@metamask/eth-hd-keyring 4.0.0

package/.eslintrc.js

@@ -0,0 +1,14 @@
+module.exports = {
+  root: true,
+
+  extends: ['@metamask/eslint-config', '@metamask/eslint-config-nodejs'],
+
+  overrides: [
+    {
+      files: ['test/**/*.js'],
+      extends: ['@metamask/eslint-config-jest'],
+    },
+  ],
+
+  ignorePatterns: ['!.eslintrc.js', '!.prettierrc.js'],
+};

package/.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# Lines starting with '#' are comments.
+# Each line is a file pattern followed by one or more owners.
+
+*                                    @MetaMask/devs

package/.github/workflows/build-test.yml

@@ -0,0 +1,48 @@
+name: Lint and Test
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  lint-test:
+    name: Lint and Test
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        node-version: [12.x, 14.x, 16.x]
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Get Yarn cache directory
+        run: echo "::set-output name=YARN_CACHE_DIR::$(yarn cache dir)"
+        id: yarn-cache-dir
+      - name: Get Yarn version
+        run: echo "::set-output name=YARN_VERSION::$(yarn --version)"
+        id: yarn-version
+      - name: Cache yarn dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.yarn-cache-dir.outputs.YARN_CACHE_DIR }}
+          key: yarn-cache-${{ runner.os }}-${{ steps.yarn-version.outputs.YARN_VERSION }}-${{ hashFiles('yarn.lock') }}
+      - run: yarn --frozen-lockfile
+      - run: yarn allow-scripts
+      - run: yarn lint
+      - run: yarn test
+      - name: Validate RC changelog
+        if: ${{ startsWith(github.head_ref, 'release/') }}
+        run: yarn auto-changelog validate --rc
+      - name: Validate changelog
+        if: ${{ !startsWith(github.head_ref, 'release/') }}
+        run: yarn auto-changelog validate
+  all-jobs-pass:
+    name: All jobs pass
+    runs-on: ubuntu-20.04
+    needs:
+      - lint-test
+    steps:
+      - run: echo "Great success!"

package/.github/workflows/create-release-pr.yml

@@ -0,0 +1,50 @@
+name: Create Release Pull Request
+
+on:
+  workflow_dispatch:
+    inputs:
+      base-branch:
+        description: 'The base branch for git operations and the pull request.'
+        default: 'main'
+        required: true
+      release-type:
+        description: 'A SemVer version diff, i.e. major, minor, patch, prerelease etc. Mutually exclusive with "release-version".'
+        required: false
+      release-version:
+        description: 'A specific version to bump to. Mutually exclusive with "release-type".'
+        required: false
+
+jobs:
+  create-release-pr:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # This is to guarantee that the most recent tag is fetched.
+          # This can be configured to a more reasonable value by consumers.
+          fetch-depth: 0
+          # We check out the specified branch, which will be used as the base
+          # branch for all git operations and the release PR.
+          ref: ${{ github.event.inputs.base-branch }}
+      - name: Get Node.js version
+        id: nvm
+        run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
+      - uses: MetaMask/action-create-release-pr@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release-type: ${{ github.event.inputs.release-type }}
+          release-version: ${{ github.event.inputs.release-version }}
+          artifacts-path: gh-action__release-authors
+      # Upload the release author artifact for use in subsequent workflows
+      - uses: actions/upload-artifact@v2
+        with:
+          name: release-authors
+          path: gh-action__release-authors
+          if-no-files-found: error

package/.github/workflows/publish-release.yml

@@ -0,0 +1,29 @@
+name: Publish Release
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  publish-release:
+    permissions:
+      contents: write
+    if: |
+      github.event.pull_request.merged == true &&
+      startsWith(github.event.pull_request.head.ref, 'release/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # We check out the release pull request's base branch, which will be
+          # used as the base branch for all git operations.
+          ref: ${{ github.event.pull_request.base.ref }}
+      - name: Get Node.js version
+        id: nvm
+        run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
+      - uses: MetaMask/action-publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/require-additional-reviewer.yml

