fix(key): fix local keystore key.ID encoding, require ID match keys

Local key store now requires that any private or public key added to the
store *must* match it's key identifier (must be hash of public key, or
inlined public key). By having the keystore require key identifiers
cryptographically match the public key they're storing we have the same
assertion in reverse when we fetch the key by it's itentifier from the
store. This is a crucial proof when key identifiers are used in tokens.

Also fix a number of small errors & discrepencies between local & in-mem
stores of profiles & keys

Author: b5

auth/key/keybook.go

@@ -107,16 +107,16 @@ func (mkb *memoryKeyBook) AddPrivKey(k ID, sk ic.PrivKey) error {
 func (mkb *memoryKeyBook) MarshalJSON() ([]byte, error) {
 	mkb.RLock()
 	res := map[string]interface{}{}
-	pubKeys := map[ID]string{}
-	privKeys := map[ID]string{}
+	pubKeys := map[string]string{}
+	privKeys := map[string]string{}
 	for k, v := range mkb.pks {
 		byteKey, err := ic.MarshalPublicKey(v)
 		if err != nil {
 			// skip/don't marshal ill formed keys
 			log.Debugf("keybook: failed to marshal key: %q", err.Error())
 			continue
 		}
-		pubKeys[k] = ic.ConfigEncodeKey(byteKey)
+		pubKeys[k.Pretty()] = ic.ConfigEncodeKey(byteKey)
 	}
 	for k, v := range mkb.sks {
 		byteKey, err := ic.MarshalPrivateKey(v)
@@ -125,7 +125,7 @@ func (mkb *memoryKeyBook) MarshalJSON() ([]byte, error) {
 			log.Debugf("keybook: failed to marshal key: %q", err.Error())
 			continue
 		}
-		privKeys[k] = ic.ConfigEncodeKey(byteKey)
+		privKeys[k.Pretty()] = ic.ConfigEncodeKey(byteKey)
 	}
 
 	res["public_keys"] = pubKeys
@@ -152,7 +152,11 @@ func (mkb *memoryKeyBook) UnmarshalJSON(data []byte) error {
 			if err != nil {
 				return err
 			}
-			err = mkb.AddPubKey(ID(k), key)
+			id, err := DecodeID(k)
+			if err != nil {
+				return err
+			}
+			err = mkb.AddPubKey(id, key)
 			if err != nil {
 				return err
 			}
@@ -168,7 +172,11 @@ func (mkb *memoryKeyBook) UnmarshalJSON(data []byte) error {
 			if err != nil {
 				return err
 			}
-			err = mkb.AddPrivKey(ID(k), key)
+			id, err := DecodeID(k)
+			if err != nil {
+				return err
+			}
+			err = mkb.AddPrivKey(id, key)
 			if err != nil {
 				return err
 			}

auth/key/store.go

@@ -13,6 +13,10 @@ import (
 	"github.com/theckman/go-flock"
 )
 
+// ErrKeyAndIDMismatch occurs when a key identifier doesn't match it's public
+// key
+var ErrKeyAndIDMismatch = fmt.Errorf("public key does not match identifier")
+
 // Store is an abstraction over a KeyBook
 // In the future we may expand this interface to store symmetric encryption keys
 type Store interface {
@@ -101,6 +105,9 @@ func (s *localStore) AddPubKey(keyID ID, pubKey crypto.PubKey) error {
 	if err != nil {
 		return err
 	}
+	if !keyID.MatchesPublicKey(pubKey) {
+		return fmt.Errorf("%w id: %q", ErrKeyAndIDMismatch, keyID.Pretty())
+	}
 	err = kb.AddPubKey(keyID, pubKey)
 	if err != nil {
 		return err
@@ -114,6 +121,10 @@ func (s *localStore) AddPrivKey(keyID ID, privKey crypto.PrivKey) error {
 	s.Lock()
 	defer s.Unlock()
 
