Feature/remote key manager

.vscode/launch.json

@@ -22,7 +22,7 @@
                 "jsdom-global/register",
                 "--allow-uncaught",
                 "--colors",
-                "--timeout 50000",
+                "--timeout 100000",
                 // "--reporter",
                 // "mocha-reporter",
                 "${workspaceFolder}/src/test/*.ts"
@@ -35,7 +35,7 @@
             "request": "attach",
             "port": 9229,
             "protocol": "inspector",
-            "timeout": 30000,
+            "timeout": 100000,
             "stopOnEntry": false
         }
     ]

.vscode/settings.json

@@ -6,7 +6,7 @@
     },
     "mochaExplorer.files": ["src/test/*.ts", "src/test/crux-messenger/*.ts", "src/test/integration-tests/crux-messenger/*.ts"],
     "mochaExplorer.require": ["ts-node/register", "mock-local-storage", "jsdom-global/register"],
-    "mochaExplorer.timeout": 50000,
+    "mochaExplorer.timeout": 100000,
     "testExplorer.codeLens": true,
     "testExplorer.gutterDecoration": true,
     "testExplorer.onStart": "reset",

package.json

@@ -9,13 +9,14 @@
     "test": "TS_NODE_PROJECT='./src/test/tsconfig.commonjs.json' TS_NODE_TRANSPILE_ONLY=true ./node_modules/.bin/mocha  --exit --require ts-node/register --require mock-local-storage --require jsdom-global/register --allow-uncaught --colors --reporter mocha-reporter --timeout 5000 src/test/*.ts src/test/crux-messenger/*.ts",
     "start-bridge-server": "node dist/crux-gateway-bridge-without-auth.js &",
     "stop-bridge-server": "pkill -- signal SIGINT crux-gateway-bridge-server-without-auth",
-    "integration-test": "TS_NODE_PROJECT='./src/test/tsconfig.commonjs.json' TS_NODE_TRANSPILE_ONLY=true ./node_modules/.bin/mocha --exit --require ts-node/register --require mock-local-storage --require jsdom-global/register --allow-uncaught --colors --reporter mocha-reporter --timeout 50000  src/test/integration-tests/crux-messenger/*.ts",
+    "integration-test": "TS_NODE_PROJECT='./src/test/tsconfig.commonjs.json' TS_NODE_TRANSPILE_ONLY=true ./node_modules/.bin/mocha --exit --require ts-node/register --require mock-local-storage --require jsdom-global/register --allow-uncaught --colors --reporter mocha-reporter --timeout 80000  src/test/integration-tests/crux-messenger/*.ts",
     "integration": "npm run build-crux-bridge-server-without-auth && npm run start-bridge-server && npm run integration-test && npm run stop-bridge-server",
     "copy-latest-docs": "cp -a docs/$npm_package_version/. docs/",
     "version-docs": "./node_modules/.bin/typedoc --out docs/$npm_package_version src/index.ts",
     "coverage": "./node_modules/.bin/nyc npm run test",
     "wallet_demo_legacy": "./node_modules/.bin/parcel src/samples/wallet_demo_legacy.html --https --no-cache",
-    "wallet_demo": "./node_modules/.bin/parcel src/samples/wallet_demo.html --no-cache",
+    "wallet_demo": "./node_modules/.bin/parcel src/samples/wallet_demo.html --no-cache &",
+    "remote-crux-settings": "npm run wallet_demo && ./node_modules/.bin/parcel src/samples/remote-crux-settings.html --no-cache",
     "onboarding_demo": "./node_modules/.bin/parcel src/samples/onboarding_demo.html --https --no-cache",
     "typecheck": "./node_modules/.bin/tsc --noEmit",
     "validate_lockfile": "./node_modules/.bin/lockfile-lint --type npm --path package-lock.json --allowed-hosts npm github.com --allowed-schemes \"https:\" \"git+https:\"",

src/application/clients/crux-gateway-bridge-config.json

@@ -3,7 +3,7 @@
         "BROKER_HOST": "127.0.0.1"
     },
     "PORTS": {
-        "BROKER_PORT": 1883,
+        "BROKER_PORT": 8000,
         "TCP_PORT": 4005
     }
 }

