Replace Signers bls-keystore library with Teku bls-keystore (#879)

acceptance-tests/build.gradle

@@ -46,8 +46,8 @@ dependencies {
   testImplementation 'org.assertj:assertj-core'
   testImplementation 'org.awaitility:awaitility'
   testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml'
-  testImplementation 'tech.pegasys.signers.internal:bls-keystore'
   testImplementation 'tech.pegasys.teku.internal:bls'
+  testImplementation 'tech.pegasys.teku.internal:bls-keystore'
   testImplementation 'tech.pegasys.teku.internal:spec'
   testImplementation 'tech.pegasys.teku.internal:networks'
   testImplementation 'tech.pegasys.teku.internal:json'

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/utils/MetadataFileHelpers.java

@@ -13,18 +13,18 @@
 package tech.pegasys.web3signer.dsl.utils;
 
 import static org.assertj.core.api.AssertionsForClassTypes.fail;
-import static tech.pegasys.signers.bls.keystore.model.Pbkdf2PseudoRandomFunction.HMAC_SHA256;
-
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.model.Cipher;
-import tech.pegasys.signers.bls.keystore.model.CipherFunction;
-import tech.pegasys.signers.bls.keystore.model.KdfFunction;
-import tech.pegasys.signers.bls.keystore.model.KdfParam;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
-import tech.pegasys.signers.bls.keystore.model.Pbkdf2Param;
-import tech.pegasys.signers.bls.keystore.model.SCryptParam;
+import static tech.pegasys.teku.bls.keystore.model.Pbkdf2PseudoRandomFunction.HMAC_SHA256;
+
 import tech.pegasys.teku.bls.BLSKeyPair;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.model.Cipher;
+import tech.pegasys.teku.bls.keystore.model.CipherFunction;
+import tech.pegasys.teku.bls.keystore.model.KdfFunction;
+import tech.pegasys.teku.bls.keystore.model.KdfParam;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
+import tech.pegasys.teku.bls.keystore.model.Pbkdf2Param;
+import tech.pegasys.teku.bls.keystore.model.SCryptParam;
 import tech.pegasys.web3signer.common.config.AwsAuthenticationMode;
 import tech.pegasys.web3signer.dsl.HashicorpSigningParams;
 import tech.pegasys.web3signer.keystore.hashicorp.dsl.certificates.CertificateHelpers;

acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/keymanager/KeyManagerTestBase.java

@@ -18,13 +18,13 @@
 import static tech.pegasys.web3signer.signing.KeyType.BLS;
 import static tech.pegasys.web3signer.tests.keymanager.SlashingProtectionDataChoice.WITHOUT_SLASHING_PROTECTION_DATA;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.model.KdfFunction;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
 import tech.pegasys.teku.bls.BLSKeyPair;
 import tech.pegasys.teku.bls.BLSPublicKey;
 import tech.pegasys.teku.bls.BLSSecretKey;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.model.KdfFunction;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
 import tech.pegasys.web3signer.dsl.signer.Signer;
 import tech.pegasys.web3signer.dsl.signer.SignerConfigurationBuilder;
 import tech.pegasys.web3signer.dsl.utils.MetadataFileHelpers;
@@ -125,7 +125,7 @@ protected String createBlsKey(
       throws URISyntaxException {
     final Path keystoreFilePath =
         Path.of(new File(Resources.getResource(keystoreFile).toURI()).getAbsolutePath());
-    final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFilePath);
+    final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFilePath.toUri());
     final Bytes privateKey = KeyStore.decrypt(password, keyStoreData);
     return createKeystoreYamlFile(signerKeystoreDirectory, privateKey.toHexString());
   }

acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/signing/BlsSigningAcceptanceTest.java

@@ -18,12 +18,12 @@
 import static java.util.Collections.singletonMap;
 import static org.assertj.core.api.Assertions.assertThat;
 
