diff --git a/affinidi-messaging-didcomm/src/message/pack_encrypted/mod.rs b/affinidi-messaging-didcomm/src/message/pack_encrypted/mod.rs index fcf4e43..b006075 100644 --- a/affinidi-messaging-didcomm/src/message/pack_encrypted/mod.rs +++ b/affinidi-messaging-didcomm/src/message/pack_encrypted/mod.rs @@ -283,12 +283,11 @@ pub struct MessagingServiceMetadata { pub service_endpoint: String, } -/* #[cfg(test)] mod tests { + use affinidi_did_resolver_cache_sdk::{config::ClientConfigBuilder, DIDCacheClient}; use base64::prelude::*; - use ssi::did::DIDMethods; - use std::{collections::HashMap, iter::FromIterator}; + use ssi::dids::document::DIDVerificationMethod; use askar_crypto::{ alg::{ @@ -305,38 +304,24 @@ mod tests { sign::KeySigVerify, }; - use serde_json::{json, Value}; + use serde_json::Value; use crate::{ algorithms::AnonCryptAlg, - did::{resolvers::ExampleDIDResolver, VerificationMaterial, VerificationMethod}, + document::DIDCommVerificationMethodExt, error::ErrorKind, jwe, jwk::{FromJwkValue, ToJwkValue}, jws, - message::MessagingServiceMetadata, - protocols::routing::{try_parse_forward, wrap_in_forward}, secrets::{resolvers::ExampleSecretsResolver, Secret, SecretMaterial}, test_vectors::{ - ALICE_AUTH_METHOD_25519, ALICE_AUTH_METHOD_P256, ALICE_AUTH_METHOD_SECPP256K1, - ALICE_DID, ALICE_DID_DOC, ALICE_DID_DOC_WITH_NO_SECRETS, ALICE_SECRETS, - ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - BOB_DID, BOB_DID_COMM_MESSAGING_SERVICE, BOB_DID_DOC, BOB_DID_DOC_NO_SECRETS, - BOB_SECRETS, BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, - BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, BOB_SERVICE, CHARLIE_DID, CHARLIE_DID_DOC, - CHARLIE_ROTATED_TO_ALICE_SECRETS, CHARLIE_SECRETS, CHARLIE_SECRET_AUTH_KEY_ED25519, - CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519, CHARLIE_SERVICE, FROM_PRIOR_FULL, - MEDIATOR1_DID_DOC, MEDIATOR1_SECRETS, MEDIATOR2_DID_DOC, MEDIATOR2_SECRETS, - MEDIATOR2_VERIFICATION_METHOD_KEY_AGREEM_X25519_1, - MEDIATOR3_DID_COMM_MESSAGING_SERVICE, MEDIATOR3_DID_DOC, MEDIATOR3_SECRETS, - MESSAGE_FROM_PRIOR_FULL, MESSAGE_SIMPLE, PLAINTEXT_MSG_SIMPLE, + ALICE_DID, ALICE_SECRETS, BOB_DID, BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, + BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + CHARLIE_DID, MESSAGE_SIMPLE, PLAINTEXT_MSG_SIMPLE, }, - utils::{ - crypto::{JoseKDF, KeyWrap}, - did::did_or_url, - }, - Message, PackEncryptedMetadata, PackEncryptedOptions, UnpackOptions, + utils::crypto::{JoseKDF, KeyWrap}, + PackEncryptedMetadata, PackEncryptedOptions, }; #[tokio::test] @@ -354,7 +339,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, ], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, ) .await; @@ -367,62 +351,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - ) - .await; - - _pack_encrypted_works_authcrypt::< - AesKey, - Ecdh1PU<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - ) - .await; - - _pack_encrypted_works_authcrypt::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, - ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, - ) - .await; - - _pack_encrypted_works_authcrypt::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, - ) - .await; - - _pack_encrypted_works_authcrypt::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, ) .await; @@ -437,8 +365,7 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + &ALICE_DID, ) .await; @@ -451,7 +378,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, ) .await; @@ -459,15 +385,23 @@ mod tests { to: &str, to_keys: Vec<&Secret>, from: &str, - from_key: &VerificationMethod, ) where CE: KeyAeadInPlace + KeySecretBytes, KDF: JoseKDF, KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, KW: KeyWrap + FromKeyDerivation, { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let alice_did_doc = match did_resolver.resolve(from).await { + Ok(response) => response.doc, + Err(_) => { + return (); + } + }; + let from_key = alice_did_doc.verification_method.first().unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -490,7 +424,7 @@ mod tests { metadata, PackEncryptedMetadata { messaging_service: None, - from_kid: Some(from_key.id.clone()), + from_kid: Some(from_key.id.clone().into_string()), sign_by_kid: None, to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), } @@ -520,7 +454,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, ], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, ) @@ -543,7 +476,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, ], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, AnonCryptAlg::A256gcmEcdhEsA256kw, jwe::EncAlgorithm::A256Gcm, ) @@ -566,7 +498,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, ], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, AnonCryptAlg::Xc20pEcdhEsA256kw, jwe::EncAlgorithm::Xc20P, ) @@ -585,26 +516,6 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_authcrypt_protected_sender::< - AesKey, - Ecdh1PU<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, ) @@ -625,8 +536,7 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + &ALICE_DID, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, ) @@ -647,8 +557,7 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + &ALICE_DID, AnonCryptAlg::A256gcmEcdhEsA256kw, jwe::EncAlgorithm::A256Gcm, ) @@ -669,32 +578,12 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + &ALICE_DID, AnonCryptAlg::Xc20pEcdhEsA256kw, jwe::EncAlgorithm::Xc20P, ) .await; - _pack_encrypted_works_authcrypt_protected_sender::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - _pack_encrypted_works_authcrypt_protected_sender::< AesKey, Ecdh1PU<'_, P256KeyPair>, @@ -707,52 +596,7 @@ mod tests { >( &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_authcrypt_protected_sender::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, - ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_authcrypt_protected_sender::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, - ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + &ALICE_DID, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, ) @@ -771,7 +615,6 @@ mod tests { to: &str, to_keys: Vec<&Secret>, from: &str, - from_key: &VerificationMethod, enc_alg_anon: AnonCryptAlg, enc_alg_anon_jwe: jwe::EncAlgorithm, ) where @@ -784,8 +627,17 @@ mod tests { AKE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, AKW: KeyWrap + FromKeyDerivation, { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + let from_did_doc = match did_resolver.resolve(from).await { + Ok(response) => response.doc, + Err(_) => { + return (); + } + }; + + let from_key = from_did_doc.verification_method.first().unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -810,7 +662,7 @@ mod tests { metadata, PackEncryptedMetadata { messaging_service: None, - from_kid: Some(from_key.id.clone()), + from_kid: Some(from_key.id.clone().to_string()), sign_by_kid: None, to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), } @@ -843,11 +695,9 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, ], ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, ALICE_DID, - &ALICE_AUTH_METHOD_25519, jws::Algorithm::EdDSA, ) .await; @@ -868,12 +718,10 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + ALICE_DID, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, - &ALICE_AUTH_METHOD_P256.id, - &ALICE_AUTH_METHOD_P256, + ALICE_DID, jws::Algorithm::Es256, ) .await; @@ -894,12 +742,10 @@ mod tests { &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, + ALICE_DID, AnonCryptAlg::A256cbcHs512EcdhEsA256kw, jwe::EncAlgorithm::A256cbcHs512, - &ALICE_AUTH_METHOD_SECPP256K1.id, - &ALICE_AUTH_METHOD_SECPP256K1, + ALICE_DID, jws::Algorithm::Es256K, ) .await; @@ -919,11 +765,9 @@ mod tests { to: &str, to_keys: Vec<&Secret>, from: &str, - from_key: &VerificationMethod, enc_alg_anon: AnonCryptAlg, enc_alg_anon_jwe: jwe::EncAlgorithm, sign_by: &str, - sign_by_key: &VerificationMethod, sign_alg: jws::Algorithm, ) where CE: KeyAeadInPlace + KeySecretBytes, @@ -936,11 +780,28 @@ mod tests { AKW: KeyWrap + FromKeyDerivation, SK: KeySigVerify + FromJwkValue, { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + let from_did_doc = match did_resolver.resolve(from).await { + Ok(response) => response.doc, + Err(_) => { + return (); + } + }; + let from_key = from_did_doc.verification_method.first().unwrap(); + + let sign_by_did_doc = match did_resolver.resolve(sign_by).await { + Ok(response) => response.doc, + Err(_) => { + return (); + } + }; + let sign_by_key = sign_by_did_doc.verification_method.first().unwrap(); + let (msg, metadata) = MESSAGE_SIMPLE .pack_encrypted( to, @@ -962,8 +823,8 @@ mod tests { metadata, PackEncryptedMetadata { messaging_service: None, - from_kid: Some(from_key.id.clone()), - sign_by_kid: Some(sign_by_key.id.clone()), + from_kid: Some(from_key.id.clone().to_string()), + sign_by_kid: Some(sign_by_key.id.clone().to_string()), to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), } ); @@ -986,1158 +847,136 @@ mod tests { Ed25519KeyPair, >( BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - ALICE_DID, - &ALICE_AUTH_METHOD_25519, - jws::Algorithm::EdDSA, - ) - .await; - - _pack_encrypted_works_authcrypt_sign::< - AesKey, - Ecdh1PU<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - Ed25519KeyPair, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - &ALICE_AUTH_METHOD_25519.id, - &ALICE_AUTH_METHOD_25519, - jws::Algorithm::EdDSA, - ) - .await; - - _pack_encrypted_works_authcrypt_sign::< - AesKey, - Ecdh1PU<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - P256KeyPair, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - ALICE_DID, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_X25519, - &ALICE_AUTH_METHOD_P256.id, - &ALICE_AUTH_METHOD_P256, - jws::Algorithm::Es256, - ) - .await; - - _pack_encrypted_works_authcrypt_sign::< - AesKey, - Ecdh1PU<'_, P256KeyPair>, - P256KeyPair, - AesKey, - K256KeyPair, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, - ], - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256.id, - &ALICE_VERIFICATION_METHOD_KEY_AGREEM_P256, - &ALICE_AUTH_METHOD_SECPP256K1.id, - &ALICE_AUTH_METHOD_SECPP256K1, - jws::Algorithm::Es256K, - ) - .await; - - async fn _pack_encrypted_works_authcrypt_sign( - to: &str, - to_keys: Vec<&Secret>, - from: &str, - from_key: &VerificationMethod, - sign_by: &str, - sign_by_key: &VerificationMethod, - sign_alg: jws::Algorithm, - ) where - CE: KeyAeadInPlace + KeySecretBytes, - KDF: JoseKDF, - KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, - KW: KeyWrap + FromKeyDerivation, - SK: KeySigVerify + FromJwkValue, - { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let (msg, metadata) = MESSAGE_SIMPLE - .pack_encrypted( - to, - Some(from), - Some(sign_by), - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - ..PackEncryptedOptions::default() - }, - ) - .await - .expect("encrypt is ok."); - - assert_eq!