2020-07-03 18:49:16 +00:00
|
|
|
package direct
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"encoding/json"
|
2020-08-11 03:54:37 +00:00
|
|
|
"fmt"
|
2020-07-28 00:02:29 +00:00
|
|
|
"strings"
|
2020-07-03 18:49:16 +00:00
|
|
|
"testing"
|
|
|
|
|
2020-07-03 23:00:02 +00:00
|
|
|
validatorpb "github.com/prysmaticlabs/prysm/proto/validator/accounts/v2"
|
2020-07-03 18:49:16 +00:00
|
|
|
"github.com/prysmaticlabs/prysm/shared/bls"
|
2020-07-03 20:26:00 +00:00
|
|
|
"github.com/prysmaticlabs/prysm/shared/bytesutil"
|
2020-07-22 19:42:43 +00:00
|
|
|
"github.com/prysmaticlabs/prysm/shared/testutil/assert"
|
|
|
|
"github.com/prysmaticlabs/prysm/shared/testutil/require"
|
2020-07-03 20:26:00 +00:00
|
|
|
mock "github.com/prysmaticlabs/prysm/validator/accounts/v2/testing"
|
2020-07-21 02:05:23 +00:00
|
|
|
v2keymanager "github.com/prysmaticlabs/prysm/validator/keymanager/v2"
|
2020-07-03 18:49:16 +00:00
|
|
|
logTest "github.com/sirupsen/logrus/hooks/test"
|
|
|
|
keystorev4 "github.com/wealdtech/go-eth2-wallet-encryptor-keystorev4"
|
|
|
|
)
|
|
|
|
|
2020-07-23 02:12:51 +00:00
|
|
|
func TestDirectKeymanager_CreateAccount(t *testing.T) {
|
2020-07-03 18:49:16 +00:00
|
|
|
hook := logTest.NewGlobal()
|
2020-08-02 20:02:04 +00:00
|
|
|
password := "secretPassw0rd$1999"
|
2020-07-03 20:26:00 +00:00
|
|
|
wallet := &mock.Wallet{
|
2020-08-10 18:54:40 +00:00
|
|
|
Files: make(map[string]map[string][]byte),
|
2020-07-03 20:26:00 +00:00
|
|
|
}
|
2020-07-03 18:49:16 +00:00
|
|
|
dr := &Keymanager{
|
2020-08-10 18:54:40 +00:00
|
|
|
keysCache: make(map[[48]byte]bls.SecretKey),
|
|
|
|
wallet: wallet,
|
|
|
|
accountsStore: &AccountStore{},
|
|
|
|
accountsPassword: password,
|
2020-07-03 18:49:16 +00:00
|
|
|
}
|
|
|
|
ctx := context.Background()
|
2020-08-03 18:58:04 +00:00
|
|
|
accountName, err := dr.CreateAccount(ctx)
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, err)
|
2020-07-03 18:49:16 +00:00
|
|
|
|
|
|
|
// Ensure the keystore file was written to the wallet
|
|
|
|
// and ensure we can decrypt it using the EIP-2335 standard.
|
2020-07-28 00:02:29 +00:00
|
|
|
var encodedKeystore []byte
|
2020-08-02 20:02:04 +00:00
|
|
|
for k, v := range wallet.Files[AccountsPath] {
|
2020-07-28 00:02:29 +00:00
|
|
|
if strings.Contains(k, "keystore") {
|
|
|
|
encodedKeystore = v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
require.NotNil(t, encodedKeystore, "could not find keystore file")
|
2020-07-21 02:05:23 +00:00
|
|
|
keystoreFile := &v2keymanager.Keystore{}
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
|
2020-07-03 18:49:16 +00:00
|
|
|
|
2020-08-02 20:02:04 +00:00
|
|
|
// We extract the accounts from the keystore.
|
2020-07-03 18:49:16 +00:00
|
|
|
decryptor := keystorev4.New()
|
2020-08-02 20:02:04 +00:00
|
|
|
encodedAccounts, err := decryptor.Decrypt(keystoreFile.Crypto, password)
|
|
|
|
require.NoError(t, err, "Could not decrypt validator accounts")
|
|
|
|
store := &AccountStore{}
|
|
|
|
require.NoError(t, json.Unmarshal(encodedAccounts, store))
|
|
|
|
|
|
|
|
require.Equal(t, 1, len(store.PublicKeys))
|
|
|
|
require.Equal(t, 1, len(store.PrivateKeys))
|
|
|
|
privKey, err := bls.SecretKeyFromBytes(store.PrivateKeys[0])
|
|
|
|
require.NoError(t, err)
|
|
|
|
pubKey := privKey.PublicKey().Marshal()
|
|
|
|
assert.DeepEqual(t, pubKey, store.PublicKeys[0])
|
2020-08-13 16:22:25 +00:00
|
|
|
require.LogsContain(t, hook, accountName)
|
|
|
|
require.LogsContain(t, hook, "Successfully created new validator account")
|
2020-07-03 18:49:16 +00:00
|
|
|
}
|
2020-07-03 20:26:00 +00:00
|
|
|
|
2020-08-11 03:54:37 +00:00
|
|
|
func TestDirectKeymanager_RemoveAccounts(t *testing.T) {
|
|
|
|
hook := logTest.NewGlobal()
|
|
|
|
password := "secretPassw0rd$1999"
|
|
|
|
wallet := &mock.Wallet{
|
|
|
|
Files: make(map[string]map[string][]byte),
|
|
|
|
}
|
|
|
|
dr := &Keymanager{
|
|
|
|
keysCache: make(map[[48]byte]bls.SecretKey),
|
|
|
|
wallet: wallet,
|
|
|
|
accountsStore: &AccountStore{},
|
|
|
|
accountsPassword: password,
|
|
|
|
}
|
|
|
|
numAccounts := 5
|
|
|
|
ctx := context.Background()
|
|
|
|
for i := 0; i < numAccounts; i++ {
|
|
|
|
_, err := dr.CreateAccount(ctx)
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
accounts, err := dr.FetchValidatingPublicKeys(ctx)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, numAccounts, len(accounts))
|
|
|
|
|
|
|
|
accountToRemove := uint64(2)
|
|
|
|
accountPubKey := accounts[accountToRemove]
|
|
|
|
// Remove an account from the keystore.
|
|
|
|
require.NoError(t, dr.DeleteAccounts(ctx, [][]byte{accountPubKey[:]}))
|
|
|
|
// Ensure the keystore file was written to the wallet
|
|
|
|
// and ensure we can decrypt it using the EIP-2335 standard.
|
|
|
|
var encodedKeystore []byte
|
|
|
|
for k, v := range wallet.Files[AccountsPath] {
|
|
|
|
if strings.Contains(k, "keystore") {
|
|
|
|
encodedKeystore = v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
require.NotNil(t, encodedKeystore, "could not find keystore file")
|
|
|
|
keystoreFile := &v2keymanager.Keystore{}
|
|
|
|
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
|
|
|
|
|
|
|
|
// We extract the accounts from the keystore.
|
|
|
|
decryptor := keystorev4.New()
|
|
|
|
encodedAccounts, err := decryptor.Decrypt(keystoreFile.Crypto, password)
|
|
|
|
require.NoError(t, err, "Could not decrypt validator accounts")
|
|
|
|
store := &AccountStore{}
|
|
|
|
require.NoError(t, json.Unmarshal(encodedAccounts, store))
|
|
|
|
|
|
|
|
require.Equal(t, numAccounts-1, len(store.PublicKeys))
|
|
|
|
require.Equal(t, numAccounts-1, len(store.PrivateKeys))
|
2020-08-13 16:22:25 +00:00
|
|
|
require.LogsContain(t, hook, fmt.Sprintf("%#x", bytesutil.Trunc(accountPubKey[:])))
|
|
|
|
require.LogsContain(t, hook, "Successfully deleted validator account")
|
2020-08-11 03:54:37 +00:00
|
|
|
}
|
|
|
|
|
2020-07-23 02:12:51 +00:00
|
|
|
func TestDirectKeymanager_FetchValidatingPublicKeys(t *testing.T) {
|
2020-08-02 20:02:04 +00:00
|
|
|
password := "secretPassw0rd$1999"
|
2020-07-03 20:26:00 +00:00
|
|
|
wallet := &mock.Wallet{
|
2020-08-10 18:54:40 +00:00
|
|
|
Files: make(map[string]map[string][]byte),
|
2020-07-03 20:26:00 +00:00
|
|
|
}
|
|
|
|
dr := &Keymanager{
|
2020-08-10 18:54:40 +00:00
|
|
|
wallet: wallet,
|
|
|
|
keysCache: make(map[[48]byte]bls.SecretKey),
|
|
|
|
accountsStore: &AccountStore{},
|
|
|
|
accountsPassword: password,
|
2020-07-03 20:26:00 +00:00
|
|
|
}
|
|
|
|
// First, generate accounts and their keystore.json files.
|
2020-07-03 23:00:02 +00:00
|
|
|
ctx := context.Background()
|
2020-08-02 20:02:04 +00:00
|
|
|
numAccounts := 10
|
|
|
|
wantedPubKeys := make([][48]byte, numAccounts)
|
|
|
|
for i := 0; i < numAccounts; i++ {
|
|
|
|
privKey := bls.RandKey()
|
|
|
|
pubKey := bytesutil.ToBytes48(privKey.PublicKey().Marshal())
|
|
|
|
dr.keysCache[pubKey] = privKey
|
|
|
|
wantedPubKeys[i] = pubKey
|
|
|
|
dr.accountsStore.PublicKeys = append(dr.accountsStore.PublicKeys, pubKey[:])
|
|
|
|
dr.accountsStore.PrivateKeys = append(dr.accountsStore.PrivateKeys, privKey.Marshal())
|
|
|
|
}
|
|
|
|
|
2020-07-03 23:00:02 +00:00
|
|
|
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, err)
|
2020-07-03 20:26:00 +00:00
|
|
|
// The results are not guaranteed to be ordered, so we ensure each
|
|
|
|
// key we expect exists in the results via a map.
|
|
|
|
keysMap := make(map[[48]byte]bool)
|
|
|
|
for _, key := range publicKeys {
|
|
|
|
keysMap[key] = true
|
|
|
|
}
|
2020-08-02 20:02:04 +00:00
|
|
|
for _, wanted := range wantedPubKeys {
|
2020-07-03 20:26:00 +00:00
|
|
|
if _, ok := keysMap[wanted]; !ok {
|
|
|
|
t.Errorf("Could not find expected public key %#x in results", wanted)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-23 02:12:51 +00:00
|
|
|
func TestDirectKeymanager_Sign(t *testing.T) {
|
2020-08-02 20:02:04 +00:00
|
|
|
password := "secretPassw0rd$1999"
|
2020-07-03 23:00:02 +00:00
|
|
|
wallet := &mock.Wallet{
|
|
|
|
Files: make(map[string]map[string][]byte),
|
|
|
|
AccountPasswords: make(map[string]string),
|
|
|
|
}
|
|
|
|
dr := &Keymanager{
|
2020-08-10 18:54:40 +00:00
|
|
|
wallet: wallet,
|
|
|
|
accountsStore: &AccountStore{},
|
|
|
|
keysCache: make(map[[48]byte]bls.SecretKey),
|
|
|
|
accountsPassword: password,
|
2020-07-03 23:00:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// First, generate accounts and their keystore.json files.
|
|
|
|
ctx := context.Background()
|
2020-08-02 20:02:04 +00:00
|
|
|
numAccounts := 10
|
|
|
|
for i := 0; i < numAccounts; i++ {
|
2020-08-03 18:58:04 +00:00
|
|
|
_, err := dr.CreateAccount(ctx)
|
2020-08-02 20:02:04 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var encodedKeystore []byte
|
|
|
|
for k, v := range wallet.Files[AccountsPath] {
|
|
|
|
if strings.Contains(k, "keystore") {
|
|
|
|
encodedKeystore = v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
keystoreFile := &v2keymanager.Keystore{}
|
|
|
|
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
|
|
|
|
|
|
|
|
// We extract the validator signing private key from the keystore
|
|
|
|
// by utilizing the password and initialize a new BLS secret key from
|
|
|
|
// its raw bytes.
|
|
|
|
decryptor := keystorev4.New()
|
2020-08-10 18:54:40 +00:00
|
|
|
enc, err := decryptor.Decrypt(keystoreFile.Crypto, dr.accountsPassword)
|
2020-08-02 20:02:04 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
store := &AccountStore{}
|
|
|
|
require.NoError(t, json.Unmarshal(enc, store))
|
|
|
|
require.Equal(t, len(store.PublicKeys), len(store.PrivateKeys))
|
|
|
|
require.NotEqual(t, 0, len(store.PublicKeys))
|
|
|
|
|
|
|
|
for i := 0; i < len(store.PublicKeys); i++ {
|
|
|
|
privKey, err := bls.SecretKeyFromBytes(store.PrivateKeys[i])
|
|
|
|
require.NoError(t, err)
|
|
|
|
dr.keysCache[bytesutil.ToBytes48(store.PublicKeys[i])] = privKey
|
|
|
|
}
|
|
|
|
dr.accountsStore = store
|
|
|
|
|
2020-07-03 23:00:02 +00:00
|
|
|
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, err)
|
2020-08-02 20:02:04 +00:00
|
|
|
require.Equal(t, len(publicKeys), len(store.PublicKeys))
|
2020-07-03 23:00:02 +00:00
|
|
|
|
|
|
|
// We prepare naive data to sign.
|
|
|
|
data := []byte("hello world")
|
|
|
|
signRequest := &validatorpb.SignRequest{
|
2020-07-10 05:49:56 +00:00
|
|
|
PublicKey: publicKeys[0][:],
|
|
|
|
SigningRoot: data,
|
2020-07-03 23:00:02 +00:00
|
|
|
}
|
|
|
|
sig, err := dr.Sign(ctx, signRequest)
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, err)
|
2020-07-03 23:00:02 +00:00
|
|
|
pubKey, err := bls.PublicKeyFromBytes(publicKeys[0][:])
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, err)
|
2020-07-03 23:00:02 +00:00
|
|
|
wrongPubKey, err := bls.PublicKeyFromBytes(publicKeys[1][:])
|
2020-07-22 19:42:43 +00:00
|
|
|
require.NoError(t, err)
|
2020-07-03 23:00:02 +00:00
|
|
|
if !sig.Verify(pubKey, data) {
|
|
|
|
t.Fatalf("Expected sig to verify for pubkey %#x and data %v", pubKey.Marshal(), data)
|
|
|
|
}
|
|
|
|
if sig.Verify(wrongPubKey, data) {
|
|
|
|
t.Fatalf("Expected sig not to verify for pubkey %#x and data %v", wrongPubKey.Marshal(), data)
|
|
|
|
}
|
|
|
|
}
|
2020-08-02 20:02:04 +00:00
|
|
|
|
2020-07-23 02:12:51 +00:00
|
|
|
func TestDirectKeymanager_Sign_NoPublicKeySpecified(t *testing.T) {
|
2020-07-03 23:00:02 +00:00
|
|
|
req := &validatorpb.SignRequest{
|
|
|
|
PublicKey: nil,
|
|
|
|
}
|
|
|
|
dr := &Keymanager{}
|
|
|
|
_, err := dr.Sign(context.Background(), req)
|
2020-07-22 19:42:43 +00:00
|
|
|
assert.ErrorContains(t, "nil public key", err)
|
2020-07-03 23:00:02 +00:00
|
|
|
}
|
|
|
|
|
2020-07-23 02:12:51 +00:00
|
|
|
func TestDirectKeymanager_Sign_NoPublicKeyInCache(t *testing.T) {
|
2020-07-03 23:00:02 +00:00
|
|
|
req := &validatorpb.SignRequest{
|
|
|
|
PublicKey: []byte("hello world"),
|
|
|
|
}
|
|
|
|
dr := &Keymanager{
|
|
|
|
keysCache: make(map[[48]byte]bls.SecretKey),
|
|
|
|
}
|
|
|
|
_, err := dr.Sign(context.Background(), req)
|
2020-07-22 19:42:43 +00:00
|
|
|
assert.ErrorContains(t, "no signing key found in keys cache", err)
|
2020-07-03 23:00:02 +00:00
|
|
|
}
|