diff options
| -rw-r--r-- | integration/conf/client.config | 13 | ||||
| -rw-r--r-- | integration/conf/sigsum.config | 6 | ||||
| -rw-r--r-- | integration/conf/trillian.config | 7 | ||||
| -rw-r--r-- | integration/config | 18 | ||||
| -rwxr-xr-x | integration/run | 87 | ||||
| -rwxr-xr-x | integration/start_sigsum_serv | 15 | ||||
| -rwxr-xr-x | integration/start_tlog_seq | 10 | ||||
| -rwxr-xr-x | integration/start_tlog_serv | 6 | ||||
| -rwxr-xr-x | integration/test.sh | 164 |
9 files changed, 190 insertions, 136 deletions
diff --git a/integration/conf/client.config b/integration/conf/client.config new file mode 100644 index 0000000..e62588f --- /dev/null +++ b/integration/conf/client.config @@ -0,0 +1,13 @@ +#!/bin/bash + +# +# Setup instructions: +# +# - Use `sigsum-debug keygen` to get a private key +# - Set a domain hint that starts with "_sigsum_v0." +# - Configure domain hint to be aware of the output of the appropriate +# key hash. See `sigsum-debug pubkey` and `sigsum-debug keyhash`. +# + +cli_priv=29599fd81e266e161a9df977044dda89ab72fe9c8a98f23026f7fb63ee2feed9cda2517e17dcba133eb0e71bf77473f94a77d7e61b1de4e1e64adfd0938d6182 +cli_domain_hint=_sigsum_v0.testonly.rgdd.se diff --git a/integration/conf/sigsum.config b/integration/conf/sigsum.config new file mode 100644 index 0000000..c44ccc0 --- /dev/null +++ b/integration/conf/sigsum.config @@ -0,0 +1,6 @@ +#!/bin/bash + +ssrv_endpoint=localhost:6966 +ssrv_prefix=testonly +ssrv_shard_start=2009 +ssrv_interval=15s diff --git a/integration/conf/trillian.config b/integration/conf/trillian.config new file mode 100644 index 0000000..eaa6f6d --- /dev/null +++ b/integration/conf/trillian.config @@ -0,0 +1,7 @@ +#!/bin/bash + +tsrv_rpc=localhost:6962 +tseq_rpc=localhost:6963 + +tsrv_http=localhost:6964 +tseq_http=localhost:6965 diff --git a/integration/config b/integration/config deleted file mode 100644 index 186c88f..0000000 --- a/integration/config +++ /dev/null @@ -1,18 +0,0 @@ -# Use createtree to create a trillian tree and set tree_id. -tree_id= - -# Use sigsum_keygen to generate a key pair for the log and set log_sk. -log_sk= - -# Use sigsum_keygen to generate a key pair for the witness and set wit_sk. -wit_sk= - -# Use sigsum_keygen to generate a key pair for submission and set submit_sk. -# Add a TXT record named $domain_hint with the hash of the vk as its value. -submit_sk= -domain_hint=_sigsum_v0.example.com - - -log_vk=$(echo $log_sk | cut -c 65-) -wit_vk=$(echo $wit_sk | cut -c 65-) -submit_vk=$(echo $submit_sk | cut -c 65-) diff --git a/integration/run b/integration/run deleted file mode 100755 index f9045dc..0000000 --- a/integration/run +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# -# You will need to configure Trillian locally on your test machine. See -# -# cmd/sigsum_log_go/README.md. -# -# for some pointers. Ensure that trillian_log_server and trillian_log_signer -# are in $GOPATH, and set the appropriate Trillian id in start_sigsum_server. -# -# You will also need to install into your $GOPATH: -# -# go build -o $GOPATH/bin/sigsum_log_go cmd/sigsum_log_go/main.go -# go build -o $GOPATH/bin/sigsum_keygen cmd/tmp/keygen/main.go -# go build -o $GOPATH/bin/cosign cmd/tmp/cosign/main.go -# go build -o $GOPATH/bin/submit cmd/tmp/submit/main.go -# -# Run the test as follows: -# -# 1. integration/start_tlog_seq # "terminal 1" -# 2. integration/start_tlog_serv # "terminal 2" -# 3. integration/start_sigsum_serv # "terminal 3" -# 4. integration/run # "terminal 4" -# -# What you expect to see is if the different endpoints function. -# -# - There is a to-cosign tree head -# - Submitting four entries work -# - Adding a cosignature works -# - Cosigned