( - metadata, - PackEncryptedMetadata { - messaging_service: None, - from_kid: Some(from_key.id.clone()), - sign_by_kid: Some(sign_by_key.id.clone()), - to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), - } - ); - - let msg = _verify_authcrypt::(&msg, to_keys, from_key); - let msg = _verify_signed::(&msg, sign_by_key, sign_alg); - _verify_plaintext(&msg, PLAINTEXT_MSG_SIMPLE); - } - } - - #[tokio::test] - async fn pack_encrypted_works_anoncrypt() { - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - AnonCryptAlg::A256gcmEcdhEsA256kw, - jwe::EncAlgorithm::A256Gcm, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - Chacha20Key, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - AnonCryptAlg::Xc20pEcdhEsA256kw, - jwe::EncAlgorithm::Xc20P, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - AnonCryptAlg::A256gcmEcdhEsA256kw, - jwe::EncAlgorithm::A256Gcm, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - Chacha20Key, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - AnonCryptAlg::Xc20pEcdhEsA256kw, - jwe::EncAlgorithm::Xc20P, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - AnonCryptAlg::A256gcmEcdhEsA256kw, - jwe::EncAlgorithm::A256Gcm, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - Chacha20Key, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - AnonCryptAlg::Xc20pEcdhEsA256kw, - jwe::EncAlgorithm::Xc20P, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - AnonCryptAlg::A256gcmEcdhEsA256kw, - jwe::EncAlgorithm::A256Gcm, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - Chacha20Key, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - AnonCryptAlg::Xc20pEcdhEsA256kw, - jwe::EncAlgorithm::Xc20P, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], - AnonCryptAlg::A256gcmEcdhEsA256kw, - jwe::EncAlgorithm::A256Gcm, - ) - .await; - - _pack_encrypted_works_anoncrypt::< - Chacha20Key, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], - AnonCryptAlg::Xc20pEcdhEsA256kw, - jwe::EncAlgorithm::Xc20P, - ) - .await; - - async fn _pack_encrypted_works_anoncrypt( - to: &str, - to_keys: Vec<&Secret>, - enc_alg: AnonCryptAlg, - enc_alg_jwe: jwe::EncAlgorithm, - ) where - CE: KeyAeadInPlace + KeySecretBytes, - KDF: JoseKDF, - KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, - KW: KeyWrap + FromKeyDerivation, - { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let (msg, metadata) = MESSAGE_SIMPLE - .pack_encrypted( - to, - None, - None, - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - enc_alg_anon: enc_alg, - ..PackEncryptedOptions::default() - }, - ) - .await - .expect("encrypt is ok."); - - assert_eq!( - metadata, - PackEncryptedMetadata { - messaging_service: None, - from_kid: None, - sign_by_kid: None, - to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), - } - ); - - let msg = _verify_anoncrypt::(&msg, to_keys, enc_alg_jwe); - _verify_plaintext(&msg, PLAINTEXT_MSG_SIMPLE); - } - } - - #[tokio::test] - async fn pack_encrypted_works_anoncrypt_sign() { - _pack_encrypted_works_anoncrypt_sign::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - Ed25519KeyPair, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - ALICE_DID, - &ALICE_AUTH_METHOD_25519, - jws::Algorithm::EdDSA, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt_sign::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - Ed25519KeyPair, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - ALICE_DID, - &ALICE_AUTH_METHOD_25519, - jws::Algorithm::EdDSA, - AnonCryptAlg::A256gcmEcdhEsA256kw, - jwe::EncAlgorithm::A256Gcm, - ) - .await; - - _pack_encrypted_works_anoncrypt_sign::< - Chacha20Key, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - Ed25519KeyPair, - >( - BOB_DID, - vec![ - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, - ], - ALICE_DID, - &ALICE_AUTH_METHOD_25519, - jws::Algorithm::EdDSA, - AnonCryptAlg::Xc20pEcdhEsA256kw, - jwe::EncAlgorithm::Xc20P, - ) - .await; - - _pack_encrypted_works_anoncrypt_sign::< - AesKey, - EcdhEs<'_, X25519KeyPair>, - X25519KeyPair, - AesKey, - Ed25519KeyPair, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], - &ALICE_AUTH_METHOD_25519.id, - &ALICE_AUTH_METHOD_25519, - jws::Algorithm::EdDSA, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt_sign::< - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - P256KeyPair, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - &ALICE_AUTH_METHOD_P256.id, - &ALICE_AUTH_METHOD_P256, - jws::Algorithm::Es256, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - _pack_encrypted_works_anoncrypt_sign::< - AesKey, - EcdhEs<'_, P256KeyPair>, - P256KeyPair, - AesKey, - K256KeyPair, - >( - &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, - vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], - &ALICE_AUTH_METHOD_SECPP256K1.id, - &ALICE_AUTH_METHOD_SECPP256K1, - jws::Algorithm::Es256K, - AnonCryptAlg::A256cbcHs512EcdhEsA256kw, - jwe::EncAlgorithm::A256cbcHs512, - ) - .await; - - async fn _pack_encrypted_works_anoncrypt_sign( - to: &str, - to_keys: Vec<&Secret>, - sign_by: &str, - sign_by_key: &VerificationMethod, - sign_alg: jws::Algorithm, - enc_alg: AnonCryptAlg, - enc_alg_jwe: jwe::EncAlgorithm, - ) where - CE: KeyAeadInPlace + KeySecretBytes, - KDF: JoseKDF, - KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, - KW: KeyWrap + FromKeyDerivation, - SK: KeySigVerify + FromJwkValue, - { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let (msg, metadata) = MESSAGE_SIMPLE - .pack_encrypted( - to, - None, - Some(sign_by), - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - enc_alg_anon: enc_alg, - ..PackEncryptedOptions::default() - }, - ) - .await - .expect("encrypt is ok."); - - assert_eq!( - metadata, - PackEncryptedMetadata { - messaging_service: None, - from_kid: None, - sign_by_kid: Some(sign_by_key.id.clone()), - to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), - } - ); - - let msg = _verify_anoncrypt::(&msg, to_keys, enc_alg_jwe); - let msg = _verify_signed::(&msg, sign_by_key, sign_alg); - _verify_plaintext(&msg, PLAINTEXT_MSG_SIMPLE); - } - } - - #[tokio::test] - async fn pack_encrypted_works_single_mediator() { - _pack_encrypted_works_single_mediator(BOB_DID, None, None).await; - - _pack_encrypted_works_single_mediator(BOB_DID, None, Some(ALICE_DID)).await; - - _pack_encrypted_works_single_mediator(BOB_DID, Some(ALICE_DID), None).await; - - _pack_encrypted_works_single_mediator(BOB_DID, Some(ALICE_DID), Some(ALICE_DID)).await; - - _pack_encrypted_works_single_mediator( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - None, - None, - ) - .await; - - _pack_encrypted_works_single_mediator( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - None, - Some(ALICE_DID), - ) - .await; - - _pack_encrypted_works_single_mediator( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - Some(ALICE_DID), - None, - ) - .await; - - _pack_encrypted_works_single_mediator( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - Some(ALICE_DID), - Some(ALICE_DID), - ) - .await; - - async fn _pack_encrypted_works_single_mediator( - to: &str, - from: Option<&str>, - sign_by: Option<&str>, - ) { - let mut did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC.clone(), - BOB_DID_DOC.clone(), - MEDIATOR1_DID_DOC.clone(), - ]); - - let alice_secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); - - let mediator1_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR1_SECRETS.clone()); - - let (msg, pack_metadata) = MESSAGE_SIMPLE - .pack_encrypted( - to, - from, - sign_by, - &did_resolver, - &alice_secrets_resolver, - &PackEncryptedOptions::default(), - ) - .await - .expect("Unable encrypt"); - - assert_eq!( - pack_metadata.messaging_service.as_ref(), - Some(&MessagingServiceMetadata { - id: BOB_SERVICE.id.clone(), - service_endpoint: BOB_DID_COMM_MESSAGING_SERVICE.uri.clone(), - }) - ); - - assert_eq!( - pack_metadata.from_kid.map(|k| did_or_url(&k).0.to_owned()), - from.map(|d| d.to_owned()) - ); - assert_eq!( - pack_metadata - .sign_by_kid - .map(|k| did_or_url(&k).0.to_owned()), - sign_by.map(|d| d.to_owned()) - ); - - match did_or_url(to) { - (_, Some(to_kid)) => { - assert_eq!( - pack_metadata - .to_kids - .iter() - .map(|k| k.as_str()) - .collect::>(), - vec![to_kid] - ) - } - (to_did, None) => { - for metadata_to_kid in pack_metadata.to_kids { - assert_eq!(did_or_url(&metadata_to_kid).0, to_did); - } - } - } - - let did_method_resolver = DIDMethods::default(); - let (unpacked_msg_mediator1, unpack_metadata_mediator1) = Message::unpack_string( - &msg, - &mut did_resolver, - &did_method_resolver, - &mediator1_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - let forward = - try_parse_forward(&unpacked_msg_mediator1).expect("Message is not Forward"); - - assert_eq!(forward.msg, &unpacked_msg_mediator1); - assert_eq!(&forward.next, to); - - assert!(unpack_metadata_mediator1.encrypted); - assert!(!unpack_metadata_mediator1.authenticated); - assert!(!unpack_metadata_mediator1.non_repudiation); - assert!(unpack_metadata_mediator1.anonymous_sender); - assert!(!unpack_metadata_mediator1.re_wrapped_in_forward); - - let forwarded_msg = serde_json::to_string(&forward.forwarded_msg) - .expect("Unable serialize forwarded message"); - - let (unpacked_msg, unpack_metadata) = Message::unpack_string( - &forwarded_msg, - &mut did_resolver, - &did_method_resolver, - &bob_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - assert_eq!(&unpacked_msg, &*MESSAGE_SIMPLE); - - assert!(unpack_metadata.encrypted); - assert_eq!( - unpack_metadata.authenticated, - from.is_some() || sign_by.is_some() - ); - assert_eq!(unpack_metadata.non_repudiation, sign_by.is_some()); - assert_eq!(unpack_metadata.anonymous_sender, from.is_none()); - assert!