src/application/clients/crux-service-client.ts

@@ -0,0 +1,28 @@
+import { CruxProtocolMessenger, RemoteKeyManager} from "../../core/domain-services";
+import { keyManagementProtocol } from "../../infrastructure";
+import { CruxId, InMemStorage } from "../../packages/";
+import { CruxWalletClient } from "./crux-wallet-client";
+
+export class CruxServiceClient {
+    private selfIdClaim: any;
+    private cruxProtocolMessenger: any;
+
+    constructor(selfIdClaim: any, secureCruxNetwork: any, protocolSchema: any) {
+        this.selfIdClaim = selfIdClaim;
+        this.cruxProtocolMessenger = new CruxProtocolMessenger(secureCruxNetwork, protocolSchema);
+    }
+
+    public async getWalletClientForUser(remoteUserId: CruxId) {
+        await this.cruxProtocolMessenger.initialize();
+        const remoteKeyManager = new RemoteKeyManager(this.cruxProtocolMessenger, remoteUserId);
+
+        await remoteKeyManager.initialize();
+        return new CruxWalletClient({
+            cacheStorage: new InMemStorage(),
+            disableCruxMessenger: true,
+            // @ts-ignore
+            privateKey: remoteKeyManager,
+            walletClientName: remoteUserId.components.domain,
+        });
+    }
+}

src/application/clients/crux-wallet-client.ts

@@ -1,6 +1,6 @@
 // Importing packages
 import Logger from "js-logger";
-import {CruxProtocolMessenger, SecureCruxNetwork} from "../../core/domain-services";
+import {CruxProtocolMessenger, RemoteKeyHost, SecureCruxNetwork} from "../../core/domain-services";
 import {
     CruxDomain,
     CruxSpec,
@@ -26,6 +26,7 @@ import {
     CruxNetPubSubClientFactory, cruxPaymentProtocol,
     IBlockstackCruxDomainRepositoryOptions,
     IBlockstackCruxUserRepositoryOptions,
+    keyManagementProtocol,
 } from "../../infrastructure/implementations";
 import {CruxDomainId, CruxId, getLogger, InMemStorage, StorageService} from "../../packages";
 import {Encryption} from "../../packages/encryption";
@@ -79,6 +80,7 @@ export interface ICruxWalletClientOptions {
     cacheStorage?: StorageService;
     walletClientName: string;
     debugLogging?: boolean;
+    disableCruxMessenger?: boolean;
 }
 
 export interface ICruxIDState {
@@ -96,7 +98,7 @@ export const getCruxUserRepository = (options: IBlockstackCruxUserRepositoryOpti
 
 export const getPubsubClientFactory = (): IPubSubClientFactory => {
     return new CruxNetPubSubClientFactory({defaultLinkServer: {
-        host: "broker.hivemq.com",
+        host: "127.0.0.1",
         path: "/mqtt",
         port: 8000,
     }});
@@ -107,6 +109,7 @@ export class CruxWalletClient {
     public walletClientName: string;
     // TODO: make private
     public paymentProtocolMessenger?: CruxProtocolMessenger;
+    public keyManagerProtocolMessenger?: CruxProtocolMessenger;
     public secureCruxNetwork?: SecureCruxNetwork;
     private cruxBlockstackInfrastructure: ICruxBlockstackInfrastructure;
     private initPromise: Promise<void>;
@@ -119,6 +122,7 @@ export class CruxWalletClient {
     private resolvedClientAssetMapping?: IResolvedClientAssetMap;
     private cacheStorage?: StorageService;
     private selfCruxUser?: CruxUser;
+    private remoteKeyHost?: RemoteKeyHost;
 
     constructor(options: ICruxWalletClientOptions) {
         getLogger(cruxWalletClientDebugLoggerName).setLevel(options.debugLogging ? Logger.DEBUG : Logger.OFF);
@@ -136,7 +140,7 @@ export class CruxWalletClient {
         }
         this.cruxDomainRepo = getCruxDomainRepository({cacheStorage: this.cacheStorage, blockstackInfrastructure: this.cruxBlockstackInfrastructure});
         this.cruxDomainId = new CruxDomainId(this.walletClientName);
-        this.initPromise = this.asyncInit();
+        this.initPromise = this.asyncInit(options);
     }
 
