chore(deps): upgrade jose to v4.x

Primary Changes --------------- 1. Upgraded Jose vesion from 1.28.1 to 4.1.0 2. Upgraded code and test cases to incorporate the same Resolves #1231 Signed-off-by: jagpreetsinghsasan <jagpreet.singh.sasan@accenture.com>
hyperledger-cacti · Dec 6, 2021 · 7d31a39 · 7d31a39
1 parent e468a3c
commit 7d31a39
Show file tree

Hide file tree

Showing 53 changed files with 358 additions and 300 deletions.
diff --git a/examples/cactus-example-carbon-accounting-backend/package.json b/examples/cactus-example-carbon-accounting-backend/package.json
@@ -97,6 +97,6 @@
     "@types/uuid": "8.3.1",
     "hardhat": "2.6.0",
     "http-status-codes": "2.1.4",
-    "jose": "1.28.1"
+    "jose": "4.1.0"
   }
 }
diff --git a/...cactus-example-carbon-accounting-backend/src/main/typescript/carbon-accounting-app-cli.ts b/...cactus-example-carbon-accounting-backend/src/main/typescript/carbon-accounting-app-cli.ts
@@ -9,7 +9,7 @@ import {
 
 export async function launchApp(): Promise<void> {
   const configService = new ConfigService();
-  const config = configService.getOrCreate();
+  const config = await configService.getOrCreate();
   const serverOptions = config.getProperties();
   LoggerProvider.setLogLevel(serverOptions.logLevel);
 

diff --git a/...les/cactus-example-carbon-accounting-backend/src/main/typescript/carbon-accounting-app.ts b/...les/cactus-example-carbon-accounting-backend/src/main/typescript/carbon-accounting-app.ts
@@ -223,7 +223,7 @@ export class CarbonAccountingApp {
       config = this.options.apiServerOptions;
     } else {
       const configService = new ConfigService();
-      const convictConfig = configService.getOrCreate();
+      const convictConfig = await configService.getOrCreate();
       config = convictConfig.getProperties();
       config.plugins = [];
       config.configFile = "";

diff --git a/...arbon-accounting-backend/src/test/typescript/integration/admin-enroll-v1-endpoint.test.ts b/...arbon-accounting-backend/src/test/typescript/integration/admin-enroll-v1-endpoint.test.ts
@@ -3,8 +3,15 @@ import { AddressInfo } from "net";
 import test, { Test } from "tape-promise/tape";
 import expressJwt from "express-jwt";
 import { v4 as uuidv4 } from "uuid";
-import { JWK, JWT } from "jose";
+import {
+  generateKeyPair,
+  exportSPKI,
+  GeneralSign,
+  generalVerify,
+  SignJWT,
+} from "jose";
 import { StatusCodes } from "http-status-codes";
+import jsonStableStringify from "json-stable-stringify";
 
 import {
   AuthorizationProtocol,
@@ -47,8 +54,8 @@ test("BEFORE " + testCase, async (t: Test) => {
 // FIXME: Restore this once Fabric fixed their typescript definitions:
 // https://github.com/hyperledger/fabric-chaincode-node/issues/292
 test.skip(testCase, async (t: Test) => {
-  const jwtKeyPair = await JWK.generate("RSA", 4096);
-  const jwtPublicKey = jwtKeyPair.toPEM(false);
+  const jwtKeyPair = await generateKeyPair("RS256", { modulusLength: 4096 });
+  const jwtPublicKey = await exportSPKI(jwtKeyPair.publicKey);
   const expressJwtOptions: expressJwt.Options = {
     algorithms: ["RS256"],
     secret: jwtPublicKey,
@@ -76,7 +83,7 @@ test.skip(testCase, async (t: Test) => {
   };
 
