feat(sdk-core): added OFC BitGo signing on wallet and coins object

allow wallet and coins object to sign using the BitGo key
if the passphrase is not provided during signing

Ticket: WCN-217-2

Author: alextse-bg

modules/sdk-core/src/bitgo/trading/tradingAccount.ts

@@ -22,6 +22,11 @@ export class TradingAccount implements ITradingAccount {
     return this.wallet.id();
   }
 
+  get userKeySigningRequired(): boolean {
+    const walletData = this.wallet.toJSON();
+    return walletData.coinSpecific?.userKeySigningRequired ?? walletData.userKeySigningRequired ?? true;
+  }
+
   /**
    * Signs an arbitrary payload. Use the user key if passphrase/prv is provided, or the BitGo key if not.
    * @param params
@@ -48,8 +53,7 @@ export class TradingAccount implements ITradingAccount {
     params: Omit<SignPayloadParameters, 'walletPassphrase' | 'prv'>
   ): Promise<string> {
     const walletData = this.wallet.toJSON();
-    const userKeySigningRequired = walletData.coinSpecific?.userKeySigningRequired ?? walletData.userKeySigningRequired;
-    if (userKeySigningRequired) {
+    if (this.userKeySigningRequired) {
       throw new Error(
         'Wallet must use user key to sign ofc transaction, please provide the wallet passphrase or visit your wallet settings page to configure one.'
       );

modules/sdk-core/src/bitgo/wallet/wallet.ts

@@ -2137,7 +2137,7 @@ export class Wallet implements IWallet {
    * @param params
    * - txPrebuild
    * - [keychain / key] (object) or prv (string)
-   * - walletPassphrase
+   * - walletPassphrase (optional ONLY for OFC wallets with userKeySigningRequired = false)
    * - verifyTxParams (optional) - when provided, the transaction will be verified before signing
    *   - txParams: transaction parameters used for verification
    *   - verification: optional verification options
@@ -2264,6 +2264,17 @@ export class Wallet implements IWallet {
       };
       return params.customSigningFunction(signTransactionParamsWithSeed);
     }
+
+    if (this.baseCoin.getFamily() === 'ofc') {
+      const userKeySigningRequired = this.toTradingAccount().userKeySigningRequired;
+      const prv = userKeySigningRequired ? await this.getUserPrvAsync(presign as GetUserPrvOptions) : undefined;
+      return this.baseCoin.signTransaction({
+        ...signTransactionParams,
+        prv,
+        wallet: this,
+      });
+    }
+
     return this.baseCoin.signTransaction({
       ...signTransactionParams,
       prv: await this.getUserPrvAsync(presign as GetUserPrvOptions),

modules/sdk-core/src/coins/ofc.ts

@@ -15,6 +15,7 @@ import {
   SignTransactionOptions,
   VerifyAddressOptions,
   VerifyTransactionOptions,
+  Wallet,
 } from '../';
 
 export class Ofc extends BaseCoin {
@@ -104,6 +105,26 @@ export class Ofc extends BaseCoin {
     throw new MethodNotImplementedError();
   }
 
+  /**
+   * Signs a message using a trading wallet's BitGo Key
+   * @param wallet - uses the BitGo key of this trading wallet to sign the message remotely in a KMS
+   * @param message
+   */
+  async signMessage(wallet: Wallet, message: string): Promise<Buffer>;
+  /**
+   * Signs a message using the private key
+   * @param key - uses the private key to sign the message
+   * @param message
+   */
+  async signMessage(key: { prv: string }, message: string): Promise<Buffer>;
+  async signMessage(keyOrWallet: { prv: string } | Wallet, message: string): Promise<Buffer> {
+    if (!(keyOrWallet instanceof Wallet)) {
+      return super.signMessage(keyOrWallet, message);
+    }
+    const signatureHexString = await keyOrWallet.toTradingAccount().signPayload({ payload: message });
+    return Buffer.from(signatureHexString, 'hex');
+  }
+
   /** @inheritDoc */
   auditDecryptedKey(params: AuditDecryptedKeyParams) {
     throw new MethodNotImplementedError();

modules/sdk-core/src/coins/ofcToken.ts

@@ -9,6 +9,7 @@ import {
   SignTransactionOptions as BaseSignTransactionOptions,
   SignedTransaction,
   ITransactionRecipient,
+  Wallet,
 } from '../';
 import { isBolt11Invoice } from '../lightning';
 
@@ -18,7 +19,8 @@ export interface SignTransactionOptions extends BaseSignTransactionOptions {
   txPrebuild: {
     payload: string;
   };
-  prv: string;
+  prv?: string;
+  wallet?: Wallet;
 }
 
 export { OfcTokenConfig };
@@ -107,15 +109,25 @@ export class OfcToken extends Ofc {
   }
 
