diff --git a/core/commands/name/name.go b/core/commands/name/name.go index e03312919c57..d590b0988142 100644 --- a/core/commands/name/name.go +++ b/core/commands/name/name.go @@ -2,7 +2,7 @@ package name import ( "bytes" - "encoding/json" + "encoding/hex" "fmt" "io" "text/tabwriter" @@ -10,13 +10,9 @@ import ( "github.com/ipfs/boxo/ipns" ipns_pb "github.com/ipfs/boxo/ipns/pb" + "github.com/ipfs/boxo/path" cmds "github.com/ipfs/go-ipfs-cmds" cmdenv "github.com/ipfs/kubo/core/commands/cmdenv" - "github.com/ipld/go-ipld-prime" - "github.com/ipld/go-ipld-prime/codec/dagcbor" - "github.com/ipld/go-ipld-prime/codec/dagjson" - "github.com/libp2p/go-libp2p/core/crypto" - mbase "github.com/multiformats/go-multibase" "google.golang.org/protobuf/proto" ) @@ -83,27 +79,25 @@ Resolve the value of a dnslink: } type IpnsInspectValidation struct { - Valid bool - Reason string - PublicKey string + Valid bool + Reason string + Name string } // IpnsInspectEntry contains the deserialized values from an IPNS Entry: // https://github.com/ipfs/specs/blob/main/ipns/IPNS.md#record-serialization-format type IpnsInspectEntry struct { - Value string - ValidityType *ipns_pb.IpnsRecord_ValidityType + Value *path.Path + ValidityType *ipns.ValidityType Validity *time.Time - Sequence uint64 - TTL *uint64 - PublicKey string - SignatureV1 string - SignatureV2 string - Data interface{} + Sequence *uint64 + TTL *time.Duration } type IpnsInspectResult struct { Entry IpnsInspectEntry + Version string + HexDump string Validation *IpnsInspectValidation } @@ -135,6 +129,7 @@ Passing --verify will verify signature against provided public key. }, Options: []cmds.Option{ cmds.StringOption("verify", "CID of the public IPNS key to validate against."), + cmds.BoolOption("verbose", "Show a full hex dump of the raw Protobuf record."), }, Run: func(req *cmds.Request, res cmds.ResponseEmitter, env cmds.Environment) error { file, err := cmdenv.GetFileArg(req.Files.Entries()) @@ -150,89 +145,65 @@ Passing --verify will verify signature against provided public key. return err } - // Here we use the old school raw Protobuf pbRecord because we want to inspect it, - // aka, we need to be able to see all of its contents inside. While the boxo/ipns - // provides a good abstraction over the Record type, it doesn't allow for introspection - // of the raw value of the IpnsEntry. - var pbRecord ipns_pb.IpnsRecord - err = proto.Unmarshal(b.Bytes(), &pbRecord) - if err != nil { - return err - } - rec, err := ipns.UnmarshalRecord(b.Bytes()) if err != nil { return err } - encoder, err := mbase.EncoderByName("base64") - if err != nil { - return err - } - result := &IpnsInspectResult{ - Entry: IpnsInspectEntry{ - Value: string(pbRecord.Value), - ValidityType: pbRecord.ValidityType, - Sequence: *pbRecord.Sequence, - TTL: pbRecord.Ttl, - PublicKey: encoder.Encode(pbRecord.PubKey), - SignatureV1: encoder.Encode(pbRecord.SignatureV1), - SignatureV2: encoder.Encode(pbRecord.SignatureV2), - Data: nil, - }, + Entry: IpnsInspectEntry{}, } - if len(pbRecord.Data) != 0 { - // This is hacky. The variable node (datamodel.Node) doesn't directly marshal - // to JSON. Therefore, we need to first decode from DAG-CBOR, then encode in - // DAG-JSON and finally unmarshal it from JSON. Since DAG-JSON is a subset - // of JSON, that should work. Then, we can store the final value in the - // result.Entry.Data for further inspection. - node, err := ipld.Decode(pbRecord.Data, dagcbor.Decode) - if err != nil { - return err - } + // Best effort to get the fields. Show everything we can. + if v, err := rec.Value(); err == nil { + result.Entry.Value = &v + } - var buf bytes.Buffer - err = dagjson.Encode(node, &buf) - if err != nil { - return err - } + if v, err := rec.ValidityType(); err == nil { + result.Entry.ValidityType = &v + } - err = json.Unmarshal(buf.Bytes(), &result.Entry.Data) - if err != nil { - return err - } + if v, err := rec.Validity(); err == nil { + result.Entry.Validity = &v } - validity, err := rec.Validity() - if err == nil { - result.Entry.Validity = &validity + if v, err := rec.Sequence(); err == nil { + result.Entry.Sequence = &v } - verify, ok := req.Options["verify"].