expand test_prepare script with libeufin support for IBAN auth

3 files changed, 443 insertions, 12 deletions

diff --git a/src/testing/test_anastasis_reducer_4.conf b/src/testing/test_anastasis_reducer_4.conf
index ae53028..ad113ff 100644
--- a/src/testing/test_anastasis_reducer_4.conf
+++ b/src/testing/test_anastasis_reducer_4.conf
@@ -27,7 +27,7 @@ ENABLED = yes
 COMMAND = scat
 
 [authorization-iban]
-COST = TESTKUDOS:1
+COST = EUR:1
 ENABLED = yes
 BUSINESS_NAME = "Data loss #4 Inc."
 CREDIT_IBAN = DE18446744073709551614
diff --git a/src/testing/test_anastasis_reducer_4_free.conf b/src/testing/test_anastasis_reducer_4_free.conf
index 5e987a6..5aae7a0 100644
--- a/src/testing/test_anastasis_reducer_4_free.conf
+++ b/src/testing/test_anastasis_reducer_4_free.conf
@@ -1,8 +1,220 @@
-@INLINE@ test_anastasis_reducer_4.conf
+[taler]
+CURRENCY = TESTKUDOS
+CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
+
+[anastasis-merchant-backend]
+PAYMENT_BACKEND_URL = http://localhost:9966/
+
+[authorization-question]
+COST = TESTKUDOS:0.0
+
+[exchange]
+MAX_KEYS_CACHING = forever
+DB = postgres
+MASTER_PRIV_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/master.priv
+SERVE = tcp
+UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
+UNIXPATH_MODE = 660
+PORT = 8081
+BASE_URL = http://localhost:8081/
+SIGNKEY_DURATION = 2 weeks
+SIGNKEY_LEGAL_DURATION = 2 years
+LEGAL_DURATION = 2 years
+LOOKAHEAD_SIGN = 3 weeks 1 day
+LOOKAHEAD_PROVIDE = 2 weeks 1 day
+KEYDIR = ${TALER_DATA_HOME}/exchange/live-keys/
+REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/
+TERMS_ETAG = 0
+PRIVACY_ETAG = 0
+
+[merchant]
+SERVE = tcp
+PORT = 9966
+UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
+UNIXPATH_MODE = 660
+DEFAULT_WIRE_FEE_AMORTIZATION = 1
+DB = postgres
+WIREFORMAT = default
+WIRE_TRANSFER_DELAY = 1 minute
+DEFAULT_PAY_DEADLINE = 1 day
+DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
+KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
+DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
+FORCE_AUDIT = YES
+
+[auditor]
+DB = postgres
+AUDITOR_PRIV_FILE = ${TALER_DATA_HOME}/auditor/offline-keys/auditor.priv
+SERVE = tcp
+UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
+UNIXPATH_MODE = 660
+PORT = 8083
+AUDITOR_URL = http://localhost:8083/
+TINY_AMOUNT = TESTKUDOS:0.01
+BASE_URL = http://localhost:8083/
+
+[bank]
+DATABASE = postgres:///taler-auditor-basedb
+MAX_DEBT = TESTKUDOS:50.0
+MAX_DEBT_BANK = TESTKUDOS:100000.0
+HTTP_PORT = 8082
+SUGGESTED_EXCHANGE = http://localhost:8081/
+SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
+ALLOW_REGISTRATIONS = YES
+SERVE = http
+
+[exchangedb]
+IDLE_RESERVE_EXPIRATION_TIME = 4 weeks
+LEGAL_RESERVE_EXPIRATION_TIME = 7 years
+
+[exchange-account-1]
