mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-08 18:34:58 +02:00
BigBodyCobain
832 lines
30 KiB
Python
832 lines
30 KiB
Python
import asyncio
|
|
import base64
|
|
import json
|
|
import copy
|
|
import time
|
|
|
|
import pytest
|
|
from starlette.requests import Request
|
|
|
|
import main
|
|
from services.config import get_settings
|
|
from services.mesh import (
|
|
mesh_gate_legacy_migration,
|
|
mesh_private_outbox,
|
|
mesh_private_release_worker,
|
|
mesh_private_transport_manager,
|
|
mesh_relay_policy,
|
|
mesh_signed_events,
|
|
)
|
|
from services.mesh.mesh_protocol import build_signed_context
|
|
from services.mesh.mesh_private_dispatcher import attempt_private_release
|
|
from services.privacy_claims import (
|
|
privacy_claims_snapshot,
|
|
privacy_status_surface_chip,
|
|
review_export_snapshot,
|
|
rollout_controls_snapshot,
|
|
rollout_readiness_snapshot,
|
|
)
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _isolated_private_state(monkeypatch):
|
|
outbox_store = {}
|
|
relay_policy_store = {}
|
|
legacy_migration_store = {}
|
|
|
|
def _read_outbox_json(_domain, _filename, default_factory, **_kwargs):
|
|
payload = outbox_store.get("payload")
|
|
if payload is None:
|
|
return default_factory()
|
|
return copy.deepcopy(payload)
|
|
|
|
def _write_outbox_json(_domain, _filename, payload, **_kwargs):
|
|
outbox_store["payload"] = copy.deepcopy(payload)
|
|
|
|
def _read_policy_json(_domain, _filename, default_factory, **_kwargs):
|
|
payload = relay_policy_store.get("payload")
|
|
if payload is None:
|
|
return default_factory()
|
|
return copy.deepcopy(payload)
|
|
|
|
def _write_policy_json(_domain, _filename, payload, **_kwargs):
|
|
relay_policy_store["payload"] = copy.deepcopy(payload)
|
|
|
|
def _read_migration_json(_domain, _filename, default_factory, **_kwargs):
|
|
payload = legacy_migration_store.get("payload")
|
|
if payload is None:
|
|
return default_factory()
|
|
return copy.deepcopy(payload)
|
|
|
|
def _write_migration_json(_domain, _filename, payload, **_kwargs):
|
|
legacy_migration_store["payload"] = copy.deepcopy(payload)
|
|
|
|
monkeypatch.setattr(mesh_private_outbox, "read_sensitive_domain_json", _read_outbox_json)
|
|
monkeypatch.setattr(mesh_private_outbox, "write_sensitive_domain_json", _write_outbox_json)
|
|
monkeypatch.setattr(mesh_relay_policy, "read_sensitive_domain_json", _read_policy_json)
|
|
monkeypatch.setattr(mesh_relay_policy, "write_sensitive_domain_json", _write_policy_json)
|
|
monkeypatch.setattr(mesh_gate_legacy_migration, "read_sensitive_domain_json", _read_migration_json)
|
|
monkeypatch.setattr(mesh_gate_legacy_migration, "write_sensitive_domain_json", _write_migration_json)
|
|
monkeypatch.setattr(
|
|
mesh_private_transport_manager.private_transport_manager,
|
|
"_kickoff_background_bootstrap",
|
|
lambda **_kwargs: False,
|
|
)
|
|
monkeypatch.setattr(main, "_kickoff_dm_send_transport_upgrade", lambda: None)
|
|
monkeypatch.setattr(main, "_kickoff_private_control_transport_upgrade", lambda: None)
|
|
mesh_private_release_worker.reset_private_release_worker_for_tests()
|
|
mesh_private_outbox.reset_private_delivery_outbox_for_tests()
|
|
mesh_private_transport_manager.reset_private_transport_manager_for_tests()
|
|
mesh_relay_policy.reset_relay_policy_for_tests()
|
|
mesh_gate_legacy_migration.reset_gate_legacy_migration_for_tests()
|
|
get_settings.cache_clear()
|
|
mesh_private_outbox.private_delivery_outbox._load()
|
|
yield
|
|
