From b160641b833ff2bb7b4a72d5b158a685d14cf825 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 22 Aug 2021 17:04:01 +0200 Subject: -more work on test_iban.sh --- src/cli/Makefile.am | 1 + src/cli/test_anastasis_reducer_1.conf | 1 + src/cli/test_anastasis_reducer_2.conf | 1 + src/cli/test_anastasis_reducer_3.conf | 1 + src/cli/test_anastasis_reducer_4.conf | 1 + .../test_anastasis_reducer_add_authentication.sh | 1 + ...astasis_reducer_backup_enter_user_attributes.sh | 1 + .../test_anastasis_reducer_done_policy_review.sh | 1 + src/cli/test_anastasis_reducer_enter_secret.sh | 2 + src/cli/test_anastasis_reducer_initialize_state.sh | 1 + ...tasis_reducer_recovery_enter_user_attributes.sh | 3 +- src/cli/test_anastasis_reducer_select_country.sh | 1 + src/cli/test_free_reducer.conf | 27 +++ src/cli/test_iban.sh | 261 +++++++++++++++++++-- src/cli/test_reducer.conf | 1 + src/reducer/anastasis_api_backup_redux.c | 48 +++- src/reducer/anastasis_api_recovery_redux.c | 4 + src/restclient/anastasis_api_config.c | 4 +- 18 files changed, 331 insertions(+), 29 deletions(-) create mode 100644 src/cli/test_free_reducer.conf (limited to 'src') diff --git a/src/cli/Makefile.am b/src/cli/Makefile.am index 1dbe5d8..74cfcef 100644 --- a/src/cli/Makefile.am +++ b/src/cli/Makefile.am @@ -29,6 +29,7 @@ TESTS = \ EXTRA_DIST = \ $(check_SCRIPTS) \ test_reducer.conf \ + test_free_reducer.conf \ test_anastasis_reducer_1.conf \ test_anastasis_reducer_2.conf \ test_anastasis_reducer_3.conf \ diff --git a/src/cli/test_anastasis_reducer_1.conf b/src/cli/test_anastasis_reducer_1.conf index 6a9704d..3a05690 100644 --- a/src/cli/test_anastasis_reducer_1.conf +++ b/src/cli/test_anastasis_reducer_1.conf @@ -1,3 +1,4 @@ +# This file is in the public domain. @INLINE@ test_reducer.conf [anastasis] diff --git a/src/cli/test_anastasis_reducer_2.conf b/src/cli/test_anastasis_reducer_2.conf index f909ade..4eef5f0 100644 --- a/src/cli/test_anastasis_reducer_2.conf +++ b/src/cli/test_anastasis_reducer_2.conf @@ -1,3 +1,4 @@ +# This file is in the public domain. @INLINE@ test_reducer.conf [anastasis] diff --git a/src/cli/test_anastasis_reducer_3.conf b/src/cli/test_anastasis_reducer_3.conf index 63c38ff..08f4700 100644 --- a/src/cli/test_anastasis_reducer_3.conf +++ b/src/cli/test_anastasis_reducer_3.conf @@ -1,3 +1,4 @@ +# This file is in the public domain. @INLINE@ test_reducer.conf [anastasis] diff --git a/src/cli/test_anastasis_reducer_4.conf b/src/cli/test_anastasis_reducer_4.conf index a6d590e..dee90e3 100644 --- a/src/cli/test_anastasis_reducer_4.conf +++ b/src/cli/test_anastasis_reducer_4.conf @@ -1,3 +1,4 @@ +# This file is in the public domain. @INLINE@ test_reducer.conf [anastasis] diff --git a/src/cli/test_anastasis_reducer_add_authentication.sh b/src/cli/test_anastasis_reducer_add_authentication.sh index 7d69076..ec5a68e 100755 --- a/src/cli/test_anastasis_reducer_add_authentication.sh +++ b/src/cli/test_anastasis_reducer_add_authentication.sh @@ -1,4 +1,5 @@ #!/bin/bash +# This file is in the public domain. set -eu diff --git a/src/cli/test_anastasis_reducer_backup_enter_user_attributes.sh b/src/cli/test_anastasis_reducer_backup_enter_user_attributes.sh index 433438e..b8662e8 100755 --- a/src/cli/test_anastasis_reducer_backup_enter_user_attributes.sh +++ b/src/cli/test_anastasis_reducer_backup_enter_user_attributes.sh @@ -1,4 +1,5 @@ #!