nimbus-eth2/tests/test_signing_node.nim

1310 lines
60 KiB
Nim

# nimbus_signing_node
# Copyright (c) 2023 Status Research & Development GmbH
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
import
std/algorithm,
presto, unittest2, chronicles, stew/[results, byteutils, io2],
chronos/asyncproc,
chronos/unittest2/asynctests,
../beacon_chain/spec/[signatures, crypto],
../beacon_chain/spec/eth2_apis/rest_remote_signer_calls,
../beacon_chain/filepath,
../beacon_chain/validators/validator_pool
from os import getEnv, osErrorMsg
{.used.}
const
TestDirectoryName = "test-signing-node"
TestDirectoryNameVerifyingWeb3Signer = "test-signing-node-verifying-web3signer"
ValidatorKeystore1 = "{\"crypto\":{\"kdf\":{\"function\":\"pbkdf2\",\"params\":{\"dklen\":32,\"c\":1,\"prf\":\"hmac-sha256\",\"salt\":\"040f3f4b9dfc4bdeb37de870cbaa83582f981f358e370f271c2945f2e6430aab\"},\"message\":\"\"},\"checksum\":{\"function\":\"sha256\",\"params\":{},\"message\":\"8b98b30b4e144dbbcc724e502ffecc67c33651aa49600e745e41f959e12abf37\"},\"cipher\":{\"function\":\"aes-128-ctr\",\"params\":{\"iv\":\"04f91a7eb3d6430a598255ea83621e78\"},\"message\":\"5c652e6cdd1215eb9203281e2446abc4d3e1bd50cb822583ce5c74570e9cab18\"}},\"pubkey\":\"99a8df087e253a874c3ca31e0d1115500a671ed8714800d503e99c2c887331a968a7fa7f0290c3a0698675eee138b407\",\"path\":\"m/12381/3600/161/0/0\",\"uuid\":\"81bec933-d928-4e7e-83da-54bbe37a4715\",\"version\":4}"
ValidatorKeystore2 = "{\"crypto\":{\"kdf\":{\"function\":\"pbkdf2\",\"params\":{\"dklen\":32,\"c\":1,\"prf\":\"hmac-sha256\",\"salt\":\"040f3f4b9dfc4bdeb37de870cbaa83582f981f358e370f271c2945f2e6430aab\"},\"message\":\"\"},\"checksum\":{\"function\":\"sha256\",\"params\":{},\"message\":\"2ecda276340c04cb92ce003db9cface0727905f0ba1aa9c60b101f478fca9a5e\"},\"cipher\":{\"function\":\"aes-128-ctr\",\"params\":{\"iv\":\"9d9d73af0031fd19e6833983557b2e30\"},\"message\":\"16d5f87e0675c95cb1e4fc209eea738d45c19b3c0f14088c9e140c573bce0253\"}},\"pubkey\":\"aa19751eb240a04a17b8720e2334acf1d78182ab496e77c51b3bb9e887d50295a478d499abcf6434efbc1aa4c4c4f352\",\"path\":\"m/12381/3600/232/0/0\",\"uuid\":\"291e837b-d8ff-494c-8c7b-7e6bab23b8bf\",\"version\":4}"
ValidatorKeystore3 = "{\"crypto\":{\"kdf\":{\"function\":\"pbkdf2\",\"params\":{\"dklen\":32,\"c\":1,\"prf\":\"hmac-sha256\",\"salt\":\"040f3f4b9dfc4bdeb37de870cbaa83582f981f358e370f271c2945f2e6430aab\"},\"message\":\"\"},\"checksum\":{\"function\":\"sha256\",\"params\":{},\"message\":\"a8c2333e787d65415a02d607c0ec774b654e5a67066e4bc379e2f3b7cf4c826a\"},\"cipher\":{\"function\":\"aes-128-ctr\",\"params\":{\"iv\":\"161171cb21c1c6ec20b15798f545fffc\"},\"message\":\"8ecb326d14dece099d4ba4800a5326324ccf3a8df38fd4aa37af02e8f0617da0\"}},\"pubkey\":\"acf31f9b1ecf65dbb198e380599b6c81fc1a1f5db4457482cc697d81b1fdfb6e49cf8eff4980477f6e32749eef61dc4d\",\"path\":\"m/12381/3600/36/0/0\",\"uuid\":\"420578fd-6832-4e79-a3db-ac0662ace13c\",\"version\":4}"
ValidatorKeystore4 = "{\"crypto\":{\"kdf\":{\"function\":\"pbkdf2\",\"params\":{\"dklen\":32,\"c\":1,\"prf\":\"hmac-sha256\",\"salt\":\"040f3f4b9dfc4bdeb37de870cbaa83582f981f358e370f271c2945f2e6430aab\"},\"message\":\"\"},\"checksum\":{\"function\":\"sha256\",\"params\":{},\"message\":\"ca3ab990616d81e77e89b14eb6f613c1f13056ef2d062259259d54c7a85d63c9\"},\"cipher\":{\"function\":\"aes-128-ctr\",\"params\":{\"iv\":\"d0096f545dcdb366ef3f86e609fc008e\"},\"message\":\"be2f4f3edde8ade888eb4b0211a00b0528ddc4fa68bb0e67c992a05518cd9d96\"}},\"pubkey\":\"a73469094bf134f32a4e91fce07101290c85ffb259f277c97308310ffd0ef1aa3bd90eea1a8217d060b727b7a0154c34\",\"path\":\"m/12381/3600/119/0/0\",\"uuid\":\"2e07f033-c1b6-4d5f-b448-d18caab93adc\",\"version\":4}"
KeystorePassword =
"1331CE70907C1F64745D47447CE378EEA6A95DB271CDA7E54D9D7AB52EE0E0A2"
ValidatorPrivateKey1 =
"0x151c2858787a50476b5107f64977bfaed5b925e9db38b2f5a6ed39c77159d7a6"
ValidatorPrivateKey2 =
"0x44e711335ab6981a92a8711cd68399b4d14da7105368fc26cd59520f69dd8e83"
ValidatorPrivateKey3 =
"0x47264627bb3d80ceab5d4de081418927837ce777434af2609c1106d0b5327cb5"
ValidatorPubKey1 =
"0x99a8df087e253a874c3ca31e0d1115500a671ed8714800d503e99c2c887331a968a7fa7f0290c3a0698675eee138b407"
ValidatorPubKey2 =
"0xaa19751eb240a04a17b8720e2334acf1d78182ab496e77c51b3bb9e887d50295a478d499abcf6434efbc1aa4c4c4f352"
ValidatorPubKey3 =
"0xacf31f9b1ecf65dbb198e380599b6c81fc1a1f5db4457482cc697d81b1fdfb6e49cf8eff4980477f6e32749eef61dc4d"
ValidatorPubKey4 =
"0xa73469094bf134f32a4e91fce07101290c85ffb259f277c97308310ffd0ef1aa3bd90eea1a8217d060b727b7a0154c34"
GenesisValidatorsRoot = Eth2Digest.fromHex(
"043db0d9a83813551ee2f33450d23797757d430911a9320530ad8a0eabc43efb")
GenesisForkVersion = Version(hexToByteArray[4]("00001020"))
SomeOtherRoot = Eth2Digest.fromHex(
"ccccccaaaaaaffffffeeeeee50d23797757d430911a9320530ad8a0eabc43efb")
SigningFork = Fork(
previous_version: Version(hexToByteArray[4]("00001020")),
current_version: Version(hexToByteArray[4]("00001020")),
epoch: Epoch(0'u64)
)
SomeSignature =
"0xb3baa751d0a9132cfe93e4e3d5ff9075111100e3789dca219ade5a24d27e19d16b3353149da1833e9b691bb38634e8dc04469be7032132906c927d7e1a49b414730612877bc6b2810c8f202daf793d1ab0d6b5cb21d52f9e52e883859887a5d9"
SigningExpectedFeeRecipient = "0x000095e79eac4d76aab57cb2c1f091d553b36ca0"
SigningOtherFeeRecipient = "0x000096e79eac4d76aab57cb2c1f091d553b36ca0"
AgAttestation = "{\"data\":{\"aggregation_bits\":\"0x01\",\"signature\":\"0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505\",\"data\":{\"slot\":\"1\",\"index\":\"1\",\"beacon_block_root\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\",\"source\":{\"epoch\":\"1\",\"root\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\"},\"target\":{\"epoch\":\"1\",\"root\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\"}}}}"
