@aztec/cli 5.0.0-nightly.20260703 → 5.0.0-nightly.20260705
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dest/cmds/validator_keys/eth_json_v3_worker.d.ts +2 -0
- package/dest/cmds/validator_keys/eth_json_v3_worker.d.ts.map +1 -0
- package/dest/cmds/validator_keys/eth_json_v3_worker.js +27 -0
- package/dest/cmds/validator_keys/index.d.ts +1 -1
- package/dest/cmds/validator_keys/index.d.ts.map +1 -1
- package/dest/cmds/validator_keys/index.js +2 -1
- package/dest/cmds/validator_keys/new.d.ts +6 -1
- package/dest/cmds/validator_keys/new.d.ts.map +1 -1
- package/dest/cmds/validator_keys/new.js +78 -8
- package/dest/cmds/validator_keys/shared.d.ts +1 -1
- package/dest/cmds/validator_keys/shared.d.ts.map +1 -1
- package/dest/cmds/validator_keys/shared.js +66 -23
- package/package.json +30 -30
- package/src/cmds/validator_keys/eth_json_v3_worker.ts +30 -0
- package/src/cmds/validator_keys/index.ts +18 -4
- package/src/cmds/validator_keys/new.ts +107 -8
- package/src/cmds/validator_keys/shared.ts +86 -34
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"eth_json_v3_worker.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/eth_json_v3_worker.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import { Wallet } from '@ethersproject/wallet';
|
|
2
|
+
import { parentPort, workerData } from 'worker_threads';
|
|
3
|
+
function serializeError(error) {
|
|
4
|
+
if (error instanceof Error) {
|
|
5
|
+
return {
|
|
6
|
+
message: error.message,
|
|
7
|
+
name: error.name,
|
|
8
|
+
stack: error.stack
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
return {
|
|
12
|
+
message: String(error)
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
void (async ()=>{
|
|
16
|
+
try {
|
|
17
|
+
const { privateKeyHex, password } = workerData;
|
|
18
|
+
const json = await new Wallet(privateKeyHex).encrypt(password);
|
|
19
|
+
parentPort?.postMessage({
|
|
20
|
+
json
|
|
21
|
+
});
|
|
22
|
+
} catch (error) {
|
|
23
|
+
parentPort?.postMessage({
|
|
24
|
+
error: serializeError(error)
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
})();
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import type { LogFn } from '@aztec/foundation/log';
|
|
2
2
|
import { Command } from 'commander';
|
|
3
3
|
export declare function injectCommands(program: Command, log: LogFn): Command;
|
|
4
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
4
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jbWRzL3ZhbGlkYXRvcl9rZXlzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxFQUFFLEtBQUssRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBRW5ELE9BQU8sRUFBRSxPQUFPLEVBQVUsTUFBTSxXQUFXLENBQUM7QUFLNUMsd0JBQWdCLGNBQWMsQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxLQUFLLFdBb0oxRCJ9
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAEnD,OAAO,EAAE,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAEnD,OAAO,EAAE,OAAO,EAAU,MAAM,WAAW,CAAC;AAK5C,wBAAgB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,WAoJ1D"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { Option } from 'commander';
|
|
1
2
|
import { parseAztecAddress, parseEthereumAddress, parseHex, parseOptionalInteger } from '../../utils/commands.js';
|
|
2
3
|
import { defaultBlsPath } from './utils.js';
|
|
3
4
|
export function injectCommands(program, log) {
|
|
@@ -7,7 +8,7 @@ export function injectCommands(program, log) {
|
|
|
7
8
|
]).description('Manage validator keystores for node operators');
|
|
8
9
|
group.command('new').summary('Generate a new validator keystore JSON').description('Generates a new validator keystore with ETH secp256k1 accounts and optional BLS accounts').option('--data-dir <path>', 'Directory to store keystore(s). Defaults to ~/.aztec/keystore').option('--file <name>', 'Keystore file name. Defaults to key1.json (or keyN.json if key1.json exists)').option('--count <N>', 'Number of validators to generate', parseOptionalInteger).option('--publisher-count <N>', 'Number of publisher accounts per validator (default 0)', (value)=>parseOptionalInteger(value, 0)).option('--publishers <privateKeys>', 'Comma-separated list of publisher private keys for all validators.', (value)=>value.split(',').map((key)=>key.trim())).option('--mnemonic <mnemonic>', 'Mnemonic for ETH/BLS derivation').option('--passphrase <str>', 'Optional passphrase for mnemonic').option('--account-index <N>', 'Base account index for ETH/BLS derivation', parseOptionalInteger).option('--address-index <N>', 'Base address index for ETH/BLS derivation', parseOptionalInteger).option('--coinbase <address>', 'Coinbase ETH address to use when proposing. Defaults to attester address.', parseEthereumAddress)// TODO: add funding account back in when implemented
|
|
9
10
|
// .option('--funding-account <privateKey|address>', 'ETH private key (or address for remote signer setup) to fund publishers')
|
|
10
|
-
.option('--remote-signer <url>', 'Default remote signer URL for accounts in this file').option('--ikm <hex>', 'Initial keying material for BLS (alternative to mnemonic)', (value)=>parseHex(value, 32)).option('--bls-path <path>', `EIP-2334 path (default ${defaultBlsPath})`).option('--password <str>', 'Password for writing keystore files
|
|
11
|
+
.option('--remote-signer <url>', 'Default remote signer URL for accounts in this file').option('--ikm <hex>', 'Initial keying material for BLS (alternative to mnemonic)', (value)=>parseHex(value, 32)).option('--bls-path <path>', `EIP-2334 path (default ${defaultBlsPath})`).addOption(new Option('--password <str>', 'Shared password for writing ETH JSON V3 and BLS EIP-2335 keystore files').env('AZTEC_KEYSTORE_PASSWORD')).option('--password-file <path>', 'File containing the shared password for writing keystore files').addOption(new Option('--eth-password <str>', 'Password for writing ETH JSON V3 keystore files').env('AZTEC_ETH_KEYSTORE_PASSWORD')).option('--eth-password-file <path>', 'File containing the password for writing ETH JSON V3 keystore files').addOption(new Option('--bls-password <str>', 'Password for writing BLS EIP-2335 keystore files').env('AZTEC_BLS_KEYSTORE_PASSWORD')).option('--bls-password-file <path>', 'File containing the password for writing BLS EIP-2335 keystore files').option('--encrypted-keystore-dir <dir>', 'Output directory for encrypted keystore file(s)').option('--json', 'Echo resulting JSON to stdout').option('--staker-output', 'Generate a single staker output JSON file with an array of validator entries').option('--gse-address <address>', 'GSE contract address (required with --staker-output)', parseEthereumAddress).option('--l1-rpc-urls <urls>', 'L1 RPC URLs (comma-separated, required with --staker-output)', (value)=>value.split(',')).option('-c, --l1-chain-id <number>', 'L1 chain ID (required with --staker-output)', (value)=>parseInt(value), 31337).requiredOption('--fee-recipient <address>', 'Aztec address that will receive fees', parseAztecAddress).action(async (options)=>{
|
|
11
12
|
const { newValidatorKeystore } = await import('./new.js');
|
|
12
13
|
await newValidatorKeystore(options, log);
|
|
13
14
|
});
|
|
@@ -15,6 +15,11 @@ export type NewValidatorKeystoreOptions = {
|
|
|
15
15
|
ikm?: string;
|
|
16
16
|
blsPath?: string;
|
|
17
17
|
password?: string;
|
|
18
|
+
passwordFile?: string;
|
|
19
|
+
ethPassword?: string;
|
|
20
|
+
ethPasswordFile?: string;
|
|
21
|
+
blsPassword?: string;
|
|
22
|
+
blsPasswordFile?: string;
|
|
18
23
|
encryptedKeystoreDir?: string;
|
|
19
24
|
json?: boolean;
|
|
20
25
|
feeRecipient: AztecAddress;
|
|
@@ -26,4 +31,4 @@ export type NewValidatorKeystoreOptions = {
|
|
|
26
31
|
l1ChainId?: number;
|
|
27
32
|
};
|
|
28
33
|
export declare function newValidatorKeystore(options: NewValidatorKeystoreOptions, log: LogFn): Promise<void>;
|
|
29
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
34