+	if !keyID.MatchesPrivateKey(privKey) {
+		return fmt.Errorf("%w id: %q", ErrKeyAndIDMismatch, keyID.Pretty())
+	}
+
 	kb, err := s.keys()
 	if err != nil {
 		return err

auth/key/store_test.go

@@ -1,11 +1,13 @@
 package key_test
 
 import (
+	"errors"
 	"io/ioutil"
 	"path/filepath"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/libp2p/go-libp2p-core/peer"
 	"github.com/qri-io/qri/auth/key"
 	testkeys "github.com/qri-io/qri/auth/key/test"
 )
@@ -24,17 +26,27 @@ func TestLocalStore(t *testing.T) {
 	}
 
 	kd0 := testkeys.GetKeyData(0)
-	k0AltID := key.ID("key_id_0")
-	err = ks.AddPubKey(k0AltID, kd0.PrivKey.GetPublic())
-	if err != nil {
+
+	if err = ks.AddPubKey(peer.ID("this_must_fail"), kd0.PrivKey.GetPublic()); err == nil {
+		t.Error("expected adding public key with mismatching ID to fail. got nil")
+	} else if !errors.Is(err, key.ErrKeyAndIDMismatch) {
+		t.Errorf("mismatched ID error must wrap exported pacakge error, got: %s", err)
+	}
+
+	if err = ks.AddPubKey(kd0.PeerID, kd0.PrivKey.GetPublic()); err != nil {
 		t.Fatal(err)
 	}
 
-	err = ks.AddPrivKey(k0AltID, kd0.PrivKey)
-	if err != nil {
+	if err = ks.AddPrivKey(kd0.PeerID, kd0.PrivKey); err != nil {
 		t.Fatal(err)
 	}
 
+	if err = ks.AddPrivKey(peer.ID("this_must_fail"), kd0.PrivKey); err == nil {
+		t.Error("expected adding private key with mismatching ID to fail. got nil")
+	} else if !errors.Is(err, key.ErrKeyAndIDMismatch) {
+		t.Errorf("mismatched ID error must wrap exported pacakge error, got: %s", err)
+	}
+
 	golden := "testdata/keystore.json"
 	path = filepath.Join(path, "keystore_test.json")
 	f1, err := ioutil.ReadFile(golden)