Phase0Block = "{\"version\":\"phase0\",\"data\":{\"slot\":\"1\",\"proposer_index\":\"1\",\"parent_root\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\",\"state_root\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\",\"body\":{\"randao_reveal\":\"0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505\",\"eth1_data\":{\"deposit_root\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\",\"deposit_count\":\"1\",\"block_hash\":\"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2\"},\"graffiti\":\"\",\"proposer_slashings\":[],\"attester_slashings\":[],\"attestations\":[],\"deposits\":[],\"voluntary_exits\":[]}}}"
AltairBlock = "{\"version\":\"altair\",\"data\":{\"slot\":\"5297696\",\"proposer_index\":\"153094\",\"parent_root\":\"0xe6106533af9be918120ead7440a8006c7f123cc3cb7daf1f11d951864abea014\",\"state_root\":\"0xf86196d34500ca25d1f4e7431d4d52f6f85540bcaf97dd0d2ad9ecdb3eebcdf0\",\"body\":{\"randao_reveal\":\"0xa7efee3d5ddceb60810b23e3b5d39734696418f41dfd13a0851c7be7a72acbdceaa61e1db27513801917d72519d1c1040ccfed829faf06abe06d9964949554bf4369134b66de715ea49eb4fecf3e2b7e646f1764a1993e31e53dbc6557929c12\",\"eth1_data\":{\"deposit_root\":\"0x8ec87d7219a3c873fff3bfe206b4f923d1b471ce4ff9d6d6ecc162ef07825e14\",\"deposit_count\":\"259476\",\"block_hash\":\"0x877b6f8332c7397251ff3f0c5cecec105ff7d4cb78251b47f91fd15a86a565ab\"},\"graffiti\":\"\",\"proposer_slashings\":[],\"attester_slashings\":[],\"attestations\":[],\"deposits\":[],\"voluntary_exits\":[],\"sync_aggregate\":{\"sync_committee_bits\":\"0x733dfda7f5ffde5ade73367fcbf7fffeef7fe43777ffdffab9dbad6f7eed5fff9bfec4affdefbfaddf35bf5efbff9ffff9dfd7dbf97fbfcdfaddfeffbf95f75f\",\"sync_committee_signature\":\"0x81fdf76e797f81b0116a1c1ae5200b613c8041115223cd89e8bd5477aab13de6097a9ebf42b130c59527bbb4c96811b809353a17c717549f82d4bd336068ef0b99b1feebd4d2432a69fa77fac12b78f1fcc9d7b59edbeb381adf10b15bc4a520\"}}}}"
BellatrixBlock = "{\"version\":\"bellatrix\",\"data\":{\"slot\":\"5297696\",\"proposer_index\":\"153094\",\"parent_root\":\"0xe6106533af9be918120ead7440a8006c7f123cc3cb7daf1f11d951864abea014\",\"state_root\":\"0xf86196d34500ca25d1f4e7431d4d52f6f85540bcaf97dd0d2ad9ecdb3eebcdf0\",\"body\":{\"randao_reveal\":\"0xa7efee3d5ddceb60810b23e3b5d39734696418f41dfd13a0851c7be7a72acbdceaa61e1db27513801917d72519d1c1040ccfed829faf06abe06d9964949554bf4369134b66de715ea49eb4fecf3e2b7e646f1764a1993e31e53dbc6557929c12\",\"eth1_data\":{\"deposit_root\":\"0x8ec87d7219a3c873fff3bfe206b4f923d1b471ce4ff9d6d6ecc162ef07825e14\",\"deposit_count\":\"259476\",\"block_hash\":\"0x877b6f8332c7397251ff3f0c5cecec105ff7d4cb78251b47f91fd15a86a565ab\"},\"graffiti\":\"\",\"proposer_slashings\":[],\"attester_slashings\":[],\"attestations\":[],\"deposits\":[],\"voluntary_exits\":[],\"sync_aggregate\":{\"sync_committee_bits\":\"0x733dfda7f5ffde5ade73367fcbf7fffeef7fe43777ffdffab9dbad6f7eed5fff9bfec4affdefbfaddf35bf5efbff9ffff9dfd7dbf97fbfcdfaddfeffbf95f75f\",\"sync_committee_signature\":\"0x81fdf76e797f81b0116a1c1ae5200b613c8041115223cd89e8bd5477aab13de6097a9ebf42b130c59527bbb4c96811b809353a17c717549f82d4bd336068ef0b99b1feebd4d2432a69fa77fac12b78f1fcc9d7b59edbeb381adf10b15bc4a520\"},\"execution_payload\":{\"parent_hash\":\"0x14c2242a8cfbce559e84c391f5f16d10d7719751b8558873012dc88ae5a193e8\",\"fee_recipient\":\"$1\",\"state_root\":\"0xdf8d96b2c292736d39e72e25802c2744d34d3d3c616de5b362425cab01f72fa5\",\"receipts_root\":\"0x4938a2bf640846d213b156a1a853548b369cd02917fa63d8766ab665d7930bac\",\"logs_bloom\":\"0x298610600038408c201080013832408850a00bc8f801920121840030a015310010e2a0e0108628110552062811441c84802f43825c4fc82140b036c58025a28800054c80a44025c052090a0f2c209a0400058040019ea0008e589084078048050880930113a2894082e0112408b088382402a851621042212aa40018a408d07e178c68691486411aa9a2809043b000a04c040000065a030028018540b04b1820271d00821b00c29059095022322c10a530060223240416140190056608200063c82248274ba8f0098e402041cd9f451031481a1010b8220824833520490221071898802d206348449116812280014a10a2d1c210100a30010802490f0a221849\",\"prev_randao\":\"0xc061711e135cd40531ec3ee29d17d3824c0e5f80d07f721e792ab83240aa0ab5\",\"block_number\":\"8737497\",\"gas_limit\":\"30000000\",\"gas_used\":\"16367052\",\"timestamp\":\"1680080352\",\"extra_data\":\"0xd883010b05846765746888676f312e32302e32856c696e7578\",\"base_fee_per_gas\":\"231613172261\",\"block_hash\":\"0x5aa9fd22a9238925adb2b038fd6eafc77adabf554051db5bc16ae5168a52eff6\",\"transactions\":[],\"withdrawals\":[]}}}}"
CapellaBlock = "{\"version\":\"capella\",\"data\":{\"slot\":\"5297696\",\"proposer_index\":\"153094\",\"parent_root\":\"0xe6106533af9be918120ead7440a8006c7f123cc3cb7daf1f11d951864abea014\",\"state_root\":\"0xf86196d34500ca25d1f4e7431d4d52f6f85540bcaf97dd0d2ad9ecdb3eebcdf0\",\"body\":{\"randao_reveal\":\"0xa7efee3d5ddceb60810b23e3b5d39734696418f41dfd13a0851c7be7a72acbdceaa61e1db27513801917d72519d1c1040ccfed829faf06abe06d9964949554bf4369134b66de715ea49eb4fecf3e2b7e646f1764a1993e31e53dbc6557929c12\",\"eth1_data\":{\"deposit_root\":\"0x8ec87d7219a3c873fff3bfe206b4f923d1b471ce4ff9d6d6ecc162ef07825e14\",\"deposit_count\":\"259476\",\"block_hash\":\"0x877b6f8332c7397251ff3f0c5cecec105ff7d4cb78251b47f91fd15a86a565ab\"},\"graffiti\":\"\",\"proposer_slashings\":[],\"attester_slashings\":[],\"attestations\":[],\"deposits\":[],\"voluntary_exits\":[],\"sync_aggregate\":{\"sync_committee_bits\":\"0x733dfda7f5ffde5ade73367fcbf7fffeef7fe43777ffdffab9dbad6f7eed5fff9bfec4affdefbfaddf35bf5efbff9ffff9dfd7dbf97fbfcdfaddfeffbf95f75f\",\"sync_committee_signature\":\"0x81fdf76e797f81b0116a1c1ae5200b613c8041115223cd89e8bd5477aab13de6097a9ebf42b130c59527bbb4c96811b809353a17c717549f82d4bd336068ef0b99b1feebd4d2432a69fa77fac12b78f1fcc9d7b59edbeb381adf10b15bc4a520\"},\"execution_payload\":{\"parent_hash\":\"0x14c2242a8cfbce559e84c391f5f16d10d7719751b8558873012dc88ae5a193e8\",\"fee_recipient\":\"$1\",\"state_root\":\"0xdf8d96b2c292736d39e72e25802c2744d34d3d3c616de5b362425cab01f72fa5\",\"receipts_root