-import tech.pegasys.signers.bls.keystore.model.KdfFunction;
 import tech.pegasys.teku.bls.BLS;
 import tech.pegasys.teku.bls.BLSKeyPair;
 import tech.pegasys.teku.bls.BLSPublicKey;
 import tech.pegasys.teku.bls.BLSSecretKey;
 import tech.pegasys.teku.bls.BLSSignature;
+import tech.pegasys.teku.bls.keystore.model.KdfFunction;
 import tech.pegasys.teku.spec.SpecMilestone;
 import tech.pegasys.teku.spec.networks.Eth2Network;
 import tech.pegasys.web3signer.AwsSecretsManagerUtil;

core/build.gradle

@@ -42,7 +42,7 @@ dependencies {
   implementation 'org.jdbi:jdbi3-core'
   implementation 'org.web3j:crypto'
   implementation 'org.web3j:besu'
-  implementation 'tech.pegasys.signers.internal:bls-keystore'
+  implementation 'tech.pegasys.teku.internal:bls-keystore'
   implementation 'tech.pegasys.teku.internal:serializer'
   implementation 'tech.pegasys.teku.internal:spec'
   implementation 'tech.pegasys.teku.internal:unsigned'

gradle/versions.gradle

@@ -94,6 +94,9 @@ dependencyManagement {
       entry ('bls') {
         exclude group: 'org.bouncycastle', name: 'bcprov-jdk15on'
       }
+      entry ('bls-keystore') {
+        exclude group: 'org.bouncycastle', name: 'bcprov-jdk15on'
+      }
       entry ('spec') {
         exclude group: 'org.bouncycastle', name: 'bcprov-jdk15on'
       }
@@ -107,12 +110,6 @@ dependencyManagement {
 
     dependency 'tech.pegasys:jblst:0.3.8'
 
-    dependencySet(group: 'tech.pegasys.signers.internal', version: '2.2.10') {
-      entry ('bls-keystore') {
-        exclude group: 'org.bouncycastle', name: 'bcprov-jdk15on'
-      }
-    }
-
     dependency 'io.rest-assured:rest-assured:4.4.0'
     dependency 'org.zeroturnaround:zt-exec:1.12'
     dependencySet(group: 'org.web3j', version: '4.9.5') {

signing/build.gradle

@@ -28,8 +28,8 @@ dependencies {
   implementation 'org.hyperledger.besu.internal:metrics-core'
   implementation 'org.hyperledger.besu:plugin-api'
   implementation 'org.web3j:core'
-  implementation 'tech.pegasys.signers.internal:bls-keystore'
   implementation 'tech.pegasys.teku.internal:bls'
+  implementation 'tech.pegasys.teku.internal:bls-keystore'
   implementation 'tech.pegasys.teku.internal:serializer'
   implementation 'tech.pegasys.teku.internal:jackson'
   implementation 'tech.pegasys.teku.internal:spec'
@@ -60,7 +60,7 @@ dependencies {
   testFixturesImplementation 'org.apache.logging.log4j:log4j-api'
   testFixturesImplementation 'org.apache.logging.log4j:log4j-core'
   testFixturesImplementation 'org.apache.tuweni:tuweni-bytes'
-  testFixturesImplementation 'tech.pegasys.signers.internal:bls-keystore'
+  testFixturesImplementation 'tech.pegasys.teku.internal:bls-keystore'
   testFixturesImplementation 'software.amazon.awssdk:auth'
   testFixturesImplementation 'software.amazon.awssdk:secretsmanager'
   testFixturesImplementation 'software.amazon.awssdk:kms'

signing/src/main/java/tech/pegasys/web3signer/signing/FileValidatorManager.java

@@ -12,11 +12,11 @@
  */
 package tech.pegasys.web3signer.signing;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreValidationException;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
 import tech.pegasys.teku.bls.BLSKeyPair;
 import tech.pegasys.teku.bls.BLSSecretKey;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreValidationException;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
 import tech.pegasys.web3signer.signing.config.metadata.SignerOrigin;
 
 import java.io.IOException;

signing/src/main/java/tech/pegasys/web3signer/signing/KeystoreFileManager.java

@@ -12,8 +12,8 @@
  */
 package tech.pegasys.web3signer.signing;
 