     @throwCruxClientError
@@ -423,7 +427,7 @@ export class CruxWalletClient {
         return this.cruxDomain;
     }
 
-    private asyncInit = async (): Promise<void> => {
+    private asyncInit = async (options: ICruxWalletClientOptions): Promise<void> => {
         this.cruxDomain = await this.cruxDomainRepo.get(this.cruxDomainId);
         if (!this.cruxDomain) {
             throw ErrorHelper.getPackageError(null, PackageErrorCode.InvalidWalletClientName);
@@ -433,9 +437,16 @@ export class CruxWalletClient {
             throw ErrorHelper.getPackageError(null, PackageErrorCode.CouldNotFindBlockstackConfigurationServiceClientConfig);
         }
         this.cruxAssetTranslator = new CruxAssetTranslator(this.cruxDomain.config.assetMapping, this.cruxDomain.config.assetList);
+        if (options.disableCruxMessenger) {
+            return;
+        }
         const selfIdClaim = await this.getSelfClaim();
         if (selfIdClaim) {
-            await this.setupCruxMessenger(selfIdClaim);
+            try {
+                await this.setupCruxMessenger(selfIdClaim);
+            } catch (err) {
+                console.log(err);
+            }
         }
     }
 
@@ -461,8 +472,12 @@ export class CruxWalletClient {
         }
         const pubsubClientFactory = getPubsubClientFactory();
         this.secureCruxNetwork = new SecureCruxNetwork(this.cruxUserRepository, pubsubClientFactory, selfIdClaim);
-        await this.secureCruxNetwork.initialize();
         this.paymentProtocolMessenger = new CruxProtocolMessenger(this.secureCruxNetwork, cruxPaymentProtocol);
+        this.keyManagerProtocolMessenger = new CruxProtocolMessenger(this.secureCruxNetwork, keyManagementProtocol);
+        await this.keyManagerProtocolMessenger.initialize();
+        const remoteKeyHost = new RemoteKeyHost(this.keyManagerProtocolMessenger, this.keyManager!);
+        this.remoteKeyHost = remoteKeyHost;
+        await this.remoteKeyHost.initialize();
     }
 
 }

src/application/clients/index.ts

@@ -1,3 +1,4 @@
 export * from "./crux-explorer-client";
 export * from "./crux-wallet-client";
 export * from "./crux-wallet-onboarding";
+export * from "./crux-service-client";

src/core/domain-services/crux-messenger.ts

@@ -19,6 +19,7 @@ import {
 export class CertificateManager {
     public static make = async (idClaim: ICruxIdClaim): Promise<ICruxIdCertificate> => {
         const payload = idClaim.cruxId.toString();
+        console.log("CertificateManager::make:claim: ", payload);
         const signedProof = await idClaim.keyManager.signWebToken(payload);
         return {
                 claim: idClaim.cruxId.toString(),
@@ -28,6 +29,7 @@ export class CertificateManager {
     public static verify = (certificate: ICruxIdCertificate, senderPubKey: any) => {
         const proof: any = decodeToken(certificate.proof).payload;
         const verified = new TokenVerifier("ES256K", senderPubKey).verify(certificate.proof);
+        console.log("CertificateManager::verify:: verified, claim, proof", verified, certificate.claim, proof);
         if (proof && proof === certificate.claim && verified) {
             return true;
         }
@@ -45,6 +47,7 @@ export class EncryptionManager {
     }
     public static decrypt = async (encryptedContent: string, keyManager: IKeyManager): Promise<string> => {
         try {
+            console.log("EncryptionManager::decrypt::keymanager, encryptionContent: ", keyManager, encryptedContent);
             const decryptedContent = await keyManager.decryptMessage!(encryptedContent);
             return decryptedContent;
         } catch (e) {
@@ -249,7 +252,6 @@ export class SecureContext {
             data,
         };
         const serializedSecurePacket = JSON.stringify(securePacket);
-
         const recipientCruxUser: CruxUser | undefined = await this.cruxUserRepo.getByCruxId(recipientId);
         if (!recipientCruxUser) {
             throw Error("No Such CRUX User Found");

