Cradicle Explorer
auths
/ scripts / test_cli_default
test_cli_default
  1  #!/bin/bash
  2  
  3  # Exit immediately if a command exits with a non-zero status.
  4  set -e
  5  
  6  # Ensure auths is installed/updated
  7  echo "--- Building/Installing auths-cli ---"
  8  cargo install --path crates/auths-cli --force
  9  echo "--- Installation Complete ---"
 10  
 11  
 12  echo "--- SCENARIO 1: Testing Default Layout ---"
 13  echo "Starting Test: $(date)"
 14  echo "======================================================"
 15  
 16  # --- Configuration ---
 17  TEST_DIR_DEFAULT="test_repo_default"
 18  # Default repo path is inside the test dir relative to execution
 19  REPO_ARG="." # Use current dir for --repo when running inside TEST_DIR_DEFAULT
 20  GIT_DIR=".git" # Relative .git path inside TEST_DIR_DEFAULT
 21  ID_ALIAS="default_id_key"
 22  ID_ALIAS_ROTATED="default_id_key_rotated" # Alias for the key after rotation
 23  DEVICE_ALIAS="default_dev1_key"
 24  PASSPHRASE_ID="pass_id_123"
 25  PASSPHRASE_ID_ROTATED="pass_id_rotated_789" # Passphrase for the rotated key
 26  PASSPHRASE_DEV="pass_dev_456"
 27  METADATA_FILE="metadata_default.json"
 28  DEVICE_SEED_FILE="device1_default.seed"
 29  # Ensure we handle potential CR characters (\r) from windowsy output
 30  CR=$(printf '\r')
 31  
 32  # --- Cleanup Function ---
 33  cleanup() {
 34    echo "" # Newline before cleanup
 35    echo "--- Cleaning up Scenario 1 ---"
 36    # Use || true to ignore errors if alias/files don't exist
 37    # Go up one level to delete the test dir, as script runs inside it
 38    cd ..
 39    auths key delete --alias "$ID_ALIAS" || true
 40    # *** Add rotated key alias to cleanup ***
 41    auths key delete --alias "$ID_ALIAS_ROTATED" || true
 42    auths key delete --alias "$DEVICE_ALIAS" || true
 43    rm -rf "$TEST_DIR_DEFAULT"
 44    rm -f "$METADATA_FILE" "$DEVICE_SEED_FILE" # Clean up files created outside test dir
 45    echo "Cleanup complete."
 46  }
 47  # Execute cleanup on exit or interruption signals
 48  trap cleanup EXIT HUP INT QUIT TERM
 49  
 50  # --- Setup ---
 51  echo ""
 52  echo "--- Setup ---"
 53  rm -rf "$TEST_DIR_DEFAULT" # Ensure clean start
 54  mkdir "$TEST_DIR_DEFAULT"
 55  cd "$TEST_DIR_DEFAULT" # Run subsequent commands inside the test dir
 56  
 57  # Create sample metadata file
 58  echo '{ "name": "Default Test User", "email": "default@example.com" }' > "$METADATA_FILE"
 59  # Create sample 32-byte seed file for the device
 60  head -c 32 /dev/urandom > "$DEVICE_SEED_FILE"
 61  echo "Setup complete."
 62  
 63  # --- Test Initialization ---
 64  echo ""
 65  echo "--- Testing: id init (Default Layout) ---"
 66  # Use --repo . because we are inside the test dir
 67  # Feed passphrase via stdin
 68  echo "$PASSPHRASE_ID" | auths --repo "$REPO_ARG" id init \
 69    --metadata-file "$METADATA_FILE" \
 70    --local-key-alias "$ID_ALIAS"
 71  
 72  # --- Verification ---
 73  echo ""
 74  echo "--- Verifying Initialization ---"
 75  echo "[Verifying] Listing keys..."
 76  auths key list | grep "$ID_ALIAS"
 77  echo "[Verifying] Showing identity info..."