+PAYTO_URI = payto://x-taler-bank/localhost/Exchange
+enable_debit = yes
+enable_credit = yes
+
+[exchange-accountcredentials-1]
+WIRE_GATEWAY_URL = http://localhost:8082/taler-wire-gateway/Exchange/
+WIRE_GATEWAY_AUTH_METHOD = basic
+USERNAME = Exchange
+PASSWORD = x
+
+[merchant-exchange-default]
+EXCHANGE_BASE_URL = http://localhost:8081/
+CURRENCY = TESTKUDOS
+
+[coin_kudos_ct_1]
+value = TESTKUDOS:0.01
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.01
+fee_deposit = TESTKUDOS:0.01
+fee_refresh = TESTKUDOS:0.01
+fee_refund = TESTKUDOS:0.01
+rsa_keysize = 1024
+
+[coin_kudos_ct_10]
+value = TESTKUDOS:0.10
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.01
+fee_deposit = TESTKUDOS:0.01
+fee_refresh = TESTKUDOS:0.03
+fee_refund = TESTKUDOS:0.01
+rsa_keysize = 1024
+
+[coin_kudos_1]
+value = TESTKUDOS:1
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.02
+fee_deposit = TESTKUDOS:0.02
+fee_refresh = TESTKUDOS:0.03
+fee_refund = TESTKUDOS:0.01
+rsa_keysize = 1024
+
+[coin_kudos_2]
+value = TESTKUDOS:2
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.03
+fee_deposit = TESTKUDOS:0.03
+fee_refresh = TESTKUDOS:0.04
+fee_refund = TESTKUDOS:0.02
+rsa_keysize = 1024
+
+[coin_kudos_4]
+value = TESTKUDOS:4
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.03
+fee_deposit = TESTKUDOS:0.03
+fee_refresh = TESTKUDOS:0.04
+fee_refund = TESTKUDOS:0.02
+rsa_keysize = 1024
+
+[coin_kudos_5]
+value = TESTKUDOS:5
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.01
+fee_deposit = TESTKUDOS:0.01
+fee_refresh = TESTKUDOS:0.03
+fee_refund = TESTKUDOS:0.01
+rsa_keysize = 1024
+
+[coin_kudos_8]
+value = TESTKUDOS:8
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.05
+fee_deposit = TESTKUDOS:0.02
+fee_refresh = TESTKUDOS:0.03
+fee_refund = TESTKUDOS:0.04
+rsa_keysize = 1024
+
+[coin_kudos_10]
+value = TESTKUDOS:10
+duration_withdraw = 7 days
+duration_spend = 2 years
+duration_legal = 3 years
+fee_withdraw = TESTKUDOS:0.01
+fee_deposit = TESTKUDOS:0.01
+fee_refresh = TESTKUDOS:0.03
+fee_refund = TESTKUDOS:0.01
+rsa_keysize = 1024
+
+[authorization-sms]
+COST = TESTKUDOS:0.0
+ENABLED = yes
+COMMAND = /bin/false
+
+[authorization-post]
+COST = TESTKUDOS:1.0
+ENABLED = yes
+COMMAND = /bin/false
+
+[authorization-email]
+COST = TESTKUDOS:0.0
+ENABLED = yes
+COMMAND = scat
+
+[authorization-iban]
+USERNAME = anastasis-credit-user
+WIRE_GATEWAY_URL = http://localhost:5001/facades/facade-credit/anastasis/
+COST = EUR:1
+ENABLED = yes
+BUSINESS_NAME = Person Credit
+CREDIT_IBAN = DE18446744073709551614
+WIRE_GATEWAY_AUTH_METHOD = basic
+PASSWORD = anastasis-credit-password
+
+[arm]
+CONFIG = /research/anastasis/anastasis-gtk/src/testing/test_anastasis_reducer_4_free.conf
+
+[stasis-postgres]
+CONFIG = postgres:///anastasischeck4
 
