MarketTakers/arbiter
5
0
Fork 0
Code Issues 27 Pull Requests 5 Packages Projects Releases Wiki Activity

feat: rustc and clippy linting
Some checks failed
ci/woodpecker/pr/server-audit Pipeline was successful
Details
ci/woodpecker/pr/server-vet Pipeline failed
Details
ci/woodpecker/pr/server-lint Pipeline failed
Details
ci/woodpecker/pr/server-test Pipeline was successful
Details

Browse Source
This commit is contained in:
CleverWild
2026-04-10 00:42:43 +02:00
parent 62dff3f810
commit f6a0c32b9d
69 changed files with 1491 additions and 979 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
server/crates/arbiter-server/tests/client/auth.rs
View File

@@ -15,7 +15,7 @@ use arbiter_server::{
};
use diesel::{ExpressionMethods as _, NullableExpressionMethods as _, QueryDsl as _, insert_into};
use diesel_async::RunQueryDsl;
use ml_dsa::{KeyGen, MlDsa87, SigningKey, VerifyingKey, signature::Keypair as _};
use ml_dsa::{KeyGen, MlDsa87, SigningKey, VerifyingKey, signature::Keypair};
use super::common::ChannelTransport;
@@ -27,6 +27,10 @@ fn metadata(name: &str, description: Option<&str>, version: Option<&str>) -> Cli
}
}
fn verifying_key(key: &SigningKey<MlDsa87>) -> VerifyingKey<MlDsa87> {
<SigningKey<MlDsa87> as Keypair>::verifying_key(key)
}
async fn insert_registered_client(
db: &db::DatabasePool,
actors: &GlobalActors,
@@ -48,7 +52,7 @@ async fn insert_registered_client(
.unwrap();
let client_id: i32 = insert_into(program_client::table)
.values((
program_client::public_key.eq(pubkey.encode().to_vec()),
program_client::public_key.eq(pubkey.encode().0.to_vec()),
program_client::metadata_id.eq(metadata_id),
))
.returning(program_client::id)
@@ -83,9 +87,9 @@ fn sign_client_challenge(
async fn insert_bootstrap_sentinel_useragent(db: &db::DatabasePool) {
let mut conn = db.get().await.unwrap();
let sentinel_key = MlDsa87::key_gen(&mut rand::rng())
.verifying_key()
let sentinel_key = verifying_key(&MlDsa87::key_gen(&mut rand::rng()))
.encode()
.0
.to_vec();
insert_into(schema::useragent_client::table)
@@ -114,7 +118,7 @@ async fn spawn_test_actors(db: &db::DatabasePool) -> GlobalActors {
#[tokio::test]
#[test_log::test]
pub async fn test_unregistered_pubkey_rejected() {
pub async fn unregistered_pubkey_rejected() {
let db = db::create_test_pool().await;
let (server_transport, mut test_transport) = ChannelTransport::new();
@@ -129,7 +133,7 @@ pub async fn test_unregistered_pubkey_rejected() {
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
metadata: metadata("client", Some("desc"), Some("1.0.0")),
})
.await
@@ -141,18 +145,18 @@ pub async fn test_unregistered_pubkey_rejected() {
#[tokio::test]
#[test_log::test]
pub async fn test_challenge_auth() {
pub async fn challenge_auth() {
let db = db::create_test_pool().await;
let actors = spawn_test_actors(&db).await;
let new_key = MlDsa87::key_gen(&mut rand::rng());
insert_registered_client(
Box::pin(insert_registered_client(
&db,
&actors,
new_key.verifying_key(),
verifying_key(&new_key),
&metadata("client", Some("desc"), Some("1.0.0")),
)
))
.await;
let (server_transport, mut test_transport) = ChannelTransport::new();
@@ -165,7 +169,7 @@ pub async fn test_challenge_auth() {
// Send challenge request
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
metadata: metadata("client", Some("desc"), Some("1.0.0")),
})
.await
@@ -179,7 +183,7 @@ pub async fn test_challenge_auth() {
let challenge = match response {
Ok(resp) => match resp {
auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
other => panic!("Expected AuthChallenge, got {other:?}"),
other @ auth::Outbound::AuthSuccess => panic!("Expected AuthChallenge, got {other:?}"),
},
Err(err) => panic!("Expected Ok response, got Err({err:?})"),
};
@@ -208,13 +212,19 @@ pub async fn test_challenge_auth() {
#[tokio::test]
#[test_log::test]
pub async fn test_metadata_unchanged_does_not_append_history() {
pub async fn metadata_unchanged_does_not_append_history() {
let db = db::create_test_pool().await;
let actors = spawn_test_actors(&db).await;
let new_key = MlDsa87::key_gen(&mut rand::rng());
let requested = metadata("client", Some("desc"), Some("1.0.0"));
insert_registered_client(&db, &actors, new_key.verifying_key(), &requested).await;
Box::pin(insert_registered_client(
&db,
&actors,
verifying_key(&new_key),
&requested,
))
.await;
let props = ClientConnection::new(db.clone(), actors);
@@ -226,7 +236,7 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
metadata: requested,
})
.await
@@ -235,7 +245,7 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
let response = test_transport.recv().await.unwrap().unwrap();
let (pubkey, nonce) = match response {
auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
other => panic!("Expected AuthChallenge, got {other:?}"),
auth::Outbound::AuthSuccess => panic!("Expected AuthChallenge, got AuthSuccess"),
};
let signature = sign_client_challenge(&new_key, nonce, &pubkey);
test_transport
@@ -265,17 +275,17 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
#[tokio::test]
#[test_log::test]
pub async fn test_metadata_change_appends_history_and_repoints_binding() {
pub async fn metadata_change_appends_history_and_repoints_binding() {
let db = db::create_test_pool().await;
let actors = spawn_test_actors(&db).await;
let new_key = MlDsa87::key_gen(&mut rand::rng());
insert_registered_client(
Box::pin(insert_registered_client(
&db,
&actors,
new_key.verifying_key(),
verifying_key(&new_key),
&metadata("client", Some("old"), Some("1.0.0")),
)
))
.await;
let props = ClientConnection::new(db.clone(), actors);
@@ -288,7 +298,7 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
metadata: metadata("client", Some("new"), Some("2.0.0")),
})
.await
@@ -297,14 +307,14 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
let response = test_transport.recv().await.unwrap().unwrap();
let (pubkey, nonce) = match response {
auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
other => panic!("Expected AuthChallenge, got {other:?}"),
auth::Outbound::AuthSuccess => panic!("Expected AuthChallenge, got AuthSuccess"),
};
let signature = sign_client_challenge(&new_key, nonce, &pubkey);
test_transport
.send(auth::Inbound::AuthChallengeSolution { signature })
.await
.unwrap();
let _ = test_transport.recv().await.unwrap();
drop(test_transport.recv().await.unwrap());
task.await.unwrap();
{
@@ -352,7 +362,7 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
#[tokio::test]
#[test_log::test]
pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() {
pub async fn challenge_auth_rejects_integrity_tag_mismatch() {
let db = db::create_test_pool().await;
let actors = spawn_test_actors(&db).await;
@@ -374,7 +384,7 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() {
.unwrap();
insert_into(program_client::table)
.values((
program_client::public_key.eq(new_key.verifying_key().encode().to_vec()),
program_client::public_key.eq(verifying_key(&new_key).encode().0.to_vec()),
program_client::metadata_id.eq(metadata_id),
))
.execute(&mut conn)
@@ -391,7 +401,7 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() {
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
metadata: requested,
})
.await
@@ -401,7 +411,10 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() {
.recv()
.await
.expect("should receive auth rejection");
assert!(matches!(response, Err(auth::Error::IntegrityCheckFailed)));
assert!(matches!(
response,
Err(auth::ClientAuthError::IntegrityCheckFailed)
));
task.await.unwrap();
}

