use std::sync::Arc;
use dig_keystore::{
backend::{BackendKey, KeychainBackend, MemoryBackend},
scheme::BlsSigning,
KdfParams, Keystore, KeystoreError, Password,
};
fn setup() -> (Arc<dyn KeychainBackend>, BackendKey) {
let backend: Arc<dyn KeychainBackend> = Arc::new(MemoryBackend::new());
let key = BackendKey::new("validator");
Keystore::<BlsSigning>::create(
backend.clone(),
key.clone(),
Password::from("correct"),
None,
KdfParams::FAST_TEST,
)
.unwrap();
(backend, key)
}
#[test]
fn wrong_password_fails_cleanly() {
let (backend, key) = setup();
let ks = Keystore::<BlsSigning>::load(backend, key).unwrap();
let err = ks.unlock(Password::from("wrong")).unwrap_err();
assert!(matches!(err, KeystoreError::DecryptFailed));
}
#[test]
fn empty_password_fails() {
let (backend, key) = setup();
let ks = Keystore::<BlsSigning>::load(backend, key).unwrap();
let err = ks.unlock(Password::from("")).unwrap_err();
assert!(matches!(err, KeystoreError::DecryptFailed));
}
#[test]
fn password_length_variations() {
let (backend, key) = setup();
let ks = Keystore::<BlsSigning>::load(backend, key).unwrap();
for wrong in &["correc", "correctX", "CORRECT", "correcti", "Correct"] {
let err = ks.unlock(Password::from(*wrong)).unwrap_err();
assert!(
matches!(err, KeystoreError::DecryptFailed),
"expected DecryptFailed for {wrong:?}"
);
}
}
#[test]
fn unicode_password_works() {
let backend: Arc<dyn KeychainBackend> = Arc::new(MemoryBackend::new());
let key = BackendKey::new("k");
let password = Password::from("пароль🔐中文");
Keystore::<BlsSigning>::create(
backend.clone(),
key.clone(),
password.clone(),
None,
KdfParams::FAST_TEST,
)
.unwrap();
let ks = Keystore::<BlsSigning>::load(backend, key).unwrap();
ks.unlock(password).expect("unicode password round-trips");
}
#[test]
fn very_long_password_works() {
let backend: Arc<dyn KeychainBackend> = Arc::new(MemoryBackend::new());
let key = BackendKey::new("k");
let pw_str = "a".repeat(4096);
let password = Password::from(pw_str.as_bytes());
Keystore::<BlsSigning>::create(
backend.clone(),
key.clone(),
password.clone(),
None,
KdfParams::FAST_TEST,
)
.unwrap();
let ks = Keystore::<BlsSigning>::load(backend, key).unwrap();
ks.unlock(password).expect("long password round-trips");
}
#[test]
fn change_password_with_wrong_old_fails() {
let backend: Arc<dyn KeychainBackend> = Arc::new(MemoryBackend::new());
let key = BackendKey::new("k");
let mut ks = Keystore::<BlsSigning>::create(
backend,
key,
Password::from("old"),
None,
KdfParams::FAST_TEST,
)
.unwrap();
let err = ks
.change_password(Password::from("WRONG"), Password::from("new"))
.unwrap_err();
assert!(matches!(err, KeystoreError::DecryptFailed));
ks.unlock(Password::from("old"))
.expect("original password still works");
}