#!/bin/bash set -eu # Exit, with status code "skip" (no 'real' failure) function exit_skip() { echo " SKIP: $1" exit 77 } # Exit, with error message (hard failure) function exit_fail() { echo " FAIL: $1" exit 1 } # Cleanup to run whenever we exit function cleanup() { if test $? != 0 -o $? != 77; then echo "ERROR: see also nexus.log and sandbox.log" fi for n in `jobs -p` do kill $n 2> /dev/null || true done rm -rf $CONF $R1FILE $R2FILE $B1FILE $B2FILE wait } # $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban function prepare_sandbox_account() { echo -n "Activating ebics subscriber $1 at the sandbox ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicssubscriber create \ --host-id=$EBICS_HOST \ --partner-id=$2 \ --user-id=$1 echo " OK" echo -n "Giving a bank account ($4) to $1 ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicsbankaccount create \ --iban=$5 \ --bic="BCMAESM1XXX"\ --person-name=$3 \ --account-name=$4 \ --ebics-user-id=$1 \ --ebics-host-id=$EBICS_HOST \ --ebics-partner-id=$2 \ --currency=$CURRENCY echo " OK" } # Install cleanup handler (except for kill -9) trap cleanup EXIT # $1 = ebics user id, $2 = ebics partner, $3 = bank connection name # $4 = bank account name local to Nexus, $5 = bank account name as known # by Sandbox function prepare_nexus_account() { echo -n Making bank connection $3 libeufin-cli connections new-ebics-connection \ --ebics-url="${SANDBOX_URL}ebicsweb" \ --host-id=$EBICS_HOST \ --partner-id=$2 \ --ebics-user-id=$1 \ $3 > /dev/null echo " OK" echo -n Connecting $3 .. libeufin-cli connections connect $3 > /dev/null echo " OK" echo -n "Importing Sandbox bank account ($5) to Nexus ($4) ..." libeufin-cli connections download-bank-accounts $3 > /dev/null libeufin-cli connections import-bank-account \ --offered-account-id=$5 --nexus-bank-account-id=$4 $3 > /dev/null echo " OK" } # $1 = facade name, $2 = bank connection to use, $3 = bank account name # local to Nexus function prepare_anastasis_facade() { echo -n "Creating facade ..." libeufin-cli facades new-anastasis-facade \ --currency=$CURRENCY \ --facade-name=$1 \ $2 $3 echo " OK" # No need to setup facade permissions, as the anastasis client # is superuser at Nexus. } # Configuration file will be edited, so we create one # from the template. CONF=`mktemp test_free_reducerXXXXXX.conf` cp test_free_reducer.conf $CONF B1FILE=`mktemp test_reducer_stateB1XXXXXX` B2FILE=`mktemp test_reducer_stateB2XXXXXX` R1FILE=`mktemp test_reducer_stateR1XXXXXX` R2FILE=`mktemp test_reducer_stateR2XXXXXX` export CONF export B2FILE export B1FILE export R2FILE export R1FILE # Script's guidelines: #* uses 'CURRENCY=TESTKUDOS' and uses $CURRENCY for all # currencies in what follows ... #* for databases, use either 'anastasischeck' for Postgres # or an sqlite file created via "mktemp /tmp/test-XXXXXX" # or something like that #* exits with 77 if libeufin is not properly installed/available # installed/available #* starts Nexus (in background) #* starts sandbox (in background) #* creates two IBAN accounts #* stores IBANs of both accounts in shell variables, # call them IBAN_CREDIT and IBAN_DEBIT. #* configures an Anastasis facade for IBAN_CREDIT. #* exports authentication credentials (URL, access token) # for the facade to shell variables # (FACADE_URL, FACADE_AUTH_TOKEN) # ~~~~~~~~~ #* contains a command to do a wire-transfer (pick your amount) # from DEBIT to CREDIT (setup authentication as needed to # trigger the transfer) # # #Make sure 'set -eu' and include some progress indicators, like: # #echo -n "Starting nexus ..." ## DO WORK #echo " DONE" #echo -n "Starting sandbox ..." ## DO WORK #echo " DONE" echo -n "Testing for libeufin-cli" libeufin-cli --version > /dev/null || exit_skip "libeufin-cli required" echo " FOUND" echo -n "Testing for libeufin-nexus" libeufin-nexus --version > /dev/null || exit_skip "libeufin-nexus required" echo " FOUND" echo -n "Testing for libeufin-sandbox" libeufin-sandbox --version > /dev/null || exit_skip "libeufin-sandbox required" echo " FOUND" # Check we can