Merge branch 'ios-events' of https://github.com/nats-io/nats.swift into ios-events

Author: piotrpio

Package.swift

@@ -14,7 +14,7 @@ let package = Package(
     dependencies: [
         .package(url: "https://github.com/apple/swift-nio.git", from: "2.0.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.4.2"),
-        .package(url: "https://github.com/nats-io/nkeys.swift.git", from: "0.1.1"),
+        .package(url: "https://github.com/nats-io/nkeys.swift.git", from: "0.1.2"),
         .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.0.0"),
         .package(url: "https://github.com/Jarema/swift-nuid.git", from: "0.2.0"),
     ],

Sources/Nats/NatsClient/NatsClient.swift

@@ -34,6 +34,8 @@ public struct Auth {
     var password: String?
     var token: String?
     var credentialsPath: URL?
+    var nkeyPath: URL?
+    var nkey: String?
 
     init() {
 
@@ -51,6 +53,16 @@ public struct Auth {
         auth.credentialsPath = credentials
         return auth
     }
+    static func fromNkey(_ nkey: URL) -> Auth {
+        var auth = Auth()
+        auth.nkeyPath = nkey
+        return auth
+    }
+    static func fromNkey(_ nkey: String) -> Auth {
+        var auth = Auth()
+        auth.nkey = nkey
+        return auth
+    }
 }
 
 public class NatsClient {

Sources/Nats/NatsClient/NatsClientOptions.swift

@@ -86,6 +86,23 @@ public class NatsClientOptions {
         return self
     }
 
+    public func nkeyFile(_ nkey: URL) -> NatsClientOptions {
+        if self.auth == nil {
+            self.auth = Auth.fromNkey(nkey)
+        } else {
+            self.auth?.nkeyPath = nkey
+        }
+        return self
+    }
+    public func nkey(_ nkey: String) -> NatsClientOptions {
+        if self.auth == nil {
+            self.auth = Auth.fromNkey(nkey)
+        } else {
+            self.auth?.nkey = nkey
+        }
+        return self
+    }
+
     public func requireTls() -> NatsClientOptions {
         self.withTls = true
         return self

Sources/Nats/NatsConnection.swift

@@ -333,6 +333,9 @@ class ConnectionHandler: ChannelInboundHandler {
             user: self.auth?.user ?? "", pass: self.auth?.password ?? "",
             authToken: self.auth?.token ?? "", headers: true, noResponders: true)
 
+        if self.auth?.nkey != nil && self.auth?.nkeyPath != nil {
+            throw NatsConfigError("cannot use both nkey and nkeyPath")
+        }
         if let auth = self.auth, let credentialsPath = auth.credentialsPath {
             let credentials = try await URLSession.shared.data(from: credentialsPath).0
             guard let jwt = JwtUtils.parseDecoratedJWT(contents: credentials) else {
@@ -351,6 +354,35 @@ class ConnectionHandler: ChannelInboundHandler {
             initialConnect.signature = base64sig
             initialConnect.userJwt = String(data: jwt, encoding: .utf8)!
         }
+        if let nkey = self.auth?.nkeyPath {
+            let nkeyData = try await URLSession.shared.data(from: nkey).0
+
+            guard let nkeyContent = String(data: nkeyData, encoding: .utf8) else {
+                throw NatsConfigError("failed to read NKEY file")
+            }
+            let keypair = try KeyPair(
+                seed: nkeyContent.trimmingCharacters(in: .whitespacesAndNewlines)
+            )
+
+            guard let nonce = self.serverInfo?.nonce else {
+                throw NatsConfigError("missing nonce")
+            }
+            let sig = try keypair.sign(input: nonce.data(using: .utf8)!)
+            let base64sig = sig.base64EncodedURLSafeNotPadded()
+            initialConnect.signature = base64sig
+            initialConnect.nkey = keypair.publicKeyEncoded
+        }
+        if let nkey = self.auth?.nkey {
+            let keypair = try KeyPair(seed: nkey)
+            guard let nonce = self.serverInfo?.nonce else {
+                throw NatsConfigError("missing nonce")
+            }
+            let nonceData = nonce.data(using: .utf8)!
+            let sig = try keypair.sign(input: nonceData)
+            let base64sig = sig.base64EncodedURLSafeNotPadded()
+            initialConnect.signature = base64sig
+            initialConnect.nkey = keypair.publicKeyEncoded
+        }
         let connect = initialConnect
         try await withCheckedThrowingContinuation { continuation in
             self.connectionEstablishedContinuation = continuation
@@ -447,6 +479,7 @@ class ConnectionHandler: ChannelInboundHandler {
                                 // due to the promise originating on the event loop of the channel.
                                 try channel.pipeline.syncOperations.addHandler(sslHandler)
                             } catch {
+                                upgradePromise.fail(error)
                                 return channel.eventLoop.makeFailedFuture(error)
                             }
                         }

