Fix integration tests: correct vault derivation index and debug test failures

2025-06-09 04:54:45 -07:00
parent e036d280c0
commit 02be4b2a55
21 changed files with 2461 additions and 1191 deletions
--- a/internal/vault/metadata_test.go
+++ b/internal/vault/metadata_test.go
@@ -13,6 +13,9 @@ func TestVaultMetadata(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	stateDir := "/test/state"

+	// Test mnemonic for consistent testing
+	testMnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
+
 	t.Run("ComputeDoubleSHA256", func(t *testing.T) {
 		// Test data
 		data := []byte("test data")
@@ -38,7 +41,7 @@ func TestVaultMetadata(t *testing.T) {

 	t.Run("GetNextDerivationIndex", func(t *testing.T) {
 		// Test with no existing vaults
-		index, err := GetNextDerivationIndex(fs, stateDir, "mnemonic-hash-1")
+		index, err := GetNextDerivationIndex(fs, stateDir, testMnemonic)
 		if err != nil {
 			t.Fatalf("Failed to get derivation index: %v", err)
 		}
@@ -46,24 +49,36 @@ func TestVaultMetadata(t *testing.T) {
 			t.Errorf("Expected index 0 for first vault, got %d", index)
 		}

-		// Create a vault with metadata
+		// Create a vault with metadata and matching public key
 		vaultDir := filepath.Join(stateDir, "vaults.d", "vault1")
 		if err := fs.MkdirAll(vaultDir, 0700); err != nil {
 			t.Fatalf("Failed to create vault directory: %v", err)
 		}

+		// Derive identity for index 0
+		identity0, err := agehd.DeriveIdentity(testMnemonic, 0)
+		if err != nil {
+			t.Fatalf("Failed to derive identity: %v", err)
+		}
+		pubKey0 := identity0.Recipient().String()
+		pubKeyHash0 := ComputeDoubleSHA256([]byte(pubKey0))
+
+		// Write public key
+		if err := afero.WriteFile(fs, filepath.Join(vaultDir, "pub.age"), []byte(pubKey0), 0600); err != nil {
+			t.Fatalf("Failed to write public key: %v", err)
+		}
+
 		metadata1 := &VaultMetadata{
 			Name:            "vault1",
 			DerivationIndex: 0,
-			MnemonicHash:    "mnemonic-hash-1",
-			LongTermKeyHash: "key-hash-1",
+			PublicKeyHash:   pubKeyHash0,
 		}
 		if err := SaveVaultMetadata(fs, vaultDir, metadata1); err != nil {
 			t.Fatalf("Failed to save metadata: %v", err)
 		}

 		// Next index for same mnemonic should be 1
-		index, err = GetNextDerivationIndex(fs, stateDir, "mnemonic-hash-1")
+		index, err = GetNextDerivationIndex(fs, stateDir, testMnemonic)
 		if err != nil {
 			t.Fatalf("Failed to get derivation index: %v", err)
 		}
@@ -72,7 +87,8 @@ func TestVaultMetadata(t *testing.T) {
 		}

 		// Different mnemonic should start at 0
-		index, err = GetNextDerivationIndex(fs, stateDir, "mnemonic-hash-2")
+		differentMnemonic := "zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong"
+		index, err = GetNextDerivationIndex(fs, stateDir, differentMnemonic)
 		if err != nil {
 			t.Fatalf("Failed to get derivation index: %v", err)
 		}
@@ -86,23 +102,34 @@ func TestVaultMetadata(t *testing.T) {
 			t.Fatalf("Failed to create vault directory: %v", err)
 		}

+		// Derive identity for index 5
+		identity5, err := agehd.DeriveIdentity(testMnemonic, 5)
+		if err != nil {
+			t.Fatalf("Failed to derive identity: %v", err)
+		}
+		pubKey5 := identity5.Recipient().String()
+
+		// Write public key
+		if err := afero.WriteFile(fs, filepath.Join(vaultDir2, "pub.age"), []byte(pubKey5), 0600); err != nil {
+			t.Fatalf("Failed to write public key: %v", err)
+		}
+
 		metadata2 := &VaultMetadata{
 			Name:            "vault2",
 			DerivationIndex: 5,
-			MnemonicHash:    "mnemonic-hash-1",
-			LongTermKeyHash: "key-hash-2",
+			PublicKeyHash:   pubKeyHash0, // Same hash since it's from the same mnemonic
 		}
 		if err := SaveVaultMetadata(fs, vaultDir2, metadata2); err != nil {
 			t.Fatalf("Failed to save metadata: %v", err)
 		}

