From aa5815a5bcdb92190020e954afb256b065b099aa Mon Sep 17 00:00:00 2001 From: Yevgen Pukhta Date: Thu, 1 Sep 2022 12:45:15 +0300 Subject: [PATCH] BDD test cleanup - EDV Signed-off-by: Yevgen Pukhta Signed-off-by: Yevgen Pukhta --- cmd/kms-cli/createkeystore/createkeystore.go | 6 - test/bdd/bddtests_test.go | 2 +- test/bdd/features/kms_api.feature | 10 +- test/bdd/features/kms_crypto_box_api.feature | 10 +- test/bdd/features/kms_stress.feature | 29 +- test/bdd/fixtures/.env | 3 - test/bdd/fixtures/docker-compose.yml | 81 ------ test/bdd/go.mod | 1 - test/bdd/pkg/common/common_steps.go | 58 ---- test/bdd/pkg/context/context.go | 1 - test/bdd/pkg/internal/httputil/httputil.go | 14 - test/bdd/pkg/kms/auth_edv_steps.go | 269 ++---------------- test/bdd/pkg/kms/kms_steps.go | 89 +----- test/bdd/pkg/kms/models.go | 16 +- test/bdd/pkg/kms/stress_steps.go | 270 +------------------ test/bdd/pkg/kms/user.go | 7 +- test/bdd/pkg/kms/zcap.go | 141 +--------- 17 files changed, 64 insertions(+), 943 deletions(-) diff --git a/cmd/kms-cli/createkeystore/createkeystore.go b/cmd/kms-cli/createkeystore/createkeystore.go index b8d6b381..64921b5c 100644 --- a/cmd/kms-cli/createkeystore/createkeystore.go +++ b/cmd/kms-cli/createkeystore/createkeystore.go @@ -25,12 +25,6 @@ const ( type createKeystoreReq struct { Controller string `json:"controller"` - EDV *edvOptions `json:"edv"` -} - -type edvOptions struct { - VaultURL string `json:"vault_url"` - Capability []byte `json:"capability"` } type createKeyStoreResp struct { diff --git a/test/bdd/bddtests_test.go b/test/bdd/bddtests_test.go index ff7522be..3595271f 100644 --- a/test/bdd/bddtests_test.go +++ b/test/bdd/bddtests_test.go @@ -83,7 +83,7 @@ func runBDDTests(tags, format string) int { func initializeTestSuite(ctx *godog.TestSuiteContext) { var ( - dockerComposeUp = []string{"docker-compose", "-f", composeFilePath, "up", "--force-recreate", "-d"} + dockerComposeUp = []string{"docker-compose", "-f", composeFilePath, "up", "--force-recreate", "-d", "-V"} dockerComposeDown = []string{"docker-compose", "-f", composeFilePath, "down"} ) diff --git a/test/bdd/features/kms_api.feature b/test/bdd/features/kms_api.feature index cc2c9d1a..06769f0a 100644 --- a/test/bdd/features/kms_api.feature +++ b/test/bdd/features/kms_api.feature @@ -9,13 +9,11 @@ Feature: KMS and crypto operations Background: Given Key Server is running on "localhost" port "4466" - And AuthZ Key Server is running on "localhost" port "4455" And Hub Auth is running on "auth.trustbloc.local" port "8070" - And EDV is running on "localhost" port "8081" - And "Alice" wallet has stored secret on Hub Auth - And "Bob" wallet has stored secret on Hub Auth - And "Alice" has created a data vault on EDV for storing keys - And "Bob" has created a data vault on EDV for storing keys + And "Alice" has logged into auth server + And "Bob" has logged into auth server + And "Alice" has created a profile on auth server + And "Bob" has created a profile on auth server Scenario: User creates a key Given "Alice" has created an empty keystore on Key Server diff --git a/test/bdd/features/kms_crypto_box_api.feature b/test/bdd/features/kms_crypto_box_api.feature index 0f40d081..9060c909 100644 --- a/test/bdd/features/kms_crypto_box_api.feature +++ b/test/bdd/features/kms_crypto_box_api.feature @@ -9,13 +9,11 @@ Feature: KMS CryptoBox operations Background: Given Key Server is running on "localhost" port "4466" - And AuthZ Key Server is running on "localhost" port "4455" And Hub Auth is running on "auth.trustbloc.local" port "8070" - And EDV is running on "localhost" port "8081" - And "Alice" wallet has stored secret on Hub Auth - And "Bob" wallet has stored secret on Hub Auth - And "Alice" has created a data vault on EDV for storing keys - And "Bob" has created a data vault on EDV for storing keys + And "Alice" has logged into auth server + And "Bob" has logged into auth server + And "Alice" has created a profile on auth server + And "Bob" has created a profile on auth server Scenario: User A anonymously encrypts (wrap as "easy") a payload for User B, User B decrypts (unwrap as "easy open") it Given "Alice" has created a keystore with "ED25519" key on Key Server diff --git a/test/bdd/features/kms_stress.feature b/test/bdd/features/kms_stress.feature index 0ff78eab..840be077 100644 --- a/test/bdd/features/kms_stress.feature +++ b/test/bdd/features/kms_stress.feature @@ -12,32 +12,5 @@ Feature: KMS stress test @kms_stress_local Scenario: Stress test KMS methods with local storage When Create "USER_NUMS" users - And "USER_NUMS" users request to create a keystore on "LocalStorage" with "ED25519" key and sign 1 time using "KMS_STRESS_CONCURRENT_REQ" concurrent requests + And "USER_NUMS" users request to create a keystore on "LocalStorage" with "ED25519" key and sign 1 times using "KMS_STRESS_CONCURRENT_REQ" concurrent requests - @kms_stress_authz - Scenario: Stress test authz KMS methods - When AuthZ Key Server is running on "KMS_STRESS_AUTH_KMS_URL" env - And Hub Auth is running on "KMS_STRESS_HUB_AUTH_URL" env - And "John" login with "SUBJECT" and gets "ACCESS_TOKEN" and "SECRET_SHARE" env - And "USER_NUMS" requests to authz kms to create a keystore and a key for user "John" and sign using "KMS_STRESS_CONCURRENT_REQ" concurrent requests - - @kms_stress_ops_edv - Scenario: Stress test ops KMS methods with EDV storage - When AuthZ Key Server is running on "KMS_STRESS_AUTH_KMS_URL" env - And Hub Auth is running on "KMS_STRESS_HUB_AUTH_URL" env - And EDV is running on "KMS_STRESS_EDV_URL" env - And "John" login with "SUBJECT" and gets "ACCESS_TOKEN" and "SECRET_SHARE" env - And Create "USER_NUMS" users from prototype "John" - And "USER_NUMS" users has created a data vault on EDV for storing keys - And "USER_NUMS" users request to create a keystore on "EDV" with "ED25519" key and sign 110 times using "KMS_STRESS_CONCURRENT_REQ" concurrent requests - - - @kms_stress_ops_local - Scenario: Stress test ops KMS methods with EDV storage - When AuthZ Key Server is running on "KMS_STRESS_AUTH_KMS_URL" env - And Hub Auth is running on "KMS_STRESS_HUB_AUTH_URL" env - And EDV is running on "KMS_STRESS_EDV_URL" env - And "John" login with "SUBJECT" and gets "ACCESS_TOKEN" and "SECRET_SHARE" env - And Create "USER_NUMS" users from prototype "John" - And "USER_NUMS" users has created a data vault on EDV for storing keys - And "USER_NUMS" users request to create a keystore on "LocalStorage" with "ED25519" key and sign 110 times using "KMS_STRESS_CONCURRENT_REQ" concurrent requests diff --git a/test/bdd/fixtures/.env b/test/bdd/fixtures/.env index 717e0c03..b08b1ce0 100644 --- a/test/bdd/fixtures/.env +++ b/test/bdd/fixtures/.env @@ -17,9 +17,6 @@ MOCK_LOGIN_CONSENT_IMAGE=mockloginconsent SIDETREE_MOCK_IMAGE=ghcr.io/trustbloc-cicd/sidetree-mock SIDETREE_MOCK_IMAGE_TAG=0.7.0-snapshot-799d4d5 -EDV_REST_IMAGE=ghcr.io/trustbloc-cicd/edv -EDV_REST_IMAGE_TAG=0.1.9-snapshot-894c500 - MONGODB_IMAGE=mongo MONGODB_IMAGE_TAG=4.0.0 MONGODB_PORT=27017 diff --git a/test/bdd/fixtures/docker-compose.yml b/test/bdd/fixtures/docker-compose.yml index 71dabf5f..9b1b72f3 100644 --- a/test/bdd/fixtures/docker-compose.yml +++ b/test/bdd/fixtures/docker-compose.yml @@ -50,7 +50,6 @@ services: command: start depends_on: - mongodb.example.com - - edv.trustbloc.local networks: - bdd_net @@ -84,7 +83,6 @@ services: command: start depends_on: - mongodb.example.com - - edv.trustbloc.local networks: - bdd_net @@ -104,37 +102,6 @@ services: networks: - bdd_net - authz-kms.trustbloc.local: - container_name: authz-kms.trustbloc.local - image: ${KMS_SERVER_IMAGE}:latest - environment: - - KMS_HOST=0.0.0.0:8077 - - KMS_BASE_URL=https://authz-kms.trustbloc.local:8077 - - KMS_TLS_CACERTS=/etc/tls/ec-cacert.pem - - KMS_TLS_SERVE_CERT=/etc/tls/ec-pubCert.pem - - KMS_TLS_SERVE_KEY=/etc/tls/ec-key.pem - - KMS_DATABASE_TYPE=mongodb - - KMS_DATABASE_URL=mongodb://mongodb.example.com:27017 - - KMS_DATABASE_PREFIX=authzkms_ - - KMS_AUTH_SERVER_URL=https://auth.trustbloc.local:8070 - - KMS_AUTH_SERVER_TOKEN=test_token - - KMS_AUTH_DISABLE=true - - KMS_GNAP_HTTPSIG_DISABLE=false - - KMS_CACHE_ENABLE=true - - KMS_LOG_LEVEL=debug - - KMS_SECRET_LOCK_TYPE=local - - KMS_SECRET_LOCK_KEY_PATH=/etc/tls/secret-lock.key - ports: - - 8077:8077 - volumes: - - ./keys/tls:/etc/tls - command: start - depends_on: - - mongodb.example.com - - edv.trustbloc.local - networks: - - bdd_net - orb-kms.trustbloc.local: container_name: orb-kms.trustbloc.local image: ${KMS_SERVER_IMAGE}:latest @@ -165,27 +132,6 @@ services: command: start depends_on: - mongodb.example.com - - edv.trustbloc.local - networks: - - bdd_net - - oathkeeper-auth-keyserver.trustbloc.local: - container_name: oathkeeper-auth-keyserver.trustbloc.local - image: oryd/oathkeeper:v0.38.4-alpine - ports: - - 4455:4455 - command: /bin/sh -c "cp /etc/tls/ec-cacert.pem /usr/local/share/ca-certificates/;update-ca-certificates;oathkeeper serve proxy --config /oathkeeper/config.yaml" - user: root - entrypoint: "" - environment: - - LOG_LEVEL=debug - - PORT=4455 - - ISSUER_URL=https://oathkeeper-proxy.trustbloc.local - - SERVE_PROXY_TLS_KEY_PATH=/etc/tls/ec-key.pem - - SERVE_PROXY_TLS_CERT_PATH=/etc/tls/ec-pubCert.pem - volumes: - - ./oathkeeper-config/auth-keyserver:/oathkeeper - - ./keys/tls:/etc/tls networks: - bdd_net @@ -209,33 +155,6 @@ services: networks: - bdd_net - edv.trustbloc.local: - container_name: edv.trustbloc.local - image: ${EDV_REST_IMAGE}:${EDV_REST_IMAGE_TAG} - environment: - - EDV_HOST_URL=0.0.0.0:8081 - - EDV_TLS_CERT_FILE=/etc/tls/ec-pubCert.pem - - EDV_TLS_KEY_FILE=/etc/tls/ec-key.pem - - EDV_DATABASE_TYPE=mongodb - - EDV_DATABASE_URL=mongodb://mongodb.example.com:27017 - - EDV_DATABASE_PREFIX=edv_ - - EDV_LOCALKMS_SECRETS_DATABASE_TYPE=mongodb - - EDV_LOCALKMS_SECRETS_DATABASE_URL=mongodb://mongodb.example.com:27017 - - EDV_LOCALKMS_SECRETS_DATABASE_PREFIX=edv_kms_ - - EDV_EXTENSIONS=ReturnFullDocumentsOnQuery,Batch - - EDV_DATABASE_TIMEOUT=60 - - EDV_AUTH_ENABLE=true - - EDV_LOG_LEVEL=debug - ports: - - 8081:8081 - volumes: - - ./keys/tls:/etc/tls - command: start - depends_on: - - mongodb.example.com - networks: - - bdd_net - auth.trustbloc.local: container_name: auth.trustbloc.local image: ${AUTH_REST_IMAGE}:${AUTH_REST_IMAGE_TAG} diff --git a/test/bdd/go.mod b/test/bdd/go.mod index 3e9c7cfb..a7abc51d 100644 --- a/test/bdd/go.mod +++ b/test/bdd/go.mod @@ -25,7 +25,6 @@ require ( github.com/trustbloc/auth v0.1.9-0.20220721161924-5a7b16c4282f github.com/trustbloc/auth/spi/gnap v0.0.0-20220721161924-5a7b16c4282f github.com/trustbloc/edge-core v0.1.8 - github.com/trustbloc/edv v0.1.8 github.com/trustbloc/kms v0.1.9-0.20220526151939-d46e46e8f7e1 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 ) diff --git a/test/bdd/pkg/common/common_steps.go b/test/bdd/pkg/common/common_steps.go index 98e65b09..43a30b12 100644 --- a/test/bdd/pkg/common/common_steps.go +++ b/test/bdd/pkg/common/common_steps.go @@ -43,13 +43,9 @@ func (s *Steps) SetContext(ctx *context.BDDContext) { // RegisterSteps defines scenario steps. func (s *Steps) RegisterSteps(ctx *godog.ScenarioContext) { ctx.Step(`^Key Server is running on "([^"]*)" port "([^"]*)"$`, s.checkKeyServerIsRun) - ctx.Step(`^AuthZ Key Server is running on "([^"]*)" port "([^"]*)"$`, s.checkAuthzKeyServerIsRun) - ctx.Step(`^EDV is running on "([^"]*)" port "([^"]*)"$`, s.checkEDVServerIsRun) ctx.Step(`^Hub Auth is running on "([^"]*)" port "([^"]*)"$`, s.checkHubAuthIsRun) ctx.Step(`^Key Server is running on "([^"]*)" env$`, s.checkKeyServerIsRunEnv) - ctx.Step(`^AuthZ Key Server is running on "([^"]*)" env$`, s.checkAuthzKeyServerIsRunEnv) - ctx.Step(`^EDV is running on "([^"]*)" env$`, s.checkEDVServerIsRunEnv) ctx.Step(`^Hub Auth is running on "([^"]*)" env$`, s.checkHubAuthIsRunEnv) } @@ -64,28 +60,6 @@ func (s *Steps) checkKeyServerIsRun(host string, port int) error { return nil } -func (s *Steps) checkAuthzKeyServerIsRun(host string, port int) error { - url, err := s.healthCheck(host, port) - if err != nil { - return err - } - - s.bddContext.AuthZKeyServerURL = url - - return nil -} - -func (s *Steps) checkEDVServerIsRun(host string, port int) error { - url, err := s.healthCheck(host, port) - if err != nil { - return err - } - - s.bddContext.EDVServerURL = url - - return nil -} - func (s *Steps) checkHubAuthIsRun(host string, port int) error { url, err := s.healthCheck(host, port) if err != nil { @@ -114,38 +88,6 @@ func (s *Steps) checkKeyServerIsRunEnv(serverURLEnv string) error { return nil } -func (s *Steps) checkAuthzKeyServerIsRunEnv(serverURLEnv string) error { - url, err := getServerURL(serverURLEnv) - if err != nil { - return err - } - - err = s.healthCheckURL(url) - if err != nil { - return err - } - - s.bddContext.AuthZKeyServerURL = url - - return nil -} - -func (s *Steps) checkEDVServerIsRunEnv(serverURLEnv string) error { - url, err := getServerURL(serverURLEnv) - if err != nil { - return err - } - - err = s.healthCheckURL(url) - if err != nil { - return err - } - - s.bddContext.EDVServerURL = url - - return nil -} - func (s *Steps) checkHubAuthIsRunEnv(serverURLEnv string) error { url, err := getServerURL(serverURLEnv) if err != nil { diff --git a/test/bdd/pkg/context/context.go b/test/bdd/pkg/context/context.go index 1fb04ae1..a69e0381 100644 --- a/test/bdd/pkg/context/context.go +++ b/test/bdd/pkg/context/context.go @@ -25,7 +25,6 @@ import ( type BDDContext struct { KeyServerURL string AuthZKeyServerURL string - EDVServerURL string HubAuthURL string LoginConfig *auth.LoginConfig tlsConfig *tls.Config diff --git a/test/bdd/pkg/internal/httputil/httputil.go b/test/bdd/pkg/internal/httputil/httputil.go index 383a65fe..64a4a8f2 100644 --- a/test/bdd/pkg/internal/httputil/httputil.go +++ b/test/bdd/pkg/internal/httputil/httputil.go @@ -161,13 +161,6 @@ func WithBody(val []byte) Opt { } } -// WithBearerToken specifies an authorization bearer token. -func WithBearerToken(token string) Opt { - return func(o *options) { - o.bearerToken = token - } -} - // WithGNAPToken specifies an authorization GNAP token. func WithGNAPToken(token string) Opt { return func(o *options) { @@ -181,10 +174,3 @@ func WithSigner(signer requestSigner) Opt { o.signer = signer } } - -// WithParsedResponse specifies type to unmarshal response body. -func WithParsedResponse(r interface{}) Opt { - return func(o *options) { - o.parsedResponse = r - } -} diff --git a/test/bdd/pkg/kms/auth_edv_steps.go b/test/bdd/pkg/kms/auth_edv_steps.go index acae3da1..6565f131 100644 --- a/test/bdd/pkg/kms/auth_edv_steps.go +++ b/test/bdd/pkg/kms/auth_edv_steps.go @@ -7,40 +7,19 @@ SPDX-License-Identifier: Apache-2.0 package kms import ( - "encoding/base64" "fmt" - "net/http" - "strings" - + kmsapi "github.com/hyperledger/aries-framework-go/pkg/kms" "github.com/hyperledger/aries-framework-go/pkg/vdr/fingerprint" - "github.com/lafriks/go-shamir" - "github.com/rs/xid" - "github.com/trustbloc/edge-core/pkg/zcapld" - "github.com/trustbloc/edv/pkg/client" - "github.com/trustbloc/edv/pkg/restapi/models" "github.com/trustbloc/kms/test/bdd/pkg/auth" - "github.com/trustbloc/kms/test/bdd/pkg/internal/cryptoutil" -) - -const ( - edvBasePath = "/encrypted-data-vaults" - secretEndpoint = "/secret" ) -func (s *Steps) storeSecretInHubAuth(userName string) error { +func (s *Steps) loginIntoAuthServer(userName string) error { u := &user{ name: userName, } s.users[userName] = u - secretA, secretB, err := createSecretShares() - if err != nil { - return err - } - - u.secretShare = secretA - login := auth.NewAuthLogin(s.bddContext.LoginConfig, s.bddContext.TLSConfig()) loggedWallet, accessToken, err := login.WalletLogin() @@ -51,270 +30,66 @@ func (s *Steps) storeSecretInHubAuth(userName string) error { u.subject = loggedWallet.UserData.Sub u.accessToken = accessToken - r := setSecretRequest{ - Secret: secretB, - } - - request, err := u.preparePostRequest(r, s.bddContext.HubAuthURL+secretEndpoint) - if err != nil { - return err - } - - token := base64.StdEncoding.EncodeToString([]byte(accessToken)) - - request.Header.Set("authorization", fmt.Sprintf("Bearer %s", token)) - - response, err := s.httpClient.Do(request) - if err != nil { - return fmt.Errorf("http do: %w", err) - } - - defer func() { - closeErr := response.Body.Close() - if closeErr != nil { - s.logger.Errorf("Failed to close response body: %s\n", closeErr.Error()) - } - }() - - return u.processResponse(nil, response) -} - -func createSecretShares() ([]byte, []byte, error) { - const splitParts = 2 - - secrets, err := shamir.Split(cryptoutil.GenerateKey(), splitParts, splitParts) - if err != nil { - return nil, nil, err - } - - return secrets[0], secrets[1], nil + return nil } -func (s *Steps) createEDVDataVault(userName string) error { +func (s *Steps) createProfileOnAuthServer(userName string) error { u := s.users[userName] - authzUser := &user{ + authUser := &user{ name: userName, subject: u.subject, - secretShare: u.secretShare, accessToken: u.accessToken, } - config, err := s.prepareDataVaultConfig(authzUser) + c, err := s.prepareAuthConfig(authUser) if err != nil { return err } - c := client.New(s.bddContext.EDVServerURL+edvBasePath, client.WithHTTPClient(s.httpClient)) - - vaultURL, resp, err := c.CreateDataVault(config) - if err != nil { - return err - } - - edvCapability, err := zcapld.ParseCapability(resp) - if err != nil { - return err - } - - parts := strings.Split(vaultURL, "/") - - u.vaultID = parts[len(parts)-1] - u.controller = config.Controller - u.signer = newAuthzKMSSigner(s, authzUser) - u.edvCapability = edvCapability - - u.authKMS = &remoteKMS{ - keystoreID: u.keystoreID, - } + u.controller = c + u.signer = newZCapAuthUserSigner(s, authUser) - u.authCrypto = &remoteAuthCrypto{ - baseURL: s.bddContext.AuthZKeyServerURL, - httpClient: &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: s.bddContext.TLSConfig(), - }, - }, - user: u, - } + u.authKMS = s.bddContext.KeyManager + u.authCrypto = s.bddContext.Crypto return nil } -func (s *Steps) prepareDataVaultConfig(u *user) (*models.DataVaultConfiguration, error) { - err := s.createKeystoreAuthzKMS(u) - if err != nil { - return nil, fmt.Errorf("failed to create auth keystore: %w", err) - } - - if errCreate := s.makeCreateKeyReqAuthzKMS(u, - s.bddContext.AuthZKeyServerURL+keysEndpoint, "ED25519"); errCreate != nil { - return nil, fmt.Errorf("failed to create auth keystore key: %w", errCreate) +func (s *Steps) prepareAuthConfig(u *user) (string, error) { + if errCreate := s.createKeyOnAuthKMS(u, "ED25519"); errCreate != nil { + return "", fmt.Errorf("failed to create auth keystore key: %w", errCreate) } - if errExport := s.makeExportPubKeyReqAuthzKMS(u, - s.bddContext.AuthZKeyServerURL+exportKeyEndpoint); errExport != nil { - return nil, fmt.Errorf("failed to export authz keystore key: %w", errExport) + if errExport := s.exportPubKeyfromAuthKMS(u); errExport != nil { + return "", fmt.Errorf("failed to export authz keystore key: %w", errExport) } pkBytes := []byte(u.data["publicKey"]) _, didKey := fingerprint.CreateDIDKey(pkBytes) - return &models.DataVaultConfiguration{ - Sequence: 0, - Controller: didKey, - ReferenceID: xid.New().String(), - KEK: models.IDTypePair{ID: "https://example.com/kms/12345", Type: "AesKeyWrappingKey2019"}, - HMAC: models.IDTypePair{ID: "https://example.com/kms/67891", Type: "Sha256HmacKey2019"}, - }, nil -} - -func (s *Steps) createKeystoreAuthzKMS(u *user) error { - r := createKeystoreReq{ - Controller: u.name, - } - - request, err := u.preparePostRequest(r, s.bddContext.AuthZKeyServerURL+createKeystoreEndpoint) - if err != nil { - return err - } - - request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", u.accessToken)) - request.Header.Set("Secret-Share", base64.StdEncoding.EncodeToString(u.secretShare)) - - response, err := s.httpClient.Do(request) - if err != nil { - return fmt.Errorf("http do: %w", err) - } - - defer func() { - closeErr := response.Body.Close() - if closeErr != nil { - s.logger.Errorf("Failed to close response body: %s\n", closeErr.Error()) - } - }() - - var resp createKeyStoreResp - - err = u.processResponse(&resp, response) - if err != nil { - return fmt.Errorf("process response: %w", err) - } - - parts := strings.Split(resp.KeyStoreURL, "/") - - u.keystoreID = parts[len(parts)-1] - - return nil -} - -func (s *Steps) makeCreateKeyReqAuthzKMS(u *user, endpoint, keyType string) error { - r := createKeyReq{ - KeyType: keyType, - } - - request, err := u.preparePostRequest(r, endpoint) - if err != nil { - return err - } - - request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", u.accessToken)) - request.Header.Set("Secret-Share", base64.StdEncoding.EncodeToString(u.secretShare)) - - response, err := s.httpClient.Do(request) - if err != nil { - return fmt.Errorf("http do: %w", err) - } - - defer func() { - closeErr := response.Body.Close() - if closeErr != nil { - s.logger.Errorf("Failed to close response body: %s\n", closeErr.Error()) - } - }() - - var resp createKeyResp - - err = u.processResponse(&resp, response) - if err != nil { - return fmt.Errorf("process response: %w", err) - } - - parts := strings.Split(resp.KeyURL, "/") - - u.keyID = parts[len(parts)-1] - - return nil + return didKey, nil } -func (s *Steps) makeExportPubKeyReqAuthzKMS(u *user, endpoint string) error { - request, err := u.prepareGetRequest(endpoint) +func (s *Steps) createKeyOnAuthKMS(u *user, keyType string) error { + kid, _, err := s.bddContext.KeyManager.Create(kmsapi.KeyType(keyType)) if err != nil { return err } - - request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", u.accessToken)) - request.Header.Set("Secret-Share", base64.StdEncoding.EncodeToString(u.secretShare)) - - response, err := s.httpClient.Do(request) - if err != nil { - return fmt.Errorf("http do: %w", err) - } - - defer func() { - closeErr := response.Body.Close() - if closeErr != nil { - s.logger.Errorf("Failed to close response body: %s\n", closeErr.Error()) - } - }() - - var exportKeyResponse exportKeyResp - - if respErr := u.processResponse(&exportKeyResponse, response); respErr != nil { - return respErr - } - - u.data = map[string]string{ - "publicKey": string(exportKeyResponse.PublicKey), - } + u.keyID = kid return nil } -func (s *Steps) makeSignMessageReqAuthzKMS(u *user, endpoint string, message []byte) error { - r := signReq{ - Message: message, - } - - request, err := u.preparePostRequest(r, endpoint) +func (s *Steps) exportPubKeyfromAuthKMS(u *user) error { + bytes, _, err := s.bddContext.KeyManager.ExportPubKeyBytes(u.keyID) if err != nil { return err } - request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", u.accessToken)) - request.Header.Set("Secret-Share", base64.StdEncoding.EncodeToString(u.secretShare)) - - response, err := s.httpClient.Do(request) - if err != nil { - return fmt.Errorf("http do: %w", err) - } - - defer func() { - closeErr := response.Body.Close() - if closeErr != nil { - s.logger.Errorf("Failed to close response body: %s\n", closeErr.Error()) - } - }() - - var signResponse signResp - - if respErr := u.processResponse(&signResponse, response); respErr != nil { - return respErr - } - u.data = map[string]string{ - "signature": string(signResponse.Signature), + "publicKey": string(bytes), } return nil diff --git a/test/bdd/pkg/kms/kms_steps.go b/test/bdd/pkg/kms/kms_steps.go index ea8584b9..e295cd5e 100644 --- a/test/bdd/pkg/kms/kms_steps.go +++ b/test/bdd/pkg/kms/kms_steps.go @@ -8,7 +8,6 @@ package kms import ( "bytes" - "context" "crypto/ed25519" "crypto/rand" "crypto/tls" @@ -42,7 +41,6 @@ import ( const ( createKeystoreEndpoint = "/v1/keystores" - createDIDEndpoint = "/v1/keystores/did" keysEndpoint = "/v1/keystores/{keystoreID}/keys" exportKeyEndpoint = "/v1/keystores/{keystoreID}/keys/{keyID}/export" signEndpoint = "/v1/keystores/{keystoreID}/keys/{keyID}/sign" @@ -77,19 +75,14 @@ func (s *Steps) SetContext(ctx *bddcontext.BDDContext) { func (s *Steps) RegisterSteps(ctx *godog.ScenarioContext) { // common creation steps ctx.Step(`^Create "([^"]*)" users$`, s.createUsers) - ctx.Step(`^Create "([^"]*)" users from prototype "([^"]*)"$`, s.createUsersFromPrototype) - ctx.Step(`^"([^"]*)" login with "([^"]*)" and gets "([^"]*)" and "([^"]*)" env$`, s.stressTestLogin) - ctx.Step(`^"([^"]*)" wallet has stored secret on Hub Auth$`, s.storeSecretInHubAuth) - ctx.Step(`^"([^"]*)" has created a data vault on EDV for storing keys$`, s.createEDVDataVault) - ctx.Step(`^"([^"]*)" users has created a data vault on EDV for storing keys$`, s.createEDVDataVaultForMultipleUsers) + ctx.Step(`^"([^"]*)" has logged into auth server$`, s.loginIntoAuthServer) + ctx.Step(`^"([^"]*)" has created a profile on auth server$`, s.createProfileOnAuthServer) + ctx.Step(`^"([^"]*)" users has created a profile on auth server$`, s.createProfileOnAuthServerForMultipleUsers) ctx.Step(`^"([^"]*)" has created an empty keystore on Key Server$`, s.createKeystore) ctx.Step(`^"([^"]*)" has created a keystore with "([^"]*)" key on Key Server$`, s.createKeystoreAndKey) ctx.Step(`^"([^"]*)" users request to create a keystore on "([^"]*)" with "([^"]*)" key and sign ([^"]*) times using "([^"]*)" concurrent requests$`, //nolint:lll s.stressTestForMultipleUsers) - ctx.Step(`^"([^"]*)" requests to authz kms to create a keystore and a key for user "([^"]*)" and sign using "([^"]*)" concurrent requests$`, //nolint:lll - s.authStressTestForMultipleUsers) - // common response checking steps ctx.Step(`^"([^"]*)" gets a response with HTTP status "([^"]*)"$`, s.checkRespStatus) ctx.Step(`^"([^"]*)" gets a response with HTTP status "([^"]*)" for each request$`, s.checkMultiRespStatus) @@ -140,27 +133,12 @@ func (s *Steps) createKeystoreAndKey(user, keyType string) error { func (s *Steps) createKeystore(userName string) error { u := s.users[userName] - if err := s.createDID(u); err != nil { - return err - } - - edvCapability, err := s.createChainCapability(u) - if err != nil { - return err - } - - capabilityBytes, err := json.Marshal(edvCapability) - if err != nil { - return err - } + //if err := s.createDID(u); err != nil { + // return err + //} r := &createKeystoreReq{ Controller: u.controller, - EDV: &edvOptions{ - // TODO: replace hardcoded URL with the proper s.bddContext.EDVServerURL - VaultURL: "https://edv.trustbloc.local:8081" + edvBasePath + "/" + u.vaultID, - Capability: capabilityBytes, - }, } return s.createKeystoreReq(u, r, s.bddContext.KeyServerURL+createKeystoreEndpoint) @@ -210,59 +188,6 @@ func (s *Steps) createKeystoreReq(u *user, r *createKeystoreReq, endpoint string return nil } -func (s *Steps) createDID(u *user) error { - uri := buildURI(s.bddContext.KeyServerURL+createDIDEndpoint, u.keystoreID, u.keyID) - - request, err := http.NewRequestWithContext(context.Background(), http.MethodPost, uri, nil) - if err != nil { - return fmt.Errorf("create DID http request: %w", err) - } - - request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", u.accessToken)) - - response, err := s.httpClient.Do(request) - if err != nil { - return fmt.Errorf("http do: %w", err) - } - - defer func() { - closeErr := response.Body.Close() - if closeErr != nil { - s.logger.Errorf("Failed to close response body: %s\n", closeErr.Error()) - } - }() - - var resp createDIDResp - - if err := u.processResponse(&resp, response); err != nil { - return err - } - - u.edvDID = resp.DID - - return nil -} - -func (s *Steps) createChainCapability(u *user) (*zcapld.Capability, error) { - loader, err := createJSONLDDocumentLoader(mem.NewProvider()) - if err != nil { - return nil, fmt.Errorf("create document loader: %w", err) - } - - return zcapld.NewCapability( - &zcapld.Signer{ - SignatureSuite: ed25519signature2018.New(suite.WithSigner(u.signer)), - SuiteType: ed25519signature2018.SignatureType, - VerificationMethod: u.controller, - ProcessorOpts: []jsonld.ProcessorOpts{jsonld.WithDocumentLoader(loader)}, - }, - zcapld.WithParent(u.edvCapability.ID), - zcapld.WithInvoker(u.edvDID), - zcapld.WithAllowedActions("read", "write"), - zcapld.WithInvocationTarget(u.vaultID, edvResource), - zcapld.WithCapabilityChain(u.edvCapability.Parent, u.edvCapability.ID)) -} - func (s *Steps) makeCreateKeyReq(userName, endpoint, keyType string) error { u := s.users[userName] @@ -502,7 +427,7 @@ func (s *Steps) makeImportKeyReq(userName, endpoint, keyID string) error { KeyID: keyID, } - request, err := u.preparePutRequest(r, endpoint) + request, err := u.preparePutRequest(r, endpoint, keyID) if err != nil { return err } diff --git a/test/bdd/pkg/kms/models.go b/test/bdd/pkg/kms/models.go index 454d4713..4445f8de 100644 --- a/test/bdd/pkg/kms/models.go +++ b/test/bdd/pkg/kms/models.go @@ -11,18 +11,8 @@ import ( "github.com/hyperledger/aries-framework-go/pkg/kms" ) -type createDIDResp struct { - DID string `json:"did"` -} - type createKeystoreReq struct { - Controller string `json:"controller"` - EDV *edvOptions `json:"edv"` -} - -type edvOptions struct { - VaultURL string `json:"vault_url"` - Capability []byte `json:"capability"` + Controller string `json:"controller"` } type createKeyStoreResp struct { @@ -131,10 +121,6 @@ type unwrapResp struct { Key []byte `json:"key"` } -type setSecretRequest struct { - Secret []byte `json:"secret"` -} - type errorResponse struct { Message string `json:"errMessage,omitempty"` } diff --git a/test/bdd/pkg/kms/stress_steps.go b/test/bdd/pkg/kms/stress_steps.go index b8611250..e624f6e3 100644 --- a/test/bdd/pkg/kms/stress_steps.go +++ b/test/bdd/pkg/kms/stress_steps.go @@ -7,8 +7,6 @@ SPDX-License-Identifier: Apache-2.0 package kms import ( - "encoding/base64" - "encoding/json" "errors" "fmt" "math/rand" @@ -18,7 +16,6 @@ import ( "github.com/greenpau/go-calculator" - "github.com/trustbloc/kms/test/bdd/pkg/auth" "github.com/trustbloc/kms/test/bdd/pkg/internal/bddutil" ) @@ -51,69 +48,14 @@ func (s *Steps) createUsers(usersNumberEnv string) error { return nil } -func (s *Steps) createUsersFromPrototype(usersNumberEnv, protoUser string) error { - usersNumber, err := getUsersNumber(usersNumberEnv) - if err != nil { - return err - } - - proto := s.users[protoUser] - - for i := 0; i < usersNumber; i++ { - userName := fmt.Sprintf(userNameTplt, i) - - u := &user{ - name: proto.name, - subject: proto.subject, - accessToken: proto.accessToken, - secretShare: proto.secretShare, - } - s.users[userName] = u - - if err != nil { - return err - } - } - - return nil -} - -func (s *Steps) stressTestLogin(userName, subjectEnv, accessTokenEnv, secretShareEnv string) error { - s.bddContext.LoginConfig = readLoginConfigFromEnv() - - subject := os.Getenv(subjectEnv) - if subject == "" { - return s.storeSecretInHubAuth(userName) - } - - u := &user{ - name: userName, - } - s.users[userName] = u - - u.subject = subject - u.accessToken = os.Getenv(accessTokenEnv) - - fmt.Printf("user %s, %s, %s", u.subject, os.Getenv(secretShareEnv), u.accessToken) - - secretShare, err := base64.StdEncoding.DecodeString(os.Getenv(secretShareEnv)) - if err != nil { - return err - } - - u.secretShare = secretShare - - return nil -} - -func (s *Steps) createEDVDataVaultForMultipleUsers(usersNumberEnv string) error { +func (s *Steps) createProfileOnAuthServerForMultipleUsers(usersNumberEnv string) error { usersNumber, err := getUsersNumber(usersNumberEnv) if err != nil { return err } for i := 0; i < usersNumber; i++ { - err = s.createEDVDataVault(fmt.Sprintf(userNameTplt, i)) + err = s.createProfileOnAuthServer(fmt.Sprintf(userNameTplt, i)) if err != nil { return err } @@ -135,43 +77,10 @@ func (s *Steps) stressTestForMultipleUsers( return err } - if storeType != "EDV" && storeType != "LocalStorage" { + if storeType != "LocalStorage" { return errors.New("invalid store type:" + storeType) } - var edvCapabilities [][]byte - - if storeType == "EDV" { - for i := 0; i < totalRequests; i++ { - userName := fmt.Sprintf(userNameTplt, i) - - u := s.users[userName] - if err := s.createDID(u); err != nil { - return fmt.Errorf("create did %w", err) - } - } - - edvCapabilities = make([][]byte, 0) - - for i := 0; i < totalRequests; i++ { - userName := fmt.Sprintf(userNameTplt, i) - - u := s.users[userName] - - edvCapability, err := s.createChainCapability(u) - if err != nil { - return fmt.Errorf("create chain capability %w", err) - } - - capabilityBytes, err := json.Marshal(edvCapability) - if err != nil { - return err - } - - edvCapabilities = append(edvCapabilities, capabilityBytes) - } - } - fmt.Printf("totalRequests: %d, concurrencyReq: %d", totalRequests, concurrencyReq) createPool := bddutil.NewWorkerPool(concurrencyReq, s.logger) @@ -182,14 +91,10 @@ func (s *Steps) stressTestForMultipleUsers( r := &stressRequest{ userName: fmt.Sprintf(userNameTplt, i), keyServerURL: s.bddContext.KeyServerURL, - edvServerURL: s.bddContext.EDVServerURL, keyType: keyType, steps: s, signRequests: signTimes, } - if edvCapabilities != nil { - r.edvCapability = edvCapabilities[i] - } createPool.Submit(r) } @@ -264,93 +169,6 @@ func (s *Steps) stressTestForMultipleUsers( return nil } -//nolint:funlen -func (s *Steps) authStressTestForMultipleUsers(totalRequestsEnv, userName, concurrencyEnv string) error { - totalRequests, err := getUsersNumber(totalRequestsEnv) - if err != nil { - return err - } - - concurrencyReq, err := getConcurrencyReq(concurrencyEnv) - if err != nil { - return err - } - - fmt.Printf("totalRequests: %d, concurrencyReq: %d", totalRequests, concurrencyReq) - - createPool := bddutil.NewWorkerPool(concurrencyReq, s.logger) - - createPool.Start() - - for i := 0; i < totalRequests; i++ { - r := &authStressRequest{ - userName: userName, - steps: s, - } - createPool.Submit(r) - } - - createPool.Stop() - - s.logger.Infof("got created key store %d responses for %d requests", len(createPool.Responses()), totalRequests) - - if len(createPool.Responses()) != totalRequests { - return fmt.Errorf("expecting created key store %d responses but got %d", totalRequests, len(createPool.Responses())) - } - - var ( - createKeyStoreHTTPTime []int64 - createKeyHTTPTime []int64 - signHTTPTime []int64 - ) - - for _, resp := range createPool.Responses() { - if resp.Err != nil { - return resp.Err - } - - perfInfo, ok := resp.Resp.