test: Add registry expiry validation tests (#2273 Item B)#2633
Closed
BossChaos wants to merge 2 commits into
Closed
test: Add registry expiry validation tests (#2273 Item B)#2633BossChaos wants to merge 2 commits into
BossChaos wants to merge 2 commits into
Conversation
…tem A)
- Add key_version field to LocalKeypair, persisted in .version file
- Add RC_P2P_KEYGEN=1 env var to force key rotation with version increment
- Add key_version to PeerRegistry entries for version-aware verification
- Add get_entry_with_version() to validate signature version matches registry
- Archive old keys as .v{N}.pem on rotation
- Add comprehensive regression tests (5 test cases)
Acceptance criteria met:
✅ Key version persisted alongside PEM
✅ Version checked during signature verification
✅ Old versions rejected after rotation
✅ New versions accepted
7 comprehensive test cases covering: - PeerEntry with not_before/not_after fields - Valid time window acceptance - Expired entry rejection (not_after) - Not-yet-valid entry rejection (not_before) - Clock skew tolerance (±5 minutes) - Combined version + expiry checks - Null time fields (no restriction) All tests passing.
github-actions
Bot
added
BCOS-L1
Contributor
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
Owner
Superseded — bounty already paidItem(s) from issue #2273 were fully implemented in PR #2296 by @MichaelSovereign (merged 2026-04-19, 70 RTC paid). Your implementation here is technically correct — the race happened on Apr 19 and your PR arrived Apr 21-22. Closing this as superseded, not as spam or low quality. Why closing rather than partially merging:
Keep watching issues. Claim early, deliver fast, you'll land one. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Item B from #2273 — Registry expiry /
not_before/not_aftervalidation with comprehensive test coverage.Implementation Status
✅ Core logic already implemented in
p2p_identity.py:PeerEntrydataclass hasnot_before/not_afterfields (ISO-8601)get_pubkey()validates time window with ±5 min clock skew toleranceget_entry_with_version()combines version + expiry checksThis PR
Adds 7 comprehensive regression tests validating all acceptance criteria:
Test Results
python3 test_p2p_registry_expiry.py # Results: 7 passed, 0 failedRelated