auth/key/testdata/keystore.json

@@ -1 +1 @@
-{"private_keys":{"key_id_0":"CAASqAkwggSkAgEAAoIBAQChp1HiZxTsLQCaHmW3/cc2ZDZpgLwn5o1/nZPgqT7SyXHP5bn7GQMG3kPEQWcl4nhtLX9hkrBEskHrdIlqp9zXFMwBfat+qfzCylGC/QBDF7wT9umLd7nbq7pAxQXteXgntt2Zhg4gE/kEk7vIyL+P9KpWJZ/yjpykgsDC7NPnrr8qZBo2tL0F4w+33nZhEx7Pp7Rnaq22JM8rF+NHCgSkUh63lp7Vhwm9PQoGtt0XTnEKxrMQnUme/IhGNxs84RphxHc5+nW6jYjgm5bcJonGyPU7bq+v51Mr2Ol4RT3L9ZNJgz0SWTSmAtiBLx2ryLrTjmDPSvN7wLm9sWEdWmRVAgMBAAECggEBAJMumrl+jWgz2TZ5sreBEp6NQ5VvpuDVY8PrnzaQIikdTMizK1BaB417VUwdGGM//dG5+R7HxkHl42sT4gH/8GzL/Krm1vwunXplZy3SWSi9NXsf9qgLTGebxasvOCRt0l6mesFLcxT12ma2c+VuEixp4aUqAKWB/1Ex03wm0RFBcSttPHe5ODW8Eaz+ZU8cpObEcZdCIPVxeWqLVdkAImOmsknL0EAxP8Wo/V6Rh5Cg4PnwnfJiQ45C+m6h7NTIw0H4UOncv7EBABra6LqF6Uoda9vmv8CpwaXwR557DPchQglFjtm48jWGeVKO3Zyutizu420eRrFZ0GmJo5flvkkCgYEA0SLysOZNxDgjYA0ihVYL6UbCvYUSADuDyTWREOUiRfmxAmS1xN9o7fieCJnA4aAAnSugtT2BI7HEqT1lLz0YF8NRDKL07TNbkmNLIHXBbXA5saf10N2juhflfIm5/b/W9lC3QsngMR27J25Ztqof6Ur36bIKJ6Y6XvYdlkkZkc8CgYEAxeCHUWMvtHtBID9ZOtrZRNhNJ/uz+2rzVSPd6ZdhEUWsvv/0p7JXmSAp2eoJDDKHeSnVxcxQMqhq0/edUSSzSvDpWha8UU4N8hRpu+M0XZNke0ijhpK6NIqNHPvZdsyFD0VR1Vaj2Ruy+pzih6PhqSnn2ZwvpQJAwBnqc2VCJJsCgYAkQr33hAbpxZ4EkmJw4elwye8L8x2a4rbH1TzQxBm8Lj3Nn26Qsve7gwbLkPULabWRirXzlrVkXfcuLNH1bc9Wl2vfGAYFdokjCYpGF4SxF+s47VlGnJc9tdT5UdvorjF0RaxwrRXtDi2b+Zsee8LKrU/sugzesQif3GZm30fKqwKBgQCQHwHP+HMFfAQqLZma8UzwBK7loUEsrHAAoff+K8CKKPoxvxD9lzqQD8oLqpbeaGsdh6fowe/jhaERM7dEI3vm6GK9t/N/MF+d4tpD+67nPPQhiv13haTTodo3swNnsHx1a+K3hLwf5DnOqLehXW59nET+zPAyudpZUEbft2+eYwKBgCMS6SitXwa2UjFNgkMAaOeJjkjnUKcr1tO/zPtaYPugKgkMQB890q4dcq5rnG2onhJ7hkoMwcrFugbD2nub9AIkaMc6Y46jyh2mSeA0337MpoMp99Jmp2/B1rouYo4IRS25b7jk22yjV8ARCzsxFVQxEwA1Lg8YpaXaifuI+/2O"},"public_keys":{"key_id_0":"CAASpgIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChp1HiZxTsLQCaHmW3/cc2ZDZpgLwn5o1/nZPgqT7SyXHP5bn7GQMG3kPEQWcl4nhtLX9hkrBEskHrdIlqp9zXFMwBfat+qfzCylGC/QBDF7wT9umLd7nbq7pAxQXteXgntt2Zhg4gE/kEk7vIyL+P9KpWJZ/yjpykgsDC7NPnrr8qZBo2tL0F4w+33nZhEx7Pp7Rnaq22JM8rF+NHCgSkUh63lp7Vhwm9PQoGtt0XTnEKxrMQnUme/IhGNxs84RphxHc5+nW6jYjgm5bcJonGyPU7bq+v51Mr2Ol4RT3L9ZNJgz0SWTSmAtiBLx2ryLrTjmDPSvN7wLm9sWEdWmRVAgMBAAE="}}
