9d380f5013
WebSocket client + CLI harness + pytest suite that exercises each axis of a CKBunker + Coldcard Mk4 policy and asserts the expected outcomes, including the critical negative test that a large PSBT without TOTP is rejected with a specific 'rule #1: need user(s) confirmation' reason. Configuration via .env / YAML / CLI flags, two pre-crafted test PSBTs as fixtures (generation guide in fixtures/README.md), dashboard counter scraper as sanity check, design rationale in docs/.
26 lines
929 B
Python
26 lines
929 B
Python
"""Message signing: the cheapest live proof that the Coldcard is reachable
|
|
and willing to sign under the policy."""
|
|
|
|
import pytest
|
|
|
|
from ckbunker_hsm_sign import Client, SignStatus
|
|
from ckbunker_hsm_sign.config import Config
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_signs_message_on_allowed_path(client: Client, cfg: Config):
|
|
if not cfg.policy.message_signing:
|
|
pytest.skip("policy.message_signing is disabled in config")
|
|
|
|
async with client.session() as session:
|
|
res = await session.sign_message(
|
|
message="hsm-validate unit test",
|
|
derivation_path=cfg.message_sign_path,
|
|
)
|
|
|
|
assert res.status == SignStatus.SIGNED, (res.status, res.reason, res.error)
|
|
assert res.signature, "no signature returned"
|
|
# An address is nice-to-have; some CKBunker versions omit it for QR-only paths.
|
|
if res.address:
|
|
assert res.address.startswith(("bc1", "1", "3")), res.address
|