tap-agent 0.7.0

Rust implementation of the Transaction Authorization Protocol (TAP)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

//! Tests for TAP Agent

use serde::{Deserialize, Serialize};
use std::sync::Arc;
use tap_agent::agent::{Agent, TapAgent};
use tap_agent::agent_key_manager::{AgentKeyManager, AgentKeyManagerBuilder};
use tap_agent::config::AgentConfig;
use tap_agent::key_manager::{Secret, SecretMaterial, SecretType};
use tap_msg::TapMessageBody;

/// A simple test message type
#[derive(Debug, Clone, Serialize, Deserialize)]
struct TestMessage {
    content: String,
}

impl TapMessageBody for TestMessage {
    fn message_type() -> &'static str {
        "test.message.type"
    }

    fn validate(&self) -> Result<(), tap_msg::error::Error> {
        Ok(())
    }
}

/// Create a test key manager with pre-configured test keys
fn create_test_key_manager() -> Arc<AgentKeyManager> {
    let mut builder = AgentKeyManagerBuilder::new();

    // Add a test secret for agent
    let secret = Secret {
        id: "did:example:123".to_string(),
        type_: SecretType::JsonWebKey2020,
        secret_material: SecretMaterial::JWK {
            private_key_jwk: serde_json::json!({
                "kty": "OKP",
                "crv": "Ed25519",
                "x": "test1234",
                "d": "test1234"
            }),
        },
    };
    builder = builder.add_secret("did:example:123".to_string(), secret);

    // Add a test secret for recipient
    let secret = Secret {
        id: "did:example:456".to_string(),
        type_: SecretType::JsonWebKey2020,
        secret_material: SecretMaterial::JWK {
            private_key_jwk: serde_json::json!({
                "kty": "OKP",
                "crv": "Ed25519",
                "x": "test1234",
                "d": "test1234"
            }),
        },
    };
    builder = builder.add_secret("did:example:456".to_string(), secret);

    Arc::new(builder.build().unwrap())
}

#[tokio::test]
async fn test_agent_get_service_endpoint() {
    // Create a test agent config
    let config = AgentConfig::new("did:example:123".to_string());

    // Create the test key manager
    let key_manager = create_test_key_manager();

    // Create the agent
    let agent = TapAgent::new(config, key_manager);

    // Test get_service_endpoint works correctly for DIDs
    // In the updated implementation, DIDs will use the fallback URL format:
    // https://example.com/did/{did_with_underscores}
    let endpoint = agent.get_service_endpoint("did:example:456").await.unwrap();
    assert!(endpoint.is_some(), "Service endpoint should be found");
    assert!(
        endpoint
            .unwrap()
            .contains("https://example.com/did/did_example_456"),
        "Service endpoint should use fallback URL format"
    );

    // Test for another DID
    let endpoint = agent.get_service_endpoint("did:example:web").await.unwrap();
    assert!(
        endpoint.is_some(),
        "Service endpoint should be found for web DID"
    );
    assert!(
        endpoint
            .unwrap()
            .contains("https://example.com/did/did_example_web"),
        "Service endpoint should use fallback URL format"
    );

    // Test for direct URLs
    let endpoint = agent
        .get_service_endpoint("https://direct.example.com")
        .await
        .unwrap();
    assert!(
        endpoint.is_some(),
        "Service endpoint should be found for direct URL"
    );
    assert_eq!(
        endpoint.unwrap(),
        "https://direct.example.com",
        "Direct URLs should be returned as-is"
    );
}

#[tokio::test]
#[ignore = "Skipped until valid test keys are available for crypto operations"]
async fn test_send_message_to_multiple_recipients() {
    // Create a test agent config
    let config = AgentConfig::new("did:example:123".to_string());

    // Create the test key manager
    let key_manager = create_test_key_manager();

    // Create the agent
    let agent = TapAgent::new(config, key_manager);

    // Create a simple message
    let test_message = TestMessage {
        content: "test multiple recipients".to_string(),
    };

    // Define multiple recipients
    let recipients = vec!["did:example:456"];

    // Send the message
    let (message_id, delivery_results) = agent
        .send_message(&test_message, recipients.clone(), false)
        .await
        .unwrap();

    // Check that we got a valid message ID
    assert!(!message_id.is_empty(), "Message ID should not be empty");

    // Check that we have delivery results for each recipient
    assert_eq!(delivery_results.len(), recipients.len());

