Google Git
Sign in
vanadium / release.go.x.ref / d9ffea919bac85e730d83d958884a683981cb7db / . / tools / principal / test.sh
blob: 73d736344005d9abe8f8ec9e98f1fe965ed51a24 [file] [log] [blame]
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]1#!/bin/bash
2
3# Test the principal command-line tool.
4#
5# This tests most operations of the principal command-line tool.
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]6# Not the "seekblessing" command yet, since that requires
7# starting a separate server.
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]8
Jiri Simsa3540e3a2014-12-26 07:54:09 -0800[diff] [blame]9source "$(go list -f {{.Dir}} v.io/core/shell/lib)/shell_test.sh"
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]10
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]11readonly WORKDIR=${shell_test_WORK_DIR}
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]12
13build() {
Jiri Simsa764efb72014-12-25 20:57:03 -0800[diff] [blame]14 PRINCIPAL_BIN="$(shell_test::build_go_binary 'v.io/core/veyron/tools/principal')"
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]15}
16
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]17# rmpublickey replaces public keys (16 hex bytes, :-separated) with XX:....
18# This substitution enables comparison with golden output even when keys are freshly
19# minted by the "principal create" command.
20rmpublickey() {
21 sed -e "s/\([0-9a-f]\{2\}:\)\{15\}[0-9a-f]\{2\}/XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX/g"
22}
23
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]24rmcaveats() {
25 sed -e "s/security.unixTimeExpiryCaveat([^)]*)/security.unixTimeExpiryCaveat/"
26}
27
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]28dumpblessings() {
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]29 "${PRINCIPAL_BIN}" dumpblessings "$1" | rmpublickey | rmcaveats
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]30}
31
32main() {
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]33 cd "${WORKDIR}"
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]34 build
35
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]36 # Prevent any VEYRON_CREDENTIALS in the environment from interfering with this test.
37 unset VEYRON_CREDENTIALS
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]38 # Create three principals, one called "alice" one called "bob" and one called "carol"
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]39 "${PRINCIPAL_BIN}" create --overwrite=true ./alice alice >/dev/null || shell_test::fail "line ${LINENO}: create failed"
40 "${PRINCIPAL_BIN}" create ./bob bob >/dev/null || shell_test::fail "line ${LINENO}: create failed"
41 "${PRINCIPAL_BIN}" create --overwrite=true ./bob bob >/dev/null || shell_test::fail "line ${LINENO}: create failed"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]42 "${PRINCIPAL_BIN}" create ./carol carol >/dev/null || shell_test::fail "line ${LINENO}: create failed"
43
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]44 # Run dump, bless, blessself on alice
45 export VEYRON_CREDENTIALS=./alice
Jing Jin89312ff2014-10-24 10:42:08 -0700[diff] [blame]46 "${PRINCIPAL_BIN}" blessself alicereborn >alice.blessself || shell_test::fail "line ${LINENO}: blessself failed"
47 "${PRINCIPAL_BIN}" bless ./bob friend >alice.bless || shell_test::fail "line ${LINENO}: bless failed"
48 "${PRINCIPAL_BIN}" dump >alice.dump || shell_test::fail "line ${LINENO}: dump failed"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]49
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]50 # Run store setdefault, store default, store set, store forpeer on bob
Asim Shankar1789b8a2014-10-31 17:31:41 -0700[diff] [blame]51 # This time use the --veyron.credentials flag to set the principal.
52 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store setdefault alice.bless || shell_test::fail "line ${LINENO}: store setdefault failed"
53 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store default >bob.store.default || shell_test::fail "line ${LINENO}: store default failed"
54 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store set alice.bless alice/... || shell_test::fail "line ${LINENO}: store set failed"
Cosmos Nicolaou3bdf6372014-12-10 09:53:52 -0800[diff] [blame]55 "${PRINCIPAL_BIN}" --veyron.credentials=./bob store forpeer alice/server >bob.store.forpeer || shell_test::fail "line ${LINENO}: store forpeer failed"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]56
Ankure548f392014-12-08 18:42:41 -0800[diff] [blame]57 # Run recvblessings on carol, and have alice send blessings over
58 # (blessings received must be set as default and shareable with all peers.)
