Del remote signer config

evgeny-stakewise · evgeny-stakewise · commit 783483ac896d · 2024-02-03T00:51:26.000+03:00
diff --git a/src/commands/remote_signer_setup.py b/src/commands/remote_signer_setup.py
@@ -6,22 +6,17 @@
 
 import aiohttp
 import click
-import milagro_bls_binding as bls
 from aiohttp import ClientTimeout
 from eth_typing import BLSPrivateKey, HexAddress
-from web3 import Web3
 
 from src.common.credentials import Credential
-from src.common.execution import get_oracles
 from src.common.logging import setup_logging
 from src.common.password import get_or_create_password_file
 from src.common.utils import log_verbose
 from src.common.validators import validate_eth_address
 from src.common.vault_config import VaultConfig
 from src.config.settings import REMOTE_SIGNER_TIMEOUT, settings
 from src.validators.keystores.local import LocalKeystore
-from src.validators.keystores.remote import RemoteSignerKeystore
-from src.validators.signing.key_shares import private_key_to_private_key_shares
 
 
 @click.option(
@@ -39,14 +34,6 @@
     required=True,
     help='The base URL of the remote signer, e.g. http://signer:9000',
 )
-@click.option(
-    '--remove-existing-keys',
-    type=bool,
-    is_flag=True,
-    help='Whether to remove existing keys from the remote signer. Useful'
-    ' when the oracle set changes and the previously generated key shares'
-    ' are no longer going to be used.',
-)
 @click.option(
     '--data-dir',
     default=str(Path.home() / '.stakewise'),
@@ -80,7 +67,6 @@
 def remote_signer_setup(
     vault: HexAddress,
     remote_signer_url: str,
-    remove_existing_keys: bool,
     data_dir: str,
     keystores_dir: str | None,
     execution_endpoints: str,
@@ -105,63 +91,39 @@ def remote_signer_setup(
             asyncio.get_running_loop()
             # we need to create a separate thread so we can block before returning
             with ThreadPoolExecutor(1) as pool:
-                pool.submit(
-                    lambda: asyncio.run(main(remove_existing_keys=remove_existing_keys))
-                ).result()
+                pool.submit(lambda: asyncio.run(main())).result()
         except RuntimeError as e:
             if 'no running event loop' == e.args[0]:
                 # no event loop running
-                asyncio.run(main(remove_existing_keys=remove_existing_keys))
+                asyncio.run(main())
             else:
                 raise e
     except Exception as e:
         log_verbose(e)
 
 
-# pylint: disable-next=too-many-locals
-async def main(remove_existing_keys: bool) -> None:
+async def main() -> None:
     setup_logging()
     keystores = await LocalKeystore.load()
     if len(keystores) == 0:
         raise click.ClickException('Keystores not found.')
 
     # Check if remote signer's keymanager API is reachable before taking further steps
-    async with aiohttp.ClientSession(
-        timeout=ClientTimeout(connect=REMOTE_SIGNER_TIMEOUT)
-    ) as session:
+    async with aiohttp.ClientSession(timeout=ClientTimeout(REMOTE_SIGNER_TIMEOUT)) as session:
         resp = await session.get(f'{settings.remote_signer_url}/eth/v1/keystores')
         if resp.status != 200:
             raise RuntimeError(f'Failed to connect to remote signer, returned {await resp.text()}')
 
-    oracles = await get_oracles()
-
-    try:
-        remote_signer_keystore = RemoteSignerKeystore.load_from_file(
-            settings.remote_signer_config_file
-        )
-    except FileNotFoundError:
-        remote_signer_keystore = RemoteSignerKeystore({})
-
     credentials = []
     for pubkey, private_key in keystores.keys.items():  # pylint: disable=no-member
-        private_key_shares = private_key_to_private_key_shares(
-            private_key=private_key,
-            threshold=oracles.exit_signature_recover_threshold,
-            total=len(oracles.public_keys),
-        )
-
-        for idx, private_key_share in enumerate(private_key_shares):
-            credentials.append(
-                Credential(
-                    private_key=BLSPrivateKey(int.from_bytes(private_key_share, 'big')),
-                    path=f'share_{pubkey}_{idx}',
-                    network=settings.network,
-                    vault=settings.vault,
-                )
+        credentials.append(
+            Credential(
+                private_key=BLSPrivateKey(int.from_bytes(private_key, 'big')),
+                path=f'{pubkey}',  # todo
+                network=settings.network,
+                vault=settings.vault,
             )
-        remote_signer_keystore.pubkeys_to_shares[pubkey] = [
-            Web3.to_hex(bls.SkToPk(priv_key)) for priv_key in private_key_shares
-        ]
+        )
 
     click.echo(
         f'Successfully generated {len(credentials)} key shares'
@@ -170,16 +132,14 @@ async def main(remove_existing_keys: bool) -> None:
 