(string) - if ok { - name, err := ipns.NameFromString(verify) - if err != nil { - return err - } + if v, err := rec.TTL(); err == nil { + result.Entry.TTL = &v + } - pk, err := ipns.ExtractPublicKey(rec, name) - if err != nil { - return err + // Here we need the raw protobuf just to decide the version. + var pbRecord ipns_pb.IpnsRecord + err = proto.Unmarshal(b.Bytes(), &pbRecord) + if err != nil { + return err + } + if pbRecord.SignatureV1 != nil || pbRecord.Value != nil { + if pbRecord.Data != nil { + result.Version = "V1+V2" + } else { + result.Version = "V2" } + } else if pbRecord.Data != nil { + result.Version = "V2" + } else { + result.Version = "Unknown" + } - bytes, err := crypto.MarshalPublicKey(pk) + if verify, ok := req.Options["verify"].(string); ok { + name, err := ipns.NameFromString(verify) if err != nil { return err } result.Validation = &IpnsInspectValidation{ - PublicKey: encoder.Encode(bytes), + Name: name.String(), } - err = ipns.Validate(rec, pk) + err = ipns.ValidateWithName(rec, name) if err == nil { result.Validation.Valid = true } else { @@ -240,6 +211,10 @@ Passing --verify will verify signature against provided public key. } } + if verbose, ok := req.Options["verbose"].(bool); ok && verbose { + result.HexDump = hex.Dump(b.Bytes()) + } + return cmds.EmitOnce(res, result) }, Type: IpnsInspectResult{}, @@ -248,24 +223,25 @@ Passing --verify will verify signature against provided public key. tw := tabwriter.NewWriter(w, 0, 0, 1, ' ', 0) defer tw.Flush() - fmt.Fprintf(tw, "Value:\t%q\n", string(out.Entry.Value)) - fmt.Fprintf(tw, "Validity Type:\t%q\n", out.Entry.ValidityType) + if out.Entry.Value != nil { + fmt.Fprintf(tw, "Value:\t%q\n", out.Entry.Value.String()) + } + + if out.Entry.ValidityType != nil { + fmt.Fprintf(tw, "Validity Type:\t%q\n", *out.Entry.ValidityType) + } + if out.Entry.Validity != nil { - fmt.Fprintf(tw, "Validity:\t%s\n", out.Entry.Validity.Format(time.RFC3339Nano)) + fmt.Fprintf(tw, "Validity:\t%q\n", out.Entry.Validity.Format(time.RFC3339)) } - fmt.Fprintf(tw, "Sequence:\t%d\n", out.Entry.Sequence) - if out.Entry.TTL != nil { - fmt.Fprintf(tw, "TTL:\t%d\n", *out.Entry.TTL) + + if out.Entry.Sequence != nil { + fmt.Fprintf(tw, "Sequence:\t%d\n", *out.Entry.Sequence) } - fmt.Fprintf(tw, "PublicKey:\t%q\n", out.Entry.PublicKey) - fmt.Fprintf(tw, "Signature V1:\t%q\n", out.Entry.SignatureV1) - fmt.Fprintf(tw, "Signature V2:\t%q\n", out.Entry.SignatureV2) - data, err := json.Marshal(out.Entry.Data) - if err != nil { - return err + if out.Entry.TTL != nil { + fmt.Fprintf(tw, "TTL:\t%s\n", out.Entry.TTL.String()) } - fmt.Fprintf(tw, "Data:\t%s\n", string(data)) if out.Validation == nil { tw.Flush() @@ -278,7 +254,14 @@ Passing --verify will verify signature against provided public key. if out.Validation.Reason != "" { fmt.Fprintf(tw, "\tReason:\t%s\n", out.Validation.Reason) } - fmt.Fprintf(tw, "\tPublicKey:\t%s\n", out.Validation.PublicKey) + fmt.Fprintf(tw, "\tName:\t%s\n", out.Validation.Name) + } + + if out.HexDump != "" { + tw.Flush() + + fmt.Fprintf(w, "\nHex Dump:\n") + fmt.Fprintf(w, out.HexDump) } return nil diff --git a/docs/changelogs/v0.22.md b/docs/changelogs/v0.22.md index aba6a4ac7ee7..4cc487e59aa4 100644 --- a/docs/changelogs/v0.22.md +++ b/docs/changelogs/v0.22.md @@ -35,6 +35,15 @@ Imported 1 blocks (1618 bytes) [exit code 1] ``` +#### `ipfs name publish` now supports V2 only IPNS records + +When publishing an IPNS record, you are now able to create v2 only records +by passing `--v1compat=false`. By default, we still create V1+V2 records, such +that there is the highest chance of backwards compatibility. The goal is to move +to V2 only in the future. + +**TODO**: add links to IPIP. + ### ๐Ÿ“ Changelog ### ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Contributors diff --git a/docs/examples/kubo-as-a-library/go.mod b/docs/examples/kubo-as-a-library/go.mod index ea91544d6b7a..5a514945951a 100644 --- a/docs/examples/kubo-as-a-library/go.mod +++ b/docs/examples/kubo-as-a-library/go.mod @@ -7,7 +7,7 @@ go 1.18 replace github.com/ipfs/kubo => ./../../.. require ( - github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd + github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d github.com/ipfs/kubo v0.0.0-00010101000000-000000000000 github.com/libp2p/go-libp2p v0.27.6 github.com/multiformats/go-multiaddr v0.9.0 diff --git a/docs/examples/kubo-as-a-library/go.sum