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV3LmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY21kcy92YWxpZGF0b3Jfa2V5cy9uZXcudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBR0EsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDaEUsT0FBTyxLQUFLLEVBQUUsS0FBSyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDbkQsT0FBTyxLQUFLLEVBQUUsWUFBWSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUF5QmhFLE1BQU0sTUFBTSwyQkFBMkIsR0FBRztJQUN4QyxPQUFPLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDakIsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2QsS0FBSyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2YsY0FBYyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ3hCLFVBQVUsQ0FBQyxFQUFFLE1BQU0sRUFBRSxDQUFDO0lBQ3RCLFFBQVEsQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNsQixVQUFVLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDcEIsWUFBWSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ3RCLFlBQVksQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUN0QixpQkFBaUIsQ0FBQyxFQUFFLE9BQU8sQ0FBQztJQUM1QixHQUFHLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDYixPQUFPLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDakIsUUFBUSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2xCLFlBQVksQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUN0QixXQUFXLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDckIsZUFBZSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ3pCLFdBQVcsQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNyQixlQUFlLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDekIsb0JBQW9CLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDOUIsSUFBSSxDQUFDLEVBQUUsT0FBTyxDQUFDO0lBQ2YsWUFBWSxFQUFFLFlBQVksQ0FBQztJQUMzQixRQUFRLENBQUMsRUFBRSxVQUFVLENBQUM7SUFDdEIsWUFBWSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ3RCLFlBQVksQ0FBQyxFQUFFLE9BQU8sQ0FBQztJQUN2QixVQUFVLENBQUMsRUFBRSxVQUFVLENBQUM7SUFDeEIsU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUM7SUFDckIsU0FBUyxDQUFDLEVBQUUsTUFBTSxDQUFDO0NBQ3BCLENBQUM7QUFrRkYsd0JBQXNCLG9CQUFvQixDQUFDLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxHQUFHLEVBQUUsS0FBSyxpQkFxSzFGIn0=
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"new.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/new.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAyBhE,MAAM,MAAM,2BAA2B,GAAG;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,YAAY,CAAC;IAC3B,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;
|
|
1
|
+
{"version":3,"file":"new.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/new.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAyBhE,MAAM,MAAM,2BAA2B,GAAG;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,YAAY,CAAC;IAC3B,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAkFF,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,EAAE,GAAG,EAAE,KAAK,iBAqK1F"}
|
|
@@ -2,13 +2,74 @@ import { prettyPrintJSON } from '@aztec/cli/utils';
|
|
|
2
2
|
import { createEthereumChain } from '@aztec/ethereum/chain';
|
|
3
3
|
import { GSEContract } from '@aztec/ethereum/contracts';
|
|
4
4
|
import { wordlist } from '@scure/bip39/wordlists/english.js';
|
|
5
|
-
import { writeFile } from 'fs/promises';
|
|
5
|
+
import { readFile, writeFile } from 'fs/promises';
|
|
6
6
|
import { basename, dirname, join } from 'path';
|
|
7
7
|
import { createPublicClient, fallback, http } from 'viem';
|
|
8
8
|
import { generateMnemonic, mnemonicToAccount } from 'viem/accounts';
|
|
9
9
|
import { buildValidatorEntries, logValidatorSummaries, maybePrintJson, resolveKeystoreOutputPath, writeBlsBn254ToFile, writeEthJsonV3ToFile, writeKeystoreFile } from './shared.js';
|
|
10
10
|
import { processAttesterAccounts } from './staker.js';
|
|
11
11
|
import { validateBlsPathOptions, validatePublisherOptions, validateRemoteSignerOptions, validateStakerOutputOptions } from './utils.js';
|
|
12
|
+
function validatePassword(password, source) {
|
|
13
|
+
if (password.length === 0) {
|
|
14
|
+
throw new Error(`${source} cannot be empty`);
|
|
15
|
+
}
|
|
16
|
+
return password;
|
|
17
|
+
}
|
|
18
|
+
function stripOneTrailingNewline(password) {
|
|
19
|
+
if (password.endsWith('\n')) {
|
|
20
|
+
password = password.slice(0, -1);
|
|
21
|
+
}
|
|
22
|
+
if (password.endsWith('\r')) {
|
|
23
|
+
password = password.slice(0, -1);
|
|
24
|
+
}
|
|
25
|
+
return password;
|
|
26
|
+
}
|
|
27
|
+
async function resolvePasswordSource(source) {
|
|
28
|
+
if (source.password !== undefined && source.passwordFile !== undefined) {
|
|
29
|
+
throw new Error(`${source.passwordOption} and ${source.passwordFileOption} cannot be used together`);
|
|
30
|
+
}
|
|
31
|
+
if (source.password !== undefined) {
|
|
32
|
+
return validatePassword(source.password, source.passwordOption);
|
|
33
|
+
}
|
|
34
|
+
if (source.passwordFile !== undefined) {
|
|
35
|
+
if (source.passwordFile.length === 0) {
|
|
36
|
+
throw new Error(`${source.passwordFileOption} cannot be empty`);
|
|
37
|
+
}
|
|
38
|
+
const password = stripOneTrailingNewline(await readFile(source.passwordFile, 'utf-8'));
|
|
39
|
+
return validatePassword(password, source.passwordFileOption);
|
|
40
|
+
}
|
|
41
|
+
return undefined;
|
|
42
|
+
}
|
|
43
|
+
async function resolvePasswords(options) {
|
|
44
|
+
const sharedPassword = await resolvePasswordSource({
|
|
45
|
+
password: options.password,
|
|
46
|
+
passwordFile: options.passwordFile,
|
|
47
|
+
passwordOption: '--password',
|
|
48
|
+
passwordFileOption: '--password-file'
|
|
49
|
+
});
|
|
50
|
+
const ethPassword = await resolvePasswordSource({
|
|
51
|
+
password: options.ethPassword,
|
|
52
|
+
passwordFile: options.ethPasswordFile,
|
|
53
|
+
passwordOption: '--eth-password',
|
|
54
|
+
passwordFileOption: '--eth-password-file'
|
|
55
|
+
}) ?? sharedPassword;
|
|
56
|
+
const blsPassword = await resolvePasswordSource({
|
|
57
|
+
password: options.blsPassword,
|
|
58
|
+
passwordFile: options.blsPasswordFile,
|
|
59
|
+
passwordOption: '--bls-password',
|
|
60
|
+
passwordFileOption: '--bls-password-file'
|
|
61
|
+
}) ?? sharedPassword;
|
|
62
|
+
if (ethPassword === undefined && blsPassword === undefined) {
|
|
63
|
+
return {};
|
|
64
|
+
}
|
|
65
|
+
if (ethPassword === undefined || blsPassword === undefined) {
|
|
66
|
+
throw new Error('Both ETH and BLS passwords are required when writing encrypted keystores. Provide --password to use one password for both, or provide both --eth-password and --bls-password.');
|
|
67
|
+
}
|
|
68
|
+
return {
|
|
69
|
+
ethPassword,
|
|
70
|
+
blsPassword
|
|
71
|
+
};
|
|
72
|
+
}
|
|
12
73
|
export async function newValidatorKeystore(options, log) {
|
|
13
74
|
// validate bls-path inputs before proceeding with key generation
|
|
14
75
|
validateBlsPathOptions(options);
|
|
@@ -18,9 +79,18 @@ export async function newValidatorKeystore(options, log) {
|
|
|
18
79
|
validatePublisherOptions(options);
|
|
19
80
|
// validate remote signer options
|
|
20
81
|
validateRemoteSignerOptions(options);
|
|
21
|
-
const { dataDir, file, count, publisherCount = 0, publishers, json, coinbase, accountIndex = 0, addressIndex = 0, feeRecipient, remoteSigner, blsPath, ikm, mnemonic: _mnemonic, password, encryptedKeystoreDir, stakerOutput, gseAddress, l1RpcUrls, l1ChainId } = options;
|
|
82
|
+
const { dataDir, file, count, publisherCount = 0, publishers, json, coinbase, accountIndex = 0, addressIndex = 0, feeRecipient, remoteSigner, blsPath, ikm, mnemonic: _mnemonic, password: passwordOption, passwordFile, ethPassword: ethPasswordOption, ethPasswordFile, blsPassword: blsPasswordOption, blsPasswordFile, encryptedKeystoreDir, stakerOutput, gseAddress, l1RpcUrls, l1ChainId } = options;
|
|
83
|
+
const { ethPassword, blsPassword } = await resolvePasswords({
|
|
84
|
+
password: passwordOption,
|
|
85
|
+
passwordFile,
|
|
86
|
+
ethPassword: ethPasswordOption,
|
|
87
|
+
ethPasswordFile,
|
|
88
|
+
blsPassword: blsPasswordOption,
|
|
89
|
+
blsPasswordFile
|
|
90
|
+
});
|
|
91
|
+
const shouldEncryptKeystores = ethPassword !== undefined && blsPassword !== undefined;
|
|
22
92
|
const mnemonic = _mnemonic ?? generateMnemonic(wordlist);
|
|
23
|
-
if (!_mnemonic && !json) {
|
|
93
|
+
