func CreateAndSignupFakeUser(prefix string, g *libkb.GlobalContext) (*FakeUser, error) {
fu, err := NewFakeUser(prefix)
if err != nil {
return nil, err
}
arg := engine.SignupEngineRunArg{
Username: fu.Username,
Email: fu.Email,
InviteCode: testInviteCode,
Passphrase: fu.Passphrase,
DeviceName: "my device",
SkipGPG: true,
SkipMail: true,
}
ctx := &engine.Context{
LogUI: g.UI.GetLogUI(),
GPGUI: &gpgtestui{},
SecretUI: fu.NewSecretUI(),
LoginUI: &libkb.TestLoginUI{Username: fu.Username},
}
s := engine.NewSignupEngine(&arg, g)
if err := engine.RunEngine(s, ctx); err != nil {
return nil, err
}
fu.User, err = libkb.LoadUser(libkb.NewLoadUserByNameArg(g, fu.Username))
if err != nil {
return nil, err
}
return fu, nil
}
func (e *ListTrackingEngine) Run(ctx *Context) (err error) {
var user *libkb.User
if len(e.arg.ForAssertion) > 0 {
user, err = libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), e.arg.ForAssertion))
} else {
user, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
}
if err != nil {
return
}
var trackList TrackList
trackList = user.IDTable().GetTrackList()
trackList, err = filterRxx(trackList, e.arg.Filter)
if err != nil {
return
}
sort.Sort(trackList)
if e.arg.JSON {
err = e.runJSON(trackList, e.arg.Verbose)
} else {
err = e.runTable(trackList)
}
return
}
func (e *PGPPullEngine) runLoggedIn(ctx *Context, summaries []keybase1.UserSummary) error {
// Loop over the list of all users we track.
for _, userSummary := range summaries {
// Compute the set of tracked pgp fingerprints. LoadUser will fetch key
// data from the server, and we will compare it against this.
trackedFingerprints := make(map[string]bool)
for _, pubKey := range userSummary.Proofs.PublicKeys {
if pubKey.PGPFingerprint != "" {
trackedFingerprints[pubKey.PGPFingerprint] = true
}
}
// Get user data from the server.
user, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), userSummary.Username))
if err != nil {
ctx.LogUI.Errorf("Failed to load user %s: %s", userSummary.Username, err)
continue
}
if err = e.exportKeysToGPG(ctx, user, trackedFingerprints); err != nil {
return err
}
}
return nil
}
func assertUntracked(tc libkb.TestContext, username string) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatal(err)
}
them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, username))
if err != nil {
tc.T.Fatal(err)
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
tc.T.Fatal(err)
}
if s != nil {
tc.T.Fatal("expected not to get a tracking statement; but got one")
}
s, err = libkb.LocalTrackChainLinkFor(me.GetUID(), them.GetUID(), tc.G)
if err != nil {
tc.T.Fatal(err)
}
if s != nil {
tc.T.Fatal("expected not to get a local tracking statement; but got one")
}
}
func (e *TrackToken) loadThem(username string) error {
them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), username))
if err != nil {
return err
}
e.them = them
return nil
}
// loadUser will load the user by name specified in e.username.