b/docs/examples/kubo-as-a-library/go.sum index 0c5057bebf72..ff312585d5ab 100644 --- a/docs/examples/kubo-as-a-library/go.sum +++ b/docs/examples/kubo-as-a-library/go.sum @@ -320,8 +320,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs= github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0= -github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd h1:mR5STWmJw1n+JZ2t7Jx0vPxp+iL9vuAM4RFxoqFyww0= -github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd/go.mod h1:IwBbXi5P7fA0HzLhsw/FtAj9RAMacODuOCPPsBcvqcE= +github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d h1:vgxYdy3FL2y/oBFpoioPImg3QccT7Y03fyCxfIhm3HY= +github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d/go.mod h1:IwBbXi5P7fA0HzLhsw/FtAj9RAMacODuOCPPsBcvqcE= github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA= github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU= github.com/ipfs/go-block-format v0.0.2/go.mod h1:AWR46JfpcObNfg3ok2JHDUfdiHRgWhJgCQF+KIgOPJY= diff --git a/go.mod b/go.mod index 91233654f953..6f4beecab0b3 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/fsnotify/fsnotify v1.6.0 github.com/google/uuid v1.3.0 github.com/hashicorp/go-multierror v1.1.1 - github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd + github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d github.com/ipfs/go-block-format v0.1.2 github.com/ipfs/go-cid v0.4.1 github.com/ipfs/go-cidutil v0.1.0 diff --git a/go.sum b/go.sum index a7d18d5568da..e3cac3909d6b 100644 --- a/go.sum +++ b/go.sum @@ -355,8 +355,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs= github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0= -github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd h1:mR5STWmJw1n+JZ2t7Jx0vPxp+iL9vuAM4RFxoqFyww0= -github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd/go.mod h1:IwBbXi5P7fA0HzLhsw/FtAj9RAMacODuOCPPsBcvqcE= +github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d h1:vgxYdy3FL2y/oBFpoioPImg3QccT7Y03fyCxfIhm3HY= +github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d/go.mod h1:IwBbXi5P7fA0HzLhsw/FtAj9RAMacODuOCPPsBcvqcE= github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA= github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU= github.com/ipfs/go-block-format v0.0.2/go.mod h1:AWR46JfpcObNfg3ok2JHDUfdiHRgWhJgCQF+KIgOPJY= diff --git a/test/cli/fixtures/TestName.car b/test/cli/fixtures/TestName.car new file mode 100644 index 000000000000..5e3fd57b2645 Binary files /dev/null and b/test/cli/fixtures/TestName.car differ diff --git a/test/cli/name_test.go b/test/cli/name_test.go new file mode 100644 index 000000000000..30328a5cc08d --- /dev/null +++ b/test/cli/name_test.go @@ -0,0 +1,263 @@ +package cli + +import ( + "bytes" + "encoding/json" + "fmt" + "os" + "strings" + "testing" + + "github.com/ipfs/boxo/ipns" + "github.com/ipfs/kubo/core/commands/name" + "github.com/ipfs/kubo/test/cli/harness" + "github.com/stretchr/testify/require" +) + +func TestName(t *testing.T) { + const ( + fixturePath = "fixtures/TestName.car" + fixtureCid = "bafybeidg3uxibfrt7uqh7zd5yaodetik7wjwi4u7rwv2ndbgj6ec7lsv2a" + dagCid = "bafyreidgts62p4rtg3rtmptmbv2dt46zjzin275fr763oku3wfod3quzay" + ) + + makeDaemon := func(t *testing.T, initArgs []string) *harness.Node { + node := harness.NewT(t).NewNode().Init(append([]string{"--profile=test"}, initArgs...)...) + r, err := os.Open(fixturePath) + require.Nil(t, err) + defer r.Close() + err = node.IPFSDagImport(r, fixtureCid) + require.NoError(t, err) + return node + } + + testPublishingWithSelf := func(keyType string) { + t.Run("Publishing with self (keyType = "+keyType+")", func(t *testing.T) { + t.Parallel() + + args := []string{} + if keyType != "default" { + args = append(args, "-a="+keyType) + } + + node := makeDaemon(t, args) + name := ipns.NameFromPeer(node.PeerID()) + + t.Run("Publishing a CID", func(t *testing.T) { + publishPath := "/ipfs/" + fixtureCid + + res := node.IPFS("name", "publish", "--allow-offline", publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", name.String(), publishPath), res.Stdout.String()) + + res = node.IPFS("name", "resolve", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + }) + + t.Run("Publishing a CID with -Q option", func(t *testing.T) { + publishPath := "/ipfs/" + fixtureCid + + res := node.IPFS("name", "publish", "--allow-offline", "-Q", publishPath) + require.Equal(t, name.String()+"\n", res.Stdout.String()) + + res = node.IPFS("name", "resolve", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + }) + + t.Run("Publishing a CID+Path", func(t *testing.T) { + publishPath := "/ipfs/" + fixtureCid + "/hello" + + res := node.IPFS("name", "publish", "--allow-offline", publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", name.String(), publishPath), res.Stdout.String()) + + res = node.IPFS("name", "resolve", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + }) + + t.Run("Publishing nothing fails", func(t *testing.T) { + res := node.RunIPFS("name", "publish") + require.Error(t, res.Err) + require.Equal(t, 1, res.ExitCode()) + require.Contains(t, res.Stderr.String(), `argument "ipfs-path" is required`) + }) + + t.Run("Publishing with IPLD works", func(t *testing.T) { + publishPath := "/ipld/" + dagCid + "/thing" + res := node.IPFS("name", "publish", "--allow-offline", publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", name.String(), publishPath), res.Stdout.String()) + + res = node.IPFS("name", "resolve", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + }) + + publishPath := "/ipfs/" + fixtureCid + res := node.IPFS("name", "publish", "--allow-offline", publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", name.String(), publishPath), res.Stdout.String()) + + t.Run("Resolving self offline succeeds (daemon off)", func(t *testing.T) { + res = node.IPFS("name", "resolve", "--offline", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + + // Test without cache. + res = node.IPFS("name", "resolve", "--offline", "-n", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + }) + + node.StartDaemon() + + t.Run("Resolving self offline succeeds (daemon on)", func(t *testing.T) { + res = node.IPFS("name", "resolve", "--offline", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + + // Test without cache. + res = node.IPFS("name", "resolve", "--offline", "-n", "/ipns/"+name.String()) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + }) + }) + } + + testPublishingWithSelf("default") + testPublishingWithSelf("rsa") + testPublishingWithSelf("ed25519") + + testPublishWithKey := func(name string, keyArgs ...string) { + t.Run(name, func(t *testing.T) { + t.Parallel() + node := makeDaemon(t, nil) + + keyGenArgs := []string{"key", "gen"} + keyGenArgs = append(keyGenArgs, keyArgs...) + keyGenArgs = append(keyGenArgs, "key") + + res := node.IPFS(keyGenArgs...) + key := strings.TrimSpace(res.Stdout.String()) + + publishPath := "/ipfs/" + fixtureCid + name, err := ipns.NameFromString(key) + require.NoError(t, err) + + res = node.IPFS("name", "publish", "--allow-offline", "--key="+key, publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", name.String(), publishPath), res.Stdout.String()) + }) + } + + testPublishWithKey("Publishing with RSA (with b58mh) Key", "--ipns-base=b58mh", "--type=rsa", "--size=2048") + testPublishWithKey("Publishing with ED25519 (with b58mh) Key", "--ipns-base=b58mh", "--type=ed25519") + testPublishWithKey("Publishing with ED25519 (with base36) Key", "--ipns-base=base36", "--type=ed25519") + + t.Run("Fails to publish in offline mode", func(t *testing.T) { + t.Parallel() + node := makeDaemon(t, nil).StartDaemon("--offline") + res := node.RunIPFS("name", "publish", "/ipfs/"+fixtureCid) + require.Error(t, res.Err) + require.Equal(t, 1, res.ExitCode()) + require.Contains(t, res.Stderr.String(), `can't publish while offline`) + }) + + t.Run("Publish V2-only record", func(t *testing.T) { + t.Parallel() + + node := makeDaemon(t, nil).StartDaemon() + ipnsName := ipns.NameFromPeer(node.PeerID()).String() + ipnsPath := ipns.NamespacePrefix + ipnsName + publishPath := "/ipfs/" + fixtureCid + + res := node.IPFS("name", "publish", "--ttl=30m", "--v1compat=false", publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", ipnsName, publishPath), res.Stdout.String()) + + res = node.IPFS("name", "resolve", ipnsPath) + require.Equal(t, publishPath+"\n", res.Stdout.String()) + + res = node.IPFS("routing", "get", ipnsPath) + record := res.Stdout.Bytes() + t.Log(record) + + res = node.PipeToIPFS(bytes.NewReader(record), "name", "inspect") + out := res.Stdout.String() + require.Contains(t, out, "This