Commit boost API - Generate Proxy Key, Signing Request

CHANGELOG.md

@@ -8,6 +8,7 @@
 - Java 21 for build and runtime. [#995](https://github.com/Consensys/web3signer/pull/995)
 - Electra fork support. [#1020](https://github.com/Consensys/web3signer/pull/1020) and [#1023](https://github.com/Consensys/web3signer/pull/1023)
 - Commit boost API - Get Public Keys. [#1031](https://github.com/Consensys/web3signer/pull/1031)
+- Commit boost API - Generate Proxy Keys. [#1033](https://github.com/Consensys/web3signer/pull/1033)
 
 ### Bugs fixed
 - Override protobuf-java to 3.25.5 which is a transitive dependency from google-cloud-secretmanager. It fixes CVE-2024-7254.

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/Signer.java

@@ -19,6 +19,7 @@
 import static tech.pegasys.web3signer.signing.KeyType.BLS;
 
 import tech.pegasys.web3signer.core.service.http.SigningObjectMapperFactory;
+import tech.pegasys.web3signer.core.service.http.handlers.commitboost.json.SignRequestType;
 import tech.pegasys.web3signer.core.service.http.handlers.signing.eth2.Eth2SigningRequestBody;
 import tech.pegasys.web3signer.dsl.Accounts;
 import tech.pegasys.web3signer.dsl.Eth;
@@ -47,6 +48,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.tuweni.bytes.Bytes;
+import org.apache.tuweni.bytes.Bytes32;
 import org.web3j.protocol.Web3j;
 import org.web3j.protocol.core.Ethereum;
 import org.web3j.protocol.core.JsonRpc2_0Web3j;
@@ -187,6 +189,34 @@ public Response callApiPublicKeys(final KeyType keyType) {
     return given().baseUri(getUrl()).get(publicKeysPath(keyType));
   }
 
+  public Response callCommitBoostGetPubKeys() {
+    return given().baseUri(getUrl()).get("/signer/v1/get_pubkeys");
+  }
+
+  public Response callCommitBoostGenerateProxyKey(final String pubkey, final String scheme) {
+    return given()
+        .baseUri(getUrl())
+        .contentType(ContentType.JSON)
+        .body(new JsonObject().put("pubkey", pubkey).put("scheme", scheme).toString())
+        .post("/signer/v1/generate_proxy_key");
+  }
+
+  public Response callCommitBoostReqeustForSignature(
+      final SignRequestType type, final String pubkey, final Bytes32 objectRoot) {
+    return given()
+        .baseUri(getUrl())
+        .contentType(ContentType.JSON)
+        .log()
+        .all()
+        .body(
+            new JsonObject()
+                .put("type", type.name().toLowerCase())
+                .put("pubkey", pubkey)
+                .put("object_root", objectRoot.toHexString())
+                .toString())
+        .post("/signer/v1/request_signature");
+  }
+
   public List<String> listPublicKeys(final KeyType keyType) {
     return callApiPublicKeys(keyType).as(new TypeRef<>() {});
   }

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java

@@ -18,6 +18,7 @@
 import tech.pegasys.web3signer.dsl.tls.TlsCertificateDefinition;
 import tech.pegasys.web3signer.signing.config.AwsVaultParameters;
 import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters;
+import tech.pegasys.web3signer.signing.config.CommitBoostParameters;
 import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters;
 import tech.pegasys.web3signer.signing.config.KeystoresParameters;
 
@@ -81,6 +82,7 @@ public class SignerConfiguration {
   private final Optional<KeystoresParameters> v3KeystoresBulkloadParameters;
 
   private final boolean signingExtEnabled;
+  private final CommitBoostParameters commitBoostParameters;
 
   public SignerConfiguration(
       final String hostname,
@@ -128,7 +130,8 @@ public SignerConfiguration(
       final Optional<ClientTlsOptions> downstreamTlsOptions,
       final ChainIdProvider chainIdProvider,
       final Optional<KeystoresParameters> v3KeystoresBulkloadParameters,
-      final boolean signingExtEnabled) {
+      final boolean signingExtEnabled,
+      final CommitBoostParameters commitBoostParameters) {
     this.hostname = hostname;
     this.logLevel = logLevel;
     this.httpRpcPort = httpRpcPort;
@@ -175,6 +178,7 @@ public SignerConfiguration(
     this.chainIdProvider = chainIdProvider;
     this.v3KeystoresBulkloadParameters = v3KeystoresBulkloadParameters;
     this.signingExtEnabled = signingExtEnabled;
+    this.commitBoostParameters = commitBoostParameters;
   }
 
   public String hostname() {
@@ -368,4 +372,8 @@ public Optional<KeystoresParameters> getV3KeystoresBulkloadParameters() {
   public boolean isSigningExtEnabled() {
     return signingExtEnabled;
   }
+
+  public Optional<CommitBoostParameters> getCommitBoostParameters() {
+    return Optional.ofNullable(commitBoostParameters);
+  }
 }