 [anastasis]
 ANNUAL_FEE = TESTKUDOS:0.0
 TRUTH_UPLOAD_FEE = TESTKUDOS:0.0
+INSURANCE = TESTKUDOS:1.0
+SERVER_SALT = DUfO1KGOKYIFlFQ4
+BUSINESS_NAME = Data loss #4 Inc.
+UPLOAD_LIMIT_MB = 1
+ANNUAL_POLICY_UPLOAD_LIMIT = 42
+PORT = 8089
+
+[PATHS]
+TALER_HOME = ${PWD}/test_reducer_home/
+TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
+TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
+TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
+TALER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/taler-system-runtime/
 
-[authorization-email]
-COST = TESTKUDOS:0.0
diff --git a/src/testing/test_prepare.sh b/src/testing/test_prepare.sh
index 253cb8f..5faee2e 100755
--- a/src/testing/test_prepare.sh
+++ b/src/testing/test_prepare.sh
@@ -28,19 +28,104 @@ function cleanup()
     wait
 }
 
+
+# $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban
+function prepare_sandbox_account() {
+  echo -n "Activating ebics subscriber $1 at the sandbox ..."
+  libeufin-cli \
+    sandbox --sandbox-url=$SANDBOX_URL \
+      ebicssubscriber create \
+        --host-id=$EBICS_HOST \
+        --partner-id=$2 \
+        --user-id=$1
+  echo " OK"
+  echo -n "Giving a bank account ($4) to $1 ..."
+  libeufin-cli \
+    sandbox --sandbox-url=$SANDBOX_URL \
+      ebicsbankaccount create \
+        --iban=$5 \
+        --bic="BCMAESM1XXX"\
+        --person-name="$3" \
+        --account-name=$4 \
+        --ebics-user-id=$1 \
+        --ebics-host-id=$EBICS_HOST \
+        --ebics-partner-id=$2 \
+        --currency=EUR
+  echo " OK"
+}
+
+
+# Transfer only from debit to credit/anastasis account.
+# This function moves funds directly at the Sandbox.  No need
+# to pass through the Nexus+Ebics layer to issue the payment
+# $1 = amount ($CURRENCY:X.Y), $2 = subject.
+function wire_transfer_to_anastasis() {
+  libeufin-sandbox make-transaction \
+    --debit-account=sandbox-account-debit \
+    --credit-account=sandbox-account-credit "$1" "$2"
+  # Sync nexus with sandbox
+  export LIBEUFIN_NEXUS_USERNAME=$CREDIT_USERNAME
+  export LIBEUFIN_NEXUS_PASSWORD=$CREDIT_PASSWORD
+  libeufin-cli accounts fetch-transactions nexus-bankaccount-credit > /dev/null
+  anastasis-helper-authorization-iban -c $CONF_4 -t
+}
+
+# $1 = facade base URL.  Merely a debug utility.
+function see_anastasis_transactions_via_facade() {
+  curl -s --user "$CREDIT_USERNAME:$CREDIT_PASSWORD" "${1}history/incoming?delta=5" | jq
+}
+
+# $1 = ebics user id, $2 = ebics partner, $3 = bank connection name
+# $4 = bank account name local to Nexus, $5 = bank account name as known
+# by Sandbox
+function prepare_nexus_account() {
+  echo -n "Making bank connection $3 ..."
+  libeufin-cli connections new-ebics-connection \
+    --ebics-url="${SANDBOX_URL}ebicsweb" \
+    --host-id=$EBICS_HOST \
+    --partner-id=$2 \
+    --ebics-user-id=$1 \
+    $3 > /dev/null
+  echo " OK"
+  echo -n "Connecting $3 ..."
+  libeufin-cli connections connect $3 > /dev/null
+  echo " OK"
+  echo -n "Importing Sandbox bank account ($5) to Nexus ($4) ..."
+  libeufin-cli connections download-bank-accounts $3 > /dev/null
+  libeufin-cli connections import-bank-account \
+    --offered-account-id=$5 --nexus-bank-account-id=$4 $3 > /dev/null
+  echo " OK"
+}
+
+# $1 = facade name, $2 = bank connection to use, $3 = bank account name
+# local to Nexus
+function prepare_anastasis_facade() {
+  echo -n "Creating facade ..."
+  libeufin-cli facades new-anastasis-facade \
+    --currency=EUR \
+    --facade-name=$1 \
+    $2 $3
+  echo " OK"
+  # No need to setup facade permissions, as the anastasis client
+  # is superuser at Nexus.
+}
+
+
+
 if test "${1:-}" != "free" -a "${1:-}" != "fees"
 then
     echo "Launch script with either 'free' or 'fees' argument to launch providers with/without fees."
     exit 1
 fi
 