@@ -0,0 +1,29 @@
+name: Require Additional Reviewer for Releases
+
+on:
+  pull_request:
+  pull_request_review:
+
+jobs:
+  require-additional-reviewer:
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: read
+      statuses: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # If the base branch has been merged into the release branch, we
+          # need to find the earliest common ancestor commit of the base and
+          # release branches.
+          fetch-depth: 0
+          # We want the head / feature branch to be checked out, and we will
+          # compare it to the base branch in the action.
+          ref: ${{ github.event.pull_request.head.ref }}
+      - uses: MetaMask/action-require-additional-reviewer@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          read-org-token: ${{ secrets.ORG_READER }}

package/.nvmrc

@@ -0,0 +1 @@
+v12

package/.prettierrc.js

@@ -0,0 +1,8 @@
+// All of these are defaults except singleQuote, but we specify them
+// for explicitness
+module.exports = {
+  quoteProps: 'as-needed',
+  singleQuote: true,
+  tabWidth: 2,
+  trailingComma: 'all',
+};

package/.yarnrc

@@ -0,0 +1 @@
+ignore-scripts true

package/CHANGELOG.md

@@ -0,0 +1,20 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [4.0.0]
+### Changed
+- **BREAKING**: Do not allow re-initialization of keyring instance ([#55](https://github.com/MetaMask/eth-hd-keyring/pull/55))
+    - Consumers are now required to call generateRandomMnemonic() after initialization for creating new SRPs.
+- **BREAKING**: Update minimum Node.js version from v10 to v12 ([#45](https://github.com/MetaMask/eth-hd-keyring/pull/45))
+- Add `@lavamoat/allow-scripts` ([#47](https://github.com/MetaMask/eth-hd-keyring/pull/47))
+    - We now have an allowlist for all post-install scripts. The standard setup script has been added, along with new contributor documentation in the README to explain this script.
+- Obfuscate serialized mnemonic ([#59](https://github.com/MetaMask/eth-hd-keyring/pull/59))
+- Package name changed from `eth-hd-keyring` to `@metamask/eth-hd-keyring`
+
+[Unreleased]: https://github.com/MetaMask/eth-hd-keyring/compare/v4.0.0...HEAD
+[4.0.0]: https://github.com/MetaMask/eth-hd-keyring/releases/tag/v4.0.0

package/LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2020 MetaMask
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/README.md

