github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/contacts/resolution_notice_test.go (about) 1 // Copyright 2019 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package contacts 5 6 import ( 7 "github.com/keybase/client/go/encrypteddb" 8 "github.com/keybase/client/go/engine" 9 "github.com/keybase/client/go/kbtest" 10 "github.com/keybase/client/go/libkb" 11 "testing" 12 13 "github.com/keybase/client/go/protocol/keybase1" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func TestEncryptContactResolutionForServer(t *testing.T) { 18 tc := libkb.SetupTest(t, "contacts", 2) 19 defer tc.Cleanup() 20 21 u, err := kbtest.CreateAndSignupFakeUser("t", tc.G) 22 require.NoError(t, err) 23 err = u.Login(tc.G) 24 require.NoError(t, err) 25 26 contact := ContactResolution{ 27 Description: "Jakob - (216) 555-2222", 28 ResolvedUser: keybase1.User{ 29 Uid: keybase1.UID("34"), 30 Username: "jakob223", 31 }, 32 } 33 enc, err := encryptContactBlob(tc.MetaContext(), contact) 34 require.NoError(t, err) 35 36 // Provision a new device to roll forward the PUK 37 tc2 := libkb.SetupTest(t, "contacts", 2) 38 defer tc2.Cleanup() 39 kbtest.ProvisionNewDeviceKex(&tc, &tc2, u, keybase1.DeviceTypeV2_DESKTOP) 40 41 // Require the original device can decrypt the contact 42 dec, err := DecryptContactBlob(tc.MetaContext(), enc) 43 require.NoError(t, err) 44 require.Equal(t, contact, dec) 45 46 // Require the new device can decrypt the contact 47 dec, err = DecryptContactBlob(tc2.MetaContext(), enc) 48 require.NoError(t, err) 49 require.Equal(t, contact, dec) 50 51 // Log in as a different user 52 u2, err := kbtest.CreateAndSignupFakeUser("t", tc.G) 53 require.NoError(t, err) 54 err = u2.Login(tc.G) 55 require.NoError(t, err) 56 57 // New user should not be able to decrypt contact blob 58 dec, err = DecryptContactBlob(tc.MetaContext(), enc) 59 require.Equal(t, encrypteddb.ErrDecryptionFailed, err) 60 require.NotEqual(t, contact, dec) 61 62 // Reset the user and check that they can no longer decrypt 63 kbtest.ResetAccount(tc2, u) 64 dec, err = DecryptContactBlob(tc2.MetaContext(), enc) 65 require.Error(t, err) 66 require.NotEqual(t, contact, dec) 67 } 68 69 func TestEncryptContactResolutionForServerRevokes(t *testing.T) { 70 tc := libkb.SetupTest(t, "contacts", 2) 71 defer tc.Cleanup() 72 73 u, err := kbtest.CreateAndSignupFakeUser("t", tc.G) 74 require.NoError(t, err) 75 err = u.Login(tc.G) 76 require.NoError(t, err) 77 78 contact := ContactResolution{ 79 Description: "Jakob - (216) 555-2222", 80 ResolvedUser: keybase1.User{ 81 Uid: keybase1.UID("34"), 82 Username: "jakob223", 83 }, 84 } 85 encs := make([]string, 0) 86 var enc string 87 enc, err = encryptContactBlob(tc.MetaContext(), contact) 88 encs = append(encs, enc) 89 require.NoError(t, err) 90 91 // Provision a new device 92 tc2 := libkb.SetupTest(t, "contacts", 2) 93 defer tc2.Cleanup() 94 kbtest.ProvisionNewDeviceKex(&tc, &tc2, u, keybase1.DeviceTypeV2_DESKTOP) 95 96 // Encrypt a blob from the new device 97 enc, err = encryptContactBlob(tc2.MetaContext(), contact) 98 encs = append(encs, enc) 99 require.NoError(t, err) 100 101 // Check the new device can decrypt both blobs 102 for _, enc := range encs { 103 dec, err := DecryptContactBlob(tc2.MetaContext(), enc) 104 require.NoError(t, err) 105 require.Equal(t, contact, dec) 106 } 107 108 // Provision a third device 109 tc3 := libkb.SetupTest(t, "contacts", 2) 110 defer tc3.Cleanup() 111 kbtest.ProvisionNewDeviceKex(&tc, &tc3, u, keybase1.DeviceTypeV2_DESKTOP) 112 113 // Encrypt a blob from the new device 114 enc, err = encryptContactBlob(tc3.MetaContext(), contact) 115 encs = append(encs, enc) 116 require.NoError(t, err) 117 118 // Revoke the second device 119 revokeEngine := engine.NewRevokeDeviceEngine(tc.G, engine.RevokeDeviceEngineArgs{ 120 ID: tc2.G.ActiveDevice.DeviceID(), 121 }) 122 uis := libkb.UIs{ 123 SecretUI: &libkb.TestSecretUI{}, 124 LogUI: tc.G.UI.GetLogUI(), 125 } 126 m := libkb.NewMetaContextForTest(tc).WithUIs(uis) 127 err = engine.RunEngine2(m, revokeEngine) 128 require.NoError(t, err) 129 130 // Encrypt a blob from the third device 131 enc, err = encryptContactBlob(tc3.MetaContext(), contact) 132 encs = append(encs, enc) 133 require.NoError(t, err) 134 135 // Check the first device can decrypt all the blobs 136 for _, enc := range encs { 137 dec, err := DecryptContactBlob(tc.MetaContext(), enc) 138 require.NoError(t, err) 139 require.Equal(t, contact, dec) 140 } 141 142 // Provision a fourth device 143 tc4 := libkb.SetupTest(t, "contacts", 2) 144 defer tc4.Cleanup() 145 kbtest.ProvisionNewDeviceKex(&tc, &tc4, u, keybase1.DeviceTypeV2_DESKTOP) 146 147 // Check the new device can decrypt all the blobs 148 for _, enc := range encs { 149 dec, err := DecryptContactBlob(tc4.MetaContext(), enc) 150 require.NoError(t, err) 151 require.Equal(t, contact, dec) 152 } 153 }