diff options
Diffstat (limited to 'src/cli/test_iban.sh')
-rwxr-xr-x | src/cli/test_iban.sh | 261 |
1 files changed, 246 insertions, 15 deletions
diff --git a/src/cli/test_iban.sh b/src/cli/test_iban.sh index 95adbd8..e364280 100755 --- a/src/cli/test_iban.sh +++ b/src/cli/test_iban.sh | |||
@@ -21,24 +21,23 @@ function cleanup() | |||
21 | do | 21 | do |
22 | kill $n 2> /dev/null || true | 22 | kill $n 2> /dev/null || true |
23 | done | 23 | done |
24 | rm -rf $CONF $R1FILE $R2FILE $B1FILE $B2FILE | ||
24 | wait | 25 | wait |
25 | } | 26 | } |
26 | 27 | ||
27 | # Install cleanup handler (except for kill -9) | ||
28 | trap cleanup EXIT | ||
29 | 28 | ||
30 | # $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban | 29 | # $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban |
31 | function prepare_sandbox_account() { | 30 | function prepare_sandbox_account() { |
32 | 31 | ||
33 | echo Activating ebics subscriber $1 at the sandbox | 32 | echo -n "Activating ebics subscriber $1 at the sandbox ..." |
34 | libeufin-cli \ | 33 | libeufin-cli \ |
35 | sandbox --sandbox-url=$SANDBOX_URL \ | 34 | sandbox --sandbox-url=$SANDBOX_URL \ |
36 | ebicssubscriber create \ | 35 | ebicssubscriber create \ |
37 | --host-id=ebicstesthost \ | 36 | --host-id=ebicstesthost \ |
38 | --partner-id=$2 \ | 37 | --partner-id=$2 \ |
39 | --user-id=$1 | 38 | --user-id=$1 |
40 | 39 | echo " OK" | |
41 | echo "Giving a bank account ($4) to $1" | 40 | echo -n "Giving a bank account ($4) to $1 ..." |
42 | libeufin-cli \ | 41 | libeufin-cli \ |
43 | sandbox --sandbox-url=$SANDBOX_URL \ | 42 | sandbox --sandbox-url=$SANDBOX_URL \ |
44 | ebicsbankaccount create \ | 43 | ebicsbankaccount create \ |
@@ -50,10 +49,28 @@ function prepare_sandbox_account() { | |||
50 | --ebics-host-id=ebicstesthost \ | 49 | --ebics-host-id=ebicstesthost \ |
51 | --ebics-partner-id=$2 \ | 50 | --ebics-partner-id=$2 \ |
52 | --currency=$CURRENCY | 51 | --currency=$CURRENCY |
52 | echo " OK" | ||
53 | } | ||
53 | 54 | ||
55 | # Configuration file will be edited, so we create one | ||
56 | # from the template. | ||
57 | CONF=`mktemp test_free_reducerXXXXXX.conf` | ||
58 | cp test_free_reducer.conf $CONF | ||
54 | 59 | ||
60 | B1FILE=`mktemp test_reducer_stateB1XXXXXX` | ||
61 | B2FILE=`mktemp test_reducer_stateB2XXXXXX` | ||
62 | R1FILE=`mktemp test_reducer_stateR1XXXXXX` | ||
63 | R2FILE=`mktemp test_reducer_stateR2XXXXXX` | ||
55 | 64 | ||
56 | } | 65 | export CONF |
66 | export B2FILE | ||
67 | export B1FILE | ||
68 | export R2FILE | ||
69 | export R1FILE | ||
70 | |||
71 | |||
72 | # Install cleanup handler (except for kill -9) | ||
73 | trap cleanup EXIT | ||
57 | 74 | ||
58 | # Script's guidelines: | 75 | # Script's guidelines: |
59 | 76 | ||
@@ -63,7 +80,6 @@ function prepare_sandbox_account() { | |||
63 | # or an sqlite file created via "mktemp /tmp/test-XXXXXX" | 80 | # or an sqlite file created via "mktemp /tmp/test-XXXXXX" |
64 | # or something like that | 81 | # or something like that |
65 | #* exits with 77 if libeufin is not properly installed/available | 82 | #* exits with 77 if libeufin is not properly installed/available |
66 | #* exits with 77 if Postgres with 'anastasischeck' is not properly | ||
67 | # installed/available | 83 | # installed/available |
68 | #* starts Nexus (in background) | 84 | #* starts Nexus (in background) |
69 | #* starts sandbox (in background) | 85 | #* starts sandbox (in background) |
@@ -101,42 +117,257 @@ if ! libeufin-sandbox --version &> /dev/null; then | |||
101 | exit_skip "libeufin-sandbox not found" | 117 | exit_skip "libeufin-sandbox not found" |