@@ -0,0 +1,128 @@
+# HD Keyring
+
+A simple JS class wrapped around [ethereumjs-wallet](https://github.com/ethereumjs/ethereumjs-wallet) designed to expose an interface common to many different signing strategies, to be used in a `KeyringController`, like is being used in [MetaMask](https://metamask.io/)
+
+## Installation
+
+`yarn add @metamask/eth-hd-keyring`
+
+or
+
+`npm install @metamask/eth-hd-keyring`
+
+## The Keyring Class Protocol
+
+One of the goals of this class is to allow developers to easily add new signing strategies to MetaMask. We call these signing strategies Keyrings, because they can manage multiple keys.
+
+### Keyring.type
+
+A class property that returns a unique string describing the Keyring.
+This is the only class property or method, the remaining methods are instance methods.
+
+### constructor( options )
+
+As a Javascript class, your Keyring object will be used to instantiate new Keyring instances using the new keyword. For example:
+
+```
+const keyring = new YourKeyringClass(options);
+```
+
+The constructor currently receives an options object that will be defined by your keyring-building UI, once the user has gone through the steps required for you to fully instantiate a new keyring. For example, choosing a pattern for a vanity account, or entering a seed phrase.
+
+We haven't defined the protocol for this account-generating UI yet, so for now please ensure your Keyring behaves nicely when not passed any options object.
+
+## Keyring Instance Methods
+
+All below instance methods must return Promises to allow asynchronous resolution.
+
+### serialize()
+
+In this method, you must return any JSON-serializable JavaScript object that you like. It will be encoded to a string, encrypted with the user's password, and stored to disk. This is the same object you will receive in the deserialize() method, so it should capture all the information you need to restore the Keyring's state.
+
+### deserialize( object )
+
+As discussed above, the deserialize() method will be passed the JavaScript object that you returned when the serialize() method was called.
+
+### addAccounts( n = 1 )
+
+The addAccounts(n) method is used to inform your keyring that the user wishes to create a new account. You should perform whatever internal steps are needed so that a call to serialize() will persist the new account, and then return an array of the new account addresses.
+
+The method may be called with or without an argument, specifying the number of accounts to create. You should generally default to 1 per call.
+
+### getAccounts()
+
+When this method is called, you must return an array of hex-string addresses for the accounts that your Keyring is able to sign for.
+
+### signTransaction(address, transaction)
+
+This method will receive a hex-prefixed, all-lowercase address string for the account you should sign the incoming transaction with.
+
+For your convenience, the transaction is an instance of ethereumjs-tx, (https://github.com/ethereumjs/ethereumjs-tx) so signing can be as simple as:
+
+```
+transaction.sign(privateKey)
+```
+
+You must return a valid signed ethereumjs-tx (https://github.com/ethereumjs/ethereumjs-tx) object when complete, it can be the same transaction you received.
+
+### signMessage(address, data)
+
+The `eth_sign` method will receive the incoming data, alread hashed, and must sign that hash, and then return the raw signed hash.
+
+### exportAccount(address)
+
+Exports the specified account as a private key hex string.
+
+## Contributing
+
+### Setup
+
+- Install [Node.js](https://nodejs.org) version 12
+  - If you are using [nvm](https://github.com/creationix/nvm#installation) (recommended) running `nvm use` will automatically choose the right node version for you.
+- Install [Yarn v1](https://yarnpkg.com/en/docs/install)
+- Run `yarn setup` to install dependencies and run any requried post-install scripts
+  - **Warning:** Do not use the `yarn` / `yarn install` command directly. Use `yarn setup` instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.
+
+### Testing and Linting
+
+Run `yarn test` to run the tests once. To run tests on file changes, run `yarn test:watch`.
+
+Run `yarn lint` to run the linter, or run `yarn lint:fix` to run the linter and fix any automatically fixable issues.
+
+### Release & Publishing
+
+The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions [`action-create-release-pr`](https://github.com/MetaMask/action-create-release-pr) and [`action-publish-release`](https://github.com/MetaMask/action-publish-release) are used to automate the release process; see those repositories for more information about how they work.
+
+1. Choose a release version.
+
+   - The release version should be chosen according to SemVer. Analyze the changes to see whether they include any breaking changes, new features, or deprecations, then choose the appropriate SemVer version. See [the SemVer specification](https://semver.org/) for more information.
+
+2. If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. `1.x` for a `v1` backport release).
+
+   - The major version branch should be set to the most recent release with that major version. For example, when backporting a `v1.0.2` release, you'd want to ensure there was a `1.x` branch that was set to the `v1.0.1` tag.
+
+3. Trigger the [`workflow_dispatch`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch) event [manually](https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow) for the `Create Release Pull Request` action to create the release PR.
+
+   - For a backport release, the base branch should be the major version branch that you ensured existed in step 2. For a normal release, the base branch should be the main branch for that repository (which should be the default value).
+   - This should trigger the [`action-create-release-pr`](https://github.com/MetaMask/action-create-release-pr) workflow to create the release PR.
+
+4. Update the changelog to move each change entry into the appropriate change category ([See here](https://keepachangelog.com/en/1.0.0/#types) for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
+
+   - Generally any changes that don't affect consumers of the package (e.g. lockfile changes or development environment changes) are omitted. Exceptions may be made for changes that might be of interest despite not having an effect upon the published package (e.g. major test improvements, security improvements, improved documentation, etc.).
+   - Try to explain each change in terms that users of the package would understand (e.g. avoid referencing internal variables/concepts).
+   - Consolidate related changes into one change entry if it makes it easier to explain.
+   - Run `yarn auto-changelog validate --rc` to check that the changelog is correctly formatted.
+
+5. Review and QA the release.
+
+   - If changes are made to the base branch, the release branch will need to be updated with these changes and review/QA will need to restart again. As such, it's probably best to avoid merging other PRs into the base branch while review is underway.
+
+6. Squash & Merge the release.
+
+   - This should trigger the [`action-publish-release`](https://github.com/MetaMask/action-publish-release) workflow to tag the final release commit and publish the release on GitHub.
+
+7. Publish the release on npm.
+
+   - Be very careful to use a clean local environment to publish the release, and follow exactly the same steps used during CI.
+   - Use `npm publish --dry-run` to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using `https://unpkg.com/browse/[package name]@[package version]/`).
+   - Once you are confident the release contents are correct, publish the release using `npm publish`.

