bigchaindb/bigchaindb
1
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-06-26 11:16:44 +02:00
Code Releases Activity

Merge remote-tracking branch 'origin/master' into update-tx-model-docs-page

Browse Source
This commit is contained in:
Troy McConaghy 2017-06-30 13:44:04 +02:00
commit d99c7069e0
72 changed files with 1770 additions and 938 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ci/travis-install.sh
View File

@ -7,6 +7,6 @@ pip install --upgrade pip
if [[ -n ${TOXENV} ]]; then
pip install --upgrade tox
else
pip install -e .[test]
pip install .[test]
pip install --upgrade codecov
fi

11
.travis.yml
View File

@ -2,7 +2,6 @@ language: python
cache: pip
python:
- 3.4
- 3.5
- 3.6
@ -14,12 +13,6 @@ env:
matrix:
fast_finish: true
exclude:
- python: 3.4
env: TOXENV=flake8
- python: 3.4
env: TOXENV=docsroot
- python: 3.4
env: TOXENV=docsserver
- python: 3.5
env: TOXENV=flake8
- python: 3.5
@ -27,10 +20,6 @@ matrix:
- python: 3.5
env: TOXENV=docsserver
include:
- python: 3.4
addons:
rethinkdb: '2.3.5'
env: BIGCHAINDB_DATABASE_BACKEND=rethinkdb
- python: 3.5
addons:
rethinkdb: '2.3.5'

66
CHANGELOG.md
View File

@ -1,7 +1,7 @@
# Change Log (Release Notes)
All _notable_ changes to this project will be documented in this file (`CHANGELOG.md`).
This project adheres to [Semantic Versioning](http://semver.org/) (or at least we try).
This project adheres to [the Python form of Semantic Versioning](https://packaging.python.org/tutorials/distributing-packages/#choosing-a-versioning-scheme) (or at least we try).
Contributors to this file, please follow the guidelines on [keepachangelog.com](http://keepachangelog.com/).
Note that each version (or "release") is the name of a [Git _tag_](https://git-scm.com/book/en/v2/Git-Basics-Tagging) of a particular commit, so the associated date and time are the date and time of that commit (as reported by GitHub), _not_ the "Uploaded on" date listed on PyPI (which may differ).
For reference, the possible headings are:
@ -15,14 +15,70 @@ For reference, the possible headings are:
* **External Contributors** to list contributors outside of BigchainDB GmbH.
* **Notes**
## [1.0.0rc1] - 2017-06-23
Tag name: v1.0.0rc1
### Added
* Support for secure TLS/SSL communication between MongoDB and {BigchainDB, MongoDB Backup Agent, MongoDB Monitoring Agent}. Pull Requests
[#1456](https://github.com/bigchaindb/bigchaindb/pull/1456),
[#1497](https://github.com/bigchaindb/bigchaindb/pull/1497),
[#1510](https://github.com/bigchaindb/bigchaindb/pull/1510),
[#1536](https://github.com/bigchaindb/bigchaindb/pull/1536),
[#1551](https://github.com/bigchaindb/bigchaindb/pull/1551) and
[#1552](https://github.com/bigchaindb/bigchaindb/pull/1552).
* Text search support (only if using MongoDB). Pull Requests [#1469](https://github.com/bigchaindb/bigchaindb/pull/1469) and [#1471](https://github.com/bigchaindb/bigchaindb/pull/1471)
* The `database.connection_timeout` configuration setting now works with RethinkDB too. [#1512](https://github.com/bigchaindb/bigchaindb/pull/1512)
* New code and tools for benchmarking CREATE transactions. [Pull Request #1511](https://github.com/bigchaindb/bigchaindb/pull/1511)
### Changed
* There's an upgrade guide in `docs/upgrade-guides/v0.10-->v1.0.md`. It only covers changes to the transaction model and HTTP API. If that file hasn't been merged yet, see [Pull Request #1547](https://github.com/bigchaindb/bigchaindb/pull/1547)
* Cryptographic signatures now sign the whole (serialized) transaction body, including the transaction ID, but with all `"fulfillment"` values changed to `None`. [Pull Request #1225](https://github.com/bigchaindb/bigchaindb/pull/1225)
* In transactions, the value of `"amount"` must be a string. (Before, it was supposed to be a number.) [Pull Request #1286](https://github.com/bigchaindb/bigchaindb/pull/1286)
* In `setup.py`, the "Development Status" (as reported on PyPI) was changed from Alpha to Beta. [Pull Request #1437](https://github.com/bigchaindb/bigchaindb/pull/1437)
* If you explicitly specify a config file, e.g. `bigchaindb -c path/to/config start` and that file can't be found, then BigchainDB Server will fail with a helpful error message. [Pull Request #1486](https://github.com/bigchaindb/bigchaindb/pull/1486)
* Reduced the response time on the HTTP API endpoint to get all the unspent outputs associated with a given public key (a.k.a. "fast unspents"). [Pull Request #1411](https://github.com/bigchaindb/bigchaindb/pull/1411)
* Internally, the value of an asset's `"data"` is now stored in a separate assets table. This enabled the new text search. Each asset data is stored along with the associated CREATE transaction ID (asset ID). That data gets written when the containing block gets written to the bigchain table. [Pull Request #1460](https://github.com/bigchaindb/bigchaindb/pull/1460)
* Schema validation was sped up by switching to `rapidjson-schema`. [Pull Request #1494](https://github.com/bigchaindb/bigchaindb/pull/1494)
* If a node comes back from being down for a while, it will resume voting on blocks in the order determined by the MongoDB oplog, in the case of MongoDB. (In the case of RethinkDB, blocks missed in the changefeed will not be voted on.) [Pull Request #1389](https://github.com/bigchaindb/bigchaindb/pull/1389)
* Parallelized transaction schema validation in the vote pipeline. [Pull Request #1492](https://github.com/bigchaindb/bigchaindb/pull/1492)
* `asset.data` or `asset.id` are now *required* in a CREATE or TRANSFER transaction, respectively. [Pull Request #1518](https://github.com/bigchaindb/bigchaindb/pull/1518)
* The HTTP response body, in the response to the `GET /` and the `GET /api/v1` endpoints, was changed substantially. [Pull Request #1529](https://github.com/bigchaindb/bigchaindb/pull/1529)
* Changed the HTTP `GET /api/v1/transactions/{transaction_id}` endpoint. It now only returns the transaction if it's in a valid block. It also returns a new header with a relative link to a status monitor. [Pull Request #1543](https://github.com/bigchaindb/bigchaindb/pull/1543)
* All instances of `txid` and `tx_id` were replaced with `transaction_id`, in the transaction model and the HTTP API. [Pull Request #1532](https://github.com/bigchaindb/bigchaindb/pull/1532)
* The hostname and port were removed from all URLs in all HTTP API responses. [Pull Request #1538](https://github.com/bigchaindb/bigchaindb/pull/1538)
* Relative links were replaced with JSON objects in HTTP API responses. [Pull Request #1541](https://github.com/bigchaindb/bigchaindb/pull/1541)
* In the outputs endpoint of the HTTP API, the query parameter `unspent` was changed to `spent` (so no more double negatives). If that query parameter isn't included, then all outputs matching the specificed public key will be returned. If `spent=true`, then only the spent outputs will be returned. If `spent=false`, then only the unspent outputs will be returned. [Pull Request #1545](https://github.com/bigchaindb/bigchaindb/pull/1545)
* The supported crypto-conditions changed from version 01 of the crypto-conditions spec to version 02. [Pull Request #1562](https://github.com/bigchaindb/bigchaindb/pull/1562)
* The value of "version" inside a transaction must now be "1.0". (Before, it could be "0.anything".) [Pull Request #1574](https://github.com/bigchaindb/bigchaindb/pull/1574)
### Removed
* The `server.threads` configuration setting (for the Gunicorn HTTP server) was removed from the default set of BigchainDB configuration settings. [Pull Request #1488](https://github.com/bigchaindb/bigchaindb/pull/1488)
### Fixed
* The `GET /api/v1/outputs` endpoint was failing for some transactions with threshold conditions. Fixed in [Pull Request #1450](https://github.com/bigchaindb/bigchaindb/pull/1450)
### External Contributors
* @elopio - Pull Requests [#1415](https://github.com/bigchaindb/bigchaindb/pull/1415) and [#1491](https://github.com/bigchaindb/bigchaindb/pull/1491)
* @CsterKuroi - [Pull Request #1447](https://github.com/bigchaindb/bigchaindb/pull/1447)
* @tdsgit - [Pull Request #1512](https://github.com/bigchaindb/bigchaindb/pull/1512)
* @lavinasachdev3 - [Pull Request #1357](https://github.com/bigchaindb/bigchaindb/pull/1357)
### Notes
* We dropped support for Python 3.4. [Pull Request #1564](https://github.com/bigchaindb/bigchaindb/pull/1564)
* There were many improvements to our Kubernetes-based production deployment template (and the associated documentaiton).
* There is now a [BigchainDB Ruby driver](https://github.com/LicenseRocks/bigchaindb_ruby), created by @addywaddy at [license.rocks](https://github.com/bigchaindb/bigchaindb/pull/1437).
* The [BigchainDB JavaScript driver](https://github.com/bigchaindb/js-bigchaindb-driver) was moved to a different GitHub repo and is now officially maintained by the BigchainDB team.
* We continue to recommend using MongoDB.
## [0.10.2] - 2017-05-16
Tag name: v0.10.2
## Added
### Added
* Add Cross Origin Resource Sharing (CORS) support for the HTTP API.
[Commit 6cb7596](https://github.com/bigchaindb/bigchaindb/commit/6cb75960b05403c77bdae0fd327612482589efcb)
## Fixed
### Fixed
* Fixed `streams_v1` API link in response to `GET /api/v1`.
[Pull Request #1466](https://github.com/bigchaindb/bigchaindb/pull/1466)
* Fixed mismatch between docs and implementation for `GET /blocks?status=`
@ -32,10 +88,10 @@ Tag name: v0.10.2
## [0.10.1] - 2017-04-19
Tag name: v0.10.1
## Added
### Added
* Documentation for the BigchainDB settings `wsserver.host` and `wsserver.port`. [Pull Request #1408](https://github.com/bigchaindb/bigchaindb/pull/1408)
## Fixed
### Fixed
* Fixed `Dockerfile`, which was failing to build. It now starts `FROM python:3.6` (instead of `FROM ubuntu:xenial`). [Pull Request #1410](https://github.com/bigchaindb/bigchaindb/pull/1410)
* Fixed the `Makefile` so that `release` depends on `dist`. [Pull Request #1405](https://github.com/bigchaindb/bigchaindb/pull/1405)

2
CONTRIBUTING.md
View File

@ -41,7 +41,7 @@ Familiarize yourself with how we do coding and documentation in the BigchainDB p
### Step 2 - Install some Dependencies
* [Install RethinkDB Server](https://rethinkdb.com/docs/install/)
* Make sure you have Python 3.4+ (preferably in a virtualenv)
* Make sure you have Python 3.5+ (preferably in a virtualenv)
* [Install BigchaindB Server's OS-level dependencies](https://docs.bigchaindb.com/projects/server/en/latest/appendices/install-os-level-deps.html)
* [Make sure you have the latest Python 3 version of pip and setuptools](https://docs.bigchaindb.com/projects/server/en/latest/appendices/install-latest-pip.html)

2
Dockerfile
View File

@ -8,7 +8,7 @@ RUN apt-get -qq update \
&& pip install --no-cache-dir . \
&& apt-get autoremove \
&& apt-get clean
VOLUME ["/data"]
VOLUME ["/data", "/certs"]
WORKDIR /data
ENV BIGCHAINDB_CONFIG_PATH /data/.bigchaindb
ENV BIGCHAINDB_SERVER_BIND 0.0.0.0:9984

1
Dockerfile-dev
View File

@ -3,6 +3,7 @@ LABEL maintainer "dev@bigchaindb.com"
RUN apt-get update \
&& apt-get install -y vim \
&& pip install -U pip \
&& pip install pynacl \
&& apt-get autoremove \
&& apt-get clean

2
PYTHON_STYLE_GUIDE.md
View File

@ -6,7 +6,7 @@ This guide starts out with our general Python coding style guidelines and ends w
Our starting point is [PEP8](https://www.python.org/dev/peps/pep-0008/), the standard "Style Guide for Python Code." Many Python IDEs will check your code against PEP8. (Note that PEP8 isn't frozen; it actually changes over time, but slowly.)
BigchainDB uses Python 3.4+, so you can ignore all PEP8 guidelines specific to Python 2.
BigchainDB uses Python 3.5+, so you can ignore all PEP8 guidelines specific to Python 2.
### Python Docstrings

11
Release_Process.md → RELEASE_PROCESS.md
View File

@ -2,8 +2,14 @@
The release process for BigchainDB server differs slightly depending on whether it's a minor or a patch release.
BigchainDB follows [semantic versioning](http://semver.org/) (i.e. MAJOR.MINOR.PATCH), taking into account
that [major version 0.x does not export a stable API](http://semver.org/#spec-item-4).
BigchainDB follows
[the Python form of Semantic Versioning](https://packaging.python.org/tutorials/distributing-packages/#choosing-a-versioning-scheme)
(i.e. MAJOR.MINOR.PATCH),
which is almost identical
to [regular semantic versioning](http://semver.org/)
except release candidates are labelled like
`3.4.5rc2` not `3.4.5-rc2` (with no hyphen).
## Minor release
@ -14,6 +20,7 @@ A minor release is preceeded by a feature freeze and created from the 'master' b
1. Create and checkout a new branch for the minor release, named after the minor version, without a preceeding 'v', e.g. `git checkout -b 0.9` (*not* 0.9.0, this new branch will be for e.g. 0.9.0, 0.9.1, 0.9.2, etc. each of which will be identified by a tagged commit)
1. In `bigchaindb/version.py`, update `__version__` and `__short_version__`, e.g. to `0.9` and `0.9.0` (with no `.dev` on the end)
1. Commit that change, and push the new branch to GitHub
1. On GitHub, use the new branch to create a new pull request and wait for all the tests to pass
1. Follow steps outlined in [Common Steps](#common-steps)
1. In 'master' branch, Edit `bigchaindb/version.py`, increment the minor version to the next planned release, e.g. `0.10.0.dev`. This is so people reading the latest docs will know that they're for the latest (master branch) version of BigchainDB Server, not the docs at the time of the most recent release (which are also available).
1. Go to [Docker Hub](https://hub.docker.com/), sign in, go to Settings - Build Settings, and under the build with Docker Tag Name equal to `latest`, change the Name to the number of the new release, e.g. `0.9`

4
bigchaindb/backend/exceptions.py
View File

@ -9,10 +9,6 @@ class ConnectionError(BackendError):
"""Exception raised when the connection to the backend fails."""
class AuthenticationError(ConnectionError):
"""Exception raised when MongoDB Authentication fails"""
class OperationError(BackendError):
"""Exception raised when a backend operation fails."""

27
bigchaindb/backend/mongodb/connection.py
View File

@ -9,8 +9,7 @@ from bigchaindb.utils import Lazy
from bigchaindb.common.exceptions import ConfigurationError
from bigchaindb.backend.exceptions import (DuplicateKeyError,
OperationError,
ConnectionError,
AuthenticationError)
ConnectionError)
from bigchaindb.backend.connection import Connection
logger = logging.getLogger(__name__)
@ -113,6 +112,8 @@ class MongoDBConnection(Connection):
replicaset=self.replicaset,
serverselectiontimeoutms=self.connection_timeout,
ssl=self.ssl)
if self.login is not None and self.password is not None:
client[self.dbname].authenticate(self.login, self.password)
else:
logger.info('Connecting to MongoDB over TLS/SSL...')
client = pymongo.MongoClient(self.host,
@ -126,10 +127,9 @@ class MongoDBConnection(Connection):
ssl_pem_passphrase=self.keyfile_passphrase,
ssl_crlfile=self.crlfile,
ssl_cert_reqs=CERT_REQUIRED)
# authenticate with the specified user if the connection succeeds
if self.login is not None and self.password is not None:
client[self.dbname].authenticate(self.login, self.password)
if self.login is not None:
client[self.dbname].authenticate(self.login,
mechanism='MONGODB-X509')
return client
@ -138,9 +138,7 @@ class MongoDBConnection(Connection):
except (pymongo.errors.ConnectionFailure,
pymongo.errors.OperationFailure) as exc:
logger.info('Exception in _connect(): {}'.format(exc))
if "Authentication fail" in str(exc):
raise AuthenticationError() from exc
raise ConnectionError() from exc
raise ConnectionError(str(exc)) from exc
except pymongo.errors.ConfigurationError as exc:
raise ConfigurationError from exc
@ -163,6 +161,8 @@ def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login,
port,
serverselectiontimeoutms=connection_timeout,
ssl=ssl)
if login is not None and password is not None:
conn[dbname].authenticate(login, password)
else:
logger.info('Connecting to MongoDB over TLS/SSL...')
conn = pymongo.MongoClient(host,
@ -175,16 +175,17 @@ def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login,
ssl_pem_passphrase=keyfile_passphrase,
ssl_crlfile=crlfile,
ssl_cert_reqs=CERT_REQUIRED)
if login is not None:
logger.info('Authenticating to the database...')
conn[dbname].authenticate(login, mechanism='MONGODB-X509')
except (pymongo.errors.ConnectionFailure,
pymongo.errors.OperationFailure) as exc:
raise ConnectionError() from exc
logger.info('Exception in _connect(): {}'.format(exc))
raise ConnectionError(str(exc)) from exc
except pymongo.errors.ConfigurationError as exc:
raise ConfigurationError from exc
if login is not None and password is not None:
conn[dbname].authenticate(login, password)
_check_replica_set(conn)
host = '{}:{}'.format(bigchaindb.config['database']['host'],
bigchaindb.config['database']['port'])

4
bigchaindb/backend/mongodb/query.py
View File

@ -158,7 +158,7 @@ def get_spent(conn, transaction_id, output):
'block.transactions.inputs': {
'$elemMatch': {
'fulfills.transaction_id': transaction_id,
'fulfills.output': output,
'fulfills.output_index': output,
},
},
}},
@ -167,7 +167,7 @@ def get_spent(conn, transaction_id, output):
'block.transactions.inputs': {
'$elemMatch': {
'fulfills.transaction_id': transaction_id,
'fulfills.output': output,
'fulfills.output_index': output,
},
},
}},

2
bigchaindb/backend/mongodb/schema.py
View File

@ -72,7 +72,7 @@ def create_bigchain_secondary_index(conn, dbname):
conn.conn[dbname]['bigchain']\
.create_index([
('block.transactions.inputs.fulfills.transaction_id', ASCENDING),
('block.transactions.inputs.fulfills.output', ASCENDING),
('block.transactions.inputs.fulfills.output_index', ASCENDING),
], name='inputs')

4
bigchaindb/backend/rethinkdb/query.py
View File

@ -123,7 +123,7 @@ def get_spent(connection, transaction_id, output):
.concat_map(lambda doc: doc['block']['transactions'])
.filter(lambda transaction: transaction['inputs'].contains(
lambda input_: input_['fulfills'] == {
'transaction_id': transaction_id, 'output': output})))
'transaction_id': transaction_id, 'output_index': output})))
@register_query(RethinkDBConnection)
@ -287,7 +287,7 @@ def unwind_block_transactions(block):
def get_spending_transactions(connection, links):
query = (
r.table('bigchain')
.get_all(*[(l['transaction_id'], l['output']) for l in links],
.get_all(*[(l['transaction_id'], l['output_index']) for l in links],
index='inputs')
.concat_map(unwind_block_transactions)
# filter transactions spending output

4
bigchaindb/backend/rethinkdb/schema.py
View File

@ -86,9 +86,9 @@ def create_bigchain_secondary_index(connection, dbname):
.index_create('inputs',
r.row['block']['transactions']
.concat_map(lambda tx: tx['inputs']['fulfills'])
.with_fields('transaction_id', 'output')
.with_fields('transaction_id', 'output_index')
.map(lambda fulfills: [fulfills['transaction_id'],
fulfills['output']]),
fulfills['output_index']]),
multi=True))
# wait for rethinkdb to finish creating secondary indexes

4
bigchaindb/common/exceptions.py
View File

@ -106,3 +106,7 @@ class SybilError(ValidationError):
class DuplicateTransaction(ValidationError):
"""Raised if a duplicated transaction is found"""
class ThresholdTooDeep(ValidationError):
"""Raised if threshold condition is too deep"""

71
bigchaindb/common/schema/transaction.yaml
View File

@ -56,7 +56,7 @@ properties:
See: `Metadata`_.
version:
type: string
pattern: "^0\\."
pattern: "^1\\.0$"
description: |
BigchainDB transaction schema version.
definitions:
@ -150,11 +150,10 @@ definitions:
- uri
properties:
details:
type: object
additionalProperties: true
"$ref": "#/definitions/condition_details"
uri:
type: string
pattern: "^cc:([1-9a-f][0-9a-f]{0,3}|0):[1-9a-f][0-9a-f]{0,15}:[a-zA-Z0-9_-]{0,86}:([1-9][0-9]{0,17}|0)$"
pattern: "^ni:///sha-256;([a-zA-Z0-9_-]{0,86})?(.+)$"
public_keys:
"$ref": "#/definitions/public_keys"
description: |
@ -174,28 +173,14 @@ definitions:
description: |
List of public keys of the previous owners of the asset.
fulfillment:
description: |
Fulfillment of an `Output.condition`_, or, put a different way, a payload
that satisfies the condition of a previous output to prove that the
creator(s) of this transaction have control over the listed asset.
anyOf:
- type: object
additionalProperties: false
properties:
bitmask:
type: integer
public_key:
type: string
type:
type: string
signature:
anyOf:
- type: string
- type: 'null'
type_id:
type: integer
description: |
Fulfillment of an `Output.condition`_, or, put a different way, a payload
that satisfies the condition of a previous output to prove that the
creator(s) of this transaction have control over the listed asset.
- type: string
pattern: "^cf:([1-9a-f][0-9a-f]{0,3}|0):[a-zA-Z0-9_-]*$"
pattern: "^[a-zA-Z0-9_-]*$"
- "$ref": "#/definitions/condition_details"
fulfills:
anyOf:
- type: 'object'
@ -203,10 +188,10 @@ definitions:
Reference to the output that is being spent.
additionalProperties: false
required:
- output
- output_index
- transaction_id
properties:
output:
output_index:
"$ref": "#/definitions/offset"
description: |
Index of the output containing the condition being fulfilled
@ -224,3 +209,37 @@ definitions:
additionalProperties: true
minProperties: 1
- type: 'null'
condition_details:
description: |
Details needed to reconstruct the condition associated with an output.
Currently, BigchainDB only supports ed25519 and threshold condition types.
anyOf:
- type: object
additionalProperties: false
required:
- type
- public_key
properties:
type:
type: string
pattern: "^ed25519-sha-256$"
public_key:
"$ref": "#/definitions/base58"
- type: object
additionalProperties: false
required:
- type
- threshold
- subconditions
properties:
type:
type: "string"
pattern: "^threshold-sha-256$"
threshold:
type: integer
minimum: 1
maximum: 100
subconditions:
type: array
items:
"$ref": "#/definitions/condition_details"

174
bigchaindb/common/transaction.py
View File

@ -1,16 +1,17 @@
from copy import deepcopy
from functools import reduce
from cryptoconditions import (Fulfillment, ThresholdSha256Fulfillment,
Ed25519Fulfillment)
from cryptoconditions.exceptions import ParsingError
import base58
from cryptoconditions import Fulfillment, ThresholdSha256, Ed25519Sha256
from cryptoconditions.exceptions import (
ParsingError, ASN1DecodeError, ASN1EncodeError, UnsupportedTypeError)
from bigchaindb.common.crypto import PrivateKey, hash_data
from bigchaindb.common.exceptions import (KeypairMismatchException,
InvalidHash, InvalidSignature,
AmountError, AssetIdMismatch)
from bigchaindb.common.utils import serialize, gen_timestamp
import bigchaindb.version
AmountError, AssetIdMismatch,
ThresholdTooDeep)
from bigchaindb.common.utils import serialize
class Input(object):
@ -65,16 +66,8 @@ class Input(object):
"""
try:
fulfillment = self.fulfillment.serialize_uri()
except (TypeError, AttributeError):
# NOTE: When a non-signed transaction is casted to a dict,
# `self.inputs` value is lost, as in the node's
# transaction model that is saved to the database, does not
# account for its dictionary form but just for its signed uri
# form.
# Hence, when a non-signed fulfillment is to be cast to a
# dict, we just call its internal `to_dict` method here and
# its `from_dict` method in `Fulfillment.from_dict`.
fulfillment = self.fulfillment.to_dict()
except (TypeError, AttributeError, ASN1EncodeError):
fulfillment = _fulfillment_to_details(self.fulfillment)
try:
# NOTE: `self.fulfills` can be `None` and that's fine
@ -114,19 +107,74 @@ class Input(object):
Raises:
InvalidSignature: If an Input's URI couldn't be parsed.
"""
try:
fulfillment = Fulfillment.from_uri(data['fulfillment'])
except ValueError:
# TODO FOR CC: Throw an `InvalidSignature` error in this case.
raise InvalidSignature("Fulfillment URI couldn't been parsed")
except TypeError:
# NOTE: See comment about this special case in
# `Input.to_dict`
fulfillment = Fulfillment.from_dict(data['fulfillment'])
fulfillment = data['fulfillment']
if not isinstance(fulfillment, Fulfillment):
try:
fulfillment = Fulfillment.from_uri(data['fulfillment'])
except ASN1DecodeError:
# TODO Remove as it is legacy code, and simply fall back on
# ASN1DecodeError
raise InvalidSignature("Fulfillment URI couldn't been parsed")
except TypeError:
# NOTE: See comment about this special case in
# `Input.to_dict`
fulfillment = _fulfillment_from_details(data['fulfillment'])
fulfills = TransactionLink.from_dict(data['fulfills'])
return cls(fulfillment, data['owners_before'], fulfills)
def _fulfillment_to_details(fulfillment):
"""
Encode a fulfillment as a details dictionary
Args:
fulfillment: Crypto-conditions Fulfillment object
"""
if fulfillment.type_name == 'ed25519-sha-256':
return {
'type': 'ed25519-sha-256',
'public_key': base58.b58encode(fulfillment.public_key),
}
if fulfillment.type_name == 'threshold-sha-256':
subconditions = [
_fulfillment_to_details(cond['body'])
for cond in fulfillment.subconditions
]
return {
'type': 'threshold-sha-256',
'threshold': fulfillment.threshold,
'subconditions': subconditions,
}
raise UnsupportedTypeError(fulfillment.type_name)
def _fulfillment_from_details(data):
"""
Load a fulfillment for a signing spec dictionary
Args:
data: tx.output[].condition.details dictionary
"""
if data['type'] == 'ed25519-sha-256':
public_key = base58.b58decode(data['public_key'])
return Ed25519Sha256(public_key=public_key)
if data['type'] == 'threshold-sha-256':
try:
threshold = ThresholdSha256(data['threshold'])
for cond in data['subconditions']:
cond = _fulfillment_from_details(cond)
threshold.add_subfulfillment(cond)
return threshold
except RecursionError:
raise ThresholdTooDeep()
raise UnsupportedTypeError(data.get('type'))
class TransactionLink(object):
"""An object for unidirectional linking to a Transaction's Output.
@ -175,7 +223,7 @@ class TransactionLink(object):
:class:`~bigchaindb.common.transaction.TransactionLink`
"""
try:
return cls(link['transaction_id'], link['output'])
return cls(link['transaction_id'], link['output_index'])
except TypeError:
return cls()
@ -190,7 +238,7 @@ class TransactionLink(object):
else:
return {
'transaction_id': self.txid,
'output': self.output,
'output_index': self.output,
}
def to_uri(self, path=''):
@ -259,7 +307,7 @@ class Output(object):
# and fulfillment!
condition = {}
try:
condition['details'] = self.fulfillment.to_dict()
condition['details'] = _fulfillment_to_details(self.fulfillment)
except AttributeError:
pass
@ -310,13 +358,14 @@ class Output(object):
raise ValueError('`public_keys` needs to contain at least one'
'owner')
elif len(public_keys) == 1 and not isinstance(public_keys[0], list):
try:
ffill = Ed25519Fulfillment(public_key=public_keys[0])
except TypeError:
if isinstance(public_keys[0], Fulfillment):
ffill = public_keys[0]
else:
ffill = Ed25519Sha256(
public_key=base58.b58decode(public_keys[0]))
return cls(ffill, public_keys, amount=amount)
else:
initial_cond = ThresholdSha256Fulfillment(threshold=threshold)
initial_cond = ThresholdSha256(threshold=threshold)
threshold_cond = reduce(cls._gen_condition, public_keys,
initial_cond)
return cls(threshold_cond, public_keys, amount=amount)
@ -331,13 +380,13 @@ class Output(object):
:meth:`~.Output.generate`.
Args:
initial (:class:`cryptoconditions.ThresholdSha256Fulfillment`):
initial (:class:`cryptoconditions.ThresholdSha256`):
A Condition representing the overall root.
new_public_keys (:obj:`list` of :obj:`str`|str): A list of new
owners or a single new owner.
Returns:
:class:`cryptoconditions.ThresholdSha256Fulfillment`:
:class:`cryptoconditions.ThresholdSha256`:
"""
try:
threshold = len(new_public_keys)
@ -345,7 +394,7 @@ class Output(object):
threshold = None
if isinstance(new_public_keys, list) and len(new_public_keys) > 1:
ffill = ThresholdSha256Fulfillment(threshold=threshold)
ffill = ThresholdSha256(threshold=threshold)
reduce(cls._gen_condition, new_public_keys, ffill)
elif isinstance(new_public_keys, list) and len(new_public_keys) <= 1:
raise ValueError('Sublist cannot contain single owner')
@ -354,16 +403,17 @@ class Output(object):
new_public_keys = new_public_keys.pop()
except AttributeError:
pass
try:
ffill = Ed25519Fulfillment(public_key=new_public_keys)
except TypeError:
# NOTE: Instead of submitting base58 encoded addresses, a user
# of this class can also submit fully instantiated
# Cryptoconditions. In the case of casting
# `new_public_keys` to a Ed25519Fulfillment with the
# result of a `TypeError`, we're assuming that
# `new_public_keys` is a Cryptocondition then.
# NOTE: Instead of submitting base58 encoded addresses, a user
# of this class can also submit fully instantiated
# Cryptoconditions. In the case of casting
# `new_public_keys` to a Ed25519Fulfillment with the
# result of a `TypeError`, we're assuming that
# `new_public_keys` is a Cryptocondition then.
if isinstance(new_public_keys, Fulfillment):
ffill = new_public_keys
else:
ffill = Ed25519Sha256(
public_key=base58.b58decode(new_public_keys))
initial.add_subfulfillment(ffill)
return initial
@ -384,7 +434,7 @@ class Output(object):
:class:`~bigchaindb.common.transaction.Output`
"""
try:
fulfillment = Fulfillment.from_dict(data['condition']['details'])
fulfillment = _fulfillment_from_details(data['condition']['details'])
except KeyError:
# NOTE: Hashlock condition case
fulfillment = data['condition']['uri']
@ -415,13 +465,13 @@ class Transaction(object):
``id`` property.
metadata (dict):
Metadata to be stored along with the Transaction.
version (int): Defines the version number of a Transaction.
version (string): Defines the version number of a Transaction.
"""
CREATE = 'CREATE'
TRANSFER = 'TRANSFER'
GENESIS = 'GENESIS'
ALLOWED_OPERATIONS = (CREATE, TRANSFER, GENESIS)
VERSION = '.'.join(bigchaindb.version.__short_version__.split('.')[:2])
VERSION = '1.0'
def __init__(self, operation, asset, inputs=None, outputs=None,
metadata=None, version=None):
@ -441,7 +491,7 @@ class Transaction(object):
lock.
metadata (dict): Metadata to be stored along with the
Transaction.
version (int): Defines the version number of a Transaction.
version (string): Defines the version number of a Transaction.
"""
if operation not in Transaction.ALLOWED_OPERATIONS:
allowed_ops = ', '.join(self.__class__.ALLOWED_OPERATIONS)
@ -661,7 +711,7 @@ class Transaction(object):
This method works only for the following Cryptoconditions
currently:
- Ed25519Fulfillment
- ThresholdSha256Fulfillment
- ThresholdSha256
Furthermore, note that all keys required to fully sign the
Transaction have to be passed to this method. A subset of all
will cause this method to fail.
@ -712,7 +762,7 @@ class Transaction(object):
This method works only for the following Cryptoconditions
currently:
- Ed25519Fulfillment
- ThresholdSha256Fulfillment.
- ThresholdSha256.
Args:
input_ (:class:`~bigchaindb.common.transaction.
@ -720,10 +770,10 @@ class Transaction(object):
message (str): The message to be signed
key_pairs (dict): The keys to sign the Transaction with.
"""
if isinstance(input_.fulfillment, Ed25519Fulfillment):
if isinstance(input_.fulfillment, Ed25519Sha256):
return cls._sign_simple_signature_fulfillment(input_, message,
key_pairs)
elif isinstance(input_.fulfillment, ThresholdSha256Fulfillment):
elif isinstance(input_.fulfillment, ThresholdSha256):
return cls._sign_threshold_signature_fulfillment(input_, message,
key_pairs)
else:
@ -749,7 +799,10 @@ class Transaction(object):
try:
# cryptoconditions makes no assumptions of the encoding of the
# message to sign or verify. It only accepts bytestrings
input_.fulfillment.sign(message.encode(), key_pairs[public_key])
input_.fulfillment.sign(
message.encode(),
base58.b58decode(key_pairs[public_key].encode()),
)
except KeyError:
raise KeypairMismatchException('Public key {} is not a pair to '
'any of the private keys'
@ -758,7 +811,7 @@ class Transaction(object):
@classmethod
def _sign_threshold_signature_fulfillment(cls, input_, message, key_pairs):
"""Signs a ThresholdSha256Fulfillment.
"""Signs a ThresholdSha256.
Args:
input_ (:class:`~bigchaindb.common.transaction.
@ -778,7 +831,8 @@ class Transaction(object):
# TODO FOR CC: `get_subcondition` is singular. One would not
# expect to get a list back.
ccffill = input_.fulfillment
subffills = ccffill.get_subcondition_from_vk(owner_before)
subffills = ccffill.get_subcondition_from_vk(
base58.b58decode(owner_before))
if not subffills:
raise KeypairMismatchException('Public key {} cannot be found '
'in the fulfillment'
@ -793,7 +847,7 @@ class Transaction(object):
# cryptoconditions makes no assumptions of the encoding of the
# message to sign or verify. It only accepts bytestrings
for subffill in subffills:
subffill.sign(message.encode(), private_key)
subffill.sign(message.encode(), base58.b58decode(private_key.encode()))
return input_
def inputs_valid(self, outputs=None):
@ -882,7 +936,8 @@ class Transaction(object):
ccffill = input_.fulfillment
try:
parsed_ffill = Fulfillment.from_uri(ccffill.serialize_uri())
except (TypeError, ValueError, ParsingError):
except (TypeError, ValueError,
ParsingError, ASN1DecodeError, ASN1EncodeError):
return False
if operation in (Transaction.CREATE, Transaction.GENESIS):
@ -897,8 +952,7 @@ class Transaction(object):
# cryptoconditions makes no assumptions of the encoding of the
# message to sign or verify. It only accepts bytestrings
ffill_valid = parsed_ffill.validate(message=tx_serialized.encode(),
now=gen_timestamp())
ffill_valid = parsed_ffill.validate(message=tx_serialized.encode())
return output_valid and ffill_valid
def to_dict(self):
@ -940,7 +994,7 @@ class Transaction(object):
tx_dict = deepcopy(tx_dict)
for input_ in tx_dict['inputs']:
# NOTE: Not all Cryptoconditions return a `signature` key (e.g.
# ThresholdSha256Fulfillment), so setting it to `None` in any
# ThresholdSha256), so setting it to `None` in any
# case could yield incorrect signatures. This is why we only
# set it to `None` if it's set in the dict.
input_['fulfillment'] = None