tree head is not available (waiting for rotate) -# - Experimental checkpoint works -# - Consistency proof works -# - Fetching entries work -# - Cosigned tree head is available (tree heads rotated) -# -# Warning: it is assumed that there are at least 4 leaves in the database. -# Warning: the get-inclusion-proof endpoint is not poked. -# Warning: this needs to be replaced, see issues/add-integration-test.md. -# - -. "$(dirname $0)/config" - -now=$(date +%s) -url=http://localhost:6965/testonly/sigsum/v0 -shard_hint=$(date +%s) - -wait_seconds=5 - -echo "test: get-tree-head-to-sign" -curl $url/get-tree-head-to-sign -sleep $wait_seconds; echo "" - -echo "test: submitting four..." -$GOPATH/bin/submit --sk=$submit_sk --shard_hint=$shard_hint --domain_hint=$domain_hint | bash -$GOPATH/bin/submit --sk=$submit_sk --shard_hint=$shard_hint --domain_hint=$domain_hint | bash -$GOPATH/bin/submit --sk=$submit_sk --shard_hint=$shard_hint --domain_hint=$domain_hint | bash -$GOPATH/bin/submit --sk=$submit_sk --shard_hint=$shard_hint --domain_hint=$domain_hint | bash -sleep $wait_seconds - -echo "test: cosigning..." -$GOPATH/bin/cosign --url=$url --log_vk=$log_vk --sk=$wit_sk -sleep $wait_seconds -echo "" - -echo "test: get-tree-head-cosigned -- expect Error=no cosignatures available" -curl $url/get-tree-head-cosigned -sleep $wait_seconds -echo "" - -echo "test: get-checkpoint" -curl $url/get-checkpoint -sleep $wait_seconds -echo "" - -echo "test: get-consistency-proof (expect failure on first run with new log)" -printf "old_size=1\nnew_size=4\n" | curl --data-binary @- $url/get-consistency-proof -sleep $wait_seconds -echo "" - -echo "test: get-leaves (first and second)" -printf "start_size=0\nend_size=1\n" | curl --data-binary @- $url/get-leaves -sleep $wait_seconds -echo "" - -echo "with 30s interval we should now have a cosigned tree head" -curl $url/get-tree-head-cosigned -echo "" diff --git a/integration/start_sigsum_serv b/integration/start_sigsum_serv deleted file mode 100755 index c4552c2..0000000 --- a/integration/start_sigsum_serv +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -. "$(dirname $0)/config" - -shard_start=1 -prefix=testonly - -echo "running sigsum-log-go with vk: $log_vk" -$GOPATH/bin/sigsum_log_go \ - --logtostderr --v 3\ - --prefix $prefix \ - --key $log_sk \ - --trillian_id $tree_id \ - --witnesses $wit_vk \ - --shard_interval_start $shard_start diff --git a/integration/start_tlog_seq b/integration/start_tlog_seq deleted file mode 100755 index 29d1fb3..0000000 --- a/integration/start_tlog_seq +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -$GOPATH/bin/trillian_log_signer \ - --logtostderr \ - --force_master \ - --rpc_endpoint=localhost:6961 \ - --http_endpoint=localhost:6964 \ - --num_sequencers 1 \ - --sequencer_interval 100ms \ - --batch_size 100 diff --git a/integration/start_tlog_serv b/integration/start_tlog_serv deleted file mode 100755 index a9fc5dd..0000000 --- a/integration/start_tlog_serv +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -$GOPATH/bin/trillian_log_server \ - --logtostderr \ - --rpc_endpoint=localhost:6962 \ - --http_endpoint=localhost:6963 diff --git a/integration/test.sh b/integration/test.sh new file mode 100755 index 0000000..64996ae --- /dev/null +++ b/integration/test.sh @@ -0,0 +1,164 @@ +#!