\":\"0x4938a2bf640846d213b156a1a853548b369cd02917fa63d8766ab665d7930bac\",\"logs_bloom\":\"0x298610600038408c201080013832408850a00bc8f801920121840030a015310010e2a0e0108628110552062811441c84802f43825c4fc82140b036c58025a28800054c80a44025c052090a0f2c209a0400058040019ea0008e589084078048050880930113a2894082e0112408b088382402a851621042212aa40018a408d07e178c68691486411aa9a2809043b000a04c040000065a030028018540b04b1820271d00821b00c29059095022322c10a530060223240416140190056608200063c82248274ba8f0098e402041cd9f451031481a1010b8220824833520490221071898802d206348449116812280014a10a2d1c210100a30010802490f0a221849\",\"prev_randao\":\"0xc061711e135cd40531ec3ee29d17d3824c0e5f80d07f721e792ab83240aa0ab5\",\"block_number\":\"8737497\",\"gas_limit\":\"30000000\",\"gas_used\":\"16367052\",\"timestamp\":\"1680080352\",\"extra_data\":\"0xd883010b05846765746888676f312e32302e32856c696e7578\",\"base_fee_per_gas\":\"231613172261\",\"block_hash\":\"0x5aa9fd22a9238925adb2b038fd6eafc77adabf554051db5bc16ae5168a52eff6\",\"transactions\":[],\"withdrawals\":[]},\"bls_to_execution_changes\":[]}}}"
DenebBlockContents = "{\"version\":\"deneb\",\"data\":{\"block\":{\"slot\":\"5297696\",\"proposer_index\":\"153094\",\"parent_root\":\"0xe6106533af9be918120ead7440a8006c7f123cc3cb7daf1f11d951864abea014\",\"state_root\":\"0xf86196d34500ca25d1f4e7431d4d52f6f85540bcaf97dd0d2ad9ecdb3eebcdf0\",\"body\":{\"randao_reveal\":\"0xa7efee3d5ddceb60810b23e3b5d39734696418f41dfd13a0851c7be7a72acbdceaa61e1db27513801917d72519d1c1040ccfed829faf06abe06d9964949554bf4369134b66de715ea49eb4fecf3e2b7e646f1764a1993e31e53dbc6557929c12\",\"eth1_data\":{\"deposit_root\":\"0x8ec87d7219a3c873fff3bfe206b4f923d1b471ce4ff9d6d6ecc162ef07825e14\",\"deposit_count\":\"259476\",\"block_hash\":\"0x877b6f8332c7397251ff3f0c5cecec105ff7d4cb78251b47f91fd15a86a565ab\"},\"graffiti\":\"\",\"proposer_slashings\":[],\"attester_slashings\":[],\"attestations\":[],\"deposits\":[],\"voluntary_exits\":[],\"sync_aggregate\":{\"sync_committee_bits\":\"0x733dfda7f5ffde5ade73367fcbf7fffeef7fe43777ffdffab9dbad6f7eed5fff9bfec4affdefbfaddf35bf5efbff9ffff9dfd7dbf97fbfcdfaddfeffbf95f75f\",\"sync_committee_signature\":\"0x81fdf76e797f81b0116a1c1ae5200b613c8041115223cd89e8bd5477aab13de6097a9ebf42b130c59527bbb4c96811b809353a17c717549f82d4bd336068ef0b99b1feebd4d2432a69fa77fac12b78f1fcc9d7b59edbeb381adf10b15bc4a520\"},\"execution_payload\":{\"parent_hash\":\"0x14c2242a8cfbce559e84c391f5f16d10d7719751b8558873012dc88ae5a193e8\",\"fee_recipient\":\"$1\",\"state_root\":\"0xdf8d96b2c292736d39e72e25802c2744d34d3d3c616de5b362425cab01f72fa5\",\"receipts_root\":\"0x4938a2bf640846d213b156a1a853548b369cd02917fa63d8766ab665d7930bac\",\"logs_bloom\":\"0x298610600038408c201080013832408850a00bc8f801920121840030a015310010e2a0e0108628110552062811441c84802f43825c4fc82140b036c58025a28800054c80a44025c052090a0f2c209a0400058040019ea0008e589084078048050880930113a2894082e0112408b088382402a851621042212aa40018a408d07e178c68691486411aa9a2809043b000a04c040000065a030028018540b04b1820271d00821b00c29059095022322c10a530060223240416140190056608200063c82248274ba8f0098e402041cd9f451031481a1010b8220824833520490221071898802d206348449116812280014a10a2d1c210100a30010802490f0a221849\",\"prev_randao\":\"0xc061711e135cd40531ec3ee29d17d3824c0e5f80d07f721e792ab83240aa0ab5\",\"block_number\":\"8737497\",\"gas_limit\":\"30000000\",\"gas_used\":\"16367052\",\"timestamp\":\"1680080352\",\"extra_data\":\"0xd883010b05846765746888676f312e32302e32856c696e7578\",\"base_fee_per_gas\":\"231613172261\",\"block_hash\":\"0x5aa9fd22a9238925adb2b038fd6eafc77adabf554051db5bc16ae5168a52eff6\",\"transactions\":[],\"withdrawals\":[],\"blob_gas_used\":\"2316131761\",\"excess_blob_gas\":\"231613172261\"},\"bls_to_execution_changes\":[],\"blob_kzg_commitments\":[]}},\"blob_sidecars\":[]}}"
SigningNodeAddress = "127.0.0.1"
defaultSigningNodePort = 35333
SigningRequestTimeoutSeconds = 1
type
SigningProcess = object
process: AsyncProcessRef
reader: Future[seq[byte]]
proc getNodePort(basePort: int, rt: RemoteSignerType): int =
# Individual port numbers derived by adding to configurable base port
case rt
of RemoteSignerType.Web3Signer:
basePort
of RemoteSignerType.VerifyingWeb3Signer:
basePort + 1
func init(T: type ForkedBeaconBlock, contents: ProduceBlockResponseV2): T =
case contents.kind
of ConsensusFork.Phase0:
return ForkedBeaconBlock.init(contents.phase0Data)
of ConsensusFork.Altair:
return ForkedBeaconBlock.init(contents.altairData)
of ConsensusFork.Bellatrix:
return ForkedBeaconBlock.init(contents.bellatrixData)
of ConsensusFork.Capella:
return ForkedBeaconBlock.init(contents.capellaData)
of ConsensusFork.Deneb:
return ForkedBeaconBlock.init(contents.denebData.block)
proc getBlock(fork: ConsensusFork,
feeRecipient = SigningExpectedFeeRecipient): ForkedBeaconBlock =
let
blckData =
case fork
of ConsensusFork.Phase0: Phase0Block
of ConsensusFork.Altair: AltairBlock
of ConsensusFork.Bellatrix: BellatrixBlock % [feeRecipient]
of ConsensusFork.Capella: CapellaBlock % [feeRecipient]
of ConsensusFork.Deneb: DenebBlockContents % [feeRecipient]
contentType = ContentTypeData(
mediaType: MediaType.init("application/json"))
let b = decodeBytes(ProduceBlockResponseV2,
blckData.toOpenArrayByte(0, len(blckData) - 1),
Opt.some(contentType),
$fork).tryGet()
ForkedBeaconBlock.init(b)
proc init(t: typedesc[Web3SignerForkedBeaconBlock],
forked: ForkedBeaconBlock): Web3SignerForkedBeaconBlock =
case forked.kind
of ConsensusFork.Phase0, ConsensusFork.Altair:
raiseAssert "supports Bellatrix and later forks"
of ConsensusFork.Bellatrix:
Web3SignerForkedBeaconBlock(
kind: ConsensusFork.Bellatrix,
data: forked.bellatrixData.toBeaconBlockHeader)
of ConsensusFork.Capella:
Web3SignerForkedBeaconBlock(
kind: ConsensusFork.Capella,
data: forked.capellaData.toBeaconBlockHeader)
of ConsensusFork.Deneb:
Web3SignerForkedBeaconBlock(