 78  # Use --repo . ; Use more robust awk; Ignore KEL errors
 79  CONTROLLER_DID=$(auths --repo "$REPO_ARG" id show 2>/dev/null | grep 'Controller DID:' | awk -F': ' '{print $2}')
 80  echo "[Verification] Controller DID found: [$CONTROLLER_DID]"
 81  auths --repo "$REPO_ARG" id show 2>/dev/null | grep 'default@example.com'
 82  echo "[Verifying] Checking Git repository structure..."
 83  ls "$GIT_DIR" # Check .git exists
 84  # Check if the default identity ref exists using rev-parse
 85  echo "[Verifying] git rev-parse --verify 'refs/auths/identity'..."
 86  git --git-dir="$GIT_DIR" rev-parse --verify "refs/auths/identity" > /dev/null
 87  echo "[Verification] Default identity ref 'refs/auths/identity' found and verified."
 88  # Check identity blob name
 89  COMMIT_HASH=$(git --git-dir="$GIT_DIR" rev-parse "refs/auths/identity")
 90  git --git-dir="$GIT_DIR" ls-tree "$COMMIT_HASH" | grep "identity.json"
 91  echo "[Verification] Default identity blob 'identity.json' found."
 92  # Check KEL ref exists
 93  DID_PREFIX=${CONTROLLER_DID#"did:keri:"}
 94  KEL_REF_PATH="refs/did/keri/${DID_PREFIX}/kel"
 95  echo "[Verifying] git rev-parse --verify '$KEL_REF_PATH'..."
 96  git --git-dir="$GIT_DIR" rev-parse --verify "$KEL_REF_PATH" > /dev/null
 97  echo "[Verification] KEL ref '$KEL_REF_PATH' found and verified."
 98  
 99  
100  # --- Test Key Import ---
101  echo ""
102  echo "--- Testing: key import ---"
103  # Feed passphrase via stdin
104  echo "$PASSPHRASE_DEV" | auths key import \
105    --alias "$DEVICE_ALIAS" \
106    --seed-file "$DEVICE_SEED_FILE" \
107    --controller-did "$CONTROLLER_DID"
108  
109  # --- Verification ---
110  echo ""
111  echo "--- Verifying Key Import ---"
112  echo "[Verifying] Listing keys..."
113  auths key list | grep "$ID_ALIAS"
114  auths key list | grep "$DEVICE_ALIAS"
115  
116  # --- Test Device Link ---
117  echo ""
118  echo "--- Testing: device link ---"
119  # Derive device DID using shell expansion
120  DERIVE_DID_OUTPUT_RAW=$(auths util derive-did --seed-hex $(xxd -p -c 256 "$DEVICE_SEED_FILE"))
121  DERIVE_DID_OUTPUT=${DERIVE_DID_OUTPUT_RAW%$CR}
122  DEVICE_DID=${DERIVE_DID_OUTPUT##*DID: }
123  DEVICE_DID=$(echo "$DEVICE_DID" | awk '{$1=$1};1') # Trim whitespace
124  echo "Debug: Device DID extracted: [$DEVICE_DID]"
125  
126  # Link device, providing passphrases via stdin (Device, Identity, Device)
127  echo -e "$PASSPHRASE_DEV\n$PASSPHRASE_ID\n$PASSPHRASE_DEV" | auths --repo "$REPO_ARG" device link \
128    --identity-key-alias "$ID_ALIAS" \
129    --device-key-alias "$DEVICE_ALIAS" \
130    --device-did "$DEVICE_DID" \
131    --note "Default layout test device" \
132    --expires-in-days 30
133  
134  # --- Verification ---
135  echo ""
136  echo "--- Verifying Device Link ---"
137  echo "[Verifying] Showing devices..."
138  # Use --repo . ; Ignore KEL errors
139  auths --repo "$REPO_ARG" id show-devices 2>/dev/null | grep "$DEVICE_DID" | grep "active"
140  auths --repo "$REPO_ARG" id show-devices 2>/dev/null | grep "Default layout test device"
141  echo "[Verifying] Checking Git repository structure..."
