feat: add export pub key (#23)

* feat: add export pub key * feat: add test * fix: key id
trustbloc · Oct 1, 2024 · 8d9510c · 8d9510c
1 parent 91aa9f5
commit 8d9510c
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 3 deletions.
diff --git a/mock/wrapper/wrapper.go b/mock/wrapper/wrapper.go
@@ -15,6 +15,9 @@ import (
 // MockKMSCrypto mocks wrapper.KMSCrypto.
 type MockKMSCrypto struct {
 	CreateVal         *jwk.JWK
+	PubKeyBytes       []byte
+	PubKeyType        kms.KeyType
+	PubKeyErr         error
 	CreateRawKID      string
 	CreateRawVal      interface{}
 	CreateErr         error
@@ -35,6 +38,11 @@ func (m *MockKMSCrypto) Create(keyType kms.KeyType) (*jwk.JWK, error) {
 	return m.CreateVal, m.CreateErr
 }
 
+// ExportPubKeyBytes mock.
+func (m *MockKMSCrypto) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) {
+	return m.PubKeyBytes, m.PubKeyType, m.PubKeyErr
+}
+
 // CreateRaw mock.
 func (m *MockKMSCrypto) CreateRaw(keyType kms.KeyType) (string, interface{}, error) {
 	return m.CreateRawKID, m.CreateRawVal, m.CreateErr

diff --git a/wrapper/api/api.go b/wrapper/api/api.go
@@ -41,6 +41,7 @@ type KMSCryptoVerifier interface {
 // KeyCreator creates keypairs in the wrapped KMS, returning public keys in JWK format.
 type KeyCreator interface {
 	Create(keyType kmsapi.KeyType) (*jwk.JWK, error)
+	ExportPubKeyBytes(id string) ([]byte, kmsapi.KeyType, error)
 }
 
 // KMSCrypto provides wrapped kms and crypto operations.

diff --git a/wrapper/localsuite/creator.go b/wrapper/localsuite/creator.go
@@ -24,6 +24,10 @@ func (k *keyCreatorImpl) Create(keyType kms.KeyType) (*jwk.JWK, error) {
 	return createKey(k.kms, keyType)
 }
 
+func (k *keyCreatorImpl) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) {
+	return k.kms.ExportPubKeyBytes(id)
+}
+
 func (k *keyCreatorImpl) CreateRaw(keyType kms.KeyType) (string, interface{}, error) {
 	kid, pkBytes, err := k.kms.CreateAndExportPubKeyBytes(keyType)
 	if err != nil {

diff --git a/wrapper/localsuite/creator_test.go b/wrapper/localsuite/creator_test.go
@@ -12,17 +12,20 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+
 	mockkms "github.com/trustbloc/kms-go/mock/kms"
 	kmsapi "github.com/trustbloc/kms-go/spi/kms"
 )
 
+const (
+	keyID = "foo"
+)
+
 func TestKeyCreator(t *testing.T) {
 	t.Run("success", func(t *testing.T) {
 		keyBytes, _, err := ed25519.GenerateKey(rand.Reader)
 		require.NoError(t, err)
 
-		keyID := "foo"
-
 		creator := newKeyCreator(&mockkms.KeyManager{
 			CrAndExportPubKeyValue: keyBytes,
 			CrAndExportPubKeyID:    keyID,
@@ -40,6 +43,21 @@ func TestKeyCreator(t *testing.T) {
 		require.IsType(t, ed25519.PublicKey{}, pubRaw)
 	})
 
+	t.Run("success export", func(t *testing.T) {
+		keyBytes, _, err := ed25519.GenerateKey(rand.Reader)
+		require.NoError(t, err)
+
+		creator := newKeyCreator(&mockkms.KeyManager{
+			ExportPubKeyTypeValue:  kmsapi.ED25519Type,
+			ExportPubKeyBytesValue: keyBytes,
+		})
+
+		pubJWK, keyType, err := creator.ExportPubKeyBytes(keyID)
+		require.NoError(t, err)
+		require.EqualValues(t, kmsapi.ED25519Type, keyType)
+		require.NotNil(t, pubJWK)
+	})
+
 	t.Run("kms create err", func(t *testing.T) {
 		errExpected := errors.New("expected error")
 
@@ -59,7 +77,7 @@ func TestKeyCreator(t *testing.T) {
 
 	t.Run("kms exports invalid key value", func(t *testing.T) {
 		creator := newKeyCreator(&mockkms.KeyManager{
-			CrAndExportPubKeyValue: []byte("foo"),
+			CrAndExportPubKeyValue: []byte(keyID),
 		})
 
 		pubJWK, err := creator.Create(kmsapi.ECDSAP256DER)

diff --git a/wrapper/localsuite/params.go b/wrapper/localsuite/params.go
@@ -39,6 +39,7 @@ type keyHandleFetcher interface {
 
 type keyCreator interface {
 	CreateAndExportPubKeyBytes(kt kmsapi.KeyType, opts ...kmsapi.KeyOpts) (string, []byte, error)
+	ExportPubKeyBytes(id string) ([]byte, kmsapi.KeyType, error)
 }
 
 type keyManager interface {

diff --git a/wrapper/localsuite/wrapper.go b/wrapper/localsuite/wrapper.go
@@ -28,6 +28,10 @@ func (k *kmsCryptoImpl) Create(keyType kms.KeyType) (*jwk.JWK, error) {
 	return createKey(k.kms, keyType)
 }
 
+func (k *kmsCryptoImpl) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) {
+	return k.kms.ExportPubKeyBytes(id)
+}
+
 func (k *kmsCryptoImpl) Sign(msg []byte, pub *jwk.JWK) ([]byte, error) {
 	kh, err := k.kms.Get(pub.KeyID)
 	if err != nil {

diff --git a/wrapper/websuite/kmscrypto.go b/wrapper/websuite/kmscrypto.go
@@ -35,6 +35,10 @@ func (k *kmsCrypto) Create(keyType kms.KeyType) (*jwk.JWK, error) {
 	return pk, nil
 }
 
+func (k *kmsCrypto) ExportPubKeyBytes(id string) ([]byte, kms.KeyType, error) {
+	return k.km.ExportPubKeyBytes(id)
+}
+
 func (k *kmsCrypto) CreateRaw(keyType kms.KeyType) (string, interface{}, error) {
 	kid, pkBytes, err := k.km.CreateAndExportPubKeyBytes(keyType)
 	if err != nil {