record was not validated.") + require.Contains(t, out, publishPath) + require.Contains(t, out, "30m") + + res = node.PipeToIPFS(bytes.NewReader(record), "name", "inspect", "--verify="+ipnsPath) + out = res.Stdout.String() + require.Contains(t, out, "Valid: true") + }) + + t.Run("Publish with TTL and inspect record", func(t *testing.T) { + t.Parallel() + + node := makeDaemon(t, nil).StartDaemon() + ipnsPath := ipns.NamespacePrefix + ipns.NameFromPeer(node.PeerID()).String() + publishPath := "/ipfs/" + fixtureCid + + _ = node.IPFS("name", "publish", "--ttl=30m", publishPath) + res := node.IPFS("routing", "get", ipnsPath) + record := res.Stdout.Bytes() + + t.Run("Inspect record shows correct TTL and that it is not validated", func(t *testing.T) { + t.Parallel() + res = node.PipeToIPFS(bytes.NewReader(record), "name", "inspect") + out := res.Stdout.String() + require.Contains(t, out, "This record was not validated.") + require.Contains(t, out, publishPath) + require.Contains(t, out, "30m") + }) + + t.Run("Inspect record shows valid with correct name", func(t *testing.T) { + t.Parallel() + res := node.PipeToIPFS(bytes.NewReader(record), "name", "inspect", "--enc=json", "--verify="+ipnsPath) + val := name.IpnsInspectResult{} + err := json.Unmarshal(res.Stdout.Bytes(), &val) + require.NoError(t, err) + require.True(t, val.Validation.Valid) + }) + + t.Run("Inspect record shows invalid with wrong name", func(t *testing.T) { + t.Parallel() + res := node.PipeToIPFS(bytes.NewReader(record), "name", "inspect", "--enc=json", "--verify=12D3KooWRirYjmmQATx2kgHBfky6DADsLP7ex1t7BRxJ6nqLs9WH") + val := name.IpnsInspectResult{} + err := json.Unmarshal(res.Stdout.Bytes(), &val) + require.NoError(t, err) + require.False(t, val.Validation.Valid) + }) + }) + + t.Run("Inspect with verification using wrong RSA key errors", func(t *testing.T) { + t.Parallel() + node := makeDaemon(t, nil).StartDaemon() + + // Prepare RSA Key 1 + res := node.IPFS("key", "gen", "--type=rsa", "--size=4096", "key1") + key1 := strings.TrimSpace(res.Stdout.String()) + name1, err := ipns.NameFromString(key1) + require.NoError(t, err) + + // Prepare RSA Key 2 + res = node.IPFS("key", "gen", "--type=rsa", "--size=4096", "key2") + key2 := strings.TrimSpace(res.Stdout.String()) + name2, err := ipns.NameFromString(key2) + require.NoError(t, err) + + // Publish using Key 1 + publishPath := "/ipfs/" + fixtureCid + res = node.IPFS("name", "publish", "--allow-offline", "--key="+key1, publishPath) + require.Equal(t, fmt.Sprintf("Published to %s: %s\n", name1.String(), publishPath), res.Stdout.String()) + + // Get IPNS Record + res = node.IPFS("routing", "get", ipns.NamespacePrefix+name1.String()) + record := res.Stdout.Bytes() + + // Validate with correct key succeeds + res = node.PipeToIPFS(bytes.NewReader(record), "name", "inspect", "--verify="+name1.String(), "--enc=json") + val := name.IpnsInspectResult{} + err = json.Unmarshal(res.Stdout.Bytes(), &val) + require.NoError(t, err) + require.True(t, val.Validation.Valid) + + // Validate with wrong key fails + res = node.PipeToIPFS(bytes.NewReader(record), "name", "inspect", "--verify="+name2.String(), "--enc=json") + val = name.IpnsInspectResult{} + err = json.Unmarshal(res.Stdout.Bytes(), &val) + require.NoError(t, err) + require.False(t, val.Validation.Valid) + }) +} diff --git a/test/dependencies/go.mod b/test/dependencies/go.mod index 21408027b08d..4f01b3e65cc1 100644 --- a/test/dependencies/go.mod +++ b/test/dependencies/go.mod @@ -7,7 +7,7 @@ replace github.com/ipfs/kubo => ../../ require ( github.com/Kubuxu/gocovmerge v0.0.0-20161216165753-7ecaa51963cd github.com/golangci/golangci-lint v1.49.0 - github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd + github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d github.com/ipfs/go-cid v0.4.1 github.com/ipfs/go-cidutil v0.1.0 github.com/ipfs/go-datastore v0.6.0 diff --git a/test/dependencies/go.sum b/test/dependencies/go.sum index e7d9c7de495d..39736b504f43 100644 --- a/test/dependencies/go.sum +++ b/test/dependencies/go.sum @@ -413,8 +413,8 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs= github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0= -github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd h1:mR5STWmJw1n+JZ2t7Jx0vPxp+iL9vuAM4RFxoqFyww0= -github.com/ipfs/boxo