diff --git a/pkg/didcomm/packer/legacy/authcrypt/authcrypt_test.go b/pkg/didcomm/packer/legacy/authcrypt/authcrypt_test.go index 41a5cdf03..ebd62206f 100644 --- a/pkg/didcomm/packer/legacy/authcrypt/authcrypt_test.go +++ b/pkg/didcomm/packer/legacy/authcrypt/authcrypt_test.go @@ -169,8 +169,7 @@ func TestEncrypt(t *testing.T) { badKey := "6ZAQ7QpmR9EqhJdwx1jQsjq6nnpehwVqUbhVxiEiYEV7" _, err := packer.Pack("", []byte("Test Message"), senderKey, [][]byte{base58.Decode(badKey)}) - require.EqualError(t, err, "pack: failed to build recipients: buildRecipients: failed to build "+ - "recipient: buildRecipient: failed to convert public Ed25519 to Curve25519: error converting public key") + require.EqualError(t, err, "pack: failed to build recipients: recipients keys are empty") }) recipientKey := createKey(t, testingKMS) @@ -181,8 +180,7 @@ func TestEncrypt(t *testing.T) { _, err := packer.Pack("", []byte("Test Message"), []byte{1, 2, 3}, [][]byte{recipientKey}) require.Error(t, err) - require.Contains(t, err.Error(), "getKeySet: failed to read json keyset from reader: cannot read data"+ - " for keysetID") + require.Contains(t, err.Error(), "recipients keys are empty") }) t.Run("Success test case: given keys, generate envelope", func(t *testing.T) { @@ -306,8 +304,7 @@ func TestEncryptComponents(t *testing.T) { "", []byte( "Lorem Ipsum Dolor Sit Amet Consectetur Adispici Elit"), base58.Decode(senderPub), [][]byte{base58.Decode(rec1Pub)}) - require.EqualError(t, err, "pack: failed to build recipients: buildRecipients: failed to build "+ - "recipient: buildRecipient: failed to generate random nonce: mock Reader has failed intentionally") + require.EqualError(t, err, "pack: failed to build recipients: recipients keys are empty") }) t.Run("Failure: recipient sodiumBoxSeal nonce generation fails", func(t *testing.T) { @@ -318,8 +315,7 @@ func TestEncryptComponents(t *testing.T) { "", []byte("Lorem Ipsum Dolor Sit Amet Consectetur Adispici Elit"), base58.Decode(senderPub), [][]byte{base58.Decode(rec1Pub)}) - require.EqualError(t, err, "pack: failed to build recipients: buildRecipients: failed to build"+ - " recipient: buildRecipient: failed to encrypt sender key: mock Reader has failed intentionally") + require.EqualError(t, err, "pack: failed to build recipients: recipients keys are empty") }) t.Run("Success: 4 reads necessary for pack", func(t *testing.T) { diff --git a/pkg/didcomm/packer/legacy/authcrypt/pack.go b/pkg/didcomm/packer/legacy/authcrypt/pack.go index 1400e9f13..23293d52d 100644 --- a/pkg/didcomm/packer/legacy/authcrypt/pack.go +++ b/pkg/didcomm/packer/legacy/authcrypt/pack.go @@ -16,12 +16,15 @@ import ( chacha "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/poly1305" + "github.com/hyperledger/aries-framework-go/pkg/common/log" "github.com/hyperledger/aries-framework-go/pkg/internal/cryptoutil" "github.com/hyperledger/aries-framework-go/pkg/kms" "github.com/hyperledger/aries-framework-go/pkg/kms/localkms" "github.com/hyperledger/aries-framework-go/pkg/kms/webkms" ) +var logger = log.New("aries-framework/pkg/didcomm/packer/legacy") + // Pack will encode the payload argument // Using the protocol defined by Aries RFC 0019. func (p *Packer) Pack(_ string, payload, sender []byte, recipientPubKeys [][]byte) ([]byte, error) { @@ -101,15 +104,21 @@ func (p *Packer) buildEnvelope(nonce, payload, cek []byte, header *protected) ([ } func (p *Packer) buildRecipients(cek *[chacha.KeySize]byte, senderKey []byte, recPubKeys [][]byte) ([]recipient, error) { // nolint: lll - encodedRecipients := make([]recipient, len(recPubKeys)) + encodedRecipients := make([]recipient, 0) - for i, recKey := range recPubKeys { + for _, recKey := range recPubKeys { rec, err := p.buildRecipient(cek, senderKey, recKey) if err != nil { - return nil, fmt.Errorf("buildRecipients: failed to build recipient: %w", err) + logger.Warnf("buildRecipients: failed to build recipient: %w", err) + + continue } - encodedRecipients[i] = *rec + encodedRecipients = append(encodedRecipients, *rec) + } + + if len(encodedRecipients) == 0 { + return nil, fmt.Errorf("recipients keys are empty") } return encodedRecipients, nil diff --git a/pkg/didcomm/protocol/mediator/service.go b/pkg/didcomm/protocol/mediator/service.go index 3c0c965e9..e1a29689e 100644 --- a/pkg/didcomm/protocol/mediator/service.go +++ b/pkg/didcomm/protocol/mediator/service.go @@ -22,7 +22,6 @@ import ( "github.com/hyperledger/aries-framework-go/pkg/didcomm/dispatcher" "github.com/hyperledger/aries-framework-go/pkg/didcomm/protocol/decorator" "github.com/hyperledger/aries-framework-go/pkg/didcomm/protocol/messagepickup" - "github.com/hyperledger/aries-framework-go/pkg/didcomm/transport" "github.com/hyperledger/aries-framework-go/pkg/doc/util/kmsdidkey" "github.com/hyperledger/aries-framework-go/pkg/framework/aries/api/vdr" "github.com/hyperledger/aries-framework-go/pkg/internal/logutil" @@ -392,29 +391,31 @@ func (s *Service) handleInboundRequest(c *callback) error { c.msg.ID(), c.options, s.endpoint, - func() (string, error) { - for _, mtp := range s.mediaTypeProfiles { - switch mtp { - case transport.MediaTypeDIDCommV2Profile, transport.MediaTypeAIP2RFC0587Profile: - _, pubKeyBytes, e := s.kms.CreateAndExportPubKeyBytes(s.keyAgreementType) - if e != nil { - return "", fmt.Errorf("outboundGrant from handleInboundRequest: kms failed to create "+ - "and export %v key: %w", s.keyAgreementType, e) - } - - return kmsdidkey.BuildDIDKeyByKeyType(pubKeyBytes, s.keyAgreementType) + func() ([]string, error) { + if len(s.mediaTypeProfiles) > 0 { + _, pubKeyBytes, e := s.kms.CreateAndExportPubKeyBytes(s.keyAgreementType) + if e != nil { + return nil, fmt.Errorf("outboundGrant from handleInboundRequest: kms failed to create "+ + "and export %v key: %w", s.keyAgreementType, e) } - } - _, pubKeyBytes, er := s.kms.CreateAndExportPubKeyBytes(kms.ED25519Type) - if er != nil { - return "", fmt.Errorf("outboundGrant from handleInboundRequest: kms failed to create and "+ - "export ED25519 key: %w", er) - } + didCommV2Key, errBuild := kmsdidkey.BuildDIDKeyByKeyType(pubKeyBytes, s.keyAgreementType) + if errBuild != nil { + return nil, errBuild + } - didKey, _ := fingerprint.CreateDIDKey(pubKeyBytes) + _, pubKeyBytes, er := s.kms.CreateAndExportPubKeyBytes(kms.ED25519Type) + if er != nil { + return nil, fmt.Errorf("outboundGrant from handleInboundRequest: kms failed to create and "+ + "export ED25519 key: %w", er) + } + + didKey, _ := fingerprint.CreateDIDKey(pubKeyBytes) + + return []string{didKey, didCommV2Key}, nil + } - return didKey, er + return nil, nil }, ) if err != nil { @@ -426,7 +427,7 @@ func (s *Service) handleInboundRequest(c *callback) error { func outboundGrant( msgID string, opts *Options, - defaultEndpoint string, defaultKey func() (string, error)) (*Grant, error) { + defaultEndpoint string, defaultKey func() ([]string, error)) (*Grant, error) { grant := &Grant{ ID: msgID, Type: GrantMsgType, @@ -444,7 +445,7 @@ func outboundGrant( return nil, fmt.Errorf("outboundGrant: failed to create keys : %w", err) } - grant.RoutingKeys = []string{keys} + grant.RoutingKeys = keys } logger.Debugf("outbound grant: %+v", grant) diff --git a/pkg/didcomm/protocol/mediator/service_test.go b/pkg/didcomm/protocol/mediator/service_test.go index 965f008ea..a6382d332 100644 --- a/pkg/didcomm/protocol/mediator/service_test.go +++ b/pkg/didcomm/protocol/mediator/service_test.go @@ -338,6 +338,7 @@ func TestServiceRequestMsg(t *testing.T) { CrAndExportPubKeyErr: expected, }, OutboundDispatcherValue: &mockdispatcher.MockOutbound{}, + MediaTypeProfilesValue: []string{"value"}, }) require.NoError(t, err)