102 | fi | 118 | fi |
103 | 119 | ||
104 | if ! psql -d anastasischeck -c "\q" &> /dev/null; then | 120 | |
105 | exit_skip "Postgresql database 'anastasischeck' not reachable" | 121 | # Check we can actually run |
106 | fi | 122 | echo -n "Testing for jq" |
123 | jq -h > /dev/null || exit_skip "jq required" | ||
124 | echo " FOUND" | ||
125 | echo -n "Testing for anastasis-reducer ..." | ||
126 | anastasis-reducer -h > /dev/null || exit_skip "anastasis-reducer required" | ||
127 | echo " FOUND" | ||
107 | 128 | ||
108 | export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)" | 129 | export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)" |
109 | export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)" | 130 | export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)" |
110 | NEXUS_URL="http://localhost:5001/" | 131 | NEXUS_URL="http://localhost:5001/" |
111 | SANDBOX_URL="http://localhost:5000/" | 132 | SANDBOX_URL="http://localhost:5000/" |
112 | 133 | ||
113 | echo "Starting Nexus .." | 134 | echo -n "Starting Nexus ..." |
114 | libeufin-nexus serve &> nexus.log & | 135 | libeufin-nexus serve &> nexus.log & |
115 | nexus_pid=$! | 136 | nexus_pid=$! |
116 | if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then | 137 | if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then |
117 | exit_skip "Could not launch Nexus" | 138 | exit_skip "Could not launch Nexus" |
118 | fi | 139 | fi |
119 | echo "Nexus started." | 140 | echo "OK" |
120 | 141 | ||
121 | echo "Starting Sandbox .." | 142 | echo -n "Starting Sandbox ..." |
122 | libeufin-sandbox serve &> sandbox.log & | 143 | libeufin-sandbox serve &> sandbox.log & |
123 | sandbox_pid=$! | 144 | sandbox_pid=$! |
124 | if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then | 145 | if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then |
125 | exit_skip "Could not launch Sandbox" | 146 | exit_skip "Could not launch Sandbox" |
126 | fi | 147 | fi |
127 | echo "Sandbox started." | 148 | echo " OK" |
128 | 149 | ||
129 | CURRENCY="TESTKUDOS" | 150 | CURRENCY="TESTKUDOS" |
130 | IBAN1="AA3314655813489414469157" | 151 | IBAN1="AA3314655813489414469157" |
131 | IBAN2="BB3314655813489414469157" | 152 | IBAN2="BB3314655813489414469157" |
153 | export IBAN1 | ||
154 | export IBAN2 | ||
132 | 155 | ||
133 | echo Making a ebics host at the sandbox | 156 | echo -n "Making an ebics host at the sandbox " |
134 | libeufin-cli \ | 157 | libeufin-cli \ |
135 | sandbox --sandbox-url=$SANDBOX_URL \ | 158 | sandbox --sandbox-url=$SANDBOX_URL \ |
136 | ebicshost create \ | 159 | ebicshost create \ |
137 | --host-id=ebicstesthost | 160 | --host-id=ebicstesthost |
161 | echo " OK" | ||
138 | 162 | ||
139 | prepare_sandbox_account \ | 163 | prepare_sandbox_account \ |
140 | ebicsuser01 ebicspartner01 Person01 sandbox-account-01 $IBAN1 | 164 | ebicsuser01 ebicspartner01 Person01 sandbox-account-01 $IBAN1 |
141 | prepare_sandbox_account \ | 165 | prepare_sandbox_account \ |
142 | ebicsuser02 ebicspartner02 Person02 sandbox-account-02 $IBAN2 | 166 | ebicsuser02 ebicspartner02 Person02 sandbox-account-02 $IBAN2 |
167 | |||
168 | |||
169 | echo -n "Initialize Anastasis database ..." | ||
170 | # Name of the Postgres database we will use for the script. | ||
171 | # Will be dropped, do NOT use anything that might be used | ||
172 | # elsewhere | ||
173 | |||
174 | TARGET_DB=`anastasis-config -c $CONF -s stasis-postgres -o CONFIG | sed -e "s/^postgres:\/\/\///"` | ||
175 | |||
176 | dropdb $TARGET_DB >/dev/null 2>/dev/null || true | ||
