From 3a59c467e74ef838ce34a87ecf032b032111a982 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 26 Aug 2021 18:18:43 +0200 Subject: expand test_prepare script with libeufin support for IBAN auth --- src/testing/test_anastasis_reducer_4.conf | 2 +- src/testing/test_anastasis_reducer_4_free.conf | 218 ++++++++++++++++++++++- src/testing/test_prepare.sh | 235 ++++++++++++++++++++++++- 3 files changed, 443 insertions(+), 12 deletions(-) diff --git a/src/testing/test_anastasis_reducer_4.conf b/src/testing/test_anastasis_reducer_4.conf index ae53028..ad113ff 100644 --- a/src/testing/test_anastasis_reducer_4.conf +++ b/src/testing/test_anastasis_reducer_4.conf @@ -27,7 +27,7 @@ ENABLED = yes COMMAND = scat [authorization-iban] -COST = TESTKUDOS:1 +COST = EUR:1 ENABLED = yes BUSINESS_NAME = "Data loss #4 Inc." CREDIT_IBAN = DE18446744073709551614 diff --git a/src/testing/test_anastasis_reducer_4_free.conf b/src/testing/test_anastasis_reducer_4_free.conf index 5e987a6..5aae7a0 100644 --- a/src/testing/test_anastasis_reducer_4_free.conf +++ b/src/testing/test_anastasis_reducer_4_free.conf @@ -1,8 +1,220 @@ -@INLINE@ test_anastasis_reducer_4.conf +[taler] +CURRENCY = TESTKUDOS +CURRENCY_ROUND_UNIT = TESTKUDOS:0.01 + +[anastasis-merchant-backend] +PAYMENT_BACKEND_URL = http://localhost:9966/ + +[authorization-question] +COST = TESTKUDOS:0.0 + +[exchange] +MAX_KEYS_CACHING = forever +DB = postgres +MASTER_PRIV_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/master.priv +SERVE = tcp +UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http +UNIXPATH_MODE = 660 +PORT = 8081 +BASE_URL = http://localhost:8081/ +SIGNKEY_DURATION = 2 weeks +SIGNKEY_LEGAL_DURATION = 2 years +LEGAL_DURATION = 2 years +LOOKAHEAD_SIGN = 3 weeks 1 day +LOOKAHEAD_PROVIDE = 2 weeks 1 day +KEYDIR = ${TALER_DATA_HOME}/exchange/live-keys/ +REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/ +TERMS_ETAG = 0 +PRIVACY_ETAG = 0 + +[merchant] +SERVE = tcp +PORT = 9966 +UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http +UNIXPATH_MODE = 660 +DEFAULT_WIRE_FEE_AMORTIZATION = 1 +DB = postgres +WIREFORMAT = default +WIRE_TRANSFER_DELAY = 1 minute +DEFAULT_PAY_DEADLINE = 1 day +DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1 +KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv +DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10 +FORCE_AUDIT = YES + +[auditor] +DB = postgres +AUDITOR_PRIV_FILE = ${TALER_DATA_HOME}/auditor/offline-keys/auditor.priv +SERVE = tcp +UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http +UNIXPATH_MODE = 660 +PORT = 8083 +AUDITOR_URL = http://localhost:8083/ +TINY_AMOUNT = TESTKUDOS:0.01 +BASE_URL = http://localhost:8083/ + +[bank] +DATABASE = postgres:///taler-auditor-basedb +MAX_DEBT = TESTKUDOS:50.0 +MAX_DEBT_BANK = TESTKUDOS:100000.0 +HTTP_PORT = 8082 +SUGGESTED_EXCHANGE = http://localhost:8081/ +SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2 +ALLOW_REGISTRATIONS = YES +SERVE = http + +[exchangedb] +IDLE_RESERVE_EXPIRATION_TIME = 4 weeks +LEGAL_RESERVE_EXPIRATION_TIME = 7 years + +[exchange-account-1] +PAYTO_URI = payto://x-taler-bank/localhost/Exchange +enable_debit = yes +enable_credit = yes + +[exchange-accountcredentials-1] +WIRE_GATEWAY_URL = http://localhost:8082/taler-wire-gateway/Exchange/ +WIRE_GATEWAY_AUTH_METHOD = basic +USERNAME = Exchange +PASSWORD = x + +[merchant-exchange-default] +EXCHANGE_BASE_URL = http://localhost:8081/ +CURRENCY = TESTKUDOS + +[coin_kudos_ct_1] +value = TESTKUDOS:0.01 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.01 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_ct_10] +value = TESTKUDOS:0.10 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_1] +value = TESTKUDOS:1 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.02 +fee_deposit = TESTKUDOS:0.02 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_2] +value = TESTKUDOS:2 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.03 +fee_deposit = TESTKUDOS:0.03 +fee_refresh = TESTKUDOS:0.04 +fee_refund = TESTKUDOS:0.02 +rsa_keysize = 1024 + +[coin_kudos_4] +value = TESTKUDOS:4 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.03 +fee_deposit = TESTKUDOS:0.03 +fee_refresh = TESTKUDOS:0.04 +fee_refund = TESTKUDOS:0.02 +rsa_keysize = 1024 + +[coin_kudos_5] +value = TESTKUDOS:5 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_8] +value = TESTKUDOS:8 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.05 +fee_deposit = TESTKUDOS:0.02 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.04 +rsa_keysize = 1024 + +[coin_kudos_10] +value = TESTKUDOS:10 +duration_withdraw = 7 days +duration_spend = 2 years +duration_legal = 3 years +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[authorization-sms] +COST = TESTKUDOS:0.0 +ENABLED = yes +COMMAND = /bin/false + +[authorization-post] +COST = TESTKUDOS:1.0 +ENABLED = yes +COMMAND = /bin/false + +[authorization-email] +COST = TESTKUDOS:0.0 +ENABLED = yes +COMMAND = scat + +[authorization-iban] +USERNAME = anastasis-credit-user +WIRE_GATEWAY_URL = http://localhost:5001/facades/facade-credit/anastasis/ +COST = EUR:1 +ENABLED = yes +BUSINESS_NAME = Person Credit +CREDIT_IBAN = DE18446744073709551614 +WIRE_GATEWAY_AUTH_METHOD = basic +PASSWORD = anastasis-credit-password + +[arm] +CONFIG = /research/anastasis/anastasis-gtk/src/testing/test_anastasis_reducer_4_free.conf + +[stasis-postgres] +CONFIG = postgres:///anastasischeck4 [anastasis] ANNUAL_FEE = TESTKUDOS:0.0 TRUTH_UPLOAD_FEE = TESTKUDOS:0.0 +INSURANCE = TESTKUDOS:1.0 +SERVER_SALT = DUfO1KGOKYIFlFQ4 +BUSINESS_NAME = Data loss #4 Inc. +UPLOAD_LIMIT_MB = 1 +ANNUAL_POLICY_UPLOAD_LIMIT = 42 +PORT = 8089 + +[PATHS] +TALER_HOME = ${PWD}/test_reducer_home/ +TALER_DATA_HOME = $TALER_HOME/.local/share/taler/ +TALER_CONFIG_HOME = $TALER_HOME/.config/taler/ +TALER_CACHE_HOME = $TALER_HOME/.cache/taler/ +TALER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/taler-system-runtime/ -[authorization-email] -COST = TESTKUDOS:0.0 diff --git a/src/testing/test_prepare.sh b/src/testing/test_prepare.sh index 253cb8f..5faee2e 100755 --- a/src/testing/test_prepare.sh +++ b/src/testing/test_prepare.sh @@ -28,19 +28,104 @@ function cleanup() wait } + +# $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban +function prepare_sandbox_account() { + echo -n "Activating ebics subscriber $1 at the sandbox ..." + libeufin-cli \ + sandbox --sandbox-url=$SANDBOX_URL \ + ebicssubscriber create \ + --host-id=$EBICS_HOST \ + --partner-id=$2 \ + --user-id=$1 + echo " OK" + echo -n "Giving a bank account ($4) to $1 ..." + libeufin-cli \ + sandbox --sandbox-url=$SANDBOX_URL \ + ebicsbankaccount create \ + --iban=$5 \ + --bic="BCMAESM1XXX"\ + --person-name="$3" \ + --account-name=$4 \ + --ebics-user-id=$1 \ + --ebics-host-id=$EBICS_HOST \ + --ebics-partner-id=$2 \ + --currency=EUR + echo " OK" +} + + +# Transfer only from debit to credit/anastasis