Expore ASN utilities

connorwstein · connorwstein · commit 9ce4cbd0484b · 2026-01-12T16:58:16.000-05:00
diff --git a/keystore/kms/asn1.go b/keystore/kms/asn1.go
diff --git a/keystore/kms/asn1_test.go b/keystore/kms/asn1_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/ethereum/go-ethereum/crypto"
-	kmsinternal "github.com/smartcontractkit/chainlink-common/keystore/kms/internal"
+	kms "github.com/smartcontractkit/chainlink-common/keystore/kms"
 	"github.com/stretchr/testify/require"
 )
 
@@ -18,11 +18,11 @@ func TestSEC1ToASN1PublicKey(t *testing.T) {
 	require.Equal(t, byte(0x04), sec1PubKey[0])
 
 	// Convert to ASN.1
-	asn1PubKey, err := kmsinternal.SEC1ToASN1PublicKey(sec1PubKey)
+	asn1PubKey, err := kms.SEC1ToASN1PublicKey(sec1PubKey)
 	require.NoError(t, err)
 
 	// Convert back to SEC1
-	sec1PubKey2, err := kmsinternal.ASN1ToSEC1PublicKey(asn1PubKey)
+	sec1PubKey2, err := kms.ASN1ToSEC1PublicKey(asn1PubKey)
 	require.NoError(t, err)
 	require.Len(t, sec1PubKey2, 65)
 	require.Equal(t, byte(0x04), sec1PubKey2[0])
@@ -40,11 +40,11 @@ func TestASN1SignatureToSEC1Signature(t *testing.T) {
 	sig, err := crypto.Sign(hash[:], privateKey)
 	require.NoError(t, err)
 
-	asn1Sig, err := kmsinternal.SEC1ToASN1Sig(sig)
+	asn1Sig, err := kms.SEC1ToASN1Sig(sig)
 	require.NoError(t, err)
 
 	// We pass the expected SEC1 public key for verification.
-	sec1Sig, err := kmsinternal.ASN1ToSEC1Sig(asn1Sig, sec1PubKey, hash[:])
+	sec1Sig, err := kms.ASN1ToSEC1Sig(asn1Sig, sec1PubKey, hash[:])
 	require.NoError(t, err)
 	require.Len(t, sec1Sig, 65)
 	require.Equal(t, sig, sec1Sig)
diff --git a/keystore/kms/fake_client.go b/keystore/kms/fake_client.go
@@ -11,7 +11,7 @@ import (
 	"github.com/ethereum/go-ethereum/crypto"
 )
 
-type MockKMSClient struct {
+type FakeKMSClient struct {
 	keys      []Key
 	createdAt time.Time
 }
@@ -21,14 +21,14 @@ type Key struct {
 	KeyID      string
 }
 
-func NewMockKMSClient(keys []Key) (*MockKMSClient, error) {
-	return &MockKMSClient{
+func NewFakeKMSClient(keys []Key) (*FakeKMSClient, error) {
+	return &FakeKMSClient{
 		keys:      keys,
 		createdAt: time.Now(),
 	}, nil
 }
 
-func (m *MockKMSClient) GetPublicKey(input *kmslib.GetPublicKeyInput) (*kmslib.GetPublicKeyOutput, error) {
+func (m *FakeKMSClient) GetPublicKey(input *kmslib.GetPublicKeyInput) (*kmslib.GetPublicKeyOutput, error) {
 	for _, key := range m.keys {
 		if aws.StringValue(input.KeyId) == key.KeyID {
 			asn1PubKey, err := SEC1ToASN1PublicKey(crypto.FromECDSAPub(&key.PrivateKey.PublicKey))
@@ -44,7 +44,7 @@ func (m *MockKMSClient) GetPublicKey(input *kmslib.GetPublicKeyInput) (*kmslib.G
 	return nil, awserr.New(kmslib.ErrCodeNotFoundException, "key not found", errors.New("key not found"))
 }
 
