lighthouse/common/remote_signer_consumer/tests/post.rs

mod post {
    use remote_signer_consumer::{Error, RemoteSignerHttpConsumer};
    use remote_signer_test::*;
    use reqwest::ClientBuilder;
    use sensitive_url::SensitiveUrl;
    use tokio::time::Duration;

    #[test]
    fn server_unavailable() {
        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
        let test_client = set_up_test_consumer(&test_signer.address);

        test_signer.shutdown();

        let test_input = get_input_data_block(0xc137);
        let signature = do_sign_request(&test_client, test_input);

        match signature.unwrap_err() {
            Error::Reqwest(e) => {
                let error_msg = e.to_string();
                let pubkey_string = PUBLIC_KEY_1.to_string();
                let msgs = vec![
                    "error sending request for url",
                    &pubkey_string,
                    "error trying to connect",
                    "tcp connect error",
                    match cfg!(windows) {
                        true => "No connection could be made because the target machine actively refused it",
                        false => "Connection refused",
                    }
                ];
                for msg in msgs.iter() {
                    assert!(
                        error_msg.contains(msg),
                        "{:?} should contain {:?}",
                        error_msg,
                        msg
                    );
                }
            }
            e => panic!("{:?}", e),
        }
    }

    #[test]
    fn server_error() {
        let (test_signer, tmp_dir) = set_up_api_test_signer_to_sign_message();
        restrict_permissions(tmp_dir.path());
        restrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));

        let test_client = set_up_test_consumer(&test_signer.address);
        let test_input = get_input_data_block(0xc137);
        let signature = do_sign_request(&test_client, test_input);

        unrestrict_permissions(tmp_dir.path());
        unrestrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));

        match signature.unwrap_err() {
            Error::ServerMessage(message) => assert_eq!(message, "Storage error: PermissionDenied"),
            e => panic!("{:?}", e),
        }

        test_signer.shutdown();
    }

    #[test]
    fn invalid_url() {
        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();

        let run_testcase = |u: &str| -> Result<String, String> {
            let url = SensitiveUrl::parse(u).map_err(|e| format!("{:?}", e))?;

            let reqwest_client = ClientBuilder::new()
                .timeout(Duration::from_secs(12))
                .build()
                .unwrap();

            let test_client = RemoteSignerHttpConsumer::from_components(url, reqwest_client);

            let test_input = get_input_data_block(0xc137);
            let signature = do_sign_request(&test_client, test_input);

            signature.map_err(|e| match e {
                Error::InvalidUrl(message) => format!("{:?}", message),
                Error::Reqwest(re) => {
                    if re.is_builder() {
                        format!("[Reqwest - Builder] {:?}", re.url().unwrap())
                    } else if re.is_request() {
                        format!("[Reqwest - Request] {:?}", re.url().unwrap())
                    } else {
                        format!("[Reqwest] {:?}", re)
                    }
                }
                _ => format!("{:?}", e),
            })
        };

        let testcase = |u: &str, msg: &str| assert_eq!(run_testcase(u).unwrap_err(), msg);

        // url::parser::ParseError.
        // These cases don't even make it to the step of building a RemoteSignerHttpConsumer.
        testcase("", "ParseError(RelativeUrlWithoutBase)");
        testcase("/4/8/15/16/23/42", "ParseError(RelativeUrlWithoutBase)");
        testcase("localhost", "ParseError(RelativeUrlWithoutBase)");
        testcase(":", "ParseError(RelativeUrlWithoutBase)");
        testcase("0.0:0", "ParseError(RelativeUrlWithoutBase)");
        testcase(":aa", "ParseError(RelativeUrlWithoutBase)");
        testcase("0:", "ParseError(RelativeUrlWithoutBase)");
        testcase("ftp://", "ParseError(EmptyHost)");
        testcase("http://", "ParseError(EmptyHost)");
        testcase("http://127.0.0.1:abcd", "ParseError(InvalidPort)");
        testcase("http://280.0.0.1", "ParseError(InvalidIpv4Address)");

        // `Error::InvalidUrl`.
        // The RemoteSignerHttpConsumer is created, but fails at `path_segments_mut()`.
        testcase("localhost:abcd", "InvalidUrl(\"URL cannot be a base.\")");
        testcase("localhost:", "InvalidUrl(\"URL cannot be a base.\")");

