use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.
the class AzureKeyVaultSigner method sign.
@Override
public Signature sign(byte[] data) {
final AzureKeyVault vault;
try {
vault = createUsingClientSecretCredentials(config.getClientId(), config.getClientSecret(), config.getTenantId(), config.getKeyVaultName());
} catch (final Exception e) {
LOG.error("Failed to connect to vault", e);
throw new SignerInitializationException(INACCESSIBLE_KEY_ERROR, e);
}
final CryptographyClient cryptoClient = vault.fetchKey(config.getKeyName(), config.getKeyVersion());
final byte[] dataToSign = needsToHash ? Hash.sha3(data) : data;
final SignResult result = cryptoClient.sign(signingAlgo, dataToSign);
final byte[] signature = result.getSignature();
if (signature.length != 64) {
throw new RuntimeException("Invalid signature from the key vault signing service, must be 64 bytes long");
}
// reference: blog by Tomislav Markovski
// https://tomislav.tech/2018-02-05-ethereum-keyvault-signing-transactions/
// The output of this will be a 64 byte array. The first 32 are the value for R and the rest is
// S.
final BigInteger R = new BigInteger(1, Arrays.copyOfRange(signature, 0, 32));
final BigInteger S = new BigInteger(1, Arrays.copyOfRange(signature, 32, 64));
// The Azure Signature MAY be in the "top" of the curve, which is illegal in Ethereum
// thus it must be transposed to the lower intersection.
final ECDSASignature initialSignature = new ECDSASignature(R, S);
final ECDSASignature canonicalSignature = initialSignature.toCanonicalised();
// Now we have to work backwards to figure out the recId needed to recover the signature.
final int recId = recoverKeyIndex(canonicalSignature, dataToSign);
if (recId == -1) {
throw new RuntimeException("Could not construct a recoverable key. Are your credentials valid?");
}
final int headerByte = recId + 27;
return new Signature(BigInteger.valueOf(headerByte), canonicalSignature.r, canonicalSignature.s);
}
use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.
the class AzureKeyVaultSignerFactory method createSigner.
public Signer createSigner(final AzureConfig config) {
checkNotNull(config, "Config must be specified");
final AzureKeyVault vault;
try {
vault = createUsingClientSecretCredentials(config.getClientId(), config.getClientSecret(), config.getTenantId(), config.getKeyVaultName());
} catch (final Exception e) {
LOG.error("Failed to connect to vault", e);
throw new SignerInitializationException(INACCESSIBLE_KEY_ERROR, e);
}
final CryptographyClient cryptoClient;
try {
cryptoClient = vault.fetchKey(config.getKeyName(), config.getKeyVersion());
} catch (final Exception e) {
LOG.error("Unable to load key {}", e.getMessage());
throw new SignerInitializationException(INVALID_KEY_PARAMETERS_ERROR, e);
}
final JsonWebKey jsonWebKey = cryptoClient.getKey().getKey();
final String curveName = jsonWebKey.getCurveName().toString();
if (!SUPPORTED_CURVE_NAMES.contains(curveName)) {
LOG.error("Unsupported curve name: {}. Expecting one of {}.", curveName, SUPPORTED_CURVE_NAMES);
throw new SignerInitializationException(UNSUPPORTED_CURVE_NAME);
}
final Bytes rawPublicKey = Bytes.concatenate(Bytes.wrap(jsonWebKey.getX()), Bytes.wrap(jsonWebKey.getY()));
final boolean useDeprecatedCurveName = DEPRECATED_CURVE_NAME.equals(curveName);
return new AzureKeyVaultSigner(config, rawPublicKey, needsToHash, useDeprecatedCurveName);
}
use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.
the class MultiKeySignerProvider method createSigner.
@Override
public Signer createSigner(final AzureSigningMetadataFile metadataFile) {
try {
final AzureConfig config = metadataFile.getConfig();
final AzureKeyVaultSignerFactory azureFactory = new AzureKeyVaultSignerFactory();
return azureFactory.createSigner(config);
} catch (final SignerInitializationException e) {
LOG.error("Failed to construct Azure signer from " + metadataFile.getFilename());
return null;
}
}
use of tech.pegasys.signers.secp256k1.common.SignerInitializationException in project signers by ConsenSys.
the class HashicorpSignerFactory method create.
public Signer create(final HashicorpKeyConfig keyConfig) {
try {
final HashicorpConnectionFactory connectionFactory = new HashicorpConnectionFactory(vertx);
final HashicorpConnection connection = connectionFactory.create(keyConfig.getConnectionParams());
final String secret = connection.fetchKey(keyConfig.getKeyDefinition());
final Credentials credentials = Credentials.create(secret);
return new CredentialSigner(credentials);
} catch (final HashicorpException e) {
throw new SignerInitializationException("Failed to extract secret from Hashicorp vault.", e);
}
}
Aggregations