Add jwt- and signature-based headers

[WIP]

Author: enigbe

Cargo.toml

@@ -104,6 +104,9 @@ clightningrpc = { version = "0.3.0-beta.8", default-features = false }
 lnd_grpc_rust = { version = "2.10.0", default-features = false }
 tokio = { version = "1.37", features = ["fs"] }
 
+[target.'cfg(vss_test)'.dev-dependencies]
+jsonwebtoken = "10.3.0"
+
 [build-dependencies]
 uniffi = { version = "0.28.3", features = ["build"], optional = true }
 

src/io/test_utils.rs

@@ -10,7 +10,9 @@ use std::future::Future;
 use std::panic::RefUnwindSafe;
 use std::path::PathBuf;
 use std::sync::Mutex;
+use std::time::SystemTime;
 
+use jsonwebtoken::{encode, Algorithm, EncodingKey, Header};
 use lightning::events::ClosureReason;
 use lightning::ln::functional_test_utils::{
 	check_added_monitors, check_closed_event, connect_block, create_announced_chan_between_nodes,
@@ -24,6 +26,7 @@ use lightning::util::test_utils;
 use lightning::{check_closed_broadcast, io};
 use rand::distr::Alphanumeric;
 use rand::{rng, Rng};
+use serde::{Deserialize, Serialize};
 
 type TestMonitorUpdatePersister<'a, K> = MonitorUpdatingPersister<
 	&'a K,
@@ -350,3 +353,23 @@ pub(crate) fn do_test_store<K: KVStoreSync + Sync>(store_0: &K, store_1: &K) {
 	// Make sure everything is persisted as expected after close.
 	check_persisted_data!(persister_0_max_pending_updates * 2 * EXPECTED_UPDATES_PER_PAYMENT + 1);
 }
+
+#[derive(Serialize, Deserialize)]
+struct Claims {
+	sub: String,
+	iat: i64,
+	nbf: i64,
+	exp: i64,
+}
+
+pub fn generate_test_jwt(private_pem: &str, user_id: &str) -> String {
+	let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs() as i64;
+
+	let claims =
+		Claims { sub: user_id.to_owned(), iat: now, nbf: now, exp: now + (86400 * 365 * 10) };
+
+	let encoding_key =
+		EncodingKey::from_rsa_pem(private_pem.as_bytes()).expect("Failed to create EncodingKey");
+
+	encode(&Header::new(Algorithm::RS256), &claims, &encoding_key).unwrap()
+}

src/io/vss_store.rs

@@ -971,14 +971,69 @@ mod tests {
 	use super::*;
 	use crate::io::test_utils::do_read_write_remove_list_persist;
 
