Search in sources :

Example 1 with SignerInitializationException

use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.

the class AzureKeyVaultSigner method sign.

@Override
public Signature sign(byte[] data) {
    final AzureKeyVault vault;
    try {
        vault = createUsingClientSecretCredentials(config.getClientId(), config.getClientSecret(), config.getTenantId(), config.getKeyVaultName());
    } catch (final Exception e) {
        LOG.error("Failed to connect to vault", e);
        throw new SignerInitializationException(INACCESSIBLE_KEY_ERROR, e);
    }
    final CryptographyClient cryptoClient = vault.fetchKey(config.getKeyName(), config.getKeyVersion());
    final byte[] dataToSign = needsToHash ? Hash.sha3(data) : data;
    final SignResult result = cryptoClient.sign(signingAlgo, dataToSign);
    final byte[] signature = result.getSignature();
    if (signature.length != 64) {
        throw new RuntimeException("Invalid signature from the key vault signing service, must be 64 bytes long");
    }
    // reference: blog by Tomislav Markovski
    // https://tomislav.tech/2018-02-05-ethereum-keyvault-signing-transactions/
    // The output of this will be a 64 byte array. The first 32 are the value for R and the rest is
    // S.
    final BigInteger R = new BigInteger(1, Arrays.copyOfRange(signature, 0, 32));
    final BigInteger S = new BigInteger(1, Arrays.copyOfRange(signature, 32, 64));
    // The Azure Signature MAY be in the "top" of the curve, which is illegal in Ethereum
    // thus it must be transposed to the lower intersection.
    final ECDSASignature initialSignature = new ECDSASignature(R, S);
    final ECDSASignature canonicalSignature = initialSignature.toCanonicalised();
    // Now we have to work backwards to figure out the recId needed to recover the signature.
    final int recId = recoverKeyIndex(canonicalSignature, dataToSign);
    if (recId == -1) {
        throw new RuntimeException("Could not construct a recoverable key. Are your credentials valid?");
    }
    final int headerByte = recId + 27;
    return new Signature(BigInteger.valueOf(headerByte), canonicalSignature.r, canonicalSignature.s);
}
Also used : SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException) SignResult(com.azure.security.keyvault.keys.cryptography.models.SignResult) Signature(tech.pegasys.signers.secp256k1.api.Signature) ECDSASignature(org.web3j.crypto.ECDSASignature) BigInteger(java.math.BigInteger) ECDSASignature(org.web3j.crypto.ECDSASignature) AzureKeyVault(tech.pegasys.signers.azure.AzureKeyVault) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException)

Example 2 with SignerInitializationException

use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.

the class AzureKeyVaultSignerFactory method createSigner.

public Signer createSigner(final AzureConfig config) {
    checkNotNull(config, "Config must be specified");
    final AzureKeyVault vault;
    try {
        vault = createUsingClientSecretCredentials(config.getClientId(), config.getClientSecret(), config.getTenantId(), config.getKeyVaultName());
    } catch (final Exception e) {
        LOG.error("Failed to connect to vault", e);
        throw new SignerInitializationException(INACCESSIBLE_KEY_ERROR, e);
    }
    final CryptographyClient cryptoClient;
    try {
        cryptoClient = vault.fetchKey(config.getKeyName(), config.getKeyVersion());
    } catch (final Exception e) {
        LOG.error("Unable to load key {}", e.getMessage());
        throw new SignerInitializationException(INVALID_KEY_PARAMETERS_ERROR, e);
    }
    final JsonWebKey jsonWebKey = cryptoClient.getKey().getKey();
    final String curveName = jsonWebKey.getCurveName().toString();
    if (!SUPPORTED_CURVE_NAMES.contains(curveName)) {
        LOG.error("Unsupported curve name: {}. Expecting one of {}.", curveName, SUPPORTED_CURVE_NAMES);
        throw new SignerInitializationException(UNSUPPORTED_CURVE_NAME);
    }
    final Bytes rawPublicKey = Bytes.concatenate(Bytes.wrap(jsonWebKey.getX()), Bytes.wrap(jsonWebKey.getY()));
    final boolean useDeprecatedCurveName = DEPRECATED_CURVE_NAME.equals(curveName);
    return new AzureKeyVaultSigner(config, rawPublicKey, needsToHash, useDeprecatedCurveName);
}
Also used : SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException) Bytes(org.apache.tuweni.bytes.Bytes) JsonWebKey(com.azure.security.keyvault.keys.models.JsonWebKey) AzureKeyVault(tech.pegasys.signers.azure.AzureKeyVault) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException)

Example 3 with SignerInitializationException

use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.

the class MultiKeySignerProvider method createSigner.

@Override
public Signer createSigner(final AzureSigningMetadataFile metadataFile) {
    try {
        final AzureConfig config = metadataFile.getConfig();
        final AzureKeyVaultSignerFactory azureFactory = new AzureKeyVaultSignerFactory();
        return azureFactory.createSigner(config);
    } catch (final SignerInitializationException e) {
        LOG.error("Failed to construct Azure signer from " + metadataFile.getFilename());
        return null;
    }
}
Also used : SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException) AzureConfig(tech.pegasys.signers.secp256k1.azure.AzureConfig) AzureKeyVaultSignerFactory(tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)

Example 4 with SignerInitializationException

use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.

the class HashicorpSignerFactory method create.

public Signer create(final HashicorpKeyConfig keyConfig) {
    try {
        final HashicorpConnectionFactory connectionFactory = new HashicorpConnectionFactory(vertx);
        final HashicorpConnection connection = connectionFactory.create(keyConfig.getConnectionParams());
        final String secret = connection.fetchKey(keyConfig.getKeyDefinition());
        final Credentials credentials = Credentials.create(secret);
        return new CredentialSigner(credentials);
    } catch (final HashicorpException e) {
        throw new SignerInitializationException("Failed to extract secret from Hashicorp vault.", e);
    }
}
Also used : SignerInitializationException(tech.pegasys.signers.secp256k1.common.SignerInitializationException) CredentialSigner(tech.pegasys.signers.secp256k1.filebased.CredentialSigner) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) HashicorpConnection(tech.pegasys.signers.hashicorp.HashicorpConnection) HashicorpException(tech.pegasys.signers.hashicorp.HashicorpException) Credentials(org.web3j.crypto.Credentials)

Aggregations

SignerInitializationException (tech.pegasys.signers.secp256k1.common.SignerInitializationException)4 CryptographyClient (com.azure.security.keyvault.keys.cryptography.CryptographyClient)2 AzureKeyVault (tech.pegasys.signers.azure.AzureKeyVault)2 SignResult (com.azure.security.keyvault.keys.cryptography.models.SignResult)1 JsonWebKey (com.azure.security.keyvault.keys.models.JsonWebKey)1 BigInteger (java.math.BigInteger)1 Bytes (org.apache.tuweni.bytes.Bytes)1 Credentials (org.web3j.crypto.Credentials)1 ECDSASignature (org.web3j.crypto.ECDSASignature)1 HashicorpConnection (tech.pegasys.signers.hashicorp.HashicorpConnection)1 HashicorpConnectionFactory (tech.pegasys.signers.hashicorp.HashicorpConnectionFactory)1 HashicorpException (tech.pegasys.signers.hashicorp.HashicorpException)1 Signature (tech.pegasys.signers.secp256k1.api.Signature)1 AzureConfig (tech.pegasys.signers.secp256k1.azure.AzureConfig)1 AzureKeyVaultSignerFactory (tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)1 CredentialSigner (tech.pegasys.signers.secp256k1.filebased.CredentialSigner)1