attesto-go/proofstream_parity_test.go

package attesto

import (
	"encoding/json"
	"errors"
	"os"
	"path/filepath"
	"testing"
)

type parityVectors struct {
	Accept []struct {
		ID                   string         `json:"id"`
		Payload              map[string]any `json:"payload"`
		CanonicalPayloadHash string         `json:"canonical_payload_hash"`
	} `json:"accept"`
	Reject []struct {
		ID      string         `json:"id"`
		Payload map[string]any `json:"payload"`
		Path    string         `json:"path"`
	} `json:"reject"`
}

func loadParityVectors(t *testing.T) parityVectors {
	t.Helper()
	path := filepath.Join("..", "..", "golden-vectors", "sdk-parity", "canonical-numbers.json")
	raw, err := os.ReadFile(path)
	if err != nil {
		t.Fatalf("read parity vectors: %v", err)
	}
	var v parityVectors
	if err := json.Unmarshal(raw, &v); err != nil {
		t.Fatalf("decode parity vectors: %v", err)
	}
	return v
}

func TestParityAcceptCommitmentHashes(t *testing.T) {
	for _, c := range loadParityVectors(t).Accept {
		commitment, err := PayloadCommitment(c.Payload)
		if err != nil {
			t.Fatalf("%s: PayloadCommitment: %v", c.ID, err)
		}
		if commitment["hash_alg"] != "sha256" {
			t.Errorf("%s: hash_alg %q", c.ID, commitment["hash_alg"])
		}
		if commitment["canonical_payload_hash"] != c.CanonicalPayloadHash {
			t.Errorf("%s: hash %s != %s", c.ID, commitment["canonical_payload_hash"], c.CanonicalPayloadHash)
		}
	}
}

func TestParityAcceptPassPreflight(t *testing.T) {
	for _, c := range loadParityVectors(t).Accept {
		if err := AssertCommitmentSafeNumbers(c.Payload, "$"); err != nil {
			t.Errorf("%s: unexpected preflight error: %v", c.ID, err)
		}
	}
}

func TestParityRejectPaths(t *testing.T) {
	for _, c := range loadParityVectors(t).Reject {
		err := AssertCommitmentSafeNumbers(c.Payload, "$")
		var ue *UnsafeNumberError
		if !errors.As(err, &ue) {
			t.Errorf("%s: expected *UnsafeNumberError, got %v", c.ID, err)
			continue
		}
		if ue.Path != c.Path {
			t.Errorf("%s: path %s != %s", c.ID, ue.Path, c.Path)
		}
	}
}

type receiptParityVectors struct {
	Cases []struct {
		ID            string        `json:"id"`
		PublicKeyHex  string        `json:"public_key_hex"`
		Receipt       SignedReceipt `json:"receipt"`
		ExpectOK      bool          `json:"expect_ok"`
		ExpectProblem []string      `json:"expect_problems"`
	} `json:"cases"`
}

func TestParityReceiptVerification(t *testing.T) {
	path := filepath.Join("..", "..", "golden-vectors", "sdk-parity", "receipts.json")
	raw, err := os.ReadFile(path)
	if err != nil {
		t.Fatalf("read receipt vectors: %v", err)
	}
	var v receiptParityVectors
	if err := json.Unmarshal(raw, &v); err != nil {
		t.Fatalf("decode receipt vectors: %v", err)
	}
	for _, c := range v.Cases {
		report := VerifyReceiptOffline(c.Receipt, c.PublicKeyHex)
		if report.OK != c.ExpectOK {
			t.Errorf("%s: ok=%v want %v (problems=%v)", c.ID, report.OK, c.ExpectOK, report.Problems)
		}
		if len(report.Problems) != len(c.ExpectProblem) {
			t.Errorf("%s: problems=%v want %v", c.ID, report.Problems, c.ExpectProblem)
			continue
		}
		for i, p := range c.ExpectProblem {
			if report.Problems[i] != p {
				t.Errorf("%s: problem[%d]=%q want %q", c.ID, i, report.Problems[i], p)
			}
		}
	}
}

