-
Notifications
You must be signed in to change notification settings - Fork 678
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encapsulate signer #3576
encapsulate signer #3576
Changes from 6 commits
4b1d0d2
4177305
a3af684
57c6ec7
3f46a5a
e3f0933
e6672ea
ed70f23
0c37712
3b8d76a
39e9877
6a023b0
5241d03
1150175
fd7f326
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -645,9 +645,9 @@ func getStakingTLSCert(v *viper.Viper) (tls.Certificate, error) { | |
} | ||
} | ||
|
||
func getStakingSigner(v *viper.Viper) (*bls.SecretKey, error) { | ||
func getStakingSigner(v *viper.Viper) (bls.Signer, error) { | ||
if v.GetBool(StakingEphemeralSignerEnabledKey) { | ||
key, err := bls.NewSecretKey() | ||
key, err := bls.NewSigner() | ||
if err != nil { | ||
return nil, fmt.Errorf("couldn't generate ephemeral signing key: %w", err) | ||
} | ||
|
@@ -685,7 +685,7 @@ func getStakingSigner(v *viper.Viper) (*bls.SecretKey, error) { | |
return nil, errMissingStakingSigningKeyFile | ||
} | ||
|
||
key, err := bls.NewSecretKey() | ||
key, err := bls.NewSigner() | ||
if err != nil { | ||
return nil, fmt.Errorf("couldn't generate new signing key: %w", err) | ||
} | ||
|
@@ -694,7 +694,7 @@ func getStakingSigner(v *viper.Viper) (*bls.SecretKey, error) { | |
return nil, fmt.Errorf("couldn't create path for signing key at %s: %w", signingKeyPath, err) | ||
} | ||
|
||
keyBytes := bls.SecretKeyToBytes(key) | ||
keyBytes := key.ToBytes() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'll have to change this eventually to fully abstract the signer. I'm open to ideas on how best to do this There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Within the config, I'd expect us to have a switch that offers different BLS Signers ie. generate and store a new BLS key on the machine or use an external signing service. I'd think this is either AvalancheGo defining the options it wants to support directly here or it supports a gRPC service that dials an external signer and handles signature requests. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, looking at the code again, signer creation would be specific. A With that said, I would probably create a func initializeSigner(signerConfig) (Signer) { /* ... */ } and deal with saving or not saving there. It should not be dealt with here IMO. This is all for a future PR though |
||
if err := os.WriteFile(signingKeyPath, keyBytes, perms.ReadWrite); err != nil { | ||
return nil, fmt.Errorf("couldn't write new signing key to %s: %w", signingKeyPath, err) | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -128,7 +128,7 @@ type Config struct { | |
// TLSKey is this node's TLS key that is used to sign IPs. | ||
TLSKey crypto.Signer `json:"-"` | ||
// BLSKey is this node's BLS key that is used to sign IPs. | ||
BLSKey *bls.SecretKey `json:"-"` | ||
BLSKey bls.Signer `json:"-"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I assume this means the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. IIRC this actually omits it from serialization, i.e it's not serialized or deserialized. This is done because we use the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Makes sense. Yeah, I generally prefer to split up raw config data vs actual dependent services/structs, but 🤷. I've seen this pattern before too. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yup think it makes sense to leave this as is in this PR. Separating it would be an improvement There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. one day... |
||
|
||
// TrackedSubnets of the node. | ||
// It must not include the primary network ID. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -175,7 +175,7 @@ func newTestNetwork(t *testing.T, count int) (*testDialer, []*testListener, []id | |
require.NoError(t, err) | ||
nodeID := ids.NodeIDFromCert(cert) | ||
|
||
blsKey, err := bls.NewSecretKey() | ||
blsKey, err := bls.NewSigner() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🤔 If we want to change all the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Seems reasonable |
||
require.NoError(t, err) | ||
|
||
config := defaultConfig | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to change the property name here too?