+{"private_keys":{"QmeL2mdVka1eahKENjehK6tBxkkpk5dNQ1qMcgWi7Hrb4B":"CAASqAkwggSkAgEAAoIBAQChp1HiZxTsLQCaHmW3/cc2ZDZpgLwn5o1/nZPgqT7SyXHP5bn7GQMG3kPEQWcl4nhtLX9hkrBEskHrdIlqp9zXFMwBfat+qfzCylGC/QBDF7wT9umLd7nbq7pAxQXteXgntt2Zhg4gE/kEk7vIyL+P9KpWJZ/yjpykgsDC7NPnrr8qZBo2tL0F4w+33nZhEx7Pp7Rnaq22JM8rF+NHCgSkUh63lp7Vhwm9PQoGtt0XTnEKxrMQnUme/IhGNxs84RphxHc5+nW6jYjgm5bcJonGyPU7bq+v51Mr2Ol4RT3L9ZNJgz0SWTSmAtiBLx2ryLrTjmDPSvN7wLm9sWEdWmRVAgMBAAECggEBAJMumrl+jWgz2TZ5sreBEp6NQ5VvpuDVY8PrnzaQIikdTMizK1BaB417VUwdGGM//dG5+R7HxkHl42sT4gH/8GzL/Krm1vwunXplZy3SWSi9NXsf9qgLTGebxasvOCRt0l6mesFLcxT12ma2c+VuEixp4aUqAKWB/1Ex03wm0RFBcSttPHe5ODW8Eaz+ZU8cpObEcZdCIPVxeWqLVdkAImOmsknL0EAxP8Wo/V6Rh5Cg4PnwnfJiQ45C+m6h7NTIw0H4UOncv7EBABra6LqF6Uoda9vmv8CpwaXwR557DPchQglFjtm48jWGeVKO3Zyutizu420eRrFZ0GmJo5flvkkCgYEA0SLysOZNxDgjYA0ihVYL6UbCvYUSADuDyTWREOUiRfmxAmS1xN9o7fieCJnA4aAAnSugtT2BI7HEqT1lLz0YF8NRDKL07TNbkmNLIHXBbXA5saf10N2juhflfIm5/b/W9lC3QsngMR27J25Ztqof6Ur36bIKJ6Y6XvYdlkkZkc8CgYEAxeCHUWMvtHtBID9ZOtrZRNhNJ/uz+2rzVSPd6ZdhEUWsvv/0p7JXmSAp2eoJDDKHeSnVxcxQMqhq0/edUSSzSvDpWha8UU4N8hRpu+M0XZNke0ijhpK6NIqNHPvZdsyFD0VR1Vaj2Ruy+pzih6PhqSnn2ZwvpQJAwBnqc2VCJJsCgYAkQr33hAbpxZ4EkmJw4elwye8L8x2a4rbH1TzQxBm8Lj3Nn26Qsve7gwbLkPULabWRirXzlrVkXfcuLNH1bc9Wl2vfGAYFdokjCYpGF4SxF+s47VlGnJc9tdT5UdvorjF0RaxwrRXtDi2b+Zsee8LKrU/sugzesQif3GZm30fKqwKBgQCQHwHP+HMFfAQqLZma8UzwBK7loUEsrHAAoff+K8CKKPoxvxD9lzqQD8oLqpbeaGsdh6fowe/jhaERM7dEI3vm6GK9t/N/MF+d4tpD+67nPPQhiv13haTTodo3swNnsHx1a+K3hLwf5DnOqLehXW59nET+zPAyudpZUEbft2+eYwKBgCMS6SitXwa2UjFNgkMAaOeJjkjnUKcr1tO/zPtaYPugKgkMQB890q4dcq5rnG2onhJ7hkoMwcrFugbD2nub9AIkaMc6Y46jyh2mSeA0337MpoMp99Jmp2/B1rouYo4IRS25b7jk22yjV8ARCzsxFVQxEwA1Lg8YpaXaifuI+/2O"},"public_keys":{"QmeL2mdVka1eahKENjehK6tBxkkpk5dNQ1qMcgWi7Hrb4B":"CAASpgIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChp1HiZxTsLQCaHmW3/cc2ZDZpgLwn5o1/nZPgqT7SyXHP5bn7GQMG3kPEQWcl4nhtLX9hkrBEskHrdIlqp9zXFMwBfat+qfzCylGC/QBDF7wT9umLd7nbq7pAxQXteXgntt2Zhg4gE/kEk7vIyL+P9KpWJZ/yjpykgsDC7NPnrr8qZBo2tL0F4w+33nZhEx7Pp7Rnaq22JM8rF+NHCgSkUh63lp7Vhwm9PQoGtt0XTnEKxrMQnUme/IhGNxs84RphxHc5+nW6jYjgm5bcJonGyPU7bq+v51Mr2Ol4RT3L9ZNJgz0SWTSmAtiBLx2ryLrTjmDPSvN7wLm9sWEdWmRVAgMBAAE="}}