-func (m *MockKMSClient) Sign(input *kmslib.SignInput) (*kmslib.SignOutput, error) {
+func (m *FakeKMSClient) Sign(input *kmslib.SignInput) (*kmslib.SignOutput, error) {
 	for _, key := range m.keys {
 		if aws.StringValue(input.KeyId) == key.KeyID {
 			sig, err := crypto.Sign(input.Message, key.PrivateKey)
@@ -65,7 +65,7 @@ func (m *MockKMSClient) Sign(input *kmslib.SignInput) (*kmslib.SignOutput, error
 }
 
 // DescribeKey returns metadata about the key.
-func (m *MockKMSClient) DescribeKey(input *kmslib.DescribeKeyInput) (*kmslib.DescribeKeyOutput, error) {
+func (m *FakeKMSClient) DescribeKey(input *kmslib.DescribeKeyInput) (*kmslib.DescribeKeyOutput, error) {
 	for _, key := range m.keys {
 		if aws.StringValue(input.KeyId) == key.KeyID {
 			return &kmslib.DescribeKeyOutput{
@@ -81,7 +81,7 @@ func (m *MockKMSClient) DescribeKey(input *kmslib.DescribeKeyInput) (*kmslib.Des
 }
 
 // ListKeys returns a list of key IDs.
-func (m *MockKMSClient) ListKeys(_ *kmslib.ListKeysInput) (*kmslib.ListKeysOutput, error) {
+func (m *FakeKMSClient) ListKeys(_ *kmslib.ListKeysInput) (*kmslib.ListKeysOutput, error) {
 	keys := make([]*kmslib.KeyListEntry, 0, len(m.keys))
 	for _, key := range m.keys {
 		keys = append(keys, &kmslib.KeyListEntry{
diff --git a/keystore/kms/keystore.go b/keystore/kms/keystore.go
@@ -8,7 +8,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	kmslib "github.com/aws/aws-sdk-go/service/kms"
 	"github.com/smartcontractkit/chainlink-common/keystore"
-	kms "github.com/smartcontractkit/chainlink-common/keystore/kms/internal"
 )
 
 type keystoreSignerReader struct {
@@ -77,7 +76,7 @@ func (k *keystoreSignerReader) GetKeys(ctx context.Context, req keystore.GetKeys
 		var publicKeyBytes []byte
 		switch keyType {
 		case keystore.ECDSA_S256:
-			publicKeyBytes, err = kms.ASN1ToSEC1PublicKey(key.PublicKey)
+			publicKeyBytes, err = ASN1ToSEC1PublicKey(key.PublicKey)
 			if err != nil {
 				return keystore.GetKeysResponse{}, fmt.Errorf("failed to convert public key for key %s: %w", keyID, err)
 			}
@@ -122,7 +121,7 @@ func (k *keystoreSignerReader) Sign(ctx context.Context, req keystore.SignReques
 		if len(req.Data) != 32 {
 			return keystore.SignResponse{}, fmt.Errorf("data must be 32 bytes for ECDSA_S256, got %d: %w", len(req.Data), keystore.ErrInvalidSignRequest)
 		}
-		pubKeyBytes, err := kms.ASN1ToSEC1PublicKey(key.PublicKey)
+		pubKeyBytes, err := ASN1ToSEC1PublicKey(key.PublicKey)
 		if err != nil {
 			return keystore.SignResponse{}, fmt.Errorf("failed to convert public key for KeyId=%s: %w", req.KeyName, err)
 		}
@@ -137,7 +136,7 @@ func (k *keystoreSignerReader) Sign(ctx context.Context, req keystore.SignReques
 		if err != nil {
 			return keystore.SignResponse{}, fmt.Errorf("failed to sign data: %w", err)
 		}
-		signature, err := kms.ASN1ToSEC1Sig(sig.Signature, pubKeyBytes, req.Data)
+		signature, err := ASN1ToSEC1Sig(sig.Signature, pubKeyBytes, req.Data)
 		if err != nil {
 			return keystore.SignResponse{}, fmt.Errorf("failed to convert KMS signature to SEC1 signature: %w", err)
 		}
diff --git a/keystore/kms/keystore_test.go b/keystore/kms/keystore_test.go
@@ -6,7 +6,6 @@ import (
 	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/smartcontractkit/chainlink-common/keystore"
 	kms "github.com/smartcontractkit/chainlink-common/keystore/kms"
-	kmsinternal "github.com/smartcontractkit/chainlink-common/keystore/kms/internal"
 	"github.com/stretchr/testify/require"
 )
 
