@ledgerhq/ledger-key-ring-protocol 0.5.1-nightly.0

package/package.json

@@ -0,0 +1,91 @@
+{
+  "name": "@ledgerhq/ledger-key-ring-protocol",
+  "version": "0.5.1-nightly.0",
+  "description": "Ledger Key Ring Protocol layer",
+  "keywords": [
+    "Ledger"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/LedgerHQ/ledger-live.git"
+  },
+  "bugs": {
+    "url": "https://github.com/LedgerHQ/ledger-live/issues"
+  },
+  "homepage": "https://github.com/LedgerHQ/ledger-live/tree/develop/libs/ledger-key-ring-protocol",
+  "main": "lib/index.js",
+  "module": "lib-es/index.js",
+  "types": "lib/index.d.ts",
+  "typesVersions": {
+    "*": {
+      "*.json": [
+        "*.json"
+      ],
+      "*": [
+        "lib/*"
+      ],
+      "lib/*": [
+        "lib/*"
+      ],
+      "lib-es/*": [
+        "lib-es/*"
+      ]
+    }
+  },
+  "exports": {
+    "./lib/*": "./lib/*.js",
+    "./lib/*.js": "./lib/*.js",
+    "./lib-es/*": "./lib-es/*.js",
+    "./lib-es/*.js": "./lib-es/*.js",
+    "./*": {
+      "require": "./lib/*.js",
+      "default": "./lib-es/*.js"
+    },
+    "./*.js": {
+      "require": "./lib/*.js",
+      "default": "./lib-es/*.js"
+    },
+    ".": {
+      "require": "./lib/index.js",
+      "default": "./lib-es/index.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "license": "Apache-2.0",
+  "dependencies": {
+    "base64-js": "1",
+    "isomorphic-ws": "5",
+    "rxjs": "^7.8.1",
+    "ws": "8",
+    "@ledgerhq/errors": "6.19.1",
+    "@ledgerhq/hw-transport": "6.31.4",
+    "@ledgerhq/hw-transport-mocker": "6.29.4",
+    "@ledgerhq/hw-ledger-key-ring-protocol": "0.2.1-nightly.0",
+    "@ledgerhq/live-env": "2.4.1-nightly.0",
+    "@ledgerhq/live-network": "2.0.3-nightly.0",
+    "@ledgerhq/logs": "6.12.0",
+    "@ledgerhq/speculos-transport": "0.1.8-nightly.0",
+    "@ledgerhq/types-devices": "^6.25.3"
+  },
+  "devDependencies": {
+    "@types/jest": "^29.5.10",
+    "bip39": "^3.0.4",
+    "expect": "^27.5.1",
+    "jest": "^29.7.0",
+    "msw": "^2.2.13",
+    "ts-jest": "^29.1.1",
+    "ts-node": "^10.9.2"
+  },
+  "scripts": {
+    "clean": "rimraf lib lib-es",
+    "build": "tsc && tsc -m ES6 --outDir lib-es",
+    "prewatch": "pnpm build",
+    "watch": "tsc --watch",
+    "lint": "eslint ./src --no-error-on-unmatched-pattern --ext .ts,.tsx --cache",
+    "lint:fix": "pnpm lint --fix",
+    "typecheck": "tsc --noEmit",
+    "unimported": "unimported",
+    "test": "jest",
+    "e2e": "ts-node scripts/e2e.ts"
+  }
+}

package/scripts/README.md

@@ -0,0 +1,15 @@
+### Run end 2 end tests and generate missing integration tests
+
+the e2e script will run all end 2 end tests and record the APDUs, network calls and crypto randomness in order to replay them deterministically in integration tests.
+
+Just run the tests that miss snapshot mocks.
+
+```
+pnpm trustchain e2e
+```
+
+Run all the end2end tests regardless if there are snapshot generated.
+
+```
+RUN_EVEN_IF_SNAPSHOT_EXISTS=1 pnpm trustchain e2e
+```