package/index.js

@@ -0,0 +1,126 @@
+const { hdkey } = require('ethereumjs-wallet');
+const SimpleKeyring = require('eth-simple-keyring');
+const bip39 = require('@metamask/bip39');
+const { normalize } = require('@metamask/eth-sig-util');
+
+// Options:
+const hdPathString = `m/44'/60'/0'/0`;
+const type = 'HD Key Tree';
+
+class HdKeyring extends SimpleKeyring {
+  /* PUBLIC METHODS */
+  constructor(opts = {}) {
+    super();
+    this.type = type;
+    this.deserialize(opts);
+  }
+
+  generateRandomMnemonic() {
+    this._initFromMnemonic(bip39.generateMnemonic());
+  }
+
+  serialize() {
+    const mnemonicAsBuffer =
+      typeof this.mnemonic === 'string'
+        ? Buffer.from(this.mnemonic, 'utf8')
+        : this.mnemonic;
+
+    return Promise.resolve({
+      mnemonic: Array.from(mnemonicAsBuffer.values()),
+      numberOfAccounts: this.wallets.length,
+      hdPath: this.hdPath,
+    });
+  }
+
+  deserialize(opts = {}) {
+    if (this.root) {
+      throw new Error(
+        'Eth-Hd-Keyring: Secret recovery phrase already provided',
+      );
+    }
+
+    this.opts = opts || {};
+    this.wallets = [];
+    this.mnemonic = null;
+    this.root = null;
+    this.hdPath = opts.hdPath || hdPathString;
+
+    if (opts.mnemonic) {
+      this._initFromMnemonic(opts.mnemonic);
+    }
+
+    if (opts.numberOfAccounts) {
+      return this.addAccounts(opts.numberOfAccounts);
+    }
+
+    return Promise.resolve([]);
+  }
+
+  addAccounts(numberOfAccounts = 1) {
+    if (!this.root) {
+      throw new Error('Eth-Hd-Keyring: No secret recovery phrase provided');
+    }
+
+    const oldLen = this.wallets.length;
+    const newWallets = [];
+    for (let i = oldLen; i < numberOfAccounts + oldLen; i++) {
+      const child = this.root.deriveChild(i);
+      const wallet = child.getWallet();
+      newWallets.push(wallet);
+      this.wallets.push(wallet);
+    }
+    const hexWallets = newWallets.map((w) => {
+      return normalize(w.getAddress().toString('hex'));
+    });
+    return Promise.resolve(hexWallets);
+  }
+
+  getAccounts() {
+    return Promise.resolve(
+      this.wallets.map((w) => {
+        return normalize(w.getAddress().toString('hex'));
+      }),
+    );
+  }
+
+  /* PRIVATE METHODS */
+
+  /**
+   * Sets appropriate properties for the keyring based on the given
+   * BIP39-compliant mnemonic.
+   *
+   * @param {string|Array<number>|Buffer} mnemonic - A seed phrase represented
+   * as a string, an array of UTF-8 bytes, or a Buffer. Mnemonic input
+   * passed as type buffer or array of UTF-8 bytes must be NFKD normalized.
+   */
+  _initFromMnemonic(mnemonic) {
+    if (this.root) {
+      throw new Error(
+        'Eth-Hd-Keyring: Secret recovery phrase already provided',
+      );
+    }
+    // validate before initializing
+    const isValid = bip39.validateMnemonic(mnemonic);
+    if (!isValid) {
+      throw new Error(
+        'Eth-Hd-Keyring: Invalid secret recovery phrase provided',
+      );
+    }
+
+    if (typeof mnemonic === 'string') {
+      this.mnemonic = Buffer.from(mnemonic, 'utf8');
+    } else if (Array.isArray(mnemonic)) {
+      this.mnemonic = Buffer.from(mnemonic);
+    } else {
+      this.mnemonic = mnemonic;
+    }
+
+    // eslint-disable-next-line node/no-sync
+    const seed = bip39.mnemonicToSeedSync(mnemonic);
+    this.hdWallet = hdkey.fromMasterSeed(seed);
+    this.root = this.hdWallet.derivePath(this.hdPath);
+  }
+}
+
+HdKeyring.type = type;
+module.exports = HdKeyring;

package/jest.config.js

@@ -0,0 +1,23 @@
+module.exports = {
+  collectCoverage: true,
+  coverageReporters: ['text', 'html'],
+  coverageThreshold: {
+    global: {
+      branches: 84,
+      functions: 100,
+      lines: 96,
+      statements: 96,
+    },
+  },
+  moduleFileExtensions: ['js', 'json', 'jsx', 'ts', 'tsx', 'node'],
+  // "resetMocks" resets all mocks, including mocked modules, to jest.fn(),
+  // between each test case.
+  resetMocks: true,
+  // "restoreMocks" restores all mocks created using jest.spyOn to their
+  // original implementations, between each test. It does not affect mocked
+  // modules.
+  restoreMocks: true,
+  testEnvironment: 'node',
+  testMatch: ['**/test/**/*.js'],
+  testTimeout: 2500,
+};

