-
Notifications
You must be signed in to change notification settings - Fork 119
/
webid-delegation.sh
executable file
·51 lines (38 loc) · 1.49 KB
/
webid-delegation.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/usr/bin/env bash
set -euo pipefail
initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
purge_cache "$END_USER_VARNISH_SERVICE"
purge_cache "$ADMIN_VARNISH_SERVICE"
purge_cache "$FRONTEND_VARNISH_SERVICE"
pushd . > /dev/null && cd "$SCRIPT_ROOT"
# check that the acl:delegates triple exists in the agent's description
./get-document.sh \
-f "$AGENT_CERT_FILE" \
-p "$AGENT_CERT_PWD" \
--accept 'application/n-triples' \
"$AGENT_URI" \
| grep "<${SECRETARY_URI}> <http://www.w3.org/ns/auth/acl#delegates> <${AGENT_URI}>"
popd
# agent not authorized - delegation should fail
curl --head -k -w "%{http_code}\n" -o /dev/null -s \
-E "$SECRETARY_CERT_FILE":"$SECRETARY_CERT_PWD" \
-H "Accept: text/turtle" \
-H "On-Behalf-Of: ${AGENT_URI}" \
"$END_USER_BASE_URL" \
| grep -q "$STATUS_FORBIDDEN"
pushd . > /dev/null && cd "$SCRIPT_ROOT/admin/acl"
# add agent to the writers group to be able to read/write documents (might already be done by another test)
./add-agent-to-group.sh \
-f "$OWNER_CERT_FILE" \
-p "$OWNER_CERT_PWD" \
--agent "$AGENT_URI" \
"${ADMIN_BASE_URL}acl/groups/writers/"
popd > /dev/null
# agent authorized - delegation should succeed
curl --head -k -w "%{http_code}\n" -o /dev/null -f -s \
-E "$SECRETARY_CERT_FILE":"$SECRETARY_CERT_PWD" \
-H "Accept: text/turtle" \
-H "On-Behalf-Of: ${AGENT_URI}" \
"$END_USER_BASE_URL" \
| grep -q "$STATUS_OK"