feat(awm, mbe): added test cases for eddsa recovery

Ticket: WP-5337

Author: alextse-bg

src/__tests__/api/advancedWalletManager/recoveryMpc.test.ts

@@ -1,58 +1,22 @@
-import { AppMode, AdvancedWalletManagerConfig, TlsMode } from '../../../initConfig';
-import { app as expressApp } from '../../../advancedWalletManagerApp';
-
-import express from 'express';
-import nock from 'nock';
 import 'should';
 import * as request from 'supertest';
-import { DklsTypes, DklsUtils } from '@bitgo-beta/sdk-lib-mpc';
+import nock from 'nock';
+import { app as expressApp } from '../../../advancedWalletManagerApp';
+import { AdvancedWalletManagerConfig, AppMode, TlsMode } from '../../../shared/types';
 
-describe('recoveryMpc', async () => {
-  let cfg: AdvancedWalletManagerConfig;
-  let app: express.Application;
+describe('recoveryMpc', () => {
   let agent: request.SuperAgentTest;
 
   // test config
   const kmsUrl = 'http://kms.invalid';
-  const eddsaCoin = 'tsol';
-  const nonSol = 'tnear';
+  const sol = 'tsol';
   const accessToken = 'test-token';
 
-  // sinon stubs
-  // let configStub: sinon.SinonStub;
-
-  // kms nocks setup
-  const [userShare, backupShare] = await DklsUtils.generateDKGKeyShares();
-  const userKeyShare = userShare.getKeyShare().toString('base64');
-  const backupKeyShare = backupShare.getKeyShare().toString('base64');
-  const commonKeychain = DklsTypes.getCommonKeychain(userShare.getKeyShare());
-
-  const mockKmsUserResponse = {
-    prv: JSON.stringify(userKeyShare),
-    pub: commonKeychain,
-    source: 'user',
-    type: 'tss',
-  };
-
-  const mockKmsBackupResponse = {
-    prv: JSON.stringify(backupKeyShare),
-    pub: commonKeychain,
-    source: 'backup',
-    type: 'tss',
-  };
-  const input = {
-    txHex:
-      '',
-    pub: commonKeychain,
-  };
-
   before(async () => {
-    // nock config
     nock.disableNetConnect();
     nock.enableNetConnect('127.0.0.1');
 
-    // app config
-    cfg = {
+    const config: AdvancedWalletManagerConfig = {
       appMode: AppMode.ADVANCED_WALLET_MANAGER,
       port: 0, // Let OS assign a free port
       bind: 'localhost',
@@ -64,36 +28,114 @@ describe('recoveryMpc', async () => {
       recoveryMode: true,
     };
 
-    // app setup
-    app = expressApp(cfg);
+    const app = expressApp(config);
     agent = request.agent(app);
   });
 
   afterEach(() => {
     nock.cleanAll();
   });
 
