Move core functions to util

2026-01-08 21:48:05 -05:00 · 2020-12-07 14:52:08 +00:00
parent 95c57363a2
commit 6077e04619
20 changed files with 110 additions and 104 deletions
--- a/util/misc.go
+++ b/util/misc.go
@@ -0,0 +1,239 @@
+// Copyright © 2019 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/spf13/viper"
+	e2types "github.com/wealdtech/go-eth2-types/v2"
+	e2wallet "github.com/wealdtech/go-eth2-wallet"
+	dirk "github.com/wealdtech/go-eth2-wallet-dirk"
+	filesystem "github.com/wealdtech/go-eth2-wallet-store-filesystem"
+	s3 "github.com/wealdtech/go-eth2-wallet-store-s3"
+	e2wtypes "github.com/wealdtech/go-eth2-wallet-types/v2"
+)
+
+// SetupStore sets up the account store.
+func SetupStore() error {
+	var store e2wtypes.Store
+	var err error
+	if viper.GetString("remote") != "" {
+		// We are using a remote account manager, so no local setup required.
+		return nil
+	}
+
+	// Set up our wallet store.
+	switch viper.GetString("store") {
+	case "s3":
+		if GetBaseDir() != "" {
+			return errors.New("basedir does not apply to the s3 store")
+		}
+		store, err = s3.New(s3.WithPassphrase([]byte(GetStorePassphrase())))
+		if err != nil {
+			return errors.Wrap(err, "failed to access Amazon S3 wallet store")
+		}
+	case "filesystem":
+		opts := make([]filesystem.Option, 0)
+		if GetStorePassphrase() != "" {
+			opts = append(opts, filesystem.WithPassphrase([]byte(GetStorePassphrase())))
+		}
+		if GetBaseDir() != "" {
+			opts = append(opts, filesystem.WithLocation(viper.GetString("base-dir")))
+		}
+		store = filesystem.New(opts...)
+	default:
+		return fmt.Errorf("unsupported wallet store %s", viper.GetString("store"))
+	}
+	if err := e2wallet.UseStore(store); err != nil {
+		return errors.Wrap(err, "failed to use defined wallet store")
+	}
+	viper.Set("store", store)
+
+	return nil
+}
+
+// WalletFromInput obtains a wallet given the information in the viper variable
+// "account", or if not present the viper variable "wallet".
+func WalletFromInput(ctx context.Context) (e2wtypes.Wallet, error) {
+	switch {
+	case viper.GetString("account") != "":
+		return WalletFromPath(ctx, viper.GetString("account"))
+	case viper.GetString("wallet") != "":
+		return WalletFromPath(ctx, viper.GetString("wallet"))
+	default:
+		return nil, errors.New("cannot determine wallet")
+	}
+}
+
+// WalletFromPath obtains a wallet given a path specification.
+func WalletFromPath(ctx context.Context, path string) (e2wtypes.Wallet, error) {
+	walletName, _, err := e2wallet.WalletAndAccountNames(path)
+	if err != nil {
+		return nil, err
+	}
+	if viper.GetString("remote") != "" {
+		if viper.GetString("client-cert") == "" {
+			return nil, errors.New("remote connections require client-cert")
+		}
+		if viper.GetString("client-key") == "" {
+			return nil, errors.New("remote connections require client-key")
+		}
+		credentials, err := dirk.ComposeCredentials(ctx, viper.GetString("client-cert"), viper.GetString("client-key"), viper.GetString("server-ca-cert"))
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to build dirk credentials")
+		}
+
+		endpoints, err := remotesToEndpoints([]string{viper.GetString("remote")})
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to parse remote servers")
+		}
+
+		return dirk.OpenWallet(ctx, walletName, credentials, endpoints)
+	}
+	wallet, err := e2wallet.OpenWallet(walletName)
+	if err != nil {
+		if strings.Contains(err.Error(), "failed to decrypt wallet") {
+			return nil, errors.New("Incorrect store passphrase")
+		}
+		return nil, err
+	}
+	return wallet, nil
+}
+
+// WalletAndAccountFromInput obtains the wallet and account given the information in the viper variable "account".
+func WalletAndAccountFromInput(ctx context.Context) (e2wtypes.Wallet, e2wtypes.Account, error) {
+	return WalletAndAccountFromPath(ctx, viper.GetString("account"))
+}
+
+// WalletAndAccountFromPath obtains the wallet and account given a path specification.
