github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/systests/device_common_test.go (about)

     1  package systests
     2  
     3  import (
     4  	"encoding/hex"
     5  	"encoding/json"
     6  	"fmt"
     7  	"io"
     8  	"testing"
     9  	"time"
    10  
    11  	"github.com/keybase/client/go/client"
    12  	"github.com/keybase/client/go/libkb"
    13  	"github.com/keybase/client/go/logger"
    14  	keybase1 "github.com/keybase/client/go/protocol/keybase1"
    15  	"github.com/keybase/client/go/service"
    16  	"github.com/keybase/clockwork"
    17  	"github.com/keybase/go-framed-msgpack-rpc/rpc"
    18  	"github.com/stretchr/testify/require"
    19  	context "golang.org/x/net/context"
    20  )
    21  
    22  //
    23  // device_common_test is common utilities for testing multiple devices;
    24  // for instance, to test rekey reminders on device revoke.
    25  //
    26  
    27  // Used for provisioning users and new devices within our testing framework
    28  type testUI struct {
    29  	libkb.Contextified
    30  	baseNullUI
    31  	sessionID       int
    32  	outputDescHook  func(libkb.OutputDescriptor, string) error
    33  	promptHook      func(libkb.PromptDescriptor, string) (string, error)
    34  	promptYesNoHook func(libkb.PromptDescriptor, string, libkb.PromptDefault) (bool, error)
    35  }
    36  
    37  var sessionCounter = 1
    38  
    39  func newTestUI(g *libkb.GlobalContext) *testUI {
    40  	x := sessionCounter
    41  	sessionCounter++
    42  	return &testUI{Contextified: libkb.NewContextified(g), sessionID: x}
    43  }
    44  
    45  func (t *testUI) GetTerminalUI() libkb.TerminalUI {
    46  	return t
    47  }
    48  
    49  func (t *testUI) Write(b []byte) (int, error) {
    50  	t.G().Log.Debug("Terminal write: %s", string(b))
    51  	return len(b), nil
    52  }
    53  
    54  func (t *testUI) ErrorWriter() io.Writer {
    55  	return t
    56  }
    57  
    58  func (t *testUI) Output(s string) error {
    59  	t.G().Log.Debug("Terminal Output: %s", s)
    60  	return nil
    61  }
    62  
    63  func (t *testUI) OutputDesc(d libkb.OutputDescriptor, s string) error {
    64  	if t.outputDescHook != nil {
    65  		return t.outputDescHook(d, s)
    66  	}
    67  	return t.Output(s)
    68  }
    69  
    70  func (t *testUI) OutputWriter() io.Writer {
    71  	return t
    72  }
    73  
    74  func (t *testUI) UnescapedOutputWriter() io.Writer {
    75  	return t
    76  }
    77  
    78  func (t *testUI) Printf(f string, args ...interface{}) (int, error) {
    79  	return t.PrintfUnescaped(f, args...)
    80  }
    81  
    82  func (t *testUI) PrintfUnescaped(f string, args ...interface{}) (int, error) {
    83  	s := fmt.Sprintf(f, args...)
    84  	t.G().Log.Debug("Terminal Printf: %s", s)
    85  	return len(s), nil
    86  }
    87  
    88  func (t *testUI) Prompt(d libkb.PromptDescriptor, s string) (string, error) {
    89  	if t.promptHook != nil {
    90  		return t.promptHook(d, s)
    91  	}
    92  	return "", fmt.Errorf("Unhandled prompt: %q (%d)", s, d)
    93  }
    94  
    95  func (t *testUI) PromptForConfirmation(p string) error {
    96  	return fmt.Errorf("unhandled prompt for confirmation: %q", p)
    97  }
    98  
    99  func (t *testUI) PromptPassword(d libkb.PromptDescriptor, s string) (string, error) {
   100  	return "", fmt.Errorf("unhandled prompt for password: %q (%d)", s, d)
   101  }
   102  
   103  func (t *testUI) PromptYesNo(d libkb.PromptDescriptor, s string, def libkb.PromptDefault) (bool, error) {
   104  	if t.promptYesNoHook != nil {
   105  		return t.promptYesNoHook(d, s, def)
   106  	}
   107  	return false, fmt.Errorf("unhandled yes/no prompt: %q (%d)", s, d)
   108  }
   109  
   110  func (t *testUI) Tablify(headings []string, rowfunc func() []string) {
   111  	libkb.Tablify(t.OutputWriter(), headings, rowfunc)
   112  }
   113  
   114  func (t *testUI) PromptPasswordMaybeScripted(_ libkb.PromptDescriptor, _ string) (string, error) {
   115  	return "", nil
   116  }
   117  
   118  func (t *testUI) TerminalSize() (width int, height int) {
   119  	return 80, 24
   120  }
   121  
   122  type backupKey struct {
   123  	KID      keybase1.KID
   124  	deviceID keybase1.DeviceID
   125  	secret   string
   126  }
   127  
   128  // testDevice wraps a mock "device", meaning an independent running service and
   129  // some connected clients. It's forked from deviceWrapper in rekey_test.