5
server/crates/arbiter-server/tests/common/mod.rs
View File

@@ -1,3 +1,4 @@
#![allow(dead_code, reason = "Common test utilities that may not be used in every test")]
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use arbiter_proto::transport::{Bi, Error, Receiver, Sender};
use arbiter_server::{
@@ -10,7 +11,6 @@ use diesel::QueryDsl;
use diesel_async::RunQueryDsl;
use tokio::sync::mpsc;
#[allow(dead_code)]
pub async fn bootstrapped_keyholder(db: &db::DatabasePool) -> KeyHolder {
let mut actor = KeyHolder::new(db.clone()).await.unwrap();
actor
@@ -20,7 +20,6 @@ pub async fn bootstrapped_keyholder(db: &db::DatabasePool) -> KeyHolder {
actor
}
#[allow(dead_code)]
pub async fn root_key_history_id(db: &db::DatabasePool) -> i32 {
let mut conn = db.get().await.unwrap();
let id = schema::arbiter_settings::table
@@ -31,14 +30,12 @@ pub async fn root_key_history_id(db: &db::DatabasePool) -> i32 {
id.expect("root_key_id should be set after bootstrap")
}
#[allow(dead_code)]
pub struct ChannelTransport<T, Y> {
receiver: mpsc::Receiver<T>,
sender: mpsc::Sender<Y>,
}
impl<T, Y> ChannelTransport<T, Y> {
#[allow(dead_code)]
pub fn new() -> (Self, ChannelTransport<Y, T>) {
let (tx1, rx1) = mpsc::channel(10);
let (tx2, rx2) = mpsc::channel(10);