-  // happy path test
-  it('should be sign a MPC Recovery', async () => {
-    // nocks for KMS responses
-    const userKmsNock = nock(kmsUrl)
-      .get(`/key/${input.pub}`)
-      .query({ source: 'user', useLocalEncipherment: false })
-      .reply(200, mockKmsUserResponse)
-      .persist();
-    const backupKmsNock = nock(kmsUrl)
-      .get(`/key/${input.pub}`)
-      .query({ source: 'backup', useLocalEncipherment: false })
-      .reply(200, mockKmsBackupResponse)
-      .persist();
-
-    const eddsaSignatureResponse = await agent
-      .post(`/api/${eddsaCoin}/mpc/recovery`)
-      .set('Authorization', `Bearer ${accessToken}`)
-      .send(input);
-
-    eddsaSignatureResponse.status.should.equal(200);
-    eddsaSignatureResponse.body.should.have.property('txHex');
-    eddsaSignatureResponse.body.txHex.should.equal(input.txHex);
+  after(() => {
+    nock.enableNetConnect();
+  });
+
+  describe('ECDSA MPC recovery', () => {
+    it('should successfully generate MPC solana transactions', async () => {
+      const mockKmsUserResponse = {
+        prv: '{"uShare":{"i":1,"t":2,"n":3,"y":"85aa6462d927329418f70f6d0863cf6cf33e7da2934f935e5927f1b13062d779","seed":"2f55c80fd6b5583dcde8037b2ee461d2e7d445a4d3e7a9b2a0d3d00b5f534169","chaincode":"66e80f2bf41a5706608352d51ceb07a5aa1729cab6c6993c124d5731546ed9a1"},"bitgoYShare":{"i":1,"j":3,"y":"483e53b72de3aa893df698d0b20b20777fb3d2716cc8483a9e9797174fd52b16","v":"e70696459e46434a2a12cc988e3ae714a61fe96da8a6764d058b849cab50d6dc","u":"49abf8144d265a77cf6d098eff784d6ce56ec77a182f6b39f47d5d8e28f2a802","chaincode":"797348468202f1d7fede0a7851f80162b02e7da306e65075dd864b6789b9bc5b"},"backupYShare":{"i":1,"j":2,"y":"249a9798d0064a989a16cd8f479edf09ffaee73f4175d2ac555ba90ff41b89da","v":"98e31d2b643e40060ba344c6a41fc096ea7e39a1ae879f65e4af645870e90ee0","u":"ac047b1bceab2e1a42d97ab540b39176e545d9c0af4a192aee8e1dae91a4240b","chaincode":"585bdc05c8f84802cbe7b9a1a07d4aa9c5fede93597a622854e9bad83a2d5b78"}}',
+        pub: 'b6f5fb808f538a32735a89609e98fab75690a2c79b26f50a54c4cbf0fbca287138b733783f1590e12b4916ef0f6053b22044860117274bda44bd5d711855f174',
+        source: 'user',
+        type: 'tss',
+      };
+
+      const mockKmsBackupResponse = {
+        prv: '{"uShare":{"i":2,"t":2,"n":3,"y":"249a9798d0064a989a16cd8f479edf09ffaee73f4175d2ac555ba90ff41b89da","seed":"abab5be2b32d07cf39b2a162af0f78bad8325b2fbdc89d14fd8b4e5767b74097","chaincode":"585bdc05c8f84802cbe7b9a1a07d4aa9c5fede93597a622854e9bad83a2d5b78"},"bitgoYShare":{"i":2,"j":3,"y":"483e53b72de3aa893df698d0b20b20777fb3d2716cc8483a9e9797174fd52b16","v":"e70696459e46434a2a12cc988e3ae714a61fe96da8a6764d058b849cab50d6dc","u":"eb54da28da3da22eb3d61797a02a96264be8940b7115aefbb90b9dd044db7f06","chaincode":"797348468202f1d7fede0a7851f80162b02e7da306e65075dd864b6789b9bc5b"},"userYShare":{"i":2,"j":1,"y":"85aa6462d927329418f70f6d0863cf6cf33e7da2934f935e5927f1b13062d779","v":"76cfdcbf0f769f21c64e0faf0072ebccbcc3aaa844522336af27f8e50ed7ca5f","u":"6ce814af82683423c8d8befd13f6eeeb0cd3f7274d1ebfdd5807fd2e4eaadb08","chaincode":"66e80f2bf41a5706608352d51ceb07a5aa1729cab6c6993c124d5731546ed9a1"}}',
+        pub: 'b6f5fb808f538a32735a89609e98fab75690a2c79b26f50a54c4cbf0fbca287138b733783f1590e12b4916ef0f6053b22044860117274bda44bd5d711855f174',
