Added tests for starting from recovery code and deriving public key bit size from existing key pair, and using testBinUtils.processExit

Author: CMCDragonkai

src/bin/utils/options.ts

@@ -42,7 +42,7 @@ const verbose = new commander.Option('-v, --verbose', 'Log Verbose Messages')
  */
 const fresh = new commander.Option(
   '--fresh',
-  'Ignore existing state during construction'
+  'Ignore existing state during construction',
 ).default(false);
 
 /**

src/keys/KeyManager.ts

@@ -583,15 +583,13 @@ class KeyManager {
     let recoveryCodeNew: RecoveryCode | undefined;
     if (await this.existsRootKeyPair()) {
       if (recoveryCode != null) {
-        // Recover the key pair with the recovery code
-        // Check if the generated key pair matches
-        const rootKeyPairCheck = await this.generateKeyPair(bits, recoveryCode);
-        if (!(await this.matchRootKeyPair(rootKeyPairCheck))) {
+        const recoveredKeyPair = await this.recoverRootKeyPair(recoveryCode);
+        if (recoveredKeyPair == null) {
           throw new keysErrors.ErrorKeysRecoveryCodeIncorrect();
         }
         // Recovered key pair, write the key pair with the new password
-        rootKeyPair = rootKeyPairCheck;
-        await this.writeRootKeyPair(rootKeyPairCheck, password);
+        rootKeyPair = recoveredKeyPair;
+        await this.writeRootKeyPair(recoveredKeyPair, password);
       } else {
         // Load key pair by decrypting with password
         rootKeyPair = await this.readRootKeyPair(password);
@@ -698,25 +696,43 @@ class KeyManager {
     }
   }
 
-  protected async matchRootKeyPair(keyPair: KeyPair): Promise<boolean> {
+  /**
+   * Recovers root key pair with recovery code
+   * Checks if the generated key pair public key matches
+   * Uses the existing key pair's public key bit size
+   * To generate the recovered key pair
+   */
+  protected async recoverRootKeyPair(
+    recoveryCode: RecoveryCode,
+  ): Promise<KeyPair | undefined> {
     let publicKeyPem: string;
     try {
       publicKeyPem = await this.fs.promises.readFile(this.rootPubPath, {
         encoding: 'utf8',
       });
     } catch (e) {
-      if (e.code === 'ENOENT') {
-        return false;
-      }
       throw new keysErrors.ErrorRootKeysRead(e.message, {
         errno: e.errno,
         syscall: e.syscall,
         code: e.code,
         path: e.path,
       });
     }
-    const publicKeyPemCheck = keysUtils.publicKeyToPem(keyPair.publicKey);
-    return publicKeyPemCheck === publicKeyPem;
+    const rootKeyPairBits = keysUtils.publicKeyBitSize(
+      keysUtils.publicKeyFromPem(publicKeyPem),
+    );
+    const recoveredKeyPair = await this.generateKeyPair(
+      rootKeyPairBits,
+      recoveryCode,
+    );
+    const recoveredPublicKeyPem = keysUtils.publicKeyToPem(
+      recoveredKeyPair.publicKey,
+    );
+    if (recoveredPublicKeyPem === publicKeyPem) {
+      return recoveredKeyPair;
+    } else {
+      return;
+    }
   }
 