4
server/crates/arbiter-server/tests/keyholder/concurrency.rs
View File

@@ -2,7 +2,7 @@ use std::collections::{HashMap, HashSet};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use arbiter_server::{
actors::keyholder::{CreateNew, Error, KeyHolder},
actors::keyholder::{CreateNew, KeyHolder, KeyHolderError},
db::{self, models, schema},
};
@@ -122,7 +122,7 @@ async fn insert_failure_does_not_create_partial_row() {
.create_new(SafeCell::new(b"should fail".to_vec()))
.await
.unwrap_err();
assert!(matches!(err, Error::DatabaseTransaction(_)));
assert!(matches!(err, KeyHolderError::DatabaseTransaction(_)));
let mut conn = db.get().await.unwrap();
sql_query("DROP TRIGGER fail_aead_insert;")

26
server/crates/arbiter-server/tests/keyholder/lifecycle.rs
View File

@@ -1,6 +1,6 @@
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use arbiter_server::{
actors::keyholder::{Error, KeyHolder},
actors::keyholder::{KeyHolder, KeyHolderError},
crypto::encryption::v1::{Nonce, ROOT_KEY_TAG},
db::{self, models, schema},
};
@@ -12,7 +12,7 @@ use crate::common;
#[tokio::test]
#[test_log::test]
async fn test_bootstrap() {
async fn bootstrap() {
let db = db::create_test_pool().await;
let mut actor = KeyHolder::new(db.clone()).await.unwrap();
@@ -35,18 +35,18 @@ async fn test_bootstrap() {
#[tokio::test]
#[test_log::test]
async fn test_bootstrap_rejects_double() {
async fn bootstrap_rejects_double() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
let seal_key2 = SafeCell::new(b"test-seal-key".to_vec());
let err = actor.bootstrap(seal_key2).await.unwrap_err();
assert!(matches!(err, Error::AlreadyBootstrapped));
assert!(matches!(err, KeyHolderError::AlreadyBootstrapped));
}
#[tokio::test]
#[test_log::test]
async fn test_create_new_before_bootstrap_fails() {
async fn create_new_before_bootstrap_fails() {
let db = db::create_test_pool().await;
let mut actor = KeyHolder::new(db).await.unwrap();
@@ -54,34 +54,34 @@ async fn test_create_new_before_bootstrap_fails() {
.create_new(SafeCell::new(b"data".to_vec()))
.await
.unwrap_err();
assert!(matches!(err, Error::NotBootstrapped));
assert!(matches!(err, KeyHolderError::NotBootstrapped));
}
#[tokio::test]
#[test_log::test]
async fn test_decrypt_before_bootstrap_fails() {
async fn decrypt_before_bootstrap_fails() {
let db = db::create_test_pool().await;
let mut actor = KeyHolder::new(db).await.unwrap();
let err = actor.decrypt(1).await.unwrap_err();
assert!(matches!(err, Error::NotBootstrapped));
assert!(matches!(err, KeyHolderError::NotBootstrapped));
}
#[tokio::test]
#[test_log::test]
async fn test_new_restores_sealed_state() {
async fn new_restores_sealed_state() {
let db = db::create_test_pool().await;
let actor = common::bootstrapped_keyholder(&db).await;
drop(actor);
let mut actor2 = KeyHolder::new(db).await.unwrap();
let err = actor2.decrypt(1).await.unwrap_err();
assert!(matches!(err, Error::NotBootstrapped));
assert!(matches!(err, KeyHolderError::NotBootstrapped));
}
#[tokio::test]
#[test_log::test]
async fn test_unseal_correct_password() {
async fn unseal_correct_password() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
@@ -102,7 +102,7 @@ async fn test_unseal_correct_password() {
#[tokio::test]
#[test_log::test]
async fn test_unseal_wrong_then_correct_password() {
async fn unseal_wrong_then_correct_password() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
@@ -117,7 +117,7 @@ async fn test_unseal_wrong_then_correct_password() {
let bad_key = SafeCell::new(b"wrong-password".to_vec());
let err = actor.try_unseal(bad_key).await.unwrap_err();
assert!(matches!(err, Error::InvalidKey));
assert!(matches!(err, KeyHolderError::InvalidKey));
let good_key = SafeCell::new(b"test-seal-key".to_vec());
actor.try_unseal(good_key).await.unwrap();

