Enable Cubist Signer integration

config/config_test.go

@@ -4,29 +4,23 @@
 package config
 
 import (
-	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log"
-	"net"
 	"os"
 	"path/filepath"
 	"testing"
 
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
-	"google.golang.org/grpc"
 
 	"github.com/ava-labs/avalanchego/chains"
+	"github.com/ava-labs/avalanchego/config/node"
 	"github.com/ava-labs/avalanchego/ids"
-	"github.com/ava-labs/avalanchego/proto/pb/signer"
 	"github.com/ava-labs/avalanchego/snow/consensus/snowball"
 	"github.com/ava-labs/avalanchego/subnets"
-	"github.com/ava-labs/avalanchego/utils/crypto/bls"
-	"github.com/ava-labs/avalanchego/utils/crypto/bls/signer/localsigner"
-	"github.com/ava-labs/avalanchego/utils/crypto/bls/signer/rpcsigner"
 	"github.com/ava-labs/avalanchego/utils/perms"
 )
 
@@ -557,63 +551,34 @@ func TestGetSubnetConfigsFromFlags(t *testing.T) {
 	}
 }
 
-type signerServer struct {
-	signer.UnimplementedSignerServer
-}
-
-func (*signerServer) PublicKey(context.Context, *signer.PublicKeyRequest) (*signer.PublicKeyResponse, error) {
-	// for tests to pass, this must be the base64 encoding of a 32 byte public key
-	// but it does not need to be associated with any private key
-	bytes, err := base64.StdEncoding.DecodeString("j8Ndzc1I6EYWYUWAdhcwpQ1I2xX/i4fdwgJIaxbHlf9yQKMT0jlReiiLYsydgaS1")
-	if err != nil {
-		return nil, err
-	}
-
-	return &signer.PublicKeyResponse{
-		PublicKey: bytes,
-	}, nil
-}
-
 func TestGetStakingSigner(t *testing.T) {
 	testKey := "HLimS3vRibTMk9lZD4b+Z+GLuSBShvgbsu0WTLt2Kd4="
-	rpcServer := grpc.NewServer()
-	defer rpcServer.GracefulStop()
-
-	signer.RegisterSignerServer(rpcServer, &signerServer{})
-
-	listener, err := net.Listen("tcp", "[::1]:0")
-	require.NoError(t, err)
-
-	go func() {
-		require.NoError(t, rpcServer.Serve(listener))
-	}()
-
-	type config map[string]any
+	type cfg map[string]any
 
 	tests := []struct {
-		name               string
-		viperKeys          string
-		config             config
-		expectedSignerType bls.Signer
-		expectedErr        error
+		name                     string
+		viperKeys                string
+		config                   cfg
+		expectedSignerConfigType interface{}
+		expectedErr              error
 	}{
 		{
-			name:               "default-signer",
-			expectedSignerType: &localsigner.LocalSigner{},
+			name:                     "default-signer",
+			expectedSignerConfigType: node.SignerPathConfig{},
 		},
 		{
-			name:               "ephemeral-signer",
-			config:             config{StakingEphemeralSignerEnabledKey: true},
-			expectedSignerType: &localsigner.LocalSigner{},
+			name:                     "ephemeral-signer",
+			config:                   cfg{StakingEphemeralSignerEnabledKey: true},
+			expectedSignerConfigType: node.EphemeralSignerConfig{},
 		},
 		{
-			name:               "content-key",
-			config:             config{StakingSignerKeyContentKey: testKey},
-			expectedSignerType: &localsigner.LocalSigner{},
+			name:                     "content-key",
+			config:                   cfg{StakingSignerKeyContentKey: testKey},
+			expectedSignerConfigType: node.ContentKeyConfig{},
 		},
 		{
 			name: "file-key",
-			config: config{
+			config: cfg{
 				StakingSignerKeyPathKey: func() string {
 					filePath := filepath.Join(t.TempDir(), "signer.key")
 					bytes, err := base64.StdEncoding.DecodeString(testKey)
@@ -622,16 +587,16 @@ func TestGetStakingSigner(t *testing.T) {
 					return filePath
 				}(),
 			},
-			expectedSignerType: &localsigner.LocalSigner{},
+			expectedSignerConfigType: node.SignerPathConfig{},
 		},
 		{
-			name:               "rpc-signer",
-			config:             config{StakingRPCSignerKey: listener.Addr().String()},
-			expectedSignerType: &rpcsigner.Client{},
+			name:                     "rpc-signer",
+			config:                   cfg{StakingRPCSignerKey: "localhost"},
+			expectedSignerConfigType: node.RPCSignerConfig{},
 		},
 		{
 			name: "multiple-configurations-set",
-			config: config{
+			config: cfg{
 				StakingEphemeralSignerEnabledKey: true,
 				StakingSignerKeyContentKey:       testKey,
 			},
@@ -651,36 +616,14 @@ func TestGetStakingSigner(t *testing.T) {
 				v.Set(key, value)
 			}
 