+func WalletAndAccountFromPath(ctx context.Context, path string) (e2wtypes.Wallet, e2wtypes.Account, error) {
+	wallet, err := WalletFromPath(ctx, path)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "faild to open wallet for account")
+	}
+	_, accountName, err := e2wallet.WalletAndAccountNames(path)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "failed to obtain account name")
+	}
+	if accountName == "" {
+		return nil, nil, errors.New("no account name")
+	}
+
+	if wallet.Type() == "hierarchical deterministic" && strings.HasPrefix(accountName, "m/") {
+		if GetWalletPassphrase() == "" {
+			return nil, nil, errors.New("walletpassphrase is required for direct path derivations")
+		}
+
+		locker, isLocker := wallet.(e2wtypes.WalletLocker)
+		if isLocker {
+			err = locker.Unlock(ctx, []byte(GetWalletPassphrase()))
+			if err != nil {
+				return nil, nil, errors.New("failed to unlock wallet")
+			}
+			defer relockAccount(locker)
+		}
+	}
+
+	accountByNameProvider, isAccountByNameProvider := wallet.(e2wtypes.WalletAccountByNameProvider)
+	if !isAccountByNameProvider {
+		return nil, nil, errors.New("wallet cannot obtain accounts by name")
+	}
+	account, err := accountByNameProvider.AccountByName(ctx, accountName)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "failed to obtain account")
+	}
+	return wallet, account, nil
+}
+
+// WalletAndAccountsFromPath obtains the wallet and matching accounts given a path specification.
+func WalletAndAccountsFromPath(ctx context.Context, path string) (e2wtypes.Wallet, []e2wtypes.Account, error) {
+	wallet, err := WalletFromPath(ctx, path)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "faild to open wallet for account")
+	}
+
+	_, accountSpec, err := e2wallet.WalletAndAccountNames(path)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "failed to obtain account specification")
+	}
+	if accountSpec == "" {
+		accountSpec = "^.*$"
+	} else {
+		accountSpec = fmt.Sprintf("^%s$", accountSpec)
+	}
+	re := regexp.MustCompile(accountSpec)
+
+	accounts := make([]e2wtypes.Account, 0)
+	for account := range wallet.Accounts(ctx) {
+		if re.Match([]byte(account.Name())) {
+			accounts = append(accounts, account)
+		}
+	}
+
+	// Tidy up accounts by name.
+	sort.Slice(accounts, func(i, j int) bool {
+		return accounts[i].Name() < accounts[j].Name()
+	})
+
+	return wallet, accounts, nil
+}
+
+// BestPublicKey returns the best public key for operations.
+// It prefers the composite public key if present, otherwise the public key.
+func BestPublicKey(account e2wtypes.Account) (e2types.PublicKey, error) {
+	var pubKey e2types.PublicKey
+	publicKeyProvider, isCompositePublicKeyProvider := account.(e2wtypes.AccountCompositePublicKeyProvider)
+	if isCompositePublicKeyProvider {
+		pubKey = publicKeyProvider.CompositePublicKey()
+	} else {
+		publicKeyProvider, isPublicKeyProvider := account.(e2wtypes.AccountPublicKeyProvider)
+		if isPublicKeyProvider {
+			pubKey = publicKeyProvider.PublicKey()
+		} else {
+			return nil, errors.New("account does not provide a public key")
+		}
+	}
+	return pubKey, nil
+}
+
+// relockAccount locks an account; generally called as a defer after an account is unlocked so handles its own error.
+func relockAccount(locker e2wtypes.AccountLocker) {
+	if err := locker.Lock(context.Background()); err != nil {
+		panic(err)
+	}
+}
+
+// remotesToEndpoints generates endpoints from remote addresses.
+func remotesToEndpoints(remotes []string) ([]*dirk.Endpoint, error) {
+	endpoints := make([]*dirk.Endpoint, 0)
+	for _, remote := range remotes {
+		parts := strings.Split(remote, ":")
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("invalid remote %q", remote)
+		}
+		port, err := strconv.ParseUint(parts[1], 10, 32)
+		if err != nil {
+			return nil, errors.Wrap(err, fmt.Sprintf("invalid port in remote %q", remote))
+		}
+		endpoints = append(endpoints, dirk.NewEndpoint(parts[0], uint32(port)))
+	}
+	return endpoints, nil
+}
--- a/util/signing.go
+++ b/util/signing.go
@@ -0,0 +1,162 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"context"
+
+	spec "github.com/attestantio/go-eth2-client/spec/phase0"
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/go-ssz"
+	"github.com/spf13/viper"
+	e2types "github.com/wealdtech/go-eth2-types/v2"
+	e2wtypes "github.com/wealdtech/go-eth2-wallet-types/v2"
+)
+
+// SignRoot signs the hash tree root of a data structure
+func SignRoot(account e2wtypes.Account, root spec.Root, domain spec.Domain) (e2types.Signature, error) {
+	if _, isProtectingSigner := account.(e2wtypes.AccountProtectingSigner); isProtectingSigner {
+		// Signer builds the signing data.
+		return signGeneric(account, root, domain)
+	}
+
+	// Build the signing data manually.