src/core/domain-services/index.ts

@@ -1 +1,2 @@
 export * from "./crux-messenger";
+export * from "./remote-key-service";

src/core/domain-services/remote-key-service.ts

@@ -0,0 +1,153 @@
+import {makeUUID4} from "blockstack/lib";
+import { createNanoEvents, DefaultEvents, Emitter } from "nanoevents";
+import { CruxId } from "../../packages";
+import { IKeyManager } from "../interfaces";
+import { CruxProtocolMessenger, SecureCruxNetwork } from "./crux-messenger";
+
+const VALID_METHODS = ["signWebToken", "getPubKey", "deriveSharedSecret", "decryptMessage"];
+
+export class RemoteKeyClient {
+    private cruxProtocolMessenger: CruxProtocolMessenger;
+    private remoteUserId: CruxId;
+    private emitter: Emitter<DefaultEvents>;
+
+    constructor(cruxProtocolMessenger: CruxProtocolMessenger, remoteUserId: CruxId) {
+        this.cruxProtocolMessenger = cruxProtocolMessenger;
+        this.remoteUserId = remoteUserId;
+        this.emitter = createNanoEvents();
+    }
+
+    public async initialize() {
+        this.cruxProtocolMessenger.on("KEY_MANAGER_RESPONSE", async (msg: any, senderId: CruxId | undefined) => {
+            console.log("Inside RemoteKeyClient::initialize::Msg, senderId: ", msg, senderId);
+            this.emitter.emit(msg.invocationId, msg, senderId);
+        });
+    }
+
+    public async invoke(method: string, args: any[]) {
+        console.log("RemoteKeyClient::Inside Invoke");
+        if (!this.cruxProtocolMessenger) {
+            throw Error("RemoteKeyClient cannot send with no secureCruxNetwork");
+        }
+        const methodData = this.generateMethodData(method, args);
+        console.log("RemoteKeyClient::Inside Invoke, RemoteUserId, MethodData", this.remoteUserId, methodData);
+        // @ts-ignore
+        await this.cruxProtocolMessenger.send({
+            content: methodData,
+            type: "KEY_MANAGER_REQUEST",
+        }, this.remoteUserId);
+        return methodData.invocationId;
+    }
+
+    public listenToInvocation = (invocationId: string, resultCallback: (msg: any, senderId: CruxId | undefined) => any, errorCallback: (err: any) => any): void => {
+        if (!this.cruxProtocolMessenger) {
+            throw Error("RemoteKeyClient cannot listen with no secureCruxNetwork");
+        }
+        console.log("RemoteKeyClient::ListenToInvocation::invocationId", invocationId);
+        this.emitter.on(invocationId, resultCallback);
+        this.emitter.on("error", errorCallback);
+    }
+
+    private generateMethodData(method: string, args: any[]) {
+        return {
+            args,
+            invocationId: makeUUID4(),
+            method,
+        };
+    }
+}
+
+export class RemoteKeyHost {
+    private cruxProtocolMessenger: CruxProtocolMessenger;
+    private keyManager: IKeyManager;
+
+    constructor(cruxProtocolMessenger: CruxProtocolMessenger, keyManager: IKeyManager) {
+        this.keyManager = keyManager;
+        this.cruxProtocolMessenger = cruxProtocolMessenger;
+    }
+
+    public async initialize() {
+        this.cruxProtocolMessenger.on("KEY_MANAGER_REQUEST", async (msg: any, senderId: CruxId | undefined) => {
+            console.log("Inside RemoteKeyHost::in::Msg, senderId: ", msg, senderId);
+            const data = await this.handleMessage(msg);
+            console.log("Inside RemoteKeyHost::initialize::Data(handleMessage): ", data);
+            // @ts-ignore
+            await this.sendInvocationResult(data, CruxId.fromString(senderId!)); // getting senderId as string
+        });
+    }
+    private async sendInvocationResult(result: any, receiverId: CruxId) {
+        if (!this.cruxProtocolMessenger) {
+            throw Error("RemoteKeyClient cannot send with no selfMessenger");
