Merge pull request #1630 from 0chain/feature/kms-roles

Feature: KMS logic related to the usage of roles
0chain · Sep 27, 2024 · 4ba58f5 · 4ba58f5
2 parents a76d9e5 + 2480cab
commit 4ba58f5
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 61 deletions.
diff --git a/wasmsdk/auth_txn.go b/wasmsdk/auth_txn.go
@@ -43,13 +43,13 @@ func registerZauthServer(serverAddr string) {
 }
 
 // zvaultNewWallet generates new split wallet
-func zvaultNewWallet(serverAddr, token string) (string, error) {
-	return zcncore.CallZvaultNewWalletString(serverAddr, token, "")
+func zvaultNewWallet(serverAddr, token string, roles []string) (string, error) {
+	return zcncore.CallZvaultNewWalletString(serverAddr, token, "", nil)
 }
 
 // zvaultNewSplit generates new split wallet from existing clientID
-func zvaultNewSplit(clientID, serverAddr, token string) (string, error) {
-	return zcncore.CallZvaultNewWalletString(serverAddr, token, clientID)
+func zvaultNewSplit(clientID, serverAddr, token string, roles []string) (string, error) {
+	return zcncore.CallZvaultNewWalletString(serverAddr, token, clientID, roles)
 }
 
 func zvaultStoreKey(serverAddr, token, privateKey string) (string, error) {
@@ -92,7 +92,8 @@ func registerAuthCommon(this js.Value, args []js.Value) interface{} {
 }
 
 // authResponse Publishes the response to the authorization request.
-// 		`response` is the response to the authorization request.
+//
+//	`response` is the response to the authorization request.
 func authResponse(response string) {
 	authResponseC <- response
 }

diff --git a/wasmsdk/proxy.go b/wasmsdk/proxy.go
@@ -82,11 +82,7 @@ func main() {
 						return "", fmt.Errorf("failed to sign with split key: %v", err)
 					}
 
-					data, err := json.Marshal(struct {
-						Hash      string `json:"hash"`
-						Signature string `json:"signature"`
-						ClientID  string `json:"client_id"`
-					}{
+					data, err := json.Marshal(zcncore.AuthMessage{
 						Hash:      hash,
 						Signature: sig,
 						ClientID:  client.GetClient().ClientID,
@@ -383,11 +379,7 @@ func main() {
 						return "", fmt.Errorf("failed to sign with split key: %v", err)
 					}
 
-					data, err := json.Marshal(struct {
-						Hash      string `json:"hash"`
-						Signature string `json:"signature"`
-						ClientID  string `json:"client_id"`
-					}{
+					data, err := json.Marshal(zcncore.AuthMessage{
 						Hash:      hash,
 						Signature: sig,
 						ClientID:  client.GetClient().ClientID,

diff --git a/zcncore/zauth.go b/zcncore/zauth.go
@@ -15,13 +15,14 @@ import (
 // SplitWallet represents wallet info for split wallet
 // The client id and client key are the same as the primary wallet client id and client key
 type SplitWallet struct {
-	ClientID      string `json:"client_id"`
-	ClientKey     string `json:"client_key"`
-	PublicKey     string `json:"public_key"`
-	PrivateKey    string `json:"private_key"`
-	PeerPublicKey string `json:"peer_public_key"`
-	IsRevoked     bool   `json:"is_revoked"`
-	ExpiredAt     int64  `json:"expired_at"`
+	ClientID      string   `json:"client_id"`
+	ClientKey     string   `json:"client_key"`
+	PublicKey     string   `json:"public_key"`
+	PrivateKey    string   `json:"private_key"`
+	PeerPublicKey string   `json:"peer_public_key"`
+	Roles         []string `json:"roles"`
+	IsRevoked     bool     `json:"is_revoked"`
+	ExpiredAt     int64    `json:"expired_at"`
 }
 
 // CallZauthSetup calls the zauth setup endpoint
@@ -152,14 +153,31 @@ func CallZauthDelete(serverAddr, token, clientID string) error {
 	return nil
 }
 
-func CallZvaultNewWalletString(serverAddr, token, clientID string) (string, error) {
+type newWalletRequest struct {
+	Roles []string `json:"roles"`
+}
+
+func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []string) (string, error) {
 	// Add your code here
 	endpoint := serverAddr + "/generate"
 	if clientID != "" {
 		endpoint = endpoint + "/" + clientID
 	}
 
-	req, err := http.NewRequest("POST", endpoint, nil)
+	var body io.Reader
+
+	if roles != nil {
+		data, err := json.Marshal(newWalletRequest{
+			Roles: roles,
+		})
+		if err != nil {
+			return "", errors.Wrap(err, "failed to serialize request")
+		}
+
+		body = bytes.NewReader(data)
+	}
+
+	req, err := http.NewRequest("POST", endpoint, body)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to create HTTP request")
 	}
@@ -452,7 +470,6 @@ func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc {
 
 func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc {
 	return func(msg string) (string, error) {
-		// return func(msg string) (string, error) {
 		req, err := http.NewRequest("POST", serverAddr+"/sign/msg", bytes.NewBuffer([]byte(msg)))
 		if err != nil {
 			return "", errors.Wrap(err, "failed to create HTTP request")
@@ -496,39 +513,3 @@ type AuthMessage struct {
 type AuthResponse struct {
 	Sig string `json:"sig"`
 }
-
-func ZauthSignMsg(serverAddr string) sys.SignFunc {
-	return func(hash string, signatureScheme string, keys []sys.KeyPair) (string, error) {
-		sig, err := SignWithKey(keys[0].PrivateKey, hash)
-		if err != nil {
-			return "", err
-		}
-
-		data, err := json.Marshal(AuthMessage{
-			Hash:      hash,
-			Signature: sig,
-			ClientID:  client.GetClient().ClientID,
-		})
-		if err != nil {
-			return "", err
-		}
-
-		// fmt.Println("auth - sys.AuthCommon:", sys.AuthCommon)
-		if sys.AuthCommon == nil {
-			return "", errors.New("authCommon is not set")
-		}
-
-		rsp, err := sys.AuthCommon(string(data))
-		if err != nil {
-			return "", err
-		}
-
-		var ar AuthResponse
-		err = json.Unmarshal([]byte(rsp), &ar)
-		if err != nil {
-			return "", err
-		}
-
-		return AddSignature(client.GetClientPrivateKey(), ar.Sig, hash)
-	}
-}