prysm-pulse/validator/accounts/accounts_import.go
Håvard Anda Estensen d2f4a8cc7c
Replace ioutil with io and os (#10541)
* Replace ioutil with io and os

* Fix build errors
2022-04-18 20:42:07 +00:00

369 lines
12 KiB
Go

package accounts
import (
"context"
"encoding/hex"
"encoding/json"
"fmt"
"os"
"path/filepath"
"regexp"
"sort"
"strconv"
"strings"
"github.com/google/uuid"
"github.com/pkg/errors"
"github.com/prysmaticlabs/prysm/cmd/validator/flags"
"github.com/prysmaticlabs/prysm/crypto/bls"
"github.com/prysmaticlabs/prysm/encoding/bytesutil"
"github.com/prysmaticlabs/prysm/io/file"
"github.com/prysmaticlabs/prysm/io/prompt"
ethpbservice "github.com/prysmaticlabs/prysm/proto/eth/service"
"github.com/prysmaticlabs/prysm/validator/accounts/iface"
"github.com/prysmaticlabs/prysm/validator/accounts/userprompt"
"github.com/prysmaticlabs/prysm/validator/accounts/wallet"
"github.com/prysmaticlabs/prysm/validator/keymanager"
"github.com/urfave/cli/v2"
keystorev4 "github.com/wealdtech/go-eth2-wallet-encryptor-keystorev4"
)
var derivationPathRegex = regexp.MustCompile(`m_12381_3600_(\d+)_(\d+)_(\d+)`)
// byDerivationPath implements sort.Interface based on a
// derivation path present in a keystore filename, if any. This
// will allow us to sort filenames such as keystore-m_12381_3600_1_0_0.json
// in a directory and import them nicely in order of the derivation path.
type byDerivationPath []string
// Len is the number of elements in the collection.
func (fileNames byDerivationPath) Len() int { return len(fileNames) }
// Less reports whether the element with index i must sort before the element with index j.
func (fileNames byDerivationPath) Less(i, j int) bool {
// We check if file name at index i has a derivation path
// in the filename. If it does not, then it is not less than j, and
// we should swap it towards the end of the sorted list.
if !derivationPathRegex.MatchString(fileNames[i]) {
return false
}
derivationPathA := derivationPathRegex.FindString(fileNames[i])
derivationPathB := derivationPathRegex.FindString(fileNames[j])
if derivationPathA == "" {
return false
}
if derivationPathB == "" {
return true
}
a, err := strconv.Atoi(accountIndexFromFileName(derivationPathA))
if err != nil {
return false
}
b, err := strconv.Atoi(accountIndexFromFileName(derivationPathB))
if err != nil {
return false
}
return a < b
}
// Swap swaps the elements with indexes i and j.
func (fileNames byDerivationPath) Swap(i, j int) {
fileNames[i], fileNames[j] = fileNames[j], fileNames[i]
}
// ImportAccountsConfig defines values to run the import accounts function.
type ImportAccountsConfig struct {
Keystores []*keymanager.Keystore
Importer keymanager.Importer
AccountPassword string
}
// ImportAccountsCli can import external, EIP-2335 compliant keystore.json files as
// new accounts into the Prysm validator wallet. This uses the CLI to extract
// values necessary to run the function.
func ImportAccountsCli(cliCtx *cli.Context) error {
w, err := wallet.OpenWalletOrElseCli(cliCtx, func(cliCtx *cli.Context) (*wallet.Wallet, error) {
walletDir, err := userprompt.InputDirectory(cliCtx, userprompt.WalletDirPromptText, flags.WalletDirFlag)
if err != nil {
return nil, err
}
exists, err := wallet.Exists(walletDir)
if err != nil {
return nil, errors.Wrap(err, wallet.CheckExistsErrMsg)
}
if exists {
isValid, err := wallet.IsValid(walletDir)
if err != nil {
return nil, errors.Wrap(err, wallet.CheckValidityErrMsg)
}
if !isValid {
return nil, errors.New(wallet.InvalidWalletErrMsg)
}
walletPassword, err := wallet.InputPassword(
cliCtx,
flags.WalletPasswordFileFlag,
wallet.PasswordPromptText,
false, /* Do not confirm password */
wallet.ValidateExistingPass,
)
if err != nil {
return nil, err
}
return wallet.OpenWallet(cliCtx.Context, &wallet.Config{
WalletDir: walletDir,
WalletPassword: walletPassword,
})
}
cfg, err := extractWalletCreationConfigFromCli(cliCtx, keymanager.Local)
if err != nil {
return nil, err
}
w := wallet.New(&wallet.Config{
KeymanagerKind: cfg.WalletCfg.KeymanagerKind,
WalletDir: cfg.WalletCfg.WalletDir,
WalletPassword: cfg.WalletCfg.WalletPassword,
})
if err = createLocalKeymanagerWallet(cliCtx.Context, w); err != nil {
return nil, errors.Wrap(err, "could not create keymanager")
}
log.WithField("wallet-path", cfg.WalletCfg.WalletDir).Info(
"Successfully created new wallet",
)
return w, nil
})
if err != nil {
return errors.Wrap(err, "could not initialize wallet")
}
km, err := w.InitializeKeymanager(cliCtx.Context, iface.InitKeymanagerConfig{ListenForChanges: false})
if err != nil {
return err
}
k, ok := km.(keymanager.Importer)
if !ok {
return errors.New("keymanager cannot import keystores")
}
// Check if the user wishes to import a one-off, private key directly
// as an account into the Prysm validator.
