzG2kq+XwTP0Z3kQiZ2hEg+nGWHa7MpG+Ic7sDZE2MPbpUAY59J9HBmJOtK +jaMDQpN1OJ6NAoIBAQCR5ZMJEu/bsRGhMr5nC1BDKoUHFv+1LEUR2IELqqupyjq7 +BTdtKhcMOW3ejMS6hpsNS9OMG3hjLkuCbX2qqx9nd2JWG1FVhwLmy4rIENk6zuyw +Uukxz/jBlNJIzXIgufjZO2ygYnEcOXRYhGHqA66JUnMEbNujwEP3swwjSW7QG+MC +ipWviR3W+F3F7/QIxZlfyvXOgyDU3LMw7EtYCIzV3lJOTRpZV8Smoh1T1pekuXhi +vfiZQMa0dlqOGIUDIh8jBuwKKzCIAuQnnJF7NmYtCRyR8OBvgaJ/2OVwY94+PGC6 +OLbhEitTjSB9u9IDfaiOOJz6T5oMY0u0lK/GFIWrAoIBAQCkpr8g6ATlYy5gw57g +/vLaKRYdoXOmqb8c3ZRZb/rjMA9TTxR2QoPNnNewnWSSADLtUxdAH0h3uRTkZuxh +Qp46sKLl2Why0np2pQsYRzqKHG9f3bhRmZNi7WiJjGED3JgLidaKJpZbSvwJQPZ2 +DbegN/yCgdV8E4+UoWtXzDRkNpBDseFKXy2hojgEcbeiDzMsiBqOA6geb742G74o +fhgTvcPAXgtBrMAZXibvGbFj0VCAl6JT+MKibXvL4+3u9EZyArPrMEZt5lRGDr+C ++olQ3arh91w+W6AFSMHiCasuIyAcCT7ncwu+K8jOX72xs7PGUcYT/oHVBTKZ4GcW +AFpNAoIBAB/F8olQT10+QCZciP1ZuRpdEbEheWAF9ng3E7r7wAQiWNoLHj10Nu3H +byHPMmXNsw2VwaHqrAb5nTl5hfpk/ph7SidxMyNbtjCAlYm7XCiSMLLj0v5sFyCc +wgZqXzttQ6NRKt90JeIvHiazP7SVrmCyU/RhMlufiyX5zvivOgdtQA+0ISFDGdcX +MgwLTdFci9RaS5WDYsvokcc/5xEP4bZnxgEbmVq19mIC8QrCdH7qh/KP9Psb2tIt +OGwGA/YSMeQysKjUqAb/mcaMYEf2GUwWY6mZfRfLbeTT8yeDKFvAx5IUIz5tkFD/ +nMEENsuszPYolIDIv8pISWC8yCsWn5w= -----END PRIVATE KEY----- diff --git a/tests/backend/mongodb-ssl/test_ssl_connection.py b/tests/backend/mongodb-ssl/test_ssl_connection.py index 1c372542..ed31d0de 100644 --- a/tests/backend/mongodb-ssl/test_ssl_connection.py +++ b/tests/backend/mongodb-ssl/test_ssl_connection.py @@ -197,7 +197,7 @@ def test_ssl_invalid_configuration(db_host, db_port, certs_dir): def test_ssl_connection_with_wrong_credentials(): import bigchaindb from bigchaindb.backend.mongodb.connection import MongoDBConnection - from bigchaindb.backend.exceptions import AuthenticationError + from bigchaindb.backend.exceptions import ConnectionError conn = MongoDBConnection(host=bigchaindb.config['database']['host'], port=bigchaindb.config['database']['port'], @@ -211,5 +211,5 @@ def test_ssl_connection_with_wrong_credentials(): ssl_crlfile=bigchaindb.config['database']['crlfile'], ssl_cert_reqs=CERT_REQUIRED) - with pytest.raises(AuthenticationError): + with pytest.raises(ConnectionError): conn._connect() From 35c3909c254ee46b752ce0e32d1d002e559888c5 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 22 Jun 2017 16:32:57 +0200 Subject: [PATCH 17/54] Noted PR #1552 in the CHANGELOG --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e4dc6a7..71f86a18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,8 +23,9 @@ Tag name: v1.0.0rc1 [#1456](https://github.com/bigchaindb/bigchaindb/pull/1456), [#1497](https://github.com/bigchaindb/bigchaindb/pull/1497), [#1510](https://github.com/bigchaindb/bigchaindb/pull/1510), -[#1536](https://github.com/bigchaindb/bigchaindb/pull/1536), and -[#1551](https://github.com/bigchaindb/bigchaindb/pull/1551). +[#1536](https://github.com/bigchaindb/bigchaindb/pull/1536), +[#1551](https://github.com/bigchaindb/bigchaindb/pull/1551) and +[#1552](https://github.com/bigchaindb/bigchaindb/pull/1552). * Text search support (only if using MongoDB). Pull Requests [#1469](https://github.com/bigchaindb/bigchaindb/pull/1469) and [#1471](https://github.com/bigchaindb/bigchaindb/pull/1471) * The `database.connection_timeout` configuration setting now works with RethinkDB too. [#1512](https://github.com/bigchaindb/bigchaindb/pull/1512) * New code and tools for benchmarking CREATE transactions. [Pull Request #1511](https://github.com/bigchaindb/bigchaindb/pull/1511) From 074e783088a072ebf740220fa7dfd260fdd189bb Mon Sep 17 00:00:00 2001 From: libscott Date: Thu, 22 Jun 2017 07:50:42 -0700 Subject: [PATCH 18/54] tx version break step with server version (#1574) * tx version break step with server version * fix regular expression for tx version * restore docstring for Transaction version parameter * add test for correct transaction version --- bigchaindb/common/schema/transaction.yaml | 2 +- bigchaindb/common/transaction.py | 7 +++---- tests/validation/test_transaction_structure.py | 13 ++++--------- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/bigchaindb/common/schema/transaction.yaml b/bigchaindb/common/schema/transaction.yaml index 4fb8ce78..633579a5 100644 --- a/bigchaindb/common/schema/transaction.yaml +++ b/bigchaindb/common/schema/transaction.yaml @@ -56,7 +56,7 @@ properties: See: `Metadata`_. version: type: string - pattern: "^0\\." + pattern: "^1\\.0$" description: | BigchainDB transaction schema version. definitions: diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index a4472944..f3cf476d 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -11,7 +11,6 @@ from bigchaindb.common.exceptions import (KeypairMismatchException, InvalidHash, InvalidSignature, AmountError, AssetIdMismatch) from bigchaindb.common.utils import serialize -import bigchaindb.version class Input(object): @@ -421,13 +420,13 @@ class Transaction(object): ``id`` property. metadata (dict): Metadata to be stored along with the Transaction. - version (int): Defines the version number of a Transaction. + version (string): Defines the version number of a Transaction. """ CREATE = 'CREATE' TRANSFER = 'TRANSFER' GENESIS = 'GENESIS' ALLOWED_OPERATIONS = (CREATE, TRANSFER, GENESIS) - VERSION = '.'.join(bigchaindb.version.__short_version__.split('.')[:2]) + VERSION = '1.0' def __init__(self, operation, asset, inputs=None, outputs=None, metadata=None, version=None): @@ -447,7 +446,7 @@ class Transaction(object): lock. metadata (dict): Metadata to be stored along with the Transaction. - version (int): Defines the version number of a Transaction. + version (string): Defines the version number of a Transaction. """ if operation not in Transaction.ALLOWED_OPERATIONS: allowed_ops = ', '.join(self.__class__.ALLOWED_OPERATIONS) diff --git a/tests/validation/test_transaction_structure.py b/tests/validation/test_transaction_structure.py index a3745601..2a7d92fb 100644 --- a/tests/validation/test_transaction_structure.py +++ b/tests/validation/test_transaction_structure.py @@ -165,14 +165,9 @@ def test_high_amounts(create_tx): # Version def test_validate_version(create_tx): - import re - import bigchaindb.version - - short_ver = bigchaindb.version.__short_version__ - assert create_tx.version == re.match(r'^(.*\d)', short_ver).group(1) - + create_tx.version = '1.0' validate(create_tx) - - # At version 1, transaction version will break step with server version. - create_tx.version = '1.0.0' + create_tx.version = '0.10' + validate_raises(create_tx) + create_tx.version = '110' validate_raises(create_tx) From 3efac22b3c6202540557b5af17af6738a1903fb3 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 22 Jun 2017 16:52:22 +0200 Subject: [PATCH 19/54] CHANGELOG: Added note how 'version' must be '1.0' in transactions --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71f86a18..ae0590ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ Tag name: v1.0.0rc1 * Relative links were replaced with JSON objects in HTTP API responses. [Pull Request #1541](https://github.com/bigchaindb/bigchaindb/pull/1541) * In the outputs endpoint of the HTTP API, the query parameter `unspent` was changed to `spent` (so no more double negatives). If that query parameter isn't included, then all outputs matching the specificed public key will be returned. If `spent=true`, then only the spent outputs will be returned. If `spent=false`, then only the unspent outputs will be returned. [Pull Request #1545](https://github.com/bigchaindb/bigchaindb/pull/1545) * The supported crypto-conditions changed from version 01 of the crypto-conditions spec to version 02. [Pull Request #1562](https://github.com/bigchaindb/bigchaindb/pull/1562) +* The value of "version" inside a transaction must now be "1.0". (Before, it could be "0.anything".) [Pull Request #1574](https://github.com/bigchaindb/bigchaindb/pull/1574) ### Removed * The `server.threads` configuration setting (for the Gunicorn HTTP server) was removed from the default set of BigchainDB configuration settings. [Pull Request #1488](https://github.com/bigchaindb/bigchaindb/pull/1488) From 47252eabc0de6512a1c9cf48b8d19dcf0a456074 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 23 Jun 2017 09:28:05 +0200 Subject: [PATCH 20/54] Set the release date of v1.0.0rc1 to 2017-06-23 in CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae0590ab..14ca4ff2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** -## [1.0.0rc1] - 2017-06-?? +## [1.0.0rc1] - 2017-06-23 Tag name: v1.0.0rc1 ### Added From e74e32d6eab2ee010eeb5642dd193ddd79834505 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 23 Jun 2017 09:50:27 +0200 Subject: [PATCH 21/54] Bump version to 1.0.0rc1 --- bigchaindb/version.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/version.py b/bigchaindb/version.py index 6bf027a0..d7f2fa31 100644 --- a/bigchaindb/version.py +++ b/bigchaindb/version.py @@ -1,2 +1,2 @@ -__version__ = '0.11.0.dev' -__short_version__ = '0.11.dev' +__version__ = '1.0.0rc1' +__short_version__ = '1.0rc1' From 190a62322636ad1194e19c0dcf37d87d02e1b49d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 23 Jun 2017 09:57:42 +0200 Subject: [PATCH 22/54] Update kubernetes docker image version --- k8s/bigchaindb/bigchaindb-dep.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 80fcf0a1..376c5c86 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: bigchaindb - image: bigchaindb/bigchaindb:0.10.2 + image: bigchaindb/bigchaindb:1.0.0rc1 imagePullPolicy: IfNotPresent args: - start From 3aab15d398a43ed28de75c89b59e2abdfb30cf92 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 23 Jun 2017 10:59:14 +0200 Subject: [PATCH 23/54] Switch version to development mode --- bigchaindb/version.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/version.py b/bigchaindb/version.py index d7f2fa31..ee90f2c4 100644 --- a/bigchaindb/version.py +++ b/bigchaindb/version.py @@ -1,2 +1,2 @@ -__version__ = '1.0.0rc1' -__short_version__ = '1.0rc1' +__version__ = '1.0.0.dev' +__short_version__ = '1.0.dev' From 164cd47225dc58f35d1511a4e53644d14b1fa01e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 23 Jun 2017 11:47:22 +0200 Subject: [PATCH 24/54] Note re Python form of semantic versioning in Release Process doc --- Release_Process.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Release_Process.md b/Release_Process.md index be4c448a..cf8036dd 100644 --- a/Release_Process.md +++ b/Release_Process.md @@ -2,8 +2,14 @@ The release process for BigchainDB server differs slightly depending on whether it's a minor or a patch release. -BigchainDB follows [semantic versioning](http://semver.org/) (i.e. MAJOR.MINOR.PATCH), taking into account -that [major version 0.x does not export a stable API](http://semver.org/#spec-item-4). +BigchainDB follows +[the Python form of Semantic Versioning](https://packaging.python.org/tutorials/distributing-packages/#choosing-a-versioning-scheme) +(i.e. MAJOR.MINOR.PATCH), +which is almost identical +to [regular semantic versioning](http://semver.org/) +except release candidates are labelled like +`3.4.5rc2` not `3.4.5-rc2` (with no hyphen). + ## Minor release From 39a200e9ddf3ada6223e70e188624f17c4b3bd38 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 23 Jun 2017 11:49:18 +0200 Subject: [PATCH 25/54] Note re creating PR on GitHub & waiting for tests to pass --- Release_Process.