   130  type testDevice struct {
   131  	t                  *testing.T
   132  	tctx               *libkb.TestContext
   133  	clones, usedClones []*libkb.TestContext
   134  	stopCh             chan error
   135  	service            *service.Service
   136  	testUI             *testUI
   137  	deviceID           keybase1.DeviceID
   138  	deviceName         string
   139  	deviceKey          keybase1.PublicKey
   140  	cli                *rpc.Client
   141  	srv                *rpc.Server
   142  	userClient         keybase1.UserClient
   143  }
   144  
   145  type testDeviceSet struct {
   146  	t          *testing.T
   147  	log        logger.Logger
   148  	devices    []*testDevice
   149  	fakeClock  clockwork.FakeClock
   150  	backupKeys []backupKey
   151  	username   string
   152  	uid        keybase1.UID
   153  }
   154  
   155  func (d *testDevice) startService(numClones int) {
   156  	for i := 0; i < numClones; i++ {
   157  		d.clones = append(d.clones, cloneContext(d.tctx))
   158  	}
   159  	d.stopCh = make(chan error)
   160  	svc := service.NewService(d.tctx.G, false)
   161  	d.service = svc
   162  	startCh := svc.GetStartChannel()
   163  	go func() {
   164  		d.stopCh <- svc.Run()
   165  	}()
   166  	<-startCh
   167  }
   168  
   169  func (d *testDevice) KID() keybase1.KID { return d.deviceKey.KID }
   170  
   171  func (d *testDevice) startClient() {
   172  	tctx := d.popClone()
   173  	g := tctx.G
   174  	ui := newTestUI(g)
   175  	d.testUI = ui
   176  	launch := func() error {
   177  		cli, xp, err := client.GetRPCClientWithContext(g)
   178  		if err != nil {
   179  			return err
   180  		}
   181  		srv := rpc.NewServer(xp, nil)
   182  		d.cli = cli
   183  		d.srv = srv
   184  		d.userClient = keybase1.UserClient{Cli: cli}
   185  		return nil
   186  	}
   187  
   188  	if err := launch(); err != nil {
   189  		d.t.Fatalf("Failed to launch rekey UI: %s", err)
   190  	}
   191  }
   192  
   193  func (d *testDevice) start(numClones int) *testDevice {
   194  	d.startService(numClones)
   195  	d.startClient()
   196  	return d
   197  }
   198  
   199  func (d *testDevice) stop() error {
   200  	return <-d.stopCh
   201  }
   202  
   203  func (d *testDevice) popClone() *libkb.TestContext {
   204  	if len(d.clones) == 0 {
   205  		panic("ran out of cloned environments")
   206  	}
   207  	ret := d.clones[0]
   208  	// Hold a reference to this clone for cleanup
   209  	d.usedClones = append(d.usedClones, ret)
   210  	d.clones = d.clones[1:]
   211  	return ret
   212  }
   213  
   214  func newTestDeviceSet(t *testing.T, cl clockwork.FakeClock) *testDeviceSet {
   215  	if cl == nil {
   216  		cl = clockwork.NewFakeClockAt(time.Now())
   217  	}
   218  	return &testDeviceSet{
   219  		t:         t,
   220  		fakeClock: cl,
   221  	}
   222  }
   223  
   224  func (s *testDeviceSet) cleanup() {
   225  	for _, od := range s.devices {
   226  		od.tctx.Cleanup()
   227  		if od.service != nil {
   228  			od.service.Stop(0)
   229  			err := od.stop()
   230  			require.NoError(s.t, err)
   231  		}
   232  		for _, cl := range od.clones {
   233  			cl.Cleanup()
   234  		}
   235  		for _, cl := range od.usedClones {
   236  			cl.Cleanup()
   237  		}
   238  	}
   239  }
   240  
   241  func (s *testDeviceSet) newDevice(nm string) *testDevice {
   242  	tctx := setupTest(s.t, nm)
   243  	tctx.G.SetClock(s.fakeClock)
   244  
   245  	// Opportunistically take a log as soon as we make one.