mesh_private_release_worker.reset_private_release_worker_for_tests()
|
|
mesh_private_outbox.reset_private_delivery_outbox_for_tests()
|
|
mesh_private_transport_manager.reset_private_transport_manager_for_tests()
|
|
get_settings.cache_clear()
|
|
|
|
|
|
def _outbox_item(item_id: str, *, exposure: str = "diagnostic") -> dict:
|
|
return next(
|
|
item
|
|
for item in mesh_private_outbox.private_delivery_outbox.list_items(
|
|
limit=50,
|
|
exposure=exposure,
|
|
)
|
|
if item["id"] == item_id
|
|
)
|
|
|
|
|
|
def _make_receive(body: bytes):
|
|
async def receive():
|
|
return {"type": "http.request", "body": body, "more_body": False}
|
|
|
|
return receive
|
|
|
|
|
|
def _request(body: dict, path: str = "/api/mesh/send") -> Request:
|
|
return Request(
|
|
{
|
|
"type": "http",
|
|
"headers": [(b"content-type", b"application/json")],
|
|
"client": ("test", 12345),
|
|
"method": "POST",
|
|
"path": path,
|
|
"query_string": b"",
|
|
"root_path": "",
|
|
"server": ("test", 80),
|
|
},
|
|
_make_receive(json.dumps(body).encode("utf-8")),
|
|
)
|
|
|
|
|
|
def _mesh_send_body() -> dict:
|
|
return {
|
|
"destination": "broadcast",
|
|
"message": "hello",
|
|
"node_id": "node-1",
|
|
"public_key": "pub",
|
|
"public_key_algo": "Ed25519",
|
|
"signature": "sig",
|
|
"sequence": 7,
|
|
"protocol_version": mesh_signed_events.PROTOCOL_VERSION,
|
|
}
|
|
|
|
|
|
def _dm_send_body_for_context(*, context_endpoint: str = "/api/wormhole/dm/send") -> dict:
|
|
sequence = 17
|
|
sender_id = "!sb_sender"
|
|
payload = {
|
|
"recipient_id": "!sb_recipient",
|
|
"delivery_class": "alias",
|
|
"recipient_token": "recipient-token",
|
|
"ciphertext": "ciphertext",
|
|
"format": "mls1",
|
|
"msg_id": "ctx-msg-1",
|
|
"timestamp": int(time.time()),
|
|
"transport_lock": "private_strong",
|
|
}
|
|
signed_context = build_signed_context(
|
|
event_type="dm_message",
|
|
kind="dm_send",
|
|
endpoint=context_endpoint,
|
|
lane_floor="private_strong",
|
|
sequence_domain="dm_send",
|
|
node_id=sender_id,
|
|
sequence=sequence,
|
|
payload=payload,
|
|
recipient_id=payload["recipient_id"],
|
|
)
|
|
return {
|
|
"sender_id": sender_id,
|
|
"recipient_id": payload["recipient_id"],
|
|
"delivery_class": payload["delivery_class"],
|
|
"recipient_token": payload["recipient_token"],
|
|
"ciphertext": payload["ciphertext"],
|
|
"format": payload["format"],
|
|
"msg_id": payload["msg_id"],
|
|
"timestamp": payload["timestamp"],
|
|
"transport_lock": payload["transport_lock"],
|
|
"signed_context": signed_context,
|
|
"sequence": sequence,
|
|
"public_key": base64.b64encode(b"x" * 32).decode("ascii"),
|
|
"public_key_algo": "Ed25519",
|
|
"protocol_version": mesh_signed_events.PROTOCOL_VERSION,
|
|
"signature": "sig",
|
|
}
|
|
|
|
|
|
def _protected_custody() -> dict:
|
|
return {
|
|
"code": "protected_at_rest",
|
|
"provider": "passphrase",
|
|
"protected_at_rest": True,
|
|
}
|
|
|
|
|
|
def _attested_current() -> dict:
|
|
return {
|
|
"attestation_state": "attested_current",
|
|
"override_active": False,
|
|
"detail": "privacy-core version and trusted artifact hash are current",
|
|
}
|
|
|
|
|
|
def _compatibility_clear() -> dict:
|
|
return {
|
|
"stored_legacy_lookup_contacts_present": False,
|
|
"legacy_lookup_runtime_active": False,
|
|
"legacy_mailbox_get_runtime_active": False,
|
|
"legacy_mailbox_get_enabled": False,
|
|
"local_contact_upgrade_ok": True,
|
|
}
|
|
|
|
|
|
def _gate_privilege_ok() -> dict:
|
|
return {
|
|
"ordinary_gate_view_scope_class": "gate_member_or_gate_scope",
