introduce `loadJwtSecret` helper (#3856)

Extract repeated code to load the JWT secret file into a separate func.

beacon_chain/conf.nim

@@ -21,7 +21,7 @@ import
   eth/common/eth_types as commonEthTypes, eth/net/nat,
   eth/p2p/discoveryv5/enr,
   json_serialization, web3/[ethtypes, confutils_defs],
-  ./spec/[keystore, network, crypto],
+  ./spec/[engine_authentication, keystore, network, crypto],
   ./spec/datatypes/base,
   ./networking/network_metadata,
   ./validators/slashing_protection_common,
@@ -1153,3 +1153,27 @@ proc loadEth2Network*(
 
 template loadEth2Network*(config: BeaconNodeConf): Eth2NetworkMetadata =
   loadEth2Network(config.eth2Network)
+
+proc loadJwtSecret*(
+    rng: var HmacDrbgContext,
+    dataDir: string,
+    jwtSecret: Option[string],
+    allowCreate: bool): Option[seq[byte]] =
+  # Some Web3 endpoints aren't compatible with JWT, but if explicitly chosen,
+  # use it regardless.
+  if jwtSecret.isSome or allowCreate:
+    let secret = rng.checkJwtSecret(dataDir, jwtSecret)
+    if secret.isErr:
+      fatal "Specified a JWT secret file which couldn't be loaded",
+        err = secret.error
+      quit 1
+
+    some secret.get
+  else:
+    none(seq[byte])
+
+template loadJwtSecret*(
+    rng: var HmacDrbgContext,
+    config: BeaconNodeConf,
+    allowCreate: bool): Option[seq[byte]] =
+  rng.loadJwtSecret(string(config.dataDir), config.jwtSecret, allowCreate)

beacon_chain/nimbus_beacon_node.nim

@@ -495,20 +495,7 @@ proc init*(T: type BeaconNode,
     fatal "--finalized-checkpoint-block cannot be specified without --finalized-checkpoint-state"
     quit 1
 
-  let optJwtSecret =
-    # Some Web3 endpoints aren't compatible with JWT, but if explicitly chosen,
-    # use it regardless.
-    if config.jwtSecret.isSome:
-      let jwtSecret = rng[].checkJwtSecret(
-        string(config.dataDir), config.jwtSecret)
-      if jwtSecret.isErr:
-         fatal "Specified a JWT secret file which couldn't be loaded",
-           err = jwtSecret.error
-         quit 1
-
-      some jwtSecret.get
-    else:
-      none(seq[byte])
+  let optJwtSecret = rng[].loadJwtSecret(config, allowCreate = false)
 
   template getDepositContractSnapshot: auto =
     if depositContractSnapshot.isSome:
@@ -1888,15 +1875,7 @@ proc doCreateTestnet*(config: BeaconNodeConf, rng: var HmacDrbgContext) {.raises
     eth1Hash = if config.web3Urls.len == 0: eth1BlockHash
                else: (waitFor getEth1BlockHash(
                  config.web3Urls[0], blockId("latest"),
-                 block:
-                   let jwtSecret = rng.checkJwtSecret(
-                     string(config.dataDir), config.jwtSecret)
-                   if jwtSecret.isErr:
-                      fatal "Specified a JWT secret file which couldn't be loaded",
-                        err = jwtSecret.error
-                      quit 1
-
-                   some jwtSecret.get)).asEth2Digest
+                 rng.loadJwtSecret(config, allowCreate = true))).asEth2Digest
     cfg = getRuntimeConfig(config.eth2Network)
   var
     initialState = newClone(initialize_beacon_state_from_eth1(
@@ -1977,15 +1956,7 @@ proc doWeb3Cmd(config: BeaconNodeConf, rng: var HmacDrbgContext)
 
     waitFor testWeb3Provider(config.web3TestUrl,
                              metadata.cfg.DEPOSIT_CONTRACT_ADDRESS,
-                             block:
-                               let jwtSecret = rng.checkJwtSecret(
-                                 string(config.dataDir), config.jwtSecret)
-
-                               if jwtSecret.isErr:
-                                 fatal "Specified a JWT secret file which couldn't be loaded",
-                                   err = jwtSecret.error
-                                 quit 1
-                               some jwtSecret.get)
+                             rng.loadJwtSecret(config, allowCreate = true))
 
 proc doSlashingExport(conf: BeaconNodeConf) {.raises: [IOError, Defect].}=
   let