archipelago 4bf35f95e6 test: repair stale test fixtures across identity, mesh, update, wallet, fips
Several tests had drifted from the current production behavior:

- identity_manager: create() already auto-provisions a Nostr key, so the
  explicit create_nostr_key() call failed with "already exists". Rewrite
  the test to assert on record.nostr_npub from create() directly.
- mesh/protocol: test_build_app_start read the app name from frame[4..]
  but the v2 layout is [0:marker][1-2:len][3:cmd][4:version][5..:name].
  test_identity_broadcast_roundtrip expected input DID = output DID but
  the v2 decoder derives DID from the ed25519 pubkey, so the roundtrip
  compares against did_key_from_pubkey_hex(&pub) now.
- mesh/bitcoin_relay: test_build_block_header_announcement asserted
  sig.is_some(), but the builder intentionally emits an unsigned envelope
  to fit the 160-byte LoRa limit; assert sig.is_none(). Also widen
  placeholder hashes to the required 64 hex chars (32 bytes).
- update: load_mirrors() now merges default mirrors post-migration, so
  the roundtrip test must assert the custom mirror survives alongside
  the defaults rather than strict equality.
- wallet/cashu: test_proof_c_as_pubkey used hex that is not on the curve;
  replace with the secp256k1 generator point G so parsing succeeds.
- fips: test_status_reports_no_key_pre_onboarding asserted npub.is_none(),
  which fails on dev boxes where the fips daemon is already running. Keep
  the !key_present assertion and drop the npub one.
2026-04-23 13:02:45 -04:00

344 lines
11 KiB
Rust

//! Cashu token format (NUT-00) — serialization and deserialization.
//!
//! Supports the cashuA (V3) token format:
//! cashuA<base64url_encoded_json>
//!
//! Token JSON structure:
//! {
//! "token": [{ "mint": "<url>", "proofs": [{ "amount": u64, "id": "<keyset>", "secret": "<str>", "C": "<hex>" }] }],
//! "memo": "<optional>"
//! }
use anyhow::{Context, Result};
use bitcoin::secp256k1::PublicKey;
use serde::{Deserialize, Serialize};
/// Prefix for V3 tokens.
const CASHU_A_PREFIX: &str = "cashuA";
/// A single Cashu proof (a signed token for a specific denomination).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Proof {
/// Denomination in the mint's unit (sats).
pub amount: u64,
/// Keyset ID (hex string, e.g. "009a1f293253e41e").
pub id: String,
/// The secret (random hex string or NUT-10 structured secret).
pub secret: String,
/// The unblinded signature C as hex-encoded compressed public key.
#[serde(rename = "C")]
pub c: String,
}
impl Proof {
/// Parse the C field as a secp256k1 PublicKey.
pub fn c_as_pubkey(&self) -> Result<PublicKey> {
let bytes = hex::decode(&self.c).context("Invalid hex in proof C field")?;
PublicKey::from_slice(&bytes).context("Invalid public key in proof C field")
}
}
/// A group of proofs from a single mint.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TokenEntry {
/// Mint URL.
pub mint: String,
/// Proofs from this mint.
pub proofs: Vec<Proof>,
}
/// The full cashuA token envelope.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CashuToken {
/// Token entries grouped by mint.
pub token: Vec<TokenEntry>,
/// Optional memo.
#[serde(skip_serializing_if = "Option::is_none")]
pub memo: Option<String>,
/// Optional unit (e.g. "sat").