kind: ConsensusFork.Deneb,
data: forked.denebData.toBeaconBlockHeader)
proc createKeystore(dataDir, pubkey,
store, password: string): Result[void, string] =
let
validatorsDir = dataDir & DirSep & "validators"
keystoreDir = validatorsDir & DirSep & pubkey
keystoreFile = keystoreDir & DirSep & "keystore.json"
secretsDir = dataDir & DirSep & "secrets"
secretFile = secretsDir & DirSep & pubkey
if not(isDir(dataDir)):
let res = secureCreatePath(dataDir)
if res.isErr(): return err(ioErrorMsg(res.error))
if not(isDir(validatorsDir)):
let res = secureCreatePath(validatorsDir)
if res.isErr(): return err(ioErrorMsg(res.error))
if not(isDir(secretsDir)):
let res = secureCreatePath(secretsDir)
if res.isErr(): return err(ioErrorMsg(res.error))
if not(isDir(keystoreDir)):
let res = secureCreatePath(keystoreDir)
if res.isErr(): return err(ioErrorMsg(res.error))
block:
let res = secureWriteFile(keystoreFile,
store.toOpenArrayByte(0, len(store) - 1))
if res.isErr(): return err(ioErrorMsg(res.error))
block:
let res = secureWriteFile(secretFile,
password.toOpenArrayByte(0, len(password) - 1))
if res.isErr(): return err(ioErrorMsg(res.error))
ok()
proc removeKeystore(dataDir, pubkey: string) =
let
validatorsDir = dataDir & DirSep & "validators"
keystoreDir = validatorsDir & DirSep & pubkey
keystoreFile = keystoreDir & DirSep & "keystore.json"
secretsDir = dataDir & DirSep & "secrets"
secretFile = secretsDir & DirSep & pubkey
discard removeFile(secretFile)
discard removeFile(keystoreFile)
discard removeDir(keystoreDir)
discard removeDir(validatorsDir)
discard removeDir(secretsDir)
proc createDataDir(pathName: string): Result[void, string] =
? createKeystore(pathName, ValidatorPubKey1, ValidatorKeystore1,
KeystorePassword)
? createKeystore(pathName, ValidatorPubKey2, ValidatorKeystore2,
KeystorePassword)
? createKeystore(pathName, ValidatorPubKey3, ValidatorKeystore3,
KeystorePassword)
ok()
proc getTestDir(rt: RemoteSignerType): string =
case rt
of RemoteSignerType.Web3Signer:
TestDirectoryName
of RemoteSignerType.VerifyingWeb3Signer:
TestDirectoryNameVerifyingWeb3Signer
proc createTestDir(rt: RemoteSignerType): Result[void, string] =
let
pathName = getTestDir(rt)
signingDir = pathName & DirSep & "signing-node"
if not(isDir(pathName)):
let res = secureCreatePath(pathName)
if res.isErr(): return err(ioErrorMsg(res.error))
createDataDir(signingDir)
proc createAdditionalKeystore(rt: RemoteSignerType): Result[void, string] =
let signingDir = getTestDir(rt) & DirSep & "signing-node"
createKeystore(signingDir, ValidatorPubKey4, ValidatorKeystore4,
KeystorePassword)
proc removeTestDir(rt: RemoteSignerType) =
let
pathName = getTestDir(rt)
signingDir = pathName & DirSep & "signing-node"
# signing-node cleanup
removeKeystore(signingDir, ValidatorPubKey1)
removeKeystore(signingDir, ValidatorPubKey2)
removeKeystore(signingDir, ValidatorPubKey3)
removeKeystore(signingDir, ValidatorPubKey4)
discard removeDir(signingDir)
discard removeDir(pathName)
proc getPrivateKey(data: string): Result[ValidatorPrivKey, string] =
var key: blscurve.SecretKey
if fromHex(key, data):
ok(ValidatorPrivKey(key))
else:
err("Unable to initialize private key")
proc getLocalKeystoreData(data: string): Result[KeystoreData, string] =
let privateKey =
block:
var key: blscurve.SecretKey
if not(fromHex(key, data)):
return err("Unable to initialize private key")
ValidatorPrivKey(key)
ok KeystoreData(
kind: KeystoreKind.Local,
privateKey: privateKey,
version: uint64(4),
pubkey: privateKey.toPubKey().toPubKey())
proc getRemoteKeystoreData(data: string, basePort: int,
rt: RemoteSignerType): Result[KeystoreData, string] =
let
publicKey = ValidatorPubKey.fromHex(data).valueOr:
return err("Invalid public key")
info = RemoteSignerInfo(
url: HttpHostUri(parseUri("http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, rt))),
pubkey: publicKey
)
ok case rt
of RemoteSignerType.Web3Signer:
KeystoreData(
kind: KeystoreKind.Remote,
remoteType: RemoteSignerType.Web3Signer,
version: uint64(4),
pubkey: publicKey,
remotes: @[info])
of RemoteSignerType.VerifyingWeb3Signer:
KeystoreData(
kind: KeystoreKind.Remote,
remoteType: RemoteSignerType.VerifyingWeb3Signer,
provenBlockProperties: @[
ProvenProperty(
path: ".execution_payload.fee_recipient",
denebIndex: some GeneralizedIndex(801),
capellaIndex: some GeneralizedIndex(401),
bellatrixIndex: some GeneralizedIndex(401)
)
],
version: uint64(4),
pubkey: publicKey,
remotes: @[info])
proc spawnSigningNodeProcess(
basePort: int, rt: RemoteSignerType): Future[SigningProcess] {.async.} =
let arguments =
case rt
of RemoteSignerType.Web3Signer:
@[
"--non-interactive=true",
"--log-level=DEBUG",
"--data-dir=" & getTestDir(rt) & "/signing-node",
"--bind-address=" & SigningNodeAddress,
"--bind-port=" & $getNodePort(basePort, rt),
"--request-timeout=" & $SigningRequestTimeoutSeconds
# we make so low `timeout` to test connection pool.
]
of RemoteSignerType.VerifyingWeb3Signer:
@[
"--non-interactive=true",
"--log-level=DEBUG",
"--data-dir=" & getTestDir(rt) & "/signing-node",
"--bind-address=" & SigningNodeAddress,
"--bind-port=" & $getNodePort(basePort, rt),
"--expected-fee-recipient=" & $SigningExpectedFeeRecipient,
"--request-timeout=" & $SigningRequestTimeoutSeconds
# we make so low `timeout` to test connection pool.
]
let res =
await startProcess("build/nimbus_signing_node",
arguments = arguments,
options = {AsyncProcessOption.StdErrToStdOut},
stdoutHandle = AsyncProcess.Pipe)
SigningProcess(
process: res, reader: res.stdoutStream.read()
)
proc shutdownSigningNodeProcess(sp: SigningProcess) {.async.} =
let resultCode =
block:
var rescode: Opt[int]
for i in 1 .. 10:
if sp.process.running().get(true):
let res = sp.process.kill()
if res.isErr():
echo "Unable to kill `nimbus_signing_node` process [",
sp.process.pid(), "], reason = ",
"[", int(res.error), "] ", osErrorMsg(res.error)