4
bigchaindb/utils.py
View File

@ -96,8 +96,8 @@ def condition_details_has_owner(condition_details, owner):
bool: True if the public key is found in the condition details, False otherwise
"""
if 'subfulfillments' in condition_details:
result = condition_details_has_owner(condition_details['subfulfillments'], owner)
if 'subconditions' in condition_details:
result = condition_details_has_owner(condition_details['subconditions'], owner)
if result:
return True

4
bigchaindb/version.py
View File

@ -1,2 +1,2 @@
__version__ = '0.11.0.dev'
__short_version__ = '0.11.dev'
__version__ = '1.0.0.dev'
__short_version__ = '1.0.dev'

2
bigchaindb/web/views/outputs.py
View File

@ -22,5 +22,5 @@ class OutputListApi(Resource):
with pool() as bigchain:
outputs = bigchain.get_outputs_filtered(args['public_key'],
args['spent'])
return [{'transaction_id': output.txid, 'output': output.output}
return [{'transaction_id': output.txid, 'output_index': output.output}
for output in outputs]

2
bigchaindb/web/views/statuses.py
View File

@ -26,7 +26,7 @@ class StatusApi(Resource):
# logical xor - exactly one query argument required
if bool(tx_id) == bool(block_id):
return make_error(400, 'Provide exactly one query parameter. Choices are: block_id, tx_id')
return make_error(400, 'Provide exactly one query parameter. Choices are: block_id, transaction_id')
pool = current_app.config['bigchain_pool']
status = None

9
bigchaindb/web/websocket_server.py
View File

@ -111,10 +111,15 @@ def websocket_handler(request):
while True:
# Consume input buffer
msg = yield from websocket.receive()
try:
msg = yield from websocket.receive()
except RuntimeError as e:
logger.debug('Websocket exception: %s', str(e))
return websocket
if msg.type == aiohttp.WSMsgType.ERROR:
logger.debug('Websocket exception: %s', websocket.exception())
return
return websocket
def init_app(event_source, *, loop=None):

47
docker-compose.yml
View File

@ -6,52 +6,6 @@ services:
ports:
- "27017"
command: mongod --replSet=bigchain-rs
rdb:
image: rethinkdb
ports:
- "58080:8080"
- "28015"
volumes_from:
- rdb-data
rdb-2:
image: rethinkdb
ports:
- "8080"
- "29015"
command: rethinkdb --join rdb:29015 --bind all
rdb-data:
image: rethinkdb:2.3.5
volumes:
- /data
command: "true"
bdb-rdb:
build:
context: .
dockerfile: Dockerfile-dev
args:
backend: rethinkdb
container_name: docker-bigchaindb
volumes:
- ./bigchaindb:/usr/src/app/bigchaindb
- ./tests:/usr/src/app/tests
- ./docs:/usr/src/app/docs
- ./k8s:/usr/src/app/k8s
- ./setup.py:/usr/src/app/setup.py
- ./setup.cfg:/usr/src/app/setup.cfg
- ./pytest.ini:/usr/src/app/pytest.ini
- ./tox.ini:/usr/src/app/tox.ini
- ./Makefile:/usr/src/app/Makefile
environment:
BIGCHAINDB_DATABASE_BACKEND: rethinkdb
BIGCHAINDB_DATABASE_HOST: rdb
BIGCHAINDB_SERVER_BIND: 0.0.0.0:9984
ports:
- "9984"
command: bigchaindb start
bdb:
build:
@ -68,6 +22,7 @@ services:
- ./setup.cfg:/usr/src/app/setup.cfg
- ./pytest.ini:/usr/src/app/pytest.ini
- ./tox.ini:/usr/src/app/tox.ini
- ../cryptoconditions:/usr/src/app/cryptoconditions
environment:
BIGCHAINDB_DATABASE_BACKEND: mongodb
BIGCHAINDB_DATABASE_HOST: mdb

4
docs/root/source/assets.rst
View File

@ -9,7 +9,7 @@ BigchainDB can store data of any kind (within reason), but it's designed to be p
* The owners of an asset can specify (crypto-)conditions which must be satisified by anyone wishing transfer the asset to new owners. For example, a condition might be that at least 3 of the 5 current owners must cryptographically sign a transfer transaction.
* BigchainDB verifies that the conditions have been satisified as part of checking the validity of transfer transactions. (Moreover, anyone can check that they were satisfied.)
* BigchainDB prevents double-spending of an asset.
* Validated transactions are strongly tamper-resistant; see [the section about immutability / tamper-resistance](immutable.html).
* Validated transactions are strongly tamper-resistant; see :doc:`the page about immutability / tamper-resistance <immutable>`.
BigchainDB Integration with Other Blockchains
@ -21,4 +21,4 @@ Were actively exploring ways that BigchainDB can be used with other blockchai
.. note::
We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.
We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.

11
docs/root/source/smart-contracts.rst
View File

@ -7,16 +7,13 @@ BigchainDB will run the subset of smart contracts expressible using "crypto-cond
The owners of an asset can impose conditions on it that must be met for the asset to be transferred to new owners. Examples of possible conditions (crypto-conditions) include:
- The current owner must sign the transfer transaction (one which transfers ownership to new owners)
- Three out of five current owners must sign the transfer transaction
- (Shannon and Kelly) or Morgan must sign the transfer transaction
- Anyone who provides the secret password (technically, the preimage of a known hash) can create a valid transfer transaction
- The current owner must sign the transfer transaction (one which transfers ownership to new owners).
- Three out of five current owners must sign the transfer transaction.
- (Shannon and Kelly) or Morgan must sign the transfer transaction.
Crypto-conditions can be quite complex if-this-then-that type conditions, where the "this" can be a long boolean expression. Crypto-conditions can't include loops or recursion and are therefore will always run/check in finite time.
BigchainDB also supports a timeout condition which enables it to support a form of escrow.
.. note::
We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.
We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.

94
docs/root/source/transaction-concepts.md
View File

@ -1,11 +1,12 @@
# Transaction Concepts
In BigchainDB, _Transactions_ are used to register, issue, create or transfer
In BigchainDB, _transactions_ are used to register, issue, create or transfer
things (e.g. assets).
Transactions are the most basic kind of record stored by BigchainDB. There are
two kinds: CREATE transactions and TRANSFER transactions.
## CREATE Transactions
A CREATE transaction can be used to register, issue, create or otherwise
@ -14,29 +15,57 @@ one might register an identity or a creative work. The things are often called
"assets" but they might not be literal assets.
BigchainDB supports divisible assets as of BigchainDB Server v0.8.0.
That means you can create/register an asset with an initial quantity,
e.g. 700 oak trees. Divisible assets can be split apart or recombined
by transfer transactions (described more below).
That means you can create/register an asset with an initial number of "shares."
For example, A CREATE transaction could register a truckload of 50 oak trees.
Each share of a divisible asset must be interchangeable with each other share;
the shares must be fungible.
A CREATE transaction can have one or more outputs.
Each output has an associated amount: the number of shares tied to that output.
For example, if the asset consists of 50 oak trees,
one output might have 35 oak trees for one set of owners,
and the other output might have 15 oak trees for another set of owners.
Each output also has an associated condition: the condition that must be met
(by a TRANSFER transaction) to transfer/spend the output.
BigchainDB supports a variety of conditions,
a subset of the [Interledger Protocol (ILP)](https://interledger.org/)
crypto-conditions. For details, see
[the documentation about Inputs and Outputs](https://docs.bigchaindb.com/projects/server/en/latest/data-models/inputs-outputs.html).
Each output also has a list of all the public keys associated
with the conditions on that output.
Loosely speaking, that list might be interpreted as the list of "owners."
A more accurate word might be fulfillers, signers, controllers,
or transfer-enablers.
See BigchainDB Server [issue #626](https://github.com/bigchaindb/bigchaindb/issues/626).
A CREATE transaction must be signed by all the owners.
(If you're looking for that signature,
it's in the one "fulfillment" of the one input, albeit encoded.)
A CREATE transaction also establishes, in its outputs, the conditions that must
be met to transfer the asset(s). The conditions may also be associated with a
list of public keys that, depending on the condition, may have full or partial
control over the asset(s). For example, there may be a condition that any
transfer must be signed (cryptographically) by the private key associated with a
given public key. More sophisticated conditions are possible. BigchainDB's
conditions are based on the crypto-conditions of the [Interledger Protocol
(ILP)](https://interledger.org/).
## TRANSFER Transactions
A TRANSFER transaction can transfer an asset
by providing inputs which fulfill the current output conditions on the asset.
It must also specify new transfer conditions.
A TRANSFER transaction can transfer/spend one or more outputs
on other transactions (CREATE transactions or other TRANSFER transactions).
Those outputs must all be associated with the same asset;
a TRANSFER transaction can only transfer shares of one asset at a time.
Each input on a TRANSFER transaction connects to one output
on another transaction.
Each input must satisfy the condition on the output it's trying
to transfer/spend.
A TRANSFER transaction can have one or more outputs,
just like a CREATE transaction (described above).
The total number of shares coming in on the inputs must equal
the total number of shares going out on the outputs.
**Example 1:** Suppose a red car is owned and controlled by Joe.
Suppose the current transfer condition on the car says
that any valid transfer must be signed by Joe.
Joe and a buyer named Rae could build a TRANSFER transaction containing
Joe could build a TRANSFER transaction containing
an input with Joe's signature (to fulfill the current output condition)
plus a new output condition saying that any valid transfer
must be signed by Rae.
@ -53,33 +82,18 @@ transferred if both Jack and Kelly sign.
Note how the sum of the incoming paperclips must equal the sum
of the outgoing paperclips (100).
## Transaction Validity
When a node is asked to check if a transaction is valid, it checks several
things. Some things it checks are:
things. We documented those things in a post on *The BigchainDB Blog*:
["What is a Valid Transaction in BigchainDB?"](https://blog.bigchaindb.com/what-is-a-valid-transaction-in-bigchaindb-9a1a075a9598)
(Note: That post was about BigchainDB Server v1.0.0.)
* Are all the fulfillments valid? (Do they correctly satisfy the conditions
they claim to satisfy?)
* If it's a creation transaction, is the asset valid?
* If it's a transfer transaction:
* Is it trying to fulfill a condition in a nonexistent transaction?
* Is it trying to fulfill a condition that's not in a valid transaction?
(It's okay if the condition is in a transaction in an invalid block; those
transactions are ignored. Transactions in the backlog or undecided blocks
are not ignored.)
* Is it trying to fulfill a condition that has already been fulfilled, or
that some other pending transaction (in the backlog or an undecided block)
also aims to fulfill?
* Is the asset ID in the transaction the same as the asset ID in all
transactions whose conditions are being fulfilled?
* Is the sum of the amounts in the fulfillments equal
to the sum of the amounts in the new conditions?
If you're curious about the details of transaction validation, the code is in
the `validate` method of the `Transaction` class, in `bigchaindb/models.py` (at
the time of writing).
## Example Transactions
Note: The check to see if the transaction ID is equal to the hash of the
transaction body is actually done whenever the transaction is converted from a
Python dict to a Transaction object, which must be done before the `validate`
method can be called (since it's called on a Transaction object).
There are example BigchainDB transactions in
[the HTTP API documentation](https://docs.bigchaindb.com/projects/server/en/latest/http-client-server-api.html)
and
[the Python Driver documentation](https://docs.bigchaindb.com/projects/py-driver/en/latest/usage.html).

4
docs/server/source/appendices/install-latest-pip.md
View File

@ -5,7 +5,7 @@ You can check the version of `pip` you're using (in your current virtualenv) by
pip -V
```
If it says that `pip` isn't installed, or it says `pip` is associated with a Python version less than 3.4, then you must install a `pip` version associated with Python 3.4+. In the following instructions, we call it `pip3` but you may be able to use `pip` if that refers to the same thing. See [the `pip` installation instructions](https://pip.pypa.io/en/stable/installing/).
If it says that `pip` isn't installed, or it says `pip` is associated with a Python version less than 3.5, then you must install a `pip` version associated with Python 3.5+. In the following instructions, we call it `pip3` but you may be able to use `pip` if that refers to the same thing. See [the `pip` installation instructions](https://pip.pypa.io/en/stable/installing/).
On Ubuntu 16.04, we found that this works:
```text
@ -17,4 +17,4 @@ That should install a Python 3 version of `pip` named `pip3`. If that didn't wor
You can upgrade `pip` (`pip3`) and `setuptools` to the latest versions using:
```text
pip3 install --upgrade pip setuptools
```
```

35
docs/server/source/data-models/inputs-outputs.rst
View File

@ -81,30 +81,20 @@ to spend the asset. For example:
{
"condition": {
"details": {
"bitmask": 41,
"subfulfillments": [
"type": "threshold-sha-256",
"threshold": 2,
"subconditions": [
{
"bitmask": 32,
"public_key": "<new owner 1 public key>",
"signature": null,
"type": "fulfillment",
"type_id": 4,
"weight": 1
"type": "ed25519-sha-256",
},
{
"bitmask": 32,
"public_key": "<new owner 2 public key>",
"signature": null,
"type": "fulfillment",
"type_id": 4,
"weight": 1
"type": "ed25519-sha-256",
}
],
"threshold": 2,
"type": "fulfillment",
"type_id": 2
},
"uri": "cc:2:29:ytNK3X6-bZsbF-nCGDTuopUIMi1HCyCkyPewm6oLI3o:206"},
"uri": "ni:///sha-256;PNYwdxaRaNw60N6LDFzOWO97b8tJeragczakL8PrAPc?fpt=ed25519-sha-256&cost=131072"},
"public_keys": [
"<owner 1 public key>",
"<owner 2 public key>"
@ -112,11 +102,10 @@ to spend the asset. For example:
}
- ``subfulfillments``: a list of fulfillments
- ``weight``: integer weight for each subfulfillment's contribution to the threshold
- ``threshold``: threshold to reach for the subfulfillments to reach a valid fulfillment
- ``subconditions``: a list of condition specs
- ``threshold``: threshold to reach for the subconditions to reach a valid fulfillment
The ``weight``s and ``threshold`` could be adjusted. For example, if the ``threshold`` was changed to 1 above, then only one of the new owners would have to provide a signature to spend the asset.
The ``threshold`` can be adjusted. For example, if the ``threshold`` was changed to 1 above, then only one of the new owners would have to provide a signature to spend the asset. If it is desired to give a different weight to a subcondition, it should be specified multiple times.
Inputs
------
@ -132,7 +121,7 @@ If there is only one *current owner*, the fulfillment will be a simple signature
"owners_before": ["<public key of the owner before the transaction happened>"],
"fulfillment": "cf:4:RxFzIE679tFBk8zwEgizhmTuciAylvTUwy6EL6ehddHFJOhK5F4IjwQ1xLu2oQK9iyRCZJdfWAefZVjTt3DeG5j2exqxpGliOPYseNkRAWEakqJ_UrCwgnj92dnFRAEE",
"fulfills": {
"output": 0,
"output_index": 0,
"transaction_id": "11b3e7d893cc5fdfcf1a1706809c7def290a3b10b0bef6525d10b024649c42d3"
}
}
@ -151,7 +140,7 @@ If there are multiple *current owners*, the fulfillment will be a little differe
"owners_before": ["<public key of the first owner before the transaction happened>","<public key of the second owner before the transaction happened>"],
"fulfillment": "cf:2:AQIBAgEBYwAEYEv6O5HjHGl7OWo2Tu5mWcWQcL_OGrFuUjyej-dK3LM99TbZsRd8c9luQhU30xCH5AdNaupxg-pLHuk8DoSaDA1MHQGXUZ80a_cV-4UaaaCpdey8K0CEcJxre0X96hTHCwABAWMABGBnsuHExhuSj5Mdm-q0KoPgX4nAt0s00k1WTMCzuUpQIp6aStLoTSMlsvS4fmDtOSv9gubekKLuHTMAk-LQFSKF1JdzwaVWAA2UOv0v_OS2gY3A-r0kRq8HtzjYdcmVswUA",
"fulfills": {
"output": 0,
"output_index": 0,
"transaction_id": "e4805f1bfc999d6409b38e3a4c3b2fafad7c1280eb0d441da7083e945dd89eb8"
}
}
@ -160,5 +149,5 @@ If there are multiple *current owners*, the fulfillment will be a little differe
- ``owners_before``: A list of public keys of the owners before the transaction; in this case it has two owners, hence two public keys.
- ``fulfillment``: A crypto-conditions URI that encodes the cryptographic fulfillments like signatures and others;'cf' indicates this is a fulfillment, '2' indicates the condition type is THRESHOLD-SHA-256 (while '4' in `One Current Owner`_ indicates its condition type is ED25519).
- ``fulfills``: Pointer to an output from a previous transaction that is being spent
- ``output``: The index of the output in a previous transaction
- ``output_index``: The index of the output in a previous transaction
- ``transaction_id``: ID of the transaction

8
docs/server/source/http-client-server-api.rst
View File

@ -206,11 +206,11 @@ unspent outputs.
[
{
"output": 0,
"output_index": 0,
"transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
},
{
"output": 1,
"output_index": 1,
"transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
}
]
@ -238,7 +238,7 @@ unspent outputs.
[
{
"output": 0,
"output_index": 0,
"transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
}
]
@ -266,7 +266,7 @@ unspent outputs.
[
{
"output": 1,
"output_index": 1,
"transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
}
]

2
docs/server/source/production-deployment-template/add-node-on-kubernetes.rst
View File

@ -173,6 +173,6 @@ set up NGINX in your new node.
Step 8: Test Your New BigchainDB Node
-------------------------------------
Please refer to the testing steps :ref:`here <Step 16: Verify the BigchainDB
Please refer to the testing steps :ref:`here <Step 17: Verify the BigchainDB
Node Setup>` to verify that your new BigchainDB node is working as expected.

14
docs/server/source/production-deployment-template/ca-installation.rst
View File

@ -33,15 +33,17 @@ by going to the ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3`` directory and using:
./easyrsa build-ca
You will be prompted to enter the Distinguished Name for this CA. You can hit
enter to accept the default values or change it at each prompt.
You will also be asked to enter a PEM pass phrase for encrypting the ``ca.key`` file.
You will also be asked to enter a PEM pass phrase (for encrypting the ``ca.key`` file).
Make sure to securely store that PEM pass phrase.
If you lose it, you won't be able to add or remove entities from your PKI infrastructure in the future.
It will ask several other questions.
You can accept all the defaults [in brackets] by pressing Enter.
You will be prompted to enter the Distinguished Name (DN) information for this CA.
For each field, you can accept the default value [in brackets] by pressing Enter.
.. warning::
Don't accept the default value of OU (``IT``). Instead, enter the value ``ROOT-CA``.
While ``Easy-RSA CA`` *is* a valid and acceptable Common Name,
you should probably enter a name based on the name of the managing organization,
e.g. ``Omega Ledger CA``.

28
docs/server/source/production-deployment-template/client-tls-certificate.rst
View File

@ -24,7 +24,7 @@ Step 2: Create the Client Private Key and CSR
---------------------------------------------
You can create the client private key and certificate signing request (CSR)
by going into the directory ``client-cert/easy-rsa-3.0.1/easyrsa``
by going into the directory ``client-cert/easy-rsa-3.0.1/easyrsa3``
and using:
.. code:: bash
@ -33,25 +33,37 @@ and using:
./easyrsa gen-req bdb-instance-0 nopass
You should change ``bdb-instance-0`` to a value that reflects what the
client certificate is being used for.
You should change the Common Name (e.g. ``bdb-instance-0``)
to a value that reflects what the
client certificate is being used for, e.g. ``mdb-mon-instance-3`` or ``mdb-bak-instance-4``. (The final integer is specific to your BigchainDB node in the BigchainDB cluster.)
Tip: You can get help with the ``easyrsa`` command (and its subcommands)
by using the subcommand ``./easyrsa help``
You will be prompted to enter the Distinguished Name (DN) information for this certificate. For each field, you can accept the default value [in brackets] by pressing Enter.
.. warning::
Don't accept the default value of OU (``IT``). Instead, enter the value
``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or ``MongoDB-Backup-Instance``
as appropriate.
Aside: The ``nopass`` option means "do not encrypt the private key (default is encrypted)". You can get help with the ``easyrsa`` command (and its subcommands)
by using the subcommand ``./easyrsa help``.
Step 3: Get the Client Certificate Signed
-----------------------------------------
The CSR file (created in the previous step)
should be located in ``pki/reqs/bdb-instance-0.req``.
The CSR file created in the previous step
should be located in ``pki/reqs/bdb-instance-0.req``
(or whatever Common Name you used in the ``gen-req`` command above).
You need to send it to the organization managing the cluster
so that they can use their CA
to sign the request.
(The managing organization should already have a self-signed CA.)
If you are the admin of the managing organization's self-signed CA,
then you can import the CSR and use Easy-RSA to sign it. For example:
then you can import the CSR and use Easy-RSA to sign it.
Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/``
directory and do something like:
.. code:: bash

22
docs/server/source/production-deployment-template/cloud-manager.rst
View File

@ -37,8 +37,14 @@ Configure MongoDB Cloud Manager for Monitoring
* Enter the port number as ``27017``, with no authentication.
* If you have authentication enabled, select the option to enable
authentication and specify the authentication mechanism as per your
deployment. The default BigchainDB production deployment currently
supports ``X.509 Client Certificate`` as the authentication mechanism.
* If you have TLS enabled, select the option to enable TLS/SSL for MongoDB
connections, and click ``Continue``.
connections, and click ``Continue``. This should already be selected for
you in case you selected ``X.509 Client Certificate`` above.
* Once the deployment is found, click the ``Continue`` button again.
This may take about a minute or two.
@ -66,8 +72,17 @@ Configure MongoDB Cloud Manager for Backup
* Hover over the ``Status`` column of your backup and click ``Start``
to start the backup.
* Select the replica set on the side pane and check the box to allow TLS/SSL
connections.
* Select the replica set on the side pane.
* If you have authentication enabled, select the authentication mechanism as
per your deployment. The default BigchainDB production deployment currently
supports ``X.509 Client Certificate`` as the authentication mechanism.
* If you have TLS enabled, select the checkbox ``Replica set allows TLS/SSL
connections``. This should be selected by default in case you selected
``X.509 Client Certificate`` as the auth mechanism above.
* Choose the ``WiredTiger`` storage engine.
* Verify the details of your MongoDB instance and click on ``Start``.
@ -75,4 +90,3 @@ Configure MongoDB Cloud Manager for Backup
During this process, the UI will show the status of the backup process.
* Verify that data is being backed up on the UI.

18
docs/server/source/production-deployment-template/easy-rsa.rst
View File

@ -69,16 +69,22 @@ The comments in the file explain what each of the variables mean.
echo 'set_var EASYRSA_REQ_OU "IT"' >> vars
echo 'set_var EASYRSA_REQ_EMAIL "dev@bigchaindb.com"' >> vars
Note: Later, when building a CA or generating a certificate signing request, you will be prompted to enter a value for the OU (or to accept the default). You should change the default OU from ``IT`` to one of the following, as appropriate:
``ROOT-CA``,
``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or
``MongoDB-Backup-Instance``.
To understand why, see `the MongoDB Manual <https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/>`_.
There are reminders to do this in the relevant docs.
Step 4: Maybe Edit x509-types/server
------------------------------------
.. warning::
Only do this step if you are setting up a self-signed CA
or creating a server/member certificate.
Only do this step if you are setting up a self-signed CA.
Edit the file ``x509-types/server`` and change
``extendedKeyUsage = serverAuth`` to
``extendedKeyUsage = serverAuth,clientAuth``.
See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.
Edit the file ``x509-types/server`` and change
``extendedKeyUsage = serverAuth`` to
``extendedKeyUsage = serverAuth,clientAuth``.
See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.

69
docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
View File

@ -29,8 +29,8 @@ where all data values must be base64-encoded.
This is true of all Kubernetes ConfigMaps and Secrets.)
vars
~~~~
vars.mdb-instance-name and Similar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your BigchainDB cluster organization should have a standard way
of naming instances, so the instances in your BigchainDB node
@ -59,12 +59,14 @@ of all *other* nodes in your BigchainDB cluster
* If you're deploying the first node in the cluster,
the value should be ``""`` (an empty string).
* If you're deploying the second node in the cluster,
the value should be one public key inside double quotes.
the value should be the BigchainDB public key of the first/original
node in the cluster.
For example,
``"EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"``
* If there are two or more other nodes already in the cluster,
the value should be a colon-separated list of public keys
inside double quotes.
the value should be a colon-separated list
of the BigchainDB public keys
of those other nodes.
For example,
``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"``
@ -89,6 +91,63 @@ Note that ``ca.pem`` is just another name for ``ca.crt``
(the certificate of your BigchainDB cluster's self-signed CA).
bdb-certs.bdb-user
~~~~~~~~~~~~~~~~~~
This is the user name that BigchainDB uses to authenticate itself to the
backend MongoDB database.
We need to specify the user name *as seen in the certificate* issued to
the BigchainDB instance in order to authenticate correctly. Use
the following ``openssl`` command to extract the user name from the
certificate:
.. code:: bash
$ openssl x509 -in <path to the bigchaindb certificate> \
-inform PEM -subject -nameopt RFC2253
You should see an output line that resembles:
.. code:: bash
subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
The ``subject`` line states the complete user name we need to use for this
field (``bdb-certs.bdb-user``), i.e.
.. code:: bash
emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
threescale-credentials.*
~~~~~~~~~~~~~~~~~~~~~~~~
If you're not using 3scale,
you can delete the ``threescale-credentials`` Secret
or leave all the values blank (``""``).
If you *are* using 3scale, you can get the value for ``frontend-api-dns-name``
using something like ``echo "your.nodesubdomain.net" | base64 -w 0``
To get the values for ``secret-token``, ``service-id``,
``version-header`` and ``provider-key``, login to your 3scale admin,
then click **APIs** and click on **Integration** for the relevant API.
Scroll to the bottom of the page and click the small link
in the lower right corner, labelled **Download the NGINX Config files**.
You'll get a ``.zip`` file.
Unzip it, then open the ``.conf`` file and the ``.lua`` file.
You should be able to find all the values in those files.
You have to be careful because it will have values for *all* your APIs,
and some values vary from API to API.
The ``version-header`` is the timestamp in a line that looks like:
.. code::
proxy_set_header X-3scale-Version "2017-06-28T14:57:34Z";
Deploy Your config-map.yaml and secret.yaml
-------------------------------------------

221
docs/server/source/production-deployment-template/node-on-kubernetes.rst
View File