|
|
"privileged_gate_event_scope_class": "explicit_gate_audit",
|
|
"repair_detail_scope_class": "local_operator_diagnostic",
|
|
"privileged_gate_event_view_enabled": True,
|
|
"repair_detail_view_enabled": True,
|
|
}
|
|
|
|
|
|
def _strong_claims_good() -> dict:
|
|
return {
|
|
"allowed": True,
|
|
"compat_overrides_clear": True,
|
|
"clearnet_fallback_blocked": True,
|
|
"compatibility": {},
|
|
"reasons": [],
|
|
}
|
|
|
|
|
|
def _release_gate_good() -> dict:
|
|
return {
|
|
"ready": True,
|
|
"blocking_reasons": [],
|
|
}
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"verifier_reason",
|
|
[
|
|
"Replay detected: sequence 7 <= last 7",
|
|
"public key is revoked",
|
|
],
|
|
)
|
|
def test_signed_write_replay_or_revocation_rejects_before_handler(monkeypatch, verifier_reason):
|
|
reached = {"value": False}
|
|
monkeypatch.setenv("MESH_SIGNED_WRITE_CONTENT_PRIVATE_TRANSPORT_LOCK_REQUIRED", "false")
|
|
monkeypatch.setattr(
|
|
mesh_signed_events,
|
|
"verify_signed_write",
|
|
lambda **_kwargs: (False, verifier_reason),
|
|
)
|
|
|
|
@mesh_signed_events.requires_signed_write(kind=mesh_signed_events.SignedWriteKind.MESH_SEND)
|
|
async def handler(request: Request):
|
|
reached["value"] = True
|
|
return {"ok": True}
|
|
|
|
result = asyncio.run(handler(_request(_mesh_send_body())))
|
|
|
|
assert result == {"ok": False, "detail": verifier_reason}
|
|
assert reached["value"] is False
|
|
|
|
|
|
def test_missing_signed_context_returns_canonical_resign_payload_before_handler(monkeypatch):
|
|
reached = {"value": False}
|
|
monkeypatch.setenv("MESH_SIGNED_WRITE_CONTEXT_REQUIRED", "true")
|
|
monkeypatch.setenv("MESH_SIGNED_WRITE_CONTENT_PRIVATE_TRANSPORT_LOCK_REQUIRED", "true")
|
|
body = _dm_send_body_for_context()
|
|
body.pop("signed_context")
|
|
|
|
@mesh_signed_events.requires_signed_write(kind=mesh_signed_events.SignedWriteKind.DM_SEND)
|
|
async def handler(request: Request):
|
|
reached["value"] = True
|
|
return {"ok": True}
|
|
|
|
result = asyncio.run(handler(_request(body, "/api/wormhole/dm/send")))
|
|
|
|
assert reached["value"] is False
|
|
assert result["ok"] is False
|
|
assert result["retryable"] is True
|
|
assert result["resign_required"] is True
|
|
assert result["canonical"]["signed_context"]["endpoint"] == "/api/wormhole/dm/send"
|
|
assert result["canonical"]["signed_context"]["lane_floor"] == "private_strong"
|
|
assert result["canonical"]["payload"]["signed_context"] == result["canonical"]["signed_context"]
|
|
assert isinstance(result["canonical"]["signature_payload"], str)
|
|
|
|
|
|
def test_signed_context_mismatch_returns_canonical_resign_payload_before_handler(monkeypatch):
|
|
reached = {"value": False}
|
|
monkeypatch.setenv("MESH_SIGNED_WRITE_CONTEXT_REQUIRED", "true")
|
|
monkeypatch.setenv("MESH_SIGNED_WRITE_CONTENT_PRIVATE_TRANSPORT_LOCK_REQUIRED", "true")
|
|
body = _dm_send_body_for_context(context_endpoint="/api/wormhole/dm/poll")
|
|
|
|
@mesh_signed_events.requires_signed_write(kind=mesh_signed_events.SignedWriteKind.DM_SEND)
|
|
async def handler(request: Request):
|
|
reached["value"] = True
|
|
return {"ok": True}
|
|
|
|
result = asyncio.run(handler(_request(body, "/api/wormhole/dm/send")))
|
|
|
|
assert reached["value"] is False
|
|
assert result["ok"] is False
|
|
assert result["detail"] == "signed_context_mismatch"
|
|
assert result["retryable"] is True
|
|
assert result["resign_required"] is True
|
|
assert result["canonical"]["signed_context"]["endpoint"] == "/api/wormhole/dm/send"