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java

@@ -22,6 +22,7 @@
 import tech.pegasys.web3signer.dsl.tls.TlsCertificateDefinition;
 import tech.pegasys.web3signer.signing.config.AwsVaultParameters;
 import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters;
+import tech.pegasys.web3signer.signing.config.CommitBoostParameters;
 import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters;
 import tech.pegasys.web3signer.signing.config.KeystoresParameters;
 
@@ -85,6 +86,7 @@ public class SignerConfigurationBuilder {
   private KeystoresParameters v3KeystoresBulkloadParameters;
 
   private boolean signingExtEnabled;
+  private CommitBoostParameters commitBoostParameters;
 
   public SignerConfigurationBuilder withLogLevel(final Level logLevel) {
     this.logLevel = logLevel;
@@ -331,6 +333,12 @@ public SignerConfigurationBuilder withSigningExtEnabled(final boolean signingExt
     return this;
   }
 
+  public SignerConfigurationBuilder withCommitBoostParameters(
+      final CommitBoostParameters commitBoostParameters) {
+    this.commitBoostParameters = commitBoostParameters;
+    return this;
+  }
+
   public SignerConfiguration build() {
     if (mode == null) {
       throw new IllegalArgumentException("Mode cannot be null");
@@ -381,6 +389,7 @@ public SignerConfiguration build() {
         Optional.ofNullable(downstreamTlsOptions),
         chainIdProvider,
         Optional.ofNullable(v3KeystoresBulkloadParameters),
-        signingExtEnabled);
+        signingExtEnabled,
+        commitBoostParameters);
   }
 }

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java

@@ -41,6 +41,7 @@
 import tech.pegasys.web3signer.dsl.utils.DatabaseUtil;
 import tech.pegasys.web3signer.signing.config.AwsVaultParameters;
 import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters;
+import tech.pegasys.web3signer.signing.config.CommitBoostParameters;
 import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters;
 import tech.pegasys.web3signer.signing.config.KeystoresParameters;
 
@@ -163,6 +164,12 @@ public List<String> createCmdLineParams() {
             String.format(YAML_BOOLEAN_FMT, "eth2.Xsigning-ext-enabled", Boolean.TRUE));
       }
 
+      signerConfig
+          .getCommitBoostParameters()
+          .ifPresent(
+              commitBoostParameters ->
+                  appendCommitBoostParameters(commitBoostParameters, yamlConfig));
+
       final CommandArgs subCommandArgs = createSubCommandArgs();
       params.addAll(subCommandArgs.params);
       yamlConfig.append(subCommandArgs.yamlConfig);
@@ -204,6 +211,23 @@ public List<String> createCmdLineParams() {
     return params;
   }
 
+  private static void appendCommitBoostParameters(
+      final CommitBoostParameters commitBoostParameters, final StringBuilder yamlConfig) {
+    yamlConfig.append(
+        String.format(
+            YAML_BOOLEAN_FMT, "eth2.commit-boost-api-enabled", commitBoostParameters.isEnabled()));
+    yamlConfig.append(
+        String.format(
+            YAML_STRING_FMT,
+            "eth2.proxy-keystores-path",
+            commitBoostParameters.getProxyKeystoresPath().toAbsolutePath()));
+    yamlConfig.append(
+        String.format(
+            YAML_STRING_FMT,
+            "eth2.proxy-keystores-password-file",
+            commitBoostParameters.getProxyKeystoresPasswordFile().toAbsolutePath()));
+  }
+
   private Consumer<? super KeystoresParameters> setV3KeystoresBulkloadParameters(
       final StringBuilder yamlConfig) {
     return keystoresParameters -> {

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java

@@ -41,6 +41,7 @@
 import tech.pegasys.web3signer.dsl.utils.DatabaseUtil;
 import tech.pegasys.web3signer.signing.config.AwsVaultParameters;
 import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters;
+import tech.pegasys.web3signer.signing.config.CommitBoostParameters;
 import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters;
 import tech.pegasys.web3signer.signing.config.KeystoresParameters;
 
@@ -138,6 +139,12 @@ public List<String> createCmdLineParams() {
       if (signerConfig.isSigningExtEnabled()) {
         params.add("--Xsigning-ext-enabled=true");
       }
+
+      signerConfig
+          .getCommitBoostParameters()
+          .ifPresent(
+              commitBoostParameters -> params.addAll(commitBoostOptions(commitBoostParameters)));
+
     } else if (signerConfig.getMode().equals("eth1")) {
       params.add("--downstream-http-port");
       params.add(Integer.toString(signerConfig.getDownstreamHttpPort()));
@@ -160,6 +167,15 @@ public List<String> createCmdLineParams() {
     return params;
   }
 
