# gentest seed b4e385f4358f7373cfa9184b176f3cccf808e795baf04092ddfde9461014f0c4

# set up log
exec witnessctl add-sigsum-log -key=ffdc2d4d98e4124d3feaf788c0c2f9abfd796083d1f0495437f302ec79cf100f

# start bastion
exec litebastion -tls-cert localhost.pem -tls-key localhost-key.pem -backends=backends.txt &litebastion&
waitfor localhost:8443

# start ssh-agent
env SSH_AUTH_SOCK=$WORK/s # barely below the max path length
! exec ssh-agent -a $SSH_AUTH_SOCK -D & # ssh-agent always exits 2
waitfor $SSH_AUTH_SOCK
chmod 600 witness_key.pem
exec ssh-add witness_key.pem

# fail to start litewitness
! exec litewitness -ssh-agent=$SSH_AUTH_SOCK -name=example.com/witness -bastion=0.0.0.0:443,localhost:8443 -testcert -key=e933707e0e36c30f01d94b5d81e742da373679d88eb0f85f959ccd80b83b992a

# reload backends
mv correct_backends.txt backends.txt
killall -SIGHUP litebastion

# start litewitness
exec litewitness -ssh-agent=$SSH_AUTH_SOCK -name=example.com/witness -bastion=0.0.0.0:443,localhost:8443 -testcert -key=e933707e0e36c30f01d94b5d81e742da373679d88eb0f85f959ccd80b83b992a &litewitness&
waitfor https://localhost:8443/e933707e0e36c30f01d94b5d81e742da373679d88eb0f85f959ccd80b83b992a/

# add-checkpoint
exec hurl --cacert rootCA.pem --test add-checkpoint.hurl

# check that litewitness shut down cleanly
killall
wait litewitness
stderr 'shutting down'

# check the litebastion output
killall
wait litebastion
stderr 'reloaded backends'
stderr 'msg="accepted new backend connection" backend=e933707e0e36c30f01d94b5d81e742da373679d88eb0f85f959ccd80b83b992a'

# witnessctl list-logs
exec witnessctl list-logs
stdout sigsum.org/v1/tree/4d6d8825a6bb689d459628312889dfbb0bcd41b5211d9e1ce768b0ff0309e562
stdout "size":1


-- backends.txt --
f97f12534ff2478cfc36b00d09a85d4faeb6589ac19a0895c348a499627c531c


-- correct_backends.txt --
f97f12534ff2478cfc36b00d09a85d4faeb6589ac19a0895c348a499627c531c
e933707e0e36c30f01d94b5d81e742da373679d88eb0f85f959ccd80b83b992a


-- witness_key.pem --
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz
c2gtZWQyNTUxOQAAACBkhIrYq+1uhZgbOzh1slK4dn67SwL3A6yjsecbvWqOUAAA
AIgN5+09DeftPQAAAAtzc2gtZWQyNTUxOQAAACBkhIrYq+1uhZgbOzh1slK4dn67
SwL3A6yjsecbvWqOUAAAAEAx/8IRbsvgA6yqgAq3B1e9fVMgbj/r72ptB5bZVTCz
T2SEitir7W6FmBs7OHWyUrh2frtLAvcDrKOx5xu9ao5QAAAAAAECAwQF
-----END OPENSSH PRIVATE KEY-----