if (!_mnemonic && !json && !shouldEncryptKeystores) {
|
|
24
94
|
log('No mnemonic provided, generating new one...');
|
|
25
95
|
log(`Using new mnemonic:`);
|
|
26
96
|
log('');
|
|
@@ -44,15 +114,15 @@ export async function newValidatorKeystore(options, log) {
|
|
|
44
114
|
remoteSigner
|
|
45
115
|
});
|
|
46
116
|
// If password provided, write ETH JSON V3 and BLS BN254 keystores and replace plaintext
|
|
47
|
-
if (
|
|
117
|
+
if (shouldEncryptKeystores) {
|
|
48
118
|
const encryptedKeystoreOutDir = encryptedKeystoreDir && encryptedKeystoreDir.length > 0 ? encryptedKeystoreDir : keystoreOutDir;
|
|
49
119
|
await writeEthJsonV3ToFile(validators, {
|
|
50
120
|
outDir: encryptedKeystoreOutDir,
|
|
51
|
-
password
|
|
121
|
+
password: ethPassword
|
|
52
122
|
});
|
|
53
123
|
await writeBlsBn254ToFile(validators, {
|
|
54
124
|
outDir: encryptedKeystoreOutDir,
|
|
55
|
-
password
|
|
125
|
+
password: blsPassword
|
|
56
126
|
});
|
|
57
127
|
}
|
|
58
128
|
const keystore = {
|
|
@@ -76,7 +146,7 @@ export async function newValidatorKeystore(options, log) {
|
|
|
76
146
|
// Process each validator
|
|
77
147
|
for(let i = 0; i < validators.length; i++){
|
|
78
148
|
const validator = validators[i];
|
|
79
|
-
const outputs = await processAttesterAccounts(validator.attester, gse
|
|
149
|
+
const outputs = await processAttesterAccounts(validator.attester, gse);
|
|
80
150
|
// Collect all staker outputs
|
|
81
151
|
for(let j = 0; j < outputs.length; j++){
|
|
82
152
|
allStakerOutputs.push(outputs[j]);
|
|
@@ -88,7 +158,7 @@ export async function newValidatorKeystore(options, log) {
|
|
|
88
158
|
await writeFile(stakerOutputPath, prettyPrintJSON(allStakerOutputs), 'utf-8');
|
|
89
159
|
}
|
|
90
160
|
}
|
|
91
|
-
const outputData = !_mnemonic ? {
|
|
161
|
+
const outputData = !_mnemonic && !shouldEncryptKeystores ? {
|
|
92
162
|
...keystore,
|
|
93
163
|
generatedMnemonic: mnemonic
|
|
94
164
|
} : keystore;
|
|
@@ -65,4 +65,4 @@ export declare function writeEthJsonV3ToFile(validators: ValidatorKeyStore[], op
|
|
|
65
65
|
outDir: string;
|
|
66
66
|
password: string;
|
|
67
67
|
}): Promise<void>;
|
|
68
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
68
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2hhcmVkLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY21kcy92YWxpZGF0b3Jfa2V5cy9zaGFyZWQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDaEUsT0FBTyxLQUFLLEVBQUUsS0FBSyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDbkQsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLGFBQWEsRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQy9GLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBMkRoRSxNQUFNLE1BQU0sZ0JBQWdCLEdBQUc7SUFBRSxXQUFXLENBQUMsRUFBRSxNQUFNLENBQUM7SUFBQyxXQUFXLENBQUMsRUFBRSxNQUFNLENBQUM7SUFBQyxZQUFZLENBQUMsRUFBRSxNQUFNLEVBQUUsQ0FBQTtDQUFFLENBQUM7QUFFdkcsTUFBTSxNQUFNLG9CQUFvQixHQUFHO0lBQ2pDLGNBQWMsRUFBRSxNQUFNLENBQUM7SUFDdkIsY0FBYyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ3hCLFVBQVUsQ0FBQyxFQUFFLE1BQU0sRUFBRSxDQUFDO0lBQ3RCLFlBQVksRUFBRSxNQUFNLENBQUM7SUFDckIsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDO0lBQ3pCLFFBQVEsRUFBRSxNQUFNLENBQUM7SUFDakIsR0FBRyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2IsT0FBTyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2pCLFlBQVksRUFBRSxZQUFZLENBQUM7SUFDM0IsUUFBUSxDQUFDLEVBQUUsVUFBVSxDQUFDO0lBQ3RCLFlBQVksQ0FBQyxFQUFFLE1BQU0sQ0FBQztDQUN2QixDQUFDO0FBRUYsd0JBQWdCLGtCQUFrQixDQUFDLElBQUksRUFBRSxNQUFNLEVBQUUsWUFBWSxHQUFFLE1BQVUsRUFBRSxZQUFZLEdBQUUsTUFBVSxVQXFCbEc7QUFFRDs7OztHQUlHO0FBQ0gsd0JBQXNCLDZCQUE2QixDQUFDLGFBQWEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUUxRjtBQUVELHdCQUFnQixpQkFBaUIsQ0FDL0IsUUFBUSxFQUFFLE1BQU0sRUFDaEIsZ0JBQWdCLEVBQUUsTUFBTSxFQUN4QixZQUFZLEVBQUUsTUFBTSxFQUNwQixZQUFZLENBQUMsRUFBRSxNQUFNLEdBQ3BCLFVBQVUsR0FBRyxhQUFhLENBSzVCO0FBRUQsd0JBQXNCLHFCQUFxQixDQUFDLEtBQUssRUFBRSxvQkFBb0I7OztHQXVFdEU7QUFFRCx3QkFBc0IseUJBQXlCLENBQUMsT0FBTyxDQUFDLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxFQUFFLE1BQU07OztHQW9COUU7QUFFRCx3QkFBc0IsaUJBQWlCLENBQUMsSUFBSSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsT0FBTyxpQkFHdEU7QUFFRCx3QkFBZ0IscUJBQXFCLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsUUFzQjlFO0FBRUQsd0JBQWdCLGNBQWMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxPQUFPLEdBQUcsU0FBUyxFQUFFLEdBQUcsRUFBRSxPQUFPLFFBSXJGO0FBRUQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCx3QkFBc0IscUJBQXFCLENBQ3pDLE1BQU0sRUFBRSxNQUFNLEVBQ2QsWUFBWSxFQUFFLE1BQU0sRUFDcEIsUUFBUSxFQUFFLE1BQU0sRUFDaEIsYUFBYSxFQUFFLE1BQU0sRUFDckIsU0FBUyxFQUFFLE1BQU0sRUFDakIsY0FBYyxFQUFFLE1BQU0sR0FDckIsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQVNqQjtBQUVELHlHQUF5RztBQUN6Ryx3QkFBc0IsbUJBQW1CLENBQ3ZDLFVBQVUsRUFBRSxpQkFBaUIsRUFBRSxFQUMvQixPQUFPLEVBQUU7SUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDO0lBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLE1BQU0sQ0FBQTtDQUFFLEdBQzlELE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0F3QmY7QUFFRCw4RUFBOEU7QUFDOUUsd0JBQXNCLHNCQUFzQixDQUMxQyxNQUFNLEVBQUUsTUFBTSxFQUNkLFlBQVksRUFBRSxNQUFNLEVBQ3BCLFFBQVEsRUFBRSxNQUFNLEVBQ2hCLGFBQWEsRUFBRSxNQUFNLEdBQ3BCLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FPakI7QUFFRCxrR0FBa0c7QUFDbEcsd0JBQXNCLG9CQUFvQixDQUN4QyxVQUFVLEVBQUUsaUJBQWlCLEVBQUUsRUFDL0IsT0FBTyxFQUFFO0lBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUFDLFFBQVEsRUFBRSxNQUFNLENBQUE7Q0FBRSxHQUM1QyxPQUFPLENBQUMsSUFBSSxDQUFDLENBeUNmIn0=
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/shared.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../../../src/cmds/validator_keys/shared.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AA2DhE,MAAM,MAAM,gBAAgB,GAAG;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC;AAEvG,MAAM,MAAM,oBAAoB,GAAG;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,YAAY,CAAC;IAC3B,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,GAAE,MAAU,EAAE,YAAY,GAAE,MAAU,UAqBlG;AAED;;;;GAIG;AACH,wBAAsB,6BAA6B,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAE1F;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EACxB,YAAY,EAAE,MAAM,EACpB,YAAY,CAAC,EAAE,MAAM,GACpB,UAAU,GAAG,aAAa,CAK5B;AAED,wBAAsB,qBAAqB,CAAC,KAAK,EAAE,oBAAoB;;;GAuEtE;AAED,wBAAsB,yBAAyB,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM;;;GAoB9E;AAED,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,iBAGtE;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,QAsB9E;AAED,wBAAgB,cAAc,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,GAAG,SAAS,EAAE,GAAG,EAAE,OAAO,QAIrF;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,yGAAyG;AACzG,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,iBAAiB,EAAE,EAC/B,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9D,OAAO,CAAC,IAAI,CAAC,CAwBf;AAED,8EAA8E;AAC9E,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAOjB;AAED,kGAAkG;AAClG,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,iBAAiB,EAAE,EAC/B,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC5C,OAAO,CAAC,IAAI,CAAC,CAyCf"}
|
|
@@ -1,14 +1,58 @@
|
|
|
1
1
|
import { prettyPrintJSON } from '@aztec/cli/utils';
|
|
2
|
+
import { asyncPool } from '@aztec/foundation/async-pool';
|
|
2
3
|
import { deriveBlsPrivateKey } from '@aztec/foundation/crypto/bls';
|
|
3
4
|
import { createBn254Keystore } from '@aztec/foundation/crypto/bls/bn254_keystore';
|
|
4
5
|
import { computeBn254G1PublicKeyCompressed } from '@aztec/foundation/crypto/bn254';
|
|
5
6
|
import { Wallet } from '@ethersproject/wallet';
|
|
6
7
|
import { constants as fsConstants, mkdirSync } from 'fs';
|
|
7
8
|
import { access, writeFile } from 'fs/promises';
|
|
8
|
-
import { homedir } from 'os';
|
|
9
|
+
import { availableParallelism, homedir } from 'os';
|
|
9
10
|
import { dirname, isAbsolute, join } from 'path';
|
|
10
11
|
import { mnemonicToAccount } from 'viem/accounts';
|
|
12
|
+
import { Worker } from 'worker_threads';
|
|
11
13
|
import { defaultBlsPath } from './utils.js';
|
|
14
|
+
// ethers' default scrypt parameters use substantial memory, so keep worker fan-out bounded.
