Skip to content

Commit 7c9a41b

Browse files
vaf-hubvaf-hub
committed
test signatures in IdentityKeyCreatorTest
1 parent 5d6f133 commit 7c9a41b

File tree

1 file changed

+67
-5
lines changed

1 file changed

+67
-5
lines changed

test/tests/api/worker/facades/IdentityKeyCreatorTest.ts

Lines changed: 67 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ import o from "../../../../../packages/otest/dist/otest.js"
22
import { UserFacade } from "../../../../../src/common/api/worker/facades/UserFacade.js"
33
import { EntityClient } from "../../../../../src/common/api/common/EntityClient.js"
44
import { IServiceExecutor } from "../../../../../src/common/api/common/ServiceRequest.js"
5-
import { KeyLoaderFacade } from "../../../../../src/common/api/worker/facades/KeyLoaderFacade.js"
5+
import { checkKeyVersionConstraints, KeyLoaderFacade } from "../../../../../src/common/api/worker/facades/KeyLoaderFacade.js"
66
import { CacheManagementFacade } from "../../../../../src/common/api/worker/facades/lazy/CacheManagementFacade.js"
77
import { AsymmetricCryptoFacade } from "../../../../../src/common/api/worker/crypto/AsymmetricCryptoFacade.js"
88
import { matchers, object, verify, when } from "testdouble"
@@ -75,13 +75,15 @@ o.spec("IdentityKeyCreatorTest", function () {
7575

7676
o.spec("Create identity key pair", function () {
7777
const userGroupId = "userGroupId"
78-
const userGroupKey: VersionedKey = { version: 1, object: object() }
78+
const currentUserGroupKeyVersion = 1
79+
const userGroupKey: VersionedKey = { version: currentUserGroupKeyVersion, object: object() }
7980
const identityKeyPair: Ed25519KeyPair = { public_key: object(), private_key: object() }
8081
const encodedPubIdentityKey: Uint8Array = object()
8182
const encryptedPrivateIdentityKey: VersionedEncryptedKey = {
8283
encryptingKeyVersion: userGroupKey.version,
8384
key: object(),
8485
}
86+
const userGroupKeyPair: Versioned<AsymmetricKeyPair> = object()
8587
const identityKeyVersion = 0
8688
const tag: MacTag = object()
8789

@@ -97,6 +99,7 @@ o.spec("IdentityKeyCreatorTest", function () {
9799
const userGroup: Group = object()
98100
userGroup.currentKeys = object()
99101
userGroup.groupKeyVersion = "1"
102+
const publicKeySignature: PublicKeySignature = object()
100103

101104
o.beforeEach(function () {
102105
when(cryptoWrapper.ed25519PublicKeyToBytes(identityKeyPair.public_key)).thenReturn(encodedPubIdentityKey)
@@ -120,17 +123,24 @@ o.spec("IdentityKeyCreatorTest", function () {
120123
).thenReturn(tag)
121124

122125
when(entityClient.load(GroupTypeRef, userGroupId)).thenResolve(userGroup)
126+
when(
127+
publicKeySignatureFacade.signPublicKey(userGroupKeyPair, {
128+
object: identityKeyPair.private_key,
129+
version: identityKeyVersion,
130+
}),
131+
).thenResolve(publicKeySignature)
123132
})
124133

125134
o("success internal user", async function () {
126-
await identityKeyCreator.createIdentityKeyPair(userGroupId, object(), [])
135+
await identityKeyCreator.createIdentityKeyPair(userGroupId, userGroupKeyPair, [])
127136

128137
verify(
129138
serviceExecutor.post(
130139
IdentityKeyService,
131140
argThat((data: IdentityKeyPostIn) => {
132141
const identityKeyPairFromRequest = data.identityKeyPair
133142
const keyMacFromRequest = identityKeyPairFromRequest.publicKeyMac
143+
const signaturesFromRequest = data.signatures
134144
o(identityKeyPairFromRequest.identityKeyVersion).equals(identityKeyVersion.toString())
135145
o(identityKeyPairFromRequest.encryptingKeyVersion).equals(encryptedPrivateIdentityKey.encryptingKeyVersion.toString())
136146
o(identityKeyPairFromRequest.privateEd25519Key).equals(encryptedPrivateIdentityKey.key)
@@ -139,6 +149,8 @@ o.spec("IdentityKeyCreatorTest", function () {
139149
o(keyMacFromRequest.taggedKeyVersion).equals(identityKeyVersion.toString())
140150
o(keyMacFromRequest.taggingKeyVersion).equals(userGroupKey.version.toString())
141151
o(keyMacFromRequest.taggingGroup).equals(userGroupId)
152+
o(signaturesFromRequest.length).equals(1)
153+
o(signaturesFromRequest[0]).equals(publicKeySignature)
142154

143155
return true
144156
}),
@@ -157,14 +169,15 @@ o.spec("IdentityKeyCreatorTest", function () {
157169
admin: adminGroupId,
158170
}),
159171
)
160-
await identityKeyCreator.createIdentityKeyPair(userGroupId, object(), [])
172+
await identityKeyCreator.createIdentityKeyPair(userGroupId, userGroupKeyPair, [])
161173

