Google Git
Sign in
vanadium / release.go.x.ref / cf140c055a8fcd5ca18c70fd97723768ebc5290c / . / tools / principal / test.sh
blob: 4a456ab03fdc45548fa731af9a774d9498995138 [file] [log] [blame]
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]1#!/bin/bash
2
3# Test the principal command-line tool.
4#
5# This tests most operations of the principal command-line tool.
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]6# Not the "seekblessing" command yet, since that requires
7# starting a separate server.
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]8
9source "${VEYRON_ROOT}/scripts/lib/shell_test.sh"
10
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]11readonly WORKDIR=${shell_test_WORK_DIR}
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]12
13build() {
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]14 PRINCIPAL_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/tools/principal')"
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]15}
16
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]17# rmpublickey replaces public keys (16 hex bytes, :-separated) with XX:....
18# This substitution enables comparison with golden output even when keys are freshly
19# minted by the "principal create" command.
20rmpublickey() {
21 sed -e "s/\([0-9a-f]\{2\}:\)\{15\}[0-9a-f]\{2\}/XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX/g"
22}
23
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]24rmcaveats() {
25 sed -e "s/security.unixTimeExpiryCaveat([^)]*)/security.unixTimeExpiryCaveat/"
26}
27
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]28dumpblessings() {
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]29 "${PRINCIPAL_BIN}" dumpblessings "$1" | rmpublickey | rmcaveats
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]30}
31
32main() {
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]33 cd "${WORKDIR}"
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]34 build
35
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]36 # Prevent any VEYRON_CREDENTIALS in the environment from interfering with this test.
37 unset VEYRON_CREDENTIALS
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]38 # Create three principals, one called "alice" one called "bob" and one called "carol"
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]39 "${PRINCIPAL_BIN}" create --overwrite=true ./alice alice >/dev/null || shell_test::fail "line ${LINENO}: create failed"
40 "${PRINCIPAL_BIN}" create ./bob bob >/dev/null || shell_test::fail "line ${LINENO}: create failed"
41 "${PRINCIPAL_BIN}" create --overwrite=true ./bob bob >/dev/null || shell_test::fail "line ${LINENO}: create failed"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]42 "${PRINCIPAL_BIN}" create ./carol carol >/dev/null || shell_test::fail "line ${LINENO}: create failed"
43
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]44 # Run dump, bless, blessself on alice
45 export VEYRON_CREDENTIALS=./alice
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]46 "${PRINCIPAL_BIN}" blessself alicereborn >alice.blessself || shell_test::fail "line ${LINENO}: blessself failed"
47 "${PRINCIPAL_BIN}" bless ./bob friend >alice.bless || shell_test::fail "line ${LINENO}: bless failed"
48 "${PRINCIPAL_BIN}" dump >alice.dump || shell_test::fail "line ${LINENO}: dump failed"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]49
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]50 # Run store setdefault, store default, store set, store forpeer on bob
Asim Shankar1789b8a2014-10-31 17:31:41 -0700[diff] [blame]51 # This time use the --veyron.credentials flag to set the principal.
52 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store setdefault alice.bless || shell_test::fail "line ${LINENO}: store setdefault failed"
53 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store default >bob.store.default || shell_test::fail "line ${LINENO}: store default failed"
54 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store set alice.bless alice/... || shell_test::fail "line ${LINENO}: store set failed"
55 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store forpeer alice/server >bob.store.forpeer || shell_test::fail "line ${LINENO}: store forpeer failed"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]56
57 # Run recvblessings on carol, and have alice send blessings over.