else:
let res = sp.process.peekExitCode()
if res.isErr():
echo "Unable to peek exit code for `nimbus_signing_node` process [",
sp.process.pid(), "], reason =",
"[", int(res.error), "] ", osErrorMsg(res.error)
else:
rescode = Opt.some(res.get())
break
try:
let res = await sp.process.waitForExit().wait(1.seconds)
rescode = Opt.some(res)
break
except AsyncTimeoutError:
echo "Timeout exceeded while waiting for `nimbus_signing_node` ",
"process [", sp.process.pid(), "]"
rescode
if resultCode.isSome():
await allFutures(sp.reader)
let data = sp.reader.read()
echo ""
echo "===== `nimbus_signing_node` process [", sp.process.pid(),
"] exited with [", resultCode.get(), "] ====="
echo bytesToString(data)
else:
echo ""
echo "Unable to terminate `nimbus_signing_node` process [",
sp.process.pid(), "]"
let
basePortStr =
os.getEnv("NIMBUS_TEST_SIGNING_NODE_BASE_PORT", $defaultSigningNodePort)
basePort =
try:
let val = parseInt(basePortStr)
if val < 0 or val > (uint16.high.int - RemoteSignerType.high.ord):
fatal "Invalid base port arg", basePort = basePortStr
quit 1
val
except ValueError as exc:
fatal "Invalid base port arg", basePort = basePortStr, exc = exc.msg
quit 1
block:
let res = createTestDir(RemoteSignerType.Web3Signer)
doAssert(res.isOk())
let process = waitFor(spawnSigningNodeProcess(
basePort, RemoteSignerType.Web3Signer))
suite "Nimbus remote signer/signing test (web3signer)":
setup:
let pool1 = newClone(default(ValidatorPool))
let
validator1 = pool1[].addValidator(
getLocalKeystoreData(ValidatorPrivateKey1).get(),
default(Eth1Address), 300_000_000'u64
)
validator2 = pool1[].addValidator(
getLocalKeystoreData(ValidatorPrivateKey2).get(),
default(Eth1Address), 300_000_000'u64
)
validator3 = pool1[].addValidator(
getLocalKeystoreData(ValidatorPrivateKey3).get(),
default(Eth1Address), 300_000_000'u64
)
validator1.index = Opt.some(ValidatorIndex(100))
validator2.index = Opt.some(ValidatorIndex(101))
validator3.index = Opt.some(ValidatorIndex(102))
let pool2 = newClone(default(ValidatorPool))
let validator4 = pool2[].addValidator(
getRemoteKeystoreData(ValidatorPubKey1, basePort,
RemoteSignerType.Web3Signer).get(),
default(Eth1Address), 300_000_000'u64
)
let validator5 = pool2[].addValidator(
getRemoteKeystoreData(ValidatorPubKey2, basePort,
RemoteSignerType.Web3Signer).get(),
default(Eth1Address), 300_000_000'u64
)
let validator6 = pool2[].addValidator(
getRemoteKeystoreData(ValidatorPubKey3, basePort,
RemoteSignerType.Web3Signer).get(),
default(Eth1Address), 300_000_000'u64
)
validator4.index = Opt.some(ValidatorIndex(100))
validator5.index = Opt.some(ValidatorIndex(101))
validator6.index = Opt.some(ValidatorIndex(102))
asyncTest "Waiting for signing node (/upcheck) test":
let
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.Web3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
check rclient.isOk()
let client = rclient.get()
var attempts = 0
while attempts < 3:
let loopBreak =
try:
let response = await client.getUpcheck()
check:
response.status == 200
response.data.status == "OK"
true
except CatchableError:
inc(attempts)
false
if loopBreak:
break
await sleepAsync(500.milliseconds)
await client.closeWait()
asyncTest "Public keys enumeration (/api/v1/eth2/publicKeys) test":
let
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.Web3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
check rclient.isOk()
let client = rclient.get()
try:
let response = await client.getKeys()
check:
response.status == 200
len(response.data) == 3
let
received = sorted([
"0x" & response.data[0].toHex(),
"0x" & response.data[1].toHex(),
"0x" & response.data[2].toHex()
])
expected = sorted([
ValidatorPubKey1,
ValidatorPubKey2,
ValidatorPubKey3
])
check received == expected
finally:
await client.closeWait()
asyncTest "Signing aggregation slot (getSlotSignature())":
let
sres1 =
await validator1.getSlotSignature(SigningFork,
GenesisValidatorsRoot, Slot(10))
sres2 =
await validator2.getSlotSignature(SigningFork,
GenesisValidatorsRoot, Slot(100))
sres3 =
await validator3.getSlotSignature(SigningFork,
GenesisValidatorsRoot, Slot(1000))
rres1 =
await validator4.getSlotSignature(SigningFork,
GenesisValidatorsRoot, Slot(10))
rres2 =
await validator5.getSlotSignature(SigningFork,
GenesisValidatorsRoot, Slot(100))
rres3 =
await validator6.getSlotSignature(SigningFork,
GenesisValidatorsRoot, Slot(1000))
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing randao reveal (getEpochSignature())":
let
sres1 =
await validator1.getEpochSignature(SigningFork,
GenesisValidatorsRoot, Epoch(10))
sres2 =
await validator2.getEpochSignature(SigningFork,
GenesisValidatorsRoot, Epoch(100))
sres3 =
await validator3.getEpochSignature(SigningFork,
GenesisValidatorsRoot, Epoch(1000))
rres1 =
await validator4.getEpochSignature(SigningFork,
GenesisValidatorsRoot, Epoch(10))
rres2 =
await validator5.getEpochSignature(SigningFork,
GenesisValidatorsRoot, Epoch(100))
rres3 =
await validator6.getEpochSignature(SigningFork,
GenesisValidatorsRoot, Epoch(1000))
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing SC message (getSyncCommitteeMessage())":
let
sres1 =
await validator1.getSyncCommitteeMessage(SigningFork,
GenesisValidatorsRoot, Slot(10), SomeOtherRoot)
sres2 =
await validator2.getSyncCommitteeMessage(SigningFork,
GenesisValidatorsRoot, Slot(100), SomeOtherRoot)
sres3 =
await validator3.getSyncCommitteeMessage(SigningFork,
GenesisValidatorsRoot, Slot(1000), SomeOtherRoot)
rres1 =
await validator4.getSyncCommitteeMessage(SigningFork,
GenesisValidatorsRoot, Slot(10), SomeOtherRoot)
rres2 =
await validator5.getSyncCommitteeMessage(SigningFork,
GenesisValidatorsRoot, Slot(100), SomeOtherRoot)
rres3 =
await validator6.getSyncCommitteeMessage(SigningFork,
GenesisValidatorsRoot, Slot(1000), SomeOtherRoot)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing SC selection proof " &