|
|
15
|
+
const maxEthKeystoreWorkers = Math.max(1, Math.min(4, availableParallelism()));
|
|
16
|
+
function deserializeWorkerError(error) {
|
|
17
|
+
const result = new Error(error.message);
|
|
18
|
+
result.name = error.name ?? result.name;
|
|
19
|
+
result.stack = error.stack;
|
|
20
|
+
return result;
|
|
21
|
+
}
|
|
22
|
+
function encryptEthJsonV3InWorker(privateKeyHex, password) {
|
|
23
|
+
return new Promise((resolve, reject)=>{
|
|
24
|
+
const worker = new Worker(new URL('./eth_json_v3_worker.js', import.meta.url), {
|
|
25
|
+
workerData: {
|
|
26
|
+
privateKeyHex,
|
|
27
|
+
password
|
|
28
|
+
}
|
|
29
|
+
});
|
|
30
|
+
let settled = false;
|
|
31
|
+
worker.once('message', (result)=>{
|
|
32
|
+
settled = true;
|
|
33
|
+
if ('json' in result) {
|
|
34
|
+
resolve(result.json);
|
|
35
|
+
} else {
|
|
36
|
+
reject(deserializeWorkerError(result.error));
|
|
37
|
+
}
|
|
38
|
+
});
|
|
39
|
+
worker.once('error', (error)=>{
|
|
40
|
+
settled = true;
|
|
41
|
+
reject(error);
|
|
42
|
+
});
|
|
43
|
+
worker.once('exit', (code)=>{
|
|
44
|
+
if (!settled) {
|
|
45
|
+
reject(new Error(`ETH JSON V3 worker stopped with exit code ${code}`));
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
async function encryptEthJsonV3(privateKeyHex, password) {
|
|
51
|
+
if (process.env.JEST_WORKER_ID !== undefined) {
|
|
52
|
+
return await new Wallet(privateKeyHex).encrypt(password);
|
|
53
|
+
}
|
|
54
|
+
return await encryptEthJsonV3InWorker(privateKeyHex, password);
|
|
55
|
+
}
|
|
12
56
|
export function withValidatorIndex(path, accountIndex = 0, addressIndex = 0) {
|
|
13
57
|
// NOTE: The legacy BLS CLI is to allow users who generated keys in 2.1.4 to be able to use the same command
|
|
14
58
|
// to re-generate their keys. In 2.1.5 we switched how we append addresses to the path so this is to maintain backwards compatibility.
|
|
@@ -188,7 +232,7 @@ export function maybePrintJson(log, jsonFlag, obj) {
|
|
|
188
232
|
mkdirSync(outDir, {
|
|
189
233
|
recursive: true
|
|
190
234
|
});
|
|
191
|
-
const keystore = createBn254Keystore(password, privateKeyHex, pubkeyHex, derivationPath);
|
|
235
|
+
const keystore = await createBn254Keystore(password, privateKeyHex, pubkeyHex, derivationPath);
|
|
192
236
|
const safeBase = fileNameBase.replace(/[^a-zA-Z0-9_-]/g, '_');
|
|
193
237
|
const outPath = join(outDir, `keystore-${safeBase}.json`);
|
|
194
238
|
await writeFile(outPath, JSON.stringify(keystore, null, 2), {
|
|
@@ -197,16 +241,15 @@ export function maybePrintJson(log, jsonFlag, obj) {
|
|
|
197
241
|
return outPath;
|
|
198
242
|
}
|
|
199
243
|
/** Replace plaintext BLS keys in validators with { path, password } pointing to BN254 keystore files. */ export async function writeBlsBn254ToFile(validators, options) {
|
|
200
|
-
|
|
201
|
-
const v = validators[i];
|
|
244
|
+
await Promise.all(validators.map(async (v, i)=>{
|
|
202
245
|
if (!v || typeof v !== 'object' || !('attester' in v)) {
|
|
203
|
-
|
|
246
|
+
return;
|
|
204
247
|
}
|
|
205
248
|
const att = v.attester;
|
|
206
249
|
// Shapes: { bls: <hex> } or { eth: <ethAccount>, bls?: <hex> } or plain EthAccount
|
|
207
250
|
const blsKey = typeof att === 'object' && 'bls' in att ? att.bls : undefined;
|
|
208
251
|
if (!blsKey || typeof blsKey !== 'string') {
|
|
209
|
-
|
|
252
|
+
return;
|
|
210
253
|
}
|
|
211
254
|
const pub = await computeBlsPublicKeyCompressed(blsKey);
|
|
212
255
|
const path = options.blsPath ?? defaultBlsPath;
|
|
@@ -218,15 +261,14 @@ export function maybePrintJson(log, jsonFlag, obj) {
|
|
|
218
261
|
password: options.password
|
|
219
262
|
};
|
|
220
263
|
}
|
|
221
|
-
}
|
|
264
|
+
}));
|
|
222
265
|
}
|
|
223
266
|
/** Writes an Ethereum JSON V3 keystore using ethers, returns absolute path */ export async function writeEthJsonV3Keystore(outDir, fileNameBase, password, privateKeyHex) {
|
|
224
267
|
const safeBase = fileNameBase.replace(/[^a-zA-Z0-9_-]/g, '_');
|
|
225
268
|
mkdirSync(outDir, {
|
|
226
269
|
recursive: true
|
|
227
270
|
});
|
|
228
|
-
const
|
|
229
|
-
const json = await wallet.encrypt(password);
|
|
271
|
+
const json = await encryptEthJsonV3(privateKeyHex, password);
|
|
230
272
|
const outPath = join(outDir, `keystore-eth-${safeBase}.json`);
|
|
231
273
|
await writeFile(outPath, json, {
|
|
232
274
|
encoding: 'utf-8'
|
|
@@ -234,16 +276,18 @@ export function maybePrintJson(log, jsonFlag, obj) {
|
|
|
234
276
|
return outPath;
|
|
235
277
|
}
|
|
236
278
|
/** Replace plaintext ETH keys in validators with { path, password } pointing to JSON V3 files. */ export async function writeEthJsonV3ToFile(validators, options) {
|
|
237
|
-
const
|
|
279
|
+
const tasks = [];
|
|
280
|
+
const maybeQueueEncryptEth = (account, label, setEncryptedAccount)=>{
|
|
238
281
|
if (typeof account === 'string' && account.startsWith('0x') && account.length === 66) {
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
282
|
+
tasks.push(async ()=>{
|
|
283
|
+
const fileBase = `${label}_${account.slice(2, 10)}`;
|
|
284
|
+