(!unpack_metadata.re_wrapped_in_forward); - } - } - - #[tokio::test] - async fn pack_encrypted_works_multiple_mediators_alternative_endpoints() { - _pack_encrypted_works_multiple_mediators_alternative_endpoints(CHARLIE_DID, None, None) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - CHARLIE_DID, - None, - Some(ALICE_DID), - ) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - CHARLIE_DID, - Some(ALICE_DID), - None, - ) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - CHARLIE_DID, - Some(ALICE_DID), - Some(ALICE_DID), - ) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, - None, - None, - ) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, - None, - Some(ALICE_DID), - ) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, - Some(ALICE_DID), - None, - ) - .await; - - _pack_encrypted_works_multiple_mediators_alternative_endpoints( - &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, - Some(ALICE_DID), - Some(ALICE_DID), - ) - .await; - - async fn _pack_encrypted_works_multiple_mediators_alternative_endpoints( - to: &str, - from: Option<&str>, - sign_by: Option<&str>, - ) { - let msg = Message::build( - "1234567890".to_owned(), - "http://example.com/protocols/lets_do_lunch/1.0/proposal".to_owned(), - json!({"messagespecificattribute": "and its value"}), - ) - .from(ALICE_DID.to_owned()) - .to(CHARLIE_DID.to_owned()) - .created_time(1516269022) - .expires_time(1516385931) - .finalize(); - - let mut did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC.clone(), - CHARLIE_DID_DOC.clone(), - MEDIATOR1_DID_DOC.clone(), - MEDIATOR2_DID_DOC.clone(), - MEDIATOR3_DID_DOC.clone(), - ]); - - let alice_secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let charlie_secrets_resolver = ExampleSecretsResolver::new(CHARLIE_SECRETS.clone()); - - let mediator1_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR1_SECRETS.clone()); - - let mediator2_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR2_SECRETS.clone()); - - let mediator3_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR3_SECRETS.clone()); - - let (packed_msg, pack_metadata) = msg - .pack_encrypted( - to, - from, - sign_by, - &did_resolver, - &alice_secrets_resolver, - &PackEncryptedOptions { - forward_headers: Some(HashMap::from_iter([ - ("example-header-1".into(), json!("example-header-1-value")), - ("example-header-2".into(), json!("example-header-2-value")), - ])), - ..PackEncryptedOptions::default() - }, - ) - .await - .expect("Unable encrypt"); - - assert_eq!( - pack_metadata.messaging_service.as_ref(), - Some(&MessagingServiceMetadata { - id: CHARLIE_SERVICE.id.clone(), - service_endpoint: MEDIATOR3_DID_COMM_MESSAGING_SERVICE.uri.clone(), - }) - ); - - assert_eq!( - pack_metadata.from_kid.map(|k| did_or_url(&k).0.to_owned()), - from.map(|d| d.to_owned()) - ); - assert_eq!( - pack_metadata - .sign_by_kid - .map(|k| did_or_url(&k).0.to_owned()), - sign_by.map(|d| d.to_owned()) - ); - - match did_or_url(to) { - (_, Some(to_kid)) => { - assert_eq!( - pack_metadata - .to_kids - .iter() - .map(|k| k.as_str()) - .collect::>(), - vec![to_kid] - ) - } - (to_did, None) => { - for metadata_to_kid in pack_metadata.to_kids { - assert_eq!(did_or_url(&metadata_to_kid).0, to_did); - } - } - } - - let did_method_resolver = DIDMethods::default(); - let (unpacked_msg_mediator3, unpack_metadata_mediator3) = Message::unpack_string( - &packed_msg, - &mut did_resolver, - &did_method_resolver, - &mediator3_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - let forward_at_mediator3 = - try_parse_forward(&unpacked_msg_mediator3).expect("Message is not Forward"); - - assert_eq!(forward_at_mediator3.msg, &unpacked_msg_mediator3); - - assert_eq!( - &forward_at_mediator3.msg.extra_headers, - &HashMap::from_iter([ - ("example-header-1".into(), json!("example-header-1-value")), - ("example-header-2".into(), json!("example-header-2-value")), - ]) - ); - - assert_eq!( - &forward_at_mediator3.next, - "did:example:mediator2#key-x25519-1" - ); - - assert!(unpack_metadata_mediator3.encrypted); - assert!(!unpack_metadata_mediator3.authenticated); - assert!(!unpack_metadata_mediator3.non_repudiation); - assert!(unpack_metadata_mediator3.anonymous_sender); - assert!(!unpack_metadata_mediator3.re_wrapped_in_forward); - - let forwarded_msg_at_mediator3 = - serde_json::to_string(&forward_at_mediator3.forwarded_msg) - .expect("Unable serialize forwarded message"); - - let (unpacked_msg_mediator2, unpack_metadata_mediator2) = Message::unpack_string( - &forwarded_msg_at_mediator3, - &mut did_resolver, - &did_method_resolver, - &mediator2_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - let forward_at_mediator2 = - try_parse_forward(&unpacked_msg_mediator2).expect("Message is not Forward"); - - assert_eq!(forward_at_mediator2.msg, &unpacked_msg_mediator2); - - assert_eq!( - &forward_at_mediator2.msg.extra_headers, - &HashMap::from_iter([ - ("example-header-1".into(), json!("example-header-1-value")), - ("example-header-2".into(), json!("example-header-2-value")), - ]) - ); - - assert_eq!( - &forward_at_mediator2.next, - "did:example:mediator1#key-x25519-1" - ); - - assert!(unpack_metadata_mediator2.encrypted); - assert!(!unpack_metadata_mediator2.authenticated); - assert!(!unpack_metadata_mediator2.non_repudiation); - assert!(unpack_metadata_mediator2.anonymous_sender); - assert!(!unpack_metadata_mediator2.re_wrapped_in_forward); - - let forwarded_msg_at_mediator2 = - serde_json::to_string(&forward_at_mediator2.forwarded_msg) - .expect("Unable serialize forwarded message"); - - let (unpacked_msg_mediator1, unpack_metadata_mediator1) = Message::unpack_string( - &forwarded_msg_at_mediator2, - &mut did_resolver, - &did_method_resolver, - &mediator1_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - let forward_at_mediator1 = - try_parse_forward(&unpacked_msg_mediator1).expect("Message is not Forward"); - - assert_eq!(forward_at_mediator1.msg, &unpacked_msg_mediator1); - - assert_eq!( - &forward_at_mediator1.msg.extra_headers, - &HashMap::from_iter([ - ("example-header-1".into(), json!("example-header-1-value")), - ("example-header-2".into(), json!("example-header-2-value")), - ]) - ); - - assert_eq!(&forward_at_mediator1.next, to); - - assert!(unpack_metadata_mediator1.encrypted); - assert!(!unpack_metadata_mediator1.authenticated); - assert!(!unpack_metadata_mediator1.non_repudiation); - assert!(unpack_metadata_mediator1.anonymous_sender); - assert!(!unpack_metadata_mediator1.re_wrapped_in_forward); - - let forwarded_msg_at_mediator1 = - serde_json::to_string(&forward_at_mediator1.forwarded_msg) - .expect("Unable serialize forwarded message"); - - let (unpacked_msg, unpack_metadata) = Message::unpack_string( - &forwarded_msg_at_mediator1, - &mut did_resolver, - &did_method_resolver, - &charlie_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - assert_eq!(&unpacked_msg, &msg); - - assert!(unpack_metadata.encrypted); - assert_eq!( - unpack_metadata.authenticated, - from.is_some() || sign_by.is_some() - ); - assert_eq!(unpack_metadata.non_repudiation, sign_by.is_some()); - assert_eq!(unpack_metadata.anonymous_sender, from.is_none()); - assert!(!unpack_metadata.re_wrapped_in_forward); - } - } - - #[tokio::test] - async fn wrap_in_forward_works_mediator_unknown_to_sender() { - _wrap_in_forward_works_mediator_unknown_to_sender(BOB_DID, None, None).await; - - _wrap_in_forward_works_mediator_unknown_to_sender(BOB_DID, None, Some(ALICE_DID)).await; - - _wrap_in_forward_works_mediator_unknown_to_sender(BOB_DID, Some(ALICE_DID), None).await; - - _wrap_in_forward_works_mediator_unknown_to_sender( - BOB_DID, - Some(ALICE_DID), - Some(ALICE_DID), - ) - .await; - - _wrap_in_forward_works_mediator_unknown_to_sender( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - None, - None, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + ALICE_DID, + ALICE_DID, + jws::Algorithm::EdDSA, ) .await; - _wrap_in_forward_works_mediator_unknown_to_sender( + _pack_encrypted_works_authcrypt_sign::< + AesKey, + Ecdh1PU<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + Ed25519KeyPair, + >( &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - None, - Some(ALICE_DID), + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + ALICE_DID, + ALICE_DID, + jws::Algorithm::EdDSA, ) .await; - _wrap_in_forward_works_mediator_unknown_to_sender( + _pack_encrypted_works_authcrypt_sign::< + AesKey, + Ecdh1PU<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + P256KeyPair, + >( &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - Some(ALICE_DID), - None, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + ALICE_DID, + &ALICE_DID, + jws::Algorithm::Es256, ) .await; - _wrap_in_forward_works_mediator_unknown_to_sender( - &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, - Some(ALICE_DID), - Some(ALICE_DID), + _pack_encrypted_works_authcrypt_sign::< + AesKey, + Ecdh1PU<'_, P256KeyPair>, + P256KeyPair, + AesKey, + K256KeyPair, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2, + ], + &ALICE_DID, + &ALICE_DID, + jws::Algorithm::Es256K, ) .await; - async fn _wrap_in_forward_works_mediator_unknown_to_sender( + async fn _pack_encrypted_works_authcrypt_sign( to: &str, - from: Option<&str>, - sign_by: Option<&str>, - ) { - let mut did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC.clone(), - BOB_DID_DOC.clone(), - MEDIATOR1_DID_DOC.clone(), - MEDIATOR2_DID_DOC.clone(), - ]); - - let alice_secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + to_keys: Vec<&Secret>, + from: &str, + sign_by: &str, + sign_alg: jws::Algorithm, + ) where + CE: KeyAeadInPlace + KeySecretBytes, + KDF: JoseKDF, + KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, + KW: KeyWrap + FromKeyDerivation, + SK: KeySigVerify + FromJwkValue, + { + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); - let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - let mediator1_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR1_SECRETS.clone()); + let from_did_doc = match did_resolver.resolve(from).await { + Ok(response) => response.doc, + Err(_) => { + return (); + } + }; + let from_key = from_did_doc.verification_method.first().unwrap(); - let mediator2_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR2_SECRETS.clone()); + let sign_by_did_doc = match did_resolver.resolve(sign_by).await { + Ok(response) => response.doc, + Err(_) => { + return (); + } + }; + let sign_by_key = sign_by_did_doc.verification_method.first().unwrap(); - let (msg, pack_metadata) = MESSAGE_SIMPLE + let (msg, metadata) = MESSAGE_SIMPLE .pack_encrypted( to, - from, - sign_by, + Some(from), + Some(sign_by), &did_resolver, - &alice_secrets_resolver, + &secrets_resolver, &PackEncryptedOptions { - messaging_service: Some(BOB_SERVICE.id.clone()), + forward: false, ..PackEncryptedOptions::default() }, ) .await - .expect("Unable encrypt"); + .expect("encrypt is ok."); assert_eq!