Search in sources :

Example 1 with BlsArtifactSigner

use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.

the class Eth2Runner method loadAzureSigners.

final Collection<ArtifactSigner> loadAzureSigners() {
    final AzureKeyVault keyVault = AzureKeyVaultFactory.createAzureKeyVault(azureKeyVaultParameters);
    return keyVault.mapSecrets((name, value) -> {
        try {
            final Bytes privateKeyBytes = Bytes.fromHexString(value);
            final BLSKeyPair keyPair = new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.wrap(privateKeyBytes)));
            return new BlsArtifactSigner(keyPair, SignerOrigin.AZURE);
        } catch (final Exception e) {
            LOG.error("Failed to load secret named {} from azure key vault.", name);
            return null;
        }
    });
}
Also used : Bytes(org.apache.tuweni.bytes.Bytes) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) AzureKeyVault(tech.pegasys.signers.azure.AzureKeyVault) BLSKeyPair(tech.pegasys.teku.bls.BLSKeyPair)

Example 2 with BlsArtifactSigner

use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.

the class Eth2Runner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final List<ArtifactSigner> signers = Lists.newArrayList();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
            final AwsSecretsManagerProvider awsSecretsManagerProvider = new AwsSecretsManagerProvider(awsCacheMaximumSize)) {
            final AbstractArtifactSignerFactory artifactSignerFactory = new BlsArtifactSignerFactory(config.getKeyConfigPath(), metricsSystem, hashicorpConnectionFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new BlsArtifactSigner(args.getKeyPair(), args.getOrigin(), args.getPath()));
            signers.addAll(new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(artifactSignerFactory))));
        }
        if (azureKeyVaultParameters.isAzureKeyVaultEnabled()) {
            signers.addAll(loadAzureSigners());
        }
        if (keystoresParameters.isEnabled()) {
            final BlsKeystoreBulkLoader blsKeystoreBulkLoader = new BlsKeystoreBulkLoader();
            final Collection<ArtifactSigner> keystoreSigners = keystoresParameters.hasKeystoresPasswordsPath() ? blsKeystoreBulkLoader.loadKeystoresUsingPasswordDir(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordsPath()) : blsKeystoreBulkLoader.loadKeystoresUsingPasswordFile(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordFile());
            signers.addAll(keystoreSigners);
        }
        final List<Bytes> validators = signers.stream().map(ArtifactSigner::getIdentifier).map(Bytes::fromHexString).collect(Collectors.toList());
        if (validators.isEmpty()) {
            LOG.warn("No BLS keys loaded. Check that the key store has BLS key config files");
        } else {
            slashingProtectionContext.ifPresent(context -> context.getRegisteredValidators().registerValidators(validators));
        }
        return signers;
    });
}
Also used : BlsKeystoreBulkLoader(tech.pegasys.web3signer.signing.BlsKeystoreBulkLoader) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) AbstractArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.AbstractArtifactSignerFactory) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) Bytes(org.apache.tuweni.bytes.Bytes) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) BlsArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.BlsArtifactSignerFactory)

Example 3 with BlsArtifactSigner

use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.

the class YamlSignerParserTest method azureSecretMetadataWithSystemAssignedManagedIdentityReturnsMetadata.

@Test
void azureSecretMetadataWithSystemAssignedManagedIdentityReturnsMetadata() throws IOException {
    final BlsArtifactSigner artifactSigner = new BlsArtifactSigner(new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY))), SignerOrigin.AZURE);
    when(blsArtifactSignerFactory.create(any(AzureSecretSigningMetadata.class))).thenReturn(artifactSigner);
    final Map<String, String> azureMetaDataMap = new HashMap<>();
    azureMetaDataMap.put("type", "azure-secret");
    azureMetaDataMap.put("vaultName", "sample-vault-name");
    azureMetaDataMap.put("secretName", "TEST-KEY");
    azureMetaDataMap.put("authenticationMode", AzureAuthenticationMode.SYSTEM_ASSIGNED_MANAGED_IDENTITY.name());
    final String yamlMetadata = YAML_OBJECT_MAPPER.writeValueAsString(azureMetaDataMap);
    final List<ArtifactSigner> result = signerParser.parse(yamlMetadata);
    assertThat(result).containsOnly(artifactSigner);
    verify(blsArtifactSignerFactory).create(hasCorrectAzureManagedIdentityMinimalMetadataArguments());
}
Also used : BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) HashMap(java.util.HashMap) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) AzureSecretSigningMetadata(tech.pegasys.web3signer.signing.config.metadata.AzureSecretSigningMetadata) BLSKeyPair(tech.pegasys.teku.bls.BLSKeyPair) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 4 with BlsArtifactSigner

use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.

the class YamlSignerParserTest method unencryptedMetaDataInfoWith0xPrefixPrivateKeyReturnsMetadata.