-CONF_1="test_anastasis_reducer_1.conf"
-CONF_2="test_anastasis_reducer_2.conf"
-CONF_3="test_anastasis_reducer_3.conf"
-CONF_4="test_anastasis_reducer_4.conf"
+export CONF_1="test_anastasis_reducer_1.conf"
+export CONF_2="test_anastasis_reducer_2.conf"
+export CONF_3="test_anastasis_reducer_3.conf"
 if test $1 = 'free'
 then
-    CONF_4="test_anastasis_reducer_4_free.conf"
+    export CONF_4="test_anastasis_reducer_4_free.conf"
+else
+    export CONF_4="test_anastasis_reducer_4.conf"
 fi
 
 # Exchange configuration file will be edited, so we create one
@@ -54,6 +139,7 @@ B1FILE=`mktemp test_reducer_stateB1XXXXXX`
 B2FILE=`mktemp test_reducer_stateB2XXXXXX`
 R1FILE=`mktemp test_reducer_stateR1XXXXXX`
 R2FILE=`mktemp test_reducer_stateR2XXXXXX`
+IBAN_ACTIVE='false'
 
 # Install cleanup handler (except for kill -9)
 trap cleanup EXIT
@@ -75,6 +161,132 @@ then
     echo " FOUND"
 fi
 
+echo -n "Testing for libeufin-cli"
+if libeufin-cli --version > /dev/null
+then
+    echo " FOUND"
+    IBAN_CREDIT=`anastasis-config -c $CONF_4 -s authorization-iban -o CREDIT_IBAN`
+    CREDIT_BUSINESS_NAME=`anastasis-config -c $CONF_4 -s authorization-iban -o BUSINESS_NAME`
+    echo -n "Setting up Nexus ..."
+    export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)"
+    export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)"
+    export NEXUS_URL="http://localhost:5001/"
+    export SANDBOX_URL="http://localhost:5000/"
+    libeufin-nexus serve &> nexus.log &
+    nexus_pid=$!
+    if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then
+        exit_skip "Could not launch Nexus"
+    fi
+    echo -n "."
+    libeufin-sandbox serve &> sandbox.log &
+    sandbox_pid=$!
+    if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then
+        exit_skip "Could not launch Sandbox"
+    fi
+    export EBICS_HOST="ebicstesthost"
+    export IBAN_DEBIT="FR1420041010050500013M02606"
+    echo "OK"
+
+    echo -n "Preparing Sandbox ..."
+    libeufin-cli \
+        sandbox --sandbox-url=$SANDBOX_URL \
+        ebicshost create \
+        --host-id=$EBICS_HOST
+    echo " OK"
+
+    export PERSON_CREDIT_NAME="Person Credit"
+    echo -n "Preparing accounts ..."
+    # note: Ebisc schema doesn't allow dashed names.
+    prepare_sandbox_account \
+        ebicsuserCredit \
+        ebicspartnerCredit \
+        "${PERSON_CREDIT_NAME}" \
+        sandbox-account-credit \
+        $IBAN_CREDIT
+    prepare_sandbox_account \
+        ebicsuserDebit \
+        ebicspartnerDebit \
+        "Person Debit" \
+        sandbox-account-debit \
+        $IBAN_DEBIT
+    echo "Sandbox preparation done"
+
+    echo -n "Preparing Nexus ..."
+    export LIBEUFIN_NEXUS_URL=$NEXUS_URL
+    # Make debit user, will buy Anastasis services.
+    export DEBIT_USERNAME=anastasis-debit-user
+    export DEBIT_PASSWORD=anastasis-debit-password
+    libeufin-nexus superuser $DEBIT_USERNAME --password=$DEBIT_PASSWORD
+    echo " OK"
+    export LIBEUFIN_NEXUS_USERNAME=$DEBIT_USERNAME
+    export LIBEUFIN_NEXUS_PASSWORD=$DEBIT_PASSWORD
+
+    prepare_nexus_account \
+        ebicsuserDebit \
+        ebicspartnerDebit \
+        bankconnection-debit \
+        nexus-bankaccount-debit \
