feat: Commit boost API - Get Public Keys #1031
Conversation
-- Implement route and handlers for /signer_v1_get_pubkeys
usmansaleem
added
doc-change-required
.../src/test/java/tech/pegasys/web3signer/signing/config/DefaultArtifactSignerProviderTest.java
Outdated
Show resolved
Hide resolved
| @@ -164,6 +165,7 @@ private static class NetworkCliCompletionCandidates extends ArrayList<String> { | |||
| @Mixin private PicoKeystoresParameters keystoreParameters; | |||
| @Mixin private PicoCliAwsSecretsManagerParameters awsSecretsManagerParameters; | |||
| @Mixin private PicoCliGcpSecretManagerParameters gcpSecretManagerParameters; | |||
| @Mixin private PicoCommitBoostApiParameters commitBoostApiParameters; | |||
There was a problem hiding this comment.
It's not quite right to add this into the eth2 API as it has secp signing as well. I think it would be better to add this to the default or base command rather than a subcommand as that's where we want all the other functionality eventually too
There was a problem hiding this comment.
Because the upcoming GenerateProxyKey requires Spec (to calculate genesis fork version) and gvr to compute the root. The spec and gvr is specific to "eth2" mode, hence the commit boost API is specific to eth2 mode as well and won't work in eth1 mode at all.
I can still move it to base level, but we will only be using it in eth2 mode.
| // obtain DefaultArtifactSignerProvider as that is the only one we are dealing in eth2 mode. | ||
| final ArtifactSignerProvider artifactSignerProvider = | ||
| artifactSignerProviders.stream() | ||
| .filter(provider -> provider instanceof DefaultArtifactSignerProvider) |
There was a problem hiding this comment.
Why does commit boost only work with the DefaultArtifactSignerProvider?
There was a problem hiding this comment.
commit boost only works in eth2 mode. The DefaultArtifactSignerProvider will load both v3 and v4 proxy signers for each of the main BLS signer. The SECPArtifactSigner that is used in eth1 mode (the eth address is used as identifier there) is not applicable for commit boost routes and handlers.
| && identifierPath.toFile().isDirectory()) { | ||
| final Path v4Dir = identifierPath.resolve("v4"); | ||
|
|
||
| if (v4Dir.toFile().canRead() && v4Dir.toFile().isDirectory()) { |
There was a problem hiding this comment.
Why are separate directories for each proxy key version needed? Pretty sure the file formats have a version
There was a problem hiding this comment.
This allow easier loading using existing BLS and SECP bulkloading utility classes. Otherwise, I would have to parse json, check the version, and then invoke BLS or SECP decryption logic. Since the proxy keys Generate logic (the other PR) is controlled programmatically, the user is not involved in placing these files.
There was a problem hiding this comment.
each delegator (BLS Signer) can have BLS Proxy Signers and SECP Proxy Signers. Hence:
/commit_boost_keystores_dir
..../0xblskey0..n/
.........../0xblskey0..n/v3/0xproxy_secp_key0...n
.........../0xblskey0..n/v4/0xproxy_bls_key0...n
There was a problem hiding this comment.
as discussed, updated to use BLS and SECP256K1 as subdirectories for each signer public key.
alexandratran
removed
the
doc-change-required
PR Description
feat: Commit boost API - Get Public Keys. Implementing commit boost API as defined at https://commit-boost.github.io/commit-boost-client/api
Note: This PR does not return compressed SECP public key. This will be handled in PR #1033
--commit-boost-api-enabled=<true|false>. To enable commit boost API--proxy-keystores-path. Path to the directory that will read and store encrypted proxy keys in v4 (BLS) and v3 (SECP) formats.--proxy-keystores-password-file. The path to file that contains password to encrypt and decrypt proxy keystores./signer/v1/get_pubkeysFixed Issue(s)
See #1017
Documentation
doc-change-requiredlabel to this PR if updates are required.Changelog
Testing