merge: feat-lints into main

server/crates/arbiter-server/tests/user_agent/unseal.rs

@@ -1,49 +1,62 @@
-use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
+use arbiter_crypto::{
+    authn,
+    safecell::{SafeCell, SafeCellHandle as _},
+};
 use arbiter_server::{
     actors::{
         GlobalActors,
-        keyholder::{Bootstrap, Seal},
-        user_agent::{
-            UserAgentSession,
-            session::connection::{HandleUnsealEncryptedKey, HandleUnsealRequest, UnsealError},
-        },
+        vault::{Bootstrap, Seal},
     },
     db,
+    peers::user_agent::{
+        Credentials,
+        vault_gate::{
+            Error as VaultGateError, HandleHandshake, HandleUnsealEncryptedKey, VaultGate,
+        },
+    },
 };
 
 use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
 use kameo::actor::Spawn as _;
+use tokio::sync::oneshot;
 use x25519_dalek::{EphemeralSecret, PublicKey};
 
-async fn setup_sealed_user_agent(
+async fn setup_sealed_gate(
     seal_key: &[u8],
-) -> (db::DatabasePool, kameo::actor::ActorRef<UserAgentSession>) {
+) -> (
+    db::DatabasePool,
+    kameo::actor::ActorRef<VaultGate>,
+    oneshot::Receiver<Result<(), VaultGateError>>,
+) {
     let db = db::create_test_pool().await;
     let actors = GlobalActors::spawn(db.clone()).await.unwrap();
 
     actors
-        .key_holder
+        .vault
         .ask(Bootstrap {
             seal_key_raw: SafeCell::new(seal_key.to_vec()),
         })
         .await
         .unwrap();
-    actors.key_holder.ask(Seal).await.unwrap();
+    actors.vault.ask(Seal).await.unwrap();
 
-    let session = UserAgentSession::spawn(UserAgentSession::new_test(db.clone(), actors));
+    let (promotion_tx, promotion_rx) = oneshot::channel();
+    let pubkey = authn::SigningKey::generate().public_key();
+    let auth_creds = Credentials { id: 1, pubkey };
+    let gate = VaultGate::spawn(VaultGate::new(auth_creds, actors, db.clone(), promotion_tx));
 
-    (db, session)
+    (db, gate, promotion_rx)
 }
 
 async fn client_dh_encrypt(
-    user_agent: &kameo::actor::ActorRef<UserAgentSession>,
+    gate: &kameo::actor::ActorRef<VaultGate>,
     key_to_send: &[u8],
 ) -> HandleUnsealEncryptedKey {
     let client_secret = EphemeralSecret::random();
     let client_public = PublicKey::from(&client_secret);
 
-    let response = user_agent
-        .ask(HandleUnsealRequest {
+    let response = gate
+        .ask(HandleHandshake {
             client_pubkey: client_public,
         })
         .await
@@ -71,26 +84,27 @@ async fn client_dh_encrypt(
 #[test_log::test]
 pub async fn unseal_success() {
     let seal_key = b"test-seal-key";
-    let (_db, user_agent) = setup_sealed_user_agent(seal_key).await;
+    let (_db, gate, _promotion_rx) = setup_sealed_gate(seal_key).await;
 
-    let encrypted_key = client_dh_encrypt(&user_agent, seal_key).await;
+    let encrypted_key = client_dh_encrypt(&gate, seal_key).await;
 
-    let response = user_agent.ask(encrypted_key).await;
+    let response = gate.ask(encrypted_key).await;
     assert!(matches!(response, Ok(())));
 }
 
 #[tokio::test]
 #[test_log::test]
 pub async fn unseal_wrong_seal_key() {
-    let (_db, user_agent) = setup_sealed_user_agent(b"correct-key").await;
+    let seal_key = b"test-seal-key";
+    let (_db, gate, _promotion_rx) = setup_sealed_gate(seal_key).await;
 
-    let encrypted_key = client_dh_encrypt(&user_agent, b"wrong-key").await;
+    let encrypted_key = client_dh_encrypt(&gate, b"wrong-key").await;
 
-    let response = user_agent.ask(encrypted_key).await;
+    let response = gate.ask(encrypted_key).await;
     assert!(matches!(
         response,
         Err(kameo::error::SendError::HandlerError(
-            UnsealError::InvalidKey
+            VaultGateError::InvalidKey
         ))
     ));
 }
@@ -98,19 +112,19 @@ pub async fn unseal_wrong_seal_key() {
 #[tokio::test]
 #[test_log::test]
 pub async fn unseal_corrupted_ciphertext() {
-    let (_db, user_agent) = setup_sealed_user_agent(b"test-key").await;
+    let seal_key = b"test-seal-key";
+    let (_db, gate, _promotion_rx) = setup_sealed_gate(seal_key).await;
 
     let client_secret = EphemeralSecret::random();
     let client_public = PublicKey::from(&client_secret);
 
-    user_agent
-        .ask(HandleUnsealRequest {
-            client_pubkey: client_public,
-        })
-        .await
-        .unwrap();
+    gate.ask(HandleHandshake {
+        client_pubkey: client_public,
+    })
+    .await
+    .unwrap();
 
-    let response = user_agent
+    let response = gate
         .ask(HandleUnsealEncryptedKey {
             nonce: vec![0u8; 24],
             ciphertext: vec![0u8; 32],
@@ -121,7 +135,7 @@ pub async fn unseal_corrupted_ciphertext() {
     assert!(matches!(
         response,
         Err(kameo::error::SendError::HandlerError(
-            UnsealError::InvalidKey
+            VaultGateError::InvalidKey
         ))
     ));
 }
@@ -130,24 +144,24 @@ pub async fn unseal_corrupted_ciphertext() {
 #[test_log::test]
 pub async fn unseal_retry_after_invalid_key() {
     let seal_key = b"real-seal-key";
-    let (_db, user_agent) = setup_sealed_user_agent(seal_key).await;
+    let (_db, gate, _promotion_rx) = setup_sealed_gate(seal_key).await;
 
     {
-        let encrypted_key = client_dh_encrypt(&user_agent, b"wrong-key").await;
+        let encrypted_key = client_dh_encrypt(&gate, b"wrong-key").await;
 
-        let response = user_agent.ask(encrypted_key).await;
+        let response = gate.ask(encrypted_key).await;
         assert!(matches!(
             response,
             Err(kameo::error::SendError::HandlerError(
-                UnsealError::InvalidKey
+                VaultGateError::InvalidKey
             ))
         ));
     }
 
     {
-        let encrypted_key = client_dh_encrypt(&user_agent, seal_key).await;
+        let encrypted_key = client_dh_encrypt(&gate, seal_key).await;
 
-        let response = user_agent.ask(encrypted_key).await;
+        let response = gate.ask(encrypted_key).await;
         assert!(matches!(response, Ok(())));
     }
 }