auth/token/spec/token_store.go

@@ -95,15 +95,16 @@ func AssertTokenStoreSpec(t *testing.T, newTokenStore func(context.Context) toke
 	expect := []token.RawToken{
 		{
 			Key: "_root",
-			Raw: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJRbVdZZ0Q0OXI5SG51WEVwcFFFcTFhN1NVVXJ5amE0UU5zOUU2WENIMlBheUNEIiwidXNlcm5hbWUiOiJsb2NhbF91c2VyIn0.hu1B92X8cLBRNtNNiwm_qn4T-s8WlDlsa0swNgeyUPJ921LfojmHobkuW4oRvNEjkq_OP2gkaZ_F0YyUgAM8K-pVg30L-jNG9cqA1EUx4cQ90ZSbMxvXzRmBevBa3Wq-RHErnGw-K7EvtZfuPrp60LuDBKkGCuAwfKV8D9O-6U4lrragFgfw3zWRdovnb28fO2W6sqP8azGDcY8klpysjx7W4V-qVynJ981_ex_G1wPbk1dov59MDlY6yoxt1rucyF5-f4oo9jv6k194Tigw3Uv6JR889kK5x87ruiApghfQIBosAd-hm79Xz0RmLahykoZZTbVASW6NcIPvqvZ5TA",
+			Raw: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJRbVdZZ0Q0OXI5SG51WEVwcFFFcTFhN1NVVXJ5amE0UU5zOUU2WENIMlBheUNEIiwicHJvZmlsZUlEIjoiUW1XWWdENDlyOUhudVhFcHBRRXExYTdTVVVyeWphNFFOczlFNlhDSDJQYXlDRCJ9.ZGWi-Ek60jlARIQFEBx0QnFpq0zrdlXKUOhdJtcyZohaKyeXF4lWnFVlnIFCSa-SKJFMnrdECygVFVAHOyj2wj-lXFSAsLIgZrLcS2kWp4alvc9K448PTy89zcdxPMhhwbR89cc7-5ndOjaxCL1JyiihmeIJbMAJ94z3QaFnhkWrcSUwxYalgYDdFaQChQRtSP454wtC2elXbDXSaJJpOgG0LU_tHun0lUgLHbYI4fG3Xoz-t9ZzuAXSgOKzduKVLRsSvoVmL81wXL2QRnMAnijovglBdkWxDmt7ae005ymd6wPMY-3Oy_2nmTbhSWrx-rcyA3Ce26gGKMEuP-EP8w",
 		},
 		{
 			Key: secondKey,
-			Raw: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi02MjEzNTU5NjgwMCwic3ViIjoiUW1QZUZUTkhjWkRyM1pGRWZGZmVweFM1UHFIQW1mQlJHUU5QSjM4OUN3aDFhcyIsInVzZXJuYW1lIjoidXNlcl8yIn0.WbQzurEYlJ6bdacO6vmcNgDWfrAvwiZXzmdtcRnFLdcAvWafgAEwbJBvqPGIbe_xujNVBExQ9JMu1-TuwhY3889bMuHtDJy7U9vQq9lAXUUNwEbN7I9sRoSfJV_zT6MIleSBUS48HqTrE0_w0Y3qcU53OpfZrOEa1axioKmdTQbsQCOj-J6l25KCSbIYaWju2kNGv3weTkQDbhUBoW_Z9pcuXuMNF6eQeZHNL1hIXz1sVQUE7aB-f_KDbK8XN_sZvNS4CiQfsIw9ig65YRs-mNF04VcDzAZFc-9FGeO0nnRjV9DVhocRCYq4rz4SsT1WFdUbI9lsEXd9t2wz6QUsIQ",
+			Raw: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi02MjEzNTU5NjgwMCwic3ViIjoiUW1QZUZUTkhjWkRyM1pGRWZGZmVweFM1UHFIQW1mQlJHUU5QSjM4OUN3aDFhcyIsInByb2ZpbGVJRCI6IlFtUGVGVE5IY1pEcjNaRkVmRmZlcHhTNVBxSEFtZkJSR1FOUEozODlDd2gxYXMifQ.YakUofrw4mY5kEx8DB2CtBWBiXB6LdNfFd2uvYHRMm2jAS-3GOFy13hOHVhWKDidL4ve3n2bz1mMnSlHpf67gvep1cG8AsAfFaZEJdJPaeovkOvS21y_63o9BVNfpkRkh9QCd65QePHMJfyfwgUAZq2-vLTloiEjB0MX2oUmnF-bIWTUdJ9dsrS8MyzR4CcvPDx-J63n94w6MzK8ddVlUiFRFHx5jkuVfXLrSTaSvQPOq4SUj9sa8kmlk1pazIlTBIUH6raLoDZLxR6nY7Z8Uz-sS4P7bsRkv0647rPva8CmzdC-9SltNNfLC-pxFH1_sGO_fmr30fKyd2-YxOddaQ",
 		},
 	}
 
 	if diff := cmp.Diff(expect, results); diff != "" {
+		t.Log(results)
 		t.Errorf("mistmatched list keys results. (-want +got):\n%s", diff)
 	}
 

auth/token/token.go

@@ -100,9 +100,6 @@ func ParseAuthToken(tokenString string, keystore key.Store) (*Token, error) {
 		}
 		pubKey := keystore.PubKey(pid)
 		if pubKey == nil {
-			for _, pid := range keystore.IDsWithKeys() {
-				fmt.Printf("key %s has a pid\n", pid)
-			}
 			return nil, fmt.Errorf("cannot verify key. missing public key for id %s", claims.Issuer)
 		}
 		rawPubBytes, err := pubKey.Raw()