    // Check the delivery results
    for result in &delivery_results {
        assert_eq!(result.did, "did:example:456");
        // Endpoints should use the fallback URL format
        assert!(
            result
                .endpoint
                .contains("https://example.com/did/did_example_456"),
            "Endpoint should use fallback URL format"
        );
        assert!(result.status.is_none()); // No actual delivery with deliver=false
        assert!(result.error.is_none()); // No error expected
    }
}

#[tokio::test]
async fn test_from_private_key_ed25519() {
    use ed25519_dalek::SigningKey;
    use rand::rngs::OsRng;
    use tap_agent::KeyType;
    use tap_msg::message::Presentation;
    use uuid::Uuid;

    // Generate a random Ed25519 key
    let mut csprng = OsRng;
    let signing_key = SigningKey::generate(&mut csprng);
    let private_key_bytes = signing_key.to_bytes();

    // Create a TapAgent from the private key
    let (agent, did) = TapAgent::from_private_key(&private_key_bytes, KeyType::Ed25519, true)
        .await
        .unwrap();

    // Verify the agent was created correctly
    assert!(did.starts_with("did:key:z"), "DID should be a did:key");
    assert_eq!(agent.get_agent_did(), &did);

    // Create a simple presentation message to test with
    let presentation = Presentation::new(
        "test_challenge".to_string(),
        vec![serde_json::json!({"test": "credential"})],
        Some(Uuid::new_v4().to_string()),
    );

    // Pack the message (no delivery)
    let (packed, _) = agent
        .send_message(&presentation, vec!["did:example:123"], false)
        .await
        .unwrap();

    // Verify that the packed message is not empty
    assert!(!packed.is_empty(), "Packed message should not be empty");

    // Create another agent with the same private key
    let (agent2, did2) = TapAgent::from_private_key(&private_key_bytes, KeyType::Ed25519, false)
        .await
        .unwrap();

    // Verify that both agents have the same DID
    assert_eq!(
        did, did2,
        "DIDs should be identical for the same private key"
    );

    // Verify that the second agent can unpack the message packed by the first
    let plain_message = agent2.receive_message(&packed).await.unwrap();
    let received_presentation: Presentation = serde_json::from_value(plain_message.body).unwrap();

    // Verify the received message is the same as the sent message
    assert_eq!(presentation.id, received_presentation.id);
}

#[tokio::test]
#[cfg(feature = "crypto-p256")]
#[ignore = "P-256 key signature verification needs to be fixed"]
async fn test_from_private_key_p256() {
    use p256::ecdsa::SigningKey as P256SigningKey;
    use rand::rngs::OsRng;
    use tap_agent::KeyType;
    use tap_msg::message::Presentation;
    use uuid::Uuid;

    // Generate a random P-256 key
    let mut rng = OsRng;
    let signing_key = P256SigningKey::random(&mut rng);
    let private_key_bytes = signing_key.to_bytes().to_vec();

    // Create a TapAgent from the private key
    let (agent, did) = TapAgent::from_private_key(&private_key_bytes, KeyType::P256, true)
        .await
        .unwrap();

    // Verify the agent was created correctly
    assert!(did.starts_with("did:key:z"), "DID should be a did:key");
    assert_eq!(agent.get_agent_did(), &did);

    // Create a simple presentation message to test with
    let presentation = Presentation::new(
        "test_challenge".to_string(),
        vec![serde_json::json!({"test": "credential"})],
        Some(Uuid::new_v4().to_string()),
    );

    // Pack the message (no delivery)
    let (packed, _) = agent
        .send_message(&presentation, vec!["did:example:123"], false)
        .await
        .unwrap();

    // Verify that the packed message is not empty
    assert!(!packed.is_empty(), "Packed message should not be empty");

    // Create another agent with the same private key
    let (agent2, did2) = TapAgent::from_private_key(&private_key_bytes, KeyType::P256, false)
        .await
        .unwrap();

    // Verify that both agents have the same DID
    assert_eq!(
        did, did2,
        "DIDs should be identical for the same private key"
    );

    // Verify that the second agent can unpack the message packed by the first
    let plain_message = agent2.receive_message(&packed).await.unwrap();
    let received_presentation: Presentation = serde_json::from_value(plain_message.body).unwrap();

    // Verify the received message is the same as the sent message
    assert_eq!(presentation.id, received_presentation.id);
}