+        source: 'backup',
+        type: 'tss',
+      };
+
+      nock(kmsUrl)
+        .get(`/key/${mockKmsUserResponse.pub}`)
+        .query({ source: 'user', useLocalEncipherment: false })
+        .reply(200, mockKmsUserResponse)
+        .persist();
+
+      nock(kmsUrl)
+        .get(`/key/${mockKmsBackupResponse.pub}`)
+        .query({ source: 'backup', useLocalEncipherment: false })
+        .reply(200, mockKmsBackupResponse)
+        .persist();
+
+      const input = {
+        commonKeychain:
+          'b6f5fb808f538a32735a89609e98fab75690a2c79b26f50a54c4cbf0fbca287138b733783f1590e12b4916ef0f6053b22044860117274bda44bd5d711855f174',
+        unsignedSweepPrebuildTx: {
+          txRequests: [
+            {
+              unsignedTx: '',
+              signableHex:
+                'AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAECvoOqYkvCPusjYyhX4GdUtzSeVIcx6GkwdpSk8SkU0/cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQtFGO2YBsrubq15CKqJLwXG3VEF1aEs36Rao6EaJDLAQECAAAMAgAAALhJxgAAAAAA',
+              derivationPath: 'm/0',
+            },
+          ],
+        },
+      };
+
+      const eddsaSignatureResponse = await agent
+        .post(`/api/${sol}/mpc/recovery`)
+        .set('Authorization', `Bearer ${accessToken}`)
+        .send(input);
+
+      eddsaSignatureResponse.status.should.equal(200);
+      eddsaSignatureResponse.body.should.have.property('txHex');
+
+      nock.cleanAll();
+    });
+
+    it('should throw 500 Internal Server Error if KMS cannot find user or backup keys', async () => {
+      const commonKeychain = 'b6f5fb808f538a32735a89609e98fab75690a2c79b26f50a54c4cbf0fbca287138b733783f1590e12b4916ef0f6053b22044860117274bda44bd5d711855f174';
+      const mockKmsUserResponse = {};
+      const mockKmsBackupResponse = {};
+
+      nock(kmsUrl)
+        .get(`/key/${commonKeychain}`)
+        .query({ source: 'user', useLocalEncipherment: false })
+        .reply(200, mockKmsUserResponse)
+        .persist();
+
+      nock(kmsUrl)
+        .get(`/key/${commonKeychain}`)
+        .query({ source: 'backup', useLocalEncipherment: false })
+        .reply(200, mockKmsBackupResponse)
+        .persist();
+
+      const input = {
+        commonKeychain:
+          'b6f5fb808f538a32735a89609e98fab75690a2c79b26f50a54c4cbf0fbca287138b733783f1590e12b4916ef0f6053b22044860117274bda44bd5d711855f174',
+        unsignedSweepPrebuildTx: {
+          txRequests: [
+            {
+              unsignedTx: '',
+              signableHex:
+                'AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAECvoOqYkvCPusjYyhX4GdUtzSeVIcx6GkwdpSk8SkU0/cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQtFGO2YBsrubq15CKqJLwXG3VEF1aEs36Rao6EaJDLAQECAAAMAgAAALhJxgAAAAAA',
+              derivationPath: 'm/0',
+            },
+          ],
+        },
+      };
+
+      const eddsaSignatureResponse = await agent
+        .post(`/api/${sol}/mpc/recovery`)
+        .set('Authorization', `Bearer ${accessToken}`)
+        .send(input);
+
+      eddsaSignatureResponse.status.should.equal(500);
+      eddsaSignatureResponse.body.should.have.property('error');
+      eddsaSignatureResponse.body.error.should.equal('Failed to retrieve key from KMS');
+
+      nock.cleanAll();
+    });
   });
 });

