@aztec/node-keystore 2.0.3 → 2.1.0-rc.2

package/src/signer.ts

@@ -104,6 +104,82 @@ export class RemoteSigner implements EthSigner {
     private fetch: typeof globalThis.fetch = globalThis.fetch,
   ) {}
 
+  /**
+   * Validates that a web3signer is accessible and that the given addresses are available.
+   * @param remoteSignerUrl - The URL of the web3signer (can be string or EthRemoteSignerConfig)
+   * @param addresses - The addresses to check for availability
+   * @param fetch - Optional fetch implementation for testing
+   * @throws Error if the web3signer is not accessible or if any address is not available
+   */
+  static async validateAccess(
+    remoteSignerUrl: EthRemoteSignerConfig,
+    addresses: string[],
+    fetch: typeof globalThis.fetch = globalThis.fetch,
+  ): Promise<void> {
+    const url = typeof remoteSignerUrl === 'string' ? remoteSignerUrl : remoteSignerUrl.remoteSignerUrl;
+
+    try {
+      // Check if the web3signer is reachable by calling eth_accounts
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+          jsonrpc: '2.0',
+          method: 'eth_accounts',
+          params: [],
+          id: 1,
+        }),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new SignerError(
+          `Web3Signer validation failed: ${response.status} ${response.statusText} - ${errorText}`,
+          'eth_accounts',
+          url,
+          response.status,
+        );
+      }
+
+      const result = await response.json();
+
+      if (result.error) {
+        throw new SignerError(
+          `Web3Signer JSON-RPC error during validation: ${result.error.code} - ${result.error.message}`,
+          'eth_accounts',
+          url,
+          200,
+          result.error.code,
+        );
+      }
+
+      if (!result.result || !Array.isArray(result.result)) {
+        throw new Error('Invalid response from Web3Signer: expected array of accounts');
+      }
+
+      // Normalize addresses to lowercase for comparison
+      const availableAccounts: string[] = result.result.map((addr: string) => addr.toLowerCase());
+      const requestedAddresses = addresses.map(addr => addr.toLowerCase());
+
+      // Check if all requested addresses are available
+      const missingAddresses = requestedAddresses.filter(addr => !availableAccounts.includes(addr));
+
+      if (missingAddresses.length > 0) {
+        throw new Error(`The following addresses are not available in the web3signer: ${missingAddresses.join(', ')}`);
+      }
+    } catch (error: any) {
+      if (error instanceof SignerError) {
+        throw error;
+      }
+      if (error.code === 'ECONNREFUSED' || error.cause?.code === 'ECONNREFUSED') {
+        throw new Error(`Unable to connect to web3signer at ${url}. Please ensure it is running and accessible.`);
+      }
+      throw error;
+    }
+  }
+
   /**
    * Sign a message using eth_sign via remote JSON-RPC.
    */

package/src/types.ts

@@ -12,11 +12,14 @@ import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 export type Hex<TByteLength extends number> = `0x${string}` & { readonly _length: TByteLength };
 
 /** A json keystore config points to a local file with the encrypted private key, and may require a password for decrypting it */
-export type EthJsonKeyFileV3Config = { path: string; password?: string };
+export type JsonKeyFileV3Config = { path: string; password?: string };
 
 /** A private key is a 32-byte 0x-prefixed hex */
 export type EthPrivateKey = Hex<32>;
 
+/** A BLS private key is a 32-byte 0x-prefixed hex */
+export type BLSPrivateKey = Hex<32>;
+
 /** URL type for remote signers */
 export type Url = string;
 
@@ -39,16 +42,16 @@ export type EthRemoteSignerAccount =
   | EthAddress
   | {
       address: EthAddress;
-      remoteSignerUrl?: Url;
+      remoteSignerUrl: Url;
       certPath?: string;
       certPass?: string;
     };
 
 /** An L1 account is a private key, a remote signer configuration, or a standard json key store file */
-export type EthAccount = EthPrivateKey | EthRemoteSignerAccount | EthJsonKeyFileV3Config;
+export type EthAccount = EthPrivateKey | EthRemoteSignerAccount | JsonKeyFileV3Config;
 
 /** A mnemonic can be used to define a set of accounts */
-export type EthMnemonicConfig = {
+export type MnemonicConfig = {
   mnemonic: string;
   addressIndex?: number;
   accountIndex?: number;
@@ -57,7 +60,7 @@ export type EthMnemonicConfig = {
 };
 
 /** One or more L1 accounts */
-export type EthAccounts = EthAccount | EthAccount[] | EthMnemonicConfig;
+export type EthAccounts = EthAccount | EthAccount[] | MnemonicConfig;
 
 export type ProverKeyStoreWithId = {
   /** Address that identifies the prover. This address will receive the rewards. */
@@ -68,12 +71,21 @@ export type ProverKeyStoreWithId = {
 
 export type ProverKeyStore = ProverKeyStoreWithId | EthAccount;
 
+/** A BLS account is either a private key, or a standard json key store file */
+export type BLSAccount = BLSPrivateKey | JsonKeyFileV3Config;
+
+/** An AttesterAccount is a combined EthAccount and optional BLSAccount */
+export type AttesterAccount = { eth: EthAccount; bls?: BLSAccount } | EthAccount;
+
+/** One or more attester accounts combining ETH and BLS keys */
+export type AttesterAccounts = AttesterAccount | AttesterAccount[] | MnemonicConfig;
+
 export type ValidatorKeyStore = {
   /**
    * One or more validator attester keys to handle in this configuration block.
    * An attester address may only appear once across all configuration blocks across all keystore files.
    */
-  attester: EthAccounts;
+  attester: AttesterAccounts;
   /**
    * Coinbase address to use when proposing an L2 block as any of the validators in this configuration block.
    * Falls back to the attester address if not set.