142  # Calculate expected ref path
143  shopt -s extglob # Enable extended globbing (bash)
144  SANITIZED_DID=${DEVICE_DID//[^[:alnum:]]/_} # Replace non-alphanumeric with _
145  shopt -u extglob # Disable extended globbing
146  DEVICE_REF_PATH="refs/auths/devices/nodes/${SANITIZED_DID}/signatures"
147  echo "Debug: Calculated Device Ref Path: [$DEVICE_REF_PATH]"
148  # Check if the default attestation ref exists using rev-parse
149  echo "[Verifying] git rev-parse --verify '$DEVICE_REF_PATH'..."
150  git --git-dir="$GIT_DIR" rev-parse --verify "$DEVICE_REF_PATH" > /dev/null
151  echo "[Verification] Default device ref '$DEVICE_REF_PATH' found and verified."
152  # Check attestation blob name
153  DEV_COMMIT_HASH=$(git --git-dir="$GIT_DIR" rev-parse "$DEVICE_REF_PATH")
154  git --git-dir="$GIT_DIR" ls-tree "$DEV_COMMIT_HASH" | grep "attestation.json"
155  echo "[Verification] Default attestation blob 'attestation.json' found."
156  
157  
158  # *** ADDED Test Identity Rotation ***
159  echo ""
160  echo "--- Testing: id rotate ---"
161  # Feed passphrases via stdin (current key, then new key)
162  echo -e "$PASSPHRASE_ID\n$PASSPHRASE_ID_ROTATED" | auths --repo "$REPO_ARG" id rotate \
163      --current-key-alias "$ID_ALIAS" \
164      --next-key-alias "$ID_ALIAS_ROTATED"
165      # Can add witness args here if needed: --add-witness B... --remove-witness B... --witness-threshold 1
166  
167  # --- Verification ---
168  echo ""
169  echo "--- Verifying Identity Rotation ---"
170  echo "[Verifying] Listing keys (should include rotated key)..."
171  auths key list | grep "$ID_ALIAS" # Original alias should still exist
172  auths key list | grep "$ID_ALIAS_ROTATED" # New alias should exist
173  echo "[Verifying] Checking KEL for rotation event..."
174  # Check the last commit message on the KEL ref
175  git --git-dir="$GIT_DIR" log -n 1 "$KEL_REF_PATH" --pretty=format:%s | grep "Rotation"
176  echo "[Verification] Rotation event found in KEL."
177  
178  
179  # --- Test Device Revoke ---
180  echo ""
181  echo "--- Testing: device revoke ---"
182  # *** Use the ROTATED identity key alias and passphrase ***
183  # Feed identity passphrase via stdin
184  echo "$PASSPHRASE_ID_ROTATED" | auths --repo "$REPO_ARG" device revoke \
185      --identity-key-alias "$ID_ALIAS_ROTATED" \
186      --device-did "$DEVICE_DID" \
187      --note "Revoking default test device post-rotation"
188  
189  # --- Verification ---
190  echo ""
191  echo "--- Verifying Device Revoke ---"
192  echo "[Verifying] Showing devices (should be empty)..."
193  # Use --repo . ; Ignore KEL errors
194  if auths --repo "$REPO_ARG" id show-devices 2>/dev/null | grep "$DEVICE_DID"; then
195      echo "ERROR: Revoked device still listed without --include-revoked!"
196      exit 1
197  else
198      echo "OK: Revoked device not listed by default."
199  fi
200  echo "[Verifying] Showing devices (including revoked)..."
201  # Use --repo . ; Ignore KEL errors
202  auths --repo "$REPO_ARG" id show-devices --include-revoked 2>/dev/null | grep "$DEVICE_DID" | grep "revoked"
203  # Check for the updated revoke note
204  auths --repo "$REPO_ARG" id show-devices --include-revoked 2>/dev/null | grep "Revoking default test device post-rotation"
205  echo "[Verifying] git ref '$DEVICE_REF_PATH' still exists..." # Revoke adds commit, doesn't delete ref
206  git --git-dir="$GIT_DIR" rev-parse --verify "$DEVICE_REF_PATH" > /dev/null
207  echo "[Verification] Device ref '$DEVICE_REF_PATH' still found and verified after revoke."
208  
209  
210  echo ""
211  echo "======================================================"
212  echo "--- SCENARIO 1: PASSED ---"
213  echo "Finished Test: $(date)"