cleanup `getPersistentNetKeys` for better reuse (#3859)
Allow using `getPersistentNetKeys` without passing a `config`, and reuse local helpers in its implementation.
This commit is contained in:
parent
806536a040
commit
ee4e4ddeab
|
@ -2034,129 +2034,90 @@ proc initAddress(T: type MultiAddress, str: string): T =
|
|||
template tcpEndPoint(address, port): auto =
|
||||
MultiAddress.init(address, tcpProtocol, port)
|
||||
|
||||
proc optimisticgetRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
|
||||
let res = PrivateKey.random(Secp256k1, rng)
|
||||
if res.isErr():
|
||||
fatal "Could not generate random network key file"
|
||||
quit QuitFailure
|
||||
|
||||
let
|
||||
privKey = res.get()
|
||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
||||
func initNetKeys(privKey: PrivateKey): NetKeyPair =
|
||||
let pubKey = privKey.getPublicKey().expect("working public key from random")
|
||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
||||
|
||||
proc getPersistentNetKeys*(rng: var HmacDrbgContext,
|
||||
config: BeaconNodeConf): NetKeyPair =
|
||||
case config.cmd
|
||||
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
|
||||
if config.netKeyFile == "random":
|
||||
let res = PrivateKey.random(Secp256k1, rng)
|
||||
if res.isErr():
|
||||
proc getRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
|
||||
let privKey = PrivateKey.random(Secp256k1, rng).valueOr:
|
||||
fatal "Could not generate random network key file"
|
||||
quit QuitFailure
|
||||
initNetKeys(privKey)
|
||||
|
||||
proc getPersistentNetKeys(
|
||||
rng: var HmacDrbgContext,
|
||||
dataDir, netKeyFile: string,
|
||||
netKeyInsecurePassword: bool,
|
||||
allowLoadExisting: bool): NetKeyPair =
|
||||
if netKeyFile == "random":
|
||||
let
|
||||
privKey = res.get()
|
||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
||||
pres = PeerId.init(pubKey)
|
||||
if pres.isErr():
|
||||
keys = rng.getRandomNetKeys()
|
||||
pres = PeerId.init(keys.pubkey).valueOr:
|
||||
fatal "Could not obtain PeerId from network key"
|
||||
quit QuitFailure
|
||||
info "Generating new networking key", network_public_key = pubKey,
|
||||
network_peer_id = $pres.get()
|
||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
||||
info "Generating new networking key",
|
||||
network_public_key = keys.pubkey, network_peer_id = $pres
|
||||
keys
|
||||
else:
|
||||
let keyPath =
|
||||
if isAbsolute(config.netKeyFile):
|
||||
config.netKeyFile
|
||||
else:
|
||||
config.dataDir / config.netKeyFile
|
||||
|
||||
if fileAccessible(keyPath, {AccessFlags.Find}):
|
||||
info "Network key storage is present, unlocking", key_path = keyPath
|
||||
|
||||
let
|
||||
# Insecure password used only for automated testing.
|
||||
let insecurePassword =
|
||||
if config.netKeyInsecurePassword:
|
||||
insecurePassword =
|
||||
if netKeyInsecurePassword:
|
||||
some(NetworkInsecureKeyPassword)
|
||||
else:
|
||||
none[string]()
|
||||
|
||||
let res = loadNetKeystore(keyPath, insecurePassword)
|
||||
if res.isNone():
|
||||
keyPath =
|
||||
if isAbsolute(netKeyFile):
|
||||
netKeyFile
|
||||
else:
|
||||
dataDir / netKeyFile
|
||||
logScope: key_path = keyPath
|
||||
|
||||
if fileAccessible(keyPath, {AccessFlags.Find}) and allowLoadExisting:
|
||||
info "Network key storage is present, unlocking"
|
||||
|
||||
let
|
||||
privKey = loadNetKeystore(keyPath, insecurePassword).valueOr:
|
||||
fatal "Could not load network key file"
|
||||
quit QuitFailure
|
||||
let
|
||||
privKey = res.get()
|
||||
pubKey = privKey.getPublicKey().expect("working public key from file")
|
||||
keys = initNetKeys(privKey)
|
||||
info "Network key storage was successfully unlocked",
|
||||
key_path = keyPath, network_public_key = pubKey
|
||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
||||
network_public_key = keys.pubkey
|
||||
keys
|
||||
else:
|
||||
if allowLoadExisting:
|
||||
info "Network key storage is missing, creating a new one",
|
||||
key_path = keyPath
|
||||
let rres = PrivateKey.random(Secp256k1, rng)
|
||||
if rres.isErr():
|
||||
fatal "Could not generate random network key file"
|
||||
quit QuitFailure
|
||||
|
||||
let
|
||||
privKey = rres.get()
