Skip to content
This repository has been archived by the owner on Aug 25, 2023. It is now read-only.

Commit

Permalink
Merge pull request #320 from fqutishat/update
Browse files Browse the repository at this point in the history
chore: support aws create key
fqutishat authored Jul 15, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents 64f14ae + ceef274 commit 740622e
Showing 2 changed files with 73 additions and 1 deletion.
21 changes: 20 additions & 1 deletion pkg/aws/service.go
Original file line number Diff line number Diff line change
@@ -13,6 +13,7 @@ import (
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
arieskms "github.com/hyperledger/aries-framework-go/pkg/kms"
@@ -23,6 +24,7 @@ type awsClient interface {
GetPublicKey(input *kms.GetPublicKeyInput) (*kms.GetPublicKeyOutput, error)
Verify(input *kms.VerifyInput) (*kms.VerifyOutput, error)
DescribeKey(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error)
CreateKeyRequest(input *kms.CreateKeyInput) (req *request.Request, output *kms.CreateKeyOutput)
}

type metricsProvider interface {
@@ -160,7 +162,24 @@ func (s *Service) Verify(signature, msg []byte, kh interface{}) error {

// Create key.
func (s *Service) Create(kt arieskms.KeyType) (string, interface{}, error) {
return "", nil, fmt.Errorf("not implemented")
keyUsage := kms.KeyUsageTypeSignVerify

keySpec := ""

switch string(kt) {
case arieskms.ECDSAP256DER, arieskms.NISTP256ECDHKW:
keySpec = kms.KeySpecEccNistP256
case arieskms.ECDSAP384DER, arieskms.NISTP384ECDHKW:
keySpec = kms.KeySpecEccNistP384
case arieskms.ECDSAP521DER, arieskms.NISTP521ECDHKW:
keySpec = kms.KeySpecEccNistP521
default:
return "", nil, fmt.Errorf("key not supported %s", kt)
}

_, result := s.client.CreateKeyRequest(&kms.CreateKeyInput{KeySpec: &keySpec, KeyUsage: &keyUsage})

return *result.KeyMetadata.KeyId, *result.KeyMetadata.KeyId, nil
}

// ImportPrivateKey private key.
53 changes: 53 additions & 0 deletions pkg/aws/service_test.go
Original file line number Diff line number Diff line change
@@ -12,8 +12,10 @@ import (
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
arieskms "github.com/hyperledger/aries-framework-go/pkg/kms"
"github.com/stretchr/testify/require"
)

@@ -126,6 +128,47 @@ func TestHealthCheck(t *testing.T) {
})
}

func TestCreate(t *testing.T) {
t.Run("success", func(t *testing.T) {
endpoint := localhost
awsSession, err := session.NewSession(&aws.Config{
Endpoint: &endpoint,
Region: aws.String("ca"),
CredentialsChainVerboseErrors: aws.Bool(true),
})
require.NoError(t, err)

svc := New(awsSession, &mockMetrics{}, "")

keyID := "key1"

svc.client = &mockAWSClient{createKeyFunc: func(input *kms.CreateKeyInput) (req *request.Request,
output *kms.CreateKeyOutput) {
return nil, &kms.CreateKeyOutput{KeyMetadata: &kms.KeyMetadata{KeyId: &keyID}}
}}

result, _, err := svc.Create(arieskms.ECDSAP256DER)
require.NoError(t, err)
require.Contains(t, result, keyID)
})

t.Run("key not supported", func(t *testing.T) {
endpoint := localhost
awsSession, err := session.NewSession(&aws.Config{
Endpoint: &endpoint,
Region: aws.String("ca"),
CredentialsChainVerboseErrors: aws.Bool(true),
})
require.NoError(t, err)

svc := New(awsSession, &mockMetrics{}, "")

_, _, err = svc.Create(arieskms.ED25519)
require.Error(t, err)
require.Contains(t, err.Error(), "key not supported ED25519")
})
}

func TestGet(t *testing.T) {
t.Run("success", func(t *testing.T) {
endpoint := localhost
@@ -274,6 +317,7 @@ type mockAWSClient struct {
getPublicKeyFunc func(input *kms.GetPublicKeyInput) (*kms.GetPublicKeyOutput, error)
verifyFunc func(input *kms.VerifyInput) (*kms.VerifyOutput, error)
describeKeyFunc func(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error)
createKeyFunc func(input *kms.CreateKeyInput) (req *request.Request, output *kms.CreateKeyOutput)
}

func (m *mockAWSClient) Sign(input *kms.SignInput) (*kms.SignOutput, error) {
@@ -308,6 +352,15 @@ func (m *mockAWSClient) DescribeKey(input *kms.DescribeKeyInput) (*kms.DescribeK
return nil, nil
}

func (m *mockAWSClient) CreateKeyRequest(input *kms.CreateKeyInput) (req *request.Request,
output *kms.CreateKeyOutput) {
if m.createKeyFunc != nil {
return m.createKeyFunc(input)
}

return nil, nil
}

type mockMetrics struct{}

func (m *mockMetrics) SignCount() {

0 comments on commit 740622e

Please sign in to comment.