tests for handling revoked key from EKM

[tomholub]

I'd need two tests written, both using mock FES and mock EKM.

For both tests, you will want to add a public key to attester mock for the recipient email.

Here is a sample of a revoked key. For the valid key, can use any already available key in the EKM mock.

const revokedPrv = `
-----BEGIN PGP PRIVATE KEY BLOCK-----

lFgEYW8BThYJKwYBBAHaRw8BAQdAYtEoS4d+3cwQWXcs3lvMQueypexTYai7uXQm
xqyOoKoAAP92ki9qlV4AX2m+WPUq//vL03GGge+Y4rcyN3f5/Y/2AhMdiHUEIBYK
AB0FAmFvAiwWIQQ5MbdBPbsvpgzvhc5fFZeJEKF4CgAKCRBfFZeJEKF4CqTkAQCm
fxfc57sQWB1+jmWSCHq5umaDJFSl9geRATb9Lor5PQEA8azanLnXlpRUCCJHLtsm
6hgMops48vU2l3RuB6cqAwa0FXJldm9la2RAZmxvd2NyeXB0LmNvbYheBBMWCgAG
BQJhbwFrAAoJEF8Vl4kQoXgKEP8A/2B2biuLIDPIaEPg/xkZbca1ESTnqxZEEHcD
/5FRf6psAQDcVYKzZtSXqmZqxc/xACLT/Oiu5mJKFHZjaZUAzdPUBLQVcmV2b2tl
ZEBmbG93Y3J5cHQuY29tiF4EExYKAAYFAmFvAWsACgkQXxWXiRCheAp5ygEAt2sP
yeSm0uVPwODhwX7ezB9jW6uVt0R8S8iM3rQdEMsA/jDep5LNn47K6o8VrDt0zYo6
7j75aKC1vFGkOGlD1TwF
=1tta
-----END PGP PRIVATE KEY BLOCK-----
`;

---

test that returns only revoked key from EKM during setup

here is browser implementation, updated to fit iOS

// ekm:        return { privateKeys: [{ decryptedPrivateKey: revokedPrv }] };

    ava.default('revoked from ekm - shows error when ', testWithBrowser(undefined, async (t, browser) => {
      const settingsPage = await BrowserRecipe.openSettingsLoginApprove(t, browser, acct);
      await SetupPageRecipe.autoSetupWithEKM(settingsPage);
      const composePage = await ComposePageRecipe.openStandalone(t, browser, acct);
      await ComposePageRecipe.fillMsg(composePage, { to: 'robot@flowcrypt.com' }, 'should err');
      await ComposePageRecipe.sendAndClose(composePage, {expectErr: "Your own account keys are not usable for encryption"});
    }));

test that has one revoked key followed by one valid key returned by EKM during setup

// ekm:        return { privateKeys: [{ decryptedPrivateKey: revokedPrv }, { decryptedPrivateKey: validKey }] };

    ava.default('first.key.revoked from ekm - selects valid own key when sending', testWithBrowser(undefined, async (t, browser) => {
      const settingsPage = await BrowserRecipe.openSettingsLoginApprove(t, browser, acct);
      await SetupPageRecipe.autoSetupWithEKM(settingsPage);
      const composePage = await ComposePageRecipe.openStandalone(t, browser, acct);
      await ComposePageRecipe.fillMsg(composePage, { to: 'robot@flowcrypt.com' }, 'choose valid key');
      await ComposePageRecipe.sendAndClose(composePage); // no error sending msg, checks for success render
    }));

[github-actions]

There were 1 email addresses found in the above comment. Please:

1. Click three dots -> edit to remove the email addresses.
2. Click edited in the comment header, and click on the previous revision of the comment.
3. When viewing the old revision with an email in it, click options -> delete this revision from history.

[tomholub]

I suspect these tests may not be passing once written due to the app implementation. If that's the case, please make it a draft PR and then we can work on the implementation to satisfy the tests.

[fcvakintos]

@tomholub
i tried to add new cases
Could you check is it correct?
mockApi.fesConfig = { clientConfiguration: { flags: ["NO_PRV_CREATE", "NO_PRV_BACKUP", "NO_ATTESTER_SUBMIT", "PRV_AUTOIMPORT_OR_AUTOGEN", "FORBID_STORING_PASS_PHRASE"], key_manager_url: "https://ekm.flowcrypt.com", } }; mockApi.ekmConfig = { return: { privateKeys: [{ decryptedPrivateKey: attesterPublicKeySamples.revoked }] } };

[fcvakintos]

And when I click on "Send" button - I get this error
is it correct?

[tomholub]

That's not an error. Your recipient doesn't have public key set up. Update mock attester public key - add some public key to your recipient email address on attester mock.

[tomholub]

@tomholub i tried to add new cases Could you check is it correct? mockApi.fesConfig = { clientConfiguration: { flags: ["NO_PRV_CREATE", "NO_PRV_BACKUP", "NO_ATTESTER_SUBMIT", "PRV_AUTOIMPORT_OR_AUTOGEN", "FORBID_STORING_PASS_PHRASE"], key_manager_url: "https://ekm.flowcrypt.com", } }; mockApi.ekmConfig = { return: { privateKeys: [{ decryptedPrivateKey: attesterPublicKeySamples.revoked }] } };

• you need to ensure that the key_manager_url actually points at the URL of your mock EKM. As it is now, it will talk to prod EKM.
• have a look inside getMockEkmEndpoints, it needs to be finished
• You are giving the EKM a public key to serve, but EKM serves private key. I shared a sample in issue definition