prysm-pulse/validator/keymanager/v2/derived/derived_test.go
Raul Jordan 4017743f7f
Accounts V2: Refactor Wallet Open / Close and Keymanager Initialization (#6668)
* refactoring create account

* dep

* much easier, create a derived account by simply unlocking wallet

* revert changes to new

* make open wallet smarter and utilize cli ctx

* remove the wallet config

* successfully build

* simplify ctx creation for tests

* tests should pass individually

* tests pass

* fixed up to allow for wallet password file input

* fix broken tests

* formatting

* fmt

* simplify recover

* fixed up tests

* implicit use of default wallet path working

Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
2020-07-21 23:49:04 -05:00

224 lines
7.7 KiB
Go

package derived
import (
"context"
"encoding/hex"
"encoding/json"
"fmt"
"io/ioutil"
"strings"
"testing"
validatorpb "github.com/prysmaticlabs/prysm/proto/validator/accounts/v2"
"github.com/prysmaticlabs/prysm/shared/bls"
"github.com/prysmaticlabs/prysm/shared/bytesutil"
"github.com/prysmaticlabs/prysm/shared/testutil"
"github.com/prysmaticlabs/prysm/shared/testutil/assert"
"github.com/prysmaticlabs/prysm/shared/testutil/require"
mock "github.com/prysmaticlabs/prysm/validator/accounts/v2/testing"
v2keymanager "github.com/prysmaticlabs/prysm/validator/keymanager/v2"
logTest "github.com/sirupsen/logrus/hooks/test"
keystorev4 "github.com/wealdtech/go-eth2-wallet-encryptor-keystorev4"
)
func TestDerivedKeymanager_CreateAccount(t *testing.T) {
hook := logTest.NewGlobal()
wallet := &mock.Wallet{
Files: make(map[string]map[string][]byte),
AccountPasswords: make(map[string]string),
}
seed := make([]byte, 32)
copy(seed, "hello world")
password := "secretPassw0rd$1999"
dr := &Keymanager{
wallet: wallet,
seed: seed,
seedCfg: &SeedConfig{
NextAccount: 0,
},
walletPassword: password,
}
ctx := context.Background()
accountName, err := dr.CreateAccount(ctx)
require.NoError(t, err)
assert.Equal(t, "0", accountName)
// Ensure the keystore file was written to the wallet
// and ensure we can decrypt it using the EIP-2335 standard.
validatingAccount0 := fmt.Sprintf(ValidatingKeyDerivationPathTemplate, 0)
encodedKeystore, ok := wallet.Files[validatingAccount0][KeystoreFileName]
require.Equal(t, ok, true, fmt.Sprintf("Expected to have stored %s in wallet", KeystoreFileName))
keystoreFile := &v2keymanager.Keystore{}
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
// We extract the validator signing private key from the keystore
// by utilizing the password and initialize a new BLS secret key from
// its raw bytes.
decryptor := keystorev4.New()
rawValidatingKey, err := decryptor.Decrypt(keystoreFile.Crypto, []byte(password))
require.NoError(t, err, "Could not decrypt validator signing key")
validatingKey, err := bls.SecretKeyFromBytes(rawValidatingKey)
require.NoError(t, err, "Could not instantiate bls secret key from bytes")
// Ensure the keystore file was written to the wallet
// and ensure we can decrypt it using the EIP-2335 standard.
withdrawalAccount0 := fmt.Sprintf(WithdrawalKeyDerivationPathTemplate, 0)
encodedKeystore, ok = wallet.Files[withdrawalAccount0][KeystoreFileName]
require.Equal(t, ok, true, fmt.Sprintf("Expected to have stored %s in wallet", KeystoreFileName))
keystoreFile = &v2keymanager.Keystore{}
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
// We extract the validator signing private key from the keystore
// by utilizing the password and initialize a new BLS secret key from
// its raw bytes.
rawWithdrawalKey, err := decryptor.Decrypt(keystoreFile.Crypto, []byte(password))
require.NoError(t, err, "Could not decrypt validator withdrawal key")
withdrawalKey, err := bls.SecretKeyFromBytes(rawWithdrawalKey)
require.NoError(t, err, "Could not instantiate bls secret key from bytes")
// Assert the new value for next account increased and also
// check the config file was updated on disk with this new value.
assert.Equal(t, uint64(1), dr.seedCfg.NextAccount, "Wrong value for next account")
encryptedSeedFile, err := wallet.ReadEncryptedSeedFromDisk(ctx)
require.NoError(t, err)
enc, err := ioutil.ReadAll(encryptedSeedFile)