@ -128,7 +128,22 @@ Step 4.1: Vanilla NGINX
the ConfigMap followed by ``-dep``. For example, if the value set in the
``ngx-instance-name`` is ``ngx-instance-0``, set the
``spec.selector.app`` to ``ngx-instance-0-dep``.
* Set ``ngx-public-mdb-port.port`` to 27017, or the port number on which you
want to expose MongoDB service.
Set the ``ngx-public-mdb-port.targetPort`` to the port number on which the
Kubernetes MongoDB service will be present.
* Set ``ngx-public-api-port.port`` to 80, or the port number on which you want to
expose BigchainDB API service.
Set the ``ngx-public-api-port.targetPort`` to the port number on which the
Kubernetes BigchainDB API service will present.
* Set ``ngx-public-ws-port.port`` to 81, or the port number on which you want to
expose BigchainDB Websocket service.
Set the ``ngx-public-ws-port.targetPort`` to the port number on which the
BigchainDB Websocket service will be present.
* Start the Kubernetes Service:
.. code:: bash
@ -138,20 +153,44 @@ Step 4.1: Vanilla NGINX
Step 4.2: OpenResty NGINX + 3scale
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* This configuration is located in the file ``nginx/nginx-3scale-svc.yaml``.
* You have to enable HTTPS for this one and will need an HTTPS certificate
for your domain
for your domain.
* You should have already created the Kubernetes Secret in the previous
step.
* You should have already created the necessary Kubernetes Secrets in the previous
step (e.g. ``https-certs`` and ``threescale-credentials``).
* This configuration is located in the file ``nginx-3scale/nginx-3scale-svc.yaml``.
* Set the ``metadata.name`` and ``metadata.labels.name`` to the value
set in ``ngx-instance-name`` in the ConfigMap above.
* Set the ``spec.selector.app`` to the value set in ``ngx-instance-name`` in
the ConfigMap followed by ``-dep``. For example, if the value set in the
``ngx-instance-name`` is ``ngx-instance-0``, set the
``spec.selector.app`` to ``ngx-instance-0-dep``.
* Set ``ngx-public-mdb-port.port`` to 27017, or the port number on which you
want to expose MongoDB service.
Set the ``ngx-public-mdb-port.targetPort`` to the port number on which the
Kubernetes MongoDB service will be present.
* Set ``ngx-public-3scale-port.port`` to 8080, or the port number on which
you want to let 3scale communicate with Openresty NGINX for authenctication.
Set the ``ngx-public-3scale-port.targetPort`` to the port number on which
this Openresty NGINX service will be listening to for communication with
3scale.
* Set ``ngx-public-bdb-port.port`` to 443, or the port number on which you want
to expose BigchainDB API service.
Set the ``ngx-public-api-port.targetPort`` to the port number on which the
Kubernetes BigchainDB API service will present.
* Set ``ngx-public-bdb-port-http.port`` to 80, or the port number on which you
want to expose BigchainDB Websocket service.
Set the ``ngx-public-bdb-port-http.targetPort`` to the port number on which the
BigchainDB Websocket service will be present.
* Start the Kubernetes Service:
.. code:: bash
@ -167,20 +206,18 @@ Step 5: Assign DNS Name to the NGINX Public IP
<https://docs.bigchaindb.com/en/latest/terminology.html>`_ or are using
HTTPS certificates tied to a domain.
* The following command can help you find out if the nginx service started
* The following command can help you find out if the NGINX service started
above has been assigned a public IP or external IP address:
.. code:: bash
$ kubectl --context k8s-bdb-test-cluster-0 get svc -w
* Once a public IP is assigned, you can log in to the Azure portal and map it to
* Once a public IP is assigned, you can map it to
a DNS name.
* We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and
We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and
so on in our documentation.
* Let us assume that we assigned the unique name of ``bdb-test-cluster-0`` here.
Let's assume that we assign the unique name of ``bdb-test-cluster-0`` here.
**Set up DNS mapping in Azure.**
@ -195,7 +232,7 @@ have the Azure DNS prefix name along with a long random string, without the
(for example, ``bdb-test-cluster-0``), click ``Save``, and wait for the
changes to be applied.
To verify the DNS setting is operational, you can run ``nslookup <dns
To verify the DNS setting is operational, you can run ``nslookup <DNS
name added in ConfigMap>`` from your local Linux shell.
This will ensure that when you scale the replica set later, other MongoDB
@ -276,12 +313,6 @@ Step 8.1: Vanilla NGINX
``BIGCHAINDB_BACKEND_HOST`` env var to
``bdb-instance-0.default.svc.cluster.local``.
* Set ``MONGODB_FRONTEND_PORT`` to 27017, or the port number on which you
want to expose MongoDB service.
* Set ``BIGCHAINDB_FRONTEND_PORT`` to 80, or the port number on which you
want to expose BigchainDB service.
* Start the Kubernetes Deployment:
.. code:: bash
@ -314,12 +345,6 @@ Step 8.2: OpenResty NGINX + 3scale
``BIGCHAINDB_BACKEND_HOST`` env var to
``bdb-instance-0.default.svc.cluster.local``.
* Set ``MONGODB_FRONTEND_PORT`` to 27017, or the port number on which you
want to expose the MongoDB service.
* Set ``BIGCHAINDB_FRONTEND_PORT`` to 443, or the port number on which you
want to expose the BigchainDB service over HTTPS.
* Start the Kubernetes Deployment:
.. code:: bash
@ -452,11 +477,11 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB
* Note how the MongoDB container uses the ``mongo-db-claim`` and the
``mongo-configdb-claim`` PersistentVolumeClaims for its ``/data/db`` and
``/data/configdb`` diretories (mount path).
``/data/configdb`` directories (mount paths).
* Note also that we use the pod's ``securityContext.capabilities.add``
specification to add the ``FOWNER`` capability to the container. That is
because MongoDB container has the user ``mongodb``, with uid ``999`` and
because the MongoDB container has the user ``mongodb``, with uid ``999`` and
group ``mongodb``, with gid ``999``.
When this container runs on a host with a mounted disk, the writes fail
when there is no user with uid ``999``. To avoid this, we use the Docker
@ -487,7 +512,135 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB
$ kubectl --context k8s-bdb-test-cluster-0 get pods -w
Step 12: Start a Kubernetes Deployment for MongoDB Monitoring Agent
Step 12: Configure Users and Access Control for MongoDB
-------------------------------------------------------
* In this step, you will create a user on MongoDB with authorization
to create more users and assign
roles to them.
Note: You need to do this only when setting up the first MongoDB node of
the cluster.
* Find out the name of your MongoDB pod by reading the output
of the ``kubectl ... get pods`` command at the end of the last step.
It should be something like ``mdb-instance-0-ss-0``.
* Log in to the MongoDB pod using:
.. code:: bash
$ kubectl --context k8s-bdb-test-cluster-0 exec -it <name of your MongoDB pod> bash
* Open a mongo shell using the certificates
already present at ``/etc/mongod/ssl/``
.. code:: bash
$ mongo --host localhost --port 27017 --verbose --ssl \
--sslCAFile /etc/mongod/ssl/ca.pem \
--sslPEMKeyFile /etc/mongod/ssl/mdb-instance.pem
* Initialize the replica set using:
.. code:: bash
> rs.initiate( {
_id : "bigchain-rs",
members: [ {
_id : 0,
host :"<hostname>:27017"
} ]
} )
The ``hostname`` in this case will be the value set in
``mdb-instance-name`` in the ConfigMap.
For example, if the value set in the ``mdb-instance-name`` is
``mdb-instance-0``, set the ``hostname`` above to the value ``mdb-instance-0``.
* The instance should be voted as the ``PRIMARY`` in the replica set (since
this is the only instance in the replica set till now).
This can be observed from the mongo shell prompt,
which will read ``PRIMARY>``.
* Create a user ``adminUser`` on the ``admin`` database with the
authorization to create other users. This will only work the first time you
log in to the mongo shell. For further details, see `localhost
exception <https://docs.mongodb.com/manual/core/security-users/#localhost-exception>`_
in MongoDB.
.. code:: bash
PRIMARY> use admin
PRIMARY> db.createUser( {
user: "adminUser",
pwd: "superstrongpassword",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
} )
* Exit and restart the mongo shell using the above command.
Authenticate as the ``adminUser`` we created earlier:
.. code:: bash
PRIMARY> use admin
PRIMARY> db.auth("adminUser", "superstrongpassword")
``db.auth()`` returns 0 when authentication is not successful,
and 1 when successful.
* We need to specify the user name *as seen in the certificate* issued to
the BigchainDB instance in order to authenticate correctly. Use
the following ``openssl`` command to extract the user name from the
certificate:
.. code:: bash
$ openssl x509 -in <path to the bigchaindb certificate> \
-inform PEM -subject -nameopt RFC2253
You should see an output line that resembles:
.. code:: bash
subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
The ``subject`` line states the complete user name we need to use for
creating the user on the mongo shell as follows:
.. code:: bash
PRIMARY> db.getSiblingDB("$external").runCommand( {
createUser: 'emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE',
writeConcern: { w: 'majority' , wtimeout: 5000 },
roles: [
{ role: 'clusterAdmin', db: 'admin' },
{ role: 'readWriteAnyDatabase', db: 'admin' }
]
} )
* You can similarly create users for MongoDB Monitoring Agent and MongoDB
Backup Agent. For example:
.. code:: bash
PRIMARY> db.getSiblingDB("$external").runCommand( {
createUser: 'emailAddress=dev@bigchaindb.com,CN=test-mdb-mon-ssl,OU=MongoDB-Mon-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE',
writeConcern: { w: 'majority' , wtimeout: 5000 },
roles: [
{ role: 'clusterMonitor', db: 'admin' }
]
} )
PRIMARY> db.getSiblingDB("$external").runCommand( {
createUser: 'emailAddress=dev@bigchaindb.com,CN=test-mdb-bak-ssl,OU=MongoDB-Bak-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE',
writeConcern: { w: 'majority' , wtimeout: 5000 },
roles: [
{ role: 'backup', db: 'admin' }
]
} )
Step 13: Start a Kubernetes Deployment for MongoDB Monitoring Agent
-------------------------------------------------------------------
* This configuration is located in the file
@ -508,7 +661,7 @@ Step 12: Start a Kubernetes Deployment for MongoDB Monitoring Agent
$ kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-monitoring-agent/mongo-mon-dep.yaml
Step 13: Start a Kubernetes Deployment for MongoDB Backup Agent
Step 14: Start a Kubernetes Deployment for MongoDB Backup Agent
---------------------------------------------------------------
* This configuration is located in the file
@ -529,7 +682,7 @@ Step 13: Start a Kubernetes Deployment for MongoDB Backup Agent
$ kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-backup-agent/mongo-backup-dep.yaml
Step 14: Start a Kubernetes Deployment for Bigchaindb
Step 15: Start a Kubernetes Deployment for Bigchaindb
-----------------------------------------------------
* This configuration is located in the file
@ -569,7 +722,7 @@ Step 14: Start a Kubernetes Deployment for Bigchaindb
* You can check its status using the command ``kubectl get deploy -w``
Step 15: Configure the MongoDB Cloud Manager
Step 16: Configure the MongoDB Cloud Manager
--------------------------------------------
* Refer to the
@ -578,10 +731,10 @@ Step 15: Configure the MongoDB Cloud Manager
monitoring and backup.
Step 16: Verify the BigchainDB Node Setup
Step 17: Verify the BigchainDB Node Setup
-----------------------------------------
Step 16.1: Testing Internally
Step 17.1: Testing Internally
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Run a container that provides utilities like ``nslookup``, ``curl`` and ``dig``
@ -670,7 +823,7 @@ themselves.
* Send some transactions to BigchainDB and verify it's up and running!
Step 16.2: Testing Externally
Step 17.2: Testing Externally
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Try to access the ``<dns/ip of your exposed bigchaindb service endpoint>:80``

2
docs/server/source/production-deployment-template/revoke-tls-certificate.rst
View File

@ -39,3 +39,5 @@ Generate a new CRL for your infrastructure using:
The generated ``crl.pem`` file needs to be uploaded to your infrastructure to
prevent the revoked certificate from being used again.
In particlar, the generated ``crl.pem`` file should be sent to all BigchainDB node operators in your BigchainDB cluster, so that they can update it in their MongoDB instance and their BigchainDB Server instance.

25
docs/server/source/production-deployment-template/server-tls-certificate.rst
View File

@ -26,7 +26,7 @@ Step 2: Create the Server Private Key and CSR
---------------------------------------------
You can create the server private key and certificate signing request (CSR)
by going into the directory ``member-cert/easy-rsa-3.0.1/easyrsa``
by going into the directory ``member-cert/easy-rsa-3.0.1/easyrsa3``
and using something like:
.. code:: bash
@ -35,15 +35,17 @@ and using something like:
./easyrsa --req-cn=mdb-instance-0 --subject-alt-name=DNS:localhost,DNS:mdb-instance-0 gen-req mdb-instance-0 nopass
You will be prompted to enter the Distinguished Name for this certificate. You
can hit enter to accept the default values or change them at each prompt.
You should replace the Common Name (``mdb-instance-0`` above) with the correct name for *your* MongoDB instance in the cluster, e.g. ``mdb-instance-5`` or ``mdb-instance-12``. (This name is decided by the organization managing the cluster.)
You can replace the common name (``mdb-instance-0`` above) with any other name
so long as the instance can verify that it is the hostname.
You will be prompted to enter the Distinguished Name (DN) information for this certificate.
For each field, you can accept the default value [in brackets] by pressing Enter.
You need to provide the ``DNS:localhost`` SAN during certificate generation
.. warning::
Don't accept the default value of OU (``IT``). Instead, enter the value ``MongoDB-Instance``.
Aside: You need to provide the ``DNS:localhost`` SAN during certificate generation
for using the ``localhost exception`` in the MongoDB instance.
All certificates can have this attribute without compromising security as the
``localhost exception`` works only the first time.
@ -51,15 +53,18 @@ All certificates can have this attribute without compromising security as the
Step 3: Get the Server Certificate Signed
-----------------------------------------
The CSR file (created in the last step)
should be located in ``pki/reqs/mdb-instance-0.req``.
The CSR file created in the last step
should be located in ``pki/reqs/mdb-instance-0.req``
(where the integer ``0`` may be different for you).
You need to send it to the organization managing the cluster
so that they can use their CA
to sign the request.
(The managing organization should already have a self-signed CA.)
If you are the admin of the managing organization's self-signed CA,
then you can import the CSR and use Easy-RSA to sign it. For example:
then you can import the CSR and use Easy-RSA to sign it.
Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/``
directory and do something like:
.. code:: bash

2
docs/server/source/production-deployment-template/template-kubernetes-azure.rst
View File

@ -102,7 +102,7 @@ Finally, you can deploy an ACS using something like:
--agent-vm-size Standard_D2_v2 \
--dns-prefix <make up a name> \
--ssh-key-value ~/.ssh/<name>.pub \
--orchestrator-type kubernetes
--orchestrator-type kubernetes \
--debug --output json

68
docs/server/source/production-deployment-template/workflow.rst
View File

@ -53,6 +53,26 @@ Similarly, other instances must also have unique names in the cluster.
#. Name of the MongoDB backup agent instance (``mdb-bak-instance-*``)
☐ Generate four keys and corresponding certificate signing requests (CSRs):
#. Server Certificate (a.k.a. Member Certificate) for the MongoDB instance
#. Client Certificate for BigchainDB Server to identify itself to MongoDB
#. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB
#. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB
Ask the managing organization to use its self-signed CA to sign those four CSRs.
They should send you:
* Four certificates (one for each CSR you sent them).
* One ``ca.crt`` file: their CA certificate.
* One ``crl.pem`` file: a certificate revocation list.
For help, see the pages:
* :ref:`How to Generate a Server Certificate for MongoDB`
* :ref:`How to Generate a Client Certificate for MongoDB`
☐ Every node in a BigchainDB cluster needs its own
BigchainDB keypair (i.e. a public key and corresponding private key).
You can generate a BigchainDB keypair for your node, for example,
@ -73,29 +93,17 @@ Don't share your private key.
That list of public keys is known as the BigchainDB "keyring."
☐ Ask the managing organization
for the FQDN used to serve the BigchainDB APIs
(e.g. ``api.orgname.net`` or ``bdb.clustername.com``).
☐ Make up an FQDN for your BigchainDB node (e.g. ``mynode.mycorp.com``).
Make sure you've registered the associated domain name (e.g. ``mycorp.com``),
and have an SSL certificate for the FQDN.
(You can get an SSL certificate from any SSL certificate provider).
☐ Share your BigchaindB *public* key with all the other nodes
in the BigchainDB cluster.
Don't share your private key.
☐ Get the BigchainDB public keys of all the other nodes in the cluster.
That list of public keys is known as the BigchainDB "keyring."
(You can get an SSL certificate from any SSL certificate provider.)
☐ Ask the managing organization
for the FQDN used to serve the BigchainDB APIs
(e.g. ``api.orgname.net`` or ``bdb.clustername.com``)
and for a copy of the associated SSL/TLS certificate.
Also, ask for the user name to use for authenticating to MongoDB.
☐ If the cluster uses 3scale for API authentication, monitoring and billing,
@ -112,37 +120,11 @@ allow easier periodic rotation of the ``Agent API Key`` with a constant
``Group ID``)
☐ Generate four keys and corresponding certificate signing requests (CSRs):
#. Server Certificate (a.k.a. Member Certificate) for the MongoDB instance
#. Client Certificate for BigchainDB Server to identify itself to MongoDB
#. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB
#. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB
#. CRL for the infrastructure to not accept revoked certificates.
Ask the managing organization to use its self-signed CA to sign those certificates.
For help, see the pages:
* :ref:`How to Generate a Server Certificate for MongoDB`
* :ref:`How to Generate a Client Certificate for MongoDB`
:doc:`Deploy a Kubernetes cluster on Azure <template-kubernetes-azure>`.
☐ Create the Kubernetes Configuration for this node.
We will use Kubernetes ConfigMaps and Secrets to hold all the information
gathered above.
☐ Deploy your BigchainDB node on your Kubernetes cluster.
Next Steps To Set Up a Node
---------------------------
You can now proceed to set up your BigchainDB node based on whether it is the
:ref:`first node in you cluster
☐ You can now proceed to set up your BigchainDB node based on whether it is the
:ref:`first node in a new cluster
<Kubernetes Template: Deploy a Single BigchainDB Node>` or a
:ref:`node that will be added to an existing cluster
<Kubernetes Template: Add a BigchainDB Node to an Existing BigchainDB Cluster>`.

4
docs/server/source/production-nodes/node-requirements.md
View File

@ -5,9 +5,9 @@
## OS Requirements
BigchainDB Server requires Python 3.4+ and Python 3.4+ [will run on any modern OS](https://docs.python.org/3.4/using/index.html), but we recommend using an LTS version of [Ubuntu Server](https://www.ubuntu.com/server) or a similarly server-grade Linux distribution.
BigchainDB Server requires Python 3.5+ and Python 3.5+ [will run on any modern OS](https://docs.python.org/3.5/using/index.html), but we recommend using an LTS version of [Ubuntu Server](https://www.ubuntu.com/server) or a similarly server-grade Linux distribution.
_Don't use macOS_ (formerly OS X, formerly Mac OS X), because it's not a server-grade operating system. Also, BigchaindB Server uses the Python multiprocessing package and [some functionality in the multiprocessing package doesn't work on Mac OS X](https://docs.python.org/3.4/library/multiprocessing.html#multiprocessing.Queue.qsize).
_Don't use macOS_ (formerly OS X, formerly Mac OS X), because it's not a server-grade operating system. Also, BigchaindB Server uses the Python multiprocessing package and [some functionality in the multiprocessing package doesn't work on Mac OS X](https://docs.python.org/3.5/library/multiprocessing.html#multiprocessing.Queue.qsize).
## General Considerations

6
docs/server/source/production-nodes/setup-run-node.md
View File

@ -50,16 +50,16 @@ Consult the MongoDB documentation for its recommendations regarding storage hard
### Install BigchainDB Server Dependencies
Before you can install BigchainDB Server, you must [install its OS-level dependencies](../appendices/install-os-level-deps.html) and you may have to [install Python 3.4+](https://www.python.org/downloads/).
Before you can install BigchainDB Server, you must [install its OS-level dependencies](../appendices/install-os-level-deps.html) and you may have to [install Python 3.5+](https://www.python.org/downloads/).
### How to Install BigchainDB Server with pip
BigchainDB is distributed as a Python package on PyPI so you can install it using `pip`. First, make sure you have an up-to-date Python 3.4+ version of `pip` installed:
BigchainDB is distributed as a Python package on PyPI so you can install it using `pip`. First, make sure you have an up-to-date Python 3.5+ version of `pip` installed:
```text
pip -V
```
If it says that `pip` isn't installed, or it says `pip` is associated with a Python version less than 3.4, then you must install a `pip` version associated with Python 3.4+. In the following instructions, we call it `pip3` but you may be able to use `pip` if that refers to the same thing. See [the `pip` installation instructions](https://pip.pypa.io/en/stable/installing/).
If it says that `pip` isn't installed, or it says `pip` is associated with a Python version less than 3.5, then you must install a `pip` version associated with Python 3.5+. In the following instructions, we call it `pip3` but you may be able to use `pip` if that refers to the same thing. See [the `pip` installation instructions](https://pip.pypa.io/en/stable/installing/).
On Ubuntu 16.04, we found that this works:
```text

2
docs/server/source/quickstart.md
View File

@ -4,7 +4,7 @@ This page has instructions to set up a single stand-alone BigchainDB node for le
A. Install MongoDB as the database backend. (There are other options but you can ignore them for now.)
[Install MongoDB Server 3.4+](https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/)
[Install MongoDB Server 3.5+](https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/)
B. Run MongoDB. Open a Terminal and run the command:
```text