const path = await writeEthJsonV3Keystore(options.outDir, fileBase, options.password, account);
|
|
285
|
+
setEncryptedAccount({
|
|
286
|
+
path,
|
|
287
|
+
password: options.password
|
|
288
|
+
});
|
|
289
|
+
});
|
|
245
290
|
}
|
|
246
|
-
return account;
|
|
247
291
|
};
|
|
248
292
|
for(let i = 0; i < validators.length; i++){
|
|
249
293
|
const v = validators[i];
|
|
@@ -253,22 +297,21 @@ export function maybePrintJson(log, jsonFlag, obj) {
|
|
|
253
297
|
// attester may be string (eth), object with eth, or remote signer
|
|
254
298
|
const att = v.attester;
|
|
255
299
|
if (typeof att === 'string') {
|
|
256
|
-
|
|
300
|
+
maybeQueueEncryptEth(att, `attester_${i + 1}`, (account)=>v.attester = account);
|
|
257
301
|
} else if (att && typeof att === 'object' && 'eth' in att) {
|
|
258
|
-
|
|
302
|
+
maybeQueueEncryptEth(att.eth, `attester_${i + 1}`, (account)=>att.eth = account);
|
|
259
303
|
}
|
|
260
304
|
// publisher can be single or array
|
|
261
305
|
if ('publisher' in v) {
|
|
262
306
|
const pub = v.publisher;
|
|
263
307
|
if (Array.isArray(pub)) {
|
|
264
|
-
const out = [];
|
|
265
308
|
for(let j = 0; j < pub.length; j++){
|
|
266
|
-
|
|
309
|
+
maybeQueueEncryptEth(pub[j], `publisher_${i + 1}_${j + 1}`, (account)=>pub[j] = account);
|
|
267
310
|
}
|
|
268
|
-
v.publisher = out;
|
|
269
311
|
} else if (pub !== undefined) {
|
|
270
|
-
|
|
312
|
+
maybeQueueEncryptEth(pub, `publisher_${i + 1}`, (account)=>v.publisher = account);
|
|
271
313
|
}
|
|
272
314
|
}
|
|
273
315
|
}
|
|
316
|
+
await asyncPool(maxEthKeystoreWorkers, tasks, (task)=>task());
|
|
274
317
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aztec/cli",
|
|
3
|
-
"version": "5.0.0-nightly.
|
|
3
|
+
"version": "5.0.0-nightly.20260705",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"exports": {
|
|
6
6
|
"./contracts": "./dest/cmds/contracts/index.js",
|
|
@@ -77,23 +77,23 @@
|
|
|
77
77
|
]
|
|
78
78
|
},
|
|
79
79
|
"dependencies": {
|
|
80
|
-
"@aztec/accounts": "5.0.0-nightly.
|
|
81
|
-
"@aztec/archiver": "5.0.0-nightly.
|
|
82
|
-
"@aztec/aztec.js": "5.0.0-nightly.
|
|
83
|
-
"@aztec/constants": "5.0.0-nightly.
|
|
84
|
-
"@aztec/entrypoints": "5.0.0-nightly.
|
|
85
|
-
"@aztec/ethereum": "5.0.0-nightly.
|
|
86
|
-
"@aztec/foundation": "5.0.0-nightly.
|
|
87
|
-
"@aztec/l1-artifacts": "5.0.0-nightly.
|
|
88
|
-
"@aztec/node-keystore": "5.0.0-nightly.
|
|
89
|
-
"@aztec/node-lib": "5.0.0-nightly.
|
|
90
|
-
"@aztec/p2p": "5.0.0-nightly.
|
|
91
|
-
"@aztec/protocol-contracts": "5.0.0-nightly.
|
|
92
|
-
"@aztec/sequencer-client": "5.0.0-nightly.
|
|
93
|
-
"@aztec/slasher": "5.0.0-nightly.
|
|
94
|
-
"@aztec/stdlib": "5.0.0-nightly.
|
|
95
|
-
"@aztec/wallets": "5.0.0-nightly.
|
|
96
|
-
"@aztec/world-state": "5.0.0-nightly.
|
|
80
|
+
"@aztec/accounts": "5.0.0-nightly.20260705",
|
|
81
|
+
"@aztec/archiver": "5.0.0-nightly.20260705",
|
|
82
|
+
"@aztec/aztec.js": "5.0.0-nightly.20260705",
|
|
83
|
+
"@aztec/constants": "5.0.0-nightly.20260705",
|
|
84
|
+
"@aztec/entrypoints": "5.0.0-nightly.20260705",
|
|
85
|
+
"@aztec/ethereum": "5.0.0-nightly.20260705",
|
|
86
|
+
"@aztec/foundation": "5.0.0-nightly.20260705",
|
|
87
|
+
"@aztec/l1-artifacts": "5.0.0-nightly.20260705",
|
|
88
|
+
"@aztec/node-keystore": "5.0.0-nightly.20260705",
|
|
89
|
+
"@aztec/node-lib": "5.0.0-nightly.20260705",
|
|
90
|
+
"@aztec/p2p": "5.0.0-nightly.20260705",
|
|
91
|
+
"@aztec/protocol-contracts": "5.0.0-nightly.20260705",
|
|
92
|
+
"@aztec/sequencer-client": "5.0.0-nightly.20260705",
|
|
93
|
+
"@aztec/slasher": "5.0.0-nightly.20260705",
|
|
94
|
+
"@aztec/stdlib": "5.0.0-nightly.20260705",
|
|
95
|
+
"@aztec/wallets": "5.0.0-nightly.20260705",
|
|
96
|
+
"@aztec/world-state": "5.0.0-nightly.20260705",
|
|
97
97
|
"@ethersproject/wallet": "^5.8.0",
|
|
98
98
|
"@iarna/toml": "^2.2.5",
|
|
99
99
|
"@libp2p/peer-id-factory": "^3.0.4",
|
|
@@ -107,9 +107,9 @@
|
|
|
107
107
|
"viem": "npm:@aztec/viem@2.38.2"
|
|
108
108
|
},
|
|
109
109
|
"devDependencies": {
|
|
110
|
-
"@aztec/aztec-node": "5.0.0-nightly.
|
|
111
|
-
"@aztec/kv-store": "5.0.0-nightly.
|
|
112
|
-
"@aztec/telemetry-client": "5.0.0-nightly.
|
|
110
|
+
"@aztec/aztec-node": "5.0.0-nightly.20260705",
|
|
111
|
+
"@aztec/kv-store": "5.0.0-nightly.20260705",
|
|
112
|
+
"@aztec/telemetry-client": "5.0.0-nightly.20260705",
|
|
113
113
|
"@jest/globals": "^30.0.0",
|
|
114
114
|
"@types/jest": "^30.0.0",
|
|
115
115
|
"@types/lodash.chunk": "^4.2.9",
|
|
@@ -126,15 +126,15 @@
|
|
|
126
126
|
"typescript": "^5.3.3"
|
|
127
127
|
},
|
|
128
128
|
"peerDependencies": {
|
|
129
|
-
"@aztec/accounts": "5.0.0-nightly.
|
|
130
|
-
"@aztec/bb-prover": "5.0.0-nightly.
|
|
131
|
-
"@aztec/ethereum": "5.0.0-nightly.
|
|
132
|
-
"@aztec/l1-artifacts": "5.0.0-nightly.
|
|
133
|
-
"@aztec/noir-contracts.js": "5.0.0-nightly.
|
|
134
|
-
"@aztec/noir-protocol-circuits-types": "5.0.0-nightly.
|
|
135
|
-
"@aztec/noir-test-contracts.js": "5.0.0-nightly.
|
|
136
|
-
"@aztec/protocol-contracts": "5.0.0-nightly.
|
|
137
|
-
"@aztec/stdlib": "5.0.0-nightly.