package/scripts/e2e.ts

@@ -0,0 +1,57 @@
+/* eslint-disable no-console */
+import fsPromises from "fs/promises";
+import { listen } from "@ledgerhq/logs";
+import { recordTestTrustchainSdk } from "../tests/test-helpers/recordTrustchainSdkTests";
+import path from "path";
+import expect from "expect";
+
+// we force inject expect to allow us to have expect() code in the test-scenarios
+(global as any).expect = expect;
+
+const coinapps = process.env.COIN_APPS;
+if (!coinapps) {
+  throw new Error(
+    "COIN_APPS env is required. it should be the path to the coinapps folder ( cloned from https://github.com/LedgerHQ/coin-apps )",
+  );
+}
+
+async function main() {
+  const scenarioFolder = path.join(__dirname, "../tests/scenarios");
+  const mockFolder = path.join(__dirname, "../mocks/scenarios");
+  const files = await fsPromises.readdir(scenarioFolder);
+
+  for (const file of files) {
+    if (file.endsWith(".ts") && !file.startsWith("_")) {
+      const slug = file.slice(0, -3);
+      const e2eFile = path.join(scenarioFolder, file);
+      const mod = await import(e2eFile);
+      const scenario = mod.scenario;
+      const snapshotFile = path.join(mockFolder, slug + ".json");
+      const snapshotFileExists = await exists(snapshotFile);
+      if (snapshotFileExists && !process.env.RUN_EVEN_IF_SNAPSHOT_EXISTS) {
+        continue;
+      }
+      console.log("RUNNING E2E ON TEST SCENARIO", slug);
+      // otherwise we always run the e2e but don't touch existing snapshots
+      await recordTestTrustchainSdk(snapshotFileExists ? null : snapshotFile, scenario, {
+        coinapps,
+        ...mod.recorderConfig,
+      });
+    }
+  }
+}
+
+main();
+
+function exists(file: string): Promise<boolean> {
+  return fsPromises.access(file).then(
+    () => true,
+    () => false,
+  );
+}
+
+if (process.env.VERBOSE) {
+  listen(log => {
+    console.log(log.type + ": " + log.message);
+  });
+}

package/src/HWDeviceProvider.ts

@@ -0,0 +1,105 @@
+import { from, lastValueFrom } from "rxjs";
+import { UserRefusedOnDevice } from "@ledgerhq/errors";
+import { ApduDevice } from "@ledgerhq/hw-ledger-key-ring-protocol/ApduDevice";
+import { StatusCodes, TransportStatusError } from "@ledgerhq/hw-transport";
+import { crypto, device } from "@ledgerhq/hw-ledger-key-ring-protocol";
+import getApi from "./api";
+import { genericWithJWT } from "./auth";
+import { AuthCachePolicy, JWT, TrustchainDeviceCallbacks, WithDevice } from "./types";
+import { TrustchainNotAllowed } from "./errors";
+
+export class HWDeviceProvider {
+  /**
+   * TODO withDevice should be imported statically from @ledgerhq/live-common/hw/deviceAccess
+   *
+   * but ATM making @ledgerhq/live-common a dependency of @ledgerhq/ledger-key-ring-protocol causes:
+   * > Turbo error: Invalid package dependency graph: cyclic dependency detected:
+   * >   @ledgerhq/ledger-key-ring-protocol,@ledgerhq/live-wallet,@ledgerhq/live-common
+   *
+   * Maybe hw/deviceAccess.ts and hw/index.ts could be moved to @ledgerhq/devices
+   * This would break the cyclic dependency as @ledgerhq/live-common would depend on @ledgerhq/devices
+   * but not the other way around.
+   */
+  private withDevice: WithDevice;
+  private jwt?: JWT;
+  private api: ReturnType<typeof getApi>;
+
+  constructor(apiBaseURL: string, withDevice: WithDevice) {
+    this.api = getApi(apiBaseURL);
+    this.withDevice = withDevice;
+  }
+
+  public withJwt<T>(
+    deviceId: string,
+    job: (jwt: JWT) => Promise<T>,
+    policy?: AuthCachePolicy,
+    callbacks?: TrustchainDeviceCallbacks,
+  ): Promise<T> {
+    return genericWithJWT(
+      jwt => {
+        this.jwt = jwt;
+        return job(jwt);
+      },
+      this.jwt,
+      () => this._authWithDevice(deviceId, callbacks),
+      (jwt: JWT) => this.api.refreshAuth(jwt),
+      policy,
+    );
+  }
+
+  public async withHw<T>(
+    deviceId: string,
+    job: (hw: ApduDevice) => Promise<T>,
+    callbacks?: TrustchainDeviceCallbacks,
+  ): Promise<T> {
+    callbacks?.onStartRequestUserInteraction?.();
+    const runWithDevice = this.withDevice(deviceId);
+    try {
+      return await lastValueFrom(runWithDevice(transport => from(job(device.apdu(transport)))));
+    } catch (error) {
+      if (!(error instanceof TransportStatusError)) {
+        throw error;
+      }
+      switch (error.statusCode) {
+        case StatusCodes.USER_REFUSED_ON_DEVICE:
+        case StatusCodes.CONDITIONS_OF_USE_NOT_SATISFIED:
+          throw new UserRefusedOnDevice();
+
+        case StatusCodes.TRUSTCHAIN_WRONG_SEED:
+          this.clearJwt();
+          throw new TrustchainNotAllowed();
+
+        default:
+          throw error;
+      }
+    } finally {
+      callbacks?.onEndRequestUserInteraction?.();
+    }
+  }
+
+  public async refreshJwt(deviceId: string, callbacks?: TrustchainDeviceCallbacks): Promise<void> {
+    this.jwt = await this.withJwt(deviceId, this.api.refreshAuth, "cache", callbacks);
+  }
+
+  public clearJwt() {
+    this.jwt = undefined;
+  }
+
+  private async _authWithDevice(
+    deviceId: string,
+    callbacks?: TrustchainDeviceCallbacks,
+  ): Promise<JWT> {
+    const challenge = await this.api.getAuthenticationChallenge();
+    const data = crypto.from_hex(challenge.tlv);
+    const seedId = await this.withHw(deviceId, hw => hw.getSeedId(data), callbacks);
+    const signature = crypto.to_hex(seedId.signature);
+    return this.api.postChallengeResponse({
+      challenge: challenge.json,
+      signature: {
+        credential: seedId.pubkeyCredential.toJSON(),
+        signature,
+        attestation: crypto.to_hex(seedId.attestationResult),
+      },
+    });
+  }
+}

