Merge pull request #1006 from LIT-Protocol/feature/jss-141-add-update-function-for-wrapped-keys

Feature/jss 141 add update function for wrapped keys

Author: Ansonhkg

.github/workflows/release-docker-images.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        app: [lit-auth-server, lit-login-server]
+        app: [lit-auth-server, lit-login-server, explorer]
     steps:
       - name: Checkout
         uses: actions/checkout@v4

local-tests/test.ts

@@ -106,6 +106,7 @@ import { testFailImportWrappedKeysWithMaxExpirySessionSig } from './tests/wrappe
 import { testFailImportWrappedKeysWithInvalidSessionSig } from './tests/wrapped-keys/testFailImportWrappedKeysWithInvalidSessionSig';
 import { testFailImportWrappedKeysWithExpiredSessionSig } from './tests/wrapped-keys/testFailImportWrappedKeysWithExpiredSessionSig';
 import { testExportWrappedKey } from './tests/wrapped-keys/testExportWrappedKey';
+import { testUpdateWrappedKey } from './tests/wrapped-keys/testUpdateWrappedKey';
 import { testSignMessageWithSolanaEncryptedKey } from './tests/wrapped-keys/testSignMessageWithSolanaEncryptedKey';
 import { testSignTransactionWithSolanaEncryptedKey } from './tests/wrapped-keys/testSignTransactionWithSolanaEncryptedKey';
 import { testBatchGeneratePrivateKeys } from './tests/wrapped-keys/testBatchGeneratePrivateKeys';
@@ -158,6 +159,7 @@ setLitActionsCodeToLocal();
 
     // -- export wrapped keys
     testExportWrappedKey,
+    testUpdateWrappedKey,
 
     // -- solana wrapped keys
     testSignMessageWithSolanaEncryptedKey,

local-tests/tests/wrapped-keys/testUpdateWrappedKey.ts

@@ -0,0 +1,110 @@
+import { log } from '@lit-protocol/misc';
+import { randomBytes } from 'crypto';
+
+import { api } from '@lit-protocol/wrapped-keys';
+import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
+import { getPkpSessionSigs } from 'local-tests/setup/session-sigs/get-pkp-session-sigs';
+
+const { generatePrivateKey, getEncryptedKey, updateEncryptedKey } = api;
+
+/**
+ * Test Commands:
+ * ✅ NETWORK=datil-dev yarn test:local --filter=testUpdateWrappedKey
+ * ✅ NETWORK=datil-test yarn test:local --filter=testUpdateWrappedKey
+ * ✅ NETWORK=custom yarn test:local --filter=testUpdateWrappedKey
+ */
+export const testUpdateWrappedKey = async (devEnv: TinnyEnvironment) => {
+  const alice = await devEnv.createRandomPerson();
+
+  try {
+    console.log('1. Fetch PKP session sigs');
+    const pkpSessionSigs = await getPkpSessionSigs(
+      devEnv,
+      alice,
+      null,
+      new Date(Date.now() + 1000 * 60 * 10).toISOString()
+    ); // 10 mins expiry
+
+    console.log('2. Generate a wrapped key');
+    const { id, pkpAddress } = await generatePrivateKey({
+      pkpSessionSigs,
+      network: 'evm',
+      litNodeClient: devEnv.litNodeClient,
+      memo: 'Test update key',
+    });
+    console.log({ id, pkpAddress });
+
+    console.log('3. Fetch initial encrypted key (without versions)');
+    const getEncryptedKeyFirst = await getEncryptedKey({
+      pkpSessionSigs,
+      litNodeClient: devEnv.litNodeClient,
+      id,
+    });
+    console.log({ getEncryptedKeyFirst });
+    const newCiphertext1 = randomBytes(48).toString('base64');
+    const newCiphertext2 = randomBytes(48).toString('base64');
+
+    console.log('4. Update encrypted key with new ciphertext/memo');
+    const updateEncryptedKeyFirst = await updateEncryptedKey({
+      pkpSessionSigs,
+      litNodeClient: devEnv.litNodeClient,
+      id,
+      ciphertext: newCiphertext1,
+      memo: 'rotated memo',
+    });
+    console.log({ updateEncryptedKeyFirst });
+
+    if (updateEncryptedKeyFirst.pkpAddress !== pkpAddress) {
+      throw new Error('Updated key pkpAddress mismatch');
+    }
+
+    console.log('5. Second update to generate another version');
+    const updateEncryptedKeySecond = await updateEncryptedKey({
+      pkpSessionSigs,
+      litNodeClient: devEnv.litNodeClient,
+      id,
+      ciphertext: newCiphertext2,
+      memo: 'rotated memo v2',
+    });
+    console.log({ updateEncryptedKeySecond });
+
+    console.log('6. Fetch updated key including versions');
+    const getEncryptedKeyUpdated = await getEncryptedKey({
+      pkpSessionSigs,
+      litNodeClient: devEnv.litNodeClient,
+      id,
+      includeVersions: true,
+    });
+    console.log({ getEncryptedKeyUpdated });
+
+    if (getEncryptedKeyUpdated.ciphertext !== newCiphertext2) {
+      throw new Error('Ciphertext was not updated');
+    }
+    if (
+      !getEncryptedKeyUpdated.versions ||
+      getEncryptedKeyUpdated.versions.length !== 2
+    ) {
+      throw new Error('Versions array missing or incorrect length');
+    }
+    if (
+      getEncryptedKeyUpdated.versions[0].ciphertext !==
+      getEncryptedKeyFirst.ciphertext
+    ) {
+      throw new Error('Initial version ciphertext mismatch');
+    }
+    if (getEncryptedKeyUpdated.versions[1].ciphertext !== newCiphertext1) {
+      throw new Error('First update version ciphertext mismatch');
+    }
+    if (
+      !getEncryptedKeyUpdated.updatedAt ||
+      !getEncryptedKeyUpdated.versions[0].updatedAt ||
+      !getEncryptedKeyUpdated.versions[1].updatedAt
+    ) {
+      throw new Error('updatedAt timestamps not set');
+    }
+
+    log('✅ testUpdateWrappedKey');
+  } finally {
+    devEnv.releasePrivateKeyFromUser(alice);
+  }
+};