   const configService = new ConfigService();
-  const apiSrvOpts = configService.newExampleConfig();
+  const apiSrvOpts = await configService.newExampleConfig();
   apiSrvOpts.authorizationProtocol = AuthorizationProtocol.JSON_WEB_TOKEN;
   apiSrvOpts.authorizationConfigJson = authorizationConfig;
   apiSrvOpts.configFile = "";
@@ -86,7 +93,7 @@ test.skip(testCase, async (t: Test) => {
   apiSrvOpts.grpcPort = 0;
   apiSrvOpts.apiTlsEnabled = false;
   apiSrvOpts.plugins = [];
-  const convictConfig = configService.newExampleConfigConvict(apiSrvOpts);
+  const convictConfig = await configService.newExampleConfigConvict(apiSrvOpts);
   const apiServerOptions = convictConfig.getProperties();
 
   const appOptions: ICarbonAccountingAppOptions = {
@@ -114,13 +121,25 @@ test.skip(testCase, async (t: Test) => {
     name: "Peter",
     scope: [AuthzScope.GroupAdmin],
   };
-  const jwtSignOptions: JWT.SignOptions = {
-    algorithm: "RS256",
+  const jwtPayloadString = jsonStableStringify(jwtPayload);
+  const encoder = new TextEncoder();
+  const sign = new GeneralSign(encoder.encode(jwtPayloadString));
+  sign.addSignature(jwtKeyPair.privateKey).setProtectedHeader({
+    alg: "RS256",
+    issuer: expressJwtOptions.issuer,
+    audience: expressJwtOptions.audience,
+  });
+  const tokenWithScope = await sign.sign();
+  const jwtSignOptions = {
+    algorithms: ["RS256"],
     issuer: expressJwtOptions.issuer,
     audience: expressJwtOptions.audience,
   };
-  const tokenWithScope = JWT.sign(jwtPayload, jwtKeyPair, jwtSignOptions);
-  const verification = JWT.verify(tokenWithScope, jwtKeyPair, jwtSignOptions);
+  const verification = await generalVerify(
+    tokenWithScope,
+    jwtKeyPair.publicKey,
+    jwtSignOptions,
+  );
   t.ok(verification, "JWT with scope verification truthy OK");
 
   const configTokenWithScope = new Configuration({
@@ -141,7 +160,11 @@ test.skip(testCase, async (t: Test) => {
   t.true(res.status >= 200, "enrollAdminV1 status >= 200 OK");
   t.true(res.status < 300, "enrollAdminV1 status < 300 200 OK");
 
-  const tokenNoScope = JWT.sign({ scope: [] }, jwtKeyPair, jwtSignOptions);
+  const tokenNoScope = await new SignJWT({ scope: [] })
+    .setProtectedHeader({ alg: "RS256" })
+    .setIssuer(jwtSignOptions.issuer)
+    .setAudience(jwtSignOptions.audience)
+    .sign(jwtKeyPair.privateKey);
 
   const configTokenWithoutScope = new Configuration({
     basePath: apiBaseUrl,

diff --git a/examples/cactus-example-supply-chain-backend/package.json b/examples/cactus-example-supply-chain-backend/package.json
@@ -77,7 +77,7 @@
     "axios": "0.21.4",
     "express": "4.17.1",
     "fabric-network": "2.2.10",
-    "jose": "1.28.1",
+    "jose": "4.1.0",
     "openapi-types": "9.1.0",
     "solc": "0.8.6",
     "typescript-optional": "2.0.1",

diff --git a/examples/cactus-example-supply-chain-backend/src/main/typescript/supply-chain-app-cli.ts b/examples/cactus-example-supply-chain-backend/src/main/typescript/supply-chain-app-cli.ts
@@ -9,7 +9,7 @@ export async function launchApp(
   args?: string[],
 ): Promise<void> {
   const configService = new ConfigService();
-  const config = configService.getOrCreate({ args, env });
+  const config = await configService.getOrCreate({ args, env });
   const serverOptions = config.getProperties();
   LoggerProvider.setLogLevel(serverOptions.logLevel);
 

diff --git a/examples/cactus-example-supply-chain-backend/src/main/typescript/supply-chain-app.ts b/examples/cactus-example-supply-chain-backend/src/main/typescript/supply-chain-app.ts
@@ -1,7 +1,7 @@
 import { AddressInfo } from "net";
 import { Server } from "http";
 