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
 import tech.pegasys.web3signer.signing.config.metadata.FileKeyStoreMetadata;
 import tech.pegasys.web3signer.signing.config.metadata.SigningMetadata;
 import tech.pegasys.web3signer.signing.util.IdentifierUtils;
@@ -116,7 +116,8 @@ private Optional<List<Path>> findKeystoreConfigFiles(final String pubkey) throws
                         final FileKeyStoreMetadata info = ((FileKeyStoreMetadata) metaDataInfo);
                         final Path keystoreFile = info.getKeystoreFile();
                         final Path passwordFile = info.getKeystorePasswordFile();
-                        final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFile);
+                        final KeyStoreData keyStoreData =
+                            KeyStoreLoader.loadFromFile(keystoreFile.toUri());
                         final String decodedPubKey =
                             IdentifierUtils.normaliseIdentifier(
                                 keyStoreData

signing/src/main/java/tech/pegasys/web3signer/signing/bulkloading/BlsKeystoreBulkLoader.java

@@ -12,12 +12,12 @@
  */
 package tech.pegasys.web3signer.signing.bulkloading;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.KeyStoreValidationException;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
 import tech.pegasys.teku.bls.BLSKeyPair;
 import tech.pegasys.teku.bls.BLSSecretKey;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.KeyStoreValidationException;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
 import tech.pegasys.web3signer.keystorage.common.MappedResults;
 import tech.pegasys.web3signer.signing.ArtifactSigner;
 import tech.pegasys.web3signer.signing.BlsArtifactSigner;
@@ -86,7 +86,7 @@ private MappedResults<ArtifactSigner> createSignerForKeystore(
       final Path keystoreFile, final PasswordRetriever passwordRetriever) {
     try {
       LOG.debug("Loading keystore {}", keystoreFile);
-      final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFile);
+      final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFile.toUri());
       final String key = FilenameUtils.removeExtension(keystoreFile.getFileName().toString());
       final String password = passwordRetriever.retrievePassword(key);
       final Bytes privateKey = KeyStore.decrypt(password, keyStoreData);

signing/src/main/java/tech/pegasys/web3signer/signing/config/metadata/BlsArtifactSignerFactory.java

@@ -12,12 +12,12 @@
  */
 package tech.pegasys.web3signer.signing.config.metadata;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.KeyStoreValidationException;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
 import tech.pegasys.teku.bls.BLSKeyPair;
 import tech.pegasys.teku.bls.BLSSecretKey;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.KeyStoreValidationException;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
 import tech.pegasys.web3signer.common.Web3SignerMetricCategory;
 import tech.pegasys.web3signer.keystorage.aws.AwsSecretsManager;
 import tech.pegasys.web3signer.keystorage.aws.AwsSecretsManagerProvider;
@@ -140,7 +140,7 @@ private ArtifactSigner createKeystoreArtifact(final FileKeyStoreMetadata fileKey
     final Path keystorePasswordFile =
         makeRelativePathAbsolute(fileKeyStoreMetadata.getKeystorePasswordFile());
     try {
-      final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFile);
+      final KeyStoreData keyStoreData = KeyStoreLoader.loadFromFile(keystoreFile.toUri());
       final String password = loadPassword(keystorePasswordFile);
       final Bytes privateKey = KeyStore.decrypt(password, keyStoreData);
       final BLSKeyPair keyPair = new BLSKeyPair(BLSSecretKey.fromBytes(Bytes32.wrap(privateKey)));

signing/src/test/java/tech/pegasys/web3signer/signing/FileValidatorManagerTest.java

