feat: Use existing key to create an account (#18611)

Signed-off-by: Matt Hess <[email protected]>

Author: mhess-swl

hedera-node/test-clients/src/yahcli/java/com/hedera/services/yahcli/commands/accounts/CreateCommand.java

@@ -57,10 +57,23 @@ public class CreateCommand implements Callable<Integer> {
     @CommandLine.Option(
             names = {"-k", "--keyType"},
             paramLabel = "keyType",
-            description = "Type of key to use for the new account: ED25519 or SECP256K1",
+            description =
+                    "Type of key to generate for the new account: ED25519 or SECP256K1 (superseded by --keyfile or --passFile)",
             defaultValue = "ED25519")
     String keyType;
 
+    @CommandLine.Option(
+            names = "--keyFile",
+            paramLabel = "keyFile",
+            description = "Path to the key (PEM) file to use for the new account")
+    String keyFile;
+
+    @CommandLine.Option(
+            names = "--passFile",
+            paramLabel = "passFile",
+            description = "Path to the password file for the existing key (PEM) file")
+    String passFile;
+
     @Override
     public Integer call() throws Exception {
         final var yahcli = accountsCommand.getYahcli();
@@ -69,7 +82,7 @@ public Integer call() throws Exception {
         final var noveltyLoc = config.keysLoc() + File.separator + NOVELTY + ".pem";
         final SigControl sigType = ParseUtils.keyTypeFromParam(keyType);
         // Since we are creating an account, we expect the caller to explicitly specify the key type
-        if (sigType == null) {
+        if (!CreateSuite.existingKeyPresent(keyFile, passFile) && sigType == null) {
             COMMON_MESSAGES.warn("Invalid key type: " + keyType + ". Must be 'ED25519' or 'SECP256K1'");
             return 1;
         }
@@ -85,7 +98,9 @@ public Integer call() throws Exception {
                 noveltyLoc,
                 sigType,
                 retries,
-                effectiveReceiverSigRequired);
+                effectiveReceiverSigRequired,
+                keyFile,
+                passFile);
         delegate.runSuiteSync();
 
         if (delegate.getFinalSpecs().get(0).getStatus() == HapiSpec.SpecStatus.PASSED) {

hedera-node/test-clients/src/yahcli/java/com/hedera/services/yahcli/suites/CreateSuite.java

@@ -5,6 +5,7 @@
 import static com.hederahashgraph.api.proto.java.ResponseCodeEnum.OK;
 
 import com.hedera.services.bdd.spec.HapiSpec;
+import com.hedera.services.bdd.spec.SpecOperation;
 import com.hedera.services.bdd.spec.keys.SigControl;
 import com.hedera.services.bdd.spec.transactions.TxnUtils;
 import com.hedera.services.bdd.spec.transactions.TxnVerbs;
@@ -39,6 +40,8 @@ public class CreateSuite extends HapiSuite {
     private final boolean receiverSigRequired;
 
     private final String novelTarget;
+    private final String keyLoc;
+    private final String passLoc;
 
     private final AtomicLong createdNo = new AtomicLong(0);
 
@@ -49,14 +52,18 @@ public CreateSuite(
             final String novelTarget,
             final SigControl sigType,
             final int numBusyRetries,
-            final boolean receiverSigRequired) {
+            final boolean receiverSigRequired,
+            final String keyLoc,
+            final String passLoc) {
         this.memo = memo;
         this.specConfig = specConfig;
         this.novelTarget = novelTarget;
         this.sigType = sigType;
         this.numBusyRetries = numBusyRetries;
         this.initialBalance = initialBalance;
         this.receiverSigRequired = receiverSigRequired;
+        this.keyLoc = keyLoc;
+        this.passLoc = passLoc;
     }
 
     @Override
@@ -73,13 +80,22 @@ final Stream<DynamicTest> doCreate() {
         final var newKey = "newKey";
         final var success = new AtomicBoolean(false);
         final var novelPass = TxnUtils.randomAlphaNumeric(12);
+
+        // Default operation of creating a new key is assigned
         NewSpecKey newSpecKey = UtilVerbs.newKeyNamed(newKey)
                 .exportingTo(novelTarget, novelPass)
                 .shape(sigType);
         newSpecKey = (sigType == SigControl.ED25519_ON) ? newSpecKey.includingEd25519Mnemonic() : newSpecKey;
+
+        // If an existing key is specified, use that instead of generating a new one
+        SpecOperation keyOp = newSpecKey;
+        if (usingExistingKey()) {
+            keyOp = UtilVerbs.keyFromFile(newKey, keyLoc);
+        }
+
         return HapiSpec.customHapiSpec("DoCreate")
                 .withProperties(specConfig)
-                .given(newSpecKey)
+                .given(keyOp)
                 .when(UtilVerbs.withOpContext((spec, opLog) -> {
                     int attemptNo = 1;
                     do {
@@ -109,7 +125,10 @@ final Stream<DynamicTest> doCreate() {
                     } while (attemptNo++ <= numBusyRetries);
                 }))
                 .then(UtilVerbs.withOpContext((spec, opLog) -> {
-                    if (success.get()) {
+                    final boolean completedSuccessfully = success.get();
+                    if (completedSuccessfully && usingExistingKey()) {
+                        System.out.println(".i. Key '" + keyLoc + "' used for new account");
+                    } else if (completedSuccessfully) {
                         final var locs = new ArrayList<String>() {
                             {
                                 add(novelTarget);
@@ -138,4 +157,12 @@ protected Logger getResultsLogger() {
     public AtomicLong getCreatedNo() {
         return createdNo;
     }
+
+    public static boolean existingKeyPresent(String keyLoc, String passLoc) {
+        return keyLoc != null && !keyLoc.isBlank() && passLoc != null && !passLoc.isBlank();
+    }
+
+    private boolean usingExistingKey() {
+        return existingKeyPresent(keyLoc, passLoc);
+    }
 }