src/__tests__/api/enclaved/kmsClient.test.ts

@@ -10,11 +10,10 @@ import { BitGoRequest } from '../../../types/request';
 import { BitGoAPI } from '@bitgo-beta/sdk-api';
 import { AdvancedWalletManagerClient } from '../../../api/master/clients/advancedWalletManagerClient';
 import { CoinFamily } from '@bitgo-beta/statics';
+import coinFactory from '../../../shared/coinFactory';
 
 describe('Recovery Tests', () => {
   let agent: request.SuperAgentTest;
-  let mockBitgo: BitGoAPI;
-  let coinStub: sinon.SinonStub;
   const advancedWalletManagerUrl = 'http://advancedwalletmanager.invalid';
   const accessToken = 'test-token';
   const config: MasterExpressConfig = {
@@ -37,43 +36,11 @@ describe('Recovery Tests', () => {
     nock.disableNetConnect();
     nock.enableNetConnect('127.0.0.1');
 
-    // Create mock BitGo instance with base functionality
-    mockBitgo = {
-      coin: sinon.stub(),
-      _coinFactory: {},
-      _useAms: false,
-      initCoinFactory: sinon.stub(),
-      registerToken: sinon.stub(),
-      getValidate: sinon.stub(),
-      validateAddress: sinon.stub(),
-      verifyAddress: sinon.stub(),
-      verifyPassword: sinon.stub(),
-      encrypt: sinon.stub(),
-      decrypt: sinon.stub(),
-      lock: sinon.stub(),
-      unlock: sinon.stub(),
-      getSharingKey: sinon.stub(),
-      ping: sinon.stub(),
-      authenticate: sinon.stub(),
-      authenticateWithAccessToken: sinon.stub(),
-      logout: sinon.stub(),
-      me: sinon.stub(),
-      session: sinon.stub(),
-      getUser: sinon.stub(),
-      users: sinon.stub(),
-      getWallet: sinon.stub(),
-      getWallets: sinon.stub(),
-      addWallet: sinon.stub(),
-      removeWallet: sinon.stub(),
-      getAsUser: sinon.stub(),
-      register: sinon.stub(),
-    } as unknown as BitGoAPI;
-
-    coinStub = mockBitgo.coin as sinon.SinonStub;
+    const bitgo = new BitGoAPI({ env: 'test' });
 
     // Setup middleware stubs before creating app
     sinon.stub(middleware, 'prepareBitGo').callsFake(() => (req, res, next) => {
-      (req as BitGoRequest<MasterExpressConfig>).bitgo = mockBitgo;
+      (req as BitGoRequest<MasterExpressConfig>).bitgo = bitgo;
       (req as BitGoRequest<MasterExpressConfig>).config = config;
       next();
     });
@@ -123,7 +90,11 @@ describe('Recovery Tests', () => {
         isValidPub: mockIsValidPub,
         getFamily: sinon.stub().returns(CoinFamily.BTC),
       };
-      coinStub.withArgs(coin).returns(mockCoin);
+      // coinStub.withArgs(coin).returns(mockCoin);
+      sinon
+        .stub(coinFactory, 'getCoin')
+        .withArgs(coin)
+        .returns(mockCoin as any);
 
       // Setup coin middleware
       sinon.stub(masterMiddleware, 'validateMasterExpressConfig').callsFake((req, res, next) => {
@@ -184,7 +155,7 @@ describe('Recovery Tests', () => {
       );
 
       // Verify SDK coin method calls
-      coinStub.calledWith(coin).should.be.true();
+      // coinStub.calledWith(coin).should.be.true();
       mockIsValidPub.calledWith(userPub).should.be.true();
       mockIsValidPub.calledWith(backupPub).should.be.true();
       mockRecover
@@ -315,13 +286,6 @@ describe('Recovery Tests', () => {
     const ethCoinId = 'hteth';
 
