blob: b229aec914c47a9401242724b00baeebac38deba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
#!/bin/bash
# Need to add cleanup function to remove the log_dir in the next phase (if required).
# trap cleanup EXIT
env -i
set -x
function check_dns_ping() {
response=$(dig +short poc.sigsum.org)
ip_addr=$(echo $response | tail -1 | cut -d' ' -f 2)
ping -c 1 $ip_addr
if [ $? -ne 0 ]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Failure: Can not reach IPv4 $ip_addr"
full_msg="$msg $response"
fail "$full_msg"
fi
}
function check_ipv6_dns_ping() {
response=$(dig +short poc.sigsum.org AAAA)
ip_addr=$(echo $response | tail -1 | cut -d' ' -f 2)
ping -c 1 $ip_addr
if [ $? -ne 0 ]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Failure: Can not reach IPv6 $ip_addr"
full_msg="$msg $response"
fail "$full_msg"
fi
}
function check_ipv6() {
response=$(curl -6 -s -w '%{http_code}' https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-tree-head-cosigned)
http_code=$(tail -n1 <<< "$response")
if [ $http_code != 200 ]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Warning: Connection over IPv6 failed. status_code $http_code"
fail "$msg"
check_ipv6_dns_ping
else
echo Connection over IPv6 is working. status_code $http_code
fi
}
function safe_methods() {
links=("https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-tree-head-cosigned" "https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-tree-head-to-cosign" "https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-leaves/0/1" "https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-consistency-proof/1/3")
for url in ${links[@]};
do
response=$(curl -s -w "%{http_code}" $url)
http_code=$(tail -n1 <<< "$response")
domain_name=$(echo $url | awk -F[/:] '{print $4}')
api=$url
if [ $http_code != 200 ]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Warning: $url is down. status_code $http_code"
fail "$msg"
check_dns_ping
else
echo $url is working. status_code $http_code
fi
done
}
function get_tree_size() {
res=$(curl -s https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-tree-head-cosigned)
resarray=($res)
export ${resarray[1]}
echo $tree_size
}
function main() {
# Used the current poc log pub_key from https://git.sigsum.org/log-go/tree/README.md
log_pub_key=4791eff3bfc17f352bcc76d4752b38c07882093a5935a84577c63de224b0f6b3
log_pub_key_hash=$(echo $log_pub_key | sigsum-debug key hash)
# Checking the connection over IPv6
check_ipv6
# Calling all get_methods
safe_methods
# Creates a new temporary directory for the test run
log_dir=$(mktemp -d)
# Storing `get-leaves` output in `res`
res=$(curl -s https://poc.sigsum.org/crocodile-icefish/sigsum/v0/get-leaves/0/1)
# Converting `$res` in an array spliting by space
# To see the whole array try : `echo ${resarray[*]}`
resarray=($res)