packages/wrapped-keys/src/index.ts

@@ -10,6 +10,7 @@ import {
   listEncryptedKeyMetadata,
   batchGeneratePrivateKeys,
   storeEncryptedKeyBatch,
+  updateEncryptedKey,
 } from './lib/api';
 import {
   CHAIN_ETHEREUM,
@@ -54,6 +55,9 @@ import type {
   StoreEncryptedKeyResult,
   ImportPrivateKeyResult,
   StoreEncryptedKeyBatchResult,
+  UpdateEncryptedKeyParams,
+  UpdateEncryptedKeyResult,
+  WrappedKeyVersion,
 } from './lib/types';
 
 export const constants = {
@@ -77,6 +81,7 @@ export const api = {
   storeEncryptedKey,
   storeEncryptedKeyBatch,
   batchGeneratePrivateKeys,
+  updateEncryptedKey,
 };
 
 export const config = {
@@ -112,4 +117,7 @@ export {
   StoredKeyData,
   StoredKeyMetadata,
   SupportedNetworks,
+  UpdateEncryptedKeyParams,
+  UpdateEncryptedKeyResult,
+  WrappedKeyVersion,
 };

packages/wrapped-keys/src/lib/api/get-encrypted-key.ts

@@ -11,7 +11,7 @@ import { GetEncryptedKeyDataParams, StoredKeyData } from '../types';
 export async function getEncryptedKey(
   params: GetEncryptedKeyDataParams
 ): Promise<StoredKeyData> {
-  const { pkpSessionSigs, litNodeClient, id } = params;
+  const { pkpSessionSigs, litNodeClient, id, includeVersions } = params;
 
   const sessionSig = getFirstSessionSig(pkpSessionSigs);
   const pkpAddress = getPkpAddressFromSessionSig(sessionSig);
@@ -21,5 +21,6 @@ export async function getEncryptedKey(
     id,
     sessionSig,
     litNetwork: litNodeClient.config.litNetwork,
+    includeVersions,
   });
 }

packages/wrapped-keys/src/lib/api/index.ts

@@ -9,6 +9,7 @@ import { signTransactionWithEncryptedKey } from './sign-transaction-with-encrypt
 import { signTypedDataWithEncryptedKey } from './sign-typed-data-with-encrypted-key';
 import { storeEncryptedKey } from './store-encrypted-key';
 import { storeEncryptedKeyBatch } from './store-encrypted-key-batch';
+import { updateEncryptedKey } from './update-encrypted-key';
 
 export {
   listEncryptedKeyMetadata,
@@ -22,4 +23,5 @@ export {
   storeEncryptedKeyBatch,
   getEncryptedKey,
   batchGeneratePrivateKeys,
+  updateEncryptedKey,
 };

packages/wrapped-keys/src/lib/api/update-encrypted-key.ts

@@ -0,0 +1,34 @@
+import { updatePrivateKey } from '../service-client';
+import { UpdateEncryptedKeyParams, UpdateEncryptedKeyResult } from '../types';
+import { getFirstSessionSig, getPkpAddressFromSessionSig } from './utils';
+
+/** Update an existing wrapped key and append the previous state to versions.
+ *
+ * @param { UpdateEncryptedKeyParams } params Parameters required to update the encrypted private key
+ * @returns { Promise<UpdateEncryptedKeyResult> } id/pkpAddress/updatedAt on successful update
+ */
+export async function updateEncryptedKey(
+  params: UpdateEncryptedKeyParams
+): Promise<UpdateEncryptedKeyResult> {
+  const {
+    pkpSessionSigs,
+    litNodeClient,
+    id,
+    ciphertext,
+    evmContractConditions,
+    memo,
+  } = params;
+
+  const sessionSig = getFirstSessionSig(pkpSessionSigs);
+  const pkpAddress = getPkpAddressFromSessionSig(sessionSig);
+
+  return updatePrivateKey({
+    pkpAddress,
+    id,
+    sessionSig,
+    ciphertext,
+    evmContractConditions,
+    memo,
+    litNetwork: litNodeClient.config.litNetwork,
+  });
+}

packages/wrapped-keys/src/lib/service-client/client.ts

@@ -3,13 +3,15 @@ import {
   ListKeysParams,
   StoreKeyBatchParams,
   StoreKeyParams,
+  UpdateKeyParams,
 } from './types';
 import { generateRequestId, getBaseRequestParams, makeRequest } from './utils';
 import {
   StoredKeyData,
   StoredKeyMetadata,
   StoreEncryptedKeyBatchResult,
   StoreEncryptedKeyResult,
+  UpdateEncryptedKeyResult,
 } from '../types';
 
 /** Fetches previously stored private key metadata from the wrapped keys service.
@@ -48,7 +50,7 @@ export async function listPrivateKeyMetadata(
 export async function fetchPrivateKey(
   params: FetchKeyParams
 ): Promise<StoredKeyData> {
-  const { litNetwork, sessionSig, id, pkpAddress } = params;
+  const { litNetwork, sessionSig, id, pkpAddress, includeVersions } = params;
 
   const requestId = generateRequestId();
   const { baseUrl, initParams } = getBaseRequestParams({
@@ -58,8 +60,9 @@ export async function fetchPrivateKey(
     requestId,
   });
 
+  const query = includeVersions ? '?includeVersions=true' : '';
   return makeRequest<StoredKeyData>({
-    url: `${baseUrl}/${pkpAddress}/${id}`,
+    url: `${baseUrl}/${pkpAddress}/${id}${query}`,
     init: initParams,
     requestId,
   });
@@ -124,3 +127,45 @@ export async function storePrivateKeyBatch(
 
   return { pkpAddress, ids };
 }
+
+/** Updates an existing wrapped key and appends prior state to versions.
+ *
+ * @param { UpdateKeyParams } params Parameters required to update the private key metadata
+ * @returns { Promise<UpdateEncryptedKeyResult> } id/pkpAddress/updatedAt on successful update
+ */
+export async function updatePrivateKey(
+  params: UpdateKeyParams
+): Promise<UpdateEncryptedKeyResult> {
+  const {
+    litNetwork,
+    sessionSig,
+    pkpAddress,
+    id,
+    ciphertext,
+    evmContractConditions,
+    memo,
+  } = params;
+
+  const requestId = generateRequestId();
+  const { baseUrl, initParams } = getBaseRequestParams({
+    litNetwork,
+    sessionSig,
+    method: 'PUT',
+    requestId,
+  });
+
+  return makeRequest<UpdateEncryptedKeyResult>({
+    url: `${baseUrl}/${pkpAddress}/${id}`,
+    init: {
+      ...initParams,
+      body: JSON.stringify({
+        ciphertext,
+        ...(evmContractConditions !== undefined
+          ? { evmContractConditions }
+          : {}),
+        ...(memo !== undefined ? { memo } : {}),
+      }),
+    },
+    requestId,
+  });
+}

packages/wrapped-keys/src/lib/service-client/index.ts

@@ -3,11 +3,13 @@ import {
   storePrivateKey,
   storePrivateKeyBatch,
   listPrivateKeyMetadata,
+  updatePrivateKey,
 } from './client';
 
 export {
   fetchPrivateKey,
   storePrivateKey,
   storePrivateKeyBatch,
   listPrivateKeyMetadata,
+  updatePrivateKey,
 };

packages/wrapped-keys/src/lib/service-client/types.ts

@@ -11,6 +11,7 @@ interface BaseApiParams {
 export type FetchKeyParams = BaseApiParams & {
   pkpAddress: string;
   id: string;
+  includeVersions?: boolean;
 };
 
 export type ListKeysParams = BaseApiParams & { pkpAddress: string };
@@ -34,9 +35,17 @@ export interface StoreKeyBatchParams extends BaseApiParams {
   >[];
 }
 
+export interface UpdateKeyParams extends BaseApiParams {
+  pkpAddress: string;
+  id: string;
+  ciphertext: string;
+  evmContractConditions?: string;
+  memo?: string;
+}
+
 export interface BaseRequestParams {
   sessionSig: AuthSig;
-  method: 'GET' | 'POST';
+  method: 'GET' | 'POST' | 'PUT';
   litNetwork: LIT_NETWORKS_KEYS;
   requestId: string;
 }