|
|
129
|
+
"@aztec/accounts": "5.0.0-nightly.20260705",
|
|
130
|
+
"@aztec/bb-prover": "5.0.0-nightly.20260705",
|
|
131
|
+
"@aztec/ethereum": "5.0.0-nightly.20260705",
|
|
132
|
+
"@aztec/l1-artifacts": "5.0.0-nightly.20260705",
|
|
133
|
+
"@aztec/noir-contracts.js": "5.0.0-nightly.20260705",
|
|
134
|
+
"@aztec/noir-protocol-circuits-types": "5.0.0-nightly.20260705",
|
|
135
|
+
"@aztec/noir-test-contracts.js": "5.0.0-nightly.20260705",
|
|
136
|
+
"@aztec/protocol-contracts": "5.0.0-nightly.20260705",
|
|
137
|
+
"@aztec/stdlib": "5.0.0-nightly.20260705"
|
|
138
138
|
},
|
|
139
139
|
"files": [
|
|
140
140
|
"dest",
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { Wallet } from '@ethersproject/wallet';
|
|
2
|
+
import { parentPort, workerData } from 'worker_threads';
|
|
3
|
+
|
|
4
|
+
type EthJsonV3WorkerData = {
|
|
5
|
+
privateKeyHex: string;
|
|
6
|
+
password: string;
|
|
7
|
+
};
|
|
8
|
+
|
|
9
|
+
type SerializedError = {
|
|
10
|
+
message: string;
|
|
11
|
+
name?: string;
|
|
12
|
+
stack?: string;
|
|
13
|
+
};
|
|
14
|
+
|
|
15
|
+
function serializeError(error: unknown): SerializedError {
|
|
16
|
+
if (error instanceof Error) {
|
|
17
|
+
return { message: error.message, name: error.name, stack: error.stack };
|
|
18
|
+
}
|
|
19
|
+
return { message: String(error) };
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
void (async () => {
|
|
23
|
+
try {
|
|
24
|
+
const { privateKeyHex, password } = workerData as EthJsonV3WorkerData;
|
|
25
|
+
const json = await new Wallet(privateKeyHex).encrypt(password);
|
|
26
|
+
parentPort?.postMessage({ json });
|
|
27
|
+
} catch (error) {
|
|
28
|
+
parentPort?.postMessage({ error: serializeError(error) });
|
|
29
|
+
}
|
|
30
|
+
})();
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { LogFn } from '@aztec/foundation/log';
|
|
2
2
|
|
|
3
|
-
import { Command } from 'commander';
|
|
3
|
+
import { Command, Option } from 'commander';
|
|
4
4
|
|
|
5
5
|
import { parseAztecAddress, parseEthereumAddress, parseHex, parseOptionalInteger } from '../../utils/commands.js';
|
|
6
6
|
import { defaultBlsPath } from './utils.js';
|
|
@@ -38,10 +38,24 @@ export function injectCommands(program: Command, log: LogFn) {
|
|
|
38
38
|
.option('--remote-signer <url>', 'Default remote signer URL for accounts in this file')
|
|
39
39
|
.option('--ikm <hex>', 'Initial keying material for BLS (alternative to mnemonic)', value => parseHex(value, 32))
|
|
40
40
|
.option('--bls-path <path>', `EIP-2334 path (default ${defaultBlsPath})`)
|
|
41
|
-
.
|
|
42
|
-
'--password <str>',
|
|
43
|
-
|
|
41
|
+
.addOption(
|
|
42
|
+
new Option('--password <str>', 'Shared password for writing ETH JSON V3 and BLS EIP-2335 keystore files').env(
|
|
43
|
+
'AZTEC_KEYSTORE_PASSWORD',
|
|
44
|
+
),
|
|
45
|
+
)
|
|
46
|
+
.option('--password-file <path>', 'File containing the shared password for writing keystore files')
|
|
47
|
+
.addOption(
|
|
48
|
+
new Option('--eth-password <str>', 'Password for writing ETH JSON V3 keystore files').env(
|
|
49
|
+
'AZTEC_ETH_KEYSTORE_PASSWORD',
|
|
50
|
+
),
|
|
51
|
+
)
|
|
52
|
+
.option('--eth-password-file <path>', 'File containing the password for writing ETH JSON V3 keystore files')
|
|
53
|
+
.addOption(
|
|
54
|
+
new Option('--bls-password <str>', 'Password for writing BLS EIP-2335 keystore files').env(
|
|
55
|
+
'AZTEC_BLS_KEYSTORE_PASSWORD',
|
|
56
|
+
),
|
|
44
57
|
)
|
|
58
|
+
.option('--bls-password-file <path>', 'File containing the password for writing BLS EIP-2335 keystore files')
|
|
45
59
|
.option('--encrypted-keystore-dir <dir>', 'Output directory for encrypted keystore file(s)')
|
|
46
60
|
.option('--json', 'Echo resulting JSON to stdout')
|
|
47
61
|
.option('--staker-output', 'Generate a single staker output JSON file with an array of validator entries')
|
|
@@ -6,7 +6,7 @@ import type { LogFn } from '@aztec/foundation/log';
|
|
|
6
6
|
import type { AztecAddress } from '@aztec/stdlib/aztec-address';
|
|
7
7
|
|
|
8
8
|
import { wordlist } from '@scure/bip39/wordlists/english.js';
|
|
9
|
-
import { writeFile } from 'fs/promises';
|
|
9
|
+
import { readFile, writeFile } from 'fs/promises';
|
|
10
10
|
import { basename, dirname, join } from 'path';
|
|
11
11
|
import { createPublicClient, fallback, http } from 'viem';
|
|
12
12
|
import { generateMnemonic, mnemonicToAccount } from 'viem/accounts';
|
|
@@ -42,6 +42,11 @@ export type NewValidatorKeystoreOptions = {
|
|
|
42
42
|
ikm?: string;
|
|
43
43
|
blsPath?: string;
|
|
44
44
|
password?: string;
|
|
45
|
+
passwordFile?: string;
|
|
46
|
+
ethPassword?: string;
|
|
47
|
+
ethPasswordFile?: string;
|
|
48
|
+
blsPassword?: string;
|
|
49
|
+
blsPasswordFile?: string;
|
|
45
50
|
encryptedKeystoreDir?: string;
|
|
46
51
|
json?: boolean;
|
|
47
52
|
feeRecipient: AztecAddress;
|
|
@@ -53,6 +58,86 @@ export type NewValidatorKeystoreOptions = {
|
|
|
53
58
|
l1ChainId?: number;
|
|
54
59
|
};
|
|
55
60
|
|
|
61
|
+
type PasswordSourceOptions = Pick<
|
|
62
|
+
NewValidatorKeystoreOptions,
|
|
63
|
+
'password' | 'passwordFile' | 'ethPassword' | 'ethPasswordFile' | 'blsPassword' | 'blsPasswordFile'
|
|
64
|
+
>;
|
|
65
|
+
|
|
66
|
+
type PasswordSource = {
|
|
67
|
+
password?: string;
|
|
68
|
+
passwordFile?: string;
|
|
69
|
+
passwordOption: string;
|
|
70
|
+
passwordFileOption: string;
|
|
71
|
+
};
|
|
72
|
+
|
|
73
|
+
function validatePassword(password: string, source: string): string {
|
|
74
|
+
if (password.length === 0) {
|
|
75
|
+
throw new Error(`${source} cannot be empty`);
|
|
76
|
+
}
|
|
77
|
+
return password;
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
function stripOneTrailingNewline(password: string): string {
|
|
81
|
+
if (password.endsWith('\n')) {
|
|
82
|
+
password = password.slice(0, -1);
|
|
83
|
+
}
|
|
84
|
+
if (password.endsWith('\r')) {
|
|
85
|
+
password = password.slice(0, -1);
|
|
86
|
+
}
|
|
87
|
+
return password;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
async function resolvePasswordSource(source: PasswordSource): Promise<string | undefined> {
|
|
91
|
+
if (source.password !== undefined && source.passwordFile !== undefined) {
|
|
92
|
+
throw new Error(`${source.passwordOption} and ${source.passwordFileOption} cannot be used together`);
|
|
93
|
+
}
|
|
94
|
+
if (source.password !== undefined) {
|
|
95
|
+
return validatePassword(source.password, source.passwordOption);
|
|
96
|
+
}
|
|
97
|
+
if (source.passwordFile !== undefined) {
|
|
98
|
+
if (source.passwordFile.length === 0) {
|
|
99
|
+
throw new Error(`${source.passwordFileOption} cannot be empty`);
|
|
100
|
+