package/src/__tests__/integration/mock.sdk.test.ts

@@ -0,0 +1,47 @@
+import path from "path";
+import fs from "fs";
+import { TransportReplayer } from "@ledgerhq/hw-transport-mocker/lib/openTransportReplayer";
+import { RecordStore } from "@ledgerhq/hw-transport-mocker";
+import { getEnv, setEnv } from "@ledgerhq/live-env";
+import { ScenarioOptions } from "../../../tests/test-helpers/types";
+import { getSdk } from "../..";
+import { WithDevice } from "../../types";
+
+setEnv("MOCK", "true");
+
+const nonMockableScenarios = [
+  "randomMemberTryToDestroy", // can't simulate seed<>trustchain relationship
+  "removeMemberWithTheWrongSeed", // can't simulate seed<>trustchain relationship
+  "tokenExpires", // can't simulate token expiration
+  "userRefusesAuth", // can't simulate device interaction at the moment
+  "userRefusesRemoveMember", // can't simulate device interaction at the moment
+];
+
+const scenarioFolder = path.join(__dirname, "../../../tests/scenarios");
+fs.readdirSync(scenarioFolder).forEach(file => {
+  if (file.endsWith(".ts") && !file.startsWith("_")) {
+    const slug = file.slice(0, -3);
+    if (nonMockableScenarios.includes(slug)) return;
+    const e2eFile = path.join(scenarioFolder, file);
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    const mod = require(e2eFile);
+    test(slug, async () => {
+      const scenario = mod.scenario;
+      const transport = new TransportReplayer(new RecordStore());
+      const device = { id: "", transport };
+      const withDevice: WithDevice = () => fn => fn(device.transport);
+      const options: ScenarioOptions = {
+        withDevice,
+        sdkForName: name =>
+          getSdk(
+            !!getEnv("MOCK"),
+            { applicationId: 16, name, apiBaseUrl: getEnv("TRUSTCHAIN_API_STAGING") },
+            withDevice,
+          ),
+        pauseRecorder: () => Promise.resolve(), // replayer don't need to pause
+        switchDeviceSeed: async () => device, // nothing to actually do, we will continue replaying
+      };
+      await scenario(device.id, options);
+    });
+  }
+});