type inclusionParityVectors struct {
	Inclusion []struct {
		ID       string          `json:"id"`
		LeafHash string          `json:"leaf_hash"`
		Proof    []InclusionStep `json:"proof"`
		RootHash string          `json:"root_hash"`
		ExpectOK bool            `json:"expect_ok"`
	} `json:"inclusion"`
	CheckpointRoot []struct {
		ID           string   `json:"id"`
		WindowHashes []string `json:"window_hashes"`
		ExpectedRoot string   `json:"expected_root"`
		ExpectOK     bool     `json:"expect_ok"`
	} `json:"checkpoint_root"`
	CheckpointExtension []struct {
		ID       string         `json:"id"`
		Previous map[string]any `json:"previous"`
		Current  map[string]any `json:"current"`
		ExpectOK bool           `json:"expect_ok"`
	} `json:"checkpoint_extension"`
	Completeness []struct {
		ID        string           `json:"id"`
		Events    []map[string]any `json:"events"`
		FromSeqNo int              `json:"from_seq_no"`
		ToSeqNo   int              `json:"to_seq_no"`
		ExpectOK  bool             `json:"expect_ok"`
	} `json:"completeness"`
}

func TestParityInclusionAndCheckpoint(t *testing.T) {
	path := filepath.Join("..", "..", "golden-vectors", "sdk-parity", "inclusion.json")
	raw, err := os.ReadFile(path)
	if err != nil {
		t.Fatalf("read inclusion vectors: %v", err)
	}
	var v inclusionParityVectors
	if err := json.Unmarshal(raw, &v); err != nil {
		t.Fatalf("decode inclusion vectors: %v", err)
	}
	for _, c := range v.Inclusion {
		ok, err := VerifyInclusionProof(c.LeafHash, c.Proof, c.RootHash)
		if err != nil {
			t.Fatalf("%s: %v", c.ID, err)
		}
		if ok != c.ExpectOK {
			t.Errorf("inclusion %s: ok=%v want %v", c.ID, ok, c.ExpectOK)
		}
	}
	for _, c := range v.CheckpointRoot {
		ok, err := VerifyCheckpointRoot(c.WindowHashes, c.ExpectedRoot)
		if err != nil {
			t.Fatalf("%s: %v", c.ID, err)
		}
		if ok != c.ExpectOK {
			t.Errorf("checkpoint_root %s: ok=%v want %v", c.ID, ok, c.ExpectOK)
		}
	}
	for _, c := range v.CheckpointExtension {
		report := VerifyCheckpointExtension(c.Previous, c.Current)
		if report.OK != c.ExpectOK {
			t.Errorf("extension %s: ok=%v want %v (%v)", c.ID, report.OK, c.ExpectOK, report.Problems)
		}
	}
	for _, c := range v.Completeness {
		report := VerifyCompleteness(c.Events, c.FromSeqNo, c.ToSeqNo)
		if report.OK != c.ExpectOK {
			t.Errorf("completeness %s: ok=%v want %v (%v)", c.ID, report.OK, c.ExpectOK, report.Problems)
		}
	}
}

func TestParityVerifyPayloadCommitment(t *testing.T) {
	for _, c := range loadParityVectors(t).Accept {
		commitment, err := PayloadCommitment(c.Payload)
		if err != nil {
			t.Fatalf("%s: PayloadCommitment: %v", c.ID, err)
		}
		stored := map[string]any{}
		for k, v := range commitment {
			stored[k] = v
		}
		event := map[string]any{"envelope": map[string]any{"payload_commitment": stored}}
		ok, err := VerifyPayloadCommitment(c.Payload, event)
		if err != nil || !ok {
			t.Errorf("%s: verify match ok=%v err=%v", c.ID, ok, err)
		}
		bad, err := VerifyPayloadCommitment(map[string]any{"tampered": float64(1)}, event)
		if err != nil || bad {
			t.Errorf("%s: tampered verify bad=%v err=%v", c.ID, bad, err)
		}
	}
}