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]59 "${PRINCIPAL_BIN}" --veyron.credentials=./carol --veyron.tcp.address=127.0.0.1:0 recvblessings >carol.recvblessings&
60 shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" carol.recvblessings "bless --remote_key" || shell_test::fail "line ${LINENO}: recvblessings did not print command for sender"
61 local -r PRINCIPAL_BIN_DIR=$(dirname "${PRINCIPAL_BIN}")
62 local SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|extension[0-9]*|friend/carol|')
63 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
64 $(${SEND_BLESSINGS_CMD}) || shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} failed"
65 grep "Received blessings: alice/friend/carol" carol.recvblessings >/dev/null || shell_test::fail "line ${LINENO}: recvblessings did not log any blessings received $(cat carol.recvblessings)"
Ankure548f392014-12-08 18:42:41 -0800[diff] [blame]66 # Run recvblessings on carol, and have alice send blessings over
67 # (blessings received must be set as shareable with peers matching 'alice/...'.)
68 "${PRINCIPAL_BIN}" --veyron.credentials=./carol --veyron.tcp.address=127.0.0.1:0 recvblessings --for_peer=alice/... --set_default=false >carol.recvblessings&
69 shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" carol.recvblessings "bless --remote_key" || shell_test::fail "line ${LINENO}: recvblessings did not print command for sender"
70 SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|extension[0-9]*|friend/carol/foralice|')
71 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
72 $(${SEND_BLESSINGS_CMD}) || shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} failed"
73 grep "Received blessings: alice/friend/carol/foralice" carol.recvblessings >/dev/null || shell_test::fail "line ${LINENO}: recvblessings did not log any blessings received $(cat carol.recvblessings)"
Ankurd8762692014-12-12 10:50:12 -0800[diff] [blame]74 # Mucking around with the public key should fail
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]75 "${PRINCIPAL_BIN}" --veyron.credentials=./carol --veyron.tcp.address=127.0.0.1:0 recvblessings >carol.recvblessings&
Ankurd8762692014-12-12 10:50:12 -0800[diff] [blame]76 local -r RECV_BLESSINGS_PID="$!"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]77 shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" carol.recvblessings "bless --remote_key" || shell_test::fail "line ${LINENO}: recvblessings did not print command for sender"
78 SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|remote_key=|remote_key=BAD|')
79 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
80 $(${SEND_BLESSINGS_CMD} 2>error) && shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} should have failed"
81 grep "key mismatch" error >/dev/null || shell_test::fail "line ${LINENO}: key mismatch error not printed"
82 # Mucking around with the token should fail
83 SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|remote_token=|remote_token=BAD|')
84 SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
85 $(${SEND_BLESSINGS_CMD} 2>error) && shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} should have failed"
86 grep "blessings received from unexpected sender" error >/dev/null || shell_test::fail "line ${LINENO}: unexpected sender error not printed"
Ankurc24ff422014-12-16 17:59:26 -0800[diff] [blame]87 kill -9 "${RECV_BLESSINGS_PID}"
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]88 # Dump carol out, the only blessing that survives should be from the first
89 # "bless" command. (alice/friend/carol).
90 "${PRINCIPAL_BIN}" --veyron.credentials=./carol dump >carol.dump || shell_test::fail "line ${LINENO}: dump failed"
91
Ankurc24ff422014-12-16 17:59:26 -0800[diff] [blame]92 # Run fork to setup up credentials for alice-phone that are blessed by alice under the extension "phone".
93 "${PRINCIPAL_BIN}" --veyron.credentials=./alice fork ./alice-phone "phone" >/dev/null || shell_test::fail "line ${LINENO}: fork failed"
94 # Dump alice-phone out, the only blessings it has must be from alice (alice/phone).
95 "${PRINCIPAL_BIN}" --veyron.credentials=./alice-phone dump >alice-phone.dump || shell_test::fail "line ${LINENO}: dump failed"
96
97 # Run fork to setup up credentials for alice-phone-calendar that are blessed by alice-phone under the extension "calendar".
98 "${PRINCIPAL_BIN}" --veyron.credentials=./alice-phone fork ./alice-phone-calendar "calendar" >/dev/null || shell_test::fail "line ${LINENO}: fork failed"
99 # Dump alice-phone-calendar out, the only blessings it has must be from alice-phone (alice/phone/calendar).
100 "${PRINCIPAL_BIN}" --veyron.credentials=./alice-phone-calendar dump >alice-phone-calendar.dump || shell_test::fail "line ${LINENO}: dump failed"
101
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]102 # Any other commands to be run without VEYRON_CREDENTIALS set.
103 unset VEYRON_CREDENTIALS
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]104
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]105 # Validate the output of various commands (mostly using "principal dump" or "principal dumpblessings")
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]106 cat alice.dump | rmpublickey >got || shell_test::fail "line ${LINENO}: cat alice.dump | rmpublickey failed"
107 cat >want <<EOF
108Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
109---------------- BlessingStore ----------------
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]110Default blessings: alice
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]111Peer pattern : Blessings
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]112... : alice
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]113---------------- BlessingRoots ----------------
114Public key : Pattern
115XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [alice/...]