( - pack_metadata.messaging_service.as_ref(), - Some(&MessagingServiceMetadata { - id: BOB_SERVICE.id.clone(), - service_endpoint: BOB_DID_COMM_MESSAGING_SERVICE.uri.clone(), - }) + metadata, + PackEncryptedMetadata { + messaging_service: None, + from_kid: Some(from_key.id.clone().to_string()), + sign_by_kid: Some(sign_by_key.id.clone().to_string()), + to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), + } ); - let did_method_resolver = DIDMethods::default(); - let (unpacked_msg_mediator1, unpack_metadata_mediator1) = Message::unpack_string( - &msg, - &mut did_resolver, - &did_method_resolver, - &mediator1_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - let forward_at_mediator1 = - try_parse_forward(&unpacked_msg_mediator1).expect("Message is not Forward"); - - assert_eq!(forward_at_mediator1.msg, &unpacked_msg_mediator1); - assert_eq!(&forward_at_mediator1.next, to); - - assert!(unpack_metadata_mediator1.encrypted); - assert!(!unpack_metadata_mediator1.authenticated); - assert!(!unpack_metadata_mediator1.non_repudiation); - assert!(unpack_metadata_mediator1.anonymous_sender); - assert!(!unpack_metadata_mediator1.re_wrapped_in_forward); - - let forwarded_msg_at_mediator1 = - serde_json::to_string(&forward_at_mediator1.forwarded_msg) - .expect("Unable serialize forwarded message"); - - let forward_msg_for_mediator2 = wrap_in_forward( - &forwarded_msg_at_mediator1, - None, - &forward_at_mediator1.next, - &[MEDIATOR2_VERIFICATION_METHOD_KEY_AGREEM_X25519_1.id.clone()], - &AnonCryptAlg::default(), - &did_resolver, - ) - .await - .expect("Unable wrap in forward"); - - let (unpacked_msg_mediator2, unpack_metadata_mediator2) = Message::unpack_string( - &forward_msg_for_mediator2, - &mut did_resolver, - &did_method_resolver, - &mediator2_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - let forward_at_mediator2 = - try_parse_forward(&unpacked_msg_mediator2).expect("Message is not Forward"); - - assert_eq!(forward_at_mediator2.msg, &unpacked_msg_mediator2); - assert_eq!(&forward_at_mediator2.next, to); - - assert!(unpack_metadata_mediator2.encrypted); - assert!(!unpack_metadata_mediator2.authenticated); - assert!(!unpack_metadata_mediator2.non_repudiation); - assert!(unpack_metadata_mediator2.anonymous_sender); - assert!(!unpack_metadata_mediator2.re_wrapped_in_forward); - - let forwarded_msg_at_mediator2 = - serde_json::to_string(&forward_at_mediator2.forwarded_msg) - .expect("Unable serialize forwarded message"); - - let (unpacked_msg, unpack_metadata) = Message::unpack_string( - &forwarded_msg_at_mediator2, - &mut did_resolver, - &did_method_resolver, - &bob_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - assert_eq!(&unpacked_msg, &*MESSAGE_SIMPLE); - - assert!(unpack_metadata.encrypted); - assert_eq!( - unpack_metadata.authenticated, - from.is_some() || sign_by.is_some() - ); - assert_eq!(unpack_metadata.non_repudiation, sign_by.is_some()); - assert_eq!(unpack_metadata.anonymous_sender, from.is_none()); - assert!(!unpack_metadata.re_wrapped_in_forward); + let msg = _verify_authcrypt::(&msg, to_keys, from_key); + let msg = _verify_signed::(&msg, sign_by_key, sign_alg); + _verify_plaintext(&msg, PLAINTEXT_MSG_SIMPLE); } } - // TODO: Add negative tests for Routing protocol - #[tokio::test] async fn pack_encrypted_works_from_not_did_or_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2166,8 +1005,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_not_did_or_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2196,8 +1036,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_sign_by_not_did_or_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2226,8 +1067,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_from_differs_msg_from() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2258,8 +1100,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_differs_msg_to() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2290,8 +1133,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_presented_in_msg_to() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2314,8 +1158,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_from_not_did_or_did_url_in_msg() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2346,8 +1191,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_not_did_or_did_url_in_msg() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2378,8 +1224,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_from_did_url_from_msg_did_positive() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2400,8 +1247,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_did_url_to_msg_did_positive() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2424,8 +1272,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_sign_by_differs_msg_from_positive() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2446,8 +1295,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_from_did_from_msg_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2479,8 +1329,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_did_to_msg_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2511,8 +1362,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_from_unknown_did() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2540,9 +1392,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_from_unknown_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); let from = ALICE_DID.to_string() + "#unknown-key"; @@ -2561,26 +1413,24 @@ mod tests { .await; let err = res.expect_err("res is ok"); - assert_eq!(err.kind(), ErrorKind::DIDUrlNotFound); - assert_eq!( - format!("{}", err), - "DID URL not found: No sender key agreements found" - ); + assert_eq!(err.kind(), ErrorKind::DIDNotResolved); + assert_eq!(format!("{}", err), "DID not resolved: Sender did not found"); } #[tokio::test] async fn pack_encrypted_works_to_unknown_did() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); let mut msg = MESSAGE_SIMPLE.clone(); - msg.to = Some(vec!["did:example:unknown".into()]); + msg.to = Some(vec!["did:key:unknown".into()]); let res = msg .pack_encrypted( - "did:example:unknown", + "did:key:unknown", None, None, &did_resolver, @@ -2594,7 +1444,6 @@ mod tests { let err = res.expect_err("res is ok"); assert_eq!(err.kind(), ErrorKind::DIDNotResolved); - assert_eq!( format!("{}", err), "DID not resolved: Recipient did not found" @@ -2603,8 +1452,9 @@ mod tests { #[tokio::test] async fn pack_encrypted_works_to_unknown_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); @@ -2624,115 +1474,19 @@ mod tests { .await; let err = res.expect_err("res is ok"); - assert_eq!(err.kind(), ErrorKind::DIDUrlNotFound); - - assert_eq!( - format!("{}", err), - "DID URL not found: No recipient key agreements found" - ); - } - - #[tokio::test] - async fn pack_encrypted_works_sign_by_unknown_did_url() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let sign_by = ALICE_DID.to_string() + "#unknown-key"; - let res = MESSAGE_SIMPLE - .pack_encrypted( - BOB_DID, - ALICE_DID.into(), - sign_by.as_str().into(), - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - ..PackEncryptedOptions::default() - }, - ) - .await; - - let err = res.expect_err("res is ok"); - assert_eq!(err.kind(), ErrorKind::DIDUrlNotFound); - - assert_eq!( - format!("{}", err), - "DID URL not found: Unable produce sign envelope: Signer key id not found in did doc" - ); - } - - #[tokio::test] - async fn pack_encrypted_works_from_not_in_secrets() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let res = MESSAGE_SIMPLE - .pack_encrypted( - BOB_DID, - "did:example:alice#key-x25519-not-in-secrets-1".into(), - None, - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - ..PackEncryptedOptions::default() - }, - ) - .await; - - let err = res.expect_err("res is ok"); - assert_eq!(err.kind(), ErrorKind::SecretNotFound); - - assert_eq!( - format!("{}", err), - "Secret not found: No sender secrets found" - ); - } - - #[tokio::test] - async fn pack_encrypted_works_sign_by_not_in_secrets() { - let did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC_WITH_NO_SECRETS.clone(), - BOB_DID_DOC.clone(), - ]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let res = MESSAGE_SIMPLE - .pack_encrypted( - BOB_DID, - ALICE_DID.into(), - "did:example:alice#key-not-in-secrets-1".into(), - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - ..PackEncryptedOptions::default() - }, - ) - .await; - - let err = res.expect_err("res is ok"); - assert_eq!(err.kind(), ErrorKind::SecretNotFound); - - assert_eq!( - format!("{}", err), - "Secret not found: Unable produce sign envelope: No signer secrets found" - ); + assert_eq!(err.kind(), ErrorKind::DIDNotResolved); + assert_eq!(format!("{}", err), "DID not resolved: Sender did not found"); } #[tokio::test] async fn pack_encrypted_works_to_not_in_secrets_positive() { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC_NO_SECRETS.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - let to = "did:example:bob#key-x25519-not-secrets-1"; + let to = "did:key:bob#key-x25519-not-secrets-1"; let _ = MESSAGE_SIMPLE .pack_encrypted( to, @@ -2748,118 +1502,1237 @@ mod tests { .await; } - #[tokio::test] - async fn pack_encrypted_works_to_from_different_curves() { - _pack_encrypted_works_to_from_different_curves( - "did:example:alice#key-x25519-1".into(), - "did:example:bob#key-p256-1", - ) - .await; - _pack_encrypted_works_to_from_different_curves( - "did:example:alice#key-x25519-1".into(), - "did:example:bob#key-p384-1", - ) - .await; - _pack_encrypted_works_to_from_different_curves( - "did:example:alice#key-x25519-1".into(), - "did:example:bob#key-p521-1", - ) - .await; - _pack_encrypted_works_to_from_different_curves( - "did:example:alice#key-p256-1".into(), - "did:example:bob#key-p384-1", - ) - .await; - _pack_encrypted_works_to_from_different_curves( - "did:example:alice#key-p256-1".into(), - "did:example:bob#key-p521-1", - ) - .await; - _pack_encrypted_works_to_from_different_curves( - "did:example:alice#key-p521-1".into(), - "did:example:bob#key-p384-1", - ) - .await; - - async fn _pack_encrypted_works_to_from_different_curves(from: Option<&str>, to: &str) { - let did_resolver = - ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); - - let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); - - let res = MESSAGE_SIMPLE - .pack_encrypted( - to, - from, - None, - &did_resolver, - &secrets_resolver, - &PackEncryptedOptions { - forward: false, - ..PackEncryptedOptions::default() - }, - ) - .await; - - let err = res.expect_err("res is ok"); - assert_eq!