diff --git a/mock/wrapper/wrapper.go b/mock/wrapper/wrapper.go index 058c7f0..4be0ac0 100644 --- a/mock/wrapper/wrapper.go +++ b/mock/wrapper/wrapper.go @@ -15,6 +15,9 @@ import ( // MockKMSCrypto mocks wrapper.KMSCrypto. type MockKMSCrypto struct { CreateVal *jwk.JWK + PubKeyBytes []byte + PubKeyType kms.KeyType + PubKeyErr error CreateRawKID string CreateRawVal interface{} CreateErr error @@ -35,6 +38,11 @@ func (m *MockKMSCrypto) Create(keyType kms.KeyType) (*jwk.JWK, error) { return m.CreateVal, m.CreateErr } +// ExportPubKeyBytes mock. +func (m *MockKMSCrypto) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) { + return m.PubKeyBytes, m.PubKeyType, m.PubKeyErr +} + // CreateRaw mock. func (m *MockKMSCrypto) CreateRaw(keyType kms.KeyType) (string, interface{}, error) { return m.CreateRawKID, m.CreateRawVal, m.CreateErr diff --git a/wrapper/api/api.go b/wrapper/api/api.go index 3018361..4020abb 100644 --- a/wrapper/api/api.go +++ b/wrapper/api/api.go @@ -41,6 +41,7 @@ type KMSCryptoVerifier interface { // KeyCreator creates keypairs in the wrapped KMS, returning public keys in JWK format. type KeyCreator interface { Create(keyType kmsapi.KeyType) (*jwk.JWK, error) + ExportPubKeyBytes(id string) ([]byte, kmsapi.KeyType, error) } // KMSCrypto provides wrapped kms and crypto operations. diff --git a/wrapper/localsuite/creator.go b/wrapper/localsuite/creator.go index 7a6179a..89da18f 100644 --- a/wrapper/localsuite/creator.go +++ b/wrapper/localsuite/creator.go @@ -24,6 +24,10 @@ func (k *keyCreatorImpl) Create(keyType kms.KeyType) (*jwk.JWK, error) { return createKey(k.kms, keyType) } +func (k *keyCreatorImpl) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) { + return k.kms.ExportPubKeyBytes(id) +} + func (k *keyCreatorImpl) CreateRaw(keyType kms.KeyType) (string, interface{}, error) { kid, pkBytes, err := k.kms.CreateAndExportPubKeyBytes(keyType) if err != nil { diff --git a/wrapper/localsuite/creator_test.go b/wrapper/localsuite/creator_test.go index 5496b34..1238db5 100644 --- a/wrapper/localsuite/creator_test.go +++ b/wrapper/localsuite/creator_test.go @@ -12,17 +12,20 @@ import ( "testing" "github.com/stretchr/testify/require" + mockkms "github.com/trustbloc/kms-go/mock/kms" kmsapi "github.com/trustbloc/kms-go/spi/kms" ) +const ( + keyID = "foo" +) + func TestKeyCreator(t *testing.T) { t.Run("success", func(t *testing.T) { keyBytes, _, err := ed25519.GenerateKey(rand.Reader) require.NoError(t, err) - keyID := "foo" - creator := newKeyCreator(&mockkms.KeyManager{ CrAndExportPubKeyValue: keyBytes, CrAndExportPubKeyID: keyID, @@ -40,6 +43,21 @@ func TestKeyCreator(t *testing.T) { require.IsType(t, ed25519.PublicKey{}, pubRaw) }) + t.Run("success export", func(t *testing.T) { + keyBytes, _, err := ed25519.GenerateKey(rand.Reader) + require.NoError(t, err) + + creator := newKeyCreator(&mockkms.KeyManager{ + ExportPubKeyTypeValue: kmsapi.ED25519Type, + ExportPubKeyBytesValue: keyBytes, + }) + + pubJWK, keyType, err := creator.ExportPubKeyBytes(keyID) + require.NoError(t, err) + require.EqualValues(t, kmsapi.ED25519Type, keyType) + require.NotNil(t, pubJWK) + }) + t.Run("kms create err", func(t *testing.T) { errExpected := errors.New("expected error") @@ -59,7 +77,7 @@ func TestKeyCreator(t *testing.T) { t.Run("kms exports invalid key value", func(t *testing.T) { creator := newKeyCreator(&mockkms.KeyManager{ - CrAndExportPubKeyValue: []byte("foo"), + CrAndExportPubKeyValue: []byte(keyID), }) pubJWK, err := creator.Create(kmsapi.ECDSAP256DER) diff --git a/wrapper/localsuite/params.go b/wrapper/localsuite/params.go index 4c9f007..f114096 100644 --- a/wrapper/localsuite/params.go +++ b/wrapper/localsuite/params.go @@ -39,6 +39,7 @@ type keyHandleFetcher interface { type keyCreator interface { CreateAndExportPubKeyBytes(kt kmsapi.KeyType, opts ...kmsapi.KeyOpts) (string, []byte, error) + ExportPubKeyBytes(id string) ([]byte, kmsapi.KeyType, error) } type keyManager interface { diff --git a/wrapper/localsuite/wrapper.go b/wrapper/localsuite/wrapper.go index 3ebb15a..bb72d0d 100644 --- a/wrapper/localsuite/wrapper.go +++ b/wrapper/localsuite/wrapper.go @@ -28,6 +28,10 @@ func (k *kmsCryptoImpl) Create(keyType kms.KeyType) (*jwk.JWK, error) { return createKey(k.kms, keyType) } +func (k *kmsCryptoImpl) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) { + return k.kms.ExportPubKeyBytes(id) +} + func (k *kmsCryptoImpl) Sign(msg []byte, pub *jwk.JWK) ([]byte, error) { kh, err := k.kms.Get(pub.KeyID) if err != nil { diff --git a/wrapper/websuite/kmscrypto.go b/wrapper/websuite/kmscrypto.go index c2e1ded..bf11ed6 100644 --- a/wrapper/websuite/kmscrypto.go +++ b/wrapper/websuite/kmscrypto.go @@ -35,6 +35,10 @@ func (k *kmsCrypto) Create(keyType kms.KeyType) (*jwk.JWK, error) { return pk, nil } +func (k *kmsCrypto) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) { + return k.km.ExportPubKeyBytes(id) +} + func (k *kmsCrypto) CreateRaw(keyType kms.KeyType) (string, interface{}, error) { kid, pkBytes, err := k.km.CreateAndExportPubKeyBytes(keyType) if err != nil {