private key config

Signed-off-by: [email protected] <[email protected]>

Author: pinges

app/build.gradle

@@ -18,6 +18,8 @@ dependencies {
   implementation "com.sksamuel.hoplite:hoplite-core"
 
   implementation("org.hyperledger.besu.internal:metrics-core")
+  implementation("tech.pegasys.teku.internal:p2p")
+
 
   testImplementation(project(":jvm-libs:test-utils"))
   testImplementation(testFixtures(project(":core")))

app/src/main/kotlin/maru/app/MaruApp.kt

@@ -45,6 +45,7 @@ import org.hyperledger.besu.consensus.common.bft.Gossiper
 import org.hyperledger.besu.consensus.common.bft.network.ValidatorMulticaster
 import org.hyperledger.besu.metrics.noop.NoOpMetricsSystem
 import tech.pegasys.teku.infrastructure.async.SafeFuture
+import tech.pegasys.teku.networking.p2p.network.config.GeneratingFilePrivateKeySource
 
 class MaruApp(
   config: MaruConfig,
@@ -55,21 +56,40 @@ class MaruApp(
 ) : AutoCloseable {
   private val log: Logger = LogManager.getLogger(this::class.java)
 
-  val p2pManager =
-    P2PManager(
-      privateKeyFile = config.persistence.privateKeyPath,
-      p2pConfig = config.p2pConfig,
-    )
+  private lateinit var privateKeyBytes: ByteArray
 
   init {
+    if (!config.persistence.privateKeyPath
+        .toFile()
+        .exists()
+    ) {
+      log.info(
+        "Private key file ${config.persistence.privateKeyPath} does not exist. A new private key will be generated and stored in that location.",
+      )
+    } else {
+      log.info(
+        "Private key file ${config.persistence.privateKeyPath} already exists. Maru will use the existing private key.",
+      )
+      privateKeyBytes =
+        GeneratingFilePrivateKeySource(config.persistence.privateKeyPath.toString()).privateKeyBytes.toArray()
+    }
     if (config.validator == null) {
       log.info("Validator is not defined. Maru is running in follower-only node")
       log.error("Follower-only mode is not supported yet! Exiting application.")
       exitProcess(1)
     }
+    if (config.p2pConfig == null) {
+      log.info("P2PManager is not defined.")
+    }
     log.info(config.toString())
   }
 
+  val p2pManager =
+    P2PManager(
+      privateKeyBytes = privateKeyBytes,
+      p2pConfig = config.p2pConfig,
+    )
+
   private val ethereumJsonRpcClient =
     Helpers.createWeb3jClient(
       config.sotNode,
@@ -125,6 +145,7 @@ class MaruApp(
             qbftConsensusFactory =
               QbftProtocolFactoryWithBeaconChainInitialization(
                 maruConfig = config,
+                privateKeyBytes = privateKeyBytes,
                 metricsSystem = metricsSystem,
                 finalizationStateProvider = finalizationStateProviderStub,
                 executionLayerClient = ethereumJsonRpcClient.eth1Web3j,

app/src/main/kotlin/maru/app/QbftProtocolFactoryWithBeaconChainInitialization.kt

@@ -46,6 +46,7 @@ import org.web3j.protocol.core.DefaultBlockParameter
 
 class QbftProtocolFactoryWithBeaconChainInitialization(
   private val maruConfig: MaruConfig,
+  private val privateKeyBytes: ByteArray,
   private val metricsSystem: MetricsSystem,
   private val finalizationStateProvider: (BeaconBlockBody) -> FinalizationState,
   private val executionLayerClient: Web3j,
@@ -82,7 +83,7 @@ class QbftProtocolFactoryWithBeaconChainInitialization(
         headerHashFunction = RLPSerializers.DefaultHeaderHashFunction,
       )
 
-    val initialValidators = setOf(Crypto.privateKeyToValidator(maruConfig.validator!!.privateKey))
+    val initialValidators = setOf(Crypto.privateKeyToValidator(privateKeyBytes))
     val tmpGenesisStateRoot =
       BeaconState(
         latestBeaconBlockHeader = beaconBlockHeader,
@@ -124,6 +125,7 @@ class QbftProtocolFactoryWithBeaconChainInitialization(
     val qbftProtocolFactory =
       QbftProtocolFactory(
         beaconChain = beaconChain,
+        privateKeyBytes = privateKeyBytes,
         maruConfig = maruConfig,
         metricsSystem = metricsSystem,
         finalizationStateProvider = finalizationStateProvider,

config/src/main/kotlin/maru.config/Config.kt

@@ -28,16 +28,34 @@ data class Persistence(
 data class ApiEndpointConfig(
   val endpoint: URL,
   val jwtSecretPath: String? = null,
-)
+) {
+  override fun equals(other: Any?): Boolean {
+    if (this === other) return true
+    if (javaClass != other?.javaClass) return false
+
+    other as ApiEndpointConfig
+
+    if (endpoint != other.endpoint) return false
+    if (jwtSecretPath != other.jwtSecretPath) return false
+
+    return true
+  }
+
+  override fun hashCode(): Int {
+    var result = endpoint.hashCode()
+    result = 31 * result + (jwtSecretPath?.hashCode() ?: 0)
+    return result
+  }
+}
 