(err.kind(), ErrorKind::NoCompatibleCrypto); - - assert_eq!( - format!("{}", err), - "No compatible crypto: No common keys between sender and recipient found" - ); - } - } - - #[tokio::test] - async fn pack_encrypted_works_from_prior() { - let mut did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC.clone(), - BOB_DID_DOC.clone(), - CHARLIE_DID_DOC.clone(), - ]); - let charlie_rotated_to_alice_secrets_resolver = - ExampleSecretsResolver::new(CHARLIE_ROTATED_TO_ALICE_SECRETS.clone()); - let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); - - let (packed_msg, _pack_metadata) = MESSAGE_FROM_PRIOR_FULL - .pack_encrypted( - BOB_DID, - Some(ALICE_DID), - None, - &did_resolver, - &charlie_rotated_to_alice_secrets_resolver, - &PackEncryptedOptions { - forward: false, - ..PackEncryptedOptions::default() - }, - ) - .await - .expect("Unable pack_encrypted"); - - let did_method_resolver = DIDMethods::default(); - let (unpacked_msg, unpack_metadata) = Message::unpack_string( - &packed_msg, - &mut did_resolver, - &did_method_resolver, - &bob_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - assert_eq!(&unpacked_msg, &*MESSAGE_FROM_PRIOR_FULL); - assert_eq!( - unpack_metadata.from_prior_issuer_kid.as_ref(), - Some(&CHARLIE_SECRET_AUTH_KEY_ED25519.id) - ); - assert_eq!(unpack_metadata.from_prior.as_ref(), Some(&*FROM_PRIOR_FULL)); - } - + /* + + #[tokio::test] + async fn pack_encrypted_works_anoncrypt() { + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + AnonCryptAlg::A256gcmEcdhEsA256kw, + jwe::EncAlgorithm::A256Gcm, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + Chacha20Key, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + AnonCryptAlg::Xc20pEcdhEsA256kw, + jwe::EncAlgorithm::Xc20P, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + AnonCryptAlg::A256gcmEcdhEsA256kw, + jwe::EncAlgorithm::A256Gcm, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + Chacha20Key, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + AnonCryptAlg::Xc20pEcdhEsA256kw, + jwe::EncAlgorithm::Xc20P, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + AnonCryptAlg::A256gcmEcdhEsA256kw, + jwe::EncAlgorithm::A256Gcm, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + Chacha20Key, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + AnonCryptAlg::Xc20pEcdhEsA256kw, + jwe::EncAlgorithm::Xc20P, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], + AnonCryptAlg::A256gcmEcdhEsA256kw, + jwe::EncAlgorithm::A256Gcm, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + Chacha20Key, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], + AnonCryptAlg::Xc20pEcdhEsA256kw, + jwe::EncAlgorithm::Xc20P, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + AesKey, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], + AnonCryptAlg::A256gcmEcdhEsA256kw, + jwe::EncAlgorithm::A256Gcm, + ) + .await; + + _pack_encrypted_works_anoncrypt::< + Chacha20Key, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_2], + AnonCryptAlg::Xc20pEcdhEsA256kw, + jwe::EncAlgorithm::Xc20P, + ) + .await; + + async fn _pack_encrypted_works_anoncrypt( + to: &str, + to_keys: Vec<&Secret>, + enc_alg: AnonCryptAlg, + enc_alg_jwe: jwe::EncAlgorithm, + ) where + CE: KeyAeadInPlace + KeySecretBytes, + KDF: JoseKDF, + KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, + KW: KeyWrap + FromKeyDerivation, + { + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + // let to_did_doc = match did_resolver.resolve(to).await { + // Ok(response) => response.doc, + // Err(err) => { + // println!("ERROR in resolving doc: {:?}", err); + // return (); + // } + // }; + let (msg, metadata) = MESSAGE_SIMPLE + .pack_encrypted( + to, + None, + None, + &did_resolver, + &secrets_resolver, + &PackEncryptedOptions { + forward: false, + enc_alg_anon: enc_alg, + ..PackEncryptedOptions::default() + }, + ) + .await + .expect("encrypt is ok."); + + assert_eq!( + metadata, + PackEncryptedMetadata { + messaging_service: None, + from_kid: None, + sign_by_kid: None, + to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), + } + ); + + let msg = _verify_anoncrypt::(&msg, to_keys, enc_alg_jwe); + _verify_plaintext(&msg, PLAINTEXT_MSG_SIMPLE); + } + } + + #[tokio::test] + async fn pack_encrypted_works_anoncrypt_sign() { + _pack_encrypted_works_anoncrypt_sign::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + Ed25519KeyPair, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + ALICE_DID, + &ALICE_AUTH_METHOD_25519, + jws::Algorithm::EdDSA, + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt_sign::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + Ed25519KeyPair, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + ALICE_DID, + &ALICE_AUTH_METHOD_25519, + jws::Algorithm::EdDSA, + AnonCryptAlg::A256gcmEcdhEsA256kw, + jwe::EncAlgorithm::A256Gcm, + ) + .await; + + _pack_encrypted_works_anoncrypt_sign::< + Chacha20Key, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + Ed25519KeyPair, + >( + BOB_DID, + vec![ + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2, + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3, + ], + ALICE_DID, + &ALICE_AUTH_METHOD_25519, + jws::Algorithm::EdDSA, + AnonCryptAlg::Xc20pEcdhEsA256kw, + jwe::EncAlgorithm::Xc20P, + ) + .await; + + _pack_encrypted_works_anoncrypt_sign::< + AesKey, + EcdhEs<'_, X25519KeyPair>, + X25519KeyPair, + AesKey, + Ed25519KeyPair, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2], + &ALICE_AUTH_METHOD_25519.id, + &ALICE_AUTH_METHOD_25519, + jws::Algorithm::EdDSA, + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt_sign::< + AesKey, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + P256KeyPair, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], + &ALICE_AUTH_METHOD_P256.id, + &ALICE_AUTH_METHOD_P256, + jws::Algorithm::Es256, + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + _pack_encrypted_works_anoncrypt_sign::< + AesKey, + EcdhEs<'_, P256KeyPair>, + P256KeyPair, + AesKey, + K256KeyPair, + >( + &BOB_SECRET_KEY_AGREEMENT_KEY_P256_1.id, + vec![&BOB_SECRET_KEY_AGREEMENT_KEY_P256_1], + &ALICE_AUTH_METHOD_SECPP256K1.id, + &ALICE_AUTH_METHOD_SECPP256K1, + jws::Algorithm::Es256K, + AnonCryptAlg::A256cbcHs512EcdhEsA256kw, + jwe::EncAlgorithm::A256cbcHs512, + ) + .await; + + async fn _pack_encrypted_works_anoncrypt_sign( + to: &str, + to_keys: Vec<&Secret>, + sign_by: &str, + sign_by_key: &VerificationMethod, + sign_alg: jws::Algorithm, + enc_alg: AnonCryptAlg, + enc_alg_jwe: jwe::EncAlgorithm, + ) where + CE: KeyAeadInPlace + KeySecretBytes, + KDF: JoseKDF, + KE: KeyExchange + KeyGen + ToJwkValue + FromJwkValue, + KW: KeyWrap + FromKeyDerivation, + SK: KeySigVerify + FromJwkValue, + { + let did_resolver = + ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone(), BOB_DID_DOC.clone()]); + + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let (msg, metadata) = MESSAGE_SIMPLE + .pack_encrypted( + to, + None, + Some(sign_by), + &did_resolver, + &secrets_resolver, + &PackEncryptedOptions { + forward: false, + enc_alg_anon: enc_alg, + ..PackEncryptedOptions::default() + }, + ) + .await + .expect("encrypt is ok."); + + assert_eq!( + metadata, + PackEncryptedMetadata { + messaging_service: None, + from_kid: None, + sign_by_kid: Some(sign_by_key.id.clone()), + to_kids: to_keys.iter().map(|s| s.id.clone()).collect::>(), + } + ); + + let msg = _verify_anoncrypt::(&msg, to_keys, enc_alg_jwe); + let msg = _verify_signed::(&msg, sign_by_key, sign_alg); + _verify_plaintext(&msg, PLAINTEXT_MSG_SIMPLE); + } + } + + #[tokio::test] + async fn pack_encrypted_works_single_mediator() { + _pack_encrypted_works_single_mediator(BOB_DID, None, None).await; + + _pack_encrypted_works_single_mediator(BOB_DID, None, Some(ALICE_DID)).await; + + _pack_encrypted_works_single_mediator(BOB_DID, Some(ALICE_DID), None).await; + + _pack_encrypted_works_single_mediator(BOB_DID, Some(ALICE_DID), Some(ALICE_DID)).await; + + _pack_encrypted_works_single_mediator( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + None, + None, + ) + .await; + + _pack_encrypted_works_single_mediator( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + None, + Some(ALICE_DID), + ) + .await; + + _pack_encrypted_works_single_mediator( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + Some(ALICE_DID), + None, + ) + .await; + + _pack_encrypted_works_single_mediator( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + Some(ALICE_DID), + Some(ALICE_DID), + ) + .await; + + async fn _pack_encrypted_works_single_mediator( + to: &str, + from: Option<&str>, + sign_by: Option<&str>, + ) { + let mut did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let alice_secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); + + let mediator1_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR1_SECRETS.clone()); + + let (msg, pack_metadata) = MESSAGE_SIMPLE + .pack_encrypted( + to, + from, + sign_by, + &did_resolver, + &alice_secrets_resolver, + &PackEncryptedOptions::default(), + ) + .await + .expect("Unable encrypt"); + + assert_eq!( + pack_metadata.messaging_service.as_ref(), + Some(&MessagingServiceMetadata { + id: "".into(), + service_endpoint: "".into(), + // id: BOB_SERVICE.id.clone(), + // service_endpoint: BOB_DID_COMM_MESSAGING_SERVICE.uri.clone(), + }) + ); + + assert_eq!( + pack_metadata.from_kid.map(|k| did_or_url(&k).0.to_owned()), + from.map(|d| d.to_owned()) + ); + assert_eq!( + pack_metadata + .sign_by_kid + .map(|k| did_or_url(&k).0.to_owned()), + sign_by.map(|d| d.to_owned()) + ); + + match did_or_url(to) { + (_, Some(to_kid)) => { + assert_eq!( + pack_metadata + .to_kids + .iter() + .map(|k| k.as_str()) + .collect::>(), + vec![to_kid] + ) + } + (to_did, None) => { + for metadata_to_kid in pack_metadata.to_kids { + assert_eq!(did_or_url(&metadata_to_kid).0, to_did); + } + } + } + + let (unpacked_msg_mediator1, unpack_metadata_mediator1) = Message::unpack_string( + &msg, + &mut did_resolver, + &mediator1_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + let forward = + try_parse_forward(&unpacked_msg_mediator1).expect("Message is not Forward"); + + assert_eq!