|
|
assert result["canonical"]["payload"]["signed_context"] == result["canonical"]["signed_context"]
|
|
|
|
|
|
def test_privacy_claims_do_not_overclaim_when_release_profile_blocks(monkeypatch):
|
|
monkeypatch.setenv("MESH_RELEASE_PROFILE", "release-candidate")
|
|
monkeypatch.setenv("MESH_DEBUG_MODE", "false")
|
|
monkeypatch.setenv("PRIVACY_CORE_ALLOWED_SHA256", "")
|
|
get_settings.cache_clear()
|
|
|
|
snapshot = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
dm = snapshot["claims"]["dm_strong"]
|
|
gate = snapshot["claims"]["gate_transitional"]
|
|
assert dm["allowed"] is False
|
|
assert gate["allowed"] is False
|
|
assert any(str(blocker).startswith("profile_") for blocker in dm["blockers"])
|
|
assert snapshot["chip"]["state"] == "dm_strong_blocked"
|
|
|
|
|
|
def test_privacy_claims_do_not_overclaim_gate_without_privileged_scope_evidence():
|
|
snapshot = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access={
|
|
"ordinary_gate_view_scope_class": "gate_member_or_gate_scope",
|
|
"privileged_gate_event_scope_class": "gate_member",
|
|
"repair_detail_scope_class": "ordinary_gate_view",
|
|
},
|
|
)
|
|
|
|
gate = snapshot["claims"]["gate_transitional"]
|
|
assert gate["allowed"] is False
|
|
assert "gate_privileged_event_scope_not_explicit_audit" in gate["blockers"]
|
|
assert "gate_repair_scope_not_local_operator_diagnostic" in gate["blockers"]
|
|
assert snapshot["chip"]["state"] != "gate_transitional_ready"
|
|
|
|
|
|
def test_ready_raw_claim_chip_degrades_when_rollout_controls_are_not_safe():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
chip = privacy_status_surface_chip(
|
|
claims,
|
|
strong_claims_allowed=False,
|
|
release_gate_ready=True,
|
|
)
|
|
|
|
assert claims["chip"]["state"] == "dm_strong_ready"
|
|
assert chip["state"] == "dm_strong_pending"
|
|
assert chip["authoritative_claim"] == "dm_strong"
|
|
|
|
|
|
def test_review_export_blocks_private_default_when_controls_have_override():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
readiness = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt={},
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness=readiness,
|
|
privacy_core={**_attested_current(), "override_active": True},
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
export = review_export_snapshot(
|
|
privacy_claims=claims,
|
|
rollout_readiness=readiness,
|
|
rollout_controls=controls,
|
|
rollout_health={"state": "healthy"},
|
|
)
|
|
|
|
assert readiness["allowed"] is True
|
|
assert controls["state"] == "override_active"
|
|
assert export["review_summary"]["private_default_rollout_safe"]["allowed"] is False
|
|
assert (
|
|
export["review_summary"]["private_default_rollout_safe"]["state"]
|
|
== "blocked_by_operator_override"
|
|
)
|
|
assert export["review_summary"]["major_blocker"]["state"] == "operator_override"
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
("lane", "current_tier", "payload"),
|
|
[
|
|
(
|
|
"dm",
|
|
"public_degraded",
|
|
{
|
|
"msg_id": "adv-dm-floor-1",
|
|
"sender_id": "alice",
|
|
"recipient_id": "bob",
|
|
"delivery_class": "request",
|
|
"ciphertext": "ciphertext",
|
|
"timestamp": 1,
|
|
},
|
|
),
|
|
(
|
|
"gate",
|
|
"private_transitional",
|
|
{
|
|
"gate_id": "adv-gate-floor-1",
|
|
"event_id": "adv-gate-event-floor-1",
|
|
"event": {
|
|
"event_id": "adv-gate-event-floor-1",
|
|
"event_type": "gate_message",
|
|
"payload": {"gate": "adv-gate-floor-1", "ciphertext": "ciphertext"},
|
|
},
|