package/src/__tests__/integration/sdk.test.ts

@@ -0,0 +1,20 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+import path from "path";
+import fs from "fs";
+import { replayTrustchainSdkTests } from "../../../tests/test-helpers/replayTrustchainSdkTests";
+
+const mockFolder = path.join(__dirname, "../../../mocks/scenarios");
+const scenarioFolder = path.join(__dirname, "../../../tests/scenarios");
+
+fs.readdirSync(mockFolder).forEach(file => {
+  if (!file.endsWith(".json")) return;
+
+  const slug = file.slice(0, -5);
+  const json = require(path.join(mockFolder, file));
+  const mod = require(path.join(scenarioFolder, slug + ".ts"));
+
+  test(slug, async () => {
+    const scenario = mod.scenario;
+    await replayTrustchainSdkTests(json, scenario);
+  });
+});

package/src/__tests__/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "compilerOptions": {
+      "noEmit": true,
+      "esModuleInterop": true,
+      "lib": ["es2020"],
+      "types": ["jest"]
+  }
+}

package/src/__tests__/unit/sdk.test.ts

@@ -0,0 +1,236 @@
+import { DefaultBodyType, http, HttpResponse, PathParams, StrictRequest } from "msw";
+import { setupServer } from "msw/node";
+import {
+  CommandBlock,
+  crypto,
+  Device,
+  Permissions,
+  SoftwareDevice,
+  StreamTree,
+} from "@ledgerhq/hw-ledger-key-ring-protocol";
+import { getEnv } from "@ledgerhq/live-env";
+import { PutCommandsRequest } from "../../api";
+import { HWDeviceProvider } from "../../HWDeviceProvider";
+import { convertLiveCredentialsToKeyPair, SDK } from "../../sdk";
+import { TrustchainResultType } from "../../types";
+
+describe("Trustchain SDK", () => {
+  // Setup API calls mocks
+  const apiMocks = {
+    getTrustchainsMock: jest.fn(),
+    getTrustchainByIdMock: jest.fn(),
+    getChalenge: jest.fn(),
+    postAuthenticate: jest.fn(),
+    postSeed: jest.fn<object, [StrictRequest<CommandBlock[]>]>(),
+    postDerivation: jest.fn<object, [StrictRequest<CommandBlock[]>]>(),
+    putCommands: jest.fn<object, [StrictRequest<PutCommandsRequest>]>(),
+  };
+  const mswServer = setupServer(
+    http.get("*/v1/trustchains", () => HttpResponse.json(apiMocks.getTrustchainsMock())),
+    http.get("*/v1/trustchain/ROOTID", () => HttpResponse.json(apiMocks.getTrustchainByIdMock())),
+    http.get("*/v1/challenge", () => HttpResponse.json(apiMocks.getChalenge())),
+    http.post("*/v1/authenticate", () => HttpResponse.json(apiMocks.postAuthenticate())),
+    http.post<PathParams, CommandBlock[]>("*/v1/seed", ({ request }) =>
+      HttpResponse.json(apiMocks.postSeed(request)),
+    ),
+    http.post<PathParams, CommandBlock[]>("*/v1/trustchain/ROOTID/derivation", ({ request }) =>
+      HttpResponse.json(apiMocks.postDerivation(request)),
+    ),
+    http.put<PathParams, PutCommandsRequest>("*/v1/trustchain/ROOTID/commands", ({ request }) =>
+      HttpResponse.json(apiMocks.putCommands(request)),
+    ),
+    http.all("*", () => HttpResponse.json({})),
+  );
+  mswServer.listen();
+
+  // Setup APDU device interactions mocks
+  const HWDeviceProviderMethodsMocks = {
+    withJwt: jest.fn(),
+    withHw: jest.fn(),
+    refreshJwt: jest.fn(),
+    clearJwt: jest.fn(),
+  } satisfies Partial<HWDeviceProvider>;
+  const hwDeviceProviderMock = HWDeviceProviderMethodsMocks as unknown as HWDeviceProvider;
+
+  afterAll(() => {
+    mswServer.close();
+  });
+
+  const apiBaseUrl = getEnv("TRUSTCHAIN_API_STAGING");
+  const sdkContext = { applicationId: 16, name: "alice", apiBaseUrl };
+
+  beforeEach(() => {
+    Object.values(apiMocks).forEach(mock => mock.mockClear());
