Skip to content

Commit f1172a4

Browse files
enigbeenigbe
committed
fixup! Add jwt- and signature-based headers
pem file handling appropriate headers for vss store unit test add sig-based headers
1 parent c278ddb commit f1172a4

6 files changed

Lines changed: 81 additions & 33 deletions

File tree

.github/workflows/vss-integration.yml

Lines changed: 3 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
runs-on: ubuntu-latest
1212
strategy:
1313
matrix:
14-
authorizer: [noop, sigs, jwt]
14+
authorizer: [noop, sig, jwt]
1515

1616
services:
1717
postgres:
@@ -45,18 +45,7 @@ jobs:
4545
if [ "${{ matrix.authorizer }}" == "noop" ]; then
4646
RUSTFLAGS="--cfg noop_authorizer" cargo run --release --no-default-features server/vss-server-config.toml &
4747
elif [ "${{ matrix.authorizer }}" == "jwt" ]; then
48-
export VSS_JWT_RSA_PEM=$(cat <<'EOF'
49-
-----BEGIN PUBLIC KEY-----
50-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriGCSdXczZrnLX84/luB
51-
HiV4nPwOoJByTkuzB6gKjqjIOPWmXzo+suJJoVN/32peTnHCeNvfaIUpyazCsFqC
52-
+WB2A9WO+NhM/7a6YxE01egsI4S6LwlbVm2a44r1J2G9XxHhqEPKfgjjisjDN7P4
53-
kFZYc6qPOpGfX3GhhYs68pHEYpkgzrjd1fwFnAd33Crny0u+s+srDU8Iil/8JwVB
54-
LaHwCyFdYva3MhabpkRov/ZaPNHlXAtUxK8QNwuSBMCUNfFwmrTNh39sYuA9+SQy
55-
vNP9DGN7u0yYGKxaWk4bind5Z0kj8edXpyVBGjYF7lDb03SpBRJ9QEkYuSzWzSyo
56-
VwIDAQAB
57-
-----END PUBLIC KEY-----
58-
EOF
59-
)
48+
export VSS_JWT_RSA_PEM=$(cat ../../ldk-node/tests/fixtures/vss_jwt_rsa_pub.pem)
6049
cargo run --release server/vss-server-config.toml &
6150
else
6251
cargo run --release server/vss-server-config.toml &
@@ -66,6 +55,6 @@ EOF
6655
run: |
6756
cd ldk-node
6857
export TEST_VSS_BASE_URL="http://localhost:8080/vss"
69-
RUSTFLAGS="--cfg vss_test --cfg ${{ matrix.authorizer }}_auth_test" cargo test io::vss_store
58+
RUSTFLAGS="--cfg vss_test --cfg ${{ matrix.authorizer }}_auth_test" cargo test --features test_utils io::vss_store
7059
RUSTFLAGS="--cfg vss_test --cfg cycle_tests --cfg ${{ matrix.authorizer }}_auth_test" cargo test \
7160
--features test_utils --test integration_tests_vss

Cargo.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ panic = 'abort' # Abort on panic
2525

2626
[features]
2727
default = []
28-
test_utils = ["jsonwebtoken"]
28+
test_utils = ["jsonwebtoken", "secp256k1/global-context", "lightning/_test_utils"]
2929

3030
[dependencies]
3131
#lightning = { version = "0.2.0", features = ["std"] }
@@ -81,6 +81,7 @@ prost = { version = "0.11.6", default-features = false}
8181
#bitcoin-payment-instructions = { version = "0.6" }
8282
bitcoin-payment-instructions = { git = "https://github.com/tnull/bitcoin-payment-instructions", rev = "e4d519b95b26916dc6efa22f8f1cc11a818ce7a7" }
8383
jsonwebtoken = { version = "9.3.0", optional = true, default-features = false, features = ["use_pem"] }
84+
secp256k1 = { version = "0.31", optional = true, default-features = false, features = [ "global-context" ] }
8485

8586
[target.'cfg(windows)'.dependencies]
8687
winapi = { version = "0.3", features = ["winbase"] }
@@ -106,7 +107,6 @@ clightningrpc = { version = "0.3.0-beta.8", default-features = false }
106107
lnd_grpc_rust = { version = "2.10.0", default-features = false }
107108
tokio = { version = "1.37", features = ["fs"] }
108109

109-
110110
[build-dependencies]
111111
uniffi = { version = "0.28.3", features = ["build"], optional = true }
112112

src/io/test_utils.rs

Lines changed: 49 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,18 @@ use std::future::Future;
1212
use std::panic::RefUnwindSafe;
1313
use std::path::PathBuf;
1414
use std::sync::Mutex;
15+
16+
#[cfg(any(all(jwt_auth_test, feature = "test_utils"), sig_auth_test))]
1517
use std::time::SystemTime;
1618