   246  	if s.log == nil {
   247  		s.log = tctx.G.Log
   248  	}
   249  
   250  	installInsecureTriplesec(tctx.G)
   251  
   252  	ret := &testDevice{t: s.t, tctx: tctx, deviceName: nm}
   253  	s.devices = append(s.devices, ret)
   254  	return ret
   255  }
   256  
   257  func (d *testDevice) loadEncryptionKIDs() (devices []keybase1.KID, backups []backupKey) {
   258  	keyMap := make(map[keybase1.KID]keybase1.PublicKey)
   259  	keys, err := d.userClient.LoadMyPublicKeys(context.TODO(), 0)
   260  	if err != nil {
   261  		d.t.Fatalf("Failed to LoadMyPublicKeys: %s", err)
   262  	}
   263  	for _, key := range keys {
   264  		keyMap[key.KID] = key
   265  	}
   266  
   267  	for _, key := range keys {
   268  		if key.IsSibkey {
   269  			continue
   270  		}
   271  		parent, found := keyMap[keybase1.KID(key.ParentID)]
   272  		if !found {
   273  			continue
   274  		}
   275  
   276  		switch parent.DeviceType {
   277  		case keybase1.DeviceTypeV2_PAPER:
   278  			backups = append(backups, backupKey{KID: key.KID, deviceID: parent.DeviceID})
   279  		case keybase1.DeviceTypeV2_DESKTOP:
   280  			devices = append(devices, key.KID)
   281  		default:
   282  		}
   283  	}
   284  	return devices, backups
   285  }
   286  
   287  func (d *testDevice) loadDeviceList() []keybase1.Device {
   288  	cli := keybase1.DeviceClient{Cli: d.cli}
   289  	devices, err := cli.DeviceList(context.TODO(), 0)
   290  	if err != nil {
   291  		d.t.Fatalf("devices: %s", err)
   292  	}
   293  	var ret []keybase1.Device
   294  	for _, device := range devices {
   295  		if device.Type == keybase1.DeviceTypeV2_DESKTOP {
   296  			ret = append(ret, device)
   297  		}
   298  
   299  	}
   300  	return ret
   301  }
   302  
   303  func (s *testDeviceSet) signupUser(dev *testDevice) {
   304  	s.signupUserWithRandomPassphrase(dev, false)
   305  }
   306  
   307  func (s *testDeviceSet) signupUserWithRandomPassphrase(dev *testDevice, randomPassphrase bool) {
   308  	userInfo := randomUser("rekey")
   309  	tctx := dev.popClone()
   310  	g := tctx.G
   311  	signupUI := signupUI{
   312  		info:         userInfo,
   313  		Contextified: libkb.NewContextified(g),
   314  	}
   315  	g.SetUI(&signupUI)
   316  	signup := client.NewCmdSignupRunner(g)
   317  	signup.SetTest()
   318  	if randomPassphrase {
   319  		signup.SetNoPassphrasePrompt()
   320  	}
   321  	if err := signup.Run(); err != nil {
   322  		s.t.Fatal(err)
   323  	}
   324  	s.t.Logf("signed up %s", userInfo.username)
   325  	s.username = userInfo.username
   326  	s.uid = libkb.UsernameToUID(s.username)
   327  	var backupKey backupKey
   328  	deviceKeys, backups := dev.loadEncryptionKIDs()
   329  	if len(deviceKeys) != 1 {
   330  		s.t.Fatalf("Expected 1 device back; got %d", len(deviceKeys))
   331  	}
   332  	if len(backups) != 1 {
   333  		s.t.Fatalf("Expected 1 backup back; got %d", len(backups))
   334  	}
   335  	dev.deviceKey.KID = deviceKeys[0]
   336  	backupKey = backups[0]
   337  	backupKey.secret = signupUI.info.displayedPaperKey
   338  	s.backupKeys = append(s.backupKeys, backupKey)
   339  