}
|
|
101
|
+
const password = stripOneTrailingNewline(await readFile(source.passwordFile, 'utf-8'));
|
|
102
|
+
return validatePassword(password, source.passwordFileOption);
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
return undefined;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
async function resolvePasswords(options: PasswordSourceOptions) {
|
|
109
|
+
const sharedPassword = await resolvePasswordSource({
|
|
110
|
+
password: options.password,
|
|
111
|
+
passwordFile: options.passwordFile,
|
|
112
|
+
passwordOption: '--password',
|
|
113
|
+
passwordFileOption: '--password-file',
|
|
114
|
+
});
|
|
115
|
+
const ethPassword =
|
|
116
|
+
(await resolvePasswordSource({
|
|
117
|
+
password: options.ethPassword,
|
|
118
|
+
passwordFile: options.ethPasswordFile,
|
|
119
|
+
passwordOption: '--eth-password',
|
|
120
|
+
passwordFileOption: '--eth-password-file',
|
|
121
|
+
})) ?? sharedPassword;
|
|
122
|
+
const blsPassword =
|
|
123
|
+
(await resolvePasswordSource({
|
|
124
|
+
password: options.blsPassword,
|
|
125
|
+
passwordFile: options.blsPasswordFile,
|
|
126
|
+
passwordOption: '--bls-password',
|
|
127
|
+
passwordFileOption: '--bls-password-file',
|
|
128
|
+
})) ?? sharedPassword;
|
|
129
|
+
|
|
130
|
+
if (ethPassword === undefined && blsPassword === undefined) {
|
|
131
|
+
return {};
|
|
132
|
+
}
|
|
133
|
+
if (ethPassword === undefined || blsPassword === undefined) {
|
|
134
|
+
throw new Error(
|
|
135
|
+
'Both ETH and BLS passwords are required when writing encrypted keystores. Provide --password to use one password for both, or provide both --eth-password and --bls-password.',
|
|
136
|
+
);
|
|
137
|
+
}
|
|
138
|
+
return { ethPassword, blsPassword };
|
|
139
|
+
}
|
|
140
|
+
|
|
56
141
|
export async function newValidatorKeystore(options: NewValidatorKeystoreOptions, log: LogFn) {
|
|
57
142
|
// validate bls-path inputs before proceeding with key generation
|
|
58
143
|
validateBlsPathOptions(options);
|
|
@@ -78,7 +163,12 @@ export async function newValidatorKeystore(options: NewValidatorKeystoreOptions,
|
|
|
78
163
|
blsPath,
|
|
79
164
|
ikm,
|
|
80
165
|
mnemonic: _mnemonic,
|
|
81
|
-
password,
|
|
166
|
+
password: passwordOption,
|
|
167
|
+
passwordFile,
|
|
168
|
+
ethPassword: ethPasswordOption,
|
|
169
|
+
ethPasswordFile,
|
|
170
|
+
blsPassword: blsPasswordOption,
|
|
171
|
+
blsPasswordFile,
|
|
82
172
|
encryptedKeystoreDir,
|
|
83
173
|
stakerOutput,
|
|
84
174
|
gseAddress,
|
|
@@ -86,9 +176,18 @@ export async function newValidatorKeystore(options: NewValidatorKeystoreOptions,
|
|
|
86
176
|
l1ChainId,
|
|
87
177
|
} = options;
|
|
88
178
|
|
|
179
|
+
const { ethPassword, blsPassword } = await resolvePasswords({
|
|
180
|
+
password: passwordOption,
|
|
181
|
+
passwordFile,
|
|
182
|
+
ethPassword: ethPasswordOption,
|
|
183
|
+
ethPasswordFile,
|
|
184
|
+
blsPassword: blsPasswordOption,
|
|
185
|
+
blsPasswordFile,
|
|
186
|
+
});
|
|
187
|
+
const shouldEncryptKeystores = ethPassword !== undefined && blsPassword !== undefined;
|
|
89
188
|
const mnemonic = _mnemonic ?? generateMnemonic(wordlist);
|
|
90
189
|
|
|
91
|
-
if (!_mnemonic && !json) {
|
|
190
|
+
if (!_mnemonic && !json && !shouldEncryptKeystores) {
|
|
92
191
|
log('No mnemonic provided, generating new one...');
|
|
93
192
|
log(`Using new mnemonic:`);
|
|
94
193
|
log('');
|
|
@@ -115,11 +214,11 @@ export async function newValidatorKeystore(options: NewValidatorKeystoreOptions,
|
|
|
115
214
|
});
|
|
116
215
|
|
|
117
216
|
// If password provided, write ETH JSON V3 and BLS BN254 keystores and replace plaintext
|
|
118
|
-
if (
|
|
217
|
+
if (shouldEncryptKeystores) {
|
|
119
218
|
const encryptedKeystoreOutDir =
|
|
120
219
|
encryptedKeystoreDir && encryptedKeystoreDir.length > 0 ? encryptedKeystoreDir : keystoreOutDir;
|
|
121
|
-
await writeEthJsonV3ToFile(validators, { outDir: encryptedKeystoreOutDir, password });
|
|
122
|
-
await writeBlsBn254ToFile(validators, { outDir: encryptedKeystoreOutDir, password });
|
|
220
|
+
await writeEthJsonV3ToFile(validators, { outDir: encryptedKeystoreOutDir, password: ethPassword });
|
|
221
|
+
await writeBlsBn254ToFile(validators, { outDir: encryptedKeystoreOutDir, password: blsPassword });
|
|
123
222
|
}
|
|
124
223
|
|
|
125
224
|
const keystore = {
|
|
@@ -145,7 +244,7 @@ export async function newValidatorKeystore(options: NewValidatorKeystoreOptions,
|
|
|
145
244
|
// Process each validator
|
|
146
245
|
for (let i = 0; i < validators.length; i++) {
|
|
147
246
|
const validator = validators[i];
|
|
148
|
-
const outputs = await processAttesterAccounts(validator.attester, gse
|
|
247
|
+
const outputs = await processAttesterAccounts(validator.attester, gse);
|
|
149
248
|
|
|
150
249
|
// Collect all staker outputs
|
|
151
250
|
for (let j = 0; j < outputs.length; j++) {
|
|
@@ -160,7 +259,7 @@ export async function newValidatorKeystore(options: NewValidatorKeystoreOptions,
|
|
|
160
259
|
}
|
|
161
260
|
}
|
|
162
261
|
|
|
163
|
-
const outputData = !_mnemonic ? { ...keystore, generatedMnemonic: mnemonic } : keystore;
|
|
262
|
+
const outputData = !_mnemonic && !shouldEncryptKeystores ? { ...keystore, generatedMnemonic: mnemonic } : keystore;
|
|
164
263
|
|
|
165
264
|
// Handle JSON output
|
|
166
265
|
if (json) {
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { prettyPrintJSON } from '@aztec/cli/utils';
|
|
2
|
+
import { asyncPool } from '@aztec/foundation/async-pool';
|
|
2
3
|
import { deriveBlsPrivateKey } from '@aztec/foundation/crypto/bls';
|
|
3
4
|
import { createBn254Keystore } from '@aztec/foundation/crypto/bls/bn254_keystore';
|
|
4
5
|
import { computeBn254G1PublicKeyCompressed } from '@aztec/foundation/crypto/bn254';
|
|
@@ -10,12 +11,60 @@ import type { AztecAddress } from '@aztec/stdlib/aztec-address';
|
|
|
10
11
|
import { Wallet } from '@ethersproject/wallet';
|
|
11
12
|
import { constants as fsConstants, mkdirSync } from 'fs';
|
|
12
13
|
import { access, writeFile } from 'fs/promises';
|
|
13
|
-
import { homedir } from 'os';
|
|
14
|
+
import { availableParallelism, homedir } from 'os';
|
|
14
15
|
import { dirname, isAbsolute, join } from 'path';
|
|
15
16
|
import { mnemonicToAccount } from 'viem/accounts';
|
|
17
|
+
import { Worker } from 'worker_threads';
|
|
16
18
|
|
|
17
19
|
import { defaultBlsPath } from './utils.js';
|
|
18
20
|
|
|
21
|
+
type EthJsonV3WorkerResult = { json: string } | { error: { message: string; name?: string; stack?: string } };
|
|
22
|
+
|
|
23
|
+
// ethers' default scrypt parameters use substantial memory, so keep worker fan-out bounded.
