feat(sdk-core): lightning wallet sharing support

Lightning uses user auth key instead of user key
to authorise transactions to BitGo backend.

Actual transaction signing are done using user key,
but that is controlled by BitGo for custodial lightning wallets.

So user auth key from coinSpecific of a wallet
should be the one shared by the users during wallet sharings.

TICKET: BTC-1934

Author: saravanan7mani

modules/bitgo/test/v2/unit/wallet.ts

@@ -2218,42 +2218,77 @@ describe('V2 Wallet:', function () {
       createShareNock.isDone().should.be.True();
     });
 
-    it('should use keychain pub to share hot wallet', async function () {
+    describe('Hot Wallet Sharing', function () {
       const userId = '123';
       const email = '[email protected]';
       const permissions = 'view,spend';
       const toKeychain = utxoLib.bip32.fromSeed(Buffer.from('deadbeef02deadbeef02deadbeef02deadbeef02', 'hex'));
       const path = 'm/999999/1/1';
       const pubkey = toKeychain.derivePath(path).publicKey.toString('hex');
       const walletPassphrase = 'bitgo1234';
-
-      const getSharingKeyNock = nock(bgUrl)
-        .post('/api/v1/user/sharingkey', { email })
-        .reply(200, { userId, pubkey, path });
-
       const pub = 'Zo1ggzTUKMY5bYnDvT5mtVeZxzf2FaLTbKkmvGUhUQk';
-      const getKeyNock = nock(bgUrl)
-        .get(`/api/v2/tbtc/key/${wallet.keyIds()[0]}`)
-        .reply(200, {
-          id: wallet.keyIds()[0],
-          pub,
-          source: 'user',
-          encryptedPrv: bitgo.encrypt({ input: 'xprv1', password: walletPassphrase }),
-          coinSpecific: {},
-        });
 
-      const stub = sinon.stub(wallet, 'createShare').callsFake(async (options) => {
-        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-        options!.keychain!.pub!.should.not.be.undefined();
-        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-        options!.keychain!.pub!.should.equal(pub);
-        return undefined;
-      });
-      await wallet.shareWallet({ email, permissions, walletPassphrase });
+      const lightningCoin: any = bitgo.coin('tlnbtc');
+      const lightningWalletData = {
+        id: '5b34252f1bf349930e34020a00000001',
+        coin: 'tlnbtc',
+        keys: ['5b3424f91bf349930e34017500000001'],
+        coinSpecific: { keys: ['5b3424f91bf349930e34017600000000', '5b3424f91bf349930e34017700000000'] },
+        type: 'hot',
+      };
+      const lightningWallet = new Wallet(bitgo, lightningCoin, lightningWalletData);
+
+      for (const hotWallet of [wallet, lightningWallet] as const) {
+        it(`should use keychain pub to share ${hotWallet.coin()} hot wallet`, async function () {
+          const getSharingKeyNock = nock(bgUrl)
+            .post('/api/v1/user/sharingkey', { email })
+            .reply(200, { userId, pubkey, path });
+
+          const getKeyNocks: nock.Scope[] = [];
+          if (hotWallet.baseCoin.getFamily() === 'lnbtc') {
+            for (let i = 0; i < 2; i++) {
+              const keyId = lightningWalletData.coinSpecific.keys[i];
+              const getKeyNock = nock(bgUrl)
+                .get(`/api/v2/tlnbtc/key/${keyId}`)
+                .reply(200, {
+                  id: keyId,
+                  pub: i === 0 ? pub : 'Zo1ggzTUKMY5bYnDvT5mtVeZxzf2FaLTbKkmvGUhUQm',
+                  source: 'user',
+                  encryptedPrv: bitgo.encrypt({ input: 'xprv' + i, password: walletPassphrase }),
+                  coinSpecific:
+                    i === 0
+                      ? { [hotWallet.baseCoin.getChain()]: { purpose: 'userAuth' } }
+                      : { [hotWallet.baseCoin.getChain()]: { purpose: 'nodeAuth' } },
+                });
+              getKeyNocks.push(getKeyNock);
+            }
+          } else {
+            const getKeyNock = nock(bgUrl)
+              .get(`/api/v2/tbtc/key/${wallet.keyIds()[0]}`)
+              .reply(200, {
+                id: wallet.keyIds()[0],
+                pub,
+                source: 'user',
+                encryptedPrv: bitgo.encrypt({ input: 'xprv1', password: walletPassphrase }),
+                coinSpecific: {},
+              });
+            getKeyNocks.push(getKeyNock);
+          }
 