     beforeEach(() => {
-      ethCoin = {
-        recover: sinon.stub().resolves({ txHex: 'eth-tx-hex' }),
-        isValidPub: sinon.stub().returns(true),
-        getFamily: sinon.stub().returns(CoinFamily.ETH),
-      };
-      coinStub.withArgs(ethCoinId).returns(ethCoin);
-
       // Setup coin middleware for ETH coin
       sinon.stub(masterMiddleware, 'validateMasterExpressConfig').callsFake((req, res, next) => {
         (req as BitGoRequest<MasterExpressConfig>).params = { coin: ethCoinId };
@@ -413,14 +377,14 @@ describe('Recovery Tests', () => {
     // Setup mocks for Solana
     let solCoin: any;
     const solCoinId = 'tsol';
+    const solExplorerUrl = 'https://api.devnet.solana.com';
 
     beforeEach(() => {
       solCoin = {
         isValidPub: sinon.stub().returns(true),
         getFamily: sinon.stub().returns(CoinFamily.SOL),
         getMPCAlgorithm: sinon.stub().returns('eddsa'),
       };
-      coinStub.withArgs(solCoinId).returns(solCoin);
 
       // Setup coin middleware for Solana coin
       sinon.stub(masterMiddleware, 'validateMasterExpressConfig').callsFake((req, res, next) => {
@@ -434,6 +398,70 @@ describe('Recovery Tests', () => {
       });
     });
 
+    afterEach(() => {
+      nock.cleanAll();
+    });
+
+    it('should sign a solana recovery successfully', async () => {
+      const solAccountBalanceNock = nock(solExplorerUrl)
+        .post('/')
+        .matchHeader('any', () => true)
+        .reply(200, {
+          result: {
+            value: 1000000000,
+          },
+        });
+
+      const solBlockHashNock = nock(solExplorerUrl)
+        .post('/')
+        .matchHeader('any', () => true)
+        .reply(200, {
+          result: {
+            value: {
+              blockhash: 'FvGuZFQqWtjDCgpPgA2CJ9WgDKc7i1HioJcn9j5PX8xu',
+            },
+          },
+        });
+
+      const solFeeNock = nock(solExplorerUrl)
+        .post('/')
+        .matchHeader('any', () => true)
+        .reply(200, {
+          result: {
+            value: 5000,
+          },
+        });
+
+      const awmNock = nock(advancedWalletManagerUrl)
+        .post(`/api/${solCoinId}/mpc/recovery`)
+        .reply(200, {
+          txHex:
+            'AWkNYn5JOxl5bLmFN8BB/Yyz8pLvrNpyZ6fUiTDpSnkK9dtts5VEBQOdLEaG3D18sN8dPxhnS+TzmmuUPMl0WAUBAAECvoOqYkvCPusjYyhX4GdUtzSeVIcx6GkwdpSk8SkU0/cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQtFGO2YBsrubq15CKqJLwXG3VEF1aEs36Rao6EaJDLAQECAAAMAgAAALhJxgAAAAAA',
+        });
+
+      const response = await agent
+        .post(`/api/${solCoinId}/wallet/recovery`)
+        .set('Authorization', `Bearer ${accessToken}`)
+        .send({
+          isTssRecovery: true,
+          tssRecoveryParams: {
+            commonKeychain:
+              'b6f5fb808f538a32735a89609e98fab75690a2c79b26f50a54c4cbf0fbca287138b733783f1590e12b4916ef0f6053b22044860117274bda44bd5d711855f174',
+          },
+          recoveryDestinationAddress: 'DpgugQVWnNbTQr6jqLvkHQVWa43WTGWb7jH5zeNGJjtA',
+          coinSpecificParams: {
+            solanaRecoveryOptions: {}, // none are required for token recoveries
+          },
+        });
+
+      response.status.should.equal(200);
+      response.body.should.have.property('txHex');
+
+      solAccountBalanceNock.isDone().should.be.true();
+      solBlockHashNock.isDone().should.be.true();
+      awmNock.isDone().should.be.true();
+    });
+
     it('should reject incorrect UTXO parameters for a Solana coin', async () => {
       const userPub = 'solana_pubkey';
       const recoveryDestination = 'solanaRecoveryAddress123456789012345678901234';