test: implement coverage #005 Tier-A suggestions (S1-S4, S8)
Add 165 tests covering the directly-testable surface identified in coverage review #005. Workspace coverage rises 87.1% -> 91.2% (5759/6615 -> 6505/7135); all 389 tests pass, clippy clean. - S1 (connection.rs): dispatch_envelope across all five event-type arms for Call + Subscribe, plus SubscriptionStream poll_next branches and SubscriptionStream::closed. - S2 (types.rs): map_quinn/iroh_connection_error for TimedOut/Reset/ ApplicationClosed/other, plus HandlerError + StreamError Debug/Display/ source for every variant. - S3 (config.rs): Ed25519SecretKey from_bytes/as_bytes round-trip, sign+verify, tampered-message rejection, Debug non-leakage. - S4 (endpoint.rs): build_rustls_server_config RawKey/SelfSigned/Acme arms, build_quinn_server_config_from_rustls, load_private_key/ load_cert_chain error paths, has_iroh_identity branches, AcceptAnyCertVerifier trait methods, Ed25519SigningKey trait impls (choose_scheme both branches, algorithm, public_key, sign, scheme), RawKeyCertResolver + AlknetEndpoint Debug. endpoint.rs 56% -> 73%. - S8 (vault protocol.rs): the existing redacted-deserialize test passed for the wrong reason (JSON string failed Vec<u8> coercion before the guard). Two new tests exercise the guard directly via a [REDACTED] byte array (rejected) and a real payload (accepted). protocol.rs -> 100%. Deferred to follow-up: S5 (loopback quinn integration test, the real unlock for accept/dispatch/stream paths), S6 (ACME event-loop extraction), S7 (adapter abort arm). Review #005 updated with the resolution.
This commit is contained in:
@@ -148,6 +148,45 @@ mod tests {
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_derived_key_deserialize_rejects_redacted_byte_array() {
|
||||
// `[REDACTED]` as a 10-byte ASCII array: the redacted-marker guard at
|
||||
// protocol.rs:78 is only reachable when private_key deserializes as
|
||||
// Vec<u8> equal to b"[REDACTED]". The byte-array form is the one that
|
||||
// actually reaches the guard (a JSON string fails type coercion first).
|
||||
let redacted_bytes: Vec<u8> = b"[REDACTED]".to_vec();
|
||||
let mut json = String::from(r#"{"key_type":"Ed25519","private_key":"#);
|
||||
json.push_str(&serde_json::to_string(&redacted_bytes).unwrap());
|
||||
json.push_str(r#","public_key":[205]}"#);
|
||||
let result: Result<DerivedKey, _> = serde_json::from_str(&json);
|
||||
let err = result.expect_err("redacted byte array must be rejected");
|
||||
let msg = err.to_string();
|
||||
assert!(
|
||||
msg.contains("redacted"),
|
||||
"error must explain the redacted-payload rejection, got: {msg}"
|
||||
);
|
||||
assert!(
|
||||
!msg.contains("AB"),
|
||||
"error must not leak any key bytes, got: {msg}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_derived_key_deserialize_accepts_non_redacted_payload() {
|
||||
// A real (non-redacted) private key byte array must deserialize
|
||||
// successfully and reach the Ok arm of the deserialize impl.
|
||||
let key = make_test_key();
|
||||
let public = serde_json::to_string(&key.public_key).unwrap();
|
||||
let private = serde_json::to_string(&vec![0xABu8; 32]).unwrap();
|
||||
let json = format!(
|
||||
r#"{{"key_type":"Ed25519","private_key":{private},"public_key":{public}}}"#
|
||||
);
|
||||
let result: DerivedKey = serde_json::from_str(&json).expect("non-redacted payload deserializes");
|
||||
assert_eq!(result.key_type, KeyType::Ed25519);
|
||||
assert_eq!(result.private_key, vec![0xABu8; 32]);
|
||||
assert_eq!(result.public_key, key.public_key);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_derived_key_debug_does_not_leak_private_key_bytes() {
|
||||
let key = make_test_key();
|
||||
|
||||
Reference in New Issue
Block a user