     # Import as keystores to remote signer
     password = get_or_create_password_file(settings.keystores_password_file)
-    key_share_keystores = []
+    encrypted_keystores = []
     for credential in credentials:
-        key_share_keystores.append(deepcopy(credential.encrypt_signing_keystore(password=password)))
+        encrypted_keystores.append(deepcopy(credential.encrypt_signing_keystore(password=password)))
 
-    async with aiohttp.ClientSession(
-        timeout=ClientTimeout(connect=REMOTE_SIGNER_TIMEOUT)
-    ) as session:
+    async with aiohttp.ClientSession(timeout=ClientTimeout(REMOTE_SIGNER_TIMEOUT)) as session:
         data = {
-            'keystores': [ksk.as_json() for ksk in key_share_keystores],
-            'passwords': [password for _ in key_share_keystores],
+            'keystores': [ks.as_json() for ks in encrypted_keystores],
+            'passwords': [password for _ in encrypted_keystores],
         }
         resp = await session.post(f'{settings.remote_signer_url}/eth/v1/keystores', json=data)
         if resp.status != 200:
@@ -189,7 +149,7 @@ async def main(remove_existing_keys: bool) -> None:
             )
 
     click.echo(
-        f'Successfully imported {len(key_share_keystores)} key shares into remote signer.',
+        f'Successfully imported {len(encrypted_keystores)} keys into remote signer.',
     )
 
     # Remove local keystores - keys are loaded in remote signer and are not
@@ -199,40 +159,6 @@ async def main(remove_existing_keys: bool) -> None:
 
     click.echo('Removed keystores from local filesystem.')
 
-    # Remove outdated keystores from remote signer
-    if remove_existing_keys:
-        active_pubkey_shares = {
-            pk for pk_list in remote_signer_keystore.pubkeys_to_shares.values() for pk in pk_list
-        }
-
-        async with aiohttp.ClientSession(
-            timeout=ClientTimeout(connect=REMOTE_SIGNER_TIMEOUT)
-        ) as session:
-            resp = await session.get(f'{settings.remote_signer_url}/eth/v1/keystores')
-            pubkeys_data = (await resp.json())['data']
-            pubkeys_remote_signer = {
-                pubkey_dict.get('validating_pubkey') for pubkey_dict in pubkeys_data
-            }
-
-            # Only remove pubkeys from signer that are no longer needed
-            inactive_pubkeys = pubkeys_remote_signer - active_pubkey_shares
-
-            resp = await session.delete(
-                f'{settings.remote_signer_url}/eth/v1/keystores',
-                json={'pubkeys': list(inactive_pubkeys)},
-            )
-            if resp.status != 200:
-                raise RuntimeError(
-                    f'Error occurred while deleting existing keys from remote signer'
-                    f' - status code {resp.status}, body: {await resp.text()}'
-                )
-
-            click.echo(
-                f'Removed {len(inactive_pubkeys)} keys from remote signer',
-            )
-
-    remote_signer_keystore.save(settings.remote_signer_config_file)
-
     click.echo(
         f'Done.'
         f' Successfully configured operator to use remote signer'
diff --git a/src/validators/keystores/load.py b/src/validators/keystores/load.py
@@ -5,13 +5,15 @@
 from src.validators.keystores.hashi_vault import HashiVaultKeystore
 from src.validators.keystores.local import LocalKeystore
 from src.validators.keystores.remote import RemoteSignerKeystore
+from src.validators.utils import load_deposit_data
 
 logger = logging.getLogger(__name__)
 