if cliCtx.IsSet(flags.ImportPrivateKeyFileFlag.Name) {
return importPrivateKeyAsAccount(cliCtx, w, k)
}
keysDir, err := userprompt.InputDirectory(cliCtx, userprompt.ImportKeysDirPromptText, flags.KeysDirFlag)
if err != nil {
return errors.Wrap(err, "could not parse keys directory")
}
// Consider that the keysDir might be a path to a specific file and handle accordingly.
isDir, err := file.HasDir(keysDir)
if err != nil {
return errors.Wrap(err, "could not determine if path is a directory")
}
keystoresImported := make([]*keymanager.Keystore, 0)
if isDir {
files, err := os.ReadDir(keysDir)
if err != nil {
return errors.Wrap(err, "could not read dir")
}
if len(files) == 0 {
return fmt.Errorf("directory %s has no files, cannot import from it", keysDir)
}
filesInDir := make([]string, 0)
for i := 0; i < len(files); i++ {
if files[i].IsDir() {
continue
}
filesInDir = append(filesInDir, files[i].Name())
}
// Sort the imported keystores by derivation path if they
// specify this value in their filename.
sort.Sort(byDerivationPath(filesInDir))
for _, name := range filesInDir {
keystore, err := readKeystoreFile(cliCtx.Context, filepath.Join(keysDir, name))
if err != nil && strings.Contains(err.Error(), "could not decode keystore json") {
continue
} else if err != nil {
return errors.Wrapf(err, "could not import keystore at path: %s", name)
}
keystoresImported = append(keystoresImported, keystore)
}
} else {
keystore, err := readKeystoreFile(cliCtx.Context, keysDir)
if err != nil {
return errors.Wrap(err, "could not import keystore")
}
keystoresImported = append(keystoresImported, keystore)
}
var accountsPassword string
if cliCtx.IsSet(flags.AccountPasswordFileFlag.Name) {
passwordFilePath := cliCtx.String(flags.AccountPasswordFileFlag.Name)
data, err := os.ReadFile(passwordFilePath) // #nosec G304
if err != nil {
return err
}
accountsPassword = string(data)
} else {
accountsPassword, err = prompt.PasswordPrompt(
"Enter the password for your imported accounts", prompt.NotEmpty,
)
if err != nil {
return fmt.Errorf("could not read account password: %w", err)
}
}
fmt.Println("Importing accounts, this may take a while...")
statuses, err := ImportAccounts(cliCtx.Context, &ImportAccountsConfig{
Importer: k,
Keystores: keystoresImported,
AccountPassword: accountsPassword,
})
if err != nil {
return err
}
for i, status := range statuses {
switch status.Status {
case ethpbservice.ImportedKeystoreStatus_DUPLICATE:
log.Warnf("Duplicate key %s found in import request, skipped", keystoresImported[i].Pubkey)
case ethpbservice.ImportedKeystoreStatus_ERROR:
log.Warnf("Could not import keystore for %s: %s", keystoresImported[i].Pubkey, status.Message)
}
}
fmt.Printf(
"Successfully imported %s accounts, view all of them by running `accounts list`\n",
au.BrightMagenta(strconv.Itoa(len(keystoresImported))),
)
return nil
}
// ImportAccounts can import external, EIP-2335 compliant keystore.json files as
// new accounts into the Prysm validator wallet.
