-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathintegration_test.go
More file actions
225 lines (193 loc) · 7.47 KB
/
integration_test.go
File metadata and controls
225 lines (193 loc) · 7.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
package main
import (
"bytes"
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
"testing"
)
func TestIntegration(t *testing.T) {
// Build the binary
tmpDir := t.TempDir()
binPath := filepath.Join(tmpDir, "bip32-ssh-keygen")
buildCmd := exec.Command("go", "build", "-o", binPath, ".")
if err := buildCmd.Run(); err != nil {
t.Fatalf("failed to build binary: %v", err)
}
t.Run("Full lifecycle: generate then derive", func(t *testing.T) {
// 1. Generate mnemonic
genCmd := exec.Command(binPath, "generate")
var genOut bytes.Buffer
genCmd.Stdout = &genOut
if err := genCmd.Run(); err != nil {
t.Fatalf("failed to generate mnemonic: %v", err)
}
mnemonic := strings.TrimSpace(genOut.String())
if mnemonic == "" {
t.Fatal("generated mnemonic is empty")
}
// 2. Derive SSH key
keyPath := filepath.Join(tmpDir, "id_ed25519_lifecycle")
deriveCmd := exec.Command(binPath, "derive", "--output", keyPath, "--force")
deriveCmd.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd.Run(); err != nil {
t.Fatalf("failed to derive key: %v", err)
}
// 3. Validate with ssh-keygen
verifyCmd := exec.Command("ssh-keygen", "-l", "-f", keyPath)
if err := verifyCmd.Run(); err != nil {
t.Fatalf("ssh-keygen failed to validate the derived key: %v", err)
}
// 4. Check permissions
info, err := os.Stat(keyPath)
if err != nil {
t.Fatalf("failed to stat private key: %v", err)
}
if mode := info.Mode().Perm(); mode != 0600 {
t.Errorf("expected private key permissions 0600, got %o", mode)
}
pubInfo, err := os.Stat(keyPath + ".pub")
if err != nil {
t.Fatalf("failed to stat public key: %v", err)
}
if mode := pubInfo.Mode().Perm(); mode != 0644 {
t.Errorf("expected public key permissions 0644, got %o", mode)
}
})
t.Run("Determinism: same input produces same output", func(t *testing.T) {
mnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
keyPath1 := filepath.Join(tmpDir, "id_ed25519_det1")
deriveCmd1 := exec.Command(binPath, "derive", "--output", keyPath1, "--force")
deriveCmd1.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd1.Run(); err != nil {
t.Fatalf("first derivation failed: %v", err)
}
keyPath2 := filepath.Join(tmpDir, "id_ed25519_det2")
deriveCmd2 := exec.Command(binPath, "derive", "--output", keyPath2, "--force")
deriveCmd2.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd2.Run(); err != nil {
t.Fatalf("second derivation failed: %v", err)
}
content1, _ := os.ReadFile(keyPath1)
content2, _ := os.ReadFile(keyPath2)
if !bytes.Equal(content1, content2) {
// The private key contains a random salt in the OpenSSH format even for the same key.
// We should compare the public keys instead for determinism.
