diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-04-14 13:43:45 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-04-14 13:43:45 +0200 |
| commit | 9fe3318563f3ca02147b80d66f8f49e1f7d04353 (patch) | |
| tree | 332a8b33cb9e933fe3621c17ef66b5df8a2e9d99 | |
| parent | c015c0ed43a4b928997e6872587a182d49c62113 (diff) | |
-indent
| -rw-r--r-- | src/backend/taler-merchant-httpd_exchanges.c | 6 | ||||
| -rw-r--r-- | src/testing/test_key_rotation.conf | 197 | ||||
| -rwxr-xr-x | src/testing/test_key_rotation.sh | 294 |
3 files changed, 495 insertions, 2 deletions
diff --git a/src/backend/taler-merchant-httpd_exchanges.c b/src/backend/taler-merchant-httpd_exchanges.c index 06c4ab91..b4bc1b63 100644 --- a/src/backend/taler-merchant-httpd_exchanges.c +++ b/src/backend/taler-merchant-httpd_exchanges.c @@ -364,10 +364,12 @@ process_wire_fees (struct Exchange *exchange, while ( (NULL != endp) && (NULL != endp->next) ) endp = endp->next; - while ( (NULL != endp) && (NULL != fees) && + while ( (NULL != endp) && + (NULL != fees) && (fees->start_date.abs_value_us < endp->end_date.abs_value_us) ) fees = fees->next; - if ( (NULL != endp) && (NULL != fees) && + if ( (NULL != endp) && + (NULL != fees) && (fees->start_date.abs_value_us != endp->end_date.abs_value_us) ) { /* Hole in the fee structure, not allowed! */ diff --git a/src/testing/test_key_rotation.conf b/src/testing/test_key_rotation.conf new file mode 100644 index 00000000..d6eaaad4 --- /dev/null +++ b/src/testing/test_key_rotation.conf @@ -0,0 +1,197 @@ +[PATHS] +TALER_HOME = ${PWD}/test_rotation_home/ +TALER_DATA_HOME = $TALER_HOME/.local/share/taler/ +TALER_CONFIG_HOME = $TALER_HOME/.config/taler/ +TALER_CACHE_HOME = $TALER_HOME/.cache/taler/ +TALER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/taler-system-runtime/ + +[taler] +CURRENCY = TESTKUDOS +CURRENCY_ROUND_UNIT = TESTKUDOS:0.01 + +[exchange] +MAX_KEYS_CACHING = forever +DB = postgres +MASTER_PRIV_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/master.priv +SERVE = tcp +UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http +UNIXPATH_MODE = 660 +PORT = 8081 +BASE_URL = http://localhost:8081/ +SIGNKEY_DURATION = 2 s +SIGNKEY_LEGAL_DURATION = 15 m +KEYDIR = ${TALER_DATA_HOME}/exchange/live-keys/ +REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/ +TERMS_ETAG = 0 +PRIVACY_ETAG = 0 + +[taler-exchange-secmod-eddsa] +OVERLAP_DURATION = 1 s +KEY_DIR = ${TALER_DATA_HOME}/crypto-eddsa/ +UNIXPATH = $TALER_RUNTIME_DIR/taler-exchange-secmod-eddsa.sock +SM_PRIV_KEY = ${TALER_DATA_HOME}/taler-exchange-secmod-eddsa/.private-key +LOOKAHEAD_SIGN = 15 s +DURATION = 2 s + +[taler-exchange-secmod-rsa] +OVERLAP_DURATION = 1 s +KEY_DIR = ${TALER_DATA_HOME}/crypto-rsa/ +UNIXPATH = $TALER_RUNTIME_DIR/taler-exchange-secmod-rsa.sock +SM_PRIV_KEY = ${TALER_DATA_HOME}/taler-exchange-secmod-rsa/.private-key +LOOKAHEAD_SIGN = 15 s + + +[merchant] +SERVE = tcp +PORT = 9966 +UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http +UNIXPATH_MODE = 660 +DEFAULT_WIRE_FEE_AMORTIZATION = 1 +DB = postgres +WIREFORMAT = default +# Set very low, so we can be sure that the database generated +# will contain wire transfers "ready" for the aggregator. +WIRE_TRANSFER_DELAY = 1 minute +DEFAULT_PAY_DEADLINE = 1 day +DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1 +KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv +DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10 + +# Ensure that merchant reports EVERY deposit confirmation to auditor +FORCE_AUDIT = YES + +[auditor] +DB = postgres +AUDITOR_PRIV_FILE = ${TALER_DATA_HOME}/auditor/offline-keys/auditor.priv +SERVE = tcp +UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http +UNIXPATH_MODE = 660 +PORT = 8083 +AUDITOR_URL = http://localhost:8083/ +TINY_AMOUNT = TESTKUDOS:0.01 +AUDITOR_PRIV_FILE = ${TALER_DATA_HOME}/auditor/offline-keys/auditor.priv +BASE_URL = "http://localhost:8083/" + +[bank] +DATABASE = postgres:///taler-auditor-basedb +MAX_DEBT = TESTKUDOS:50.0 +MAX_DEBT_BANK = TESTKUDOS:100000.0 +HTTP_PORT = 8082 +SUGGESTED_EXCHANGE = http://localhost:8081/ +SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2 +ALLOW_REGISTRATIONS = YES +SERVE = http + +[exchangedb] +IDLE_RESERVE_EXPIRATION_TIME = 4 weeks +LEGAL_RESERVE_EXPIRATION_TIME = 7 years + +[exchange-account-1] +PAYTO_URI = payto://x-taler-bank/localhost/Exchange +enable_debit = yes +enable_credit = yes +WIRE_GATEWAY_URL = "http://localhost:8082/taler-wire-gateway/Exchange/" +WIRE_GATEWAY_AUTH_METHOD = basic +USERNAME = Exchange +PASSWORD = x + +[merchant-exchange-default] +EXCHANGE_BASE_URL = http://localhost:8081/ +CURRENCY = TESTKUDOS + +[payments-generator] +currency = TESTKUDOS +instance = default +bank = http://localhost:8082/ +merchant = http://localhost:9966/ +exchange_admin = http://localhost:18080/ +exchange-admin = http://localhost:18080/ +exchange = http://localhost:8081/ + +[coin_kudos_ct_1] +value = TESTKUDOS:0.01 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.01 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_ct_10] +value = TESTKUDOS:0.10 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_1] +value = TESTKUDOS:1 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.02 +fee_deposit = TESTKUDOS:0.02 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_2] +value = TESTKUDOS:2 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.03 +fee_deposit = TESTKUDOS:0.03 +fee_refresh = TESTKUDOS:0.04 +fee_refund = TESTKUDOS:0.02 +rsa_keysize = 1024 + +[coin_kudos_4] +value = TESTKUDOS:4 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.03 +fee_deposit = TESTKUDOS:0.03 +fee_refresh = TESTKUDOS:0.04 +fee_refund = TESTKUDOS:0.02 +rsa_keysize = 1024 + +[coin_kudos_5] +value = TESTKUDOS:5 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 + +[coin_kudos_8] +value = TESTKUDOS:8 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.05 +fee_deposit = TESTKUDOS:0.02 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.04 +rsa_keysize = 1024 + +[coin_kudos_10] +value = TESTKUDOS:10 +duration_withdraw = 2 s +duration_spend = 5 m +duration_legal = 15 m +fee_withdraw = TESTKUDOS:0.01 +fee_deposit = TESTKUDOS:0.01 +fee_refresh = TESTKUDOS:0.03 +fee_refund = TESTKUDOS:0.01 +rsa_keysize = 1024 diff --git a/src/testing/test_key_rotation.sh b/src/testing/test_key_rotation.sh new file mode 100755 index 00000000..73e55120 --- /dev/null +++ b/src/testing/test_key_rotation.sh @@ -0,0 +1,294 @@ +#!/bin/bash +# This file is in the public domain. +## Coloring style Text shell script +COLOR='\033[0;35m' +NOCOLOR='\033[0m' +BOLD="$(tput bold)" +NORM="$(tput sgr0)" + +set -eu + +# Exit, with status code "skip" (no 'real' failure) +function exit_skip() { + echo " SKIP: $1" + exit 77 +} + +# Exit, with error message (hard failure) +function exit_fail() { + echo " FAIL: $1" + exit 1 +} + +# Cleanup to run whenever we exit +function cleanup() +{ + for n in `jobs -p` + do + kill $n 2> /dev/null || true + done + rm -rf $CONF $WALLET_DB $TMP_DIR + wait +} + +# Exchange configuration file will be edited, so we create one +# from the template. +CONF=`mktemp test_templateXXXXXX.conf` +cp test_key_rotation.conf $CONF + +TMP_DIR=`mktemp -d keys-tmp-XXXXXX` +WALLET_DB=`mktemp test_walletXXXXXX.json` + +# Install cleanup handler (except for kill -9) +trap cleanup EXIT + +# Check we can actually run +echo -n "Testing for jq" +jq -h > /dev/null || exit_skip "jq required" +echo " FOUND" +echo -n "Testing for anastasis-reducer ..." +anastasis-reducer -h > /dev/null || exit_skip "anastasis-reducer required" +echo " FOUND" + +echo -n "Testing for taler" +taler-exchange-httpd -h > /dev/null || exit_skip " taler-exchange required" +taler-merchant-httpd -h > /dev/null || exit_skip " taler-merchant required" +echo " FOUND" + +echo -n "Testing for taler-bank-manage" +taler-bank-manage --help >/dev/null </dev/null || exit_skip " MISSING" +echo " FOUND" +echo -n "Testing for taler-wallet-cli" +taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING" +echo " FOUND" + +echo -n "Generating Taler auditor, exchange and merchant configurations ..." + +DATA_DIR=`taler-config -f -c $CONF -s PATHS -o TALER_HOME` +rm -rf $DATA_DIR + +# obtain key configuration data +MASTER_PRIV_FILE=`taler-config -f -c $CONF -s EXCHANGE -o MASTER_PRIV_FILE` +MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE` +mkdir -p $MASTER_PRIV_DIR +gnunet-ecc -g1 $MASTER_PRIV_FILE > /dev/null 2> /dev/null +MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE` +EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL` +MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT` +MERCHANT_URL=http://localhost:${MERCHANT_PORT}/ +BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT` +BANK_URL=http://localhost:${BANK_PORT}/ +AUDITOR_URL=http://localhost:8083/ +AUDITOR_PRIV_FILE=`taler-config -f -c $CONF -s AUDITOR -o AUDITOR_PRIV_FILE` +AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE` +mkdir -p $AUDITOR_PRIV_DIR +gnunet-ecc -g1 $AUDITOR_PRIV_FILE > /dev/null 2> /dev/null +AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE` + +# patch configuration +TALER_DB=talercheck +taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB +taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB +taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TALER_DB +taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TALER_DB +taler-config -c $CONF -s merchantdb-postgres -o CONFIG -V postgres:///$TALER_DB +taler-config -c $CONF -s bank -o database -V postgres:///$TALER_DB +taler-config -c $CONF -s exchange -o KEYDIR -V "${TMP_DIR}/keydir/" +taler-config -c $CONF -s exchange -o REVOCATION_DIR -V "${TMP_DIR}/revdir/" + +echo " OK" + +echo -n "Setting up exchange ..." + +# reset database +dropdb $TALER_DB >/dev/null 2>/dev/null || true +createdb $TALER_DB || exit_skip "Could not create database $TALER_DB" +taler-exchange-dbinit -c $CONF +taler-merchant-dbinit -c $CONF +taler-auditor-dbinit -c $CONF +taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL + +echo " OK" + +# Launch services +echo -n "Launching taler services ..." +taler-bank-manage-testing $CONF postgres:///$TALER_DB serve > taler-bank.log 2> taler-bank.err & +taler-exchange-secmod-eddsa -c $CONF 2> taler-exchange-secmod-eddsa.log & +taler-exchange-secmod-rsa -c $CONF 2> taler-exchange-secmod-rsa.log & +taler-exchange-httpd -c $CONF 2> taler-exchange-httpd.log & +taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log & +taler-exchange-wirewatch -c $CONF 2> taler-exchange-wirewatch.log & +taler-auditor-httpd -L INFO -c $CONF 2> taler-auditor-httpd.log & + +echo " OK" + +# Wait for bank to be available (usually the slowest) +for n in `seq 1 50` +do + echo -n "." + sleep 0.2 + OK=0 + # bank + wget --tries=1 --timeout=1 http://localhost:8082/ -o /dev/null -O /dev/null >/dev/null || continue + OK=1 + break +done + +if [ 1 != $OK ] +then + exit_skip "Failed to launch services (bank)" +fi + +# Wait for all other taler services to be available +for n in `seq 1 50` +do + echo -n "." + sleep 0.1 + OK=0 + # exchange + wget --tries=1 --timeout=1 http://localhost:8081/seed -o /dev/null -O /dev/null >/dev/null || continue + # merchant + wget --tries=1 --timeout=1 http://localhost:9966/ -o /dev/null -O /dev/null >/dev/null || continue + # auditor + wget --tries=1 --timeout=1 http://localhost:8083/ -o /dev/null -O /dev/null >/dev/null || continue + OK=1 + break +done + +if [ 1 != $OK ] +then + exit_skip "Failed to launch taler services" +fi + +echo "OK" + + +echo -n "Setting up merchant instance" +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + http://localhost:9966/private/instances \ + -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' \ + -w "%{http_code}" -s -o /dev/null) + +if [ "$STATUS" != "204" ] +then + echo 'should respond ok, instance created. got:' $STATUS + exit 1 +fi +echo " OK" + +echo -n "Setting up orders ..." + + +ORDER_1=`curl -s -H "Content-Type: application/json" -X POST \ + http://localhost:9966/private/orders \ + -d '{"create_token":false, "order":{"amount":"TESTKUDOS:0.01","summary":"Minimal test order #1"}}' \ + | jq -er '.order_id'` +PAY1=taler+http://pay/localhost:9966/${ORDER_1}/ + +ORDER_2=`curl -s -H "Content-Type: application/json" -X POST \ + http://localhost:9966/private/orders \ + -d '{"create_token":false, "order":{"amount":"TESTKUDOS:0.01","summary":"Minimal test order #2"}}' \ + | jq -er '.order_id'` +PAY2=taler+http://pay/localhost:9966/${ORDER_1}/ + + +if [ "$STATUS" != "204" ] +then + echo 'should respond ok, order created. got:' $STATUS + exit 1 +fi + + +echo "OK" + +bash + +echo -n "Setting up keys ..." +taler-exchange-offline -c $CONF \ + download \ + sign \ + enable-account payto://x-taler-bank/localhost/Exchange \ + enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \ + wire-fee now x-taler-bank TESTKUDOS:0.01 TESTKUDOS:0.01 \ + upload &> taler-exchange-offline.log + +echo -n "." + +for n in `seq 1 30` +do + echo -n "." + OK=0 + wget --tries=1 http://localhost:8081/keys -o /dev/null -O /dev/null >/dev/null || continue + OK=1 + sleep 0.1 + break +done + +if [ 1 != $OK ] +then + exit_skip "Failed to setup keys" +fi + +echo " OK" + +echo -n "Setting up auditor signatures ..." +taler-auditor-offline -c $CONF \ + download sign upload &> taler-auditor-offline.log +echo " OK" + + +echo -n "First withdraw wallet" +rm $WALLET_DB +taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'withdrawTestBalance' \ + "$(jq -n ' + { + amount: "TESTKUDOS:1", + bankBaseUrl: $BANK_URL, + exchangeBaseUrl: $EXCHANGE_URL + }' \ + --arg BANK_URL "$BANK_URL" \ + --arg EXCHANGE_URL "$EXCHANGE_URL" + )" 2> /dev/null >/dev/null +taler-wallet-cli --wallet-db=$WALLET_DB run-until-done 2>/dev/null >/dev/null +echo " OK" + +echo -n "Pay first order ..." +taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB handle-uri ${PAY1} 2> wallet-pay1.err > wallet-pay1.log +echo " OK" + +echo -n "Wait for old keys to definitively expire..." +sleep 15 +echo " OK" + +echo -n "Updating keys ..." +taler-exchange-offline -c $CONF \ + download \ + sign \ + upload &> taler-exchange-offline-2.log +taler-auditor-offline -c $CONF \ + download sign upload &> taler-auditor-offline-2.log +echo " OK" + +echo -n "Second withdraw wallet" +rm $WALLET_DB +taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'withdrawTestBalance' \ + "$(jq -n ' + { + amount: "TESTKUDOS:1", + bankBaseUrl: $BANK_URL, + exchangeBaseUrl: $EXCHANGE_URL + }' \ + --arg BANK_URL "$BANK_URL" \ + --arg EXCHANGE_URL "$EXCHANGE_URL" + )" 2> /dev/null >/dev/null +taler-wallet-cli --wallet-db=$WALLET_DB run-until-done 2>/dev/null >/dev/null +echo " OK" + +echo -n "Pay second order ..." +taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB handle-uri ${PAY2} 2> wallet-pay1.err > wallet-pay1.log +echo " OK" + + + + +exit 0 |