   340  	devices := dev.loadDeviceList()
   341  	if len(devices) != 1 {
   342  		s.t.Fatalf("Expected 1 device back; got %d", len(devices))
   343  	}
   344  	dev.deviceID = devices[0].DeviceID
   345  }
   346  
   347  type testProvisionUI struct {
   348  	baseNullUI
   349  	username   string
   350  	deviceName string
   351  	backupKey  backupKey
   352  }
   353  
   354  var _ libkb.LoginUI = (*testProvisionUI)(nil)
   355  
   356  func (r *testProvisionUI) GetEmailOrUsername(context.Context, int) (string, error) {
   357  	return r.username, nil
   358  }
   359  func (r *testProvisionUI) PromptRevokePaperKeys(context.Context, keybase1.PromptRevokePaperKeysArg) (ret bool, err error) {
   360  	return false, nil
   361  }
   362  func (r *testProvisionUI) DisplayPaperKeyPhrase(context.Context, keybase1.DisplayPaperKeyPhraseArg) error {
   363  	return nil
   364  }
   365  func (r *testProvisionUI) DisplayPrimaryPaperKey(context.Context, keybase1.DisplayPrimaryPaperKeyArg) error {
   366  	return nil
   367  }
   368  func (r *testProvisionUI) ChooseProvisioningMethod(context.Context, keybase1.ChooseProvisioningMethodArg) (ret keybase1.ProvisionMethod, err error) {
   369  	return ret, nil
   370  }
   371  func (r *testProvisionUI) ChooseGPGMethod(context.Context, keybase1.ChooseGPGMethodArg) (ret keybase1.GPGMethod, err error) {
   372  	return ret, nil
   373  }
   374  func (r *testProvisionUI) SwitchToGPGSignOK(context.Context, keybase1.SwitchToGPGSignOKArg) (ret bool, err error) {
   375  	return ret, nil
   376  }
   377  func (r *testProvisionUI) ChooseDeviceType(context.Context, keybase1.ChooseDeviceTypeArg) (ret keybase1.DeviceType, err error) {
   378  	return ret, nil
   379  }
   380  func (r *testProvisionUI) DisplayAndPromptSecret(context.Context, keybase1.DisplayAndPromptSecretArg) (ret keybase1.SecretResponse, err error) {
   381  	return ret, nil
   382  }
   383  func (r *testProvisionUI) DisplaySecretExchanged(context.Context, int) error {
   384  	return nil
   385  }
   386  func (r *testProvisionUI) PromptNewDeviceName(context.Context, keybase1.PromptNewDeviceNameArg) (ret string, err error) {
   387  	return r.deviceName, nil
   388  }
   389  func (r *testProvisionUI) ProvisioneeSuccess(context.Context, keybase1.ProvisioneeSuccessArg) error {
   390  	return nil
   391  }
   392  func (r *testProvisionUI) ProvisionerSuccess(context.Context, keybase1.ProvisionerSuccessArg) error {
   393  	return nil
   394  }
   395  func (r *testProvisionUI) ChooseDevice(context.Context, keybase1.ChooseDeviceArg) (ret keybase1.DeviceID, err error) {
   396  	return r.backupKey.deviceID, nil
   397  }
   398  func (r *testProvisionUI) GetPassphrase(context.Context, keybase1.GetPassphraseArg) (ret keybase1.GetPassphraseRes, err error) {
   399  	ret.Passphrase = r.backupKey.secret
   400  	return ret, nil
   401  }
   402  func (r *testProvisionUI) PromptResetAccount(_ context.Context, arg keybase1.PromptResetAccountArg) (keybase1.ResetPromptResponse, error) {
   403  	return keybase1.ResetPromptResponse_NOTHING, nil
   404  }