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "@metamask/eth-hd-keyring",
+  "version": "4.0.0",
+  "description": "A simple standard interface for a seed phrase generated set of Ethereum accounts.",
+  "keywords": [
+    "ethereum",
+    "keyring"
+  ],
+  "homepage": "https://github.com/MetaMask/eth-hd-keyring#readme",
+  "bugs": {
+    "url": "https://github.com/MetaMask/eth-hd-keyring/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/MetaMask/eth-hd-keyring.git"
+  },
+  "license": "ISC",
+  "author": "Dan Finlay",
+  "main": "index.js",
+  "scripts": {
+    "setup": "yarn install && yarn allow-scripts",
+    "lint:eslint": "eslint . --cache --ext js,ts",
+    "lint:misc": "prettier '**/*.json' '**/*.md' '!CHANGELOG.md' '**/*.yml' --ignore-path .gitignore",
+    "lint": "yarn lint:eslint && yarn lint:misc --check",
+    "lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write",
+    "test": "jest"
+  },
+  "dependencies": {
+    "@metamask/bip39": "^4.0.0",
+    "@metamask/eth-sig-util": "^4.0.0",
+    "eth-simple-keyring": "^4.2.0",
+    "ethereumjs-util": "^7.0.9",
+    "ethereumjs-wallet": "^1.0.1"
+  },
+  "devDependencies": {
+    "@lavamoat/allow-scripts": "^1.0.6",
+    "@metamask/auto-changelog": "^2.5.0",
+    "@metamask/eslint-config": "^8.0.0",
+    "@metamask/eslint-config-jest": "^9.0.0",
+    "@metamask/eslint-config-nodejs": "^8.0.0",
+    "@types/jest": "^27.4.1",
+    "eslint": "^7.32.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-import": "^2.24.2",
+    "eslint-plugin-jest": "^24.3.6",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-prettier": "^3.3.1",
+    "jest": "^27.5.1",
+    "prettier": "^2.4.1",
+    "prettier-plugin-packagejson": "^2.2.12"
+  },
+  "engines": {
+    "node": ">= 12.0.0"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "lavamoat": {
+    "allowScripts": {
+      "@lavamoat/preinstall-always-fail": false,
+      "keccak": false,
+      "secp256k1": false
+    }
+  }
+}

