use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.
the class Eth2Runner method loadAzureSigners.
final Collection<ArtifactSigner> loadAzureSigners() {
final AzureKeyVault keyVault = AzureKeyVaultFactory.createAzureKeyVault(azureKeyVaultParameters);
return keyVault.mapSecrets((name, value) -> {
try {
final Bytes privateKeyBytes = Bytes.fromHexString(value);
final BLSKeyPair keyPair = new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.wrap(privateKeyBytes)));
return new BlsArtifactSigner(keyPair, SignerOrigin.AZURE);
} catch (final Exception e) {
LOG.error("Failed to load secret named {} from azure key vault.", name);
return null;
}
});
}
use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.
the class Eth2Runner method createArtifactSignerProvider.
@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
return new DefaultArtifactSignerProvider(() -> {
final List<ArtifactSigner> signers = Lists.newArrayList();
final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
final AwsSecretsManagerProvider awsSecretsManagerProvider = new AwsSecretsManagerProvider(awsCacheMaximumSize)) {
final AbstractArtifactSignerFactory artifactSignerFactory = new BlsArtifactSignerFactory(config.getKeyConfigPath(), metricsSystem, hashicorpConnectionFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new BlsArtifactSigner(args.getKeyPair(), args.getOrigin(), args.getPath()));
signers.addAll(new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(artifactSignerFactory))));
}
if (azureKeyVaultParameters.isAzureKeyVaultEnabled()) {
signers.addAll(loadAzureSigners());
}
if (keystoresParameters.isEnabled()) {
final BlsKeystoreBulkLoader blsKeystoreBulkLoader = new BlsKeystoreBulkLoader();
final Collection<ArtifactSigner> keystoreSigners = keystoresParameters.hasKeystoresPasswordsPath() ? blsKeystoreBulkLoader.loadKeystoresUsingPasswordDir(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordsPath()) : blsKeystoreBulkLoader.loadKeystoresUsingPasswordFile(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordFile());
signers.addAll(keystoreSigners);
}
final List<Bytes> validators = signers.stream().map(ArtifactSigner::getIdentifier).map(Bytes::fromHexString).collect(Collectors.toList());
if (validators.isEmpty()) {
LOG.warn("No BLS keys loaded. Check that the key store has BLS key config files");
} else {
slashingProtectionContext.ifPresent(context -> context.getRegisteredValidators().registerValidators(validators));
}
return signers;
});
}
use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.
the class YamlSignerParserTest method azureSecretMetadataWithSystemAssignedManagedIdentityReturnsMetadata.
@Test
void azureSecretMetadataWithSystemAssignedManagedIdentityReturnsMetadata() throws IOException {
final BlsArtifactSigner artifactSigner = new BlsArtifactSigner(new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY))), SignerOrigin.AZURE);
when(blsArtifactSignerFactory.create(any(AzureSecretSigningMetadata.class))).thenReturn(artifactSigner);
final Map<String, String> azureMetaDataMap = new HashMap<>();
azureMetaDataMap.put("type", "azure-secret");
azureMetaDataMap.put("vaultName", "sample-vault-name");
azureMetaDataMap.put("secretName", "TEST-KEY");
azureMetaDataMap.put("authenticationMode", AzureAuthenticationMode.SYSTEM_ASSIGNED_MANAGED_IDENTITY.name());
final String yamlMetadata = YAML_OBJECT_MAPPER.writeValueAsString(azureMetaDataMap);
final List<ArtifactSigner> result = signerParser.parse(yamlMetadata);
assertThat(result).containsOnly(artifactSigner);
verify(blsArtifactSignerFactory).create(hasCorrectAzureManagedIdentityMinimalMetadataArguments());
}
use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.
the class YamlSignerParserTest method unencryptedMetaDataInfoWith0xPrefixPrivateKeyReturnsMetadata.
@Test
void unencryptedMetaDataInfoWith0xPrefixPrivateKeyReturnsMetadata() throws IOException {
final ArtifactSigner artifactSigner = new BlsArtifactSigner(new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY))), SignerOrigin.FILE_RAW);
when(blsArtifactSignerFactory.create(any(FileRawSigningMetadata.class))).thenReturn(artifactSigner);
final Map<String, String> unencryptedKeyMetadataFile = new HashMap<>();
unencryptedKeyMetadataFile.put("type", "file-raw");
unencryptedKeyMetadataFile.put("privateKey", "0x" + PRIVATE_KEY);
final String yamlMetadata = YAML_OBJECT_MAPPER.writeValueAsString(unencryptedKeyMetadataFile);
final List<ArtifactSigner> result = signerParser.parse(yamlMetadata);
assertThat(result).containsOnly(artifactSigner);
verify(blsArtifactSignerFactory).create(hasPrivateKey(PRIVATE_KEY));
}
use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.
the class YamlSignerParserTest method azureSecretMetadataWithAuthenticationModeReturnsMetadata.
@ParameterizedTest
@EnumSource(AzureAuthenticationMode.class)
void azureSecretMetadataWithAuthenticationModeReturnsMetadata(final AzureAuthenticationMode authenticationMode) throws IOException {
final BlsArtifactSigner artifactSigner = new BlsArtifactSigner(new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY))), SignerOrigin.AZURE);
when(blsArtifactSignerFactory.create(any(AzureSecretSigningMetadata.class))).thenReturn(artifactSigner);
final Map<String, String> azureMetaDataMap = new HashMap<>();
azureMetaDataMap.put("type", "azure-secret");
azureMetaDataMap.put("clientId", "sample-client-id");
azureMetaDataMap.put("clientSecret", "sample-client-secret");
azureMetaDataMap.put("tenantId", "sample-tenant-id");
azureMetaDataMap.put("vaultName", "sample-vault-name");
azureMetaDataMap.put("secretName", "TEST-KEY");
azureMetaDataMap.put("authenticationMode", authenticationMode.name());
azureMetaDataMap.put("keyType", "BLS");
final String yamlMetadata = YAML_OBJECT_MAPPER.writeValueAsString(azureMetaDataMap);
final List<ArtifactSigner> result = signerParser.parse(yamlMetadata);
assertThat(result).containsOnly(artifactSigner);
verify(blsArtifactSignerFactory).create(hasCorrectAzureMetadataArguments(authenticationMode));
}
Aggregations