 data class FollowersConfig(
   val followers: Map<String, ApiEndpointConfig>,
 )
 
 data class P2P(
-  val ipAddress: String = "0.0.0.0",
-  val port: String = "9000",
-  val staticPeers: List<String> = emptyList(),
+  val ipAddress: String,
+  val port: String,
+  val staticPeers: List<String>,
 ) {
   override fun equals(other: Any?): Boolean {
     if (this === other) return true
@@ -61,25 +79,18 @@ data class P2P(
 }
 
 data class Validator(
-  val privateKey: ByteArray,
   val engineApiClient: ApiEndpointConfig,
 ) {
-  init {
-    require(privateKey.size == 32) {
-      "validator key must be 32 bytes long"
-    }
-  }
-
   override fun equals(other: Any?): Boolean {
     if (this === other) return true
     if (javaClass != other?.javaClass) return false
 
     other as Validator
 
-    return privateKey.contentEquals(other.privateKey)
+    return engineApiClient == other.engineApiClient
   }
 
-  override fun hashCode(): Int = privateKey.contentHashCode()
+  override fun hashCode(): Int = engineApiClient.hashCode()
 }
 
 data class QbftOptions(
@@ -96,7 +107,7 @@ data class MaruConfig(
   val persistence: Persistence,
   val sotNode: ApiEndpointConfig,
   val qbftOptions: QbftOptions,
-  val p2pConfig: P2P,
+  val p2pConfig: P2P?,
   val validator: Validator?,
   val followers: FollowersConfig,
 )

config/src/main/kotlin/maru.config/HopliteFriendly.kt

@@ -15,18 +15,14 @@
  */
 package maru.config
 
-import com.sksamuel.hoplite.Masked
 import java.net.URL
-import maru.extensions.fromHexToByteArray
 
 data class ValidatorDtoToml(
-  val privateKey: Masked,
   val elClientEngineApiEndpoint: URL,
   val jwtSecretPath: String? = null,
 ) {
   fun domainFriendly(): Validator =
     Validator(
-      privateKey = privateKey.value.fromHexToByteArray(),
       engineApiClient = ApiEndpointDtoToml(elClientEngineApiEndpoint, jwtSecretPath).toDomain(),
     )
 }

config/src/test/kotlin/maru/config/HopliteFriendlinessTest.kt

@@ -15,12 +15,10 @@
  */
 package maru.config
 
-import com.sksamuel.hoplite.Secret
 import java.net.URI
 import kotlin.io.path.Path
 import kotlin.time.Duration.Companion.milliseconds
 import kotlin.time.Duration.Companion.seconds
-import maru.extensions.fromHexToByteArray
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.Test
 
@@ -38,9 +36,10 @@ class HopliteFriendlinessTest {
 
     [p2p-config]
     port = 3322
+    ip-address = "localhost"
+    static-peers = []
 
     [validator]
-    private-key = "0x1dd171cec7e2995408b5513004e8207fe88d6820aeff0d82463b3e41df251aae"
     jwt-secret-path = "/secret/path"
     el-client-engine-api-endpoint = "http://localhost:8555"
     """.trimIndent()
@@ -66,11 +65,10 @@ class HopliteFriendlinessTest {
               endpoint = URI.create("http://localhost:8545").toURL(),
             ),
           qbftOptions = QbftOptions(100.milliseconds),
-          p2pConfig = P2P(),
+          p2pConfig = P2P(ipAddress = "localhost", port = "3322", staticPeers = emptyList()),
           validator =
             ValidatorDtoToml(
               elClientEngineApiEndpoint = URI.create("http://localhost:8555").toURL(),
-              privateKey = Secret("0x1dd171cec7e2995408b5513004e8207fe88d6820aeff0d82463b3e41df251aae"),
               jwtSecretPath = "/secret/path",
             ),
           followerEngineApis =
@@ -100,11 +98,10 @@ class HopliteFriendlinessTest {
               endpoint = URI.create("http://localhost:8545").toURL(),
             ),
           qbftOptions = QbftOptions(100.milliseconds),
-          p2pConfig = P2P(),
+          p2pConfig = P2P(ipAddress = "localhost", port = "3322", staticPeers = emptyList()),
           validator =
             ValidatorDtoToml(
               elClientEngineApiEndpoint = URI.create("http://localhost:8555").toURL(),
-              privateKey = Secret("0x1dd171cec7e2995408b5513004e8207fe88d6820aeff0d82463b3e41df251aae"),
               jwtSecretPath = "/secret/path",
             ),
           followerEngineApis = null,
@@ -123,11 +120,10 @@ class HopliteFriendlinessTest {
             ApiEndpointConfig(
               endpoint = URI.create("http://localhost:8545").toURL(),
             ),
-          p2pConfig = P2P(),
+          p2pConfig = P2P(ipAddress = "localhost", port = "3322", staticPeers = emptyList()),
           validator =
             Validator(
               engineApiClient = ApiEndpointConfig(URI.create("http://localhost:8555").toURL()),
-              privateKey = "0x1dd171cec7e2995408b5513004e8207fe88d6820aeff0d82463b3e41df251aae".fromHexToByteArray(),
             ),
           qbftOptions = QbftOptions(100.milliseconds),
           followers =
@@ -154,11 +150,10 @@ class HopliteFriendlinessTest {
               endpoint = URI.create("http://localhost:8545").toURL(),
             ),
           qbftOptions = QbftOptions(100.milliseconds),
-          p2pConfig = P2P(),
+          p2pConfig = P2P(ipAddress = "localhost", port = "3322", staticPeers = emptyList()),
           validator =
             Validator(
               engineApiClient = ApiEndpointConfig(URI.create("http://localhost:8555").toURL()),
-              privateKey = "0x1dd171cec7e2995408b5513004e8207fe88d6820aeff0d82463b3e41df251aae".fromHexToByteArray(),
             ),
           followers =
             FollowersConfig(