account. +# This function moves funds directly at the Sandbox. No need +# to pass through the Nexus+Ebics layer to issue the payment +# $1 = amount ($CURRENCY:X.Y), $2 = subject. +function wire_transfer_to_anastasis() { + libeufin-sandbox make-transaction \ + --debit-account=sandbox-account-debit \ + --credit-account=sandbox-account-credit "$1" "$2" + # Sync nexus with sandbox + export LIBEUFIN_NEXUS_USERNAME=$CREDIT_USERNAME + export LIBEUFIN_NEXUS_PASSWORD=$CREDIT_PASSWORD + libeufin-cli accounts fetch-transactions nexus-bankaccount-credit > /dev/null + anastasis-helper-authorization-iban -c $CONF_4 -t +} + +# $1 = facade base URL. Merely a debug utility. +function see_anastasis_transactions_via_facade() { + curl -s --user "$CREDIT_USERNAME:$CREDIT_PASSWORD" "${1}history/incoming?delta=5" | jq +} + +# $1 = ebics user id, $2 = ebics partner, $3 = bank connection name +# $4 = bank account name local to Nexus, $5 = bank account name as known +# by Sandbox +function prepare_nexus_account() { + echo -n "Making bank connection $3 ..." + libeufin-cli connections new-ebics-connection \ + --ebics-url="${SANDBOX_URL}ebicsweb" \ + --host-id=$EBICS_HOST \ + --partner-id=$2 \ + --ebics-user-id=$1 \ + $3 > /dev/null + echo " OK" + echo -n "Connecting $3 ..." + libeufin-cli connections connect $3 > /dev/null + echo " OK" + echo -n "Importing Sandbox bank account ($5) to Nexus ($4) ..." + libeufin-cli connections download-bank-accounts $3 > /dev/null + libeufin-cli connections import-bank-account \ + --offered-account-id=$5 --nexus-bank-account-id=$4 $3 > /dev/null + echo " OK" +} + +# $1 = facade name, $2 = bank connection to use, $3 = bank account name +# local to Nexus +function prepare_anastasis_facade() { + echo -n "Creating facade ..." + libeufin-cli facades new-anastasis-facade \ + --currency=EUR \ + --facade-name=$1 \ + $2 $3 + echo " OK" + # No need to setup facade permissions, as the anastasis client + # is superuser at Nexus. +} + + + if test "${1:-}" != "free" -a "${1:-}" != "fees" then echo "Launch script with either 'free' or 'fees' argument to launch providers with/without fees." exit 1 fi -CONF_1="test_anastasis_reducer_1.conf" -CONF_2="test_anastasis_reducer_2.conf" -CONF_3="test_anastasis_reducer_3.conf" -CONF_4="test_anastasis_reducer_4.conf" +export CONF_1="test_anastasis_reducer_1.conf" +export CONF_2="test_anastasis_reducer_2.conf" +export CONF_3="test_anastasis_reducer_3.conf" if test $1 = 'free' then - CONF_4="test_anastasis_reducer_4_free.conf" + export CONF_4="test_anastasis_reducer_4_free.conf" +else + export CONF_4="test_anastasis_reducer_4.conf" fi # Exchange configuration file will be edited, so we create one @@ -54,6 +139,7 @@ B1FILE=`mktemp test_reducer_stateB1XXXXXX` B2FILE=`mktemp test_reducer_stateB2XXXXXX` R1FILE=`mktemp test_reducer_stateR1XXXXXX` R2FILE=`mktemp test_reducer_stateR2XXXXXX` +IBAN_ACTIVE='false' # Install cleanup handler (except for kill -9) trap cleanup EXIT @@ -75,6 +161,132 @@ then echo " FOUND" fi +echo -n "Testing for libeufin-cli" +if libeufin-cli --version > /dev/null +then + echo " FOUND" + IBAN_CREDIT=`anastasis-config -c $CONF_4 -s authorization-iban -o CREDIT_IBAN` + CREDIT_BUSINESS_NAME=`anastasis-config -c $CONF_4 -s authorization-iban -o BUSINESS_NAME` + echo -n "Setting up Nexus ..." + export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)" + export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)" + export NEXUS_URL="http://localhost:5001/" + export SANDBOX_URL="http://localhost:5000/" + libeufin-nexus serve &> nexus.log & + nexus_pid=$! + if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then + exit_skip "Could not launch Nexus" + fi + echo -n "." + libeufin-sandbox serve &> sandbox.log & + sandbox_pid=$! + if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then + exit_skip "Could not launch Sandbox" + fi + export EBICS_HOST="ebicstesthost" + export IBAN_DEBIT="FR1420041010050500013M02606" + echo "OK" + + echo -n "Preparing Sandbox ..." + libeufin-cli \ + sandbox --sandbox-url=$SANDBOX_URL \ + ebicshost create \ + --host-id=$EBICS_HOST + echo " OK" + + export PERSON_CREDIT_NAME="Person Credit" + echo -n "Preparing accounts ..." + # note: Ebisc schema doesn't allow dashed names. + prepare_sandbox_account \ + ebicsuserCredit \ + ebicspartnerCredit \ + "${PERSON_CREDIT_NAME}" \ + sandbox-account-credit \ + $IBAN_CREDIT + prepare_sandbox_account \ + ebicsuserDebit \ + ebicspartnerDebit \ + "Person Debit" \ + sandbox-account-debit \ + $IBAN_DEBIT + echo "Sandbox preparation done" + + echo -n "Preparing Nexus ..." + export LIBEUFIN_NEXUS_URL=$NEXUS_URL + # Make debit user, will buy Anastasis services. + export DEBIT_USERNAME=anastasis-debit-user + export DEBIT_PASSWORD=anastasis-debit-password + libeufin-nexus superuser $DEBIT_USERNAME --password=$DEBIT_PASSWORD + echo " OK" + export LIBEUFIN_NEXUS_USERNAME=$DEBIT_USERNAME + export LIBEUFIN_NEXUS_PASSWORD=$DEBIT_PASSWORD + + prepare_nexus_account \ + ebicsuserDebit \ + ebicspartnerDebit \ + bankconnection-debit \ + nexus-bankaccount-debit \ + sandbox-account-debit + + # Make credit user, will be Anastasis client. + export CREDIT_USERNAME=anastasis-credit-user + export CREDIT_PASSWORD=anastasis-credit-password + echo -n "Create credit user (for anastasis) at Nexus ..." + libeufin-nexus superuser $CREDIT_USERNAME --password=$CREDIT_PASSWORD + echo " OK" + export LIBEUFIN_NEXUS_USERNAME=$CREDIT_USERNAME + export LIBEUFIN_NEXUS_PASSWORD=$CREDIT_PASSWORD + + prepare_nexus_account \ + ebicsuserCredit \ + ebicspartnerCredit \ + bankconnection-credit \ + nexus-bankaccount-credit \ + sandbox-account-credit + + echo -n "Create facade ..." + libeufin-cli facades new-anastasis-facade \ + --currency="EUR" \ + --facade-name=facade-credit \ + bankconnection-credit nexus-bankaccount-credit + echo " OK" + export FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \") + + ## Reach facade with: $FACADE_URL + $CREDIT_USERNAME + $CREDIT_PASSWORD + + echo -n "Configuring Anastasis IBAN account ..." + anastasis-config -c $CONF_4 \ + -s authorization-iban \ + -o CREDIT_IBAN \ + -V "${IBAN_CREDIT}" + anastasis-config -c $CONF_4 \ + -s authorization-iban \ + -o BUSINESS_NAME \ + -V "${PERSON_CREDIT_NAME}" + anastasis-config -c $CONF_4 \ + -s authorization-iban \ + -o WIRE_GATEWAY_URL \ + -V "${FACADE_URL}" + anastasis-config -c $CONF_4 \ + -s authorization-iban \ + -o WIRE_GATEWAY_AUTH_METHOD \ + -V "basic" + anastasis-config -c $CONF_4 \ + -s authorization-iban \ + -o USERNAME \ + -V "${LIBEUFIN_NEXUS_USERNAME}" + anastasis-config -c $CONF_4 \ + -s authorization-iban \ + -o PASSWORD \ + -V "${LIBEUFIN_NEXUS_PASSWORD}" + echo " OK" + IBAN_ACTIVE='true' +else + echo " NOT FOUND (IBAN authentication not supported)" + anastasis-config -c $CONF_4 -s authorization-iban -o ENABLED -V no +fi + + echo -n "Testing for anastasis-httpd" anastasis-httpd -h >/dev/null