storj/scripts/test-certificates.sh

125 lines
3.2 KiB
Bash
Executable File

#!/usr/bin/env bash
set -ueo pipefail
source $(dirname $0)/utils.sh
TMPDIR=$(mktemp -d -t tmp.XXXXXXXXXX)
IDENTS_DIR=$TMPDIR/identities
CERTS_DIR=$TMPDIR/certificates
CERTS_ADDR=127.0.0.4:11000
CERTS_ADDR_PRIV=127.0.0.4:11001
kill_certificates_server() {
kill $CERTS_PID
}
cleanup() {
if [[ -n $(ps | grep "certificates") ]]; then
kill_certificates_server
fi
rm -rf "$TMPDIR"
echo "cleaned up test successfully"
}
trap cleanup EXIT INT
_certificates() {
subcommand=$1
shift
ident_dir="${IDENTS_DIR}/certificates"
ca_cert_path="${ident_dir}/ca.cert"
ca_key_path="${ident_dir}/ca.key"
rev_dburl="bolt://${CERTS_DIR}/revocations.db"
# NB: `--identity-dir` and `--config-dir` flags are only bound globally to subcommands
exec certificates --identity-dir "$ident_dir" \
--config-dir "$CERTS_DIR" \
"$subcommand" \
--signer.ca.cert-path "$ca_cert_path" \
--signer.ca.key-path "$ca_key_path" \
--server.address "$CERTS_ADDR" \
--server.private-address "$CERTS_ADDR_PRIV" \
--server.revocation-dburl="$rev_dburl" \
--log.level warn \
"$@"
}
_identity() {
subcommand=$1
rev_dburl="bolt://${IDENTS_DIR}/revocations.db"
shift
# NB: `--identity-dir` and `--config-dir` flags are only bound globally to subcommands
identity --identity-dir "$IDENTS_DIR" \
"$subcommand" \
--signer.tls.revocation-dburl "$rev_dburl" \
--log.level info \
"$@"
}
_identity_create() {
_identity create $1 --difficulty 0 --concurrency 1 >/dev/null
}
_identity_create 'certificates'
_certificates setup &
wait
for i in {0..4}; do
email="testuser${i}@mail.example"
ident_name="testidentity${i}"
_identity_create $ident_name
if [[ i -gt 0 ]]; then
_certificates auth create "$i" "$email" &
wait
fi
done
exported_auths=$(_certificates auth export)
_certificates run --signer.min-difficulty 0 &
CERTS_PID=$!
sleep 1
for i in {1..4}; do
email="testuser${i}@mail.example"
ident_name="testidentity${i}"
token=$(echo "$exported_auths" | grep "$email" | head -n 1 | awk -F , '{print $2}')
_identity authorize --signer.address "$CERTS_ADDR" "$ident_name" "$token" > /dev/null
done
# NB: Certificates server uses bolt by default so it must be shut down before we can export.
kill_certificates_server
# Expect 10 authorizations total.
auths=$(_certificates auth export)
require_lines 10 "$auths" $LINENO
for i in {1..4}; do
email="testuser${i}@mail.example"
claimed_auth_count=0
# Expect number of auths for a given user to equal the identity/email number.
# (e.g. testidentity3/testuser3@mail.example should have 3 auths)
match_auths=$(echo "$auths" | grep "$email" )
require_lines $i "$match_auths" $LINENO
for auth in $match_auths; do
claimed=$(echo "$auth" | awk -F , '{print $3}')
if [[ $claimed == "true" ]]; then
((++claimed_auth_count))
continue
fi
# Expect unclaimed auths to have "false" as the third field.
require_equal "false" "$claimed" $LINENO
done
# Expect 4 auths (one for each user) to be claimed.
require_equal "1" "$claimed_auth_count" $LINENO
done
echo "TEST COMPLETED SUCCESSFULLY!"