|
},
|
|
),
|
|
],
|
|
)
|
|
def test_lane_floor_failure_has_no_delivery_or_public_side_effects(monkeypatch, lane, current_tier, payload):
|
|
public_calls = []
|
|
private_calls = []
|
|
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_dm_relay.dm_relay.deposit",
|
|
lambda **kwargs: private_calls.append(("relay", copy.deepcopy(kwargs))) or {"ok": True},
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_rns.rns_bridge.send_private_dm",
|
|
lambda **kwargs: private_calls.append(("rns_dm", copy.deepcopy(kwargs))) or True,
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_rns.rns_bridge.publish_gate_event",
|
|
lambda gate_id, event: private_calls.append(("rns_gate", gate_id, copy.deepcopy(event))),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_hashchain.gate_store.append",
|
|
lambda gate_id, event: private_calls.append(("gate_store", gate_id, copy.deepcopy(event))) or dict(event),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_router.mesh_router.route",
|
|
lambda envelope, credentials: public_calls.append((envelope, credentials)) or [],
|
|
)
|
|
|
|
result = attempt_private_release(
|
|
lane=lane,
|
|
current_tier=current_tier,
|
|
payload=payload,
|
|
)
|
|
|
|
assert result["ok"] is False
|
|
assert result["no_acceptable_path"] is True
|
|
assert result["selected_transport"] == ""
|
|
assert "network_state" not in result
|
|
assert private_calls == []
|
|
assert public_calls == []
|
|
|
|
|
|
def test_dm_route_only_queues_and_never_directly_publishes(monkeypatch):
|
|
from services import wormhole_supervisor
|
|
from services.mesh import mesh_hashchain
|
|
|
|
direct_calls = []
|
|
|
|
monkeypatch.setattr(wormhole_supervisor, "get_transport_tier", lambda: "private_strong")
|
|
monkeypatch.setattr(main, "_secure_dm_enabled", lambda: False)
|
|
monkeypatch.setattr(main, "_verify_signed_write", lambda **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "validate_and_set_sequence", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_dm_relay.dm_relay.consume_nonce",
|
|
lambda *_args, **_kwargs: (True, "ok"),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_dm_relay.dm_relay.is_blocked",
|
|
lambda *_args, **_kwargs: False,
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_wormhole_contacts.verified_first_contact_requirement",
|
|
lambda *_args, **_kwargs: {"ok": True, "trust_level": "verified"},
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_dm_relay.dm_relay.deposit",
|
|
lambda **kwargs: direct_calls.append(("relay", copy.deepcopy(kwargs))) or {"ok": True},
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_rns.rns_bridge.send_private_dm",
|
|
lambda **kwargs: direct_calls.append(("rns", copy.deepcopy(kwargs))) or True,
|
|
)
|
|
|
|
response = asyncio.run(
|
|
main.dm_send(
|
|
_request(
|
|
(lambda body: body | {
|
|
"signed_context": build_signed_context(
|
|
event_type="dm_message",
|
|
kind="dm_send",
|
|
endpoint="/api/mesh/dm/send",
|
|
lane_floor="private_strong",
|
|
sequence_domain="dm_send",
|
|
node_id=body["sender_id"],
|
|
sequence=body["sequence"],
|
|
payload={
|
|
"recipient_id": body["recipient_id"],
|
|
"delivery_class": body["delivery_class"],
|
|
"recipient_token": body["recipient_token"],
|
|
"ciphertext": body["ciphertext"],
|
|
"format": body["format"],
|
|
"msg_id": body["msg_id"],
|
|
"timestamp": body["timestamp"],
|
|
"transport_lock": body["transport_lock"],
|
|
},
|
|
recipient_id=body["recipient_id"],
|
|
)
|
|
})(
|
|
{
|
|
"sender_id": "!sb_sender",
