Fix tests and errors

2025-06-20 02:48:03 -05:00 · 2025-06-09 15:04:00 +02:00 · 2025-06-09 15:04:00 +02:00 · 599918096d
commit 599918096d
parent ac06fe7c75
2 changed files with 55 additions and 1 deletions
--- a/src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs
+++ b/src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs
@ -106,7 +106,7 @@ public class RotateUserAccountKeysCommand(
        }
        if (model.AccountKeys.SignatureKeyPairData.VerifyingKey != currentSignatureKeyPair.VerifyingKey)
        {
-            throw new InvalidOperationException("The provided signing key data does not match the user's current signing key data.");
+            throw new InvalidOperationException("The provided verifying key does not match the user's current verifying key.");
        }
        if (string.IsNullOrEmpty(model.AccountKeys.PublicKeyEncryptionKeyPairData?.SignedPublicKey))
        {
--- a/test/Core.Test/KeyManagement/UserKey/RotateUserAccountKeysCommandTests.cs
+++ b/test/Core.Test/KeyManagement/UserKey/RotateUserAccountKeysCommandTests.cs
@ -281,4 +281,58 @@ public class RotateUserAccountKeysCommandTests
        Assert.Equal("The provided signing key data is null, but the user already has signing keys.", exception.Message);
    }

+    [Theory, BitAutoData]
+    public async Task ValidateRotationModelSignatureKeyPairForV2User_VerifyingKeyMismatch_Throws(SutProvider<RotateUserAccountKeysCommand> sutProvider, User user, RotateUserAccountKeysData model)
+    {
+        user.Kdf = Enums.KdfType.Argon2id;
+        user.KdfIterations = 3;
+        user.KdfMemory = 64;
+        user.KdfParallelism = 4;
+        user.PublicKey = "public-key";
+        user.PrivateKey = "2.abc";
+        var repoKeyPair = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "wrapped", "verifying-key");
+        var modelKeyPair = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "wrapped", "different-verifying-key");
+        model.AccountKeys.SignatureKeyPairData = modelKeyPair;
+        model.AccountKeys.PublicKeyEncryptionKeyPairData = new PublicKeyEncryptionKeyPairData("2.abc", user.PublicKey, "signed-public-key");
+        sutProvider.GetDependency<IUserSignatureKeyPairRepository>().GetByUserIdAsync(user.Id)
+            .Returns(repoKeyPair);
+        var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.ValidateRotationModelSignatureKeyPairForV2User(model, user));
+        Assert.Equal("The provided verifying key does not match the user's current verifying key.", ex.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateRotationModelSignatureKeyPairForV2User_SignedPublicKeyNullOrEmpty_Throws(SutProvider<RotateUserAccountKeysCommand> sutProvider, User user, RotateUserAccountKeysData model)
+    {
+        user.Kdf = Enums.KdfType.Argon2id;
+        user.KdfIterations = 3;
+        user.KdfMemory = 64;
+        user.KdfParallelism = 4;
+        user.PublicKey = "public-key";
+        user.PrivateKey = "2.abc";
+        var keyPair = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "wrapped", "verifying-key");
+        model.AccountKeys.SignatureKeyPairData = keyPair;
+        model.AccountKeys.PublicKeyEncryptionKeyPairData = new PublicKeyEncryptionKeyPairData("2.abc", user.PublicKey, null);
+        sutProvider.GetDependency<IUserSignatureKeyPairRepository>().GetByUserIdAsync(user.Id)
+            .Returns(keyPair);
+        var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.ValidateRotationModelSignatureKeyPairForV2User(model, user));
+        Assert.Equal("No signed public key provided, but the user already has a signature key pair.", ex.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateRotationModelSignatureKeyPairForV2User_WrappedSigningKeyNotXChaCha20_Throws(SutProvider<RotateUserAccountKeysCommand> sutProvider, User user, RotateUserAccountKeysData model)
+    {
+        user.Kdf = Enums.KdfType.Argon2id;
+        user.KdfIterations = 3;
+        user.KdfMemory = 64;
+        user.KdfParallelism = 4;
+        user.PublicKey = "public-key";
+        user.PrivateKey = "2.abc";
+        var keyPair = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "2.xxx", "verifying-key");
+        model.AccountKeys.SignatureKeyPairData = keyPair;
+        model.AccountKeys.PublicKeyEncryptionKeyPairData = new PublicKeyEncryptionKeyPairData("7.xxx", user.PublicKey, "signed-public-key");
+        sutProvider.GetDependency<IUserSignatureKeyPairRepository>().GetByUserIdAsync(user.Id)
+            .Returns(keyPair);
+        var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.ValidateRotationModelSignatureKeyPairForV2User(model, user));
+        Assert.Equal("The provided signing key data is not wrapped with XChaCha20-Poly1305.", ex.Message);
+    }
 }