hedera-node/test-clients/yahcli/README.md

@@ -224,6 +224,28 @@ _previewnet/keys/account1234.words_.) If the `-k SECP256K1` option is used, the
 Secp256k1 key. A PEM file and .pass file are still created, but this algorithm doesn't support mnemonic keys, so the
 `.words` file is _not_ created.
 
+Yahcli now supports creating a new account with an existing key (either Ed25519 or Secp256k1) in PEM format. Use the
+`--keyFile` and `--passFile` options–both required–to specify the path to the PEM file and its corresponding passphrase file.
+These options supersede the key type option (`--keyType`) when specified, meaning there is no need to specify the key type
+when using an existing key.
+
+For example:
+
+```
+$ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n previewnet -p 2 accounts create -d hbar -a 1 /
+--memo "Created with existing key" /
+--keyFile previewnet/keys/existing-account.pem /
+--passFile previewnet/keys/existing-account.pass
+
+```
+
+Note that the existing key **is not moved or copied** to the target network's `keys/` directory. Since yahcli typically
+depends on the keys in the `keys/` directory for subsequent operations, you will need to ensure that the imported key files
+used to create the account (i.e. the PEM file and pass file) are placed in the appropriate `keys/` directory with the
+standard naming, `accountXXX.pem` and `accountXXX.pass`.
+
+```
+
 # Updating system files
 
 For this example, we will run against a `localhost` network since we will modify a system file.
@@ -233,25 +255,29 @@ The DER-encoded RSA public key of the node is in a file _node3.der_, and its TLS
 in a file _node3.crt_. We place these files in the directory structure below.
 
 ```
+
 localhost
 ├── keys
 │   ├── account2.pass
 │   ├── account2.pem
 │   ├── account55.pass
 │   └── account55.pem
 └── sysfiles
-    ├── certs
-    │   └── node3.crt
-    └── pubkeys
-        └── node3.der
+├── certs
+│   └── node3.crt
+└── pubkeys
+└── node3.der
+
 ```
 
 We first download the existing address book,
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 2 sysfiles download address-book
 Targeting localhost, paying with 0.0.2
 Downloading the address-book...OK
+
 ```
 
 Next we edit the newly-downloaded _localhost/sysfiles/addressBook.json_ and
@@ -262,49 +288,55 @@ we tell yahcli to compute their values from the _certs/node3.crt_ and _pubkeys/n
 files, respectively.
 
 ```
+
 ...
-  }, {
-    "nodeId" : 3,
-    "certHash" : "!",
-    "rsaPubKey" : "!",
-    "nodeAccount" : "0.0.6",
-    "endpoints" : [ {
-      "ipAddressV4" : "127.0.0.1",
-      "port" : 50207
-    }, {
-      "ipAddressV4" : "127.0.0.1",
-      "port" : 50208
-    } ]
+}, {
+"nodeId" : 3,
+"certHash" : "!",
+"rsaPubKey" : "!",
+"nodeAccount" : "0.0.6",
+"endpoints" : [ {
+"ipAddressV4" : "127.0.0.1",
+"port" : 50207
+}, {
+"ipAddressV4" : "127.0.0.1",
+"port" : 50208
+}]
 ...
+
 ```
 
 And now we upload the new address book, this time using the address book admin `0.0.55` as the payer:
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 55 sysfiles upload address-book
+
 ```
 