func (e *LoginProvision) loadUser(ctx *Context) (*libkb.User, error) {
if len(e.username) == 0 {
return nil, libkb.NoUsernameError{}
}
e.G().Log.Debug("LoginProvision: loading user %s", e.username)
arg := libkb.NewLoadUserByNameArg(e.G(), e.username)
arg.PublicKeyOptional = true
return libkb.LoadUser(arg)
}
func TestSelectEngine(t *testing.T) {
tc := SetupEngineTest(t, "select")
defer tc.Cleanup()
fu := NewFakeUserOrBust(t, "se")
if err := tc.GenerateGPGKeyring(fu.Email); err != nil {
t.Fatal(err)
}
arg := MakeTestSignupEngineRunArg(fu)
arg.SkipGPG = false
s := NewSignupEngine(&arg, tc.G)
testui := &gpgtestui{}
ctx := &Context{
LogUI: tc.G.UI.GetLogUI(),
GPGUI: testui,
SecretUI: fu.NewSecretUI(),
LoginUI: &libkb.TestLoginUI{Username: fu.Username},
}
if err := RunEngine(s, ctx); err != nil {
t.Fatal(err)
}
fuUser, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, fu.Username))
if err != nil {
tc.T.Fatal(err)
}
publicKeys := fuUser.GetActivePGPKeys(false)
if len(publicKeys) != 1 {
tc.T.Fatal("There should be one generated PGP key")
}
key := publicKeys[0]
fp := fmt.Sprintf("%s", key.GetFingerprint())
garg := GPGImportKeyArg{
Query: fp,
AllowMulti: true,
SkipImport: false,
OnlyImport: false,
}
gpg := NewGPGImportKeyEngine(&garg, tc.G)
err = RunEngine(gpg, ctx)
// The GPGImportKeyEngine converts a multi select on the same key into
// an update, so our test checks that the update code ran, by counting
// on the test version of the update key prompt.
if testui.keyChosenCount != 1 {
tc.T.Fatal("Selected the same key twice and no update happened")
}
if len(gpg.duplicatedFingerprints) != 1 {
tc.T.Fatal("Server didn't return an error while updating")
}
if !key.GetFingerprint().Eq(gpg.duplicatedFingerprints[0]) {
tc.T.Fatal("Our fingerprint ID wasn't returned as up to date")
}
return
}
func getCurrentBTCAddr(tc libkb.TestContext, username string) string {
u, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, username))
if err != nil {
tc.T.Fatal(err)
}
cryptoLink := u.IDTable().ActiveCryptocurrency()
if cryptoLink == nil {
return ""
}
return cryptoLink.ToDisplayString()
}
func (h *UserHandler) LoadUserByName(_ context.Context, arg keybase1.LoadUserByNameArg) (user keybase1.User, err error) {
loadUserArg := libkb.NewLoadUserByNameArg(h.G(), arg.Username)
loadUserArg.PublicKeyOptional = true
u, err := libkb.LoadUser(loadUserArg)
if err != nil {
return
}
exportedUser := u.Export()
user = *exportedUser
return
}
// loadUser will prompt for username (if not provided) and load the user.
func (e *LoginProvision) loadUser(ctx *Context) (*libkb.User, error) {
if len(e.arg.Username) == 0 {
username, err := ctx.LoginUI.GetEmailOrUsername(context.TODO(), 0)
if err != nil {
return nil, err
}
e.arg.Username = username
}
arg := libkb.NewLoadUserByNameArg(e.G(), e.arg.Username)
arg.PublicKeyOptional = true
return libkb.LoadUser(arg)
}
func (e *ListTrackersEngine) ensureUID() error {
if e.uid.Exists() {
return nil
}
if len(e.username) == 0 {
e.uid = e.G().GetMyUID()
return nil
}
user, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), e.username))
if err != nil {
return err
}
e.uid = user.GetUID()
return nil
}
func (p *pgpPair) isTracking(meContext libkb.TestContext, username string) bool {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(meContext.G))
if err != nil {
p.t.Fatal(err)
}
them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(meContext.G, username))
if err != nil {
p.t.Fatal(err)
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
p.t.Fatal(err)
}
return s != nil
}
func (e *PGPPullEngine) Run(ctx *Context) error {
summaries, err := e.getTrackedUserSummaries(ctx)
if err != nil {
return err
}
gpgClient := libkb.NewGpgCLI(libkb.GpgCLIArg{
LogUI: ctx.LogUI,
})
err = gpgClient.Configure()
if err != nil {
return err
}
// Loop over the list of all users we track.
for _, userSummary := range summaries {
// Compute the set of tracked pgp fingerprints. LoadUser will fetch key
// data from the server, and we will compare it against this.