auth/token/token_test.go

@@ -34,13 +34,13 @@ func TestPrivKeyTokens(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	expect := `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJRbWVMMm1kVmthMWVhaEtFTmplaEs2dEJ4a2twazVkTlExcU1jZ1dpN0hyYjRCIiwidXNlcm5hbWUiOiJkb3VnIn0.ZNVGEvqDvCsY1H8dsWJILCIrcOTlLxC_5F-in7jWyfmT4RDatk3-ygVCCH-tYqvXx3dzf-U7qOSR8aR3E5Irvax84WoT0nwR7m51R36WaLPt_dXvtb4jLpjuqUdj5hGdBl2OA-UUuIlI7EzBftlNi6AMDQkcYbX8JWT-Jk47cVxM9f9DWDZphQlgEGm6Czdk5SCfIX1oORkN58zwIaOqP29aba6gzTgl3BMaTAJUkzy-i8dD98xLQXdXIYHxUzsLPAD-WjIEf7lmMetz2ls8okYq8EGyHVYhko_b6t8b5_VZA-GnFnB8D2JkAlcWEIJ_jxuNHHK7g0MTF1GPUT4s1A`
+	expect := `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJRbWVMMm1kVmthMWVhaEtFTmplaEs2dEJ4a2twazVkTlExcU1jZ1dpN0hyYjRCIiwicHJvZmlsZUlEIjoiUW1lTDJtZFZrYTFlYWhLRU5qZWhLNnRCeGtrcGs1ZE5RMXFNY2dXaTdIcmI0QiJ9.GG4qKXSUPCFS0a_xuU8NZcRyCPTKvZIObwZQY5bhwnS9hJaxekHOGfIrRsps2tMJJPK4dUSML7dkOs_norVcuhZ4fcmVcJDT_Jel-5DwgxojLS-7ci-tO7NyU1urv7TlfNCUBWiAIoUGj9mkXZYfxVNA0GSssBvKkK4gHbONqHyLc2afkox07-vVOXdwHtVMBMIN-sQGsMHuVze8UJPJRrL2LTRVaYKRaKYwLrt1IG2fFCIpt6xNG93DVkaFV8CezHHXp9rsGtx6FcZUxyONyhTNROQRcJ756DQDLcOup3w435oWzwdanQ-wqGAwhJuy49Pbf2s3ysujMxxITWya4g`
 	if expect != tokenString {
 		t.Errorf("token mismatch. expected: %q.\ngot: %q", expect, tokenString)
 	}
 
 	tokenWithExpiryString, err := tokens.CreateToken(pro, time.Hour)
-	expect = `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi02MjEzNTU5MzIwMCwic3ViIjoiUW1lTDJtZFZrYTFlYWhLRU5qZWhLNnRCeGtrcGs1ZE5RMXFNY2dXaTdIcmI0QiIsInVzZXJuYW1lIjoiZG91ZyJ9.d7XPhsj7hkyxg1JzC59hfu90RYem5q6Pie-ofJhdlGk_sY5bH8gcqG90LndMh4_LglEvtrwf_SVFcM1b78qhNon_Yo91kG_K_MmyExa-AlpY65Ji_kpRWcnI8hl-mxrZ2MzxPjvAEOa6c80DUWgTFKlkrgf9RnZlqq-nHnxHHXbVKYI3girsDgWynaIhR53yMBDIhbTCZaQ8XKtU_Pr0L1dJAW7YvOo2H01VM4LI_UQqhCmEbTnQX1Zee0tg88IMzLl7WsdNNOzUsf7dCYWGerLtzxGbxR0wweXbqVJBlzIl0Upke8-FBuZIbcdGSniy4DX643KrNnp_FnzQ8oBHTA`
+	expect = `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi02MjEzNTU5MzIwMCwic3ViIjoiUW1lTDJtZFZrYTFlYWhLRU5qZWhLNnRCeGtrcGs1ZE5RMXFNY2dXaTdIcmI0QiIsInByb2ZpbGVJRCI6IlFtZUwybWRWa2ExZWFoS0VOamVoSzZ0Qnhra3BrNWROUTFxTWNnV2k3SHJiNEIifQ.JCiCgabd3cx8yoZcxD-N6ajyoLJ8wpZJjJ6EwWrP1QPvC9_CMRchxtMSLh0iudHLUIv8iFOykcjTCOtK2Mo9QlAF2k1EkV6Bvarxg-BaFhvU1cI1dll5tbDvDs5RVDWi7nSlGEe5nsQwjJXPVZjCKtVR2l-4_iI8FKDUdKI92TJUWiAJ7M1wuK4Do0mtkJxwzjCU_B_9Dxq4qvptAGTAydSQS6z3MPYOXa_I6x9MlRw6vVx6wMoU6Z3NH_pvctLVSvmDyZjst1kZxl__FBAqqjwRfjtijaO9dEDPcHbpN0f26e_MswOJDtPtD2_Yke5GpwfbeC-aUwaWtAvxnCnLqA`
 	if expect != tokenWithExpiryString {
 		t.Errorf("token mismatch. expected: %q.\ngot: %q", expect, tokenWithExpiryString)
 	}

profile/store.go

@@ -308,12 +308,15 @@ func NewLocalStore(filename string, owner *Profile, ks key.Store) (Store, error)
 		return nil, err
 	}
 