   405  func (r *testProvisionUI) DisplayResetProgress(_ context.Context, arg keybase1.DisplayResetProgressArg) error {
   406  	return nil
   407  }
   408  func (r *testProvisionUI) ExplainDeviceRecovery(_ context.Context, arg keybase1.ExplainDeviceRecoveryArg) error {
   409  	return nil
   410  }
   411  func (r *testProvisionUI) PromptPassphraseRecovery(_ context.Context, arg keybase1.PromptPassphraseRecoveryArg) (bool, error) {
   412  	return false, nil
   413  }
   414  func (r *testProvisionUI) ChooseDeviceToRecoverWith(_ context.Context, arg keybase1.ChooseDeviceToRecoverWithArg) (keybase1.DeviceID, error) {
   415  	return "", nil
   416  }
   417  func (r *testProvisionUI) DisplayResetMessage(_ context.Context, arg keybase1.DisplayResetMessageArg) error {
   418  	return nil
   419  }
   420  
   421  func (s *testDeviceSet) findNewKIDs(newList []keybase1.KID) []keybase1.KID {
   422  	var ret []keybase1.KID
   423  	for _, newKID := range newList {
   424  		tmpFound := false
   425  		for _, device := range s.devices {
   426  			if !device.KID().IsNil() && newKID.Equal(device.KID()) {
   427  				tmpFound = true
   428  				break
   429  			}
   430  		}
   431  		if !tmpFound {
   432  			ret = append(ret, newKID)
   433  		}
   434  	}
   435  	return ret
   436  }
   437  
   438  func (s *testDeviceSet) findNewDevices(newList []keybase1.Device) []keybase1.Device {
   439  	var ret []keybase1.Device
   440  	for _, newDevice := range newList {
   441  		tmpFound := false
   442  		for _, device := range s.devices {
   443  			if !device.deviceID.IsNil() && newDevice.DeviceID.Eq(device.deviceID) {
   444  				tmpFound = true
   445  				break
   446  			}
   447  		}
   448  		if !tmpFound {
   449  			ret = append(ret, newDevice)
   450  		}
   451  	}
   452  	return ret
   453  }
   454  
   455  func (s *testDeviceSet) provision(d *testDevice) {
   456  	tctx := d.popClone()
   457  	g := tctx.G
   458  	var loginClient keybase1.LoginClient
   459  	ui := &testProvisionUI{username: s.username, backupKey: s.backupKeys[0], deviceName: d.deviceName}
   460  
   461  	launch := func() error {
   462  		cli, xp, err := client.GetRPCClientWithContext(g)
   463  		if err != nil {
   464  			return err
   465  		}
   466  		srv := rpc.NewServer(xp, nil)
   467  		protocols := []rpc.Protocol{
   468  			keybase1.LoginUiProtocol(ui),
   469  			keybase1.SecretUiProtocol(ui),
   470  			keybase1.ProvisionUiProtocol(ui),
   471  		}
   472  		for _, prot := range protocols {
   473  			if err = srv.Register(prot); err != nil {
   474  				return err
   475  			}
   476  		}
   477  		loginClient = keybase1.LoginClient{Cli: cli}
   478  		_ = loginClient
   479  		return nil
   480  	}
   481  
   482  	if err := launch(); err != nil {
   483  		s.t.Fatalf("Failed to login rekey UI: %s", err)
   484  	}
   485  	cmd := client.NewCmdLoginRunner(g)
   486  	if err := cmd.Run(); err != nil {
   487  		s.t.Fatalf("Login failed: %s\n", err)
   488  	}
   489  
   490  	deviceKeys, backups := d.loadEncryptionKIDs()
   491  	deviceKeys = s.findNewKIDs(deviceKeys)
   492  	if len(deviceKeys) != 1 {
   493  		s.t.Fatalf("expected 1 new device encryption key")
