From 1a565943b46f36d31d9aa7fa339c0191fbf165b6 Mon Sep 17 00:00:00 2001 From: Pavel Krolevets Date: Fri, 25 Oct 2024 10:05:10 +0300 Subject: [PATCH] Audit fix: Insecure TLS Default Configuration (#147) * refactor flags + add tlsInsecure flag + change default TLS config * update docker config + add default CA cert path /etc/ssl/certs/ca-certificates.crt * lint * rename filenames at /flags --- Dockerfile | 3 +- cli/flags/base.go | 111 +++ cli/flags/flags.go | 216 ----- cli/flags/healthcheck.go | 9 + cli/flags/init.go | 253 ++++++ cli/flags/operator.go | 137 +++ cli/flags/reshare.go | 214 +++++ cli/flags/resign.go | 170 ++++ cli/flags/utils.go | 63 ++ cli/flags/verify.go | 77 ++ cli/initiator/initiator.go | 39 +- cli/initiator/initiator_health_check.go | 8 +- cli/initiator/reshare.go | 83 +- cli/initiator/resigning.go | 77 +- cli/operator/operator.go | 17 +- cli/utils/utils.go | 848 ++---------------- cli/verify/verify.go | 28 +- docker-compose.yml | 66 +- entry-point.sh | 4 +- examples/config/initiator.example.yaml | 1 + examples/config/operator1.example.yaml | 4 +- examples/config/operator10.example.yaml | 4 +- examples/config/operator11.example.yaml | 2 + examples/config/operator12.example.yaml | 2 + examples/config/operator13.example.yaml | 2 + examples/config/operator2.example.yaml | 4 +- examples/config/operator3.example.yaml | 4 +- examples/config/operator4.example.yaml | 4 +- examples/config/operator9.example.yaml | 2 + examples/config/reshare.example.yaml | 1 + examples/config/resign.example.yaml | 1 + examples/initiator/rootCA.crt | 60 +- examples/initiator/rootCA.key | 100 +-- integration_test/init_bulk_test.go | 152 +++- integration_test/init_integration_test.go | 20 +- integration_test/reshare_bulk_test.go | 12 +- integration_test/reshare_eip1271_sig_test.go | 8 +- integration_test/reshare_integration_test.go | 24 +- .../reshare_threshold_old_ops_test.go | 12 +- integration_test/resign_bulk_test.go | 12 +- integration_test/resign_eip1271_sig_test.go | 8 +- integration_test/resign_integration_test.go | 8 +- pkgs/crypto/crypto_test.go | 2 +- pkgs/dkg/drand.go | 4 +- pkgs/initiator/initiator.go | 37 +- pkgs/initiator/initiator_test.go | 18 +- pkgs/initiator/requests.go | 8 +- pkgs/operator/operator_test.go | 12 +- pkgs/validator/directory.go | 3 +- pkgs/wire/types_json.go | 32 +- 50 files changed, 1672 insertions(+), 1314 deletions(-) create mode 100644 cli/flags/base.go delete mode 100644 cli/flags/flags.go create mode 100644 cli/flags/healthcheck.go create mode 100644 cli/flags/init.go create mode 100644 cli/flags/operator.go create mode 100644 cli/flags/reshare.go create mode 100644 cli/flags/resign.go create mode 100644 cli/flags/utils.go create mode 100644 cli/flags/verify.go diff --git a/Dockerfile b/Dockerfile index 184d424d..489f02d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,8 @@ FROM alpine:3.20 WORKDIR /ssv-dkg # Install openssl -RUN apk add --no-cache openssl +RUN apk add --no-cache openssl +RUN apk add --no-cache ca-certificates && update-ca-certificates # Copy the built binary and entry-point script from the previous stage/build context COPY --from=build /bin/ssv-dkg /bin/ssv-dkg diff --git a/cli/flags/base.go b/cli/flags/base.go new file mode 100644 index 00000000..6f02d09f --- /dev/null +++ b/cli/flags/base.go @@ -0,0 +1,111 @@ +package flags + +import ( + "fmt" + "path/filepath" + "strings" + + "github.com/spf13/cobra" + "github.com/spf13/viper" + + cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" +) + +// Flag names. +const ( + logLevel = "logLevel" + logFormat = "logFormat" + logLevelFormat = "logLevelFormat" + logFilePath = "logFilePath" + configPath = "configPath" + outputPath = "outputPath" +) + +// global base flags +var ( + ConfigPath string + OutputPath string + LogLevel string + LogFormat string + LogLevelFormat string + LogFilePath string +) + +func SetBaseFlags(cmd *cobra.Command) { + OutputPathFlag(cmd) + ConfigPathFlag(cmd) + LogLevelFlag(cmd) + LogFormatFlag(cmd) + LogLevelFormatFlag(cmd) + LogFilePathFlag(cmd) +} + +// BindFlags binds flags to yaml config parameters +func BindBaseFlags(cmd *cobra.Command) error { + if err := viper.BindPFlag("outputPath", cmd.PersistentFlags().Lookup("outputPath")); err != nil { + return err + } + if err := viper.BindPFlag("configPath", cmd.PersistentFlags().Lookup("configPath")); err != nil { + return err + } + if err := viper.BindPFlag("logLevel", cmd.PersistentFlags().Lookup("logLevel")); err != nil { + return err + } + if err := viper.BindPFlag("logFormat", cmd.PersistentFlags().Lookup("logFormat")); err != nil { + return err + } + if err := viper.BindPFlag("logLevelFormat", cmd.PersistentFlags().Lookup("logLevelFormat")); err != nil { + return err + } + if err := viper.BindPFlag("logFilePath", cmd.PersistentFlags().Lookup("logFilePath")); err != nil { + return err + } + OutputPath = viper.GetString("outputPath") + if OutputPath != "" { + OutputPath = filepath.Clean(OutputPath) + } + if strings.Contains(OutputPath, "..") { + return fmt.Errorf("😥 outputPath cant contain traversal") + } + if err := cli_utils.CreateDirIfNotExist(OutputPath); err != nil { + return err + } + LogLevel = viper.GetString("logLevel") + LogFormat = viper.GetString("logFormat") + LogLevelFormat = viper.GetString("logLevelFormat") + LogFilePath = viper.GetString("logFilePath") + if strings.Contains(LogFilePath, "..") { + return fmt.Errorf("😥 logFilePath cant contain traversal") + } + return nil +} + +// LogLevelFlag logger's log level flag to the command +func LogLevelFlag(c *cobra.Command) { + AddPersistentStringFlag(c, logLevel, "debug", "Defines logger's log level", false) +} + +// LogFormatFlag logger's logger's encoding flag to the command +func LogFormatFlag(c *cobra.Command) { + AddPersistentStringFlag(c, logFormat, "json", "Defines logger's encoding, valid values are 'json' (default) and 'console'", false) +} + +// LogLevelFormatFlag logger's level format flag to the command +func LogLevelFormatFlag(c *cobra.Command) { + AddPersistentStringFlag(c, logLevelFormat, "capitalColor", "Defines logger's level format, valid values are 'capitalColor' (default), 'capital' or 'lowercase'", false) +} + +// LogFilePathFlag file path to write logs into +func LogFilePathFlag(c *cobra.Command) { + AddPersistentStringFlag(c, logFilePath, "debug.log", "Defines a file path to write logs into", false) +} + +// ConfigPathFlag config path flag to the command +func ConfigPathFlag(c *cobra.Command) { + AddPersistentStringFlag(c, configPath, "", "Path to config file", false) +} + +// OutputPathFlag sets the path to store resulting files +func OutputPathFlag(c *cobra.Command) { + AddPersistentStringFlag(c, outputPath, "./output", "Path to store results", false) +} diff --git a/cli/flags/flags.go b/cli/flags/flags.go deleted file mode 100644 index e104bdbc..00000000 --- a/cli/flags/flags.go +++ /dev/null @@ -1,216 +0,0 @@ -package flags - -import ( - "fmt" - - "github.com/spf13/cobra" - spec_crypto "github.com/ssvlabs/dkg-spec/crypto" -) - -// Flag names. -const ( - withdrawAddress = "withdrawAddress" - operatorIDs = "operatorIDs" - newOperatorIDs = "newOperatorIDs" - operatorsInfo = "operatorsInfo" - operatorsInfoPath = "operatorsInfoPath" - privKey = "privKey" - privKeyPassword = "privKeyPassword" - configPath = "configPath" - operatorPort = "port" - owner = "owner" - nonce = "nonce" - amount = "amount" - network = "network" - outputPath = "outputPath" - logLevel = "logLevel" - logFormat = "logFormat" - logLevelFormat = "logLevelFormat" - logFilePath = "logFilePath" - validators = "validators" - operatorID = "operatorID" - clientCACertPath = "clientCACertPath" - serverTLSCertPath = "serverTLSCertPath" - serverTLSKeyPath = "serverTLSKeyPath" - proofsFilePath = "proofsFilePath" - proofsString = "proofsString" - ethEndpointURL = "ethEndpointURL" - signatures = "signatures" -) - -// WithdrawAddressFlag adds withdraw address flag to the command -func WithdrawAddressFlag(c *cobra.Command) { - AddPersistentStringFlag(c, withdrawAddress, "", "Withdrawal address", false) -} - -// operatorIDsFlag adds operators IDs flag to the command -func OperatorIDsFlag(c *cobra.Command) { - AddPersistentStringSliceFlag(c, operatorIDs, []string{"1", "2", "3"}, "Operator IDs", false) -} - -// newOperatorIDsFlag adds new operators IDs flag to the command -func NewOperatorIDsFlag(c *cobra.Command) { - AddPersistentStringSliceFlag(c, newOperatorIDs, []string{"1", "2", "3"}, "New operator IDs for resharing ceremony", false) -} - -// OperatorsInfoFlag adds path to operators' ifo file flag to the command -func OperatorsInfoFlag(c *cobra.Command) { - AddPersistentStringFlag(c, operatorsInfo, "", "Raw JSON string operators' public keys, IDs and IPs file e.g. `'[{\"id\":1,\"public_key\":\"xxx\",\"ip\":\"10.0.0.1:3033\"},...]'`", false) -} - -// OperatorsInfoFlag adds path to operators' ifo file flag to the command -func OperatorsInfoPathFlag(c *cobra.Command) { - AddPersistentStringFlag(c, operatorsInfoPath, "", "Path to a file containing operators' public keys, IDs and IPs file e.g. [{\"id\":1,\"public_key\":\"xxx\",\"ip\":\"10.0.0.1:3033\"},...]", false) -} - -// OwnerAddressFlag adds owner address flag to the command -func OwnerAddressFlag(c *cobra.Command) { - AddPersistentStringFlag(c, owner, "", "Owner address", false) -} - -// NonceFlag adds nonce flag to the command -func NonceFlag(c *cobra.Command) { - AddPersistentIntFlag(c, nonce, 0, "Owner nonce", false) -} - -// AmountFlag adds amount in Gwei flag to the command (https://eips.ethereum.org/EIPS/eip-7251) -func AmountFlag(c *cobra.Command) { - AddPersistentIntFlag(c, amount, uint64(spec_crypto.MIN_ACTIVATION_BALANCE), "Amount in Gwei", false) -} - -// NetworkFlag adds the fork version of the network flag to the command -func NetworkFlag(c *cobra.Command) { - AddPersistentStringFlag(c, network, "mainnet", "Network name: mainnet, prater, holesky", false) -} - -// OperatorPrivateKeyFlag adds private key flag to the command -func PrivateKeyFlag(c *cobra.Command) { - AddPersistentStringFlag(c, privKey, "", "Path to initiator Private Key file", false) -} - -// OperatorPrivateKeyPassFlag adds private key flag to the command -func PrivateKeyPassFlag(c *cobra.Command) { - AddPersistentStringFlag(c, privKeyPassword, "", "Password to decrypt initiator`s Private Key file", false) -} - -// OperatorPortFlag adds operator listening port flag to the command -func OperatorPortFlag(c *cobra.Command) { - AddPersistentIntFlag(c, operatorPort, 3030, "Operator Private Key hex", false) -} - -// ConfigPathFlag config path flag to the command -func ConfigPathFlag(c *cobra.Command) { - AddPersistentStringFlag(c, configPath, "", "Path to config file", false) -} - -// LogLevelFlag logger's log level flag to the command -func LogLevelFlag(c *cobra.Command) { - AddPersistentStringFlag(c, logLevel, "debug", "Defines logger's log level", false) -} - -// LogFormatFlag logger's logger's encoding flag to the command -func LogFormatFlag(c *cobra.Command) { - AddPersistentStringFlag(c, logFormat, "json", "Defines logger's encoding, valid values are 'json' (default) and 'console'", false) -} - -// LogLevelFormatFlag logger's level format flag to the command -func LogLevelFormatFlag(c *cobra.Command) { - AddPersistentStringFlag(c, logLevelFormat, "capitalColor", "Defines logger's level format, valid values are 'capitalColor' (default), 'capital' or 'lowercase'", false) -} - -// LogFilePathFlag file path to write logs into -func LogFilePathFlag(c *cobra.Command) { - AddPersistentStringFlag(c, logFilePath, "debug.log", "Defines a file path to write logs into", false) -} - -// ResultPathFlag sets the path to store resulting files -func ResultPathFlag(c *cobra.Command) { - AddPersistentStringFlag(c, outputPath, "./output", "Path to store results", false) -} - -// ClientCACertPathFlag sets path to client CA certificates -func ClientCACertPathFlag(c *cobra.Command) { - AddPersistentStringSliceFlag(c, clientCACertPath, []string{}, "Path to client CA certificates", false) -} - -// ServerTLSCertPath sets path to server TLS certificate -func ServerTLSCertPath(c *cobra.Command) { - AddPersistentStringFlag(c, serverTLSCertPath, "/ssl/tls.crt", "Path to server TLS certificate", false) -} - -// ServerTLSKeyPath sets path to server server TLS private key -func ServerTLSKeyPath(c *cobra.Command) { - AddPersistentStringFlag(c, serverTLSKeyPath, "/ssl/tls.key", "Path to server TLS private key", false) -} - -// ValidatorsFlag add number of validators to create flag to the command -func ValidatorsFlag(c *cobra.Command) { - AddPersistentIntFlag(c, validators, 1, "Number of validators", false) -} - -// OperatorIDFlag add operator ID flag to the command -func OperatorIDFlag(c *cobra.Command) { - AddPersistentIntFlag(c, operatorID, 0, "Operator ID", false) -} - -// ProofsFilePath add file path to proofs flag to the command -func ProofsFilePath(c *cobra.Command) { - AddPersistentStringFlag(c, proofsFilePath, "", "Path to proofs file, provide this OR a stringified proofs", false) -} - -// ProofsStringFlag add proofs string flag to the command -func ProofsStringFlag(c *cobra.Command) { - AddPersistentStringFlag(c, proofsString, "", "Stringified proofs, provide this OR a path to proofs file", false) -} - -// SignaturesFlag add signatures flag to the command -func SignaturesFlag(c *cobra.Command) { - AddPersistentStringFlag(c, signatures, "", "Stringified signature(s) for the resign/reshare message", false) -} - -// EthEndpointURL -func EthEndpointURL(c *cobra.Command) { - AddPersistentStringFlag(c, ethEndpointURL, "http://127.0.0.1:8545", "Ethereum node endpoint URL", false) -} - -// AddPersistentStringFlag adds a string flag to the command -func AddPersistentStringFlag(c *cobra.Command, flag, value, description string, isRequired bool) { - req := "" - if isRequired { - req = " (required)" - } - - c.PersistentFlags().String(flag, value, fmt.Sprintf("%s%s", description, req)) - - if isRequired { - _ = c.MarkPersistentFlagRequired(flag) - } -} - -// AddPersistentIntFlag adds a int flag to the command -func AddPersistentIntFlag(c *cobra.Command, flag string, value uint64, description string, isRequired bool) { - req := "" - if isRequired { - req = " (required)" - } - - c.PersistentFlags().Uint64(flag, value, fmt.Sprintf("%s%s", description, req)) - - if isRequired { - _ = c.MarkPersistentFlagRequired(flag) - } -} - -// AddPersistentStringArrayFlag adds a string slice flag to the command -func AddPersistentStringSliceFlag(c *cobra.Command, flag string, value []string, description string, isRequired bool) { - req := "" - if isRequired { - req = " (required)" - } - - c.PersistentFlags().StringSlice(flag, value, fmt.Sprintf("%s%s", description, req)) - - if isRequired { - _ = c.MarkPersistentFlagRequired(flag) - } -} diff --git a/cli/flags/healthcheck.go b/cli/flags/healthcheck.go new file mode 100644 index 00000000..cc243a75 --- /dev/null +++ b/cli/flags/healthcheck.go @@ -0,0 +1,9 @@ +package flags + +import ( + "github.com/spf13/cobra" +) + +func SetHealthCheckFlags(cmd *cobra.Command) { + AddPersistentStringSliceFlag(cmd, "ip", []string{}, "Operator ip:port", true) +} diff --git a/cli/flags/init.go b/cli/flags/init.go new file mode 100644 index 00000000..bb51bef5 --- /dev/null +++ b/cli/flags/init.go @@ -0,0 +1,253 @@ +package flags + +import ( + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/attestantio/go-eth2-client/spec/phase0" + "github.com/ethereum/go-ethereum/common" + "github.com/spf13/cobra" + "github.com/spf13/viper" + + spec "github.com/ssvlabs/dkg-spec" + spec_crypto "github.com/ssvlabs/dkg-spec/crypto" + "github.com/ssvlabs/ssv-dkg/pkgs/utils" +) + +// Flag names. +const ( + withdrawAddress = "withdrawAddress" + operatorIDs = "operatorIDs" + operatorsInfo = "operatorsInfo" + operatorsInfoPath = "operatorsInfoPath" + owner = "owner" + nonce = "nonce" + amount = "amount" + network = "network" + validators = "validators" + clientCACertPath = "clientCACertPath" + tlsInsecure = "tlsInsecure" +) + +// init flags +var ( + OperatorsInfo string + OperatorsInfoPath string + OperatorIDs []string + WithdrawAddress common.Address + Network string + OwnerAddress common.Address + Nonce uint64 + Amount uint64 + Validators uint + ClientCACertPath []string + TLSInsecure bool +) + +func SetInitFlags(cmd *cobra.Command) { + SetBaseFlags(cmd) + OperatorsInfoFlag(cmd) + OperatorsInfoPathFlag(cmd) + OperatorIDsFlag(cmd) + OwnerAddressFlag(cmd) + NonceFlag(cmd) + AmountFlag(cmd) + NetworkFlag(cmd) + WithdrawAddressFlag(cmd) + ValidatorsFlag(cmd) + ClientCACertPathFlag(cmd) + SetTLSInsecureFlag(cmd) +} + +// BindInitiatorBaseFlags binds flags to yaml config parameters +func BindInitiatorBaseFlags(cmd *cobra.Command) error { + var err error + if err := BindBaseFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("operatorIDs", cmd.PersistentFlags().Lookup("operatorIDs")); err != nil { + return err + } + if err := viper.BindPFlag("operatorsInfo", cmd.PersistentFlags().Lookup("operatorsInfo")); err != nil { + return err + } + if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { + return err + } + if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { + return err + } + if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { + return err + } + if err := viper.BindPFlag("operatorsInfoPath", cmd.PersistentFlags().Lookup("operatorsInfoPath")); err != nil { + return err + } + if err := viper.BindPFlag("clientCACertPath", cmd.PersistentFlags().Lookup("clientCACertPath")); err != nil { + return err + } + OperatorIDs = viper.GetStringSlice("operatorIDs") + if len(OperatorIDs) == 0 { + return fmt.Errorf("😥 Operator IDs flag cant be empty") + } + OperatorsInfoPath = viper.GetString("operatorsInfoPath") + if OperatorsInfoPath != "" { + OperatorsInfoPath = filepath.Clean(OperatorsInfoPath) + } + OperatorsInfo = viper.GetString("operatorsInfo") + if OperatorsInfoPath != "" && OperatorsInfo != "" { + return fmt.Errorf("😥 operators info can be provided either as a raw JSON string, or path to a file, not both") + } + if OperatorsInfoPath == "" && OperatorsInfo == "" { + return fmt.Errorf("😥 operators info should be provided either as a raw JSON string, or path to a file") + } + if OperatorsInfoPath != "" && strings.Contains(OperatorsInfoPath, "..") { + return fmt.Errorf("😥 wrong operatorsInfoPath flag") + } + owner := viper.GetString("owner") + if owner == "" { + return fmt.Errorf("😥 Failed to get owner address flag value") + } + Amount = viper.GetUint64("amount") + if !spec.ValidAmountSet(phase0.Gwei(Amount)) { + return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") + } + OwnerAddress, err = utils.HexToAddress(owner) + if err != nil { + return fmt.Errorf("😥 Failed to parse owner address: %s", err) + } + Nonce = viper.GetUint64("nonce") + if err := viper.BindPFlag("tlsInsecure", cmd.PersistentFlags().Lookup("tlsInsecure")); err != nil { + return err + } + TLSInsecure = viper.GetBool("tlsInsecure") + if !TLSInsecure { + ClientCACertPath = viper.GetStringSlice("clientCACertPath") + if ClientCACertPath == nil { + return fmt.Errorf("😥 TLS CA certs path should be provided, overwise set 'TLSInsecure' flag to true") + } else { + for _, certPath := range ClientCACertPath { + if strings.Contains(filepath.Clean(certPath), "..") { + return fmt.Errorf("😥 wrong clientCACertPath flag, should not contain '..' path traversal") + } + } + } + } else { + ClientCACertPath = []string{} + } + return nil +} + +// BindInitFlags binds flags to yaml config parameters for the initial DKG +func BindInitFlags(cmd *cobra.Command) error { + if err := BindInitiatorBaseFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { + return err + } + if err := viper.BindPFlag("network", cmd.Flags().Lookup("network")); err != nil { + return err + } + if err := viper.BindPFlag("validators", cmd.Flags().Lookup("validators")); err != nil { + return err + } + withdrawAddr := viper.GetString("withdrawAddress") + if withdrawAddr == "" { + return fmt.Errorf("😥 Failed to get withdrawal address flag value") + } + var err error + WithdrawAddress, err = utils.HexToAddress(withdrawAddr) + if err != nil { + return fmt.Errorf("😥 Failed to parse withdraw address: %s", err.Error()) + } + Network = viper.GetString("network") + if Network == "" { + return fmt.Errorf("😥 Failed to get fork version flag value") + } + Validators = viper.GetUint("validators") + if Validators > 100 || Validators == 0 { + return fmt.Errorf("🚨 Amount of generated validators should be 1 to 100") + } + return nil +} + +// SetViperConfig reads a yaml config file if provided +func SetViperConfig(cmd *cobra.Command) error { + if err := viper.BindPFlag("configPath", cmd.PersistentFlags().Lookup("configPath")); err != nil { + return err + } + ConfigPath = viper.GetString("configPath") + if ConfigPath != "" && filepath.Clean(ConfigPath) != "" && !strings.Contains(ConfigPath, "..") { + stat, err := os.Stat(ConfigPath) + if err != nil { + return err + } + if stat.IsDir() { + return fmt.Errorf("configPath flag should be a path to a *.yaml file, but dir provided") + } + viper.SetConfigType("yaml") + viper.SetConfigFile(ConfigPath) + if err := viper.ReadInConfig(); err != nil { + return err + } + } + return nil +} + +// WithdrawAddressFlag adds withdraw address flag to the command +func WithdrawAddressFlag(c *cobra.Command) { + AddPersistentStringFlag(c, withdrawAddress, "", "Withdrawal address", false) +} + +// operatorIDsFlag adds operators IDs flag to the command +func OperatorIDsFlag(c *cobra.Command) { + AddPersistentStringSliceFlag(c, operatorIDs, []string{"1", "2", "3"}, "Operator IDs", false) +} + +// OperatorsInfoFlag adds path to operators' ifo file flag to the command +func OperatorsInfoFlag(c *cobra.Command) { + AddPersistentStringFlag(c, operatorsInfo, "", "Raw JSON string operators' public keys, IDs and IPs file e.g. `'[{\"id\":1,\"public_key\":\"xxx\",\"ip\":\"10.0.0.1:3033\"},...]'