Merge pull request #8803 from BitGo/WCN-217

feat(sdk-core): added OFC BitGo signing on wallet and coins object

Author: alextse-bg

modules/sdk-core/src/bitgo/trading/iTradingAccount.ts

@@ -18,6 +18,7 @@ export interface SignPayloadParameters {
 
 export interface ITradingAccount {
   readonly id: string;
+  readonly userKeySigningRequired: boolean;
   signPayload(params: SignPayloadParameters): Promise<string>;
   toNetwork(): ITradingNetwork;
 }

modules/sdk-core/src/bitgo/trading/tradingAccount.ts

@@ -11,11 +11,16 @@ export class TradingAccount implements ITradingAccount {
   private readonly enterpriseId: string;
 
   public wallet: IWallet;
+  public readonly userKeySigningRequired: boolean;
 
   constructor(enterpriseId: string, wallet: IWallet, bitgo: BitGoBase) {
     this.enterpriseId = enterpriseId;
     this.wallet = wallet;
     this.bitgo = bitgo;
+
+    const walletData = this.wallet.toJSON();
+    this.userKeySigningRequired =
+      walletData.coinSpecific?.userKeySigningRequired ?? walletData.userKeySigningRequired ?? true;
   }
 
   get id(): string {
@@ -48,10 +53,9 @@ export class TradingAccount implements ITradingAccount {
     params: Omit<SignPayloadParameters, 'walletPassphrase' | 'prv'>
   ): Promise<string> {
     const walletData = this.wallet.toJSON();
-    const userKeySigningRequired = walletData.coinSpecific?.userKeySigningRequired ?? walletData.userKeySigningRequired;
-    if (userKeySigningRequired) {
+    if (this.userKeySigningRequired) {
       throw new Error(
-        'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase or visit your wallet settings page to configure one.'
+        'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase, the private key, or visit your wallet settings page to configure one.'
       );
     }
     if (walletData.keys.length < 2) {

modules/sdk-core/src/bitgo/wallet/wallet.ts

@@ -2137,7 +2137,7 @@ export class Wallet implements IWallet {
    * @param params
    * - txPrebuild
    * - [keychain / key] (object) or prv (string)
-   * - walletPassphrase
+   * - walletPassphrase (optional ONLY for OFC wallets with userKeySigningRequired = false)
    * - verifyTxParams (optional) - when provided, the transaction will be verified before signing
    *   - txParams: transaction parameters used for verification
    *   - verification: optional verification options
@@ -2264,6 +2264,17 @@ export class Wallet implements IWallet {
       };
       return params.customSigningFunction(signTransactionParamsWithSeed);
     }
+
+    if (this.baseCoin.getFamily() === 'ofc') {
+      const userKeySigningRequired = this.toTradingAccount().userKeySigningRequired;
+      const prv = userKeySigningRequired ? await this.getUserPrvAsync(presign as GetUserPrvOptions) : undefined;
+      return this.baseCoin.signTransaction({
+        ...signTransactionParams,
+        prv,
+        wallet: this,
+      });
+    }
+
     return this.baseCoin.signTransaction({
       ...signTransactionParams,
       prv: await this.getUserPrvAsync(presign as GetUserPrvOptions),

modules/sdk-core/src/coins/ofc.ts

@@ -15,6 +15,7 @@ import {
   SignTransactionOptions,
   VerifyAddressOptions,
   VerifyTransactionOptions,
+  Wallet,
 } from '../';
 
 export class Ofc extends BaseCoin {
@@ -104,6 +105,26 @@ export class Ofc extends BaseCoin {
     throw new MethodNotImplementedError();
   }
 
+  /**
+   * Signs a message using a trading wallet's BitGo Key
+   * @param wallet - uses the BitGo key of this trading wallet to sign the message remotely in a KMS
+   * @param message
+   */
+  async signMessage(wallet: Wallet, message: string): Promise<Buffer>;
+  /**
+   * Signs a message using the private key
+   * @param key - uses the private key to sign the message
+   * @param message
+   */
+  async signMessage(key: { prv: string }, message: string): Promise<Buffer>;
+  async signMessage(keyOrWallet: { prv: string } | Wallet, message: string): Promise<Buffer> {
+    if (!(keyOrWallet instanceof Wallet)) {
+      return super.signMessage(keyOrWallet, message);
+    }
+    const signatureHexString = await keyOrWallet.toTradingAccount().signPayload({ payload: message });
+    return Buffer.from(signatureHexString, 'hex');
+  }
+
   /** @inheritDoc */
   auditDecryptedKey(params: AuditDecryptedKeyParams) {
     throw new MethodNotImplementedError();

modules/sdk-core/src/coins/ofcToken.ts

@@ -9,17 +9,25 @@ import {
   SignTransactionOptions as BaseSignTransactionOptions,
   SignedTransaction,
   ITransactionRecipient,
+  IWallet,
 } from '../';
 import { isBolt11Invoice } from '../lightning';
 
 import { Ofc } from './ofc';
 
-export interface SignTransactionOptions extends BaseSignTransactionOptions {
-  txPrebuild: {
-    payload: string;
-  };
+type OfcAllowRemoteSignOptions = BaseSignTransactionOptions & {
+  txPrebuild: { payload: string };
+  wallet: IWallet;
+  prv?: string; // optional: forwarded to signPayload if present
+};
+
+type OfcLocalSignOptions = BaseSignTransactionOptions & {
+  txPrebuild: { payload: string };
   prv: string;
-}
+  wallet?: never; // excludes wallet from this branch
+};
+
+export type SignTransactionOptions = OfcAllowRemoteSignOptions | OfcLocalSignOptions;
 
 export { OfcTokenConfig };
 
@@ -107,15 +115,30 @@ export class OfcToken extends Ofc {
   }
 
   /**
-   * Assemble keychain and half-sign prebuilt transaction
+   * Signs a half-signed OFC transaction.
+   * Signs the transaction remotely using the BitGo key if prv is not provided.
    * @param params
    * @returns {Promise<SignedTransaction>}
    */
   async signTransaction(params: SignTransactionOptions): Promise<SignedTransaction> {
     const txPrebuild = params.txPrebuild;
     const payload = txPrebuild.payload;
-    const signatureBuffer = (await this.signMessage(params, payload)) as any;
-    const signature: string = signatureBuffer.toString('hex');
+
+    let signature: string;
+    if (params.wallet) {
+      const tradingAccount = params.wallet.toTradingAccount();
+      if (!params.prv && tradingAccount.userKeySigningRequired) {
+        throw new Error(
+          'Wallet must use user key to sign ofc transaction, please provide the private key or visit your wallet settings page to configure one.'
+        );
+      }
+      signature = await tradingAccount.signPayload({ payload, prv: params.prv });
+    } else if (params.prv) {
+      signature = (await this.signMessage({ prv: params.prv }, payload)).toString('hex');
+    } else {
+      throw new Error('You must pass in either one of wallet or prv');
+    }
+
     return { halfSigned: { payload, signature } } as any;
   }
 

modules/sdk-core/test/unit/bitgo/trading/tradingAccount.ts

@@ -7,8 +7,10 @@ import { TradingAccount } from '../../../../src/bitgo/trading/tradingAccount';
 
 describe('TradingAccount', function () {
   let tradingAccount: TradingAccount;
+  let userKeyRequiredTradingAccount: TradingAccount;
   let mockBitGo: any;
   let mockWallet: any;
+  let mockUserKeyRequiredWallet: any;
   let mockBaseCoin: any;
   let sendStub: sinon.SinonStub;
 
@@ -54,13 +56,27 @@ describe('TradingAccount', function () {
       toJSON: sinon.stub().returns({
         id: 'test-wallet-id',
         keys: ['user-key-id', 'backup-key-id', 'bitgo-key-id'],
-        coinSpecific: {},
+        coinSpecific: {
+          userKeySigningRequired: false,
+        },
       }),
       baseCoin: mockBaseCoin,
       bitgo: mockBitGo,
     };
 
+    mockUserKeyRequiredWallet = {
+      ...mockWallet,
+      toJSON: sinon.stub().returns({
+        id: 'test-wallet-id',
+        keys: ['user-key-id', 'backup-key-id', 'bitgo-key-id'],
+        coinSpecific: {
+          userKeySigningRequired: true,
+        },
+      }),
+    };
+
     tradingAccount = new TradingAccount(enterpriseId, mockWallet, mockBitGo);
+    userKeyRequiredTradingAccount = new TradingAccount(enterpriseId, mockUserKeyRequiredWallet, mockBitGo);
   });
 
   afterEach(function () {
@@ -85,7 +101,6 @@ describe('TradingAccount', function () {
       it('should sign using the BitGo key remotely when no passphrase is provided', async function () {
         const result = await tradingAccount.signPayload({ payload });
 
-        mockWallet.toJSON.calledOnce.should.be.true();
         mockBitGo.post.calledOnce.should.be.true();
         sendStub.calledWith({ payload: JSON.stringify(payload) }).should.be.true();
         result.should.equal(signature);
@@ -98,31 +113,18 @@ describe('TradingAccount', function () {
       });
 
       it('should throw if coinSpecific.userKeySigningRequired is true and no passphrase and prv are provided', async function () {
-        mockWallet.toJSON.onCall(mockWallet.toJSON.callCount).returns({
-          id: 'test-wallet-id',
-          keys: ['user-key-id', 'backup-key-id', 'bitgo-key-id'],
-          coinSpecific: { userKeySigningRequired: true },
-        });
-
-        await tradingAccount
+        await userKeyRequiredTradingAccount
           .signPayload({ payload })
           .should.be.rejectedWith(
-            'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase or visit your wallet settings page to configure one.'
+            'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase, the private key, or visit your wallet settings page to configure one.'
           );
       });
 
       it('should fall back to top-level userKeySigningRequired when coinSpecific does not carry it', async function () {
-        mockWallet.toJSON.onCall(mockWallet.toJSON.callCount).returns({
-          id: 'test-wallet-id',
-          keys: ['user-key-id', 'backup-key-id', 'bitgo-key-id'],
-          coinSpecific: {},
-          userKeySigningRequired: true,
-        });
-
-        await tradingAccount
+        await userKeyRequiredTradingAccount
           .signPayload({ payload })
           .should.be.rejectedWith(
-            'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase or visit your wallet settings page to configure one.'
+            'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase, the private key, or visit your wallet settings page to configure one.'
           );
       });