   protected async setupKey(

tests/bin/agent/start.test.ts

@@ -56,13 +56,7 @@ describe('start', () => {
           recoveryCode.split(' ').length === 24,
       ).toBe(true);
       agentProcess.kill('SIGTERM');
-      const [exitCode, signal] = await new Promise<
-        [number | null, NodeJS.Signals | null]
-      >((resolve) => {
-        agentProcess.once('exit', (code, signal) => {
-          resolve([code, signal]);
-        });
-      });
+      const [exitCode, signal] = await testBinUtils.processExit(agentProcess);
       expect(exitCode).toBe(null);
       expect(signal).toBe('SIGTERM');
       // Check for graceful exit
@@ -214,26 +208,18 @@ describe('start', () => {
         expect(stdErrLine1).toBeDefined();
         expect(stdErrLine1).toBe(eOutput);
         agentProcess2.kill('SIGQUIT');
-        const [exitCode, signal] = await new Promise<
-          [number | null, NodeJS.Signals | null]
-        >((resolve) => {
-          agentProcess2.once('exit', (code, signal) => {
-            resolve([code, signal]);
-          });
-        });
+        const [exitCode, signal] = await testBinUtils.processExit(
+          agentProcess2,
+        );
         expect(exitCode).toBe(null);
         expect(signal).toBe('SIGQUIT');
       } else if (index === 1) {
         expect(stdErrLine2).toBeDefined();
         expect(stdErrLine2).toBe(eOutput);
         agentProcess1.kill('SIGQUIT');
-        const [exitCode, signal] = await new Promise<
-          [number | null, NodeJS.Signals | null]
-        >((resolve) => {
-          agentProcess1.once('exit', (code, signal) => {
-            resolve([code, signal]);
-          });
-        });
+        const [exitCode, signal] = await testBinUtils.processExit(
+          agentProcess1,
+        );
         expect(exitCode).toBe(null);
         expect(signal).toBe('SIGQUIT');
       }
@@ -303,26 +289,16 @@ describe('start', () => {
         expect(stdErrLine1).toBeDefined();
         expect(stdErrLine1).toBe(eOutput);
         bootstrapProcess.kill('SIGTERM');
-        const [exitCode, signal] = await new Promise<
-          [number | null, NodeJS.Signals | null]
-        >((resolve) => {
-          bootstrapProcess.once('exit', (code, signal) => {
-            resolve([code, signal]);
-          });
-        });
+        const [exitCode, signal] = await testBinUtils.processExit(
+          bootstrapProcess,
+        );
         expect(exitCode).toBe(null);
         expect(signal).toBe('SIGTERM');
       } else if (index === 1) {
         expect(stdErrLine2).toBeDefined();
         expect(stdErrLine2).toBe(eOutput);
         agentProcess.kill('SIGTERM');
-        const [exitCode, signal] = await new Promise<
-          [number | null, NodeJS.Signals | null]
-        >((resolve) => {
-          agentProcess.once('exit', (code, signal) => {
-            resolve([code, signal]);
-          });
-        });
+        const [exitCode, signal] = await testBinUtils.processExit(agentProcess);
         expect(exitCode).toBe(null);
         expect(signal).toBe('SIGTERM');
       }
@@ -348,11 +324,9 @@ describe('start', () => {
         rlOut.once('close', reject);
       });
       agentProcess1.kill('SIGHUP');
-      const [exitCode1, signal1] = await new Promise<[number | null, NodeJS.Signals | null]>((resolve) => {
-        agentProcess1.once('exit', (code, signal) => {
-          resolve([code, signal]);
-        });
-      });
+      const [exitCode1, signal1] = await testBinUtils.processExit(
+        agentProcess1,
+      );
       expect(exitCode1).toBe(null);
       expect(signal1).toBe('SIGHUP');
       const agentProcess2 = await testBinUtils.pkSpawn(
@@ -364,30 +338,21 @@ describe('start', () => {
         dataDir,
         logger,
       );
-      const status1 = new Status({
+      const status = new Status({
         statusPath: path.join(dataDir, 'polykey', config.defaults.statusBase),
         fs,
         logger,
       });
-      await status1.waitFor('LIVE');
+      await status.waitFor('LIVE');
       agentProcess2.kill('SIGHUP');
-      const [exitCode2, signal2] = await new Promise<
-        [number | null, NodeJS.Signals | null]
-      >((resolve) => {
-        agentProcess2.once('exit', (code, signal) => {
-          resolve([code, signal]);
-        });
-      });
+      const [exitCode2, signal2] = await testBinUtils.processExit(
+        agentProcess2,
+      );
       expect(exitCode2).toBe(null);
       expect(signal2).toBe('SIGHUP');
       // Check for graceful exit
-      const status2 = new Status({
-        statusPath: path.join(dataDir, 'polykey', config.defaults.statusBase),
-        fs,
-        logger,
-      });
-      const statusInfo2 = (await status2.readStatus())!;
-      expect(statusInfo2.status).toBe('DEAD');
+      const statusInfo = (await status.readStatus())!;
+      expect(statusInfo.status).toBe('DEAD');
     },
     global.defaultTimeout * 2,
   );
@@ -418,20 +383,21 @@ describe('start', () => {
           }
         });
       });
-      const [exitCode, signal] = await new Promise<
-        [number | null, NodeJS.Signals | null]
-      >((resolve) => {
-        agentProcess1.once('exit', (code, signal) => {
