@solana/keychain-aws-kms 0.2.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/aws-kms-signer.integration.test.d.ts +2 -0
- package/dist/__tests__/aws-kms-signer.integration.test.d.ts.map +1 -0
- package/dist/__tests__/aws-kms-signer.integration.test.js +50 -0
- package/dist/__tests__/aws-kms-signer.integration.test.js.map +1 -0
- package/package.json +10 -8
- package/src/__tests__/aws-kms-signer.integration.test.ts +83 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws-kms-signer.integration.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/aws-kms-signer.integration.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { appendTransactionMessageInstructions, createSolanaRpc, createTransactionMessage, pipe, setTransactionMessageFeePayerSigner, setTransactionMessageLifetimeUsingBlockhash, signTransactionMessageWithSigners, } from '@solana/kit';
|
|
2
|
+
import { getAddMemoInstruction } from '@solana-program/memo';
|
|
3
|
+
import { config } from 'dotenv';
|
|
4
|
+
import { describe, expect, it } from 'vitest';
|
|
5
|
+
import { AwsKmsSigner } from '../aws-kms-signer.js';
|
|
6
|
+
config();
|
|
7
|
+
const REQUIRED_ENV_VARS = ['AWS_KMS_KEY_ID', 'AWS_KMS_SIGNER_PUBKEY'];
|
|
8
|
+
function hasRequiredEnvVars() {
|
|
9
|
+
return REQUIRED_ENV_VARS.every(v => process.env[v]);
|
|
10
|
+
}
|
|
11
|
+
function createAwsKmsSigner() {
|
|
12
|
+
return new AwsKmsSigner({
|
|
13
|
+
keyId: process.env.AWS_KMS_KEY_ID,
|
|
14
|
+
publicKey: process.env.AWS_KMS_SIGNER_PUBKEY,
|
|
15
|
+
region: process.env.AWS_KMS_REGION,
|
|
16
|
+
});
|
|
17
|
+
}
|
|
18
|
+
describe('AwsKmsSigner Integration', () => {
|
|
19
|
+
it.skipIf(!hasRequiredEnvVars())('signs transactions with AWS KMS', async () => {
|
|
20
|
+
const signer = createAwsKmsSigner();
|
|
21
|
+
const rpcUrl = process.env.SOLANA_RPC_URL ?? 'https://api.devnet.solana.com';
|
|
22
|
+
// Get real blockhash from devnet
|
|
23
|
+
const rpc = createSolanaRpc(rpcUrl);
|
|
24
|
+
const { value: { blockhash, lastValidBlockHeight }, } = await rpc.getLatestBlockhash().send();
|
|
25
|
+
// Create memo transaction (doesn't need funds)
|
|
26
|
+
const transaction = pipe(createTransactionMessage({ version: 0 }), tx => setTransactionMessageFeePayerSigner(signer, tx), tx => appendTransactionMessageInstructions([getAddMemoInstruction({ memo: 'AWS KMS test' })], tx), tx => setTransactionMessageLifetimeUsingBlockhash({ blockhash, lastValidBlockHeight }, tx));
|
|
27
|
+
// Sign via AWS KMS
|
|
28
|
+
const signed = await signTransactionMessageWithSigners(transaction);
|
|
29
|
+
// Verify signature returned
|
|
30
|
+
expect(signed.signatures[signer.address]).toBeDefined();
|
|
31
|
+
expect(signed.signatures[signer.address]?.length).toBe(64);
|
|
32
|
+
}, 60000); // 1 minute timeout
|
|
33
|
+
it.skipIf(!hasRequiredEnvVars())('signs messages', async () => {
|
|
34
|
+
const signer = createAwsKmsSigner();
|
|
35
|
+
const message = {
|
|
36
|
+
content: new Uint8Array([1, 2, 3, 4, 5]),
|
|
37
|
+
signatures: {},
|
|
38
|
+
};
|
|
39
|
+
const result = await signer.signMessages([message]);
|
|
40
|
+
expect(result).toHaveLength(1);
|
|
41
|
+
expect(result[0]?.[signer.address]).toBeDefined();
|
|
42
|
+
expect(result[0]?.[signer.address]?.length).toBe(64);
|
|
43
|
+
});
|
|
44
|
+
it.skipIf(!hasRequiredEnvVars())('checks availability', async () => {
|
|
45
|
+
const signer = createAwsKmsSigner();