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Release_Process.md b/Release_Process.md index cf8036dd..a12756a0 100644 --- a/Release_Process.md +++ b/Release_Process.md @@ -20,6 +20,7 @@ A minor release is preceeded by a feature freeze and created from the 'master' b 1. Create and checkout a new branch for the minor release, named after the minor version, without a preceeding 'v', e.g. `git checkout -b 0.9` (*not* 0.9.0, this new branch will be for e.g. 0.9.0, 0.9.1, 0.9.2, etc. each of which will be identified by a tagged commit) 1. In `bigchaindb/version.py`, update `__version__` and `__short_version__`, e.g. to `0.9` and `0.9.0` (with no `.dev` on the end) 1. Commit that change, and push the new branch to GitHub +1. On GitHub, use the new branch to create a new pull request and wait for all the tests to pass 1. Follow steps outlined in [Common Steps](#common-steps) 1. In 'master' branch, Edit `bigchaindb/version.py`, increment the minor version to the next planned release, e.g. `0.10.0.dev`. This is so people reading the latest docs will know that they're for the latest (master branch) version of BigchainDB Server, not the docs at the time of the most recent release (which are also available). 1. Go to [Docker Hub](https://hub.docker.com/), sign in, go to Settings - Build Settings, and under the build with Docker Tag Name equal to `latest`, change the Name to the number of the new release, e.g. `0.9` From 998ff34c4b144fd8516e0db56112f6e04426fe2e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 23 Jun 2017 11:51:00 +0200 Subject: [PATCH 26/54] Renamed Release_Process.md to RELEASE_PROCESS.md --- Release_Process.md => RELEASE_PROCESS.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Release_Process.md => RELEASE_PROCESS.md (100%) diff --git a/Release_Process.md b/RELEASE_PROCESS.md similarity index 100% rename from Release_Process.md rename to RELEASE_PROCESS.md From e91e3a79c4c7fc27a51a29a4047882fdbe68bf28 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 26 Jun 2017 15:17:56 +0200 Subject: [PATCH 27/54] Made Easy-RSA config steps clearer. --- .../easy-rsa.rst | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/server/source/production-deployment-template/easy-rsa.rst b/docs/server/source/production-deployment-template/easy-rsa.rst index 3c87fbbc..3964d362 100644 --- a/docs/server/source/production-deployment-template/easy-rsa.rst +++ b/docs/server/source/production-deployment-template/easy-rsa.rst @@ -66,12 +66,17 @@ The comments in the file explain what each of the variables mean. echo 'set_var EASYRSA_REQ_PROVINCE "Berlin"' >> vars echo 'set_var EASYRSA_REQ_CITY "Berlin"' >> vars echo 'set_var EASYRSA_REQ_ORG "BigchainDB GmbH"' >> vars - echo 'set_var EASYRSA_REQ_OU "IT"' >> vars echo 'set_var EASYRSA_REQ_EMAIL "dev@bigchaindb.com"' >> vars -We follow the convention of modifying the OU to ``ROOT-CA``, -``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` and -``MongoDB-Backup-Instance`` while issuing certificates. +We follow the convention of setting the OU to ``ROOT-CA``, +``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or +``MongoDB-Backup-Instance`` as appropriate. +Replace ``insert-name-here`` with the appropriate name +(e.g. ``ROOT-CA``) in: + +.. code:: bash + + echo 'set_var EASYRSA_REQ_OU "insert-name-here"' >> vars Step 4: Maybe Edit x509-types/server @@ -81,7 +86,7 @@ Step 4: Maybe Edit x509-types/server Only do this step if you are setting up a self-signed CA. -Edit the file ``x509-types/server`` and change -``extendedKeyUsage = serverAuth`` to -``extendedKeyUsage = serverAuth,clientAuth``. -See `the MongoDB documentation about x.509 authentication `_ to understand why. + Edit the file ``x509-types/server`` and change + ``extendedKeyUsage = serverAuth`` to + ``extendedKeyUsage = serverAuth,clientAuth``. + See `the MongoDB documentation about x.509 authentication `_ to understand why. From 6fd5f216387ec222fa421ef6738701865282b444 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 26 Jun 2017 15:34:03 +0200 Subject: [PATCH 28/54] Improved instructions for Self-Signed CA setup --- .../production-deployment-template/ca-installation.rst | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/docs/server/source/production-deployment-template/ca-installation.rst b/docs/server/source/production-deployment-template/ca-installation.rst index 4c6af317..aad945d3 100644 --- a/docs/server/source/production-deployment-template/ca-installation.rst +++ b/docs/server/source/production-deployment-template/ca-installation.rst @@ -33,15 +33,12 @@ by going to the ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3`` directory and using: ./easyrsa build-ca -You will be prompted to enter the Distinguished Name for this CA. You can hit -enter to accept the default values or change it at each prompt. - -You will also be asked to enter a PEM pass phrase for encrypting the ``ca.key`` file. +You will also be asked to enter a PEM pass phrase (for encrypting the ``ca.key`` file). Make sure to securely store that PEM pass phrase. If you lose it, you won't be able to add or remove entities from your PKI infrastructure in the future. -It will ask several other questions. -You can accept all the defaults [in brackets] by pressing Enter. +You will be prompted to enter the Distinguished Name (DN) information for this CA. +For each field, you can accept the default value [in brackets] by pressing Enter. While ``Easy-RSA CA`` *is* a valid and acceptable Common Name, you should probably enter a name based on the name of the managing organization, e.g. ``Omega Ledger CA``. From 3a24e7d9b40b6ddc4ceadbefe39d5b40e9049d44 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 26 Jun 2017 15:54:09 +0200 Subject: [PATCH 29/54] List what the self-signed CA should return to the node operator --- .../source/production-deployment-template/workflow.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/server/source/production-deployment-template/workflow.rst b/docs/server/source/production-deployment-template/workflow.rst index db3ff0b3..fb80c5fe 100644 --- a/docs/server/source/production-deployment-template/workflow.rst +++ b/docs/server/source/production-deployment-template/workflow.rst @@ -119,9 +119,13 @@ allow easier periodic rotation of the ``Agent API Key`` with a constant #. Client Certificate for BigchainDB Server to identify itself to MongoDB #. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB #. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB -#. CRL for the infrastructure to not accept revoked certificates. -Ask the managing organization to use its self-signed CA to sign those certificates. +Ask the managing organization to use its self-signed CA to sign those four certificates. +They should send you: + +* Signed versions of your four certificates. +* One ``ca.crt`` file: their CA certificate. +* One ``crl.pem`` file: a certificate revocation list. For help, see the pages: From 1a1984f5452308617f4d5a8140509dc3af5c6e30 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 27 Jun 2017 11:15:40 +0200 Subject: [PATCH 30/54] More clarifications to the MongoDB SSL cert instructions --- .../ca-installation.rst | 5 ++ .../client-tls-certificate.rst | 28 +++++--- .../easy-rsa.rst | 14 ++-- .../revoke-tls-certificate.rst | 2 + .../server-tls-certificate.rst | 25 ++++--- .../workflow.rst | 71 +++++++------------ 6 files changed, 72 insertions(+), 73 deletions(-) diff --git a/docs/server/source/production-deployment-template/ca-installation.rst b/docs/server/source/production-deployment-template/ca-installation.rst index aad945d3..146bd461 100644 --- a/docs/server/source/production-deployment-template/ca-installation.rst +++ b/docs/server/source/production-deployment-template/ca-installation.rst @@ -39,6 +39,11 @@ If you lose it, you won't be able to add or remove entities from your PKI infras You will be prompted to enter the Distinguished Name (DN) information for this CA. For each field, you can accept the default value [in brackets] by pressing Enter. + +.. warning:: + + Don't accept the default value of OU (``IT``). Instead, enter the value ``ROOT-CA``. + While ``Easy-RSA CA`` *is* a valid and acceptable Common Name, you should probably enter a name based on the name of the managing organization, e.g. ``Omega Ledger CA``. diff --git a/docs/server/source/production-deployment-template/client-tls-certificate.rst b/docs/server/source/production-deployment-template/client-tls-certificate.rst index 9fd748bd..5a729836 100644 --- a/docs/server/source/production-deployment-template/client-tls-certificate.rst +++ b/docs/server/source/production-deployment-template/client-tls-certificate.rst @@ -24,7 +24,7 @@ Step 2: Create the Client Private Key and CSR --------------------------------------------- You can create the client private key and certificate signing request (CSR) -by going into the directory ``client-cert/easy-rsa-3.0.1/easyrsa`` +by going into the directory ``client-cert/easy-rsa-3.0.1/easyrsa3`` and using: .. code:: bash @@ -33,25 +33,37 @@ and using: ./easyrsa gen-req bdb-instance-0 nopass -You should change ``bdb-instance-0`` to a value that reflects what the -client certificate is being used for. +You should change the Common Name (e.g. ``bdb-instance-0``) +to a value that reflects what the +client certificate is being used for, e.g. ``mdb-mon-instance-3`` or ``mdb-bak-instance-4``. (The final integer is specific to your BigchainDB node in the BigchainDB cluster.) -Tip: You can get help with the ``easyrsa`` command (and its subcommands) -by using the subcommand ``./easyrsa help`` +You will be prompted to enter the Distinguished Name (DN) information for this certificate. For each field, you can accept the default value [in brackets] by pressing Enter. + +.. warning:: + + Don't accept the default value of OU (``IT``). Instead, enter the value + ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or ``MongoDB-Backup-Instance`` + as appropriate. + +Aside: The ``nopass`` option means "do not encrypt the private key (default is encrypted)". You can get help with the ``easyrsa`` command (and its subcommands) +by using the subcommand ``./easyrsa help``. Step 3: Get the Client Certificate Signed ----------------------------------------- -The CSR file (created in the previous step) -should be located in ``pki/reqs/bdb-instance-0.req``. +The CSR file created in the previous step +should be located in ``pki/reqs/bdb-instance-0.req`` +(or whatever Common Name you used in the ``gen-req`` command above). You need to send it to the organization managing the cluster so that they can use their CA to sign the request. (The managing organization should already have a self-signed CA.) If you are the admin of the managing organization's self-signed CA, -then you can import the CSR and use Easy-RSA to sign it. For example: +then you can import the CSR and use Easy-RSA to sign it. +Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/`` +directory and do something like: .. code:: bash diff --git a/docs/server/source/production-deployment-template/easy-rsa.rst b/docs/server/source/production-deployment-template/easy-rsa.rst index 3964d362..ff268bf2 100644 --- a/docs/server/source/production-deployment-template/easy-rsa.rst +++ b/docs/server/source/production-deployment-template/easy-rsa.rst @@ -66,17 +66,15 @@ The comments in the file explain what each of the variables mean. echo 'set_var EASYRSA_REQ_PROVINCE "Berlin"' >> vars echo 'set_var EASYRSA_REQ_CITY "Berlin"' >> vars echo 'set_var EASYRSA_REQ_ORG "BigchainDB GmbH"' >> vars + echo 'set_var EASYRSA_REQ_OU "IT"' >> vars echo 'set_var EASYRSA_REQ_EMAIL "dev@bigchaindb.com"' >> vars -We follow the convention of setting the OU to ``ROOT-CA``, +Note: Later, when building a CA or generating a certificate signing request, you will be prompted to enter a value for the OU (or to accept the default). You should change the default OU from ``IT`` to one of the following, as appropriate: +``ROOT-CA``, ``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or -``MongoDB-Backup-Instance`` as appropriate. -Replace ``insert-name-here`` with the appropriate name -(e.g. ``ROOT-CA``) in: - -.. code:: bash - - echo 'set_var EASYRSA_REQ_OU "insert-name-here"' >> vars +``MongoDB-Backup-Instance``. +To understand why, see `the MongoDB Manual `_. +There are reminders to do this in the relevant docs. Step 4: Maybe Edit x509-types/server diff --git a/docs/server/source/production-deployment-template/revoke-tls-certificate.rst b/docs/server/source/production-deployment-template/revoke-tls-certificate.rst index a0e06373..7584ceb5 100644 --- a/docs/server/source/production-deployment-template/revoke-tls-certificate.rst +++ b/docs/server/source/production-deployment-template/revoke-tls-certificate.rst @@ -39,3 +39,5 @@ Generate a new CRL for your infrastructure using: The generated ``crl.pem`` file needs to be uploaded to your infrastructure to prevent the revoked certificate from being used again. + +In particlar, the generated ``crl.pem`` file should be sent to all BigchainDB node operators in your BigchainDB cluster, so that they can update it in their MongoDB instance and their BigchainDB Server instance. diff --git a/docs/server/source/production-deployment-template/server-tls-certificate.rst b/docs/server/source/production-deployment-template/server-tls-certificate.rst index 844f670a..eb9dd204 100644 --- a/docs/server/source/production-deployment-template/server-tls-certificate.rst +++ b/docs/server/source/production-deployment-template/server-tls-certificate.rst @@ -26,7 +26,7 @@ Step 2: Create the Server Private Key and CSR --------------------------------------------- You can create the server private key and certificate signing request (CSR) -by going into the directory ``member-cert/easy-rsa-3.0.1/easyrsa`` +by going into the directory ``member-cert/easy-rsa-3.0.1/easyrsa3`` and using something like: .. code:: bash @@ -35,15 +35,17 @@ and using something like: ./easyrsa --req-cn=mdb-instance-0 --subject-alt-name=DNS:localhost,DNS:mdb-instance-0 gen-req mdb-instance-0 nopass -You will be prompted to enter the Distinguished Name for this certificate. You -can hit enter to accept the default values or change them at each prompt. +You should replace the Common Name (``mdb-instance-0`` above) with the correct name for *your* MongoDB instance in the cluster, e.g. ``mdb-instance-5`` or ``mdb-instance-12``. (This name is decided by the organization managing the cluster.) -You can replace the common name (``mdb-instance-0`` above) with any other name -so long as the instance can verify that it is the hostname. +You will be prompted to enter the Distinguished Name (DN) information for this certificate. +For each field, you can accept the default value [in brackets] by pressing Enter. -You need to provide the ``DNS:localhost`` SAN during certificate generation +.. warning:: + + Don't accept the default value of OU (``IT``). Instead, enter the value ``MongoDB-Instance``. + +Aside: You need to provide the ``DNS:localhost`` SAN during certificate generation for using the ``localhost exception`` in the MongoDB instance. - All certificates can have this attribute without compromising security as the ``localhost exception`` works only the first time. @@ -51,15 +53,18 @@ All certificates can have this attribute without compromising security as the Step 3: Get the Server Certificate Signed ----------------------------------------- -The CSR file (created in the last step) -should be located in ``pki/reqs/mdb-instance-0.req``. +The CSR file created in the last step +should be located in ``pki/reqs/mdb-instance-0.req`` +(where the integer ``0`` may be different for you). You need to send it to the organization managing the cluster so that they can use their CA to sign the request. (The managing organization should already have a self-signed CA.) If you are the admin of the managing organization's self-signed CA, -then you can import the CSR and use Easy-RSA to sign it. For example: +then you can import the CSR and use Easy-RSA to sign it. +Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/`` +directory and do something like: .. code:: bash diff --git a/docs/server/source/production-deployment-template/workflow.rst b/docs/server/source/production-deployment-template/workflow.rst index fb80c5fe..c511b8f9 100644 --- a/docs/server/source/production-deployment-template/workflow.rst +++ b/docs/server/source/production-deployment-template/workflow.rst @@ -53,6 +53,26 @@ Similarly, other instances must also have unique names in the cluster. #. Name of the MongoDB backup agent instance (``mdb-bak-instance-*``) +☐ Generate four keys and corresponding certificate signing requests (CSRs): + +#. Server Certificate (a.k.a. Member Certificate) for the MongoDB instance +#. Client Certificate for BigchainDB Server to identify itself to MongoDB +#. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB +#. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB + +Ask the managing organization to use its self-signed CA to sign those four CSRs. +They should send you: + +* Four certificates (one for each CSR you sent them). +* One ``ca.crt`` file: their CA certificate. +* One ``crl.pem`` file: a certificate revocation list. + +For help, see the pages: + +* :ref:`How to Generate a Server Certificate for MongoDB` +* :ref:`How to Generate a Client Certificate for MongoDB` + + ☐ Every node in a BigchainDB cluster needs its own BigchainDB keypair (i.e. a public key and corresponding private key). You can generate a BigchainDB keypair for your node, for example, @@ -73,28 +93,15 @@ Don't share your private key. That list of public keys is known as the BigchainDB "keyring." -☐ Ask the managing organization -for the FQDN used to serve the BigchainDB APIs -(e.g. ``api.orgname.net`` or ``bdb.clustername.com``). - - ☐ Make up an FQDN for your BigchainDB node (e.g. ``mynode.mycorp.com``). Make sure you've registered the associated domain name (e.g. ``mycorp.com``), and have an SSL certificate for the FQDN. -(You can get an SSL certificate from any SSL certificate provider). - - -☐ Share your BigchaindB *public* key with all the other nodes -in the BigchainDB cluster. -Don't share your private key. - - -☐ Get the BigchainDB public keys of all the other nodes in the cluster. -That list of public keys is known as the BigchainDB "keyring." +(You can get an SSL certificate from any SSL certificate provider.) ☐ Ask the managing organization for the FQDN used to serve the BigchainDB APIs +(e.g. ``api.orgname.net`` or ``bdb.clustername.com``) and for a copy of the associated SSL/TLS certificate. Also, ask for the user name to use for authenticating to MongoDB. @@ -113,41 +120,11 @@ allow easier periodic rotation of the ``Agent API Key`` with a constant ``Group ID``) -☐ Generate four keys and corresponding certificate signing requests (CSRs): - -#. Server Certificate (a.k.a. Member Certificate) for the MongoDB instance -#. Client Certificate for BigchainDB Server to identify itself to MongoDB -#. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB -#. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB - -Ask the managing organization to use its self-signed CA to sign those four certificates. -They should send you: - -* Signed versions of your four certificates. -* One ``ca.crt`` file: their CA certificate. -* One ``crl.pem`` file: a certificate revocation list. - -For help, see the pages: - -* :ref:`How to Generate a Server Certificate for MongoDB` -* :ref:`How to Generate a Client Certificate for MongoDB` - - ☐ :doc:`Deploy a Kubernetes cluster on Azure `. -☐ Create the Kubernetes Configuration for this node. -We will use Kubernetes ConfigMaps and Secrets to hold all the information -gathered above. - - -☐ Deploy your BigchainDB node on your Kubernetes cluster. - -Next Steps To Set Up a Node ---------------------------- - -You can now proceed to set up your BigchainDB node based on whether it is the -:ref:`first node in you cluster +☐ You can now proceed to set up your BigchainDB node based on whether it is the +:ref:`first node in a new cluster ` or a :ref:`node that will be added to an existing cluster `. From 69a07b282db17b681e5056b8424c1243a9200cbd Mon Sep 17 00:00:00 2001 From: libscott Date: Tue, 27 Jun 2017 15:27:49 -0700 Subject: [PATCH 31/54] remove federation test that is failing sometimes in the case of RethinkDB (#1587) --- tests/integration/test_federation.py | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/tests/integration/test_federation.py b/tests/integration/test_federation.py index 00c59685..598412ff 100644 --- a/tests/integration/test_federation.py +++ b/tests/integration/test_federation.py @@ -133,27 +133,6 @@ def test_elect_invalid(federation_3): assert bx[i].get_transaction(tx.id, True)[1] is None -@pytest.mark.bdb -@pytest.mark.genesis -def test_elect_disagree_prev_block(federation_3): - [bx, (s0, s1, s2)] = federation_3 - tx = input_single_create(bx[0]) - process_tx(s0) - process_tx(s1) - process_tx(s2) - process_vote(s0, True) - for i in range(3): - assert bx[i].get_transaction(tx.id, True)[1] == 'undecided' - s1.vote.last_voted_id = '5' * 64 - process_vote(s1, True) - for i in range(3): - assert bx[i].get_transaction(tx.id, True)[1] == 'undecided' - s2.vote.last_voted_id = '6' * 64 - process_vote(s2, True) - for i in range(3): - assert bx[i].get_transaction(tx.id, True)[1] is None - - @pytest.mark.bdb @pytest.mark.genesis def test_elect_sybill(federation_3): From d92f5f2024d79885bec8538549637484bf85cd94 Mon Sep 17 00:00:00 2001 From: Krish Date: Wed, 28 Jun 2017 15:35:26 +0200 Subject: [PATCH 32/54] Documentation changes (#1595) * Add documentation for `bdb-user` parameter * Remove the bdb-keyfile-passphrase parameter * Formatting changes in bdb-certs.bdb-user subsection --- .../node-config-map-and-secrets.rst | 30 +++++++++++++++++++ k8s/bigchaindb/bigchaindb-dep.yaml | 2 -- k8s/configuration/secret.yaml | 2 -- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index 6e25c77b..1509091c 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -89,6 +89,36 @@ Note that ``ca.pem`` is just another name for ``ca.crt`` (the certificate of your BigchainDB cluster's self-signed CA). +bdb-certs.bdb-user +~~~~~~~~~~~~~~~~~~ + +This is the user name that BigchainDB uses to authenticate itself to the +backend MongoDB database. + +We need to specify the user name *as seen in the certificate* issued to +the BigchainDB instance in order to authenticate correctly. Use +the following ``openssl`` command to extract the user name from the +certificate: + +.. code:: bash + + $ openssl x509 -in \ + -inform PEM -subject -nameopt RFC2253 + +You should see an output line that resembles: + +.. code:: bash + + subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE + +The ``subject`` line states the complete user name we need to use for this +field (``bdb-certs.bdb-user``), i.e. + +.. code:: bash + + emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE + + Deploy Your config-map.yaml and secret.yaml ------------------------------------------- diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 376c5c86..9aea8f7c 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -59,8 +59,6 @@ spec: value: /etc/bigchaindb/ssl/bdb-instance.pem - name: BIGCHAINDB_DATABASE_KEYFILE value: /etc/bigchaindb/ssl/bdb-instance.key - - name: BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE - value: /etc/bigchaindb/ssl/bdb-keyfile-passphrase - name: BIGCHAINDB_DATABASE_LOGIN value: /etc/bigchaindb/ssl/bdb-user # The following env var is not required for the bootstrap/first node diff --git a/k8s/configuration/secret.yaml b/k8s/configuration/secret.yaml index e42ac4c9..795e4756 100644 --- a/k8s/configuration/secret.yaml +++ b/k8s/configuration/secret.yaml @@ -82,8 +82,6 @@ data: bdb-instance.pem: "" # Base64-encoded private key bdb-instance.key: "" - # Base64-encoded private key passphrase - bdb-keyfile-passphrase: "" # Base64-encoded instance authentication credentials bdb-user: "" --- From 52e097ccbaabc5854fd0063f32e37ea474de71a5 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 28 Jun 2017 14:00:42 +0200 Subject: [PATCH 33/54] Fixed typo in az acs create command --- .../template-kubernetes-azure.