package/test/index.js

@@ -0,0 +1,505 @@
+const {
+  normalize,
+  personalSign,
+  recoverPersonalSignature,
+  recoverTypedSignature,
+  signTypedData,
+  SignTypedDataVersion,
+} = require('@metamask/eth-sig-util');
+const ethUtil = require('ethereumjs-util');
+const HdKeyring = require('..');
+
+// Sample account:
+const privKeyHex =
+  'b8a9c05beeedb25df85f8d641538cbffedf67216048de9c678ee26260eb91952';
+
+const sampleMnemonic =
+  'finish oppose decorate face calm tragic certain desk hour urge dinosaur mango';
+const firstAcct = '0x1c96099350f13d558464ec79b9be4445aa0ef579';
+const secondAcct = '0x1b00aed43a693f3a957f9feb5cc08afa031e37a0';
+
+describe('hd-keyring', () => {
+  let keyring;
+  beforeEach(() => {
+    keyring = new HdKeyring();
+  });
+
+  describe('constructor', () => {
+    it('constructs', async () => {
+      keyring = new HdKeyring({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 2,
+      });
+
+      const accounts = await keyring.getAccounts();
+      expect(accounts[0]).toStrictEqual(firstAcct);
+      expect(accounts[1]).toStrictEqual(secondAcct);
+    });
+
+    it('throws on invalid mnemonic', () => {
+      expect(
+        () =>
+          new HdKeyring({
+            mnemonic: 'abc xyz',
+            numberOfAccounts: 2,
+          }),
+      ).toThrow('Eth-Hd-Keyring: Invalid secret recovery phrase provided');
+    });
+  });
+
+  describe('re-initialization protection', () => {
+    const alreadyProvidedError =
+      'Eth-Hd-Keyring: Secret recovery phrase already provided';
+    it('double generateRandomMnemonic', () => {
+      keyring.generateRandomMnemonic();
+      expect(() => {
+        keyring.generateRandomMnemonic();
+      }).toThrow(alreadyProvidedError);
+    });
+
+    it('constructor + generateRandomMnemonic', () => {
+      keyring = new HdKeyring({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 2,
+      });
+
+      expect(() => {
+        keyring.generateRandomMnemonic();
+      }).toThrow(alreadyProvidedError);
+    });
+
+    it('constructor + deserialize', () => {
+      keyring = new HdKeyring({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 2,
+      });
+
+      expect(() => {
+        keyring.deserialize({
+          mnemonic: sampleMnemonic,
+          numberOfAccounts: 1,
+        });
+      }).toThrow(alreadyProvidedError);
+    });
+  });
+
+  describe('Keyring.type', () => {
+    it('is a class property that returns the type string.', () => {
+      const { type } = HdKeyring;
+      expect(typeof type).toBe('string');
+    });
+  });
+
+  describe('#type', () => {
+    it('returns the correct value', () => {
+      const { type } = keyring;
+      const correct = HdKeyring.type;
+      expect(type).toStrictEqual(correct);
+    });
+  });
+
+  describe('#serialize mnemonic.', () => {
+    it('serializes mnemonic class variable into a buffer array and does not add accounts', async () => {
+      keyring.generateRandomMnemonic();
+      const output = await keyring.serialize();
+      expect(output.numberOfAccounts).toBe(0);
+      expect(Array.isArray(output.mnemonic)).toBe(true);
+    });
+  });
+
+  describe('#deserialize a private key', () => {
+    it('serializes what it deserializes', async () => {
+      await keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+      expect(keyring.wallets).toHaveLength(1);
+      await keyring.addAccounts(1);
+      const accounts = await keyring.getAccounts();
+      expect(accounts[0]).toStrictEqual(firstAcct);
+      expect(accounts[1]).toStrictEqual(secondAcct);
+      expect(accounts).toHaveLength(2);
+      const serialized = await keyring.serialize();
+      expect(Buffer.from(serialized.mnemonic).toString()).toStrictEqual(
+        sampleMnemonic,
+      );
+    });
+  });
+
+  describe('#addAccounts', () => {
+    describe('with no arguments', () => {
+      it('creates a single wallet', async () => {
+        keyring.generateRandomMnemonic();
+        await keyring.addAccounts();
+        expect(keyring.wallets).toHaveLength(1);
+      });
+    });
+
+    describe('with a numeric argument', () => {
+      it('creates that number of wallets', async () => {
+        keyring.generateRandomMnemonic();
+        await keyring.addAccounts(3);
+        expect(keyring.wallets).toHaveLength(3);
+      });
+    });
+  });
+
+  describe('#getAccounts', () => {
+    it('calls getAddress on each wallet', async () => {
+      // Push a mock wallet
+      const desiredOutput = 'foo';
+      keyring.wallets.push({
+        getAddress() {
+          return {
+            toString() {
+              return desiredOutput;
+            },
+          };
+        },
+      });
+
+      const output = await keyring.getAccounts();
+      expect(output[0]).toBe(`0x${desiredOutput}`);
+      expect(output).toHaveLength(1);
+    });
+  });
+
+  describe('#signPersonalMessage', () => {
+    it('returns the expected value', async () => {
+      const address = firstAcct;
