github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/engine/revoke_sigs_test.go

github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/engine/revoke_sigs_test.go (about)

     1  // Copyright 2015 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package engine
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/keybase/client/go/libkb"
    10  	keybase1 "github.com/keybase/client/go/protocol/keybase1"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func TestRevokeSig(t *testing.T) {
    15  	tc := SetupEngineTest(t, "rev")
    16  	defer tc.Cleanup()
    17  
    18  	// The PGP key is the 5th signature in the user's chain.
    19  	u := createFakeUserWithPGPSibkeyPaper(tc)
    20  	assertNumDevicesAndKeys(tc, u, 2, 5)
    21  
    22  	secui := &libkb.TestSecretUI{Passphrase: u.Passphrase}
    23  	uis := libkb.UIs{
    24  		LogUI:    tc.G.UI.GetLogUI(),
    25  		SecretUI: secui,
    26  	}
    27  
    28  	// Add another PGP key, so that we have a couple to revoke. That means that
    29  	// signatures #6 and #7 are the ones that delegate our PGP keys.
    30  	const FirstPGPSigSeqno = 6
    31  	const SecondPGPSigSeqno = 7
    32  
    33  	arg := PGPKeyImportEngineArg{
    34  		Gen: &libkb.PGPGenArg{
    35  			PrimaryBits: 768,
    36  			SubkeyBits:  768,
    37  		},
    38  		AllowMulti: true,
    39  	}
    40  	err := arg.Gen.MakeAllIds(tc.G)
    41  	require.NoError(t, err)
    42  	pgpEngine := NewPGPKeyImportEngine(tc.G, arg)
    43  	m := NewMetaContextForTest(tc).WithUIs(uis)
    44  	err = RunEngine2(m, pgpEngine)
    45  	if err != nil {
    46  		t.Fatal(err)
    47  	}
    48  	assertNumDevicesAndKeys(tc, u, 2, 6)
    49  
    50  	// First test that a bad sig id fails the revoke.
    51  	revokeEngine := NewRevokeSigsEngine(tc.G, []string{"9999"})
    52  	err = RunEngine2(m, revokeEngine)
    53  	if err == nil {
    54  		t.Fatal(err)
    55  	}
    56  	assertNumDevicesAndKeys(tc, u, 2, 6) // no change
    57  
    58  	// Check it with real sig id
    59  	realUser, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, u.Username))
    60  	if err != nil {
    61  		t.Fatal(err)
    62  	}
    63  	sigID := realUser.GetSigIDFromSeqno(FirstPGPSigSeqno)
    64  	revokeEngine = NewRevokeSigsEngine(tc.G, []string{sigID.String()})
    65  	err = RunEngine2(m, revokeEngine)
    66  	if err != nil {
    67  		t.Fatal(err)
    68  	}
    69  	assertNumDevicesAndKeys(tc, u, 2, 5) // The first PGP key is gone.
    70  
    71  	// Revoking the same key again should fail.
    72  	revokeEngine = NewRevokeSigsEngine(tc.G, []string{sigID.String()})
    73  	err = RunEngine2(m, revokeEngine)
    74  	if err == nil {
    75  		t.Fatal("RevokeSigs should have failed, but it didn't")
    76  	}
    77  	assertNumDevicesAndKeys(tc, u, 2, 5) // no change
    78  
    79  	// Revoke the second pgp key by prefix:
    80  	nextID := realUser.GetSigIDFromSeqno(SecondPGPSigSeqno).String()
    81  
    82  	// Short prefix should fail:
    83  	revokeEngine = NewRevokeSigsEngine(tc.G, []string{nextID[0:4]})
    84  	err = RunEngine2(m, revokeEngine)
    85  	if err == nil {
    86  		t.Fatal("revoke with 4 char prefix didn't return err")
    87  	}
    88  	assertNumDevicesAndKeys(tc, u, 2, 5) // no change
    89  
    90  	// SigIDQueryMin-character prefix should work:
    91  	revokeEngine = NewRevokeSigsEngine(tc.G, []string{nextID[0:keybase1.SigIDQueryMin]})
    92  	err = RunEngine2(m, revokeEngine)
    93  	if err != nil {
    94  		t.Fatal(err)
    95  	}
    96  	assertNumDevicesAndKeys(tc, u, 2, 4) // second pgp key gone
    97  }