+  private static List<String> commitBoostOptions(CommitBoostParameters commitBoostParameters) {
+    return List.of(
+        "--commit-boost-api-enabled=" + commitBoostParameters.isEnabled(),
+        "--proxy-keystores-path",
+        commitBoostParameters.getProxyKeystoresPath().toAbsolutePath().toString(),
+        "--proxy-keystores-password-file",
+        commitBoostParameters.getProxyKeystoresPasswordFile().toAbsolutePath().toString());
+  }
+
   private static Consumer<KeystoresParameters> setV3KeystoresBulkloadParameters(
       final List<String> params) {
     return keystoresParameters -> {

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/utils/CommitBoostATParameters.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2024 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.web3signer.dsl.utils;
+
+import tech.pegasys.web3signer.signing.config.CommitBoostParameters;
+
+import java.nio.file.Path;
+import java.util.Objects;
+
+public class CommitBoostATParameters implements CommitBoostParameters {
+  private final boolean enabled;
+  private final Path proxyKeystoresPath;
+  private final Path proxyKeystoresPasswordFile;
+
+  public CommitBoostATParameters(
+      final boolean enabled, final Path proxyKeystoresPath, final Path proxyKeystoresPasswordFile) {
+    this.enabled = enabled;
+    this.proxyKeystoresPath = proxyKeystoresPath;
+    this.proxyKeystoresPasswordFile = proxyKeystoresPasswordFile;
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return enabled;
+  }
+
+  @Override
+  public Path getProxyKeystoresPath() {
+    return proxyKeystoresPath;
+  }
+
+  @Override
+  public Path getProxyKeystoresPasswordFile() {
+    return proxyKeystoresPasswordFile;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (!(o instanceof CommitBoostATParameters that)) return false;
+    return enabled == that.enabled
+        && Objects.equals(proxyKeystoresPath, that.proxyKeystoresPath)
+        && Objects.equals(proxyKeystoresPasswordFile, that.proxyKeystoresPasswordFile);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(enabled, proxyKeystoresPath, proxyKeystoresPasswordFile);
+  }
+}

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/utils/Eth2RequestUtils.java

@@ -13,7 +13,7 @@
 package tech.pegasys.web3signer.dsl.utils;
 
 import static java.util.Collections.emptyList;
-import static tech.pegasys.web3signer.core.util.DepositSigningRootUtil.computeDomain;
+import static tech.pegasys.web3signer.core.util.Web3SignerSigningRootUtil.computeDomain;
 
 import tech.pegasys.teku.api.schema.AggregateAndProof;
 import tech.pegasys.teku.api.schema.Attestation;
@@ -48,7 +48,7 @@
 import tech.pegasys.web3signer.core.service.http.handlers.signing.eth2.RandaoReveal;
 import tech.pegasys.web3signer.core.service.http.handlers.signing.eth2.SyncCommitteeMessage;
 import tech.pegasys.web3signer.core.service.http.handlers.signing.eth2.ValidatorRegistration;
-import tech.pegasys.web3signer.core.util.DepositSigningRootUtil;
+import tech.pegasys.web3signer.core.util.Web3SignerSigningRootUtil;
 
 import java.util.Random;
 import java.util.concurrent.ExecutionException;
@@ -216,7 +216,7 @@ private static Eth2SigningRequestBody createDepositRequest() {
             genesisForkVersion);
     final Bytes32 depositDomain = computeDomain(Domain.DEPOSIT, genesisForkVersion, Bytes32.ZERO);
     final Bytes signingRoot =
-        DepositSigningRootUtil.computeSigningRoot(
+        Web3SignerSigningRootUtil.computeSigningRoot(
             depositMessage.asInternalDepositMessage(), depositDomain);
     return Eth2SigningRequestBodyBuilder.anEth2SigningRequestBody()
         .withType(ArtifactType.DEPOSIT)

acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/bulkloading/SecpV3KeystoresBulkLoadAcceptanceTest.java

@@ -60,7 +60,8 @@ static void initV3Keystores() throws IOException, GeneralSecurityException, Ciph
     publicKeys = new ArrayList<>();
     for (int i = 0; i < 4; i++) {
       final ECKeyPair ecKeyPair = Keys.createEcKeyPair();
-      final ECPublicKey ecPublicKey = EthPublicKeyUtils.createPublicKey(ecKeyPair.getPublicKey());
+      final ECPublicKey ecPublicKey =
+          EthPublicKeyUtils.bigIntegerToECPublicKey(ecKeyPair.getPublicKey());
       final String publicKeyHex =
           IdentifierUtils.normaliseIdentifier(EthPublicKeyUtils.toHexString(ecPublicKey));
       publicKeys.add(publicKeyHex);