| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 | /*
 This file is part of GNU Taler
 (C) 2020 Taler Systems S.A.
 GNU Taler is free software; you can redistribute it and/or modify it under the
 terms of the GNU General Public License as published by the Free Software
 Foundation; either version 3, or (at your option) any later version.
 GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 You should have received a copy of the GNU General Public License along with
 GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */
/**
 * Imports.
 */
import { GlobalTestState } from "../harness/harness.js";
import {
  SandboxUserBundle,
  NexusUserBundle,
  launchLibeufinServices,
  LibeufinSandboxApi,
  LibeufinNexusApi,
} from "../harness/libeufin";
/**
 * Run basic test with LibEuFin.
 */
export async function runLibeufinKeyrotationTest(t: GlobalTestState) {
  /**
   * User saltetd "01"
   */
  const user01nexus = new NexusUserBundle(
    "01",
    "http://localhost:5010/ebicsweb",
  );
  const user01sandbox = new SandboxUserBundle("01");
  /**
   * Launch Sandbox and Nexus.
   */
  const libeufinServices = await launchLibeufinServices(
    t, [user01nexus], [user01sandbox],
  );
  await LibeufinNexusApi.fetchTransactions(
    libeufinServices.libeufinNexus,
    user01nexus.localAccountName,
  );
  /* Rotate the Sandbox keys, and fetch the transactions again */
  await LibeufinSandboxApi.rotateKeys(
    libeufinServices.libeufinSandbox,
    user01sandbox.ebicsBankAccount.subscriber.hostID,
  );
  try {
    await LibeufinNexusApi.fetchTransactions(
      libeufinServices.libeufinNexus,
      user01nexus.localAccountName,
    );
  } catch (e: any) {
    /**
     * Asserting that Nexus responded with a 500 Internal server
     * error, because the bank signed the last response with a new
     * key pair that was never downloaded by Nexus.
     *
     * NOTE: the bank accepted the request addressed to the old
     * public key.  Should it in this case reject the request even
     * before trying to verify it?
     */
    t.assertTrue(e.response.status == 500);
    t.assertTrue(e.response.data.code == 9000);
  }
}
runLibeufinKeyrotationTest.suites = ["libeufin"];
 |