+      const message = '0x68656c6c6f20776f726c64';
+
+      await keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+      const signature = await keyring.signPersonalMessage(address, message);
+      expect(signature).not.toBe(message);
+
+      const restored = recoverPersonalSignature({
+        data: message,
+        signature,
+      });
+
+      expect(restored).toStrictEqual(normalize(address));
+    });
+  });
+
+  describe('#signTypedData', () => {
+    it('can recover a basic signature', async () => {
+      Buffer.from(privKeyHex, 'hex');
+
+      const typedData = [
+        {
+          type: 'string',
+          name: 'message',
+          value: 'Hi, Alice!',
+        },
+      ];
+      keyring.generateRandomMnemonic();
+      await keyring.addAccounts(1);
+      const addresses = await keyring.getAccounts();
+      const address = addresses[0];
+      const signature = await keyring.signTypedData(address, typedData);
+      const restored = recoverTypedSignature({
+        data: typedData,
+        signature,
+        version: SignTypedDataVersion.V1,
+      });
+      expect(restored).toStrictEqual(address);
+    });
+  });
+
+  describe('#signTypedData_v1', () => {
+    const typedData = [
+      {
+        type: 'string',
+        name: 'message',
+        value: 'Hi, Alice!',
+      },
+    ];
+
+    it('signs in a compliant and recoverable way', async () => {
+      keyring.generateRandomMnemonic();
+      await keyring.addAccounts(1);
+      const addresses = await keyring.getAccounts();
+      const address = addresses[0];
+      const signature = await keyring.signTypedData_v1(address, typedData);
+      const restored = recoverTypedSignature({
+        data: typedData,
+        signature,
+        version: SignTypedDataVersion.V1,
+      });
+      expect(restored).toStrictEqual(address);
+    });
+  });
+
+  describe('#signTypedData_v3', () => {
+    it('signs in a compliant and recoverable way', async () => {
+      const typedData = {
+        types: {
+          EIP712Domain: [],
+        },
+        domain: {},
+        primaryType: 'EIP712Domain',
+        message: {},
+      };
+
+      await keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+      const addresses = await keyring.getAccounts();
+      const address = addresses[0];
+      const signature = await keyring.signTypedData_v3(address, typedData);
+      const restored = recoverTypedSignature({
+        data: typedData,
+        signature,
+        version: SignTypedDataVersion.V3,
+      });
+      expect(restored).toStrictEqual(address);
+    });
+  });
+
+  describe('#signTypedData_v3 signature verification', () => {
+    it('signs in a recoverable way.', async () => {
+      const typedData = {
+        types: {
+          EIP712Domain: [
+            { name: 'name', type: 'string' },
+            { name: 'version', type: 'string' },
+            { name: 'chainId', type: 'uint256' },
+            { name: 'verifyingContract', type: 'address' },
+          ],
+          Person: [
+            { name: 'name', type: 'string' },
+            { name: 'wallet', type: 'address' },
+          ],
+          Mail: [
+            { name: 'from', type: 'Person' },
+            { name: 'to', type: 'Person' },
+            { name: 'contents', type: 'string' },
+          ],
+        },
+        primaryType: 'Mail',
+        domain: {
+          name: 'Ether Mail',
+          version: '1',
+          chainId: 1,
+          verifyingContract: '0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC',
+        },
+        message: {
+          from: {
+            name: 'Cow',
+            wallet: '0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826',
+          },
+          to: {
+            name: 'Bob',
+            wallet: '0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB',
+          },
+          contents: 'Hello, Bob!',
+        },
+      };
+
+      keyring.generateRandomMnemonic();
+      await keyring.addAccounts(1);
+      const addresses = await keyring.getAccounts();
+      const address = addresses[0];
+      const signature = await keyring.signTypedData_v3(address, typedData);
+      const restored = recoverTypedSignature({
+        data: typedData,
+        signature,
+        version: SignTypedDataVersion.V3,
+      });
+      expect(restored).toStrictEqual(address);
+    });
+  });
+
+  describe('custom hd paths', () => {
+    it('can deserialize with an hdPath param and generate the same accounts.', async () => {
+      const hdPathString = `m/44'/60'/0'/0`;
+      keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+        hdPath: hdPathString,
+      });
+      const addresses = await keyring.getAccounts();
+      expect(addresses[0]).toStrictEqual(firstAcct);
+      const serialized = await keyring.serialize();
+      expect(serialized.hdPath).toStrictEqual(hdPathString);
+    });
+
+    it('can deserialize with an hdPath param and generate different accounts.', async () => {
