From b1cfcf4fbe23609b5f7f91454f24f6ad384f42ce Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 18 Mar 2020 15:03:41 +0100
Subject: add keyup key regeneration on revocation test; closes #6123

---
 src/exchange-tools/.gitignore                     |  1 +
 src/exchange-tools/test_taler_exchange_httpd.conf |  4 +-
 src/exchange-tools/test_taler_exchange_keyup.sh   | 73 ++++++++++++++++++++---
 3 files changed, 68 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/exchange-tools/.gitignore b/src/exchange-tools/.gitignore
index 531169f8c..6e9e12faf 100644
--- a/src/exchange-tools/.gitignore
+++ b/src/exchange-tools/.gitignore
@@ -1,2 +1,3 @@
 test_taler_exchange_httpd_home/.local/share/taler/exchange/live-keys/
 test_taler_exchange_httpd_home/.local/share/taler/exchange/wirefees/
+test_taler_exchange_httpd_home/.config/taler/account-1.json
diff --git a/src/exchange-tools/test_taler_exchange_httpd.conf b/src/exchange-tools/test_taler_exchange_httpd.conf
index 63b59f905..d6748b5d3 100644
--- a/src/exchange-tools/test_taler_exchange_httpd.conf
+++ b/src/exchange-tools/test_taler_exchange_httpd.conf
@@ -31,11 +31,11 @@ LEGAL_DURATION = 2 years
 
 # how long do we generate denomination and signing keys
 # ahead of time?
-LOOKAHEAD_SIGN = 32 weeks 1 day
+LOOKAHEAD_SIGN = 2 weeks 1 day
 
 # how long do we provide to clients denomination and signing keys
 # ahead of time?
-LOOKAHEAD_PROVIDE = 4 weeks 1 day
+LOOKAHEAD_PROVIDE = 1 weeks 1 day
 
 # HTTP port the exchange listens to
 PORT = 8081
diff --git a/src/exchange-tools/test_taler_exchange_keyup.sh b/src/exchange-tools/test_taler_exchange_keyup.sh
index 4cf0ea1fb..26f7fe131 100755
--- a/src/exchange-tools/test_taler_exchange_keyup.sh
+++ b/src/exchange-tools/test_taler_exchange_keyup.sh
@@ -33,8 +33,11 @@ function exit_skip() {
 }
 
 # test required commands exist
-echo "Testing for jq"
+echo -n "Testing for jq ..."
 jq -h > /dev/null || exit_skip "jq required"
+echo " OK"
+
+CONF="-c test_taler_exchange_httpd.conf"
 
 echo -n "Launching exchange ..."
 PREFIX=
@@ -42,13 +45,13 @@ PREFIX=
 # PREFIX="valgrind --leak-check=yes --track-fds=yes --error-exitcode=1 --log-file=valgrind.%p"
 
 # Setup database
-taler-exchange-dbinit -c test_taler_exchange_httpd.conf &> /dev/null
+taler-exchange-dbinit $CONF &> /dev/null
 # Setup keys.
-taler-exchange-keyup -c test_taler_exchange_httpd.conf || exit 1
+taler-exchange-keyup $CONF &> /dev/null || exit 1
 # Setup wire accounts.
-taler-exchange-wire -c test_taler_exchange_httpd.conf > /dev/null || exit 1
+taler-exchange-wire $CONF > /dev/null || exit 1
 # Run Exchange HTTPD (in background)
-$PREFIX taler-exchange-httpd -c test_taler_exchange_httpd.conf 2> test-exchange.log &
+$PREFIX taler-exchange-httpd $CONF 2> test-exchange.log &
 
 # Give HTTP time to start
 
@@ -71,15 +74,69 @@ fi
 echo " DONE"
 
 # Finally run test...
-echo -n "Running tests ..."
+echo -n "Running tests ... "
 
 # Revoke active denomination key
+REVOKE_DENOM_HASH=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $2}'`
+REVOKE_DENOM_TIME=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $1}'`
+
+taler-exchange-keyup $CONF -r "$REVOKE_DENOM_HASH" -k 1024
+
+# check revocation file exists
+RDIR=`taler-config $CONF -f -s exchange -o REVOCATION_DIR`
+if [ -f "$RDIR"/$REVOKE_DENOM_HASH.rev ]
+then
+    echo -n "REV-OK "
+else
+    echo -n "REV-FAIL ($RDIR) "
+    RET=1
+fi
+
+# Check we now have two keys for that timestamp
+CNT=`taler-exchange-keycheck $CONF -i EUR:1 | awk '{print $1}' | grep -- "$REVOKE_DENOM_TIME" | wc -l`
+
+if [ x2 != x${CNT} ]
+then
+    echo -n "CNT-FAIL (${CNT}) "
+    RET=1
+else
+    echo -n "CNT-OK "
+fi
 
+# Reload keys (and revocation data) at the exchange
+kill -SIGUSR1 $!
 
+# Give exchange chance to parse and reload keys
+sleep 5
+
+# Download (updated) keys
+wget http://localhost:8081/keys -O keys.json -o /dev/null >/dev/null
+
+RK=`jq -er .recoup[0].h_denom_pub < keys.json`
+if [ x$RK != x$REVOKE_DENOM_HASH ]
+then
+    echo -n "KEYS-FAIL ($RK vs $REVOKE_DENOM_HASH)"
+    RET=1
+else
+    echo -n "KEYS-OK"
+fi
 
 echo " DONE"
 # $! is the last backgrounded process, hence the exchange
 kill -TERM $!
 wait $!
-# Return status code from exchange for this script
-exit $?
+if [ 0 != $? ]
+then
+    RET=4
+fi
+
+echo "Final cleanup"
+# Can't leave revocations around, would mess up next test run
+rm -r "$RDIR"
+# Also cleaning up live keys, as otherwise we have two for the revoked denomination type next time
+KDIR=`taler-config $CONF -f -s exchange -o KEYDIR`
+rm -r "$KDIR"
+# Clean up our temporary file
+rm keys.json
+
+exit $RET
-- 
cgit v1.2.3