/bin/bash +# This file is in the public domain. set -eu diff --git a/src/cli/test_anastasis_reducer_done_policy_review.sh b/src/cli/test_anastasis_reducer_done_policy_review.sh index 7052067..91cb8f8 100755 --- a/src/cli/test_anastasis_reducer_done_policy_review.sh +++ b/src/cli/test_anastasis_reducer_done_policy_review.sh @@ -1,4 +1,5 @@ #!/bin/bash +# This file is in the public domain. set -eu diff --git a/src/cli/test_anastasis_reducer_enter_secret.sh b/src/cli/test_anastasis_reducer_enter_secret.sh index 2b305b9..8005f08 100755 --- a/src/cli/test_anastasis_reducer_enter_secret.sh +++ b/src/cli/test_anastasis_reducer_enter_secret.sh @@ -1,4 +1,6 @@ #!/bin/bash +# This file is in the public domain. + ## Coloring style Text shell script COLOR='\033[0;35m' NOCOLOR='\033[0m' diff --git a/src/cli/test_anastasis_reducer_initialize_state.sh b/src/cli/test_anastasis_reducer_initialize_state.sh index 9dc0c59..b92ef45 100755 --- a/src/cli/test_anastasis_reducer_initialize_state.sh +++ b/src/cli/test_anastasis_reducer_initialize_state.sh @@ -1,4 +1,5 @@ #!/bin/bash +# This file is in the public domain. set -eu diff --git a/src/cli/test_anastasis_reducer_recovery_enter_user_attributes.sh b/src/cli/test_anastasis_reducer_recovery_enter_user_attributes.sh index ad1aea0..d65020e 100755 --- a/src/cli/test_anastasis_reducer_recovery_enter_user_attributes.sh +++ b/src/cli/test_anastasis_reducer_recovery_enter_user_attributes.sh @@ -1,4 +1,5 @@ #!/bin/bash +# This file is in the public domain. set -eu @@ -32,7 +33,7 @@ CONF_3="test_anastasis_reducer_3.conf" CONF_4="test_anastasis_reducer_4.conf" -# Exchange configuration file will be edited, so we create one +# Configuration file will be edited, so we create one # from the template. CONF=`mktemp test_reducerXXXXXX.conf` cp test_reducer.conf $CONF diff --git a/src/cli/test_anastasis_reducer_select_country.sh b/src/cli/test_anastasis_reducer_select_country.sh index db17052..c02f61f 100755 --- a/src/cli/test_anastasis_reducer_select_country.sh +++ b/src/cli/test_anastasis_reducer_select_country.sh @@ -1,4 +1,5 @@ #!/bin/bash +# This file is in the public domain. set -eu diff --git a/src/cli/test_free_reducer.conf b/src/cli/test_free_reducer.conf new file mode 100644 index 0000000..364758c --- /dev/null +++ b/src/cli/test_free_reducer.conf @@ -0,0 +1,27 @@ +# This file is in the public domain. +# It is used by test_iban.sh +[taler] +CURRENCY = TESTKUDOS + +[anastasis] +DB = postgres +ANNUAL_FEE = TESTKUDOS:0 +TRUTH_UPLOAD_FEE = TESTKUDOS:0 +UPLOAD_LIMIT_MB = 1 +ANNUAL_POLICY_UPLOAD_LIMIT = 128 +INSURANCE = TESTKUDOS:0 +PORT = 8086 +SERVER_SALT = BUfO1KGOKYIFlFQg +BUSINESS_NAME = "Data loss Inc." + +[anastasis-merchant-backend] +# Technically not needed... +PAYMENT_BACKEND_URL = http://localhost:9966/ + +[authorization-question] +COST = TESTKUDOS:0.0 + +[authorization-iban] +ENABLED = YES +COST = TESTKUDOS:5 +BUSINESS_NAME = "Data loss inc." diff --git a/src/cli/test_iban.sh b/src/cli/test_iban.sh index 95adbd8..e364280 100755 --- a/src/cli/test_iban.sh +++ b/src/cli/test_iban.sh @@ -21,24 +21,23 @@ function cleanup() do kill $n 2> /dev/null || true done + rm -rf $CONF $R1FILE $R2FILE $B1FILE $B2FILE wait } -# Install cleanup handler (except for kill -9) -trap cleanup EXIT # $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban function prepare_sandbox_account() { - echo Activating ebics subscriber $1 at the sandbox + echo -n "Activating ebics subscriber $1 at the sandbox ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicssubscriber create \ --host-id=ebicstesthost \ --partner-id=$2 \ --user-id=$1 - - echo "Giving a bank account ($4) to $1" + echo " OK" + echo -n "Giving a bank account ($4) to $1 ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicsbankaccount create \ @@ -50,10 +49,28 @@ function prepare_sandbox_account() { --ebics-host-id=ebicstesthost \ --ebics-partner-id=$2 \ --currency=$CURRENCY + echo " OK" +} +# Configuration file will be edited, so we create one +# from the template. +CONF=`mktemp test_free_reducerXXXXXX.conf` +cp test_free_reducer.conf $CONF +B1FILE=`mktemp test_reducer_stateB1XXXXXX` +B2FILE=`mktemp test_reducer_stateB2XXXXXX` +R1FILE=`mktemp test_reducer_stateR1XXXXXX` +R2FILE=`mktemp test_reducer_stateR2XXXXXX` -} +export CONF +export B2FILE +export B1FILE +export R2FILE +export R1FILE + + +# Install cleanup handler (except for kill -9) +trap cleanup EXIT # Script's guidelines: @@ -63,7 +80,6 @@ function prepare_sandbox_account() { # or an sqlite file created via "mktemp /tmp/test-XXXXXX" # or something like that #* exits with 77 if libeufin is not properly installed/available -#* exits with 77 if Postgres with 'anastasischeck' is not properly # installed/available #* starts Nexus (in background) #* starts sandbox (in background) @@ -101,42 +117,257 @@ if ! libeufin-sandbox --version &> /dev/null; then exit_skip "libeufin-sandbox not found" fi -if ! psql -d anastasischeck -c "\q" &> /dev/null; then - exit_skip "Postgresql database 'anastasischeck' not reachable" -fi + +# Check we can actually run +echo -n "Testing for jq" +jq -h > /dev/null || exit_skip "jq required" +echo " FOUND" +echo -n "Testing for anastasis-reducer ..." +anastasis-reducer -h > /dev/null || exit_skip "anastasis-reducer required" +echo " FOUND" export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)" export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)" NEXUS_URL="http://localhost:5001/" SANDBOX_URL="http://localhost:5000/" -echo "Starting Nexus .." +echo -n "Starting Nexus ..." libeufin-nexus serve &> nexus.log & nexus_pid=$! if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then exit_skip "Could not launch Nexus" fi -echo "Nexus started." +echo "OK" -echo "Starting Sandbox .." +echo -n "Starting Sandbox ..." libeufin-sandbox serve &> sandbox.log & sandbox_pid=$! if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then exit_skip "Could not launch Sandbox" fi -echo "Sandbox started." +echo " OK" CURRENCY="TESTKUDOS" IBAN1="AA3314655813489414469157" IBAN2="BB3314655813489414469157" +export IBAN1 +export IBAN2 -echo Making a ebics host at the sandbox +echo -n "Making an ebics host at the sandbox " libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicshost create \ --host-id=ebicstesthost +echo " OK" prepare_sandbox_account \ ebicsuser01 ebicspartner01 Person01 sandbox-account-01 $IBAN1 prepare_sandbox_account \ ebicsuser02 ebicspartner02 Person02 sandbox-account-02 $IBAN2 + + +echo -n "Initialize Anastasis database ..." +# Name of the Postgres database we will use for the script. +# Will be dropped, do NOT use anything that might be used +# elsewhere + +TARGET_DB=`anastasis-config -c $CONF -s stasis-postgres -o CONFIG | sed -e "s/^postgres:\/\/\///"` + +dropdb $TARGET_DB >/dev/null 2>/dev/null || true +createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB" +anastasis-dbinit -c $CONF 2> anastasis-dbinit.log + +echo " OK" + +echo -n "Configuring Anastasis IBAN account ..." +anastasis-config -c $CONF \ + -s authorization-iban \ + -o CREDIT_IBAN \ + -V ${IBAN1} +# FIXME-MS: We need the *facade* URL and (likely) the +# Facade authentication data here, not the NEXUS_URL! +anastasis-config -c $CONF \ + -s authorization-iban \ + -o WIRE_GATEWAY_URL \ + -V ${NEXUS_URL} +anastasis-config -c $CONF \ + -s authorization-iban \ + -o WIRE_GATEWAY_AUTH_METHOD \ + -V "external" +echo " OK" + +echo -n "Launching Anastasis service ..." +PREFIX="" #valgrind +$PREFIX anastasis-httpd -c $CONF 2> anastasis-httpd_1.log & +echo " OK" + +echo -n "Waiting for Anastasis service ..." +# Wait for Anastasis service to be available +for n in `seq 1 50` +do + echo -n "." + sleep 0.1 + OK=0 + # anastasis_01 + wget --tries=1 --timeout=1 http://localhost:8086/ -o /dev/null -O /dev/null >/dev/null || continue + OK=1 + break +done +if [ 1 != $OK ] +then + exit_skip "Failed to launch Anastasis service" +fi +echo "OK" + + + +echo -n "Running backup logic ...," +anastasis-reducer -b > $B1FILE +echo -n "." +anastasis-reducer -a \ + '{"continent": "Testcontinent"}' \ + select_continent < $B1FILE > $B2FILE +echo -n "." +anastasis-reducer -a \ + '{"country_code": "xx", + "currencies":["TESTKUDOS"]}' \ + select_country < $B2FILE > $B1FILE 2>> test_reducer.err +echo -n "." + +anastasis-reducer -a \ + '{"identity_attributes": { + "full_name": "Max Musterman", + "sq_number": "4", + "birthdate": "2000-01-01"}}' \ + enter_user_attributes < $B1FILE > $B2FILE 2>> test_reducer.err +echo -n "," + +BASEIBAN=`echo $IBAN2 | gnunet-base32` +anastasis-reducer -a \ + "$(jq -n '{ authentication_method: { + type: "iban", + instructions: "Send me your money!", + challenge: $CHALLENGE + } }' \ + --arg CHALLENGE "$BASEIBAN" + )" \ + add_authentication < $B2FILE > $B1FILE 2>> test_reducer.err +echo -n "." +# Finished adding authentication methods +anastasis-reducer \ + next < $B1FILE > $B2FILE 2>> test_reducer.err + +echo -n "," +# Finished policy review +anastasis-reducer \ + next < $B2FILE > $B1FILE 2>> test_reducer.err +echo -n "." + +# Note: 'secret' must here be a Crockford base32-encoded value +anastasis-reducer -a \ + '{"secret": { "value" : "VERYHARDT0GVESSSECRET", "mime" : "text/plain" }}' \ + enter_secret < $B1FILE > $B2FILE 2>> test_reducer.err +mv $B2FILE $B1FILE +anastasis-reducer next < $B1FILE > $B2FILE 2>> test_reducer.err +echo " OK" + +echo -n "Final backup checks ..." +STATE=`jq -r -e .backup_state < $B2FILE` +if test "$STATE" != "BACKUP_FINISHED" +then + exit_fail "Expected new state to be 'BACKUP_FINISHED', got '$STATE'" +fi +jq -r -e .core_secret < $B2FILE > /dev/null && exit_fail "'core_secret' was not cleared upon success" +echo " OK" + + + +echo -n "Running recovery basic logic ..." +anastasis-reducer -r > $R1FILE +anastasis-reducer -a \ + '{"continent": "Testcontinent"}' \ + select_continent < $R1FILE > $R2FILE +anastasis-reducer -a \ + '{"country_code": "xx", + "currencies":["TESTKUDOS"]}' \ + select_country < $R2FILE > $R1FILE 2>> test_reducer.err +anastasis-reducer -a '{"identity_attributes": { "full_name": "Max Musterman", "sq_number": "4", "birthdate": "2000-01-01" }}' enter_user_attributes < $R1FILE > $R2FILE 2>> test_reducer.err + + +STATE=`jq -r -e .recovery_state < $R2FILE` +if test "$STATE" != "SECRET_SELECTING" +then + exit_fail "Expected new state to be 'SECRET_SELECTING', got '$STATE'" +fi +echo " OK" + +echo -n "Selecting default secret" +mv $R2FILE $R1FILE +anastasis-reducer next < $R1FILE > $R2FILE 2>> test_reducer.err + +STATE=`jq -r -e .recovery_state < $R2FILE` +if test "$STATE" != "CHALLENGE_SELECTING" +then + exit_fail "Expected new state to be 'CHALLENGE_SELECTING', got '$STATE'" +fi +echo " OK" + +echo -n "Running challenge logic ..." + +NAME_UUID=`jq -r -e .recovery_information.challenges[0].uuid < $R2FILE` +anastasis-reducer -a \ + "$(jq -n ' + { + uuid: $UUID + }' \ + --arg UUID "$NAME_UUID" + )" \ + select_challenge < $R2FILE > $R1FILE 2>> test_reducer.err + +# FIXME: check $IBAN1 is properly in $R1FILE +# FIXME: check TESTKUDOS:5 is properly in $R1FILE +# FIXME: extract wire transfer subject from $R1FILE + +# FIXME-MS: must do wire transfer here! + +# bash + +echo "TEST INCOMPLETE --- BAILING for now" + +exit 77 + +# Check for inbound wire transfer (fails with 'Failed to load bank access configuration data') +anastasis-helper-authorization-iban -c $CONF -t + +# Now we should get the secret... +anastasis-reducer poll < $R1FILE > $R2FILE + +echo " OK" + +echo -n "Checking recovered secret ..." +# finally: check here that we recovered the secret... + +STATE=`jq -r -e .recovery_state < $R2FILE` +if test "$STATE" != "RECOVERY_FINISHED" +then + jq -e . $R2FILE + exit_fail "Expected new state to be 'RECOVERY_FINISHED', got '$STATE'" +fi + +SECRET=`jq -r -e .core_secret.value < $R2FILE` +if test "$SECRET" != "VERYHARDT0GVESSSECRET" +then + jq -e . $R2FILE + exit_fail "Expected recovered secret to be 'VERYHARDT0GVESSSECRET', got '$SECRET'" +fi + +MIME=`jq -r -e .core_secret.mime < $R2FILE` +if test "$MIME" != "text/plain" +then + jq -e . $R2FILE + exit_fail "Expected recovered mime to be 'text/plain', got '$MIME'" +fi + +echo " OK" + +exit 0 diff --git a/src/cli/test_reducer.conf b/src/cli/test_reducer.conf index ef923bb..df68b14 100644 --- a/src/cli/test_reducer.conf +++ b/src/cli/test_reducer.conf @@ -1,3 +1,4 @@ +# This file is in the public domain. [PATHS] TALER_HOME = ${PWD}/test_reducer_home/ TALER_DATA_HOME = $TALER_HOME/.local/share/taler/ diff --git a/src/reducer/anastasis_api_backup_redux.c b/src/reducer/anastasis_api_backup_redux.c index d2e5a46..de6537e 100644 --- a/src/reducer/anastasis_api_backup_redux.c +++ b/src/reducer/anastasis_api_backup_redux.c @@ -278,6 +278,10 @@ add_authentication (json_t *state, GNUNET_JSON_spec_end () }; + if (MHD_HTTP_OK != + json_integer_value (json_object_get (details, + "http_status"))) + continue; /* skip providers that are down */ if (GNUNET_OK != GNUNET_JSON_parse (details, ispec, @@ -856,6 +860,13 @@ eval_provider_selection (struct PolicyBuilder *pb, return; } + if (MHD_HTTP_OK != + json_integer_value (json_object_get (provider_cfg, + "http_status"))) + { + GNUNET_JSON_parse_free (mspec); + return; /* skip providers that are down */ + } if (GNUNET_OK != GNUNET_JSON_parse (provider_cfg, pspec, @@ -1144,13 +1155,18 @@ lookup_salt (const json_t *state, GNUNET_break (0); return GNUNET_SYSERR; } + if (MHD_HTTP_OK != + json_integer_value (json_object_get (cfg, + "http_status"))) + return GNUNET_NO; /* skip providers that are down */ if (GNUNET_OK != GNUNET_JSON_parse (cfg, spec, NULL, NULL)) { - GNUNET_break (0); - return GNUNET_SYSERR; + /* provider not working */ + GNUNET_break_op (0); + return GNUNET_NO; } return GNUNET_OK; } @@ -1608,6 +1624,7 @@ done_authentication (json_t *state, json_t *details; policy_providers = json_array (); + GNUNET_assert (NULL != policy_providers); json_object_foreach (available, url, details) { json_t *provider; @@ -1853,19 +1870,18 @@ add_policy (json_t *state, "provider URL unknown"); return NULL; } + if (MHD_HTTP_OK != + json_integer_value (json_object_get (prov_cfg, + "http_status"))) + continue; if (GNUNET_OK != GNUNET_JSON_parse (prov_cfg, spec, NULL, NULL)) { - GNUNET_break (0); + /* skip provider, likely was down */ json_decref (methods); - ANASTASIS_redux_fail_ (cb, - cb_cls, - TALER_EC_ANASTASIS_REDUCER_INPUT_INVALID, - "provider lacks authentication methods"); - return NULL; - + continue; } if (! json_is_array (prov_methods)) { @@ -2310,13 +2326,18 @@ update_expiration_cost (json_t *state, }; struct TALER_Amount fee; + if (MHD_HTTP_OK != + json_integer_value (json_object_get (provider, + "http_status"))) + continue; /* skip providers that are down */ if (GNUNET_OK != GNUNET_JSON_parse (provider, pspec, NULL, NULL)) { - GNUNET_break (0); - return GNUNET_SYSERR; + /* strange, skip as well */ + GNUNET_break_op (0); + continue; } if (0 > TALER_amount_multiply (&fee, @@ -4043,12 +4064,17 @@ check_upload_size_limit (json_t *state, GNUNET_JSON_spec_end () }; + if (MHD_HTTP_OK != + json_integer_value (json_object_get (ap, + "http_status"))) + continue; /* skip providers that are down */ if (GNUNET_OK != GNUNET_JSON_parse (ap, spec, NULL, NULL)) { /* skip malformed provider, likely /config failed */ + GNUNET_break_op (0); continue; } if (0 == limit) diff --git a/src/reducer/anastasis_api_recovery_redux.c b/src/reducer/anastasis_api_recovery_redux.c index c549d35..5513e83 100644 --- a/src/reducer/anastasis_api_recovery_redux.c +++ b/src/reducer/anastasis_api_recovery_redux.c @@ -2552,6 +2552,10 @@ launch_recovery (struct RecoverSecretState *rss, GNUNET_JSON_spec_end () }; + if (MHD_HTTP_OK != + json_integer_value (json_object_get (p_cfg, + "http_status"))) + return false; /* skip providers that are down */ if (GNUNET_OK != GNUNET_JSON_parse (p_cfg, spec, diff --git a/src/restclient/anastasis_api_config.c b/src/restclient/anastasis_api_config.c index c4857b3..2f6dc3c 100644 --- a/src/restclient/anastasis_api_config.c +++ b/src/restclient/anastasis_api_config.c @@ -91,8 +91,8 @@ handle_config_finished (void *cls, switch (response_code) { case 0: - /* Hard error */ - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + /* No reply received */ + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Backend `%s' failed to respond to GET /config\n", co->url); break; -- cgit v1.2.3