        // `Reqwest::Error` of the `Builder` kind.
        // POST is not made.
        testcase(
            "unix:/run/foo.socket",
            &format!(
                "[Reqwest - Builder] Url {{ scheme: \"unix\", cannot_be_a_base: false, username: \"\", password: None, host: None, port: None, path: \"/run/foo.socket/sign/{}\", query: None, fragment: None }}",
                PUBLIC_KEY_1
            ),
        );
        // `Reqwest::Error` of the `Request` kind.
        testcase(
            "http://127.0.0.1:0",
            &format!(
                "[Reqwest - Request] Url {{ scheme: \"http\", cannot_be_a_base: false, username: \"\", password: None, host: Some(Ipv4(127.0.0.1)), port: Some(0), path: \"/sign/{}\", query: None, fragment: None }}",
                PUBLIC_KEY_1
            ),
        );

        test_signer.shutdown();
    }

    #[test]
    fn wrong_url() {
        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();

        let run_testcase = |u: &str| -> Result<String, String> {
            let url = SensitiveUrl::parse(u).unwrap();

            let reqwest_client = ClientBuilder::new()
                .timeout(Duration::from_secs(12))
                .build()
                .unwrap();

            let test_client = RemoteSignerHttpConsumer::from_components(url, reqwest_client);

            let test_input = get_input_data_block(0xc137);
            let signature = do_sign_request(&test_client, test_input);

            signature.map_err(|e| format!("{:?}", e))
        };

        let testcase = |u: &str, msgs: Vec<&str>| {
            let r = run_testcase(u).unwrap_err();
            for msg in msgs.iter() {
                assert!(r.contains(msg), "{:?} should contain {:?}", r, msg);
            }
        };

        testcase(
            "http://error-dns",
            vec![
                "reqwest::Error",
                "kind: Request",
                &format!("/sign/{}", PUBLIC_KEY_1),
                "hyper::Error(Connect, ConnectError",
                "dns error",
                match cfg!(windows) {
                    true => "No such host is known.",
                    false => "failed to lookup address information",
                },
            ],
        );

        test_signer.shutdown();
    }

    #[test]
    fn wrong_public_key() {
        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
        let test_client = set_up_test_consumer(&test_signer.address);

        let mut test_input = get_input_data_block(0xc137);
        test_input.public_key = ABSENT_PUBLIC_KEY.to_string();

        let signature = do_sign_request(&test_client, test_input);

        match signature.unwrap_err() {
            Error::ServerMessage(msg) => {
                assert_eq!(msg, format!("Key not found: {}", ABSENT_PUBLIC_KEY))
            }
            e => panic!("{:?}", e),
        }
    }

    #[test]
    fn invalid_secret_key() {
        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
        let test_client = set_up_test_consumer(&test_signer.address);

        let mut test_input = get_input_data_block(0xc137);
        test_input.public_key = PUBLIC_KEY_FOR_INVALID_SECRET_KEY.to_string();

        let signature = do_sign_request(&test_client, test_input);

        match signature.unwrap_err() {
            Error::ServerMessage(msg) => assert_eq!(
                msg,
                format!(
                    "Invalid secret key: public_key: {}; Invalid hex character: W at index 0",
                    PUBLIC_KEY_FOR_INVALID_SECRET_KEY
                )
            ),
            e => panic!("{:?}", e),
        }
    }

    #[test]
    fn key_mismatch() {
        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
        let test_client = set_up_test_consumer(&test_signer.address);

        let mut test_input = get_input_data_block(0xc137);
        test_input.public_key = MISMATCHED_PUBLIC_KEY.to_string();

        let signature = do_sign_request(&test_client, test_input);

        match signature.unwrap_err() {
            Error::ServerMessage(msg) => {
                assert_eq!(msg, format!("Key mismatch: {}", MISMATCHED_PUBLIC_KEY))
            }
            e => panic!("{:?}", e),
        }
    }
}
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`mod post {`
			`use remote_signer_consumer::{Error, RemoteSignerHttpConsumer};`
			`use remote_signer_test::*;`
Add `SensitiveUrl` to redact user secrets from endpoints (#2326) ## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data. 2021-05-04 01:59:51 +00:00			`use reqwest::ClientBuilder;`
			`use sensitive_url::SensitiveUrl;`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`use tokio::time::Duration;`

			`#[test]`
			`fn server_unavailable() {`
			`let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();`
			`let test_client = set_up_test_consumer(&test_signer.address);`

			`test_signer.shutdown();`

			`let test_input = get_input_data_block(0xc137);`
			`let signature = do_sign_request(&test_client, test_input);`