+        sandbox-account-debit
+
+    # Make credit user, will be Anastasis client.
+    export CREDIT_USERNAME=anastasis-credit-user
+    export CREDIT_PASSWORD=anastasis-credit-password
+    echo -n "Create credit user (for anastasis) at Nexus ..."
+    libeufin-nexus superuser $CREDIT_USERNAME --password=$CREDIT_PASSWORD
+    echo " OK"
+    export LIBEUFIN_NEXUS_USERNAME=$CREDIT_USERNAME
+    export LIBEUFIN_NEXUS_PASSWORD=$CREDIT_PASSWORD
+
+    prepare_nexus_account \
+        ebicsuserCredit \
+        ebicspartnerCredit \
+        bankconnection-credit \
+        nexus-bankaccount-credit \
+        sandbox-account-credit
+
+    echo -n "Create facade ..."
+    libeufin-cli facades new-anastasis-facade \
+                 --currency="EUR" \
+                 --facade-name=facade-credit \
+                 bankconnection-credit nexus-bankaccount-credit
+    echo " OK"
+    export FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \")
+
+    ## Reach facade with: $FACADE_URL + $CREDIT_USERNAME + $CREDIT_PASSWORD
+
+    echo -n "Configuring Anastasis IBAN account ..."
+    anastasis-config -c $CONF_4 \
+                     -s authorization-iban \
+                     -o CREDIT_IBAN \
+                     -V "${IBAN_CREDIT}"
+    anastasis-config -c $CONF_4 \
+                     -s authorization-iban \
+                     -o BUSINESS_NAME \
+                     -V "${PERSON_CREDIT_NAME}"
+    anastasis-config -c $CONF_4 \
+                     -s authorization-iban \
+                     -o WIRE_GATEWAY_URL \
+                     -V "${FACADE_URL}"
+    anastasis-config -c $CONF_4 \
+                     -s authorization-iban \
+                     -o WIRE_GATEWAY_AUTH_METHOD \
+                     -V "basic"
+    anastasis-config -c $CONF_4 \
+                     -s authorization-iban \
+                     -o USERNAME \
+                     -V "${LIBEUFIN_NEXUS_USERNAME}"
+    anastasis-config -c $CONF_4 \
+                     -s authorization-iban \
+                     -o PASSWORD \
+                     -V "${LIBEUFIN_NEXUS_PASSWORD}"
+    echo " OK"
+    IBAN_ACTIVE='true'
+else
+    echo " NOT FOUND (IBAN authentication not supported)"
+    anastasis-config -c $CONF_4 -s authorization-iban -o ENABLED -V no
+fi
+
+
 echo -n "Testing for anastasis-httpd"
 anastasis-httpd -h >/dev/null </dev/null || exit_skip " MISSING"
 echo " FOUND"
@@ -308,12 +520,19 @@ then
 
 fi
 
-echo "You can now run anastasis-gtk in the shell we are starting now."
-echo "Exit the shell when done to terminate the test environment!"
+export -f wire_transfer_to_anastasis
 
+echo "You can now run anastasis-gtk in TESTLAND."
+echo " "
+echo "We will now start a sub-shell. Please note:"
+echo '- to terminate the test environment by leaving the sub-shell use: exit'
+if test $IBAN_ACTIVE = 'true'
+then
+    echo '- for IBAN authentication use: wire_transfer_to_anastasis "$AMOUNT" "$SUBJECT"'
+fi
 if test $1 = 'fees'
 then
-    echo "Use 'taler-wallet-cli --wallet-db=\$WALLET_DB handle-uri \$PAY_URI -y' to pay"
+    echo '- to pay, use: taler-wallet-cli --wallet-db=$WALLET_DB handle-uri $PAY_URI -y'
     export WALLET_DB
 fi