-- localhost.pem --
-----BEGIN CERTIFICATE-----
MIID/TCCAmWgAwIBAgIUPCwTk8pjBLPr+3czZAaGcg8RuDowDQYJKoZIhvcNAQEL
BQAwNjELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRl
c3QgUm9vdCBDQTAgFw0yNTA5MzAxMjAzMDdaGA8yMDU1MDkyMzEyMDMwN1owMDEL
MAkGA1UEBhMCVVMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKmcTiZ4FX92VKuQU9zioRv7
nqsdEmMoOKs1nVJd7myLMi/02flEbDAmtDkh4LFPuiNw2OaqphBYM4MlZCxofKrL
+/Skb763IOA5Ly97QGrOzYBtksPJlAPlF8pvRJO22ZIlBFpZUsivOZnFyhnvhFki
TMMDpvNqtAAIee3Hv0y4EolhausAecaErlPc510LmcoU+VF5bYgur68nLzSvetzG
qKblYkhFi3pEAJ7wcFUWZbFlNKDQVB+o4aEnqGj5mvYIbsh8UNJIqANA5qgxjoGc
8F5eqWlXmFA9+R9lRe5JW6Ia91V8eKsTCRKuuFvH2gIs8pxrzV3fvdrXXHJCzxUC
AwEAAaOBhjCBgzAUBgNVHREEDTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADALBgNV
HQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFO0cjjCGyrIC
6ov0YT60AlyXsFRsMB8GA1UdIwQYMBaAFA3F8nWmTSb58CraZhp+Ur63NaC7MA0G
CSqGSIb3DQEBCwUAA4IBgQA4EzY7MH95cFlVzbhk1loSlPRgDaWBga1y7U17jOnx
ulqGr6ySInAounhZPDFfwIxyAbZE4N/Bq1omkfI+osvGBbkUdj7Z7ktllj5pON0t
gdmCq/S1Q/tEcBvaS1FjR+AMu2enUVKn6mMXgjyj4xZNutqbXfKD4wdL1qP2KLbZ
M832TqI2tVUVOGSq0zfsPe5sDD/NHSvkKaeM+ZGlB955fzBsICOx4W5mcz/Zhfk5
gbJZsNPVlt8al3/iO0AIOGXzZOnlo8baHmh4TJH+uRYgHh8KFAvA8rebStg+Rn5w
j+uAFgG+gf7JSVo6bjLWMkmkN6ooJFYMwwXav83STOU0TAQdqX+YM97Tke+U3DEd
MqeX+hS+LyXGG0hHardo9xrRs1/W9xP453ybm2KFPODPyPSTuyOSUzleIeRGfmXg
Ri++XfeZMNcPYNAj0joJEmoszmY17vuoBDidhYVQE+g+4uxhJeGROWvNz2ONqxqw
QTyv4nS0hwl7T0VCoBC+bSg=
-----END CERTIFICATE-----


-- localhost-key.pem --
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpnE4meBV/dlSr
kFPc4qEb+56rHRJjKDirNZ1SXe5sizIv9Nn5RGwwJrQ5IeCxT7ojcNjmqqYQWDOD
JWQsaHyqy/v0pG++tyDgOS8ve0Bqzs2AbZLDyZQD5RfKb0STttmSJQRaWVLIrzmZ
xcoZ74RZIkzDA6bzarQACHntx79MuBKJYWrrAHnGhK5T3OddC5nKFPlReW2ILq+v
Jy80r3rcxqim5WJIRYt6RACe8HBVFmWxZTSg0FQfqOGhJ6ho+Zr2CG7IfFDSSKgD
QOaoMY6BnPBeXqlpV5hQPfkfZUXuSVuiGvdVfHirEwkSrrhbx9oCLPKca81d373a
11xyQs8VAgMBAAECggEAH3wF38s7xmDrX7uXbbHeEUk4j3ACmUh+mH2H2iHYn+qI
4vETQ1vJr3iHzPE2egOgPHL2uH7l+7O7wDUBLuMofTYHa8bYfXEWF7lVwn0hHJKO
ADCW5WQ2ZzCwJWJZOwhew+u+Lp1VKi6oxRw7o2vcSAV/dVXouFfO2RC5vYNuRem5
m/3xaOlDpPgmhkRV/I+AJk0f8zNSWpU+izonxqgSINREyemWVY705s+HirMEQgRV
GN0ftwNGuz7/5rk8eH1iAGsTK9NEi77hCtyUKYhOC8NWzxGgS2mhqHslms8M2ZOm
rBiZZ5Sh5U53r6IWCIKqG92fzFZ/fcSZGUDHrcjcYQKBgQDptvr/f21Ze9OCrGmk
PktnM5v0DiP0z0Ywf28oz9rTneletJqQTsw6uP/GnIQrXwnaTWICjJtiMp9wxdM+
9drKhZufImC0NGTLz1vJxLR5x5ao8T/juPIxm7TLfH5XjZMJgRMD1D5IvW8k9hWU
1yDJxNCx1ikY7N3FP1XwmFrhRQKBgQC5yIeeABqXCy2A/wYrWqZ3zYFWe4t6Qqzm
afuoUGaqXK9GjgDemOlUKzhUb08tnPNXzKJagqmM4F0zKgcwq61ECH3SliMt82PL
1i1KTB2bUSXnwXOsbQyWVXz7YuVsWYakdHt6Vbbmy1JexRhfV3q5HCuj1fElNLTv
YheLV0JLkQKBgEFuhR764fZngHPZKUpeVmXyQPs26kIjtZbmVoyqhK0yTJ/DGHLG
XM8j9Bf6wdYSqYOAnqvwCaCYY6MC/31k/3grp8IJseFBueaFi0EV3SErC7cIs8Zh
hQz2dstxcz232S6UAGrWBQoAXxmN+8TL5dYXUAY52w+rYPtUHA9b2DWxAoGAUlBL
7jBjl5qnPalApYLTkO8nqBazFKdoDerVSpzc8AyCyELwla+wac+AdMCglzgcBUGw
iWOtFbLu+FVdvC3EZglRHjXRPnHBPLYXePzCfWd14PowcywZ0J3t8z+9IMWFx2Wo
s+o4UIezZjPzeYK76DpYB44p+u8gX5PZlK5DvFECgYBAKrvWEOy8J29QB3er+ERv
qvmczAvfJWWgheKMxQhx/3pu6UW/v/hmcKngMWjr/XqxFKp05ca1VBCmPB3s0776
IMJnvyTUFs5S7COpPJOC81JB/28UGQFcAZ+Kiwd1sx5gd1Q+EnaAhyxplWi/m6Zv
tKfWSmtc1XhMiUpw331jNg==
-----END PRIVATE KEY-----