v0.10.1-0.20230615083040-d5e141ea82cd/go.mod h1:IwBbXi5P7fA0HzLhsw/FtAj9RAMacODuOCPPsBcvqcE= +github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d h1:vgxYdy3FL2y/oBFpoioPImg3QccT7Y03fyCxfIhm3HY= +github.com/ipfs/boxo v0.10.1-0.20230615091437-c5a71fad393d/go.mod h1:IwBbXi5P7fA0HzLhsw/FtAj9RAMacODuOCPPsBcvqcE= github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA= github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU= github.com/ipfs/go-block-format v0.1.2 h1:GAjkfhVx1f4YTODS6Esrj1wt2HhrtwTnhEr+DyPUaJo= diff --git a/test/sharness/t0100-name.sh b/test/sharness/t0100-name.sh deleted file mode 100755 index cb39e45c8abe..000000000000 --- a/test/sharness/t0100-name.sh +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright (c) 2014 Jeromy Johnson -# MIT Licensed; see the LICENSE file in this repository. -# - -test_description="Test ipfs repo operations" - -. lib/test-lib.sh - -test_name_with_self() { - SELF_ALG=$1 - - test_expect_success "ipfs init (variant self $SELF_ALG)" ' - export IPFS_PATH="$(pwd)/.ipfs" && - case $SELF_ALG in - default) - ipfs init --empty-repo=false --profile=test > /dev/null - ;; - rsa) - ipfs init --empty-repo=false --profile=test -a=rsa > /dev/null - ;; - ed25519) - ipfs init --empty-repo=false --profile=test -a=ed25519 > /dev/null - ;; - esac && - export PEERID=`ipfs key list --ipns-base=base36 -l | grep self | cut -d " " -f1` && - test_check_peerid "${PEERID}" - ' - - # test publishing a hash - - test_expect_success "'ipfs name publish --allow-offline' succeeds" ' - ipfs name publish --allow-offline "/ipfs/$HASH_WELCOME_DOCS" >publish_out - ' - - test_expect_success "publish output looks good" ' - echo "Published to ${PEERID}: /ipfs/$HASH_WELCOME_DOCS" >expected1 && - test_cmp expected1 publish_out - ' - - test_expect_success "'ipfs name resolve' succeeds" ' - ipfs name resolve "$PEERID" >output - ' - - test_expect_success "resolve output looks good" ' - printf "/ipfs/%s\n" "$HASH_WELCOME_DOCS" >expected2 && - test_cmp expected2 output - ' - - # test publishing with -Q option - - test_expect_success "'ipfs name publish --quieter' succeeds" ' - ipfs name publish --allow-offline -Q "/ipfs/$HASH_WELCOME_DOCS" >publish_out - ' - - test_expect_success "publish --quieter output looks good" ' - echo "${PEERID}" >expected1 && - test_cmp expected1 publish_out - ' - - test_expect_success "'ipfs name resolve' succeeds" ' - ipfs name resolve "$PEERID" >output - ' - - test_expect_success "resolve output looks good" ' - printf "/ipfs/%s\n" "$HASH_WELCOME_DOCS" >expected2 && - test_cmp expected2 output - ' - - # now test with a path - - test_expect_success "'ipfs name publish --allow-offline' succeeds" ' - ipfs name publish --allow-offline "/ipfs/$HASH_WELCOME_DOCS/help" >publish_out - ' - - test_expect_success "publish a path looks good" ' - echo "Published to ${PEERID}: /ipfs/$HASH_WELCOME_DOCS/help" >expected3 && - test_cmp expected3 publish_out - ' - - test_expect_success "'ipfs name resolve' succeeds" ' - ipfs name resolve "$PEERID" >output - ' - - test_expect_success "resolve output looks good" ' - printf "/ipfs/%s/help\n" "$HASH_WELCOME_DOCS" >expected4 && - test_cmp expected4 output - ' - - test_expect_success "ipfs cat on published content succeeds" ' - ipfs cat "/ipfs/$HASH_WELCOME_DOCS/help" >expected && - ipfs cat "/ipns/$PEERID" >actual && - test_cmp expected actual - ' - - # publish with an explicit node ID - - test_expect_failure "'ipfs name publish --allow-offline ' succeeds" ' - echo ipfs name publish --allow-offline "${PEERID}" "/ipfs/$HASH_WELCOME_DOCS" && - ipfs name publish --allow-offline "${PEERID}" "/ipfs/$HASH_WELCOME_DOCS" >actual_node_id_publish - ' - - test_expect_failure "publish with our explicit node ID looks good" ' - echo "Published to ${PEERID}: /ipfs/$HASH_WELCOME_DOCS" >expected_node_id_publish && - test_cmp expected_node_id_publish actual_node_id_publish - ' - - # test publishing with B36CID and B58MH resolve to the same B36CID - - test_expect_success "verify self key output" ' - B58MH_ID=`ipfs key list --ipns-base=b58mh -l | grep self | cut -d " " -f1` && - B58MH_ID_NORM=`ipfs cid format -b base36 $B58MH_ID` && - B36CID_ID=`ipfs key list --ipns-base=base36 -l | grep self | cut -d " " -f1` && - B36CID_ID_NORM=`ipfs cid