(forward.msg, &unpacked_msg_mediator1); + assert_eq!(&forward.next, to); + + assert!(unpack_metadata_mediator1.encrypted); + assert!(!unpack_metadata_mediator1.authenticated); + assert!(!unpack_metadata_mediator1.non_repudiation); + assert!(unpack_metadata_mediator1.anonymous_sender); + assert!(!unpack_metadata_mediator1.re_wrapped_in_forward); + + let forwarded_msg = serde_json::to_string(&forward.forwarded_msg) + .expect("Unable serialize forwarded message"); + + let (unpacked_msg, unpack_metadata) = Message::unpack_string( + &forwarded_msg, + &mut did_resolver, + &bob_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + assert_eq!(&unpacked_msg, &*MESSAGE_SIMPLE); + + assert!(unpack_metadata.encrypted); + assert_eq!( + unpack_metadata.authenticated, + from.is_some() || sign_by.is_some() + ); + assert_eq!(unpack_metadata.non_repudiation, sign_by.is_some()); + assert_eq!(unpack_metadata.anonymous_sender, from.is_none()); + assert!(!unpack_metadata.re_wrapped_in_forward); + } + } + + #[tokio::test] + async fn pack_encrypted_works_multiple_mediators_alternative_endpoints() { + _pack_encrypted_works_multiple_mediators_alternative_endpoints(CHARLIE_DID, None, None) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + CHARLIE_DID, + None, + Some(ALICE_DID), + ) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + CHARLIE_DID, + Some(ALICE_DID), + None, + ) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + CHARLIE_DID, + Some(ALICE_DID), + Some(ALICE_DID), + ) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, + None, + None, + ) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, + None, + Some(ALICE_DID), + ) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, + Some(ALICE_DID), + None, + ) + .await; + + _pack_encrypted_works_multiple_mediators_alternative_endpoints( + &CHARLIE_SECRET_KEY_AGREEMENT_KEY_X25519.id, + Some(ALICE_DID), + Some(ALICE_DID), + ) + .await; + + async fn _pack_encrypted_works_multiple_mediators_alternative_endpoints( + to: &str, + from: Option<&str>, + sign_by: Option<&str>, + ) { + let msg = Message::build( + "1234567890".to_owned(), + "http://example.com/protocols/lets_do_lunch/1.0/proposal".to_owned(), + json!({"messagespecificattribute": "and its value"}), + ) + .from(ALICE_DID.to_owned()) + .to(CHARLIE_DID.to_owned()) + .created_time(1516269022) + .expires_time(1516385931) + .finalize(); + + let mut did_resolver = ExampleDIDResolver::new(vec![ + ALICE_DID_DOC.clone(), + CHARLIE_DID_DOC.clone(), + MEDIATOR1_DID_DOC.clone(), + MEDIATOR2_DID_DOC.clone(), + MEDIATOR3_DID_DOC.clone(), + ]); + + let alice_secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let charlie_secrets_resolver = ExampleSecretsResolver::new(CHARLIE_SECRETS.clone()); + + let mediator1_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR1_SECRETS.clone()); + + let mediator2_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR2_SECRETS.clone()); + + let mediator3_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR3_SECRETS.clone()); + + let (packed_msg, pack_metadata) = msg + .pack_encrypted( + to, + from, + sign_by, + &did_resolver, + &alice_secrets_resolver, + &PackEncryptedOptions { + forward_headers: Some(HashMap::from_iter([ + ("example-header-1".into(), json!("example-header-1-value")), + ("example-header-2".into(), json!("example-header-2-value")), + ])), + ..PackEncryptedOptions::default() + }, + ) + .await + .expect("Unable encrypt"); + + assert_eq!( + pack_metadata.messaging_service.as_ref(), + Some(&MessagingServiceMetadata { + id: CHARLIE_SERVICE.id.clone(), + service_endpoint: MEDIATOR3_DID_COMM_MESSAGING_SERVICE.uri.clone(), + }) + ); + + assert_eq!( + pack_metadata.from_kid.map(|k| did_or_url(&k).0.to_owned()), + from.map(|d| d.to_owned()) + ); + assert_eq!( + pack_metadata + .sign_by_kid + .map(|k| did_or_url(&k).0.to_owned()), + sign_by.map(|d| d.to_owned()) + ); + + match did_or_url(to) { + (_, Some(to_kid)) => { + assert_eq!( + pack_metadata + .to_kids + .iter() + .map(|k| k.as_str()) + .collect::>(), + vec![to_kid] + ) + } + (to_did, None) => { + for metadata_to_kid in pack_metadata.to_kids { + assert_eq!(did_or_url(&metadata_to_kid).0, to_did); + } + } + } + + let did_method_resolver = DIDMethods::default(); + let (unpacked_msg_mediator3, unpack_metadata_mediator3) = Message::unpack_string( + &packed_msg, + &mut did_resolver, + &mediator3_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + let forward_at_mediator3 = + try_parse_forward(&unpacked_msg_mediator3).expect("Message is not Forward"); + + assert_eq!(forward_at_mediator3.msg, &unpacked_msg_mediator3); + + assert_eq!( + &forward_at_mediator3.msg.extra_headers, + &HashMap::from_iter([ + ("example-header-1".into(), json!("example-header-1-value")), + ("example-header-2".into(), json!("example-header-2-value")), + ]) + ); + + assert_eq!( + &forward_at_mediator3.next, + "did:example:mediator2#key-x25519-1" + ); + + assert!(unpack_metadata_mediator3.encrypted); + assert!(!unpack_metadata_mediator3.authenticated); + assert!(!unpack_metadata_mediator3.non_repudiation); + assert!(unpack_metadata_mediator3.anonymous_sender); + assert!(!unpack_metadata_mediator3.re_wrapped_in_forward); + + let forwarded_msg_at_mediator3 = + serde_json::to_string(&forward_at_mediator3.forwarded_msg) + .expect("Unable serialize forwarded message"); + + let (unpacked_msg_mediator2, unpack_metadata_mediator2) = Message::unpack_string( + &forwarded_msg_at_mediator3, + &mut did_resolver, + &mediator2_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + let forward_at_mediator2 = + try_parse_forward(&unpacked_msg_mediator2).expect("Message is not Forward"); + + assert_eq!(forward_at_mediator2.msg, &unpacked_msg_mediator2); + + assert_eq!( + &forward_at_mediator2.msg.extra_headers, + &HashMap::from_iter([ + ("example-header-1".into(), json!("example-header-1-value")), + ("example-header-2".into(), json!("example-header-2-value")), + ]) + ); + + assert_eq!( + &forward_at_mediator2.next, + "did:example:mediator1#key-x25519-1" + ); + + assert!(unpack_metadata_mediator2.encrypted); + assert!(!unpack_metadata_mediator2.authenticated); + assert!(!unpack_metadata_mediator2.non_repudiation); + assert!(unpack_metadata_mediator2.anonymous_sender); + assert!(!unpack_metadata_mediator2.re_wrapped_in_forward); + + let forwarded_msg_at_mediator2 = + serde_json::to_string(&forward_at_mediator2.forwarded_msg) + .expect("Unable serialize forwarded message"); + + let (unpacked_msg_mediator1, unpack_metadata_mediator1) = Message::unpack_string( + &forwarded_msg_at_mediator2, + &mut did_resolver, + &mediator1_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + let forward_at_mediator1 = + try_parse_forward(&unpacked_msg_mediator1).expect("Message is not Forward"); + + assert_eq!(forward_at_mediator1.msg, &unpacked_msg_mediator1); + + assert_eq!( + &forward_at_mediator1.msg.extra_headers, + &HashMap::from_iter([ + ("example-header-1".into(), json!("example-header-1-value")), + ("example-header-2".into(), json!("example-header-2-value")), + ]) + ); + + assert_eq!(&forward_at_mediator1.next, to); + + assert!(unpack_metadata_mediator1.encrypted); + assert!(!unpack_metadata_mediator1.authenticated); + assert!(!unpack_metadata_mediator1.non_repudiation); + assert!(unpack_metadata_mediator1.anonymous_sender); + assert!(!unpack_metadata_mediator1.re_wrapped_in_forward); + + let forwarded_msg_at_mediator1 = + serde_json::to_string(&forward_at_mediator1.forwarded_msg) + .expect("Unable serialize forwarded message"); + + let (unpacked_msg, unpack_metadata) = Message::unpack_string( + &forwarded_msg_at_mediator1, + &mut did_resolver, + &charlie_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + assert_eq!(&unpacked_msg, &msg); + + assert!(unpack_metadata.encrypted); + assert_eq!( + unpack_metadata.authenticated, + from.is_some() || sign_by.is_some() + ); + assert_eq!(unpack_metadata.non_repudiation, sign_by.is_some()); + assert_eq!(unpack_metadata.anonymous_sender, from.is_none()); + assert!(!unpack_metadata.re_wrapped_in_forward); + } + } + + #[tokio::test] + async fn wrap_in_forward_works_mediator_unknown_to_sender() { + _wrap_in_forward_works_mediator_unknown_to_sender(BOB_DID, None, None).await; + + _wrap_in_forward_works_mediator_unknown_to_sender(BOB_DID, None, Some(ALICE_DID)).await; + + _wrap_in_forward_works_mediator_unknown_to_sender(BOB_DID, Some(ALICE_DID), None).await; + + _wrap_in_forward_works_mediator_unknown_to_sender( + BOB_DID, + Some(ALICE_DID), + Some(ALICE_DID), + ) + .await; + + _wrap_in_forward_works_mediator_unknown_to_sender( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + None, + None, + ) + .await; + + _wrap_in_forward_works_mediator_unknown_to_sender( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + None, + Some(ALICE_DID), + ) + .await; + + _wrap_in_forward_works_mediator_unknown_to_sender( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + Some(ALICE_DID), + None, + ) + .await; + + _wrap_in_forward_works_mediator_unknown_to_sender( + &BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2.id, + Some(ALICE_DID), + Some(ALICE_DID), + ) + .await; + + async fn _wrap_in_forward_works_mediator_unknown_to_sender( + to: &str, + from: Option<&str>, + sign_by: Option<&str>, + ) { + let mut did_resolver = ExampleDIDResolver::new(vec![ + ALICE_DID_DOC.clone(), + BOB_DID_DOC.clone(), + MEDIATOR1_DID_DOC.clone(), + MEDIATOR2_DID_DOC.clone(), + ]); + + let alice_secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); + + let mediator1_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR1_SECRETS.clone()); + + let mediator2_secrets_resolver = ExampleSecretsResolver::new(MEDIATOR2_SECRETS.clone()); + + let (msg, pack_metadata) = MESSAGE_SIMPLE + .pack_encrypted( + to, + from, + sign_by, + &did_resolver, + &alice_secrets_resolver, + &PackEncryptedOptions { + messaging_service: Some(BOB_SERVICE.id.clone()), + ..PackEncryptedOptions::default() + }, + ) + .await + .expect("Unable encrypt"); + + assert_eq!