|
|
46
|
+
const available = await signer.isAvailable();
|
|
47
|
+
expect(available).toBe(true);
|
|
48
|
+
});
|
|
49
|
+
});
|
|
50
|
+
//# sourceMappingURL=aws-kms-signer.integration.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws-kms-signer.integration.test.js","sourceRoot":"","sources":["../../src/__tests__/aws-kms-signer.integration.test.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,oCAAoC,EACpC,eAAe,EACf,wBAAwB,EACxB,IAAI,EACJ,mCAAmC,EACnC,2CAA2C,EAC3C,iCAAiC,GACpC,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,MAAM,EAAE,CAAC;AAET,MAAM,iBAAiB,GAAG,CAAC,gBAAgB,EAAE,uBAAuB,CAAC,CAAC;AAEtE,SAAS,kBAAkB;IACvB,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,kBAAkB;IACvB,OAAO,IAAI,YAAY,CAAC;QACpB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,cAAe;QAClC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAsB;QAC7C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc;KACrC,CAAC,CAAC;AACP,CAAC;AAED,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,CAAC,CAC5B,iCAAiC,EACjC,KAAK,IAAI,EAAE;QACP,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,+BAA+B,CAAC;QAE7E,iCAAiC;QACjC,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,EACF,KAAK,EAAE,EAAE,SAAS,EAAE,oBAAoB,EAAE,GAC7C,GAAG,MAAM,GAAG,CAAC,kBAAkB,EAAE,CAAC,IAAI,EAAE,CAAC;QAE1C,+CAA+C;QAC/C,MAAM,WAAW,GAAG,IAAI,CACpB,wBAAwB,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EACxC,EAAE,CAAC,EAAE,CAAC,mCAAmC,CAAC,MAAM,EAAE,EAAE,CAAC,EACrD,EAAE,CAAC,EAAE,CAAC,oCAAoC,CAAC,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EACjG,EAAE,CAAC,EAAE,CAAC,2CAA2C,CAAC,EAAE,SAAS,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC,CAC7F,CAAC;QAEF,mBAAmB;QACnB,MAAM,MAAM,GAAG,MAAM,iCAAiC,CAAC,WAAW,CAAC,CAAC;QAEpE,4BAA4B;QAC5B,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC,EACD,KAAM,CACT,CAAC,CAAC,mBAAmB;IAEtB,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,CAAC,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;QAEpC,MAAM,OAAO,GAAG;YACZ,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YACxC,UAAU,EAAE,EAAE;SACjB,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAEpD,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,CAAC,CAAC,qBAAqB,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@solana/keychain-aws-kms",
|
|
3
3
|
"author": "Solana Foundation",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.4.0",
|
|
5
5
|
"description": "AWS KMS-based signer for Solana transactions using EdDSA (Ed25519)",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"repository": "https://github.com/solana-foundation/solana-keychain",
|
|
@@ -30,16 +30,18 @@
|
|
|
30
30
|
],
|
|
31
31
|
"dependencies": {
|
|
32
32
|
"@aws-sdk/client-kms": "^3.700.0",
|
|
33
|
-
"@solana/addresses": "^
|
|
34
|
-
"@solana/codecs-strings": "^
|
|
35
|
-
"@solana/keys": "^
|
|
36
|
-
"@solana/signers": "^
|
|
37
|
-
"@solana/transactions": "^
|
|
38
|
-
"@solana/keychain-core": "0.
|
|
33
|
+
"@solana/addresses": "^6.0.1",
|
|
34
|
+
"@solana/codecs-strings": "^6.0.1",
|
|
35
|
+
"@solana/keys": "^6.0.1",
|
|
36
|
+
"@solana/signers": "^6.0.1",
|
|
37
|
+
"@solana/transactions": "^6.0.1",
|
|
38
|
+
"@solana/keychain-core": "0.4.0"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|
|
41
|
+
"@solana-program/memo": "^0.11.0",
|
|
42
|
+
"@solana/kit": "^6.0.1",
|
|
41
43
|
"dotenv": "^17.2.3",
|
|
42
|
-
"@solana/keychain-test-utils": "0.