`", false) +} + +// OperatorsInfoFlag adds path to operators' ifo file flag to the command +func OperatorsInfoPathFlag(c *cobra.Command) { + AddPersistentStringFlag(c, operatorsInfoPath, "", "Path to a file containing operators' public keys, IDs and IPs file e.g. [{\"id\":1,\"public_key\":\"xxx\",\"ip\":\"10.0.0.1:3033\"},...]", false) +} + +// OwnerAddressFlag adds owner address flag to the command +func OwnerAddressFlag(c *cobra.Command) { + AddPersistentStringFlag(c, owner, "", "Owner address", false) +} + +// NonceFlag adds nonce flag to the command +func NonceFlag(c *cobra.Command) { + AddPersistentIntFlag(c, nonce, 0, "Owner nonce", false) +} + +// AmountFlag adds amount in Gwei flag to the command (https://eips.ethereum.org/EIPS/eip-7251) +func AmountFlag(c *cobra.Command) { + AddPersistentIntFlag(c, amount, uint64(spec_crypto.MIN_ACTIVATION_BALANCE), "Amount in Gwei", false) +} + +// NetworkFlag adds the fork version of the network flag to the command +func NetworkFlag(c *cobra.Command) { + AddPersistentStringFlag(c, network, "mainnet", "Network name: mainnet, prater, holesky", false) +} + +// ClientCACertPathFlag sets path to client CA certificates. For Ubuntu use `sudo apt install ca-certificates` +func ClientCACertPathFlag(c *cobra.Command) { + AddPersistentStringSliceFlag(c, clientCACertPath, []string{"/etc/ssl/certs/ca-certificates.crt"}, "Path to client CA certificates", false) +} + +// ValidatorsFlag add number of validators to create flag to the command +func ValidatorsFlag(c *cobra.Command) { + AddPersistentIntFlag(c, validators, 1, "Number of validators", false) +} + +// SetTLSInsecureFlag add signatures flag to the command +func SetTLSInsecureFlag(c *cobra.Command) { + AddPersistentBoolFlag(c, tlsInsecure, false, "TLS 'InsecureSkipVerify' option. If true, allow any TLS certs to accept", false) +} diff --git a/cli/flags/operator.go b/cli/flags/operator.go new file mode 100644 index 00000000..00eaf17d --- /dev/null +++ b/cli/flags/operator.go @@ -0,0 +1,137 @@ +package flags + +import ( + "fmt" + "path/filepath" + "strings" + + "github.com/spf13/cobra" + "github.com/spf13/viper" + + cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" +) + +// Flag names. +const ( + privKey = "privKey" + privKeyPassword = "privKeyPassword" + operatorPort = "port" + operatorID = "operatorID" + serverTLSCertPath = "serverTLSCertPath" + serverTLSKeyPath = "serverTLSKeyPath" + ethEndpointURL = "ethEndpointURL" +) + +// operator flags +var ( + PrivKey string + PrivKeyPassword string + Port uint64 + OperatorID uint64 + ServerTLSCertPath string + ServerTLSKeyPath string + EthEndpointURL string +) + +func SetOperatorFlags(cmd *cobra.Command) { + SetBaseFlags(cmd) + PrivateKeyFlag(cmd) + PrivateKeyPassFlag(cmd) + OperatorPortFlag(cmd) + OperatorIDFlag(cmd) + SetServerTLSCertPath(cmd) + SetServerTLSKeyPath(cmd) + SetEthEndpointURL(cmd) +} + +// BindOperatorFlags binds flags to yaml config parameters for the operator +func BindOperatorFlags(cmd *cobra.Command) error { + if err := BindBaseFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("privKey", cmd.PersistentFlags().Lookup("privKey")); err != nil { + return err + } + if err := viper.BindPFlag("privKeyPassword", cmd.PersistentFlags().Lookup("privKeyPassword")); err != nil { + return err + } + if err := viper.BindPFlag("port", cmd.PersistentFlags().Lookup("port")); err != nil { + return err + } + if err := viper.BindPFlag("operatorID", cmd.PersistentFlags().Lookup("operatorID")); err != nil { + return err + } + if err := viper.BindPFlag("serverTLSCertPath", cmd.PersistentFlags().Lookup("serverTLSCertPath")); err != nil { + return err + } + if err := viper.BindPFlag("serverTLSKeyPath", cmd.PersistentFlags().Lookup("serverTLSKeyPath")); err != nil { + return err + } + if err := viper.BindPFlag("ethEndpointURL", cmd.PersistentFlags().Lookup("ethEndpointURL")); err != nil { + return err + } + PrivKey = filepath.Clean(viper.GetString("privKey")) + PrivKeyPassword = filepath.Clean(viper.GetString("privKeyPassword")) + if strings.Contains(PrivKey, "..") { + return fmt.Errorf("😥 Failed to get private key path flag value") + } + if strings.Contains(PrivKeyPassword, "..") { + return fmt.Errorf("😥 Failed to get password for private key flag value") + } + Port = viper.GetUint64("port") + if Port == 0 { + return fmt.Errorf("😥 Wrong port provided") + } + OperatorID = viper.GetUint64("operatorID") + if OperatorID == 0 { + return fmt.Errorf("😥 Wrong operator ID provided") + } + ServerTLSCertPath = filepath.Clean(viper.GetString("serverTLSCertPath")) + if strings.Contains(ServerTLSCertPath, "..") { + return fmt.Errorf("😥 wrong serverTLSCertPath flag") + } + ServerTLSKeyPath = filepath.Clean(viper.GetString("serverTLSKeyPath")) + if strings.Contains(ServerTLSKeyPath, "..") { + return fmt.Errorf("😥 wrong serverTLSKeyPath flag") + } + EthEndpointURL = viper.GetString("ethEndpointURL") + if !cli_utils.IsUrl(EthEndpointURL) { + return fmt.Errorf("ethereum endpoint URL: %s - Invalid", EthEndpointURL) + } + return nil +} + +// OperatorPrivateKeyFlag adds private key flag to the command +func PrivateKeyFlag(c *cobra.Command) { + AddPersistentStringFlag(c, privKey, "", "Path to initiator Private Key file", false) +} + +// OperatorPrivateKeyPassFlag adds private key flag to the command +func PrivateKeyPassFlag(c *cobra.Command) { + AddPersistentStringFlag(c, privKeyPassword, "", "Password to decrypt initiator`s Private Key file", false) +} + +// OperatorPortFlag adds operator listening port flag to the command +func OperatorPortFlag(c *cobra.Command) { + AddPersistentIntFlag(c, operatorPort, 3030, "Operator Private Key hex", false) +} + +// OperatorIDFlag add operator ID flag to the command +func OperatorIDFlag(c *cobra.Command) { + AddPersistentIntFlag(c, operatorID, 0, "Operator ID", false) +} + +// ServerTLSCertPath sets path to server TLS certificate +func SetServerTLSCertPath(c *cobra.Command) { + AddPersistentStringFlag(c, serverTLSCertPath, "/ssl/tls.crt", "Path to server TLS certificate", false) +} + +// ServerTLSKeyPath sets path to server server TLS private key +func SetServerTLSKeyPath(c *cobra.Command) { + AddPersistentStringFlag(c, serverTLSKeyPath, "/ssl/tls.key", "Path to server TLS private key", false) +} + +// SetEthEndpointURL +func SetEthEndpointURL(c *cobra.Command) { + AddPersistentStringFlag(c, ethEndpointURL, "http://127.0.0.1:8545", "Ethereum node endpoint URL", false) +} diff --git a/cli/flags/reshare.go b/cli/flags/reshare.go new file mode 100644 index 00000000..b8b34df1 --- /dev/null +++ b/cli/flags/reshare.go @@ -0,0 +1,214 @@ +package flags + +import ( + "fmt" + "path/filepath" + "strings" + + "github.com/attestantio/go-eth2-client/spec/phase0" + "github.com/spf13/cobra" + "github.com/spf13/viper" + + spec "github.com/ssvlabs/dkg-spec" + "github.com/ssvlabs/ssv-dkg/pkgs/utils" +) + +// Flag names. +const ( + newOperatorIDs = "newOperatorIDs" + proofsFilePath = "proofsFilePath" + proofsString = "proofsString" + signatures = "signatures" +) + +// resigning/reshare flags +var ( + ProofsFilePath string + ProofsString string + NewOperatorIDs []string + Signatures string +) + +func SetBaseReshareFlags(cmd *cobra.Command) { + SetBaseFlags(cmd) + OperatorsInfoFlag(cmd) + OperatorsInfoPathFlag(cmd) + OperatorIDsFlag(cmd) + NewOperatorIDsFlag(cmd) + WithdrawAddressFlag(cmd) + OwnerAddressFlag(cmd) + NonceFlag(cmd) + AmountFlag(cmd) + NetworkFlag(cmd) + SetProofsFilePath(cmd) + ProofsStringFlag(cmd) +} + +func SetGenerateReshareMsgFlags(cmd *cobra.Command) { + SetBaseReshareFlags(cmd) +} + +func SetReshareFlags(cmd *cobra.Command) { + SetBaseReshareFlags(cmd) + ClientCACertPathFlag(cmd) + SetTLSInsecureFlag(cmd) + SignaturesFlag(cmd) +} + +func BindGenerateReshareMsgFlags(cmd *cobra.Command) error { + if err := BindBaseFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("operatorsInfo", cmd.PersistentFlags().Lookup("operatorsInfo")); err != nil { + return err + } + if err := viper.BindPFlag("operatorsInfoPath", cmd.PersistentFlags().Lookup("operatorsInfoPath")); err != nil { + return err + } + if err := viper.BindPFlag("operatorIDs", cmd.PersistentFlags().Lookup("operatorIDs")); err != nil { + return err + } + if err := viper.BindPFlag("newOperatorIDs", cmd.PersistentFlags().Lookup("newOperatorIDs")); err != nil { + return err + } + if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { + return err + } + if err := viper.BindPFlag("network", cmd.Flags().Lookup("network")); err != nil { + return err + } + if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { + return err + } + if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { + return err + } + if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { + return err + } + if err := viper.BindPFlag("proofsFilePath", cmd.PersistentFlags().Lookup("proofsFilePath")); err != nil { + return err + } + if err := viper.BindPFlag("proofsString", cmd.PersistentFlags().Lookup("proofsString")); err != nil { + return err + } + OperatorsInfoPath = viper.GetString("operatorsInfoPath") + if OperatorsInfoPath != "" { + OperatorsInfoPath = filepath.Clean(OperatorsInfoPath) + } + OperatorsInfo = viper.GetString("operatorsInfo") + if OperatorsInfoPath != "" && OperatorsInfo != "" { + return fmt.Errorf("😥 operators info can be provided either as a raw JSON string, or path to a file, not both") + } + if OperatorsInfoPath == "" && OperatorsInfo == "" { + return fmt.Errorf("😥 operators info should be provided either as a raw JSON string, or path to a file") + } + if OperatorsInfoPath != "" && strings.Contains(OperatorsInfoPath, "..") { + return fmt.Errorf("😥 wrong operatorsInfoPath flag") + } + OperatorIDs = viper.GetStringSlice("operatorIDs") + if len(OperatorIDs) == 0 { + return fmt.Errorf("😥 Old operator IDs flag cannot be empty") + } + NewOperatorIDs = viper.GetStringSlice("newOperatorIDs") + if len(NewOperatorIDs) == 0 { + return fmt.Errorf("😥 New operator IDs flag cannot be empty") + } + ProofsFilePath = viper.GetString("proofsFilePath") + if ProofsFilePath != "" { + ProofsFilePath = filepath.Clean(ProofsFilePath) + } + ProofsString = viper.GetString("proofsString") + if ProofsFilePath == "" && ProofsString == "" { + return fmt.Errorf("😥 Failed to get proofs from proofs string or path to proofs flag value") + } + if ProofsFilePath != "" && ProofsString != "" { + return fmt.Errorf("😥 proofs can be provided either as a string, or path to a file, not both") + } + if ProofsFilePath != "" && strings.Contains(ProofsFilePath, "..") { + return fmt.Errorf("😥 wrong proofsFilePath flag") + } + withdrawAddr := viper.GetString("withdrawAddress") + if withdrawAddr == "" { + return fmt.Errorf("😥 Failed to get withdrawal address flag value") + } + var err error + WithdrawAddress, err = utils.HexToAddress(withdrawAddr) + if err != nil { + return fmt.Errorf("😥 Failed to parse withdraw address: %s", err.Error()) + } + Network = viper.GetString("network") + if Network == "" { + return fmt.Errorf("😥 Failed to get fork version flag value") + } + owner := viper.GetString("owner") + if owner == "" { + return fmt.Errorf("😥 Failed to get owner address flag value") + } + OwnerAddress, err = utils.HexToAddress(owner) + if err != nil { + return fmt.Errorf("😥 Failed to parse owner address: %s", err) + } + Nonce = viper.GetUint64("nonce") + Amount = viper.GetUint64("amount") + if !spec.ValidAmountSet(phase0.Gwei(Amount)) { + return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") + } + return nil +} + +// BindReshareFlags binds flags to yaml config parameters for the resharing ceremony of DKG +func BindReshareFlags(cmd *cobra.Command) error { + if err := BindGenerateReshareMsgFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("signatures", cmd.PersistentFlags().Lookup("signatures")); err != nil { + return err + } + Signatures = viper.GetString("signatures") + if Signatures == "" { + return fmt.Errorf("😥 Failed to get --signatures flag value") + } + if err := viper.BindPFlag("clientCACertPath", cmd.PersistentFlags().Lookup("clientCACertPath")); err != nil { + return err + } + if err := viper.BindPFlag("tlsInsecure", cmd.PersistentFlags().Lookup("tlsInsecure")); err != nil { + return err + } + TLSInsecure = viper.GetBool("tlsInsecure") + if !TLSInsecure { + ClientCACertPath = viper.GetStringSlice("clientCACertPath") + if ClientCACertPath == nil { + return fmt.Errorf("😥 TLS CA certs path should be provided, overwise set 'TLSInsecure' flag to true") + } else { + for _, certPath := range ClientCACertPath { + if strings.Contains(filepath.Clean(certPath), "..") { + return fmt.Errorf("😥 wrong clientCACertPath flag, should not contain '..' path traversal") + } + } + } + } else { + ClientCACertPath = []string{} + } + return nil +} + +// newOperatorIDsFlag adds new operators IDs flag to the command +func NewOperatorIDsFlag(c *cobra.Command) { + AddPersistentStringSliceFlag(c, newOperatorIDs, []string{"1", "2", "3"}, "New operator IDs for resharing ceremony", false) +} + +// ProofsFilePath add file path to proofs flag to the command +func SetProofsFilePath(c *cobra.Command) { + AddPersistentStringFlag(c, proofsFilePath, "", "Path to proofs file, provide this OR a stringified proofs", false) +} + +// ProofsStringFlag add proofs string flag to the command +func ProofsStringFlag(c *cobra.Command) { + AddPersistentStringFlag(c, proofsString, "", "Stringified proofs, provide this OR a path to proofs file", false) +} + +// SignaturesFlag add signatures flag to the command +func SignaturesFlag(c *cobra.Command) { + AddPersistentStringFlag(c, signatures, "", "Stringified signature(s) for the resign/reshare message", false) +} diff --git a/cli/flags/resign.go b/cli/flags/resign.go new file mode 100644 index 00000000..ca0cdb90 --- /dev/null +++ b/cli/flags/resign.go @@ -0,0 +1,170 @@ +package flags + +import ( + "fmt" + "path/filepath" + "strings" + + "github.com/attestantio/go-eth2-client/spec/phase0" + "github.com/spf13/cobra" + "github.com/spf13/viper" + + spec "github.com/ssvlabs/dkg-spec" + "github.com/ssvlabs/ssv-dkg/pkgs/utils" +) + +func SetBaseResignMsgFlags(cmd *cobra.Command) { + SetBaseFlags(cmd) + OperatorsInfoFlag(cmd) + OperatorsInfoPathFlag(cmd) + OperatorIDsFlag(cmd) + OwnerAddressFlag(cmd) + NonceFlag(cmd) + AmountFlag(cmd) + NetworkFlag(cmd) + WithdrawAddressFlag(cmd) + SetProofsFilePath(cmd) + ProofsStringFlag(cmd) +} + +func SetGenerateResignMsgFlags(cmd *cobra.Command) { + SetBaseResignMsgFlags(cmd) +} + +func SetResigningFlags(cmd *cobra.Command) { + SetGenerateResignMsgFlags(cmd) + ClientCACertPathFlag(cmd) + SetTLSInsecureFlag(cmd) + SignaturesFlag(cmd) +} + +func BindGenerateResignMsgFlags(cmd *cobra.Command) error { + if err := BindBaseFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("operatorsInfo", cmd.PersistentFlags().Lookup("operatorsInfo")); err != nil { + return err + } + if err := viper.BindPFlag("operatorsInfoPath", cmd.PersistentFlags().Lookup("operatorsInfoPath")); err != nil { + return err + } + if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { + return err + } + if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { + return err + } + if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { + return err + } + if err := viper.BindPFlag("proofsFilePath", cmd.PersistentFlags().Lookup("proofsFilePath")); err != nil { + return err + } + if err := viper.BindPFlag("proofsString", cmd.PersistentFlags().Lookup("proofsString")); err != nil { + return err + } + if err := viper.BindPFlag("operatorIDs", cmd.PersistentFlags().Lookup("operatorIDs")); err != nil { + return err + } + if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { + return err + } + if err := viper.BindPFlag("network", cmd.Flags().Lookup("network")); err != nil { + return err + } + OperatorIDs = viper.GetStringSlice("operatorIDs") + if len(OperatorIDs) == 0 { + return fmt.Errorf("😥 Operator IDs flag cant be empty") + } + OperatorsInfoPath = viper.GetString("operatorsInfoPath") + if OperatorsInfoPath != "" { + OperatorsInfoPath = filepath.Clean(OperatorsInfoPath) + } + OperatorsInfo = viper.GetString("operatorsInfo") + if OperatorsInfoPath != "" && OperatorsInfo != "" { + return fmt.Errorf("😥 operators info can be provided either as a raw JSON string, or path to a file, not both") + } + if OperatorsInfoPath == "" && OperatorsInfo == "" { + return fmt.Errorf("😥 operators info should be provided either as a raw JSON string, or path to a file") + } + if OperatorsInfoPath != "" && strings.Contains(OperatorsInfoPath, "..") { + return fmt.Errorf("😥 wrong operatorsInfoPath flag") + } + owner := viper.GetString("owner") + if owner == "" { + return fmt.Errorf("😥 Failed to get owner address flag value") + } + Nonce = viper.GetUint64("nonce") + Amount = viper.GetUint64("amount") + if !spec.ValidAmountSet(phase0.Gwei(Amount)) { + return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") + } + ProofsFilePath = viper.GetString("proofsFilePath") + if ProofsFilePath != "" { + ProofsFilePath = filepath.Clean(ProofsFilePath) + } + ProofsString = viper.GetString("proofsString") + if ProofsFilePath == "" && ProofsString == "" { + return fmt.Errorf("😥 Failed to get proofs from proofs string or path to proofs flag value") + } + if ProofsFilePath != "" && ProofsString != "" { + return fmt.Errorf("😥 proofs can be provided either as a string, or path to a file, not both") + } + if ProofsFilePath != "" && strings.Contains(ProofsFilePath, "..") { + return fmt.Errorf("😥 wrong proofsFilePath flag") + } + withdrawAddr := viper.GetString("withdrawAddress") + if withdrawAddr == "" { + return fmt.Errorf("😥 Failed to get withdrawal address flag value") + } + var err error + WithdrawAddress, err = utils.HexToAddress(withdrawAddr) + if err != nil { + return fmt.Errorf("😥 Failed to parse withdraw address: %s", err.Error()) + } + Network = viper.GetString("network") + if Network == "" { + return fmt.Errorf("😥 Failed to get fork version flag value") + } + OwnerAddress, err = utils.HexToAddress(owner) + if err != nil { + return fmt.Errorf("😥 Failed to parse owner address: %s", err) + } + return nil +} + +// BindResigningFlags binds flags to yaml config parameters for the resigning of previous DKG result +func BindResigningFlags(cmd *cobra.Command) error { + if err := BindGenerateResignMsgFlags(cmd); err != nil { + return err + } + if err := viper.BindPFlag("signatures", cmd.PersistentFlags().Lookup("signatures")); err != nil { + return err + } + Signatures = viper.GetString("signatures") + if Signatures == "" { + return fmt.Errorf("😥 Failed to get --signatures flag value") + } + if err := viper.BindPFlag("clientCACertPath", cmd.PersistentFlags().Lookup("clientCACertPath")); err != nil { + return err + } + if err := viper.BindPFlag("tlsInsecure", cmd.PersistentFlags().Lookup("tlsInsecure")); err != nil { + return err + } + TLSInsecure = viper.GetBool("tlsInsecure") + if !TLSInsecure { + ClientCACertPath = viper.GetStringSlice("clientCACertPath") + if len(ClientCACertPath) == 0 { + return fmt.Errorf("😥 TLS CA certs path should be provided, overwise set 'TLSInsecure' flag to true") + } else { + for _, certPath := range ClientCACertPath { + if strings.Contains(filepath.Clean(certPath), "..") { + return fmt.Errorf("😥 wrong clientCACertPath flag, should not contain '..' path traversal") + } + } + } + } else { + ClientCACertPath = []string{} + } + return nil +} diff --git a/cli/flags/utils.go b/cli/flags/utils.go new file mode 100644 index 00000000..5c357a78 --- /dev/null +++ b/cli/flags/utils.go @@ -0,0 +1,63 @@ +package flags + +import ( + "fmt" + + "github.com/spf13/cobra" +) + +// AddPersistentStringFlag adds a string flag to the command +func AddPersistentStringFlag(c *cobra.Command, flag, value, description string, isRequired bool) { + req := "" + if isRequired { + req = " (required)" + } + + c.PersistentFlags().String(flag, value, fmt.Sprintf("%s%s", description, req)) + + if isRequired { + _ = c.MarkPersistentFlagRequired(flag) + } +} + +// AddPersistentIntFlag adds a int flag to the command +func AddPersistentIntFlag(c *cobra.Command, flag string, value uint64, description string, isRequired bool) { + req := "" + if isRequired { + req = " (required)" + } + + c.PersistentFlags().Uint64(flag, value, fmt.Sprintf("%s%s", description, req)) + + if isRequired { + _ = c.MarkPersistentFlagRequired(flag) + } +} + +// AddPersistentStringArrayFlag adds a string slice flag to the command +func AddPersistentStringSliceFlag(c *cobra.Command, flag string, value []string, description string, isRequired bool) { + req := "" + if isRequired { + req = " (required)" + } + + c.PersistentFlags().StringSlice(flag, value, fmt.Sprintf("%s%s", description, req)) + + if isRequired { + _ = c.MarkPersistentFlagRequired(flag) + } +} + +// AddPersistentBoolFlag adds a bool flag to the command +func AddPersistentBoolFlag(c *cobra.Command, flag string, value bool, description string, isRequired bool) { + req := "" + if isRequired { + req = " (required)" + } + + c.PersistentFlags().Bool(flag, value, fmt.Sprintf("%s%s", description, req)) + + if isRequired { + _ = c.MarkPersistentFlagRequired(flag) + } +} diff --git a/cli/flags/verify.go b/cli/flags/verify.go new file mode 100644 index 00000000..e838dd5f --- /dev/null +++ b/cli/flags/verify.go @@ -0,0 +1,77 @@ +package flags + +import ( + "fmt" + "path/filepath" + "strings" + + "github.com/attestantio/go-eth2-client/spec/phase0" + "github.com/spf13/cobra" + "github.com/spf13/viper" + + spec "github.com/ssvlabs/dkg-spec" + "github.com/ssvlabs/ssv-dkg/pkgs/utils" +) + +// verify flags +var ( + CeremonyDir string +) + +func SetVerifyFlags(cmd *cobra.Command) { + AddPersistentStringFlag(cmd, "ceremonyDir", "", "Path to the ceremony directory", true) + ValidatorsFlag(cmd) + WithdrawAddressFlag(cmd) + OwnerAddressFlag(cmd) + NonceFlag(cmd) + AmountFlag(cmd) +} + +// BindVerifyFlags binds flags to yaml config parameters for the verification +func BindVerifyFlags(cmd *cobra.Command) error { + if err := viper.BindPFlag("ceremonyDir", cmd.PersistentFlags().Lookup("ceremonyDir")); err != nil { + return err + } + if err := viper.BindPFlag("validators", cmd.Flags().Lookup("validators")); err != nil { + return err + } + if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { + return err + } + if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { + return err + } + if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { + return err + } + if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { + return err + } + CeremonyDir = filepath.Clean(viper.GetString("ceremonyDir")) + if strings.Contains(CeremonyDir, "..") { + return fmt.Errorf("😥 wrong CeremonyDir flag") + } + owner := viper.GetString("owner") + if owner == "" { + return fmt.Errorf("😥 Failed to get owner address flag value") + } + var err error + OwnerAddress, err = utils.HexToAddress(owner) + if err != nil { + return fmt.Errorf("😥 Failed to parse owner address: %s", err) + } + Nonce = viper.GetUint64("nonce") + Amount = viper.GetUint64("amount") + if !spec.ValidAmountSet(phase0.Gwei(Amount)) { + return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") + } + WithdrawAddress, err = utils.HexToAddress(viper.GetString("withdrawAddress")) + if err != nil { + return fmt.Errorf("😥 Failed to parse withdraw address: %s", err) + } + Validators = viper.GetUint("validators") + if Validators == 0 { + return fmt.Errorf("😥 Failed to get validators flag value") + } + return nil +} diff --git a/cli/initiator/initiator.go b/cli/initiator/initiator.go index e3f92bc4..05ab997e 100644 --- a/cli/initiator/initiator.go +++ b/cli/initiator/initiator.go @@ -9,12 +9,13 @@ import ( e2m_core "github.com/bloxapp/eth2-key-manager/core" "github.com/sourcegraph/conc/pool" "github.com/spf13/cobra" - cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" - "github.com/ssvlabs/ssv-dkg/pkgs/initiator" - "github.com/ssvlabs/ssv-dkg/pkgs/wire" "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" + "github.com/ssvlabs/ssv-dkg/cli/flags" + cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" + "github.com/ssvlabs/ssv-dkg/pkgs/initiator" + "github.com/ssvlabs/ssv-dkg/pkgs/wire" ) const ( @@ -23,7 +24,7 @@ const ( ) func init() { - cli_utils.SetInitFlags(StartDKG) + flags.SetInitFlags(StartDKG) } var StartDKG = &cobra.Command{ @@ -37,13 +38,13 @@ var StartDKG = &cobra.Command{ ██║ ██║██╔═██╗ ██║ ██║ ██║██║╚██╗██║██║ ██║ ██║██╔══██║ ██║ ██║ ██║██╔══██╗ ██████╔╝██║ ██╗╚██████╔╝ ██║██║ ╚████║██║ ██║ ██║██║ ██║ ██║ ╚██████╔╝██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝`) - if err := cli_utils.SetViperConfig(cmd); err != nil { + if err := flags.SetViperConfig(cmd); err != nil { return err } - if err := cli_utils.BindInitFlags(cmd); err != nil { + if err := flags.BindInitFlags(cmd); err != nil { return err } - logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator") + logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator", flags.LogFilePath, flags.LogLevel, flags.LogFormat, flags.LogLevelFormat) if err != nil { return err } @@ -54,34 +55,34 @@ var StartDKG = &cobra.Command{ }() logger.Info("🪛 Initiator`s", zap.String("Version", cmd.Version)) // Load operators TODO: add more sources. - operatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.OperatorIDs) + operatorIDs, err := cli_utils.StringSliceToUintArray(flags.OperatorIDs) if err != nil { logger.Fatal("😥 Failed to load participants: ", zap.Error(err)) } - opMap, err := cli_utils.LoadOperators(logger) + opMap, err := cli_utils.LoadOperators(logger, flags.OperatorsInfo, flags.OperatorsInfoPath) if err != nil { logger.Fatal("😥 Failed to load operators: ", zap.Error(err)) } - ethNetwork := e2m_core.NetworkFromString(cli_utils.Network) + ethNetwork := e2m_core.NetworkFromString(flags.Network) if ethNetwork == "" { logger.Fatal("😥 Cant recognize eth network") } // start the ceremony ctx := context.Background() pool := pool.NewWithResults[*Result]().WithContext(ctx).WithFirstError().WithMaxGoroutines(maxConcurrency) - for i := 0; i < int(cli_utils.Validators); i++ { + for i := 0; i < int(flags.Validators); i++ { i := i pool.Go(func(ctx context.Context) (*Result, error) { // Create new DKG initiator - dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, cli_utils.ClientCACertPath) + dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, flags.ClientCACertPath, flags.TLSInsecure) if err != nil { return nil, err } // Create a new ID. id := spec.NewID() - nonce := cli_utils.Nonce + uint64(i) + nonce := flags.Nonce + uint64(i) // Perform the ceremony. - depositData, keyShares, proofs, err := dkgInitiator.StartDKG(id, cli_utils.WithdrawAddress.Bytes(), operatorIDs, ethNetwork, cli_utils.OwnerAddress, nonce, cli_utils.Amount) + depositData, keyShares, proofs, err := dkgInitiator.StartDKG(id, flags.WithdrawAddress.Bytes(), operatorIDs, ethNetwork, flags.OwnerAddress, nonce, flags.Amount) if err != nil { return nil, err } @@ -119,11 +120,11 @@ var StartDKG = &cobra.Command{ keySharesArr, proofs, false, - int(cli_utils.Validators), - cli_utils.OwnerAddress, - cli_utils.Nonce, - cli_utils.WithdrawAddress, - cli_utils.OutputPath, + int(flags.Validators), + flags.OwnerAddress, + flags.Nonce, + flags.WithdrawAddress, + flags.OutputPath, ); err != nil { logger.Fatal("Could not save results", zap.Error(err)) } diff --git a/cli/initiator/initiator_health_check.go b/cli/initiator/initiator_health_check.go index 7b98af15..ca8fea34 100644 --- a/cli/initiator/initiator_health_check.go +++ b/cli/initiator/initiator_health_check.go @@ -4,16 +4,16 @@ import ( "fmt" "strings" + "github.com/bloxapp/ssv/logging" "github.com/spf13/cobra" "go.uber.org/zap" - "github.com/bloxapp/ssv/logging" - cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" + "github.com/ssvlabs/ssv-dkg/cli/flags" "github.com/ssvlabs/ssv-dkg/pkgs/initiator" ) func init() { - cli_utils.SetHealthCheckFlags(HealthCheck) + flags.SetHealthCheckFlags(HealthCheck) } var HealthCheck = &cobra.Command{ @@ -41,7 +41,7 @@ var HealthCheck = &cobra.Command{ ips[i] = strings.TrimRight(s, "/") } - dkgInitiator, err := initiator.New(nil, logger, cmd.Version, cli_utils.ClientCACertPath) + dkgInitiator, err := initiator.New(nil, logger, cmd.Version, nil, true) if err != nil { logger.Fatal("😥", zap.Error(err)) } diff --git a/cli/initiator/reshare.go b/cli/initiator/reshare.go index 39e09a92..96f8056f 100644 --- a/cli/initiator/reshare.go +++ b/cli/initiator/reshare.go @@ -10,6 +10,7 @@ import ( "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" + "github.com/ssvlabs/ssv-dkg/cli/flags" cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" "github.com/ssvlabs/ssv-dkg/pkgs/initiator" "github.com/ssvlabs/ssv-dkg/pkgs/utils" @@ -17,21 +18,21 @@ import ( ) func init() { - cli_utils.SetGenerateReshareMsgFlags(GenerateReshareMsg) - cli_utils.SetReshareFlags(StartReshare) + flags.SetGenerateReshareMsgFlags(GenerateReshareMsg) + flags.SetReshareFlags(StartReshare) } var GenerateReshareMsg = &cobra.Command{ Use: "generate-reshare-msg", Short: "Generate reshare message hash for one or multiple ceremonies", RunE: func(cmd *cobra.Command, args []string) error { - if err := cli_utils.SetViperConfig(cmd); err != nil { + if err := flags.SetViperConfig(cmd); err != nil { return err } - if err := cli_utils.BindGenerateReshareMsgFlags(cmd); err != nil { + if err := flags.BindGenerateReshareMsgFlags(cmd); err != nil { return err } - logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator") + logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator", flags.LogFilePath, flags.LogLevel, flags.LogFormat, flags.LogLevelFormat) if err != nil { return err } @@ -41,53 +42,53 @@ var GenerateReshareMsg = &cobra.Command{ } }() logger.Info("🪛 Initiator`s", zap.String("Version", cmd.Version)) - opMap, err := cli_utils.LoadOperators(logger) + opMap, err := cli_utils.LoadOperators(logger, flags.OperatorsInfo, flags.OperatorsInfoPath) if err != nil { logger.Fatal("😥 Failed to load operators: ", zap.Error(err)) } - oldOperatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.OperatorIDs) + oldOperatorIDs, err := cli_utils.StringSliceToUintArray(flags.OperatorIDs) if err != nil { logger.Fatal("😥 Failed to load participants: ", zap.Error(err)) } - newOperatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.NewOperatorIDs) + newOperatorIDs, err := cli_utils.StringSliceToUintArray(flags.NewOperatorIDs) if err != nil { logger.Fatal("😥 Failed to load new participants: ", zap.Error(err)) } // create initiator instance - dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, cli_utils.ClientCACertPath) + dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, nil, true) if err != nil { return err } var signedProofs [][]*spec.SignedProof - if cli_utils.ProofsFilePath != "" { - signedProofs, err = wire.LoadProofs(cli_utils.ProofsFilePath) + if flags.ProofsFilePath != "" { + signedProofs, err = wire.LoadProofs(flags.ProofsFilePath) if err != nil { logger.Fatal("😥 Failed to read proofs json file:", zap.Error(err)) } } - if cli_utils.ProofsString != "" { - signedProofs, err = cli_utils.DecodeProofsString(cli_utils.ProofsString) + if flags.ProofsString != "" { + signedProofs, err = cli_utils.DecodeProofsString(flags.ProofsString) if err != nil { logger.Fatal("😥 Failed to read proofs string:", zap.Error(err)) } } - ethNetwork := e2m_core.NetworkFromString(cli_utils.Network) + ethNetwork := e2m_core.NetworkFromString(flags.Network) if ethNetwork == "" { logger.Fatal("😥 Cant recognize eth network") } rMsgs := []*wire.ReshareMessage{} for i := 0; i < len(signedProofs); i++ { - nonce := cli_utils.Nonce + uint64(i) - // Contruct the resign message + nonce := flags.Nonce + uint64(i) + // Construct reshare message rMsg, err := dkgInitiator.ConstructReshareMessage( oldOperatorIDs, newOperatorIDs, signedProofs[i][0].Proof.ValidatorPubKey, ethNetwork, - cli_utils.WithdrawAddress[:], - cli_utils.OwnerAddress, + flags.WithdrawAddress[:], + flags.OwnerAddress, nonce, - cli_utils.Amount, + flags.Amount, signedProofs[i], ) if err != nil { @@ -100,7 +101,7 @@ var GenerateReshareMsg = &cobra.Command{ if err != nil { logger.Fatal("😥 Failed to marshal reshare message hash:", zap.Error(err)) } - finalPath := fmt.Sprintf("%s/reshare.txt", cli_utils.OutputPath) + finalPath := fmt.Sprintf("%s/reshare.txt", flags.OutputPath) err = os.WriteFile(finalPath, []byte(msgHex), 0o600) if err != nil { logger.Fatal("😥 Failed to save reshare message hash:", zap.Error(err)) @@ -125,13 +126,13 @@ var StartReshare = &cobra.Command{ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░░ ░ ░ ▒ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░`) - if err := cli_utils.SetViperConfig(cmd); err != nil { + if err := flags.SetViperConfig(cmd); err != nil { return err } - if err := cli_utils.BindReshareFlags(cmd); err != nil { + if err := flags.BindReshareFlags(cmd); err != nil { return err } - logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator") + logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator", flags.LogFilePath, flags.LogLevel, flags.LogFormat, flags.LogLevelFormat) if err != nil { return err } @@ -141,59 +142,59 @@ var StartReshare = &cobra.Command{ } }() logger.Info("🪛 Initiator`s", zap.String("Version", cmd.Version)) - opMap, err := cli_utils.LoadOperators(logger) + opMap, err := cli_utils.LoadOperators(logger, flags.OperatorsInfo, flags.OperatorsInfoPath) if err != nil { logger.Fatal("😥 Failed to load operators: ", zap.Error(err)) } - oldOperatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.OperatorIDs) + oldOperatorIDs, err := cli_utils.StringSliceToUintArray(flags.OperatorIDs) if err != nil { logger.Fatal("😥 Failed to load participants: ", zap.Error(err)) } - newOperatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.NewOperatorIDs) + newOperatorIDs, err := cli_utils.StringSliceToUintArray(flags.NewOperatorIDs) if err != nil { logger.Fatal("😥 Failed to load new participants: ", zap.Error(err)) } // create a new ID for resharing id := spec.NewID() // create initiator instance - dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, cli_utils.ClientCACertPath) + dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, flags.ClientCACertPath, flags.TLSInsecure) if err != nil { return err } var signedProofs [][]*spec.SignedProof - if cli_utils.ProofsFilePath != "" { - signedProofs, err = wire.LoadProofs(cli_utils.ProofsFilePath) + if flags.ProofsFilePath != "" { + signedProofs, err = wire.LoadProofs(flags.ProofsFilePath) if err != nil { logger.Fatal("😥 Failed to read proofs json file:", zap.Error(err)) } } - if cli_utils.ProofsString != "" { - signedProofs, err = cli_utils.DecodeProofsString(cli_utils.ProofsString) + if flags.ProofsString != "" { + signedProofs, err = cli_utils.DecodeProofsString(flags.ProofsString) if err != nil { logger.Fatal("😥 Failed to read proofs string:", zap.Error(err)) } } - ethNetwork := e2m_core.NetworkFromString(cli_utils.Network) + ethNetwork := e2m_core.NetworkFromString(flags.Network) if ethNetwork == "" { logger.Fatal("😥 Cant recognize eth network") } - signatures, err := cli_utils.SignaturesStringToBytes(cli_utils.Signatures) + signatures, err := cli_utils.SignaturesStringToBytes(flags.Signatures) if err != nil { logger.Fatal("😥 Failed to load signatures: ", zap.Error(err)) } rMsgs := []*wire.ReshareMessage{} for i := 0; i < len(signedProofs); i++ { - nonce := cli_utils.Nonce + uint64(i) + nonce := flags.Nonce + uint64(i) // Contruct the reshare message rMsg, err := dkgInitiator.ConstructReshareMessage( oldOperatorIDs, newOperatorIDs, signedProofs[i][0].Proof.ValidatorPubKey, ethNetwork, - cli_utils.WithdrawAddress[:], - cli_utils.OwnerAddress, + flags.WithdrawAddress[:], + flags.OwnerAddress, nonce, - cli_utils.Amount, + flags.Amount, signedProofs[i], ) if err != nil { @@ -220,10 +221,10 @@ var StartReshare = &cobra.Command{ proofs, false, len(signedProofs), - cli_utils.OwnerAddress, - cli_utils.Nonce, - cli_utils.WithdrawAddress, - cli_utils.OutputPath, + flags.OwnerAddress, + flags.Nonce, + flags.WithdrawAddress, + flags.OutputPath, ); err != nil { logger.Fatal("Could not save results", zap.Error(err)) } diff --git a/cli/initiator/resigning.go b/cli/initiator/resigning.go index c4896e97..ab5a0e10 100644 --- a/cli/initiator/resigning.go +++ b/cli/initiator/resigning.go @@ -10,6 +10,7 @@ import ( "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" + "github.com/ssvlabs/ssv-dkg/cli/flags" cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" "github.com/ssvlabs/ssv-dkg/pkgs/initiator" "github.com/ssvlabs/ssv-dkg/pkgs/utils" @@ -17,21 +18,21 @@ import ( ) func init() { - cli_utils.SetGenerateResignMsgFlags(GenerateResignMsg) - cli_utils.SetResigningFlags(StartResigning) + flags.SetGenerateResignMsgFlags(GenerateResignMsg) + flags.SetResigningFlags(StartResigning) } var GenerateResignMsg = &cobra.Command{ Use: "generate-resign-msg", Short: "Generate resign message hash for one or multiple ceremonies", RunE: func(cmd *cobra.Command, args []string) error { - if err := cli_utils.SetViperConfig(cmd); err != nil { + if err := flags.SetViperConfig(cmd); err != nil { return err } - if err := cli_utils.BindGenerateResignMsgFlags(cmd); err != nil { + if err := flags.BindGenerateResignMsgFlags(cmd); err != nil { return err } - logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator") + logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator", flags.LogFilePath, flags.LogLevel, flags.LogFormat, flags.LogLevelFormat) if err != nil { return err } @@ -41,48 +42,48 @@ var GenerateResignMsg = &cobra.Command{ } }() logger.Info("🪛 Initiator`s", zap.String("Version", cmd.Version)) - opMap, err := cli_utils.LoadOperators(logger) + opMap, err := cli_utils.LoadOperators(logger, flags.OperatorsInfo, flags.OperatorsInfoPath) if err != nil { logger.Fatal("😥 Failed to load operators: ", zap.Error(err)) } - operatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.OperatorIDs) + operatorIDs, err := cli_utils.StringSliceToUintArray(flags.OperatorIDs) if err != nil { logger.Fatal("😥 Failed to load participants: ", zap.Error(err)) } - ethNetwork := e2m_core.NetworkFromString(cli_utils.Network) + ethNetwork := e2m_core.NetworkFromString(flags.Network) if ethNetwork == "" { logger.Fatal("😥 Cant recognize eth network") } var signedProofs [][]*spec.SignedProof - if cli_utils.ProofsFilePath != "" { - signedProofs, err = wire.LoadProofs(cli_utils.ProofsFilePath) + if flags.ProofsFilePath != "" { + signedProofs, err = wire.LoadProofs(flags.ProofsFilePath) if err != nil { logger.Fatal("😥 Failed to read proofs json file:", zap.Error(err)) } } - if cli_utils.ProofsString != "" { - signedProofs, err = cli_utils.DecodeProofsString(cli_utils.ProofsString) + if flags.ProofsString != "" { + signedProofs, err = cli_utils.DecodeProofsString(flags.ProofsString) if err != nil { logger.Fatal("😥 Failed to read proofs string:", zap.Error(err)) } } // Create new DKG initiator - dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, cli_utils.ClientCACertPath) + dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, nil, true) if err != nil { return err } // Reconstruct the resign messages rMsgs := []*wire.ResignMessage{} for i := 0; i < len(signedProofs); i++ { - nonce := cli_utils.Nonce + uint64(i) + nonce := flags.Nonce + uint64(i) rMsg, err := dkgInitiator.ConstructResignMessage( operatorIDs, signedProofs[i][0].Proof.ValidatorPubKey, ethNetwork, - cli_utils.WithdrawAddress[:], - cli_utils.OwnerAddress, + flags.WithdrawAddress[:], + flags.OwnerAddress, nonce, - cli_utils.Amount, + flags.Amount, signedProofs[i], ) if err != nil { @@ -95,7 +96,7 @@ var GenerateResignMsg = &cobra.Command{ if err != nil { logger.Fatal("😥 Failed to marshal resign message hash:", zap.Error(err)) } - finalPath := fmt.Sprintf("%s/resign.txt", cli_utils.OutputPath) + finalPath := fmt.Sprintf("%s/resign.txt", flags.OutputPath) err = os.WriteFile(finalPath, []byte(msgHex), 0o600) if err != nil { logger.Fatal("😥 Failed to save resign message hash:", zap.Error(err)) @@ -118,13 +119,13 @@ var StartResigning = &cobra.Command{ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═══╝ `) - if err := cli_utils.SetViperConfig(cmd); err != nil { + if err := flags.SetViperConfig(cmd); err != nil { return err } - if err := cli_utils.BindResigningFlags(cmd); err != nil { + if err := flags.BindResigningFlags(cmd); err != nil { return err } - logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator") + logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator", flags.LogFilePath, flags.LogLevel, flags.LogFormat, flags.LogLevelFormat) if err != nil { return err } @@ -135,37 +136,37 @@ var StartResigning = &cobra.Command{ }() logger.Info("🪛 Initiator`s", zap.String("Version", cmd.Version)) // Load operators - opMap, err := cli_utils.LoadOperators(logger) + opMap, err := cli_utils.LoadOperators(logger, flags.OperatorsInfo, flags.OperatorsInfoPath) if err != nil { logger.Fatal("😥 Failed to load operators: ", zap.Error(err)) } - operatorIDs, err := cli_utils.StringSliceToUintArray(cli_utils.OperatorIDs) + operatorIDs, err := cli_utils.StringSliceToUintArray(flags.OperatorIDs) if err != nil { logger.Fatal("😥 Failed to load participants: ", zap.Error(err)) } - ethNetwork := e2m_core.NetworkFromString(cli_utils.Network) + ethNetwork := e2m_core.NetworkFromString(flags.Network) if ethNetwork == "" { logger.Fatal("😥 Cant recognize eth network") } var signedProofs [][]*spec.SignedProof - if cli_utils.ProofsFilePath != "" { - signedProofs, err = wire.LoadProofs(cli_utils.ProofsFilePath) + if flags.ProofsFilePath != "" { + signedProofs, err = wire.LoadProofs(flags.ProofsFilePath) if err != nil { logger.Fatal("😥 Failed to read proofs json file:", zap.Error(err)) } } - if cli_utils.ProofsString != "" { - signedProofs, err = cli_utils.DecodeProofsString(cli_utils.ProofsString) + if flags.ProofsString != "" { + signedProofs, err = cli_utils.DecodeProofsString(flags.ProofsString) if err != nil { logger.Fatal("😥 Failed to read proofs string:", zap.Error(err)) } } - signatures, err := cli_utils.SignaturesStringToBytes(cli_utils.Signatures) + signatures, err := cli_utils.SignaturesStringToBytes(flags.Signatures) if err != nil { logger.Fatal("😥 Failed to load signatures: ", zap.Error(err)) } // Create new DKG initiator - dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, cli_utils.ClientCACertPath) + dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, flags.ClientCACertPath, flags.TLSInsecure) if err != nil { return err } @@ -174,14 +175,14 @@ var StartResigning = &cobra.Command{ // Reconstruct the resign messages rMsgs := []*wire.ResignMessage{} for i := 0; i < len(signedProofs); i++ { - nonce := cli_utils.Nonce + uint64(i) + nonce := flags.Nonce + uint64(i) rMsg, err := dkgInitiator.ConstructResignMessage( operatorIDs, signedProofs[i][0].Proof.ValidatorPubKey, ethNetwork, - cli_utils.WithdrawAddress[:], - cli_utils.OwnerAddress, - nonce, cli_utils.Amount, + flags.WithdrawAddress[:], + flags.OwnerAddress, + nonce, flags.Amount, signedProofs[i], ) if err != nil { @@ -208,10 +209,10 @@ var StartResigning = &cobra.Command{ proofs, false, len(signedProofs), - cli_utils.OwnerAddress, - cli_utils.Nonce, - cli_utils.WithdrawAddress, - cli_utils.OutputPath, + flags.OwnerAddress, + flags.Nonce, + flags.WithdrawAddress, + flags.OutputPath, ); err != nil { logger.Fatal("Could not save results", zap.Error(err)) } diff --git a/cli/operator/operator.go b/cli/operator/operator.go index 8b9242f7..a7ebc548 100644 --- a/cli/operator/operator.go +++ b/cli/operator/operator.go @@ -7,12 +7,13 @@ import ( "github.com/spf13/cobra" "go.uber.org/zap" + "github.com/ssvlabs/ssv-dkg/cli/flags" cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" "github.com/ssvlabs/ssv-dkg/pkgs/operator" ) func init() { - cli_utils.SetOperatorFlags(StartDKGOperator) + flags.SetOperatorFlags(StartDKGOperator) } var StartDKGOperator = &cobra.Command{ @@ -26,13 +27,13 @@ var StartDKGOperator = &cobra.Command{ ██║ ██║██╔═██╗ ██║ ██║ ██║ ██║██╔═══╝ ██╔══╝ ██╔══██╗██╔══██║ ██║ ██║ ██║██╔══██╗ ██████╔╝██║ ██╗╚██████╔╝ ╚██████╔╝██║ ███████╗██║ ██║██║ ██║ ██║ ╚██████╔╝██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝`) - if err := cli_utils.SetViperConfig(cmd); err != nil { + if err := flags.SetViperConfig(cmd); err != nil { return err } - if err := cli_utils.BindOperatorFlags(cmd); err != nil { + if err := flags.BindOperatorFlags(cmd); err != nil { return err } - logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-operator") + logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-operator", flags.LogFilePath, flags.LogLevel, flags.LogFormat, flags.LogLevelFormat) if err != nil { return err } @@ -43,16 +44,16 @@ var StartDKGOperator = &cobra.Command{ }() logger.Info("🪛 Operator`s", zap.String("Version", cmd.Version)) logger.Info("🔑 opening operator RSA private key file") - privateKey, err := cli_utils.OpenPrivateKey(cli_utils.PrivKeyPassword, cli_utils.PrivKey) + privateKey, err := cli_utils.OpenPrivateKey(flags.PrivKeyPassword, flags.PrivKey) if err != nil { logger.Fatal("😥 Failed to load private key: ", zap.Error(err)) } - srv, err := operator.New(privateKey, logger, []byte(cmd.Version), cli_utils.OperatorID, cli_utils.OutputPath, cli_utils.EthEndpointURL) + srv, err := operator.New(privateKey, logger, []byte(cmd.Version), flags.OperatorID, flags.OutputPath, flags.EthEndpointURL) if err != nil { logger.Fatal("😥 Failed to create new operator instance: ", zap.Error(err)) } - logger.Info("🚀 Starting DKG operator", zap.Uint64("at port", cli_utils.Port)) - if err := srv.Start(uint16(cli_utils.Port), cli_utils.ServerTLSCertPath, cli_utils.ServerTLSKeyPath); err != nil { + logger.Info("🚀 Starting DKG operator", zap.Uint64("at port", flags.Port)) + if err := srv.Start(uint16(flags.Port), flags.ServerTLSCertPath, flags.ServerTLSKeyPath); err != nil { log.Fatalf("Error in operator %v", err) } return nil diff --git a/cli/utils/utils.go b/cli/utils/utils.go index cb73266a..57f4d4ee 100644 --- a/cli/utils/utils.go +++ b/cli/utils/utils.go @@ -16,15 +16,12 @@ import ( "syscall" "time" - "github.com/attestantio/go-eth2-client/spec/phase0" "github.com/bloxapp/ssv/logging" "github.com/ethereum/go-ethereum/common" "github.com/spf13/cobra" - "github.com/spf13/viper" "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" - "github.com/ssvlabs/ssv-dkg/cli/flags" "github.com/ssvlabs/ssv-dkg/pkgs/crypto" "github.com/ssvlabs/ssv-dkg/pkgs/initiator" "github.com/ssvlabs/ssv-dkg/pkgs/utils" @@ -32,741 +29,6 @@ import ( "github.com/ssvlabs/ssv-dkg/pkgs/wire" ) -// global base flags -var ( - ConfigPath string - OutputPath string - LogLevel string - LogFormat string - LogLevelFormat string - LogFilePath string -) - -// init flags -var ( - OperatorsInfo string - OperatorsInfoPath string - OperatorIDs []string - WithdrawAddress common.Address - Network string - OwnerAddress common.Address - Nonce uint64 - Amount uint64 - Validators uint - ClientCACertPath []string -) - -// operator flags -var ( - PrivKey string - PrivKeyPassword string - Port uint64 - OperatorID uint64 - ServerTLSCertPath string - ServerTLSKeyPath string - EthEndpointURL string -) - -// verify flags -var ( - CeremonyDir string -) - -// resigning/reshare flags -var ( - ProofsFilePath string - ProofsString string - NewOperatorIDs []string - Signatures string -) - -// SetViperConfig reads a yaml config file if provided -func SetViperConfig(cmd *cobra.Command) error { - if err := viper.BindPFlag("configPath", cmd.PersistentFlags().Lookup("configPath")); err != nil { - return err - } - ConfigPath = viper.GetString("configPath") - if ConfigPath != "" && filepath.Clean(ConfigPath) != "" && !strings.Contains(ConfigPath, "..") { - stat, err := os.Stat(ConfigPath) - if err != nil { - return err - } - if stat.IsDir() { - return fmt.Errorf("configPath flag should be a path to a *.yaml file, but dir provided") - } - viper.SetConfigType("yaml") - viper.SetConfigFile(ConfigPath) - if err := viper.ReadInConfig(); err != nil { - return err - } - } - return nil -} - -// SetGlobalLogger creates a logger -func SetGlobalLogger(cmd *cobra.Command, name string) (*zap.Logger, error) { - // If the log file doesn't exist, create it - _, err := os.OpenFile(filepath.Clean(LogFilePath), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o600) - if err != nil { - return nil, err - } - if err := logging.SetGlobalLogger(LogLevel, LogFormat, LogLevelFormat, &logging.LogFileOptions{FileName: LogFilePath}); err != nil { - return nil, fmt.Errorf("logging.SetGlobalLogger: %w", err) - } - logger := zap.L().Named(name) - return logger, nil -} - -// OpenPrivateKey reads an RSA key from file. -// If passwordFilePath is provided, treats privKeyPath as encrypted -func OpenPrivateKey(passwordFilePath, privKeyPath string) (*rsa.PrivateKey, error) { - // check if a password string a valid path, then read password from the file - if _, err := os.Stat(passwordFilePath); os.IsNotExist(err) { - return nil, fmt.Errorf("😥 Password file doesn`t exist: %s", err) - } - encryptedRSAJSON, err := os.ReadFile(filepath.Clean(privKeyPath)) - if err != nil { - return nil, fmt.Errorf("😥 Cant read operator's key file: %s", err) - } - keyStorePassword, err := os.ReadFile(filepath.Clean(passwordFilePath)) - if err != nil { - return nil, fmt.Errorf("😥 Error reading password file: %s", err) - } - privateKey, err := crypto.DecryptRSAKeystore(encryptedRSAJSON, string(keyStorePassword)) - if err != nil { - return nil, fmt.Errorf("😥 Error converting pem to priv key: %s", err) - } - return privateKey, nil -} - -// ReadOperatorsInfoFile reads operators data from path -func ReadOperatorsInfoFile(operatorsInfoPath string, logger *zap.Logger) (wire.OperatorsCLI, error) { - fmt.Printf("📖 looking operators info 'operators_info.json' file: %s \n", operatorsInfoPath) - _, err := os.Stat(operatorsInfoPath) - if os.IsNotExist(err) { - return nil, fmt.Errorf("😥 Failed to read operator info file: %s", err) - } - logger.Info("📖 reading operators info JSON file") - operatorsInfoJSON, err := os.ReadFile(filepath.Clean(operatorsInfoPath)) - if err != nil { - return nil, fmt.Errorf("😥 Failed to read operator info file: %s", err) - } - var operators wire.OperatorsCLI - err = json.Unmarshal(operatorsInfoJSON, &operators) - if err != nil { - return nil, fmt.Errorf("😥 Failed to load operators: %s", err) - } - return operators, nil -} - -func SetBaseFlags(cmd *cobra.Command) { - flags.ResultPathFlag(cmd) - flags.ConfigPathFlag(cmd) - flags.LogLevelFlag(cmd) - flags.LogFormatFlag(cmd) - flags.LogLevelFormatFlag(cmd) - flags.LogFilePathFlag(cmd) - -} - -func SetInitFlags(cmd *cobra.Command) { - SetBaseFlags(cmd) - flags.OperatorsInfoFlag(cmd) - flags.OperatorsInfoPathFlag(cmd) - flags.OperatorIDsFlag(cmd) - flags.OwnerAddressFlag(cmd) - flags.NonceFlag(cmd) - flags.AmountFlag(cmd) - flags.NetworkFlag(cmd) - flags.WithdrawAddressFlag(cmd) - flags.ValidatorsFlag(cmd) - flags.ClientCACertPathFlag(cmd) -} - -func SetOperatorFlags(cmd *cobra.Command) { - SetBaseFlags(cmd) - flags.PrivateKeyFlag(cmd) - flags.PrivateKeyPassFlag(cmd) - flags.OperatorPortFlag(cmd) - flags.OperatorIDFlag(cmd) - flags.ServerTLSCertPath(cmd) - flags.ServerTLSKeyPath(cmd) - flags.EthEndpointURL(cmd) -} - -func SetVerifyFlags(cmd *cobra.Command) { - flags.AddPersistentStringFlag(cmd, "ceremonyDir", "", "Path to the ceremony directory", true) - flags.AddPersistentIntFlag(cmd, "validators", 1, "Number of validators", true) - flags.AddPersistentStringFlag(cmd, "withdrawAddress", "", "Withdrawal address", true) - flags.AddPersistentIntFlag(cmd, "nonce", 0, "Owner nonce", true) - flags.AddPersistentIntFlag(cmd, "amount", 0, "Amount in Gwei", true) - flags.AddPersistentStringFlag(cmd, "owner", "", "Owner address", true) -} - -func SetGenerateResignMsgFlags(cmd *cobra.Command) { - SetBaseFlags(cmd) - flags.OperatorsInfoFlag(cmd) - flags.OperatorsInfoPathFlag(cmd) - flags.OperatorIDsFlag(cmd) - flags.OwnerAddressFlag(cmd) - flags.NonceFlag(cmd) - flags.AmountFlag(cmd) - flags.NetworkFlag(cmd) - flags.WithdrawAddressFlag(cmd) - flags.ProofsFilePath(cmd) - flags.ProofsStringFlag(cmd) - flags.ClientCACertPathFlag(cmd) - flags.EthEndpointURL(cmd) -} - -func SetGenerateReshareMsgFlags(cmd *cobra.Command) { - SetBaseFlags(cmd) - flags.OperatorsInfoFlag(cmd) - flags.OperatorsInfoPathFlag(cmd) - flags.OperatorIDsFlag(cmd) - flags.NewOperatorIDsFlag(cmd) - flags.WithdrawAddressFlag(cmd) - flags.OwnerAddressFlag(cmd) - flags.NonceFlag(cmd) - flags.AmountFlag(cmd) - flags.NetworkFlag(cmd) - flags.ProofsFilePath(cmd) - flags.ProofsStringFlag(cmd) - flags.ClientCACertPathFlag(cmd) - flags.EthEndpointURL(cmd) -} - -func SetResigningFlags(cmd *cobra.Command) { - SetBaseFlags(cmd) - flags.OperatorsInfoFlag(cmd) - flags.OperatorsInfoPathFlag(cmd) - flags.OperatorIDsFlag(cmd) - flags.OwnerAddressFlag(cmd) - flags.NonceFlag(cmd) - flags.AmountFlag(cmd) - flags.NetworkFlag(cmd) - flags.WithdrawAddressFlag(cmd) - flags.ProofsFilePath(cmd) - flags.ProofsStringFlag(cmd) - flags.ClientCACertPathFlag(cmd) - flags.SignaturesFlag(cmd) - flags.EthEndpointURL(cmd) -} - -func SetReshareFlags(cmd *cobra.Command) { - SetBaseFlags(cmd) - flags.OperatorsInfoFlag(cmd) - flags.OperatorsInfoPathFlag(cmd) - flags.OperatorIDsFlag(cmd) - flags.NewOperatorIDsFlag(cmd) - flags.WithdrawAddressFlag(cmd) - flags.OwnerAddressFlag(cmd) - flags.NonceFlag(cmd) - flags.AmountFlag(cmd) - flags.NetworkFlag(cmd) - flags.ProofsFilePath(cmd) - flags.ProofsStringFlag(cmd) - flags.ClientCACertPathFlag(cmd) - flags.SignaturesFlag(cmd) - flags.EthEndpointURL(cmd) -} - -func SetHealthCheckFlags(cmd *cobra.Command) { - flags.AddPersistentStringSliceFlag(cmd, "ip", []string{}, "Operator ip:port", true) -} - -// BindFlags binds flags to yaml config parameters -func BindBaseFlags(cmd *cobra.Command) error { - if err := viper.BindPFlag("outputPath", cmd.PersistentFlags().Lookup("outputPath")); err != nil { - return err - } - if err := viper.BindPFlag("configPath", cmd.PersistentFlags().Lookup("configPath")); err != nil { - return err - } - if err := viper.BindPFlag("logLevel", cmd.PersistentFlags().Lookup("logLevel")); err != nil { - return err - } - if err := viper.BindPFlag("logFormat", cmd.PersistentFlags().Lookup("logFormat")); err != nil { - return err - } - if err := viper.BindPFlag("logLevelFormat", cmd.PersistentFlags().Lookup("logLevelFormat")); err != nil { - return err - } - if err := viper.BindPFlag("logFilePath", cmd.PersistentFlags().Lookup("logFilePath")); err != nil { - return err - } - OutputPath = viper.GetString("outputPath") - if OutputPath != "" { - OutputPath = filepath.Clean(OutputPath) - } - if strings.Contains(OutputPath, "..") { - return fmt.Errorf("😥 outputPath cant contain traversal") - } - if err := createDirIfNotExist(OutputPath); err != nil { - return err - } - LogLevel = viper.GetString("logLevel") - LogFormat = viper.GetString("logFormat") - LogLevelFormat = viper.GetString("logLevelFormat") - LogFilePath = viper.GetString("logFilePath") - if strings.Contains(LogFilePath, "..") { - return fmt.Errorf("😥 logFilePath cant contain traversal") - } - return nil -} - -// BindInitiatorBaseFlags binds flags to yaml config parameters -func BindInitiatorBaseFlags(cmd *cobra.Command) error { - var err error - if err := BindBaseFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("operatorIDs", cmd.PersistentFlags().Lookup("operatorIDs")); err != nil { - return err - } - if err := viper.BindPFlag("operatorsInfo", cmd.PersistentFlags().Lookup("operatorsInfo")); err != nil { - return err - } - if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { - return err - } - if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { - return err - } - if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { - return err - } - if err := viper.BindPFlag("operatorsInfoPath", cmd.PersistentFlags().Lookup("operatorsInfoPath")); err != nil { - return err - } - if err := viper.BindPFlag("clientCACertPath", cmd.PersistentFlags().Lookup("clientCACertPath")); err != nil { - return err - } - OperatorIDs = viper.GetStringSlice("operatorIDs") - if len(OperatorIDs) == 0 { - return fmt.Errorf("😥 Operator IDs flag cant be empty") - } - OperatorsInfoPath = viper.GetString("operatorsInfoPath") - if OperatorsInfoPath != "" { - OperatorsInfoPath = filepath.Clean(OperatorsInfoPath) - } - OperatorsInfo = viper.GetString("operatorsInfo") - if OperatorsInfoPath != "" && OperatorsInfo != "" { - return fmt.Errorf("😥 operators info can be provided either as a raw JSON string, or path to a file, not both") - } - if OperatorsInfoPath == "" && OperatorsInfo == "" { - return fmt.Errorf("😥 operators info should be provided either as a raw JSON string, or path to a file") - } - if OperatorsInfoPath != "" && strings.Contains(OperatorsInfoPath, "..") { - return fmt.Errorf("😥 wrong operatorsInfoPath flag") - } - owner := viper.GetString("owner") - if owner == "" { - return fmt.Errorf("😥 Failed to get owner address flag value") - } - Amount = viper.GetUint64("amount") - if !spec.ValidAmountSet(phase0.Gwei(Amount)) { - return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") - } - OwnerAddress, err = utils.HexToAddress(owner) - if err != nil { - return fmt.Errorf("😥 Failed to parse owner address: %s", err) - } - Nonce = viper.GetUint64("nonce") - ClientCACertPath = viper.GetStringSlice("clientCACertPath") - for _, certPath := range ClientCACertPath { - if strings.Contains(filepath.Clean(certPath), "..") { - return fmt.Errorf("😥 wrong clientCACertPath flag") - } - } - return nil -} - -// BindInitFlags binds flags to yaml config parameters for the initial DKG -func BindInitFlags(cmd *cobra.Command) error { - if err := BindInitiatorBaseFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { - return err - } - if err := viper.BindPFlag("network", cmd.Flags().Lookup("network")); err != nil { - return err - } - if err := viper.BindPFlag("validators", cmd.Flags().Lookup("validators")); err != nil { - return err - } - withdrawAddr := viper.GetString("withdrawAddress") - if withdrawAddr == "" { - return fmt.Errorf("😥 Failed to get withdrawal address flag value") - } - var err error - WithdrawAddress, err = utils.HexToAddress(withdrawAddr) - if err != nil { - return fmt.Errorf("😥 Failed to parse withdraw address: %s", err.Error()) - } - Network = viper.GetString("network") - if Network == "" { - return fmt.Errorf("😥 Failed to get fork version flag value") - } - Validators = viper.GetUint("validators") - if Validators > 100 || Validators == 0 { - return fmt.Errorf("🚨 Amount of generated validators should be 1 to 100") - } - return nil -} - -func BindGenerateResignMsgFlags(cmd *cobra.Command) error { - if err := BindBaseFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("operatorsInfo", cmd.PersistentFlags().Lookup("operatorsInfo")); err != nil { - return err - } - if err := viper.BindPFlag("operatorsInfoPath", cmd.PersistentFlags().Lookup("operatorsInfoPath")); err != nil { - return err - } - if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { - return err - } - if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { - return err - } - if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { - return err - } - if err := viper.BindPFlag("clientCACertPath", cmd.PersistentFlags().Lookup("clientCACertPath")); err != nil { - return err - } - if err := viper.BindPFlag("proofsFilePath", cmd.PersistentFlags().Lookup("proofsFilePath")); err != nil { - return err - } - if err := viper.BindPFlag("proofsString", cmd.PersistentFlags().Lookup("proofsString")); err != nil { - return err - } - if err := viper.BindPFlag("operatorIDs", cmd.PersistentFlags().Lookup("operatorIDs")); err != nil { - return err - } - if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { - return err - } - if err := viper.BindPFlag("network", cmd.Flags().Lookup("network")); err != nil { - return err - } - OperatorIDs = viper.GetStringSlice("operatorIDs") - if len(OperatorIDs) == 0 { - return fmt.Errorf("😥 Operator IDs flag cant be empty") - } - OperatorsInfoPath = viper.GetString("operatorsInfoPath") - if OperatorsInfoPath != "" { - OperatorsInfoPath = filepath.Clean(OperatorsInfoPath) - } - OperatorsInfo = viper.GetString("operatorsInfo") - if OperatorsInfoPath != "" && OperatorsInfo != "" { - return fmt.Errorf("😥 operators info can be provided either as a raw JSON string, or path to a file, not both") - } - if OperatorsInfoPath == "" && OperatorsInfo == "" { - return fmt.Errorf("😥 operators info should be provided either as a raw JSON string, or path to a file") - } - if OperatorsInfoPath != "" && strings.Contains(OperatorsInfoPath, "..") { - return fmt.Errorf("😥 wrong operatorsInfoPath flag") - } - owner := viper.GetString("owner") - if owner == "" { - return fmt.Errorf("😥 Failed to get owner address flag value") - } - Nonce = viper.GetUint64("nonce") - Amount = viper.GetUint64("amount") - if !spec.ValidAmountSet(phase0.Gwei(Amount)) { - return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") - } - ClientCACertPath = viper.GetStringSlice("clientCACertPath") - for _, certPath := range ClientCACertPath { - if strings.Contains(filepath.Clean(certPath), "..") { - return fmt.Errorf("😥 worng clientCACertPath flag") - } - } - ProofsFilePath = viper.GetString("proofsFilePath") - if ProofsFilePath != "" { - ProofsFilePath = filepath.Clean(ProofsFilePath) - } - ProofsString = viper.GetString("proofsString") - if ProofsFilePath == "" && ProofsString == "" { - return fmt.Errorf("😥 Failed to get proofs from proofs string or path to proofs flag value") - } - if ProofsFilePath != "" && ProofsString != "" { - return fmt.Errorf("😥 proofs can be provided either as a string, or path to a file, not both") - } - if ProofsFilePath != "" && strings.Contains(ProofsFilePath, "..") { - return fmt.Errorf("😥 wrong proofsFilePath flag") - } - withdrawAddr := viper.GetString("withdrawAddress") - if withdrawAddr == "" { - return fmt.Errorf("😥 Failed to get withdrawal address flag value") - } - var err error - WithdrawAddress, err = utils.HexToAddress(withdrawAddr) - if err != nil { - return fmt.Errorf("😥 Failed to parse withdraw address: %s", err.Error()) - } - Network = viper.GetString("network") - if Network == "" { - return fmt.Errorf("😥 Failed to get fork version flag value") - } - OwnerAddress, err = utils.HexToAddress(owner) - if err != nil { - return fmt.Errorf("😥 Failed to parse owner address: %s", err) - } - return nil -} - -// BindResigningFlags binds flags to yaml config parameters for the resigning of previous DKG result -func BindResigningFlags(cmd *cobra.Command) error { - if err := BindGenerateResignMsgFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("signatures", cmd.PersistentFlags().Lookup("signatures")); err != nil { - return err - } - Signatures = viper.GetString("signatures") - if Signatures == "" { - return fmt.Errorf("😥 Failed to get --signatures flag value") - } - return nil -} - -func BindGenerateReshareMsgFlags(cmd *cobra.Command) error { - if err := BindBaseFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("operatorsInfo", cmd.PersistentFlags().Lookup("operatorsInfo")); err != nil { - return err - } - if err := viper.BindPFlag("operatorsInfoPath", cmd.PersistentFlags().Lookup("operatorsInfoPath")); err != nil { - return err - } - if err := viper.BindPFlag("operatorIDs", cmd.PersistentFlags().Lookup("operatorIDs")); err != nil { - return err - } - if err := viper.BindPFlag("newOperatorIDs", cmd.PersistentFlags().Lookup("newOperatorIDs")); err != nil { - return err - } - if err := viper.BindPFlag("clientCACertPath", cmd.PersistentFlags().Lookup("clientCACertPath")); err != nil { - return err - } - if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { - return err - } - if err := viper.BindPFlag("network", cmd.Flags().Lookup("network")); err != nil { - return err - } - if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { - return err - } - if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { - return err - } - if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { - return err - } - if err := viper.BindPFlag("proofsFilePath", cmd.PersistentFlags().Lookup("proofsFilePath")); err != nil { - return err - } - if err := viper.BindPFlag("proofsString", cmd.PersistentFlags().Lookup("proofsString")); err != nil { - return err - } - OperatorsInfoPath = viper.GetString("operatorsInfoPath") - if OperatorsInfoPath != "" { - OperatorsInfoPath = filepath.Clean(OperatorsInfoPath) - } - OperatorsInfo = viper.GetString("operatorsInfo") - if OperatorsInfoPath != "" && OperatorsInfo != "" { - return fmt.Errorf("😥 operators info can be provided either as a raw JSON string, or path to a file, not both") - } - if OperatorsInfoPath == "" && OperatorsInfo == "" { - return fmt.Errorf("😥 operators info should be provided either as a raw JSON string, or path to a file") - } - if OperatorsInfoPath != "" && strings.Contains(OperatorsInfoPath, "..") { - return fmt.Errorf("😥 wrong operatorsInfoPath flag") - } - OperatorIDs = viper.GetStringSlice("operatorIDs") - if len(OperatorIDs) == 0 { - return fmt.Errorf("😥 Old operator IDs flag cannot be empty") - } - NewOperatorIDs = viper.GetStringSlice("newOperatorIDs") - if len(NewOperatorIDs) == 0 { - return fmt.Errorf("😥 New operator IDs flag cannot be empty") - } - ProofsFilePath = viper.GetString("proofsFilePath") - if ProofsFilePath != "" { - ProofsFilePath = filepath.Clean(ProofsFilePath) - } - ProofsString = viper.GetString("proofsString") - if ProofsFilePath == "" && ProofsString == "" { - return fmt.Errorf("😥 Failed to get proofs from proofs string or path to proofs flag value") - } - if ProofsFilePath != "" && ProofsString != "" { - return fmt.Errorf("😥 proofs can be provided either as a string, or path to a file, not both") - } - if ProofsFilePath != "" && strings.Contains(ProofsFilePath, "..") { - return fmt.Errorf("😥 wrong proofsFilePath flag") - } - withdrawAddr := viper.GetString("withdrawAddress") - if withdrawAddr == "" { - return fmt.Errorf("😥 Failed to get withdrawal address flag value") - } - var err error - WithdrawAddress, err = utils.HexToAddress(withdrawAddr) - if err != nil { - return fmt.Errorf("😥 Failed to parse withdraw address: %s", err.Error()) - } - Network = viper.GetString("network") - if Network == "" { - return fmt.Errorf("😥 Failed to get fork version flag value") - } - owner := viper.GetString("owner") - if owner == "" { - return fmt.Errorf("😥 Failed to get owner address flag value") - } - OwnerAddress, err = utils.HexToAddress(owner) - if err != nil { - return fmt.Errorf("😥 Failed to parse owner address: %s", err) - } - Nonce = viper.GetUint64("nonce") - Amount = viper.GetUint64("amount") - if !spec.ValidAmountSet(phase0.Gwei(Amount)) { - return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") - } - ClientCACertPath = viper.GetStringSlice("clientCACertPath") - for _, certPath := range ClientCACertPath { - if strings.Contains(filepath.Clean(certPath), "..") { - return fmt.Errorf("😥 wrong clientCACertPath flag") - } - } - return nil -} - -// BindReshareFlags binds flags to yaml config parameters for the resharing ceremony of DKG -func BindReshareFlags(cmd *cobra.Command) error { - if err := BindGenerateReshareMsgFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("signatures", cmd.PersistentFlags().Lookup("signatures")); err != nil { - return err - } - Signatures = viper.GetString("signatures") - if Signatures == "" { - return fmt.Errorf("😥 Failed to get --signatures flag value") - } - return nil -} - -// BindOperatorFlags binds flags to yaml config parameters for the operator -func BindOperatorFlags(cmd *cobra.Command) error { - if err := BindBaseFlags(cmd); err != nil { - return err - } - if err := viper.BindPFlag("privKey", cmd.PersistentFlags().Lookup("privKey")); err != nil { - return err - } - if err := viper.BindPFlag("privKeyPassword", cmd.PersistentFlags().Lookup("privKeyPassword")); err != nil { - return err - } - if err := viper.BindPFlag("port", cmd.PersistentFlags().Lookup("port")); err != nil { - return err - } - if err := viper.BindPFlag("operatorID", cmd.PersistentFlags().Lookup("operatorID")); err != nil { - return err - } - if err := viper.BindPFlag("serverTLSCertPath", cmd.PersistentFlags().Lookup("serverTLSCertPath")); err != nil { - return err - } - if err := viper.BindPFlag("serverTLSKeyPath", cmd.PersistentFlags().Lookup("serverTLSKeyPath")); err != nil { - return err - } - if err := viper.BindPFlag("ethEndpointURL", cmd.PersistentFlags().Lookup("ethEndpointURL")); err != nil { - return err - } - PrivKey = filepath.Clean(viper.GetString("privKey")) - PrivKeyPassword = filepath.Clean(viper.GetString("privKeyPassword")) - if strings.Contains(PrivKey, "..") { - return fmt.Errorf("😥 Failed to get private key path flag value") - } - if strings.Contains(PrivKeyPassword, "..") { - return fmt.Errorf("😥 Failed to get password for private key flag value") - } - Port = viper.GetUint64("port") - if Port == 0 { - return fmt.Errorf("😥 Wrong port provided") - } - OperatorID = viper.GetUint64("operatorID") - if OperatorID == 0 { - return fmt.Errorf("😥 Wrong operator ID provided") - } - ServerTLSCertPath = filepath.Clean(viper.GetString("serverTLSCertPath")) - if strings.Contains(ServerTLSCertPath, "..") { - return fmt.Errorf("😥 wrong serverTLSCertPath flag") - } - ServerTLSKeyPath = filepath.Clean(viper.GetString("serverTLSKeyPath")) - if strings.Contains(ServerTLSKeyPath, "..") { - return fmt.Errorf("😥 wrong serverTLSKeyPath flag") - } - EthEndpointURL = viper.GetString("ethEndpointURL") - if !IsUrl(EthEndpointURL) { - return fmt.Errorf("ethereum endpoint URL: %s - Invalid", EthEndpointURL) - } - return nil -} - -// BindVerifyFlags binds flags to yaml config parameters for the verification -func BindVerifyFlags(cmd *cobra.Command) error { - if err := viper.BindPFlag("ceremonyDir", cmd.PersistentFlags().Lookup("ceremonyDir")); err != nil { - return err - } - if err := viper.BindPFlag("validators", cmd.Flags().Lookup("validators")); err != nil { - return err - } - if err := viper.BindPFlag("withdrawAddress", cmd.PersistentFlags().Lookup("withdrawAddress")); err != nil { - return err - } - if err := viper.BindPFlag("nonce", cmd.PersistentFlags().Lookup("nonce")); err != nil { - return err - } - if err := viper.BindPFlag("amount", cmd.PersistentFlags().Lookup("amount")); err != nil { - return err - } - if err := viper.BindPFlag("owner", cmd.PersistentFlags().Lookup("owner")); err != nil { - return err - } - CeremonyDir = filepath.Clean(viper.GetString("ceremonyDir")) - if strings.Contains(CeremonyDir, "..") { - return fmt.Errorf("😥 wrong CeremonyDir flag") - } - owner := viper.GetString("owner") - if owner == "" { - return fmt.Errorf("😥 Failed to get owner address flag value") - } - var err error - OwnerAddress, err = utils.HexToAddress(owner) - if err != nil { - return fmt.Errorf("😥 Failed to parse owner address: %s", err) - } - Nonce = viper.GetUint64("nonce") - Amount = viper.GetUint64("amount") - if !spec.ValidAmountSet(phase0.Gwei(Amount)) { - return fmt.Errorf("🚨 Amount should be in range between 32 ETH and 2048 ETH") - } - WithdrawAddress, err = utils.HexToAddress(viper.GetString("withdrawAddress")) - if err != nil { - return fmt.Errorf("😥 Failed to parse withdraw address: %s", err) - } - Validators = viper.GetUint("validators") - if Validators == 0 { - return fmt.Errorf("😥 Failed to get validators flag value") - } - return nil -} - // StringSliceToUintArray converts the string slice to uint64 slice func StringSliceToUintArray(flagdata []string) ([]uint64, error) { partsarr := make([]uint64, 0, len(flagdata)) @@ -790,31 +52,6 @@ func StringSliceToUintArray(flagdata []string) ([]uint64, error) { return partsarr, nil } -// LoadOperators loads operators data from raw json or file path -func LoadOperators(logger *zap.Logger) (wire.OperatorsCLI, error) { - var operators wire.OperatorsCLI - var err error - if OperatorsInfo != "" { - err = json.Unmarshal([]byte(OperatorsInfo), &operators) - if err != nil { - return nil, err - } - } else { - operators, err = ReadOperatorsInfoFile(OperatorsInfoPath, logger) - if err != nil { - return nil, err - } - } - if operators == nil { - return nil, fmt.Errorf("no information about operators is provided. Please use or raw JSON, or file") - } - // check that we use https - if err := checkIfOperatorHTTPS(operators); err != nil { - return nil, err - } - return operators, nil -} - func SignaturesStringToBytes(signatures string) ([]byte, error) { sig, err := hex.DecodeString(signatures) if err != nil { @@ -1051,7 +288,7 @@ func WriteProofs(proofs []*wire.SignedProof, dir string) error { return nil } -func createDirIfNotExist(path string) error { +func CreateDirIfNotExist(path string) error { if _, err := os.Stat(path); err != nil { if os.IsNotExist(err) { // Directory does not exist, try to create it @@ -1078,7 +315,7 @@ func Sync(logger *zap.Logger) error { return nil } -func checkIfOperatorHTTPS(ops []wire.OperatorCLI) error { +func CheckIfOperatorHTTPS(ops []wire.OperatorCLI) error { for _, op := range ops { addr, err := url.Parse(op.Addr) if err != nil { @@ -1095,3 +332,84 @@ func IsUrl(str string) bool { u, err := url.Parse(str) return err == nil && u.Scheme != "" && u.Host != "" } + +// OpenPrivateKey reads an RSA key from file. +// If passwordFilePath is provided, treats privKeyPath as encrypted +func OpenPrivateKey(passwordFilePath, privKeyPath string) (*rsa.PrivateKey, error) { + // check if a password string a valid path, then read password from the file + if _, err := os.Stat(passwordFilePath); os.IsNotExist(err) { + return nil, fmt.Errorf("😥 Password file doesn`t exist: %s", err) + } + encryptedRSAJSON, err := os.ReadFile(filepath.Clean(privKeyPath)) + if err != nil { + return nil, fmt.Errorf("😥 Cant read operator's key file: %s", err) + } + keyStorePassword, err := os.ReadFile(filepath.Clean(passwordFilePath)) + if err != nil { + return nil, fmt.Errorf("😥 Error reading password file: %s", err) + } + privateKey, err := crypto.DecryptRSAKeystore(encryptedRSAJSON, string(keyStorePassword)) + if err != nil { + return nil, fmt.Errorf("😥 Error converting pem to priv key: %s", err) + } + return privateKey, nil +} + +// ReadOperatorsInfoFile reads operators data from path +func ReadOperatorsInfoFile(operatorsInfoPath string, logger *zap.Logger) (wire.OperatorsCLI, error) { + fmt.Printf("📖 looking operators info 'operators_info.json' file: %s \n", operatorsInfoPath) + _, err := os.Stat(operatorsInfoPath) + if os.IsNotExist(err) { + return nil, fmt.Errorf("😥 Failed to read operator info file: %s", err) + } + logger.Info("📖 reading operators info JSON file") + operatorsInfoJSON, err := os.ReadFile(filepath.Clean(operatorsInfoPath)) + if err != nil { + return nil, fmt.Errorf("😥 Failed to read operator info file: %s", err) + } + var operators wire.OperatorsCLI + err = json.Unmarshal(operatorsInfoJSON, &operators) + if err != nil { + return nil, fmt.Errorf("😥 Failed to load operators: %s", err) + } + return operators, nil +} + +// LoadOperators loads operators data from raw json or file path +func LoadOperators(logger *zap.Logger, operatorsInfo, operatorsInfoPath string) (wire.OperatorsCLI, error) { + var operators wire.OperatorsCLI + var err error + if operatorsInfo != "" { + err = json.Unmarshal([]byte(operatorsInfo), &operators) + if err != nil { + return nil, err + } + } else { + operators, err = ReadOperatorsInfoFile(operatorsInfoPath, logger) + if err != nil { + return nil, err + } + } + if operators == nil { + return nil, fmt.Errorf("no information about operators is provided. Please use or raw JSON, or file") + } + // check that we use https + if err := CheckIfOperatorHTTPS(operators); err != nil { + return nil, err + } + return operators, nil +} + +// SetGlobalLogger creates a logger +func SetGlobalLogger(cmd *cobra.Command, name, logFilePath, logLevel, logFormat, logLevelFormat string) (*zap.Logger, error) { + // If the log file doesn't exist, create it + _, err := os.OpenFile(filepath.Clean(logFilePath), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o600) + if err != nil { + return nil, err + } + if err := logging.SetGlobalLogger(logLevel, logFormat, logLevelFormat, &logging.LogFileOptions{FileName: logFilePath}); err != nil { + return nil, fmt.Errorf("logging.SetGlobalLogger: %w", err) + } + logger := zap.L().Named(name) + return logger, nil +} diff --git a/cli/verify/verify.go b/cli/verify/verify.go index 58595df3..a2048343 100644 --- a/cli/verify/verify.go +++ b/cli/verify/verify.go @@ -5,31 +5,31 @@ import ( "log" "os" - "github.com/spf13/cobra" "github.com/aquasecurity/table" + "github.com/spf13/cobra" - cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" + "github.com/ssvlabs/ssv-dkg/cli/flags" "github.com/ssvlabs/ssv-dkg/pkgs/validator" ) func init() { - cli_utils.SetVerifyFlags(Verify) + flags.SetVerifyFlags(Verify) } var Verify = &cobra.Command{ Use: "verify", Short: "Verifies a DKG ceremony directory", RunE: func(cmd *cobra.Command, args []string) error { - if err := cli_utils.BindVerifyFlags(cmd); err != nil { + if err := flags.BindVerifyFlags(cmd); err != nil { return err } err := validator.ValidateResultsDir( - cli_utils.CeremonyDir, - int(cli_utils.Validators), - cli_utils.OwnerAddress, - cli_utils.Nonce, - cli_utils.WithdrawAddress, + flags.CeremonyDir, + int(flags.Validators), + flags.OwnerAddress, + flags.Nonce, + flags.WithdrawAddress, ) if err != nil { log.Printf("Failed to validate ceremony directory: %v", err) @@ -41,11 +41,11 @@ var Verify = &cobra.Command{ tbl := table.New(os.Stdout) tbl.SetHeaders("Directory", "Withdrawal Address", "Nonce", "Owner Address", "Validators") tbl.AddRow( - cli_utils.CeremonyDir, - cli_utils.WithdrawAddress.String(), - fmt.Sprintf("%d", cli_utils.Nonce), - cli_utils.OwnerAddress.String(), - fmt.Sprintf("%d", cli_utils.Validators), + flags.CeremonyDir, + flags.WithdrawAddress.String(), + fmt.Sprintf("%d", flags.Nonce), + flags.OwnerAddress.String(), + fmt.Sprintf("%d", flags.Validators), ) tbl.Render() diff --git a/docker-compose.yml b/docker-compose.yml index a08083b2..e8d5e2c6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,6 +24,10 @@ services: - shared_network ports: - "3030:3030" + environment: + - CN=operator1 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator1.example.yaml"] volumes: @@ -35,6 +39,10 @@ services: - shared_network ports: - "3031:3030" + environment: + - CN=operator2 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator2.example.yaml"] volumes: @@ -46,6 +54,10 @@ services: - shared_network ports: - "3032:3030" + environment: + - CN=operator3 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator3.example.yaml"] volumes: @@ -57,6 +69,10 @@ services: - shared_network ports: - "3033:3030" + environment: + - CN=operator4 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator4.example.yaml"] volumes: @@ -68,6 +84,10 @@ services: - shared_network ports: - "3034:3030" + environment: + - CN=operator5 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator5.example.yaml"] volumes: @@ -79,6 +99,10 @@ services: - shared_network ports: - "3035:3030" + environment: + - CN=operator6 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator6.example.yaml"] volumes: @@ -90,6 +114,10 @@ services: - shared_network ports: - "3036:3030" + environment: + - CN=operator7 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator7.example.yaml"] volumes: @@ -101,6 +129,10 @@ services: - shared_network ports: - "3037:3030" + environment: + - CN=operator8 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator8.example.yaml"] volumes: @@ -112,6 +144,10 @@ services: - shared_network ports: - "3038:3030" + environment: + - CN=operator9 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator9.example.yaml"] volumes: @@ -123,6 +159,10 @@ services: - shared_network ports: - "3039:3030" + environment: + - CN=operator10 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator10.example.yaml"] volumes: @@ -134,6 +174,10 @@ services: - shared_network ports: - "3041:3030" + environment: + - CN=operator11 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator11.example.yaml"] volumes: @@ -145,6 +189,10 @@ services: - shared_network ports: - "3042:3030" + environment: + - CN=operator12 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator12.example.yaml"] volumes: @@ -156,6 +204,10 @@ services: - shared_network ports: - "3043:3030" + environment: + - CN=operator13 + - CA=/data/initiator/rootCA.crt + - CAkey=/data/initiator/rootCA.key command: ["start-operator", "--configPath", "/data/config/operator13.example.yaml"] volumes: @@ -178,7 +230,12 @@ services: image: ssv-dkg:latest networks: - shared_network - command: ["generate-resign-msg", "--configPath", "/data/config/resign.example.yaml"] + command: + [ + "generate-resign-msg", + "--configPath", + "/data/config/resign.example.yaml", + ] volumes: - ./examples:/data @@ -199,7 +256,12 @@ services: image: ssv-dkg:latest networks: - shared_network - command: ["generate-reshare-msg", "--configPath", "/data/config/reshare.example.yaml"] + command: + [ + "generate-reshare-msg", + "--configPath", + "/data/config/reshare.example.yaml", + ] volumes: - ./examples:/data diff --git a/entry-point.sh b/entry-point.sh index 6bd3de02..02e82b19 100644 --- a/entry-point.sh +++ b/entry-point.sh @@ -15,7 +15,9 @@ if [ "$1" = "start-operator" ]; then echo "Certificate or key file not found. Generating new SSL certificate and key." openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ -keyout "$KEY_FILE" -out "$CERT_FILE" \ - -subj "/C=CN/ST=GD/L=SZ/O=localhost, Inc./CN=localhost" + -subj "/C=CN/ST=GD/L=SZ/O=$CN, Inc./CN=$CN" \ + -addext "subjectAltName = DNS:$CN" \ + -CA $CA -CAkey $CAkey else echo "Existing SSL certificate and key found. Using them." fi diff --git a/examples/config/initiator.example.yaml b/examples/config/initiator.example.yaml index ae231a79..aaad5112 100644 --- a/examples/config/initiator.example.yaml +++ b/examples/config/initiator.example.yaml @@ -30,3 +30,4 @@ logLevel: info logFormat: json logLevelFormat: capitalColor logFilePath: /data/initiator/output/initiator_debug.log +clientCACertPath: /data/initiator/rootCA.crt diff --git a/examples/config/operator1.example.yaml b/examples/config/operator1.example.yaml index f146c64c..293225f1 100644 --- a/examples/config/operator1.example.yaml +++ b/examples/config/operator1.example.yaml @@ -7,6 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator1/output/operator1_logs_debug.log outputPath: /data/operator1/output -serverTLSCertPath: /data/operator1/operator1.crt -serverTLSKeyPath: /data/operator1/operator1.key +# serverTLSCertPath: /data/operator1/operator1.crt +# serverTLSKeyPath: /data/operator1/operator1.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/operator10.example.yaml b/examples/config/operator10.example.yaml index bb892b15..f61f9205 100644 --- a/examples/config/operator10.example.yaml +++ b/examples/config/operator10.example.yaml @@ -7,6 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator10/output/operator10_logs_debug.log outputPath: /data/operator10/output -# serverTLSCertPath: /data/operator8/operator8.crt -# serverTLSKeyPath: /data/operator8/operator8.key +# serverTLSCertPath: /data/operator10/operator10.crt +# serverTLSKeyPath: /data/operator10/operator10.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/operator11.example.yaml b/examples/config/operator11.example.yaml index dedad20c..3a94eafd 100644 --- a/examples/config/operator11.example.yaml +++ b/examples/config/operator11.example.yaml @@ -7,4 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator11/output/operator11_logs_debug.log outputPath: /data/operator11/output +# serverTLSCertPath: /data/operator11/operator11.crt +# serverTLSKeyPath: /data/operator11/operator11.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/operator12.example.yaml b/examples/config/operator12.example.yaml index a76aff78..a41d9694 100644 --- a/examples/config/operator12.example.yaml +++ b/examples/config/operator12.example.yaml @@ -7,4 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator12/output/operator12_logs_debug.log outputPath: /data/operator12/output +# serverTLSCertPath: /data/operator12/operator12.crt +# serverTLSKeyPath: /data/operator12/operator12.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/operator13.example.yaml b/examples/config/operator13.example.yaml index 15cdde5d..a69108a6 100644 --- a/examples/config/operator13.example.yaml +++ b/examples/config/operator13.example.yaml @@ -7,4 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator13/output/operator13_logs_debug.log outputPath: /data/operator13/output +# serverTLSCertPath: /data/operator13/operator13.crt +# serverTLSKeyPath: /data/operator13/operator13.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/operator2.example.yaml b/examples/config/operator2.example.yaml index 34d5aa70..5fb1a94e 100644 --- a/examples/config/operator2.example.yaml +++ b/examples/config/operator2.example.yaml @@ -7,6 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator2/output/operator2_logs_debug.log outputPath: /data/operator2/output -serverTLSCertPath: /data/operator2/operator2.crt -serverTLSKeyPath: /data/operator2/operator2.key +# serverTLSCertPath: /data/operator2/operator2.crt +# serverTLSKeyPath: /data/operator2/operator2.key ethEndpointURL: http://ethnode:8545 \ No newline at end of file diff --git a/examples/config/operator3.example.yaml b/examples/config/operator3.example.yaml index 9dc9b53d..974b695d 100644 --- a/examples/config/operator3.example.yaml +++ b/examples/config/operator3.example.yaml @@ -7,6 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator3/output/operator3_logs_debug.log outputPath: /data/operator3/output -serverTLSCertPath: /data/operator3/operator3.crt -serverTLSKeyPath: /data/operator3/operator3.key +# serverTLSCertPath: /data/operator3/operator3.crt +# serverTLSKeyPath: /data/operator3/operator3.key ethEndpointURL: http://ethnode:8545 \ No newline at end of file diff --git a/examples/config/operator4.example.yaml b/examples/config/operator4.example.yaml index aee97297..23b54ea5 100644 --- a/examples/config/operator4.example.yaml +++ b/examples/config/operator4.example.yaml @@ -7,6 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator4/output/operator4_logs_debug.log outputPath: /data/operator4/output -serverTLSCertPath: /data/operator4/operator4.crt -serverTLSKeyPath: /data/operator4/operator4.key +# serverTLSCertPath: /data/operator4/operator4.crt +# serverTLSKeyPath: /data/operator4/operator4.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/operator9.example.yaml b/examples/config/operator9.example.yaml index 349add31..2d9af2b1 100644 --- a/examples/config/operator9.example.yaml +++ b/examples/config/operator9.example.yaml @@ -7,4 +7,6 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/operator9/output/operator9_logs_debug.log outputPath: /data/operator9/output +# serverTLSCertPath: /data/operator9/operator9.crt +# serverTLSKeyPath: /data/operator9/operator9.key ethEndpointURL: http://ethnode:8545 diff --git a/examples/config/reshare.example.yaml b/examples/config/reshare.example.yaml index 6397bf75..c369a34b 100644 --- a/examples/config/reshare.example.yaml +++ b/examples/config/reshare.example.yaml @@ -13,3 +13,4 @@ logFormat: json logLevelFormat: capitalColor logFilePath: /data/initiator/output/initiator_debug.log signatures: 0d9b2279bcbdd0dd9fe5acdbdff0ff436a106d560dc87204eb14839c05d937f3680c27028ad2bc17aa67b30890075f271eb6e74492da90b1b1348d65afdb0f0000 +clientCACertPath: /data/initiator/rootCA.crt \ No newline at end of file diff --git a/examples/config/resign.example.yaml b/examples/config/resign.example.yaml index 0a251a7c..751234be 100644 --- a/examples/config/resign.example.yaml +++ b/examples/config/resign.example.yaml @@ -31,3 +31,4 @@ logLevelFormat: capitalColor logFilePath: /data/initiator/output/initiator_debug.log proofsFilePath: /data/initiator/output/ceremony-2024-10-11--10-12-28.715/proofs.json signatures: 26509ac521bc180336ac8e6d1d023bf9377e6f99963622e0bcd2313867e34cb374b61b0289500b83bf4431609ccf4fc0590d7e8fdcf57b8e27f17191743398e901 +clientCACertPath: /data/initiator/rootCA.crt diff --git a/examples/initiator/rootCA.crt b/examples/initiator/rootCA.crt index badec23b..f0b15ad5 100644 --- a/examples/initiator/rootCA.crt +++ b/examples/initiator/rootCA.crt @@ -1,32 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIFizCCA3OgAwIBAgIULbar2kYCd9qlUTT5TfryycP3LCowDQYJKoZIhvcNAQEL -BQAwVTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEYMBYG -A1UECgwPbG9jYWxob3N0LCBJbmMuMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjQw -NDAzMTEyMDI1WhcNMzQwNDAxMTEyMDI1WjBVMQswCQYDVQQGEwJDTjELMAkGA1UE -CAwCR0QxCzAJBgNVBAcMAlNaMRgwFgYDVQQKDA9sb2NhbGhvc3QsIEluYy4xEjAQ -BgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -AJ3sCcDKsyJAvJvnUYJo1i5SrpGB9J2CZvTVnbV1o2L9NwuFU1Qyur6yKF+yVnY3 -JDE+GTorIwXAdjCKv3PcxTCr6s6krX4cAiFotU8nFyXZ/HcIqXVAuYXsF08zdiov -uv82Z1Cx+7eFteikGcdUD2Yh24itIZ1EpJ7JZ3p4iPgMX+3SuiHFB31DEBeErrFn -J8fJemUrg+4mAXJoir+aWmvZxbk5p1ef7yu9uneRLFNfQTudvzvdiouHh4WrIG4+ -awyh510lQCEO2xRorclaYJQo1EctjXDjHLncFP3Sx/6RJc/D6zUe0hH4PJDALF0x -HOC/wCLqCqs/efwdET/+7HO06eGc38VsUnn0M7s1NHE0V37xqmyUU9NEUVJYvzuR -Z/tG9oCtNBG2oHrO+YSg9d5IQhkkhMUtwxDbGR1VA9CC5EMuiE6OCoWcBRfeCPYl -G3++Pm6ny/lFO46DloSQ9ukhQCr50ImaHzy7RMwoRUv0Cnp/fg7Ud0yhxiKShEjw -kBckQGhwSForsCWt59rV6oZHsp8clurf9FtgSjydx/00SHYiPK2DiLAzsR/mK1/w -d18Lp2zCS7zvJFhXewvDvqTDtu6ctnp0ogh7FR/kbt0CJ5Ok9v8Z1xjnZXuS4yQS -PkC9lmpRBefPT24Kv/9XQCLoy60l0KKJCu9/fvJDbG/5AgMBAAGjUzBRMB0GA1Ud -DgQWBBRZXWgOmRnpmEx6i7Djnf/j4y930zAfBgNVHSMEGDAWgBRZXWgOmRnpmEx6 -i7Djnf/j4y930zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAj -CK6PLQwnhL+tQqlESNCUaEKPuNRVwtuRVG8Y2f4q1fGA+Q4I/4Ox/lK4B6lChU07 -M/jhpx1D/9vSoFInqx6T8sMsWz4eLA1/NtJnmP6hu1UGGbIsohn0mCKYh2H1JPz7 -AqsPoubSwpQF243PSOT7JalzKw7KwLoOOBT373GM0ZgaXAaIW3wGO7o4xyCHRxPl -SsYzJBoWczQu2IbePk3QUS7RXlGg9OqpFfcmQ3vuoBo57Cp27pPjE3TleecorE6T -Mz4BBZ4fUceG+4RSjB87rj384h0q6jppX/RVfO3QqDH0oOdE4nevar/JPBUAFAzv -W0rn/uGTuPnCg6cfmSYZAj1Gzlk5A2SVu1dIPIcxhsdGpF7Rid3lOU9Z5KhCWO8G -cNjFnbUJS9X4nRa8eOizhoQgPrWpd3fOj72OOGWMpw832oGtEMzw/X9iaoPfX8Cd -yZ6oTph4JxfNE1Kp6Z3tyGPsNQoXB9I71tz08EPGX+wgdNS8v6tfPo+lb8BrVTV5 -/VZqTpi5sb0RjPceu4uuo0sTYkBP94gNJ6jZOgv2hca7TUlA+kkkqxVZfZsH29+y -1sRg5U+69SgmSTvfzmghd3T6ofY0F7AA5CdPDHpQqKWXK6ZUvynZQU4A/ZUAGX90 -roDc/euPchJxHQm2Z1/Beoau2PKneGKIgTkANRYo2w== +MIIFiTCCA3GgAwIBAgIUGcLsCVSiz/ZajbpoNLBGfT9Bt4kwDQYJKoZIhvcNAQEL +BQAwVDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEYMBYG +A1UECgwPb3BlcmF0b3IqLCBJbmMuMREwDwYDVQQDDAhvcGVyYXRvcjAeFw0yNDEw +MjMxNDE4MDZaFw0zNDEwMjExNDE4MDZaMFQxCzAJBgNVBAYTAkNOMQswCQYDVQQI +DAJHRDELMAkGA1UEBwwCU1oxGDAWBgNVBAoMD29wZXJhdG9yKiwgSW5jLjERMA8G +A1UEAwwIb3BlcmF0b3IwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo +4/a7TJ8rFviHjiQ3u/OlC1NlU9Vf3/r7mKb/vfun/wb5kUOjLJfaREyzjIUlJXl4 +ukLBnTJtLX2B0LsOzC1rUtmtxqTPUHq2Ox6SCcnbrVHWPEac9iZ886ln8WHH5Vdt +MnSqo6W8CPdubCzbUKwfG1Kf/sLuXCFJvEEf6Wc4whcGFjwLVBaAONawJulVzuo5 +wvfcvSsLj/TqCpHcWpw4OSDcHb3xYJNH10VvXPjNvYwjHCtFRFLUtzNo3dihskTD +Q9RmvpjgRpMhFNk7E9JY+WsSlQgpG81SfJA2Ri52I7Bp+lVkeQg7uGFdk25c5IDX +1ItAaPPU+Ohc3eDsRPs/zLfMspQYs6NvD53lqcHV3SQShm5brTpFnEYwVe1H8Go2 +LN4jU/bUK4KvOV510ftSCnecqcjgotCFJkUOUHbT7CoC/1APQul+rwPV3pwGO5+/ +0Yu6bmOxpqjR/jSF6nXvY5uKLjBY0ejF1SA/n3aHm+7jUoHcslc07Zjj4EFZM/rR +eY5cbGV7NrHp1Ue3uz7yySoF1bJp/dSeEC6rSpCongzLAlKN6KVpDlPMPJMgQNZG +lzvEEeqveyZgcM9wJCeUfG2vuoCyjp5JYVQvCaoun/9XU/rJaUmbk8quwOBIhALM +dkTwgRxByxEy0wxlsaQYOR4+UWDOBTaXYNn6NDWiMwIDAQABo1MwUTAdBgNVHQ4E +FgQUa6SiKE9ykQB3dYnUV0pGQWu4aJwwHwYDVR0jBBgwFoAUa6SiKE9ykQB3dYnU +V0pGQWu4aJwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAU1Pf +48w+yV6HeMlX3NoS+y3WTQFpOlnUkEPj3PrDhJ9CUUPfZM2YY/8mlv1QMQkYZVT1 +X6NqexXQuHJb7C/ibJGobiBrymue5aMuEQSx6nJ3LUNS8v919PIsmSnFl9T30XwZ +2xAXcyGZg8dG48x1NjLRxrK16mj0meHOC1k8kQKEGtbuwEZxHOFmcT7x6RC+/fSu +Obi90LXXVYXGYHbdSzlOEeEVIo2V/+wJ+G+IpCdstoDONlDzU2bhXji+myg3g/l+ +Y/0uByoANCbyGTF2/DHLro9Gm9C6QevmDzSjV2h3OXowKB/Tv9Tn3FDhdczC9JYQ +7Jrhq8uvNDXw8oG9nlniRV9A0x2ou9spxkQbfA76smvWEDggmjsJxXzPPh1/qvek +QnAVn/E4JO4hydYR/DXmozdr35IA+q3DATomAhGxvYpIF6ZKHfGO8/3gAvj3fQmf +QOv716usm4wo8oGbGHHsV+hAsOIA8g16xL6EC67grGtt/p+bfhJMvp5S88+Ec1tt +9tBNwDsb7GMs8Q+wVRCJLsMdztOkEd4KeiwEYSxOFZQc8aEYb8bhCgx41/1EABxp +hWy2S95Z8q8gkLoeQO2SHxWBv9dgm1xnjGHNN7yN+6gGpsKsg7QE+aBvaDHkU/nz +PqDV1kMlP4NY0bGRO6Q4KbgskquEt3uJ+QNrrBg= -----END CERTIFICATE----- diff --git a/examples/initiator/rootCA.key b/examples/initiator/rootCA.key index 011d3afe..9744901f 100644 --- a/examples/initiator/rootCA.key +++ b/examples/initiator/rootCA.