 
 async def load_keystore() -> BaseKeystore:
     if settings.remote_signer_url:
-        remote_keystore = await RemoteSignerKeystore.load()
+        deposit_data = load_deposit_data(settings.vault, settings.deposit_data_file)
+        remote_keystore = RemoteSignerKeystore(deposit_data.public_keys)
         logger.info(
             'Using remote signer at %s for %i public keys',
             settings.remote_signer_url,
diff --git a/src/validators/keystores/remote.py b/src/validators/keystores/remote.py
@@ -1,8 +1,6 @@
 import dataclasses
-import json
 import logging
 from dataclasses import dataclass
-from pathlib import Path
 
 import milagro_bls_binding as bls
 from aiohttp import ClientSession, ClientTimeout
@@ -50,37 +48,21 @@ class VoluntaryExitRequestModel:
 
 
 class RemoteSignerKeystore(BaseKeystore):
-    pubkeys_to_shares: dict[HexStr, list[HexStr]]
-
-    def __init__(self, pubkeys_to_shares: dict[HexStr, list[HexStr]]):
-        self.pubkeys_to_shares = pubkeys_to_shares
+    def __init__(self, public_keys: list[HexStr]):
+        self._public_keys = public_keys
 
     def __bool__(self) -> bool:
-        return len(self.pubkeys_to_shares) > 0
+        return bool(self._public_keys)
 
     def __len__(self) -> int:
-        return len(self.pubkeys_to_shares)
+        return len(self._public_keys)
 
     def __contains__(self, public_key):
-        return public_key in self.pubkeys_to_shares
-
-    @classmethod
-    def load_from_data(cls, data: dict) -> 'RemoteSignerKeystore':
-        return cls._load_data(data)
-
-    @classmethod
-    def load_from_file(cls, path: str | Path) -> 'RemoteSignerKeystore':
-        with open(path, 'r', encoding='utf-8') as f:
-            data = json.load(f)
-        return cls._load_data(data['pubkeys_to_shares'])
+        return public_key in self._public_keys
 
-    @classmethod
-    async def load(cls) -> 'RemoteSignerKeystore':
-        return cls.load_from_file(settings.remote_signer_config_file)
-
-    def save(self, path: str | Path) -> None:
-        with open(path, 'w', encoding='utf-8') as f:
-            json.dump({'pubkeys_to_shares': self.pubkeys_to_shares}, f)
+    @property
+    def public_keys(self) -> list[HexStr]:
+        return self._public_keys
 
     async def get_exit_signature_shards(
         self,
@@ -132,21 +114,6 @@ async def get_exit_signature(
         bls.Verify(BLSPubkey(Web3.to_bytes(hexstr=public_key)), message, exit_signature)
         return exit_signature
 
-    @property
-    def public_keys(self) -> list[HexStr]:
-        return list(self.pubkeys_to_shares.keys())
-
-    @classmethod
-    def _load_data(cls, data: dict) -> 'RemoteSignerKeystore':
-        pubkeys_to_shares = {}
-        for full_pubkey, pubkey_shares in data.items():
-            pubkeys_to_shares[full_pubkey] = [HexStr(s) for s in pubkey_shares]
-
-        if len(pubkeys_to_shares.keys()) == 0:
-            raise RuntimeError('Remote signer config does not contain any pubkeys')
-
-        return RemoteSignerKeystore(pubkeys_to_shares=pubkeys_to_shares)
-
     async def _sign(
         self,
         public_key: BLSPubkey,
diff --git a/src/validators/typings.py b/src/validators/typings.py
@@ -26,6 +26,10 @@ class DepositData:
     validators: list[Validator]
     tree: StandardMerkleTree
 
+    @property
+    def public_keys(self) -> list[HexStr]:
+        return [v.public_key for v in self.validators]
+
 
 @dataclass
 class ExitSignatureShards:
diff --git a/src/validators/utils.py b/src/validators/utils.py
@@ -1,5 +1,6 @@
 import asyncio
 import dataclasses
+import functools
 import json
 import logging
 import random
@@ -131,6 +132,7 @@ async def send_approval_request(
     )
 
 
+@functools.cache
 def load_deposit_data(vault: HexAddress, deposit_data_file: Path) -> DepositData:
     """Loads and verifies deposit data."""
     with open(deposit_data_file, 'r', encoding='utf-8') as f:
