code.vegaprotocol.io/vega@v0.79.0/wallet/tests/sc_rotate_key_test.go (about) 1 // Copyright (C) 2023 Gobalsky Labs Limited 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU Affero General Public License as 5 // published by the Free Software Foundation, either version 3 of the 6 // License, or (at your option) any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU Affero General Public License for more details. 12 // 13 // You should have received a copy of the GNU Affero General Public License 14 // along with this program. If not, see <http://www.gnu.org/licenses/>. 15 16 package tests_test 17 18 import ( 19 "testing" 20 21 "code.vegaprotocol.io/vega/cmd/vegawallet/commands/flags" 22 vgrand "code.vegaprotocol.io/vega/libs/rand" 23 "code.vegaprotocol.io/vega/wallet/api" 24 25 "github.com/stretchr/testify/require" 26 ) 27 28 func TestRotateKeySucceeds(t *testing.T) { 29 // given 30 home := t.TempDir() 31 _, passphraseFilePath := NewPassphraseFile(t, home) 32 walletName := vgrand.RandomStr(5) 33 34 // when 35 createWalletResp, err := WalletCreate(t, []string{ 36 "--home", home, 37 "--output", "json", 38 "--wallet", walletName, 39 "--passphrase-file", passphraseFilePath, 40 }) 41 42 // then 43 require.NoError(t, err) 44 AssertCreateWallet(t, createWalletResp). 45 WithName(walletName). 46 LocatedUnder(home) 47 48 // when 49 generateKeyResp, err := KeyGenerate(t, []string{ 50 "--home", home, 51 "--output", "json", 52 "--wallet", walletName, 53 "--passphrase-file", passphraseFilePath, 54 "--meta", "name:key-2,role:validation", 55 }) 56 57 // then 58 require.NoError(t, err) 59 AssertGenerateKey(t, generateKeyResp). 60 WithMetadata(map[string]string{"name": "key-2", "role": "validation"}) 61 62 // when 63 resp, err := KeyRotate(t, []string{ 64 "--home", home, 65 "--output", "json", 66 "--wallet", walletName, 67 "--chain-id", "testnet", 68 "--passphrase-file", passphraseFilePath, 69 "--current-pubkey", createWalletResp.Key.PublicKey, 70 "--new-pubkey", generateKeyResp.PublicKey, 71 "--tx-height", "20", 72 "--target-height", "25", 73 }) 74 75 // then 76 require.NoError(t, err) 77 AssertKeyRotate(t, resp) 78 } 79 80 func TestRotateKeyFailsOnTaintedPublicKey(t *testing.T) { 81 // given 82 home := t.TempDir() 83 _, passphraseFilePath := NewPassphraseFile(t, home) 84 walletName := vgrand.RandomStr(5) 85 86 // when 87 createWalletResp, err := WalletCreate(t, []string{ 88 "--home", home, 89 "--output", "json", 90 "--wallet", walletName, 91 "--passphrase-file", passphraseFilePath, 92 }) 93 94 // then 95 require.NoError(t, err) 96 AssertCreateWallet(t, createWalletResp). 97 WithName(walletName). 98 LocatedUnder(home) 99 100 // when 101 generateKeyResp, err := KeyGenerate(t, []string{ 102 "--home", home, 103 "--output", "json", 104 "--wallet", walletName, 105 "--passphrase-file", passphraseFilePath, 106 "--meta", "name:key-2,role:validation", 107 }) 108 109 // then 110 require.NoError(t, err) 111 AssertGenerateKey(t, generateKeyResp). 112 WithMetadata(map[string]string{"name": "key-2", "role": "validation"}) 113 114 // when 115 err = KeyTaint(t, []string{ 116 "--home", home, 117 "--output", "json", 118 "--wallet", walletName, 119 "--passphrase-file", passphraseFilePath, 120 "--pubkey", generateKeyResp.PublicKey, 121 }) 122 123 // then 124 require.NoError(t, err) 125 126 // when 127 resp, err := KeyRotate(t, []string{ 128 "--home", home, 129 "--output", "json", 130 "--wallet", walletName, 131 "--chain-id", "testnet", 132 "--passphrase-file", passphraseFilePath, 133 "--current-pubkey", createWalletResp.Key.PublicKey, 134 "--new-pubkey", generateKeyResp.PublicKey, 135 "--tx-height", "20", 136 "--target-height", "25", 137 }) 138 139 // then 140 require.Nil(t, resp) 141 require.EqualError(t, err, api.ErrNextPublicKeyIsTainted.Error()) 142 } 143 144 func TestRotateKeyFailsInIsolatedWallet(t *testing.T) { 145 // given 146 home := t.TempDir() 147 _, passphraseFilePath := NewPassphraseFile(t, home) 148 _, isolatedWalletPassphraseFilePath := NewPassphraseFile(t, home) 149 walletName := vgrand.RandomStr(5) 150 151 // when 152 createWalletResp, err := WalletCreate(t, []string{ 153 "--home", home, 154 "--output", "json", 155 "--wallet", walletName, 156 "--passphrase-file", passphraseFilePath, 157 }) 158 159 // then 160 require.NoError(t, err) 161 AssertCreateWallet(t, createWalletResp). 162 WithName(walletName). 163 LocatedUnder(home) 164 165 // when 166 isolateKeyResp, err := KeyIsolate(t, []string{ 167 "--home", home, 168 "--output", "json", 169 "--wallet", walletName, 170 "--pubkey", createWalletResp.Key.PublicKey, 171 "--passphrase-file", passphraseFilePath, 172 "--isolated-wallet-passphrase-file", isolatedWalletPassphraseFilePath, 173 }) 174 175 // then 176 require.NoError(t, err) 177 AssertIsolateKey(t, isolateKeyResp). 178 WithSpecialName(walletName, createWalletResp.Key.PublicKey). 179 LocatedUnder(home) 180 181 // when 182 resp, err := KeyRotate(t, []string{ 183 "--home", home, 184 "--output", "json", 185 "--wallet", isolateKeyResp.Wallet, 186 "--chain-id", "testnet", 187 "--passphrase-file", isolatedWalletPassphraseFilePath, 188 "--new-pubkey", createWalletResp.Key.PublicKey, 189 "--current-pubkey", "current-public-key", 190 "--tx-height", "20", 191 "--target-height", "25", 192 }) 193 194 // then 195 require.Nil(t, resp) 196 require.EqualError(t, err, api.ErrCannotRotateKeysOnIsolatedWallet.Error()) 197 } 198 199 func TestRotateKeyFailsOnNonExitingNewPublicKey(t *testing.T) { 200 // given 201 home := t.TempDir() 202 _, passphraseFilePath := NewPassphraseFile(t, home) 203 walletName := vgrand.RandomStr(5) 204 205 // when 206 createWalletResp, err := WalletCreate(t, []string{ 207 "--home", home, 208 "--output", "json", 209 "--wallet", walletName, 210 "--passphrase-file", passphraseFilePath, 211 }) 212 213 // then 214 require.NoError(t, err) 215 AssertCreateWallet(t, createWalletResp). 216 WithName(walletName). 217 LocatedUnder(home) 218 219 // when 220 KeyRotateResp, err := KeyRotate(t, []string{ 221 "--home", home, 222 "--output", "json", 223 "--wallet", walletName, 224 "--chain-id", "testnet", 225 "--passphrase-file", passphraseFilePath, 226 "--current-pubkey", createWalletResp.Key.PublicKey, 227 "--new-pubkey", "nonexisting", 228 "--tx-height", "20", 229 "--target-height", "25", 230 }) 231 232 // then 233 require.Nil(t, KeyRotateResp) 234 require.EqualError(t, err, api.ErrNextPublicKeyDoesNotExist.Error()) 235 } 236 237 func TestRotateKeyFailsOnNonExitingCurrentPublicKey(t *testing.T) { 238 // given 239 home := t.TempDir() 240 _, passphraseFilePath := NewPassphraseFile(t, home) 241 walletName := vgrand.RandomStr(5) 242 243 // when 244 createWalletResp, err := WalletCreate(t, []string{ 245 "--home", home, 246 "--output", "json", 247 "--wallet", walletName, 248 "--passphrase-file", passphraseFilePath, 249 }) 250 251 // then 252 require.NoError(t, err) 253 AssertCreateWallet(t, createWalletResp). 254 WithName(walletName). 255 LocatedUnder(home) 256 257 // when 258 keyRotateResp, err := KeyRotate(t, []string{ 259 "--home", home, 260 "--output", "json", 261 "--wallet", walletName, 262 "--chain-id", "testnet", 263 "--passphrase-file", passphraseFilePath, 264 "--current-pubkey", "nonexisting", 265 "--new-pubkey", createWalletResp.Key.PublicKey, 266 "--tx-height", "20", 267 "--target-height", "25", 268 }) 269 270 // then 271 require.Nil(t, keyRotateResp) 272 require.EqualError(t, err, api.ErrCurrentPublicKeyDoesNotExist.Error()) 273 } 274 275 func TestRotateKeyFailsOnNonExitingWallet(t *testing.T) { 276 // given 277 home := t.TempDir() 278 _, passphraseFilePath := NewPassphraseFile(t, home) 279 walletName := vgrand.RandomStr(5) 280 281 // when 282 keyRotateResp, err := KeyRotate(t, []string{ 283 "--home", home, 284 "--output", "json", 285 "--wallet", walletName, 286 "--chain-id", "testnet", 287 "--passphrase-file", passphraseFilePath, 288 "--new-pubkey", "nonexisting1", 289 "--current-pubkey", "nonexisting2", 290 "--tx-height", "20", 291 "--target-height", "25", 292 }) 293 294 // then 295 require.Nil(t, keyRotateResp) 296 require.EqualError(t, err, api.ErrWalletDoesNotExist.Error()) 297 } 298 299 func TestRotateKeyFailsWhenTargetHeightIsLessThanTxHeight(t *testing.T) { 300 // given 301 home := t.TempDir() 302 _, passphraseFilePath := NewPassphraseFile(t, home) 303 walletName := vgrand.RandomStr(5) 304 305 // when 306 createWalletResp, err := WalletCreate(t, []string{ 307 "--home", home, 308 "--output", "json", 309 "--wallet", walletName, 310 "--passphrase-file", passphraseFilePath, 311 }) 312 313 // then 314 require.NoError(t, err) 315 AssertCreateWallet(t, createWalletResp). 316 WithName(walletName). 317 LocatedUnder(home) 318 319 // when 320 keyRotateResp, err := KeyRotate(t, []string{ 321 "--home", home, 322 "--output", "json", 323 "--wallet", walletName, 324 "--chain-id", "testnet", 325 "--passphrase-file", passphraseFilePath, 326 "--new-pubkey", "nonexisting", 327 "--current-pubkey", "nonexisting", 328 "--tx-height", "20", 329 "--target-height", "19", 330 }) 331 332 // then 333 require.Nil(t, keyRotateResp) 334 require.ErrorIs(t, err, flags.RequireLessThanFlagError("tx-height", "target-height")) 335 }