( + pack_metadata.messaging_service.as_ref(), + Some(&MessagingServiceMetadata { + id: BOB_SERVICE.id.clone(), + service_endpoint: BOB_DID_COMM_MESSAGING_SERVICE.uri.clone(), + }) + ); + + let did_method_resolver = DIDMethods::default(); + let (unpacked_msg_mediator1, unpack_metadata_mediator1) = Message::unpack_string( + &msg, + &mut did_resolver, + &mediator1_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + let forward_at_mediator1 = + try_parse_forward(&unpacked_msg_mediator1).expect("Message is not Forward"); + + assert_eq!(forward_at_mediator1.msg, &unpacked_msg_mediator1); + assert_eq!(&forward_at_mediator1.next, to); + + assert!(unpack_metadata_mediator1.encrypted); + assert!(!unpack_metadata_mediator1.authenticated); + assert!(!unpack_metadata_mediator1.non_repudiation); + assert!(unpack_metadata_mediator1.anonymous_sender); + assert!(!unpack_metadata_mediator1.re_wrapped_in_forward); + + let forwarded_msg_at_mediator1 = + serde_json::to_string(&forward_at_mediator1.forwarded_msg) + .expect("Unable serialize forwarded message"); + + let forward_msg_for_mediator2 = wrap_in_forward( + &forwarded_msg_at_mediator1, + None, + &forward_at_mediator1.next, + &[MEDIATOR2_VERIFICATION_METHOD_KEY_AGREEM_X25519_1.id.clone()], + &AnonCryptAlg::default(), + &did_resolver, + ) + .await + .expect("Unable wrap in forward"); + + let (unpacked_msg_mediator2, unpack_metadata_mediator2) = Message::unpack_string( + &forward_msg_for_mediator2, + &mut did_resolver, + &mediator2_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + let forward_at_mediator2 = + try_parse_forward(&unpacked_msg_mediator2).expect("Message is not Forward"); + + assert_eq!(forward_at_mediator2.msg, &unpacked_msg_mediator2); + assert_eq!(&forward_at_mediator2.next, to); + + assert!(unpack_metadata_mediator2.encrypted); + assert!(!unpack_metadata_mediator2.authenticated); + assert!(!unpack_metadata_mediator2.non_repudiation); + assert!(unpack_metadata_mediator2.anonymous_sender); + assert!(!unpack_metadata_mediator2.re_wrapped_in_forward); + + let forwarded_msg_at_mediator2 = + serde_json::to_string(&forward_at_mediator2.forwarded_msg) + .expect("Unable serialize forwarded message"); + + let (unpacked_msg, unpack_metadata) = Message::unpack_string( + &forwarded_msg_at_mediator2, + &mut did_resolver, + &bob_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + assert_eq!(&unpacked_msg, &*MESSAGE_SIMPLE); + + assert!(unpack_metadata.encrypted); + assert_eq!( + unpack_metadata.authenticated, + from.is_some() || sign_by.is_some() + ); + assert_eq!(unpack_metadata.non_repudiation, sign_by.is_some()); + assert_eq!(unpack_metadata.anonymous_sender, from.is_none()); + assert!(!unpack_metadata.re_wrapped_in_forward); + } + } + + // TODO: Add negative tests for Routing protocol + + #[tokio::test] + async fn pack_encrypted_works_sign_by_unknown_did_url() { + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let sign_by = ALICE_DID.to_string() + "#unknown-key"; + let res = MESSAGE_SIMPLE + .pack_encrypted( + BOB_DID, + ALICE_DID.into(), + sign_by.as_str().into(), + &did_resolver, + &secrets_resolver, + &PackEncryptedOptions { + forward: false, + ..PackEncryptedOptions::default() + }, + ) + .await; + + let err = res.expect_err("res is ok"); + assert_eq!( + format!("{}", err), + "DID URL not found: Unable produce sign envelope: Signer key id not found in did doc" + ); + assert_eq!(err.kind(), ErrorKind::DIDUrlNotFound); + } + + #[tokio::test] + async fn pack_encrypted_works_from_not_in_secrets() { + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let res = MESSAGE_SIMPLE + .pack_encrypted( + BOB_DID, + "did:key:alice#key-x25519-not-in-secrets-1".into(), + None, + &did_resolver, + &secrets_resolver, + &PackEncryptedOptions { + forward: false, + ..PackEncryptedOptions::default() + }, + ) + .await; + + let err = res.expect_err("res is ok"); + assert_eq!(err.kind(), ErrorKind::SecretNotFound); + + assert_eq!( + format!("{}", err), + "Secret not found: No sender secrets found" + ); + } + + #[tokio::test] + async fn pack_encrypted_works_sign_by_not_in_secrets() { + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let res = MESSAGE_SIMPLE + .pack_encrypted( + BOB_DID, + ALICE_DID.into(), + "did:key:alice#key-not-in-secrets-1".into(), + &did_resolver, + &secrets_resolver, + &PackEncryptedOptions { + forward: false, + ..PackEncryptedOptions::default() + }, + ) + .await; + + let err = res.expect_err("res is ok"); + assert_eq!(err.kind(), ErrorKind::SecretNotFound); + + assert_eq!( + format!("{}", err), + "Secret not found: Unable produce sign envelope: No signer secrets found" + ); + } + + #[tokio::test] + async fn pack_encrypted_works_to_from_different_curves() { + _pack_encrypted_works_to_from_different_curves( + "did:key:alice#key-x25519-1".into(), + "did:key:bob#key-p256-1", + ) + .await; + _pack_encrypted_works_to_from_different_curves( + "did:example:alice#key-x25519-1".into(), + "did:example:bob#key-p384-1", + ) + .await; + _pack_encrypted_works_to_from_different_curves( + "did:example:alice#key-x25519-1".into(), + "did:example:bob#key-p521-1", + ) + .await; + _pack_encrypted_works_to_from_different_curves( + "did:example:alice#key-p256-1".into(), + "did:example:bob#key-p384-1", + ) + .await; + _pack_encrypted_works_to_from_different_curves( + "did:example:alice#key-p256-1".into(), + "did:example:bob#key-p521-1", + ) + .await; + _pack_encrypted_works_to_from_different_curves( + "did:example:alice#key-p521-1".into(), + "did:example:bob#key-p384-1", + ) + .await; + + async fn _pack_encrypted_works_to_from_different_curves(from: Option<&str>, to: &str) { + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let secrets_resolver = ExampleSecretsResolver::new(ALICE_SECRETS.clone()); + + let res = MESSAGE_SIMPLE + .pack_encrypted( + to, + from, + None, + &did_resolver, + &secrets_resolver, + &PackEncryptedOptions { + forward: false, + ..PackEncryptedOptions::default() + }, + ) + .await; + + let err = res.expect_err("res is ok"); + assert_eq!( + format!("{}", err), + "No compatible crypto: No common keys between sender and recipient found" + ); + assert_eq!(err.kind(), ErrorKind::NoCompatibleCrypto); + } + } + + #[tokio::test] + async fn pack_encrypted_works_from_prior() { + let mut did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); + + let charlie_rotated_to_alice_secrets_resolver = + ExampleSecretsResolver::new(CHARLIE_ROTATED_TO_ALICE_SECRETS.clone()); + let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); + + let (packed_msg, _pack_metadata) = MESSAGE_FROM_PRIOR_FULL + .pack_encrypted( + BOB_DID, + Some(ALICE_DID), + None, + &did_resolver, + &charlie_rotated_to_alice_secrets_resolver, + &PackEncryptedOptions { + forward: false, + ..PackEncryptedOptions::default() + }, + ) + .await + .expect("Unable pack_encrypted"); + + let (unpacked_msg, unpack_metadata) = Message::unpack_string( + &packed_msg, + &mut did_resolver, + &bob_secrets_resolver, + &UnpackOptions::default(), + ) + .await + .expect("Unable unpack"); + + assert_eq!(&unpacked_msg, &*MESSAGE_FROM_PRIOR_FULL); + assert_eq!( + unpack_metadata.from_prior_issuer_kid.as_ref(), + Some(&CHARLIE_SECRET_AUTH_KEY_ED25519.id) + ); + assert_eq!(unpack_metadata.from_prior.as_ref(), Some(&*FROM_PRIOR_FULL)); + } + */ fn _verify_authcrypt( msg: &str, to_keys: Vec<&Secret>, - from_key: &VerificationMethod, + from_key: &DIDVerificationMethod, ) -> String where CE: KeyAeadInPlace + KeySecretBytes, @@ -2892,13 +2765,9 @@ mod tests { for to_key in to_keys { let from_kid = &from_key.id; let to_kid = &to_key.id; + let jwk_string = serde_json::to_value(&from_key.get_jwk()).unwrap(); - let from_key = match from_key.verification_material { - VerificationMaterial::JWK { - public_key_jwk: ref value, - } => KE::from_jwk_value(value).expect("Unable from_jwk_value"), - _ => panic!("Unexpected verification method"), - }; + let from_key = KE::from_jwk_value(&jwk_string).expect("Unable from_jwk_value"); let to_key = match to_key.secret_material { SecretMaterial::JWK { @@ -2984,7 +2853,7 @@ mod tests { fn _verify_signed( msg: &str, - sign_key: &VerificationMethod, + sign_key: &DIDVerificationMethod, alg: jws::Algorithm, ) -> String { let msg = jws::parse(msg).expect("Unable parse"); @@ -3002,18 +2871,14 @@ mod tests { assert_eq!( msg.jws.signatures[0].header, jws::Header { - kid: sign_key.id.clone() + kid: sign_key.id.clone().to_string() } ); - let sign_key_id = &sign_key.id; + let sign_key_id = &sign_key.id.to_string(); + let jwk_string = serde_json::to_value(&sign_key.get_jwk()).unwrap(); - let sign_key = match sign_key.verification_material { - VerificationMaterial::JWK { - public_key_jwk: ref value, - } => Key::from_jwk_value(value).expect("Unable from_jwk_value"), - _ => panic!("Unexpected verification_material"), - }; + let sign_key = Key::from_jwk_value(&jwk_string).expect("Unable from_jwk_value"); let valid = msg.verify((sign_key_id, &sign_key)).expect("Unable verify"); assert!(valid); @@ -3031,4 +2896,3 @@ mod tests { assert_eq!(msg, exp_msg) } } - */ diff --git a/affinidi-messaging-didcomm/src/message/pack_plaintext.rs b/affinidi-messaging-didcomm/src/message/pack_plaintext.rs index 11d8b4f..dcb503b 100644 --- a/affinidi-messaging-didcomm/src/message/pack_plaintext.rs +++ b/affinidi-messaging-didcomm/src/message/pack_plaintext.rs @@ -65,27 +65,22 @@ impl Message { } } -/* #[cfg(test)] mod tests { + use affinidi_did_resolver_cache_sdk::{config::ClientConfigBuilder, DIDCacheClient}; use serde_json::Value; - use ssi::did::DIDMethods; use crate::{ - did::resolvers::ExampleDIDResolver, error::ErrorKind, - secrets::resolvers::ExampleSecretsResolver, test_vectors::{ - ALICE_DID_DOC, BOB_DID_DOC, BOB_SECRETS, CHARLIE_DID_DOC, - CHARLIE_SECRET_AUTH_KEY_ED25519, FROM_PRIOR_FULL, MESSAGE_ATTACHMENT_BASE64, - MESSAGE_ATTACHMENT_JSON, MESSAGE_ATTACHMENT_LINKS, MESSAGE_ATTACHMENT_MULTI_1, - MESSAGE_ATTACHMENT_MULTI_2, MESSAGE_FROM_PRIOR_FULL, + MESSAGE_ATTACHMENT_BASE64, MESSAGE_ATTACHMENT_JSON, MESSAGE_ATTACHMENT_LINKS, + MESSAGE_ATTACHMENT_MULTI_1, MESSAGE_ATTACHMENT_MULTI_2, MESSAGE_FROM_PRIOR_MISMATCHED_SUB_AND_FROM, MESSAGE_MINIMAL, MESSAGE_SIMPLE, PLAINTEXT_MSG_ATTACHMENT_BASE64, PLAINTEXT_MSG_ATTACHMENT_JSON, PLAINTEXT_MSG_ATTACHMENT_LINKS, PLAINTEXT_MSG_ATTACHMENT_MULTI_1, PLAINTEXT_MSG_ATTACHMENT_MULTI_2, PLAINTEXT_MSG_MINIMAL, PLAINTEXT_MSG_SIMPLE, }, - Message, UnpackOptions, + Message, }; #[tokio::test] @@ -111,7 +106,9 @@ mod tests { .await; async fn _pack_plaintext_works(msg: &Message, exp_msg: &str) { - let did_resolver = ExampleDIDResolver::new(vec![ALICE_DID_DOC.clone()]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let msg = msg .pack_plaintext(&did_resolver) @@ -124,46 +121,11 @@ mod tests { } } - #[tokio::test] - async fn pack_plaintext_works_from_prior() { - let mut did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC.clone(), - BOB_DID_DOC.clone(), - CHARLIE_DID_DOC.clone(), - ]); - let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); - - let packed_msg = MESSAGE_FROM_PRIOR_FULL - .pack_plaintext(&did_resolver) - .await - .expect("Unable pack_plaintext"); - - let did_method_resolver = DIDMethods::default(); - let (unpacked_msg, unpack_metadata) = Message::unpack_string( - &packed_msg, - &mut did_resolver, - &did_method_resolver, - &bob_secrets_resolver, - &UnpackOptions::default(), - ) - .await - .expect("Unable unpack"); - - assert_eq!