github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/ephemeral/team_ek_test.go (about)

     1  package ephemeral
     2  
     3  import (
     4  	"context"
     5  	"encoding/hex"
     6  	"testing"
     7  
     8  	"github.com/keybase/client/go/libkb"
     9  	"github.com/keybase/client/go/protocol/keybase1"
    10  	"github.com/keybase/client/go/teams"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func createTeam(tc libkb.TestContext) keybase1.TeamID {
    15  	teams.ServiceInit(tc.G)
    16  
    17  	b, err := libkb.RandBytes(4)
    18  	require.NoError(tc.T, err)
    19  	name := hex.EncodeToString(b)
    20  	teamID, err := teams.CreateRootTeam(context.TODO(), tc.G, name, keybase1.TeamSettings{})
    21  	require.NoError(tc.T, err)
    22  	require.NotNil(tc.T, teamID)
    23  
    24  	return *teamID
    25  }
    26  
    27  func TestNewTeamEK(t *testing.T) {
    28  	tc, mctx, _ := ephemeralKeyTestSetup(t)
    29  	defer tc.Cleanup()
    30  
    31  	merkleRootPtr, err := tc.G.GetMerkleClient().FetchRootFromServer(mctx, libkb.EphemeralKeyMerkleFreshness)
    32  	require.NoError(t, err)
    33  	merkleRoot := *merkleRootPtr
    34  
    35  	teamID := createTeam(tc)
    36  
    37  	// Before we've published any teamEK's, fetchTeamEKStatement should return
    38  	// nil.
    39  	nilStatement, _, _, err := fetchTeamEKStatement(mctx, teamID)
    40  	require.NoError(t, err)
    41  	require.Nil(t, nilStatement)
    42  
    43  	publishedMetadata, err := publishNewTeamEK(mctx, teamID, merkleRoot, nil)
    44  	require.NoError(t, err)
    45  
    46  	statementPtr, _, _, err := fetchTeamEKStatement(mctx, teamID)
    47  	require.NoError(t, err)
    48  	require.NotNil(t, statementPtr)
    49  	statement := *statementPtr
    50  	currentMetadata := statement.CurrentTeamEkMetadata
    51  	require.Equal(t, currentMetadata, publishedMetadata)
    52  	require.EqualValues(t, 1, currentMetadata.Generation)
    53  
    54  	// We've stored the result in local storage
    55  	teamEKBoxStorage := tc.G.GetTeamEKBoxStorage()
    56  	maxGeneration, err := teamEKBoxStorage.MaxGeneration(mctx, teamID, false)
    57  	require.NoError(t, err)
    58  	ek, err := teamEKBoxStorage.Get(mctx, teamID, maxGeneration, nil)
    59  	require.NoError(t, err)
    60  	typ, err := ek.KeyType()
    61  	require.NoError(t, err)
    62  	require.True(t, typ.IsTeam())
    63  	teamEK := ek.Team()
    64  	require.NoError(t, err)
    65  	require.Equal(t, teamEK.Metadata, publishedMetadata)
    66  
    67  	s := NewTeamEKBoxStorage(NewTeamEphemeralKeyer())
    68  	// Put our storage in a bad state by deleting the maxGeneration
    69  	err = s.Delete(mctx, teamID, keybase1.EkGeneration(1))
    70  	require.NoError(t, err)
    71  
    72  	// If we publish in a bad local state, we can successfully get the
    73  	// maxGeneration from the server and continue
    74  	publishedMetadata2, err := publishNewTeamEK(mctx, teamID, merkleRoot, nil)
    75  	require.NoError(t, err)
    76  	require.EqualValues(t, 2, publishedMetadata2.Generation)
    77  }
    78  
    79  // TODO: test cases chat verify we can detect invalid signatures and bad metadata