"(getSyncCommitteeSelectionProof())":
let
sres1 =
await validator1.getSyncCommitteeSelectionProof(SigningFork,
GenesisValidatorsRoot, Slot(10), SyncSubcommitteeIndex(1))
sres2 =
await validator2.getSyncCommitteeSelectionProof(SigningFork,
GenesisValidatorsRoot, Slot(100), SyncSubcommitteeIndex(2))
sres3 =
await validator3.getSyncCommitteeSelectionProof(SigningFork,
GenesisValidatorsRoot, Slot(1000), SyncSubcommitteeIndex(3))
rres1 =
await validator4.getSyncCommitteeSelectionProof(SigningFork,
GenesisValidatorsRoot, Slot(10), SyncSubcommitteeIndex(1))
rres2 =
await validator5.getSyncCommitteeSelectionProof(SigningFork,
GenesisValidatorsRoot, Slot(100), SyncSubcommitteeIndex(2))
rres3 =
await validator6.getSyncCommitteeSelectionProof(SigningFork,
GenesisValidatorsRoot, Slot(1000), SyncSubcommitteeIndex(3))
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing SC contribution and proof " &
"(getContributionAndProofSignature())":
let
conProof = default(ContributionAndProof)
sres1 =
await validator1.getContributionAndProofSignature(SigningFork,
GenesisValidatorsRoot, conProof)
sres2 =
await validator2.getContributionAndProofSignature(SigningFork,
GenesisValidatorsRoot, conProof)
sres3 =
await validator3.getContributionAndProofSignature(SigningFork,
GenesisValidatorsRoot, conProof)
rres1 =
await validator4.getContributionAndProofSignature(SigningFork,
GenesisValidatorsRoot, conProof)
rres2 =
await validator5.getContributionAndProofSignature(SigningFork,
GenesisValidatorsRoot, conProof)
rres3 =
await validator6.getContributionAndProofSignature(SigningFork,
GenesisValidatorsRoot, conProof)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing attestation (getAttestationSignature())":
let
adata = default(AttestationData)
sres1 =
await validator1.getAttestationSignature(SigningFork,
GenesisValidatorsRoot, adata)
sres2 =
await validator2.getAttestationSignature(SigningFork,
GenesisValidatorsRoot, adata)
sres3 =
await validator3.getAttestationSignature(SigningFork,
GenesisValidatorsRoot, adata)
rres1 =
await validator4.getAttestationSignature(SigningFork,
GenesisValidatorsRoot, adata)
rres2 =
await validator5.getAttestationSignature(SigningFork,
GenesisValidatorsRoot, adata)
rres3 =
await validator6.getAttestationSignature(SigningFork,
GenesisValidatorsRoot, adata)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing aggregate and proof (getAggregateAndProofSignature())":
let
contentType = ContentTypeData(
mediaType: MediaType.init("application/json"))
agAttestation = decodeBytes(
GetAggregatedAttestationResponse,
AgAttestation.toOpenArrayByte(0, len(AgAttestation) - 1),
Opt.some(contentType)).tryGet().data
agProof = AggregateAndProof(
aggregator_index: 1'u64,
aggregate: agAttestation,
selection_proof: ValidatorSig.fromHex(SomeSignature).get())
sres1 =
await validator1.getAggregateAndProofSignature(SigningFork,
GenesisValidatorsRoot, agProof)
sres2 =
await validator2.getAggregateAndProofSignature(SigningFork,
GenesisValidatorsRoot, agProof)
sres3 =
await validator3.getAggregateAndProofSignature(SigningFork,
GenesisValidatorsRoot, agProof)
rres1 =
await validator4.getAggregateAndProofSignature(SigningFork,
GenesisValidatorsRoot, agProof)
rres2 =
await validator5.getAggregateAndProofSignature(SigningFork,
GenesisValidatorsRoot, agProof)
rres3 =
await validator6.getAggregateAndProofSignature(SigningFork,
GenesisValidatorsRoot, agProof)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing validator registration (getBuilderSignature())":
let
vdata = default(ValidatorRegistrationV1)
sres1 = await validator1.getBuilderSignature(SigningFork, vdata)
sres2 = await validator2.getBuilderSignature(SigningFork, vdata)
sres3 = await validator3.getBuilderSignature(SigningFork, vdata)
rres1 = await validator4.getBuilderSignature(SigningFork, vdata)
rres2 = await validator5.getBuilderSignature(SigningFork, vdata)
rres3 = await validator6.getBuilderSignature(SigningFork, vdata)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing voluntary exit (getValidatorExitSignature())":
let
voluntaryExit = default(VoluntaryExit)
sres1 =
await validator1.getValidatorExitSignature(SigningFork,
GenesisValidatorsRoot, voluntaryExit)
sres2 =
await validator2.getValidatorExitSignature(SigningFork,
GenesisValidatorsRoot, voluntaryExit)
sres3 =
await validator3.getValidatorExitSignature(SigningFork,
GenesisValidatorsRoot, voluntaryExit)
rres1 =
await validator4.getValidatorExitSignature(SigningFork,
GenesisValidatorsRoot, voluntaryExit)
rres2 =
await validator5.getValidatorExitSignature(SigningFork,
GenesisValidatorsRoot, voluntaryExit)
rres3 =
await validator6.getValidatorExitSignature(SigningFork,
GenesisValidatorsRoot, voluntaryExit)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing deposit message (getDepositMessageSignature())":
let
depositMessage = default(DepositMessage)
sres1 =
await validator1.getDepositMessageSignature(GenesisForkVersion,
depositMessage)
sres2 =
await validator2.getDepositMessageSignature(GenesisForkVersion,
depositMessage)
sres3 =
await validator3.getDepositMessageSignature(GenesisForkVersion,
depositMessage)
rres1 =
await validator4.getDepositMessageSignature(GenesisForkVersion,
depositMessage)
rres2 =
await validator5.getDepositMessageSignature(GenesisForkVersion,
depositMessage)
rres3 =
await validator6.getDepositMessageSignature(GenesisForkVersion,
depositMessage)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing BeaconBlock (getBlockSignature(bellatrix))":
let
forked = getBlock(ConsensusFork.Bellatrix)
blockRoot = withBlck(forked): hash_tree_root(blck)
sres1 =
await validator1.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
sres2 =
await validator2.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
sres3 =
await validator3.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing BeaconBlock (getBlockSignature(capella))":