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/production-deployment-template/template-kubernetes-azure.rst b/docs/server/source/production-deployment-template/template-kubernetes-azure.rst index 7027e2b3..d99596cc 100644 --- a/docs/server/source/production-deployment-template/template-kubernetes-azure.rst +++ b/docs/server/source/production-deployment-template/template-kubernetes-azure.rst @@ -102,7 +102,7 @@ Finally, you can deploy an ACS using something like: --agent-vm-size Standard_D2_v2 \ --dns-prefix \ --ssh-key-value ~/.ssh/.pub \ - --orchestrator-type kubernetes + --orchestrator-type kubernetes \ --debug --output json From c58bd49b91247d540200e27b20f0aac6d61cd7dd Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 28 Jun 2017 14:01:48 +0200 Subject: [PATCH 34/54] clarifications in docs re config-map.yaml --- .../node-config-map-and-secrets.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index 1509091c..2b8da6e5 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -29,8 +29,8 @@ where all data values must be base64-encoded. This is true of all Kubernetes ConfigMaps and Secrets.) -vars -~~~~ +vars.mdb-instance-name and Similar +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your BigchainDB cluster organization should have a standard way of naming instances, so the instances in your BigchainDB node @@ -59,11 +59,14 @@ of all *other* nodes in your BigchainDB cluster * If you're deploying the first node in the cluster, the value should be ``""`` (an empty string). * If you're deploying the second node in the cluster, - the value should be one public key inside double quotes. + the value should be the BigchainDB public key of the first/original + node in the cluster, inside double quotes. For example, ``"EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"`` * If there are two or more other nodes already in the cluster, - the value should be a colon-separated list of public keys + the value should be a colon-separated list + of the BigchainDB public keys + of those other nodes, inside double quotes. For example, ``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"`` From 1d6a7624f41464d73c470dc48df745e511d72260 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 28 Jun 2017 14:44:08 +0200 Subject: [PATCH 35/54] Removed un-needed trailing comma in secret.yaml --- k8s/configuration/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/configuration/secret.yaml b/k8s/configuration/secret.yaml index 795e4756..7c59595b 100644 --- a/k8s/configuration/secret.yaml +++ b/k8s/configuration/secret.yaml @@ -77,7 +77,7 @@ data: # Base64-encoded CA certificate (ca.crt) ca.pem: "" # Base64-encoded CRL file - crlfile: "", + crlfile: "" # Base64-encoded BigchainDB instance certificate bdb-instance.pem: "" # Base64-encoded private key From 0feaafef2b9945017fd37c823c1a3772292e4fab Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 28 Jun 2017 16:40:52 +0200 Subject: [PATCH 36/54] entire HTTPS cert chain is needed in secret.yaml --- k8s/configuration/secret.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/k8s/configuration/secret.yaml b/k8s/configuration/secret.yaml index 7c59595b..cccf4788 100644 --- a/k8s/configuration/secret.yaml +++ b/k8s/configuration/secret.yaml @@ -94,8 +94,9 @@ type: Opaque data: # Base64-encoded HTTPS private key cert.key: "" - # Base64-encoded HTTPS Signed Certificate or Certificate Chain - cert.pem: "" + # Base64-encoded HTTPS certificate chain + # including all intermediate certificates and the actual certificate + cert.pem: " Date: Wed, 28 Jun 2017 17:42:32 +0200 Subject: [PATCH 37/54] Explained how to get 3scale credentials --- .../node-config-map-and-secrets.rst | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index 2b8da6e5..8ddbff2e 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -122,6 +122,31 @@ field (``bdb-certs.bdb-user``), i.e. emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE +threescale-credentials.* +~~~~~~~~~~~~~~~~~~~~~~~~ + +You can delete the ``threescale-credentials`` Secret if you're not using 3scale. + +If you *are* using 3scale, you can get the value for ``frontend-api-dns-name`` +using something like ``echo "your.nodesubdomain.net" | base64 -w 0`` + +To get the values for ``secret-token``, ``service-id``, +``version-header`` and ``provider-key``, login to your 3scale admin, +then click **APIs** and click on **Integration** for the relevant API. +Scroll to the bottom of the page and click the small link +in the lower right corner, labelled **Download the NGINX Config files**. +You'll get a ``.zip`` file. +Unzip it, then open the ``.conf`` file and the ``.lua`` file. +You should be able to find all the values in those files. +You have to be careful because it will have values for *all* your APIs, +and some values vary from API to API. +The ``version-header`` is the timestamp in a line that looks like: + +.. code:: + + proxy_set_header X-3scale-Version "2017-06-28T14:57:34Z"; + + Deploy Your config-map.yaml and secret.yaml ------------------------------------------- From 5687735b246a89b2081b5a3569bc22c2c61e8c64 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 11:00:17 +0200 Subject: [PATCH 38/54] removed 2 instances of 'inside double quotes' --- .../node-config-map-and-secrets.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index 8ddbff2e..dad62fc6 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -60,14 +60,13 @@ of all *other* nodes in your BigchainDB cluster the value should be ``""`` (an empty string). * If you're deploying the second node in the cluster, the value should be the BigchainDB public key of the first/original - node in the cluster, inside double quotes. + node in the cluster. For example, ``"EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"`` * If there are two or more other nodes already in the cluster, the value should be a colon-separated list of the BigchainDB public keys - of those other nodes, - inside double quotes. + of those other nodes. For example, ``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"`` From 7b80bb581936476a1b955dc82d9d0d37403499c4 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 11:09:16 +0200 Subject: [PATCH 39/54] If not using 3scale, they can also leave vals blank --- .../node-config-map-and-secrets.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index dad62fc6..7bcbb28d 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -124,7 +124,9 @@ field (``bdb-certs.bdb-user``), i.e. threescale-credentials.* ~~~~~~~~~~~~~~~~~~~~~~~~ -You can delete the ``threescale-credentials`` Secret if you're not using 3scale. +If you're not using 3scale, +you can delete the ``threescale-credentials`` Secret +or leave all the values blank (``""``). If you *are* using 3scale, you can get the value for ``frontend-api-dns-name`` using something like ``echo "your.nodesubdomain.net" | base64 -w 0`` From 54e0fc4f57492e66830e67600ceeb5dc5fa77706 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 11:28:51 +0200 Subject: [PATCH 40/54] Clarify the required SSL cert order in cert chain --- k8s/configuration/secret.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/k8s/configuration/secret.yaml b/k8s/configuration/secret.yaml index cccf4788..f9c4aeb5 100644 --- a/k8s/configuration/secret.yaml +++ b/k8s/configuration/secret.yaml @@ -95,7 +95,9 @@ data: # Base64-encoded HTTPS private key cert.key: "" # Base64-encoded HTTPS certificate chain - # including all intermediate certificates and the actual certificate + # starting with your primary SSL cert (e.g. your_domain.crt) + # followed by all intermediate certs. + # If cert if from DigiCert, download "Best format for nginx". cert.pem: " Date: Thu, 29 Jun 2017 14:19:08 +0200 Subject: [PATCH 41/54] Document graphite configuration parameter (#1594) * document graphite configuration parameter * add example * graphite settings docs follows wsserver * Removed outer JSON braces @ graphite.host docs --- .../source/server-reference/configuration.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 76a76456..7edc184c 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -45,6 +45,7 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_DATABASE_KEYFILE`
`BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE`
`BIGCHAINDB_DATABASE_CRLFILE`
+`BIGCHAINDB_GRAPHITE_HOST`
The local config file is `$HOME/.bigchaindb` by default (a file which might not even exist), but you can tell BigchainDB to use a different file by using the `-c` command-line option, e.g. `bigchaindb -c path/to/config_file.json start` or using the `BIGCHAINDB_CONFIG_PATH` environment variable, e.g. `BIGHAINDB_CONFIG_PATH=.my_bigchaindb_config bigchaindb start`. @@ -497,3 +498,29 @@ logging of the `core.py` module to be more verbose, you would set the ``` **Defaults to**: `"{}"` + + +## graphite.host + +The host name or IP address of a server listening for statsd events on UDP +port 8125. This defaults to `localhost`, and if no statsd collector is running, +the events are simply dropped by the operating system. + +**Example using environment variables** +```text +export BIGCHAINDB_GRAPHITE_HOST=10.0.0.5 +``` + +**Example config file snippet** +```js +"graphite": { + "host": "10.0.0.5" +} +``` + +**Default values (from a config file)** +```js +"graphite": { + "host": "localhost" +} +``` From d3924213ee4f74be7f496065a863fc25c99826e1 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 14:35:23 +0200 Subject: [PATCH 42/54] edits in nginx-3scale service docs --- .../node-on-kubernetes.rst | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index fb4219f1..92c7c424 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -138,14 +138,17 @@ Step 4.1: Vanilla NGINX Step 4.2: OpenResty NGINX + 3scale ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - * This configuration is located in the file ``nginx/nginx-3scale-svc.yaml``. * You have to enable HTTPS for this one and will need an HTTPS certificate - for your domain + for your domain. - * You should have already created the Kubernetes Secret in the previous - step. + * You should have already created the necessary Kubernetes Secrets in the previous + step (e.g. ``https-certs`` and ``threescale-credentials``). + + * This configuration is located in the file ``nginx-3scale/nginx-3scale-svc.yaml``. + + * Set the ``metadata.name`` and ``metadata.labels.name`` to the value + set in ``ngx-instance-name`` in the ConfigMap above. * Set the ``spec.selector.app`` to the value set in ``ngx-instance-name`` in the ConfigMap followed by ``-dep``. For example, if the value set in the From a72bf56089b794dbd1e360aa8ed95844fb7366af Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 15:09:27 +0200 Subject: [PATCH 43/54] copyedited docs re assigning DNS name to NGINX public IP --- .../node-on-kubernetes.rst | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index 92c7c424..0310a4df 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -170,20 +170,18 @@ Step 5: Assign DNS Name to the NGINX Public IP `_ or are using HTTPS certificates tied to a domain. - * The following command can help you find out if the nginx service started + * The following command can help you find out if the NGINX service started above has been assigned a public IP or external IP address: .. code:: bash $ kubectl --context k8s-bdb-test-cluster-0 get svc -w - * Once a public IP is assigned, you can log in to the Azure portal and map it to + * Once a public IP is assigned, you can map it to a DNS name. - - * We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and + We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and so on in our documentation. - - * Let us assume that we assigned the unique name of ``bdb-test-cluster-0`` here. + Let's assume that we assign the unique name of ``bdb-test-cluster-0`` here. **Set up DNS mapping in Azure.