actually run echo -n "Testing for jq" jq -h > /dev/null || exit_skip "jq required" echo " FOUND" echo -n "Testing for anastasis-reducer ..." anastasis-reducer -h > /dev/null || exit_skip "anastasis-reducer required" echo " FOUND" export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)" export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)" NEXUS_URL="http://localhost:5001/" SANDBOX_URL="http://localhost:5000/" echo -n "Starting Nexus ..." libeufin-nexus serve &> nexus.log & nexus_pid=$! if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then exit_skip "Could not launch Nexus" fi echo "OK" echo -n "Starting Sandbox ..." libeufin-sandbox serve &> sandbox.log & sandbox_pid=$! if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then exit_skip "Could not launch Sandbox" fi echo " OK" CURRENCY="TESTKUDOS" EBICS_HOST="ebicstesthost" IBAN_CREDIT="AA3314655813489414469157" IBAN_DEBIT="BB3314655813489414469157" export IBAN_CREDIT export IBAN_DEBIT echo Preparing Sandbox ... echo -n "Making an ebics host at the sandbox " libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicshost create \ --host-id=$EBICS_HOST echo " OK" # note: Ebisc schema doesn't allow dashed names. prepare_sandbox_account \ ebicsuserCredit \ ebicspartnerCredit \ Person01 \ sandbox-account-credit \ $IBAN_CREDIT prepare_sandbox_account \ ebicsuserDebit \ ebicspartnerDebit \ Person02 \ sandbox-account-debit \ $IBAN_DEBIT echo Sandbox preparation done echo Preparing Nexus ... export LIBEUFIN_NEXUS_URL=$NEXUS_URL # Make debit user, will buy Anastasis services. DEBIT_USERNAME=anastasis-debit-user DEBIT_PASSWORD=anastasis-debit-password echo -n create debit user at Nexus ... libeufin-nexus superuser $DEBIT_USERNAME --password=$DEBIT_PASSWORD echo " OK" export LIBEUFIN_NEXUS_USERNAME=$DEBIT_USERNAME export LIBEUFIN_NEXUS_PASSWORD=$DEBIT_PASSWORD prepare_nexus_account \ ebicsuserDebit \ ebicspartnerDebit \ bankconnection-debit \ nexus-bankaccount-debit \ sandbox-account-debit # Make credit user, will be Anastasis client. CREDIT_USERNAME=anastasis-credit-user CREDIT_PASSWORD=anastasis-credit-password echo -n "create credit user (for anastasis) at Nexus ..." libeufin-nexus superuser $CREDIT_USERNAME --password=$CREDIT_PASSWORD echo " OK" export LIBEUFIN_NEXUS_USERNAME=$CREDIT_USERNAME export LIBEUFIN_NEXUS_PASSWORD=$CREDIT_PASSWORD prepare_nexus_account \ ebicsuserCredit \ ebicspartnerCredit \ bankconnection-credit \ nexus-bankaccount-credit \ sandbox-account-credit echo -n create facade ... libeufin-cli facades new-anastasis-facade \ --currency=$CURRENCY \ --facade-name=facade-credit \ bankconnection-credit nexus-bankaccount-credit echo " OK" FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \") ## Reach facade with: $FACADE_URL + $CREDIT_USERNAME + $CREDIT_PASSWORD echo Nexus preparation done. echo -n "Initialize Anastasis database ..." # Name of the Postgres database we will use for the script. # Will be dropped, do NOT use anything that might be used # elsewhere TARGET_DB=`anastasis-config -c $CONF -s stasis-postgres -o CONFIG | sed -e "s/^postgres:\/\/\///"` dropdb $TARGET_DB >/dev/null 2>/dev/null || true createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB" anastasis-dbinit -c $CONF 2> anastasis-dbinit.log echo " OK" echo -n "Configuring Anastasis IBAN account ..." anastasis-config -c $CONF \ -s authorization-iban \ -o CREDIT_IBAN \ -V ${IBAN_CREDIT} anastasis-config -c $CONF \ -s authorization-iban \ -o WIRE_GATEWAY_URL \ -V ${FACADE_URL} anastasis-config -c $CONF \ -s authorization-iban \ -o WIRE_GATEWAY_AUTH_METHOD \ -V "external" echo " OK" echo -n "Launching Anastasis service ..." PREFIX="" #valgrind $PREFIX anastasis-httpd -c $CONF 2> anastasis-httpd_1.log & echo " OK" echo -n "Waiting for Anastasis service ..." # Wait for Anastasis service to be available for n in `seq 1 50` do echo -n "." sleep 0.1 OK=0 # anastasis_01 wget --tries=1 --timeout=1 http://localhost:8086/ -o /dev/null -O /dev/null >/dev/null || continue OK=1 break done if [ 1 != $OK ] then exit_skip "Failed