sal-modular/vault/tests/wasm_keypair_management.rs

#![cfg(target_arch = "wasm32")]
//! WASM/browser tests for vault keypair management and crypto operations
use wasm_bindgen_test::*;
use vault::{Vault, KeyType, KeyMetadata};
use kvstore::wasm::WasmStore;
use console_error_panic_hook;

wasm_bindgen_test_configure!(run_in_browser);

#[wasm_bindgen_test(async)]
async fn wasm_test_keypair_management_and_crypto() {
    console_error_panic_hook::set_once();
    console_log::init_with_level(log::Level::Debug).expect("error initializing logger");
    let store = WasmStore::open("vault_idb_test").await.expect("Failed to open IndexedDB store");
    let mut vault = Vault::new(store);
    let keyspace = "wasmspace";
    let password = b"supersecret";
    log::debug!("Initialized vault and IndexedDB store");

    // Step 1: Create keyspace
    match vault.create_keyspace(keyspace, password, "pbkdf2", "chacha20poly1305", None).await {
        Ok(_) => log::debug!("Created keyspace"),
        Err(e) => { log::debug!("Failed to create keyspace: {:?}", e); return; }
    }

    // Step 2: Add Ed25519 keypair
    let key_id = match vault.add_keypair(keyspace, password, KeyType::Ed25519, Some(KeyMetadata { name: Some("edkey".into()), created_at: None, tags: None })).await {
        Ok(id) => { log::debug!("Added Ed25519 keypair: {}", id); id },
        Err(e) => { log::debug!("Failed to add Ed25519 keypair: {:?}", e); return; }
    };

    // Step 3: Add Secp256k1 keypair
    let secp_id = match vault.add_keypair(keyspace, password, KeyType::Secp256k1, Some(KeyMetadata { name: Some("secpkey".into()), created_at: None, tags: None })).await {
        Ok(id) => { log::debug!("Added Secp256k1 keypair: {}", id); id },
        Err(e) => { log::debug!("Failed to add Secp256k1 keypair: {:?}", e); return; }
    };

    // Step 4: List keypairs
    let keys = match vault.list_keypairs(keyspace, password).await {
        Ok(keys) => { log::debug!("Listed keypairs: {:?}", keys); keys },
        Err(e) => { log::debug!("Failed to list keypairs: {:?}", e); return; }
    };
    if keys.len() != 2 {
        log::debug!("Expected 2 keypairs, got {}", keys.len());
        return;
    }

    // Step 5: Export Ed25519 keypair
    let (priv_bytes, pub_bytes) = match vault.export_keypair(keyspace, password, &key_id).await {
        Ok((priv_bytes, pub_bytes)) => {
            log::debug!("Exported Ed25519 keypair, priv: {} bytes, pub: {} bytes", priv_bytes.len(), pub_bytes.len());
            (priv_bytes, pub_bytes)
        },
        Err(e) => { log::debug!("Failed to export Ed25519 keypair: {:?}", e); return; }
    };
    if priv_bytes.is_empty() || pub_bytes.is_empty() {
        log::debug!("Exported Ed25519 keypair bytes are empty");
        return;
    }

    // Step 6: Sign and verify with Ed25519
    let msg = b"hello wasm";
    let sig = match vault.sign(keyspace, password, &key_id, msg).await {
        Ok(sig) => { log::debug!("Signed message with Ed25519"); sig },
        Err(e) => { log::debug!("Failed to sign with Ed25519: {:?}", e); return; }
    };
    let ok = match vault.verify(keyspace, password, &key_id, msg, &sig).await {
        Ok(ok) => { log::debug!("Verified Ed25519 signature: {}", ok); ok },
        Err(e) => { log::debug!("Failed to verify Ed25519 signature: {:?}", e); return; }
    };
    if !ok {
        log::debug!("Ed25519 signature verification failed");
        return;
    }

    // Step 7: Sign and verify with Secp256k1
    let sig2 = match vault.sign(keyspace, password, &secp_id, msg).await {
        Ok(sig) => { log::debug!("Signed message with Secp256k1"); sig },
        Err(e) => { log::debug!("Failed to sign with Secp256k1: {:?}", e); return; }
    };
    let ok2 = match vault.verify(keyspace, password, &secp_id, msg, &sig2).await {
        Ok(ok) => { log::debug!("Verified Secp256k1 signature: {}", ok); ok },
        Err(e) => { log::debug!("Failed to verify Secp256k1 signature: {:?}", e); return; }
    };
    if !ok2 {
        log::debug!("Secp256k1 signature verification failed");
        return;
    }

    // Step 8: Encrypt and decrypt
    let ciphertext = match vault.encrypt(keyspace, password, msg).await {
        Ok(ct) => { log::debug!("Encrypted message"); ct },
        Err(e) => { log::debug!("Failed to encrypt message: {:?}", e); return; }
    };
    let plaintext = match vault.decrypt(keyspace, password, &ciphertext).await {
        Ok(pt) => { log::debug!("Decrypted message"); pt },
        Err(e) => { log::debug!("Failed to decrypt message: {:?}", e); return; }
    };
    if plaintext != msg {
        log::debug!("Decrypted message does not match original");
        return;
    }

    // Step 9: Remove Ed25519 keypair
    match vault.remove_keypair(keyspace, password, &key_id).await {
        Ok(_) => log::debug!("Removed Ed25519 keypair"),
        Err(e) => { log::debug!("Failed to remove Ed25519 keypair: {:?}", e); return; }
    }
    let keys = match vault.list_keypairs(keyspace, password).await {
        Ok(keys) => { log::debug!("Listed keypairs after removal: {:?}", keys); keys },
        Err(e) => { log::debug!("Failed to list keypairs after removal: {:?}", e); return; }
    };
    if keys.len() != 1 {
        log::debug!("Expected 1 keypair after removal, got {}", keys.len());
        return;
    }
}



wasm_bindgen_test_configure!(run_in_browser);

#[wasm_bindgen_test]
fn sanity_check() {
    assert_eq!(2 + 2, 4);
}