format -b base36 $B36CID_ID` && - test_check_peerid "${B58MH_ID}" && - test_check_peerid "${B36CID_ID}" - ' - - test_expect_success "'ipfs name publish --allow-offline --key= ' succeeds" ' - ipfs name publish --allow-offline --key=${B58MH_ID} "/ipfs/$HASH_WELCOME_DOCS" >b58mh_published_id_base36 && - ipfs name publish --allow-offline --key=${B36CID_ID} "/ipfs/$HASH_WELCOME_DOCS" >base36_published_id_base36 && - ipfs name publish --allow-offline --key=${B58MH_ID} --ipns-base=b58mh "/ipfs/$HASH_WELCOME_DOCS" >b58mh_published_id_b58mh && - ipfs name publish --allow-offline --key=${B36CID_ID} --ipns-base=b58mh "/ipfs/$HASH_WELCOME_DOCS" >base36_published_id_b58mh - ' - - test_expect_success "publish an explicit node ID as two key in B58MH and B36CID, name looks good" ' - echo "Published to ${B36CID_ID_NORM}: /ipfs/$HASH_WELCOME_DOCS" >expected_published_id_base36 && - echo "Published to ${B36CID_ID_NORM}: /ipfs/$HASH_WELCOME_DOCS" >expected_published_id_b58mh && - test_cmp expected_published_id_base36 b58mh_published_id_base36 && - test_cmp expected_published_id_base36 base36_published_id_base36 && - test_cmp expected_published_id_b58mh b58mh_published_id_b58mh && - test_cmp expected_published_id_b58mh base36_published_id_b58mh - ' - - test_expect_success "'ipfs name resolve' succeeds" ' - ipfs name resolve "$B36CID_ID" >output - ' - - test_expect_success "resolve output looks good" ' - printf "/ipfs/%s\n" "$HASH_WELCOME_DOCS" >expected2 && - test_cmp expected2 output - ' - - # test IPNS + IPLD - - test_expect_success "'ipfs dag put' succeeds" ' - HELLO_HASH="$(echo "\"hello world\"" | ipfs dag put)" && - OBJECT_HASH="$(echo "{\"thing\": {\"/\": \"${HELLO_HASH}\" }}" | ipfs dag put)" - ' - test_expect_success "'ipfs name publish --allow-offline /ipld/...' succeeds" ' - test_check_peerid "${PEERID}" && - ipfs name publish --allow-offline "/ipld/$OBJECT_HASH/thing" >publish_out - ' - test_expect_success "publish a path looks good" ' - echo "Published to ${PEERID}: /ipld/$OBJECT_HASH/thing" >expected3 && - test_cmp expected3 publish_out - ' - test_expect_success "'ipfs name resolve' succeeds" ' - ipfs name resolve "$PEERID" >output - ' - test_expect_success "resolve output looks good (IPNS + IPLD)" ' - printf "/ipld/%s/thing\n" "$OBJECT_HASH" >expected4 && - test_cmp expected4 output - ' - - # test publishing nothing - - test_expect_success "'ipfs name publish' fails" ' - printf '' | test_expect_code 1 ipfs name publish --allow-offline >publish_out 2>&1 - ' - - test_expect_success "publish output has the correct error" ' - grep "argument \"ipfs-path\" is required" publish_out - ' - - test_expect_success "'ipfs name publish' fails" ' - printf '' | test_expect_code 1 ipfs name publish -Q --allow-offline >publish_out 2>&1 - ' - - test_expect_success "publish output has the correct error" ' - grep "argument \"ipfs-path\" is required" publish_out - ' - - test_expect_success "'ipfs name publish --help' succeeds" ' - ipfs name publish --help - ' - - # test offline resolve - - test_expect_success "'ipfs name resolve --offline' succeeds" ' - ipfs name resolve --offline "$PEERID" >output - ' - test_expect_success "resolve output looks good (offline resolve)" ' - printf "/ipld/%s/thing\n" "$OBJECT_HASH" >expected4 && - test_cmp expected4 output - ' - - test_expect_success "'ipfs name resolve --offline -n' succeeds" ' - ipfs name resolve --offline -n "$PEERID" >output - ' - test_expect_success "resolve output looks good (offline resolve, -n)" ' - printf "/ipld/%s/thing\n" "$OBJECT_HASH" >expected4 && - test_cmp expected4 output - ' - - test_launch_ipfs_daemon - - test_expect_success "'ipfs name resolve --offline' succeeds" ' - ipfs name resolve --offline "$PEERID" >output - ' - test_expect_success "resolve output looks good (with daemon)" ' - printf "/ipld/%s/thing\n" "$OBJECT_HASH" >expected4 && - test_cmp expected4 output - ' - - test_expect_success "'ipfs name resolve --offline -n' succeeds" ' - ipfs name resolve --offline -n "$PEERID" >output - ' - test_expect_success "resolve output looks good (with daemon, -n)" ' - printf "/ipld/%s/thing\n" "$OBJECT_HASH" >expected4 && - test_cmp expected4 output - ' - - test_expect_success "empty request to name publish doesn't panic and returns error" ' - curl -X POST "http://$API_ADDR/api/v0/name/publish" > curl_out || true && - grep "argument \"ipfs-path\" is required" curl_out - ' - - # Test Publishing with TTL and Inspecting Records - test_expect_success "'ipfs name publish --ttl=30m' succeeds" ' - ipfs name publish --ttl=30m --allow-offline "/ipfs/$HASH_WELCOME_DOCS" - ' - - test_expect_success "retrieve IPNS key for further inspection" ' - ipfs routing get "/ipns/$PEERID" > ipns_record - ' - - test_expect_success "'ipfs name inspect' has correct TTL (30m)" ' - ipfs name inspect < ipns_record > verify_output && - test_should_contain "This record was not validated." verify_output && - test_should_contain "$HASH_WELCOME_DOCS" verify_output && - test_should_contain "1800000000000" verify_output - ' - - test_expect_success "'ipfs name inspect --verify' has '.Validation.Validity' set to 'true' with correct Peer ID" ' - ipfs name inspect --verify $PEERID --enc json < ipns_record | jq -e ".Validation.Valid == true and .Entry.TTL == .Entry.Data.TTL" - ' - - test_expect_success "'ipfs name inspect --verify' has '.Validation.Validity' set to 'false' with incorrect Peer ID" ' - ipfs name inspect --verify 12D3KooWRirYjmmQATx2kgHBfky6DADsLP7ex1t7BRxJ6nqLs9WH --enc json < ipns_record | jq -e ".Validation.Valid == false" - ' - - test_kill_ipfs_daemon - - # Test daemon in offline mode - test_launch_ipfs_daemon_without_network - - test_expect_success "'ipfs name publish' fails offline mode" ' - test_expect_code 1 ipfs name publish "/ipfs/$HASH_WELCOME_DOCS" - ' - - test_kill_ipfs_daemon - - test_expect_success "clean up ipfs dir" ' - rm -rf "$IPFS_PATH" - ' -} -test_name_with_self 'default' -test_name_with_self 'rsa' -test_name_with_self 'ed25519' - -test_name_with_key() { - GEN_ALG=$1 - - test_expect_success "ipfs init (key variant $GEN_ALG)" ' - export IPFS_PATH="$(pwd)/.ipfs" && - ipfs init --empty-repo=false --profile=test > /dev/null - ' - - test_expect_success "'prepare keys" ' - case $GEN_ALG in - rsa) - export KEY=`ipfs key gen --ipns-base=b58mh --type=rsa --size=2048 key` && - export KEY_B36CID=`ipfs key list --ipns-base=base36 -l | grep key | cut -d " " -f1` - ;; - ed25519_b58) - export KEY=`ipfs key gen --ipns-base=b58mh --type=ed25519 key` - export KEY_B36CID=`ipfs key list --ipns-base=base36 -l | grep key | cut -d " " -f1` - ;; - ed25519_b36) - export KEY=`ipfs key gen --ipns-base=base36 --type=ed25519 key` - export KEY_B36CID=$KEY - ;; - esac && - test_check_peerid "${KEY}" - ' - - # publish with an explicit node ID as key name - - test_expect_success "'ipfs name publish --allow-offline --key= ' succeeds" ' - ipfs name publish --allow-offline --key=${KEY} "/ipfs/$HASH_WELCOME_DOCS" >actual_node_id_publish - ' - - test_expect_success "publish an explicit node ID as key name looks good" ' - echo "Published to ${KEY_B36CID}: /ipfs/$HASH_WELCOME_DOCS" >expected_node_id_publish && - test_cmp expected_node_id_publish actual_node_id_publish - ' - - # cleanup - test_expect_success "clean up ipfs dir" ' - rm -rf "$IPFS_PATH" - ' -} -test_name_with_key 'rsa' -test_name_with_key 'ed25519_b58' -test_name_with_key 'ed25519_b36' - - -# `ipfs name inspect --verify` using the wrong RSA key should not succeed - -test_init_ipfs --empty-repo=false -test_launch_ipfs_daemon - -test_expect_success "prepare RSA keys" ' - export KEY_1=`ipfs key gen --type=rsa --size=4096 key1` && - export KEY_2=`ipfs key gen --type=rsa --size=4096 key2` && - export PEERID_1=`ipfs key list --ipns-base=base36 -l | grep key1 | cut -d " " -f1` && - export PEERID_2=`ipfs key list --ipns-base=base36 -l | grep key2 | cut -d " " -f1` -' - -test_expect_success "ipfs name publish --allow-offline --key= ' succeeds" ' - ipfs name publish --allow-offline --key=${KEY_1} "/ipfs/$( echo "helloworld" | ipfs add --inline -q )" && - ipfs routing get "/ipns/$PEERID_1" > ipns_record -' - -test_expect_success "ipfs name inspect --verify' has '.Validation.Validity' set to 'true' with correct Peer ID" ' - ipfs name inspect --verify $PEERID_1 --enc json < ipns_record | jq -e ".Validation.Valid == true" -' - -test_expect_success "ipfs name inspect --verify' has '.Validation.Validity' set to 'false' when we verify the wrong Peer ID" ' - ipfs name inspect --verify $PEERID_2 --enc json < ipns_record | jq -e ".Validation.Valid == false" -' - -test_kill_ipfs_daemon - -test_done