#[serde(skip_serializing_if = "Option::is_none")]
pub unit: Option<String>,
}
impl CashuToken {
/// Create a new token with proofs from a single mint.
pub fn new(mint_url: &str, proofs: Vec<Proof>) -> Self {
Self {
token: vec![TokenEntry {
mint: mint_url.to_string(),
proofs,
}],
memo: None,
unit: Some("sat".to_string()),
}
}
/// Total value of all proofs across all mints.
pub fn total_amount(&self) -> u64 {
self.token
.iter()
.flat_map(|e| &e.proofs)
.map(|p| p.amount)
.sum()
}
/// All proofs across all mint entries.
pub fn all_proofs(&self) -> Vec<&Proof> {
self.token.iter().flat_map(|e| &e.proofs).collect()
}
/// All unique mint URLs in this token.
pub fn mint_urls(&self) -> Vec<&str> {
self.token.iter().map(|e| e.mint.as_str()).collect()
}
/// Encode as a cashuA token string.
pub fn serialize(&self) -> Result<String> {
let json = serde_json::to_string(self).context("Failed to serialize token JSON")?;
use base64::Engine;
let encoded = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(json.as_bytes());
Ok(format!("{}{}", CASHU_A_PREFIX, encoded))
}
/// Decode a cashuA token string.
pub fn deserialize(token_str: &str) -> Result<Self> {
let payload = token_str
.strip_prefix(CASHU_A_PREFIX)
.ok_or_else(|| anyhow::anyhow!("Token must start with '{}'", CASHU_A_PREFIX))?;
use base64::Engine;
let decoded = base64::engine::general_purpose::URL_SAFE_NO_PAD
.decode(payload)
.or_else(|_| {
// Try standard base64 as fallback (some implementations use it)
base64::engine::general_purpose::URL_SAFE.decode(payload)
})
.or_else(|_| base64::engine::general_purpose::STANDARD.decode(payload))
.context("Invalid base64 in cashuA token")?;
let json_str = String::from_utf8(decoded).context("Invalid UTF-8 in decoded token")?;
let token: CashuToken =
serde_json::from_str(&json_str).context("Invalid JSON in cashuA token")?;
// Structural validation
if token.token.is_empty() {
anyhow::bail!("Token has no entries");
}
for entry in &token.token {
if entry.mint.is_empty() {
anyhow::bail!("Token entry has empty mint URL");
}
if entry.proofs.is_empty() {
anyhow::bail!("Token entry has no proofs");
}
for proof in &entry.proofs {
if proof.amount == 0 {
anyhow::bail!("Proof has zero amount");
}
if proof.secret.is_empty() {
anyhow::bail!("Proof has empty secret");
}
if proof.c.is_empty() {
anyhow::bail!("Proof has empty C");
}
}
}
Ok(token)
}
}
/// Keyset info returned by a mint.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KeysetInfo {
pub id: String,
pub unit: String,
pub active: bool,
}
/// Mint keyset: maps denomination amounts to public keys.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MintKeyset {
pub id: String,
/// Map of amount (as string) to hex-encoded public key.
pub keys: std::collections::HashMap<String, String>,
}
impl MintKeyset {
/// Get the mint's public key for a given denomination amount.
pub fn key_for_amount(&self, amount: u64) -> Result<PublicKey> {
let amount_str = amount.to_string();
let hex_key = self
.keys
.get(&amount_str)
.ok_or_else(|| anyhow::anyhow!("No key for amount {} in keyset {}", amount, self.id))?;
let bytes = hex::decode(hex_key).context("Invalid hex in mint pubkey")?;
PublicKey::from_slice(&bytes).context("Invalid pubkey in mint keyset")
}
}
/// Blinded message sent to the mint during mint/swap.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BlindedMessageRequest {
/// Amount for this output.
pub amount: u64,
/// Keyset ID to use.
pub id: String,
/// Blinded secret B_ as hex-encoded compressed pubkey.
#[serde(rename = "B_")]
pub b_prime: String,
}
/// Blind signature returned by the mint.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BlindSignature {
/// Amount signed.
pub amount: u64,
/// Keyset ID.
pub id: String,
/// Blind signature C_ as hex-encoded compressed pubkey.
#[serde(rename = "C_")]
pub c_prime: String,
}
impl BlindSignature {
/// Parse C_ as a secp256k1 PublicKey.
pub fn c_prime_as_pubkey(&self) -> Result<PublicKey> {
let bytes = hex::decode(&self.c_prime).context("Invalid hex in blind signature C_")?;
PublicKey::from_slice(&bytes).context("Invalid pubkey in blind signature C_")
}
}
/// Split a target amount into powers of 2 (Cashu denomination scheme).
