feat: Add SessionManager for ergonomic key management

2025-05-16 00:15:07 +03:00
parent 791752c3a5
commit 73233ec69b
10 changed files with 870 additions and 4 deletions
--- a/vault/tests/dev-dependencies-tempfile.txt
+++ b/vault/tests/dev-dependencies-tempfile.txt
@@ -0,0 +1 @@
+tempfile = "3.10"
--- a/vault/tests/keypair_management.rs
+++ b/vault/tests/keypair_management.rs
@@ -11,7 +11,9 @@ async fn test_keypair_management_and_crypto() {
    debug!("test_keypair_management_and_crypto started");
    // Use NativeStore for native tests
    #[cfg(not(target_arch = "wasm32"))]
-    let store = NativeStore::open("vault_native_test").expect("Failed to open native store");
+    use tempfile::TempDir;
+    let tmp_dir = TempDir::new().expect("create temp dir");
+    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("Failed to open native store");
    #[cfg(not(target_arch = "wasm32"))]
    let mut vault = Vault::new(store);
    #[cfg(target_arch = "wasm32")]
--- a/vault/tests/session_manager.rs
+++ b/vault/tests/session_manager.rs
@@ -0,0 +1,61 @@
+//! Integration tests for SessionManager (stateful API) in the vault crate
+
+#[cfg(not(target_arch = "wasm32"))]
+use vault::{Vault, KeyType, KeyMetadata, SessionManager};
+#[cfg(not(target_arch = "wasm32"))]
+use kvstore::NativeStore;
+
+#[cfg(not(target_arch = "wasm32"))]
+#[tokio::test]
+async fn session_manager_end_to_end() {
+    use tempfile::TempDir;
+    let tmp_dir = TempDir::new().expect("create temp dir");
+    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("open NativeStore");
+    let mut vault = Vault::new(store);
+    let keyspace = "personal";
+    let password = b"testpass";
+
+    // Create keyspace
+    vault.create_keyspace(keyspace, password, None).await.expect("create_keyspace");
+    // Add keypair
+    let key_id = vault.add_keypair(keyspace, password, Some(KeyType::Secp256k1), Some(KeyMetadata { name: Some("main".to_string()), created_at: None, tags: None })).await.expect("add_keypair");
+
+    // Create session manager
+    let mut session = SessionManager::new(vault);
+    session.unlock_keyspace(keyspace, password).await.expect("unlock_keyspace");
+    session.select_keyspace(keyspace).expect("select_keyspace");
+    session.select_keypair(&key_id).expect("select_keypair");
+
+    // Sign and verify
+    let msg = b"hello world";
+    let sig = session.sign(msg).await.expect("sign");
+    let _keypair = session.current_keypair().expect("current_keypair");
+    // Use stateless API for verify: get password from test context, not from private fields
+    let password = b"testpass";
+    let verified = session
+        .get_vault()
+        .verify(keyspace, password, &key_id, msg, &sig)
+        .await
+        .expect("verify");
+    assert!(verified, "signature should verify");
+
+    // Logout wipes secrets
+    session.logout();
+    assert!(session.current_keyspace().is_none());
+    assert!(session.current_keypair().is_none());
+    // No public API for unlocked_keyspaces, but behavior is covered by above asserts
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+#[tokio::test]
+async fn session_manager_errors() {
+    use tempfile::TempDir;
+    let tmp_dir = TempDir::new().expect("create temp dir");
+    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("open NativeStore");
+    let vault = Vault::new(store);
+    let mut session = SessionManager::new(vault);
+    // No keyspace unlocked
+    assert!(session.select_keyspace("none").is_err());
+    assert!(session.select_keypair("none").is_err());
+    assert!(session.sign(b"fail").await.is_err());
+}
--- a/vault/tests/wasm_session_manager.rs
+++ b/vault/tests/wasm_session_manager.rs
@@ -0,0 +1,45 @@
+//! WASM integration test for SessionManager using kvstore::WasmStore
+
+use vault::Vault;
+#[cfg(target_arch = "wasm32")]
+use kvstore::WasmStore;
+use wasm_bindgen_test::*;
+
+wasm_bindgen_test_configure!(run_in_browser);
+
+#[cfg(target_arch = "wasm32")]
+#[wasm_bindgen_test(async)]
+async fn wasm_session_manager_end_to_end() {
+    let store = WasmStore::open("test").await.expect("open WasmStore");
+    let mut vault = Vault::new(store);
+    let keyspace = "personal";
+    let password = b"testpass";
+
+    // Create keyspace
+    vault.create_keyspace(keyspace, password, None).await.expect("create_keyspace");
+    // Add keypair
+    let key_id = vault.add_keypair(keyspace, password, Some(KeyType::Secp256k1), Some(KeyMetadata { name: Some("main".to_string()), created_at: None, tags: None })).await.expect("add_keypair");
+
+    // Create session manager
+    let mut session = SessionManager::new(vault);
+    session.unlock_keyspace(keyspace, password).await.expect("unlock_keyspace");
+    session.select_keyspace(keyspace).expect("select_keyspace");
+    session.select_keypair(&key_id).expect("select_keypair");
+
+    // Sign and verify
+    let msg = b"hello world";
+    let sig = session.sign(msg).await.expect("sign");
+    let _keypair = session.current_keypair().expect("current_keypair");
+    let verified = session
+        .get_vault()
+        .verify(keyspace, password, &key_id, msg, &sig)
+        .await
+        .unwrap();
+    assert!(verified, "signature should verify");
+
+    // Logout wipes secrets
+    session.logout();
+    assert!(session.current_keyspace().is_none());
+    assert!(session.sign(b"fail").await.is_err());
+    // No public API for unlocked_keyspaces, but behavior is covered by above asserts
+}