field_lib

Cross-platform Rust runtime for Radroots iOS and Android apps
git clone https://radroots.dev/git/field_lib.git
Log | Files | Refs | README | LICENSE

key_management.rs (4699B)

      1 #![cfg(feature = "nostr-client")]
      2 
      3 use radroots_field_core::RadrootsRuntime;
      4 
      5 #[test]
      6 fn identity_reset_all_removes_selected_and_unselected_identities() {
      7     let runtime = RadrootsRuntime::new().expect("runtime");
      8     let selected_identity = radroots_identity::RadrootsIdentity::generate();
      9     let other_identity = radroots_identity::RadrootsIdentity::generate();
     10 
     11     let selected = runtime
     12         .nostr_identity_restore_host_custody_secret(
     13             selected_identity.secret_key_hex(),
     14             Some("selected".to_string()),
     15             true,
     16         )
     17         .expect("selected identity");
     18     let other = runtime
     19         .nostr_identity_restore_host_custody_secret(
     20             other_identity.secret_key_hex(),
     21             Some("other".to_string()),
     22             false,
     23         )
     24         .expect("other identity");
     25 
     26     let snapshot = runtime.nostr_identity_snapshot().expect("snapshot");
     27     assert!(snapshot.has_selected_signing_identity);
     28     assert_eq!(
     29         snapshot.selected_identity_id.as_deref(),
     30         Some(selected.id.as_str())
     31     );
     32     assert!(selected.is_selected);
     33     assert!(!other.is_selected);
     34     assert_eq!(snapshot.identities.len(), 2);
     35 
     36     runtime
     37         .nostr_identity_reset_host_custody_runtime()
     38         .expect("reset all");
     39 
     40     let snapshot = runtime.nostr_identity_snapshot().expect("reset snapshot");
     41     assert!(!snapshot.has_selected_signing_identity);
     42     assert_eq!(snapshot.selected_identity_id, None);
     43     assert_eq!(snapshot.selected_npub, None);
     44     assert!(snapshot.identities.is_empty());
     45     assert!(runtime.nostr_identity_list().expect("list").is_empty());
     46 
     47     assert!(runtime.nostr_identity_remove(other.id).is_err());
     48 }
     49 
     50 #[test]
     51 fn host_custody_secret_validation_derives_public_identity_without_runtime_mutation() {
     52     let runtime = RadrootsRuntime::new().expect("runtime");
     53     let host_identity = radroots_identity::RadrootsIdentity::generate();
     54 
     55     let validated = runtime
     56         .nostr_identity_validate_host_custody_secret(host_identity.secret_key_hex())
     57         .expect("validate host custody secret");
     58 
     59     assert_eq!(validated.id, host_identity.id().to_string());
     60     assert_eq!(validated.public_key_hex, host_identity.public_key_hex());
     61     assert_eq!(validated.public_key_npub, host_identity.public_key_npub());
     62     assert!(!runtime.nostr_identity_has_selected_signing_identity());
     63     assert!(
     64         runtime
     65             .nostr_identity_snapshot()
     66             .expect("snapshot")
     67             .identities
     68             .is_empty()
     69     );
     70 }
     71 
     72 #[test]
     73 fn host_custody_secret_restore_recreates_runtime_signing_identity_after_lock() {
     74     let runtime = RadrootsRuntime::new().expect("runtime");
     75     let host_identity = radroots_identity::RadrootsIdentity::generate();
     76     let secret_key = host_identity.secret_key_hex();
     77 
     78     let restored = runtime
     79         .nostr_identity_restore_host_custody_secret(
     80             secret_key.clone(),
     81             Some("local custody".to_string()),
     82             true,
     83         )
     84         .expect("restore host secret");
     85     assert_eq!(restored.public_key_hex, host_identity.public_key_hex());
     86     assert!(restored.is_selected);
     87     assert!(runtime.nostr_identity_has_selected_signing_identity());
     88 
     89     runtime
     90         .nostr_identity_lock_host_custody_runtime()
     91         .expect("clear runtime state");
     92     let locked = runtime.nostr_identity_snapshot().expect("locked snapshot");
     93     assert!(!locked.has_selected_signing_identity);
     94     assert!(locked.identities.is_empty());
     95     assert!(!runtime.nostr_identity_has_selected_signing_identity());
     96 
     97     let restored_again = runtime
     98         .nostr_identity_restore_host_custody_secret(
     99             secret_key,
    100             Some("local custody".to_string()),
    101             true,
    102         )
    103         .expect("restore host secret again");
    104     assert_eq!(
    105         restored_again.public_key_hex,
    106         host_identity.public_key_hex()
    107     );
    108     assert!(runtime.nostr_identity_has_selected_signing_identity());
    109 }
    110 
    111 #[test]
    112 fn invalid_host_custody_secret_is_rejected_before_runtime_mutation() {
    113     let runtime = RadrootsRuntime::new().expect("runtime");
    114 
    115     assert!(
    116         runtime
    117             .nostr_identity_validate_host_custody_secret("not-a-secret".to_string())
    118             .is_err()
    119     );
    120     assert!(
    121         runtime
    122             .nostr_identity_restore_host_custody_secret(
    123                 "not-a-secret".to_string(),
    124                 Some("bad".to_string()),
    125                 true,
    126             )
    127             .is_err()
    128     );
    129     assert!(!runtime.nostr_identity_has_selected_signing_identity());
    130     assert!(
    131         runtime
    132             .nostr_identity_snapshot()
    133             .expect("snapshot")
    134             .identities
    135             .is_empty()
    136     );
    137 }