storj/scripts/test-certificate-signing.sh

#!/usr/bin/env bash
set -o errexit

trap "echo ERROR: exiting due to error; exit" ERR
trap "exit" INT TERM

. $(dirname $0)/utils.sh

failures=3
user_id="user@example.com"
signer_address="127.0.0.1:8888"
difficulty=16

cleanup() {
    if [[ ! -z ${bg+x} ]]; then
        kill ${bg}
    fi

    dirs="$tmp $tmp_build_dir"
    for dir in ${dirs}; do
        if [[ ! -z ${dir+x} ]]; then
            rm -rf ${dir}
        fi
    done
}
if [[ ${TRAVIS} == true ]]; then
    declare_cmds storagenode certificates
else
    temp_build storagenode certificates
fi
tmp=$(mktemp -d)
trap "cleanup" EXIT


certificates_dir=${tmp}/cert-signing
storagenode_dir=${tmp}/storagenode

# TODO: create separate signer CA and use `--signer.ca` options
#                    --signer.ca.cert-path ${signer_cert} \
#                    --signer.ca.key-path ${signer_key} \

echo "setting up certificate signing server"
$certificates setup --config-dir ${certificates_dir} \
                    --signer.min-difficulty ${difficulty}

echo "creating test authorization"
$certificates auth create --config-dir ${certificates_dir} \
                          1 ${user_id} >/dev/null 2>&1


export_tokens() {
    $certificates auth export --config-dir ${certificates_dir} \
                              --out -

}
token=$(export_tokens 2>&1|cut -d , -f 2|grep -oE "$user_id:\w+")

echo "starting certificate signing server"
$certificates run --config-dir ${certificates_dir} \
                  --server.address ${signer_address} >/dev/null 2>&1 &

bg=$!
sleep 1

echo "setting up storage node"
$storagenode setup --config-dir ${storagenode_dir} \
                   --ca.difficulty ${difficulty} \
                   --signer.address ${signer_address} \
                   --signer.auth-token ${token}

ca_chain_len=$(cat ${storagenode_dir}/ca.cert|grep "BEGIN CERTIFICATE"|wc -l)
ident_chain_len=$(cat ${storagenode_dir}/identity.cert|grep "BEGIN CERTIFICATE"|wc -l)

echo "Checks (${failures}):"

if [[ ${ca_chain_len} == 2 ]]; then
    echo "  - ca chain length is correct"
    failures=$((failures-1))
else
    echo "  - FAIL: incorrect storage node CA chain length; expected: 2; actual: ${ca_chain_len}"
fi
if [[ ${ident_chain_len} == 3 ]]; then
    echo "  - identity chain length is correct"
    failures=$((failures-1))
else
    echo "  - FAIL: incorrect storage node identity chain length; expected: 2; actual: ${ident_chain_len}"
fi

verify=$(${certificates} verify --config-dir ${certificates_dir} --log.level error 2>&1)
if [[ ! -n ${verify} ]]; then
    echo "  - certificates verified"
    failures=$((failures-1))
else
    echo "  - FAIL: certificate verification error"
    echo "          ${verify}"
fi

if [[ ${failures} == 0 ]]; then
    echo "SUCCESS: all expectations met!"
else
    echo "FAILURE: ${failures} checks failed"
fi

exit ${failures}
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`#!/usr/bin/env bash`
			`set -o errexit`

			`trap "echo ERROR: exiting due to error; exit" ERR`
			`trap "exit" INT TERM`

			`. $(dirname $0)/utils.sh`

Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`failures=3`
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`user_id="user@example.com"`
			`signer_address="127.0.0.1:8888"`
			`difficulty=16`

			`cleanup() {`
Integration test, travis quick-fix (#974) 2019-01-05 21:24:31 +00:00			`if [[ ! -z ${bg+x} ]]; then`
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`kill ${bg}`
			`fi`

			`dirs="$tmp $tmp_build_dir"`
			`for dir in ${dirs}; do`
			`if [[ ! -z ${dir+x} ]]; then`
			`rm -rf ${dir}`
			`fi`
			`done`
			`}`
Integration test, travis quick-fix (#974) 2019-01-05 21:24:31 +00:00			`if [[ ${TRAVIS} == true ]]; then`
			`declare_cmds storagenode certificates`
			`else`
			`temp_build storagenode certificates`
			`fi`
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`tmp=$(mktemp -d)`
Integration test, travis quick-fix (#974) 2019-01-05 21:24:31 +00:00			`trap "cleanup" EXIT`

automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00
			`certificates_dir=${tmp}/cert-signing`
			`storagenode_dir=${tmp}/storagenode`

			# TODO: create separate signer CA and use `--signer.ca` options
			`# --signer.ca.cert-path ${signer_cert} \`
			`# --signer.ca.key-path ${signer_key} \`

			`echo "setting up certificate signing server"`
			`$certificates setup --config-dir ${certificates_dir} \`
			`--signer.min-difficulty ${difficulty}`

			`echo "creating test authorization"`
			`$certificates auth create --config-dir ${certificates_dir} \`
			`1 ${user_id} >/dev/null 2>&1`

Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`export_tokens() {`
			`$certificates auth export --config-dir ${certificates_dir} \`
			`--out -`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`}`
			`token=$(export_tokens 2>&1\|cut -d , -f 2\|grep -oE "$user_id:\w+")`

			`echo "starting certificate signing server"`
			`$certificates run --config-dir ${certificates_dir} \`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`--server.address ${signer_address} >/dev/null 2>&1 &`

automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`bg=$!`
			`sleep 1`

			`echo "setting up storage node"`
			`$storagenode setup --config-dir ${storagenode_dir} \`
			`--ca.difficulty ${difficulty} \`
			`--signer.address ${signer_address} \`
			`--signer.auth-token ${token}`

			`ca_chain_len=$(cat ${storagenode_dir}/ca.cert\|grep "BEGIN CERTIFICATE"\|wc -l)`
			`ident_chain_len=$(cat ${storagenode_dir}/identity.cert\|grep "BEGIN CERTIFICATE"\|wc -l)`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00
			`echo "Checks (${failures}):"`

			`if [[ ${ca_chain_len} == 2 ]]; then`
			`echo " - ca chain length is correct"`
			`failures=$((failures-1))`
			`else`
			`echo " - FAIL: incorrect storage node CA chain length; expected: 2; actual: ${ca_chain_len}"`
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`fi`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if [[ ${ident_chain_len} == 3 ]]; then`
			`echo " - identity chain length is correct"`
			`failures=$((failures-1))`
			`else`
			`echo " - FAIL: incorrect storage node identity chain length; expected: 2; actual: ${ident_chain_len}"`
			`fi`

			`verify=$(${certificates} verify --config-dir ${certificates_dir} --log.level error 2>&1)`
			`if [[ ! -n ${verify} ]]; then`
			`echo " - certificates verified"`
			`failures=$((failures-1))`
			`else`
			`echo " - FAIL: certificate verification error"`
			`echo " ${verify}"`
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`fi`

			`if [[ ${failures} == 0 ]]; then`
			`echo "SUCCESS: all expectations met!"`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`else`
			`echo "FAILURE: ${failures} checks failed"`
automate certificate signing in storage node setup (#954) 2019-01-04 17:23:23 +00:00			`fi`

			`exit ${failures}`