test(signing): add signing session test script

Created test_signing.go to test MPC signing functionality:
- Generates JWT token for authentication
- Creates SHA-256 hash of test message
- Calls POST /api/v1/mpc/sign API
- Tests signing with persistent parties (non-delegate mode)

Usage: go run test_signing.go

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

backend/mpc-system/test_signing.go

@@ -0,0 +1,125 @@
+package main
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+type Claims struct {
+	SessionID string `json:"session_id"`
+	PartyID   string `json:"party_id"`
+	TokenType string `json:"token_type"`
+	jwt.RegisteredClaims
+}
+
+func generateAccessToken(secretKey, userID, username string) (string, error) {
+	now := time.Now()
+	claims := Claims{
+		PartyID:   username,
+		TokenType: "access",
+		RegisteredClaims: jwt.RegisteredClaims{
+			ID:        uuid.New().String(),
+			Issuer:    "mpc-system",
+			Subject:   userID,
+			IssuedAt:  jwt.NewNumericDate(now),
+			NotBefore: jwt.NewNumericDate(now),
+			ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(secretKey))
+}
+
+func main() {
+	// Get JWT secret from environment or use test value
+	jwtSecret := os.Getenv("JWT_SECRET_KEY")
+	if jwtSecret == "" {
+		jwtSecret = "change_this_jwt_secret_key_to_random_value_min_32_chars"
+	}
+
+	// Generate access token
+	token, err := generateAccessToken(jwtSecret, "admin", "admin")
+	if err != nil {
+		fmt.Printf("Failed to generate token: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Generated JWT token: %s\n\n", token)
+
+	// Create a test message to sign
+	testMessage := "Hello, MPC Signing Test!"
+	messageHash := sha256.Sum256([]byte(testMessage))
+	messageHashHex := hex.EncodeToString(messageHash[:])
+
+	fmt.Printf("Message: %s\n", testMessage)
+	fmt.Printf("Message Hash (SHA-256): %s\n\n", messageHashHex)
+
+	// Create signing session via account-service
+	signingData := map[string]interface{}{
+		"username":     "admin",
+		"message_hash": messageHashHex,
+	}
+
+	jsonData, err := json.Marshal(signingData)
+	if err != nil {
+		fmt.Printf("Failed to marshal JSON: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Get API key from environment or use test value
+	apiKey := os.Getenv("MPC_API_KEY")
+	if apiKey == "" {
+		apiKey = "test-api-key"
+	}
+
+	// Call account-service API
+	req, err := http.NewRequest("POST", "http://localhost:4000/api/v1/mpc/sign", bytes.NewBuffer(jsonData))
+	if err != nil {
+		fmt.Printf("Failed to create request: %v\n", err)
+		os.Exit(1)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("X-API-Key", apiKey)
+	req.Header.Set("Authorization", "Bearer "+token)
+
+	client := &http.Client{Timeout: 120 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Printf("Failed to send request: %v\n", err)
+		os.Exit(1)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		fmt.Printf("Failed to read response: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Response status: %s\n", resp.Status)
+	fmt.Printf("Response body: %s\n", string(body))
+
+	if resp.StatusCode == 200 || resp.StatusCode == 201 {
+		var result map[string]interface{}
+		if err := json.Unmarshal(body, &result); err == nil {
+			if sessionID, ok := result["session_id"].(string); ok {
+				fmt.Printf("\n✓ Signing session created successfully: %s\n", sessionID)
+			}
+			if signature, ok := result["signature"].(string); ok {
+				fmt.Printf("✓ Signature: %s\n", signature)
+			}
+		}
+	}
+}