consensus/src/main/kotlin/maru/consensus/qbft/QbftProtocolFactory.kt

@@ -74,6 +74,7 @@ import org.hyperledger.besu.util.Subscribers
 
 class QbftProtocolFactory(
   private val beaconChain: BeaconChain,
+  private val privateKeyBytes: ByteArray,
   private val maruConfig: MaruConfig,
   private val metricsSystem: MetricsSystem,
   private val finalizationStateProvider: (BeaconBlockBody) -> FinalizationState,
@@ -92,9 +93,8 @@ class QbftProtocolFactory(
       "communicationMargin can't be more than blockTimeSeconds"
     }
 
-    val validatorKey = maruConfig.validator!!.privateKey
     val signatureAlgorithm = SignatureAlgorithmFactory.getInstance()
-    val privateKey = signatureAlgorithm.createPrivateKey(Bytes32.wrap(validatorKey))
+    val privateKey = signatureAlgorithm.createPrivateKey(Bytes32.wrap(privateKeyBytes))
     val keyPair = signatureAlgorithm.createKeyPair(privateKey)
     val securityModule = KeyPairSecurityModule(keyPair)
     val nodeKey = NodeKey(securityModule)

p2p/src/main/kotlin/maru/p2p/P2PManager.kt

@@ -16,7 +16,6 @@
 package maru.p2p
 
 import io.libp2p.core.crypto.unmarshalPrivateKey
-import java.nio.file.Path
 import java.util.Optional
 import java.util.concurrent.TimeUnit
 import maru.config.P2P
@@ -25,16 +24,16 @@ import org.apache.logging.log4j.Logger
 import tech.pegasys.teku.infrastructure.async.SafeFuture
 import tech.pegasys.teku.networking.p2p.libp2p.MultiaddrPeerAddress
 import tech.pegasys.teku.networking.p2p.libp2p.PeerAlreadyConnectedException
+import tech.pegasys.teku.networking.p2p.mock.MockP2PNetwork
 import tech.pegasys.teku.networking.p2p.network.P2PNetwork
 import tech.pegasys.teku.networking.p2p.network.PeerAddress
-import tech.pegasys.teku.networking.p2p.network.config.GeneratingFilePrivateKeySource
 import tech.pegasys.teku.networking.p2p.peer.DisconnectReason
 import tech.pegasys.teku.networking.p2p.peer.NodeId
 import tech.pegasys.teku.networking.p2p.peer.Peer
 
 class P2PManager(
-  val privateKeyFile: Path,
-  val p2pConfig: P2P,
+  private val privateKeyBytes: ByteArray,
+  private val p2pConfig: P2P?,
 ) {
   companion object {
     private const val DEFAULT_RECONNECT_DELAY_MILLI_SECONDS = 5000L // TODO: Do we want to make this configurable?
@@ -50,7 +49,7 @@ class P2PManager(
     p2pNetwork
       .start()
       ?.thenApply {
-        p2pConfig.staticPeers.forEach { peer ->
+        p2pConfig!!.staticPeers.forEach { peer ->
           p2pNetwork.createPeerAddress(peer)?.let { address -> addStaticPeer(address as MultiaddrPeerAddress) }
         }
       }?.get()
@@ -61,10 +60,10 @@ class P2PManager(
   }
 
   private fun buildP2PNetwork(): P2PNetwork<Peer> {
-    val filePrivateKeySource = GeneratingFilePrivateKeySource(privateKeyFile.toString())
-    // TODO: reading/generating this key should be done early on, as it is needed for the validator as well
-    val privKeyBytes = filePrivateKeySource.privateKeyBytes
-    val privateKey = unmarshalPrivateKey(privKeyBytes.toArrayUnsafe())
+    if (p2pConfig == null) {
+      return MockP2PNetwork()
+    }
+    val privateKey = unmarshalPrivateKey(privateKeyBytes)
 
     return P2PNetworkFactory.build(
       privateKey = privateKey,