177 | createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB" | ||
178 | anastasis-dbinit -c $CONF 2> anastasis-dbinit.log | ||
179 | |||
180 | echo " OK" | ||
181 | |||
182 | echo -n "Configuring Anastasis IBAN account ..." | ||
183 | anastasis-config -c $CONF \ | ||
184 | -s authorization-iban \ | ||
185 | -o CREDIT_IBAN \ | ||
186 | -V ${IBAN1} | ||
187 | # FIXME-MS: We need the *facade* URL and (likely) the | ||
188 | # Facade authentication data here, not the NEXUS_URL! | ||
189 | anastasis-config -c $CONF \ | ||
190 | -s authorization-iban \ | ||
191 | -o WIRE_GATEWAY_URL \ | ||
192 | -V ${NEXUS_URL} | ||
193 | anastasis-config -c $CONF \ | ||
194 | -s authorization-iban \ | ||
195 | -o WIRE_GATEWAY_AUTH_METHOD \ | ||
196 | -V "external" | ||
197 | echo " OK" | ||
198 | |||
199 | echo -n "Launching Anastasis service ..." | ||
200 | PREFIX="" #valgrind | ||
201 | $PREFIX anastasis-httpd -c $CONF 2> anastasis-httpd_1.log & | ||
202 | echo " OK" | ||
203 | |||
204 | echo -n "Waiting for Anastasis service ..." | ||
205 | # Wait for Anastasis service to be available | ||
206 | for n in `seq 1 50` | ||
207 | do | ||
208 | echo -n "." | ||
209 | sleep 0.1 | ||
210 | OK=0 | ||
211 | # anastasis_01 | ||
212 | wget --tries=1 --timeout=1 http://localhost:8086/ -o /dev/null -O /dev/null >/dev/null || continue | ||
213 | OK=1 | ||
214 | break | ||
215 | done | ||
216 | if [ 1 != $OK ] | ||
217 | then | ||
218 | exit_skip "Failed to launch Anastasis service" | ||
219 | fi | ||
220 | echo "OK" | ||
221 | |||
222 | |||
223 | |||
224 | echo -n "Running backup logic ...," | ||
225 | anastasis-reducer -b > $B1FILE | ||
226 | echo -n "." | ||
227 | anastasis-reducer -a \ | ||
228 | '{"continent": "Testcontinent"}' \ | ||
229 | select_continent < $B1FILE > $B2FILE | ||
230 | echo -n "." | ||
231 | anastasis-reducer -a \ | ||
232 | '{"country_code": "xx", | ||
233 | "currencies":["TESTKUDOS"]}' \ | ||
234 | select_country < $B2FILE > $B1FILE 2>> test_reducer.err | ||
235 | echo -n "." | ||
236 | |||
237 | anastasis-reducer -a \ | ||
238 | '{"identity_attributes": { | ||
239 | "full_name": "Max Musterman", | ||
240 | "sq_number": "4", | ||
241 | "birthdate": "2000-01-01"}}' \ | ||
242 | enter_user_attributes < $B1FILE > $B2FILE 2>> test_reducer.err | ||
243 | echo -n "," | ||
244 | |||
245 | BASEIBAN=`echo $IBAN2 | gnunet-base32` | ||
246 | anastasis-reducer -a \ | ||
247 | "$(jq -n '{ authentication_method: { | ||
248 | type: "iban", | ||
249 | instructions: "Send me your money!", | ||
250 | challenge: $CHALLENGE | ||
251 | } }' \ | ||
252 | --arg CHALLENGE "$BASEIBAN" | ||
253 | )" \ | ||
254 | add_authentication < $B2FILE > $B1FILE 2>> test_reducer.err | ||
255 | echo -n "." | ||
256 | # Finished adding authentication methods | ||
257 | anastasis-reducer \ | ||
258 | next < $B1FILE > $B2FILE 2>> test_reducer.err | ||
259 | |||
260 | echo -n "," | ||
261 | # Finished policy review | ||
262 | anastasis-reducer \ | ||
263 | next < $B2FILE > $B1FILE 2>> test_reducer.err | ||
264 | echo -n "." | ||
265 | |||
266 | # Note: 'secret' must here be a Crockford base32-encoded value | ||
267 | anastasis-reducer -a \ | ||
268 | '{"secret": { "value" : "VERYHARDT0GVESSSECRET", "mime" : "text/plain" }}' \ | ||
269 | enter_secret < $B1FILE > $B2FILE 2>> test_reducer.err | ||
270 | mv $B2FILE $B1FILE | ||
271 | anastasis-reducer next < $B1FILE > $B2FILE 2>> test_reducer.err | ||
272 | echo " OK" | ||
273 | |||
274 | echo -n "Final backup checks ..." | ||
275 | STATE=`jq -r -e .backup_state < $B2FILE` | ||
276 | if test "$STATE" != "BACKUP_FINISHED" | ||