|
|
24
|
+
const maxEthKeystoreWorkers = Math.max(1, Math.min(4, availableParallelism()));
|
|
25
|
+
|
|
26
|
+
function deserializeWorkerError(error: { message: string; name?: string; stack?: string }) {
|
|
27
|
+
const result = new Error(error.message);
|
|
28
|
+
result.name = error.name ?? result.name;
|
|
29
|
+
result.stack = error.stack;
|
|
30
|
+
return result;
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
function encryptEthJsonV3InWorker(privateKeyHex: string, password: string): Promise<string> {
|
|
34
|
+
return new Promise<string>((resolve, reject) => {
|
|
35
|
+
const worker = new Worker(new URL('./eth_json_v3_worker.js', import.meta.url), {
|
|
36
|
+
workerData: { privateKeyHex, password },
|
|
37
|
+
});
|
|
38
|
+
let settled = false;
|
|
39
|
+
|
|
40
|
+
worker.once('message', (result: EthJsonV3WorkerResult) => {
|
|
41
|
+
settled = true;
|
|
42
|
+
|
|
43
|
+
if ('json' in result) {
|
|
44
|
+
resolve(result.json);
|
|
45
|
+
} else {
|
|
46
|
+
reject(deserializeWorkerError(result.error));
|
|
47
|
+
}
|
|
48
|
+
});
|
|
49
|
+
worker.once('error', error => {
|
|
50
|
+
settled = true;
|
|
51
|
+
reject(error);
|
|
52
|
+
});
|
|
53
|
+
worker.once('exit', code => {
|
|
54
|
+
if (!settled) {
|
|
55
|
+
reject(new Error(`ETH JSON V3 worker stopped with exit code ${code}`));
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
async function encryptEthJsonV3(privateKeyHex: string, password: string): Promise<string> {
|
|
62
|
+
if (process.env.JEST_WORKER_ID !== undefined) {
|
|
63
|
+
return await new Wallet(privateKeyHex).encrypt(password);
|
|
64
|
+
}
|
|
65
|
+
return await encryptEthJsonV3InWorker(privateKeyHex, password);
|
|
66
|
+
}
|
|
67
|
+
|
|
19
68
|
export type ValidatorSummary = { attesterEth?: string; attesterBls?: string; publisherEth?: string[] };
|
|
20
69
|
|
|
21
70
|
export type BuildValidatorsInput = {
|
|
@@ -228,7 +277,7 @@ export async function writeBn254BlsKeystore(
|
|
|
228
277
|
): Promise<string> {
|
|
229
278
|
mkdirSync(outDir, { recursive: true });
|
|
230
279
|
|
|
231
|
-
const keystore = createBn254Keystore(password, privateKeyHex, pubkeyHex, derivationPath);
|
|
280
|
+
const keystore = await createBn254Keystore(password, privateKeyHex, pubkeyHex, derivationPath);
|
|
232
281
|
|
|
233
282
|
const safeBase = fileNameBase.replace(/[^a-zA-Z0-9_-]/g, '_');
|
|
234
283
|
const outPath = join(outDir, `keystore-${safeBase}.json`);
|
|
@@ -241,28 +290,29 @@ export async function writeBlsBn254ToFile(
|
|
|
241
290
|
validators: ValidatorKeyStore[],
|
|
242
291
|
options: { outDir: string; password: string; blsPath?: string },
|
|
243
292
|
): Promise<void> {
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
293
|
+
await Promise.all(
|
|
294
|
+
validators.map(async (v, i) => {
|
|
295
|
+
if (!v || typeof v !== 'object' || !('attester' in v)) {
|
|
296
|
+
return;
|
|
297
|
+
}
|
|
298
|
+
const att = (v as any).attester;
|
|
250
299
|
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
300
|
+
// Shapes: { bls: <hex> } or { eth: <ethAccount>, bls?: <hex> } or plain EthAccount
|
|
301
|
+
const blsKey: string | undefined = typeof att === 'object' && 'bls' in att ? (att as any).bls : undefined;
|
|
302
|
+
if (!blsKey || typeof blsKey !== 'string') {
|
|
303
|
+
return;
|
|
304
|
+
}
|
|
256
305
|
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
306
|
+
const pub = await computeBlsPublicKeyCompressed(blsKey);
|
|
307
|
+
const path = options.blsPath ?? defaultBlsPath;
|
|
308
|
+
const fileBase = `${String(i + 1)}_${pub.slice(2, 18)}`;
|
|
309
|
+
const keystorePath = await writeBn254BlsKeystore(options.outDir, fileBase, options.password, blsKey, pub, path);
|
|
261
310
|
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
311
|
+
if (typeof att === 'object') {
|
|
312
|
+
(att as any).bls = { path: keystorePath, password: options.password };
|
|
313
|
+
}
|
|
314
|
+
}),
|
|
315
|
+
);
|
|
266
316
|
}
|
|
267
317
|
|
|
268
318
|
/** Writes an Ethereum JSON V3 keystore using ethers, returns absolute path */
|
|
@@ -274,8 +324,7 @@ export async function writeEthJsonV3Keystore(
|
|
|
274
324
|
): Promise<string> {
|
|
275
325
|
const safeBase = fileNameBase.replace(/[^a-zA-Z0-9_-]/g, '_');
|
|
276
326
|
mkdirSync(outDir, { recursive: true });
|
|
277
|
-
const
|
|
278
|
-
const json = await wallet.encrypt(password);
|
|
327
|
+
const json = await encryptEthJsonV3(privateKeyHex, password);
|
|
279
328
|
const outPath = join(outDir, `keystore-eth-${safeBase}.json`);
|
|
280
329
|
await writeFile(outPath, json, { encoding: 'utf-8' });
|
|
281
330
|
return outPath;
|
|
@@ -286,13 +335,16 @@ export async function writeEthJsonV3ToFile(
|
|
|
286
335
|
validators: ValidatorKeyStore[],
|
|
287
336
|
options: { outDir: string; password: string },
|
|
288
337
|
): Promise<void> {
|
|
289
|
-
const
|
|
338
|
+
const tasks: (() => Promise<void>)[] = [];
|
|
339
|
+
|
|
340
|
+
const maybeQueueEncryptEth = (account: any, label: string, setEncryptedAccount: (account: any) => void) => {
|
|
290
341
|
if (typeof account === 'string' && account.startsWith('0x') && account.length === 66) {
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
342
|
+
tasks.push(async () => {
|
|
343
|
+
const fileBase = `${label}_${account.slice(2, 10)}`;
|
|
344
|
+
const path = await writeEthJsonV3Keystore(options.outDir, fileBase, options.password, account);
|
|
345
|
+
setEncryptedAccount({ path, password: options.password });
|
|
346
|
+
});
|
|
294
347
|
}
|
|
295
|
-
return account;
|
|
296
348
|
};
|
|
297
349
|
|
|
298
350
|
for (let i = 0; i < validators.length; i++) {
|
|
@@ -304,23 +356,23 @@ export async function writeEthJsonV3ToFile(
|
|
|
304
356
|
// attester may be string (eth), object with eth, or remote signer
|
|
305
357
|
const att = (v as any).attester;
|
|
306
358
|
if (typeof att === 'string') {
|
|
307
|
-
(
|
|
359
|
+
maybeQueueEncryptEth(att, `attester_${i + 1}`, account => ((v as any).attester = account));
|
|
308
360
|
} else if (att && typeof att === 'object' && 'eth' in att) {
|
|
309
|
-
(att as any).eth
|
|
361
|
+
maybeQueueEncryptEth((att as any).eth, `attester_${i + 1}`, account => ((att as any).eth = account));
|
|
310
362
|
}
|
|
311
363
|
|
|
312
364
|
// publisher can be single or array
|
|
313
365
|
if ('publisher' in v) {
|
|
314
366
|
const pub = (v as any).publisher;
|
|
315
367
|
if (Array.isArray(pub)) {
|
|
316
|
-
const out: any[] = [];
|
|
317
368
|
for (let j = 0; j < pub.length; j++) {
|
|
318
|
-
|
|
369
|
+
maybeQueueEncryptEth(pub[j], `publisher_${i + 1}_${j + 1}`, account => (pub[j] = account));
|
|
319
370
|
}
|
|
320
|
-
(v as any).publisher = out;
|
|
321
371
|
} else if (pub !== undefined) {
|
|
322
|
-
(
|
|
372
|
+
maybeQueueEncryptEth(pub, `publisher_${i + 1}`, account => ((v as any).publisher = account));
|
|
323
373
|
}
|
|
324
374
|
}
|
|
325
375
|
}
|
|
376
|
+
|
|
377
|
+
await asyncPool(maxEthKeystoreWorkers, tasks, task => task());
|
|
326
378
|
}
|