github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbfs/kbfsmd/root_metadata_signed_test.go (about) 1 // Copyright 2017 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package kbfsmd 6 7 import ( 8 "context" 9 "testing" 10 "time" 11 12 "github.com/keybase/client/go/kbfs/kbfscodec" 13 "github.com/keybase/client/go/kbfs/kbfscrypto" 14 "github.com/keybase/client/go/kbfs/tlf" 15 "github.com/keybase/client/go/protocol/keybase1" 16 "github.com/stretchr/testify/require" 17 ) 18 19 func testRootMetadataSignedFinalVerify(t *testing.T, ver MetadataVer) { 20 tlfID := tlf.FakeID(1, tlf.Private) 21 22 uid := keybase1.MakeTestUID(1) 23 bh, err := tlf.MakeHandle( 24 []keybase1.UserOrTeamID{uid.AsUserOrTeam()}, nil, nil, nil, nil) 25 require.NoError(t, err) 26 27 brmd, err := MakeInitialRootMetadata(ver, tlfID, bh) 28 require.NoError(t, err) 29 30 ctx := context.Background() 31 codec := kbfscodec.NewMsgpack() 32 signer := kbfscrypto.SigningKeySigner{ 33 Key: kbfscrypto.MakeFakeSigningKeyOrBust("key"), 34 } 35 36 extra := FakeInitialRekey(brmd, bh, kbfscrypto.TLFPublicKey{}) 37 38 brmd.SetLastModifyingWriter(uid) 39 brmd.SetLastModifyingUser(uid) 40 brmd.SetSerializedPrivateMetadata([]byte{42}) 41 err = brmd.SignWriterMetadataInternally(ctx, codec, signer) 42 require.NoError(t, err) 43 44 rmds, err := SignRootMetadata(ctx, codec, signer, signer, brmd) 45 require.NoError(t, err) 46 47 // verify it 48 err = rmds.IsValidAndSigned( 49 ctx, codec, nil, extra, keybase1.OfflineAvailability_NONE) 50 require.NoError(t, err) 51 52 ext, err := tlf.NewHandleExtension( 53 tlf.HandleExtensionFinalized, 1, "fake user", time.Now()) 54 require.NoError(t, err) 55 56 // make a final copy 57 rmds2, err := rmds.MakeFinalCopy(codec, ext) 58 require.NoError(t, err) 59 60 // verify the finalized copy 61 err = rmds2.IsValidAndSigned( 62 ctx, codec, nil, extra, keybase1.OfflineAvailability_NONE) 63 require.NoError(t, err) 64 65 // touch something the server shouldn't be allowed to edit for 66 // finalized metadata and verify verification failure. 67 md3, err := rmds2.MD.DeepCopy(codec) 68 require.NoError(t, err) 69 md3.SetRekeyBit() 70 rmds3 := rmds2 71 rmds2.MD = md3 72 err = rmds3.IsValidAndSigned( 73 ctx, codec, nil, extra, keybase1.OfflineAvailability_NONE) 74 require.NotNil(t, err) 75 } 76 77 func TestRootMetadataSigned(t *testing.T) { 78 tests := []func(*testing.T, MetadataVer){ 79 testRootMetadataSignedFinalVerify, 80 } 81 runTestsOverMetadataVers(t, "testRootMetadataSigned", tests) 82 }