50
docs/server/source/server-reference/configuration.md
View File

@ -21,7 +21,6 @@ For convenience, here's a list of all the relevant environment variables (docume
`BIGCHAINDB_SERVER_BIND`<br>
`BIGCHAINDB_SERVER_LOGLEVEL`<br>
`BIGCHAINDB_SERVER_WORKERS`<br>
`BIGCHAINDB_SERVER_THREADS`<br>
`BIGCHAINDB_WSSERVER_SCHEME`<br>
`BIGCHAINDB_WSSERVER_HOST`<br>
`BIGCHAINDB_WSSERVER_PORT`<br>
@ -45,6 +44,7 @@ For convenience, here's a list of all the relevant environment variables (docume
`BIGCHAINDB_DATABASE_KEYFILE`<br>
`BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE`<br>
`BIGCHAINDB_DATABASE_CRLFILE`<br>
`BIGCHAINDB_GRAPHITE_HOST`<br>
The local config file is `$HOME/.bigchaindb` by default (a file which might not even exist), but you can tell BigchainDB to use a different file by using the `-c` command-line option, e.g. `bigchaindb -c path/to/config_file.json start`
or using the `BIGCHAINDB_CONFIG_PATH` environment variable, e.g. `BIGHAINDB_CONFIG_PATH=.my_bigchaindb_config bigchaindb start`.
@ -52,7 +52,7 @@ Note that the `-c` command line option will always take precedence if both the `
You can read the current default values in the file [bigchaindb/\_\_init\_\_.py](https://github.com/bigchaindb/bigchaindb/blob/master/bigchaindb/__init__.py). (The link is to the latest version.)
Running `bigchaindb -y configure rethinkdb` will generate a local config file in `$HOME/.bigchaindb` with all the default values, with two exceptions: It will generate a valid private/public keypair, rather than using the default keypair (`None` and `None`).
Running `bigchaindb -y configure mongodb` will generate a local config file in `$HOME/.bigchaindb` with all the default values (for using MongoDB as the database backend), with two exceptions: it will generate a valid private/public keypair, rather than using the default keypair (`None` and `None`).
## keypair.public & keypair.private
@ -73,7 +73,7 @@ export BIGCHAINDB_KEYPAIR_PRIVATE=5C5Cknco7YxBRP9AgB1cbUVTL4FAcooxErLygw1DeG2D
}
```
Internally (i.e. in the Python code), both keys have a default value of `None`, but that's not a valid key. Therefore you can't rely on the defaults for the keypair. If you want to run BigchainDB, you must provide a valid keypair, either in the environment variables or in the local config file. You can generate a local config file with a valid keypair (and default everything else) using `bigchaindb -y configure rethinkdb`.
Internally (i.e. in the Python code), both keys have a default value of `None`, but that's not a valid key. Therefore you can't rely on the defaults for the keypair. If you want to run BigchainDB, you must provide a valid keypair, either in the environment variables or in the local config file. You can generate a local config file with a valid keypair (and default everything else) using `bigchaindb -y configure mongodb`.
## keyring
@ -102,12 +102,12 @@ Note how the keys in the list are separated by colons.
## database.*
The settings with names of the form `database.*` are for the database backend
(currently either RethinkDB or MongoDB). They are:
(currently either MongoDB or RethinkDB). They are:
* `database.backend` is either `rethinkdb` or `mongodb`.
* `database.backend` is either `mongodb` or `rethinkdb`.
* `database.host` is the hostname (FQDN) of the backend database.
* `database.port` is self-explanatory.
* `database.name` is a user-chosen name for the database inside RethinkDB or MongoDB, e.g. `bigchain`.
* `database.name` is a user-chosen name for the database inside MongoDB or RethinkDB, e.g. `bigchain`.
* `database.replicaset` is only relevant if using MongoDB; it's the name of the MongoDB replica set, e.g. `bigchain-rs`.
* `database.connection_timeout` is the maximum number of milliseconds that BigchainDB will wait before giving up on one attempt to connect to the database backend.
* `database.max_tries` is the maximum number of times that BigchainDB will try to establish a connection with the database backend. If 0, then it will try forever.
@ -176,20 +176,19 @@ If you used `bigchaindb -y configure mongodb` to create a default local config f
These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which is used to serve the [HTTP client-server API](../http-client-server-api.html).
`server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use '0.0.0.0:9984'. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use 'localhost:PORT' where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use 'A.B.C.D:9984' where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.)
`server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use `0.0.0.0:9984`. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use `localhost:PORT` where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use `A.B.C.D:9984` where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.)
`server.loglevel` sets the log level of Gunicorn's Error log outputs. See
[Gunicorn's documentation](http://docs.gunicorn.org/en/latest/settings.html#loglevel)
for more information.
`server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (cpu_count * 2 + 1). Each worker process has a single thread. The HTTP server will be able to handle `server.workers` requests simultaneously.
`server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (2 × cpu_count + 1). Each worker process has a single thread. The HTTP server will be able to handle `server.workers` requests simultaneously.
**Example using environment variables**
```text
export BIGCHAINDB_SERVER_BIND=0.0.0.0:9984
export BIGCHAINDB_SERVER_LOGLEVEL=debug
export BIGCHAINDB_SERVER_WORKERS=5
export BIGCHAINDB_SERVER_THREADS=5
```
**Example config file snippet**
@ -211,12 +210,14 @@ export BIGCHAINDB_SERVER_THREADS=5
```
## wsserver.host and wsserver.port
## wsserver.scheme, wsserver.host and wsserver.port
These settings are for the
[aiohttp server](https://aiohttp.readthedocs.io/en/stable/index.html),
which is used to serve the
[WebSocket Event Stream API](../websocket-event-stream-api.html).
`wsserver.scheme` should be either `"ws"` or `"wss"`
(but setting it to `"wss"` does *not* enable SSL/TLS).
`wsserver.host` is where to bind the aiohttp server socket and
`wsserver.port` is the corresponding port.
If you want to allow connections from anyone, on port 9985,
@ -224,6 +225,7 @@ set `wsserver.host` to 0.0.0.0 and `wsserver.port` to 9985.
**Example using environment variables**
```text
export BIGCHAINDB_WSSERVER_SCHEME=ws
export BIGCHAINDB_WSSERVER_HOST=0.0.0.0
export BIGCHAINDB_WSSERVER_PORT=9985
```
@ -231,6 +233,7 @@ export BIGCHAINDB_WSSERVER_PORT=9985
**Example config file snippet**
```js
"wsserver": {
"scheme": "wss",
"host": "0.0.0.0",
"port": 65000
}
@ -239,6 +242,7 @@ export BIGCHAINDB_WSSERVER_PORT=9985
**Default values (from a config file)**
```js
"wsserver": {
"scheme": "ws",
"host": "localhost",
"port": 9985
}
@ -492,3 +496,29 @@ logging of the `core.py` module to be more verbose, you would set the
```
**Defaults to**: `"{}"`
## graphite.host
The host name or IP address of a server listening for statsd events on UDP
port 8125. This defaults to `localhost`, and if no statsd collector is running,
the events are simply dropped by the operating system.
**Example using environment variables**
```text
export BIGCHAINDB_GRAPHITE_HOST=10.0.0.5
```
**Example config file snippet**
```js
"graphite": {
"host": "10.0.0.5"
}
```
**Default values (from a config file)**
```js
"graphite": {
"host": "localhost"
}
```

21
k8s/bigchaindb/bigchaindb-dep.yaml
View File

@ -18,7 +18,7 @@ spec:
terminationGracePeriodSeconds: 10
containers:
- name: bigchaindb
image: bigchaindb/bigchaindb:0.10.2
image: bigchaindb/bigchaindb:1.0.0rc1
imagePullPolicy: IfNotPresent
args:
- start
@ -51,6 +51,16 @@ spec:
value: "120"
- name: BIGCHAINDB_LOG_LEVEL_CONSOLE
value: debug
- name: BIGCHAINDB_DATABASE_CA_CERT
value: /etc/bigchaindb/ssl/ca.pem
- name: BIGCHAINDB_DATABASE_CRLFILE
value: /etc/bigchaindb/ssl/crlfile
- name: BIGCHAINDB_DATABASE_CERTFILE
value: /etc/bigchaindb/ssl/bdb-instance.pem
- name: BIGCHAINDB_DATABASE_KEYFILE
value: /etc/bigchaindb/ssl/bdb-instance.key
- name: BIGCHAINDB_DATABASE_LOGIN
value: /etc/bigchaindb/ssl/bdb-user
# The following env var is not required for the bootstrap/first node
#- name: BIGCHAINDB_KEYRING
# value: ""
@ -63,6 +73,10 @@ spec:
hostPort: 9985
name: bdb-ws-port
protocol: TCP
volumeMounts:
- name: bdb-certs
mountPath: /etc/bigchaindb/ssl/
readOnly: true
resources:
limits:
cpu: 200m
@ -80,3 +94,8 @@ spec:
initialDelaySeconds: 15
timeoutSeconds: 10
restartPolicy: Always
volumes:
- name: bdb-certs
secret:
secretName: bdb-certs
defaultMode: 0400

17
k8s/configuration/secret.yaml
View File

@ -74,10 +74,16 @@ metadata:
namespace: default
type: Opaque
data:
# Base64-encoded, concatenated certificate and private key
bdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
# Base64-encoded CA certificate (ca.crt)
ca.pem: "<b64 encoded CA certificate>"
# Base64-encoded CRL file
crlfile: "<b64 encoded CRL>"
# Base64-encoded BigchainDB instance certificate
bdb-instance.pem: "<b64 encoded certificate>"
# Base64-encoded private key
bdb-instance.key: "<b64 encoded private key>"
# Base64-encoded instance authentication credentials
bdb-user: "<b64 encoded user name>"
---
apiVersion: v1
kind: Secret
@ -88,8 +94,11 @@ type: Opaque
data:
# Base64-encoded HTTPS private key
cert.key: "<b64 encoded HTTPS private key>"
# Base64-encoded HTTPS Signed Certificate or Certificate Chain
cert.pem: "<b64 encoded HTTPS Signed Certificate or Certificate Chain>"
# Base64-encoded HTTPS certificate chain
# starting with your primary SSL cert (e.g. your_domain.crt)
# followed by all intermediate certs.
# If cert if from DigiCert, download "Best format for nginx".
cert.pem: "<b64 encoded HTTPS certificate chain"
---
apiVersion: v1
kind: Secret

2
k8s/mongodb-backup-agent/mongo-backup-dep.yaml
View File

@ -24,7 +24,7 @@ spec:
terminationGracePeriodSeconds: 10
containers:
- name: mdb-backup
image: bigchaindb/mongodb-backup-agent:2.0
image: bigchaindb/mongodb-backup-agent:3.0
imagePullPolicy: Always
env:
- name: MMS_API_KEYFILE_PATH

2
k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml
View File

@ -24,7 +24,7 @@ spec:
terminationGracePeriodSeconds: 10
containers:
- name: mdb-mon
image: bigchaindb/mongodb-monitoring-agent:2.0
image: bigchaindb/mongodb-monitoring-agent:3.0
imagePullPolicy: Always
env:
- name: MMS_API_KEYFILE_PATH

10
k8s/mongodb/container/README.md
View File

@ -9,9 +9,11 @@
* We also need a way to overwrite certain parameters to suit our use case.
### Step 1: Build the Latest Container
`docker build -t bigchaindb/mongodb:3.4.4 .` from the root of this project.
### Step 1: Build and Push the Latest Container
Use the `docker_build_and_push.bash` script to build the latest docker image
and upload it to Docker Hub.
Ensure that the image tag is updated to a new version number to properly
reflect any changes made to the container.
### Step 2: Run the Container
@ -25,7 +27,7 @@ docker run \
--volume=<host dir for mongodb data files>:/data/db \
--volume=<host dir for mongodb config data files>:/data/configdb \
--volume=<host dir with the required TLS certificates>:/mongo-ssl:ro \
bigchaindb/mongodb:3.4.4 \
bigchaindb/mongodb:3.0 \
--mongodb-port <mongod port number for external connections> \
--mongodb-key-file-path /mongo-ssl/<private key file name>.pem \
--mongodb-key-file-password <password for the private key file> \

5
k8s/mongodb/container/docker_build_and_push.bash Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
docker build -t bigchaindb/mongodb:3.0 .
docker push bigchaindb/mongodb:3.0

11
k8s/mongodb/container/mongod.conf.template
View File

@ -65,14 +65,15 @@ net:
#weakCertificateValidation: false
#allowInvalidCertificates: false
#security: TODO
# authorization: enabled
# clusterAuthMode: x509
security:
authorization: enabled
clusterAuthMode: x509
setParameter:
enableLocalhostAuthBypass: true
#notablescan: 1 TODO
#logUserIds: 1 TODO
#notablescan: 1
logUserIds: 1
authenticationMechanisms: MONGODB-X509,SCRAM-SHA-1
storage:
dbPath: /data/db

4
k8s/nginx-3scale/nginx-3scale-dep.yaml
View File

@ -19,7 +19,7 @@ spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx-3scale
image: bigchaindb/nginx_3scale:1.4
image: bigchaindb/nginx_3scale:1.5
imagePullPolicy: Always
env:
- name: MONGODB_FRONTEND_PORT
@ -84,7 +84,7 @@ spec:
timeoutSeconds: 10
restartPolicy: Always
volumes:
- name: https
- name: https-certs
secret:
secretName: https-certs
defaultMode: 0400

48
rdb.yml Normal file
View File

@ -0,0 +1,48 @@
version: '2'
services:
rdb:
image: rethinkdb
ports:
- "58080:8080"
- "28015"
volumes_from:
- rdb-data
rdb-2:
image: rethinkdb
ports:
- "8080"
- "29015"
command: rethinkdb --join rdb:29015 --bind all
rdb-data:
image: rethinkdb:2.3.5
volumes:
- /data
command: "true"
bdb-rdb:
build:
context: .
dockerfile: Dockerfile-dev
args:
backend: rethinkdb
container_name: docker-bigchaindb
volumes:
- ./bigchaindb:/usr/src/app/bigchaindb
- ./tests:/usr/src/app/tests
- ./docs:/usr/src/app/docs
- ./k8s:/usr/src/app/k8s
- ./setup.py:/usr/src/app/setup.py
- ./setup.cfg:/usr/src/app/setup.cfg
- ./pytest.ini:/usr/src/app/pytest.ini
- ./tox.ini:/usr/src/app/tox.ini
- ./Makefile:/usr/src/app/Makefile
environment:
BIGCHAINDB_DATABASE_BACKEND: rethinkdb
BIGCHAINDB_DATABASE_HOST: rdb
BIGCHAINDB_SERVER_BIND: 0.0.0.0:9984
ports:
- "9984"
command: bigchaindb start

6
setup.py
View File

@ -67,7 +67,7 @@ install_requires = [
'rethinkdb~=2.3', # i.e. a version between 2.3 and 3.0
'pymongo~=3.4',
'pysha3~=1.0.2',
'cryptoconditions>=0.5.0',
'cryptoconditions>=0.6.0.dev',
'python-rapidjson==0.0.11',
'logstats>=0.2.1',
'flask>=0.10.1',
@ -112,8 +112,8 @@ setup(
'Natural Language :: English',
'License :: OSI Approved :: GNU Affero General Public License v3',
'Programming Language :: Python :: 3 :: Only',
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
'Operating System :: MacOS :: MacOS X',
'Operating System :: POSIX :: Linux',
],
@ -126,7 +126,7 @@ setup(
],
},
install_requires=install_requires,
setup_requires=['pytest-runner'],
setup_requires=['pytest-runner', 'cryptoconditions'],
tests_require=tests_require,
extras_require={
'test': tests_require,

71
tests/assets/test_divisible_assets.py
View File

@ -52,8 +52,8 @@ def test_single_in_single_own_single_out_multiple_own_create(b, user_pk):
assert tx_signed.outputs[0].amount == 100
output = tx_signed.outputs[0].to_dict()
assert 'subfulfillments' in output['condition']['details']
assert len(output['condition']['details']['subfulfillments']) == 2
assert 'subconditions' in output['condition']['details']
assert len(output['condition']['details']['subconditions']) == 2
assert len(tx_signed.inputs) == 1
@ -76,8 +76,8 @@ def test_single_in_single_own_multiple_out_mix_own_create(b, user_pk):
assert tx_signed.outputs[1].amount == 50
output_cid1 = tx_signed.outputs[1].to_dict()
assert 'subfulfillments' in output_cid1['condition']['details']
assert len(output_cid1['condition']['details']['subfulfillments']) == 2
assert 'subconditions' in output_cid1['condition']['details']
assert len(output_cid1['condition']['details']['subconditions']) == 2
assert len(tx_signed.inputs) == 1
@ -89,6 +89,7 @@ def test_single_in_single_own_multiple_out_mix_own_create(b, user_pk):
def test_single_in_multiple_own_single_out_single_own_create(b, user_pk,
user_sk):
from bigchaindb.models import Transaction
from bigchaindb.common.transaction import _fulfillment_to_details
tx = Transaction.create([b.me, user_pk], [([user_pk], 100)])
tx_signed = tx.sign([b.me_private, user_sk])
@ -97,9 +98,9 @@ def test_single_in_multiple_own_single_out_single_own_create(b, user_pk,
assert tx_signed.outputs[0].amount == 100
assert len(tx_signed.inputs) == 1
ffill = tx_signed.inputs[0].fulfillment.to_dict()
assert 'subfulfillments' in ffill
assert len(ffill['subfulfillments']) == 2
ffill = _fulfillment_to_details(tx_signed.inputs[0].fulfillment)
assert 'subconditions' in ffill
assert len(ffill['subconditions']) == 2
# TRANSFER divisible asset
@ -207,8 +208,8 @@ def test_single_in_single_own_single_out_multiple_own_transfer(b, user_pk,
assert tx_transfer_signed.outputs[0].amount == 100
condition = tx_transfer_signed.outputs[0].to_dict()
assert 'subfulfillments' in condition['condition']['details']
assert len(condition['condition']['details']['subfulfillments']) == 2
assert 'subconditions' in condition['condition']['details']
assert len(condition['condition']['details']['subconditions']) == 2
assert len(tx_transfer_signed.inputs) == 1
@ -248,8 +249,8 @@ def test_single_in_single_own_multiple_out_mix_own_transfer(b, user_pk,
assert tx_transfer_signed.outputs[1].amount == 50
output_cid1 = tx_transfer_signed.outputs[1].to_dict()
assert 'subfulfillments' in output_cid1['condition']['details']
assert len(output_cid1['condition']['details']['subfulfillments']) == 2
assert 'subconditions' in output_cid1['condition']['details']
assert len(output_cid1['condition']['details']['subconditions']) == 2
assert len(tx_transfer_signed.inputs) == 1
@ -264,6 +265,7 @@ def test_single_in_single_own_multiple_out_mix_own_transfer(b, user_pk,
def test_single_in_multiple_own_single_out_single_own_transfer(b, user_pk,
user_sk):
from bigchaindb.models import Transaction
from bigchaindb.common.transaction import _fulfillment_to_details
# CREATE divisible asset
tx_create = Transaction.create([b.me], [([b.me, user_pk], 100)])
@ -286,9 +288,9 @@ def test_single_in_multiple_own_single_out_single_own_transfer(b, user_pk,
assert tx_transfer_signed.outputs[0].amount == 100
assert len(tx_transfer_signed.inputs) == 1
ffill = tx_transfer_signed.inputs[0].fulfillment.to_dict()
assert 'subfulfillments' in ffill
assert len(ffill['subfulfillments']) == 2
ffill = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
assert 'subconditions' in ffill
assert len(ffill['subconditions']) == 2
# TRANSFER divisible asset
@ -334,6 +336,7 @@ def test_multiple_in_single_own_single_out_single_own_transfer(b, user_pk,
def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk,
user_sk):
from bigchaindb.models import Transaction
from bigchaindb.common.transaction import _fulfillment_to_details
# CREATE divisible asset
tx_create = Transaction.create([b.me], [([user_pk, b.me], 50), ([user_pk, b.me], 50)])
@ -356,12 +359,12 @@ def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk,
assert tx_transfer_signed.outputs[0].amount == 100
assert len(tx_transfer_signed.inputs) == 2
ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict()
ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict()
assert 'subfulfillments' in ffill_fid0
assert 'subfulfillments' in ffill_fid1
assert len(ffill_fid0['subfulfillments']) == 2
assert len(ffill_fid1['subfulfillments']) == 2
ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment)
assert 'subconditions' in ffill_fid0
assert 'subconditions' in ffill_fid1
assert len(ffill_fid0['subconditions']) == 2
assert len(ffill_fid1['subconditions']) == 2
# TRANSFER divisible asset
@ -375,6 +378,7 @@ def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk,
def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk,
user_sk):
from bigchaindb.models import Transaction
from bigchaindb.common.transaction import _fulfillment_to_details
# CREATE divisible asset
tx_create = Transaction.create([b.me], [([user_pk], 50), ([user_pk, b.me], 50)])
@ -397,11 +401,11 @@ def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk,
assert tx_transfer_signed.outputs[0].amount == 100
assert len(tx_transfer_signed.inputs) == 2
ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict()
ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict()
assert 'subfulfillments' not in ffill_fid0
assert 'subfulfillments' in ffill_fid1
assert len(ffill_fid1['subfulfillments']) == 2
ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment)
assert 'subconditions' not in ffill_fid0
assert 'subconditions' in ffill_fid1
assert len(ffill_fid1['subconditions']) == 2
# TRANSFER divisible asset
@ -416,6 +420,7 @@ def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk,
def test_muiltiple_in_mix_own_multiple_out_mix_own_transfer(b, user_pk,
user_sk):
from bigchaindb.models import Transaction
from bigchaindb.common.transaction import _fulfillment_to_details
# CREATE divisible asset
tx_create = Transaction.create([b.me], [([user_pk], 50), ([user_pk, b.me], 50)])
@ -442,15 +447,15 @@ def test_muiltiple_in_mix_own_multiple_out_mix_own_transfer(b, user_pk,
cond_cid0 = tx_transfer_signed.outputs[0].to_dict()
cond_cid1 = tx_transfer_signed.outputs[1].to_dict()
assert 'subfulfillments' not in cond_cid0['condition']['details']
assert 'subfulfillments' in cond_cid1['condition']['details']
assert len(cond_cid1['condition']['details']['subfulfillments']) == 2
assert 'subconditions' not in cond_cid0['condition']['details']
assert 'subconditions' in cond_cid1['condition']['details']
assert len(cond_cid1['condition']['details']['subconditions']) == 2
ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict()
ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict()
assert 'subfulfillments' not in ffill_fid0
assert 'subfulfillments' in ffill_fid1
assert len(ffill_fid1['subfulfillments']) == 2
ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment)
assert 'subconditions' not in ffill_fid0
assert 'subconditions' in ffill_fid1
assert len(ffill_fid1['subconditions']) == 2
# TRANSFER divisible asset

71
tests/backend/mongodb-ssl/certs/ca.crt
View File

@ -1,38 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGoDCCBIigAwIBAgIJAKTE39sa24PHMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
MIIGzjCCBLagAwIBAgIJAOgGsskqnC78MA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD
VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNV
BAoMD0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNU
LUNBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb20wHhcNMTcwNjAy
MDcwMzUwWhcNMjcwNTMxMDcwMzUwWjCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgM
BkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdt
YkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8GCSqGSIb3DQEJ
ARYSZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAnX3DXlpfbDCemFTshrLxtlp4PDTkxRQf3uCfqPa5FlahIYQRH0+iBPg4
KmfUynBB2ZQDOlzA/IJwFCoSsEWcua8rLj12kWeqxJFnLcbO5pgMyf/QFfZvtNiR
JIoMy4xihn8UlDOiYl4uffQyC+cEKJAHf+Gcqawx4ub+If6jJgt/jryL9n+jFVVQ
sENduy5VQjb+x1CXHtBP19419qDhj5IOJGdYEPB8LWIGSZRKZ/X5IlhnuK56Qdq9
GVxtFsCUFamtcnw5J+E3rKYRrH1sRgysWedgm08OWnQ5/8ptiH+P+1MkwexoSg68
9StdT90aSrya6lMzAjUpzuzOdhy+nBqXzkAIj0wiN0qQFC8QqQwfwNd/82oZo5lp
oV9n3xmds/q0kMrWXL8fKmjD1QyF20vuU6+W6dMzqkA7te6Aq+yKtJn3MKGQQ7X9
ifgPaa8paWKeBikpYjdPstF8BT5OJaZDec8YwZYx17iCUiKPPxOCE8EEcF8rtqgV
mIHyxjB1HTmZRBQaLecGwjuiWUYgfpI2kj6Ky1HTB5BVgs81YWCMxNuvCTyjnVOH
BtVvTNUjm3LPZPIdnNZvngy6IirEc4nSBdt0UDJDo5U3rzQNKeC8yPMeU3eT/taB
dwMiHZoHy7x/a1l+jh2TM7kb8e2N6mGbC8CoGOOOqmdIv9enl1ECAwEAAaOCAQEw
gf4wHQYDVR0OBBYEFJfI3Mjur+JwxAmbGVCPhh0s/24mMIHBBgNVHSMEgbkwgbaA
FJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQGEwJERTEPMA0G
A1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWlu
REIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNBMSEwHwYJKoZI
hvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAMBgNVHRMEBTAD
AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmXclBjgbEU5RIl1d
nk3eox3QhyLAcgYnWJt4Z4gbz9F8pk2oGZP5vklIm1zezB244K7r8cAg3o5EzSyF
dTQ7yXSaYJm1Q9ljD+W/dqxpSnu1xIxJvqID9LUX+VOgyY/qw/TrUul/bWGOEzuN
+0akeMm5USv31SAJMD2pTAnxgxlRkgY5YzhTTFqMPEGMsYGXUoLyX9ghVl04NBKo
wAwC6Sp7teZ6nnziwc6MuSCiBrULVRLtiegRFX2nsYVNmRstIKTjuhx/+bajT6Gh
nN4zY5BWri7UXf0y4toLM5gM9Dgz2335iz8F6u8rJ1hz1mbkwQKWzHOQqIaBAu1P
TUlF9dLlNAsxozobuGCtYjKE4kYxBqGzSjTnuaN18yHF3PFKlzj++d15fCUWU6Fe
rXXI7VUguxWtAM7spTfsttCRW3GYW551gvCYNtrpuV64xitNUpwOK1Jbg9iyqhPT
8KUfT6cLhw1+XDxt0XqJXhY5GjfnAtZzhxWmJN0LBexNIcdgKtFt/ZxCz9rGwXIB
n1jbZdeukfVZLfAuwhFey8D3Mb+ghj3v/stBEquIAmCsB2YN+dQ5SQsUu7jVutFg
jzwoZwr+JliWPEmtR9N8v6ZWAoEkoZcIjLBlqYRHLt8uDwiSGUGJQO18NhTEii2Y
Qs3HMrZBFYSooUdps/9YA9mZtfI=
BAoMD0JpZ2NoYWluREIgR21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwS
VGVzdCBJbmZyYSBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5k
Yi5jb20wHhcNMTcwNjEzMTQzNTU1WhcNMjcwNjExMTQzNTU1WjCBmzELMAkGA1UE
BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQK
DA9CaWdjaGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRl
c3QgSW5mcmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIu
Y29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuIgbqLOkJoFtnIKF
Pq4nMY/uyLt3YRiWyWJq68EuZ5rkoQDJOzaVYGgoJDUVxunT2/MVyAbc1MQN5WGa
NU5aQZnyYAgC7Ci/u/5YfgfHz4H+uLXm6rRz6bVRAt4WY5ZIHEtp+ThX+rDCs7pE
jcZxZdFjCbyrNdZtyDvhoHUwgKBiJ3b2373tq7rihNPeThABjkYOy2qStUnpNdiN
R9IrvSOAS/MzJVO3aoKkFLnKk0hD2Gjdh4hS2o3ZeF1TVHoBk6rA4I9szikYbCKa
SXAtF8CpUqnbThESM6+PfCfNRG+d+MEOi0jiMZzOrQLyG4bPRiec8ArTR5Bv1hsh
aKfRJONuSnX+40YBfhwTMpBqdbntereBlT8ahOJNZTbot5XVxSt69KZ2PZ99UpUl
WK+M8QLmjjwZEFCo4scGEXy1+6QcgTAgY2cN1NaDrO+7FNANGSi/dDXXJfWRauSd
kdUnn6uYioL6bwqZ2gvUYEKT7ezF2/PImmyCyZ01/ovLuhB2aT/1kd51/KLeuvZ2
8yIu5YnKSKp7Bur8d7KrQc7mf/GHUw9Kvdjb4K7OOXimHZhCjQpxOtFYHOo+lEur
zHrsMwciBcJKGQzVnuhpDh7J+JDHKSSfJJlTuOuxvVGgzVgzCzbUn57F6C9Vs7g8
Wk+ldudK+kn9kV18ncpWnwdZl6cCAwEAAaOCAREwggENMB0GA1UdDgQWBBRpx4WA
ZOaQQOkwaIgj0k277N+YmDCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQQOkwaIgj0k27
7N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0G
A1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxEDAOBgNVBAsM
B1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEhMB8GCSqGSIb3
DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwDAYDVR0TBAUwAwEB
/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEsHfo6/yp38egCYiYej
b8Dm674M7/neaL/QBLTxCgnpImxE4gHRZi1yWR4im5UL6gjZ7mM7AGL7Q1D/grG2
3rc/WoSjBQPIe6gpuQwAni/iCaNI/QTgXFCx5fWZj/eIRF6ipKzxWkem3PdSdYUz
BoDuEZaKE7j4KOZDGD4UgN8igsNzmXHYH9nMFR4OERdIlTaHXmJvQ+5/yaazzzF0
XXvbHSv5gHrnGoveDFNj11UJKwumG+L5UvKWsMe8zoS9YjvMJ9M9yUZ1WHjEdSuB
erEbbKnkv7FITyM4urGOS6Y6CjTjV8xG5IPxkHUQjEavjVcvbMaRr8vKf5rf2iuR
hDDYNknQf5zm5qmBq/cPC4dupKQyW58Kt5JkoY4Ok1zs4n9i6EFLUCHO3NaHsnfF
5iNg48DfI2ssk2HVGLyI8AiLl/IftvAP3OOAn6gW3twvwKK6m1Yfv822odEHv9oB
SDXlvbZhnwe8ZvNRa7QCiItzE/b/bh0+c1pk9M169qQAcum8OdwljS6XBzk2o0mv
cP6VD+UlutkEpOFW10m8QAcGHPVICSpBBSnry8fX90465BvurVLgYb5VJ7l7VTjn
7j99dO0MhE0OSfHONUcbf9+nyBYMkh2Gj+/N3zWd/F/COHeZveRoSdc37dEJOWjz
lEAdkN13aos01b6Xk9Dn4bf7
-----END CERTIFICATE-----

39
tests/backend/mongodb-ssl/certs/crl.pem
View File

@ -1,22 +1,23 @@
-----BEGIN X509 CRL-----
MIIDoTCCAYkCAQEwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkRFMQ8wDQYD
MIIDvzCCAacCAQEwDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNVBAYTAkRFMQ8wDQYD
VQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5E
QiBHbWJIMQwwCgYDVQQLDANFTkcxEDAOBgNVBAMMB1RFU1QtQ0ExITAfBgkqhkiG
9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbRcNMTcwNjAyMDcwNDA3WhcNMTcxMTI5
MDcwNDA3WqCBxzCBxDCBwQYDVR0jBIG5MIG2gBSXyNzI7q/icMQJmxlQj4YdLP9u
JqGBkqSBjzCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UE
BwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VO
RzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu
ZGIuY29tggkApMTf2xrbg8cwDQYJKoZIhvcNAQELBQADggIBAEDFXjmlQhBafb9u
IId7ZrHFeueCiDsWJd2cI7BOIU4gsJzrL+SCjvAWyADd1np0gB86M7JK1W3iUfKI
FbwAbsxgJSnwyzwoQcTCp8/vD7z7+7uTxvbaEGOEiW9sVqRs/CKIzVoSQPB/R6cM
9WHwRuXeLALPIrVsxRaeIMbhEUgmfi9R2KvzKvc6yLMxWd1mmW8xdq7zZ6nlGl9Y
mrnRwOEdfgOUvuAaQgBculK3eKZmzJzzh1t+hJstmzdjtM+0gw3bzGLg3IJJ2uTK
D6nnSLG/QGTvnOmhIlnr26sYvVSMJrPrT7EyI/pN4GYWHwJ3rIJm9ii1+4q+D6YX
a6iyywOL/T0Sb7EUXmM9KHhnoaLXQetGmP2bgMprUF+3rgj/KjPHk2eXFyW++GWs
jlcyRvBd8a5AA9L2pPmoKQEQNL65YJcJSzfT3ZpkPxw/kD08Y29Vn7i86ol+MSdz
4dYuI4dTyU5IcMX4eQi4rdTm8rS55EE3MkL0OePeq375GROoInSyKeLpqPDPdpZx
Fo0AX0Rn3lt4vXFba84Vz5EveXt/jP2c01CXjTDzwfL13B7cbNl8yjD+Qopt9qXw
BPet7/eZs9gwcpcYooRjSD0zYvW3/wngqTPY/nPMZ4Wpm6QivGZo7LfMz5regjeT
DMQWkWlP8aup1aPeoDFXC2tzQhVK
QiBHbWJIMRAwDgYDVQQLDAdST09ULUNBMRswGQYDVQQDDBJUZXN0IEluZnJhIFJv
b3QgQ0ExITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbRcNMTcwNjEz
MTQzNjU1WhcNMTcxMjEwMTQzNjU1WqCB1jCB0zCB0AYDVR0jBIHIMIHFgBRpx4WA
ZOaQQOkwaIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgM
BkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdt
YkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBD
QTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvww
DQYJKoZIhvcNAQELBQADggIBAGGHwjqvEayCkMzacIrhLlT97ra/5BGv9DIsVJUo
oEL+NuCl3lyd3lP+jr+cam+tqGJhsf43i7ZndmU4CKPS2WbZWENGSFcVIcNV05qT
YvGE62TpX74ZbFUAAsrZSyEGJFkREyrIwCc6b8O0Gr0BKCbnmlj/3XEhe9bsAu8m
bZiN6I1e89Wbz+nNzUi1cE2ZRRQgiTX4CFuvl9L37N4KvAHH1HJn6xzWx+VYP5xQ
vN1SK0SvsWHk3jiiyRazunWgJrdwmorqWApYHFybUNKw4B5btKe3ezl13ZXOIwDA
Ui6Fhi1jHj0yimZfieChD/bqGKEBFwrYp44ZRz52cg+YYcYzY72Rn6g7x8TsbNt0
7h4jq2MEQ3We4zYEXFz7ZPxNLn7wYxx0x5h2E5vPaXXp5W/TzpCquSkpGSWF26OH
QAXaDOESAJV3e2oPFN8Wger3Oj7FTa0IZtne1aH/wnY0keDsVuvA8sHoy1Ylw72H
cv6D2ABEm4erAJ7n6BQ/unYXd+qKCYPLdxdOyd9lBGJhk6uN+Nzued/z8SjV3XEb
i6JvHwUEl/hwRWFF3k5vDaX4d5Z4kTIzO9+4ut44WRcgJ4zRd64ZKpGPEnTg3VsJ
oqQmwcfBvThKZmgrvUnvPzGYbA5LduQYRJ+elD5hGHBOEvayAof3FLKZZG8zNjip
lLJj
-----END X509 CRL-----

215
tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt
View File

@ -3,130 +3,131 @@ Certificate:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=TEST-CA/emailAddress=dev@bigchaindb.com
Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
Validity
Not Before: Jun 2 07:13:16 2017 GMT
Not After : May 31 07:13:16 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=test-bdb-ssl/emailAddress=dev@bigchaindb.com
Not Before: Jun 13 14:44:30 2017 GMT
Not After : Jun 11 14:44:30 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=BigchainDB-Instance, CN=test-bdb-ssl/emailAddress=dev@bigchaindb.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cb:59:21:c4:6e:b7:93:c7:d1:87:e1:8f:06:07:
c6:4f:31:35:4d:cc:43:8e:25:bf:4a:08:3e:df:3a:
b0:d8:3c:b5:45:39:49:aa:ef:17:53:2c:fa:74:73:
4e:f6:36:ae:ad:9a:88:3c:1a:ad:c2:ac:1c:b3:14:
39:18:8a:33:54:54:59:11:31:b8:8a:1a:0f:d5:79:
dd:6d:8d:63:a0:8f:0a:a3:5e:b2:40:d0:67:84:b7:
b6:4b:66:43:85:8a:18:a0:51:08:c9:b0:09:0b:8d:
bc:89:6c:47:a1:b2:bb:b8:1e:04:77:cb:7e:f4:ae:
c7:50:43:0b:49:48:90:4c:7d:72:17:0b:bb:57:72:
dd:ad:62:ba:8d:b4:80:c4:b8:83:a2:c9:08:f7:11:
44:0b:67:7f:d4:df:b8:59:5b:c0:32:26:04:95:bc:
c2:eb:92:7b:e9:5d:99:d7:d9:86:be:f0:a7:c5:e5:
1e:95:f3:86:21:74:3d:03:ca:4a:c0:4d:59:75:b5:
62:24:04:09:8a:47:0f:a6:c3:ee:99:82:dc:02:53:
70:f1:77:61:58:2e:9b:db:20:40:9f:15:08:de:3d:
c4:11:29:2f:6f:51:1b:36:19:b2:27:03:b8:15:ec:
3e:56:65:77:97:46:58:07:0b:85:87:a1:f4:ee:4f:
fc:bc:22:10:da:3c:83:dd:80:26:d7:3e:23:f6:0e:
3f:4d:f9:1a:eb:2f:ca:60:ea:97:40:23:d4:14:c3:
b5:c1:46:f2:15:2a:7e:18:56:3a:58:51:fb:a7:42:
14:19:0d:79:1e:25:b4:1a:51:74:7b:93:e0:9e:a9:
41:83:ab:94:6f:3c:6f:23:0c:7e:bc:14:31:54:ca:
8a:47:0e:a8:01:bd:f6:e9:bd:54:dd:10:84:5f:3f:
54:05:47:ae:4e:5d:e1:10:9d:a1:7b:08:b5:96:c6:
ba:fc:97:e0:22:c7:07:23:a2:ad:be:e2:7a:a8:8c:
e9:8a:e4:8e:64:4a:e9:45:b9:2b:55:e0:5c:3a:e8:
92:fd:48:54:6b:1e:14:d9:98:72:53:6e:0b:bd:e8:
ea:a9:c1:b2:29:ac:35:7b:0d:a8:22:13:83:d7:af:
90:ec:4a:74:41:3c:fd:32:f6:46:a7:96:02:a3:23:
a2:f1:6f:0f:55:e6:aa:8b:47:17:74:a8:c9:5f:ab:
46:68:6e:d8:11:dc:bd:83:96:3a:a9:04:e0:4c:d2:
03:a8:9e:fd:00:c8:09:f9:71:69:92:10:75:8e:8f:
9e:e4:d6:1c:bd:fd:3f:32:fb:ce:a4:af:cf:9c:f6:
29:6e:15:ed:c7:df:2d:27:8f:03:b9:fc:ac:3f:23:
ac:2a:f3
00:cb:8b:a5:98:f8:cb:ab:f0:c3:e3:8a:b1:92:ba:
c3:45:e0:1e:ed:d8:f2:a8:39:02:fd:8f:0f:e1:c9:
9d:79:0c:38:38:df:a7:ef:6d:10:32:5a:1f:c8:d8:
ef:ea:a3:51:40:c3:a0:9b:67:f5:91:43:4f:05:fb:
b3:05:9a:01:47:88:53:2d:a0:67:fd:0e:1d:a3:9c:
de:1f:48:9e:e7:9f:6a:cc:04:d2:9e:36:90:e0:52:
01:11:31:6f:db:5a:aa:4e:3d:83:5c:b8:31:7d:8d:
06:8f:c1:f8:71:9e:71:a1:ee:54:8e:6c:77:5f:b4:
69:4a:2d:df:8d:6a:d3:02:26:91:3a:2e:9a:58:61:
6b:18:1a:ac:7b:c6:e4:b7:4d:ca:af:97:14:af:fa:
16:87:78:50:98:d4:d1:50:3e:e6:d1:c2:d8:85:ee:
06:5b:2d:43:8d:d8:3d:22:6d:28:59:52:44:79:e5:
49:58:82:1a:0e:7f:06:80:85:79:52:1a:c1:c0:32:
d2:28:c7:b9:c0:67:9d:5c:b3:13:08:07:95:d6:91:
87:6e:f8:53:7a:fa:67:d5:c8:07:91:d9:46:03:45:
9e:b1:be:f7:78:fb:9a:a5:73:41:cf:b5:02:73:ed:
d5:a8:da:77:bd:3c:cf:e8:e5:dc:1f:cf:d6:93:e9:
50:d4:76:f2:53:ec:a8:7d:7b:a7:84:4c:95:00:3e:
ab:f4:8e:0b:b1:2a:ef:7d:a1:66:d6:a1:f0:21:5c:
0f:94:0a:12:de:82:65:55:14:47:37:61:cf:68:12:
13:c1:f1:7b:14:5f:5c:ff:cf:b1:68:37:d6:75:5a:
7d:cc:6c:22:e6:34:07:d1:2e:66:a7:6a:1e:9f:ee:
e9:b8:5d:da:a2:25:1b:00:70:a9:65:8d:66:54:42:
49:85:fa:07:56:b4:77:26:af:70:4b:4f:ed:74:68:
72:d4:f5:f9:ea:cc:23:a3:d6:8c:39:a2:79:f6:8c:
64:4c:e3:75:17:86:6f:f1:e1:de:33:ec:28:89:e3:
3b:a1:73:c9:da:57:fa:9c:cc:8b:51:63:10:26:f3:
27:9a:c0:e2:67:2d:52:e7:41:a0:7e:6b:6d:7c:3d:
cc:4a:51:8a:62:c5:17:9c:88:c2:5f:38:a2:8d:ba:
bb:6f:82:11:e3:6c:ec:af:58:f8:06:b0:2d:02:4f:
dd:73:81:69:3f:cc:76:72:a1:db:73:43:8c:97:39:
30:49:d2:9a:77:30:49:21:85:32:0a:6a:37:bf:09:
06:60:a3:0f:e5:ba:f5:07:2a:34:e5:3b:07:1d:10:
c1:c0:38:bc:95:dc:81:b2:89:ab:d5:17:9c:21:c3:
1a:b2:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
56:19:A1:BA:91:22:9C:E0:84:71:47:64:A2:CD:F9:28:C0:C0:EB:67
B7:F5:E7:0E:F8:D8:FE:A1:56:5B:EA:80:2F:18:71:C2:44:0C:91:D0
X509v3 Authority Key Identifier:
keyid:97:C8:DC:C8:EE:AF:E2:70:C4:09:9B:19:50:8F:86:1D:2C:FF:6E:26
DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ENG/CN=TEST-CA/emailAddress=dev@bigchaindb.com
serial:A4:C4:DF:DB:1A:DB:83:C7
keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
serial:E8:06:B2:C9:2A:9C:2E:FC
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
18:50:cd:6d:2b:0f:aa:e4:25:1e:b9:16:1f:b5:39:17:b7:5c:
d8:c0:a6:97:17:3d:0b:39:6f:5f:d2:2c:42:c1:6f:06:e8:72:
a1:f6:ee:40:47:6c:d6:f0:84:dc:4d:67:07:e9:4b:dc:fe:5c:
05:a4:af:54:ac:92:f3:14:48:4a:e1:28:b0:cb:7e:3b:68:da:
98:b7:08:44:16:30:a8:94:32:1c:f8:2b:6a:ab:01:95:e9:10:
a1:b6:bd:08:ee:0d:27:be:95:ed:9b:ce:e0:70:e8:b2:7d:9b:
c9:4b:18:33:09:1b:91:78:29:f5:22:2f:59:18:40:95:ea:6b:
3c:e9:e6:30:ab:f1:e2:ab:a2:0b:97:30:a1:39:f5:5f:4b:97:
f2:7d:54:e8:51:85:19:8e:09:69:93:5e:96:40:79:74:45:6f:
93:dd:47:55:1e:7d:76:8d:ad:84:3d:d6:f4:4e:a0:62:59:e3:
62:98:2c:c7:44:21:aa:5c:77:71:ef:8a:25:16:d9:dc:ab:32:
d1:da:aa:86:40:a4:2f:07:4a:bf:f0:45:83:8d:fe:0b:89:e6:
c9:88:42:0a:5c:ea:ba:b1:e2:e5:22:e0:17:74:7e:ae:ec:d4:
2c:0d:4e:35:69:7b:a5:89:c6:a6:b0:44:24:b4:12:02:5c:ad:
40:ae:ae:e2:8f:e1:aa:25:89:32:d8:ab:1e:37:00:a3:2c:43:
e2:cd:ad:8e:91:97:14:61:ff:dd:48:6f:8e:0f:07:8c:9d:c0:
dd:bc:c8:c6:4f:eb:33:d8:40:64:bb:82:56:75:78:0c:d7:40:
9b:12:ea:2a:82:ef:70:cf:75:3e:75:45:80:18:70:c1:10:41:
5b:7f:32:fe:f0:cc:e7:98:56:c7:7e:b3:99:a7:6a:37:1d:80:
0d:0f:26:56:12:b9:9e:64:8b:90:39:5e:2b:f4:01:c2:9b:fc:
34:4d:c1:be:c4:44:54:3b:f9:b9:0b:2c:ad:ac:04:f1:be:6a:
74:70:0f:a4:fb:86:1f:81:a6:3f:69:ed:96:52:0e:1f:32:5e:
49:8a:9d:26:2c:15:62:3a:9a:bf:da:2d:4c:31:36:7f:93:5e:
27:b0:f4:dd:13:44:18:70:f2:97:0a:a6:69:ed:63:34:f1:fc:
94:a1:1f:3f:1c:e2:a1:fa:4a:8d:a2:9c:46:5b:8f:d8:e6:d9:
9f:34:d8:97:84:3f:09:be:66:74:1a:51:96:73:52:80:9c:51:
ad:78:18:15:54:90:3a:1c:18:61:90:77:b0:10:b3:18:5b:77:
11:f3:1e:18:12:08:dd:95:22:d4:41:06:96:2a:b5:11:8c:3f:
33:71:32:99:12:de:42:29
78:44:00:be:10:3b:f3:40:e1:5e:e4:3a:64:99:13:71:1d:91:
96:f6:f1:0f:db:99:6c:65:c3:be:c9:0d:d7:a1:c8:7c:09:e6:
56:5b:32:44:5f:e8:00:27:b5:20:28:d9:19:5a:74:21:4f:1a:
ef:5a:e9:cc:f4:97:f1:9f:97:9b:45:35:cb:df:27:6a:75:ce:
9e:0e:11:be:03:fa:1a:91:77:9d:7d:6a:76:59:6b:98:96:09:
21:cd:ca:54:1e:1f:75:58:68:5d:af:c2:8a:18:c5:56:d9:56:
39:c6:a7:2a:a4:0e:0b:88:7e:55:72:7f:ec:07:0d:7f:7a:c0:
14:8f:44:f4:cc:3b:30:97:8a:98:e2:da:7e:88:b8:a5:93:4c:
f4:92:e1:e8:84:60:bc:f9:e4:55:0f:68:ba:34:70:4f:9f:47:
63:c1:2f:96:78:ab:43:80:87:f2:0d:10:57:a0:a0:8c:d4:93:
c3:89:ef:f0:2f:58:63:53:8c:1e:29:4c:a5:88:ec:56:af:22:
65:54:77:6c:f8:cd:68:2d:34:f7:71:cf:12:6e:ba:50:8f:30:
a0:05:31:e7:32:27:29:e5:1b:a9:40:3c:49:45:a3:8e:2d:10:
0b:b4:da:f5:73:e7:aa:d1:c7:a8:a6:f5:32:4a:33:f3:60:3d:
72:4e:b9:1e:15:e9:7d:0c:a9:f8:57:72:2b:60:24:18:47:5b:
34:f5:25:ef:93:10:4a:0b:ed:e8:39:2e:d8:9e:bd:32:67:ce:
7c:c7:a4:0e:5f:03:1e:8d:4a:7f:ac:7f:4e:7b:f8:26:44:1c:
9f:6b:a0:9e:4d:90:31:13:8a:46:5f:87:9e:bc:06:f2:b6:e5:
6b:75:d1:f3:c0:4d:fe:c5:16:34:35:ce:6e:31:f3:1f:cd:4e:
13:5d:0a:84:00:cc:72:b5:ef:a4:90:74:70:53:9b:6c:b3:58:
5e:3b:ba:5b:ff:4c:fe:47:7e:20:1c:83:04:57:7a:a5:08:ed:
29:51:11:e0:a5:81:92:b5:4f:32:74:35:be:8a:c6:82:7a:50:
45:f9:ee:57:62:a5:41:57:dc:3d:f7:bd:17:59:2d:53:2c:d0:
81:76:e8:1b:64:bd:80:94:eb:b1:f6:0f:8f:c7:50:cb:c4:c2:
33:b0:78:78:d4:61:d2:d7:54:0a:71:24:59:0f:30:23:8c:45:
d6:b9:f1:5c:99:eb:20:11:2f:ca:36:39:36:72:e9:f5:24:47:
54:54:20:4d:1d:aa:cd:ec:ec:4b:89:2b:67:00:62:64:2c:05:
19:6c:91:72:01:bb:04:0c:f0:e1:27:5e:c9:9b:f1:41:09:8a:
dc:62:85:a0:87:c8:d5:ab
-----BEGIN CERTIFICATE-----
MIIGsDCCBJigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUx
MIIG3jCCBMagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
aGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8G
CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4XDTE3MDYwMjA3MTMxNloX
DTI3MDUzMTA3MTMxNlowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x
DzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5EQiBHbWJIMQwwCgYD
VQQLDANFTkcxFTATBgNVBAMMDHRlc3QtYmRiLXNzbDEhMB8GCSqGSIb3DQEJARYS
ZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAy1khxG63k8fRh+GPBgfGTzE1TcxDjiW/Sgg+3zqw2Dy1RTlJqu8XUyz6dHNO
9jaurZqIPBqtwqwcsxQ5GIozVFRZETG4ihoP1XndbY1joI8Ko16yQNBnhLe2S2ZD
hYoYoFEIybAJC428iWxHobK7uB4Ed8t+9K7HUEMLSUiQTH1yFwu7V3LdrWK6jbSA
xLiDoskI9xFEC2d/1N+4WVvAMiYElbzC65J76V2Z19mGvvCnxeUelfOGIXQ9A8pK
wE1ZdbViJAQJikcPpsPumYLcAlNw8XdhWC6b2yBAnxUI3j3EESkvb1EbNhmyJwO4
Few+VmV3l0ZYBwuFh6H07k/8vCIQ2jyD3YAm1z4j9g4/Tfka6y/KYOqXQCPUFMO1
wUbyFSp+GFY6WFH7p0IUGQ15HiW0GlF0e5PgnqlBg6uUbzxvIwx+vBQxVMqKRw6o
Ab326b1U3RCEXz9UBUeuTl3hEJ2hewi1lsa6/JfgIscHI6KtvuJ6qIzpiuSOZErp
RbkrVeBcOuiS/UhUax4U2ZhyU24LvejqqcGyKaw1ew2oIhOD16+Q7Ep0QTz9MvZG
p5YCoyOi8W8PVeaqi0cXdKjJX6tGaG7YEdy9g5Y6qQTgTNIDqJ79AMgJ+XFpkhB1
jo+e5NYcvf0/MvvOpK/PnPYpbhXtx98tJ48DufysPyOsKvMCAwEAAaOCARQwggEQ
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFFYZobqRIpzghHFHZKLN+SjAwOtnMIHBBgNV
HSMEgbkwgbaAFJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQG
EwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoM
D0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNB
MSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAT
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
ggIBABhQzW0rD6rkJR65Fh+1ORe3XNjAppcXPQs5b1/SLELBbwbocqH27kBHbNbw
hNxNZwfpS9z+XAWkr1SskvMUSErhKLDLfjto2pi3CEQWMKiUMhz4K2qrAZXpEKG2
vQjuDSe+le2bzuBw6LJ9m8lLGDMJG5F4KfUiL1kYQJXqazzp5jCr8eKroguXMKE5
9V9Ll/J9VOhRhRmOCWmTXpZAeXRFb5PdR1UefXaNrYQ91vROoGJZ42KYLMdEIapc
d3HviiUW2dyrMtHaqoZApC8HSr/wRYON/guJ5smIQgpc6rqx4uUi4Bd0fq7s1CwN
TjVpe6WJxqawRCS0EgJcrUCuruKP4aoliTLYqx43AKMsQ+LNrY6RlxRh/91Ib44P
B4ydwN28yMZP6zPYQGS7glZ1eAzXQJsS6iqC73DPdT51RYAYcMEQQVt/Mv7wzOeY
Vsd+s5mnajcdgA0PJlYSuZ5ki5A5Xiv0AcKb/DRNwb7ERFQ7+bkLLK2sBPG+anRw
D6T7hh+Bpj9p7ZZSDh8yXkmKnSYsFWI6mr/aLUwxNn+TXiew9N0TRBhw8pcKpmnt
YzTx/JShHz8c4qH6So2inEZbj9jm2Z802JeEPwm+ZnQaUZZzUoCcUa14GBVUkDoc
GGGQd7AQsxhbdxHzHhgSCN2VItRBBpYqtRGMPzNxMpkS3kIp
aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
DTE3MDYxMzE0NDQzMFoXDTI3MDYxMTE0NDQzMFowgaExCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
aW5EQiBHbWJIMRwwGgYDVQQLDBNCaWdjaGFpbkRCLUluc3RhbmNlMRUwEwYDVQQD
DAx0ZXN0LWJkYi1zc2wxITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNv
bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMuLpZj4y6vww+OKsZK6
w0XgHu3Y8qg5Av2PD+HJnXkMODjfp+9tEDJaH8jY7+qjUUDDoJtn9ZFDTwX7swWa
AUeIUy2gZ/0OHaOc3h9InuefaswE0p42kOBSARExb9taqk49g1y4MX2NBo/B+HGe
caHuVI5sd1+0aUot341q0wImkToumlhhaxgarHvG5LdNyq+XFK/6Fod4UJjU0VA+
5tHC2IXuBlstQ43YPSJtKFlSRHnlSViCGg5/BoCFeVIawcAy0ijHucBnnVyzEwgH
ldaRh274U3r6Z9XIB5HZRgNFnrG+93j7mqVzQc+1AnPt1ajad708z+jl3B/P1pPp
UNR28lPsqH17p4RMlQA+q/SOC7Eq732hZtah8CFcD5QKEt6CZVUURzdhz2gSE8Hx
exRfXP/PsWg31nVafcxsIuY0B9EuZqdqHp/u6bhd2qIlGwBwqWWNZlRCSYX6B1a0
dyavcEtP7XRoctT1+erMI6PWjDmiefaMZEzjdReGb/Hh3jPsKInjO6FzydpX+pzM
i1FjECbzJ5rA4mctUudBoH5rbXw9zEpRimLFF5yIwl84oo26u2+CEeNs7K9Y+Aaw
LQJP3XOBaT/MdnKh23NDjJc5MEnSmncwSSGFMgpqN78JBmCjD+W69QcqNOU7Bx0Q
wcA4vJXcgbKJq9UXnCHDGrJhAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMB0GA1Ud
DgQWBBS39ecO+Nj+oVZb6oAvGHHCRAyR0DCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQ
QOkwaIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJl
cmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgx
EDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEh
MB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IC
AQB4RAC+EDvzQOFe5DpkmRNxHZGW9vEP25lsZcO+yQ3Xoch8CeZWWzJEX+gAJ7Ug
KNkZWnQhTxrvWunM9Jfxn5ebRTXL3ydqdc6eDhG+A/oakXedfWp2WWuYlgkhzcpU
Hh91WGhdr8KKGMVW2VY5xqcqpA4LiH5Vcn/sBw1/esAUj0T0zDswl4qY4tp+iLil
k0z0kuHohGC8+eRVD2i6NHBPn0djwS+WeKtDgIfyDRBXoKCM1JPDie/wL1hjU4we
KUyliOxWryJlVHds+M1oLTT3cc8SbrpQjzCgBTHnMicp5RupQDxJRaOOLRALtNr1
c+eq0ceopvUySjPzYD1yTrkeFel9DKn4V3IrYCQYR1s09SXvkxBKC+3oOS7Ynr0y
Z858x6QOXwMejUp/rH9Oe/gmRByfa6CeTZAxE4pGX4eevAbytuVrddHzwE3+xRY0
Nc5uMfMfzU4TXQqEAMxyte+kkHRwU5tss1heO7pb/0z+R34gHIMEV3qlCO0pURHg
pYGStU8ydDW+isaCelBF+e5XYqVBV9w9970XWS1TLNCBdugbZL2AlOux9g+Px1DL
xMIzsHh41GHS11QKcSRZDzAjjEXWufFcmesgES/KNjk2cun1JEdUVCBNHarN7OxL
iStnAGJkLAUZbJFyAbsEDPDhJ17Jm/FBCYrcYoWgh8jVqw==
-----END CERTIFICATE-----

100
tests/backend/mongodb-ssl/certs/test_bdb_ssl.key
View File

@ -1,52 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLWSHEbreTx9GH
4Y8GB8ZPMTVNzEOOJb9KCD7fOrDYPLVFOUmq7xdTLPp0c072Nq6tmog8Gq3CrByz
FDkYijNUVFkRMbiKGg/Ved1tjWOgjwqjXrJA0GeEt7ZLZkOFihigUQjJsAkLjbyJ
bEehsru4HgR3y370rsdQQwtJSJBMfXIXC7tXct2tYrqNtIDEuIOiyQj3EUQLZ3/U
37hZW8AyJgSVvMLrknvpXZnX2Ya+8KfF5R6V84YhdD0DykrATVl1tWIkBAmKRw+m
w+6ZgtwCU3Dxd2FYLpvbIECfFQjePcQRKS9vURs2GbInA7gV7D5WZXeXRlgHC4WH
ofTuT/y8IhDaPIPdgCbXPiP2Dj9N+RrrL8pg6pdAI9QUw7XBRvIVKn4YVjpYUfun
QhQZDXkeJbQaUXR7k+CeqUGDq5RvPG8jDH68FDFUyopHDqgBvfbpvVTdEIRfP1QF
R65OXeEQnaF7CLWWxrr8l+Aixwcjoq2+4nqojOmK5I5kSulFuStV4Fw66JL9SFRr
HhTZmHJTbgu96OqpwbIprDV7DagiE4PXr5DsSnRBPP0y9kanlgKjI6Lxbw9V5qqL
Rxd0qMlfq0ZobtgR3L2DljqpBOBM0gOonv0AyAn5cWmSEHWOj57k1hy9/T8y+86k
r8+c9iluFe3H3y0njwO5/Kw/I6wq8wIDAQABAoICAFWnHJ8WF8Nqtmpq6wiaO8Dd
tFspwAbfBX0Ujg8PNLBQmfYnlE0o2oVRe8mTTF5PWDKN1fajMi++uXQA/6/Dfq11
vfKNI/Mf2S2NYGSl2qIlvlBkMec1IXV4wJNv5t8X9RmKKI5z1MuGDzU/Y8jLdWCv
XChtkfNUr2WyZ82dgBKIAIeOjIHgQ1mmLXhE4Lx8EA6AaYNQRX4cQW8UMR2KlSFK
fEHqOZxqnkEFCSkvWh+RVMn5oXF+GzB6Or0e92+a5SS8mzMadD5HgmM3Qohs42kj
Zn5/T4SKVWHuaunXPV4HXE/yLiXQXwrhtfXTDjZFxVg08zPIEIofI0anRHkhPg3r
+pyAGuwRH3HoRQLhb8FVhl6HRmrsMl4nW/BassFN6DB01OYl2wqO2ybzXcfb7ihg
0Gg8QaOGVaDT6mJL5F8YSY4rVYeNxvfayO0T7+QORauVNWWXHxm9IMtAUOvdArTm
+FcSwp47o+QcE5iLUJ91c+NsIhAHaJ1C4RA+2hcvfoDQSplQ24ZLR49jjHEWB/0z
vgfxNifOn+XA+hCDwOESGq51ROQSQ6MFnHsVjTReK+3VMbz3mcZTVgXCMGZTKfyr