@Test
void unencryptedMetaDataInfoWith0xPrefixPrivateKeyReturnsMetadata() throws IOException {
    final ArtifactSigner artifactSigner = new BlsArtifactSigner(new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY))), SignerOrigin.FILE_RAW);
    when(blsArtifactSignerFactory.create(any(FileRawSigningMetadata.class))).thenReturn(artifactSigner);
    final Map<String, String> unencryptedKeyMetadataFile = new HashMap<>();
    unencryptedKeyMetadataFile.put("type", "file-raw");
    unencryptedKeyMetadataFile.put("privateKey", "0x" + PRIVATE_KEY);
    final String yamlMetadata = YAML_OBJECT_MAPPER.writeValueAsString(unencryptedKeyMetadataFile);
    final List<ArtifactSigner> result = signerParser.parse(yamlMetadata);
    assertThat(result).containsOnly(artifactSigner);
    verify(blsArtifactSignerFactory).create(hasPrivateKey(PRIVATE_KEY));
}
Also used : BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) HashMap(java.util.HashMap) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) BLSKeyPair(tech.pegasys.teku.bls.BLSKeyPair) FileRawSigningMetadata(tech.pegasys.web3signer.signing.config.metadata.FileRawSigningMetadata) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 5 with BlsArtifactSigner

use of tech.pegasys.web3signer.signing.BlsArtifactSigner in project web3signer by ConsenSys.

the class YamlSignerParserTest method azureSecretMetadataWithAuthenticationModeReturnsMetadata.

@ParameterizedTest
@EnumSource(AzureAuthenticationMode.class)
void azureSecretMetadataWithAuthenticationModeReturnsMetadata(final AzureAuthenticationMode authenticationMode) throws IOException {
    final BlsArtifactSigner artifactSigner = new BlsArtifactSigner(new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY))), SignerOrigin.AZURE);
    when(blsArtifactSignerFactory.create(any(AzureSecretSigningMetadata.class))).thenReturn(artifactSigner);
    final Map<String, String> azureMetaDataMap = new HashMap<>();
    azureMetaDataMap.put("type", "azure-secret");
    azureMetaDataMap.put("clientId", "sample-client-id");
    azureMetaDataMap.put("clientSecret", "sample-client-secret");
    azureMetaDataMap.put("tenantId", "sample-tenant-id");
    azureMetaDataMap.put("vaultName", "sample-vault-name");
    azureMetaDataMap.put("secretName", "TEST-KEY");
    azureMetaDataMap.put("authenticationMode", authenticationMode.name());
    azureMetaDataMap.put("keyType", "BLS");
    final String yamlMetadata = YAML_OBJECT_MAPPER.writeValueAsString(azureMetaDataMap);
    final List<ArtifactSigner> result = signerParser.parse(yamlMetadata);
    assertThat(result).containsOnly(artifactSigner);
    verify(blsArtifactSignerFactory).create(hasCorrectAzureMetadataArguments(authenticationMode));
}
Also used : BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) HashMap(java.util.HashMap) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) AzureSecretSigningMetadata(tech.pegasys.web3signer.signing.config.metadata.AzureSecretSigningMetadata) BLSKeyPair(tech.pegasys.teku.bls.BLSKeyPair) EnumSource(org.junit.jupiter.params.provider.EnumSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

BlsArtifactSigner (tech.pegasys.web3signer.signing.BlsArtifactSigner)9 BLSKeyPair (tech.pegasys.teku.bls.BLSKeyPair)8 ArtifactSigner (tech.pegasys.web3signer.signing.ArtifactSigner)8 HashMap (java.util.HashMap)6 Test (org.junit.jupiter.api.Test)6 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)6 Bytes (org.apache.tuweni.bytes.Bytes)3 AzureSecretSigningMetadata (tech.pegasys.web3signer.signing.config.metadata.AzureSecretSigningMetadata)3 Path (java.nio.file.Path)2 AwsSecretsManagerProvider (tech.pegasys.signers.aws.AwsSecretsManagerProvider)2 HashicorpConnectionFactory (tech.pegasys.signers.hashicorp.HashicorpConnectionFactory)2 FileRawSigningMetadata (tech.pegasys.web3signer.signing.config.metadata.FileRawSigningMetadata)2 InterlockKeyProvider (tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider)2 YubiHsmOpaqueDataProvider (tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider)2 Vertx (io.vertx.core.Vertx)1 IOException (java.io.IOException)1 Files (java.nio.file.Files)1 Bytes48 (org.apache.tuweni.bytes.Bytes48)1 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)1 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)1