Allow DEK to be a CIP8 signer (#7467)

### Description

This PR allows the DEK to be a CIP8 signer

### Other changes

- Set jest dependency resolution

### Tested

- Unit test 
- 
### Related issues

- Fixes #7459 

### Backwards compatibility

- Older clients might not recognize future clients using the DEK

package.json

@@ -111,6 +111,7 @@
     "sha3": "1.2.3",
     "tar": "4.4.10",
     "web3-eth-contract": "1.3.4",
-    "websocket-extensions": "^0.1.4"
+    "websocket-extensions": "^0.1.4",
+    "jest-environment-jsdom": "^26.0.1"
   }
 }

packages/sdk/identity/src/offchain-data-wrapper.test.ts

@@ -1,3 +1,4 @@
+import { Result } from '@celo/base'
 import { ContractKit, newKitFromWeb3 } from '@celo/contractkit'
 import { createStorageClaim } from '@celo/contractkit/lib/identity/claims/claim'
 import { IdentityMetadataWrapper } from '@celo/contractkit/lib/identity/metadata'
@@ -6,6 +7,7 @@ import { ACCOUNT_PRIVATE_KEYS } from '@celo/dev-utils/lib/ganache-setup'
 import { testWithGanache } from '@celo/dev-utils/lib/ganache-test'
 import {
   ensureLeading0x,
+  privateKeyToAddress,
   privateKeyToPublicKey,
   publicKeyToAddress,
   toChecksumAddress,
@@ -16,7 +18,7 @@ import { LocalWallet } from '@celo/wallet-local'
 import { randomBytes } from 'crypto'
 import { BasicDataWrapper, OffchainDataWrapper, OffchainErrorTypes } from './offchain-data-wrapper'
 import { AuthorizedSignerAccessor } from './offchain/accessors/authorized-signer'
-import { SchemaErrorTypes } from './offchain/accessors/errors'
+import { SchemaErrors, SchemaErrorTypes } from './offchain/accessors/errors'
 import { PrivateNameAccessor, PublicNameAccessor } from './offchain/accessors/name'
 import { MockStorageWriter } from './offchain/storage-writers'
 
@@ -105,40 +107,62 @@ testWithGanache('Offchain Data', (web3) => {
     signer.kit.getWallet()!.removeAccount(signer.address)
   })
 
+  const assertValidNameResponse = (resp: Result<{ name: string }, SchemaErrors>) => {
+    if (resp.ok) {
+      expect(resp.result.name).toEqual(testname)
+    } else {
+      const error = resp.error
+      switch (error.errorType) {
+        case SchemaErrorTypes.InvalidDataError:
+          console.log("Something was wrong with the schema, can't try again")
+          break
+        case SchemaErrorTypes.OffchainError:
+          const offchainError = error.error
+          switch (offchainError.errorType) {
+            case OffchainErrorTypes.FetchError:
+              console.log('Something went wrong with fetching, try again')
+              break
+            case OffchainErrorTypes.InvalidSignature:
+              console.log('Signature was wrong')
+              break
+            case OffchainErrorTypes.NoStorageRootProvidedData:
+              console.log("Account doesn't have data for this type")
+              break
+          }
+
+        default:
+          break
+      }
+      throw new Error(error.message)
+    }
+  }
+
   describe('with the account being the signer', () => {
     it('can write a name', async () => {
       const nameAccessor = new PublicNameAccessor(writer.wrapper)
       await nameAccessor.write(testPayload)
 