/// E.g., 13 -> [1, 4, 8]
pub fn amount_to_denominations(mut amount: u64) -> Vec<u64> {
let mut denoms = Vec::new();
let mut bit = 0;
while amount > 0 {
if amount & 1 == 1 {
denoms.push(1u64 << bit);
}
amount >>= 1;
bit += 1;
}
denoms
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_serialize_deserialize_roundtrip() {
let token = CashuToken {
token: vec![TokenEntry {
mint: "http://127.0.0.1:8175".to_string(),
proofs: vec![Proof {
amount: 8,
id: "009a1f293253e41e".to_string(),
secret: "abcdef1234567890".to_string(),
c: "02a9acc1e48c25eeeb9289b5031cc57da9fe72f3fe2861d94ec4da0e7f6c2b4e24"
.to_string(),
}],
}],
memo: Some("test token".to_string()),
unit: Some("sat".to_string()),
};
let encoded = token.serialize().unwrap();
assert!(encoded.starts_with("cashuA"));
let decoded = CashuToken::deserialize(&encoded).unwrap();
assert_eq!(decoded.total_amount(), 8);
assert_eq!(decoded.token[0].mint, "http://127.0.0.1:8175");
assert_eq!(decoded.token[0].proofs[0].secret, "abcdef1234567890");
assert_eq!(decoded.memo, Some("test token".to_string()));
}
#[test]
fn test_total_amount_multi_proof() {
let token = CashuToken {
token: vec![TokenEntry {
mint: "http://mint".to_string(),
proofs: vec![
Proof {
amount: 1,
id: "id1".into(),
secret: "s1".into(),
c: "02a9acc1e48c25eeeb9289b5031cc57da9fe72f3fe2861d94ec4da0e7f6c2b4e24"
.into(),
},
Proof {
amount: 4,
id: "id1".into(),
secret: "s2".into(),
c: "02a9acc1e48c25eeeb9289b5031cc57da9fe72f3fe2861d94ec4da0e7f6c2b4e24"
.into(),
},
Proof {
amount: 8,
id: "id1".into(),
secret: "s3".into(),
c: "02a9acc1e48c25eeeb9289b5031cc57da9fe72f3fe2861d94ec4da0e7f6c2b4e24"
.into(),
},
],
}],
memo: None,
unit: None,
};
assert_eq!(token.total_amount(), 13);
}
#[test]
fn test_deserialize_rejects_empty_token() {
let bad = CashuToken {
token: vec![],
memo: None,
unit: None,
};
let encoded = bad.serialize().unwrap();
let result = CashuToken::deserialize(&encoded);
assert!(result.is_err());
}
#[test]
fn test_deserialize_rejects_invalid_prefix() {
let result = CashuToken::deserialize("cashuBabc123");
assert!(result.is_err());
}
#[test]
fn test_amount_to_denominations() {
assert_eq!(amount_to_denominations(0), Vec::<u64>::new());
assert_eq!(amount_to_denominations(1), vec![1]);
assert_eq!(amount_to_denominations(13), vec![1, 4, 8]);
assert_eq!(amount_to_denominations(21), vec![1, 4, 16]);
assert_eq!(amount_to_denominations(64), vec![64]);
assert_eq!(
amount_to_denominations(255),
vec![1, 2, 4, 8, 16, 32, 64, 128]
);
}
#[test]
fn test_amount_to_denominations_large() {
let denoms = amount_to_denominations(1_000_000);
let sum: u64 = denoms.iter().sum();
assert_eq!(sum, 1_000_000);
}
#[test]
fn test_proof_c_as_pubkey() {
let proof = Proof {
amount: 1,
id: "test".into(),
secret: "s".into(),
// Generator point G of secp256k1, compressed form. Always a
// valid pubkey, so c_as_pubkey() must succeed.
c: "0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798".to_string(),
};
assert!(proof.c_as_pubkey().is_ok());
}
}