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCd7AnAyrMiQLyb -51GCaNYuUq6RgfSdgmb01Z21daNi/TcLhVNUMrq+sihfslZ2NyQxPhk6KyMFwHYw -ir9z3MUwq+rOpK1+HAIhaLVPJxcl2fx3CKl1QLmF7BdPM3YqL7r/NmdQsfu3hbXo -pBnHVA9mIduIrSGdRKSeyWd6eIj4DF/t0rohxQd9QxAXhK6xZyfHyXplK4PuJgFy -aIq/mlpr2cW5OadXn+8rvbp3kSxTX0E7nb873YqLh4eFqyBuPmsMoeddJUAhDtsU -aK3JWmCUKNRHLY1w4xy53BT90sf+kSXPw+s1HtIR+DyQwCxdMRzgv8Ai6gqrP3n8 -HRE//uxztOnhnN/FbFJ59DO7NTRxNFd+8apslFPTRFFSWL87kWf7RvaArTQRtqB6 -zvmEoPXeSEIZJITFLcMQ2xkdVQPQguRDLohOjgqFnAUX3gj2JRt/vj5up8v5RTuO -g5aEkPbpIUAq+dCJmh88u0TMKEVL9Ap6f34O1HdMocYikoRI8JAXJEBocEhaK7Al -refa1eqGR7KfHJbq3/RbYEo8ncf9NEh2Ijytg4iwM7Ef5itf8HdfC6dswku87yRY -V3sLw76kw7bunLZ6dKIIexUf5G7dAieTpPb/GdcY52V7kuMkEj5AvZZqUQXnz09u -Cr//V0Ai6MutJdCiiQrvf37yQ2xv+QIDAQABAoICAAWp9g2Wl4cmeD1FNhytwuTF -bWJlnU7a4vNsB+x+rB38Q/GjVgJCkYUOYblQ7Z3uy1sCxafa7TYjGXoTN9uhcucU -e2bu7BQGUCM/nKUam09tuorQYjeE20KM3acnCtlnfdbybhEsWQFTh9swq4YFI0o/ -8546y2ZXFGpngdEYKp1u4C/o62kTpnmdIqIdTaCqOPiG5t9jCKfNcCbYzgUiNZUB -qgBDK5fOcicI9nucVtEkrPPE7BtrDjGD6l3mbdLWZUN+OQyTrfGhlUTtnjIHDkiy -EC7/WL/QPXMDDDOwUCD2trr1ZWWx1cn0M8PjSJQNE2KSLgNyjnBm5eqfZkN70qIj -Q7Scc6OwqtXNCVitJvjqFQy/yyqYA/RoDeNNvMy4msO0yGDuCwrkyzspLi8uCQ7m -mhBqY5Mf69QZe96rNJo6sFY+nvhSY3ROIKuA0K6aPHT7Hj78tVm+eK727xM6hENG -PkxQhM4dQxQuEsAS6WcF0rYhBxLa5eV96+HpFRm/zIZH2MfOAI5mlEHCBZQhP29Z -vdsxEaq70KtCPmoY3qGHKnCCI3Ijapg/K9eRn0U2wAoBIseXrCaawVbdMcRig/8B -bzPlC2uOQ41VQGzeFPdVhW+P4M1v96c0kIsYxmtL2mDJxBhl8UGBIU+p7Gfug66d -CEhUje38aaQXAQXQkAspAoIBAQDbrzSeibXvIh6sJKbWkeQX+5ll7OG62+Geoip7 -ibQUtHnqyGG8hJafyv22WxiQEQTSxS67x8I53svlC2UDqLCRRa2WyiA6M+ijkg4K -qwYrEA058oeLL//RcenN7wqw12yy/AJCn2L8/UhJ8b3SunL25yjfxd2Bjnc8jHuM -0qycJYJde3SNBfdMErGu9L4kPpamjB1K85cU9jhBMw4D6PYJ3Hcgx5F6RN0YR91a -bWwWjG/md+WbZfV93WaTJaCN/HyJDiGETVDVHJqlB2skomwzkddWQPokcSnO9Izf -smmeP9EJ+oWO2GjZjIASetCelZyGapzrqUTAYCyXEP96lg0VAoIBAQC4Bx52tlL7 -TrE6Ud/frkCJ+9qQDTl4v54ARIudX/SS68eMox/tzWJiPhrB4vGRxDypR6fCbeJ/ -QD6AUm1ukc5kBn6d34O7DsqKqvNyFmP6XW9nkr09WvVjL7OsHrfWRG4plrVzfVIr -83SP78QJr+KaYgDksZ2/9V7dCw5UfbthgrJcPusyx+yUSNhwEtf9JCpQelKq71DM -vvWo5q253eVC7kqjJM98QG45hBSyiFSsM3831VK3LkjzRVooB3ugBBoGCB5fOXKh -FrVb4SXM1PHsuXMxUbsIHxE3SnfzOr2U+bzZy7BCIjqvGNR1Z1euanhdmSslfIgr -DlytYunYJ7hVAoIBAF3Z5eLs9hqpOu1T4yq7vPQ5+ni+0Fih4yuAICIS3CoUSBlz -bb257xdpAybKmB3EB4l7z9FNL77FXdoGGiuL/5Kwb86Bn27+Ch8HIJSSJ9pxyxS8 -dgeSg/mYbsgZnTmbbsawPs7zhLiMBDwC2JOUL9UnQCEJSO42TN5DLe0le7RhmeYR -/eLZb6LCQcJ6sFiPnJCeP01r71l3LuU7yHsHJUVlOEd6ur2/ea0L1pbxNEIV0SBm -jGLtFgmlclLeuk6uVQ3ASbVZynSg+bgTCUTnVs5ZOeORcsvqxG+zrhNLBzAiF03q -BvDVp0V5bqV2bnWxeOM73LoY4FRHQgVvr5VRUVkCggEAI0KR7rL+cVJhmMgJOiV8 -DjQoa4NtKJqmXmzDx3KUPPZaNLMosfqxSBuYKuAd4w0ThmfJV/KP/EvF7fZdK1ta -jUXFSuCBr/ykiC87F/f8TgNLDjBKfBAKhmekaG02UiKobOWIfMldTjiGc/G/wQ9n -Pqdafncdv6L2+ylcJIo2tfdBz3Tqwb8WsE7I0ah6o/Ei/mqBnmjeNWy9SxBv5vYC -MHHR8TJjYu5BcFnDUXXXq2rujDcecyS2K451OMg+QqmmhtNVZm9ubDkapLEd+gIv -HGloDeIYEPVK6iolk4AExR+YtK5XZkSCs/vw8VHMtgmGaICpiLQ0rvNAhKQ4JAdw -RQKCAQEAoeNgCmb87nHcqqiFIkMB/yNivH614xnO2Mz61JPdv7guRDke6xRNDqOL -iVqhpOhEH294EP56VrQNII/ub8szlRmxL+ZdQcEqwyOgdAaXm1AgABi6x3/3rpmP -itZX1zGxaw+YfvO+uO4AVdQ+CL29GKbDGA2Xn6HIgFlroZ4iqAfRrPUq/JN++FtD -mCrZx2GZVRAk+BvQnuPTUKpODCUVVvokXIE9MiHkJMrKVZfu8/b/73DQ/qt6uKCc -k7nGe4dDOjvgbM8LhohP+CW706Fnn7YMScpFhVS/wDo8CZIcOjQxtk8zFcitK5p3 -KS3H4uO2zUQVJFc8BbLJFqIM6dx/Xw== +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCo4/a7TJ8rFviH +jiQ3u/OlC1NlU9Vf3/r7mKb/vfun/wb5kUOjLJfaREyzjIUlJXl4ukLBnTJtLX2B +0LsOzC1rUtmtxqTPUHq2Ox6SCcnbrVHWPEac9iZ886ln8WHH5VdtMnSqo6W8CPdu +bCzbUKwfG1Kf/sLuXCFJvEEf6Wc4whcGFjwLVBaAONawJulVzuo5wvfcvSsLj/Tq +CpHcWpw4OSDcHb3xYJNH10VvXPjNvYwjHCtFRFLUtzNo3dihskTDQ9RmvpjgRpMh +FNk7E9JY+WsSlQgpG81SfJA2Ri52I7Bp+lVkeQg7uGFdk25c5IDX1ItAaPPU+Ohc +3eDsRPs/zLfMspQYs6NvD53lqcHV3SQShm5brTpFnEYwVe1H8Go2LN4jU/bUK4Kv +OV510ftSCnecqcjgotCFJkUOUHbT7CoC/1APQul+rwPV3pwGO5+/0Yu6bmOxpqjR +/jSF6nXvY5uKLjBY0ejF1SA/n3aHm+7jUoHcslc07Zjj4EFZM/rReY5cbGV7NrHp +1Ue3uz7yySoF1bJp/dSeEC6rSpCongzLAlKN6KVpDlPMPJMgQNZGlzvEEeqveyZg +cM9wJCeUfG2vuoCyjp5JYVQvCaoun/9XU/rJaUmbk8quwOBIhALMdkTwgRxByxEy +0wxlsaQYOR4+UWDOBTaXYNn6NDWiMwIDAQABAoICAD9XN9rpEqzzcYRNX/HzMJ6O +j9lpxpWtiBDCIKe7ld1cvT3uKCLTf6Qhh26zXeAfnN4VZSH+FcJylCaSpQUYuFQO +/4q3/GmwMkWUCJQWzbjw2MdzVbxaaPbl33wXQGfa8J4IlU7GD0tlRX8JXQ1nxRXp +hmRxBKSmsulXjEkunULhMAddYWmSQNoX9xSbk1lWP+wn3hPQcotkkyMPkcLFzN8d +NeC32tvjL3l7GBR7Fuj6lMs6LlRNGo+iocpLoYqLNFTTZJ6gDu/WKCn5CruoZHRw +HqMad7QLNEciZmekjJpMKkak10/WQKs9LG8O8w4tuNC5avxeIEyYiXUC1e9ms5+O +Y2mFgWT9EMZY+wu36aO8YhM7UNAVR6y2WuiRoBrZwbljeCLU8lGMYd18kJc0IoVH +EJU4nXF3aZsb7ZJBGXekyNfOOQxTq22r4yDFELabpaCN1mZU+5RlvqFz/PbUXEq5 +ckx/zstN6zaRozrYNdqNwsurEfA/mECvKQcGew/BE0wG/nWXQLQpiX8MXIOikkyB +weslm0CiECBAthRVbEYaaCpp7mOSEQdx4MpU3dTfx7fp3Hv52CQuPcnqn7uL77vc +kwLuq0HZsS6uMLhRBccxtF1L3z7sEBaYmEkVGGcauQQpyoYWTs8Loixi0SmwNxGo +JvhdHvGEiSzujeyoTlRZAoIBAQDh6iwJmnRPSQgJVVJV/rwtQsQ/PArllmP2TC/O +Nscs+aScSRigclIfUFofZcQn25nKOQCuiiBsjpI7ISs2AfQs77CAmttFvrJHyGXU +P5yfyyHbK9iQkYi5beiIfCku2ATbEWVnSnhleMiMJTX5Ca8nuymMhe5wncNxcEKz +o8lYYkl2guMzuSBhiJjcnRE98ftqOf3ou0GZd8f53nHU+v6A/MeD2MmtCSvZ4xF7 +24KYGvXr6oLuk47CMgbLNd4pSXq5ZG3k/Zee3PV+wyEKvWp6ms9krbNtlamJlgp1 +XbKt/LCKAhwqgaYA8BtxZzkUbKGOooTzX2pj0jDiTNs7zlQ9AoIBAQC/YbxFqk2N +1xIG7Nb/F3VSShFdZCt95CpToEDe8fr3/WTGzJ1+tcHbABmwA8yaA6AHcMGm352i +Y7XOSvllTfGl/yVv8Lipxg6kUhA/gXany521JLXuLI0WkYuPASBHTo90FWM8qWoD +keLs3nPsmMpgVhTjfrlR9O7hzjjWhVqnj1qxBL00plyUdupRll8h9/8mi1NT4DXN +xNn+oBQtaPdw1K3Tj6I2ICUNcVIs5neNn+pXos8GB7sjG8f+YmXqdd2Owzqr6+ZG +3oSlYeYeMN7F8LDiuV3QopjTLALCNZULDCFfRWc/y5lRBvV6uu1A2v869YmEl109 +pas1H8x9CIcvAoIBAQDRFDVPaffMzO04HhPGbKvhQ5J2Z246TvYSoy33LnElaaFz +1p6JF2RzgJz3w+pHbRCmvByqbEFX1pb1TFw+bo557Baw3yCiKru6fXfoeDrPFGMw +ASM7oMUlv9deQXKn3NqZmD792kkUuDT6pxGNeu302l24pNcouImB+gBxWtrkBoqw +uK/nVaTnP1Ehk+e6KbKh/CvGcU9j5hxYXwuArg5OeCN6HW+AyiUgUOsEcwIpHYKN +pQsqG7wac8wf06nZEh0XaR/ftubU6u/1MkfpNaZO8+mO5sdRWxp9sDPbrSzJozwL +bap9mGF3KsBrMrn78hGO/VAIIT1IRuZg+fpIHkuNAoIBAQCKJLhL6RQ2EEqY6Rh/ +5aTwEzrZmNaz9qB+4KwywaSQoT2/Ki99KSGXPUlNflCP05IODNwb4kncz/CJyiCf +eVW2pqeVV8NT+PzUq8/Cp2bI0/cwrCEOnOXypniAbyWnkxOFjXKmdPtrPED7Dc/L +trZON5S4ad7HQ++y2rK4VmYLkTS7llokyPkGyZd18P8We/aXEfbCEpODxlY8r7wg +0yXZMguPLJzASQ+11likxG8DsazsOT8KcUYpn4ILI2fBh/a3eEC/nHYKLdC9uB7t +KAWGB6kG3xrS4KtDsv8CxL6izMzCAkz3BbXTgRxszMU5DVsyac4sAT5yo0UkAaIP +lrpNAoIBAG70LhnZXso4ojKYDC47e957Gqdw1Y6zuwf3g78jvYj/ImXoXFPFezDg +sc1A9g93QVdjcqyjuF1kMRm0L1wzPfv8HS+/Kk2CaMGg7/C+2RRBy72+ksud6lB9 +TBkng5T207IkeY/+5fvU0kAa0bYKnUo8rTbKpWudjzNkkEv7bYnaxRsUhIi9sZtm +7+V3wSYiFFSlX8TMlS47qKDFneA0o8794derkTMPrVnKbgjAE8DaRsxi8e+cML2K +8kWRoWBulyW52AjR/tC92VgcC7Fh7eJ36QOvmcKR0BJj+Yh3ffy9LcFfQBX20lxr +YiItYfIdakX+VAUr/AwmR1jOuPdrbqc= -----END PRIVATE KEY----- diff --git a/integration_test/init_bulk_test.go b/integration_test/init_bulk_test.go index ab801422..bb2fc9f6 100644 --- a/integration_test/init_bulk_test.go +++ b/integration_test/init_bulk_test.go @@ -43,7 +43,15 @@ func TestBulkHappyFlows4Ops(t *testing.T) { cli_initiator.StartDKG.Version = version cli_verify.Verify.Version = version t.Run("test 4 operators 1 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "1", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "1", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -51,14 +59,30 @@ func TestBulkHappyFlows4Ops(t *testing.T) { }) t.Run("test 4 operators 10 validators bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "10", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "10", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 4 operators 100 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "100", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "100", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -69,7 +93,13 @@ func TestBulkHappyFlows4Ops(t *testing.T) { require.NoError(t, err) validators := []int{1, 10, 100} for i, c := range initCeremonies { - args := []string{"verify", "--ceremonyDir", "./output/" + c.Name(), "--validators", strconv.Itoa(validators[i]), "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--nonce", strconv.Itoa(1), "--amount", "32000000000"} + args := []string{"verify", + "--ceremonyDir", "./output/" + c.Name(), + "--validators", strconv.Itoa(validators[i]), + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--nonce", strconv.Itoa(1), + "--amount", "32000000000"} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -109,21 +139,45 @@ func TestBulkHappyFlows7Ops(t *testing.T) { cli_initiator.StartDKG.Version = version cli_verify.Verify.Version = version t.Run("test 7 operators 1 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "1", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "1", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 7 operators 10 validators bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "10", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "10", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 7 operators 100 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "100", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "100", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -134,7 +188,13 @@ func TestBulkHappyFlows7Ops(t *testing.T) { require.NoError(t, err) validators := []int{1, 10, 100} for i, c := range initCeremonies { - args := []string{"verify", "--ceremonyDir", "./output/" + c.Name(), "--validators", strconv.Itoa(validators[i]), "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--nonce", strconv.Itoa(1), "--amount", "32000000000"} + args := []string{"verify", + "--ceremonyDir", "./output/" + c.Name(), + "--validators", strconv.Itoa(validators[i]), + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--nonce", strconv.Itoa(1), + "--amount", "32000000000"} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -174,21 +234,45 @@ func TestBulkHappyFlows10Ops(t *testing.T) { cli_initiator.StartDKG.Version = version cli_verify.Verify.Version = version t.Run("test 10 operators 1 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "1", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77,88,99,100", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "1", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77,88,99,100", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 10 operators 10 validators bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "10", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77,88,99,100", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "10", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77,88,99,100", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 10 operators 100 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "100", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77,88,99,100", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "100", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77,88,99,100", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -199,7 +283,13 @@ func TestBulkHappyFlows10Ops(t *testing.T) { require.NoError(t, err) validators := []int{1, 10, 100} for i, c := range initCeremonies { - args := []string{"verify", "--ceremonyDir", "./output/" + c.Name(), "--validators", strconv.Itoa(validators[i]), "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--nonce", strconv.Itoa(1), "--amount", "32000000000"} + args := []string{"verify", + "--ceremonyDir", "./output/" + c.Name(), + "--validators", strconv.Itoa(validators[i]), + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--nonce", strconv.Itoa(1), + "--amount", "32000000000"} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -239,21 +329,45 @@ func TestBulkHappyFlows13Ops(t *testing.T) { cli_initiator.StartDKG.Version = version cli_verify.Verify.Version = version t.Run("test 13 operators 1 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "1", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77,88,99,100,111,122,133", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "1", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77,88,99,100,111,122,133", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 13 operators 10 validators bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "10", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77,88,99,100,111,122,133", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "10", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77,88,99,100,111,122,133", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) resetFlags(RootCmd) }) t.Run("test 13 operators 100 validator bulk happy flow", func(t *testing.T) { - args := []string{"init", "--validators", "100", "--operatorsInfo", string(operators), "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44,55,66,77,88,99,100,111,122,133", "--nonce", "1", "--amount", "32000000000", "--clientCACertPath", "./certs/rootCA.crt"} + args := []string{"init", + "--validators", "100", + "--operatorsInfo", string(operators), + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--operatorIDs", "11,22,33,44,55,66,77,88,99,100,111,122,133", + "--nonce", "1", + "--amount", "32000000000", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -264,7 +378,13 @@ func TestBulkHappyFlows13Ops(t *testing.T) { require.NoError(t, err) validators := []int{1, 10, 100} for i, c := range initCeremonies { - args := []string{"verify", "--ceremonyDir", "./output/" + c.Name(), "--validators", strconv.Itoa(validators[i]), "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--nonce", strconv.Itoa(1), "--amount", "32000000000"} + args := []string{"verify", + "--ceremonyDir", "./output/" + c.Name(), + "--validators", strconv.Itoa(validators[i]), + "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--owner", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", + "--nonce", strconv.Itoa(1), + "--amount", "32000000000"} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) diff --git a/integration_test/init_integration_test.go b/integration_test/init_integration_test.go index 117ef9b6..9fa8fece 100644 --- a/integration_test/init_integration_test.go +++ b/integration_test/init_integration_test.go @@ -52,7 +52,7 @@ func TestInitOperatorsThreshold(t *testing.T) { }, } servers, ops := createOperators(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -78,7 +78,7 @@ func TestThreshold(t *testing.T) { }, } servers, ops := createOperators(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -177,11 +177,11 @@ func TestUnhappyFlows(t *testing.T) { }, } servers, ops := createOperators(t, version, stubClient) - ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 133, PubKey: &servers[12].PrivKey.PublicKey}) - ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 0, PubKey: &servers[12].PrivKey.PublicKey}) - ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 144, PubKey: &servers[12].PrivKey.PublicKey}) - ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 155, PubKey: &servers[12].PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "test.version", rootCert) + ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 133, PubKey: &servers[12].PrivKey.PublicKey}, + wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 0, PubKey: &servers[12].PrivKey.PublicKey}, + wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 144, PubKey: &servers[12].PrivKey.PublicKey}, + wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 155, PubKey: &servers[12].PrivKey.PublicKey}) + clnt, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -336,7 +336,7 @@ func TestLargeOperatorIDs(t *testing.T) { ops = append(ops, wire.OperatorCLI{Addr: srv12.HttpSrv.URL, ID: 12222, PubKey: &srv12.PrivKey.PublicKey}) srv13 := test_utils.CreateTestOperator(t, 13333, "test.version", operatorCert, operatorKey, stubClient) ops = append(ops, wire.OperatorCLI{Addr: srv13.HttpSrv.URL, ID: 13333, PubKey: &srv13.PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "test.version", rootCert) + clnt, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -378,7 +378,7 @@ func TestWrongInitiatorVersion(t *testing.T) { ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3, PubKey: &srv3.PrivKey.PublicKey}) srv4 := test_utils.CreateTestOperator(t, 4, "test.version", operatorCert, operatorKey, stubClient) ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4, PubKey: &srv4.PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "v1.0.0", rootCert) + clnt, err := initiator.New(ops, logger, "v1.0.0", rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -409,7 +409,7 @@ func TestWrongOperatorVersion(t *testing.T) { ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3, PubKey: &srv3.PrivKey.PublicKey}) srv4 := test_utils.CreateTestOperator(t, 4, "test.version", operatorCert, operatorKey, stubClient) ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4, PubKey: &srv4.PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "test.version", rootCert) + clnt, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) diff --git a/integration_test/reshare_bulk_test.go b/integration_test/reshare_bulk_test.go index edd2bb3a..f3fa6843 100644 --- a/integration_test/reshare_bulk_test.go +++ b/integration_test/reshare_bulk_test.go @@ -109,7 +109,8 @@ func TestBulkReshareHappyFlows4Ops(t *testing.T) { "--newOperatorIDs", "55,66,77,88", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -236,7 +237,8 @@ func TestBulkReshareHappyFlows7Ops(t *testing.T) { "--newOperatorIDs", "77,88,99,110,111,112,113", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -364,7 +366,8 @@ func TestBulkReshareHappyFlows10Ops(t *testing.T) { "--newOperatorIDs", "11,22,33,44", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -492,7 +495,8 @@ func TestBulkReshareHappyFlows13Ops(t *testing.T) { "--newOperatorIDs", "11,22,33,44", "--nonce", "10", "--amount", "2048000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) diff --git a/integration_test/reshare_eip1271_sig_test.go b/integration_test/reshare_eip1271_sig_test.go index b062d70c..5c38711e 100644 --- a/integration_test/reshare_eip1271_sig_test.go +++ b/integration_test/reshare_eip1271_sig_test.go @@ -45,7 +45,7 @@ func TestReshareValidEOASig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test reshare 4 new operators", func(t *testing.T) { ids := []uint64{11, 22, 33, 44} @@ -85,7 +85,7 @@ func TestReshareInvalidEOASig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test reshare 4 new operators", func(t *testing.T) { ids := []uint64{11, 22, 33, 44} @@ -126,7 +126,7 @@ func TestReshareValidContractSig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test reshare 4 new operators", func(t *testing.T) { ids := []uint64{11, 22, 33, 44} @@ -178,7 +178,7 @@ func TestReshareInvalidContractSig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test reshare 4 new operators", func(t *testing.T) { ids := []uint64{11, 22, 33, 44} diff --git a/integration_test/reshare_integration_test.go b/integration_test/reshare_integration_test.go index f6423f06..2288c686 100644 --- a/integration_test/reshare_integration_test.go +++ b/integration_test/reshare_integration_test.go @@ -55,7 +55,8 @@ func TestReshareHappyFlows4Ops(t *testing.T) { "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", - "--network", "holesky"} + "--network", "holesky", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -127,7 +128,8 @@ func TestReshareHappyFlows4Ops(t *testing.T) { "--newOperatorIDs", "55,66,77,88", "--network", "holesky", "--nonce", strconv.Itoa(10), - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -201,7 +203,8 @@ func TestReshareHappyFlows7Ops(t *testing.T) { "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", - "--network", "holesky"} + "--network", "holesky", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -272,7 +275,8 @@ func TestReshareHappyFlows7Ops(t *testing.T) { "--newOperatorIDs", "11,22,33,44,55,66,77", "--nonce", strconv.Itoa(10), "--network", "holesky", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -346,7 +350,8 @@ func TestReshareHappyFlows10Ops(t *testing.T) { "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", - "--network", "holesky"} + "--network", "holesky", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -417,7 +422,8 @@ func TestReshareHappyFlows10Ops(t *testing.T) { "--newOperatorIDs", "11,22,33,44,55,66,77,88,99,110", "--nonce", strconv.Itoa(10), "--network", "holesky", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -491,7 +497,8 @@ func TestReshareHappyFlows13Ops(t *testing.T) { "--withdrawAddress", "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494", "--operatorIDs", "11,22,33,44", "--nonce", "1", - "--network", "holesky"} + "--network", "holesky", + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err := RootCmd.Execute() require.NoError(t, err) @@ -562,7 +569,8 @@ func TestReshareHappyFlows13Ops(t *testing.T) { "--newOperatorIDs", "11,22,33,44,55,66,77,88,99,110,111,112,113", "--nonce", strconv.Itoa(10), "--network", "holesky", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) diff --git a/integration_test/reshare_threshold_old_ops_test.go b/integration_test/reshare_threshold_old_ops_test.go index 4e2627c2..747ff010 100644 --- a/integration_test/reshare_threshold_old_ops_test.go +++ b/integration_test/reshare_threshold_old_ops_test.go @@ -114,7 +114,8 @@ func TestReshareThresholdOldValidators4Ops(t *testing.T) { "--newOperatorIDs", "55,66,77,88", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -243,7 +244,8 @@ func TestReshareThresholdOldValidators7Ops(t *testing.T) { "--newOperatorIDs", "44,55,66,77,88,99,110", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -374,7 +376,8 @@ func TestReshareThresholdOldValidators10Ops(t *testing.T) { "--newOperatorIDs", "77,88,99,110,111,112,113", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -505,7 +508,8 @@ func TestReshareThresholdOldValidators13Ops(t *testing.T) { "--newOperatorIDs", "77,88,99,110,111,112,113", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) diff --git a/integration_test/resign_bulk_test.go b/integration_test/resign_bulk_test.go index 9f1aefc8..69f1f483 100644 --- a/integration_test/resign_bulk_test.go +++ b/integration_test/resign_bulk_test.go @@ -113,7 +113,8 @@ func TestBulkResignHappyFlows4Ops(t *testing.T) { "--operatorIDs", "11,22,33,44", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -236,7 +237,8 @@ func TestBulkResignHappyFlows7Ops(t *testing.T) { "--operatorIDs", "11,22,33,44,55,66,77", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -359,7 +361,8 @@ func TestBulkResignHappyFlows10Ops(t *testing.T) { "--operatorIDs", "11,22,33,44,55,66,77,88,99,110", "--nonce", "10", "--amount", "32000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) @@ -483,7 +486,8 @@ func TestBulkResingHappyFlows13Ops(t *testing.T) { "--operatorIDs", "11,22,33,44,55,66,77,88,99,110,111,112,113", "--nonce", "10", "--amount", "2048000000000", - "--signatures", signature} + "--signatures", signature, + "--clientCACertPath", rootCert[0]} RootCmd.SetArgs(args) err = RootCmd.Execute() require.NoError(t, err) diff --git a/integration_test/resign_eip1271_sig_test.go b/integration_test/resign_eip1271_sig_test.go index 160ed273..b88594ff 100644 --- a/integration_test/resign_eip1271_sig_test.go +++ b/integration_test/resign_eip1271_sig_test.go @@ -43,7 +43,7 @@ func TestResignValidEOASig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test resign 4 operators", func(t *testing.T) { signedProofs, err := wire.LoadProofs("./stubs/bulk/4/ceremony-2024-10-21--09-56-54.375/000001-0x801bca4e379a2e240ed004acbe8f905a0a43f3322faa251fbb9c8d4d49af8ba9c669e930ea7caa234cb7d537d600e9ee/proofs.json") @@ -91,7 +91,7 @@ func TestResignInvalidEOASig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - c, err := initiator.New(ops, logger, version, rootCert) + c, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test resign 4 operators", func(t *testing.T) { signedProofs, err := wire.LoadProofs("./stubs/bulk/4/ceremony-2024-10-21--09-56-54.375/000001-0x801bca4e379a2e240ed004acbe8f905a0a43f3322faa251fbb9c8d4d49af8ba9c669e930ea7caa234cb7d537d600e9ee/proofs.json") @@ -147,7 +147,7 @@ func TestResignValidContractSig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test resign 4 operators", func(t *testing.T) { signedProofs, err := wire.LoadProofs("./stubs/bulk/4/ceremony-2024-10-21--09-56-54.375/000001-0x801bca4e379a2e240ed004acbe8f905a0a43f3322faa251fbb9c8d4d49af8ba9c669e930ea7caa234cb7d537d600e9ee/proofs.json") @@ -206,7 +206,7 @@ func TestResignInvalidContractSig(t *testing.T) { }, } servers, ops := createOperatorsFromExamplesFolder(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) t.Run("test resign 4 operators", func(t *testing.T) { signedProofs, err := wire.LoadProofs("./stubs/bulk/4/ceremony-2024-10-21--09-56-54.375/000001-0x801bca4e379a2e240ed004acbe8f905a0a43f3322faa251fbb9c8d4d49af8ba9c669e930ea7caa234cb7d537d600e9ee/proofs.json") diff --git a/integration_test/resign_integration_test.go b/integration_test/resign_integration_test.go index f4e6fe29..c2052c6b 100644 --- a/integration_test/resign_integration_test.go +++ b/integration_test/resign_integration_test.go @@ -7,15 +7,15 @@ import ( "github.com/bloxapp/ssv/logging" "github.com/ethereum/go-ethereum" eth_crypto "github.com/ethereum/go-ethereum/crypto" - "github.com/ssvlabs/ssv-dkg/pkgs/initiator" - "github.com/ssvlabs/ssv-dkg/pkgs/validator" - "github.com/ssvlabs/ssv-dkg/pkgs/wire" "github.com/stretchr/testify/require" "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" spec_crypto "github.com/ssvlabs/dkg-spec/crypto" "github.com/ssvlabs/dkg-spec/testing/stubs" + "github.com/ssvlabs/ssv-dkg/pkgs/initiator" + "github.com/ssvlabs/ssv-dkg/pkgs/validator" + "github.com/ssvlabs/ssv-dkg/pkgs/wire" ) func TestInitResignHappyFlows(t *testing.T) { @@ -29,7 +29,7 @@ func TestInitResignHappyFlows(t *testing.T) { }, } servers, ops := createOperators(t, version, stubClient) - clnt, err := initiator.New(ops, logger, version, rootCert) + clnt, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) withdraw := newEthAddress(t) sk, err := eth_crypto.GenerateKey() diff --git a/pkgs/crypto/crypto_test.go b/pkgs/crypto/crypto_test.go index ca68c51c..c8f029f5 100644 --- a/pkgs/crypto/crypto_test.go +++ b/pkgs/crypto/crypto_test.go @@ -10,7 +10,7 @@ import ( "github.com/drand/kyber/pairing" "github.com/drand/kyber/share" "github.com/drand/kyber/share/dkg" - drand_bls "github.com/drand/kyber/sign/bls" //nolint:all + drand_bls "github.com/drand/kyber/sign/bls" //nolint:all //deprecated: use only NewSchemeOnG2 func "github.com/drand/kyber/sign/tbls" "github.com/drand/kyber/util/random" "github.com/herumi/bls-eth-go-binary/bls" diff --git a/pkgs/dkg/drand.go b/pkgs/dkg/drand.go index a1ede187..748dbd32 100644 --- a/pkgs/dkg/drand.go +++ b/pkgs/dkg/drand.go @@ -12,10 +12,11 @@ import ( "github.com/drand/kyber/pairing" kyber_share "github.com/drand/kyber/share" kyber_dkg "github.com/drand/kyber/share/dkg" - drand_bls "github.com/drand/kyber/sign/bls" //nolint:all + drand_bls "github.com/drand/kyber/sign/bls" //nolint:all //deprecated: use only NewSchemeOnG2 func "github.com/drand/kyber/util/random" "github.com/herumi/bls-eth-go-binary/bls" "github.com/pkg/errors" + "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" spec_crypto "github.com/ssvlabs/dkg-spec/crypto" @@ -23,7 +24,6 @@ import ( "github.com/ssvlabs/ssv-dkg/pkgs/crypto" "github.com/ssvlabs/ssv-dkg/pkgs/utils" "github.com/ssvlabs/ssv-dkg/pkgs/wire" - "go.uber.org/zap" ) // DKGdata structure to store at LocalOwner information about initial message parameters and secret scalar to be used as input for DKG protocol diff --git a/pkgs/initiator/initiator.go b/pkgs/initiator/initiator.go index 9ce78dc8..bf6eb157 100644 --- a/pkgs/initiator/initiator.go +++ b/pkgs/initiator/initiator.go @@ -98,13 +98,14 @@ func GenerateAggregatesKeyshares(keySharesArr []*wire.KeySharesCLI) (*wire.KeySh } // New creates a main initiator structure -func New(operators wire.OperatorsCLI, logger *zap.Logger, ver string, certs []string) (*Initiator, error) { +func New(operators wire.OperatorsCLI, logger *zap.Logger, ver string, certs []string, tlsInsecure bool) (*Initiator, error) { client := req.C() - // set CA certificates if any - if len(certs) > 0 { - client.SetRootCertsFromFile(certs...) - } else { + // set CA certificates + if tlsInsecure { + logger.Warn("Dangerous, not secure!!! No CA certificates provided at 'clientCACertPath'. TLS 'InsecureSkipVerify' is set to true, accepting any TLS certificates authorities.") client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}) + } else { + client.SetRootCertsFromFile(certs...) } // Set timeout for operator responses client.SetTimeout(30 * time.Second) @@ -483,7 +484,7 @@ func (c *Initiator) CreateCeremonyResults( } var proofsArray []*wire.SignedProof for _, res := range dkgResults { - proofsArray = append(proofsArray, &wire.SignedProof{res.SignedProof}) //nolint:all + proofsArray = append(proofsArray, &wire.SignedProof{SignedProof: res.SignedProof}) } proofsData, err := json.Marshal(proofsArray) if err != nil { @@ -619,35 +620,35 @@ func parseDKGResultsFromBytes(responseResult [][]byte) (dkgResults []*spec.Resul } // SendInitMsg sends initial DKG ceremony message to participating operators from initiator -func (c *Initiator) SendInitMsg(id [24]byte, init *spec.Init, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error, error) { +func (c *Initiator) SendInitMsg(id [24]byte, init *spec.Init, operators []*spec.Operator) (results map[uint64][]byte, errs map[uint64]error, err error) { signedInitMsgBts, err := c.prepareAndSignMessage(init, wire.InitMessageType, id, c.Version) if err != nil { return nil, nil, err } - results, errs := c.SendToAll(consts.API_INIT_URL, signedInitMsgBts, operators) + results, errs = c.SendToAll(consts.API_INIT_URL, signedInitMsgBts, operators) return results, errs, nil } -func (c *Initiator) SendResignMsg(id [24]byte, resign *wire.SignedResign, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error, error) { +func (c *Initiator) SendResignMsg(id [24]byte, resign *wire.SignedResign, operators []*spec.Operator) (results map[uint64][]byte, errs map[uint64]error, err error) { signedResignMsgBts, err := c.prepareAndSignMessage(resign, wire.SignedResignMessageType, id, c.Version) if err != nil { return nil, nil, err } - results, errs := c.SendToAll(consts.API_RESIGN_URL, signedResignMsgBts, operators) + results, errs = c.SendToAll(consts.API_RESIGN_URL, signedResignMsgBts, operators) return results, errs, nil } -func (c *Initiator) SendReshareMsg(id [24]byte, reshare *wire.SignedReshare, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error, error) { +func (c *Initiator) SendReshareMsg(id [24]byte, reshare *wire.SignedReshare, operators []*spec.Operator) (results map[uint64][]byte, errs map[uint64]error, err error) { signedReshareMsgBts, err := c.prepareAndSignMessage(reshare, wire.SignedReshareMessageType, id, c.Version) if err != nil { return nil, nil, err } - results, errs := c.SendToAll(consts.API_RESHARE_URL, signedReshareMsgBts, operators) + results, errs = c.SendToAll(consts.API_RESHARE_URL, signedReshareMsgBts, operators) return results, errs, nil } // SendExchangeMsgs sends combined exchange messages to each operator participating in DKG ceremony -func (c *Initiator) SendExchangeMsgs(id [24]byte, exchangeMsgs map[uint64][]byte, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error, error) { +func (c *Initiator) SendExchangeMsgs(id [24]byte, exchangeMsgs map[uint64][]byte, operators []*spec.Operator) (results map[uint64][]byte, errs map[uint64]error, err error) { mltpl, err := makeMultipleSignedTransports(c.PrivateKey, id, exchangeMsgs) if err != nil { return nil, nil, err @@ -656,11 +657,11 @@ func (c *Initiator) SendExchangeMsgs(id [24]byte, exchangeMsgs map[uint64][]byte if err != nil { return nil, nil, err } - results, errs := c.SendToAll(consts.API_DKG_URL, mltplbyts, operators) + results, errs = c.SendToAll(consts.API_DKG_URL, mltplbyts, operators) return results, errs, nil } -func (c *Initiator) SendExchangeMsgsReshare(id [24]byte, exchangeMsgs map[uint64][]byte, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error, error) { +func (c *Initiator) SendExchangeMsgsReshare(id [24]byte, exchangeMsgs map[uint64][]byte, operators []*spec.Operator) (results map[uint64][]byte, errs map[uint64]error, err error) { mltpl, err := makeMultipleSignedTransports(c.PrivateKey, id, exchangeMsgs) if err != nil { return nil, nil, err @@ -669,12 +670,12 @@ func (c *Initiator) SendExchangeMsgsReshare(id [24]byte, exchangeMsgs map[uint64 if err != nil { return nil, nil, err } - results, errs := c.SendToAll(consts.API_DKG_URL, mltplbyts, operators) + results, errs = c.SendToAll(consts.API_DKG_URL, mltplbyts, operators) return results, errs, nil } // SendKyberMsgs sends combined kyber messages to each operator participating in DKG ceremony -func (c *Initiator) SendKyberMsgs(id [24]byte, kyberDeals map[uint64][]byte, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error, error) { +func (c *Initiator) SendKyberMsgs(id [24]byte, kyberDeals map[uint64][]byte, operators []*spec.Operator) (results map[uint64][]byte, errs map[uint64]error, err error) { mltpl2, err := makeMultipleSignedTransports(c.PrivateKey, id, kyberDeals) if err != nil { return nil, nil, err @@ -683,7 +684,7 @@ func (c *Initiator) SendKyberMsgs(id [24]byte, kyberDeals map[uint64][]byte, ope if err != nil { return nil, nil, err } - results, errs := c.SendToAll(consts.API_DKG_URL, mltpl2byts, operators) + results, errs = c.SendToAll(consts.API_DKG_URL, mltpl2byts, operators) return results, errs, nil } diff --git a/pkgs/initiator/initiator_test.go b/pkgs/initiator/initiator_test.go index 81001920..0a96a148 100644 --- a/pkgs/initiator/initiator_test.go +++ b/pkgs/initiator/initiator_test.go @@ -14,17 +14,17 @@ import ( "github.com/ethereum/go-ethereum" "github.com/ethereum/go-ethereum/common" "github.com/herumi/bls-eth-go-binary/bls" - "github.com/ssvlabs/ssv-dkg/pkgs/crypto" - "github.com/ssvlabs/ssv-dkg/pkgs/initiator" - "github.com/ssvlabs/ssv-dkg/pkgs/utils/test_utils" - "github.com/ssvlabs/ssv-dkg/pkgs/validator" - "github.com/ssvlabs/ssv-dkg/pkgs/wire" "github.com/stretchr/testify/require" "go.uber.org/zap" spec "github.com/ssvlabs/dkg-spec" spec_crypto "github.com/ssvlabs/dkg-spec/crypto" "github.com/ssvlabs/dkg-spec/testing/stubs" + "github.com/ssvlabs/ssv-dkg/pkgs/crypto" + "github.com/ssvlabs/ssv-dkg/pkgs/initiator" + "github.com/ssvlabs/ssv-dkg/pkgs/utils/test_utils" + "github.com/ssvlabs/ssv-dkg/pkgs/validator" + "github.com/ssvlabs/ssv-dkg/pkgs/wire" ) var ( @@ -81,7 +81,7 @@ func TestStartDKG(t *testing.T) { withdraw := common.HexToAddress("0x0000000000000000000000000000000000000009") owner := common.HexToAddress("0x0000000000000000000000000000000000000007") t.Run("happy flow", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "test.version", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) id := spec.NewID() depositData, keyshares, proofs, err := intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4}, "mainnet", owner, 0, uint64(spec_crypto.MIN_ACTIVATION_BALANCE)) @@ -90,21 +90,21 @@ func TestStartDKG(t *testing.T) { require.NoError(t, err) }) t.Run("test wrong amount of opeators < 4", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "test.version", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) id := spec.NewID() _, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3}, "mainnet", owner, 0, uint64(spec_crypto.MIN_ACTIVATION_BALANCE)) require.ErrorContains(t, err, "amount of operators should be 4,7,10,13: got 3") }) t.Run("test wrong amount of opeators > 13", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "test.version", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) id := spec.NewID() _, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}, "prater", owner, 0, uint64(spec_crypto.MIN_ACTIVATION_BALANCE)) require.ErrorContains(t, err, "amount of operators should be 4,7,10,13: got 14") }) t.Run("test opeators not unique", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "test.version", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert, false) require.NoError(t, err) id := spec.NewID() _, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4, 5, 6, 7, 7, 9, 10, 11, 12, 12}, "holesky", owner, 0, uint64(spec_crypto.MIN_ACTIVATION_BALANCE)) diff --git a/pkgs/initiator/requests.go b/pkgs/initiator/requests.go index f806435b..2a5f5d80 100644 --- a/pkgs/initiator/requests.go +++ b/pkgs/initiator/requests.go @@ -6,9 +6,9 @@ import ( "io" "strings" - spec "github.com/ssvlabs/dkg-spec" "go.uber.org/zap" + spec "github.com/ssvlabs/dkg-spec" "github.com/ssvlabs/ssv-dkg/pkgs/wire" ) @@ -58,8 +58,8 @@ func (c *Initiator) GetAndCollect(op wire.OperatorCLI, method string) ([]byte, e } // SendToAll sends http messages to all operators. Makes sure that all responses are received -func (c *Initiator) SendToAll(method string, msg []byte, operators []*spec.Operator) (map[uint64][]byte, map[uint64]error) { - errs := make(map[uint64]error, 0) +func (c *Initiator) SendToAll(method string, msg []byte, operators []*spec.Operator) (responses map[uint64][]byte, errs map[uint64]error) { + errs = make(map[uint64]error, 0) resc := make(chan opReqResult, len(operators)) for _, op := range operators { operator := c.Operators.ByID(op.ID) @@ -75,7 +75,7 @@ func (c *Initiator) SendToAll(method string, msg []byte, operators []*spec.Opera } }() } - responses := make(map[uint64][]byte) + responses = make(map[uint64][]byte) for i := 0; i < len(operators); i++ { res := <-resc if res.err != nil { diff --git a/pkgs/operator/operator_test.go b/pkgs/operator/operator_test.go index 7bd5e6a6..5eaf94c9 100644 --- a/pkgs/operator/operator_test.go +++ b/pkgs/operator/operator_test.go @@ -13,20 +13,20 @@ import ( "time" "github.com/attestantio/go-eth2-client/spec/phase0" + "github.com/bloxapp/ssv/logging" + "github.com/bloxapp/ssv/utils/rsaencryption" kyber_bls12381 "github.com/drand/kyber-bls12381" "github.com/drand/kyber/share" "github.com/ethereum/go-ethereum" "github.com/ethereum/go-ethereum/common" "github.com/herumi/bls-eth-go-binary/bls" "github.com/imroc/req/v3" - spec "github.com/ssvlabs/dkg-spec" - spec_crypto "github.com/ssvlabs/dkg-spec/crypto" - "github.com/ssvlabs/dkg-spec/testing/stubs" "github.com/stretchr/testify/require" "go.uber.org/zap" - "github.com/bloxapp/ssv/logging" - "github.com/bloxapp/ssv/utils/rsaencryption" + spec "github.com/ssvlabs/dkg-spec" + spec_crypto "github.com/ssvlabs/dkg-spec/crypto" + "github.com/ssvlabs/dkg-spec/testing/stubs" cli_utils "github.com/ssvlabs/ssv-dkg/cli/utils" "github.com/ssvlabs/ssv-dkg/pkgs/consts" "github.com/ssvlabs/ssv-dkg/pkgs/crypto" @@ -247,7 +247,7 @@ func TestWrongInitiatorSignature(t *testing.T) { owner := common.HexToAddress("0x0000000000000000000000000000000000000007") ids := []uint64{1, 2, 3, 4} - c, err := initiator.New(ops, logger, version, rootCert) + c, err := initiator.New(ops, logger, version, rootCert, false) require.NoError(t, err) // compute threshold (3f+1) threshold := utils.GetThreshold(ids) diff --git a/pkgs/validator/directory.go b/pkgs/validator/directory.go index 104b8b8c..736f01e4 100644 --- a/pkgs/validator/directory.go +++ b/pkgs/validator/directory.go @@ -1,6 +1,7 @@ package validator import ( + "bytes" "encoding/hex" "encoding/json" "fmt" @@ -224,7 +225,7 @@ func jsonEqual(a, b any) error { if err != nil { return fmt.Errorf("failed to marshal b: %w", err) } - if string(ja) != string(jb) { + if !bytes.Equal(ja, jb) { return fmt.Errorf("json does not match: %s != %s", ja, jb) } return nil diff --git a/pkgs/wire/types_json.go b/pkgs/wire/types_json.go index dce58d60..bc060d87 100644 --- a/pkgs/wire/types_json.go +++ b/pkgs/wire/types_json.go @@ -147,22 +147,6 @@ func (op *Operator) UnmarshalJSON(data []byte) error { return nil } -func NewReshareFromSpec(r *spec.Reshare) *Reshare { - return &Reshare{*r} -} - -func NewResignFromSpec(r *spec.Resign) *Resign { - return &Resign{*r} -} - -func (r *Reshare) ToSpecReshare() *spec.Reshare { - return &r.Reshare -} - -func (r *Resign) ToSpecResign() *spec.Resign { - return &r.Resign -} - func NewOperatorFromSpec(op spec.Operator) *Operator { return &Operator{op} } @@ -345,6 +329,14 @@ type ResignJSON struct { Amount uint64 `json:"amount"` } +func (r *Resign) ToSpecResign() *spec.Resign { + return &r.Resign +} + +func NewResignFromSpec(r *spec.Resign) *Resign { + return &Resign{*r} +} + func (r *Resign) MarshalJSON() ([]byte, error) { return json.Marshal(ResignJSON{ ValidatorPubKey: hex.EncodeToString(r.ValidatorPubKey), @@ -434,6 +426,14 @@ type Reshare struct { spec.Reshare } +func NewReshareFromSpec(r *spec.Reshare) *Reshare { + return &Reshare{*r} +} + +func (r *Reshare) ToSpecReshare() *spec.Reshare { + return &r.Reshare +} + func (r *Reshare) MarshalJSON() ([]byte, error) { // Convert []*spec.Operator to []*Operator for marshaling specOldOperators := make([]*Operator, len(r.OldOperators))