-import { JWK } from "jose";
+import { exportPKCS8, generateKeyPair, KeyLike, exportSPKI } from "jose";
 import { v4 as uuidv4 } from "uuid";
 import exitHook, { IAsyncExitHookDoneCallback } from "async-exit-hook";
 
@@ -182,22 +182,22 @@ export class SupplyChainApp {
     const quorumApiClient = new QuorumApi(quorumConfig);
     const fabricApiClient = new FabricApi(fabricConfig);
 
-    const keyPairA = await JWK.generate("EC", "secp256k1");
-    const keyPairPemA = keyPairA.toPEM(true);
+    const keyPairA = await generateKeyPair("ES256K");
+    const keyPairPemA = await exportPKCS8(keyPairA.privateKey);
 
-    const keyPairB = await JWK.generate("EC", "secp256k1");
-    const keyPairPemB = keyPairB.toPEM(true);
+    const keyPairB = await generateKeyPair("ES256K");
+    const keyPairPemB = await exportPKCS8(keyPairB.privateKey);
 
-    const keyPairC = await JWK.generate("EC", "secp256k1");
-    const keyPairPemC = keyPairC.toPEM(true);
+    const keyPairC = await generateKeyPair("ES256K");
+    const keyPairPemC = await exportPKCS8(keyPairC.privateKey);
 
-    const consortiumDatabase = this.createConsortium(
+    const consortiumDatabase = await this.createConsortium(
       httpApiA,
       httpApiB,
       httpApiC,
-      keyPairA,
-      keyPairB,
-      keyPairC,
+      keyPairA.publicKey,
+      keyPairB.publicKey,
+      keyPairC.publicKey,
     );
     const consortiumPrettyJson = JSON.stringify(consortiumDatabase, null, 4);
     this.log.info(`Created Consortium definition: %o`, consortiumPrettyJson);
@@ -362,14 +362,14 @@ export class SupplyChainApp {
     this.shutdownHooks.push(hook);
   }
 
-  public createConsortium(
+  public async createConsortium(
     serverA: Server,
     serverB: Server,
     serverC: Server,
-    keyPairA: JWK.ECKey,
-    keyPairB: JWK.ECKey,
-    keyPairC: JWK.ECKey,
-  ): ConsortiumDatabase {
+    keyPairA: KeyLike,
+    keyPairB: KeyLike,
+    keyPairC: KeyLike,
+  ): Promise<ConsortiumDatabase> {
     const consortiumName = "Example Supply Chain Consortium";
     const consortiumId = uuidv4();
 
@@ -378,10 +378,11 @@ export class SupplyChainApp {
     const addressInfoA = serverA.address() as AddressInfo;
     const nodeApiHostA = `http://localhost:${addressInfoA.port}`;
 
+    const publickKeyPemA = await exportSPKI(keyPairA);
     const cactusNodeA: CactusNode = {
       nodeApiHost: nodeApiHostA,
       memberId: memberIdA,
-      publicKeyPem: keyPairA.toPEM(false),
+      publicKeyPem: publickKeyPemA,
       consortiumId,
       id: nodeIdA,
       pluginInstanceIds: [],
@@ -405,10 +406,11 @@ export class SupplyChainApp {
     const addressInfoB = serverB.address() as AddressInfo;
     const nodeApiHostB = `http://localhost:${addressInfoB.port}`;
 
+    const publickKeyPemB = await exportSPKI(keyPairB);
     const cactusNodeB: CactusNode = {
       nodeApiHost: nodeApiHostB,
       memberId: memberIdB,
-      publicKeyPem: keyPairB.toPEM(false),
+      publicKeyPem: publickKeyPemB,
       consortiumId,
       id: nodeIdB,
       pluginInstanceIds: [],
@@ -433,10 +435,11 @@ export class SupplyChainApp {
     const addressInfoC = serverC.address() as AddressInfo;
     const nodeApiHostC = `http://localhost:${addressInfoC.port}`;
 