(stressRequestPerfInfo) - if !ok { - if !ok { - return fmt.Errorf("invalid stressRequestPerfInfo response") - } - } - - createKeyStoreHTTPTime = append(createKeyStoreHTTPTime, perfInfo.createKeyStoreHTTPTime) - createKeyHTTPTime = append(createKeyHTTPTime, perfInfo.createKeyHTTPTime) - signHTTPTime = append(signHTTPTime, perfInfo.signHTTPTime) - } - - calc := calculator.NewInt64(createKeyStoreHTTPTime) - fmt.Printf("create key store avg time: %s\n", (time.Duration(calc.Mean().Register.Mean) * - time.Millisecond).String()) - fmt.Printf("create key store max time: %s\n", (time.Duration(calc.Max().Register.MaxValue) * - time.Millisecond).String()) - fmt.Printf("create key store min time: %s\n", (time.Duration(calc.Min().Register.MinValue) * - time.Millisecond).String()) - fmt.Println("------") - - calc = calculator.NewInt64(createKeyHTTPTime) - fmt.Printf("create key avg time: %s\n", (time.Duration(calc.Mean().Register.Mean) * - time.Millisecond).String()) - fmt.Printf("create key max time: %s\n", (time.Duration(calc.Max().Register.MaxValue) * - time.Millisecond).String()) - fmt.Printf("create key min time: %s\n", (time.Duration(calc.Min().Register.MinValue) * - time.Millisecond).String()) - fmt.Println("------") - - calc = calculator.NewInt64(signHTTPTime) - fmt.Printf("sign avg time: %s\n", (time.Duration(calc.Mean().Register.Mean) * - time.Millisecond).String()) - fmt.Printf("sign max time: %s\n", (time.Duration(calc.Max().Register.MaxValue) * - time.Millisecond).String()) - fmt.Printf("sign min time: %s\n", (time.Duration(calc.Min().Register.MinValue) * - time.Millisecond).String()) - fmt.Println("------") - - return nil -} - func getConcurrencyReq(concurrencyEnv string) (int, error) { concurrencyReqStr := os.Getenv(concurrencyEnv) if concurrencyReqStr == "" { @@ -370,13 +188,11 @@ func getUsersNumber(usersNumberEnv string) (int, error) { } type stressRequest struct { - userName string - edvCapability []byte - edvServerURL string - keyServerURL string - keyType string - steps *Steps - signRequests int + userName string + keyServerURL string + keyType string + steps *Steps + signRequests int } type stressRequestPerfInfo struct { @@ -393,13 +209,6 @@ func (r *stressRequest) Invoke() (interface{}, error) { Controller: u.controller, } - if r.edvCapability != nil { - createReq.EDV = &edvOptions{ - VaultURL: r.edvServerURL + edvBasePath + "/" + u.vaultID, - Capability: r.edvCapability, - } - } - perfInfo := stressRequestPerfInfo{} startTime := time.Now() @@ -445,69 +254,6 @@ func (r *stressRequest) Invoke() (interface{}, error) { return perfInfo, nil } -type authStressRequest struct { - userName string - steps *Steps -} - -func (r *authStressRequest) Invoke() (interface{}, error) { - u := r.steps.users[r.userName] - - authzUser := &user{ - name: r.userName, - subject: u.subject, - secretShare: u.secretShare, - accessToken: u.accessToken, - } - - perfInfo := stressRequestPerfInfo{} - - startTime := time.Now() - - err := r.steps.createKeystoreAuthzKMS(authzUser) - if err != nil { - return nil, fmt.Errorf("failed to create auth keystore: %w", err) - } - - perfInfo.createKeyStoreHTTPTime = time.Since(startTime).Milliseconds() - - startTime = time.Now() - - err = r.steps.makeCreateKeyReqAuthzKMS(authzUser, r.steps.bddContext.AuthZKeyServerURL+keysEndpoint, "ED25519") - if err != nil { - return nil, fmt.Errorf("failed to create auth keystore key: %w", err) - } - - perfInfo.createKeyHTTPTime = time.Since(startTime).Milliseconds() - - message := randomMessage(1024) //nolint:gomnd - - startTime = time.Now() - - err = r.steps.makeSignMessageReqAuthzKMS(authzUser, r.steps.bddContext.AuthZKeyServerURL+signEndpoint, []byte(message)) - if err != nil { - return nil, err - } - - perfInfo.signHTTPTime = time.Since(startTime).Milliseconds() - - return perfInfo, nil -} - -func readLoginConfigFromEnv() *auth.LoginConfig { - return &auth.LoginConfig{ - HubAuthHydraAdminURL: os.Getenv("KMS_STRESS_HYDRA_ADMIN_URL"), - HubAuthOIDCProviderURL: os.Getenv("KMS_STRESS_OIDC_PROVIDER_URL"), - HubAuthOIDCProviderSelectionURL: os.Getenv("KMS_STRESS_OIDC_PROVIDER_SELECTION_URL"), - HubAuthSelectOIDCProviderURL: os.Getenv("KMS_STRESS_SELECT_OIDC_PROVIDER_URL"), - LoginURL: os.Getenv("KMS_STRESS_LOGIN_URL"), - AuthenticationURL: os.Getenv("KMS_STRESS_AUTHENTICATION_URL"), - ConsentURL: os.Getenv("KMS_STRESS_CONSENT_URL"), - AuthorizationURL: os.Getenv("KMS_STRESS_AUTHORIZATION_URL"), - OIDCProviderName: os.Getenv("KMS_STRESS_OIDC_PROVIDER_NAME"), - } -} - var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") //nolint:gochecknoglobals func randomMessage(n int) string { diff --git a/test/bdd/pkg/kms/user.go b/test/bdd/pkg/kms/user.go index 950279a8..ad6eb667 100644 --- a/test/bdd/pkg/kms/user.go +++ b/test/bdd/pkg/kms/user.go @@ -29,14 +29,12 @@ import ( type user struct { name string controller string - edvDID string keystoreID string keyID string vaultID string subject string - secretShare []byte recipientPubKeys map[string]*publicKeyData response *response @@ -46,7 +44,6 @@ type user struct { signer signer authKMS kms.KeyManager authCrypto crypto.Crypto - edvCapability *zcapld.Capability kmsCapability *zcapld.Capability disableZCAP bool accessToken string @@ -123,8 +120,8 @@ func (u *user) preparePostRequest(req interface{}, endpoint string) (*http.Reque return request, nil } -func (u *user) preparePutRequest(req interface{}, endpoint string) (*http.Request, error) { - uri := buildURI(endpoint, u.keystoreID, u.keyID) +func (u *user) preparePutRequest(req interface{}, endpoint string, keyID string) (*http.Request, error) { + uri := buildURI(endpoint, u.keystoreID, keyID) payload, err := json.Marshal(req) if err != nil { diff --git a/test/bdd/pkg/kms/zcap.go b/test/bdd/pkg/kms/zcap.go index 0899eb72..d9547cc1 100644 --- a/test/bdd/pkg/kms/zcap.go +++ b/test/bdd/pkg/kms/zcap.go @@ -6,18 +6,6 @@ SPDX-License-Identifier: Apache-2.0 package kms -import ( - "fmt" - "net/http" - - "github.com/hyperledger/aries-framework-go/pkg/crypto" - "github.com/hyperledger/aries-framework-go/pkg/kms" -) - -const ( - edvResource = "urn:edv:vault" -) - const ( actionCreateKey = "createKey" actionExportKey = "exportKey" @@ -39,133 +27,32 @@ type signer interface { Alg() string } -type authzKMSSigner struct { +type zCapAuthUserSigner struct { s *Steps authzUser *user } -func newAuthzKMSSigner(s *Steps, authzUser *user) *authzKMSSigner { - return &authzKMSSigner{s: s, authzUser: authzUser} +func newZCapAuthUserSigner(s *Steps, authzUser *user) *zCapAuthUserSigner { + return &zCapAuthUserSigner{s: s, authzUser: authzUser} } -func (a *authzKMSSigner) Sign(data []byte) ([]byte, error) { - uri := a.s.bddContext.AuthZKeyServerURL + signEndpoint - - if err := a.s.makeSignMessageReqAuthzKMS(a.authzUser, uri, data); err != nil { +func (a *zCapAuthUserSigner) Sign(data []byte) ([]byte, error) { + kh, err := a.s.bddContext.KeyManager.Get(a.authzUser.keyID) + if err != nil { return nil, err } - return []byte(a.authzUser.data["signature"]), nil -} - -func (a *authzKMSSigner) Alg() string { - return "" -} - -type remoteKMS struct { - keystoreID string -} - -func (r *remoteKMS) Create(kt kms.KeyType, opts ...kms.KeyOpts) (string, interface{}, error) { - panic("implement me") -} - -func (r *remoteKMS) Get(keyID string) (interface{}, error) { - return keyID, nil -} - -func (r *remoteKMS) Rotate(kt kms.KeyType, keyID string, opts ...kms.KeyOpts) (string, interface{}, error) { - panic("implement me") -} - -func (r *remoteKMS) ExportPubKeyBytes(keyID string) ([]byte, kms.KeyType, error) { - panic("implement me") -} - -func (r *remoteKMS) CreateAndExportPubKeyBytes(kt kms.KeyType, opts ...kms.KeyOpts) (string, []byte, error) { - panic("implement me") -} - -func (r *remoteKMS) PubKeyBytesToHandle(pubKey []byte, kt kms.KeyType, opts ...kms.KeyOpts) (interface{}, error) { - panic("implement me") -} - -func (r *remoteKMS) ImportPrivateKey( - privKey interface{}, kt kms.KeyType, opts ...kms.PrivateKeyOpts) (string, interface{}, error) { - panic("implement me") -} - -type remoteAuthCrypto struct { - baseURL string - httpClient *http.Client - user *user -} - -func (r *remoteAuthCrypto) Encrypt(msg, aad []byte, kh interface{}) ([]byte, []byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) Decrypt(cipher, aad, nonce []byte, kh interface{}) ([]byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) Sign(msg []byte, _ interface{}) ([]byte, error) { - sig, err := r.user.signer.Sign(msg) + s, err := a.s.bddContext.Crypto.Sign(data, kh) if err != nil { - return nil, fmt.Errorf("user's signer failed to sign: %w", err) + return nil, err + } + a.authzUser.data = map[string]string{ + "signature": string(s), } - return sig, nil -} - -func (r *remoteAuthCrypto) Verify(signature, msg []byte, kh interface{}) error { - panic("implement me") -} - -func (r *remoteAuthCrypto) ComputeMAC(data []byte, kh interface{}) ([]byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) VerifyMAC(mac, data []byte, kh interface{}) error { - panic("implement me") -} - -func (r *remoteAuthCrypto) WrapKey(cek, apu, apv []byte, - recPubKey *crypto.PublicKey, opts ...crypto.WrapKeyOpts) (*crypto.RecipientWrappedKey, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) UnwrapKey( - recWK *crypto.RecipientWrappedKey, kh interface{}, opts ...crypto.WrapKeyOpts) ([]byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) SignMulti(messages [][]byte, kh interface{}) ([]byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) VerifyMulti(messages [][]byte, signature []byte, kh interface{}) error { - panic("implement me") -} - -func (r *remoteAuthCrypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, kh interface{}) error { - panic("implement me") -} - -func (r *remoteAuthCrypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, - kh interface{}) ([]byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) { - panic("implement me") -} - -func (r *remoteAuthCrypto) GetCorrectnessProof(kh interface{}) ([]byte, error) { - panic("implement me") + return []byte(a.authzUser.data["signature"]), nil } -func (r *remoteAuthCrypto) SignWithSecrets(kh interface{}, values map[string]interface{}, secrets []byte, - correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) { - panic("implement me") +func (a *zCapAuthUserSigner) Alg() string { + return "" }