+    Object.values(HWDeviceProviderMethodsMocks).forEach(mock => mock.mockClear());
+  });
+
+  it("encryptUserData + decryptUserData", async () => {
+    const sdk = new SDK(sdkContext, hwDeviceProviderMock);
+    const obj = new Uint8Array([1, 2, 3, 4, 5]);
+    const keypair = await crypto.randomKeypair();
+    const trustchain = {
+      rootId: "",
+      walletSyncEncryptionKey: crypto.to_hex(keypair.privateKey),
+      applicationPath: "m/0'/16'/0'",
+    };
+    const encrypted = await sdk.encryptUserData(trustchain, obj);
+    const decrypted = await sdk.decryptUserData(trustchain, encrypted);
+    expect(decrypted).toEqual(obj);
+  });
+
+  it("should create Trustchain", async () => {
+    const { alice } = MOCK_DATA.members;
+
+    // Mock trustchain states:
+    const device = new SoftwareDevice(convertLiveCredentialsToKeyPair(alice));
+    const initialTree = await createTrustChain(device);
+    const oneMemberTree = await addMember(device, "m/0'/16'/0'", "alice")(initialTree);
+
+    // Mock API calls:
+    apiMocks.getTrustchainsMock.mockReturnValueOnce({});
+    apiMocks.getTrustchainsMock.mockReturnValueOnce({ ROOTID: initialTree.serialize() });
+    apiMocks.getTrustchainByIdMock.mockReturnValue(initialTree.serialize());
+
+    // Mock APDU device interactions:
+    HWDeviceProviderMethodsMocks.withJwt.mockImplementation(async (deviceId, job) =>
+      job({ accessToken: "ACCESS TOKEN" }),
+    );
+    HWDeviceProviderMethodsMocks.withHw.mockResolvedValueOnce(initialTree);
+    HWDeviceProviderMethodsMocks.withHw.mockResolvedValueOnce(oneMemberTree);
+
+    // Run the test:
+    const sdk = new SDK(sdkContext, hwDeviceProviderMock);
+    const { type, trustchain } = await sdk.getOrCreateTrustchain("", alice);
+
+    // Check expectations:
+    expect(type).toBe(TrustchainResultType.created);
+    expect(trustchain).toEqual({
+      applicationPath: "m/0'/16'/0'",
+      rootId: "ROOTID",
+      walletSyncEncryptionKey: expect.stringMatching(/^[0-9a-f]{64}$/),
+    });
+
+    expect(await jsonRequestContent(apiMocks.postSeed)).toEqual([oneMemberTree.serialize()["m/"]]);
+    expect(await jsonRequestContent(apiMocks.postDerivation)).toEqual([
+      oneMemberTree.serialize()["m/0'/16'/0'"],
+    ]);
+    expect(apiMocks.putCommands).not.toHaveBeenCalled();
+
+    expect(HWDeviceProviderMethodsMocks.withJwt).toHaveBeenCalled();
+    expect(HWDeviceProviderMethodsMocks.withHw).toHaveBeenCalledTimes(2);
+  });
+
+  it("should remove a member from the Trustchain", async () => {
+    const { alice, bob, charlie } = MOCK_DATA.members;
+
+    // Mock trustchain states:
+    const device = new SoftwareDevice(convertLiveCredentialsToKeyPair(alice));
+    const closedStreamTree = await createTrustChain(device)
+      .then(addMember(device, "m/0'/16'/0'", "alice"))
+      .then(addMember(device, "m/0'/16'/0'", "bob"))
+      .then(addMember(device, "m/0'/16'/0'", "charlie"))
+      .then(tree => tree.close("m/0'/16'/0'", device));
+    const rmMembersTree = await addMember(device, "m/0'/16'/1'", "alice")(closedStreamTree);
+
+    // Mock API calls:
+    apiMocks.getTrustchainByIdMock.mockReturnValue(closedStreamTree.serialize());
+    apiMocks.getChalenge.mockReturnValue({ json: {}, tlv: MOCK_DATA.challengeTlv });
+    apiMocks.postAuthenticate.mockReturnValue({
+      accessToken: "BACKEND JWT",
+      permissions: { ROOTID: { "m/0'/16'/1'": ["owner"] } },
+    });
+
+    // Mock APDU device interactions:
+    HWDeviceProviderMethodsMocks.withJwt.mockImplementation(async (deviceId, job) =>
+      job({ accessToken: "ACCESS TOKEN" }),