-			config, cleanup, err := GetNodeConfig(context.Background(), v)
-			defer func() {
-				if err == nil {
-					_ = cleanup()
-				}
-			}()
+			config, err := GetNodeConfig(v)
 
 			require.ErrorIs(err, tt.expectedErr)
-			require.IsType(tt.expectedSignerType, config.StakingSigningKey)
+			require.IsType(tt.expectedSignerConfigType, config.StakingSignerConfig)
 		})
 	}
 }
 
-func TestDefaultConfigInitializationUsesExistingDefaultKey(t *testing.T) {
-	t.Setenv("HOME", t.TempDir())
-
-	require := require.New(t)
-	v := setupViperFlags()
-
-	config1, cleanup1, err := GetNodeConfig(context.Background(), v)
-	defer func() { _ = cleanup1() }()
-	require.NoError(err)
-
-	config2, cleanup2, err := GetNodeConfig(context.Background(), v)
-	defer func() { _ = cleanup2() }()
-	require.NoError(err)
-
-	require.Equal(config1.StakingSigningKey.PublicKey(), config2.StakingSigningKey.PublicKey())
-}
-
 // setups config json file and writes content
 func setupConfigJSON(t *testing.T, rootPath string, value string) string {
 	configFilePath := filepath.Join(rootPath, "config.json")

config/node/config.go

@@ -19,7 +19,6 @@ import (
 	"github.com/ava-labs/avalanchego/subnets"
 	"github.com/ava-labs/avalanchego/trace"
 	"github.com/ava-labs/avalanchego/upgrade"
-	"github.com/ava-labs/avalanchego/utils/crypto/bls"
 	"github.com/ava-labs/avalanchego/utils/logging"
 	"github.com/ava-labs/avalanchego/utils/profiler"
 	"github.com/ava-labs/avalanchego/utils/set"
@@ -76,13 +75,26 @@ type StakingConfig struct {
 	SybilProtectionEnabled        bool            `json:"sybilProtectionEnabled"`
 	PartialSyncPrimaryNetwork     bool            `json:"partialSyncPrimaryNetwork"`
 	StakingTLSCert                tls.Certificate `json:"-"`
-	StakingSigningKey             bls.Signer      `json:"-"`
 	SybilProtectionDisabledWeight uint64          `json:"sybilProtectionDisabledWeight"`
-	// not accessed but used for logging
-	StakingKeyPath    string `json:"stakingKeyPath"`
-	StakingCertPath   string `json:"stakingCertPath"`
-	StakingSignerPath string `json:"stakingSignerPath"`
-	StakingSignerRPC  string `json:"stakingSignerRPC"`
+	StakingTLSKeyPath             string          `json:"stakingTLSKeyPath"`
+	StakingTLSCertPath            string          `json:"stakingTLSCertPath"`
+
+	StakingSignerConfig interface{} `json:"stakingSignerConfig"`
+}
+
+type EphemeralSignerConfig struct{}
+
+type ContentKeyConfig struct {
+	SignerKeyRawContent string `json:"signerKeyRawContent"`
+}
+
+type SignerPathConfig struct {
+	SignerPathIsSet bool   `json:"signerPathIsSet"`
+	SigningKeyPath  string `json:"signingKeyPath"`
+}
+
+type RPCSignerConfig struct {
+	StakingSignerRPC string `json:"stakingSignerRPC"`
 }
 
 type StateSyncConfig struct {

main/main.go

@@ -4,12 +4,10 @@
 package main
 
 import (
-	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
-	"time"
 
 	"github.com/spf13/pflag"
 	"golang.org/x/term"
@@ -53,9 +51,7 @@ func main() {
 		os.Exit(0)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-	nodeConfig, cleanup, err := config.GetNodeConfig(ctx, v)
-	cancel()
+	nodeConfig, err := config.GetNodeConfig(v)
 	if err != nil {
 		fmt.Printf("couldn't load node config: %s\n", err)
 		os.Exit(1)
@@ -68,15 +64,9 @@ func main() {
 	nodeApp, err := app.New(nodeConfig)
 	if err != nil {
 		fmt.Printf("couldn't start node: %s\n", err)
-		if err := cleanup(); err != nil {
-			fmt.Printf("error cleaning up: %s\n", err)
-		}
 		os.Exit(1)
 	}
 
 	exitCode := app.Run(nodeApp)
-	if err := cleanup(); err != nil {
-		fmt.Printf("error cleaning up: %s\n", err)
-	}
 	os.Exit(exitCode)
 }

node/node.go

@@ -78,6 +78,7 @@ import (
 	"github.com/ava-labs/avalanchego/vms/rpcchainvm/runtime"
 
 	databasefactory "github.com/ava-labs/avalanchego/database/factory"
+	blssigner "github.com/ava-labs/avalanchego/utils/crypto/bls/signer"
 	avmconfig "github.com/ava-labs/avalanchego/vms/avm/config"
 	platformconfig "github.com/ava-labs/avalanchego/vms/platformvm/config"
 	coreth "github.com/ava-labs/coreth/plugin/evm"
@@ -134,7 +135,12 @@ func New(
 		Config:           config,
 	}
 
