#!/bin/bash set -eu # Exit, with status code "skip" (no 'real' failure) function exit_skip() { echo " SKIP: $1" exit 77 } # Exit, with error message (hard failure) function exit_fail() { echo " FAIL: $1" exit 1 } # Cleanup to run whenever we exit function cleanup() { for n in `jobs -p` do kill $n 2> /dev/null || true done rm -rf $CONF $R1FILE $R2FILE $B1FILE $B2FILE wait } # $1=ebics username, $2=ebics partner name, $3=person name, $4=sandbox bank account name, $5=iban function prepare_sandbox_account() { echo -n "Activating ebics subscriber $1 at the sandbox ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicssubscriber create \ --host-id=ebicstesthost \ --partner-id=$2 \ --user-id=$1 echo " OK" echo -n "Giving a bank account ($4) to $1 ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicsbankaccount create \ --iban=$5 \ --bic="BCMAESM1XXX"\ --person-name=$3 \ --account-name=$4 \ --ebics-user-id=$1 \ --ebics-host-id=ebicstesthost \ --ebics-partner-id=$2 \ --currency=$CURRENCY echo " OK" } # Configuration file will be edited, so we create one # from the template. CONF=`mktemp test_free_reducerXXXXXX.conf` cp test_free_reducer.conf $CONF B1FILE=`mktemp test_reducer_stateB1XXXXXX` B2FILE=`mktemp test_reducer_stateB2XXXXXX` R1FILE=`mktemp test_reducer_stateR1XXXXXX` R2FILE=`mktemp test_reducer_stateR2XXXXXX` export CONF export B2FILE export B1FILE export R2FILE export R1FILE # Install cleanup handler (except for kill -9) trap cleanup EXIT # Script's guidelines: #* uses 'CURRENCY=TESTKUDOS' and uses $CURRENCY for all # currencies in what follows ... #* for databases, use either 'anastasischeck' for Postgres # or an sqlite file created via "mktemp /tmp/test-XXXXXX" # or something like that #* exits with 77 if libeufin is not properly installed/available # installed/available #* starts Nexus (in background) #* starts sandbox (in background) # ~~~~~~~~~ #* creates two IBAN accounts #* stores IBANs of both accounts in shell variables, # call them IBAN_CREDIT and IBAN_DEBIT. #* configures an Anastasis facade for IBAN_CREDIT. #* exports authentication credentials (URL, access token) # for the facade to shell variables # (FACADE_URL, FACADE_AUTH_TOKEN) #* contains a command to do a wire-transfer (pick your amount) # from DEBIT to CREDIT (setup authentication as needed to # trigger the transfer) # # #Make sure 'set -eu' and include some progress indicators, like: # #echo -n "Starting nexus ..." ## DO WORK #echo " DONE" #echo -n "Starting sandbox ..." ## DO WORK #echo " DONE" if ! libeufin-cli --version &> /dev/null; then exit_skip "libeufin-cli not found" fi if ! libeufin-nexus --version &> /dev/null; then exit_skip "libeufin-nexus not found" fi if ! libeufin-sandbox --version &> /dev/null; then exit_skip "libeufin-sandbox not found" fi # Check we can actually run echo -n "Testing for jq" jq -h > /dev/null || exit_skip "jq required" echo " FOUND" echo -n "Testing for anastasis-reducer ..." anastasis-reducer -h > /dev/null || exit_skip "anastasis-reducer required" echo " FOUND" export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/nexus-db-XXXXXX.sqlite)" export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$(mktemp -u /tmp/sandbox-db-XXXXXX.sqlite)" NEXUS_URL="http://localhost:5001/" SANDBOX_URL="http://localhost:5000/" echo -n "Starting Nexus ..." libeufin-nexus serve &> nexus.log & nexus_pid=$! if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then exit_skip "Could not launch Nexus" fi echo "OK" echo -n "Starting Sandbox ..." libeufin-sandbox serve &> sandbox.log & sandbox_pid=$! if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then exit_skip "Could not launch Sandbox" fi echo " OK" CURRENCY="TESTKUDOS" IBAN1="AA3314655813489414469157" IBAN2="BB3314655813489414469157" export IBAN1 export IBAN2 echo -n "Making an ebics host at the sandbox " libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicshost create \ --host-id=ebicstesthost echo " OK" prepare_sandbox_account \ ebicsuser01 ebicspartner01 Person01 sandbox-account-01 $IBAN1 prepare_sandbox_account \ ebicsuser02 ebicspartner02 Person02 sandbox-account-02 $IBAN2 echo -n "Initialize Anastasis database ..." # Name of the Postgres database we will use for the script. # Will be dropped, do NOT use anything that might be used # elsewhere TARGET_DB=`anastasis-config -c $CONF -s stasis-postgres -o CONFIG | sed -e "s/^postgres:\/\/\///"` dropdb $TARGET_DB >/dev/null 2>/dev/null || true createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB" anastasis-dbinit -c $CONF 2> anastasis-dbinit.log echo " OK" echo -n "Configuring Anastasis IBAN account ..." anastasis-config -c $CONF \ -s authorization-iban \ -o CREDIT_IBAN \ -V ${IBAN1} # FIXME-MS: We need the *facade* URL and (likely) the # Facade authentication data here, not the NEXUS_URL! anastasis-config -c $CONF \ -s authorization-iban \ -o WIRE_GATEWAY_URL \ -V ${NEXUS_URL} anastasis-config -c $CONF \ -s authorization-iban \ -o WIRE_GATEWAY_AUTH_METHOD \ -V "external" echo " OK" echo -n "Launching Anastasis service ..." PREFIX="" #valgrind $PREFIX anastasis-httpd -c $CONF 2> anastasis-httpd_1.log & echo " OK" echo -n "Waiting for Anastasis service ..." # Wait for Anastasis service to be available for n in `seq 1 50` do echo -n "." sleep 0.1 OK=0 # anastasis_01 wget --tries=1 --timeout=1 http://localhost:8086/ -o /dev/null -O /dev/null >/dev/null || continue OK=1 break done if [ 1 != $OK ] then exit_skip "Failed to launch Anastasis service" fi echo "OK" echo -n "Running backup logic ...," anastasis-reducer -b > $B1FILE echo -n "." anastasis-reducer -a \ '{"continent": "Testcontinent"}' \ select_continent < $B1FILE > $B2FILE echo -n "." anastasis-reducer -a \ '{"country_code": "xx", "currencies":["TESTKUDOS"]}' \ select_country < $B2FILE > $B1FILE 2>> test_reducer.err echo -n "." anastasis-reducer -a \ '{"identity_attributes": { "full_name": "Max Musterman", "sq_number": "4", "birthdate": "2000-01-01"}}' \ enter_user_attributes < $B1FILE > $B2FILE 2>> test_reducer.err echo -n "," BASEIBAN=`echo $IBAN2 | gnunet-base32` anastasis-reducer -a \ "$(jq -n '{ authentication_method: { type: "iban", instructions: "Send me your money!", challenge: $CHALLENGE } }' \ --arg CHALLENGE "$BASEIBAN" )" \ add_authentication < $B2FILE > $B1FILE 2>> test_reducer.err echo -n "." # Finished adding authentication methods anastasis-reducer \ next < $B1FILE > $B2FILE 2>> test_reducer.err echo -n "," # Finished policy review anastasis-reducer \ next < $B2FILE > $B1FILE 2>> test_reducer.err echo -n "." # Note: 'secret' must here be a Crockford base32-encoded value anastasis-reducer -a \ '{"secret": { "value" : "VERYHARDT0GVESSSECRET", "mime" : "text/plain" }}' \ enter_secret < $B1FILE > $B2FILE 2>> test_reducer.err mv $B2FILE $B1FILE anastasis-reducer next < $B1FILE > $B2FILE 2>> test_reducer.err echo " OK" echo -n "Final backup checks ..." STATE=`jq -r -e .backup_state < $B2FILE` if test "$STATE" != "BACKUP_FINISHED" then exit_fail "Expected new state to be 'BACKUP_FINISHED', got '$STATE'" fi jq -r -e .core_secret < $B2FILE > /dev/null && exit_fail "'core_secret' was not cleared upon success" echo " OK" echo -n "Running recovery basic logic ..." anastasis-reducer -r > $R1FILE anastasis-reducer -a \ '{"continent": "Testcontinent"}' \ select_continent < $R1FILE > $R2FILE anastasis-reducer -a \ '{"country_code": "xx", "currencies":["TESTKUDOS"]}' \ select_country < $R2FILE > $R1FILE 2>> test_reducer.err anastasis-reducer -a '{"identity_attributes": { "full_name": "Max Musterman", "sq_number": "4", "birthdate": "2000-01-01" }}' enter_user_attributes < $R1FILE > $R2FILE 2>> test_reducer.err STATE=`jq -r -e .recovery_state < $R2FILE` if test "$STATE" != "SECRET_SELECTING" then exit_fail "Expected new state to be 'SECRET_SELECTING', got '$STATE'" fi echo " OK" echo -n "Selecting default secret" mv $R2FILE $R1FILE anastasis-reducer next < $R1FILE > $R2FILE 2>> test_reducer.err STATE=`jq -r -e .recovery_state < $R2FILE` if test "$STATE" != "CHALLENGE_SELECTING" then exit_fail "Expected new state to be 'CHALLENGE_SELECTING', got '$STATE'" fi echo " OK" echo -n "Running challenge logic ..." NAME_UUID=`jq -r -e .recovery_information.challenges[0].uuid < $R2FILE` anastasis-reducer -a \ "$(jq -n ' { uuid: $UUID }' \ --arg UUID "$NAME_UUID" )" \ select_challenge < $R2FILE > $R1FILE 2>> test_reducer.err # FIXME: check $IBAN1 is properly in $R1FILE # FIXME: check TESTKUDOS:5 is properly in $R1FILE # FIXME: extract wire transfer subject from $R1FILE # FIXME-MS: must do wire transfer here! # bash echo "TEST INCOMPLETE --- BAILING for now" exit 77 # Check for inbound wire transfer (fails with 'Failed to load bank access configuration data') anastasis-helper-authorization-iban -c $CONF -t # Now we should get the secret... anastasis-reducer poll < $R1FILE > $R2FILE echo " OK" echo -n "Checking recovered secret ..." # finally: check here that we recovered the secret... STATE=`jq -r -e .recovery_state < $R2FILE` if test "$STATE" != "RECOVERY_FINISHED" then jq -e . $R2FILE exit_fail "Expected new state to be 'RECOVERY_FINISHED', got '$STATE'" fi SECRET=`jq -r -e .core_secret.value < $R2FILE` if test "$SECRET" != "VERYHARDT0GVESSSECRET" then jq -e . $R2FILE exit_fail "Expected recovered secret to be 'VERYHARDT0GVESSSECRET', got '$SECRET'" fi MIME=`jq -r -e .core_secret.mime < $R2FILE` if test "$MIME" != "text/plain" then jq -e . $R2FILE exit_fail "Expected recovered mime to be 'text/plain', got '$MIME'" fi echo " OK" exit 0