trackedFingerprints := make(map[string]bool)
for _, pubKey := range userSummary.Proofs.PublicKeys {
if pubKey.PGPFingerprint != "" {
trackedFingerprints[pubKey.PGPFingerprint] = true
}
}
// Get user data from the server.
user, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), userSummary.Username))
if err != nil {
ctx.LogUI.Errorf("Failed to load user %s: %s", userSummary.Username, err)
continue
}
for _, bundle := range user.GetActivePGPKeys(false) {
// Check each key against the tracked set.
if !trackedFingerprints[bundle.GetFingerprint().String()] {
ctx.LogUI.Warning("Keybase says that %s owns key %s, but you have not tracked this fingerprint before.", user.GetName(), bundle.GetFingerprint())
continue
}
err = gpgClient.ExportKey(*bundle)
if err != nil {
return err
}
ctx.LogUI.Info("Imported key for %s.", user.GetName())
}
}
return nil
}
// don't identify or track, just load the users
func (e *PGPKeyfinder) loadUsers(ctx *Context) {
if e.runerr != nil {
return
}
for _, u := range e.arg.Usernames {
arg := libkb.NewLoadUserByNameArg(e.G(), u)
user, err := libkb.LoadUser(arg)
if err != nil {
e.runerr = err
return
}
e.addUser(user, false)
}
}
func assertNotTracking(tc libkb.TestContext, username string) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatal(err)
}
them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, username))
if err != nil {
tc.T.Fatal(err)
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
tc.T.Fatal(err)
}
if s != nil {
tc.T.Errorf("a tracking statement exists for %s -> %s", me.GetName(), them.GetName())
}
}
func assertTracking(tc libkb.TestContext, username string) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatal(err)
}
them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, username))
if err != nil {
tc.T.Fatal(err)
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
tc.T.Fatal(err)
}
if s == nil {
tc.T.Fatal("expected a tracking statement; but didn't see one")
}
}
func getActiveDevicesAndKeys(tc libkb.TestContext, u *FakeUser) ([]*libkb.Device, []libkb.GenericKey) {
arg := libkb.NewLoadUserByNameArg(tc.G, u.Username)
arg.PublicKeyOptional = true
user, err := libkb.LoadUser(arg)
if err != nil {
tc.T.Fatal(err)
}
sibkeys := user.GetComputedKeyFamily().GetAllActiveSibkeys()
subkeys := user.GetComputedKeyFamily().GetAllActiveSubkeys()
activeDevices := []*libkb.Device{}
for _, device := range user.GetComputedKeyFamily().GetAllDevices() {
if device.Status != nil && *device.Status == libkb.DeviceStatusActive {
activeDevices = append(activeDevices, device)
}
}
return activeDevices, append(sibkeys, subkeys...)
}
// Run starts the engine.
func (e *loginLoadUser) Run(ctx *Context) error {
username, err := e.findUsername(ctx)
if err != nil {
return err
}
e.G().Log.Debug("loginLoadUser: found username %q", username)
arg := libkb.NewLoadUserByNameArg(e.G(), username)
arg.PublicKeyOptional = true
user, err := libkb.LoadUser(arg)
if err != nil {
return err
}
e.user = user
e.G().Log.Debug("loginLoadUser: found user %s for username %q", e.user.GetUID(), username)
return nil
}
func (e *Kex2Provisionee) addDeviceSibkey(jw *jsonw.Wrapper) error {
if e.device.Description == nil {
// need user to get existing device names
loadArg := libkb.NewLoadUserByNameArg(e.G(), e.username)
loadArg.LoginContext = e.ctx.LoginContext
user, err := libkb.LoadUser(loadArg)
if err != nil {
return err
}
existingDevices, err := user.DeviceNames()
if err != nil {
e.G().Log.Debug("proceeding despite error getting existing device names: %s", err)
}
e.G().Log.Debug("prompting for device name")
arg := keybase1.PromptNewDeviceNameArg{
ExistingDevices: existingDevices,
}
name, err := e.ctx.ProvisionUI.PromptNewDeviceName(context.TODO(), arg)
if err != nil {
return err
}
e.device.Description = &name
e.G().Log.Debug("got device name: %q", name)
}
s := libkb.DeviceStatusActive
e.device.Status = &s
e.device.Kid = e.eddsa.GetKID()
dw, err := e.device.Export(libkb.SibkeyType)
if err != nil {
return err
}
jw.SetValueAtPath("body.device", dw)
if err = jw.SetValueAtPath("body.sibkey.kid", jsonw.NewString(e.eddsa.GetKID().String())); err != nil {
return err
}
return nil
}
// HandleDidCounterSign implements HandleDidCounterSign in
// kex2.Provisionee interface.
