archy/scripts/test-identity.sh

#!/bin/bash
set -euo pipefail
# TEST-207: Multi-identity lifecycle test.
# Tests identity creation, signing, verification, deletion, and Nostr key generation.

SSH_KEY="${ARCHIPELAGO_SSH_KEY:-$HOME/.ssh/archipelago-deploy}"
TARGET="archipelago@192.168.1.228"
SSH_CMD="ssh -i $SSH_KEY -o StrictHostKeyChecking=no $TARGET"
PASSWORD="password123"

PASS=0
FAIL=0
SKIP=0
RESULTS=()
CREATED_IDS=()

log() { echo -e "\033[1;34m[TEST]\033[0m $*"; }
pass() { echo -e "\033[1;32m[PASS]\033[0m $*"; PASS=$((PASS + 1)); RESULTS+=("PASS: $*"); }
fail() { echo -e "\033[1;31m[FAIL]\033[0m $*"; FAIL=$((FAIL + 1)); RESULTS+=("FAIL: $*"); }
skip() { echo -e "\033[1;33m[SKIP]\033[0m $*"; SKIP=$((SKIP + 1)); RESULTS+=("SKIP: $*"); }

get_session() {
  $SSH_CMD "curl -s -c - http://localhost:5678/rpc/v1 \
    -X POST -H 'Content-Type: application/json' \
    -d '{\"method\":\"auth.login\",\"params\":{\"password\":\"$PASSWORD\"}}' 2>/dev/null \
    | grep session | awk '{print \$NF}'"
}

rpc_call() {
  local session="$1" method="$2" params="${3:-{}}"
  $SSH_CMD "curl -s http://localhost:5678/rpc/v1 \
    -X POST -H 'Content-Type: application/json' \
    -H 'Cookie: session=$session' \
    -d '{\"method\":\"$method\",\"params\":$params}' 2>/dev/null"
}

main() {
  log "=== Identity Lifecycle Test ==="
  echo ""

  log "Authenticating..."
  local session
  session=$(get_session)
  if [ -z "$session" ]; then
    echo "Failed to authenticate. Exiting."
    exit 1
  fi
  echo ""

  # 1. List existing identities
  log "1. Listing existing identities..."
  local list_result
  list_result=$(rpc_call "$session" "identity.list")
  if echo "$list_result" | grep -q '"identities"'; then
    local count
    count=$(echo "$list_result" | grep -o '"id":"' | wc -l)
    pass "identity.list — found $count identities"
  else
    fail "identity.list failed"
  fi

  # 2. Create a test identity
  log "2. Creating test identity..."
  local create_result
  create_result=$(rpc_call "$session" "identity.create" '{"name":"Test Bot","purpose":"anonymous"}')
  local test_id
  test_id=$(echo "$create_result" | grep -o '"id":"[^"]*"' | head -1 | sed 's/"id":"//;s/"//')
  if [ -n "$test_id" ]; then
    pass "identity.create — created $test_id"
    CREATED_IDS+=("$test_id")
  else
    fail "identity.create failed"
    return
  fi

  # 3. Get the identity back
  log "3. Getting identity by ID..."
  local get_result
  get_result=$(rpc_call "$session" "identity.get" "{\"id\":\"$test_id\"}")
  if echo "$get_result" | grep -q '"did"'; then
    pass "identity.get — retrieved identity"
  else
    fail "identity.get failed"
  fi

  # 4. Sign a message
  log "4. Signing a message..."
  local sign_result
  sign_result=$(rpc_call "$session" "identity.sign" "{\"id\":\"$test_id\",\"message\":\"test-message-123\"}")
  local signature
  signature=$(echo "$sign_result" | grep -o '"signature":"[^"]*"' | head -1 | sed 's/"signature":"//;s/"//')
  if [ -n "$signature" ]; then
    pass "identity.sign — signature: ${signature:0:16}..."
  else
    fail "identity.sign failed"
  fi

  # 5. Verify the signature
  log "5. Verifying signature..."
  local did
  did=$(echo "$get_result" | grep -o '"did":"[^"]*"' | head -1 | sed 's/"did":"//;s/"//')
  local pubkey
  pubkey=$(echo "$get_result" | grep -o '"pubkey":"[^"]*"' | head -1 | sed 's/"pubkey":"//;s/"//')

  if [ -n "$signature" ] && [ -n "$pubkey" ]; then
    local verify_result
    verify_result=$(rpc_call "$session" "identity.verify" "{\"pubkey\":\"$pubkey\",\"message\":\"test-message-123\",\"signature\":\"$signature\"}")
    if echo "$verify_result" | grep -q '"valid":true'; then
      pass "identity.verify — signature valid"
    else
      fail "identity.verify — signature invalid or verification failed"
    fi
  else
    skip "identity.verify — missing pubkey or signature"
  fi

  # 6. Create Nostr key
  log "6. Creating Nostr keypair..."
  local nostr_result
  nostr_result=$(rpc_call "$session" "identity.create-nostr-key" "{\"id\":\"$test_id\"}")
  if echo "$nostr_result" | grep -q '"nostr_pubkey"'; then
    pass "identity.create-nostr-key — Nostr key generated"
  else
    local msg
    msg=$(echo "$nostr_result" | grep -o '"message":"[^"]*"' | head -1)
    if echo "$msg" | grep -qi "already"; then
      pass "identity.create-nostr-key — key already exists"
    else
      fail "identity.create-nostr-key failed: $msg"
    fi
  fi

  # 7. Create second identity for multi-identity testing
  log "7. Creating second identity..."
  local create2_result
  create2_result=$(rpc_call "$session" "identity.create" '{"name":"Work Identity","purpose":"business"}')
  local test_id2
  test_id2=$(echo "$create2_result" | grep -o '"id":"[^"]*"' | head -1 | sed 's/"id":"//;s/"//')
  if [ -n "$test_id2" ]; then
    pass "Created second identity: $test_id2"
    CREATED_IDS+=("$test_id2")
  else
    fail "Failed to create second identity"
  fi

  # 8. Set default identity
  if [ -n "$test_id2" ]; then
    log "8. Setting default identity..."
    local default_result
    default_result=$(rpc_call "$session" "identity.set-default" "{\"id\":\"$test_id2\"}")
    if echo "$default_result" | grep -q '"error"'; then
      fail "identity.set-default failed"
    else
      pass "identity.set-default — switched default"
    fi
  fi

  # 9. Delete test identities (clean up)
  log "9. Deleting test identities..."
  for cid in "${CREATED_IDS[@]}"; do
    local del_result
    del_result=$(rpc_call "$session" "identity.delete" "{\"id\":\"$cid\"}")
    if echo "$del_result" | grep -q '"error"'; then
      fail "identity.delete failed for $cid"
    else
      pass "identity.delete — removed $cid"
    fi
  done

  # 10. Verify deletion
  log "10. Verifying identities removed..."
  local final_list
  final_list=$(rpc_call "$session" "identity.list")
  local still_exists=false
  for cid in "${CREATED_IDS[@]}"; do
    if echo "$final_list" | grep -q "$cid"; then
      still_exists=true
    fi
  done
  if [ "$still_exists" = true ]; then
    fail "Test identities still exist after deletion"
  else
    pass "All test identities successfully removed"
  fi

  echo ""
  log "=== RESULTS ==="
  for r in "${RESULTS[@]}"; do
    echo "  $r"
  done
  echo ""
  log "Pass: $PASS | Fail: $FAIL | Skip: $SKIP"

  [ $FAIL -gt 0 ] && exit 1
  exit 0
}

main "$@"