+	const VSS_PRIVATE_PEM: &str = r#"
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCuIYJJ1dzNmuct
+fzj+W4EeJXic/A6gkHJOS7MHqAqOqMg49aZfOj6y4kmhU3/fal5OccJ4299ohSnJ
+rMKwWoL5YHYD1Y742Ez/trpjETTV6CwjhLovCVtWbZrjivUnYb1fEeGoQ8p+COOK
+yMM3s/iQVlhzqo86kZ9fcaGFizrykcRimSDOuN3V/AWcB3fcKufLS76z6ysNTwiK
+X/wnBUEtofALIV1i9rcyFpumRGi/9lo80eVcC1TErxA3C5IEwJQ18XCatM2Hf2xi
+4D35JDK80/0MY3u7TJgYrFpaThuKd3lnSSPx51enJUEaNgXuUNvTdKkFEn1ASRi5
+LNbNLKhXAgMBAAECggEATokCcDaqjXjNxzFYDTBL/cK8sWDlX/mF9FYj+tIJYOoy
+063HSa/FU3zH5KD6TVN2ET8xjLzt+AAHJtRqQouwArVExNnuz8EOiU5qpf++qrM6
+JRLZvhkkPsjUUMf9ZbOpa1VvRyq8CzgLGC8QDPF4q/ClmBVW3/2JucxQIyD2hywE
+MDc8on3nEvCzMGSxUm2EIQn30iF8W2WZyNLk4RK+UUOUHGsFUN0PRfsHFQCAar0V
+ZnSxlJgDKETXGjkX8G+H+EyPd+oFH3QtZFTzxk6ghLEZV1vetqMI9WEFnMLKfmFW
+tBGYuGcq+72G5mlJqlnix69A93SJziymlS/QWgKrQQKBgQDki5E++NoUyslKMZca
+yYWokqxs6T0y15Cig7lDuRfcfDNDjbf9AkRpUZ0O9VESWhCiRG0NKUbHVlAlAb1h
+EbWPc2QCs+Tzt2uqeavohbVb9NMsEFSKgx8oUuIisAgUo9Xui+80A+7s54PoeqnT
+ULE7KYCbs5oMJjGwpuiolYFYpwKBgQDDDIsEyxdloE6MxpwRshYKzOWR0ADeKuIf
+kwEpF1ap5Ng0PdAvIfQS/aRpeb/Tx8Uv2+YMTwX2RyvgbMBFjJa3TEqagFcS4Chu
+tabLuyjMq9LlUQdsh4xqfGFF3vaT9coDpbzNvHcmLkK6gnrbnG6mG06xFybqBQ8I
+k8dPpnN40QKBgQDUBqc5RKUNpRQZQOhucYcOXQSaBchA4rvMCWhW6+C3LIJiqZeH
+ohLVomGS/wO3gtbrs494JlMDm4++xV5sL4HBE8w0tbAyanf4L+jMTz9xkDBZMM09
+s2e0gTBJ/gWBIH3YUPoZx4xhPGejxijHYpUJzfcCfBzuKIDw4ef2fr0BAQKBgEcB
+X/KExKW4cCALhXFjtWaFJOWqJUa7scnwyDFfT6tVpeeOwSUHZUUslRfYvJ6qUPyV
+PvAoLHF1g2GV9YDcJ1nfKiGIqyox9EYpVuk/3yBzRLk6gEtgJRv236qB+p3uknY1
+dcAn5fA+Uwh2y6b7EcTimAkb9oym/swOkDZM0CihAoGBAJ9W91zU9H5rMBwiWMKP
+ppReTRxxN8oJNk0Cirxr58YHQNXtGWkno316/SPJZzML29c8+QAoJ8uatwzaZzt9
+S6Cq2bYEyO7LPqs3SLRrK802QGvV7Y4P2rX4pjYOMM9qddOnT+qkVyyqVguazfDJ
+xrhmGsrdBu3nBkwwpCBps6KZ
+-----END PRIVATE KEY-----
+	"#;
+
+	fn get_header_provider() -> Arc<dyn VssHeaderProvider> {
+		#[cfg(noop_auth_test)]
+		{
+			return Arc::new(FixedHeaders::new(HashMap::new()));
+		}
+		#[cfg(jwt_auth_test)]
+		{
+			use crate::io::test_utils::generate_test_jwt;
+
+			let token = generate_test_jwt(VSS_PRIVATE_PEM, "test");
+			let mut headers = HashMap::new();
+			headers.insert("Authorization".to_string(), format!("Bearer {}", token));
+			return Arc::new(FixedHeaders::new(headers));
+		}
+
+		#[cfg(sig_auth_test)]
+		{
+			todo!()
+		}
+
+		#[cfg(not(any(noop_auth_test, jwt_auth_test, sig_auth_test)))]
+		Arc::new(FixedHeaders::new(HashMap::new()))
+	}
+
 	#[test]
 	fn vss_read_write_remove_list_persist() {
 		let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
 		let mut rng = rng();
 		let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 		let mut vss_seed = [0u8; 32];
 		rng.fill_bytes(&mut vss_seed);
-		let header_provider = Arc::new(FixedHeaders::new(HashMap::new()));
+		let header_provider = get_header_provider();
 		let vss_store =
 			VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap();
 		do_read_write_remove_list_persist(&vss_store);
@@ -991,7 +1046,7 @@ mod tests {
 		let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 		let mut vss_seed = [0u8; 32];
 		rng.fill_bytes(&mut vss_seed);
-		let header_provider = Arc::new(FixedHeaders::new(HashMap::new()));
+		let header_provider = get_header_provider();
 		let vss_store =
 			VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap();