Merge pull request #337 from fqutishat/update

feat: add CreateAndExportPubKeyBytes func to aws
trustbloc · Sep 25, 2022 · 25df4d4 · 25df4d4
2 parents 1e53108 + 4d5bf09
commit 25df4d4
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/pkg/aws/service.go b/pkg/aws/service.go
@@ -182,12 +182,32 @@ func (s *Service) Create(kt arieskms.KeyType) (string, interface{}, error) {
 	return *result.KeyMetadata.KeyId, *result.KeyMetadata.KeyId, nil
 }
 
+// CreateAndExportPubKeyBytes create and export key.
+func (s *Service) CreateAndExportPubKeyBytes(kt arieskms.KeyType, opts ...arieskms.KeyOpts) (string, []byte, error) {
+	keyID, _, err := s.Create(kt)
+	if err != nil {
+		return "", nil, err
+	}
+
+	pubKeyBytes, _, err := s.ExportPubKeyBytes(keyID)
+	if err != nil {
+		return "", nil, err
+	}
+
+	return keyID, pubKeyBytes, nil
+}
+
 // ImportPrivateKey private key.
 func (s *Service) ImportPrivateKey(privKey interface{}, kt arieskms.KeyType,
 	opts ...arieskms.PrivateKeyOpts) (string, interface{}, error) {
 	return "", nil, fmt.Errorf("not implemented")
 }
 
+// SignMulti sign multi.
+func (s *Service) SignMulti(messages [][]byte, kh interface{}) ([]byte, error) {
+	return nil, fmt.Errorf("not implemented")
+}
+
 func getKeyID(keyURI string) (string, error) {
 	// keyURI must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'.
 	// See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

diff --git a/pkg/aws/service_test.go b/pkg/aws/service_test.go
@@ -187,6 +187,57 @@ func TestGet(t *testing.T) {
 	})
 }
 
+func TestCreateAndPubKeyBytes(t *testing.T) {
+	t.Run("success", func(t *testing.T) {
+		endpoint := localhost
+		awsSession, err := session.NewSession(&aws.Config{
+			Endpoint:                      &endpoint,
+			Region:                        aws.String("ca"),
+			CredentialsChainVerboseErrors: aws.Bool(true),
+		})
+		require.NoError(t, err)
+
+		keyID := "aws-kms://arn:aws:kms:ca-central-1:111122223333:key/800d5768-3fd7-4edd-a4b8-4c81c3e4c147"
+
+		svc := New(awsSession, &mockMetrics{}, "")
+
+		svc.client = &mockAWSClient{
+			getPublicKeyFunc: func(input *kms.GetPublicKeyInput) (*kms.GetPublicKeyOutput, error) {
+				signingAlgo := "ECDSA_SHA_256"
+
+				return &kms.GetPublicKeyOutput{
+					PublicKey:         []byte("publickey"),
+					SigningAlgorithms: []*string{&signingAlgo},
+				}, nil
+			},
+			createKeyFunc: func(input *kms.CreateKeyInput) (req *request.Request, output *kms.CreateKeyOutput) {
+				return nil, &kms.CreateKeyOutput{KeyMetadata: &kms.KeyMetadata{KeyId: &keyID}}
+			},
+		}
+
+		keyID, publicKey, err := svc.CreateAndExportPubKeyBytes(arieskms.ECDSAP256DER)
+		require.NoError(t, err)
+		require.Contains(t, string(publicKey), "publickey")
+		require.Contains(t, keyID, keyID)
+	})
+}
+
+func TestSignMulti(t *testing.T) {
+	endpoint := localhost
+	awsSession, err := session.NewSession(&aws.Config{
+		Endpoint:                      &endpoint,
+		Region:                        aws.String("ca"),
+		CredentialsChainVerboseErrors: aws.Bool(true),
+	})
+	require.NoError(t, err)
+
+	svc := New(awsSession, &mockMetrics{}, "")
+
+	_, err = svc.SignMulti(nil, nil)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "not implemented")
+}
+
 func TestPubKeyBytes(t *testing.T) {
 	t.Run("success", func(t *testing.T) {
 		endpoint := localhost