veyron/services/identity: Create Test Identity Server and
integration test for identity server.
-Factored out CaveatSelector from identityServer, now almost
all components of the identity server are modular and uncoupled.
Change-Id: I61059fe9704d70c42b63242c81900c82135f3941
diff --git a/services/identity/test.sh b/services/identity/test.sh
new file mode 100755
index 0000000..6a20639
--- /dev/null
+++ b/services/identity/test.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Test that tests the routes of the identityd server.
+
+source "$(go list -f {{.Dir}} veyron.io/veyron/shell/lib)/shell_test.sh"
+
+readonly WORKDIR="${shell_test_WORK_DIR}"
+
+build() {
+ IDENTITYD_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/services/identity/identityd_test')"
+ PRINCIPAL_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/tools/principal')"
+}
+
+# These certificatese were created with "generate_cert.go --host=localhost --duration=87600h --ecdsa-curve=P256"
+CERT="-----BEGIN CERTIFICATE-----
+MIIBbTCCARSgAwIBAgIRANKYmC0v3pK+VohyJOdD1hgwCgYIKoZIzj0EAwIwEjEQ
+MA4GA1UEChMHQWNtZSBDbzAeFw0xNDExMjEyMjEwNTJaFw0yNDExMTgyMjEwNTJa
+MBIxEDAOBgNVBAoTB0FjbWUgQ28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASv
+heWcWcZT7d5Sm/uoWhBUJJPBSREN4qGzBV7yFYUFvHJ9mNaEcopo/6BopJRbvUmj
+CQMVDZVMm5Er/f8HgCngo0swSTAOBgNVHQ8BAf8EBAMCAKAwEwYDVR0lBAwwCgYI
+KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwCgYI
+KoZIzj0EAwIDRwAwRAIgAkwh+mi5YlIxYzxzT7bQj/ZYU5pufxHt+F+a75gbm7AC
+IAI9+axCPawySY+UYvjO14hklsyy3LnSf1mNHyeGydMM
+-----END CERTIFICATE-----"
+
+KEY="-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHxiR6vjOn1jF1KS0V//pXrulxss9PwUgV/7/QVeV2zCoAoGCCqGSM49
+AwEHoUQDQgAEr4XlnFnGU+3eUpv7qFoQVCSTwUkRDeKhswVe8hWFBbxyfZjWhHKK
+aP+gaKSUW71JowkDFQ2VTJuRK/3/B4Ap4A==
+-----END EC PRIVATE KEY-----"
+
+# runprincipal starts the principal tool, extracts the url and curls it, to avoid the
+# dependence the principal tool has on a browser.
+runprincipal() {
+ local PFILE="${WORKDIR}/principalfile"
+ # Start the tool in the background.
+ "${PRINCIPAL_BIN}" seekblessings --browser=false --from=https://localhost:8125/google -v=3 2> "${PFILE}" &
+ sleep 2
+ # Search for the url and run it.
+ cat "${PFILE}" | grep https |
+ while read url; do
+ RESULT=$(curl -L --insecure -c ${WORKDIR}/cookiejar $url);
+ # Clear out the file
+ echo $RESULT;
+ break;
+ done;
+ rm "${PFILE}";
+}
+
+main() {
+ cd "${WORKDIR}"
+ build
+
+ # Setup the certificate files.
+ echo "${CERT}" > "${WORKDIR}/cert.pem"
+ echo "${KEY}" > "${WORKDIR}/key.pem"
+
+ shell_test::setup_server_test || shell_test::fail "line ${LINENO} failed to setup server test"
+ unset VEYRON_CREDENTIALS
+
+ # Start the identityd server in test identity server.
+ shell_test::start_server "${IDENTITYD_BIN}" --host=localhost --tlsconfig="${WORKDIR}/cert.pem,${WORKDIR}/key.pem" -veyron.tcp.address=127.0.0.1:0
+ echo Identityd Log File: $START_SERVER_LOG_FILE
+ export VEYRON_CREDENTIALS="$(shell::tmp_dir)"
+
+ # Test an initial seekblessings call, with a specified VEYRON_CREDENTIALS.
+ WANT="Received blessings"
+ GOT=$(runprincipal)
+ if [[ ! "${GOT}" =~ "${WANT}" ]]; then
+ shell_test::fail "line ${LINENO} failed first seekblessings call"
+ fi
+ # Test that a subsequent call succeed with the same credentials. This means that the blessings and principal from the first call works correctly.
+ GOT=$(runprincipal)
+ if [[ ! "${GOT}" =~ "${WANT}" ]]; then
+ shell_test::fail "line ${LINENO} failed second seekblessings call"
+ fi
+
+ shell_test::pass
+}
+
+main "$@"
\ No newline at end of file