|
|
"sender_token_hash": "sender-token-hash",
|
|
"recipient_id": "!sb_recipient",
|
|
"delivery_class": "request",
|
|
"recipient_token": "",
|
|
"ciphertext": "ciphertext",
|
|
"format": "mls1",
|
|
"msg_id": "route-sole-publisher-1",
|
|
"timestamp": int(time.time()),
|
|
"transport_lock": "private_strong",
|
|
"public_key": base64.b64encode(b"x" * 32).decode("ascii"),
|
|
"public_key_algo": "Ed25519",
|
|
"signature": "sig",
|
|
"sequence": 91,
|
|
"protocol_version": mesh_signed_events.PROTOCOL_VERSION,
|
|
}
|
|
),
|
|
path="/api/mesh/dm/send",
|
|
)
|
|
)
|
|
)
|
|
|
|
assert response["ok"] is True
|
|
assert response["queued"] is True
|
|
assert response["delivery"]["local_state"] == "sealed_local"
|
|
assert direct_calls == []
|
|
item = _outbox_item(response["outbox_id"], exposure="diagnostic")
|
|
assert item["lane"] == "dm"
|
|
assert response["msg_id"] == "route-sole-publisher-1"
|
|
|
|
|
|
def test_gate_release_is_tor_first_and_never_uses_rns_or_public_when_tor_succeeds(monkeypatch):
|
|
from services.mesh.mesh_router import TransportResult, mesh_router
|
|
|
|
appended = []
|
|
tor_calls = []
|
|
rns_calls = []
|
|
public_calls = []
|
|
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_hashchain.gate_store.append",
|
|
lambda gate_id, event: appended.append((gate_id, copy.deepcopy(event))) or dict(event),
|
|
)
|
|
monkeypatch.setattr(mesh_router.tor_arti, "can_reach", lambda _envelope: True)
|
|
monkeypatch.setattr(
|
|
mesh_router.tor_arti,
|
|
"send",
|
|
lambda envelope, _credentials: tor_calls.append(envelope)
|
|
or TransportResult(True, "tor_arti", "delivered over onion peers"),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_rns.rns_bridge.publish_gate_event",
|
|
lambda gate_id, event: rns_calls.append((gate_id, copy.deepcopy(event))),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_router.mesh_router.route",
|
|
lambda envelope, credentials: public_calls.append((envelope, credentials)) or [],
|
|
)
|
|
|
|
result = attempt_private_release(
|
|
lane="gate",
|
|
current_tier="private_strong",
|
|
payload={
|
|
"gate_id": "adv-gate-tor-1",
|
|
"event_id": "adv-gate-event-tor-1",
|
|
"event": {
|
|
"event_id": "adv-gate-event-tor-1",
|
|
"event_type": "gate_message",
|
|
"payload": {"gate": "adv-gate-tor-1", "ciphertext": "ciphertext"},
|
|
},
|
|
},
|
|
)
|
|
|
|
assert result["ok"] is True
|
|
assert result["selected_carrier"] == "tor_arti_peer_push"
|
|
assert result["network_state"] == "published_private"
|
|
assert result["hidden_transport_effective"] is True
|
|
assert len(appended) == 1
|
|
assert len(tor_calls) == 1
|
|
assert rns_calls == []
|
|
assert public_calls == []
|
|
|
|
|
|
def test_gate_release_all_private_carriers_fail_stays_pending_not_delivered(monkeypatch):
|
|
from services.mesh.mesh_router import TransportResult, mesh_router
|
|
|
|
appended = []
|
|
public_calls = []
|
|
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_hashchain.gate_store.append",
|
|
lambda gate_id, event: appended.append((gate_id, copy.deepcopy(event))) or dict(event),
|
|
)
|
|
monkeypatch.setattr(mesh_router.tor_arti, "can_reach", lambda _envelope: True)
|
|
monkeypatch.setattr(
|
|
mesh_router.tor_arti,
|
|
"send",
|
|
lambda _envelope, _credentials: TransportResult(False, "tor_arti", "onion peers unavailable"),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_rns.rns_bridge.publish_gate_event",
|
|
lambda _gate_id, _event: (_ for _ in ()).throw(RuntimeError("rns unavailable")),