+        }
+        const resultData = this.generateInvocationResponse(result);
+        console.log("RemoteKeyHost::Inside sendInvocationResult::resultData: ", resultData);
+        await this.cruxProtocolMessenger.send({
+            content: resultData,
+            type: "KEY_MANAGER_RESPONSE",
+        }, receiverId);
+    }
+
+    private async handleMessage(message: any) {
+        if (!this.keyManager) {
+            throw new Error("Key Manager not available");
+        }
+        let data;
+        // @ts-ignore
+        data = await this.keyManager[message.method](message.args[0]);
+        return {
+            data,
+            invocationId: message.invocationId,
+        };
+    }
+
+    private generateInvocationResponse(result: any) {
+        return {
+            invocationId: result.invocationId,
+            result,
+        };
+    }
+}
+
+export class RemoteKeyManager implements IKeyManager {
+    private remoteKeyClient: RemoteKeyClient;
+    private remoteUserId: CruxId;
+
+    constructor(cruxProtocolMessenger: CruxProtocolMessenger, remoteUserId: CruxId) {
+        this.remoteKeyClient = new RemoteKeyClient(cruxProtocolMessenger, remoteUserId);
+        this.remoteUserId = remoteUserId;
+    }
+
+    public async initialize() {
+        await this.remoteKeyClient.initialize();
+    }
+    // @ts-ignore
+    public signWebToken = async (args: any) => {
+        return this.makeRemoteMessageCall("signWebToken", [args]);
+    }
+    // @ts-ignore
+    public getPubKey = async () => {
+        return this.makeRemoteMessageCall("getPubKey");
+    }
+    // @ts-ignore
+    public deriveSharedSecret = async (args: string) => {
+        return this.makeRemoteMessageCall("deriveSharedSecret", [args]);
+    }
+    // @ts-ignore
+    public decryptMessage = async (args: string) => {
+        return this.makeRemoteMessageCall("decryptMessage", [args]);
+    }
+
+    private makeRemoteMessageCall = async (method: string, args: any = []) => {
+        console.log("makeRemoteMessageCall::", method, args);
+        const invocationId = await this.remoteKeyClient.invoke(method, args);
+        console.log("RemoteKeyManager::makeRemoteMessageCall::invokationId: ", invocationId);
+        return new Promise(async (resolve, reject) => {
+            this.remoteKeyClient.listenToInvocation(invocationId, (msg, senderId) => {
+                console.log("RemoteKeyManager::deriveSharedSecret::msg: ", msg);
+                resolve(msg.result.data);
+            }, (err) => {
+                reject(err);
+            });
+        });
+    }
+}

src/core/index.ts

@@ -1,2 +1,3 @@
 export * from "./entities";
 export * from "./interfaces";
+export * from "./domain-services";

src/infrastructure/implementations/basic-key-manager.ts

@@ -32,12 +32,14 @@ export class BasicKeyManager implements IKeyManager {
         let privateKey = await this.getDecryptedPrivateKey();
         const curve = new ec("secp256k1");
         const selfKey = curve.keyFromPrivate(privateKey, "hex");
+        console.log("Inside DeriveSharedSecret: pubKey, pvtKey", publicKey, privateKey);
         const userKey = curve.keyFromPublic(publicKey, "hex");
         privateKey = "0".repeat(privateKey.length);
         return selfKey.derive(userKey.getPublic()).toString(16);
     }
 
     public decryptMessage = async (encryptedMessage: string): Promise<string> => {
+        console.log("Inside DecryptMessage: type, value", typeof encryptedMessage, encryptedMessage);
         const toDecrypt = BufferJSONSerializer.JSONStringToBufferObject(encryptedMessage);
         const privateKey = await this.getDecryptedPrivateKey();
         const decrypted = await ECIESEncryption.decrypt(toDecrypt, privateKey);