** @@ -198,7 +196,7 @@ have the Azure DNS prefix name along with a long random string, without the (for example, ``bdb-test-cluster-0``), click ``Save``, and wait for the changes to be applied. -To verify the DNS setting is operational, you can run ``nslookup `` from your local Linux shell. This will ensure that when you scale the replica set later, other MongoDB From 1034db1ce50ede3ced81133018c1ca48e2d1baa4 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 15:32:08 +0200 Subject: [PATCH 44/54] Fixed name of https-certs volume mount in nginx-3scale-dep.yaml --- k8s/nginx-3scale/nginx-3scale-dep.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/nginx-3scale/nginx-3scale-dep.yaml b/k8s/nginx-3scale/nginx-3scale-dep.yaml index 1dacf617..7951e14d 100644 --- a/k8s/nginx-3scale/nginx-3scale-dep.yaml +++ b/k8s/nginx-3scale/nginx-3scale-dep.yaml @@ -84,7 +84,7 @@ spec: timeoutSeconds: 10 restartPolicy: Always volumes: - - name: https + - name: https-certs secret: secretName: https-certs defaultMode: 0400 From 92ec8f613e67d4e670a3d26dc9b9ea6d9205306f Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 16:02:34 +0200 Subject: [PATCH 45/54] Fixed spelling & grammar stuff in docs re MDB StatefulSet --- .../production-deployment-template/node-on-kubernetes.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index 0310a4df..34fbfda4 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -453,11 +453,11 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB * Note how the MongoDB container uses the ``mongo-db-claim`` and the ``mongo-configdb-claim`` PersistentVolumeClaims for its ``/data/db`` and - ``/data/configdb`` diretories (mount path). + ``/data/configdb`` directories (mount paths). * Note also that we use the pod's ``securityContext.capabilities.add`` specification to add the ``FOWNER`` capability to the container. That is - because MongoDB container has the user ``mongodb``, with uid ``999`` and + because the MongoDB container has the user ``mongodb``, with uid ``999`` and group ``mongodb``, with gid ``999``. When this container runs on a host with a mounted disk, the writes fail when there is no user with uid ``999``. To avoid this, we use the Docker From 6b6bfe173331c862d167d5d7e8917521edcbad3c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 16:39:01 +0200 Subject: [PATCH 46/54] Explained how to log in to the MongoDB pod --- .../node-on-kubernetes.rst | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index 34fbfda4..7d0a8f83 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -491,12 +491,23 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB Step 12: Configure Users and Access Control for MongoDB ------------------------------------------------------- - * Create a user on MongoDB with authorization to create more users and assign + * In this step, you will create a user on MongoDB with authorization + to create more users and assign roles to them. Note: You need to do this only when setting up the first MongoDB node of the cluster. - Log in to the MongoDB instance and open a mongo shell using the certificates + * Find out the name of your MongoDB pod by reading the output + of the ``kubectl ... get pods`` command at the end of the last step. + It should be something like ``mdb-instance-0-ss-0``. + + * Log in to the MongoDB pod using: + + .. code:: bash + + $ kubectl --context k8s-bdb-test-cluster-0 exec -it bash + + * Open a mongo shell using the certificates already present at ``/etc/mongod/ssl/`` .. code:: bash From 69cdfd56cfa6ed8dd9d1de2e785e24731edcfc08 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 29 Jun 2017 17:02:23 +0200 Subject: [PATCH 47/54] Added note about what to expect from MongoDB's db.auth() command --- .../production-deployment-template/node-on-kubernetes.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index 7d0a8f83..4237fbe3 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -561,6 +561,9 @@ Step 12: Configure Users and Access Control for MongoDB PRIMARY> use admin PRIMARY> db.auth("adminUser", "superstrongpassword") + ``db.auth()`` returns 0 when authentication is not successful, + and 1 when successful. + * We need to specify the user name *as seen in the certificate* issued to the BigchainDB instance in order to authenticate correctly. Use the following ``openssl`` command to extract the user name from the From b1ad6045b6cce051fe9b6eb84cf9706e1bb6d4f8 Mon Sep 17 00:00:00 2001 From: libscott Date: Fri, 30 Jun 2017 09:40:50 +0200 Subject: [PATCH 48/54] Rename "output" to "output_index" in /api/v1/outputs (#1596) * rename output to output_index in /api/v1/outputs * rename transaction.input.fulfills.output to output_index * fix rethinkdb queries for output_index --- bigchaindb/backend/mongodb/query.py | 4 ++-- bigchaindb/backend/mongodb/schema.py | 2 +- bigchaindb/backend/rethinkdb/query.py | 4 ++-- bigchaindb/backend/rethinkdb/schema.py | 4 ++-- bigchaindb/common/schema/transaction.yaml | 4 ++-- bigchaindb/common/transaction.py | 4 ++-- bigchaindb/web/views/outputs.py | 2 +- docs/server/source/data-models/inputs-outputs.rst | 6 +++--- docs/server/source/http-client-server-api.rst | 8 ++++---- tests/common/test_transaction.py | 10 +++++----- tests/web/test_outputs.py | 8 ++++---- 11 files changed, 28 insertions(+), 28 deletions(-) diff --git a/bigchaindb/backend/mongodb/query.py b/bigchaindb/backend/mongodb/query.py index a1e97b64..673f643f 100644 --- a/bigchaindb/backend/mongodb/query.py +++ b/bigchaindb/backend/mongodb/query.py @@ -158,7 +158,7 @@ def get_spent(conn, transaction_id, output): 'block.transactions.inputs': { '$elemMatch': { 'fulfills.transaction_id': transaction_id, - 'fulfills.output': output, + 'fulfills.output_index': output, }, }, }}, @@ -167,7 +167,7 @@ def get_spent(conn, transaction_id, output): 'block.transactions.inputs': { '$elemMatch': { 'fulfills.transaction_id': transaction_id, - 'fulfills.output': output, + 'fulfills.output_index': output, }, }, }}, diff --git a/bigchaindb/backend/mongodb/schema.py b/bigchaindb/backend/mongodb/schema.py index c9c5bbb4..e398560f 100644 --- a/bigchaindb/backend/mongodb/schema.py +++ b/bigchaindb/backend/mongodb/schema.py @@ -72,7 +72,7 @@ def create_bigchain_secondary_index(conn, dbname): conn.conn[dbname]['bigchain']\ .create_index([ ('block.transactions.inputs.fulfills.transaction_id', ASCENDING), - ('block.transactions.inputs.fulfills.output', ASCENDING), + ('block.transactions.inputs.fulfills.output_index', ASCENDING), ], name='inputs') diff --git a/bigchaindb/backend/rethinkdb/query.py b/bigchaindb/backend/rethinkdb/query.py index a2e97d9a..cac9cc94 100644 --- a/bigchaindb/backend/rethinkdb/query.py +++ b/bigchaindb/backend/rethinkdb/query.py @@ -123,7 +123,7 @@ def get_spent(connection, transaction_id, output): .concat_map(lambda doc: doc['block']['transactions']) .filter(lambda transaction: transaction['inputs'].contains( lambda input_: input_['fulfills'] == { - 'transaction_id': transaction_id, 'output': output}))) + 'transaction_id': transaction_id, 'output_index': output}))) @register_query(RethinkDBConnection) @@ -287,7 +287,7 @@ def unwind_block_transactions(block): def get_spending_transactions(connection, links): query = ( r.table('bigchain') - .get_all(*[(l['transaction_id'], l['output']) for l in links], + .get_all(*[(l['transaction_id'], l['output_index']) for l in links], index='inputs') .concat_map(unwind_block_transactions) # filter transactions spending output diff --git a/bigchaindb/backend/rethinkdb/schema.py b/bigchaindb/backend/rethinkdb/schema.py index f96e8a86..ea6f4e25 100644 --- a/bigchaindb/backend/rethinkdb/schema.py +++ b/bigchaindb/backend/rethinkdb/schema.py @@ -86,9 +86,9 @@ def create_bigchain_secondary_index(connection, dbname): .index_create('inputs', r.row['block']['transactions'] .concat_map(lambda tx: tx['inputs']['fulfills']) - .with_fields('transaction_id', 'output') + .with_fields('transaction_id', 'output_index') .map(lambda fulfills: [fulfills['transaction_id'], - fulfills['output']]), + fulfills['output_index']]), multi=True)) # wait for rethinkdb to finish creating secondary indexes diff --git a/bigchaindb/common/schema/transaction.yaml b/bigchaindb/common/schema/transaction.yaml index 633579a5..f393d067 100644 --- a/bigchaindb/common/schema/transaction.yaml +++ b/bigchaindb/common/schema/transaction.yaml @@ -203,10 +203,10 @@ definitions: Reference to the output that is being spent. additionalProperties: false required: - - output + - output_index - transaction_id properties: - output: + output_index: "$ref": "#/definitions/offset" description: | Index of the output containing the condition being fulfilled diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index f3cf476d..9b44ede6 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -178,7 +178,7 @@ class TransactionLink(object): :class:`~bigchaindb.common.transaction.TransactionLink` """ try: - return cls(link['transaction_id'], link['output']) + return cls(link['transaction_id'], link['output_index']) except TypeError: return cls() @@ -193,7 +193,7 @@ class TransactionLink(object): else: return { 'transaction_id': self.txid, - 'output': self.output, + 'output_index': self.output, } def to_uri(self, path=''): diff --git a/bigchaindb/web/views/outputs.py b/bigchaindb/web/views/outputs.py index 253ae0bd..2f63c07f 100644 --- a/bigchaindb/web/views/outputs.py +++ b/bigchaindb/web/views/outputs.py @@ -22,5 +22,5 @@ class OutputListApi(Resource): with pool() as bigchain: outputs = bigchain.get_outputs_filtered(args['public_key'], args['spent']) - return [{'transaction_id': output.txid, 'output': output.output} + return [{'transaction_id': output.txid, 'output_index': output.output} for output in outputs] diff --git a/docs/server/source/data-models/inputs-outputs.rst b/docs/server/source/data-models/inputs-outputs.rst index ea9a1dcd..62deb9d3 100644 --- a/docs/server/source/data-models/inputs-outputs.rst +++ b/docs/server/source/data-models/inputs-outputs.rst @@ -132,7 +132,7 @@ If there is only one *current owner*, the fulfillment will be a simple signature "owners_before": [""], "fulfillment": "cf:4:RxFzIE679tFBk8zwEgizhmTuciAylvTUwy6EL6ehddHFJOhK5F4IjwQ1xLu2oQK9iyRCZJdfWAefZVjTt3DeG5j2exqxpGliOPYseNkRAWEakqJ_UrCwgnj92dnFRAEE", "fulfills": { - "output": 0, + "output_index": 0, "transaction_id": "11b3e7d893cc5fdfcf1a1706809c7def290a3b10b0bef6525d10b024649c42d3" } } @@ -151,7 +151,7 @@ If there are multiple *current owners*, the fulfillment will be a little differe "owners_before": ["",""], "fulfillment": "cf:2:AQIBAgEBYwAEYEv6O5HjHGl7OWo2Tu5mWcWQcL_OGrFuUjyej-dK3LM99TbZsRd8c9luQhU30xCH5AdNaupxg-pLHuk8DoSaDA1MHQGXUZ80a_cV-4UaaaCpdey8K0CEcJxre0X96hTHCwABAWMABGBnsuHExhuSj5Mdm-q0KoPgX4nAt0s00k1WTMCzuUpQIp6aStLoTSMlsvS4fmDtOSv9gubekKLuHTMAk-LQFSKF1JdzwaVWAA2UOv0v_OS2gY3A-r0kRq8HtzjYdcmVswUA", "fulfills": { - "output": 0, + "output_index": 0, "transaction_id": "e4805f1bfc999d6409b38e3a4c3b2fafad7c1280eb0d441da7083e945dd89eb8" } } @@ -160,5 +160,5 @@ If there are multiple *current owners*, the fulfillment will be a little differe - ``owners_before``: A list of public keys of the owners before the transaction; in this case it has two owners, hence two public keys. - ``fulfillment``: A crypto-conditions URI that encodes the cryptographic fulfillments like signatures and others;'cf' indicates this is a fulfillment, '2' indicates the condition type is THRESHOLD-SHA-256 (while '4' in `One Current Owner`_ indicates its condition type is ED25519). - ``fulfills``: Pointer to an output from a previous transaction that is being spent - - ``output``: The index of the output in a previous transaction + - ``output_index``: The index of the output in a previous transaction - ``transaction_id``: ID of the transaction diff --git a/docs/server/source/http-client-server-api.rst b/docs/server/source/http-client-server-api.rst index c7a2d3e3..618903a8 100644 --- a/docs/server/source/http-client-server-api.rst +++ b/docs/server/source/http-client-server-api.rst @@ -206,11 +206,11 @@ unspent outputs. [ { - "output": 0, + "output_index": 0, "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e" }, { - "output": 1, + "output_index": 1, "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e" } ] @@ -238,7 +238,7 @@ unspent outputs. [ { - "output": 0, + "output_index": 0, "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e" } ] @@ -266,7 +266,7 @@ unspent outputs. [ { - "output": 1, + "output_index": 1, "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e" } ] diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index 368789bb..2cdfaac1 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -366,7 +366,7 @@ def test_transaction_link_serialization(): tx_id = 'a transaction id' expected = { 'transaction_id': tx_id, - 'output': 0, + 'output_index': 0, } tx_link = TransactionLink(tx_id, 0) @@ -389,7 +389,7 @@ def test_transaction_link_deserialization(): expected = TransactionLink(tx_id, 0) tx_link = { 'transaction_id': tx_id, - 'output': 0, + 'output_index': 0, } tx_link = TransactionLink.from_dict(tx_link) @@ -842,7 +842,7 @@ def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub, 'fulfillment': None, 'fulfills': { 'transaction_id': tx.id, - 'output': 0 + 'output_index': 0 } } ], @@ -891,7 +891,7 @@ def test_create_transfer_transaction_multiple_io(user_pub, user_priv, 'fulfillment': None, 'fulfills': { 'transaction_id': tx.id, - 'output': 0 + 'output_index': 0 } }, { 'owners_before': [ @@ -900,7 +900,7 @@ def test_create_transfer_transaction_multiple_io(user_pub, user_priv, 'fulfillment': None, 'fulfills': { 'transaction_id': tx.id, - 'output': 1 + 'output_index': 1 } } ], diff --git a/tests/web/test_outputs.py b/tests/web/test_outputs.py index d20068d0..8ef90b73 100644 --- a/tests/web/test_outputs.py +++ b/tests/web/test_outputs.py @@ -14,8 +14,8 @@ def test_get_outputs_endpoint(client, user_pk): gof.return_value = [m, m] res = client.get(OUTPUTS_ENDPOINT + '?public_key={}'.format(user_pk)) assert res.json == [ - {'transaction_id': 'a', 'output': 0}, - {'transaction_id': 'a', 'output': 0} + {'transaction_id': 'a', 'output_index': 0}, + {'transaction_id': 'a', 'output_index': 0} ] assert res.status_code == 200 gof.assert_called_once_with(user_pk, None) @@ -29,7 +29,7 @@ def test_get_outputs_endpoint_unspent(client, user_pk): gof.return_value = [m] params = '?spent=False&public_key={}'.format(user_pk) res = client.get(OUTPUTS_ENDPOINT + params) - assert res.json == [{'transaction_id': 'a', 'output': 0}] + assert res.json == [{'transaction_id': 'a', 'output_index': 0}] assert res.status_code == 200 gof.assert_called_once_with(user_pk, False) @@ -42,7 +42,7 @@ def test_get_outputs_endpoint_spent(client, user_pk): gof.return_value = [m] params = '?spent=true&public_key={}'.format(user_pk) res = client.get(OUTPUTS_ENDPOINT + params) - assert res.json == [{'transaction_id': 'a', 'output': 0}] + assert res.json == [{'transaction_id': 'a', 'output_index': 0}] assert res.status_code == 200 gof.assert_called_once_with(user_pk, True) From 7913e8730bbc5dcacd19c0946ee5a69d8ee8f28e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 30 Jun 2017 09:42:29 +0200 Subject: [PATCH 49/54] =?UTF-8?q?'tranfer-enablers'=20-->=20'transfer-enab?= =?UTF-8?q?lers'=20(=C3=97=203)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/root/source/assets.rst | 2 +- docs/root/source/smart-contracts.rst | 2 +- docs/root/source/transaction-concepts.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/root/source/assets.rst b/docs/root/source/assets.rst index d09296e5..ff6a17fd 100644 --- a/docs/root/source/assets.rst +++ b/docs/root/source/assets.rst @@ -21,4 +21,4 @@ We’re actively exploring ways that BigchainDB can be used with other blockchai .. note:: - We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 `_. + We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 `_. diff --git a/docs/root/source/smart-contracts.rst b/docs/root/source/smart-contracts.rst index 1669fff9..28ae4c6e 100644 --- a/docs/root/source/smart-contracts.rst +++ b/docs/root/source/smart-contracts.rst @@ -15,5 +15,5 @@ Crypto-conditions can be quite complex if-this-then-that type conditions, where .. note:: - We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 `_. + We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 `_. \ No newline at end of file diff --git a/docs/root/source/transaction-concepts.md b/docs/root/source/transaction-concepts.md index 629c64ff..cbbd4250 100644 --- a/docs/root/source/transaction-concepts.md +++ b/docs/root/source/transaction-concepts.md @@ -37,7 +37,7 @@ Each output also has a list of all the public keys associated with the conditions on that output. Loosely speaking, that list might be interpreted as the list of "owners." A more accurate word might be fulfillers, signers, controllers, -or tranfer-enablers. +or transfer-enablers. See BigchainDB Server [issue #626](https://github.com/bigchaindb/bigchaindb/issues/626). A CREATE transaction must be signed by all the owners. From 5e9b7f4ffe503d66131cbd96266cb70666a006b9 Mon Sep 17 00:00:00 2001 From: libscott Date: Fri, 30 Jun 2017 09:44:22 +0200 Subject: [PATCH 50/54] Remove condition details signature, rename subfulfillments to subconditions (#1589) * implement output.condition.details marshalling and remove signature field * rename outputs[].condition.details.subfulfillments to subconditions * simpler threshold depth overlow handling * pass public_key as kwarg * change ccv1 condition uri in docs * import base58 at top in test_transaction --- bigchaindb/common/exceptions.py | 4 + bigchaindb/common/schema/transaction.yaml | 61 ++++++++++------ bigchaindb/common/transaction.py | 73 +++++++++++++++---- bigchaindb/utils.py | 4 +- .../source/data-models/inputs-outputs.rst | 29 +++----- tests/assets/test_divisible_assets.py | 71 +++++++++--------- tests/common/test_transaction.py | 12 ++- .../validation/test_transaction_structure.py | 35 ++++++++- 8 files changed, 195 insertions(+), 94 deletions(-) diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 258001b8..ec4c9702 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -106,3 +106,7 @@ class SybilError(ValidationError): class DuplicateTransaction(ValidationError): """Raised if a duplicated transaction is found""" + + +class ThresholdTooDeep(ValidationError): + """Raised if threshold condition is too deep""" diff --git a/bigchaindb/common/schema/transaction.yaml b/bigchaindb/common/schema/transaction.yaml index f393d067..72b51cf1 100644 --- a/bigchaindb/common/schema/transaction.yaml +++ b/bigchaindb/common/schema/transaction.yaml @@ -150,8 +150,7 @@ definitions: - uri properties: details: - type: object - additionalProperties: true + "$ref": "#/definitions/condition_details" uri: type: string pattern: "^ni:///sha-256;([a-zA-Z0-9_-]{0,86})?(.+)$" @@ -174,28 +173,14 @@ definitions: description: | List of public keys of the previous owners of the asset. fulfillment: + description: | + Fulfillment of an `Output.condition`_, or, put a different way, a payload + that satisfies the condition of a previous output to prove that the + creator(s) of this transaction have control over the listed asset. anyOf: - - type: object - additionalProperties: false - properties: - bitmask: - type: integer - public_key: - type: string - type: - type: string - signature: - anyOf: - - type: string - - type: 'null' - type_id: - type: integer - description: | - Fulfillment of an `Output.condition`_, or, put a different way, a payload - that satisfies the condition of a previous output to prove that the - creator(s) of this transaction have control over the listed asset. - type: string pattern: "^[a-zA-Z0-9_-]*$" + - "$ref": "#/definitions/condition_details" fulfills: anyOf: - type: 'object' @@ -224,3 +209,37 @@ definitions: additionalProperties: true minProperties: 1 - type: 'null' + condition_details: + description: | + Details needed to reconstruct the condition associated with an output. + Currently, BigchainDB only supports ed25519 and threshold condition types. + anyOf: + - type: object + additionalProperties: false + required: + - type + - public_key + properties: + type: + type: string + pattern: "^ed25519-sha-256$" + public_key: + "$ref": "#/definitions/base58" + - type: object + additionalProperties: false + required: + - type + - threshold + - subconditions + properties: + type: + type: "string" + pattern: "^threshold-sha-256$" + threshold: + type: integer + minimum: 1 + maximum: 100 + subconditions: + type: array + items: + "$ref": "#/definitions/condition_details" diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index 9b44ede6..a377b994 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -4,12 +4,13 @@ from functools import reduce import base58 from cryptoconditions import Fulfillment, ThresholdSha256, Ed25519Sha256 from cryptoconditions.exceptions import ( - ParsingError, ASN1DecodeError, ASN1EncodeError) + ParsingError, ASN1DecodeError, ASN1EncodeError, UnsupportedTypeError) from bigchaindb.common.crypto import PrivateKey, hash_data from bigchaindb.common.exceptions import (KeypairMismatchException, InvalidHash, InvalidSignature, - AmountError, AssetIdMismatch) + AmountError, AssetIdMismatch, + ThresholdTooDeep) from bigchaindb.common.utils import serialize @@ -66,15 +67,7 @@ class Input(object): try: fulfillment = self.fulfillment.serialize_uri() except (TypeError, AttributeError, ASN1EncodeError): - # NOTE: When a non-signed transaction is casted to a dict, - # `self.inputs` value is lost, as