eALEZsT6WL20Ln4A1Xo8Nb1JfQqmbfSqASasUKXofXJY0QLmcnLrGK2+S0+hyHJc
tsIHEOnLbHLuIN5xz/3xAoIBAQD1sLpN/srusaUm1V6kcHyEKY6ednqwGZjqNL4k
Q872w7eUsg0ofUJ6zlFctDp3fVXWhYYPPyMX7DhbhDPqKOA1Z1sEpacicxZ/7JDC
ymhnyjGJPyxjuNcB+NFDTt3+I4tnadq5wmik1Z1cBp/EK5u/zLV9IAYG2nJn8XYM
NhF+rZPql7WOzJR1yXEnZGAO4PiCq5H1L8uZUx3fbD+mMqjZq8BJrWKPWf1+9zjh
/qe8BiNELkpDlh5pwVSLjNWpR2/FH27JwjQYdMCgWJbK5/M23lDFpmsovkBDbs0w
z0KmV9eHGGLpFhmQ4pNu288TUvmxP3zCSqIXfSFqfTHXDPg5AoIBAQDT4Y2WHCFE
PYjlNhkoQW8KuY1U/mAnNUmU/GJGIRbayk712b23xo8miOC6PF4jhw+fynEDMeN6
eC+5FvVQ59g/ELLLgcVpDbHCqBmSiAfgnWCpOIYhvTJFQKPNEB6XCxO0dSp8PtXA
dyzXRSCI5dYBzbYlV7Pvbgrsj9glgnOxMB/zYWhNIJEZj+UBDLR1PTs+Nx65vZ81
wYUSs7jJN+g9yagFg3NCYWjfLm52sN3xhSpsjKk8FcaWzyUElFzq+QWh34KOxJj0
dq8y8G817B4NqFRN58WeU2Hu5HWk7Pgc611WjZ5AyEKWdz+RFfNcM6BBna1n/jIA
KXUFB+vExISLAoIBAQDrOD+l3II89CbBfxYVKPyNK5w3agccAeW8lLJV1fWXmtlv
queeFA5JtK2Aq6wuKfi8YSlv/2qBxM5QD8oELQ47ErC5Sj8xZC3uW3Zch5xdgd7b
H3hIIPb4FFeEsUUnwq/8WgPmRJIa/ciiClV7YqTChCJdoQMkHI/bo/j4x+sH9Pbg
ak6QYJziB/IlXJv6orhJoikjLJcoO8Ml3GUzoNy3SQ/XegAabnWb0OTMuRmtkdLB
u++ttVN4vHdNA5CreJExkF5pG1z07RJecXIs4NShe0apdCKz5zFvXe1lBYkx6HeY
B2jq7xWa+NFeGWOvhIk5gSbYfMui4VHUufe1g91BAoIBAG6P5igMabeIPKUOw7Xj
3yPDi2JskpQjFFBwGn/pyFlG9EkJ5Bu/uvcqucm0spLraVXCd5JpOACyMoTs2/np
4UeXWRUklHSrNrUSrrVt0l59APGMk0GLzm2gu1jILo42s4OZGCBZUYTrKzTx13ZY
KIIsa/20dCpeS8kBjpKULfap3CJOE/UbJ1wlYCRaEtiSqRVgAeJ+dlPAtcX6jlRB
niiPz+OAomZjGixLuEyrIkVjba3TAIRgAI61bOWk3Y+nfi7nyOLi58W5INb966pB
mbUav1MfvFlPvWzBPjpfhWDh2ITPxWKcnVKSy1LUF3dnYRqcQt5fIIxBFdUYOwkk
Wt0CggEBAMDCdK1+/xzUnUI5q6MYvgCEZlxuskLRjby8EfdCGv4eaNCKB2z3d5jj
PXVXpUKbqzLb0ehmA6e2OVOrD9VJYfRCGqrileJY7GnK1d3zy0DFfPm8iRMgevv9
Sdzxdc5U7VH5FpMuqHfwNKHVK3jMkRQw88eRLKDWYiH7Du+lITYaLa1t6Xo/0r+5
JYoPRUXJv0LiUamTThm4zAs9JOOC2I5/UbgifH21WxllD62fCmxJqF+t0lQWMRUw
GYiU41SiczC2rvGt6PKAlm0VKwBV+iCsywCuP7ywTq5n7/tCCPKMRcdTdpsgA9Sj
ygiQ48fCpPjwXP/+v5TyNchX2aTRCqA=
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLi6WY+Mur8MPj
irGSusNF4B7t2PKoOQL9jw/hyZ15DDg436fvbRAyWh/I2O/qo1FAw6CbZ/WRQ08F
+7MFmgFHiFMtoGf9Dh2jnN4fSJ7nn2rMBNKeNpDgUgERMW/bWqpOPYNcuDF9jQaP
wfhxnnGh7lSObHdftGlKLd+NatMCJpE6LppYYWsYGqx7xuS3TcqvlxSv+haHeFCY
1NFQPubRwtiF7gZbLUON2D0ibShZUkR55UlYghoOfwaAhXlSGsHAMtIox7nAZ51c
sxMIB5XWkYdu+FN6+mfVyAeR2UYDRZ6xvvd4+5qlc0HPtQJz7dWo2ne9PM/o5dwf
z9aT6VDUdvJT7Kh9e6eETJUAPqv0jguxKu99oWbWofAhXA+UChLegmVVFEc3Yc9o
EhPB8XsUX1z/z7FoN9Z1Wn3MbCLmNAfRLmanah6f7um4XdqiJRsAcKlljWZUQkmF
+gdWtHcmr3BLT+10aHLU9fnqzCOj1ow5onn2jGRM43UXhm/x4d4z7CiJ4zuhc8na
V/qczItRYxAm8yeawOJnLVLnQaB+a218PcxKUYpixReciMJfOKKNurtvghHjbOyv
WPgGsC0CT91zgWk/zHZyodtzQ4yXOTBJ0pp3MEkhhTIKaje/CQZgow/luvUHKjTl
OwcdEMHAOLyV3IGyiavVF5whwxqyYQIDAQABAoICAQC0NvMqanWhyW0WxJCOMi98
aX/Y5LGMAdZE+2p7ZY+4QfpxWIyOrsidXDAyGujonSrupYZIshW5RJft2zlY507k
r629gv0vD1VsrBH6LskKmJntAwQbsoI5KkHpoBTCaRbKaSoqaKbg24EIvRukNT20
uphA9YYHxWtHkzAQPJmQmOcSVXqwb6hrUgqPGL0eEpE3QBO/7zQNQ5hQiHS+kMK6
y8H7apBUH9Jk/yS5m14TH4SjTD/RTneViCAQoJyW9ju/WP+7vYIX+WVZUu+xt02S
CY2Y0eLPym8u14jkODQF55knFMZ1Zoc4n8CQD1qZm+UFOFC1yubl9MYdoF4C3ZuC
vABnU7UU6pSABJ3glcwWUrGPxgbWTSlCTFwJqWeUZfEwWXQPhfoGIfckOf89tDsB
9TUd8fnfKVUrqDnEVPryvMZipG1nX4pZX/nXM/22sepdyuQ21quCcUTcUGwBhhQA
gfVJMPUc2dilJyYILYgmZ9k3J1iFVwIahMtqxY7oSaQi5bD9Pcst9MzFwiGo7T2q
4CjfUTPCiQeE+kyiEo1HR6Mhzd80Nobh0BQfMuauBMmkMlA3HPeztyR2U16QdDIa
LG2DOl+Ak4OultjKtGKovsb9FnzDnr/N+ONLgRyKPMwjLgjRPBpGmxSltjfqHpC/
72OK3QPbDe7FRa3+jzC8ZQKCAQEA+RA7fhUEQv722SVpJI1pEvyQGCede65VB3lp
tN4wWqXfdKBKzTcxx6xkojvZPQe5NQFK3743Ui5qbgNxnxuqU/+KsBngZBVAYV6k
muCmpJsucCXVULeG5Cei7Z2FoRn2zjI1+7cMX9kccq+lGjy3imJPjhy9ChTWt/GB
P4Ii6ow2f+ZNKd5Vs/BRvGurLdCWg47UTzujHWtI24nJHjYfWpGIdAmJ9cuA/QgJ
RCVs8U0vXzcRKwGkn45q9t7A9LMMZ2OIryhN3PPY4p1i4zu4kwFEQeJ1CCSrAiTn
etitPxiovo+dmCFWxXeYuY+PNsi5C6kwOHVPDYlv+YrP0cm3jwKCAQEA0TbhuDaQ
rkuVIIlzrQzLl0KqtoQ/p+5KI4WmzDdpmWvLhAGug7Xfi5AmSAmJB+ui/XeHCjyg
Vy+nyoxzJrdjg0WShRgRx2b3rYqxTDsV72sbl1ofrCyX9DOW2XaiLCXPkGQfOmkS
yYagR3xyfsVsf44bwUWj2vckXFhZFZDR2DpRWL20S852RpXvwzOoOWhfaBAqHeR+
qBWVsDuRwo0HCkidgBYnRpg4FAitoiVM+MpB3r84pOK4bO6s0n384l1iFLhWli/d
6hLVa4Hpec5jMHQajhOjdk03gK0xmS9Trcv1aUboih7KH0FlbdlWeKWi/F7sT7P9
3MFrs9G+Ybd/DwKCAQEAiA1t8jnY0iAlCAl/nhABTfXZYNiDFoTsveB89ehJ0bq6
jiLhuahk8QYjEtxOlyAY8/N4yzBFWAcy7FXFQ30BVlFJmVkJUqKpQIdKs6/0WAbN
H0YLeMRIU2mzfsmFrbNZNtoG0zHy+IjJGX0JW4O/X0DE5ISeX1tyz5iFWgPkvutI
+iT8Edr6RgkJHTxTjftbvRHQuFeDixaH/iUOUAqQphDJ0VlEm5hHJfG13hvznvzi
28hhAHUtUFuj4qdcEE+efvvINqZ1ojUyTNhcpHSDJwqSFst10rT1FX7DVD/4o3b8
9tvM4sWTeNsT+omJWgvbyZrqVG0AegyRtmc1jwv50QKCAQAjNGz/Jo9qBOXvN7Hz
aLfJmDpJxC9B/uMS3yaWLqziWDVC3VWUbEJVpcgLTy9z2b7vj/F1U4ZXpXlCqCeo
WCuypz5kjwxO1ZDP7wqunTKvuwJFkbDKtCZNvXCg30mizCoFThPDLHMw3iqSXOqX
UnlTbYJWH3XXHsdLksJK0re8/vM5T5LLPs7ASfKykjq4jkufozizFwQJHLi3kw6Q
AlMw888tAo1RX8Pv+xXctxIgu0giR2Msu8n06qTCNtka7kPW4L4RP7TD8q9fC9lR
2dzvBlqBleRnv86bJIm4ETKviCaftILk2xF/+O0scuoOGzE17nMtZkhNoW6SL7Ut
lEcZAoIBAGMtuS1SJAnJ2wt5NY3zLAIoTwOr4LQLF1ukF+ogkck/GsRaJxGQRaE/
tupQBRzsZN3MxjRspDzH+583yIEWFWwxDzDbz8P9PuU+Dgm3vRGJ+qvzTDHvnPzd
3mTOMnNMjchi6wwV9t/SxwhtnUoIHG0FtrXE+xH4QFnXaufGqw8rWbuPRjydH9iJ
8h+U4g4oaRpvftDHZ6HUMYgqC3/BtB9yk0CQ/BnTG1FlZZw6Ybu4SNtok2QrR1xN
MdcSNvQrgkMbVJ8ysKOwJNol3yw5fqYUz6KRxzU28MdOyELhcWhWUC9/D+5ib13f
Y78+RqMxuQBGGFp1ahS075xikXeb0TE=
-----END PRIVATE KEY-----

185
tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem Normal file
View File

@ -0,0 +1,185 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
Validity
Not Before: Jun 14 12:45:09 2017 GMT
Not After : Jun 12 12:45:09 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Bak-Instance, CN=test-mdb-bak-ssl/emailAddress=dev@bigchaindb.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9e:49:0d:d6:44:06:db:ad:bd:24:0c:d4:d2:f6:
0e:e9:14:5a:52:b7:3d:72:97:ae:1c:b4:dd:6c:a6:
2b:46:94:a9:60:29:8a:15:75:3d:35:66:a1:7e:3c:
a7:09:38:4d:30:4a:5f:d1:01:22:a5:b0:f0:43:ed:
9e:e8:6d:b5:4b:da:3d:50:d7:67:c3:bc:a2:08:72:
2f:fe:18:54:2a:2e:a8:6b:f4:ca:fb:4a:50:f0:48:
c3:97:62:b7:f5:a0:a2:50:2b:c5:b3:ed:6f:b4:86:
09:a6:67:68:1f:28:69:d4:0e:73:c1:a2:6c:25:a5:
55:37:8c:7e:a4:9e:aa:83:8d:9c:b6:29:19:6f:e9:
86:58:9f:34:8b:92:39:9a:4d:ac:2f:1b:ee:43:a8:
25:dc:d6:82:63:65:e6:f9:71:ea:69:ac:4f:1b:9f:
96:ba:21:88:db:7b:87:4a:5c:84:4a:d6:39:3c:1f:
ea:e7:3a:9e:e0:31:32:e9:3d:48:da:0d:6d:47:74:
2c:58:e6:ad:65:10:b8:64:7b:80:cb:b0:a2:f4:a6:
16:27:b0:84:6e:09:c6:30:a3:b7:fa:34:7a:96:5d:
61:71:7d:7d:dc:c8:69:9d:4c:2f:b6:a1:20:31:99:
b1:96:9a:9e:be:f4:ec:da:2a:6c:3a:0a:e4:94:ef:
67:a5:f4:7c:ae:15:f2:67:8b:f4:f4:18:32:1e:7f:
87:79:e7:87:a0:74:99:57:f2:44:62:fe:93:93:21:
13:b5:98:dd:fb:98:67:e0:8f:e3:19:36:0b:9e:5b:
67:a0:37:77:62:78:9b:6c:be:79:13:bd:79:ae:34:
b7:92:f1:8f:17:9c:0b:6a:42:9a:ed:23:e4:71:0d:
e6:f3:6d:9c:58:54:88:2f:ed:85:a3:5c:a4:38:6d:
a3:b9:bc:ba:56:ad:f8:2c:fa:8c:e8:83:de:1b:af:
11:88:e9:81:08:c8:d4:03:68:d4:e7:11:c7:e6:1d:
93:7f:02:2c:3d:42:e3:bb:f1:68:70:21:95:87:db:
c5:c8:43:64:d5:d9:10:94:cb:e4:17:e3:5c:21:38:
fb:9c:96:69:da:24:e3:59:e8:d9:f3:41:45:04:8a:
04:c8:bd:04:85:7a:9c:72:9f:5d:34:38:1d:1c:26:
85:6c:c3:1c:6d:df:6b:44:a4:ac:f7:27:0d:8f:1a:
9b:d2:53:5c:15:bd:1e:f1:de:f1:45:d7:96:d0:50:
0a:43:3b:53:ea:1a:8d:67:ad:68:d0:57:dc:3c:f5:
63:fb:0e:ff:b2:cf:59:30:d5:12:bc:2c:62:00:cf:
c3:ae:ea:20:04:c1:67:e0:3f:92:99:e5:04:cc:7b:
a6:7f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
95:F3:A7:FB:99:C6:9D:91:36:06:51:31:39:EC:37:42:89:07:AB:31
X509v3 Authority Key Identifier:
keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
serial:E8:06:B2:C9:2A:9C:2E:FC
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
5b:42:f5:e9:cc:2a:40:8a:53:29:d9:67:2b:5d:df:25:b8:08:
6f:6f:0f:d4:e1:b7:60:eb:d4:04:d4:3c:49:62:a5:78:59:48:
d6:4b:c3:24:04:86:51:99:01:6f:f5:ce:a1:b8:c0:d5:56:4a:
23:86:f9:22:e6:42:3b:39:8b:66:64:21:f6:72:6b:77:79:4b:
9f:3e:ec:0e:ba:cf:bd:72:73:02:66:bf:cf:e8:b2:75:ee:07:
28:ae:26:98:b8:40:ec:dc:d5:12:27:27:34:3e:4f:55:b6:36:
e0:3b:58:ec:2d:fa:59:e3:c1:ec:16:93:8d:72:f6:ad:f8:dd:
59:6e:c2:cb:51:82:f1:fc:b6:7e:67:61:f7:81:76:9d:a7:83:
52:06:cb:b7:fe:52:f4:2a:bc:62:66:16:4b:bd:03:13:7f:e0:
f1:7e:c4:67:e4:9a:d4:1f:bf:a2:a1:f9:2a:8b:bd:d1:06:35:
16:97:7b:93:fa:3e:e0:df:4f:60:60:74:ef:18:0c:69:10:61:
17:4a:8b:d7:4d:0b:83:6c:de:c3:ca:34:ad:02:35:34:e5:2c:
15:28:4c:ff:5b:e7:27:eb:87:c9:88:21:3e:ed:b3:4e:cc:80:
2f:fe:87:e4:c7:d8:7c:5d:61:79:db:49:bc:f6:60:28:97:0d:
17:0e:f4:7d:3a:ca:bc:d1:f2:62:70:a9:19:8b:f8:74:1e:c4:
10:f9:7a:62:d0:65:d3:00:f4:3d:08:11:5c:d5:d0:97:3e:52:
0c:51:1a:e6:71:bf:d9:25:c7:38:b7:d1:17:04:c3:a3:74:34:
51:7e:3d:78:3f:e7:c9:e7:e2:37:db:33:43:26:ca:7f:2c:d5:
cd:fc:55:2d:3f:1e:7b:95:af:44:ca:b6:9f:0e:02:d3:62:e6:
1f:96:a6:b2:0d:de:0b:31:b6:4f:de:a8:63:85:8c:c2:5d:89:
f9:ba:b2:e9:41:19:60:3b:06:18:c5:f6:9f:8c:f9:fa:36:18:
16:3b:c4:8a:60:5e:7c:06:8c:f3:3a:c0:25:bc:3f:fc:f1:5d:
a3:81:a4:6a:48:05:f3:0b:cb:f7:45:87:4b:32:5f:b2:d4:5c:
85:36:ec:3f:aa:23:81:fe:ce:75:7d:54:12:87:b0:95:a7:57:
81:c5:4b:f3:d9:9a:d2:fb:af:bb:a7:6a:b2:23:92:1d:28:8f:
a7:21:bd:3c:21:fb:39:fd:73:06:84:d2:9c:6b:06:c9:3f:22:
9d:dc:a8:74:9b:76:8d:e3:09:9d:ef:02:18:9b:1e:52:69:eb:
be:1b:bb:73:e2:36:06:4b:27:ad:0f:87:66:cc:36:81:5a:55:
e1:7b:7b:d0:4d:2f:55:95
-----BEGIN CERTIFICATE-----
MIIG4zCCBMugAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
DTE3MDYxNDEyNDUwOVoXDTI3MDYxMjEyNDUwOVowgaYxCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
aW5EQiBHbWJIMR0wGwYDVQQLDBRNb25nb0RCLUJhay1JbnN0YW5jZTEZMBcGA1UE
AwwQdGVzdC1tZGItYmFrLXNzbDEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu
ZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnkkN1kQG2629
JAzU0vYO6RRaUrc9cpeuHLTdbKYrRpSpYCmKFXU9NWahfjynCThNMEpf0QEipbDw
Q+2e6G21S9o9UNdnw7yiCHIv/hhUKi6oa/TK+0pQ8EjDl2K39aCiUCvFs+1vtIYJ
pmdoHyhp1A5zwaJsJaVVN4x+pJ6qg42ctikZb+mGWJ80i5I5mk2sLxvuQ6gl3NaC
Y2Xm+XHqaaxPG5+WuiGI23uHSlyEStY5PB/q5zqe4DEy6T1I2g1tR3QsWOatZRC4
ZHuAy7Ci9KYWJ7CEbgnGMKO3+jR6ll1hcX193MhpnUwvtqEgMZmxlpqevvTs2ips
OgrklO9npfR8rhXyZ4v09BgyHn+HeeeHoHSZV/JEYv6TkyETtZjd+5hn4I/jGTYL
nltnoDd3YnibbL55E715rjS3kvGPF5wLakKa7SPkcQ3m822cWFSIL+2Fo1ykOG2j
uby6Vq34LPqM6IPeG68RiOmBCMjUA2jU5xHH5h2TfwIsPULju/FocCGVh9vFyENk
1dkQlMvkF+NcITj7nJZp2iTjWejZ80FFBIoEyL0EhXqccp9dNDgdHCaFbMMcbd9r
RKSs9ycNjxqb0lNcFb0e8d7xRdeW0FAKQztT6hqNZ61o0FfcPPVj+w7/ss9ZMNUS
vCxiAM/DruogBMFn4D+SmeUEzHumf7kCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFJXzp/uZxp2RNgZRMTnsN0KJB6sxMIHQBgNVHSMEgcgwgcWAFGnH
hYBk5pBA6TBoiCPSTbvs35iYoYGhpIGeMIGbMQswCQYDVQQGEwJERTEPMA0GA1UE
CAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWluREIg
R21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwSVGVzdCBJbmZyYSBSb290
IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQDoBrLJKpwu
/DATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEL
BQADggIBAFtC9enMKkCKUynZZytd3yW4CG9vD9Tht2Dr1ATUPElipXhZSNZLwyQE
hlGZAW/1zqG4wNVWSiOG+SLmQjs5i2ZkIfZya3d5S58+7A66z71ycwJmv8/osnXu
ByiuJpi4QOzc1RInJzQ+T1W2NuA7WOwt+lnjwewWk41y9q343VluwstRgvH8tn5n
YfeBdp2ng1IGy7f+UvQqvGJmFku9AxN/4PF+xGfkmtQfv6Kh+SqLvdEGNRaXe5P6
PuDfT2BgdO8YDGkQYRdKi9dNC4Ns3sPKNK0CNTTlLBUoTP9b5yfrh8mIIT7ts07M
gC/+h+TH2HxdYXnbSbz2YCiXDRcO9H06yrzR8mJwqRmL+HQexBD5emLQZdMA9D0I
EVzV0Jc+UgxRGuZxv9klxzi30RcEw6N0NFF+PXg/58nn4jfbM0Mmyn8s1c38VS0/
HnuVr0TKtp8OAtNi5h+WprIN3gsxtk/eqGOFjMJdifm6sulBGWA7BhjF9p+M+fo2
GBY7xIpgXnwGjPM6wCW8P/zxXaOBpGpIBfMLy/dFh0syX7LUXIU27D+qI4H+znV9
VBKHsJWnV4HFS/PZmtL7r7unarIjkh0oj6chvTwh+zn9cwaE0pxrBsk/Ip3cqHSb
do3jCZ3vAhibHlJp674bu3PiNgZLJ60Ph2bMNoFaVeF7e9BNL1WV
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCeSQ3WRAbbrb0k
DNTS9g7pFFpStz1yl64ctN1spitGlKlgKYoVdT01ZqF+PKcJOE0wSl/RASKlsPBD
7Z7obbVL2j1Q12fDvKIIci/+GFQqLqhr9Mr7SlDwSMOXYrf1oKJQK8Wz7W+0hgmm
Z2gfKGnUDnPBomwlpVU3jH6knqqDjZy2KRlv6YZYnzSLkjmaTawvG+5DqCXc1oJj
Zeb5cepprE8bn5a6IYjbe4dKXIRK1jk8H+rnOp7gMTLpPUjaDW1HdCxY5q1lELhk
e4DLsKL0phYnsIRuCcYwo7f6NHqWXWFxfX3cyGmdTC+2oSAxmbGWmp6+9OzaKmw6
CuSU72el9HyuFfJni/T0GDIef4d554egdJlX8kRi/pOTIRO1mN37mGfgj+MZNgue
W2egN3dieJtsvnkTvXmuNLeS8Y8XnAtqQprtI+RxDebzbZxYVIgv7YWjXKQ4baO5
vLpWrfgs+ozog94brxGI6YEIyNQDaNTnEcfmHZN/Aiw9QuO78WhwIZWH28XIQ2TV
2RCUy+QX41whOPuclmnaJONZ6NnzQUUEigTIvQSFepxyn100OB0cJoVswxxt32tE
pKz3Jw2PGpvSU1wVvR7x3vFF15bQUApDO1PqGo1nrWjQV9w89WP7Dv+yz1kw1RK8
LGIAz8Ou6iAEwWfgP5KZ5QTMe6Z/uQIDAQABAoICADsiR80YtQc1LUhektQNoRxq
wiPM2WQKTr3ixCZnHhvMRkrque+yUR+2K/chabYEFrJH1uwaZHtKUzjNeWSUN/sS
mX2uO9HgkxhcsJlZNXhc3gcW+Q5QgVSDmq7f7qIRVRJmiAHkXqsuuEQ2tauOSZsz
mwNoTsbxsZiDIH0X2dQz/6v+RsaMk+hf8h2Cj4qaIg2nfahBFYQfj67azyO57z1z
ZkqHoKQBC0QULkMVtUbQKanQss2YFOrk9oQ0pRbxlTXwrPC5nWX4jSrdCQ0P/JEx
y20ggRkrBaP+Rilvmay7TkA8Bd2J8gsV/21XXNOq+7GsKkpk7mfDGZPFpggOOMYs
xmp9rCZ+/0wpGQ130/ks3bQRHeVXQ0WuEXrmkdHhyyRycYocDfUhC4YB5NJOhI8H
Xl/ScebL3xwl56CNbfdyG6VeAqpJk6qxoklMw+zWJQeHtaHkXObWSSORf0KCAHV7
5/FWH7QP93g3X4r9Cq0zVI0e9ImC81azxj335bWpZi63YTvZriStak2ucfkBPXof
zTQHVi47E8fOG6HjEQYLM/FohXRxSKodBruKEKZlzqGLaSVlfj25v1l61mS4Owjj
2VWEuCraGixRIfawK6CtuS6ZRCLZyuVISul0Xhmm9EJ9rrqaJS3rCHp40S/prnFY
TACkRoLkBqftkva2uVxBAoIBAQDQK0hEZ3jVznmybNyvscdkYnJHFqJqjQgR3DKM
1RxcOpsLcEJZv5Xw9yze1QndCplnWsHsbOYI/Bz6Bnf60DRnbiZrftNEkabEgPkE
pEnZTCWm/ynTjhJy5y5ttnrqx2CHUpLoVnwqQKQqp3p/gjXQcp9NqX8/ieA4ae63
tPMpQERlA3ETHprZ26NkjIl35oO2Hl/vw80Inh26EHFlKZkzKRsCaqBLgIkDpbOe
vgziyBUCk3pmyKI62pPu4S3Xy7TaYtjUeZvwUI8u3hvE6v2Qjj9nS6qvTOGRg/hG
3DSBEqXUxMTYu+41zPyYZiSoUpFkReV9G/K3wO9b0Y+po+NFAoIBAQDCp4+uwo47
90S79J2wM4nEhtPvgg5Zvv+8a1Uedng+DKokmPdcqD9RSREcbuj2BOwS/phTePKh
0UFgy43B8DrTDNrYvZPTjPalxo8ks122+vzM+Y43le072wOQkHfVZP/Y1+lOOsVf
TjGrp82keg4w784w7OuJNg+i7+rwsOwBn6iavHbHi3c8IGXDsNe5+LEwTSXSyxiF
s/NFBYOxNDV1GVATTbyi5bEKLDtrD1GXRtCU4atGf9fwYSU08KMjrhRQLP+0sYwN
lGSpJnJc7M7CuikxT646+ENTZC1vZlp1bUwsX7sjk5kxq6fkf0LM0/7hLg0yPOFV
XTBeLPYJrRflAoIBABYbgqFBG+QY+XOpfAZsqvBORDSogrcuIx1CdVvfhhOFZdHh
Kiq93f6pQWqo1VNUPNZtHQsuxX9OxwUGitdoJSiW2h2wal9t2Hgl+kwz5mPdYmJJ
1vdQr0TkqFmed49XfTjh3Bgwlx8lnkmpX6kK+wwYIDLvPURSMC3NkjyQSwKmgJz5
sJiHN4rLeJ7FDhRdtr8wmp+r+6peoGmSNXi44jw8sVGgYUWjcOmiP2EsbdHnzdNo
NieURyZY8Dz+TRAN4jcPKFfoUldDNvGTRP+0tRkVAkbGEmprj8kUatmbqTfL8zCV
dRJPYwzzqB/HOT1nB2nOwoB251/8bW8i4k7xyMECggEANOd9sa3HIp0t3Te6s+0O
AI/0giAC7nlu4DL7y2+/dn3SsGeys0g3DUyijevG/TaRQwhXNjilGT3aWwh32sID
+uB/inDcAJ9LWfsBZKQrUFQe6UbaVFk3RRFdgqkBKMpujuz/x/dJNYH3FgRha9aQ
jNRgYgPCcGR1E3/JhulO+5H9LTETx2AsY/caMXma6DyjS9Fr+kKgw5YJBDVfeYYL
EWxzywtRvaRX3b/v1kUvk8H3Zr9+4YZVlkuQ5TaR4FyrwK66QM4QlpBCW4bLhl4G
Q/58u55AaF6ZTczoXGKhK1EtZtIN9rli5ZEV7JB6A1mK6ICvrXvGcoEFaFMn+7FD
0QKCAQB+zcumaZJ2f70TUc0cSpH5ObEdQzgLDgYk11ntogFWaXefY84R2UOAnVmT
TOAdl5CHY+iBwYVldGO9/+lSaeXzsFYeuvkoVPg8jnSoocc8H+QdgCjXwIPtalAJ
DmMo5OehmmbeZl/HYnESodqy+94DylxpoAwRwPh4m4H28lJObOkc+aP94Ij+i403
PW9HxSK4u1OTSAXUHrsHxYTHOoO0KIx7tDQtgToWJiXIF4OcvHpVrYhZlmX8jdZB
rzfGm7L2NbXOxMyRwzkiP2u3Jy2KMDjkzzrcj/baBASw/gvTBNg0Av+hxDLHAVKc
+gk211q750iboMg2OYLjyYqcwbXn
-----END PRIVATE KEY-----

185
tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem Normal file
View File

@ -0,0 +1,185 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
Validity
Not Before: Jun 14 12:44:48 2017 GMT
Not After : Jun 12 12:44:48 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Mon-Instance, CN=test-mdb-mon-ssl/emailAddress=dev@bigchaindb.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ba:24:72:5f:73:ff:ea:19:08:30:c8:91:47:01:
2c:ec:0e:b2:81:fa:84:01:72:38:d7:17:81:b3:87:
b0:ed:91:b2:d7:b1:7c:30:c6:d3:93:5f:39:04:e6:
fc:dd:b4:f6:c3:2a:d6:ce:ce:f1:6f:bf:32:05:92:
eb:90:66:0e:95:c5:ce:5c:3a:37:ac:cc:40:c5:ef:
3e:53:b0:49:ed:ab:3c:9f:08:88:63:fa:a7:db:d4:
6b:e9:55:0f:f3:f9:62:45:b9:a4:a2:3d:6a:60:b5:
ee:9c:e9:7c:cb:ef:06:0d:c5:92:21:4a:79:b4:f4:
58:20:a6:8e:82:87:05:2c:c5:94:ab:6a:56:09:9e:
64:bb:ab:29:86:04:a3:39:fd:4d:25:da:f7:6c:c9:
c2:c4:42:66:f4:f4:4e:91:dc:09:10:3d:6b:16:0b:
a4:be:c4:52:6e:4b:fa:8a:50:74:be:54:a8:46:e2:
0d:53:db:9b:8d:6d:58:71:71:8e:f9:4f:ca:07:48:
c2:eb:fa:d1:42:0a:33:18:9e:14:0e:a8:6d:78:f6:
8a:76:72:db:94:1e:56:cd:02:5d:7e:6d:6f:75:35:
cc:ca:c0:be:57:2c:6e:96:7f:79:51:84:ae:95:a5:
3d:da:bd:01:8f:6a:de:8b:d0:dc:f8:61:27:f2:a6:
cf:0d:40:89:d0:2e:db:da:e5:ad:c5:9d:95:5f:22:
a4:52:70:33:4f:df:13:8f:96:a0:9b:21:aa:15:20:
39:c6:16:65:98:b8:97:2a:cc:47:e0:79:41:b4:a2:
96:32:68:65:f6:8c:1b:ce:c8:38:9c:75:2c:1a:87:
d9:87:9b:f8:b7:ff:2c:15:e2:0a:12:7b:a0:ef:3a:
39:7e:32:3d:f9:42:d7:5f:08:38:93:4e:f1:41:a0:
c2:55:30:55:40:aa:bd:68:8e:69:c3:33:6f:50:0d:
ef:44:80:da:e5:01:61:d3:71:41:de:03:ab:42:85:
a0:80:1d:2a:b7:88:15:7b:ee:43:64:20:57:f7:25:
b2:6c:47:a6:5b:15:58:13:67:47:a3:07:17:20:51:
d2:8d:7b:71:91:39:5a:1b:a2:a0:0f:15:73:84:74:
1f:49:b8:64:4b:3d:86:99:85:a5:e3:05:63:37:c3:
bf:e7:c2:4c:fc:ff:bc:9a:8f:43:43:52:a7:cb:b8:
91:e7:0a:10:02:ac:74:3a:8b:06:34:50:d2:a3:12:
81:d2:7b:46:bb:ad:2f:9e:ed:9e:0d:8d:27:64:99:
e5:e2:a2:56:cb:ad:3f:48:24:9e:11:32:bf:70:44:
e2:a5:bf:39:86:5b:ed:5d:75:c2:53:40:62:da:2d:
f8:f2:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
31:63:2C:98:2F:9F:6C:44:82:A9:B8:D3:06:15:95:84:D9:52:98:71
X509v3 Authority Key Identifier:
keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
serial:E8:06:B2:C9:2A:9C:2E:FC
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
1e:16:02:5b:35:f6:36:0a:54:bc:48:11:51:39:a1:b1:e5:39:
bd:26:73:bc:37:22:95:87:3f:ed:e6:e1:00:fa:e2:a7:2d:ef:
9d:25:ee:b0:7c:c2:e5:8e:9d:ff:24:51:ee:a2:cb:2c:b9:0a:
38:07:94:8c:12:21:e1:1f:83:5f:4d:92:a8:b1:ff:53:90:97:
30:2d:06:d6:84:79:27:6c:34:dc:19:6e:af:dd:80:a7:66:3b:
0d:c5:c2:0d:7a:ce:b6:12:c2:9e:6f:02:0d:d0:41:c1:7d:75:
aa:07:46:50:e0:06:22:a8:d7:d2:45:dc:d3:c1:20:01:61:c6:
07:13:74:b3:9e:de:88:1a:75:1d:8d:0a:3f:fd:0a:56:07:92:
d6:ce:37:f5:e6:ad:d0:64:33:77:36:dd:76:06:e1:20:00:64:
88:d0:ca:71:f2:65:7c:26:ce:2c:55:07:50:36:d9:2b:b2:80:
fa:d1:4b:fc:31:89:d9:3e:c6:50:a8:ce:cf:df:d2:54:53:e7:
80:ab:e6:4e:66:e8:91:70:55:95:80:94:74:60:f5:e8:ff:69:
65:c0:41:17:af:1e:8a:50:a7:4e:f3:c1:76:42:7a:62:22:0a:
51:33:06:57:bc:6f:7f:f6:5a:9d:4f:cd:2b:21:65:63:d8:ab:
5b:38:8f:8c:f6:37:50:ca:32:5c:9a:3a:1b:a1:db:9f:fa:10:
4e:35:54:9c:24:42:8a:33:58:a5:3e:b4:a4:67:4a:d2:b1:8d:
99:d5:4d:1f:f7:d9:c6:ee:60:54:7f:bc:57:2f:0a:b9:ce:04:
96:0f:0d:9c:22:39:a2:4e:e3:c7:3d:df:9c:09:af:45:62:57:
1e:25:67:b1:4e:e9:15:88:c5:b3:2d:88:c8:60:8e:5e:b5:28:
49:77:63:6f:0f:9d:d2:06:94:b4:b3:d9:92:2a:32:7f:45:c8:
32:69:12:7d:8d:47:52:5b:3e:7f:f0:bc:80:11:56:08:97:7a:
eb:fb:0d:69:5d:88:b9:bb:27:7f:de:2e:a9:63:c5:89:56:88:
ce:2f:47:f0:1f:bc:3a:60:f4:19:8a:39:82:11:51:99:7a:8d:
1f:11:53:2f:f4:43:48:08:c9:1e:a5:3b:ed:f0:8e:cc:d6:1e:
20:e9:2a:4d:c3:cc:3a:6c:63:29:a7:1b:c3:63:13:19:d5:82:
61:b9:83:39:e8:60:d9:06:e4:cc:55:5e:93:70:80:97:58:f4:
24:1f:2b:6f:e6:ff:67:f1:76:2a:b3:db:6b:1a:22:42:a0:85:
44:de:1a:9a:9e:b5:d2:ca:95:11:2d:ba:57:4e:2e:79:67:10:
c8:ee:aa:67:61:ca:8f:25
-----BEGIN CERTIFICATE-----
MIIG4zCCBMugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
DTE3MDYxNDEyNDQ0OFoXDTI3MDYxMjEyNDQ0OFowgaYxCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
aW5EQiBHbWJIMR0wGwYDVQQLDBRNb25nb0RCLU1vbi1JbnN0YW5jZTEZMBcGA1UE
AwwQdGVzdC1tZGItbW9uLXNzbDEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu
ZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuiRyX3P/6hkI
MMiRRwEs7A6ygfqEAXI41xeBs4ew7ZGy17F8MMbTk185BOb83bT2wyrWzs7xb78y
BZLrkGYOlcXOXDo3rMxAxe8+U7BJ7as8nwiIY/qn29Rr6VUP8/liRbmkoj1qYLXu
nOl8y+8GDcWSIUp5tPRYIKaOgocFLMWUq2pWCZ5ku6sphgSjOf1NJdr3bMnCxEJm
9PROkdwJED1rFgukvsRSbkv6ilB0vlSoRuINU9ubjW1YcXGO+U/KB0jC6/rRQgoz
GJ4UDqhtePaKdnLblB5WzQJdfm1vdTXMysC+Vyxuln95UYSulaU92r0Bj2rei9Dc
+GEn8qbPDUCJ0C7b2uWtxZ2VXyKkUnAzT98Tj5agmyGqFSA5xhZlmLiXKsxH4HlB
tKKWMmhl9owbzsg4nHUsGofZh5v4t/8sFeIKEnug7zo5fjI9+ULXXwg4k07xQaDC
VTBVQKq9aI5pwzNvUA3vRIDa5QFh03FB3gOrQoWggB0qt4gVe+5DZCBX9yWybEem
WxVYE2dHowcXIFHSjXtxkTlaG6KgDxVzhHQfSbhkSz2GmYWl4wVjN8O/58JM/P+8
mo9DQ1Kny7iR5woQAqx0OosGNFDSoxKB0ntGu60vnu2eDY0nZJnl4qJWy60/SCSe
ETK/cETipb85hlvtXXXCU0Bi2i348h0CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFDFjLJgvn2xEgqm40wYVlYTZUphxMIHQBgNVHSMEgcgwgcWAFGnH
hYBk5pBA6TBoiCPSTbvs35iYoYGhpIGeMIGbMQswCQYDVQQGEwJERTEPMA0GA1UE
CAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWluREIg
R21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwSVGVzdCBJbmZyYSBSb290
IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQDoBrLJKpwu
/DATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEL
BQADggIBAB4WAls19jYKVLxIEVE5obHlOb0mc7w3IpWHP+3m4QD64qct750l7rB8
wuWOnf8kUe6iyyy5CjgHlIwSIeEfg19Nkqix/1OQlzAtBtaEeSdsNNwZbq/dgKdm
Ow3Fwg16zrYSwp5vAg3QQcF9daoHRlDgBiKo19JF3NPBIAFhxgcTdLOe3ogadR2N
Cj/9ClYHktbON/XmrdBkM3c23XYG4SAAZIjQynHyZXwmzixVB1A22SuygPrRS/wx
idk+xlCozs/f0lRT54Cr5k5m6JFwVZWAlHRg9ej/aWXAQRevHopQp07zwXZCemIi
ClEzBle8b3/2Wp1PzSshZWPYq1s4j4z2N1DKMlyaOhuh25/6EE41VJwkQoozWKU+
tKRnStKxjZnVTR/32cbuYFR/vFcvCrnOBJYPDZwiOaJO48c935wJr0ViVx4lZ7FO
6RWIxbMtiMhgjl61KEl3Y28PndIGlLSz2ZIqMn9FyDJpEn2NR1JbPn/wvIARVgiX
euv7DWldiLm7J3/eLqljxYlWiM4vR/AfvDpg9BmKOYIRUZl6jR8RUy/0Q0gIyR6l
O+3wjszWHiDpKk3DzDpsYymnG8NjExnVgmG5gznoYNkG5MxVXpNwgJdY9CQfK2/m
/2fxdiqz22saIkKghUTeGpqetdLKlREtuldOLnlnEMjuqmdhyo8l
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC6JHJfc//qGQgw
yJFHASzsDrKB+oQBcjjXF4Gzh7DtkbLXsXwwxtOTXzkE5vzdtPbDKtbOzvFvvzIF
kuuQZg6Vxc5cOjeszEDF7z5TsEntqzyfCIhj+qfb1GvpVQ/z+WJFuaSiPWpgte6c
6XzL7wYNxZIhSnm09Fggpo6ChwUsxZSralYJnmS7qymGBKM5/U0l2vdsycLEQmb0
9E6R3AkQPWsWC6S+xFJuS/qKUHS+VKhG4g1T25uNbVhxcY75T8oHSMLr+tFCCjMY
nhQOqG149op2ctuUHlbNAl1+bW91NczKwL5XLG6Wf3lRhK6VpT3avQGPat6L0Nz4
YSfyps8NQInQLtva5a3FnZVfIqRScDNP3xOPlqCbIaoVIDnGFmWYuJcqzEfgeUG0
opYyaGX2jBvOyDicdSwah9mHm/i3/ywV4goSe6DvOjl+Mj35QtdfCDiTTvFBoMJV
MFVAqr1ojmnDM29QDe9EgNrlAWHTcUHeA6tChaCAHSq3iBV77kNkIFf3JbJsR6Zb
FVgTZ0ejBxcgUdKNe3GROVoboqAPFXOEdB9JuGRLPYaZhaXjBWM3w7/nwkz8/7ya
j0NDUqfLuJHnChACrHQ6iwY0UNKjEoHSe0a7rS+e7Z4NjSdkmeXiolbLrT9IJJ4R
Mr9wROKlvzmGW+1ddcJTQGLaLfjyHQIDAQABAoICAEU5ysNPC6zPFGm4HbdPa5p6