/bin/bash + +set -eu +trap cleanup EXIT + +function main() { + log_dir=$(mktemp -d) + info "writing logs to $log_dir" + + check_go_deps + trillian_setup conf/trillian.config + sigsum_setup conf/sigsum.config + client_setup conf/client.config + check_setup + + run_tests +} + +function check_go_deps() { + [[ $(command -v trillian_log_signer) ]] || die "Hint: go install github.com/google/trillian/cmd/trillian_log_signer@v1.3.13" + [[ $(command -v trillian_log_server) ]] || die "Hint: go install github.com/google/trillian/cmd/trillian_log_server@v1.3.13" + [[ $(command -v createtree) ]] || die "Hint: go install github.com/google/trillian/cmd/createtree@v1.3.13" + [[ $(command -v deletetree) ]] || die "Hint: go install github.com/google/trillian/cmd/deletetree@v1.3.13" + [[ $(command -v sigsum_log_go) ]] || die "Hint: go install git.sigsum.org/sigsum-log-go/cmd/sigsum_log_go@v0.3.5" + [[ $(command -v sigsum-debug) ]] || die "Hint: see sigsum-tools-go repo, branch rgdd/sigsum-debug" +} + +function client_setup() { + source $1 + + cli_pub=$(echo $cli_priv | sigsum-debug pubkey) + cli_key_hash=$(echo $cli_pub | sigsum-debug hashkey) + + [[ $cli_domain_hint =~ ^_sigsum_v0..+ ]] || + die "must have a valid domain hint" + + for line in $(dig +short -t txt $cli_domain_hint); do + key_hash=${line:1:${#line}-2} + if [[ $key_hash == $cli_key_hash ]]; then + return + fi + done + + die "must have a properly configured domain hint" +} + +function trillian_setup() { + source $1 + + trillian_log_server\ + -rpc_endpoint=$tsrv_rpc\ + -http_endpoint=$tsrv_http\ + -log_dir=$log_dir 2>/dev/null & + tsrv_pid=$! + info "started Trillian log server (pid $tsrv_pid)" + + trillian_log_signer\ + -force_master\ + -rpc_endpoint=$tseq_rpc\ + -http_endpoint=$tseq_http\ + -log_dir=$log_dir 2>/dev/null & + + tseq_pid=$! + info "started Trillian log sequencer (pid $tseq_pid)" + + ssrv_tree_id=$(createtree --admin_server $tsrv_rpc 2>/dev/null) + [[ $? -eq 0 ]] || + die "must provision a new Merkle tree" + + info "provisioned Merkle tree with id $ssrv_tree_id" +} + +function sigsum_setup() { + source $1 + + wit1_priv=$(sigsum-debug genkey) + wit1_pub=$(echo $wit1_priv | sigsum-debug pubkey) + wit1_key_hash=$(echo $wit1_pub | sigsum-debug hashkey) + + wit2_priv=$(sigsum-debug genkey) + wit2_pub=$(echo $wit2_priv | sigsum-debug pubkey) + wit2_key_hash=$(echo $wit2_pub | sigsum-debug hashkey) + + ssrv_witnesses=$wit1_key_hash,$wit2_key_hash + ssrv_priv=$(sigsum-debug genkey) + ssrv_pub=$(echo $ssrv_priv | sigsum-debug pubkey) + + sigsum_log_go\ + -prefix=$ssrv_prefix\ + -trillian_id=$ssrv_tree_id\ + -shard_interval_start=$ssrv_shard_start\ + -key=$ssrv_priv\ + -witnesses=$ssrv_witnesses\ + -interval=$ssrv_interval\ + -http_endpoint=$ssrv_endpoint\ + -log_dir=$log_dir -v=3 2>/dev/null & + ssrv_pid=$! + + info "started Sigsum log server on $ssrv_endpoint (pid $ssrv_pid)" +} + +function cleanup() { + set +e + + info "cleaning up, please wait..." + sleep 1 + + kill -2 $ssrv_pid + kill -2 $tseq_pid + while :; do + sleep 1 + + ps -p $tseq_pid >/dev/null && continue + ps -p $ssrv_pid >/dev/null && continue + + break + done + + info "stopped Trillian log sequencer" + info "stopped Sigsum log server" + + deletetree -admin_server=$tsrv_rpc -log_id=$ssrv_tree_id || + warn "failed deleting provisioned Merkle tree" + + info "deleteted provisioned Merkle tree" + + kill -2 $tsrv_pid + while :; do + sleep 1 + + ps -p $tsrv_pid >/dev/null && continue + + break + done + + info "stopped Trillian log server" +} + +function check_setup() { + sleep 3 + + ps -p $tseq_pid >/dev/null || die "must have Trillian log sequencer" + ps -p $tsrv_pid >/dev/null || die "must have Trillian log server" + ps -p $ssrv_pid >/dev/null || die "must have Sigsum log server" +} + +function run_tests() { + info "TODO: add tests" +} + +function die() { + echo "$(date +"%Y-%m-%d %H:%M:%S") [FATA] $@" >&2 + exit 1 +} + +function info() { + echo "$(date +"%Y-%m-%d %H:%M:%S") [INFO] $@" >&2 +} + +function warn() { + echo "$(date +"%Y-%m-%d %H:%M:%S") [WARN] $@" >&2 +} + +main |