   /**
-   * Assemble keychain and half-sign prebuilt transaction
+   * Signs a half-signed OFC transaction.
+   * Signs the transaction remotely using the BitGo key if prv is not provided.
    * @param params
    * @returns {Promise<SignedTransaction>}
    */
   async signTransaction(params: SignTransactionOptions): Promise<SignedTransaction> {
     const txPrebuild = params.txPrebuild;
     const payload = txPrebuild.payload;
-    const signatureBuffer = (await this.signMessage(params, payload)) as any;
-    const signature: string = signatureBuffer.toString('hex');
+
+    let signature: string;
+    if (params.wallet) {
+      signature = await params.wallet.toTradingAccount().signPayload({ payload, prv: params.prv });
+    } else if (params.prv) {
+      const signatureBuffer = (await this.signMessage({ prv: params.prv }, payload)) as any;
+      signature = signatureBuffer.toString('hex');
+    } else {
+      throw new Error('You must pass in either one of wallet or prv');
+    }
+
     return { halfSigned: { payload, signature } } as any;
   }
 

modules/sdk-core/test/unit/bitgo/wallet/ofcWalletSignTransaction.ts

@@ -3,66 +3,145 @@
  */
 import sinon from 'sinon';
 import 'should';
-import { Wallet } from '../../../../src';
+import { Wallet, BaseCoin } from '../../../../src';
+import { OfcToken } from '../../../../src/coins';
 
-describe('Wallet - OFC signTransaction', function () {
+const TEST_TOKEN_CONFIG = {
+  coin: 'ofcusdt',
+  decimalPlaces: 6,
+  name: 'OFCUSDT',
+  type: 'ofcusdt',
+  backingCoin: 'usdt',
+  isFiat: false,
+};
+
+describe('Wallet - OFC', function () {
   let wallet: Wallet;
   let mockBitGo: any;
-  let mockBaseCoin: any;
-  let mockWalletData: any;
+  let ofcToken: OfcToken;
+  let signMessageStub: sinon.SinonStub;
+  const signatureBytes = Buffer.from('aabbccdd', 'hex');
+  const payload = '{"amount":"100","from":"alice","to":"bob"}';
+  const prv = 'test-prv';
+  // bg-<32 hex chars> is valid for OfcToken without needing to resolve the backing coin
+  const recipients = [{ address: 'bg-aabbccddeeff00112233445566778899', amount: '100' }];
+  const userPub =
+    'xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC51xERxh8vDMjc3PiGpQ3VeQcHBiGxbsrRXbCKQZZxBtDMrmBRzxRMkBJGsC9bsYb5tggVF3jGfEE';
+
+  const walletData = {
+    id: 'test-wallet-id',
+    coin: 'ofcusdt',
+    keys: ['user-key', 'backup-key', 'bitgo-key'],
+    type: 'trading',
+    multisigType: 'onchain',
+    enterprise: 'ent-id',
+  };
+
+  /**
+   * Creates a fluent request mock that handles .query().send().result() and .send().result()
+   * chains, resolving with the provided value.
+   */
+  function makeRequestChain(resolved: unknown): any {
+    const chain: any = {};
+    chain.query = sinon.stub().returns(chain);
+    chain.send = sinon.stub().returns(chain);
+    chain.result = sinon.stub().resolves(resolved);
+    return chain;
+  }
 
   beforeEach(function () {
+    signMessageStub = sinon.stub(BaseCoin.prototype, 'signMessage');
+    signMessageStub.withArgs({ prv }, payload).resolves(signatureBytes);
+    sinon.stub(BaseCoin.prototype, 'keychains').returns({
+      getKeysForSigning: sinon.stub().resolves([{ id: walletData.keys[0], pub: userPub }]),
+    } as any);
     mockBitGo = {
-      url: sinon.stub().returns('https://test.bitgo.com'),
+      url: sinon.stub().returns('https://test.bitgo.com/'),
       post: sinon.stub(),
-      get: sinon.stub(),
       setRequestTracer: sinon.stub(),
     };
-
-    mockBaseCoin = {
-      getFamily: sinon.stub().returns('ofc'),
-      url: sinon.stub().returns('https://test.bitgo.com/wallet'),
-      keychains: sinon.stub(),
-      supportsTss: sinon.stub().returns(false),
-      getMPCAlgorithm: sinon.stub(),
-      presignTransaction: sinon.stub().resolvesArg(0),
-      keyIdsForSigning: sinon.stub().returns([0]),
-      signTransaction: sinon.stub().resolves({ halfSigned: { payload: 'test', signature: 'aabbcc' } }),
-    };
-
-    mockWalletData = {
-      id: 'test-wallet-id',
-      coin: 'ofcusdt',
-      keys: ['user-key', 'backup-key', 'bitgo-key'],
-      multisigType: 'onchain',
-      enterprise: 'ent-id',
-    };
-
-    wallet = new Wallet(mockBitGo, mockBaseCoin, mockWalletData);
+    ofcToken = new OfcToken(mockBitGo, TEST_TOKEN_CONFIG);
+    wallet = new Wallet(mockBitGo, ofcToken, walletData);
   });
 
   afterEach(function () {
     sinon.restore();
   });
 