58 "${PRINCIPAL_BIN}" --veyron.credentials=./carol --veyron.tcp.address=127.0.0.1:0 recvblessings >carol.recvblessings&
59 shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" carol.recvblessings "bless --remote_key" || shell_test::fail "line ${LINENO}: recvblessings did not print command for sender"
60 local -r PRINCIPAL_BIN_DIR=$(dirname "${PRINCIPAL_BIN}")
61 local SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|extension[0-9]*|friend/carol|')
62 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
63 $(${SEND_BLESSINGS_CMD}) || shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} failed"
64 grep "Received blessings: alice/friend/carol" carol.recvblessings >/dev/null || shell_test::fail "line ${LINENO}: recvblessings did not log any blessings received $(cat carol.recvblessings)"
65 # Mucking around with the private key should fail
66 "${PRINCIPAL_BIN}" --veyron.credentials=./carol --veyron.tcp.address=127.0.0.1:0 recvblessings >carol.recvblessings&
67 shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" carol.recvblessings "bless --remote_key" || shell_test::fail "line ${LINENO}: recvblessings did not print command for sender"
68 SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|remote_key=|remote_key=BAD|')
69 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
70 $(${SEND_BLESSINGS_CMD} 2>error) && shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} should have failed"
71 grep "key mismatch" error >/dev/null || shell_test::fail "line ${LINENO}: key mismatch error not printed"
72 # Mucking around with the token should fail
73 SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|remote_token=|remote_token=BAD|')
74 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
75 $(${SEND_BLESSINGS_CMD} 2>error) && shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} should have failed"
76 grep "blessings received from unexpected sender" error >/dev/null || shell_test::fail "line ${LINENO}: unexpected sender error not printed"
77 # Dump carol out, the only blessing that survives should be from the first
78 # "bless" command. (alice/friend/carol).
79 "${PRINCIPAL_BIN}" --veyron.credentials=./carol dump >carol.dump || shell_test::fail "line ${LINENO}: dump failed"
80
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]81 # Any other commands to be run without VEYRON_CREDENTIALS set.
82 unset VEYRON_CREDENTIALS
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]83
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]84 # Validate the output of various commands (mostly using "principal dump" or "principal dumpblessings")
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]85 cat alice.dump | rmpublickey >got || shell_test::fail "line ${LINENO}: cat alice.dump | rmpublickey failed"
86 cat >want <<EOF
87Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
88---------------- BlessingStore ----------------
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]89Default blessings: alice
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]90Peer pattern : Blessings
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]91... : alice
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]92---------------- BlessingRoots ----------------
93Public key : Pattern
94XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [alice/...]
95EOF
96 if ! diff got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]97 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]98 fi
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]99
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]100 dumpblessings alice.blessself >got || shell_test::fail "line ${LINENO}: dumpblessings failed"
101 cat >want <<EOF
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]102Blessings : alicereborn
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]103PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]104Certificate chains : 1
105Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
106 Certificate #0: alicereborn with 0 caveats
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]107EOF
108 if ! diff got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]109 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]110 fi
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]111
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]112 dumpblessings bob.store.default >got || shell_test::fail "line ${LINENO}: dumpblessings failed"
113 cat >want <<EOF
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]114Blessings : alice/friend
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]115PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]116Certificate chains : 1
117Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
118 Certificate #0: alice with 0 caveats
119 Certificate #1: friend with 1 caveat
120 (0) security.unixTimeExpiryCaveat
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]121EOF
122 if ! diff got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]123 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]124 fi
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]125
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]126 dumpblessings bob.store.forpeer >got || shell_test::fail "line ${LINENO}: dumpblessings failed"
127 cat >want <<EOF
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]128Blessings : bob#alice/friend
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]129PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]130Certificate chains : 2
131Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
132 Certificate #0: bob with 0 caveats
133Chain #1 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
134 Certificate #0: alice with 0 caveats
135 Certificate #1: friend with 1 caveat
136 (0) security.unixTimeExpiryCaveat
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]137EOF
138 if ! diff got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]139 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]140 fi
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]141
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]142 cat carol.dump | rmpublickey >got || shell_test::fail "line ${LINENO}: cat carol.dump | rmpublickey failed"
143 cat >want <<EOF
144Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
145---------------- BlessingStore ----------------
146Default blessings: alice/friend/carol
147Peer pattern : Blessings
148... : alice/friend/carol
149---------------- BlessingRoots ----------------
150Public key : Pattern
151XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [alice/...]
152XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [carol/...]
153EOF
154 if ! diff got want; then
155 shell_test::fail "line ${LINENO}"
156 fi
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]157 shell_test::pass
158}
159
160main "$@"