feat: Sign config files in cli #149
Conversation
Codecov Report
@@ Coverage Diff @@
## master #149 +/- ##
=======================================
Coverage 90.48% 90.48%
=======================================
Files 17 17
Lines 683 683
=======================================
Hits 618 618
Misses 34 34
Partials 31 31
Continue to review full report at Codecov.
|
closes trustbloc#148 Signed-off-by: Firas Qutishat <[email protected]>
| // PrivateKeyJwk is privatekey jwk | ||
| PrivateKeyJwk json.RawMessage `json:"privateKeyJwk,omitempty"` | ||
| // PrivateKeyJwk is privatekey jwk file | ||
| PrivateKeyJwkPath string `json:"privateKeyJwkPath,omitempty"` |
There was a problem hiding this comment.
this will need some additional followup.
a) the private key might not be in a file.
b) the private key can be protected.
c) might make sense to refactor how keys are associated to stakeholders.
There was a problem hiding this comment.
will do that as followup
| @@ -189,9 +191,16 @@ func getConfig(cmd *cobra.Command) (*config, error) { | |||
| } | |||
|
|
|||
| for _, member := range config.MembersData { | |||
| if err := member.jsonWebKey.UnmarshalJSON(member.PrivateKeyJwk); err != nil { | |||
| return nil, err | |||
| jwkData, err := ioutil.ReadFile(member.PrivateKeyJwkPath) //nolint: gosec | |||
There was a problem hiding this comment.
i hope we are not assuming all keys are available on a single system.
some stakeholders will sign their own copy on their own system.
There was a problem hiding this comment.
i.e. this is somewhat like fabric endorsement - generally ask the stakeholder to sign it.
|
@Baha-sk jws aries not supporting multiple signatures |
closes #148
Signed-off-by: Firas Qutishat [email protected]