16
server/crates/arbiter-server/tests/keyholder/storage.rs
View File

@@ -2,7 +2,7 @@ use std::collections::HashSet;
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use arbiter_server::{
actors::keyholder::Error,
actors::keyholder::KeyHolderError,
crypto::encryption::v1::Nonce,
db::{self, models, schema},
};
@@ -14,7 +14,7 @@ use crate::common;
#[tokio::test]
#[test_log::test]
async fn test_create_decrypt_roundtrip() {
async fn create_decrypt_roundtrip() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
@@ -30,17 +30,17 @@ async fn test_create_decrypt_roundtrip() {
#[tokio::test]
#[test_log::test]
async fn test_decrypt_nonexistent_returns_not_found() {
async fn decrypt_nonexistent_returns_not_found() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
let err = actor.decrypt(9999).await.unwrap_err();
assert!(matches!(err, Error::NotFound));
assert!(matches!(err, KeyHolderError::NotFound));
}
#[tokio::test]
#[test_log::test]
async fn test_ciphertext_differs_across_entries() {
async fn ciphertext_differs_across_entries() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
@@ -78,7 +78,7 @@ async fn test_ciphertext_differs_across_entries() {
#[tokio::test]
#[test_log::test]
async fn test_nonce_never_reused() {
async fn nonce_never_reused() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
@@ -142,7 +142,7 @@ async fn broken_db_nonce_format_fails_closed() {
.create_new(SafeCell::new(b"must fail".to_vec()))
.await
.unwrap_err();
assert!(matches!(err, Error::BrokenDatabase));
assert!(matches!(err, KeyHolderError::BrokenDatabase));
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_keyholder(&db).await;
@@ -159,5 +159,5 @@ async fn broken_db_nonce_format_fails_closed() {
drop(conn);
let err = actor.decrypt(id).await.unwrap_err();
assert!(matches!(err, Error::BrokenDatabase));
assert!(matches!(err, KeyHolderError::BrokenDatabase));
}