|
|
44
|
+
"@solana/keychain-test-utils": "0.4.0"
|
|
43
45
|
},
|
|
44
46
|
"publishConfig": {
|
|
45
47
|
"access": "public"
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
import {
|
|
2
|
+
appendTransactionMessageInstructions,
|
|
3
|
+
createSolanaRpc,
|
|
4
|
+
createTransactionMessage,
|
|
5
|
+
pipe,
|
|
6
|
+
setTransactionMessageFeePayerSigner,
|
|
7
|
+
setTransactionMessageLifetimeUsingBlockhash,
|
|
8
|
+
signTransactionMessageWithSigners,
|
|
9
|
+
} from '@solana/kit';
|
|
10
|
+
import { getAddMemoInstruction } from '@solana-program/memo';
|
|
11
|
+
import { config } from 'dotenv';
|
|
12
|
+
import { describe, expect, it } from 'vitest';
|
|
13
|
+
|
|
14
|
+
import { AwsKmsSigner } from '../aws-kms-signer.js';
|
|
15
|
+
|
|
16
|
+
config();
|
|
17
|
+
|
|
18
|
+
const REQUIRED_ENV_VARS = ['AWS_KMS_KEY_ID', 'AWS_KMS_SIGNER_PUBKEY'];
|
|
19
|
+
|
|
20
|
+
function hasRequiredEnvVars(): boolean {
|
|
21
|
+
return REQUIRED_ENV_VARS.every(v => process.env[v]);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
function createAwsKmsSigner(): AwsKmsSigner {
|
|
25
|
+
return new AwsKmsSigner({
|
|
26
|
+
keyId: process.env.AWS_KMS_KEY_ID!,
|
|
27
|
+
publicKey: process.env.AWS_KMS_SIGNER_PUBKEY!,
|
|
28
|
+
region: process.env.AWS_KMS_REGION,
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
describe('AwsKmsSigner Integration', () => {
|
|
33
|
+
it.skipIf(!hasRequiredEnvVars())(
|
|
34
|
+
'signs transactions with AWS KMS',
|
|
35
|
+
async () => {
|
|
36
|
+
const signer = createAwsKmsSigner();
|
|
37
|
+
const rpcUrl = process.env.SOLANA_RPC_URL ?? 'https://api.devnet.solana.com';
|
|
38
|
+
|
|
39
|
+
// Get real blockhash from devnet
|
|
40
|
+
const rpc = createSolanaRpc(rpcUrl);
|
|
41
|
+
const {
|
|
42
|
+
value: { blockhash, lastValidBlockHeight },
|
|
43
|
+
} = await rpc.getLatestBlockhash().send();
|
|
44
|
+
|
|
45
|
+
// Create memo transaction (doesn't need funds)
|
|
46
|
+
const transaction = pipe(
|
|
47
|
+
createTransactionMessage({ version: 0 }),
|
|
48
|
+
tx => setTransactionMessageFeePayerSigner(signer, tx),
|
|
49
|
+
tx => appendTransactionMessageInstructions([getAddMemoInstruction({ memo: 'AWS KMS test' })], tx),
|
|
50
|
+
tx => setTransactionMessageLifetimeUsingBlockhash({ blockhash, lastValidBlockHeight }, tx),
|
|
51
|
+
);
|
|
52
|
+
|
|
53
|
+
// Sign via AWS KMS
|
|
54
|
+
const signed = await signTransactionMessageWithSigners(transaction);
|
|
55
|
+
|
|
56
|
+
// Verify signature returned
|
|
57
|
+
expect(signed.signatures[signer.address]).toBeDefined();
|
|
58
|
+
expect(signed.signatures[signer.address]?.length).toBe(64);
|
|
59
|
+
},
|
|
60
|
+
60_000,
|
|
61
|
+
); // 1 minute timeout
|
|
62
|
+
|
|
63
|
+
it.skipIf(!hasRequiredEnvVars())('signs messages', async () => {
|
|
64
|
+
const signer = createAwsKmsSigner();
|
|
65
|
+
|
|
66
|
+
const message = {
|
|
67
|
+
content: new Uint8Array([1, 2, 3, 4, 5]),
|
|
68
|
+
signatures: {},
|
|
69
|
+
};
|
|
70
|
+
|
|
71
|
+
const result = await signer.signMessages([message]);
|
|
72
|
+
|
|
73
|
+
expect(result).toHaveLength(1);
|
|
74
|
+
expect(result[0]?.[signer.address]).toBeDefined();
|
|
75
|
+
expect(result[0]?.[signer.address]?.length).toBe(64);
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
it.skipIf(!hasRequiredEnvVars())('checks availability', async () => {
|
|
79
|
+
const signer = createAwsKmsSigner();
|
|
80
|
+
const available = await signer.isAvailable();
|
|
81
|
+
expect(available).toBe(true);
|
|
82
|
+
});
|
|
83
|
+
});
|