19+
#[cfg(all(sig_auth_test, feature = "test_utils"))]
20+
use secp256k1::SecretKey;
21+
1722
#[cfg(all(jwt_auth_test, feature = "test_utils"))]
1823
use jsonwebtoken::{encode, Algorithm, EncodingKey, Header};
24+
#[cfg(all(jwt_auth_test, feature = "test_utils"))]
25+
use serde::{Deserialize, Serialize};
26+
1927
use lightning::events::ClosureReason;
2028
use lightning::ln::functional_test_utils::{
2129
check_added_monitors, check_closed_event, connect_block, create_announced_chan_between_nodes,
@@ -29,7 +37,6 @@ use lightning::util::test_utils;
2937
use lightning::{check_closed_broadcast, io};
3038
use rand::distr::Alphanumeric;
3139
use rand::{rng, Rng};
32-
use serde::{Deserialize, Serialize};
3340

3441
type TestMonitorUpdatePersister<'a, K> = MonitorUpdatingPersister<
3542
&'a K,
@@ -41,8 +48,8 @@ type TestMonitorUpdatePersister<'a, K> = MonitorUpdatingPersister<
4148
>;
4249

4350
const EXPECTED_UPDATES_PER_PAYMENT: u64 = 5;
44-
#[cfg(jwt_auth_test)]
45-
pub const VSS_PRIVATE_PEM: &str = r#"
51+
#[cfg(all(jwt_auth_test, feature = "test_utils"))]
52+
const VSS_PRIVATE_PEM: &str = r#"
4653
-----BEGIN PRIVATE KEY-----
4754
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCuIYJJ1dzNmuct
4855
fzj+W4EeJXic/A6gkHJOS7MHqAqOqMg49aZfOj6y4kmhU3/fal5OccJ4299ohSnJ
@@ -73,6 +80,10 @@ xrhmGsrdBu3nBkwwpCBps6KZ
7380
-----END PRIVATE KEY-----
7481
"#;
7582

83+
#[cfg(sig_auth_test)]
84+
const SIGNING_CONSTANT: &'static [u8] =
85+
b"VSS Signature Authorizer Signing Salt Constant..................";
86+
7687
pub struct InMemoryStore {
7788
persisted_bytes: Mutex<HashMap<String, HashMap<String, Vec<u8>>>>,
7889
}
@@ -388,7 +399,7 @@ pub(crate) fn do_test_store<K: KVStoreSync + Sync>(store_0: &K, store_1: &K) {
388399
check_persisted_data!(persister_0_max_pending_updates * 2 * EXPECTED_UPDATES_PER_PAYMENT + 1);
389400
}
390401

391-
#[cfg(jwt_auth_test)]
402+
#[cfg(all(jwt_auth_test, feature = "test_utils"))]
392403
#[derive(Serialize, Deserialize)]
393404
struct TestClaims {
394405
sub: String,
@@ -397,7 +408,7 @@ struct TestClaims {
397408
exp: i64,
398409
}
399410

400-
#[cfg(jwt_auth_test)]
411+
#[cfg(all(jwt_auth_test, feature = "test_utils"))]
401412
pub fn generate_test_jwt(private_pem: &str, user_id: &str) -> String {
402413
let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs() as i64;
403414

@@ -410,13 +421,38 @@ pub fn generate_test_jwt(private_pem: &str, user_id: &str) -> String {
410421
encode(&Header::new(Algorithm::RS256), &claims, &encoding_key).unwrap()
411422
}
412423

413-
/// Returns a hashmap of fixed headers.
424+
#[cfg(all(sig_auth_test, feature = "test_utils"))]
425+
fn build_auth_token(secret_key: &SecretKey) -> String {
426+
use bitcoin::hashes::sha256::Hash;
427+
use bitcoin::hashes::Hash as _;
428+
use std::time::UNIX_EPOCH;
429+
430+
use crate::hex_utils;
431+
432+
let secp = secp256k1::Secp256k1::new();
433+
let pubkey = secret_key.public_key(&secp);
434+
let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs();
435+
436+
let mut bytes_to_sign = Vec::new();
437+
bytes_to_sign.extend_from_slice(SIGNING_CONSTANT);
438+
bytes_to_sign.extend_from_slice(&pubkey.serialize());
439+
bytes_to_sign.extend_from_slice(format!("{now}").as_bytes());
440+
441+
let hash = Hash::hash(&bytes_to_sign);
442+
let sig = secret_key.sign_ecdsa(secp256k1::Message::from_digest(hash.to_byte_array()));
443+
444+
format!("{pubkey:x}{}{now}", hex_utils::to_string(&sig.serialize_compact()))
445+
}
446+
447+
/// Returns a hashmap of fixed headers, where, depending on configuration,
448+
/// corresponds to valid headers for no-op, signature-based, or jwt-based
449+
/// authorizers on vss-server.
414450
pub fn get_fixed_headers() -> HashMap<String, String> {
415451
#[cfg(noop_auth_test)]
416452
{
417453
return HashMap::new();
418454
}
419-
#[cfg(jwt_auth_test)]
455+
#[cfg(all(jwt_auth_test, feature = "test_utils"))]
420456
{
421457
let token = generate_test_jwt(VSS_PRIVATE_PEM, "test");
422458
let mut headers = HashMap::new();
@@ -426,9 +462,13 @@ pub fn get_fixed_headers() -> HashMap<String, String> {
426462