			`match signature.unwrap_err() {`
			`Error::Reqwest(e) => {`
			`let error_msg = e.to_string();`
Enable Compatibility with Windows (#2333) ## Issue Addressed Windows incompatibility. ## Proposed Changes On windows, lighthouse needs to default to STDIN as tty doesn't exist. Also Windows uses ACLs for file permissions. So to mirror chmod 600, we will remove every entry in a file's ACL and add only a single SID that is an alias for the file owner. Beyond that, there were several changes made to different unit tests because windows has slightly different error messages as well as frustrating nuances around killing a process :/ ## Additional Info Tested on my Windows VM and it appears to work, also compiled & tested on Linux with these changes. Permissions look correct on both platforms now. Just waiting for my validator to activate on Prater so I can test running full validator client on windows. Co-authored-by: ethDreamer <37123614+ethDreamer@users.noreply.github.com> Co-authored-by: Michael Sproul <micsproul@gmail.com> 2021-05-19 23:05:16 +00:00			`let pubkey_string = PUBLIC_KEY_1.to_string();`
			`let msgs = vec![`
			`"error sending request for url",`
			`&pubkey_string,`
			`"error trying to connect",`
			`"tcp connect error",`
			`match cfg!(windows) {`
			`true => "No connection could be made because the target machine actively refused it",`
			`false => "Connection refused",`
			`}`
			`];`
			`for msg in msgs.iter() {`
			`assert!(`
			`error_msg.contains(msg),`
			`"{:?} should contain {:?}",`
			`error_msg,`
			`msg`
			`);`
			`}`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`}`
			`e => panic!("{:?}", e),`
			`}`
			`}`

			`#[test]`
			`fn server_error() {`
			`let (test_signer, tmp_dir) = set_up_api_test_signer_to_sign_message();`
Enable Compatibility with Windows (#2333) ## Issue Addressed Windows incompatibility. ## Proposed Changes On windows, lighthouse needs to default to STDIN as tty doesn't exist. Also Windows uses ACLs for file permissions. So to mirror chmod 600, we will remove every entry in a file's ACL and add only a single SID that is an alias for the file owner. Beyond that, there were several changes made to different unit tests because windows has slightly different error messages as well as frustrating nuances around killing a process :/ ## Additional Info Tested on my Windows VM and it appears to work, also compiled & tested on Linux with these changes. Permissions look correct on both platforms now. Just waiting for my validator to activate on Prater so I can test running full validator client on windows. Co-authored-by: ethDreamer <37123614+ethDreamer@users.noreply.github.com> Co-authored-by: Michael Sproul <micsproul@gmail.com> 2021-05-19 23:05:16 +00:00			`restrict_permissions(tmp_dir.path());`
			`restrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00
			`let test_client = set_up_test_consumer(&test_signer.address);`
			`let test_input = get_input_data_block(0xc137);`
			`let signature = do_sign_request(&test_client, test_input);`

Enable Compatibility with Windows (#2333) ## Issue Addressed Windows incompatibility. ## Proposed Changes On windows, lighthouse needs to default to STDIN as tty doesn't exist. Also Windows uses ACLs for file permissions. So to mirror chmod 600, we will remove every entry in a file's ACL and add only a single SID that is an alias for the file owner. Beyond that, there were several changes made to different unit tests because windows has slightly different error messages as well as frustrating nuances around killing a process :/ ## Additional Info Tested on my Windows VM and it appears to work, also compiled & tested on Linux with these changes. Permissions look correct on both platforms now. Just waiting for my validator to activate on Prater so I can test running full validator client on windows. Co-authored-by: ethDreamer <37123614+ethDreamer@users.noreply.github.com> Co-authored-by: Michael Sproul <micsproul@gmail.com> 2021-05-19 23:05:16 +00:00			`unrestrict_permissions(tmp_dir.path());`
			`unrestrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00
			`match signature.unwrap_err() {`
			`Error::ServerMessage(message) => assert_eq!(message, "Storage error: PermissionDenied"),`
			`e => panic!("{:?}", e),`
			`}`

			`test_signer.shutdown();`
			`}`

			`#[test]`
			`fn invalid_url() {`
			`let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();`

			`let run_testcase = \|u: &str\| -> Result<String, String> {`
Add `SensitiveUrl` to redact user secrets from endpoints (#2326) ## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data. 2021-05-04 01:59:51 +00:00			`let url = SensitiveUrl::parse(u).map_err(\|e\| format!("{:?}", e))?;`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00
			`let reqwest_client = ClientBuilder::new()`
			`.timeout(Duration::from_secs(12))`
			`.build()`
			`.unwrap();`