func ImportAccounts(ctx context.Context, cfg *ImportAccountsConfig) ([]*ethpbservice.ImportedKeystoreStatus, error) {
if cfg.AccountPassword == "" {
statuses := make([]*ethpbservice.ImportedKeystoreStatus, len(cfg.Keystores))
for i, keystore := range cfg.Keystores {
statuses[i] = &ethpbservice.ImportedKeystoreStatus{
Status: ethpbservice.ImportedKeystoreStatus_ERROR,
Message: fmt.Sprintf(
"account password is required to import keystore %s",
keystore.Pubkey,
),
}
}
return statuses, nil
}
passwords := make([]string, len(cfg.Keystores))
for i := 0; i < len(cfg.Keystores); i++ {
passwords[i] = cfg.AccountPassword
}
return cfg.Importer.ImportKeystores(
ctx,
cfg.Keystores,
passwords,
)
}
// Imports a one-off file containing a private key as a hex string into
// the Prysm validator's accounts.
func importPrivateKeyAsAccount(cliCtx *cli.Context, wallet *wallet.Wallet, importer keymanager.Importer) error {
privKeyFile := cliCtx.String(flags.ImportPrivateKeyFileFlag.Name)
fullPath, err := file.ExpandPath(privKeyFile)
if err != nil {
return errors.Wrapf(err, "could not expand file path for %s", privKeyFile)
}
if !file.FileExists(fullPath) {
return fmt.Errorf("file %s does not exist", fullPath)
}
privKeyHex, err := os.ReadFile(fullPath) // #nosec G304
if err != nil {
return errors.Wrapf(err, "could not read private key file at path %s", fullPath)
}
privKeyString := string(privKeyHex)
if len(privKeyString) > 2 && strings.Contains(privKeyString, "0x") {
privKeyString = privKeyString[2:] // Strip the 0x prefix, if any.
}
privKeyBytes, err := hex.DecodeString(strings.TrimRight(privKeyString, "\r\n"))
if err != nil {
return errors.Wrap(
err, "could not decode file as hex string, does the file contain a valid hex string?",
)
}
privKey, err := bls.SecretKeyFromBytes(privKeyBytes)
if err != nil {
return errors.Wrap(err, "not a valid BLS private key")
}
keystore, err := createKeystoreFromPrivateKey(privKey, wallet.Password())
if err != nil {
return errors.Wrap(err, "could not encrypt private key into a keystore file")
}
statuses, err := ImportAccounts(
cliCtx.Context,
&ImportAccountsConfig{
Importer: importer,
AccountPassword: wallet.Password(),
Keystores: []*keymanager.Keystore{keystore},
},
)
if err != nil {
return errors.Wrap(err, "could not import keystore into wallet")
}
for _, status := range statuses {
if status.Status == ethpbservice.ImportedKeystoreStatus_ERROR {
log.Warnf("Could not import keystore for %s: %s", keystore.Pubkey, status.Message)
} else if status.Status == ethpbservice.ImportedKeystoreStatus_DUPLICATE {
log.Warnf("Duplicate key %s skipped", keystore.Pubkey)
}
}
fmt.Printf(
"Imported account with public key %#x, view all accounts by running `accounts list`\n",
au.BrightMagenta(bytesutil.Trunc(privKey.PublicKey().Marshal())),
)
return nil
}
func readKeystoreFile(_ context.Context, keystoreFilePath string) (*keymanager.Keystore, error) {
keystoreBytes, err := os.ReadFile(keystoreFilePath) // #nosec G304
if err != nil {
return nil, errors.Wrap(err, "could not read keystore file")
}
keystoreFile := &keymanager.Keystore{}
if err := json.Unmarshal(keystoreBytes, keystoreFile); err != nil {
return nil, errors.Wrap(err, "could not decode keystore json")
}
if keystoreFile.Pubkey == "" {
return nil, errors.New("could not decode keystore json")
}
return keystoreFile, nil
}
func createKeystoreFromPrivateKey(privKey bls.SecretKey, walletPassword string) (*keymanager.Keystore, error) {
encryptor := keystorev4.New()
id, err := uuid.NewRandom()
if err != nil {
return nil, err
}
cryptoFields, err := encryptor.Encrypt(privKey.Marshal(), walletPassword)
if err != nil {
return nil, errors.Wrapf(
err,
"could not encrypt private key with public key %#x",
privKey.PublicKey().Marshal(),
)
}
return &keymanager.Keystore{
Crypto: cryptoFields,
ID: id.String(),
Version: encryptor.Version(),
Pubkey: fmt.Sprintf("%x", privKey.PublicKey().Marshal()),
Name: encryptor.Name(),
}, nil
}
// Extracts the account index, j, from a derivation path in a file name
// with the format m_12381_3600_j_0_0.
func accountIndexFromFileName(derivationPath string) string {
derivationPath = derivationPath[13:]
accIndexEnd := strings.Index(derivationPath, "_")
return derivationPath[:accIndexEnd]
}