|
| 1 | +// go/internal/agent/registry_publish_test.go |
| 2 | +package agent |
| 3 | + |
| 4 | +import ( |
| 5 | + "bytes" |
| 6 | + "context" |
| 7 | + "encoding/base64" |
| 8 | + "encoding/json" |
| 9 | + "net/http" |
| 10 | + "net/http/httptest" |
| 11 | + "testing" |
| 12 | + "time" |
| 13 | + |
| 14 | + "github.com/coder/websocket" |
| 15 | + "github.com/srcful/terminal-relay/go/internal/identity" |
| 16 | + "github.com/srcful/terminal-relay/go/internal/signal" |
| 17 | +) |
| 18 | + |
| 19 | +// TestRegistryBlobOpens proves the agent seals a device record under K_reg that a |
| 20 | +// wallet-holder can open: registryBlob() returns base64(nonce||ct) which, decoded |
| 21 | +// and run through OpenRecord with the wallet's K_reg and the machine_id AAD, yields |
| 22 | +// the {name,host_pub,...} JSON. A wrong machine_id (AAD) must fail to open. |
| 23 | +func TestRegistryBlobOpens(t *testing.T) { |
| 24 | + secret := bytes.Repeat([]byte{0x42}, 32) |
| 25 | + cfg := &Config{ |
| 26 | + MachineID: "machine-xyz", |
| 27 | + MachineName: "fredde-laptop", |
| 28 | + HostPubHex: "deadbeefcafef00d", |
| 29 | + SignalURL: "https://relay.example", |
| 30 | + } |
| 31 | + rt := NewRuntime(cfg, []string{"sh"}, nil) |
| 32 | + rt.WalletSecret = secret |
| 33 | + rt.WalletAddress = "WalletAddrBase58" |
| 34 | + |
| 35 | + b64, err := rt.registryBlob() |
| 36 | + if err != nil { |
| 37 | + t.Fatalf("registryBlob: %v", err) |
| 38 | + } |
| 39 | + blob, err := base64.StdEncoding.DecodeString(b64) |
| 40 | + if err != nil { |
| 41 | + t.Fatalf("base64 decode: %v", err) |
| 42 | + } |
| 43 | + |
| 44 | + key, err := identity.RegistryKey(secret) |
| 45 | + if err != nil { |
| 46 | + t.Fatalf("RegistryKey: %v", err) |
| 47 | + } |
| 48 | + pt, err := identity.OpenRecord(key, blob, cfg.MachineID) |
| 49 | + if err != nil { |
| 50 | + t.Fatalf("OpenRecord (right machine_id): %v", err) |
| 51 | + } |
| 52 | + var rec map[string]any |
| 53 | + if err := json.Unmarshal(pt, &rec); err != nil { |
| 54 | + t.Fatalf("record JSON: %v", err) |
| 55 | + } |
| 56 | + if rec["name"] != cfg.MachineName { |
| 57 | + t.Fatalf("record name = %v, want %q", rec["name"], cfg.MachineName) |
| 58 | + } |
| 59 | + if rec["host_pub"] != cfg.HostPubHex { |
| 60 | + t.Fatalf("record host_pub = %v, want %q", rec["host_pub"], cfg.HostPubHex) |
| 61 | + } |
| 62 | + if rec["signal_url"] != cfg.SignalURL { |
| 63 | + t.Fatalf("record signal_url = %v, want %q", rec["signal_url"], cfg.SignalURL) |
| 64 | + } |
| 65 | + |
| 66 | + // AAD is machine_id: opening under a different machine_id must fail. |
| 67 | + if _, err := identity.OpenRecord(key, blob, "other-machine"); err == nil { |
| 68 | + t.Fatal("OpenRecord with wrong machine_id (AAD) should fail, but succeeded") |
| 69 | + } |
| 70 | +} |
| 71 | + |
| 72 | +// TestRegistryBlobLegacyNoWallet proves a wallet-less Runtime never produces a |
| 73 | +// blob (legacy mir up publishes nothing). |
| 74 | +func TestRegistryBlobLegacyNoWallet(t *testing.T) { |
| 75 | + cfg := &Config{MachineID: "m1", MachineName: "legacy"} |
| 76 | + rt := NewRuntime(cfg, []string{"sh"}, nil) |
| 77 | + if _, err := rt.registryBlob(); err == nil { |
| 78 | + t.Fatal("registryBlob with no WalletSecret should error, but succeeded") |
| 79 | + } |
| 80 | +} |
| 81 | + |
| 82 | +// TestServeOncePublishesRegistry proves that when serving the self-wallet owner, |
| 83 | +// the agent's FIRST message on the live registration is a TypeRegistry whose blob |
| 84 | +// opens to the device record. A fake relay captures the first frame. |
| 85 | +func TestServeOncePublishesRegistry(t *testing.T) { |
| 86 | + secret := bytes.Repeat([]byte{0x55}, 32) |
| 87 | + wallet := "SelfWalletBase58" |
| 88 | + |
| 89 | + first := make(chan signal.SignalMsg, 1) |
| 90 | + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 91 | + c, err := websocket.Accept(w, r, nil) |
| 92 | + if err != nil { |
| 93 | + return |
| 94 | + } |
| 95 | + _, data, err := c.Read(r.Context()) |