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_router.mesh_router.route",
|
|
lambda envelope, credentials: public_calls.append((envelope, credentials)) or [],
|
|
)
|
|
|
|
result = attempt_private_release(
|
|
lane="gate",
|
|
current_tier="private_strong",
|
|
payload={
|
|
"gate_id": "adv-gate-pending-1",
|
|
"event_id": "adv-gate-event-pending-1",
|
|
"event": {
|
|
"event_id": "adv-gate-event-pending-1",
|
|
"event_type": "gate_message",
|
|
"payload": {"gate": "adv-gate-pending-1", "ciphertext": "ciphertext"},
|
|
},
|
|
},
|
|
)
|
|
|
|
assert result["ok"] is False
|
|
assert result["dispatch_reason"] == "gate_private_publish_pending"
|
|
assert result["published"] is False
|
|
assert result["local_state"] == "sealed_local"
|
|
assert result["network_state"] == "queued_private_release"
|
|
assert len(appended) == 1
|
|
assert public_calls == []
|
|
|
|
|
|
def test_strong_release_attestation_failure_queues_without_transport_side_effects(monkeypatch):
|
|
deposit_calls = []
|
|
direct_calls = []
|
|
|
|
monkeypatch.setenv("MESH_RELEASE_PROFILE", "testnet-private")
|
|
get_settings.cache_clear()
|
|
monkeypatch.setattr("services.wormhole_supervisor.get_transport_tier", lambda: "private_strong")
|
|
monkeypatch.setattr(
|
|
"services.privacy_core_attestation.privacy_core_attestation",
|
|
lambda *_args, **_kwargs: {
|
|
"attestation_state": "attestation_mismatch",
|
|
"detail": "privacy-core artifact mismatch",
|
|
},
|
|
)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_secure_dm_enabled", lambda: True)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_rns_private_dm_ready", lambda: True)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_maybe_apply_dm_relay_jitter", lambda: None)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_dm_relay.dm_relay.deposit",
|
|
lambda **kwargs: deposit_calls.append(kwargs) or {"ok": True, "msg_id": kwargs["msg_id"]},
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_rns.rns_bridge.send_private_dm",
|
|
lambda **kwargs: direct_calls.append(kwargs) or True,
|
|
)
|
|
|
|
queued = main._queue_dm_release(
|
|
current_tier="private_strong",
|
|
payload={
|
|
"msg_id": "adv-dm-attestation-1",
|
|
"sender_id": "alice",
|
|
"recipient_id": "bob",
|
|
"delivery_class": "request",
|
|
"ciphertext": "ciphertext",
|
|
"timestamp": 1,
|
|
},
|
|
)
|
|
|
|
mesh_private_release_worker.private_release_worker.run_once()
|
|
|
|
item = _outbox_item(queued["outbox_id"])
|
|
assert deposit_calls == []
|
|
assert direct_calls == []
|
|
assert item["release_state"] == "queued"
|
|
assert item["status"]["reason_code"] == "privacy_core_attestation_not_current"
|
|
assert item["network_state"] == "queued_private_release"
|
|
|
|
|
|
def test_scoped_relay_policy_cannot_bypass_hidden_transport_requirement(monkeypatch):
|
|
deposit_calls = []
|
|
|
|
monkeypatch.setenv("MESH_PRIVATE_RELEASE_APPROVAL_ENABLE", "true")
|
|
get_settings.cache_clear()
|
|
monkeypatch.setattr("services.wormhole_supervisor.get_transport_tier", lambda: "private_strong")
|
|
monkeypatch.setattr(mesh_private_release_worker, "_secure_dm_enabled", lambda: True)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_rns_private_dm_ready", lambda: False)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_anonymous_dm_hidden_transport_enforced", lambda: False)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_hidden_relay_transport_effective", lambda: False)
|
|
monkeypatch.setattr(mesh_private_release_worker, "_maybe_apply_dm_relay_jitter", lambda: None)