require.NoError(t, err)
defer func() {
assert.NoError(t, encryptedSeedFile.Close())
}()
seedConfig := &SeedConfig{}
require.NoError(t, json.Unmarshal(enc, seedConfig))
assert.Equal(t, uint64(1), seedConfig.NextAccount, "Wrong value for next account")
// Ensure the new account information is displayed to stdout.
testutil.AssertLogsContain(t, hook, "Successfully created new validator account")
testutil.AssertLogsContain(t, hook, fmt.Sprintf("%#x", validatingKey.PublicKey().Marshal()))
testutil.AssertLogsContain(t, hook, fmt.Sprintf("%#x", withdrawalKey.PublicKey().Marshal()))
}
func TestDerivedKeymanager_FetchValidatingPublicKeys(t *testing.T) {
wallet := &mock.Wallet{
Files: make(map[string]map[string][]byte),
AccountPasswords: make(map[string]string),
}
dr := &Keymanager{
wallet: wallet,
keysCache: make(map[[48]byte]bls.SecretKey),
seedCfg: &SeedConfig{
NextAccount: 0,
},
seed: make([]byte, 32),
walletPassword: "hello world",
}
// First, generate accounts and their keystore.json files.
ctx := context.Background()
numAccounts := 20
wantedPublicKeys := make([][48]byte, numAccounts)
var err error
var accountName string
for i := 0; i < numAccounts; i++ {
accountName, err = dr.CreateAccount(ctx)
require.NoError(t, err)
validatingKeyPath := fmt.Sprintf(ValidatingKeyDerivationPathTemplate, i)
enc, err := wallet.ReadFileAtPath(ctx, validatingKeyPath, KeystoreFileName)
require.NoError(t, err)
keystore := &v2keymanager.Keystore{}
require.NoError(t, json.Unmarshal(enc, keystore))
pubKey, err := hex.DecodeString(keystore.Pubkey)
require.NoError(t, err)
wantedPublicKeys[i] = bytesutil.ToBytes48(pubKey)
}
assert.Equal(t, fmt.Sprintf("%d", numAccounts-1), accountName)
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// The results are not guaranteed to be ordered, so we ensure each
// key we expect exists in the results via a map.
keysMap := make(map[[48]byte]bool)
for _, key := range publicKeys {
keysMap[key] = true
}
for _, wanted := range wantedPublicKeys {
if _, ok := keysMap[wanted]; !ok {
t.Errorf("Could not find expected public key %#x in results", wanted)
}
}
}
func TestDerivedKeymanager_Sign(t *testing.T) {
wallet := &mock.Wallet{
Files: make(map[string]map[string][]byte),
AccountPasswords: make(map[string]string),
}
seed := make([]byte, 32)
copy(seed, "hello world")
dr := &Keymanager{
wallet: wallet,
seed: seed,
keysCache: make(map[[48]byte]bls.SecretKey),
seedCfg: &SeedConfig{
NextAccount: 0,
},
walletPassword: "hello world",
}
// First, generate some accounts.
numAccounts := 2
ctx := context.Background()
var err error
var accountName string
for i := 0; i < numAccounts; i++ {
accountName, err = dr.CreateAccount(ctx)
require.NoError(t, err)
}
assert.Equal(t, fmt.Sprintf("%d", numAccounts-1), accountName)
// Initialize the secret keys cache for the keymanager.
require.NoError(t, dr.initializeSecretKeysCache())
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// We prepare naive data to sign.
data := []byte("eth2data")
signRequest := &validatorpb.SignRequest{
PublicKey: publicKeys[0][:],
SigningRoot: data,
}
sig, err := dr.Sign(ctx, signRequest)
require.NoError(t, err)
pubKey, err := bls.PublicKeyFromBytes(publicKeys[0][:])
require.NoError(t, err)
wrongPubKey, err := bls.PublicKeyFromBytes(publicKeys[1][:])
require.NoError(t, err)
// Check if the signature verifies.
assert.Equal(t, true, sig.Verify(pubKey, data))
// Check if the bad signature fails.
assert.Equal(t, false, sig.Verify(wrongPubKey, data))
}
func TestDerivedKeymanager_Sign_NoPublicKeySpecified(t *testing.T) {
req := &validatorpb.SignRequest{
PublicKey: nil,
}
dr := &Keymanager{}
_, err := dr.Sign(context.Background(), req)
assert.NotNil(t, err)
assert.Equal(t, strings.Contains(err.Error(), "nil public key"), true)
}
func TestDerivedKeymanager_Sign_NoPublicKeyInCache(t *testing.T) {
req := &validatorpb.SignRequest{
PublicKey: []byte("hello world"),
}
dr := &Keymanager{
keysCache: make(map[[48]byte]bls.SecretKey),
}
_, err := dr.Sign(context.Background(), req)
assert.NotNil(t, err)
assert.Equal(t, strings.Contains(err.Error(), "no signing key found"), true)
}