func (e *Kex2Provisionee) HandleDidCounterSign(sig []byte) (err error) {
e.G().Log.Debug("+ HandleDidCounterSign()")
defer func() { e.G().Log.Debug("- HandleDidCounterSign() -> %s", libkb.ErrToOk(err)) }()
e.G().Log.Debug("HandleDidCounterSign sig: %s", string(sig))
// load self user (to load merkle root)
_, err = libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), e.username))
if err != nil {
return err
}
// decode sig
decSig, err := e.decodeSig(sig)
if err != nil {
return err
}
e.dh, err = libkb.GenerateNaclDHKeyPair()
if err != nil {
return err
}
// make a keyproof for the dh key, signed w/ e.eddsa
dhSig, dhSigID, err := e.dhKeyProof(e.dh, decSig.eldestKID, decSig.seqno, decSig.linkID)
if err != nil {
return err
}
// create the key args for eddsa, dh keys
eddsaArgs, err := makeKeyArgs(decSig.sigID, sig, libkb.SibkeyType, e.eddsa, decSig.eldestKID, decSig.signingKID)
if err != nil {
return err
}
dhArgs, err := makeKeyArgs(dhSigID, []byte(dhSig), libkb.SubkeyType, e.dh, decSig.eldestKID, e.eddsa.GetKID())
if err != nil {
return err
}
// logged in, so save the login state
err = e.saveLoginState()
if err != nil {
return err
}
// push the LKS server half
err = e.pushLKSServerHalf()
if err != nil {
return err
}
// save device and keys locally
err = e.localSave()
if err != nil {
return err
}
// post the key sigs to the api server
err = e.postSigs(eddsaArgs, dhArgs)
if err != nil {
return err
}
return err
}
func TestBTC(t *testing.T) {
tc := SetupEngineTest(t, "btc")
defer tc.Cleanup()
u := CreateAndSignupFakeUser(tc, "btc")
ctx := &Context{
LogUI: tc.G.UI.GetLogUI(),
SecretUI: u.NewSecretUI(),
}
// First test setting a bad address; this should fail.
e := NewBTCEngine("somejunk", false /* force */, tc.G)
err := RunEngine(e, ctx)
if err == nil {
t.Fatalf("Bad address should have failed.")
}
current := getCurrentBTCAddr(tc, u.Username)
if current != "" {
t.Fatalf("No address should be set")
}
// Now set a real address; this should succeed.
e = NewBTCEngine(firstAddress, false /* force */, tc.G)
err = RunEngine(e, ctx)
if err != nil {
t.Fatal(err)
}
current = getCurrentBTCAddr(tc, u.Username)
if current != firstAddress {
t.Fatalf("Expected btc address '%s'. Found '%s'.", firstAddress, current)
}
// Test overwriting it without --force; should fail.
e = NewBTCEngine(secondAddress, false /* force */, tc.G)
err = RunEngine(e, ctx)
if err == nil {
t.Fatal("Overwriting a btc address should fail without --force.")
} else if !strings.Contains(err.Error(), "--force") {
t.Fatal("Error should mention the --force flag.")
}
current = getCurrentBTCAddr(tc, u.Username)
if current != firstAddress {
t.Fatalf("Address should not have changed.")