-          resolve([code, signal]);
-        });
-      });
+      const [exitCode, signal] = await testBinUtils.processExit(agentProcess1);
       expect(exitCode).toBe(null);
       expect(signal).toBe('SIGINT');
       // Unlike bootstrapping, agent start can succeed under certain compatible partial state
       // However in some cases, state will conflict, and the start will fail with various errors
       // In such cases, the `--fresh` option must be used
       const agentProcess2 = await testBinUtils.pkSpawn(
-        ['agent', 'start', '--root-key-pair-bits', '1024', '--fresh', '--verbose'],
+        [
+          'agent',
+          'start',
+          '--root-key-pair-bits',
+          '1024',
+          '--fresh',
+          '--verbose',
+        ],
         {
           PK_NODE_PATH: path.join(dataDir, 'polykey'),
           PK_PASSWORD: password,
@@ -452,13 +418,7 @@ describe('start', () => {
           recoveryCode.split(' ').length === 24,
       ).toBe(true);
       agentProcess2.kill('SIGQUIT');
-      await new Promise<
-        [number | null, NodeJS.Signals | null]
-      >((resolve) => {
-        agentProcess2.once('exit', (code, signal) => {
-          resolve([code, signal]);
-        });
-      });
+      await testBinUtils.processExit(agentProcess2);
       // Check for graceful exit
       const status = new Status({
         statusPath: path.join(dataDir, 'polykey', config.defaults.statusBase),
@@ -470,4 +430,107 @@ describe('start', () => {
     },
     global.defaultTimeout * 2,
   );
+  test(
+    'start from recovery code',
+    async () => {
+      const password1 = 'abc123';
+      const password2 = 'new password';
+      const status = new Status({
+        statusPath: path.join(dataDir, 'polykey', config.defaults.statusBase),
+        fs,
+        logger,
+      });
+      const agentProcess1 = await testBinUtils.pkSpawn(
+        [
+          'agent',
+          'start',
+          '--node-path',
+          path.join(dataDir, 'polykey'),
+          '--root-key-pair-bits',
+          '1024',
+          '--verbose',
+        ],
+        {
+          PK_PASSWORD: password1,
+        },
+        dataDir,
+        logger.getChild('agentProcess1'),
+      );
+      const rlOut = readline.createInterface(agentProcess1.stdout!);
+      const recoveryCode = await new Promise<RecoveryCode>(
+        (resolve, reject) => {
+          rlOut.once('line', resolve);
+          rlOut.once('close', reject);
+        },
+      );
+      const statusInfo1 = (await status.readStatus())!;
+      agentProcess1.kill('SIGTERM');
+      await testBinUtils.processExit(agentProcess1);
+      const recoveryCodePath = path.join(dataDir, 'recovery-code');
+      await fs.promises.writeFile(recoveryCodePath, recoveryCode + '\n');
+      // When recovering, having the wrong bit size is not a problem
+      const agentProcess2 = await testBinUtils.pkSpawn(
+        [
+          'agent',
+          'start',
+          '--recovery-code-file',
+          recoveryCodePath,
+          '--root-key-pair-bits',
+          '2048',
+          '--verbose',
+        ],
+        {
+          PK_NODE_PATH: path.join(dataDir, 'polykey'),
+          PK_PASSWORD: password2,
+        },
+        dataDir,
+        logger.getChild('agentProcess2'),
+      );
+      const statusInfo2 = await status.waitFor('LIVE');
+      expect(statusInfo2.status).toBe('LIVE');
+      // Node Id hasn't changed
+      expect(statusInfo1.data.nodeId).toBe(statusInfo2.data.nodeId);
+      agentProcess2.kill('SIGTERM');
+      await testBinUtils.processExit(agentProcess2);
+      // Check that the password has changed
+      const agentProcess3 = await testBinUtils.pkSpawn(
+        ['agent', 'start', '--verbose'],
+        {
+          PK_NODE_PATH: path.join(dataDir, 'polykey'),
+          PK_PASSWORD: password2,
+        },
+        dataDir,
+        logger.getChild('agentProcess3'),
+      );
+      const statusInfo3 = await status.waitFor('LIVE');
+      expect(statusInfo3.status).toBe('LIVE');
+      // Node ID hasn't changed
+      expect(statusInfo1.data.nodeId).toBe(statusInfo3.data.nodeId);
+      agentProcess3.kill('SIGTERM');
+      await testBinUtils.processExit(agentProcess3);
+      // Checks deterministic generation using the same recovery code
+      // First by deleting the polykey state
+      await fs.promises.rm(path.join(dataDir, 'polykey'), {
+        force: true,
+        recursive: true,
+      });
+      const agentProcess4 = await testBinUtils.pkSpawn(
+        ['agent', 'start', '--root-key-pair-bits', '1024', '--verbose'],
+        {
+          PK_NODE_PATH: path.join(dataDir, 'polykey'),
+          PK_PASSWORD: password2,
+          PK_RECOVERY_CODE: recoveryCode,
+        },
+        dataDir,
+        logger.getChild('agentProcess4'),
+      );
+      const statusInfo4 = await status.waitFor('LIVE');
+      expect(statusInfo4.status).toBe('LIVE');
+      // Same Node ID as before
+      expect(statusInfo1.data.nodeId).toBe(statusInfo4.data.nodeId);
+      agentProcess4.kill('SIGTERM');
+      await testBinUtils.processExit(agentProcess4);
+    },
+    global.defaultTimeout * 3,
+  );
 });