Tests/NatsTests/Integration/ConnectionTests.swift

@@ -45,6 +45,8 @@ class CoreNatsTests: XCTestCase {
         ("testRequest", testRequest),
         ("testRequest_noResponders", testRequest_noResponders),
         ("testRequest_timeout", testRequest_timeout),
+        ("testNkeyAuth", testNkeyAuth),
+        ("testNkeyAuthFile", testNkeyAuthFile),
     ]
     var natsServer = NatsServer()
 
@@ -463,6 +465,58 @@ class CoreNatsTests: XCTestCase {
         _ = await subscribe.next()
     }
 
+    func testNkeyAuth() async throws {
+        logger.logLevel = .debug
+        let bundle = Bundle.module
+        natsServer.start(cfg: bundle.url(forResource: "nkey", withExtension: "conf")!.relativePath)
+
+        let client = NatsClientOptions()
+            .url(URL(string: natsServer.clientURL)!)
+            .nkey("SUACH75SWCM5D2JMJM6EKLR2WDARVGZT4QC6LX3AGHSWOMVAKERABBBRWM")
+            .build()
+        try await client.connect()
+        let subscribe = try await client.subscribe(subject: "foo").makeAsyncIterator()
+        try await client.publish("data".data(using: .utf8)!, subject: "foo")
+        _ = await subscribe.next()
+    }
+
+    func testNkeyAuthFile() async throws {
+        logger.logLevel = .debug
+        let bundle = Bundle.module
+        natsServer.start(cfg: bundle.url(forResource: "nkey", withExtension: "conf")!.relativePath)
+
+        let client = NatsClientOptions()
+            .url(URL(string: natsServer.clientURL)!)
+            .nkeyFile(bundle.url(forResource: "nkey", withExtension: "")!)
+            .build()
+        try await client.connect()
+        let subscribe = try await client.subscribe(subject: "foo").makeAsyncIterator()
+        try await client.publish("data".data(using: .utf8)!, subject: "foo")
+        _ = await subscribe.next()
+
+        // Test if passing both nkey and nkeyPath throws an error
+        let badClient = NatsClientOptions()
+            .url(URL(string: natsServer.clientURL)!)
+            .nkeyFile(bundle.url(forResource: "nkey", withExtension: "")!)
+            .nkey("SUACH75SWCM5D2JMJM6EKLR2WDARVGZT4QC6LX3AGHSWOMVAKERABBBRWM")
+            .build()
+
+        var thrownError: Error?
+        do {
+            try await badClient.connect()
+        } catch {
+            thrownError = error
+        }
+
+        // Now assert that an error was thrown and check its type and properties
+        XCTAssertNotNil(thrownError, "Expected method to throw an error but it did not.")
+        if let natsError = thrownError as? NatsConfigError {
+            XCTAssertEqual(natsError.description, "cannot use both nkey and nkeyPath")
+        } else {
+            XCTFail("Unexpected error type: \(String(describing: thrownError))")
+        }
+    }
+
     func testMutualTls() async throws {
         let bundle = Bundle.module
         logger.logLevel = .debug

Tests/NatsTests/Integration/Resources/nkey

@@ -0,0 +1 @@
+SUACH75SWCM5D2JMJM6EKLR2WDARVGZT4QC6LX3AGHSWOMVAKERABBBRWM

Tests/NatsTests/Integration/Resources/nkey.conf

@@ -0,0 +1,5 @@
+authorization: {
+  users: [
+    { nkey: UAFHG6FUD2UU4SDFVAFUL5LDFO2XM4WYM76UNXTPJYJK7EEMYRBHT2VE }
+  ]
+}