			`let test_client = RemoteSignerHttpConsumer::from_components(url, reqwest_client);`

			`let test_input = get_input_data_block(0xc137);`
			`let signature = do_sign_request(&test_client, test_input);`

			`signature.map_err(\|e\| match e {`
Add `SensitiveUrl` to redact user secrets from endpoints (#2326) ## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data. 2021-05-04 01:59:51 +00:00			`Error::InvalidUrl(message) => format!("{:?}", message),`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`Error::Reqwest(re) => {`
			`if re.is_builder() {`
			`format!("[Reqwest - Builder] {:?}", re.url().unwrap())`
			`} else if re.is_request() {`
			`format!("[Reqwest - Request] {:?}", re.url().unwrap())`
			`} else {`
			`format!("[Reqwest] {:?}", re)`
			`}`
			`}`
			`_ => format!("{:?}", e),`
			`})`
			`};`

			`let testcase = \|u: &str, msg: &str\| assert_eq!(run_testcase(u).unwrap_err(), msg);`

			`// url::parser::ParseError.`
			`// These cases don't even make it to the step of building a RemoteSignerHttpConsumer.`
Add `SensitiveUrl` to redact user secrets from endpoints (#2326) ## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data. 2021-05-04 01:59:51 +00:00			`testcase("", "ParseError(RelativeUrlWithoutBase)");`
			`testcase("/4/8/15/16/23/42", "ParseError(RelativeUrlWithoutBase)");`
			`testcase("localhost", "ParseError(RelativeUrlWithoutBase)");`
			`testcase(":", "ParseError(RelativeUrlWithoutBase)");`
			`testcase("0.0:0", "ParseError(RelativeUrlWithoutBase)");`
			`testcase(":aa", "ParseError(RelativeUrlWithoutBase)");`
			`testcase("0:", "ParseError(RelativeUrlWithoutBase)");`
			`testcase("ftp://", "ParseError(EmptyHost)");`
			`testcase("http://", "ParseError(EmptyHost)");`
			`testcase("http://127.0.0.1:abcd", "ParseError(InvalidPort)");`
			`testcase("http://280.0.0.1", "ParseError(InvalidIpv4Address)");`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00
			// `Error::InvalidUrl`.
			// The RemoteSignerHttpConsumer is created, but fails at `path_segments_mut()`.
Add `SensitiveUrl` to redact user secrets from endpoints (#2326) ## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data. 2021-05-04 01:59:51 +00:00			`testcase("localhost:abcd", "InvalidUrl(\"URL cannot be a base.\")");`
			`testcase("localhost:", "InvalidUrl(\"URL cannot be a base.\")");`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00
			// `Reqwest::Error` of the `Builder` kind.
			`// POST is not made.`
			`testcase(`
			`"unix:/run/foo.socket",`
			`&format!(`
Network protocol upgrades (#2345) This provides a number of upgrades to gossipsub and discovery. The updates are extensive and this needs thorough testing. 2021-05-28 22:02:10 +00:00			`"[Reqwest - Builder] Url {{ scheme: \"unix\", cannot_be_a_base: false, username: \"\", password: None, host: None, port: None, path: \"/run/foo.socket/sign/{}\", query: None, fragment: None }}",`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`PUBLIC_KEY_1`
			`),`
			`);`
			// `Reqwest::Error` of the `Request` kind.
			`testcase(`
			`"http://127.0.0.1:0",`
			`&format!(`
Network protocol upgrades (#2345) This provides a number of upgrades to gossipsub and discovery. The updates are extensive and this needs thorough testing. 2021-05-28 22:02:10 +00:00			`"[Reqwest - Request] Url {{ scheme: \"http\", cannot_be_a_base: false, username: \"\", password: None, host: Some(Ipv4(127.0.0.1)), port: Some(0), path: \"/sign/{}\", query: None, fragment: None }}",`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`PUBLIC_KEY_1`
			`),`
			`);`

			`test_signer.shutdown();`
			`}`

			`#[test]`
			`fn wrong_url() {`
			`let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();`

			`let run_testcase = \|u: &str\| -> Result<String, String> {`
Add `SensitiveUrl` to redact user secrets from endpoints (#2326) ## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data. 2021-05-04 01:59:51 +00:00			`let url = SensitiveUrl::parse(u).unwrap();`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00
			`let reqwest_client = ClientBuilder::new()`
			`.timeout(Duration::from_secs(12))`
			`.build()`
			`.unwrap();`

