github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/kbfsmd/root_metadata_signed_test.go

github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/kbfsmd/root_metadata_signed_test.go (about)

     1  // Copyright 2017 Keybase Inc. All rights reserved.
     2  // Use of this source code is governed by a BSD
     3  // license that can be found in the LICENSE file.
     4  
     5  package kbfsmd
     6  
     7  import (
     8  	"context"
     9  	"testing"
    10  	"time"
    11  
    12  	"github.com/keybase/client/go/kbfs/kbfscodec"
    13  	"github.com/keybase/client/go/kbfs/kbfscrypto"
    14  	"github.com/keybase/client/go/kbfs/tlf"
    15  	"github.com/keybase/client/go/protocol/keybase1"
    16  	"github.com/stretchr/testify/require"
    17  )
    18  
    19  func testRootMetadataSignedFinalVerify(t *testing.T, ver MetadataVer) {
    20  	tlfID := tlf.FakeID(1, tlf.Private)
    21  
    22  	uid := keybase1.MakeTestUID(1)
    23  	bh, err := tlf.MakeHandle(
    24  		[]keybase1.UserOrTeamID{uid.AsUserOrTeam()}, nil, nil, nil, nil)
    25  	require.NoError(t, err)
    26  
    27  	brmd, err := MakeInitialRootMetadata(ver, tlfID, bh)
    28  	require.NoError(t, err)
    29  
    30  	ctx := context.Background()
    31  	codec := kbfscodec.NewMsgpack()
    32  	signer := kbfscrypto.SigningKeySigner{
    33  		Key: kbfscrypto.MakeFakeSigningKeyOrBust("key"),
    34  	}
    35  
    36  	extra := FakeInitialRekey(brmd, bh, kbfscrypto.TLFPublicKey{})
    37  
    38  	brmd.SetLastModifyingWriter(uid)
    39  	brmd.SetLastModifyingUser(uid)
    40  	brmd.SetSerializedPrivateMetadata([]byte{42})
    41  	err = brmd.SignWriterMetadataInternally(ctx, codec, signer)
    42  	require.NoError(t, err)
    43  
    44  	rmds, err := SignRootMetadata(ctx, codec, signer, signer, brmd)
    45  	require.NoError(t, err)
    46  
    47  	// verify it
    48  	err = rmds.IsValidAndSigned(
    49  		ctx, codec, nil, extra, keybase1.OfflineAvailability_NONE)
    50  	require.NoError(t, err)
    51  
    52  	ext, err := tlf.NewHandleExtension(
    53  		tlf.HandleExtensionFinalized, 1, "fake user", time.Now())
    54  	require.NoError(t, err)
    55  
    56  	// make a final copy
    57  	rmds2, err := rmds.MakeFinalCopy(codec, ext)
    58  	require.NoError(t, err)
    59  
    60  	// verify the finalized copy
    61  	err = rmds2.IsValidAndSigned(
    62  		ctx, codec, nil, extra, keybase1.OfflineAvailability_NONE)
    63  	require.NoError(t, err)
    64  
    65  	// touch something the server shouldn't be allowed to edit for
    66  	// finalized metadata and verify verification failure.
    67  	md3, err := rmds2.MD.DeepCopy(codec)
    68  	require.NoError(t, err)
    69  	md3.SetRekeyBit()
    70  	rmds3 := rmds2
    71  	rmds2.MD = md3
    72  	err = rmds3.IsValidAndSigned(
    73  		ctx, codec, nil, extra, keybase1.OfflineAvailability_NONE)
    74  	require.NotNil(t, err)
    75  }
    76  
    77  func TestRootMetadataSigned(t *testing.T) {
    78  	tests := []func(*testing.T, MetadataVer){
    79  		testRootMetadataSignedFinalVerify,
    80  	}
    81  	runTestsOverMetadataVers(t, "testRootMetadataSigned", tests)
    82  }