427463
#[cfg(sig_auth_test)]
428464
{
429-
todo!()
465+
let secret_key = SecretKey::from_byte_array([42; 32]).unwrap();
466+
let token = build_auth_token(&secret_key);
467+
let mut headers = HashMap::new();
468+
headers.insert("Authorization".to_string(), token);
469+
return headers;
430470
}
431471

432-
#[cfg(not(any(noop_auth_test, jwt_auth_test, sig_auth_test)))]
472+
#[cfg(not(any(noop_auth_test, all(jwt_auth_test, feature = "test_utils"), sig_auth_test)))]
433473
HashMap::new()
434474
}

src/io/vss_store.rs

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -969,7 +969,7 @@ mod tests {
969969
use vss_client::headers::FixedHeaders;
970970

971971
use super::*;
972-
use crate::io::test_utils::{do_read_write_remove_list_persist, get_header_provider};
972+
use crate::io::test_utils::{do_read_write_remove_list_persist, get_fixed_headers};
973973

974974
#[test]
975975
fn vss_read_write_remove_list_persist() {
@@ -978,9 +978,14 @@ mod tests {
978978
let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
979979
let mut vss_seed = [0u8; 32];
980980
rng.fill_bytes(&mut vss_seed);
981-
let header_provider = get_header_provider();
982-
let vss_store =
983-
VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap();
981+
let header_provider = get_fixed_headers();
982+
let vss_store = VssStore::new(
983+
vss_base_url,
984+
rand_store_id,
985+
vss_seed,
986+
Arc::new(FixedHeaders::new(header_provider)),
987+
)
988+
.unwrap();
984989
do_read_write_remove_list_persist(&vss_store);
985990
}
986991

@@ -991,9 +996,14 @@ mod tests {
991996
let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
992997
let mut vss_seed = [0u8; 32];
993998
rng.fill_bytes(&mut vss_seed);
994-
let header_provider = get_header_provider();
995-
let vss_store =
996-
VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap();
999+
let header_provider = get_fixed_headers();
1000+
let vss_store = VssStore::new(
1001+
vss_base_url,
1002+
rand_store_id,
1003+
vss_seed,
1004+
Arc::new(FixedHeaders::new(header_provider)),
1005+
)
1006+
.unwrap();
9971007

9981008
do_read_write_remove_list_persist(&vss_store);
9991009
drop(vss_store)

tests/fixtures/vss_jwt_rsa_pub.pem

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriGCSdXczZrnLX84/luB
3+
HiV4nPwOoJByTkuzB6gKjqjIOPWmXzo+suJJoVN/32peTnHCeNvfaIUpyazCsFqC
4+
+WB2A9WO+NhM/7a6YxE01egsI4S6LwlbVm2a44r1J2G9XxHhqEPKfgjjisjDN7P4
5+
kFZYc6qPOpGfX3GhhYs68pHEYpkgzrjd1fwFnAd33Crny0u+s+srDU8Iil/8JwVB
6+
LaHwCyFdYva3MhabpkRov/ZaPNHlXAtUxK8QNwuSBMCUNfFwmrTNh39sYuA9+SQy
7+
vNP9DGN7u0yYGKxaWk4bind5Z0kj8edXpyVBGjYF7lDb03SpBRJ9QEkYuSzWzSyo
8+
VwIDAQAB
9+
-----END PUBLIC KEY-----

tests/integration_tests_vss.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
// http://opensource.org/licenses/MIT>, at your option. You may not use this file except in
66
// accordance with one or both of these licenses.
77

8-
#![cfg(all(vss_test))]
8+
#![cfg(all(vss_test, feature = "test_utils"))]
99

1010
mod common;
1111

0 commit comments

Comments
 (0)