prysm-pulse/validator/accounts/account.go
Jim McDonald b133eb6c4a
Warn rather than fail on incorrect keystore password (#5024)
* Warn on failure to decrypt a keystore validator

* Update test

* Update tools

Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>
Co-authored-by: Raul Jordan <raul@prysmaticlabs.com>
2020-03-06 23:05:48 -06:00

160 lines
5.7 KiB
Go

package accounts
import (
"bufio"
"encoding/hex"
"fmt"
"io"
"os"
"strings"
"github.com/pkg/errors"
contract "github.com/prysmaticlabs/prysm/contracts/deposit-contract"
"github.com/prysmaticlabs/prysm/shared/keystore"
"github.com/prysmaticlabs/prysm/shared/params"
"github.com/sirupsen/logrus"
"golang.org/x/crypto/ssh/terminal"
)
var log = logrus.WithField("prefix", "accounts")
// DecryptKeysFromKeystore extracts a set of validator private keys from
// an encrypted keystore directory and a password string.
func DecryptKeysFromKeystore(directory string, password string) (map[string]*keystore.Key, error) {
validatorPrefix := params.BeaconConfig().ValidatorPrivkeyFileName
ks := keystore.NewKeystore(directory)
validatorKeys, err := ks.GetKeys(directory, validatorPrefix, password, true /* warnOnFail */)
if err != nil {
return nil, errors.Wrap(err, "could not get private key")
}
return validatorKeys, nil
}
// VerifyAccountNotExists checks if a validator has not yet created an account
// and keystore in the provided directory string.
func VerifyAccountNotExists(directory string, password string) error {
if directory == "" || password == "" {
return errors.New("expected a path to the validator keystore and password to be provided, received nil")
}
shardWithdrawalKeyFile := params.BeaconConfig().WithdrawalPrivkeyFileName
validatorKeyFile := params.BeaconConfig().ValidatorPrivkeyFileName
// First, if the keystore already exists, throws an error as there can only be
// one keystore per validator client.
ks := keystore.NewKeystore(directory)
if _, err := ks.GetKeys(directory, shardWithdrawalKeyFile, password, false /* warnOnFail */); err == nil {
return fmt.Errorf("keystore at path already exists: %s", shardWithdrawalKeyFile)
}
if _, err := ks.GetKeys(directory, validatorKeyFile, password, false /* warnOnFail */); err == nil {
return fmt.Errorf("keystore at path already exists: %s", validatorKeyFile)
}
return nil
}
// NewValidatorAccount sets up a validator client's secrets and generates the necessary deposit data
// parameters needed to deposit into the deposit contract on the ETH1.0 chain. Specifically, this
// generates a BLS private and public key, and then logs the serialized deposit input hex string
// to be used in an ETH1.0 transaction by the validator.
func NewValidatorAccount(directory string, password string) error {
shardWithdrawalKeyFile := directory + params.BeaconConfig().WithdrawalPrivkeyFileName
validatorKeyFile := directory + params.BeaconConfig().ValidatorPrivkeyFileName
ks := keystore.NewKeystore(directory)
// If the keystore does not exists at the path, we create a new one for the validator.
shardWithdrawalKey, err := keystore.NewKey()
if err != nil {
return err
}
shardWithdrawalKeyFile = shardWithdrawalKeyFile + hex.EncodeToString(shardWithdrawalKey.PublicKey.Marshal())[:12]
if err := ks.StoreKey(shardWithdrawalKeyFile, shardWithdrawalKey, password); err != nil {
return errors.Wrap(err, "unable to store key")
}
log.WithField(
"path",
shardWithdrawalKeyFile,
).Info("Keystore generated for shard withdrawals at path")
validatorKey, err := keystore.NewKey()
if err != nil {
return err
}
validatorKeyFile = validatorKeyFile + hex.EncodeToString(validatorKey.PublicKey.Marshal())[:12]
if err := ks.StoreKey(validatorKeyFile, validatorKey, password); err != nil {
return errors.Wrap(err, "unable to store key")
}
log.WithField(
"path",
validatorKeyFile,
).Info("Keystore generated for validator signatures at path")
data, depositRoot, err := keystore.DepositInput(validatorKey, shardWithdrawalKey, params.BeaconConfig().MaxEffectiveBalance)
if err != nil {
return errors.Wrap(err, "unable to generate deposit data")
}
testAcc, err := contract.Setup()
if err != nil {
return errors.Wrap(err, "unable to create simulated backend")
}
testAcc.TxOpts.GasLimit = 1000000
tx, err := testAcc.Contract.Deposit(testAcc.TxOpts, data.PublicKey, data.WithdrawalCredentials, data.Signature, depositRoot)
if err != nil {
return errors.Wrap(err, "unable to create deposit transaction")
}
log.Info(`Account creation complete! Copy and paste the raw transaction data shown below when issuing a transaction into the ETH1.0 deposit contract to activate your validator client`)
fmt.Printf(`
========================Raw Transaction Data=======================
%#x
===================================================================
`, tx.Data())
return nil
}
// Exists checks if a validator account at a given keystore path exists.
func Exists(keystorePath string) (bool, error) {
/* #nosec */
f, err := os.Open(keystorePath)
if err != nil {
return false, nil
}
defer func() {
if err := f.Close(); err != nil {
log.Fatal(err)
}
}()
_, err = f.Readdirnames(1) // Or f.Readdir(1)
if err == io.EOF {
return false, nil
}
return true, err
}
// CreateValidatorAccount creates a validator account from the given cli context.
func CreateValidatorAccount(path string, passphrase string) (string, string, error) {
if passphrase == "" {
reader := bufio.NewReader(os.Stdin)
log.Info("Create a new validator account for eth2")
log.Info("Enter a password:")
bytePassword, err := terminal.ReadPassword(int(os.Stdin.Fd()))
if err != nil {
log.Fatalf("Could not read account password: %v", err)
}
text := string(bytePassword)
passphrase = strings.Replace(text, "\n", "", -1)
log.Infof("Keystore path to save your private keys (leave blank for default %s):", path)
text, err = reader.ReadString('\n')
if err != nil {
log.Fatal(err)
}
text = strings.Replace(text, "\n", "", -1)
if text != "" {
path = text
}
}
if err := NewValidatorAccount(path, passphrase); err != nil {
return "", "", errors.Wrapf(err, "could not initialize validator account")
}
return path, passphrase, nil
}