+	container := &spec.SigningData{
+		ObjectRoot: root,
+		Domain:     domain,
+	}
+	// outputIf(debug, fmt.Sprintf("Signing container:\n root: %#x\n domain: %#x", container.ObjectRoot, container.Domain))
+	signingRoot, err := container.HashTreeRoot()
+	if err != nil {
+		return nil, err
+	}
+	// outputIf(debug, fmt.Sprintf("Signing root: %#x", signingRoot))
+	return sign(account, signingRoot[:])
+}
+
+// VerifyRoot verifies the hash tree root of a data structure.
+func VerifyRoot(account e2wtypes.Account, root spec.Root, domain spec.Domain, signature e2types.Signature) (bool, error) {
+	// Build the signing data manually.
+	container := &spec.SigningData{
+		ObjectRoot: root,
+		Domain:     domain,
+	}
+	// outputIf(debug, fmt.Sprintf("Signing container:\n root: %#x\n domain: %#x", container.ObjectRoot, container.Domain))
+	signingRoot, err := ssz.HashTreeRoot(container)
+	if err != nil {
+		return false, err
+	}
+	// outputIf(debug, fmt.Sprintf("Signing root: %#x", signingRoot))
+	pubKey, err := BestPublicKey(account)
+	if err != nil {
+		return false, errors.Wrap(err, "failed to obtain account public key")
+	}
+	return signature.Verify(signingRoot[:], pubKey), nil
+}
+
+// signGeneric signs generic data.
+func signGeneric(account e2wtypes.Account, data spec.Root, domain spec.Domain) (e2types.Signature, error) {
+	alreadyUnlocked, err := unlock(account)
+	if err != nil {
+		return nil, err
+	}
+	// outputIf(debug, fmt.Sprintf("Signing %x (%d)", data, len(data)))
+	ctx, cancel := context.WithTimeout(context.Background(), viper.GetDuration("timeout"))
+	defer cancel()
+
+	signer, isProtectingSigner := account.(e2wtypes.AccountProtectingSigner)
+	if !isProtectingSigner {
+		return nil, errors.New("account does not provide generic signing")
+	}
+
+	signature, err := signer.SignGeneric(ctx, data[:], domain[:])
+	// errCheck(err, "failed to sign")
+	if !alreadyUnlocked {
+		if err := lock(account); err != nil {
+			return nil, errors.Wrap(err, "failed to lock account")
+		}
+	}
+	return signature, err
+}
+
+// sign signs arbitrary data, handling unlocking and locking as required.
+func sign(account e2wtypes.Account, data []byte) (e2types.Signature, error) {
+	alreadyUnlocked, err := unlock(account)
+	if err != nil {
+		return nil, err
+	}
+	// outputIf(debug, fmt.Sprintf("Signing %x (%d)", data, len(data)))
+	ctx, cancel := context.WithTimeout(context.Background(), viper.GetDuration("timeout"))
+	defer cancel()
+
+	signer, isSigner := account.(e2wtypes.AccountSigner)
+	if !isSigner {
+		return nil, errors.New("account does not provide signing")
+	}
+
+	signature, err := signer.Sign(ctx, data)
+	// errCheck(err, "failed to sign")
+	if !alreadyUnlocked {
+		if err := lock(account); err != nil {
+			return nil, errors.Wrap(err, "failed to lock account")
+		}
+	}
+	return signature, err
+}
+
+// unlock attempts to unlock an account.  It returns true if the account was already unlocked.
+func unlock(account e2wtypes.Account) (bool, error) {
+	locker, isAccountLocker := account.(e2wtypes.AccountLocker)
+	if !isAccountLocker {
+		// outputIf(debug, "Account does not support unlocking")
+		// This account doesn't support unlocking; return okay.
+		return true, nil
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), viper.GetDuration("timeout"))
+	alreadyUnlocked, err := locker.IsUnlocked(ctx)
+	cancel()
+	if err != nil {
+		return false, errors.Wrap(err, "unable to ascertain if account is unlocked")
+	}
+
+	if alreadyUnlocked {
+		return true, nil
+	}
+
+	// Not already unlocked; attempt to unlock it.
+	for _, passphrase := range GetPassphrases() {
+		ctx, cancel := context.WithTimeout(context.Background(), viper.GetDuration("timeout"))
+		err = locker.Unlock(ctx, []byte(passphrase))
+		cancel()
+		if err == nil {
+			// Unlocked.
+			return false, nil
+		}
+	}
+
+	// Failed to unlock it.
+	return false, errors.New("failed to unlock account")
+}
+
+// lock attempts to lock an account.
+func lock(account e2wtypes.Account) error {
+	locker, isAccountLocker := account.(e2wtypes.AccountLocker)
+	if !isAccountLocker {
+		return nil
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), viper.GetDuration("timeout"))
+	defer cancel()
+	return locker.Lock(ctx)
+}