t.Log("Private keys differ (expected due to random salt in OpenSSH format)")
}
pubContent1, _ := os.ReadFile(keyPath1 + ".pub")
pubContent2, _ := os.ReadFile(keyPath2 + ".pub")
if !bytes.Equal(pubContent1, pubContent2) {
t.Error("public keys are not identical for same mnemonic")
}
})
t.Run("Cross-path: different paths produce different keys", func(t *testing.T) {
mnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
keyPath1 := filepath.Join(tmpDir, "id_ed25519_path1")
deriveCmd1 := exec.Command(binPath, "derive", "--output", keyPath1, "--path", "m/44'/0'/0'/0'", "--force")
deriveCmd1.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd1.Run(); err != nil {
t.Fatalf("derivation 1 failed: %v", err)
}
keyPath2 := filepath.Join(tmpDir, "id_ed25519_path2")
deriveCmd2 := exec.Command(binPath, "derive", "--output", keyPath2, "--path", "m/44'/0'/0'/1'", "--force")
deriveCmd2.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd2.Run(); err != nil {
t.Fatalf("derivation 2 failed: %v", err)
}
content1, _ := os.ReadFile(keyPath1)
content2, _ := os.ReadFile(keyPath2)
if bytes.Equal(content1, content2) {
t.Error("private keys are identical for different paths")
}
})
t.Run("Passphrase: same mnemonic with/without passphrase produces different keys", func(t *testing.T) {
mnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
keyPath1 := filepath.Join(tmpDir, "id_ed25519_pass1")
deriveCmd1 := exec.Command(binPath, "derive", "--output", keyPath1, "--force")
deriveCmd1.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd1.Run(); err != nil {
t.Fatalf("derivation without passphrase failed: %v", err)
}
keyPath2 := filepath.Join(tmpDir, "id_ed25519_pass2")
deriveCmd2 := exec.Command(binPath, "derive", "--output", keyPath2, "--passphrase", "correct horse battery staple", "--force")
deriveCmd2.Stdin = strings.NewReader(mnemonic)
if err := deriveCmd2.Run(); err != nil {
t.Fatalf("derivation with passphrase failed: %v", err)
}
content1, _ := os.ReadFile(keyPath1)
content2, _ := os.ReadFile(keyPath2)
if bytes.Equal(content1, content2) {
t.Error("private keys are identical despite different passphrases")
}
})
t.Run("Generate flag: derive --generate creates keys and prints mnemonic", func(t *testing.T) {
keyPath := filepath.Join(tmpDir, "id_ed25519_generate")
genCmd := exec.Command(binPath, "derive", "--generate", "--output", keyPath, "--force")
var genOut bytes.Buffer
genCmd.Stdout = &genOut
if err := genCmd.Run(); err != nil {
t.Fatalf("failed to derive with --generate: %v", err)
}
// Parse the output to extract the mnemonic (between "Generated mnemonic:" and the first blank line)
output := genOut.String()
lines := strings.Split(output, "\n")
var mnemonic string
for i, line := range lines {
if strings.HasPrefix(line, "Generated mnemonic:") {
if i+1 < len(lines) {
mnemonic = strings.TrimSpace(lines[i+1])
break
}
}
}
if mnemonic == "" {
t.Fatalf("could not extract mnemonic from output: %s", output)
}
// Verify mnemonic has expected format (24 words)
words := strings.Split(mnemonic, " ")
if len(words) != 24 {
t.Errorf("expected 24 words in mnemonic, got %d", len(words))
}
fmt.Printf("Generated mnemonic (first 4 words): %s...\n", strings.Join(words[:4], " "))
// Verify key files were created
if _, err := os.Stat(keyPath); err != nil {
t.Fatalf("private key not created: %v", err)
}
if _, err := os.Stat(keyPath + ".pub"); err != nil {
t.Fatalf("public key not created: %v", err)
}
// Validate with ssh-keygen
verifyCmd := exec.Command("ssh-keygen", "-l", "-f", keyPath)
if err := verifyCmd.Run(); err != nil {
t.Fatalf("ssh-keygen failed to validate key: %v", err)
}
})
t.Run("TUI subcommand: --help works", func(t *testing.T) {
tuiCmd := exec.Command(binPath, "tui", "--help")
out, err := tuiCmd.CombinedOutput()
if err != nil {
t.Fatalf("tui --help failed: %v, output: %s", err, string(out))
}
output := string(out)
if !strings.Contains(output, "tui") {
t.Error("tui --help output does not mention 'tui'")
}
if !strings.Contains(output, "-h") && !strings.Contains(output, "--help") {
t.Error("tui --help output does not mention help flag")
}
})
t.Run("Version check", func(t *testing.T) {
versionCmd := exec.Command(binPath, "--version")
out, err := versionCmd.CombinedOutput()
if err != nil {
t.Fatalf("--version failed: %v, output: %s", err, string(out))
}
output := string(out)
if !strings.Contains(output, "v0.2.0") {
t.Errorf("expected version v0.2.0 in output, got: %s", output)
}
})
}