+    const publickKeyPemC = await exportSPKI(keyPairC);
     const cactusNodeC: CactusNode = {
       nodeApiHost: nodeApiHostC,
       memberId: memberIdC,
-      publicKeyPem: keyPairC.toPEM(false),
+      publicKeyPem: publickKeyPemC,
       consortiumId,
       id: nodeIdC,
       pluginInstanceIds: [],
@@ -483,7 +486,7 @@ export class SupplyChainApp {
     const addressInfoCockpit = httpServerCockpit.address() as AddressInfo;
 
     const configService = new ConfigService();
-    const config = configService.getOrCreate();
+    const config = await configService.getOrCreate();
     const properties = config.getProperties();
 
     properties.plugins = [];

diff --git a/...pply-chain-backend/src/test/typescript/integration/supply-chain-backend-api-calls.test.ts b/...pply-chain-backend/src/test/typescript/integration/supply-chain-backend-api-calls.test.ts
@@ -27,7 +27,7 @@ test.skip("Supply chain backend API calls can be executed", async (t: Test) => {
   const configService = new ConfigService();
   t.ok(configService, "Instantiated ConfigService truthy OK");
 
-  const exampleConfig = configService.newExampleConfig();
+  const exampleConfig = await configService.newExampleConfig();
   t.ok(exampleConfig, "configService.newExampleConfig() truthy OK");
 
   // TODO: Investigate the explanation for this when we have more time, for
@@ -45,12 +45,16 @@ test.skip("Supply chain backend API calls can be executed", async (t: Test) => {
   ) as unknown) as IAuthorizationConfig;
   exampleConfig.authorizationProtocol = AuthorizationProtocol.NONE;
 
-  const convictConfig = configService.newExampleConfigConvict(exampleConfig);
+  const convictConfig = await configService.newExampleConfigConvict(
+    exampleConfig,
+  );
   t.ok(convictConfig, "configService.newExampleConfigConvict() truthy OK");
 
-  const env = configService.newExampleConfigEnv(convictConfig.getProperties());
+  const env = await configService.newExampleConfigEnv(
+    convictConfig.getProperties(),
+  );
 
-  const config = configService.getOrCreate({ env });
+  const config = await configService.getOrCreate({ env });
   const apiSrvOpts = config.getProperties();
   const { logLevel } = apiSrvOpts;
 

diff --git a/packages/cactus-cmd-api-server/README.md b/packages/cactus-cmd-api-server/README.md
@@ -67,7 +67,7 @@ const log: Logger = LoggerProvider.getOrCreate({
 
 const main = async () => {
   const configService = new ConfigService();
-  const config = configService.getOrCreate();
+  const config = await configService.getOrCreate();
   const serverOptions = config.getProperties();
 
   LoggerProvider.setLogLevel(serverOptions.logLevel);
@@ -110,7 +110,7 @@ import { Logger, LoggerProvider } from "@hyperledger/cactus-common";
 const main = async () => {
 
   const configService = new ConfigService();
-  const apiServerOptions = configService.newExampleConfig();
+  const apiServerOptions = await configService.newExampleConfig();
   // If there is no configuration file on the file system, just set it to empty string
   apiServerOptions.configFile = "";
   // Enable CORS for
@@ -142,7 +142,7 @@ const main = async () => {
       },
     },
   ];
-  const config = configService.newExampleConfigConvict(apiServerOptions);
+  const config = await configService.newExampleConfigConvict(apiServerOptions);
 
   const apiServer = new ApiServer({
     config: config.getProperties(),

diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json
@@ -92,7 +92,7 @@
     "express-openapi-validator": "4.12.12",
     "fs-extra": "10.0.0",
     "google-protobuf": "3.18.0-rc.2",
-    "jose": "1.28.1",
+    "jose": "4.1.0",
     "lmify": "0.3.0",
     "node-forge": "0.10.0",
     "prom-client": "13.2.0",

diff --git a/packages/cactus-cmd-api-server/src/main/typescript/cmd/cactus-api.ts b/packages/cactus-cmd-api-server/src/main/typescript/cmd/cactus-api.ts
@@ -11,7 +11,7 @@ const log: Logger = LoggerProvider.getOrCreate({
 
 const main = async () => {
   const configService = new ConfigService();
-  const config = configService.getOrCreate();
+  const config = await configService.getOrCreate();
   const serverOptions = config.getProperties();
 
   LoggerProvider.setLogLevel(serverOptions.logLevel);