-      stub.calledOnce.should.be.true();
-      getSharingKeyNock.isDone().should.be.True();
-      getKeyNock.isDone().should.be.True();
+          const stub = sinon.stub(hotWallet, 'createShare').callsFake(async (options) => {
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            options!.keychain!.pub!.should.not.be.undefined();
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            options!.keychain!.pub!.should.equal(pub);
+            return undefined;
+          });
+          await hotWallet.shareWallet({ email, permissions, walletPassphrase });
+
+          stub.calledOnce.should.be.true();
+          getSharingKeyNock.isDone().should.be.True();
+          getKeyNocks.every((v) => v.isDone().should.be.True());
+        });
+      }
     });
 
     it('should provide skipKeychain to wallet share api for hot wallet', async function () {

modules/sdk-core/src/bitgo/lightning/lightningWalletUtil.ts

@@ -0,0 +1,29 @@
+import { Wallet } from '../wallet';
+import { KeychainWithEncryptedPrv } from '../keychain';
+
+/**
+ * Get the lightning auth key for the given purpose
+ */
+export async function getLightningAuthKey(
+  wallet: Wallet,
+  purpose: 'userAuth' | 'nodeAuth'
+): Promise<KeychainWithEncryptedPrv> {
+  if (wallet.baseCoin.getFamily() !== 'lnbtc') {
+    throw new Error(`Invalid lightning coin family: ${wallet.baseCoin.getFamily()}`);
+  }
+  const authKeyIds = wallet.coinSpecific()?.keys;
+  if (authKeyIds?.length !== 2) {
+    throw new Error(`Invalid number of auth keys in lightning wallet: ${authKeyIds?.length}`);
+  }
+  const keychains = await Promise.all(authKeyIds.map((id) => wallet.baseCoin.keychains().get({ id })));
+  const userAuthKeychain = keychains.find((v) => {
+    const coinSpecific = v?.coinSpecific?.[wallet.baseCoin.getChain()];
+    return (
+      coinSpecific && typeof coinSpecific === 'object' && 'purpose' in coinSpecific && coinSpecific.purpose === purpose
+    );
+  });
+  if (userAuthKeychain?.encryptedPrv) {
+    return userAuthKeychain as KeychainWithEncryptedPrv;
+  }
+  throw new Error(`Missing lightning ${purpose} keychain with encrypted private key`);
+}

modules/sdk-core/src/bitgo/wallet/wallet.ts

@@ -111,6 +111,7 @@ import { TxSendBody } from '@bitgo/public-types';
 import { AddressBook, IAddressBook } from '../address-book';
 import { IRequestTracer } from '../../api';
 import { getTxRequestApiVersion, validateTxRequestApiVersion } from '../utils/txRequest';
+import { getLightningAuthKey } from '../lightning/lightningWalletUtil';
 
 const debug = require('debug')('bitgo:v2:wallet');
 
@@ -1609,6 +1610,19 @@ export class Wallet implements IWallet {
     return this.bitgo.post(url).send({ shareOptions: params }).result();
   }
 
+  /**
+   * Gets keychain with encrypted private key to be shared for wallet sharing.
+   */
+  private async getEncryptedWalletKeychainForWalletSharing(): Promise<KeychainWithEncryptedPrv> {
+    if (this.baseCoin.getFamily() === 'lnbtc') {
+      // lightning coin does not use user key to sign the transactions from SDK.
+      // it uses user auth key instead.
+      return await getLightningAuthKey(this, 'userAuth');
+    } else {
+      return await this.getEncryptedUserKeychain();
+    }
+  }
+
   async prepareSharedKeychain(
     walletPassphrase: string | undefined,
     pubkey: string,
@@ -1617,7 +1631,7 @@ export class Wallet implements IWallet {
     let sharedKeychain: SharedKeyChain = {};
 
     try {
-      const keychain = await this.getEncryptedUserKeychain();
+      const keychain = await this.getEncryptedWalletKeychainForWalletSharing();
 
       // Decrypt the user key with a passphrase
       if (keychain.encryptedPrv) {