-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
/
Copy patht0165-keystore.sh
executable file
·232 lines (190 loc) · 7.24 KB
/
t0165-keystore.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
#!/usr/bin/env bash
#
# Copyright (c) 2017 Jeromy Johnson
# MIT Licensed; see the LICENSE file in this repository.
#
test_description="Test keystore commands"
. lib/test-lib.sh
test_init_ipfs
test_key_cmd() {
# test key output format
test_expect_success "create an RSA key and test B58MH/B36CID output formats" '
PEERID=$(ipfs key gen --ipns-base=b58mh --type=rsa --size=2048 key_rsa) &&
test_check_rsa2048_b58mh_peerid $PEERID &&
ipfs key rm key_rsa &&
PEERID=$(ipfs key gen --ipns-base=base36 --type=rsa --size=2048 key_rsa) &&
test_check_rsa2048_base36_peerid $PEERID
'
test_expect_success "test RSA key sk export format" '
ipfs key export key_rsa &&
test_check_rsa2048_sk key_rsa.key &&
rm key_rsa.key
'
test_expect_success "test RSA key B58MH/B36CID multihash format" '
PEERID=$(ipfs key list --ipns-base=b58mh -l | grep key_rsa | head -n 1 | cut -d " " -f1) &&
test_check_rsa2048_b58mh_peerid $PEERID &&
PEERID=$(ipfs key list --ipns-base=base36 -l | grep key_rsa | head -n 1 | cut -d " " -f1) &&
test_check_rsa2048_base36_peerid $PEERID &&
ipfs key rm key_rsa
'
test_expect_success "create an ED25519 key and test B58MH/B36CID output formats" '
PEERID=$(ipfs key gen --ipns-base=b58mh --type=ed25519 key_ed25519) &&
test_check_ed25519_b58mh_peerid $PEERID &&
ipfs key rm key_ed25519 &&
PEERID=$(ipfs key gen --ipns-base=base36 --type=ed25519 key_ed25519) &&
test_check_ed25519_base36_peerid $PEERID
'
test_expect_success "test ED25519 key sk export format" '
ipfs key export key_ed25519 &&
test_check_ed25519_sk key_ed25519.key &&
rm key_ed25519.key
'
test_expect_success "test ED25519 key B58MH/B36CID multihash format" '
PEERID=$(ipfs key list --ipns-base=b58mh -l | grep key_ed25519 | head -n 1 | cut -d " " -f1) &&
test_check_ed25519_b58mh_peerid $PEERID &&
PEERID=$(ipfs key list --ipns-base=base36 -l | grep key_ed25519 | head -n 1 | cut -d " " -f1) &&
test_check_ed25519_base36_peerid $PEERID &&
ipfs key rm key_ed25519
'
# end of format test
test_expect_success "create a new rsa key" '
rsahash=$(ipfs key gen generated_rsa_key --type=rsa --size=2048)
echo $rsahash > rsa_key_id
'
test_key_import_export_all_formats rsa_key
test_expect_success "create a new ed25519 key" '
edhash=$(ipfs key gen generated_ed25519_key --type=ed25519)
echo $edhash > ed25519_key_id
'
test_key_import_export_all_formats ed25519_key
test_expect_success "test export file option" '
ipfs key export generated_rsa_key -o=named_rsa_export_file &&
test_cmp generated_rsa_key.key named_rsa_export_file &&
ipfs key export generated_ed25519_key -o=named_ed25519_export_file &&
test_cmp generated_ed25519_key.key named_ed25519_export_file
'
test_expect_success "key export can't export self" '
test_must_fail ipfs key export self 2>&1 | tee key_exp_out &&
grep -q "Error: cannot export key with name" key_exp_out &&
test_must_fail ipfs key export self -o=selfexport 2>&1 | tee key_exp_out &&
grep -q "Error: cannot export key with name" key_exp_out
'
test_expect_success "key import can't import self" '
ipfs key gen overwrite_self_import &&
ipfs key export overwrite_self_import &&
test_must_fail ipfs key import self overwrite_self_import.key 2>&1 | tee key_imp_out &&
grep -q "Error: cannot import key with name" key_imp_out &&
ipfs key rm overwrite_self_import &&
rm overwrite_self_import.key
'
test_expect_success "add a default key" '
ipfs key gen quxel
'
test_expect_success "all keys show up in list output" '