}
// Now test the overwrite with the --force flag; should succeed.
e = NewBTCEngine(secondAddress, true /* force */, tc.G)
err = RunEngine(e, ctx)
if err != nil {
t.Fatal(err)
}
current = getCurrentBTCAddr(tc, u.Username)
if current != secondAddress {
t.Fatalf("Expected btc address '%s'. Found '%s'.", secondAddress, current)
}
// Make sure the previous link was revoked.
loadedUser, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, u.Username))
if err != nil {
t.Fatalf("Failed to load user.")
}
revoked := loadedUser.IDTable().GetRevokedCryptocurrencyForTesting()
if len(revoked) != 1 {
t.Fatal("Expected 1 revoked link.")
} else if revoked[0].ToDisplayString() != firstAddress {
t.Fatal("Revoked link should correspond to the first address.")
}
}
func TestRevokeSig(t *testing.T) {
tc := SetupEngineTest(t, "rev")
defer tc.Cleanup()
// The PGP key is the 5th signature in the user's chain.
u := createFakeUserWithPGPSibkey(tc)
assertNumDevicesAndKeys(tc, u, 2, 5)
secui := &libkb.TestSecretUI{Passphrase: u.Passphrase}
ctx := &Context{
LogUI: tc.G.UI.GetLogUI(),
SecretUI: secui,
}
// Add another PGP key, so that we have a couple to revoke. That means that
// signatures #5 and #6 are the ones that delegate our PGP keys.
const FirstPGPSigSeqno = 5
const SecondPGPSigSeqno = 6
arg := PGPKeyImportEngineArg{
Gen: &libkb.PGPGenArg{
PrimaryBits: 768,
SubkeyBits: 768,
},
AllowMulti: true,
}
arg.Gen.MakeAllIds()
pgpEngine := NewPGPKeyImportEngine(arg)
err := RunEngine(pgpEngine, ctx)
if err != nil {
t.Fatal(err)
}
assertNumDevicesAndKeys(tc, u, 2, 6)
// First test that a bad sig id fails the revoke.
revokeEngine := NewRevokeSigsEngine([]string{"9999"}, tc.G)
err = RunEngine(revokeEngine, ctx)
if err == nil {
t.Fatal(err)
}
assertNumDevicesAndKeys(tc, u, 2, 6) // no change
// Check it with real sig id
realUser, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, u.Username))
if err != nil {
t.Fatal(err)
}
sigID := realUser.GetSigIDFromSeqno(FirstPGPSigSeqno)
revokeEngine = NewRevokeSigsEngine([]string{sigID.ToString(true)}, tc.G)
err = RunEngine(revokeEngine, ctx)
if err != nil {
t.Fatal(err)
}
assertNumDevicesAndKeys(tc, u, 2, 5) // The first PGP key is gone.
// Revoking the same key again should fail.
revokeEngine = NewRevokeSigsEngine([]string{sigID.ToString(true)}, tc.G)
err = RunEngine(revokeEngine, ctx)
if err == nil {
t.Fatal(err)
}
assertNumDevicesAndKeys(tc, u, 2, 5) // no change
// Revoke the second pgp key by prefix:
nextID := realUser.GetSigIDFromSeqno(SecondPGPSigSeqno).ToString(true)
// Short prefix should fail:
revokeEngine = NewRevokeSigsEngine([]string{nextID[0:4]}, tc.G)
err = RunEngine(revokeEngine, ctx)
if err == nil {
t.Fatal("revoke with 4 char prefix didn't return err")
}
assertNumDevicesAndKeys(tc, u, 2, 5) // no change
// SigIDQueryMin-character prefix should work:
revokeEngine = NewRevokeSigsEngine([]string{nextID[0:keybase1.SigIDQueryMin]}, tc.G)
err = RunEngine(revokeEngine, ctx)
if err != nil {
t.Fatal(err)
}
assertNumDevicesAndKeys(tc, u, 2, 4) // second pgp key gone
}