(&unpacked_msg, &*MESSAGE_FROM_PRIOR_FULL); - assert_eq!( - unpack_metadata.from_prior_issuer_kid.as_ref(), - Some(&CHARLIE_SECRET_AUTH_KEY_ED25519.id) - ); - assert_eq!(unpack_metadata.from_prior.as_ref(), Some(&*FROM_PRIOR_FULL)); - } - #[tokio::test] async fn pack_plaintext_works_mismatched_from_prior_sub_and_message_from() { - let did_resolver = ExampleDIDResolver::new(vec![ - ALICE_DID_DOC.clone(), - BOB_DID_DOC.clone(), - CHARLIE_DID_DOC.clone(), - ]); + let did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + .await + .unwrap(); let err = MESSAGE_FROM_PRIOR_MISMATCHED_SUB_AND_FROM .pack_plaintext(&did_resolver) @@ -171,11 +133,37 @@ mod tests { .expect_err("res is ok"); assert_eq!(err.kind(), ErrorKind::Malformed); - assert_eq!( format!("{}", err), "Malformed: from_prior `sub` value is not equal to message `from` value" ); } + // #[tokio::test] + // async fn pack_plaintext_works_from_prior() { + // let mut did_resolver = DIDCacheClient::new(ClientConfigBuilder::default().build()) + // .await + // .unwrap(); + // let bob_secrets_resolver = ExampleSecretsResolver::new(BOB_SECRETS.clone()); + + // let packed_msg = MESSAGE_FROM_PRIOR_FULL + // .pack_plaintext(&did_resolver) + // .await + // .expect("Unable pack_plaintext"); + + // let (unpacked_msg, unpack_metadata) = Message::unpack_string( + // &packed_msg, + // &mut did_resolver, + // &bob_secrets_resolver, + // &UnpackOptions::default(), + // ) + // .await + // .expect("Unable unpack"); + + // assert_eq!(&unpacked_msg, &*MESSAGE_FROM_PRIOR_FULL); + // assert_eq!( + // unpack_metadata.from_prior_issuer_kid.as_ref(), + // Some(&CHARLIE_SECRET_AUTH_KEY_ED25519.id) + // ); + // assert_eq!(unpack_metadata.from_prior.as_ref(), Some(&*FROM_PRIOR_FULL)); + // } } -*/ diff --git a/affinidi-messaging-didcomm/src/test_vectors/common.rs b/affinidi-messaging-didcomm/src/test_vectors/common.rs index cf002f8..a9d08f2 100644 --- a/affinidi-messaging-didcomm/src/test_vectors/common.rs +++ b/affinidi-messaging-didcomm/src/test_vectors/common.rs @@ -1,8 +1,8 @@ use base64::prelude::*; use serde_json::{Map, Value}; -pub const ALICE_DID: &str = "did:example:alice"; -pub const BOB_DID: &str = "did:example:bob"; +pub const ALICE_DID: &str = "did:key:alice"; +pub const BOB_DID: &str = "did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"; pub const CHARLIE_DID: &str = "did:key:z6MkhKzjHrZKpxHqmW9x1BVxgKZ9n7N1WXE3jTtJC26PYASp"; pub fn update_field(msg: &str, field: &str, value: &str) -> String { diff --git a/affinidi-messaging-didcomm/src/test_vectors/from_prior_jwt.rs b/affinidi-messaging-didcomm/src/test_vectors/from_prior_jwt.rs index ad1f3e6..7465713 100644 --- a/affinidi-messaging-didcomm/src/test_vectors/from_prior_jwt.rs +++ b/affinidi-messaging-didcomm/src/test_vectors/from_prior_jwt.rs @@ -1,4 +1,4 @@ -pub const FROM_PRIOR_JWT_FULL: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2hLempIclpLcHhIcW1XOXgxQlZ4Z0taOW43TjFXWEUzalR0SkMyNlBZQVNwI3o2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCJ9.eyJpc3MiOiJkaWQ6a2V5Ono2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCIsInN1YiI6ImRpZDpleGFtcGxlOmFsaWNlIiwiYXVkIjoiMTIzIiwiZXhwIjoxMjM0LCJuYmYiOjEyMzQ1LCJpYXQiOjEyMzQ1NiwianRpIjoiZGZnIn0.XF7C48Wbwgfrq5pdRDl7zxcGkEAJQ6TEDMMAMJ0UyIBafTnbLpkUnfMqt2dKmNLk5vAq0DKzrhTmiW1-BAVoBg"; +pub const FROM_PRIOR_JWT_FULL: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2hLempIclpLcHhIcW1XOXgxQlZ4Z0taOW43TjFXWEUzalR0SkMyNlBZQVNwI3o2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCJ9.eyJpc3MiOiJkaWQ6a2V5Ono2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCIsInN1YiI6ImRpZDprZXk6YWxpY2UiLCJhdWQiOiIxMjMiLCJleHAiOjEyMzQsIm5iZiI6MTIzNDUsImlhdCI6MTIzNDU2LCJqdGkiOiJkZmcifQ.06JcbGKVwPV5vmpn9t2WZ8qA7wEqcqBHv8so4emUwo1EgmjyUL-vBWiw4ywnliCuzZSYwRW7qj4Cc0F2JnOgBQ"; pub const FROM_PRIOR_JWT_INVALID: &str = "invalid"; diff --git a/affinidi-messaging-didcomm/src/test_vectors/message.rs b/affinidi-messaging-didcomm/src/test_vectors/message.rs index 16b1083..bfa82e3 100644 --- a/affinidi-messaging-didcomm/src/test_vectors/message.rs +++ b/affinidi-messaging-didcomm/src/test_vectors/message.rs @@ -19,7 +19,7 @@ lazy_static! { lazy_static! { pub static ref MESSAGE_FROM_PRIOR_FULL: Message = _message() - .from_prior("eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmNoYXJsaWUja2V5LTEifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpjaGFybGllIiwic3ViIjoiZGlkOmV4YW1wbGU6YWxpY2UiLCJhdWQiOiIxMjMiLCJleHAiOjEyMzQsIm5iZiI6MTIzNDUsImlhdCI6MTIzNDU2LCJqdGkiOiJkZmcifQ.ir0tegXiGJIZIMagO5P853KwhzGTEw0OpFFAyarUV-nQrtbI_ELbxT9l7jPBoPve_-60ifGJ9v3ArmFjELFlDA".into()) + .from_prior("eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2hLempIclpLcHhIcW1XOXgxQlZ4Z0taOW43TjFXWEUzalR0SkMyNlBZQVNwI3o2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCJ9.eyJpc3MiOiJkaWQ6a2V5Ono2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCIsInN1YiI6ImRpZDprZXk6YWxpY2UiLCJhdWQiOiIxMjMiLCJleHAiOjEyMzQsIm5iZiI6MTIzNDUsImlhdCI6MTIzNDU2LCJqdGkiOiJkZmcifQ.XF7C48Wbwgfrq5pdRDl7zxcGkEAJQ6TEDMMAMJ0UyIBafTnbLpkUnfMqt2dKmNLk5vAq0DKzrhTmiW1-BAVoBg".into()) .finalize(); } @@ -34,7 +34,7 @@ lazy_static! { .to(ALICE_DID.to_owned()) .created_time(1516269022) .expires_time(1516385931) - .from_prior("eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmNoYXJsaWUja2V5LTEifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpjaGFybGllIiwic3ViIjoiZGlkOmV4YW1wbGU6YWxpY2UiLCJhdWQiOiIxMjMiLCJleHAiOjEyMzQsIm5iZiI6MTIzNDUsImlhdCI6MTIzNDU2LCJqdGkiOiJkZmcifQ.ir0tegXiGJIZIMagO5P853KwhzGTEw0OpFFAyarUV-nQrtbI_ELbxT9l7jPBoPve_-60ifGJ9v3ArmFjELFlDA".into()) + .from_prior("eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2hLempIclpLcHhIcW1XOXgxQlZ4Z0taOW43TjFXWEUzalR0SkMyNlBZQVNwI3o2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCJ9.eyJpc3MiOiJkaWQ6a2V5Ono2TWtoS3pqSHJaS3B4SHFtVzl4MUJWeGdLWjluN04xV1hFM2pUdEpDMjZQWUFTcCIsInN1YiI6ImRpZDpleGFtcGxlOmFsaWNlIiwiYXVkIjoiMTIzIiwiZXhwIjoxMjM0LCJuYmYiOjEyMzQ1LCJpYXQiOjEyMzQ1NiwianRpIjoiZGZnIn0.XF7C48Wbwgfrq5pdRDl7zxcGkEAJQ6TEDMMAMJ0UyIBafTnbLpkUnfMqt2dKmNLk5vAq0DKzrhTmiW1-BAVoBg".into()) .finalize(); } diff --git a/affinidi-messaging-didcomm/src/test_vectors/mod.rs b/affinidi-messaging-didcomm/src/test_vectors/mod.rs index 846294e..bb4d73a 100644 --- a/affinidi-messaging-didcomm/src/test_vectors/mod.rs +++ b/affinidi-messaging-didcomm/src/test_vectors/mod.rs @@ -14,3 +14,7 @@ pub use from_prior::*; pub use from_prior_jwt::*; pub use secrets::*; + +pub use message::*; + +pub use plaintext::*; diff --git a/affinidi-messaging-didcomm/src/test_vectors/plaintext.rs b/affinidi-messaging-didcomm/src/test_vectors/plaintext.rs index bc222bf..c760032 100644 --- a/affinidi-messaging-didcomm/src/test_vectors/plaintext.rs +++ b/affinidi-messaging-didcomm/src/test_vectors/plaintext.rs @@ -3,8 +3,8 @@ pub const PLAINTEXT_MSG_SIMPLE: &str = r#" "id": "1234567890", "typ": "application/didcomm-plain+json", "type": "http://example.com/protocols/lets_do_lunch/1.0/proposal", - "from": "did:example:alice", - "to": ["did:example:bob"], + "from": "did:key:alice", + "to": ["did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"], "created_time": 1516269022, "expires_time": 1516385931, "body": {"messagespecificattribute": "and its value"} @@ -79,8 +79,8 @@ pub const PLAINTEXT_MSG_ATTACHMENT_BASE64: &str = r#" "id": "1234567890", "typ": "application/didcomm-plain+json", "type": "http://example.com/protocols/lets_do_lunch/1.0/proposal", - "from": "did:example:alice", - "to": ["did:example:bob"], + "from": "did:key:alice", + "to": ["did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"], "created_time": 1516269022, "expires_time": 1516385931, "body": {"messagespecificattribute": "and its value"}, @@ -93,8 +93,8 @@ pub const PLAINTEXT_MSG_ATTACHMENT_LINKS: &str = r#" "id": "1234567890", "typ": "application/didcomm-plain+json", "type": "http://example.com/protocols/lets_do_lunch/1.0/proposal", - "from": "did:example:alice", - "to": ["did:example:bob"], + "from": "did:key:alice", + "to": ["did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"], "created_time": 1516269022, "expires_time": 1516385931, "body": {"messagespecificattribute": "and its value"}, @@ -109,8 +109,8 @@ pub const PLAINTEXT_MSG_ATTACHMENT_JSON: &str = r#" "id": "1234567890", "typ": "application/didcomm-plain+json", "type": "http://example.com/protocols/lets_do_lunch/1.0/proposal", - "from": "did:example:alice", - "to": ["did:example:bob"], + "from": "did:key:alice", + "to": ["did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"], "created_time": 1516269022, "expires_time": 1516385931, "body": {"messagespecificattribute": "and its value"}, @@ -125,8 +125,8 @@ pub const PLAINTEXT_MSG_ATTACHMENT_MULTI_1: &str = r#" "id": "1234567890", "typ": "application/didcomm-plain+json", "type": "http://example.com/protocols/lets_do_lunch/1.0/proposal", - "from": "did:example:alice", - "to": ["did:example:bob"], + "from": "did:key:alice", + "to": ["did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"], "created_time": 1516269022, "expires_time": 1516385931, "body": {"messagespecificattribute": "and its value"}, @@ -143,8 +143,8 @@ pub const PLAINTEXT_MSG_ATTACHMENT_MULTI_2: &str = r#" "id": "1234567890", "typ": "application/didcomm-plain+json", "type": "http://example.com/protocols/lets_do_lunch/1.0/proposal", - "from": "did:example:alice", - "to": ["did:example:bob"], + "from": "did:key:alice", + "to": ["did:key:z6Mki7K3d9U5tH6P8x9g93Dh7LZ6HF1JSF3ECoZZ2PgtMoxH"], "created_time": 1516269022, "expires_time": 1516385931, "body": {"messagespecificattribute": "and its value"},