Search in sources :

Example 1 with HashicorpConnectionFactory

use of tech.pegasys.signers.hashicorp.HashicorpConnectionFactory in project web3signer by ConsenSys.

the class Eth2Runner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final List<ArtifactSigner> signers = Lists.newArrayList();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
            final AwsSecretsManagerProvider awsSecretsManagerProvider = new AwsSecretsManagerProvider(awsCacheMaximumSize)) {
            final AbstractArtifactSignerFactory artifactSignerFactory = new BlsArtifactSignerFactory(config.getKeyConfigPath(), metricsSystem, hashicorpConnectionFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new BlsArtifactSigner(args.getKeyPair(), args.getOrigin(), args.getPath()));
            signers.addAll(new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(artifactSignerFactory))));
        }
        if (azureKeyVaultParameters.isAzureKeyVaultEnabled()) {
            signers.addAll(loadAzureSigners());
        }
        if (keystoresParameters.isEnabled()) {
            final BlsKeystoreBulkLoader blsKeystoreBulkLoader = new BlsKeystoreBulkLoader();
            final Collection<ArtifactSigner> keystoreSigners = keystoresParameters.hasKeystoresPasswordsPath() ? blsKeystoreBulkLoader.loadKeystoresUsingPasswordDir(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordsPath()) : blsKeystoreBulkLoader.loadKeystoresUsingPasswordFile(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordFile());
            signers.addAll(keystoreSigners);
        }
        final List<Bytes> validators = signers.stream().map(ArtifactSigner::getIdentifier).map(Bytes::fromHexString).collect(Collectors.toList());
        if (validators.isEmpty()) {
            LOG.warn("No BLS keys loaded. Check that the key store has BLS key config files");
        } else {
            slashingProtectionContext.ifPresent(context -> context.getRegisteredValidators().registerValidators(validators));
        }
        return signers;
    });
}
Also used : BlsKeystoreBulkLoader(tech.pegasys.web3signer.signing.BlsKeystoreBulkLoader) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) AbstractArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.AbstractArtifactSignerFactory) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) Bytes(org.apache.tuweni.bytes.Bytes) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) BlsArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.BlsArtifactSignerFactory)

Example 2 with HashicorpConnectionFactory

use of tech.pegasys.signers.hashicorp.HashicorpConnectionFactory in project web3signer by ConsenSys.

the class FilecoinRunner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final AzureKeyVaultSignerFactory azureFactory = new AzureKeyVaultSignerFactory();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
            final AwsSecretsManagerProvider awsSecretsManagerProvider = new AwsSecretsManagerProvider(AWS_CACHE_MAXIMUM_SIZE)) {
            final AbstractArtifactSignerFactory blsArtifactSignerFactory = new BlsArtifactSignerFactory(config.getKeyConfigPath(), metricsSystem, hashicorpConnectionFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new FcBlsArtifactSigner(args.getKeyPair(), network));
            final AbstractArtifactSignerFactory secpArtifactSignerFactory = new Secp256k1ArtifactSignerFactory(hashicorpConnectionFactory, config.getKeyConfigPath(), azureFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, signer -> new FcSecpArtifactSigner(signer, network), false);
            return new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(blsArtifactSignerFactory, secpArtifactSignerFactory)));
        }
    });
}
Also used : HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) FcBlsArtifactSigner(tech.pegasys.web3signer.signing.FcBlsArtifactSigner) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) AbstractArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.AbstractArtifactSignerFactory) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) Secp256k1ArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.Secp256k1ArtifactSignerFactory) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) BlsArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.BlsArtifactSignerFactory) FcSecpArtifactSigner(tech.pegasys.web3signer.signing.FcSecpArtifactSigner) AzureKeyVaultSignerFactory(tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)

Example 3 with HashicorpConnectionFactory

use of tech.pegasys.signers.hashicorp.HashicorpConnectionFactory in project web3signer by ConsenSys.

the class Eth1Runner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final AzureKeyVaultSignerFactory azureFactory = new AzureKeyVaultSignerFactory();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider()) {
            final Secp256k1ArtifactSignerFactory ethSecpArtifactSignerFactory = new Secp256k1ArtifactSignerFactory(hashicorpConnectionFactory, config.getKeyConfigPath(), azureFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, EthSecpArtifactSigner::new, true);
            return new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(ethSecpArtifactSignerFactory)));
        }
    });
}
Also used : YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) EthSecpArtifactSigner(tech.pegasys.web3signer.signing.EthSecpArtifactSigner) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) Secp256k1ArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.Secp256k1ArtifactSignerFactory) AzureKeyVaultSignerFactory(tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)

Example 4 with HashicorpConnectionFactory

use of tech.pegasys.signers.hashicorp.HashicorpConnectionFactory in project web3signer by ConsenSys.

the class BlsArtifactSignerFactoryTest method setup.