-  it('should pass prv and paylaod to baseCoin.signTransaction', async function () {
-    const txPrebuild = { txInfo: { payload: '{"amount":"100"}' } } as any;
-    const prv = 'test-prv';
+  describe('signTransaction', function () {
+    describe('with prv (local signing routed through wallet)', function () {
+      it('should call baseCoin.signMessage with the prv and payload', async function () {
+        const result = await wallet.signTransaction({ txPrebuild: { payload } as any, prv });
+
+        signMessageStub.calledOnceWith({ prv }, payload).should.be.true();
+        mockBitGo.post.called.should.be.false();
+        result.should.deepEqual({ halfSigned: { payload, signature: signatureBytes.toString('hex') } });
+      });
+    });
+
+    describe('with walletPassphrase and keychain', function () {
+      const walletPassphrase = 'test-passphrase';
+      const encryptedPrv = 'encrypted-prv-blob';
 
-    await wallet.signTransaction({ txPrebuild, prv });
+      beforeEach(function () {
+        // getUserPrvAsync decrypts the keychain via the compiled decryptKeychainPrivateKey,
+        // which calls bitgo.decrypt synchronously
+        mockBitGo.decrypt = sinon.stub().returns(prv);
+      });
 
-    mockBaseCoin.signTransaction.calledOnce.should.be.true();
-    mockBaseCoin.signTransaction.calledWith({ txPrebuild, prv });
-    const callArgs = mockBaseCoin.signTransaction.getCall(0).args[0];
-    callArgs.prv.should.equal(prv);
+      it('should decrypt the keychain with the passphrase and sign via baseCoin.signMessage', async function () {
+        const result = await wallet.signTransaction({
+          txPrebuild: { payload } as any,
+          walletPassphrase,
+          keychain: { pub: userPub, encryptedPrv } as any,
+        });
+
+        signMessageStub.calledOnceWith({ prv }, payload).should.be.true();
+        mockBitGo.post.called.should.be.false();
+        result.should.deepEqual({ halfSigned: { payload, signature: signatureBytes.toString('hex') } });
+      });
+    });
   });
 
-  it('should return the result from baseCoin.signTransaction', async function () {
-    const txPrebuild = { txInfo: { payload: '{"amount":"100"}' } } as any;
-    const prv = 'test-prv';
+  describe('prebuildAndSignTransaction', function () {
+    const buildUrl = () => ofcToken.url('/wallet/' + walletData.id + '/tx/build');
+    const signUrl = () => ofcToken.url('/wallet/' + walletData.id + '/tx/sign');
+
+    beforeEach(function () {
+      mockBitGo.post.withArgs(buildUrl()).returns(makeRequestChain({ payload }));
+    });
+
+    it('should call the prebuild API then sign locally with the prv', async function () {
+      const result = await wallet.prebuildAndSignTransaction({ prv });
+
+      mockBitGo.post.calledWith(buildUrl()).should.be.true();
+      signMessageStub.calledOnceWith({ prv }, payload).should.be.true();
+      result.should.deepEqual({ halfSigned: { payload, signature: signatureBytes.toString('hex') } });
+    });
+
+    it('should not call the remote sign endpoint when prv is provided', async function () {
+      await wallet.prebuildAndSignTransaction({ prv });
+
+      mockBitGo.post.calledWith(signUrl()).should.be.false();
+    });
+  });
+
+  describe('sendMany', function () {
+    const buildUrl = () => ofcToken.url('/wallet/' + walletData.id + '/tx/build');
+    const sendUrl = () => ofcToken.url('/wallet/' + walletData.id + '/tx/send');
+
+    beforeEach(function () {
+      mockBitGo.post.withArgs(buildUrl()).returns(makeRequestChain({ payload }));
+      mockBitGo.post.withArgs(sendUrl()).returns(makeRequestChain({ txid: 'test-txid', status: 'signed' }));
+    });
 
-    const result = await wallet.signTransaction({ txPrebuild, prv });
+    it('should prebuild, sign locally, and submit to the send endpoint', async function () {
+      const result = await wallet.sendMany({ recipients, prv });
 
-    result.should.deepEqual({ halfSigned: { payload: 'test', signature: 'aabbcc' } });
+      mockBitGo.post.calledWith(buildUrl()).should.be.true();
+      signMessageStub.calledOnceWith({ prv }, payload).should.be.true();
+      mockBitGo.post.calledWith(sendUrl()).should.be.true();
+      result.should.deepEqual({ txid: 'test-txid', status: 'signed' });
+    });
   });
 });