|
|
monkeypatch.setattr(
|
|
mesh_private_release_worker,
|
|
"_rns_private_dm_status",
|
|
lambda _direct_ready: {
|
|
"enabled": True,
|
|
"ready": True,
|
|
"configured_peers": 1,
|
|
"active_peers": 0,
|
|
"private_dm_direct_ready": False,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_dm_relay.dm_relay.deposit",
|
|
lambda **kwargs: deposit_calls.append(kwargs) or {"ok": True, "msg_id": kwargs["msg_id"]},
|
|
)
|
|
mesh_relay_policy.grant_relay_policy(
|
|
scope_type="dm_contact",
|
|
scope_id="bob",
|
|
profile="dev",
|
|
hidden_transport_required=True,
|
|
reason="adversarial_hidden_transport_required",
|
|
)
|
|
|
|
queued = main._queue_dm_release(
|
|
current_tier="private_strong",
|
|
payload={
|
|
"msg_id": "adv-dm-hidden-policy-1",
|
|
"sender_id": "alice",
|
|
"recipient_id": "bob",
|
|
"delivery_class": "request",
|
|
"ciphertext": "ciphertext",
|
|
"timestamp": 1,
|
|
},
|
|
)
|
|
|
|
mesh_private_release_worker.private_release_worker.run_once()
|
|
|
|
item = _outbox_item(queued["outbox_id"])
|
|
assert deposit_calls == []
|
|
assert item["release_state"] == "queued"
|
|
assert item["approval"]["required"] is False
|
|
denied = mesh_relay_policy.relay_policy_grants_dm(
|
|
recipient_id="bob",
|
|
profile="dev",
|
|
hidden_transport_effective=False,
|
|
)
|
|
assert denied["reason_code"] == "relay_policy_hidden_transport_required"
|
|
|
|
|
|
def test_legacy_gate_migration_never_relabels_original_author_or_signature(monkeypatch):
|
|
original = {
|
|
"event_id": "adv-legacy-event-1",
|
|
"event_type": "gate_message",
|
|
"node_id": "original-author",
|
|
"payload": {
|
|
"gate": "adv-legacy-gate",
|
|
"ciphertext": "legacy-ct",
|
|
"nonce": "legacy-nonce",
|
|
"sender_ref": "legacy-sender",
|
|
"format": "mls1",
|
|
"gate_envelope": "legacy-envelope-token",
|
|
},
|
|
"signature": "original-signature",
|
|
"public_key": "original-key",
|
|
"public_key_algo": "Ed25519",
|
|
"protocol_version": "infonet/2",
|
|
}
|
|
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_hashchain.gate_store.get_messages",
|
|
lambda gate_id, limit=500, offset=0: [copy.deepcopy(original)],
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_hashchain.gate_store.get_event",
|
|
lambda event_id: copy.deepcopy(original) if event_id == "adv-legacy-event-1" else None,
|
|
)
|
|
monkeypatch.setattr(
|
|
"services.mesh.mesh_wormhole_persona.sign_gate_wormhole_event",
|
|
lambda **_kwargs: {
|
|
"node_id": "local-wrapper-signer",
|
|
"identity_scope": "gate_persona",
|
|
"sequence": 1,
|
|
"signature": "local-wrapper-signature",
|
|
"public_key": "local-wrapper-key",
|
|
"public_key_algo": "Ed25519",
|
|
"protocol_version": "infonet/2",
|
|
},
|
|
)
|
|
|
|
result = mesh_gate_legacy_migration.create_missing_local_archival_rewraps(
|
|
gate_id="adv-legacy-gate",
|
|
)
|
|
|
|
assert result["ok"] is True
|
|
assert result["created"] == 1
|
|
wrapper = result["wrappers"][0]
|
|
assert wrapper["event_type"] == "gate_archival_rewrap"
|
|
assert wrapper["node_id"] == "local-wrapper-signer"
|
|
assert wrapper["signature"] == "local-wrapper-signature"
|
|
assert wrapper["payload"]["original_author_node_id"] == "original-author"
|
|
assert wrapper["payload"]["original_event_id"] == "adv-legacy-event-1"
|
|
assert wrapper["payload"]["original_signature_hash"]
|
|
assert "original-signature" not in str(wrapper["payload"])
|
|
assert original["node_id"] == "original-author"
|
|
assert original["signature"] == "original-signature"
|