277 | then | ||
278 | exit_fail "Expected new state to be 'BACKUP_FINISHED', got '$STATE'" | ||
279 | fi | ||
280 | jq -r -e .core_secret < $B2FILE > /dev/null && exit_fail "'core_secret' was not cleared upon success" | ||
281 | echo " OK" | ||
282 | |||
283 | |||
284 | |||
285 | echo -n "Running recovery basic logic ..." | ||
286 | anastasis-reducer -r > $R1FILE | ||
287 | anastasis-reducer -a \ | ||
288 | '{"continent": "Testcontinent"}' \ | ||
289 | select_continent < $R1FILE > $R2FILE | ||
290 | anastasis-reducer -a \ | ||
291 | '{"country_code": "xx", | ||
292 | "currencies":["TESTKUDOS"]}' \ | ||
293 | select_country < $R2FILE > $R1FILE 2>> test_reducer.err | ||
294 | anastasis-reducer -a '{"identity_attributes": { "full_name": "Max Musterman", "sq_number": "4", "birthdate": "2000-01-01" }}' enter_user_attributes < $R1FILE > $R2FILE 2>> test_reducer.err | ||
295 | |||
296 | |||
297 | STATE=`jq -r -e .recovery_state < $R2FILE` | ||
298 | if test "$STATE" != "SECRET_SELECTING" | ||
299 | then | ||
300 | exit_fail "Expected new state to be 'SECRET_SELECTING', got '$STATE'" | ||
301 | fi | ||
302 | echo " OK" | ||
303 | |||
304 | echo -n "Selecting default secret" | ||
305 | mv $R2FILE $R1FILE | ||
306 | anastasis-reducer next < $R1FILE > $R2FILE 2>> test_reducer.err | ||
307 | |||
308 | STATE=`jq -r -e .recovery_state < $R2FILE` | ||
309 | if test "$STATE" != "CHALLENGE_SELECTING" | ||
310 | then | ||
311 | exit_fail "Expected new state to be 'CHALLENGE_SELECTING', got '$STATE'" | ||
312 | fi | ||
313 | echo " OK" | ||
314 | |||
315 | echo -n "Running challenge logic ..." | ||
316 | |||
317 | NAME_UUID=`jq -r -e .recovery_information.challenges[0].uuid < $R2FILE` | ||
318 | anastasis-reducer -a \ | ||
319 | "$(jq -n ' | ||
320 | { | ||
321 | uuid: $UUID | ||
322 | }' \ | ||
323 | --arg UUID "$NAME_UUID" | ||
324 | )" \ | ||
325 | select_challenge < $R2FILE > $R1FILE 2>> test_reducer.err | ||
326 | |||
327 | # FIXME: check $IBAN1 is properly in $R1FILE | ||
328 | # FIXME: check TESTKUDOS:5 is properly in $R1FILE | ||
329 | # FIXME: extract wire transfer subject from $R1FILE | ||
330 | |||
331 | # FIXME-MS: must do wire transfer here! | ||
332 | |||
333 | # bash | ||
334 | |||
335 | echo "TEST INCOMPLETE --- BAILING for now" | ||
336 | |||
337 | exit 77 | ||
338 | |||
339 | # Check for inbound wire transfer (fails with 'Failed to load bank access configuration data') | ||
340 | anastasis-helper-authorization-iban -c $CONF -t | ||
341 | |||
342 | # Now we should get the secret... | ||
343 | anastasis-reducer poll < $R1FILE > $R2FILE | ||
344 | |||
345 | echo " OK" | ||
346 | |||
347 | echo -n "Checking recovered secret ..." | ||
348 | # finally: check here that we recovered the secret... | ||
349 | |||
350 | STATE=`jq -r -e .recovery_state < $R2FILE` | ||
351 | if test "$STATE" != "RECOVERY_FINISHED" | ||
352 | then | ||
353 | jq -e . $R2FILE | ||
354 | exit_fail "Expected new state to be 'RECOVERY_FINISHED', got '$STATE'" | ||
355 | fi | ||
356 | |||
357 | SECRET=`jq -r -e .core_secret.value < $R2FILE` | ||
358 | if test "$SECRET" != "VERYHARDT0GVESSSECRET" | ||
359 | then | ||
360 | jq -e . $R2FILE | ||
361 | exit_fail "Expected recovered secret to be 'VERYHARDT0GVESSSECRET', got '$SECRET'" | ||
362 | fi | ||
363 | |||
364 | MIME=`jq -r -e .core_secret.mime < $R2FILE` | ||
365 | if test "$MIME" != "text/plain" | ||
366 | then | ||
367 | jq -e . $R2FILE | ||
368 | exit_fail "Expected recovered mime to be 'text/plain', got '$MIME'" | ||
369 | fi | ||
370 | |||
371 | echo " OK" | ||
372 | |||
373 | exit 0 | ||