to launch Anastasis service" fi echo "OK" echo -n "Running backup logic ...," anastasis-reducer -b > $B1FILE echo -n "." anastasis-reducer -a \ '{"continent": "Testcontinent"}' \ select_continent < $B1FILE > $B2FILE echo -n "." anastasis-reducer -a \ '{"country_code": "xx", "currencies":["TESTKUDOS"]}' \ select_country < $B2FILE > $B1FILE 2>> test_reducer.err echo -n "." anastasis-reducer -a \ '{"identity_attributes": { "full_name": "Max Musterman", "sq_number": "4", "birthdate": "2000-01-01"}}' \ enter_user_attributes < $B1FILE > $B2FILE 2>> test_reducer.err echo -n "," BASEIBAN=`echo $IBAN_DEBIT | gnunet-base32` anastasis-reducer -a \ "$(jq -n '{ authentication_method: { type: "iban", instructions: "Send me your money!", challenge: $CHALLENGE } }' \ --arg CHALLENGE "$BASEIBAN" )" \ add_authentication < $B2FILE > $B1FILE 2>> test_reducer.err echo -n "." # Finished adding authentication methods anastasis-reducer \ next < $B1FILE > $B2FILE 2>> test_reducer.err echo -n "," # Finished policy review anastasis-reducer \ next < $B2FILE > $B1FILE 2>> test_reducer.err echo -n "." # Note: 'secret' must here be a Crockford base32-encoded value anastasis-reducer -a \ '{"secret": { "value" : "VERYHARDT0GVESSSECRET", "mime" : "text/plain" }}' \ enter_secret < $B1FILE > $B2FILE 2>> test_reducer.err mv $B2FILE $B1FILE anastasis-reducer next < $B1FILE > $B2FILE 2>> test_reducer.err echo " OK" echo -n "Final backup checks ..." STATE=`jq -r -e .backup_state < $B2FILE` if test "$STATE" != "BACKUP_FINISHED" then exit_fail "Expected new state to be 'BACKUP_FINISHED', got '$STATE'" fi jq -r -e .core_secret < $B2FILE > /dev/null && exit_fail "'core_secret' was not cleared upon success" echo " OK" echo -n "Running recovery basic logic ..." anastasis-reducer -r > $R1FILE anastasis-reducer -a \ '{"continent": "Testcontinent"}' \ select_continent < $R1FILE > $R2FILE anastasis-reducer -a \ '{"country_code": "xx", "currencies":["TESTKUDOS"]}' \ select_country < $R2FILE > $R1FILE 2>> test_reducer.err anastasis-reducer -a '{"identity_attributes": { "full_name": "Max Musterman", "sq_number": "4", "birthdate": "2000-01-01" }}' enter_user_attributes < $R1FILE > $R2FILE 2>> test_reducer.err STATE=`jq -r -e .recovery_state < $R2FILE` if test "$STATE" != "SECRET_SELECTING" then exit_fail "Expected new state to be 'SECRET_SELECTING', got '$STATE'" fi echo " OK" echo -n "Selecting default secret" mv $R2FILE $R1FILE anastasis-reducer next < $R1FILE > $R2FILE 2>> test_reducer.err STATE=`jq -r -e .recovery_state < $R2FILE` if test "$STATE" != "CHALLENGE_SELECTING" then exit_fail "Expected new state to be 'CHALLENGE_SELECTING', got '$STATE'" fi echo " OK" echo -n "Running challenge logic ..." NAME_UUID=`jq -r -e .recovery_information.challenges[0].uuid < $R2FILE` anastasis-reducer -a \ "$(jq -n ' { uuid: $UUID }' \ --arg UUID "$NAME_UUID" )" \ select_challenge < $R2FILE > $R1FILE 2>> test_reducer.err # FIXME: check $IBAN1 is properly in $R1FILE # FIXME: check TESTKUDOS:5 is properly in $R1FILE # FIXME: extract wire transfer subject from $R1FILE # FIXME-MS: must do wire transfer here! # bash echo "TEST INCOMPLETE --- BAILING for now" exit 77 # Check for inbound wire transfer (fails with 'Failed to load bank access configuration data') anastasis-helper-authorization-iban -c $CONF -t # Now we should get the secret... anastasis-reducer poll < $R1FILE > $R2FILE echo " OK" echo -n "Checking recovered secret ..." # finally: check here that we recovered the secret... STATE=`jq -r -e .recovery_state < $R2FILE` if test "$STATE" != "RECOVERY_FINISHED" then jq -e . $R2FILE exit_fail "Expected new state to be 'RECOVERY_FINISHED', got '$STATE'" fi SECRET=`jq -r -e .core_secret.value < $R2FILE` if test "$SECRET" != "VERYHARDT0GVESSSECRET" then jq -e . $R2FILE exit_fail "Expected recovered secret to be 'VERYHARDT0GVESSSECRET', got '$SECRET'" fi MIME=`jq -r -e .core_secret.mime < $R2FILE` if test "$MIME" != "text/plain" then jq -e . $R2FILE exit_fail "Expected recovered mime to be 'text/plain', got '$MIME'" fi echo " OK" exit 0