blob: e3f60cd624ac3b9d311ad559bf10caa0869b5001 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/bin/bash
## Test wire_gateway conformance to documentation and its security
set -eu
# Create temp file
TEMP_FILE=$(mktemp)
# Cleanup to run whenever we exit
function cleanup() {
rm -f $TEMP_FILE
wait
}
# Install cleanup handler (except for kill -9)
trap cleanup EXIT
source "${BASH_SOURCE%/*}/../common.sh"
ADDRESS=mpTJZxWPerz1Gife6mQSdHT8mMuJK6FP85
SCHEMA=btc.sql
echo "----- Setup -----"
echo "Load config file"
load_config
echo "Start database"
setup_db
echo "Start gateway"
gateway
echo ""
echo "----- Gateway API -----"
echo -n "Making wire transfer to exchange:"
for n in `seq 1 9`; do
taler-exchange-wire-gateway-client \
-b $BANK_ENDPOINT \
-D payto://bitcoin/$ADDRESS \
-a BTC:0.0000$n > /dev/null
done
echo " OK"
echo -n "Requesting exchange incoming transaction list:"
ALL=`taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -i`
for n in `seq 1 9`; do
echo $ALL | grep BTC:0.0000$n > /dev/null
done
echo " OK"
echo -n "Making wire transfer from exchange:"
for n in `seq 1 9`; do
taler-exchange-wire-gateway-client \
-b $BANK_ENDPOINT \
-C payto://bitcoin/$ADDRESS \
-a BTC:0.0000$n > /dev/null
done
echo " OK"
echo -n "Requesting exchange's outgoing transaction list:"
ALL=`taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -o`
for n in `seq 1 9`; do
echo $ALL | grep BTC:0.0000$n > /dev/null
done
echo " OK"
echo "----- Endpoint & Method -----"
echo -n "Unknown endpoint:"
test `curl -w %{http_code} -s -o /dev/null ${BANK_ENDPOINT}test` -eq 404 && echo " OK" || echo " Failed"
echo -n "Method not allowed:"
test `curl -w %{http_code} -s -o /dev/null ${BANK_ENDPOINT}transfer` -eq 405 && echo " OK" || echo " Failed"
echo "----- Request format -----"
echo -n "Bad payto url:"
for bad_payto in http://bitcoin/$ADDRESS payto://btc/$ADDRESS payto://bitcoin/$ADDRESS?id=admin payto://bitcoin/$ADDRESS#admin; do
taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -C $bad_payto -a BTC:0.00042 2>&1 | grep -q "(400/24)" && echo -n " OK" || echo " Failed"
done
echo ""
echo -n "Bad bitcoin address:"
taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -C payto://bitcoin/42$ADDRESS -a BTC:0.00042 2>&1 | grep -q "(400/24)" && echo " OK" || echo " Failed"
echo -n "Bad transaction amount:"
taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -C payto://bitcoin/$ADDRESS -a ATC:0.00042 2>&1 | grep -q "(400/26)" && echo " OK" || echo " Failed"
echo -n "Bad history delta:"
for bad_delta in incoming outgoing incoming?delta=0 outgoing?delta=0; do
test `curl -w %{http_code} -s -o /dev/null "${BANK_ENDPOINT}history/$bad_delta"` -eq 400 && echo -n " OK" || echo -n " Failed"
done
echo ""
echo "----- History delta -----"
for endpoint in incoming outgoing; do
echo -n "History $endpoint:"
check_delta ${endpoint}?delta=-9 "seq 1 9" && echo -n " OK" || echo -n " Failed"
check_delta ${endpoint}?delta=9 "seq 1 9" && echo -n " OK" || echo -n " Failed"
check_delta ${endpoint}?delta=-4 "seq 6 9" && echo -n " OK" || echo -n " Failed"
check_delta ${endpoint}?delta=4 "seq 1 4" && echo -n " OK" || echo -n " Failed"
check_delta "${endpoint}?delta=-3&start=5" "seq 2 4" && echo -n " OK" || echo -n " Failed"
check_delta "${endpoint}?delta=3&start=4" "seq 5 7" && echo -n " OK" || echo -n " Failed"
echo ""
done
echo "----- Transfer idempotence -----"
DATA="{\"request_uid\":\"0ZSX8SH0M30KHX8K3Y1DAMVGDQV82XEF9DG1HC4QMQ3QWYT4AF00ZSX8SH0M30KHX8K3Y1DAMVGDQV82XEF9DG1HC4QMQ3QWYT4AF00\",\"amount\":\"BTC:0.000034\",\"exchange_base_url\":\"$BASE_URL\",\"wtid\":\"0ZSX8SH0M30KHX8K3Y1DAMVGDQV82XEF9DG1HC4QMQ3QWYT4AF00\",\"credit_account\":\"payto://bitcoin/$ADDRESS\"}"
echo -n "Same:"
test `curl -w %{http_code} -s -o /dev/null -H "Content-Type: application/json" -d $DATA ${BANK_ENDPOINT}transfer` -eq 200 && echo -n " OK" || echo -n " Failed"
test `curl -w %{http_code} -s -o /dev/null -H "Content-Type: application/json" -d $DATA ${BANK_ENDPOINT}transfer` -eq 200 && echo " OK" || echo " Failed"
echo -n "Collision:"
DATA="{\"request_uid\":\"0ZSX8SH0M30KHX8K3Y1DAMVGDQV82XEF9DG1HC4QMQ3QWYT4AF00ZSX8SH0M30KHX8K3Y1DAMVGDQV82XEF9DG1HC4QMQ3QWYT4AF00\",\"amount\":\"BTC:0.000042\",\"exchange_base_url\":\"$BASE_URL\",\"wtid\":\"0ZSX8SH0M30KHX8K3Y1DAMVGDQV82XEF9DG1HC4QMQ3QWYT4AF00\",\"credit_account\":\"payto://bitcoin/$ADDRESS\"}"
test `curl -w %{http_code} -s -o /dev/null -H "Content-Type: application/json" -d $DATA ${BANK_ENDPOINT}transfer` -eq 409 && echo " OK" || echo " Failed"
echo "----- Security -----"
# Generate big random file
printf 'HelloWorld%s' {1..1000} > $TEMP_FILE
echo -n "Handle huge body:"
test `curl -w %{http_code} -X POST -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
echo -n "Handle body length liar:"
test `curl -w %{http_code} -X POST -H"Content-Length:1024" -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
# Generate compression bomb
printf 'HelloWorld%s' {1..1000} | pigz -z9 > $TEMP_FILE
echo -n "Handle compression bomb:"
test `curl -w %{http_code} -X POST -H"Content-Encoding:deflate" -s -o /dev/null --data-binary @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
echo "All tests passed"
|