+      const hdPathString = `m/44'/60'/0'/1`;
+
+      keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+        hdPath: hdPathString,
+      });
+      const addresses = await keyring.getAccounts();
+      expect(addresses[0]).not.toBe(firstAcct);
+      const serialized = await keyring.serialize();
+      expect(serialized.hdPath).toStrictEqual(hdPathString);
+    });
+  });
+
+  // eslint-disable-next-line
+  /*
+  describe('create and restore 1k accounts', function () {
+    it('should restore same accounts with no problem', async function () {
+      this.timeout(20000)
+
+      for (let i = 0; i < 1e3; i++) {
+
+        keyring = new HdKeyring({
+          numberOfAccounts: 1,
+        })
+        const originalAccounts = await keyring.getAccounts()
+        const serialized = await keyring.serialize()
+        const mnemonic = serialized.mnemonic
+
+        keyring = new HdKeyring({
+          numberOfAccounts: 1,
+          mnemonic,
+        })
+        const restoredAccounts = await keyring.getAccounts()
+
+        const first = originalAccounts[0]
+        const restored = restoredAccounts[0]
+        const msg = `Should restore same account from mnemonic: "${mnemonic}"`
+        assert.equal(restoredAccounts[0], originalAccounts[0], msg)
+
+      }
+
+      return true
+    })
+  })
+  */
+
+  describe('getAppKeyAddress', () => {
+    it('should return a public address custom to the provided app key origin', async () => {
+      const address = firstAcct;
+
+      keyring = new HdKeyring({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+      const appKeyAddress = await keyring.getAppKeyAddress(
+        address,
+        'someapp.origin.io',
+      );
+
+      expect(address).not.toBe(appKeyAddress);
+      expect(ethUtil.isValidAddress(appKeyAddress)).toBe(true);
+
+      const accounts = await keyring.getAccounts();
+      expect(accounts[0]).toStrictEqual(firstAcct);
+    });
+
+    it('should return different addresses when provided different app key origins', async () => {
+      keyring = new HdKeyring({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+
+      const address = firstAcct;
+
+      const appKeyAddress1 = await keyring.getAppKeyAddress(
+        address,
+        'someapp.origin.io',
+      );
+
+      expect(ethUtil.isValidAddress(appKeyAddress1)).toBe(true);
+
+      const appKeyAddress2 = await keyring.getAppKeyAddress(
+        address,
+        'anotherapp.origin.io',
+      );
+
+      expect(ethUtil.isValidAddress(appKeyAddress2)).toBe(true);
+
+      expect(appKeyAddress1).not.toBe(appKeyAddress2);
+    });
+
+    it('should return the same address when called multiple times with the same params', async () => {
+      keyring = new HdKeyring({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+
+      const address = firstAcct;
+
+      const appKeyAddress1 = await keyring.getAppKeyAddress(
+        address,
+        'someapp.origin.io',
+      );
+
+      expect(ethUtil.isValidAddress(appKeyAddress1)).toBe(true);
+
+      const appKeyAddress2 = await keyring.getAppKeyAddress(
+        address,
+        'someapp.origin.io',
+      );
+
+      expect(ethUtil.isValidAddress(appKeyAddress2)).toBe(true);
+
+      expect(appKeyAddress1).toStrictEqual(appKeyAddress2);
+    });
+  });
+
+  describe('signing methods withAppKeyOrigin option', () => {
+    it('should signPersonalMessage with the expected key when passed a withAppKeyOrigin', async () => {
+      const address = firstAcct;
+      const message = '0x68656c6c6f20776f726c64';
+
+      const privateKey = Buffer.from(
+        '8e82d2d74c50e5c8460f771d38a560ebe1151a9134c65a7e92b28ad0cfae7151',
+        'hex',
+      );
+      const expectedSig = personalSign({ privateKey, data: message });
+
+      await keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+      const sig = await keyring.signPersonalMessage(address, message, {
+        withAppKeyOrigin: 'someapp.origin.io',
+      });
+
+      expect(sig).toStrictEqual(expectedSig);
+    });
+
+    it('should signTypedData with the expected key when passed a withAppKeyOrigin', async () => {
+      const address = firstAcct;
+      const typedData = {
+        types: {
+          EIP712Domain: [],
+        },
+        domain: {},
+        primaryType: 'EIP712Domain',
+        message: {},
+      };
+
+      const privateKey = Buffer.from(
+        '8e82d2d74c50e5c8460f771d38a560ebe1151a9134c65a7e92b28ad0cfae7151',
+        'hex',
+      );
+      const expectedSig = signTypedData({
+        privateKey,
+        data: typedData,
+        version: SignTypedDataVersion.V3,
+      });
+
+      await keyring.deserialize({
+        mnemonic: sampleMnemonic,
+        numberOfAccounts: 1,
+      });
+
+      const sig = await keyring.signTypedData_v3(address, typedData, {
+        withAppKeyOrigin: 'someapp.origin.io',
+      });
+      expect(sig).toStrictEqual(expectedSig);
+    });
+  });
+});