   494  	}
   495  	d.deviceKey.KID = deviceKeys[0]
   496  	if len(backups) != 1 {
   497  		s.t.Fatalf("expected 1 backup key only")
   498  	}
   499  	devices := s.findNewDevices(d.loadDeviceList())
   500  	if len(devices) != 1 {
   501  		s.t.Fatalf("expected 1 device ID; got %d", len(devices))
   502  	}
   503  	d.deviceID = devices[0].DeviceID
   504  }
   505  
   506  func (s *testDeviceSet) provisionNewStandaloneDevice(name string, numClones int) *testDevice {
   507  	ret := s.newDevice(name)
   508  	_ = ret.tctx.G.Env.GetConfigWriter().SetBoolAtPath("push.disabled", true)
   509  	ret.start(numClones + 1)
   510  	s.provision(ret)
   511  	return ret
   512  }
   513  
   514  func (s *testDeviceSet) provisionNewDevice(name string, numClones int) *testDevice {
   515  	ret := s.newDevice(name)
   516  	ret.start(numClones + 1)
   517  	s.provision(ret)
   518  	return ret
   519  }
   520  
   521  func newTLFID() keybase1.TLFID {
   522  	var b []byte
   523  	b, err := libkb.RandBytes(16)
   524  	if err != nil {
   525  		return ""
   526  	}
   527  	b[15] = 0x16
   528  	return keybase1.TLFID(hex.EncodeToString(b))
   529  }
   530  
   531  type fakeTLF struct {
   532  	id       keybase1.TLFID
   533  	revision int
   534  }
   535  
   536  func newFakeTLF() *fakeTLF {
   537  	return &fakeTLF{
   538  		id:       newTLFID(),
   539  		revision: 0,
   540  	}
   541  }
   542  
   543  type tlfUser struct {
   544  	UID  keybase1.UID   `json:"uid"`
   545  	Keys []keybase1.KID `json:"encryptKeys"`
   546  }
   547  
   548  type tlfUpdate struct {
   549  	ID        keybase1.TLFID `json:"tlfid"`
   550  	UID       keybase1.UID   `json:"uid"`
   551  	KID       keybase1.KID   `json:"kid"`
   552  	Revision  int            `json:"folderREvision"`
   553  	Writers   []tlfUser      `json:"resolvedWriters"`
   554  	Readers   []tlfUser      `json:"resolvedReaders"`
   555  	IsPrivate bool           `json:"is_private"`
   556  }
   557  
   558  func (d *testDevice) keyNewTLF(uid keybase1.UID, writers []tlfUser, readers []tlfUser) *fakeTLF {
   559  	ret := newFakeTLF()
   560  	d.keyTLF(ret, uid, writers, readers)
   561  	return ret
   562  }
   563  
   564  func (d *testDevice) keyTLF(tlf *fakeTLF, uid keybase1.UID, writers []tlfUser, readers []tlfUser) {
   565  	tlf.revision++
   566  	up := tlfUpdate{
   567  		ID:        tlf.id,
   568  		UID:       uid,
   569  		KID:       d.KID(),
   570  		Revision:  tlf.revision,
   571  		Writers:   writers,
   572  		Readers:   readers,
   573  		IsPrivate: true,
   574  	}
   575  	g := d.tctx.G
   576  	b, err := json.Marshal(up)
   577  	if err != nil {
   578  		d.t.Fatalf("error marshalling: %s", err)
   579  	}
   580  	mctx := libkb.NewMetaContextTODO(g)
   581  	apiArg := libkb.APIArg{
   582  		Endpoint: "test/fake_generic_tlf",
   583  		Args: libkb.HTTPArgs{
   584  			"tlf_info": libkb.S{Val: string(b)},
   585  		},
   586  		SessionType: libkb.APISessionTypeREQUIRED,
   587  	}
   588  	_, err = g.API.Post(mctx, apiArg)
   589  	if err != nil {
   590  		d.t.Fatalf("post error: %s", err)
   591  	}
   592  }