uM54EWHMTfFIT7cpzpX7qoxm+G3Xc9YKAtWc5gu6Ak+A/hQ5iDbr3zmNc0fnfKMc
xmssR4pfB/PUztQm6seV+FyYusib7pNlw6AqP12XsIGH0f94YbiH0K7QctYRFapH
gNoarXqrqJ6z8qn+duE4tdquGENJgeL9e9rYnK+zUV6zuXLe8i01GL8eoJ3EPCar
AMlZGTLNJm7YmNuZomEqcM6zwQsf0BDfypWeCvMTRmpBGCTUycAKtQgBuindX6Et
5z635ouGYPerWoPrRRlNIdWBqwgWgSY9UCwN8TO8GW3g/tSMhSlwSs2grE+k07lR
6d05taL8c/thZDpHBePVhKvNvJfI8ef0lqCCPc/uFnmWkY3pg2HB3Z605YqPhddL
tTqaDZVL2oc9qrnyjz/6cFOa9Mh3cdt8L1+j0hMDWxYOcYS7IJi35V25B8wDPVZj
LXCINNQtTio7hwc+jyXhPVSERfeISlU1Ki5ZomWLzMtkdDzBz8By++aEudKw+cV/
OjLa07SLdn05j52rqYhzaZEbeXoY1L2N+V9c86iukjr8vLHStzgmzpWDYcsnHu7w
Ojy4iRtAvI2a+PSq0tdqfhFKCA5zevLcCxUUhSDxWIa81TYEE+MfqQYtEASB1/Ze
Nt6IKu9zpLXA1WFNxLktAoIBAQDvU/K+eznf/ro46WvpKqXyU0YkEoMNHDQ7ljrG
QLkDo9WfN08aKpi6tjdgKZ97yqJae16h6WJj6aDyKL+kpkhitQ8QPhvpg4Efiupz
15gqbLzlIqrmdfGH/X2H/C3i6WDdrJWMA7ERitK4TKGoKzIH+YHA3kjEwvVnAh/U
TKov47H40UP8qTTmortTC9uO+3TmbpSkDU7iGhTKd1RYcLnKj9jmI+//BZ0OYe6U
QzrCKD27YIsH0QD9pWv/Wn3Xy2yH7EnWxXzxq6Wd767JHIloHVYICrnMf/rSA/sV
8g/JjLuLCUf2U0DxauX7wcnC7XtOJ0u5PBw1lzRYA/vfNgVPAoIBAQDHHAO9K2E7
5Gy2zVVdqxgK4NqY6pOgaEu7T95VaTchShQ3dGs5b/s8GU+gjZ+XOF4VEqjazGR5
xUXqlF+XLp0YI7vn9yNoUYRvHtbun8hBaQ2yc4iWzxGeAQVCYr8e0w6gs7pyFIh5
xKZzaYZFKIJhTD/NApuul0IYnRSnKXhODp4x/dElpgectkLUHlME9rrXjBdKQVFN
x50JBnopA0/npGxtuDzztSP7qq1rFp3HHMChvzM5oLoOj5b80OmaI52vCGY6Udhy
HMNbMzMiEHgekNramFEe0fZxuwUkF6+O+FIb+jPy0EP04an4IDNhjLet7PHN62qW
CEF1UIz/w87TAoIBABnY8TCNUnTUp/wZiaQHDSEcyUiAD1NNJn8A/JwIxXKVMS8e
5BYpX5FauKRUGnteKSaoiFHoSM4Nn2pH6Fq58rtmXpgcfRs9Lqbfc+7K7A447DW7
BsYZGtrbD8GuBK6rEeEfEI+snmUMnzF0ZUkqUR73XYIc/7Lwc1yKqDFfjknZx5Dd
2P/irmnyTVTsxOuuULPKYZdOMKTOuEwdkyhyFD7CRmSkoPjj/FBfV0r/78qkWfZw
uNNBSWAbi4xqk4jI2ZHcfSUK8zGOnjZuemwR/u0VrgL0VZi2gbpI38dA+1+DKYYc
nH8IAs2QBAKqrUW2LEkGiXEaAtnu2KJg28UBqpUCggEABSMw6YGkCaKUN4dGy5rt
jOJOYaGz23C1e4jNCNElLgO2T9P+LEY6akuQ5WiiFInMy6hmmParJQU1D59yc/ks
7oGFiK+0xy1LSH64NwICbcWjJ9aZUKLZJoWKODNKESaK+xSIHAdxmgq77MBtSX2J
F6+a+dQ2ZiPa/b2X2dRVGVaBOHL/IYSOL7n4MXby127yVTt1ImJbEbGz2JbFMie2
uRhh/9bAI92ppwW5Ycj8mzWftsyzKqp+AoAr+iv9yw9eMzT5Rkn0VsVtOP4yNI/O
OaOtMfS6Kxxpyndz44GE8yBvJe+nxX0gM8Ja218hVEQIPUGe35xSbLqbzcYdTUAl
JwKCAQBWx+ej+03fXOPHN8K2IA1a+8wEwjxsjbpGtHd/nyDVkjdqVHW+Jkmyqkne
gFbDvq2ZHQJjDYB9o/ZnwXpEXfweSz2XsdiNBMQvIUMOGRmI9yJJ1Ez1gfhlJYpW
Im+/dWQCTw0o/8cHPI32ic3iBZBuemGCxccF89bmX+GPzK/aT8F+5uG/pHjHXNU6
S/jKxZIwDM9yW4vIRdOAAi1eya0f+VHE70ORpUXfkUV5kVQR7pLEWDFDKIF/zBGv
vRPdZOO5GOQb0kQ1eHyHDPUOimT1GlF+e9OLvy6dVDaqKRBEiVHjxfWGUnpH+Qo5
zlmQnC98+HETU0YHNxAAMsRPvxXi
-----END PRIVATE KEY-----

317
tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem
View File

@ -3,60 +3,60 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=TEST-CA/emailAddress=dev@bigchaindb.com
Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
Validity
Not Before: Jun 2 07:09:28 2017 GMT
Not After : May 31 07:09:28 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=test-mdb-ssl/emailAddress=dev@bigchaindb.com
Not Before: Jun 13 14:40:55 2017 GMT
Not After : Jun 11 14:40:55 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Instance, CN=test-mdb-ssl/emailAddress=dev@bigchaindb.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:e4:71:43:91:f2:3a:26:4d:6d:61:f5:54:dd:a4:
a2:8b:e8:79:b7:44:94:9f:30:5d:86:d8:f5:9d:80:
cb:51:e8:c0:8c:9e:2f:fe:cb:9f:bb:f1:b5:97:47:
d1:9e:43:64:2b:f0:3f:99:30:1c:27:34:74:87:1e:
73:8f:86:66:89:0b:b9:64:05:8a:95:d7:81:da:fa:
b7:d0:4c:59:0e:1c:d7:1f:07:74:7d:38:9d:b0:6d:
02:a8:c3:63:f4:5d:d5:29:5b:df:8a:56:c5:51:29:
32:5b:ea:cc:ea:00:a0:04:e9:8a:f5:a0:e1:c3:77:
c9:3d:1b:99:fa:e8:bb:08:e5:98:bb:ec:5d:7e:d9:
7e:39:98:ab:16:cf:e6:e8:df:a9:6b:37:72:83:4d:
43:94:3e:99:39:ae:1f:5a:c9:51:71:30:5e:20:70:
c9:90:ff:ba:8b:6c:d9:5f:3d:df:03:d5:fe:f7:52:
ea:41:6d:4b:fe:6e:04:30:ef:a4:19:20:a8:fd:fb:
0c:72:76:2c:30:54:5d:f4:2b:e9:cd:96:3f:bb:e9:
6d:7e:79:8f:fe:06:6f:40:b1:42:a8:54:80:65:56:
50:af:c2:e2:68:e0:ac:22:90:00:ae:bc:6f:55:1a:
b7:ed:90:22:e8:c7:34:1e:4a:7d:d2:26:b0:35:16:
ec:30:45:cd:ac:f3:87:f6:8b:fe:84:8b:b3:9f:13:
08:f2:59:9f:3f:64:ee:20:a0:dc:87:8a:28:89:87:
1c:a1:91:63:81:01:66:43:7b:5f:5f:38:69:a7:f7:
ce:da:07:0b:7c:2c:87:df:9d:a5:12:db:b4:97:ed:
e9:2c:31:d5:14:cc:f0:f5:a4:6c:7e:59:4f:73:36:
eb:28:1c:be:69:98:1f:12:c1:e0:db:6f:f0:1a:62:
51:45:71:58:88:68:7e:06:42:cb:b3:31:85:53:90:
70:84:f4:08:18:d5:4e:07:8b:db:6f:d2:0f:ac:c4:
c2:52:a5:ed:07:b9:1b:1a:e9:22:4a:21:f8:1a:27:
9f:47:b5:ef:cb:24:3a:36:29:dc:68:fa:f1:9f:2e:
02:f8:8d:ab:25:6e:ba:3b:0a:0e:9e:c1:40:f4:56:
74:75:fc:b8:84:fa:bb:05:17:b7:b7:d8:36:02:40:
16:03:c9:75:a0:68:7e:e0:f4:c9:ae:fa:3d:0c:a3:
81:3b:e8:a2:84:dd:73:6e:d4:9f:e6:1c:db:d9:9c:
d6:c2:b9:fb:34:8f:f6:46:33:9e:29:bd:0d:11:33:
03:25:dc:1a:c7:44:00:76:83:16:5a:a5:d3:35:bb:
47:2d:9e:77:16:e0:b0:48:9b:dd:7c:20:56:56:1e:
1f:40:87
00:bb:37:f1:24:2f:83:95:2c:bf:47:a4:a0:2c:9f:
e1:bf:fb:70:f6:9b:04:a0:e8:3b:81:6f:ca:a6:22:
6d:63:75:48:bc:fa:57:29:16:f7:2f:09:52:6c:c5:
52:20:74:9b:27:99:5b:51:85:ea:ef:c9:5f:78:c9:
29:b8:cc:a4:a8:46:c2:a3:64:41:84:92:36:c7:a8:
82:e2:b6:5e:67:08:d6:bb:3d:36:06:31:10:53:7a:
58:66:66:89:4d:46:d3:f6:3e:38:d4:84:d9:6c:c4:
95:68:9e:66:b7:47:c6:63:dc:35:1c:46:3d:8e:c6:
96:13:aa:65:53:3d:75:84:76:af:85:d2:6f:97:78:
0f:d2:8a:c0:cb:3f:86:30:09:0f:bf:ae:30:cb:26:
05:61:0c:ad:07:5e:33:cc:82:bb:46:49:86:a5:6e:
07:1b:78:b2:71:7b:01:ee:00:97:ac:81:49:89:df:
73:ab:d7:78:8e:a3:c5:76:5c:e9:fd:48:5f:a6:45:
b8:97:13:6a:55:05:5e:e2:00:46:27:67:93:06:fb:
91:83:69:c7:5e:12:49:ce:39:b9:ca:69:9f:0d:ff:
6a:79:b6:6b:6f:81:6c:51:e2:d0:01:9b:f8:7b:25:
3e:09:4d:00:aa:89:7f:00:e3:fb:5c:35:19:8d:c2:
11:21:87:1e:7a:11:bd:88:b2:de:ea:bf:a0:8b:fb:
0c:c3:6d:e2:ce:1f:6c:5b:5f:4a:05:da:ff:f1:fd:
4a:f5:de:5b:d8:93:ca:17:6b:dc:80:3e:91:6e:97:
43:db:59:f5:80:c1:0a:54:32:cd:c3:be:87:e9:93:
14:ae:c7:29:01:90:e8:11:32:59:1a:73:bf:42:0d:
c6:82:2c:89:2e:54:67:c8:2a:c3:3b:ce:e6:c1:09:
48:ad:d3:a3:e1:80:f8:df:6e:4c:78:72:76:db:4e:
d9:b9:fa:5b:7c:85:73:64:c9:23:94:ae:5e:63:68:
7f:1e:63:d3:78:85:47:0b:ec:52:1e:02:cf:7b:9d:
96:9c:63:4f:46:f7:79:1e:90:d3:21:18:85:26:17:
f1:51:18:d6:87:1c:9b:50:0e:70:6b:f1:08:41:b6:
3c:fc:fb:d7:1f:f1:bd:2d:3e:77:b6:66:92:0a:81:
01:0f:4a:68:68:69:5c:0f:38:b3:46:68:1b:55:99:
67:29:d1:03:f2:a5:5b:f1:8e:53:ed:c7:cc:79:38:
9c:8d:a6:78:f4:3e:23:28:ee:a0:d3:55:0f:c3:f0:
64:c1:fb:e5:85:71:b2:1e:44:d3:1d:78:87:77:76:
e2:6f:5f:54:64:14:b4:2f:14:0b:a5:3d:98:fb:68:
99:1f:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
F5:2B:26:62:47:74:FC:75:6A:9E:76:8F:35:EB:23:64:BF:DD:18:3F
0B:53:E2:76:40:AD:73:C4:12:6C:85:CF:36:5B:5F:FB:6E:E8:03:A7
X509v3 Authority Key Identifier:
keyid:97:C8:DC:C8:EE:AF:E2:70:C4:09:9B:19:50:8F:86:1D:2C:FF:6E:26
DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ENG/CN=TEST-CA/emailAddress=dev@bigchaindb.com
serial:A4:C4:DF:DB:1A:DB:83:C7
keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
serial:E8:06:B2:C9:2A:9C:2E:FC
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
@ -65,123 +65,124 @@ Certificate:
X509v3 Subject Alternative Name:
DNS:localhost, DNS:test-mdb-ssl
Signature Algorithm: sha256WithRSAEncryption
35:75:46:2b:6a:b9:a7:cc:24:ac:88:83:d5:e1:28:08:c1:0b:
ff:9e:c1:57:86:92:c1:63:c3:bf:82:e7:11:d2:83:89:58:78:
94:51:87:81:e7:fb:78:53:0c:19:2e:9e:41:84:26:91:2d:4a:
e5:cf:7f:9b:4e:80:ad:5c:27:11:d7:62:81:4f:87:f4:59:d4:
8d:ba:73:df:13:48:c5:b7:f1:21:1c:9a:59:17:d9:12:3e:4f:
84:5a:ba:16:92:2d:5a:7a:f7:b7:af:76:c7:be:6e:96:b0:a3:
8f:62:9a:ff:bc:16:db:e0:c5:f6:57:db:f6:1c:d7:eb:75:24:
98:43:08:17:0c:9f:6e:42:b5:ee:74:b1:12:1e:1e:86:2d:72:
6b:62:ab:33:ff:38:57:db:96:d5:98:c3:6e:97:36:26:f9:1b:
e7:05:0f:db:e4:a7:4c:ca:2c:4c:d8:b8:d7:92:52:b0:fa:aa:
c0:ee:b7:9c:33:25:85:77:3a:b8:50:6f:61:a4:59:54:89:fe:
0d:f3:d2:7f:7d:91:64:7e:d1:e1:d1:02:5f:cf:e4:b1:47:70:
98:37:4e:9f:33:94:7c:67:5a:66:11:d8:c4:33:0b:e9:a6:9a:
86:cb:ab:27:e1:44:41:36:3d:8e:47:6f:73:eb:84:a7:90:eb:
3a:6e:3a:16:1b:a1:68:60:6b:3a:93:47:1d:32:29:1c:d2:1b:
c5:d6:cf:11:c5:0e:b0:67:4f:c2:07:82:bc:d4:9c:b4:a8:58:
4c:a4:47:22:09:0a:e2:72:83:4e:e9:74:14:b7:2d:04:31:f6:
37:e4:62:48:18:63:42:31:df:f6:2f:0f:ab:f2:ef:75:a8:a4:
bf:96:5a:49:fb:ce:72:57:64:c9:c1:d3:56:67:5f:16:69:48:
35:9c:98:14:f3:25:72:ef:18:38:38:43:f3:c4:29:55:fd:37:
c8:ae:db:00:5d:96:50:ae:50:ca:14:a3:58:ae:84:21:c2:8f:
24:cf:ce:f2:55:e1:60:37:67:ec:5a:08:81:85:8d:9b:13:c6:
81:e7:66:0b:4e:76:1f:3b:14:a7:c0:ce:18:16:ec:77:e5:c8:
33:47:1b:63:03:4b:9d:dd:fb:98:ff:0f:50:25:0c:88:a4:0e:
67:a3:26:8d:1b:38:9f:9e:7e:25:dc:4b:49:ba:75:b5:3b:ae:
9c:68:37:09:bb:59:c4:9a:14:6a:d3:c1:6c:19:55:b3:6c:95:
bb:24:8b:55:f8:35:c6:1e:1d:fb:8f:60:33:fa:f8:94:a9:e2:
6a:93:12:b8:d0:18:42:4e:8c:24:1f:96:2b:4c:49:fd:53:11:
a0:aa:01:30:b2:3e:2c:9f
4c:14:3e:6b:af:f8:e8:69:11:2e:13:12:b7:9b:91:c7:68:01:
26:00:b8:c8:35:8b:fe:d2:bb:ab:43:d1:7a:8e:24:b2:08:dd:
1a:77:91:f0:68:35:42:56:ba:fe:26:3e:91:e2:8c:c1:01:e2:
65:f7:3b:12:ba:7f:1e:8a:8e:5b:a1:c8:28:8c:16:b8:72:03:
31:d6:6c:2c:ac:80:6e:7d:52:24:2e:4d:0b:e6:90:d1:7d:18:
3f:ea:9f:7f:85:39:86:77:3b:19:3d:ba:b0:57:10:16:25:fc:
d6:be:17:7b:c4:92:0e:c7:18:3c:69:48:e0:72:2c:3e:42:2f:
0b:70:02:a8:c1:04:2b:d8:00:72:b4:67:35:d9:79:3f:98:71:
55:92:e6:fa:51:2c:42:2f:71:c6:4f:98:7f:d8:2c:7c:12:70:
97:ad:cd:92:0a:66:80:2a:ec:ac:e6:9b:3a:0b:27:ca:e0:cc:
9f:b4:07:f4:fa:f7:60:17:39:f1:46:46:eb:e5:78:2a:84:b2:
78:87:ce:73:ad:20:8b:50:8c:d5:c5:cd:4c:b1:96:be:64:24:
e0:a9:81:c3:01:51:a2:b1:50:22:15:97:5a:e6:49:f3:1d:f1:
72:3e:8f:0d:87:e9:05:c1:92:8e:4b:db:1b:e2:b8:3c:b4:13:
dd:3d:ce:4d:f8:1e:8e:73:ae:5a:36:ba:be:dd:11:7c:b8:b1:
ef:d2:94:84:a7:c4:0d:96:0f:e1:46:46:bb:7d:51:a9:61:13:
98:47:b2:68:ad:85:0c:f9:32:0a:76:49:20:6f:34:72:ca:06:
fd:05:6f:16:5d:10:67:3c:50:06:f3:c2:bd:58:c8:f4:b3:96:
dc:28:26:62:e7:30:a0:0c:40:f6:7c:50:42:21:c8:e1:73:64:
1b:9c:76:3e:78:1d:ea:54:fc:61:6c:3e:27:59:cb:c4:dd:9f:
94:bf:b5:13:87:79:ff:28:1a:9b:7f:2f:1f:9b:22:1d:30:f6:
c9:5f:53:6f:1a:88:38:b0:44:71:79:da:a6:0f:2b:e7:42:71:
9c:3a:20:7f:6b:bb:93:71:b4:6c:9e:2a:b7:fa:57:cf:81:bd:
21:eb:0a:db:83:07:ac:fd:79:cb:ef:c7:fd:cd:ef:22:7f:67:
71:7c:e2:5c:40:8e:f1:06:c3:75:67:6a:70:f4:80:b3:ad:c6:
89:31:9b:cf:8c:ae:6e:85:fd:51:c6:40:34:a2:0c:63:55:84:
e1:a9:10:00:48:1a:64:95:80:45:09:d2:1d:3f:e2:6c:e1:e8:
92:28:5f:da:a1:69:10:74:03:1f:f1:43:c4:43:fb:01:80:7e:
fb:0b:2c:62:ad:e5:f2:61
-----BEGIN CERTIFICATE-----
MIIG3jCCBMagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUx
MIIHCTCCBPGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
aGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8G
CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4XDTE3MDYwMjA3MDkyOFoX
DTI3MDUzMTA3MDkyOFowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x
DzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5EQiBHbWJIMQwwCgYD
VQQLDANFTkcxFTATBgNVBAMMDHRlc3QtbWRiLXNzbDEhMB8GCSqGSIb3DQEJARYS
ZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEA5HFDkfI6Jk1tYfVU3aSii+h5t0SUnzBdhtj1nYDLUejAjJ4v/sufu/G1l0fR
nkNkK/A/mTAcJzR0hx5zj4ZmiQu5ZAWKldeB2vq30ExZDhzXHwd0fTidsG0CqMNj
9F3VKVvfilbFUSkyW+rM6gCgBOmK9aDhw3fJPRuZ+ui7COWYu+xdftl+OZirFs/m
6N+pazdyg01DlD6ZOa4fWslRcTBeIHDJkP+6i2zZXz3fA9X+91LqQW1L/m4EMO+k
GSCo/fsMcnYsMFRd9CvpzZY/u+ltfnmP/gZvQLFCqFSAZVZQr8LiaOCsIpAArrxv
VRq37ZAi6Mc0Hkp90iawNRbsMEXNrPOH9ov+hIuznxMI8lmfP2TuIKDch4ooiYcc
oZFjgQFmQ3tfXzhpp/fO2gcLfCyH352lEtu0l+3pLDHVFMzw9aRsfllPczbrKBy+
aZgfEsHg22/wGmJRRXFYiGh+BkLLszGFU5BwhPQIGNVOB4vbb9IPrMTCUqXtB7kb
GukiSiH4GiefR7XvyyQ6NincaPrxny4C+I2rJW66OwoOnsFA9FZ0dfy4hPq7BRe3
t9g2AkAWA8l1oGh+4PTJrvo9DKOBO+iihN1zbtSf5hzb2ZzWwrn7NI/2RjOeKb0N
ETMDJdwax0QAdoMWWqXTNbtHLZ53FuCwSJvdfCBWVh4fQIcCAwEAAaOCAUIwggE+
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFPUrJmJHdPx1ap52jzXrI2S/3Rg/MIHBBgNV
HSMEgbkwgbaAFJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQG
EwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoM
D0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNB
MSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMCIGA1Ud
EQQbMBmCCWxvY2FsaG9zdIIMdGVzdC1tZGItc3NsMA0GCSqGSIb3DQEBCwUAA4IC
AQA1dUYrarmnzCSsiIPV4SgIwQv/nsFXhpLBY8O/gucR0oOJWHiUUYeB5/t4UwwZ
Lp5BhCaRLUrlz3+bToCtXCcR12KBT4f0WdSNunPfE0jFt/EhHJpZF9kSPk+EWroW
ki1aeve3r3bHvm6WsKOPYpr/vBbb4MX2V9v2HNfrdSSYQwgXDJ9uQrXudLESHh6G
LXJrYqsz/zhX25bVmMNulzYm+RvnBQ/b5KdMyixM2LjXklKw+qrA7recMyWFdzq4
UG9hpFlUif4N89J/fZFkftHh0QJfz+SxR3CYN06fM5R8Z1pmEdjEMwvpppqGy6sn
4URBNj2OR29z64SnkOs6bjoWG6FoYGs6k0cdMikc0hvF1s8RxQ6wZ0/CB4K81Jy0
qFhMpEciCQricoNO6XQUty0EMfY35GJIGGNCMd/2Lw+r8u91qKS/llpJ+85yV2TJ
wdNWZ18WaUg1nJgU8yVy7xg4OEPzxClV/TfIrtsAXZZQrlDKFKNYroQhwo8kz87y
VeFgN2fsWgiBhY2bE8aB52YLTnYfOxSnwM4YFux35cgzRxtjA0ud3fuY/w9QJQyI
pA5noyaNGzifnn4l3EtJunW1O66caDcJu1nEmhRq08FsGVWzbJW7JItV+DXGHh37
j2Az+viUqeJqkxK40BhCTowkH5YrTEn9UxGgqgEwsj4snw==
aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
DTE3MDYxMzE0NDA1NVoXDTI3MDYxMTE0NDA1NVowgZ4xCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
aW5EQiBHbWJIMRkwFwYDVQQLDBBNb25nb0RCLUluc3RhbmNlMRUwEwYDVQQDDAx0
ZXN0LW1kYi1zc2wxITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALs38SQvg5Usv0ekoCyf4b/7
cPabBKDoO4FvyqYibWN1SLz6VykW9y8JUmzFUiB0myeZW1GF6u/JX3jJKbjMpKhG
wqNkQYSSNseoguK2XmcI1rs9NgYxEFN6WGZmiU1G0/Y+ONSE2WzElWieZrdHxmPc
NRxGPY7GlhOqZVM9dYR2r4XSb5d4D9KKwMs/hjAJD7+uMMsmBWEMrQdeM8yCu0ZJ
hqVuBxt4snF7Ae4Al6yBSYnfc6vXeI6jxXZc6f1IX6ZFuJcTalUFXuIARidnkwb7
kYNpx14SSc45ucppnw3/anm2a2+BbFHi0AGb+HslPglNAKqJfwDj+1w1GY3CESGH
HnoRvYiy3uq/oIv7DMNt4s4fbFtfSgXa//H9SvXeW9iTyhdr3IA+kW6XQ9tZ9YDB
ClQyzcO+h+mTFK7HKQGQ6BEyWRpzv0INxoIsiS5UZ8gqwzvO5sEJSK3To+GA+N9u
THhydttO2bn6W3yFc2TJI5SuXmNofx5j03iFRwvsUh4Cz3udlpxjT0b3eR6Q0yEY
hSYX8VEY1occm1AOcGvxCEG2PPz71x/xvS0+d7ZmkgqBAQ9KaGhpXA84s0ZoG1WZ
ZynRA/KlW/GOU+3HzHk4nI2mePQ+IyjuoNNVD8PwZMH75YVxsh5E0x14h3d24m9f
VGQUtC8UC6U9mPtomR8jAgMBAAGjggFRMIIBTTAJBgNVHRMEAjAAMB0GA1UdDgQW
BBQLU+J2QK1zxBJshc82W1/7bugDpzCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQQOkw
aIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxp
bjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxEDAO
BgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEhMB8G
CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAsGA1UdDwQEAwIFoDAiBgNVHREEGzAZ
gglsb2NhbGhvc3SCDHRlc3QtbWRiLXNzbDANBgkqhkiG9w0BAQsFAAOCAgEATBQ+
a6/46GkRLhMSt5uRx2gBJgC4yDWL/tK7q0PReo4ksgjdGneR8Gg1Qla6/iY+keKM
wQHiZfc7Erp/HoqOW6HIKIwWuHIDMdZsLKyAbn1SJC5NC+aQ0X0YP+qff4U5hnc7
GT26sFcQFiX81r4Xe8SSDscYPGlI4HIsPkIvC3ACqMEEK9gAcrRnNdl5P5hxVZLm
+lEsQi9xxk+Yf9gsfBJwl63NkgpmgCrsrOabOgsnyuDMn7QH9Pr3YBc58UZG6+V4
KoSyeIfOc60gi1CM1cXNTLGWvmQk4KmBwwFRorFQIhWXWuZJ8x3xcj6PDYfpBcGS
jkvbG+K4PLQT3T3OTfgejnOuWja6vt0RfLix79KUhKfEDZYP4UZGu31RqWETmEey
aK2FDPkyCnZJIG80csoG/QVvFl0QZzxQBvPCvVjI9LOW3CgmYucwoAxA9nxQQiHI
4XNkG5x2Pngd6lT8YWw+J1nLxN2flL+1E4d5/ygam38vH5siHTD2yV9TbxqIOLBE
cXnapg8r50JxnDogf2u7k3G0bJ4qt/pXz4G9IesK24MHrP15y+/H/c3vIn9ncXzi
XECO8QbDdWdqcPSAs63GiTGbz4yuboX9UcZANKIMY1WE4akQAEgaZJWARQnSHT/i
bOHokihf2qFpEHQDH/FDxEP7AYB++wssYq3l8mE=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDkcUOR8jomTW1h
9VTdpKKL6Hm3RJSfMF2G2PWdgMtR6MCMni/+y5+78bWXR9GeQ2Qr8D+ZMBwnNHSH
HnOPhmaJC7lkBYqV14Ha+rfQTFkOHNcfB3R9OJ2wbQKow2P0XdUpW9+KVsVRKTJb
6szqAKAE6Yr1oOHDd8k9G5n66LsI5Zi77F1+2X45mKsWz+bo36lrN3KDTUOUPpk5
rh9ayVFxMF4gcMmQ/7qLbNlfPd8D1f73UupBbUv+bgQw76QZIKj9+wxydiwwVF30
K+nNlj+76W1+eY/+Bm9AsUKoVIBlVlCvwuJo4KwikACuvG9VGrftkCLoxzQeSn3S
JrA1FuwwRc2s84f2i/6Ei7OfEwjyWZ8/ZO4goNyHiiiJhxyhkWOBAWZDe19fOGmn
987aBwt8LIffnaUS27SX7eksMdUUzPD1pGx+WU9zNusoHL5pmB8SweDbb/AaYlFF
cViIaH4GQsuzMYVTkHCE9AgY1U4Hi9tv0g+sxMJSpe0HuRsa6SJKIfgaJ59Hte/L
JDo2Kdxo+vGfLgL4jaslbro7Cg6ewUD0VnR1/LiE+rsFF7e32DYCQBYDyXWgaH7g
9Mmu+j0Mo4E76KKE3XNu1J/mHNvZnNbCufs0j/ZGM54pvQ0RMwMl3BrHRAB2gxZa
pdM1u0ctnncW4LBIm918IFZWHh9AhwIDAQABAoICAQDTqYp1CN4OLUGDOSA3+VpO
jclxII8gbFzMG+x/0h0ROLpn0A4iZCMNriiWEgpMPJ7tAz66PlRnkvfBVlq2ik4o
/v74iRXePn7oGdQEoSkGpXxBGNQ7TiD1nhuPqPLNMb/XAXQ/JqTOzYAGoKjazFd4
FbgWXMmyJiQEhbWHQOpDlRCOVrROW1DUJvunOFz4OnwshoSI2icajWHFiussYEog
uTMNldN9kSUUGHfUAmzHjhkeqem5U37NMLybZv9B9Pv/0AO5bnsFELa5DZMlVOia
wO8d956OPQIKC/P6KcmJm49JOyYzDLERmSG4xYnWbdoruJhP3HsS8exgsk4j8qhF
VchlDLQL98Bu2kLgne8v8lBgcXbkanuedYFGnOqVRTCKbl2BwS8/PqaMbOkO54bG
gsX2OYEtKMiCFyNZVZQH+dHg2kUSGMg9h953GAGfxbDuTBTLMwPCphX7dUn3u+g+
Y/Et9Kki6PgMLwYRjU56pPe0DqHcTc0TZgpKeb1w7JFgEuQrOB2o4wPRlwjaGx8G
khA9CWhHY3zyrF5FOoy01zYyPZGYb1pUkkEzZ/MEPn0k5bqC4ZUgT/vzYKXkOFvB
RdTOVMee6VWDFLKGO0eQNi/MeFFeVVGStrOo0wNowylReP2J45UNH6EQQIL8Jm7w
fTz+65nEib0vv9D1C2QIWQKCAQEA9WUAFGQbLsr9TBeQd7h79KEkJ/cdk6iLbtN2
DSFc1Zto5KEliZmlqkw4uT4pQIWaSPWVmINxV8QTcR/6VUzxM0McDfAw51wLZQ2w
jdMKUWfYEEmaA6MXF3JOXVpe8KuXge0s548DpxBHrSo9gWOhMjok/qUrXcQGDlxp
1hQ6qLKVUJ8Hzi3U3rwnWGNaSKHECFUn6Ic0vQo5+ontAlKfhLlkl86zmGvMd/Ut
zCWacRFpYg+Qo0TXxzopuh4DI1yjMFH3HJxptVl8Yd7CCzOLmwPWBSNmY8OUY9D6
s3xrPPyuVz01iNMPK290zGAeLLnO5bpTIlsZBip7SjG0ayoBqwKCAQEA7lC1c1Tg
SxNZrAr0trFl+/cxguALXRocvcMm3mCXgStTGeY08GXiPRl8+TmNt9UAWbkp5Kel
cdrYI+AsaAu/Y8ri0NRJPQGsyE7JEe7PHQa7a8AcPn/1c9I7HvtWVomvxh6rXSkr
gdazSGZvixwPBmc25E4duUxQHJ+GraiYAjNS8Ox6nFqKIWTNfeT+ff7X9IAuZcAX
oJmb1xJyDjf4qPhJobO5+zqJvNBH6bkTusV9Y4kkrcs5VQx2QHH4IOyWwWA/e4Wo
jGytbe/4lUk7DKeJUSA0tUGWztWhT02KhH7x+MOJa9KHGP616rRA/RVaYxCRIju0
YM/21iG168zYlQKCAQA8EiRp2XOaCdDlzqLr27pkUQoTyndwDQNM9vDgF/msxKVx
ykzxGS6nuI7uMdxRUiNJluyu8AZP8My9lZFnTjWBUf1NIC4ohKy5aRd+MFpHQT9w
BURxfXwKnk22poe1LJwjDxc9/BFt1RtmtX9m7CeqrvcdavtpsbG11EOIR11wrH7G
xJdZjnicqbyL845HV2owi///+REc8aLtxNPDDMzF5chNLSljt4fPGbLDVbUv1o5Q
lfTXMuQLfh521B/6iRPdoUL3uwZZgXVkU+52ZYDYSqEakubepyLtKFwmkd+Ch2x6
KJ6xRtFg1aDm4uSgGEAglnMBZwGCM+YIbJB450iPAoIBAQDTue7LbV/sM1/aws0R
NuCFj+N0A/r0l0trqGLy9NwFjWlCPE1SOyJZ6Dgo7+IhreKm1CQNGoiZc7XNgc/S
DIXYchs7Ly92PPO17pEjFoj5n86Jd19gg6ydXuzZpLDbJ2571SmoFfiqXQZhT2jQ
LXiH1tFk2qX7x3nxRCWSSZPreI+6rk5sdN/9tSIANJ+Jbw2MEwmlqpkTPQXAeYnN
ahrIe/Zm7FdShXpzvpP1aVHHAMha0zA8G65vCihRLzAkiC2T1h/wbRoG0FLwtl+i
ujH1Fy+fXL6XPpNuZUvwOdLTzjjKK2b+3UbbhQg4YjbO4tav5rsar/KchIcnTUHk
IdVVAoIBAAk19xFa8SGaY9cKIigYkcPOFHwI/rXix8YG2n3kZmTVmevh0ebiSQ/z
++U3GXUFcUYD6lB3YqyMKVRdagQLh58J7q1EFM5hZLAH/i9KQMCKmfbXb6ekVFBY
9xhgvOKzRugVTxVv0/PqWpF/oWOJP6r/NsKdJf5y4TptlEjPXsdmXzZIKL4h3oG3
ORpnrROD1mWQxV3krlT4jc7q4QaKxaKbVwl2SJpLNBXI0D/R+Dt1K/PMnhRmbBJl
d2G+bQP6dkKhATdyiK6XoEk0bP3meD4LWgRdsQdMTI2ayBVis8LREcMm0F3SaUgB
gHiBIz7uxpEmV18w8MA+aiVZw3Ov3lE=
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7N/EkL4OVLL9H
pKAsn+G/+3D2mwSg6DuBb8qmIm1jdUi8+lcpFvcvCVJsxVIgdJsnmVtRhervyV94
ySm4zKSoRsKjZEGEkjbHqILitl5nCNa7PTYGMRBTelhmZolNRtP2PjjUhNlsxJVo
nma3R8Zj3DUcRj2OxpYTqmVTPXWEdq+F0m+XeA/SisDLP4YwCQ+/rjDLJgVhDK0H
XjPMgrtGSYalbgcbeLJxewHuAJesgUmJ33Or13iOo8V2XOn9SF+mRbiXE2pVBV7i
AEYnZ5MG+5GDacdeEknOObnKaZ8N/2p5tmtvgWxR4tABm/h7JT4JTQCqiX8A4/tc
NRmNwhEhhx56Eb2Ist7qv6CL+wzDbeLOH2xbX0oF2v/x/Ur13lvYk8oXa9yAPpFu
l0PbWfWAwQpUMs3DvofpkxSuxykBkOgRMlkac79CDcaCLIkuVGfIKsM7zubBCUit
06PhgPjfbkx4cnbbTtm5+lt8hXNkySOUrl5jaH8eY9N4hUcL7FIeAs97nZacY09G
93kekNMhGIUmF/FRGNaHHJtQDnBr8QhBtjz8+9cf8b0tPne2ZpIKgQEPSmhoaVwP
OLNGaBtVmWcp0QPypVvxjlPtx8x5OJyNpnj0PiMo7qDTVQ/D8GTB++WFcbIeRNMd
eId3duJvX1RkFLQvFAulPZj7aJkfIwIDAQABAoICAAI7J2+D9XB4qQrkhlghy6Hr
ECyQKlz0h4kCWQrjzCPsSOKfpRxDPszbspTDQThLy3GMXU86ZlNXNgENfKbMIYYz
2avyzOkUiPyWIIEtJTDbJRv0HcmzGfu0sIr/29EE8A+2LB00PBcUvKcThCvY+h9E
h4l/uMoTycQQOsbkK5tZgrv4hwXqE14x8xw49JNr+DkTjVdOa6/9Y657y+g7AppS
0/zys7j7Fj1N9vbsIOKYY9T1yb4ZgkFI6FiBwPQYwbMMj6eVPqYmuzu8PxnHHTRv
GQvU3eBcHW8Mtw8XdSLIkW9D4kHg6/aJ2mq6fhqRlgysUz61BsNu9BbkNxq+Xk/f
wU+Slo0UcnuU49icYo8J2yPULUgQaP4VdJc7tb9kMpklTUG7YaD5oqKX+I/jWS9U
Mta1h3GoK2zK9pj2B5YyCoUsM8o4EEb3hZ8FYf0DOuVd9XcWxLUDRGQoTWJptcSW
o5OHaP2tgcUtq6siiqPXIQQr1Yji/geSFTP/hWOZC4AFgwa9XvboD3PcKsG2gIc8
I/HLF5tCpUXIAW4wluXQv1MveX9xwaez+PGLTIFCHidgOBmC5jZEijG9PUgRk1D1
e8CUT9Vc3zxS/9S+RfSwXMEBX9367edoiNw1MuXvR1nwCFYKthONx8ww1psEoISF
9ZMbdac3hwqeqSW34ZoJAoIBAQDfOF6D1vWieXwQ7W3KpAxyHlNVN8tus3w+mDBc
unv3Nsn5gmDYHc/Iu5/Tyk2zgoEsfN1LZgzjmSBCUgJOz09+8yrdpsTI4awXAwoa
kaczRcutjAG5vHhHXi5+iwqAaPSTBYcAD2d5SGtxpWBJ2qywT3DMWFT25bhRj3Bp
mc3Fe6oxbz2QV2Is2SnnCnPc/Ok7cABwaP1mc3PsIZzswuJjq3JWsMAlBMZueQW1
CxI639j2memt7ZSWU0UDLg4RAPOtcSt/NykbZgAlfQoLiKWv2hhdvip+oPsdOiDd
tYmeoseRd/7Ef8EdSwvSDh1jTugu6PG0NeK0Gfxs5Ipb1eBvAoIBAQDWtiTD8dP3
TNbLu3nkopgJJe9gn1dVhvhBY0T4ar9pR1yl8s5L13vtmrs5wQ5/vyZ2A39OR4fH
5PcT/gcPm4GuE1BL29NBz88Qdz6033hOuY4SvZpf94yeDhY2w2Gfzm0uewGDR0z+
EOsSGnnpEYvr+Bkdcvj3CP0ksiQPa/mAnmEhVvthlavyKhfxvwNyh07qym8Q8r3R
BiwChB/zGo6V1sSfPexy0I9kPhXByYyxoADn/lgXKXtnXpP7fuQleztPC+84bNpa
PFo5QnzG2kq+XwTP0Z3kQiZ2hEg+nGWHa7MpG+Ic7sDZE2MPbpUAY59J9HBmJOtK
jaMDQpN1OJ6NAoIBAQCR5ZMJEu/bsRGhMr5nC1BDKoUHFv+1LEUR2IELqqupyjq7
BTdtKhcMOW3ejMS6hpsNS9OMG3hjLkuCbX2qqx9nd2JWG1FVhwLmy4rIENk6zuyw
Uukxz/jBlNJIzXIgufjZO2ygYnEcOXRYhGHqA66JUnMEbNujwEP3swwjSW7QG+MC
ipWviR3W+F3F7/QIxZlfyvXOgyDU3LMw7EtYCIzV3lJOTRpZV8Smoh1T1pekuXhi
vfiZQMa0dlqOGIUDIh8jBuwKKzCIAuQnnJF7NmYtCRyR8OBvgaJ/2OVwY94+PGC6
OLbhEitTjSB9u9IDfaiOOJz6T5oMY0u0lK/GFIWrAoIBAQCkpr8g6ATlYy5gw57g
/vLaKRYdoXOmqb8c3ZRZb/rjMA9TTxR2QoPNnNewnWSSADLtUxdAH0h3uRTkZuxh
Qp46sKLl2Why0np2pQsYRzqKHG9f3bhRmZNi7WiJjGED3JgLidaKJpZbSvwJQPZ2
DbegN/yCgdV8E4+UoWtXzDRkNpBDseFKXy2hojgEcbeiDzMsiBqOA6geb742G74o
fhgTvcPAXgtBrMAZXibvGbFj0VCAl6JT+MKibXvL4+3u9EZyArPrMEZt5lRGDr+C
+olQ3arh91w+W6AFSMHiCasuIyAcCT7ncwu+K8jOX72xs7PGUcYT/oHVBTKZ4GcW
AFpNAoIBAB/F8olQT10+QCZciP1ZuRpdEbEheWAF9ng3E7r7wAQiWNoLHj10Nu3H
byHPMmXNsw2VwaHqrAb5nTl5hfpk/ph7SidxMyNbtjCAlYm7XCiSMLLj0v5sFyCc
wgZqXzttQ6NRKt90JeIvHiazP7SVrmCyU/RhMlufiyX5zvivOgdtQA+0ISFDGdcX
MgwLTdFci9RaS5WDYsvokcc/5xEP4bZnxgEbmVq19mIC8QrCdH7qh/KP9Psb2tIt
OGwGA/YSMeQysKjUqAb/mcaMYEf2GUwWY6mZfRfLbeTT8yeDKFvAx5IUIz5tkFD/
nMEENsuszPYolIDIv8pISWC8yCsWn5w=
-----END PRIVATE KEY-----

4
tests/backend/mongodb-ssl/test_ssl_connection.py
View File

@ -197,7 +197,7 @@ def test_ssl_invalid_configuration(db_host, db_port, certs_dir):