 Finally we re-download the book to see that the hex-encoded cert hash and RSA public key were uploaded as expected:
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 2 sysfiles download address-book
 Targeting localhost, paying with 0.0.2
 Downloading the address-book...OK
 $ tail -17 localhost/sysfiles/addressBook.json
-  }, {
-    "nodeId" : 3,
-    "certHash" : "0ae05bde15d216781a40e7bce5303bf68926f9440eec3cb20fabe9df06b0091a205fdea86911facb4e51e46c3890c803",
-    "rsaPubKey" : "3636303839396438343537353933653537396565363861333263303630336535393936666162613530386439343438306333656236346463613538373835326461333830353730323933636535336564393932666465343835333234636162356433353565373438313334393534623139633231633366303863363161316535643965333530316334333234353937656334646538646435383866666266646434613566333634366262376335393830636264323164643634301216763393131336631636533313864636134616635373732323462646538396332633137336633666538643039326534623866383030373130376138643965323633333166353335356135383464383037373661306162636139326530303438646433373163666530353936656464366261303737303338313432383866313039613832383035383630363562376262663238353432303434376134343336383830633361393336613666666663646162313012153335633864666561306461306537353035383530346661396163333036396438653166643762623333343530663761346261303439310a",
-    "nodeAccount" : "0.0.6",
-    "endpoints" : [ {
-      "ipAddressV4" : "127.0.0.1",
-      "port" : 50207
-    }, {
-      "ipAddressV4" : "127.0.0.1",
-      "port" : 50208
-    } ]
-  } ]
+}, {
+"nodeId" : 3,
+"certHash" : "0ae05bde15d216781a40e7bce5303bf68926f9440eec3cb20fabe9df06b0091a205fdea86911facb4e51e46c3890c803",
+"rsaPubKey" : "3636303839396438343537353933653537396565363861333263303630336535393936666162613530386439343438306333656236346463613538373835326461333830353730323933636535336564393932666465343835333234636162356433353565373438313334393534623139633231633366303863363161316535643965333530316334333234353937656334646538646435383866666266646434613566333634366262376335393830636264323164643634301216763393131336631636533313864636134616635373732323462646538396332633137336633666538643039326534623866383030373130376138643965323633333166353335356135383464383037373661306162636139326530303438646433373163666530353936656464366261303737303338313432383866313039613832383035383630363562376262663238353432303434376134343336383830633361393336613666666663646162313012153335633864666561306461306537353035383530346661396163333036396438653166643762623333343530663761346261303439310a",
+"nodeAccount" : "0.0.6",
+"endpoints" : [ {
+"ipAddressV4" : "127.0.0.1",
+"port" : 50207
+}, {
+"ipAddressV4" : "127.0.0.1",
+"port" : 50208
+}]
+} ]
 }
+
 ```
 
 ## Uploading special files
@@ -318,44 +350,54 @@ is used for a software update ZIP, and file `0.0.159` for a telemetry upgrade ZI
 To upload such artifacts, use the special files names as below,
 
 ```
+
 $ tree localhost/sysfiles/
 localhost/sysfiles/
 ├── softwareUpgrade.zip
 └── telemetryUpgrade.zip
+
 ```
 
 Then proceed as with any other `sysfiles upload` command,
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 58 sysfiles upload software-zip
 ...
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 58 sysfiles upload telemetry-zip
 ...
+
 ```
 
 :repeat: Since `yahcli:0.4.1` you can add the `--restart-from-failure` option like,
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 58 sysfiles upload software-zip --restart-from-failure
+
 ```
 
 If the hash of the file on the network matches the hash of a prefix of the bytes you're uploading, then yahcli will
 automatically restart the upload after that prefix. For example,
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 58 sysfiles upload software-zip
 Log level is WARN
 Targeting localhost, paying with 0.0.2
 .i. Continuing upload for 0.0.150 with 34 appends already finished (out of 97 appends required)
 ...
+
 ```
 
 ### Checking a special file hash
 
 You can also directly check the SHA-384 hash of a special file with the `sysfiles hash-check` subcommand,
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 58 sysfiles hash-check software-zip
+
 ```
 
 # Preparing an NMT software upgrade
@@ -366,9 +408,14 @@ SHA-384 hash of this ZIP must be given so the nodes can validate the integrity o
 staging its artifacts for NMT to use. This looks like,
 
 ```
+
 $ docker run -it -v $(pwd):/launch gcr.io/hedera-registry/yahcli:0.4.1 -n localhost -p 58 prepare-upgrade \
+
 > --upgrade-zip-hash 5d3b0e619d8513dfbf606ef00a2e83ba97d736f5f5ba61561d895ea83a6d4c34fce05d6cd74c83ec171f710e37e12aab
-```
+>
+> ```
+>
+> ```
 
 # Launching an NMT telemetry upgrade
 

hedera-node/test-clients/yahcli/run/build.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -eo pipefail
 
-TAG=${1:-'0.6.4'}
+TAG=${1:-'0.6.5'}
 SCRIPT_SOURCE="${BASH_SOURCE[0]}"
 
 READLINK_OPTS=""

hedera-node/test-clients/yahcli/run/publish.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -eo pipefail
 
-TAG=${1:-'0.6.4'}
+TAG=${1:-'0.6.5'}
 SCRIPT_SOURCE="${BASH_SOURCE[0]}"
 
 READLINK_OPTS=""