-		// Next index should be 6
-		index, err = GetNextDerivationIndex(fs, stateDir, "mnemonic-hash-1")
+		// Next index should be 1 (not 6) because we look for the first available slot
+		index, err = GetNextDerivationIndex(fs, stateDir, testMnemonic)
 		if err != nil {
 			t.Fatalf("Failed to get derivation index: %v", err)
 		}
-		if index != 6 {
-			t.Errorf("Expected index 6 after vault with index 5, got %d", index)
+		if index != 1 {
+			t.Errorf("Expected index 1 (first available), got %d", index)
 		}
 	})

@@ -116,8 +143,7 @@ func TestVaultMetadata(t *testing.T) {
 		metadata := &VaultMetadata{
 			Name:            "test-vault",
 			DerivationIndex: 3,
-			MnemonicHash:    "test-mnemonic-hash",
-			LongTermKeyHash: "test-key-hash",
+			PublicKeyHash:   "test-public-key-hash",
 		}

 		if err := SaveVaultMetadata(fs, vaultDir, metadata); err != nil {
@@ -136,17 +162,12 @@ func TestVaultMetadata(t *testing.T) {
 		if loaded.DerivationIndex != metadata.DerivationIndex {
 			t.Errorf("DerivationIndex mismatch: expected %d, got %d", metadata.DerivationIndex, loaded.DerivationIndex)
 		}
-		if loaded.MnemonicHash != metadata.MnemonicHash {
-			t.Errorf("MnemonicHash mismatch: expected %s, got %s", metadata.MnemonicHash, loaded.MnemonicHash)
-		}
-		if loaded.LongTermKeyHash != metadata.LongTermKeyHash {
-			t.Errorf("LongTermKeyHash mismatch: expected %s, got %s", metadata.LongTermKeyHash, loaded.LongTermKeyHash)
+		if loaded.PublicKeyHash != metadata.PublicKeyHash {
+			t.Errorf("PublicKeyHash mismatch: expected %s, got %s", metadata.PublicKeyHash, loaded.PublicKeyHash)
 		}
 	})

 	t.Run("DifferentKeysForDifferentIndices", func(t *testing.T) {
-		testMnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
-
 		// Derive keys with different indices
 		identity0, err := agehd.DeriveIdentity(testMnemonic, 0)
 		if err != nil {
@@ -158,18 +179,24 @@ func TestVaultMetadata(t *testing.T) {
 			t.Fatalf("Failed to derive identity with index 1: %v", err)
 		}

-		// Compute hashes
-		hash0 := ComputeDoubleSHA256([]byte(identity0.String()))
-		hash1 := ComputeDoubleSHA256([]byte(identity1.String()))
+		// Compute public key hashes
+		pubKey0 := identity0.Recipient().String()
+		pubKey1 := identity1.Recipient().String()
+		hash0 := ComputeDoubleSHA256([]byte(pubKey0))

-		// Verify different indices produce different keys
-		if hash0 == hash1 {
-			t.Errorf("Different derivation indices should produce different keys")
+		// Verify different indices produce different public keys
+		if pubKey0 == pubKey1 {
+			t.Errorf("Different derivation indices should produce different public keys")
 		}

-		// Verify public keys are also different
-		if identity0.Recipient().String() == identity1.Recipient().String() {
-			t.Errorf("Different derivation indices should produce different public keys")
+		// But the hash of index 0's public key should be the same for the same mnemonic
+		// This is what we use as the identifier
+		identity0Again, _ := agehd.DeriveIdentity(testMnemonic, 0)
+		pubKey0Again := identity0Again.Recipient().String()
+		hash0Again := ComputeDoubleSHA256([]byte(pubKey0Again))
+
+		if hash0 != hash0Again {
+			t.Errorf("Same mnemonic should produce same public key hash for index 0")
 		}
 	})
 }