			`let test_client = RemoteSignerHttpConsumer::from_components(url, reqwest_client);`

			`let test_input = get_input_data_block(0xc137);`
			`let signature = do_sign_request(&test_client, test_input);`

			`signature.map_err(\|e\| format!("{:?}", e))`
			`};`

			`let testcase = \|u: &str, msgs: Vec<&str>\| {`
			`let r = run_testcase(u).unwrap_err();`
			`for msg in msgs.iter() {`
VC: accept unknown fields in chain spec (#2277) ## Issue Addressed Closes #2274 ## Proposed Changes * Modify the `YamlConfig` to collect unknown fields into an `extra_fields` map, instead of failing hard. * Log a debug message if there are extra fields returned to the VC from one of its BNs. This restores Lighthouse's compatibility with Teku beacon nodes (and therefore Infura) 2021-03-26 04:53:57 +00:00			`assert!(r.contains(msg), "{:?} should contain {:?}", r, msg);`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`}`
			`};`

			`testcase(`
			`"http://error-dns",`
			`vec![`
			`"reqwest::Error",`
			`"kind: Request",`
			`&format!("/sign/{}", PUBLIC_KEY_1),`
			`"hyper::Error(Connect, ConnectError",`
			`"dns error",`
Enable Compatibility with Windows (#2333) ## Issue Addressed Windows incompatibility. ## Proposed Changes On windows, lighthouse needs to default to STDIN as tty doesn't exist. Also Windows uses ACLs for file permissions. So to mirror chmod 600, we will remove every entry in a file's ACL and add only a single SID that is an alias for the file owner. Beyond that, there were several changes made to different unit tests because windows has slightly different error messages as well as frustrating nuances around killing a process :/ ## Additional Info Tested on my Windows VM and it appears to work, also compiled & tested on Linux with these changes. Permissions look correct on both platforms now. Just waiting for my validator to activate on Prater so I can test running full validator client on windows. Co-authored-by: ethDreamer <37123614+ethDreamer@users.noreply.github.com> Co-authored-by: Michael Sproul <micsproul@gmail.com> 2021-05-19 23:05:16 +00:00			`match cfg!(windows) {`
			`true => "No such host is known.",`
			`false => "failed to lookup address information",`
			`},`
[Remote signer] Add signer consumer lib (#1763) Adds a library `common/remote_signer_consumer` 2020-11-19 04:04:52 +00:00			`],`
			`);`

			`test_signer.shutdown();`
			`}`

			`#[test]`
			`fn wrong_public_key() {`
			`let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();`
			`let test_client = set_up_test_consumer(&test_signer.address);`

			`let mut test_input = get_input_data_block(0xc137);`
			`test_input.public_key = ABSENT_PUBLIC_KEY.to_string();`

			`let signature = do_sign_request(&test_client, test_input);`

			`match signature.unwrap_err() {`
			`Error::ServerMessage(msg) => {`
			`assert_eq!(msg, format!("Key not found: {}", ABSENT_PUBLIC_KEY))`
			`}`
			`e => panic!("{:?}", e),`
			`}`
			`}`

			`#[test]`
			`fn invalid_secret_key() {`
			`let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();`
			`let test_client = set_up_test_consumer(&test_signer.address);`

			`let mut test_input = get_input_data_block(0xc137);`
			`test_input.public_key = PUBLIC_KEY_FOR_INVALID_SECRET_KEY.to_string();`

			`let signature = do_sign_request(&test_client, test_input);`

			`match signature.unwrap_err() {`
			`Error::ServerMessage(msg) => assert_eq!(`
			`msg,`
			`format!(`
			`"Invalid secret key: public_key: {}; Invalid hex character: W at index 0",`
			`PUBLIC_KEY_FOR_INVALID_SECRET_KEY`
			`)`
			`),`
			`e => panic!("{:?}", e),`
			`}`
			`}`

			`#[test]`
			`fn key_mismatch() {`
			`let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();`
			`let test_client = set_up_test_consumer(&test_signer.address);`

			`let mut test_input = get_input_data_block(0xc137);`
			`test_input.public_key = MISMATCHED_PUBLIC_KEY.to_string();`

			`let signature = do_sign_request(&test_client, test_input);`

			`match signature.unwrap_err() {`
			`Error::ServerMessage(msg) => {`
			`assert_eq!(msg, format!("Key mismatch: {}", MISMATCHED_PUBLIC_KEY))`
			`}`
			`e => panic!("{:?}", e),`
			`}`
			`}`
			`}`