feat: add recovery key support for E2EE agents, including configuration and documentation updates
This commit is contained in:
@@ -11,6 +11,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"maunium.net/go/mautrix/crypto"
|
||||
"maunium.net/go/mautrix/crypto/ssss"
|
||||
"maunium.net/go/mautrix/id"
|
||||
)
|
||||
|
||||
@@ -400,3 +401,86 @@ func TestLogCryptoDiagnosticsCore_FullHappyPath(t *testing.T) {
|
||||
t.Error("expected private keys log")
|
||||
}
|
||||
}
|
||||
|
||||
// --- SSSS key fetcher fakes for testing fetchCrossSigningKeysCore ---
|
||||
|
||||
type fakeSSSSKeyVerifier struct {
|
||||
key *ssss.Key
|
||||
err error
|
||||
}
|
||||
|
||||
func (f *fakeSSSSKeyVerifier) VerifyRecoveryKey(keyID, recoveryKey string) (*ssss.Key, error) {
|
||||
return f.key, f.err
|
||||
}
|
||||
|
||||
type fakeSSSSKeyFetcher struct {
|
||||
keyID string
|
||||
verifier ssssKeyVerifier
|
||||
getErr error
|
||||
fetchErr error
|
||||
}
|
||||
|
||||
func (f *fakeSSSSKeyFetcher) GetDefaultKeyData(ctx context.Context) (string, ssssKeyVerifier, error) {
|
||||
return f.keyID, f.verifier, f.getErr
|
||||
}
|
||||
|
||||
func (f *fakeSSSSKeyFetcher) FetchCrossSigningKeysFromSSSS(ctx context.Context, key *ssss.Key) error {
|
||||
return f.fetchErr
|
||||
}
|
||||
|
||||
func TestFetchCrossSigningKeysCore_Success(t *testing.T) {
|
||||
fetcher := &fakeSSSSKeyFetcher{
|
||||
keyID: "key1",
|
||||
verifier: &fakeSSSSKeyVerifier{key: &ssss.Key{ID: "key1"}},
|
||||
}
|
||||
|
||||
err := fetchCrossSigningKeysCore(context.Background(), fetcher, "valid-recovery-key")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchCrossSigningKeysCore_GetDefaultKeyFails(t *testing.T) {
|
||||
fetcher := &fakeSSSSKeyFetcher{
|
||||
getErr: errors.New("no default key"),
|
||||
}
|
||||
|
||||
err := fetchCrossSigningKeysCore(context.Background(), fetcher, "any-key")
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "get SSSS default key") {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchCrossSigningKeysCore_VerifyRecoveryKeyFails(t *testing.T) {
|
||||
fetcher := &fakeSSSSKeyFetcher{
|
||||
keyID: "key1",
|
||||
verifier: &fakeSSSSKeyVerifier{err: errors.New("invalid recovery key")},
|
||||
}
|
||||
|
||||
err := fetchCrossSigningKeysCore(context.Background(), fetcher, "bad-key")
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "verify recovery key") {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchCrossSigningKeysCore_FetchFromSSSSFails(t *testing.T) {
|
||||
fetcher := &fakeSSSSKeyFetcher{
|
||||
keyID: "key1",
|
||||
verifier: &fakeSSSSKeyVerifier{key: &ssss.Key{ID: "key1"}},
|
||||
fetchErr: errors.New("decryption failed"),
|
||||
}
|
||||
|
||||
err := fetchCrossSigningKeysCore(context.Background(), fetcher, "valid-key")
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "fetch cross-signing keys from SSSS") {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user