syncing up to 450608a421b6f23153fa1c136a520aa79d1e197d

Co-authored-by: Carl Noel <[email protected]>

CHANGELOG.md

@@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added [`moment-timezone`](https://www.npmjs.com/package/moment-timezone) package to JavaScript worker
 - Bump superblocksteam/run dep to v0.0.6
 - Include signing algorithms with verification keys when registering agent
+- Include signing algorithm and public key in response from Sign endpoint (`/v1/signature/sign`)
 
 ## v1.15.1
 

cmd/orchestrator/main.go

@@ -694,7 +694,7 @@ func main() {
 		for keyId, publicKey := range registry.PublicKeys() {
 			verificationKeys[keyId] = clients.VerificationKey{
 				Algorithm: publicKey.Algorithm.String(),
-				Key:       publicKey.Key,
+				Key:       publicKey.EncodedValue,
 			}
 		}
 

internal/signature/reconciler/fakes_test.go

@@ -108,13 +108,17 @@ func (f *fakeServer) UpdateAppAsSignedResources(ctx context.Context, updates []*
 }
 
 type fakeSigner struct {
-	errSign error
-	keyId   string
+	errSign   error
+	keyId     string
+	algorithm pbutils.Signature_Algorithm
+	publicKey []byte
 }
 
 func newFakeSigner() *fakeSigner {
 	return &fakeSigner{
-		keyId: "fake-key-id",
+		keyId:     "fake-key-id",
+		algorithm: pbutils.Signature_ALGORITHM_ED25519,
+		publicKey: []byte("fake-public-key"),
 	}
 }
 
@@ -129,7 +133,15 @@ func (f *fakeSigner) SignAndUpdateResource(res *pbsecurity.Resource) error {
 	}
 
 	hash := sha256.Sum256(data)
-	return setSignature(res, &pbutils.Signature{KeyId: f.keyId, Data: hash[:]})
+	return setSignature(
+		res,
+		&pbutils.Signature{
+			KeyId:     f.keyId,
+			Algorithm: f.algorithm,
+			PublicKey: f.publicKey,
+			Data:      hash[:],
+		},
+	)
 }
 
 func (f *fakeSigner) SigningKeyID() string {

internal/signature/reconciler/signer/fakes_test.go

@@ -23,11 +23,15 @@ type fakeSignerManager struct {
 	errSign   error
 	errVerify error
 	keyId     string
+	algorithm pbutils.Signature_Algorithm
+	publicKey []byte
 }
 
 func newFakeSignerManager() *fakeSignerManager {
 	return &fakeSignerManager{
-		keyId: "fake-key-id",
+		keyId:     "fake-key-id",
+		algorithm: pbutils.Signature_ALGORITHM_ED25519,
+		publicKey: []byte("fake-public-key"),
 	}
 }
 
@@ -37,7 +41,15 @@ func (f *fakeSignerManager) SignAndUpdateResource(res *pbsecurity.Resource) erro
 	}
 
 	sig, _ := hash(res)
-	setSignature(res, &pbutils.Signature{KeyId: f.keyId, Data: sig})
+	setSignature(
+		res,
+		&pbutils.Signature{
+			KeyId:     f.keyId,
+			Algorithm: f.algorithm,
+			PublicKey: f.publicKey,
+			Data:      sig,
+		},
+	)
 
 	return nil
 }

internal/transport/grpc.go

@@ -907,10 +907,15 @@ func (s *server) Sign(_ context.Context, req *securityv1.SignRequest) (*security
 		return nil, err
 	}
 
+	signingKeyId := s.Signature.SigningKeyID()
+	publicKeys := s.Signature.PublicKeys()
+
 	return &securityv1.SignResponse{
 		Signature: &utilsv1.Signature{
-			KeyId: s.Signature.SigningKeyID(),
-			Data:  signature,
+			KeyId:     signingKeyId,
+			Algorithm: publicKeys[signingKeyId].Algorithm,
+			PublicKey: publicKeys[signingKeyId].Value,
+			Data:      signature,
 		},
 	}, nil
 }

pkg/crypto/signature/manager.go

@@ -26,8 +26,9 @@ type Key struct {
 }
 
 type PublicKey struct {
-	Algorithm pbutils.Signature_Algorithm
-	Key       string
+	Algorithm    pbutils.Signature_Algorithm
+	EncodedValue string
+	Value        []byte
 }
 
 type manager struct {
@@ -105,9 +106,11 @@ func (m *manager) SigningKeyID() string {
 func (m *manager) PublicKeys() map[string]PublicKey {
 	publicKeys := make(map[string]PublicKey, len(m.resourceSigners))
 	for keyId := range m.resourceSigners {
+		publicKeyValue := m.resourceSigners[keyId].PublicKey()
 		publicKeys[keyId] = PublicKey{
-			Algorithm: m.resourceSigners[keyId].Algorithm(),
-			Key:       base64.StdEncoding.EncodeToString(m.resourceSigners[keyId].PublicKey()),
+			Algorithm:    m.resourceSigners[keyId].Algorithm(),
+			EncodedValue: base64.StdEncoding.EncodeToString(publicKeyValue),
+			Value:        publicKeyValue,
 		}
 	}
 