| 96 | + if err != nil { |
| 97 | + return |
| 98 | + } |
| 99 | + var m signal.SignalMsg |
| 100 | + if json.Unmarshal(data, &m) == nil { |
| 101 | + first <- m |
| 102 | + } |
| 103 | + // hold the registration open until the test ends |
| 104 | + _, _, _ = c.Read(r.Context()) |
| 105 | + })) |
| 106 | + defer srv.Close() |
| 107 | + |
| 108 | + cfg := &Config{ |
| 109 | + SignalURL: srv.URL, |
| 110 | + MachineID: "machine-pub-1", |
| 111 | + MachineName: "publisher", |
| 112 | + HostPubHex: "0011223344556677", |
| 113 | + PairedOwners: []string{wallet}, |
| 114 | + } |
| 115 | + rt := NewRuntime(cfg, []string{"sh"}, nil) |
| 116 | + rt.WalletSecret = secret |
| 117 | + rt.WalletAddress = wallet |
| 118 | + |
| 119 | + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) |
| 120 | + defer cancel() |
| 121 | + go func() { _, _, _ = rt.serveOnce(ctx, wallet) }() |
| 122 | + |
| 123 | + select { |
| 124 | + case m := <-first: |
| 125 | + if m.Type != signal.TypeRegistry { |
| 126 | + t.Fatalf("first message type = %q, want %q", m.Type, signal.TypeRegistry) |
| 127 | + } |
| 128 | + blob, err := base64.StdEncoding.DecodeString(m.Registry) |
| 129 | + if err != nil { |
| 130 | + t.Fatalf("registry base64: %v", err) |
| 131 | + } |
| 132 | + key, err := identity.RegistryKey(secret) |
| 133 | + if err != nil { |
| 134 | + t.Fatalf("RegistryKey: %v", err) |
| 135 | + } |
| 136 | + pt, err := identity.OpenRecord(key, blob, cfg.MachineID) |
| 137 | + if err != nil { |
| 138 | + t.Fatalf("OpenRecord: %v", err) |
| 139 | + } |
| 140 | + var rec map[string]any |
| 141 | + if err := json.Unmarshal(pt, &rec); err != nil { |
| 142 | + t.Fatalf("record JSON: %v", err) |
| 143 | + } |
| 144 | + if rec["name"] != cfg.MachineName || rec["host_pub"] != cfg.HostPubHex { |
| 145 | + t.Fatalf("record = %v, want name=%q host_pub=%q", rec, cfg.MachineName, cfg.HostPubHex) |
| 146 | + } |
| 147 | + case <-ctx.Done(): |
| 148 | + t.Fatal("relay never received the first registry message") |
| 149 | + } |
| 150 | +} |
| 151 | + |
| 152 | +// TestServeOnceNoPublishForOtherOwner proves the agent does NOT publish a registry |
| 153 | +// blob when serving an owner that is not its own wallet (it lacks that wallet's |
| 154 | +// K_reg). For a non-self owner the first frame must not be a registry message. |
| 155 | +func TestServeOnceNoPublishForOtherOwner(t *testing.T) { |
| 156 | + secret := bytes.Repeat([]byte{0x55}, 32) |
| 157 | + |
| 158 | + got := make(chan string, 1) // first message type, or "" if the conn closed without one |
| 159 | + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 160 | + c, err := websocket.Accept(w, r, nil) |
| 161 | + if err != nil { |
| 162 | + return |
| 163 | + } |
| 164 | + typ := "" |
| 165 | + _, data, err := c.Read(r.Context()) |
| 166 | + if err == nil { |
| 167 | + var m signal.SignalMsg |
| 168 | + if json.Unmarshal(data, &m) == nil { |
| 169 | + typ = m.Type |
| 170 | + } |
| 171 | + } |
| 172 | + got <- typ |
| 173 | + _, _, _ = c.Read(r.Context()) |
| 174 | + })) |
| 175 | + defer srv.Close() |
| 176 | + |
| 177 | + cfg := &Config{ |
| 178 | + SignalURL: srv.URL, |
| 179 | + MachineID: "machine-pub-1", |
| 180 | + MachineName: "publisher", |
| 181 | + HostPubHex: "0011223344556677", |
| 182 | + PairedOwners: []string{"OtherOwner", "SelfWallet"}, |
| 183 | + } |
| 184 | + rt := NewRuntime(cfg, []string{"sh"}, nil) |
| 185 | + rt.WalletSecret = secret |
| 186 | + rt.WalletAddress = "SelfWallet" |
| 187 | + |
| 188 | + ctx, cancel := context.WithTimeout(context.Background(), 700*time.Millisecond) |
| 189 | + defer cancel() |
| 190 | + go func() { _, _, _ = rt.serveOnce(ctx, "OtherOwner") }() |
| 191 | + |
| 192 | + select { |
| 193 | + case typ := <-got: |
| 194 | + if typ == signal.TypeRegistry { |
| 195 | + t.Fatal("agent published a registry blob for a non-self owner") |
| 196 | + } |
| 197 | + case <-ctx.Done(): |
| 198 | + // no message at all is also correct (the agent only sends on offers). |
| 199 | + } |
| 200 | +} |
0 commit comments