|
||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
||||
|
||||
# Insecure password used only for automated testing.
|
||||
let insecurePassword =
|
||||
if config.netKeyInsecurePassword:
|
||||
some(NetworkInsecureKeyPassword)
|
||||
else:
|
||||
none[string]()
|
||||
|
||||
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
|
||||
keys = rng.getRandomNetKeys()
|
||||
sres = saveNetKeystore(rng, keyPath, keys.seckey, insecurePassword)
|
||||
if sres.isErr():
|
||||
fatal "Could not create network key file", key_path = keyPath
|
||||
fatal "Could not create network key file"
|
||||
quit QuitFailure
|
||||
|
||||
info "New network key storage was created", key_path = keyPath,
|
||||
network_public_key = pubKey
|
||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
||||
info "New network key storage was created",
|
||||
network_public_key = keys.pubkey
|
||||
keys
|
||||
|
||||
proc getPersistentNetKeys*(
|
||||
rng: var HmacDrbgContext, config: BeaconNodeConf): NetKeyPair =
|
||||
case config.cmd
|
||||
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
|
||||
rng.getPersistentNetKeys(
|
||||
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
|
||||
allowLoadExisting = true)
|
||||
|
||||
of BNStartUpCmd.createTestnet:
|
||||
if config.netKeyFile == "random":
|
||||
fatal "Could not create testnet using `random` network key"
|
||||
quit QuitFailure
|
||||
|
||||
let keyPath =
|
||||
if isAbsolute(config.netKeyFile):
|
||||
config.netKeyFile
|
||||
rng.getPersistentNetKeys(
|
||||
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
|
||||
allowLoadExisting = false)
|
||||
else:
|
||||
config.dataDir / config.netKeyFile
|
||||
|
||||
let rres = PrivateKey.random(Secp256k1, rng)
|
||||
if rres.isErr():
|
||||
fatal "Could not generate random network key file"
|
||||
quit QuitFailure
|
||||
|
||||
let
|
||||
privKey = rres.get()
|
||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
||||
|
||||
# Insecure password used only for automated testing.
|
||||
let insecurePassword =
|
||||
if config.netKeyInsecurePassword:
|
||||
some(NetworkInsecureKeyPassword)
|
||||
else:
|
||||
none[string]()
|
||||
|
||||
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
|
||||
if sres.isErr():
|
||||
fatal "Could not create network key file", key_path = keyPath
|
||||
quit QuitFailure
|
||||
|
||||
info "New network key storage was created", key_path = keyPath,
|
||||
network_public_key = pubKey
|
||||
|
||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
||||
else:
|
||||
optimisticgetRandomNetKeys(rng)
|
||||
rng.getRandomNetKeys()
|
||||
|
||||
func gossipId(
|
||||
data: openArray[byte], altairPrefix, topic: string): seq[byte] =
|
||||
|
|
|
@ -75,7 +75,7 @@ programMain:
|
|||
genesisBlockRoot = get_initial_beacon_block(genesisState[]).root
|
||||
|
||||
rng = keys.newRng()
|
||||
netKeys = optimisticgetRandomNetKeys(rng[])
|
||||
netKeys = getRandomNetKeys(rng[])
|
||||
network = createEth2Node(
|
||||
rng, config, netKeys, cfg,
|
||||
forkDigests, getBeaconTime, genesis_validators_root)
|
||||
|
|
|
@ -639,7 +639,7 @@ proc mapErrTo*[T, E](r: Result[T, E], v: static KeystoreGenerationErrorKind):
|
|||
KeystoreGenerationError(kind: v, error: $e))
|
||||
|
||||
proc loadNetKeystore*(keystorePath: string,
|
||||
insecurePwd: Option[string]): Option[lcrypto.PrivateKey] =
|
||||
insecurePwd: Option[string]): Opt[lcrypto.PrivateKey] =
|
||||
|
||||
if not(checkSensitiveFilePermissions(keystorePath)):
|
||||
error "Network keystorage file has insecure permissions",
|
||||
|
@ -662,7 +662,7 @@ proc loadNetKeystore*(keystorePath: string,
|
|||
let decrypted = decryptNetKeystore(keyStore,
|
||||
KeystorePass.init(insecurePwd.get()))
|
||||
if decrypted.isOk:
|
||||
return some(decrypted.get())
|
||||
return ok(decrypted.get())
|
||||
else:
|
||||
error "Network keystore decryption failed", key_store = keystorePath
|
||||
return
|
||||
|
@ -676,7 +676,7 @@ proc loadNetKeystore*(keystorePath: string,
|
|||
decrypted
|
||||
)
|
||||
if res.isOk():
|
||||
some(res.get())
|
||||
ok(res.get())
|
||||
else:
|
||||
return
|
||||
|
||||
|
|
Loading…
Reference in New Issue