116EOF
Cosmos Nicolaou3bdf6372014-12-10 09:53:52 -0800[diff] [blame]117 if ! diff -C 5 got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]118 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]119 fi
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]120
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]121 dumpblessings alice.blessself >got || shell_test::fail "line ${LINENO}: dumpblessings failed"
122 cat >want <<EOF
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]123Blessings : alicereborn
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]124PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]125Certificate chains : 1
126Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
127 Certificate #0: alicereborn with 0 caveats
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]128EOF
Cosmos Nicolaou3bdf6372014-12-10 09:53:52 -0800[diff] [blame]129 if ! diff -C 5 got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]130 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]131 fi
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]132
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]133 dumpblessings bob.store.default >got || shell_test::fail "line ${LINENO}: dumpblessings failed"
134 cat >want <<EOF
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]135Blessings : alice/friend
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]136PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]137Certificate chains : 1
138Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
139 Certificate #0: alice with 0 caveats
140 Certificate #1: friend with 1 caveat
141 (0) security.unixTimeExpiryCaveat
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]142EOF
Cosmos Nicolaou3bdf6372014-12-10 09:53:52 -0800[diff] [blame]143 if ! diff -C 5 got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]144 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]145 fi
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]146
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]147 dumpblessings bob.store.forpeer >got || shell_test::fail "line ${LINENO}: dumpblessings failed"
148 cat >want <<EOF
Asim Shankarb18a44f2014-10-21 20:25:07 -0700[diff] [blame]149Blessings : bob#alice/friend
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]150PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Asim Shankardf88a2e2014-10-21 17:20:28 -0700[diff] [blame]151Certificate chains : 2
152Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
153 Certificate #0: bob with 0 caveats
154Chain #1 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
155 Certificate #0: alice with 0 caveats
156 Certificate #1: friend with 1 caveat
157 (0) security.unixTimeExpiryCaveat
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]158EOF
Cosmos Nicolaou3bdf6372014-12-10 09:53:52 -0800[diff] [blame]159 if ! diff -C 5 got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]160 shell_test::fail "line ${LINENO}"
Asim Shankar66c52f92014-10-15 23:39:10 -0700[diff] [blame]161 fi
Jiri Simsa85aea7b2014-10-15 15:48:36 -0700[diff] [blame]162
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]163 cat carol.dump | rmpublickey >got || shell_test::fail "line ${LINENO}: cat carol.dump | rmpublickey failed"
164 cat >want <<EOF
165Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
166---------------- BlessingStore ----------------
167Default blessings: alice/friend/carol
168Peer pattern : Blessings
169... : alice/friend/carol
Ankure548f392014-12-08 18:42:41 -0800[diff] [blame]170alice/... : alice/friend/carol/foralice
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]171---------------- BlessingRoots ----------------
172Public key : Pattern
173XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [alice/...]
174XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [carol/...]
175EOF
Cosmos Nicolaou3bdf6372014-12-10 09:53:52 -0800[diff] [blame]176 if ! diff -C 5 got want; then
Asim Shankarf11b1bc2014-11-12 17:18:45 -0800[diff] [blame]177 shell_test::fail "line ${LINENO}"
178 fi
Ankurc24ff422014-12-16 17:59:26 -0800[diff] [blame]179
180 cat alice-phone.dump | rmpublickey >got || shell_test::fail "line ${LINENO}: cat alice-phone.dump | rmpublickey failed"
181 cat >want <<EOF
182Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
183---------------- BlessingStore ----------------
184Default blessings: alice/phone
185Peer pattern : Blessings
186... : alice/phone
187---------------- BlessingRoots ----------------
188Public key : Pattern
189XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [alice/...]
190EOF
191 if ! diff -C 5 got want; then
192 shell_test::fail "line ${LINENO}"
193 fi
194
195 cat alice-phone-calendar.dump | rmpublickey >got || shell_test::fail "line ${LINENO}: cat alice-phone-calendar.dump | rmpublickey failed"
196 cat >want <<EOF
197Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
198---------------- BlessingStore ----------------
199Default blessings: alice/phone/calendar
200Peer pattern : Blessings
201... : alice/phone/calendar
202---------------- BlessingRoots ----------------
203Public key : Pattern
204XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX : [alice/...]
205EOF
206 if ! diff -C 5 got want; then
207 shell_test::fail "line ${LINENO}"
208 fi
Ankurcf6a89f2014-10-06 18:33:03 -0700[diff] [blame]209 shell_test::pass
210}
211
212main "$@"