@@ -16,14 +16,14 @@
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
-import static tech.pegasys.signers.bls.keystore.model.Pbkdf2PseudoRandomFunction.HMAC_SHA256;
+import static tech.pegasys.teku.bls.keystore.model.Pbkdf2PseudoRandomFunction.HMAC_SHA256;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.model.Cipher;
-import tech.pegasys.signers.bls.keystore.model.CipherFunction;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
-import tech.pegasys.signers.bls.keystore.model.Pbkdf2Param;
 import tech.pegasys.teku.bls.BLSKeyPair;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.model.Cipher;
+import tech.pegasys.teku.bls.keystore.model.CipherFunction;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
+import tech.pegasys.teku.bls.keystore.model.Pbkdf2Param;
 import tech.pegasys.web3signer.BLSTestUtil;
 import tech.pegasys.web3signer.signing.config.metadata.parser.SigningMetadataModule;
 import tech.pegasys.web3signer.signing.config.metadata.parser.YamlMapperFactory;

signing/src/test/java/tech/pegasys/web3signer/signing/config/metadata/BlsArtifactSignerFactoryTest.java

@@ -16,15 +16,15 @@
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.AssertionsForClassTypes.fail;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.model.Cipher;
-import tech.pegasys.signers.bls.keystore.model.CipherFunction;
-import tech.pegasys.signers.bls.keystore.model.KdfParam;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
-import tech.pegasys.signers.bls.keystore.model.SCryptParam;
 import tech.pegasys.teku.bls.BLSKeyPair;
 import tech.pegasys.teku.bls.BLSPublicKey;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.model.Cipher;
+import tech.pegasys.teku.bls.keystore.model.CipherFunction;
+import tech.pegasys.teku.bls.keystore.model.KdfParam;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
+import tech.pegasys.teku.bls.keystore.model.SCryptParam;
 import tech.pegasys.web3signer.BLSTestUtil;
 import tech.pegasys.web3signer.keystorage.aws.AwsSecretsManagerProvider;
 import tech.pegasys.web3signer.keystorage.hashicorp.HashicorpConnectionFactory;
@@ -148,7 +148,8 @@ void nonExistentKeyStoreThrowsError() {
 
     assertThatThrownBy(() -> artifactSignerFactory.create(fileKeyStoreMetadata))
         .isInstanceOf(SigningMetadataException.class)
-        .hasMessage("KeyStore file not found: " + nonExistingKeystoreFile);
+        .hasMessageStartingWith("KeyStore file not found")
+        .hasMessageContaining(nonExistingKeystoreFile.toString());
   }
 
   @Test

signing/src/testFixtures/java/tech/pegasys/web3signer/KeystoreUtil.java

@@ -12,16 +12,16 @@
  */
 package tech.pegasys.web3signer;
 
-import static tech.pegasys.signers.bls.keystore.model.Pbkdf2PseudoRandomFunction.HMAC_SHA256;
+import static tech.pegasys.teku.bls.keystore.model.Pbkdf2PseudoRandomFunction.HMAC_SHA256;
 
-import tech.pegasys.signers.bls.keystore.KeyStore;
-import tech.pegasys.signers.bls.keystore.KeyStoreLoader;
-import tech.pegasys.signers.bls.keystore.model.Cipher;
-import tech.pegasys.signers.bls.keystore.model.CipherFunction;
-import tech.pegasys.signers.bls.keystore.model.KdfParam;
-import tech.pegasys.signers.bls.keystore.model.KeyStoreData;
-import tech.pegasys.signers.bls.keystore.model.Pbkdf2Param;
 import tech.pegasys.teku.bls.BLSKeyPair;
+import tech.pegasys.teku.bls.keystore.KeyStore;
+import tech.pegasys.teku.bls.keystore.KeyStoreLoader;
+import tech.pegasys.teku.bls.keystore.model.Cipher;
+import tech.pegasys.teku.bls.keystore.model.CipherFunction;
+import tech.pegasys.teku.bls.keystore.model.KdfParam;
+import tech.pegasys.teku.bls.keystore.model.KeyStoreData;
+import tech.pegasys.teku.bls.keystore.model.Pbkdf2Param;
 
 import java.io.IOException;
 import java.nio.file.Files;