       const readerNameAccessor = new PublicNameAccessor(reader.wrapper)
       const resp = await readerNameAccessor.readAsResult(writer.address)
-      if (resp.ok) {
-        expect(resp.result.name).toEqual(testname)
-      } else {
-        const error = resp.error
-        switch (error.errorType) {
-          case SchemaErrorTypes.InvalidDataError:
-            console.log("Something was wrong with the schema, can't try again")
-            break
-          case SchemaErrorTypes.OffchainError:
-            const offchainError = error.error
-            switch (offchainError.errorType) {
-              case OffchainErrorTypes.FetchError:
-                console.log('Something went wrong with fetching, try again')
-                break
-              case OffchainErrorTypes.InvalidSignature:
-                console.log('Signature was wrong')
-                break
-              case OffchainErrorTypes.NoStorageRootProvidedData:
-                console.log("Account doesn't have data for this type")
-                break
-            }
-
-          default:
-            break
-        }
-        throw new Error(error.message)
-      }
+      assertValidNameResponse(resp)
+    })
+  })
+
+  describe('with the DEK being the signer', () => {
+    it('can write a name', async () => {
+      const writerPrivateKey = ACCOUNT_PRIVATE_KEYS[5]
+      const writerDEK = randomBytes(32).toString('hex')
+      const compressedWriter = await setupAccount(writerPrivateKey, writerDEK, true)
+      const DEKAddress = privateKeyToAddress(writerDEK)
+      compressedWriter.wrapper.kit.connection.addAccount(writerDEK)
+      compressedWriter.wrapper.signer = DEKAddress
+
+      const nameAccessor = new PublicNameAccessor(compressedWriter.wrapper)
+      await nameAccessor.write(testPayload)
+
+      const readerNameAccessor = new PublicNameAccessor(reader.wrapper)
+      const resp = await readerNameAccessor.readAsResult(compressedWriter.address)
+      assertValidNameResponse(resp)
     })
   })
 

packages/sdk/identity/src/offchain-data-wrapper.ts

@@ -3,6 +3,8 @@ import { Err, makeAsyncThrowable, Ok, Result, RootError } from '@celo/base/lib/r
 import { ContractKit } from '@celo/contractkit'
 import { ClaimTypes } from '@celo/contractkit/lib/identity/claims/types'
 import { IdentityMetadataWrapper } from '@celo/contractkit/lib/identity/metadata'
+import { publicKeyToAddress } from '@celo/utils/lib/address'
+import { ensureUncompressed } from '@celo/utils/lib/ecdh'
 import { recoverEIP712TypedDataSigner } from '@celo/utils/lib/signatureUtils'
 import fetch from 'cross-fetch'
 import debugFactory from 'debug'
@@ -173,12 +175,17 @@ class StorageRoot {
 
     const accounts = await this.wrapper.kit.contracts.getAccounts()
     if (await accounts.isAccount(this.account)) {
-      const signers = await Promise.all([
+      const keys = await Promise.all([
         accounts.getVoteSigner(this.account),
         accounts.getValidatorSigner(this.account),
         accounts.getAttestationSigner(this.account),
+        accounts.getDataEncryptionKey(this.account),
       ])
-      if (signers.some((signer) => signer === guessedSigner)) {
+
+      const dekAddress = keys[3] ? publicKeyToAddress(ensureUncompressed(keys[3])) : '0x0'
+      const signers = [keys[0], keys[1], keys[2], dekAddress]
+
+      if (signers.some((signer) => eqAddress(signer, guessedSigner))) {
         return Ok(body)
       }
 

yarn.lock

@@ -15635,7 +15635,7 @@ jest-each@^26.6.2:
     jest-util "^26.6.2"
     pretty-format "^26.6.2"
 
-jest-environment-jsdom@^26.6.2:
+jest-environment-jsdom@^26.0.1, jest-environment-jsdom@^26.6.2:
   version "26.6.2"
   resolved "https://registry.yarnpkg.com/jest-environment-jsdom/-/jest-environment-jsdom-26.6.2.tgz#78d09fe9cf019a357009b9b7e1f101d23bd1da3e"
   integrity sha512-jgPqCruTlt3Kwqg5/WVFyHIOJHsiAvhcp2qiR2QQstuG9yWox5+iHpU3ZrcBxW14T4fe5Z68jAfLRh7joCSP2Q==