+    );
+    HWDeviceProviderMethodsMocks.withHw.mockResolvedValueOnce(closedStreamTree);
+    HWDeviceProviderMethodsMocks.withHw.mockResolvedValueOnce(rmMembersTree);
+
+    // Mock the lifecycle callback:
+    const afterRotation = jest.fn();
+    const onTrustchainRotation = jest.fn();
+    onTrustchainRotation.mockResolvedValueOnce(afterRotation);
+
+    // Run the test:
+    const sdk = new SDK(sdkContext, hwDeviceProviderMock, { onTrustchainRotation });
+
+    const trustchain = {
+      applicationPath: "m/0'/16'/0'",
+      rootId: "ROOTID",
+      walletSyncEncryptionKey: "",
+    };
+    const memberToRemove = {
+      name: "bob",
+      id: bob.pubkey,
+      permissions: Permissions.OWNER,
+    };
+    const newTrustchain = await sdk.removeMember("", trustchain, alice, memberToRemove);
+
+    // Check expectations:
+    expect(newTrustchain).toEqual({
+      applicationPath: "m/0'/16'/1'",
+      rootId: "ROOTID",
+      walletSyncEncryptionKey: expect.stringMatching(/^[0-9a-f]{64}$/),
+    });
+
+    expect(await jsonRequestContent(apiMocks.postDerivation)).toEqual([
+      rmMembersTree.serialize()["m/0'/16'/1'"],
+    ]);
+
+    const putCommands = await jsonRequestContent(apiMocks.putCommands);
+    const closeBlock = putCommands.find(_ => _.path === "m/0'/16'/0'")?.blocks[0] ?? "";
+    const pushMemberBlock = putCommands.find(_ => _.path === "m/0'/16'/1'")?.blocks[0] ?? "";
+    expect(putCommands).toEqual([
+      { path: "m/0'/16'/1'", blocks: [pushMemberBlock] },
+      { path: "m/0'/16'/0'", blocks: [closeBlock] }, // The closed stream command is sent last
+    ]);
+    expect(closeBlock).toBe(closedStreamTree.serialize()["m/0'/16'/0'"].slice(-closeBlock.length));
+    expect(pushMemberBlock).not.toContain(bob.pubkey);
+    expect(pushMemberBlock).toContain(charlie.pubkey);
+
+    expect(HWDeviceProviderMethodsMocks.withJwt).toHaveBeenCalled();
+    expect(HWDeviceProviderMethodsMocks.withHw).toHaveBeenCalledTimes(2);
+    expect(HWDeviceProviderMethodsMocks.refreshJwt).toHaveBeenCalledTimes(1);
+
+    expect(onTrustchainRotation).toHaveBeenCalledWith(sdk, trustchain, alice);
+    expect(afterRotation).toHaveBeenCalledWith(newTrustchain);
+  });
+});
+
+const MOCK_DATA = {
+  members: {
+    alice: {
+      pubkey: "02e3311a12c450604725f02d1a775ef5cdb4a1b832eb41ac6b1302adbe92a612fc",
+      privatekey: "873f500bd20783224f7e78d4f8cce3d2bf69eb8008fbd697d20bbea31a721a03",
+    },
+    bob: {
+      pubkey: "034ac6813695b0d5e033a2a19061c83951e2241aad62ec8fa347a944831c07ea82",
+    },
+    charlie: {
+      pubkey: "03b4165cddf39e58f3a89682fdf1ccba213167084fecdbb3b86669d40d201df1cf",
+    },
+  },
+
+  challengeTlv:
+    "010107020100121053801a35c2e24b627d6e4925ce318980140101154630440220319b42a416512437e48d9c9bf204daea7da03d452c50a8caa4c2d152407ffd0c02201f121b0e99df1d30f4757b6a00b8d974d70996771893ac49c4a245c147cc1d8f160466a90248202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000",
+};
+
+function createTrustChain(device: Device): Promise<StreamTree> {
+  return StreamTree.createNewTree(device);
+}
+
+function addMember(
+  device: Device,
+  path: string,
+  name: keyof typeof MOCK_DATA.members,
+): (tree: StreamTree) => Promise<StreamTree> {
+  const memberId = crypto.from_hex(MOCK_DATA.members[name].pubkey);
+  return (tree: StreamTree) => tree.share(path, device, memberId, name, Permissions.OWNER);
+}
+
+function jsonRequestContent<T extends DefaultBodyType>(
+  mock: jest.Mock<object, [StrictRequest<T>]>,
+): Promise<T[]> {
+  return Promise.all(mock.mock.calls.map(([request]) => request.json()));
+}