#!/bin/bash -x # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: # # Copyright (c) 2016 Red Hat, Inc. # Author: Nathaniel McCallum # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # function on_exit() { if [ "$PID" ]; then kill $PID; wait $PID || true; fi [ -d "$TMP" ] && rm -rf $TMP } trap 'on_exit' EXIT trap 'exit' ERR export TMP=`mktemp -d` mkdir -p $TMP/db mkdir -p $TMP/cache # Generate the server keys tangd-keygen $TMP/db sig exc tangd-update $TMP/db $TMP/cache # Generate the client keys exc_kid=`jose jwk thp -i $TMP/db/exc.jwk` tmp=`jose fmt -j $TMP/db/exc.jwk -Od x -d y -d d -o-` jose jwk gen -i "$tmp" -o $TMP/exc.jwk jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk # Start the server port=`shuf -i 1024-65536 -n 1` $SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/cache & export PID=$! sleep 0.5 # Make sure that GET fails ! curl -sf http://127.0.0.1:$port/rec ! curl -sf http://127.0.0.1:$port/rec/ # Make a recovery request (NOTE: this is insecure! Don't do this in real code!) good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk` test=`curl -sf -X POST \ -H "Content-Type: application/jwk+json" \ --data-binary @- \ http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk` [ "$good" == "$test" ]