pkg/crypto/signature/manager_test.go

@@ -168,8 +168,9 @@ func TestManagerPublicKeys(t *testing.T) {
 			},
 			expected: map[string]PublicKey{
 				"my_key": {
-					Algorithm: utilsv1.Signature_ALGORITHM_ED25519,
-					Key:       base64.StdEncoding.EncodeToString([]byte("public-key")),
+					Algorithm:    utilsv1.Signature_ALGORITHM_ED25519,
+					EncodedValue: base64.StdEncoding.EncodeToString([]byte("public-key")),
+					Value:        []byte("public-key"),
 				},
 			},
 		},
@@ -189,12 +190,14 @@ func TestManagerPublicKeys(t *testing.T) {
 			},
 			expected: map[string]PublicKey{
 				"my_key": {
-					Algorithm: utilsv1.Signature_ALGORITHM_ED25519,
-					Key:       base64.StdEncoding.EncodeToString([]byte("public-key")),
+					Algorithm:    utilsv1.Signature_ALGORITHM_ED25519,
+					EncodedValue: base64.StdEncoding.EncodeToString([]byte("public-key")),
+					Value:        []byte("public-key"),
 				},
 				"my_other_key": {
-					Algorithm: utilsv1.Signature_ALGORITHM_ED25519,
-					Key:       base64.StdEncoding.EncodeToString([]byte("public-key")),
+					Algorithm:    utilsv1.Signature_ALGORITHM_ED25519,
+					EncodedValue: base64.StdEncoding.EncodeToString([]byte("public-key")),
+					Value:        []byte("public-key"),
 				},
 			},
 		},

postman/collection.json

@@ -1,9 +1,9 @@
 {
 	"info": {
-		"_postman_id": "87cc2ed6-d1ee-4ad5-98c2-0607fb22c1e1",
+		"_postman_id": "ff2052f4-9acc-4efe-8b1c-e8616d464336",
 		"name": "collection.json - [HTTP] Superblocks Orchestrator",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
-		"_exporter_id": "25579613"
+		"_exporter_id": "28659047"
 	},
 	"item": [
 		{
@@ -11052,7 +11052,9 @@
 									"pm.test(\"assert response body\", () => {",
 									"    pm.expect(response.signature).to.be.eql({",
 									"        \"keyId\": \"example\",",
-									"        \"data\": \"BEMsI5gcmAOktVvUEqLshmr/TU5kZ9oQWbOCvOymN/2KzkHDirHVGMx7KGr7Ed7NRGXA73C2GFhOOhQkGM4kBA==\"",
+									"        \"data\": \"BEMsI5gcmAOktVvUEqLshmr/TU5kZ9oQWbOCvOymN/2KzkHDirHVGMx7KGr7Ed7NRGXA73C2GFhOOhQkGM4kBA==\",",
+									"        \"publicKey\": \"0MFxW/3YXAwA+IVm+6Na45SI0D+SUzBIElIG5MoOOD8=\",",
+									"        \"algorithm\": \"ALGORITHM_ED25519\"",
 									"    });",
 									"});",
 									"",
@@ -11115,7 +11117,9 @@
 									"pm.test(\"assert response body\", () => {",
 									"    pm.expect(response.signature).to.be.eql({",
 									"        \"keyId\": \"example\",",
-									"        \"data\": \"3h9KjrpBwjlBtHH98HZwQY+UDCxxO9gtiQWdJOzFBi17fWT4uBXGfdT408BVsJRhCCeQs1eoeh85453pCIw8Dw==\"",
+									"        \"data\": \"3h9KjrpBwjlBtHH98HZwQY+UDCxxO9gtiQWdJOzFBi17fWT4uBXGfdT408BVsJRhCCeQs1eoeh85453pCIw8Dw==\",",
+									"        \"publicKey\": \"0MFxW/3YXAwA+IVm+6Na45SI0D+SUzBIElIG5MoOOD8=\",",
+									"        \"algorithm\": \"ALGORITHM_ED25519\"",
 									"    });",
 									"});",
 									"",
@@ -11178,7 +11182,9 @@
 									"pm.test(\"assert response body\", () => {",
 									"    pm.expect(response.signature).to.be.eql({",
 									"        \"keyId\": \"example\",",
-									"        \"data\": \"EqxPi3m6Fuoji9yfJv4T7uqc7TTEPpidf+h6w8EEsEGyk4jT91XzNDlMCqCd//bUkQW1hkQYLCJw5piUWq0VAw==\"",
+									"        \"data\": \"EqxPi3m6Fuoji9yfJv4T7uqc7TTEPpidf+h6w8EEsEGyk4jT91XzNDlMCqCd//bUkQW1hkQYLCJw5piUWq0VAw==\",",
+									"        \"publicKey\": \"0MFxW/3YXAwA+IVm+6Na45SI0D+SUzBIElIG5MoOOD8=\",",
+									"        \"algorithm\": \"ALGORITHM_ED25519\"",
 									"    });",
 									"});",
 									"",
@@ -11241,7 +11247,9 @@
 									"pm.test(\"assert response body\", () => {",
 									"    pm.expect(response.signature).to.be.eql({",
 									"        \"keyId\": \"example\",",
-									"        \"data\": \"nXVVPqMPIrdqPKvb1+ekRkOsT48LwEqJleN/QeRWSzcq59YSLmuVBN8nTSI2oMBkYhmHKXeZ5bNYEOBrvMCyCA==\"",
+									"        \"data\": \"nXVVPqMPIrdqPKvb1+ekRkOsT48LwEqJleN/QeRWSzcq59YSLmuVBN8nTSI2oMBkYhmHKXeZ5bNYEOBrvMCyCA==\",",
+									"        \"publicKey\": \"0MFxW/3YXAwA+IVm+6Na45SI0D+SUzBIElIG5MoOOD8=\",",
+									"        \"algorithm\": \"ALGORITHM_ED25519\"",
 									"    });",
 									"});",
 									"",