-- rootCA.pem --
-----BEGIN CERTIFICATE-----
MIIETzCCAregAwIBAgIUauyztCDIDrmE46pw/Pg5nn7U2gUwDQYJKoZIhvcNAQEL
BQAwNjELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRl
c3QgUm9vdCBDQTAgFw0yNTA5MzAxMjAyMzFaGA8yMDU1MDkyMzEyMDIzMVowNjEL
MAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Rlc3QgQ0ExFTATBgNVBAMMDFRlc3QgUm9v
dCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKHLd07/qunxEFL8
BDCk1J+2m/TcUM0oG6dFVZjf/4+xSDH3F8tA6ZeqBLriQRBTuqwFBZVvoJwqJjip
CAVzWkvvyiuvAeywJNXIe7kqmmDeAEoq2Z/F9j6p5y8+ddy7VX6pTdsVYOyGsBCx
GZb7tuj0mtLl18HuezH0P7prDHBuNx+FjMblHXr5yslQ95d53v4dmI8ONObhS2ju
ltgveHzaWbssaAqoVwfWJfWJtc0C3IgGh8MgFhhdzTQ4DvHxYLjwGB0eE/Vpu757
B4pvYcT7JjBtjv8VyhW62ZPZNBlNjFOtFHhxZcMGDiOsyy9OgwIzzvy9UMg0WisZ
OxZmRkASuApoMRftSg2ZmTG5THdFgEQD6pqE3llmhO57ZTt1DvPNUlUh8ND9u9Ov
TcCjEeBXJRRjx7tUhob3mU+tYAi9DbXX/Wje0wBaRKh073wzRoAsFU9PspgKsZq4
JNDFSey4DK8W/O8jYvmNfuQ3TJwiAWxNUDDUdGN3TwnaKRQesQIDAQABo1MwUTAd
BgNVHQ4EFgQUDcXydaZNJvnwKtpmGn5Svrc1oLswHwYDVR0jBBgwFoAUDcXydaZN
JvnwKtpmGn5Svrc1oLswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AYEAK4/oXvmhohTM10N+ZpaHDC8S+xr3z2tayJiNOrzzVE209MEOMCYlEz9IeyUx
q5rmD4SJRLmyR8DpkO3dO4MjZYv2Nq+NS2kb5PmhUKmIEcwfFmXHjX/FCqPVwdH9
yM63o3GS1PhbQ6vzK4NMsOUT3nvnD87gFvXKOSn+gpETmYNA55wD/Qcu8LhqDk0I
YDrXiAja++gEf7/RZ5oPYNXi8t1+PjUDhP8J/tz9G90MZBR/FztTVIGTdpIoVwDB
mMpAHW/7S9hEwVlZ69CUMfrm0uG68xaJPNH1MmaZdEdI0PnSU2nVwLLLqsYQmZqp
+AGOq+6qOcvSMaFIJ3OLPUKqgn40f5J7I6retaER53Rahe/15Hy8H/sRsZQFPjeW
qi86vkgd5GFSu2GNHN/Mhq7dHWq9U0mNO+BZt/G6du3gJ+SaO1UkJhzpNiRY37sR
FU3HWF4uYVCt+OHqJ4we9XUKT80Y4ejNYkG25H+9DOy/Gtwb4qquqBoZYRUUThA1
kJHt
-----END CERTIFICATE-----


-- add-checkpoint.hurl --
POST https://localhost:8443/e933707e0e36c30f01d94b5d81e742da373679d88eb0f85f959ccd80b83b992a/add-checkpoint
```
old 0

sigsum.org/v1/tree/4d6d8825a6bb689d459628312889dfbb0bcd41b5211d9e1ce768b0ff0309e562
1
KgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

— sigsum.org/v1/tree/4d6d8825a6bb689d459628312889dfbb0bcd41b5211d9e1ce768b0ff0309e562 UgIom7fPZTqpxWWhyjWduBvTvGVqsokMbqTArsQilegKoFBJQjUFAmQ0+YeSPM3wfUQMFSzVnnNuWRTYrajXpNUbIQY=
```
HTTP/2 200
[Asserts]
body contains "— example.com/witness"