-	pop, err := signer.NewProofOfPossession(n.Config.StakingSigningKey)
+	n.StakingSigner, err = blssigner.GetStakingSigner(config.StakingSignerConfig)
+	if err != nil {
+		return nil, fmt.Errorf("problem initializing staking signer: %w", err)
+	}
+
+	pop, err := signer.NewProofOfPossession(n.StakingSigner)
 	if err != nil {
 		return nil, fmt.Errorf("problem creating proof of possession: %w", err)
 	}
@@ -284,6 +290,7 @@ type Node struct {
 
 	StakingTLSSigner crypto.Signer
 	StakingTLSCert   *staking.Certificate
+	StakingSigner    bls.Signer
 
 	// Storage for this node
 	DB database.Database
@@ -571,7 +578,7 @@ func (n *Node) initNetworking(reg prometheus.Registerer) error {
 		err := n.vdrs.AddStaker(
 			constants.PrimaryNetworkID,
 			n.ID,
-			n.Config.StakingSigningKey.PublicKey(),
+			n.StakingSigner.PublicKey(),
 			dummyTxID,
 			n.Config.SybilProtectionDisabledWeight,
 		)
@@ -610,7 +617,7 @@ func (n *Node) initNetworking(reg prometheus.Registerer) error {
 	n.Config.NetworkConfig.Beacons = n.bootstrappers
 	n.Config.NetworkConfig.TLSConfig = tlsConfig
 	n.Config.NetworkConfig.TLSKey = tlsKey
-	n.Config.NetworkConfig.BLSKey = n.Config.StakingSigningKey
+	n.Config.NetworkConfig.BLSKey = n.StakingSigner
 	n.Config.NetworkConfig.TrackedSubnets = n.Config.TrackedSubnets
 	n.Config.NetworkConfig.UptimeCalculator = n.uptimeCalculator
 	n.Config.NetworkConfig.UptimeRequirement = n.Config.UptimeRequirement
@@ -1100,7 +1107,7 @@ func (n *Node) initChainManager(avaxAssetID ids.ID) error {
 			SybilProtectionEnabled:                  n.Config.SybilProtectionEnabled,
 			StakingTLSSigner:                        n.StakingTLSSigner,
 			StakingTLSCert:                          n.StakingTLSCert,
-			StakingBLSKey:                           n.Config.StakingSigningKey,
+			StakingBLSKey:                           n.StakingSigner,
 			Log:                                     n.Log,
 			LogFactory:                              n.LogFactory,
 			VMManager:                               n.VMManager,
@@ -1344,7 +1351,7 @@ func (n *Node) initInfoAPI() error {
 
 	n.Log.Info("initializing info API")
 
-	pop, err := signer.NewProofOfPossession(n.Config.StakingSigningKey)
+	pop, err := signer.NewProofOfPossession(n.StakingSigner)
 	if err != nil {
 		return fmt.Errorf("problem creating proof of possession: %w", err)
 	}
@@ -1455,7 +1462,7 @@ func (n *Node) initHealthAPI() error {
 			return "validator doesn't have a BLS key", nil
 		}
 
-		nodePK := n.Config.StakingSigningKey.PublicKey()
+		nodePK := n.StakingSigner.PublicKey()
 		if nodePK.Equals(vdrPK) {
 			return "node has the correct BLS key", nil
 		}
@@ -1650,6 +1657,14 @@ func (n *Node) shutdown() {
 		time.Sleep(n.Config.ShutdownWait)
 	}
 
+	if n.StakingSigner != nil {
+		if err := n.StakingSigner.Shutdown(); err != nil {
+			n.Log.Debug(
+				"error during staking signer shutdown",
+				zap.Error(err),
+			)
+		}
+	}
 	if n.resourceManager != nil {
 		n.resourceManager.Shutdown()
 	}

utils/crypto/bls/signer.go

@@ -7,4 +7,5 @@ type Signer interface {
 	PublicKey() *PublicKey
 	Sign(msg []byte) (*Signature, error)
 	SignProofOfPossession(msg []byte) (*Signature, error)
+	Shutdown() error
 }

utils/crypto/bls/signer/localsigner/localsigner.go

@@ -75,3 +75,8 @@ func (s *LocalSigner) Sign(msg []byte) (*bls.Signature, error) {
 func (s *LocalSigner) SignProofOfPossession(msg []byte) (*bls.Signature, error) {
 	return new(bls.Signature).Sign(s.sk, msg, bls.CiphersuiteProofOfPossession.Bytes()), nil
 }
+
+// Sign [msg] to prove the ownership
+func (*LocalSigner) Shutdown() error {
+	return nil
+}