162174
verify(
163175
serviceExecutor.post(
164176
IdentityKeyService,
165177
argThat((data: IdentityKeyPostIn) => {
166178
const identityKeyPairFromRequest = data.identityKeyPair
167179
const keyMacFromRequest = identityKeyPairFromRequest.publicKeyMac
180+
const signaturesFromRequest = data.signatures
168181
o(identityKeyPairFromRequest.identityKeyVersion).equals(identityKeyVersion.toString())
169182
o(identityKeyPairFromRequest.encryptingKeyVersion).equals(encryptedPrivateIdentityKey.encryptingKeyVersion.toString())
170183
o(identityKeyPairFromRequest.privateEd25519Key).equals(encryptedPrivateIdentityKey.key)
@@ -173,6 +186,8 @@ o.spec("IdentityKeyCreatorTest", function () {
173186
o(keyMacFromRequest.taggedKeyVersion).equals(identityKeyVersion.toString())
174187
o(keyMacFromRequest.taggingKeyVersion).equals(userGroupKey.version.toString())
175188
o(keyMacFromRequest.taggingGroup).equals(userGroupId)
189+
o(signaturesFromRequest.length).equals(1)
190+
o(signaturesFromRequest[0]).equals(publicKeySignature)
176191

177192
return true
178193
}),
@@ -193,14 +208,15 @@ o.spec("IdentityKeyCreatorTest", function () {
193208
admin: adminGroupId,
194209
}),
195210
)
196-
await identityKeyCreator.createIdentityKeyPair(userGroupId, object(), [], adminGroupKey)
211+
await identityKeyCreator.createIdentityKeyPair(userGroupId, userGroupKeyPair, [], adminGroupKey)
197212

198213
verify(
199214
serviceExecutor.post(
200215
IdentityKeyService,
201216
argThat((data: IdentityKeyPostIn) => {
202217
const identityKeyPairFromRequest = data.identityKeyPair
203218
const keyMacFromRequest = identityKeyPairFromRequest.publicKeyMac
219+
const signaturesFromRequest = data.signatures
204220
o(identityKeyPairFromRequest.identityKeyVersion).equals(identityKeyVersion.toString())
205221
o(identityKeyPairFromRequest.encryptingKeyVersion).equals(adminEncPrivateKey.encryptingKeyVersion.toString())
206222
o(identityKeyPairFromRequest.privateEd25519Key).equals(adminEncPrivateKey.key)
@@ -209,12 +225,58 @@ o.spec("IdentityKeyCreatorTest", function () {
209225
o(keyMacFromRequest.taggedKeyVersion).equals(identityKeyVersion.toString())
210226
o(keyMacFromRequest.taggingKeyVersion).equals(userGroupKey.version.toString())
211227
o(keyMacFromRequest.taggingGroup).equals(userGroupId)
228+
o(signaturesFromRequest.length).equals(1)
229+
o(signaturesFromRequest[0]).equals(publicKeySignature)
212230
return true
213231
}),
214232
),
215233
)
216234
})
217235

236+
o.spec("createIdentityKeyPairForExistingUser", function () {
237+
const currentUserGroupKeyPair: Versioned<AsymmetricKeyPair> = {
238+
object: object(),
239+
version: currentUserGroupKeyVersion,
240+
}
241+
o.beforeEach(function () {
242+
when(userFacade.getUserGroupId()).thenReturn(userGroupId)
243+
when(keyLoaderFacade.loadCurrentKeyPair(userGroupId)).thenResolve(currentUserGroupKeyPair)
244+
when(cacheManagementFacade.reloadGroup(userGroupId)).thenResolve(userGroup)
245+
})
246+
247+
o("success no former group keys", async function () {
248+
when(keyLoaderFacade.loadAllFormerKeyPairs(userGroup)).thenResolve([])
249+
await identityKeyCreator.createIdentityKeyPairForExistingUsers()
250+
verify(asymmetricCryptoFacade.getOrMakeSenderX25519KeyPair(currentUserGroupKeyPair.object, userGroupId))
251+
})
252+
o("success former group keys", async function () {
253+
const formerGroupKeyPair: Versioned<AsymmetricKeyPair> = {
254+
object: object(),
255+
version: checkKeyVersionConstraints(currentUserGroupKeyVersion - 1),
256+
}
257+
const formerGroupKeyPairSignature: PublicKeySignature = object()
258+
when(
259+
publicKeySignatureFacade.signPublicKey(formerGroupKeyPair, {
260+
object: identityKeyPair.private_key,
261+
version: identityKeyVersion,
262+
}),
263+
).thenResolve(formerGroupKeyPairSignature)
264+
when(keyLoaderFacade.loadAllFormerKeyPairs(userGroup)).thenResolve([formerGroupKeyPair])
265+
await identityKeyCreator.createIdentityKeyPairForExistingUsers()
266+
verify(asymmetricCryptoFacade.getOrMakeSenderX25519KeyPair(currentUserGroupKeyPair.object, userGroupId))
267+
verify(
268+
serviceExecutor.post(
269+
IdentityKeyService,
270+
argThat((data: IdentityKeyPostIn) => {
271+
o(data.signatures.length).equals(2)
272+
o(data.signatures[1]).equals(formerGroupKeyPairSignature)
273+
return true
274+
}),
275+
),
276+
)
277+
})
278+
})
279+
218280
o.spec("createIdentityKeyPairForExistingTeamGroups", function () {
219281
const teamGroupId1 = "teamGroupId1"
220282
const teamGroupId2 = "teamGroupId2"

0 commit comments

Comments
 (0)