@@ -16,18 +15,18 @@ func TestKMSKeystore(t *testing.T) {
 	require.NoError(t, err)
 	key2, err := crypto.GenerateKey()
 	require.NoError(t, err)
-	mockClient, err := kmsinternal.NewMockKMSClient([]kmsinternal.Key{
+	fakeClient, err := kms.NewFakeKMSClient([]kms.Key{
 		{
-			KeyID:      keyID,
 			PrivateKey: key,
+			KeyID:      keyID,
 		},
 		{
-			KeyID:      keyID2,
 			PrivateKey: key2,
+			KeyID:      keyID2,
 		},
 	})
 	require.NoError(t, err)
-	ks, err := kms.NewKeystore(mockClient)
+	ks, err := kms.NewKeystore(fakeClient)
 	require.NoError(t, err)
 	ctx := t.Context()
 

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@ import (`
`8`	`8`	`"github.com/aws/aws-sdk-go/aws"`
`9`	`9`	`kmslib "github.com/aws/aws-sdk-go/service/kms"`
`10`	`10`	`"github.com/smartcontractkit/chainlink-common/keystore"`
`11`		`- kms "github.com/smartcontractkit/chainlink-common/keystore/kms/internal"`
`12`	`11`	`)`
`13`	`12`
`14`	`13`	`type keystoreSignerReader struct {`
`@@ -77,7 +76,7 @@ func (k *keystoreSignerReader) GetKeys(ctx context.Context, req keystore.GetKeys`
`77`	`76`	`var publicKeyBytes []byte`
`78`	`77`	`switch keyType {`
`79`	`78`	`case keystore.ECDSA_S256:`
`80`		`- publicKeyBytes, err = kms.ASN1ToSEC1PublicKey(key.PublicKey)`
	`79`	`+ publicKeyBytes, err = ASN1ToSEC1PublicKey(key.PublicKey)`
`81`	`80`	`if err != nil {`
`82`	`81`	`return keystore.GetKeysResponse{}, fmt.Errorf("failed to convert public key for key %s: %w", keyID, err)`
`83`	`82`	`}`
`@@ -122,7 +121,7 @@ func (k *keystoreSignerReader) Sign(ctx context.Context, req keystore.SignReques`
`122`	`121`	`if len(req.Data) != 32 {`
`123`	`122`	`return keystore.SignResponse{}, fmt.Errorf("data must be 32 bytes for ECDSA_S256, got %d: %w", len(req.Data), keystore.ErrInvalidSignRequest)`
`124`	`123`	`}`
`125`		`- pubKeyBytes, err := kms.ASN1ToSEC1PublicKey(key.PublicKey)`
	`124`	`+ pubKeyBytes, err := ASN1ToSEC1PublicKey(key.PublicKey)`
`126`	`125`	`if err != nil {`
`127`	`126`	`return keystore.SignResponse{}, fmt.Errorf("failed to convert public key for KeyId=%s: %w", req.KeyName, err)`
`128`	`127`	`}`
`@@ -137,7 +136,7 @@ func (k *keystoreSignerReader) Sign(ctx context.Context, req keystore.SignReques`
`137`	`136`	`if err != nil {`
`138`	`137`	`return keystore.SignResponse{}, fmt.Errorf("failed to sign data: %w", err)`
`139`	`138`	`}`
`140`		`- signature, err := kms.ASN1ToSEC1Sig(sig.Signature, pubKeyBytes, req.Data)`
	`139`	`+ signature, err := ASN1ToSEC1Sig(sig.Signature, pubKeyBytes, req.Data)`
`141`	`140`	`if err != nil {`
`142`	`141`	`return keystore.SignResponse{}, fmt.Errorf("failed to convert KMS signature to SEC1 signature: %w", err)`
`143`	`142`	`}`