From 352c88d980e5b8c9ba2bcb0c2db8f17c277438a2 Mon Sep 17 00:00:00 2001
From: Wout Slakhorst <wout.slakhorst@nedap.com>
Date: Wed, 13 Nov 2024 16:22:54 +0100
Subject: [PATCH] fix vault key path/key

---
 crypto/storage/vault/vault.go      | 15 ++++++++-------
 crypto/storage/vault/vault_test.go | 14 +++++++++++++-
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/crypto/storage/vault/vault.go b/crypto/storage/vault/vault.go
index 62555de586..4dc0909e4c 100644
--- a/crypto/storage/vault/vault.go
+++ b/crypto/storage/vault/vault.go
@@ -34,6 +34,7 @@ import (
 
 const privateKeyPathName = "nuts-private-keys"
 const defaultPathPrefix = "kv"
+const vaultSecretkeyName = "key"
 
 // StorageType is the name of this storage type, used in health check reports and configuration.
 const StorageType = "vaultkv"
@@ -102,8 +103,8 @@ func NewVaultKVStorage(config Config) (spi.Storage, error) {
 	return vaultStorage, nil
 }
 
-func (v vaultKVStorage) NewPrivateKey(ctx context.Context, keyName string) (crypto.PublicKey, string, error) {
-	return spi.GenerateAndStore(ctx, v, keyName)
+func (v vaultKVStorage) NewPrivateKey(ctx context.Context, keyPath string) (crypto.PublicKey, string, error) {
+	return spi.GenerateAndStore(ctx, v, keyPath)
 }
 
 func configureVaultClient(cfg Config) (*vault.Client, error) {
@@ -142,7 +143,7 @@ func (v vaultKVStorage) checkConnection() error {
 
 func (v vaultKVStorage) GetPrivateKey(ctx context.Context, keyName string, _ string) (crypto.Signer, error) {
 	path := privateKeyPath(v.config.PathPrefix, keyName)
-	value, err := v.getValue(ctx, path, keyName)
+	value, err := v.getValue(ctx, path, vaultSecretkeyName)
 	if err != nil {
 		return nil, err
 	}
@@ -181,7 +182,7 @@ func (v vaultKVStorage) storeValue(ctx context.Context, path, key string, value
 
 func (v vaultKVStorage) PrivateKeyExists(ctx context.Context, keyName string, _ string) (bool, error) {
 	path := privateKeyPath(v.config.PathPrefix, keyName)
-	_, err := v.getValue(ctx, path, keyName)
+	_, err := v.getValue(ctx, path, vaultSecretkeyName)
 	if errors.Is(err, spi.ErrNotFound) {
 		return false, nil
 	}
@@ -224,14 +225,14 @@ func privateKeyListPath(prefix string) string {
 	return filepath.Clean(path)
 }
 
-func (v vaultKVStorage) SavePrivateKey(ctx context.Context, keyName string, key crypto.PrivateKey) error {
-	path := privateKeyPath(v.config.PathPrefix, keyName)
+func (v vaultKVStorage) SavePrivateKey(ctx context.Context, keyPath string, key crypto.PrivateKey) error {
+	path := privateKeyPath(v.config.PathPrefix, keyPath)
 	pem, err := util.PrivateKeyToPem(key)
 	if err != nil {
 		return fmt.Errorf("unable to convert private key to pem format: %w", err)
 	}
 
-	return v.storeValue(ctx, path, keyName, pem)
+	return v.storeValue(ctx, path, vaultSecretkeyName, pem)
 }
 
 func (v vaultKVStorage) DeletePrivateKey(ctx context.Context, kid string) error {
diff --git a/crypto/storage/vault/vault_test.go b/crypto/storage/vault/vault_test.go
index a631c4bd69..cf7db0ea9f 100644
--- a/crypto/storage/vault/vault_test.go
+++ b/crypto/storage/vault/vault_test.go
@@ -26,6 +26,7 @@ import (
 	"errors"
 	vault "github.com/hashicorp/vault/api"
 	"github.com/nuts-foundation/nuts-node/core"
+	"github.com/nuts-foundation/nuts-node/crypto/util"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"net/http"
@@ -103,6 +104,17 @@ func TestVaultKVStorage(t *testing.T) {
 		assert.Equal(t, privateKey, result, "expected retrieved key to equal original")
 	})
 
+	t.Run("get", func(t *testing.T) {
+		pem, _ := util.PrivateKeyToPem(privateKey)
+		vaultStorage := vaultKVStorage{config: DefaultConfig(), client: mockVaultClient{store: map[string]map[string]interface{}{"kv/nuts-private-keys/did:nuts:123#abc": {vaultSecretkeyName: pem}}}}
+
+		signer, err := vaultStorage.GetPrivateKey(ctx, keyName, version)
+
+		require.NoError(t, err)
+		pem2, _ := util.PrivateKeyToPem(signer)
+		assert.Equal(t, pem, pem2)
+	})
+
 	t.Run("delete", func(t *testing.T) {
 		t.Run("ok", func(t *testing.T) {
 			vaultStorage := vaultKVStorage{client: mockVaultClient{store: map[string]map[string]interface{}{"kv/nuts-private-keys/did:nuts:123#abc": {}}}}
@@ -171,7 +183,7 @@ func TestVaultKVStorage(t *testing.T) {
 	})
 
 	t.Run("error - encoding issues", func(t *testing.T) {
-		vaultStorage := vaultKVStorage{config: DefaultConfig(), client: mockVaultClient{store: map[string]map[string]interface{}{"kv/nuts-private-keys/did:nuts:123#abc": {keyName: []byte("foo")}}}}
+		vaultStorage := vaultKVStorage{config: DefaultConfig(), client: mockVaultClient{store: map[string]map[string]interface{}{"kv/nuts-private-keys/did:nuts:123#abc": {vaultSecretkeyName: []byte("foo")}}}}
 
 		t.Run("SavePrivateKey", func(t *testing.T) {
 			err := vaultStorage.SavePrivateKey(ctx, keyName, "123")