in the node's - # transaction model that is saved to the database, does not - # account for its dictionary form but just for its signed uri - # form. - # Hence, when a non-signed fulfillment is to be cast to a - # dict, we just call its internal `to_dict` method here and - # its `from_dict` method in `Fulfillment.from_dict`. - fulfillment = self.fulfillment.to_dict() + fulfillment = _fulfillment_to_details(self.fulfillment) try: # NOTE: `self.fulfills` can be `None` and that's fine @@ -125,11 +118,63 @@ class Input(object): except TypeError: # NOTE: See comment about this special case in # `Input.to_dict` - fulfillment = Fulfillment.from_dict(data['fulfillment']) + fulfillment = _fulfillment_from_details(data['fulfillment']) fulfills = TransactionLink.from_dict(data['fulfills']) return cls(fulfillment, data['owners_before'], fulfills) +def _fulfillment_to_details(fulfillment): + """ + Encode a fulfillment as a details dictionary + + Args: + fulfillment: Crypto-conditions Fulfillment object + """ + + if fulfillment.type_name == 'ed25519-sha-256': + return { + 'type': 'ed25519-sha-256', + 'public_key': base58.b58encode(fulfillment.public_key), + } + + if fulfillment.type_name == 'threshold-sha-256': + subconditions = [ + _fulfillment_to_details(cond['body']) + for cond in fulfillment.subconditions + ] + return { + 'type': 'threshold-sha-256', + 'threshold': fulfillment.threshold, + 'subconditions': subconditions, + } + + raise UnsupportedTypeError(fulfillment.type_name) + + +def _fulfillment_from_details(data): + """ + Load a fulfillment for a signing spec dictionary + + Args: + data: tx.output[].condition.details dictionary + """ + if data['type'] == 'ed25519-sha-256': + public_key = base58.b58decode(data['public_key']) + return Ed25519Sha256(public_key=public_key) + + if data['type'] == 'threshold-sha-256': + try: + threshold = ThresholdSha256(data['threshold']) + for cond in data['subconditions']: + cond = _fulfillment_from_details(cond) + threshold.add_subfulfillment(cond) + return threshold + except RecursionError: + raise ThresholdTooDeep() + + raise UnsupportedTypeError(data.get('type')) + + class TransactionLink(object): """An object for unidirectional linking to a Transaction's Output. @@ -262,7 +307,7 @@ class Output(object): # and fulfillment! condition = {} try: - condition['details'] = self.fulfillment.to_dict() + condition['details'] = _fulfillment_to_details(self.fulfillment) except AttributeError: pass @@ -389,7 +434,7 @@ class Output(object): :class:`~bigchaindb.common.transaction.Output` """ try: - fulfillment = Fulfillment.from_dict(data['condition']['details']) + fulfillment = _fulfillment_from_details(data['condition']['details']) except KeyError: # NOTE: Hashlock condition case fulfillment = data['condition']['uri'] diff --git a/bigchaindb/utils.py b/bigchaindb/utils.py index f87916b7..1738d70b 100644 --- a/bigchaindb/utils.py +++ b/bigchaindb/utils.py @@ -96,8 +96,8 @@ def condition_details_has_owner(condition_details, owner): bool: True if the public key is found in the condition details, False otherwise """ - if 'subfulfillments' in condition_details: - result = condition_details_has_owner(condition_details['subfulfillments'], owner) + if 'subconditions' in condition_details: + result = condition_details_has_owner(condition_details['subconditions'], owner) if result: return True diff --git a/docs/server/source/data-models/inputs-outputs.rst b/docs/server/source/data-models/inputs-outputs.rst index 62deb9d3..da190477 100644 --- a/docs/server/source/data-models/inputs-outputs.rst +++ b/docs/server/source/data-models/inputs-outputs.rst @@ -81,30 +81,20 @@ to spend the asset. For example: { "condition": { "details": { - "bitmask": 41, - "subfulfillments": [ + "type": "threshold-sha-256", + "threshold": 2, + "subconditions": [ { - "bitmask": 32, "public_key": "", - "signature": null, - "type": "fulfillment", - "type_id": 4, - "weight": 1 + "type": "ed25519-sha-256", }, { - "bitmask": 32, "public_key": "", - "signature": null, - "type": "fulfillment", - "type_id": 4, - "weight": 1 + "type": "ed25519-sha-256", } ], - "threshold": 2, - "type": "fulfillment", - "type_id": 2 }, - "uri": "cc:2:29:ytNK3X6-bZsbF-nCGDTuopUIMi1HCyCkyPewm6oLI3o:206"}, + "uri": "ni:///sha-256;PNYwdxaRaNw60N6LDFzOWO97b8tJeragczakL8PrAPc?fpt=ed25519-sha-256&cost=131072"}, "public_keys": [ "", "" @@ -112,11 +102,10 @@ to spend the asset. For example: } -- ``subfulfillments``: a list of fulfillments - - ``weight``: integer weight for each subfulfillment's contribution to the threshold -- ``threshold``: threshold to reach for the subfulfillments to reach a valid fulfillment +- ``subconditions``: a list of condition specs +- ``threshold``: threshold to reach for the subconditions to reach a valid fulfillment -The ``weight``s and ``threshold`` could be adjusted. For example, if the ``threshold`` was changed to 1 above, then only one of the new owners would have to provide a signature to spend the asset. +The ``threshold`` can be adjusted. For example, if the ``threshold`` was changed to 1 above, then only one of the new owners would have to provide a signature to spend the asset. If it is desired to give a different weight to a subcondition, it should be specified multiple times. Inputs ------ diff --git a/tests/assets/test_divisible_assets.py b/tests/assets/test_divisible_assets.py index e1ea726f..123fe063 100644 --- a/tests/assets/test_divisible_assets.py +++ b/tests/assets/test_divisible_assets.py @@ -52,8 +52,8 @@ def test_single_in_single_own_single_out_multiple_own_create(b, user_pk): assert tx_signed.outputs[0].amount == 100 output = tx_signed.outputs[0].to_dict() - assert 'subfulfillments' in output['condition']['details'] - assert len(output['condition']['details']['subfulfillments']) == 2 + assert 'subconditions' in output['condition']['details'] + assert len(output['condition']['details']['subconditions']) == 2 assert len(tx_signed.inputs) == 1 @@ -76,8 +76,8 @@ def test_single_in_single_own_multiple_out_mix_own_create(b, user_pk): assert tx_signed.outputs[1].amount == 50 output_cid1 = tx_signed.outputs[1].to_dict() - assert 'subfulfillments' in output_cid1['condition']['details'] - assert len(output_cid1['condition']['details']['subfulfillments']) == 2 + assert 'subconditions' in output_cid1['condition']['details'] + assert len(output_cid1['condition']['details']['subconditions']) == 2 assert len(tx_signed.inputs) == 1 @@ -89,6 +89,7 @@ def test_single_in_single_own_multiple_out_mix_own_create(b, user_pk): def test_single_in_multiple_own_single_out_single_own_create(b, user_pk, user_sk): from bigchaindb.models import Transaction + from bigchaindb.common.transaction import _fulfillment_to_details tx = Transaction.create([b.me, user_pk], [([user_pk], 100)]) tx_signed = tx.sign([b.me_private, user_sk]) @@ -97,9 +98,9 @@ def test_single_in_multiple_own_single_out_single_own_create(b, user_pk, assert tx_signed.outputs[0].amount == 100 assert len(tx_signed.inputs) == 1 - ffill = tx_signed.inputs[0].fulfillment.to_dict() - assert 'subfulfillments' in ffill - assert len(ffill['subfulfillments']) == 2 + ffill = _fulfillment_to_details(tx_signed.inputs[0].fulfillment) + assert 'subconditions' in ffill + assert len(ffill['subconditions']) == 2 # TRANSFER divisible asset @@ -207,8 +208,8 @@ def test_single_in_single_own_single_out_multiple_own_transfer(b, user_pk, assert tx_transfer_signed.outputs[0].amount == 100 condition = tx_transfer_signed.outputs[0].to_dict() - assert 'subfulfillments' in condition['condition']['details'] - assert len(condition['condition']['details']['subfulfillments']) == 2 + assert 'subconditions' in condition['condition']['details'] + assert len(condition['condition']['details']['subconditions']) == 2 assert len(tx_transfer_signed.inputs) == 1 @@ -248,8 +249,8 @@ def test_single_in_single_own_multiple_out_mix_own_transfer(b, user_pk, assert tx_transfer_signed.outputs[1].amount == 50 output_cid1 = tx_transfer_signed.outputs[1].to_dict() - assert 'subfulfillments' in output_cid1['condition']['details'] - assert len(output_cid1['condition']['details']['subfulfillments']) == 2 + assert 'subconditions' in output_cid1['condition']['details'] + assert len(output_cid1['condition']['details']['subconditions']) == 2 assert len(tx_transfer_signed.inputs) == 1 @@ -264,6 +265,7 @@ def test_single_in_single_own_multiple_out_mix_own_transfer(b, user_pk, def test_single_in_multiple_own_single_out_single_own_transfer(b, user_pk, user_sk): from bigchaindb.models import Transaction + from bigchaindb.common.transaction import _fulfillment_to_details # CREATE divisible asset tx_create = Transaction.create([b.me], [([b.me, user_pk], 100)]) @@ -286,9 +288,9 @@ def test_single_in_multiple_own_single_out_single_own_transfer(b, user_pk, assert tx_transfer_signed.outputs[0].amount == 100 assert len(tx_transfer_signed.inputs) == 1 - ffill = tx_transfer_signed.inputs[0].fulfillment.to_dict() - assert 'subfulfillments' in ffill - assert len(ffill['subfulfillments']) == 2 + ffill = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment) + assert 'subconditions' in ffill + assert len(ffill['subconditions']) == 2 # TRANSFER divisible asset @@ -334,6 +336,7 @@ def test_multiple_in_single_own_single_out_single_own_transfer(b, user_pk, def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk, user_sk): from bigchaindb.models import Transaction + from bigchaindb.common.transaction import _fulfillment_to_details # CREATE divisible asset tx_create = Transaction.create([b.me], [([user_pk, b.me], 50), ([user_pk, b.me], 50)]) @@ -356,12 +359,12 @@ def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk, assert tx_transfer_signed.outputs[0].amount == 100 assert len(tx_transfer_signed.inputs) == 2 - ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict() - ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict() - assert 'subfulfillments' in ffill_fid0 - assert 'subfulfillments' in ffill_fid1 - assert len(ffill_fid0['subfulfillments']) == 2 - assert len(ffill_fid1['subfulfillments']) == 2 + ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment) + ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment) + assert 'subconditions' in ffill_fid0 + assert 'subconditions' in ffill_fid1 + assert len(ffill_fid0['subconditions']) == 2 + assert len(ffill_fid1['subconditions']) == 2 # TRANSFER divisible asset @@ -375,6 +378,7 @@ def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk, def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk, user_sk): from bigchaindb.models import Transaction + from bigchaindb.common.transaction import _fulfillment_to_details # CREATE divisible asset tx_create = Transaction.create([b.me], [([user_pk], 50), ([user_pk, b.me], 50)]) @@ -397,11 +401,11 @@ def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk, assert tx_transfer_signed.outputs[0].amount == 100 assert len(tx_transfer_signed.inputs) == 2 - ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict() - ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict() - assert 'subfulfillments' not in ffill_fid0 - assert 'subfulfillments' in ffill_fid1 - assert len(ffill_fid1['subfulfillments']) == 2 + ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment) + ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment) + assert 'subconditions' not in ffill_fid0 + assert 'subconditions' in ffill_fid1 + assert len(ffill_fid1['subconditions']) == 2 # TRANSFER divisible asset @@ -416,6 +420,7 @@ def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk, def test_muiltiple_in_mix_own_multiple_out_mix_own_transfer(b, user_pk, user_sk): from bigchaindb.models import Transaction + from bigchaindb.common.transaction import _fulfillment_to_details # CREATE divisible asset tx_create = Transaction.create([b.me], [([user_pk], 50), ([user_pk, b.me], 50)]) @@ -442,15 +447,15 @@ def test_muiltiple_in_mix_own_multiple_out_mix_own_transfer(b, user_pk, cond_cid0 = tx_transfer_signed.outputs[0].to_dict() cond_cid1 = tx_transfer_signed.outputs[1].to_dict() - assert 'subfulfillments' not in cond_cid0['condition']['details'] - assert 'subfulfillments' in cond_cid1['condition']['details'] - assert len(cond_cid1['condition']['details']['subfulfillments']) == 2 + assert 'subconditions' not in cond_cid0['condition']['details'] + assert 'subconditions' in cond_cid1['condition']['details'] + assert len(cond_cid1['condition']['details']['subconditions']) == 2 - ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict() - ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict() - assert 'subfulfillments' not in ffill_fid0 - assert 'subfulfillments' in ffill_fid1 - assert len(ffill_fid1['subfulfillments']) == 2 + ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment) + ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment) + assert 'subconditions' not in ffill_fid0 + assert 'subconditions' in ffill_fid1 + assert len(ffill_fid1['subconditions']) == 2 # TRANSFER divisible asset diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index 2cdfaac1..ffe42d1e 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -4,7 +4,7 @@ Tests for transaction validation are separate. """ from copy import deepcopy -from base58 import b58decode +from base58 import b58encode, b58decode from pytest import raises @@ -82,7 +82,10 @@ def test_output_serialization(user_Ed25519, user_pub): expected = { 'condition': { 'uri': user_Ed25519.condition_uri, - 'details': user_Ed25519.to_dict(), + 'details': { + 'type': 'ed25519-sha-256', + 'public_key': b58encode(user_Ed25519.public_key), + }, }, 'public_keys': [user_pub], 'amount': '1', @@ -100,7 +103,10 @@ def test_output_deserialization(user_Ed25519, user_pub): cond = { 'condition': { 'uri': user_Ed25519.condition_uri, - 'details': user_Ed25519.to_dict() + 'details': { + 'type': 'ed25519-sha-256', + 'public_key': b58encode(user_Ed25519.public_key), + }, }, 'public_keys': [user_pub], 'amount': '1', diff --git a/tests/validation/test_transaction_structure.py b/tests/validation/test_transaction_structure.py index 2a7d92fb..22c09651 100644 --- a/tests/validation/test_transaction_structure.py +++ b/tests/validation/test_transaction_structure.py @@ -5,9 +5,11 @@ structural / schematic issues are caught when reading a transaction """ import pytest +from unittest.mock import MagicMock from bigchaindb.common.exceptions import (AmountError, InvalidHash, - SchemaValidationError) + SchemaValidationError, + ThresholdTooDeep) from bigchaindb.models import Transaction @@ -161,6 +163,37 @@ def test_high_amounts(create_tx): validate(create_tx) +################################################################################ +# Conditions + +def test_handle_threshold_overflow(): + from bigchaindb.common import transaction + + cond = { + 'type': 'ed25519-sha-256', + 'public_key': 'a' * 43, + } + for i in range(1000): + cond = { + 'type': 'threshold-sha-256', + 'threshold': 1, + 'subconditions': [cond], + } + with pytest.raises(ThresholdTooDeep): + transaction._fulfillment_from_details(cond) + + +def test_unsupported_condition_type(): + from bigchaindb.common import transaction + from cryptoconditions.exceptions import UnsupportedTypeError + + with pytest.raises(UnsupportedTypeError): + transaction._fulfillment_from_details({'type': 'a'}) + + with pytest.raises(UnsupportedTypeError): + transaction._fulfillment_to_details(MagicMock(type_name='a')) + + ################################################################################ # Version From fa1c4843d5f7f25afa14620c4630ec02ffbdbc81 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 30 Jun 2017 09:51:35 +0200 Subject: [PATCH 51/54] Mention that the signature in 'fulfillment' is encoded --- docs/root/source/transaction-concepts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/source/transaction-concepts.md b/docs/root/source/transaction-concepts.md index cbbd4250..66c4ec0f 100644 --- a/docs/root/source/transaction-concepts.md +++ b/docs/root/source/transaction-concepts.md @@ -42,7 +42,7 @@ See BigchainDB Server [issue #626](https://github.com/bigchaindb/bigchaindb/issu A CREATE transaction must be signed by all the owners. (If you're looking for that signature, -it's in the one "fulfillment" of the one input.) +it's in the one "fulfillment" of the one input, albeit encoded.) ## TRANSFER Transactions From c7a6544070a39cb1a470a89f62e36d4cb0abc862 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 30 Jun 2017 11:09:19 +0200 Subject: [PATCH 52/54] Updated Docker image tag in MongoDB agent Deployment YAML files --- k8s/mongodb-backup-agent/mongo-backup-dep.yaml | 2 +- k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/mongodb-backup-agent/mongo-backup-dep.yaml b/k8s/mongodb-backup-agent/mongo-backup-dep.yaml index 0c49607f..74f89247 100644 --- a/k8s/mongodb-backup-agent/mongo-backup-dep.yaml +++ b/k8s/mongodb-backup-agent/mongo-backup-dep.yaml @@ -24,7 +24,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: mdb-backup - image: bigchaindb/mongodb-backup-agent:2.0 + image: bigchaindb/mongodb-backup-agent:3.0 imagePullPolicy: Always env: - name: MMS_API_KEYFILE_PATH diff --git a/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml b/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml index b03d0098..4ddb233d 100644 --- a/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml +++ b/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml @@ -24,7 +24,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: mdb-mon - image: bigchaindb/mongodb-monitoring-agent:2.0 + image: bigchaindb/mongodb-monitoring-agent:3.0 imagePullPolicy: Always env: - name: MMS_API_KEYFILE_PATH From dea77d32a543c49dd65d73acd2397b0714c2c736 Mon Sep 17 00:00:00 2001 From: Krish Date: Fri, 30 Jun 2017 13:37:41 +0200 Subject: [PATCH 53/54] Add documentation on exposed ports in k8s/nginx (#1610) * Add documentation on exposed ports in k8s/nginx * Clarity on port and targetPort parameters --- .../node-on-kubernetes.rst | 50 ++++++++++++++----- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index 4237fbe3..b35c0648 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -128,7 +128,22 @@ Step 4.1: Vanilla NGINX the ConfigMap followed by ``-dep``. For example, if the value set in the ``ngx-instance-name`` is ``ngx-instance-0``, set the ``spec.selector.app`` to ``ngx-instance-0-dep``. - + + * Set ``ngx-public-mdb-port.port`` to 27017, or the port number on which you + want to expose MongoDB service. + Set the ``ngx-public-mdb-port.targetPort`` to the port number on which the + Kubernetes MongoDB service will be present. + + * Set ``ngx-public-api-port.port`` to 80, or the port number on which you want to + expose BigchainDB API service. + Set the ``ngx-public-api-port.targetPort`` to the port number on which the + Kubernetes BigchainDB API service will present. + + * Set ``ngx-public-ws-port.port`` to 81, or the port number on which you want to + expose BigchainDB Websocket service. + Set the ``ngx-public-ws-port.targetPort`` to the port number on which the + BigchainDB Websocket service will be present. + * Start the Kubernetes Service: .. code:: bash @@ -155,6 +170,27 @@ Step 4.2: OpenResty NGINX + 3scale ``ngx-instance-name`` is ``ngx-instance-0``, set the ``spec.selector.app`` to ``ngx-instance-0-dep``. + * Set ``ngx-public-mdb-port.port`` to 27017, or the port number on which you + want to expose MongoDB service. + Set the ``ngx-public-mdb-port.targetPort`` to the port number on which the + Kubernetes MongoDB service will be present. + + * Set ``ngx-public-3scale-port.port`` to 8080, or the port number on which + you want to let 3scale communicate with Openresty NGINX for authenctication. + Set the ``ngx-public-3scale-port.targetPort`` to the port number on which + this Openresty NGINX service will be listening to for communication with + 3scale. + + * Set ``ngx-public-bdb-port.port`` to 443, or the port number on which you want + to expose BigchainDB API service. + Set the ``ngx-public-api-port.targetPort`` to the port number on which the + Kubernetes BigchainDB API service will present. + + * Set ``ngx-public-bdb-port-http.port`` to 80, or the port number on which you + want to expose BigchainDB Websocket service. + Set the ``ngx-public-bdb-port-http.targetPort`` to the port number on which the + BigchainDB Websocket service will be present. + * Start the Kubernetes Service: .. code:: bash @@ -277,12 +313,6 @@ Step 8.1: Vanilla NGINX ``BIGCHAINDB_BACKEND_HOST`` env var to ``bdb-instance-0.default.svc.cluster.local``. - * Set ``MONGODB_FRONTEND_PORT`` to 27017, or the port number on which you - want to expose MongoDB service. - - * Set ``BIGCHAINDB_FRONTEND_PORT`` to 80, or the port number on which you - want to expose BigchainDB service. - * Start the Kubernetes Deployment: .. code:: bash @@ -315,12 +345,6 @@ Step 8.2: OpenResty NGINX + 3scale ``BIGCHAINDB_BACKEND_HOST`` env var to ``bdb-instance-0.default.svc.cluster.local``. - * Set ``MONGODB_FRONTEND_PORT`` to 27017, or the port number on which you - want to expose the MongoDB service. - - * Set ``BIGCHAINDB_FRONTEND_PORT`` to 443, or the port number on which you - want to expose the BigchainDB service over HTTPS. - * Start the Kubernetes Deployment: .. code:: bash From b33f7180974ed2babb04fdbd19850d54748eea92 Mon Sep 17 00:00:00 2001 From: Krish Date: Fri, 30 Jun 2017 14:59:14 +0200 Subject: [PATCH 54/54] Use ConfigMap values in bigchaindb-dep.yaml (#1618) * Use ConfigMap values in bigchaindb-dep.yaml * Removed comments from top of bigchaindb-dep.yaml Because they didn't add much information and they also contained a dated Docker Hub version tag. --- k8s/bigchaindb/bigchaindb-dep.yaml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 9aea8f7c..6a781985 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -1,9 +1,3 @@ -############################################################### -# This config file runs bigchaindb:0.10.1 as a k8s Deployment # -# and it connects to the mongodb backend running as a # -# separate pod # -############################################################### - apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -24,7 +18,10 @@ spec: - start env: - name: BIGCHAINDB_DATABASE_HOST - value: mdb-instance-0 + valueFrom: + configMapKeyRef: + name: vars + key: mdb-instance-name - name: BIGCHAINDB_DATABASE_PORT value: "27017" - name: BIGCHAINDB_DATABASE_REPLICASET @@ -40,7 +37,10 @@ spec: - name: BIGCHAINDB_WSSERVER_PORT value: "9985" - name: BIGCHAINDB_KEYPAIR_PUBLIC - value: "" + valueFrom: + configMapKeyRef: + name: bdb-public-key + key: bdb-public-key - name: BIGCHAINDB_KEYPAIR_PRIVATE value: "" - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY @@ -63,7 +63,10 @@ spec: value: /etc/bigchaindb/ssl/bdb-user # The following env var is not required for the bootstrap/first node #- name: BIGCHAINDB_KEYRING - # value: "" + # valueFrom: + # configMapKeyRef: + # name: bdb-keyring + # key: bdb-keyring ports: - containerPort: 9984 hostPort: 9984