-	return &LocalStore{
+	s := &LocalStore{
 		owner:    owner,
 		keyStore: ks,
 		filename: filename,
 		flock:    flock.NewFlock(lockPath(filename)),
-	}, nil
+	}
+
+	err := s.PutProfile(owner)
+	return s, err
 }
 
 func lockPath(filename string) string {
@@ -448,10 +451,6 @@ func (r *LocalStore) GetProfile(id ID) (*Profile, error) {
 	r.Lock()
 	defer r.Unlock()
 
-	if id == r.owner.ID {
-		return r.owner, nil
-	}
-
 	ps, err := r.profiles()
 	if err != nil {
 		return nil, err
@@ -484,9 +483,6 @@ func (r *LocalStore) ProfilesForUsername(username string) ([]*Profile, error) {
 	}
 
 	var res []*Profile
-	if username == r.owner.Peername {
-		res = append(res, r.owner)
-	}
 
 	for id, p := range ps {
 		if p.Peername == username {

profile/store_test.go

@@ -1,6 +1,7 @@
 package profile
 
 import (
+	"encoding/json"
 	"errors"
 	"io/ioutil"
 	"os"
@@ -45,7 +46,12 @@ func TestPutProfileWithAddresses(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	ps, err := NewLocalStore(filepath.Join(path, "profiles.json"), &Profile{PrivKey: kd0.PrivKey, Peername: "user"}, ks)
+	owner := &Profile{
+		ID:       ID(kd0.PeerID),
+		Peername: "user",
+		PrivKey:  kd0.PrivKey,
+	}
+	ps, err := NewLocalStore(filepath.Join(path, "profiles.json"), owner, ks)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -55,18 +61,28 @@ func TestPutProfileWithAddresses(t *testing.T) {
 		t.Errorf("error putting profile: %s", err.Error())
 	}
 
-	golden := "testdata/simple.json"
-	path = filepath.Join(path, "profiles.json")
-	f1, err := ioutil.ReadFile(golden)
+	goldenFilepath := "testdata/simple.json"
+	gf, err := ioutil.ReadFile(goldenFilepath)
 	if err != nil {
 		t.Errorf("error reading golden file: %s", err.Error())
 	}
-	f2, err := ioutil.ReadFile(path)
+	golden := map[string]interface{}{}
+	if err := json.Unmarshal(gf, &golden); err != nil {
+		t.Fatal(err)
+	}
+
+	path = filepath.Join(path, "profiles.json")
+	f, err := ioutil.ReadFile(path)
 	if err != nil {
 		t.Errorf("error reading written file: %s", err.Error())
 	}
+	got := map[string]interface{}{}
+	if err := json.Unmarshal(f, &got); err != nil {
+		t.Fatal(err)
+	}
 
-	if diff := cmp.Diff(f1, f2); diff != "" {
+	t.Log(string(f))
+	if diff := cmp.Diff(golden, got); diff != "" {
 		t.Errorf("result mismatch (-want +got):\n%s", diff)
 	}
 }
@@ -84,7 +100,12 @@ func TestProfilesWithKeys(t *testing.T) {
 		t.Errorf("error creating tmp directory: %s", err.Error())
 	}
 
-	ps, err := NewLocalStore(filepath.Join(path, "profiles.json"), &Profile{PrivKey: kd0.PrivKey, Peername: "user"}, ks)
+	owner := &Profile{
+		ID:       ID(kd0.PeerID),
+		Peername: "user",
+		PrivKey:  kd0.PrivKey,
+	}
+	ps, err := NewLocalStore(filepath.Join(path, "profiles.json"), owner, ks)
 	if err != nil {
 		t.Fatal(err)
 	}

