1// Copyright 2015 Keybase, Inc. All rights reserved. Use of 2// this source code is governed by the included BSD license. 3 4package engine 5 6import ( 7 "testing" 8 9 "github.com/keybase/client/go/libkb" 10 keybase1 "github.com/keybase/client/go/protocol/keybase1" 11 "github.com/stretchr/testify/require" 12) 13 14func TestRevokeSig(t *testing.T) { 15 tc := SetupEngineTest(t, "rev") 16 defer tc.Cleanup() 17 18 // The PGP key is the 5th signature in the user's chain. 19 u := createFakeUserWithPGPSibkeyPaper(tc) 20 assertNumDevicesAndKeys(tc, u, 2, 5) 21 22 secui := &libkb.TestSecretUI{Passphrase: u.Passphrase} 23 uis := libkb.UIs{ 24 LogUI: tc.G.UI.GetLogUI(), 25 SecretUI: secui, 26 } 27 28 // Add another PGP key, so that we have a couple to revoke. That means that 29 // signatures #6 and #7 are the ones that delegate our PGP keys. 30 const FirstPGPSigSeqno = 6 31 const SecondPGPSigSeqno = 7 32 33 arg := PGPKeyImportEngineArg{ 34 Gen: &libkb.PGPGenArg{ 35 PrimaryBits: 768, 36 SubkeyBits: 768, 37 }, 38 AllowMulti: true, 39 } 40 err := arg.Gen.MakeAllIds(tc.G) 41 require.NoError(t, err) 42 pgpEngine := NewPGPKeyImportEngine(tc.G, arg) 43 m := NewMetaContextForTest(tc).WithUIs(uis) 44 err = RunEngine2(m, pgpEngine) 45 if err != nil { 46 t.Fatal(err) 47 } 48 assertNumDevicesAndKeys(tc, u, 2, 6) 49 50 // First test that a bad sig id fails the revoke. 51 revokeEngine := NewRevokeSigsEngine(tc.G, []string{"9999"}) 52 err = RunEngine2(m, revokeEngine) 53 if err == nil { 54 t.Fatal(err) 55 } 56 assertNumDevicesAndKeys(tc, u, 2, 6) // no change 57 58 // Check it with real sig id 59 realUser, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, u.Username)) 60 if err != nil { 61 t.Fatal(err) 62 } 63 sigID := realUser.GetSigIDFromSeqno(FirstPGPSigSeqno) 64 revokeEngine = NewRevokeSigsEngine(tc.G, []string{sigID.String()}) 65 err = RunEngine2(m, revokeEngine) 66 if err != nil { 67 t.Fatal(err) 68 } 69 assertNumDevicesAndKeys(tc, u, 2, 5) // The first PGP key is gone. 70 71 // Revoking the same key again should fail. 72 revokeEngine = NewRevokeSigsEngine(tc.G, []string{sigID.String()}) 73 err = RunEngine2(m, revokeEngine) 74 if err == nil { 75 t.Fatal("RevokeSigs should have failed, but it didn't") 76 } 77 assertNumDevicesAndKeys(tc, u, 2, 5) // no change 78 79 // Revoke the second pgp key by prefix: 80 nextID := realUser.GetSigIDFromSeqno(SecondPGPSigSeqno).String() 81 82 // Short prefix should fail: 83 revokeEngine = NewRevokeSigsEngine(tc.G, []string{nextID[0:4]}) 84 err = RunEngine2(m, revokeEngine) 85 if err == nil { 86 t.Fatal("revoke with 4 char prefix didn't return err") 87 } 88 assertNumDevicesAndKeys(tc, u, 2, 5) // no change 89 90 // SigIDQueryMin-character prefix should work: 91 revokeEngine = NewRevokeSigsEngine(tc.G, []string{nextID[0:keybase1.SigIDQueryMin]}) 92 err = RunEngine2(m, revokeEngine) 93 if err != nil { 94 t.Fatal(err) 95 } 96 assertNumDevicesAndKeys(tc, u, 2, 4) // second pgp key gone 97} 98