Search in sources :

Example 1 with YubiHsmOpaqueDataProvider

use of tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider in project web3signer by ConsenSys.

the class Eth2Runner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final List<ArtifactSigner> signers = Lists.newArrayList();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
            final AwsSecretsManagerProvider awsSecretsManagerProvider = new AwsSecretsManagerProvider(awsCacheMaximumSize)) {
            final AbstractArtifactSignerFactory artifactSignerFactory = new BlsArtifactSignerFactory(config.getKeyConfigPath(), metricsSystem, hashicorpConnectionFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new BlsArtifactSigner(args.getKeyPair(), args.getOrigin(), args.getPath()));
            signers.addAll(new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(artifactSignerFactory))));
        }
        if (azureKeyVaultParameters.isAzureKeyVaultEnabled()) {
            signers.addAll(loadAzureSigners());
        }
        if (keystoresParameters.isEnabled()) {
            final BlsKeystoreBulkLoader blsKeystoreBulkLoader = new BlsKeystoreBulkLoader();
            final Collection<ArtifactSigner> keystoreSigners = keystoresParameters.hasKeystoresPasswordsPath() ? blsKeystoreBulkLoader.loadKeystoresUsingPasswordDir(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordsPath()) : blsKeystoreBulkLoader.loadKeystoresUsingPasswordFile(keystoresParameters.getKeystoresPath(), keystoresParameters.getKeystoresPasswordFile());
            signers.addAll(keystoreSigners);
        }
        final List<Bytes> validators = signers.stream().map(ArtifactSigner::getIdentifier).map(Bytes::fromHexString).collect(Collectors.toList());
        if (validators.isEmpty()) {
            LOG.warn("No BLS keys loaded. Check that the key store has BLS key config files");
        } else {
            slashingProtectionContext.ifPresent(context -> context.getRegisteredValidators().registerValidators(validators));
        }
        return signers;
    });
}
Also used : BlsKeystoreBulkLoader(tech.pegasys.web3signer.signing.BlsKeystoreBulkLoader) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) AbstractArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.AbstractArtifactSignerFactory) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) Bytes(org.apache.tuweni.bytes.Bytes) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) BlsArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.BlsArtifactSignerFactory)

Example 2 with YubiHsmOpaqueDataProvider

use of tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider in project web3signer by ConsenSys.

the class FilecoinRunner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final AzureKeyVaultSignerFactory azureFactory = new AzureKeyVaultSignerFactory();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
            final AwsSecretsManagerProvider awsSecretsManagerProvider = new AwsSecretsManagerProvider(AWS_CACHE_MAXIMUM_SIZE)) {
            final AbstractArtifactSignerFactory blsArtifactSignerFactory = new BlsArtifactSignerFactory(config.getKeyConfigPath(), metricsSystem, hashicorpConnectionFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new FcBlsArtifactSigner(args.getKeyPair(), network));
            final AbstractArtifactSignerFactory secpArtifactSignerFactory = new Secp256k1ArtifactSignerFactory(hashicorpConnectionFactory, config.getKeyConfigPath(), azureFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, signer -> new FcSecpArtifactSigner(signer, network), false);
            return new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(blsArtifactSignerFactory, secpArtifactSignerFactory)));
        }
    });
}
Also used : HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) FcBlsArtifactSigner(tech.pegasys.web3signer.signing.FcBlsArtifactSigner) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) AbstractArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.AbstractArtifactSignerFactory) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) Secp256k1ArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.Secp256k1ArtifactSignerFactory) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) BlsArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.BlsArtifactSignerFactory) FcSecpArtifactSigner(tech.pegasys.web3signer.signing.FcSecpArtifactSigner) AzureKeyVaultSignerFactory(tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)

Example 3 with YubiHsmOpaqueDataProvider

use of tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider in project web3signer by ConsenSys.

the class Eth1Runner method createArtifactSignerProvider.

@Override
protected ArtifactSignerProvider createArtifactSignerProvider(final Vertx vertx, final MetricsSystem metricsSystem) {
    return new DefaultArtifactSignerProvider(() -> {
        final AzureKeyVaultSignerFactory azureFactory = new AzureKeyVaultSignerFactory();
        final HashicorpConnectionFactory hashicorpConnectionFactory = new HashicorpConnectionFactory(vertx);
        try (final InterlockKeyProvider interlockKeyProvider = new InterlockKeyProvider(vertx);
            final YubiHsmOpaqueDataProvider yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider()) {
            final Secp256k1ArtifactSignerFactory ethSecpArtifactSignerFactory = new Secp256k1ArtifactSignerFactory(hashicorpConnectionFactory, config.getKeyConfigPath(), azureFactory, interlockKeyProvider, yubiHsmOpaqueDataProvider, EthSecpArtifactSigner::new, true);
            return new SignerLoader().load(config.getKeyConfigPath(), "yaml", new YamlSignerParser(List.of(ethSecpArtifactSignerFactory)));
        }
    });
}
Also used : YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) EthSecpArtifactSigner(tech.pegasys.web3signer.signing.EthSecpArtifactSigner) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) DefaultArtifactSignerProvider(tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider) YamlSignerParser(tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser) SignerLoader(tech.pegasys.web3signer.signing.config.SignerLoader) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) Secp256k1ArtifactSignerFactory(tech.pegasys.web3signer.signing.config.metadata.Secp256k1ArtifactSignerFactory) AzureKeyVaultSignerFactory(tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)

Example 4 with YubiHsmOpaqueDataProvider

use of tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider in project web3signer by ConsenSys.

the class BlsArtifactSignerFactoryTest method setup.

@BeforeEach
void setup() throws IOException {
    vertx = Vertx.vertx();
    interlockKeyProvider = new InterlockKeyProvider(vertx);
    yubiHsmOpaqueDataProvider = new YubiHsmOpaqueDataProvider();
    awsSecretsManagerProvider = new AwsSecretsManagerProvider(100);
    artifactSignerFactory = new BlsArtifactSignerFactory(configDir, new NoOpMetricsSystem(), new HashicorpConnectionFactory(vertx), interlockKeyProvider, yubiHsmOpaqueDataProvider, awsSecretsManagerProvider, (args) -> new BlsArtifactSigner(args.getKeyPair(), args.getOrigin()));
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) Cipher(tech.pegasys.signers.bls.keystore.model.Cipher) KeyStoreLoader(tech.pegasys.signers.bls.keystore.KeyStoreLoader) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Bytes(org.apache.tuweni.bytes.Bytes) NoOpMetricsSystem(org.hyperledger.besu.metrics.noop.NoOpMetricsSystem) BLSKeyPair(tech.pegasys.teku.bls.BLSKeyPair) KeyType(tech.pegasys.web3signer.signing.KeyType) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) BeforeAll(org.junit.jupiter.api.BeforeAll) CipherFunction(tech.pegasys.signers.bls.keystore.model.CipherFunction) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) Path(java.nio.file.Path) KeyStore(tech.pegasys.signers.bls.keystore.KeyStore) Files(java.nio.file.Files) BLSPublicKey(tech.pegasys.teku.bls.BLSPublicKey) Vertx(io.vertx.core.Vertx) IOException(java.io.IOException) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) KeyStoreData(tech.pegasys.signers.bls.keystore.model.KeyStoreData) ArtifactSigner(tech.pegasys.web3signer.signing.ArtifactSigner) AssertionsForClassTypes.fail(org.assertj.core.api.AssertionsForClassTypes.fail) SCryptParam(tech.pegasys.signers.bls.keystore.model.SCryptParam) Test(org.junit.jupiter.api.Test) AfterEach(org.junit.jupiter.api.AfterEach) KdfParam(tech.pegasys.signers.bls.keystore.model.KdfParam) TempDir(org.junit.jupiter.api.io.TempDir) Bytes48(org.apache.tuweni.bytes.Bytes48) BLSTestUtil(tech.pegasys.web3signer.BLSTestUtil) YubiHsmOpaqueDataProvider(tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider) HashicorpConnectionFactory(tech.pegasys.signers.hashicorp.HashicorpConnectionFactory) NoOpMetricsSystem(org.hyperledger.besu.metrics.noop.NoOpMetricsSystem) BlsArtifactSigner(tech.pegasys.web3signer.signing.BlsArtifactSigner) InterlockKeyProvider(tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider) AwsSecretsManagerProvider(tech.pegasys.signers.aws.AwsSecretsManagerProvider) BeforeEach(org.junit.jupiter.api.BeforeEach)

Aggregations

HashicorpConnectionFactory (tech.pegasys.signers.hashicorp.HashicorpConnectionFactory)4 InterlockKeyProvider (tech.pegasys.web3signer.signing.config.metadata.interlock.InterlockKeyProvider)4 YubiHsmOpaqueDataProvider (tech.pegasys.web3signer.signing.config.metadata.yubihsm.YubiHsmOpaqueDataProvider)4 AwsSecretsManagerProvider (tech.pegasys.signers.aws.AwsSecretsManagerProvider)3 DefaultArtifactSignerProvider (tech.pegasys.web3signer.signing.config.DefaultArtifactSignerProvider)3 SignerLoader (tech.pegasys.web3signer.signing.config.SignerLoader)3 YamlSignerParser (tech.pegasys.web3signer.signing.config.metadata.parser.YamlSignerParser)3 Bytes (org.apache.tuweni.bytes.Bytes)2 AzureKeyVaultSignerFactory (tech.pegasys.signers.secp256k1.azure.AzureKeyVaultSignerFactory)2 ArtifactSigner (tech.pegasys.web3signer.signing.ArtifactSigner)2 BlsArtifactSigner (tech.pegasys.web3signer.signing.BlsArtifactSigner)2 AbstractArtifactSignerFactory (tech.pegasys.web3signer.signing.config.metadata.AbstractArtifactSignerFactory)2 BlsArtifactSignerFactory (tech.pegasys.web3signer.signing.config.metadata.BlsArtifactSignerFactory)2 Secp256k1ArtifactSignerFactory (tech.pegasys.web3signer.signing.config.metadata.Secp256k1ArtifactSignerFactory)2 Vertx (io.vertx.core.Vertx)1 IOException (java.io.IOException)1 Files (java.nio.file.Files)1 Path (java.nio.file.Path)1 Bytes48 (org.apache.tuweni.bytes.Bytes48)1 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)1