profile/testdata/simple.json

@@ -1 +1 @@
-{"QmU27VdAEUL5NGM6oB56htTxvHLfcGZgsgxrJTdVr2k4zs":{"id":"QmU27VdAEUL5NGM6oB56htTxvHLfcGZgsgxrJTdVr2k4zs","peername":"test_peername","created":"2009-02-13T23:31:30Z","updated":"2009-02-13T23:31:30Z","type":"peer","email":"","name":"","description":"","homeurl":"","color":"","thumb":"","photo":"","poster":"","twitter":"","peerIDs":["/ipfs/Qmb9Gy14GuCjrhRSjGJQpf5JkgdEdbZrV81Tz4x3ZDreY3"]}}
+{"QmU27VdAEUL5NGM6oB56htTxvHLfcGZgsgxrJTdVr2k4zs":{"id":"QmU27VdAEUL5NGM6oB56htTxvHLfcGZgsgxrJTdVr2k4zs","peername":"test_peername","created":"2009-02-13T23:31:30Z","updated":"2009-02-13T23:31:30Z","type":"peer","email":"","name":"","description":"","homeurl":"","color":"","thumb":"","photo":"","poster":"","twitter":"","peerIDs":["/ipfs/Qmb9Gy14GuCjrhRSjGJQpf5JkgdEdbZrV81Tz4x3ZDreY3"]},"QmeL2mdVka1eahKENjehK6tBxkkpk5dNQ1qMcgWi7Hrb4B":{"id":"QmeL2mdVka1eahKENjehK6tBxkkpk5dNQ1qMcgWi7Hrb4B","privkey":"CAASqAkwggSkAgEAAoIBAQChp1HiZxTsLQCaHmW3/cc2ZDZpgLwn5o1/nZPgqT7SyXHP5bn7GQMG3kPEQWcl4nhtLX9hkrBEskHrdIlqp9zXFMwBfat+qfzCylGC/QBDF7wT9umLd7nbq7pAxQXteXgntt2Zhg4gE/kEk7vIyL+P9KpWJZ/yjpykgsDC7NPnrr8qZBo2tL0F4w+33nZhEx7Pp7Rnaq22JM8rF+NHCgSkUh63lp7Vhwm9PQoGtt0XTnEKxrMQnUme/IhGNxs84RphxHc5+nW6jYjgm5bcJonGyPU7bq+v51Mr2Ol4RT3L9ZNJgz0SWTSmAtiBLx2ryLrTjmDPSvN7wLm9sWEdWmRVAgMBAAECggEBAJMumrl+jWgz2TZ5sreBEp6NQ5VvpuDVY8PrnzaQIikdTMizK1BaB417VUwdGGM//dG5+R7HxkHl42sT4gH/8GzL/Krm1vwunXplZy3SWSi9NXsf9qgLTGebxasvOCRt0l6mesFLcxT12ma2c+VuEixp4aUqAKWB/1Ex03wm0RFBcSttPHe5ODW8Eaz+ZU8cpObEcZdCIPVxeWqLVdkAImOmsknL0EAxP8Wo/V6Rh5Cg4PnwnfJiQ45C+m6h7NTIw0H4UOncv7EBABra6LqF6Uoda9vmv8CpwaXwR557DPchQglFjtm48jWGeVKO3Zyutizu420eRrFZ0GmJo5flvkkCgYEA0SLysOZNxDgjYA0ihVYL6UbCvYUSADuDyTWREOUiRfmxAmS1xN9o7fieCJnA4aAAnSugtT2BI7HEqT1lLz0YF8NRDKL07TNbkmNLIHXBbXA5saf10N2juhflfIm5/b/W9lC3QsngMR27J25Ztqof6Ur36bIKJ6Y6XvYdlkkZkc8CgYEAxeCHUWMvtHtBID9ZOtrZRNhNJ/uz+2rzVSPd6ZdhEUWsvv/0p7JXmSAp2eoJDDKHeSnVxcxQMqhq0/edUSSzSvDpWha8UU4N8hRpu+M0XZNke0ijhpK6NIqNHPvZdsyFD0VR1Vaj2Ruy+pzih6PhqSnn2ZwvpQJAwBnqc2VCJJsCgYAkQr33hAbpxZ4EkmJw4elwye8L8x2a4rbH1TzQxBm8Lj3Nn26Qsve7gwbLkPULabWRirXzlrVkXfcuLNH1bc9Wl2vfGAYFdokjCYpGF4SxF+s47VlGnJc9tdT5UdvorjF0RaxwrRXtDi2b+Zsee8LKrU/sugzesQif3GZm30fKqwKBgQCQHwHP+HMFfAQqLZma8UzwBK7loUEsrHAAoff+K8CKKPoxvxD9lzqQD8oLqpbeaGsdh6fowe/jhaERM7dEI3vm6GK9t/N/MF+d4tpD+67nPPQhiv13haTTodo3swNnsHx1a+K3hLwf5DnOqLehXW59nET+zPAyudpZUEbft2+eYwKBgCMS6SitXwa2UjFNgkMAaOeJjkjnUKcr1tO/zPtaYPugKgkMQB890q4dcq5rnG2onhJ7hkoMwcrFugbD2nub9AIkaMc6Y46jyh2mSeA0337MpoMp99Jmp2/B1rouYo4IRS25b7jk22yjV8ARCzsxFVQxEwA1Lg8YpaXaifuI+/2O","peername":"user","created":"0001-01-01T00:00:00Z","updated":"0001-01-01T00:00:00Z","type":"peer","email":"","name":"","description":"","homeurl":"","color":"","thumb":"","photo":"","poster":"","twitter":""}}