let
forked = getBlock(ConsensusFork.Capella)
blockRoot = withBlck(forked): hash_tree_root(blck)
sres1 =
await validator1.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
sres2 =
await validator2.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
sres3 =
await validator3.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Signing BeaconBlock (getBlockSignature(deneb))":
let
forked = getBlock(ConsensusFork.Deneb)
blockRoot = withBlck(forked): hash_tree_root(blck)
sres1 =
await validator1.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
sres2 =
await validator2.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
sres3 =
await validator3.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
rres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot, forked)
check:
sres1.isOk()
sres2.isOk()
sres3.isOk()
rres1.isOk()
rres2.isOk()
rres3.isOk()
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
asyncTest "Connection timeout test":
let
request = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Epoch(10))
deadline = newFuture[void]()
(client, info) = validator4.clients[0]
deadline.complete()
let res = await client.signData(info.pubkey, deadline, 1, request)
check:
res.isErr()
res.error.kind == Web3SignerErrorKind.TimeoutError
asyncTest "Public keys reload (/reload) test":
let
res = createAdditionalKeystore(RemoteSignerType.Web3Signer)
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.Web3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
check:
res.isOk()
rclient.isOk()
let client = rclient.get()
check res.isOk()
try:
block:
let response = await client.reload()
check response.status == 200
block:
let response = await client.getKeys()
check:
response.status == 200
len(response.data) == 4
let
received = sorted([
"0x" & response.data[0].toHex(),
"0x" & response.data[1].toHex(),
"0x" & response.data[2].toHex(),
"0x" & response.data[3].toHex()
])
expected = sorted([
ValidatorPubKey1,
ValidatorPubKey2,
ValidatorPubKey3,
ValidatorPubKey4
])
check received == expected
finally:
await client.closeWait()
waitFor(shutdownSigningNodeProcess(process))
removeTestDir(RemoteSignerType.Web3Signer)
block:
let res = createTestDir(RemoteSignerType.VerifyingWeb3Signer)
doAssert(res.isOk())
let process = waitFor(spawnSigningNodeProcess(
basePort, RemoteSignerType.VerifyingWeb3Signer))
suite "Nimbus remote signer/signing test (verifying-web3signer)":
setup:
let pool1 = newClone(default(ValidatorPool))
let
validator1 = pool1[].addValidator(
getLocalKeystoreData(ValidatorPrivateKey1).get(),
default(Eth1Address), 300_000_000'u64
)
validator2 = pool1[].addValidator(
getLocalKeystoreData(ValidatorPrivateKey2).get(),
default(Eth1Address), 300_000_000'u64
)
validator3 = pool1[].addValidator(
getLocalKeystoreData(ValidatorPrivateKey3).get(),
default(Eth1Address), 300_000_000'u64
)
validator1.index = Opt.some(ValidatorIndex(100))
validator2.index = Opt.some(ValidatorIndex(101))
validator3.index = Opt.some(ValidatorIndex(102))
let pool2 = newClone(default(ValidatorPool))
let validator4 = pool2[].addValidator(
getRemoteKeystoreData(ValidatorPubKey1, basePort,
RemoteSignerType.VerifyingWeb3Signer).get(),
default(Eth1Address), 300_000_000'u64
)
let validator5 = pool2[].addValidator(
getRemoteKeystoreData(ValidatorPubKey2, basePort,
RemoteSignerType.VerifyingWeb3Signer).get(),
default(Eth1Address), 300_000_000'u64
)
let validator6 = pool2[].addValidator(
getRemoteKeystoreData(ValidatorPubKey3, basePort,
RemoteSignerType.VerifyingWeb3Signer).get(),
default(Eth1Address), 300_000_000'u64
)
validator4.index = Opt.some(ValidatorIndex(100))
validator5.index = Opt.some(ValidatorIndex(101))
validator6.index = Opt.some(ValidatorIndex(102))
asyncTest "Waiting for signing node (/upcheck) test":
let
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.VerifyingWeb3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
check rclient.isOk()
let client = rclient.get()
var attempts = 0
while attempts < 3:
let loopBreak =
try:
let response = await client.getUpcheck()
check:
response.status == 200
response.data.status == "OK"
true
except CatchableError:
inc(attempts)
false
if loopBreak:
break
await sleepAsync(500.milliseconds)
await client.closeWait()
asyncTest "Signing BeaconBlock (getBlockSignature(bellatrix))":
let
fork = ConsensusFork.Bellatrix
forked1 = getBlock(fork)
blockRoot1 = withBlck(forked1): hash_tree_root(blck)
forked2 = getBlock(fork, SigningOtherFeeRecipient)
blockRoot2 = withBlck(forked2): hash_tree_root(blck)
request1 = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Web3SignerForkedBeaconBlock.init(forked1))
request2 = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Web3SignerForkedBeaconBlock.init(forked1), @[])
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.VerifyingWeb3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
publicKey1 = ValidatorPubKey.fromHex(ValidatorPubKey1).get()
publicKey2 = ValidatorPubKey.fromHex(ValidatorPubKey2).get()
publicKey3 = ValidatorPubKey.fromHex(ValidatorPubKey3).get()
check rclient.isOk()
let
client = rclient.get()
sres1 =
await validator1.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
sres2 =
await validator2.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
sres3 =
await validator3.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
bres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
bres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
bres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
check:
# Local requests
sres1.isOk()
sres2.isOk()
sres3.isOk()
# Remote requests with proper merkle proof of proper FeeRecipent field
rres1.isOk()
rres2.isOk()
rres3.isOk()
# Signature comparison
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
# Remote requests with changed FeeRecipient field
bres1.isErr()
bres2.isErr()
bres3.isErr()
try:
let
# `proofs` array is not present.
response1 = await client.signDataPlain(publicKey1, request1)
response2 = await client.signDataPlain(publicKey2, request1)
response3 = await client.signDataPlain(publicKey3, request1)
# `proofs` array is empty.
response4 = await client.signDataPlain(publicKey1, request2)
response5 = await client.signDataPlain(publicKey2, request2)
response6 = await client.signDataPlain(publicKey3, request2)
check:
response1.status == 400
response2.status == 400
response3.status == 400
response4.status == 400
response5.status == 400
response6.status == 400
finally:
await client.closeWait()
asyncTest "Signing BeaconBlock (getBlockSignature(capella))":
let
fork = ConsensusFork.Capella
forked1 = getBlock(fork)
blockRoot1 = withBlck(forked1): hash_tree_root(blck)
forked2 = getBlock(fork, SigningOtherFeeRecipient)
blockRoot2 = withBlck(forked2): hash_tree_root(blck)
request1 = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Web3SignerForkedBeaconBlock.init(forked1))
request2 = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Web3SignerForkedBeaconBlock.init(forked1), @[])
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.VerifyingWeb3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
publicKey1 = ValidatorPubKey.fromHex(ValidatorPubKey1).get()
publicKey2 = ValidatorPubKey.fromHex(ValidatorPubKey2).get()
publicKey3 = ValidatorPubKey.fromHex(ValidatorPubKey3).get()
check rclient.isOk()
let
client = rclient.get()
sres1 =
await validator1.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
sres2 =
await validator2.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
sres3 =
await validator3.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
bres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
bres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
bres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
check:
# Local requests
sres1.isOk()
sres2.isOk()
sres3.isOk()
# Remote requests with proper merkle proof of proper FeeRecipent field
rres1.isOk()
rres2.isOk()
rres3.isOk()
# Signature comparison
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
# Remote requests with changed FeeRecipient field
bres1.isErr()
bres2.isErr()
bres3.isErr()
try:
let
# `proofs` array is not present.
response1 = await client.signDataPlain(publicKey1, request1)
response2 = await client.signDataPlain(publicKey2, request1)
response3 = await client.signDataPlain(publicKey3, request1)
# `proofs` array is empty.
response4 = await client.signDataPlain(publicKey1, request2)
response5 = await client.signDataPlain(publicKey2, request2)
response6 = await client.signDataPlain(publicKey3, request2)
check:
response1.status == 400
response2.status == 400
response3.status == 400
response4.status == 400
response5.status == 400
response6.status == 400
finally:
await client.closeWait()
asyncTest "Signing BeaconBlock (getBlockSignature(deneb))":
let
fork = ConsensusFork.Deneb
forked1 = getBlock(fork)
blockRoot1 = withBlck(forked1): hash_tree_root(blck)
forked2 = getBlock(fork, SigningOtherFeeRecipient)
blockRoot2 = withBlck(forked2): hash_tree_root(blck)
request1 = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Web3SignerForkedBeaconBlock.init(forked1))
request2 = Web3SignerRequest.init(SigningFork, GenesisValidatorsRoot,
Web3SignerForkedBeaconBlock.init(forked1), @[])
remoteUrl = "http://" & SigningNodeAddress & ":" &
$getNodePort(basePort, RemoteSignerType.VerifyingWeb3Signer)
prestoFlags = {RestClientFlag.CommaSeparatedArray}
rclient = RestClientRef.new(remoteUrl, prestoFlags, {})
publicKey1 = ValidatorPubKey.fromHex(ValidatorPubKey1).get()
publicKey2 = ValidatorPubKey.fromHex(ValidatorPubKey2).get()
publicKey3 = ValidatorPubKey.fromHex(ValidatorPubKey3).get()
check rclient.isOk()
let
client = rclient.get()
sres1 =
await validator1.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
sres2 =
await validator2.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
sres3 =
await validator3.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
rres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot1, forked1)
bres1 =
await validator4.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
bres2 =
await validator5.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
bres3 =
await validator6.getBlockSignature(SigningFork, GenesisValidatorsRoot,
Slot(1), blockRoot2, forked2)
check:
# Local requests
sres1.isOk()
sres2.isOk()
sres3.isOk()
# Remote requests with proper merkle proof of proper FeeRecipent field
rres1.isOk()
rres2.isOk()
rres3.isOk()
# Signature comparison
sres1.get() == rres1.get()
sres2.get() == rres2.get()
sres3.get() == rres3.get()
# Remote requests with changed FeeRecipient field
bres1.isErr()
bres2.isErr()
bres3.isErr()
try:
let
# `proofs` array is not present.
response1 = await client.signDataPlain(publicKey1, request1)
response2 = await client.signDataPlain(publicKey2, request1)
response3 = await client.signDataPlain(publicKey3, request1)
# `proofs` array is empty.
response4 = await client.signDataPlain(publicKey1, request2)
response5 = await client.signDataPlain(publicKey2, request2)
response6 = await client.signDataPlain(publicKey3, request2)
check:
response1.status == 400
response2.status == 400
response3.status == 400
response4.status == 400
response5.status == 400
response6.status == 400
finally:
await client.closeWait()
waitFor(shutdownSigningNodeProcess(process))
removeTestDir(RemoteSignerType.VerifyingWeb3Signer)