@BeforeEach
void setup() throws IOException {
    vertx = Vertx.vertx();
    interlockKeyProvider = new InterlockKeyProvider(vertx);
    yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
    awsSecretsManagerProvider = new AwsSecretsManagerProvider(100);
    artifactSignerFactory = new BlsArtifactSignerFactory(configDir, new NoOpMetricsSystem(), new HashicorpConnectionFactory(vertx), interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new BlsArtifactSigner(args.getKeyPair(), args.getOrigin()));
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) Cipher(tech.pegasys.signers.bls.keystore.model.Cipher) KeyStoreLoader(tech.pegasys.signers.bls.keystore.KeyStoreLoader) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Bytes(org.apache.tuweni.bytes.Bytes) NoOpMetricsSystem(org.hyperledger.besu.metrics.noop.NoOpMetricsSystem) BLSKeyPair(tech.pegasys.teku.bls.BLSKeyPair) KeyType(tech.pegasys.web3signer.signing.KeyType) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) BeforeAll(org.junit.jupiter.api.BeforeAll) CipherFunction(tech.pegasys.signers.bls.keystore.model.CipherFunction) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) Path(java.nio.file.Path) KeyStore(tech.pegasys.signers.bls.keystore.KeyStore) Files(java.nio.file.Files) BLSPublicKey(tech.pegasys.teku.bls.BLSPublicKey) Vertx(io.vertx.core.Vertx) IOException(java.io.IOException) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) KeyStoreData(tech.pegasys.signers.bls.keystore.model.KeyStoreData) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) AssertionsForClassTypes.fail(org.assertj.core.api.AssertionsForClassTypes.fail) SCryptParam(tech.pegasys.signers.bls.keystore.model.SCryptParam) Test(org.junit.jupiter.api.Test) AfterEach(org.junit.jupiter.api.AfterEach) KdfParam(tech.pegasys.signers.bls.keystore.model.KdfParam) TempDir(org.junit.jupiter.api.io.TempDir) Bytes48(org.apache.tuweni.bytes.Bytes48) BLSTestUtil(tech.pegasys.web3signer.BLSTestUtil) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) NoOpMetricsSystem(org.hyperledger.besu.metrics.noop.NoOpMetricsSystem) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 5 with HashicorpConnectionFactory

use of tech.pegasys.signers.hashicorp.HashicorpConnectionFactory in project signers by ConsenSys.

the class HashicorpSignerFactory method create.

public Signer create(final HashicorpKeyConfig keyConfig) {
    try {
        final HashicorpConnectionFactory connectionFactory = new HashicorpConnectionFactory(vertx);
        final HashicorpConnection connection = connectionFactory.create(keyConfig.getConnectionParams());
        final String secret = connection.fetchKey(keyConfig.getKeyDefinition());
        final Credentials credentials = Credentials.create(secret);
        return new CredentialSigner(credentials);
    } catch (final HashicorpException e) {
        throw new SignerInitializationException("Failed to extract secret from Hashicorp vault.", e);
    }
}
Also used : SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException) CredentialSigner(tech.pegasys.signers.secp256k1.filebased.CredentialSigner) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) HashicorpConnection(tech.pegasys.signers.hashicorp.HashicorpConnection) HashicorpException(tech.pegasys.signers.hashicorp.HashicorpException) Credentials(org.web3j.crypto.Credentials)

Aggregations

HashicorpConnectionFactory (tech.pegasys.signers.hashicorp.HashicorpConnectionFactory)7 InterlockKeyProvider (tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider)4 YubiHsmOpaqueDataProvider (tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider)4 Bytes (org.apache.tuweni.bytes.Bytes)3 AwsSecretsManagerProvider (tech.pegasys.signers.aws.AwsSecretsManagerProvider)3 Vertx (io.vertx.core.Vertx)2 IOException (java.io.IOException)2 Files (java.nio.file.Files)2 Path (java.nio.file.Path)2 Bytes48 (org.apache.tuweni.bytes.Bytes48)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)2 AssertionsForClassTypes.fail (org.assertj.core.api.AssertionsForClassTypes.fail)2 NoOpMetricsSystem (org.hyperledger.besu.metrics.noop.NoOpMetricsSystem)2 AfterEach (org.junit.jupiter.api.AfterEach)2 BeforeAll (org.junit.jupiter.api.BeforeAll)2 BeforeEach (org.junit.jupiter.api.BeforeEach)2 Test (org.junit.jupiter.api.Test)2 TempDir (org.junit.jupiter.api.io.TempDir)2 KeyStore (tech.pegasys.signers.bls.keystore.KeyStore)2