def test_ssl_connection_with_wrong_credentials():
import bigchaindb
from bigchaindb.backend.mongodb.connection import MongoDBConnection
from bigchaindb.backend.exceptions import AuthenticationError
from bigchaindb.backend.exceptions import ConnectionError
conn = MongoDBConnection(host=bigchaindb.config['database']['host'],
port=bigchaindb.config['database']['port'],
@ -211,5 +211,5 @@ def test_ssl_connection_with_wrong_credentials():
ssl_crlfile=bigchaindb.config['database']['crlfile'],
ssl_cert_reqs=CERT_REQUIRED)
with pytest.raises(AuthenticationError):
with pytest.raises(ConnectionError):
conn._connect()

26
tests/common/conftest.py
View File

@ -1,3 +1,4 @@
from base58 import b58decode
import pytest
@ -11,8 +12,13 @@ USER3_PRIVATE_KEY = '4rNQFzWQbVwuTiDVxwuFMvLG5zd8AhrQKCtVovBvcYsB'
USER3_PUBLIC_KEY = 'Gbrg7JtxdjedQRmr81ZZbh1BozS7fBW88ZyxNDy7WLNC'
CC_FULFILLMENT_URI = 'cf:0:'
CC_CONDITION_URI = 'cc:0:3:47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU:0'
CC_FULFILLMENT_URI = (
'pGSAINdamAGCsQq31Uv-08lkBzoO4XLz2qYjJa8CGmj3B1EagUDlVkMAw2CscpCG4syAboKKh'
'Id_Hrjl2XTYc-BlIkkBVV-4ghWQozusxh45cBz5tGvSW_XwWVu-JGVRQUOOehAL'
)
CC_CONDITION_URI = ('ni:///sha-256;'
'eZI5q6j8T_fqv7xMROaei9_tmTMk4S7WR5Kr4onPHV8'
'?fpt=ed25519-sha-256&cost=131072')
ASSET_DEFINITION = {
'data': {
@ -71,25 +77,25 @@ def cond_uri():
@pytest.fixture
def user_Ed25519(user_pub):
from cryptoconditions import Ed25519Fulfillment
return Ed25519Fulfillment(public_key=user_pub)
from cryptoconditions import Ed25519Sha256
return Ed25519Sha256(public_key=b58decode(user_pub))
@pytest.fixture
def user_user2_threshold(user_pub, user2_pub):
from cryptoconditions import (ThresholdSha256Fulfillment,
Ed25519Fulfillment)
from cryptoconditions import ThresholdSha256, Ed25519Sha256
user_pub_keys = [user_pub, user2_pub]
threshold = ThresholdSha256Fulfillment(threshold=len(user_pub_keys))
threshold = ThresholdSha256(threshold=len(user_pub_keys))
for user_pub in user_pub_keys:
threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub))
threshold.add_subfulfillment(
Ed25519Sha256(public_key=b58decode(user_pub)))
return threshold
@pytest.fixture
def user2_Ed25519(user2_pub):
from cryptoconditions import Ed25519Fulfillment
return Ed25519Fulfillment(public_key=user2_pub)
from cryptoconditions import Ed25519Sha256
return Ed25519Sha256(public_key=b58decode(user2_pub))
@pytest.fixture

130
tests/common/test_transaction.py
View File

@ -2,7 +2,9 @@
These are tests of the API of the Transaction class and associated classes.
Tests for transaction validation are separate.
"""
from copy import deepcopy
from base58 import b58encode, b58decode
from pytest import raises
@ -80,7 +82,10 @@ def test_output_serialization(user_Ed25519, user_pub):
expected = {
'condition': {
'uri': user_Ed25519.condition_uri,
'details': user_Ed25519.to_dict(),
'details': {
'type': 'ed25519-sha-256',
'public_key': b58encode(user_Ed25519.public_key),
},
},
'public_keys': [user_pub],
'amount': '1',
@ -98,7 +103,10 @@ def test_output_deserialization(user_Ed25519, user_pub):
cond = {
'condition': {
'uri': user_Ed25519.condition_uri,
'details': user_Ed25519.to_dict()
'details': {
'type': 'ed25519-sha-256',
'public_key': b58encode(user_Ed25519.public_key),
},
},
'public_keys': [user_pub],
'amount': '1',
@ -110,10 +118,10 @@ def test_output_deserialization(user_Ed25519, user_pub):
def test_output_hashlock_serialization():
from bigchaindb.common.transaction import Output
from cryptoconditions import PreimageSha256Fulfillment
from cryptoconditions import PreimageSha256
secret = b'wow much secret'
hashlock = PreimageSha256Fulfillment(preimage=secret).condition_uri
hashlock = PreimageSha256(preimage=secret).condition_uri
expected = {
'condition': {
@ -129,10 +137,10 @@ def test_output_hashlock_serialization():
def test_output_hashlock_deserialization():
from bigchaindb.common.transaction import Output
from cryptoconditions import PreimageSha256Fulfillment
from cryptoconditions import PreimageSha256
secret = b'wow much secret'
hashlock = PreimageSha256Fulfillment(preimage=secret).condition_uri
hashlock = PreimageSha256(preimage=secret).condition_uri
expected = Output(hashlock, amount=1)
cond = {
@ -161,15 +169,15 @@ def test_invalid_output_initialization(cond_uri, user_pub):
def test_generate_output_split_half_recursive(user_pub, user2_pub, user3_pub):
from bigchaindb.common.transaction import Output
from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
from cryptoconditions import Ed25519Sha256, ThresholdSha256
expected_simple1 = Ed25519Fulfillment(public_key=user_pub)
expected_simple2 = Ed25519Fulfillment(public_key=user2_pub)
expected_simple3 = Ed25519Fulfillment(public_key=user3_pub)
expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub))
expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub))
expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub))
expected = ThresholdSha256Fulfillment(threshold=2)
expected = ThresholdSha256(threshold=2)
expected.add_subfulfillment(expected_simple1)
expected_threshold = ThresholdSha256Fulfillment(threshold=2)
expected_threshold = ThresholdSha256(threshold=2)
expected_threshold.add_subfulfillment(expected_simple2)
expected_threshold.add_subfulfillment(expected_simple3)
expected.add_subfulfillment(expected_threshold)
@ -181,14 +189,14 @@ def test_generate_output_split_half_recursive(user_pub, user2_pub, user3_pub):
def test_generate_outputs_split_half_single_owner(user_pub,
user2_pub, user3_pub):
from bigchaindb.common.transaction import Output
from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
from cryptoconditions import Ed25519Sha256, ThresholdSha256
expected_simple1 = Ed25519Fulfillment(public_key=user_pub)
expected_simple2 = Ed25519Fulfillment(public_key=user2_pub)
expected_simple3 = Ed25519Fulfillment(public_key=user3_pub)
expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub))
expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub))
expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub))
expected = ThresholdSha256Fulfillment(threshold=2)
expected_threshold = ThresholdSha256Fulfillment(threshold=2)
expected = ThresholdSha256(threshold=2)
expected_threshold = ThresholdSha256(threshold=2)
expected_threshold.add_subfulfillment(expected_simple2)
expected_threshold.add_subfulfillment(expected_simple3)
expected.add_subfulfillment(expected_threshold)
@ -200,13 +208,13 @@ def test_generate_outputs_split_half_single_owner(user_pub,
def test_generate_outputs_flat_ownage(user_pub, user2_pub, user3_pub):
from bigchaindb.common.transaction import Output
from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
from cryptoconditions import Ed25519Sha256, ThresholdSha256
expected_simple1 = Ed25519Fulfillment(public_key=user_pub)
expected_simple2 = Ed25519Fulfillment(public_key=user2_pub)
expected_simple3 = Ed25519Fulfillment(public_key=user3_pub)
expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub))
expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub))
expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub))
expected = ThresholdSha256Fulfillment(threshold=3)
expected = ThresholdSha256(threshold=3)
expected.add_subfulfillment(expected_simple1)
expected.add_subfulfillment(expected_simple2)
expected.add_subfulfillment(expected_simple3)
@ -217,9 +225,9 @@ def test_generate_outputs_flat_ownage(user_pub, user2_pub, user3_pub):
def test_generate_output_single_owner(user_pub):
from bigchaindb.common.transaction import Output
from cryptoconditions import Ed25519Fulfillment
from cryptoconditions import Ed25519Sha256
expected = Ed25519Fulfillment(public_key=user_pub)
expected = Ed25519Sha256(public_key=b58decode(user_pub))
cond = Output.generate([user_pub], 1)
assert cond.fulfillment.to_dict() == expected.to_dict()
@ -227,9 +235,9 @@ def test_generate_output_single_owner(user_pub):
def test_generate_output_single_owner_with_output(user_pub):
from bigchaindb.common.transaction import Output
from cryptoconditions import Ed25519Fulfillment
from cryptoconditions import Ed25519Sha256
expected = Ed25519Fulfillment(public_key=user_pub)
expected = Ed25519Sha256(public_key=b58decode(user_pub))
cond = Output.generate([expected], 1)
assert cond.fulfillment.to_dict() == expected.to_dict()
@ -364,7 +372,7 @@ def test_transaction_link_serialization():
tx_id = 'a transaction id'
expected = {
'transaction_id': tx_id,
'output': 0,
'output_index': 0,
}
tx_link = TransactionLink(tx_id, 0)
@ -387,7 +395,7 @@ def test_transaction_link_deserialization():
expected = TransactionLink(tx_id, 0)
tx_link = {
'transaction_id': tx_id,
'output': 0,
'output_index': 0,
}
tx_link = TransactionLink.from_dict(tx_link)
@ -489,15 +497,13 @@ def test_sign_with_invalid_parameters(utx, user_priv):
def test_validate_tx_simple_create_signature(user_input, user_output, user_priv,
asset_definition):
from copy import deepcopy
from bigchaindb.common.crypto import PrivateKey
from bigchaindb.common.transaction import Transaction
from .utils import validate_transaction_model
tx = Transaction(Transaction.CREATE, asset_definition, [user_input], [user_output])
expected = deepcopy(user_output)
message = str(tx).encode()
expected.fulfillment.sign(message, PrivateKey(user_priv))
expected.fulfillment.sign(message, b58decode(user_priv))
tx.sign([user_priv])
assert tx.inputs[0].to_dict()['fulfillment'] == \
@ -527,7 +533,7 @@ def test_sign_threshold_with_invalid_params(utx, user_user2_threshold_input,
'somemessage',
{user3_pub: user3_priv})
with raises(KeypairMismatchException):
user_user2_threshold_input.owners_before = ['somewrongvalue']
user_user2_threshold_input.owners_before = [58 * 'a']
utx._sign_threshold_signature_fulfillment(user_user2_threshold_input,
'somemessage',
None)
@ -551,9 +557,6 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input,
user_priv,
user2_priv,
asset_definition):
from copy import deepcopy
from bigchaindb.common.crypto import PrivateKey
from bigchaindb.common.transaction import Transaction
from .utils import validate_transaction_model
@ -562,10 +565,10 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input,
[user_user2_threshold_output])
message = str(tx).encode()
expected = deepcopy(user_user2_threshold_output)
expected.fulfillment.subconditions[0]['body'].sign(message,
PrivateKey(user_priv))
expected.fulfillment.subconditions[1]['body'].sign(message,
PrivateKey(user2_priv))
expected.fulfillment.subconditions[0]['body'].sign(
message, b58decode(user_priv))
expected.fulfillment.subconditions[1]['body'].sign(
message, b58decode(user2_priv))
tx.sign([user_priv, user2_priv])
assert tx.inputs[0].to_dict()['fulfillment'] == \
@ -577,14 +580,14 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input,
def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv,
asset_definition):
from copy import deepcopy
from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
from cryptoconditions import Ed25519Sha256, ThresholdSha256
from bigchaindb.common.transaction import Input, Output, Transaction
from bigchaindb.common.crypto import PrivateKey
threshold = ThresholdSha256Fulfillment(threshold=2)
threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub))
threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub))
threshold = ThresholdSha256(threshold=2)
threshold.add_subfulfillment(
Ed25519Sha256(public_key=b58decode(user_pub)))
threshold.add_subfulfillment(
Ed25519Sha256(public_key=b58decode(user_pub)))
threshold_input = Input(threshold, [user_pub, user_pub])
threshold_output = Output(threshold, [user_pub, user_pub])
@ -592,10 +595,10 @@ def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv,
tx = Transaction(Transaction.CREATE, asset_definition,
[threshold_input], [threshold_output])
expected = deepcopy(threshold_input)
expected.fulfillment.subconditions[0]['body'].sign(str(tx).encode(),
PrivateKey(user_priv))
expected.fulfillment.subconditions[1]['body'].sign(str(tx).encode(),
PrivateKey(user_priv))
expected.fulfillment.subconditions[0]['body'].sign(
str(tx).encode(), b58decode(user_priv))
expected.fulfillment.subconditions[1]['body'].sign(
str(tx).encode(), b58decode(user_priv))
tx.sign([user_priv, user_priv])
@ -616,10 +619,9 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output,
user2_priv, user3_pub,
user3_priv,
asset_definition):
from copy import deepcopy
from bigchaindb.common.transaction import (Transaction, TransactionLink,
Input, Output)
from cryptoconditions import Ed25519Fulfillment
from cryptoconditions import Ed25519Sha256
from .utils import validate_transaction_model
tx = Transaction(Transaction.CREATE, asset_definition, [user_input],
@ -629,8 +631,10 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output,
inputs = [Input(cond.fulfillment, cond.public_keys,
TransactionLink(tx.id, index))
for index, cond in enumerate(tx.outputs)]
outputs = [Output(Ed25519Fulfillment(public_key=user3_pub), [user3_pub]),
Output(Ed25519Fulfillment(public_key=user3_pub), [user3_pub])]
outputs = [Output(Ed25519Sha256(public_key=b58decode(user3_pub)),
[user3_pub]),
Output(Ed25519Sha256(public_key=b58decode(user3_pub)),
[user3_pub])]
transfer_tx = Transaction('TRANSFER', {'id': tx.id}, inputs, outputs)
transfer_tx = transfer_tx.sign([user_priv])
@ -640,11 +644,11 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output,
def test_validate_inputs_of_transfer_tx_with_invalid_params(
transfer_tx, cond_uri, utx, user2_pub, user_priv):
transfer_tx, cond_uri, utx, user2_pub, user_priv, ffill_uri):
from bigchaindb.common.transaction import Output
from cryptoconditions import Ed25519Fulfillment
from cryptoconditions import Ed25519Sha256
invalid_out = Output(Ed25519Fulfillment.from_uri('cf:0:'), ['invalid'])
invalid_out = Output(Ed25519Sha256.from_uri(ffill_uri), ['invalid'])
assert transfer_tx.inputs_valid([invalid_out]) is False
invalid_out = utx.outputs[0]
invalid_out.public_key = 'invalid'
@ -826,8 +830,6 @@ def test_outputs_to_inputs(tx):
def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub,
user2_output, user_priv):
from copy import deepcopy
from bigchaindb.common.crypto import PrivateKey
from bigchaindb.common.transaction import Transaction
from bigchaindb.common.utils import serialize
from .utils import validate_transaction_model
@ -846,7 +848,7 @@ def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub,
'fulfillment': None,
'fulfills': {
'transaction_id': tx.id,
'output': 0
'output_index': 0
}
}
],
@ -861,8 +863,8 @@ def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub,
expected_input = deepcopy(inputs[0])
expected['id'] = transfer_tx['id']
expected_input.fulfillment.sign(serialize(expected).encode(),
PrivateKey(user_priv))
expected_input.fulfillment.sign(
serialize(expected).encode(), b58decode(user_priv))
expected_ffill = expected_input.fulfillment.serialize_uri()
transfer_ffill = transfer_tx['inputs'][0]['fulfillment']
@ -895,7 +897,7 @@ def test_create_transfer_transaction_multiple_io(user_pub, user_priv,
'fulfillment': None,
'fulfills': {
'transaction_id': tx.id,
'output': 0
'output_index': 0
}
}, {
'owners_before': [
@ -904,7 +906,7 @@ def test_create_transfer_transaction_multiple_io(user_pub, user_priv,
'fulfillment': None,
'fulfills': {
'transaction_id': tx.id,
'output': 1
'output_index': 1
}
}
],

7
tests/db/test_bigchain_api.py
View File

@ -1,7 +1,8 @@
from time import sleep
from unittest.mock import patch
import pytest
from unittest.mock import patch
from base58 import b58decode
pytestmark = pytest.mark.bdb
@ -577,14 +578,14 @@ class TestBigchainApi(object):
@pytest.mark.usefixtures('inputs')
def test_non_create_input_not_found(self, b, user_pk):
from cryptoconditions import Ed25519Fulfillment
from cryptoconditions import Ed25519Sha256
from bigchaindb.common.exceptions import InputDoesNotExist
from bigchaindb.common.transaction import Input, TransactionLink
from bigchaindb.models import Transaction
from bigchaindb import Bigchain
# Create an input for a non existing transaction
input = Input(Ed25519Fulfillment(public_key=user_pk),
input = Input(Ed25519Sha256(public_key=b58decode(user_pk)),
[user_pk],
TransactionLink('somethingsomething', 0))
tx = Transaction.transfer([input], [([user_pk], 1)],

21
tests/integration/test_federation.py
View File

@ -133,27 +133,6 @@ def test_elect_invalid(federation_3):
assert bx[i].get_transaction(tx.id, True)[1] is None
@pytest.mark.bdb
@pytest.mark.genesis
def test_elect_disagree_prev_block(federation_3):
[bx, (s0, s1, s2)] = federation_3
tx = input_single_create(bx[0])
process_tx(s0)
process_tx(s1)
process_tx(s2)
process_vote(s0, True)
for i in range(3):
assert bx[i].get_transaction(tx.id, True)[1] == 'undecided'
s1.vote.last_voted_id = '5' * 64
process_vote(s1, True)
for i in range(3):
assert bx[i].get_transaction(tx.id, True)[1] == 'undecided'
s2.vote.last_voted_id = '6' * 64
process_vote(s2, True)
for i in range(3):
assert bx[i].get_transaction(tx.id, True)[1] is None
@pytest.mark.bdb
@pytest.mark.genesis
def test_elect_sybill(federation_3):

2
tests/pipelines/test_vote.py
View File

@ -180,7 +180,7 @@ def test_vote_accumulates_transactions(b):
validation = vote_obj.validate_tx(tx.to_dict(), 123, 1)
assert validation == (True, 123, 1)
tx.inputs[0].fulfillment.signature = None
tx.inputs[0].fulfillment.signature = 64*b'z'
validation = vote_obj.validate_tx(tx.to_dict(), 456, 10)
assert validation == (False, 456, 10)

48
tests/validation/test_transaction_structure.py
View File

@ -5,9 +5,11 @@ structural / schematic issues are caught when reading a transaction
"""
import pytest
from unittest.mock import MagicMock
from bigchaindb.common.exceptions import (AmountError, InvalidHash,
SchemaValidationError)
SchemaValidationError,
ThresholdTooDeep)
from bigchaindb.models import Transaction
@ -161,18 +163,44 @@ def test_high_amounts(create_tx):
validate(create_tx)
################################################################################
# Conditions
def test_handle_threshold_overflow():
from bigchaindb.common import transaction
cond = {
'type': 'ed25519-sha-256',
'public_key': 'a' * 43,
}
for i in range(1000):
cond = {
'type': 'threshold-sha-256',
'threshold': 1,
'subconditions': [cond],
}
with pytest.raises(ThresholdTooDeep):
transaction._fulfillment_from_details(cond)
def test_unsupported_condition_type():
from bigchaindb.common import transaction
from cryptoconditions.exceptions import UnsupportedTypeError
with pytest.raises(UnsupportedTypeError):
transaction._fulfillment_from_details({'type': 'a'})
with pytest.raises(UnsupportedTypeError):
transaction._fulfillment_to_details(MagicMock(type_name='a'))
################################################################################
# Version
def test_validate_version(create_tx):
import re
import bigchaindb.version
short_ver = bigchaindb.version.__short_version__
assert create_tx.version == re.match(r'^(.*\d)', short_ver).group(1)
create_tx.version = '1.0'
validate(create_tx)
# At version 1, transaction version will break step with server version.
create_tx.version = '1.0.0'
create_tx.version = '0.10'
validate_raises(create_tx)
create_tx.version = '110'
validate_raises(create_tx)

8
tests/web/test_outputs.py
View File

@ -14,8 +14,8 @@ def test_get_outputs_endpoint(client, user_pk):
gof.return_value = [m, m]
res = client.get(OUTPUTS_ENDPOINT + '?public_key={}'.format(user_pk))
assert res.json == [
{'transaction_id': 'a', 'output': 0},
{'transaction_id': 'a', 'output': 0}
{'transaction_id': 'a', 'output_index': 0},
{'transaction_id': 'a', 'output_index': 0}
]
assert res.status_code == 200
gof.assert_called_once_with(user_pk, None)
@ -29,7 +29,7 @@ def test_get_outputs_endpoint_unspent(client, user_pk):
gof.return_value = [m]
params = '?spent=False&public_key={}'.format(user_pk)
res = client.get(OUTPUTS_ENDPOINT + params)
assert res.json == [{'transaction_id': 'a', 'output': 0}]
assert res.json == [{'transaction_id': 'a', 'output_index': 0}]
assert res.status_code == 200
gof.assert_called_once_with(user_pk, False)
@ -42,7 +42,7 @@ def test_get_outputs_endpoint_spent(client, user_pk):
gof.return_value = [m]
params = '?spent=true&public_key={}'.format(user_pk)
res = client.get(OUTPUTS_ENDPOINT + params)
assert res.json == [{'transaction_id': 'a', 'output': 0}]
assert res.json == [{'transaction_id': 'a', 'output_index': 0}]
assert res.status_code == 200
gof.assert_called_once_with(user_pk, True)

2
tests/web/test_transactions.py
View File

@ -89,7 +89,7 @@ def test_post_create_transaction_with_invalid_signature(mock_logger,
tx = Transaction.create([user_pub], [([user_pub], 1)])
tx = tx.sign([user_priv]).to_dict()
tx['inputs'][0]['fulfillment'] = 'cf:0:0'
tx['inputs'][0]['fulfillment'] = 64 * '0'
res = client.post(TX_ENDPOINT, data=json.dumps(tx))
expected_status_code = 400

3
tox.ini
View File

@ -1,6 +1,6 @@
[tox]
skipsdist = true
envlist = py{34,35,36}-{rethinkdb,mongodb}, flake8, docsroot, docsserver
envlist = py{35,36}-{rethinkdb,mongodb}, flake8, docsroot, docsserver
[base]
basepython = python3.6
@ -13,6 +13,7 @@ setenv =
rethinkdb: BIGCHAINDB_DATABASE_BACKEND=rethinkdb
mongodb: BIGCHAINDB_DATABASE_BACKEND=mongodb
deps = {[base]deps}
install_command = pip install {opts} {packages}
extras = test
commands = pytest -v -n auto --cov=bigchaindb --basetemp={envtmpdir}