# Exporting the first value of the resarray, shard_hint value
export ${resarray[0]}
# Exporting the `shard_hint` value in `ssrv_shard_start`
export ssrv_shard_start=$shard_hint
# Everytime message in add_leaf has to unique. Using the `date +%s`` for that.
# Exporting the value of date +%s command in seed_value (tobe used as message)
export seed_value=`date +%s`
# Generated all the following private, public and hash of public key via sigsum-debug tool.
# See `sigsum-debug key help`
# `./priv` contains the private key of the signer/submitter
cli_priv=`cat ./priv`
# `./pub` contains the public key of the signer/submitter
# `./pub`, the public key has to be added to the log first time before trying the code.
cli_pub=`cat ./pub`
# `./pubhash` contains the hash public key of the signer/submitter
cli_key_hash=`cat ./pubhash`
cli_domain_hint=_sigsum_v0.sigsum.org
log_url=https://poc.sigsum.org/crocodile-icefish/sigsum/v0
check_add_leaf $seed_value
wit1_priv=`cat wit1_priv`
wit1_pub=`cat wit1_pub`
wit1_key_hash=`cat wit1_pubhash`
# We don't know how much to sleep
sleep 900
get_tree_size
check_inclusion_proof $tree_size $seed_value
check_add_cosignature $wit1_key_hash $wit1_priv
}
function check_add_leaf() {
desc="POST add-leaf (data \"$1\")"
echo "shard_hint=$shard_hint" > $log_dir/req
echo "message=$(openssl dgst -binary <(echo $1) | base16)" >> $log_dir/req
echo "signature=$(echo $1 |
sigsum-debug leaf sign -k $cli_priv -h $shard_hint)" >> $log_dir/req
echo "public_key=$cli_pub" >> $log_dir/req
echo "domain_hint=$cli_domain_hint" >> $log_dir/req
cat $log_dir/req |
curl -s -w "%{http_code}" --data-binary @- $log_url/add-leaf \
>$log_dir/rsp
status_code=$(tail -n1 < $log_dir/rsp)
api=$log_url/add-leaf
if [ $status_code == 202 ]; then
msg="Info: $api request is Accepted with status_code $http_code"
echo $msg
elif [ $status_code != 200 ]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Warning: $api is down with status_code $status_code" # Failure message
fail "$msg" # calling the fail function
return
fi
pass $desc
}
function check_inclusion_proof() {
desc="GET get-inclusion-proof (tree_size $1, data \"$2\")"
signature=$(echo $2 | sigsum-debug leaf sign -k $cli_priv -h $ssrv_shard_start)
leaf_hash=$(echo $2 | sigsum-debug leaf hash -k $cli_key_hash -s $signature -h $ssrv_shard_start)
api=$log_url/get-inclusion-proof/$1/$leaf_hash
curl -s -w "%{http_code}" $api >$log_dir/rsp
cp $log_dir/rsp $log_dir/rsp_get_inclusion_proof
status_code=$(tail -n1 < $log_dir/rsp)
if [[ $status_code != 200 ]]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Warning: $api is down with status_code $status_code" # Failure message
fail "$msg" # calling the fail function
check_dns_ping
return
fi
pass $desc
}
function check_add_cosignature() {
desc="POST add-cosignature (witness $1)"
echo "key_hash=$1" > $log_dir/req
echo "cosignature=$(curl -s $log_url/get-tree-head-to-cosign |
sigsum-debug head sign -k $2 -h $log_pub_key_hash)" >> $log_dir/req
cat $log_dir/req |
curl -s -w "%{http_code}" --data-binary @- $log_url/add-cosignature \
>$log_dir/rsp
status_code=$(tail -n1 < $log_dir/rsp)
api=$log_url/add-cosignature
if [ "$status_code" != 200 ]; then
msg="$(date +"%y-%m-%dT%H:%M:%S%z") Warning:$api is down with status_code $status_code"
fail "$msg"
else
msg="Success: $api is working with status_code $status_code."
echo "$msg"
return
fi
pass $desc
}
function info() {
echo -e "\e[37m$(date +"%y-%m-%dT%H:%M:%S%z")\e[0m [\e[94mINFO\e[0m] $@" >&2
}
function warn() {
echo -e "\e[37m$(date +"%y-%m-%dT%H:%M:%S%z")\e[0m [\e[93mWARN\e[0m] $@" >&2
}
function pass() {
echo -e "\e[37m$(date +"%y-%m-%dT%H:%M:%S%z")\e[0m [\e[32mPASS\e[0m] $@" >&2
}
function fail() {
echo $1 | mail -s "Warning: $api is down" sigsum-log-monitor@lists.sigsum.org
}
function keys() {
declare -A map
map[thedummystring]=to_avoid_error_on_size_zero
while read line; do
key=$(echo $line | cut -d"=" -f1)
map[$key]=ok
done < <(head --lines=-1 $log_dir/rsp)
if [[ $# != $(( ${#map[@]} - 1 )) ]]; then
return 1
fi
for key in $@; do
if [[ -z ${map[$key]} ]]; then
return 1
fi
done
return 0
}
function value_of() {
while read line; do
key=$(echo $line | cut -d"=" -f1)
if [[ $key != $1 ]]; then
continue
fi
value=$(echo $line | cut -d"=" -f2)
echo $value
done < <(head --lines=-1 $log_dir/rsp)
}
main
|