echo generated_ed25519_key > list_exp &&
echo generated_rsa_key >> list_exp &&
echo quxel >> list_exp &&
echo self >> list_exp
ipfs key list > list_out &&
test_sort_cmp list_exp list_out
'
test_expect_success "key hashes show up in long list output" '
ipfs key list -l | grep $edhash > /dev/null &&
ipfs key list -l | grep $rsahash > /dev/null
'
test_expect_success "key list -l contains self key with peerID" '
PeerID="$(ipfs config Identity.PeerID)"
ipfs key list -l --ipns-base=b58mh | grep "$PeerID\s\+self"
'
test_expect_success "key rm remove a key" '
ipfs key rm generated_rsa_key
echo generated_ed25519_key > list_exp &&
echo quxel >> list_exp &&
echo self >> list_exp
ipfs key list > list_out &&
test_sort_cmp list_exp list_out
'
test_expect_success "key rm can't remove self" '
test_must_fail ipfs key rm self 2>&1 | tee key_rm_out &&
grep -q "Error: cannot remove key with name" key_rm_out
'
test_expect_success "key rename rename a key" '
ipfs key rename generated_ed25519_key fooed
echo fooed > list_exp &&
echo quxel >> list_exp &&
echo self >> list_exp
ipfs key list > list_out &&
test_sort_cmp list_exp list_out
'
test_expect_success "key rename rename key output succeeds" '
key_content=$(ipfs key gen key1 --type=rsa --size=2048) &&
ipfs key rename key1 key2 >rs &&
echo "Key $key_content renamed to key2" >expect &&
test_cmp rs expect
'
test_expect_success "key rename can't rename self" '
test_must_fail ipfs key rename self bar 2>&1 | tee key_rename_out &&
grep -q "Error: cannot rename key with name" key_rename_out
'
test_expect_success "key rename can't overwrite self, even with force" '
test_must_fail ipfs key rename -f fooed self 2>&1 | tee key_rename_out &&
grep -q "Error: cannot overwrite key with name" key_rename_out
'
test_launch_ipfs_daemon
test_expect_success "online import rsa key" '
ipfs key import generated_rsa_key generated_rsa_key.key > roundtrip_rsa_key_id &&
test_cmp rsa_key_id roundtrip_rsa_key_id
'
# export works directly on the keystore present in IPFS_PATH
test_expect_success "prepare ed25519 key while daemon is running" '
edhash=$(ipfs key gen generated_ed25519_key --type=ed25519)
echo $edhash > ed25519_key_id
'
test_key_import_export_all_formats ed25519_key
test_expect_success "key export over HTTP /api/v0/key/export is not possible" '
ipfs key gen nohttpexporttest_key --type=ed25519 &&
curl -X POST -sI "http://$API_ADDR/api/v0/key/export&arg=nohttpexporttest_key" | grep -q "^HTTP/1.1 404 Not Found"
'
test_expect_success "online rotate rsa key" '
test_must_fail ipfs key rotate
'
test_kill_ipfs_daemon
}
test_check_rsa2048_sk() {
sklen=$(ls -l $1 | awk '{print $5}') &&
test "$sklen" -lt "1600" && test "$sklen" -gt "1000" || {
echo "Bad RSA2048 sk '$1' with len '$sklen'"
return 1
}
}
test_check_ed25519_sk() {
sklen=$(ls -l $1 | awk '{print $5}') &&
test "$sklen" -lt "100" && test "$sklen" -gt "30" || {
echo "Bad ED25519 sk '$1' with len '$sklen'"
return 1
}
}
test_key_import_export_all_formats() {
KEY_NAME=$1
test_key_import_export $KEY_NAME pem-pkcs8-cleartext
test_key_import_export $KEY_NAME libp2p-protobuf-cleartext
}
test_key_import_export() {
local KEY_NAME FORMAT
KEY_NAME=$1
FORMAT=$2
ORIG_KEY="generated_$KEY_NAME"
if [ $FORMAT == "pem-pkcs8-cleartext" ]; then
FILE_EXT="pem"
else
FILE_EXT="key"
fi
test_expect_success "export and import $KEY_NAME with format $FORMAT" '
ipfs key export $ORIG_KEY --format=$FORMAT &&
ipfs key rm $ORIG_KEY &&
ipfs key import $ORIG_KEY $ORIG_KEY.$FILE_EXT --format=$FORMAT > imported_key_id &&
test_cmp ${KEY_NAME}_id imported_key_id
'
}
test_key_cmd
test_done