44
server/crates/arbiter-server/tests/user_agent/auth.rs
View File

@@ -16,10 +16,14 @@ use arbiter_server::{
};
use diesel::{ExpressionMethods as _, QueryDsl, insert_into};
use diesel_async::RunQueryDsl;
use ml_dsa::{KeyGen, MlDsa87, SigningKey, signature::Keypair as _};
use ml_dsa::{KeyGen, MlDsa87, SigningKey, VerifyingKey, signature::Keypair};
use super::common::ChannelTransport;
fn verifying_key(key: &SigningKey<MlDsa87>) -> VerifyingKey<MlDsa87> {
<SigningKey<MlDsa87> as Keypair>::verifying_key(key)
}
fn sign_useragent_challenge(
key: &SigningKey<MlDsa87>,
nonce: i32,
@@ -34,7 +38,7 @@ fn sign_useragent_challenge(
#[tokio::test]
#[test_log::test]
pub async fn test_bootstrap_token_auth() {
pub async fn bootstrap_token_auth() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
actors
@@ -56,7 +60,7 @@ pub async fn test_bootstrap_token_auth() {
let new_key = MlDsa87::key_gen(&mut rand::rng());
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
bootstrap_token: Some(token),
})
.await
@@ -79,12 +83,12 @@ pub async fn test_bootstrap_token_auth() {
.first::<Vec<u8>>(&mut conn)
.await
.unwrap();
assert_eq!(stored_pubkey, new_key.verifying_key().encode().to_vec());
assert_eq!(stored_pubkey, verifying_key(&new_key).encode().0.to_vec());
}
#[tokio::test]
#[test_log::test]
pub async fn test_bootstrap_invalid_token_auth() {
pub async fn bootstrap_invalid_token_auth() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
@@ -98,8 +102,8 @@ pub async fn test_bootstrap_invalid_token_auth() {
let new_key = MlDsa87::key_gen(&mut rand::rng());
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
bootstrap_token: Some("invalid_token".to_string()),
pubkey: verifying_key(&new_key).into(),
bootstrap_token: Some("invalid_token".to_owned()),
})
.await
.unwrap();
@@ -120,7 +124,7 @@ pub async fn test_bootstrap_invalid_token_auth() {
#[tokio::test]
#[test_log::test]
pub async fn test_challenge_auth() {
pub async fn challenge_auth() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
actors
@@ -132,7 +136,7 @@ pub async fn test_challenge_auth() {
.unwrap();
let new_key = MlDsa87::key_gen(&mut rand::rng());
let pubkey_bytes = new_key.verifying_key().encode().to_vec();
let pubkey_bytes = authn::PublicKey::from(verifying_key(&new_key)).to_bytes();
{
let mut conn = db.get().await.unwrap();
@@ -149,7 +153,7 @@ pub async fn test_challenge_auth() {
&mut conn,
&actors.key_holder,
&UserAgentCredentials {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
nonce: 1,
},
id,
@@ -167,7 +171,7 @@ pub async fn test_challenge_auth() {
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
bootstrap_token: None,
})
.await
@@ -180,7 +184,7 @@ pub async fn test_challenge_auth() {
let challenge = match response {
Ok(resp) => match resp {
auth::Outbound::AuthChallenge { nonce } => nonce,
other => panic!("Expected AuthChallenge, got {other:?}"),
auth::Outbound::AuthSuccess => panic!("Expected AuthChallenge, got AuthSuccess"),
},
Err(err) => panic!("Expected Ok response, got Err({err:?})"),
};
@@ -208,7 +212,7 @@ pub async fn test_challenge_auth() {
#[tokio::test]
#[test_log::test]
pub async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() {
pub async fn challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
@@ -221,7 +225,7 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed()
.unwrap();
let new_key = MlDsa87::key_gen(&mut rand::rng());
let pubkey_bytes = new_key.verifying_key().encode().to_vec();
let pubkey_bytes = authn::PublicKey::from(verifying_key(&new_key)).to_bytes();
{
let mut conn = db.get().await.unwrap();
@@ -244,7 +248,7 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed()
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
bootstrap_token: None,
})
.await
@@ -258,7 +262,7 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed()
#[tokio::test]
#[test_log::test]
pub async fn test_challenge_auth_rejects_invalid_signature() {
pub async fn challenge_auth_rejects_invalid_signature() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
actors
@@ -270,7 +274,7 @@ pub async fn test_challenge_auth_rejects_invalid_signature() {
.unwrap();
let new_key = MlDsa87::key_gen(&mut rand::rng());
let pubkey_bytes = new_key.verifying_key().encode().to_vec();
let pubkey_bytes = authn::PublicKey::from(verifying_key(&new_key)).to_bytes();
{
let mut conn = db.get().await.unwrap();
@@ -287,7 +291,7 @@ pub async fn test_challenge_auth_rejects_invalid_signature() {
&mut conn,
&actors.key_holder,
&UserAgentCredentials {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
nonce: 1,
},
id,
@@ -305,7 +309,7 @@ pub async fn test_challenge_auth_rejects_invalid_signature() {
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key().into(),
pubkey: verifying_key(&new_key).into(),
bootstrap_token: None,
})
.await
@@ -318,7 +322,7 @@ pub async fn test_challenge_auth_rejects_invalid_signature() {
let challenge = match response {
Ok(resp) => match resp {
auth::Outbound::AuthChallenge { nonce } => nonce,
other => panic!("Expected AuthChallenge, got {other:?}"),
auth::Outbound::AuthSuccess => panic!("Expected AuthChallenge, got AuthSuccess"),
},
Err(err) => panic!("Expected Ok response, got Err({err:?})"),
};

8
server/crates/arbiter-server/tests/user_agent/unseal.rs
View File

@@ -69,7 +69,7 @@ async fn client_dh_encrypt(
#[tokio::test]
#[test_log::test]
pub async fn test_unseal_success() {
pub async fn unseal_success() {
let seal_key = b"test-seal-key";
let (_db, user_agent) = setup_sealed_user_agent(seal_key).await;
@@ -81,7 +81,7 @@ pub async fn test_unseal_success() {
#[tokio::test]
#[test_log::test]
pub async fn test_unseal_wrong_seal_key() {
pub async fn unseal_wrong_seal_key() {
let (_db, user_agent) = setup_sealed_user_agent(b"correct-key").await;
let encrypted_key = client_dh_encrypt(&user_agent, b"wrong-key").await;
@@ -97,7 +97,7 @@ pub async fn test_unseal_wrong_seal_key() {
#[tokio::test]
#[test_log::test]
pub async fn test_unseal_corrupted_ciphertext() {
pub async fn unseal_corrupted_ciphertext() {
let (_db, user_agent) = setup_sealed_user_agent(b"test-key").await;
let client_secret = EphemeralSecret::random();
@@ -128,7 +128,7 @@ pub async fn test_unseal_corrupted_ciphertext() {
#[tokio::test]
#[test_log::test]
pub async fn test_unseal_retry_after_invalid_key() {
pub async fn unseal_retry_after_invalid_key() {
let seal_key = b"real-seal-key";
let (_db, user_agent) = setup_sealed_user_agent(seal_key).await;