feat: add support for OS specific keychains #1703
Conversation
elizabethengelman
force-pushed
the
feat/os_keychain
branch
from
87a3101 to
432ca74
Compare
elizabethengelman
force-pushed
the
feat/os_keychain
branch
from
8732084 to
a6756f1
Compare
- previously we were creating a new keyring entry for each interaction with the keyring - this change will allow us use a mock keyring entry for testing
elizabethengelman
force-pushed
the
feat/os_keychain
branch
from
651340f to
9d02b01
Compare
elizabethengelman
requested review from
a team,
leighmcculloch and
Ifropc
and removed request for
a team
| impl std::str::FromStr for KeyName { | ||
| type Err = Error; | ||
| fn from_str(s: &str) -> Result<Self, Self::Err> { | ||
| if !s.chars().all(allowed_char) { | ||
| return Err(Error::InvalidKeyName(s.to_string())); | ||
| } | ||
| if s == "ledger" { | ||
| return Err(Error::InvalidKeyName(s.to_string())); | ||
| } | ||
| Ok(KeyName(s.to_string())) |
There was a problem hiding this comment.
Since we are finally validating key names, should we also set a max length?
There was a problem hiding this comment.
oh yeah, i didn't think about that - what do you think the max length should be?
There was a problem hiding this comment.
So it looks like the most common max length for a filename is 255 characters. chars and length can differ if using some unicode characters that take up more than one byte. However, in this case we are limiting the requirement to ascii characters. We also use .toml. Though I'm not sure if the extension counts as part of the filepath's length. But let's just make it 250 just in case. That is plenty!
There was a problem hiding this comment.
sounds good, i'll push a fix up shortly!
|
@elizabethengelman I can't review my own PR and can't figure out how to transfer to you, but besides my two suggestions, I think this is amazing and am excited to roll this out. I do think this should go first and then ledger since this is more widely applicable! |
elizabethengelman
force-pushed
the
feat/os_keychain
branch
from
93fa181 to
24269ce
Compare
Co-authored-by: Willem Wyndham <willem@ahalabs.dev>
| @@ -45,6 +50,11 @@ impl Cmd { | |||
| pub fn public_key(&self) -> Result<stellar_strkey::ed25519::PublicKey, Error> { | |||
| if let Ok(key) = stellar_strkey::ed25519::PublicKey::from_string(&self.name) { | |||
| Ok(key) | |||
| } else if let Ok(unresolved) = self.name.parse::<UnresolvedMuxedAccount>() { | |||
There was a problem hiding this comment.
@willemneal When I was testing after merging main, I realized I needed to change this function. I added this else if branch to get the public key from the secure store without first getting the private key. Can you take a look and make sure this looks correct? I tested it locally but would love another set of eyes on it.
Addresses #1481
I updated this branch to point at main instead of feat/add_stellar_ledger so we wouldn't have too many PRs stacked on each other.
This adds support for using secrets stored in OS specific key rings.
Update to system test: stellar/system-test#109
key generate(no fund)keys generate(fund)keys fundkeys addresskeys show: should not display the secure store's secret and instead return an error:❌ error: Secure Store does not reveal secret keytx signkeys rmandkeys addwill be addressed in Feat/os keychain followup #1770cargo run keys generate --secure-store carol --network local --no-fundcargo run keys generate --secure-store dean --network local --fundcargo run keys fund carol --network localcargo run keys address carolcargo run keys show carolcargo run contract deploy --wasm target/wasm32-unknown-unknown/test-wasms/test_hello_world.wasm --build-only --network local --source carol | \ cargo run tx sign --network local --sign-with-key carolcargo run contract deploy --wasm target/test-wasms/hello_world.wasm --build-only --network testnet --source fred-testnet | \ cargo run tx simulate --network testnet --source fred-testnetthis command is not working on a local network or with the test-wasms, it does work on testnet with wasm generated from a new contract
cargo run contract deploy --wasm target/test-wasms/hello_world.wasm --build-only --network testnet --source fred-testnet | \ cargo run tx simulate --network testnet --source fred-testnet | \ cargo run tx sign --network testnet --sign-with-key fred-testnet | \ cargo run tx send --network testnetsame as above
cargo run keys generate --secure-store --network testnet --no-fund alicecargo run keys generate --secure-store --network testnet --fund bobcargo run keys fund --network testnet alicecargo run keys address alicecargo run keys show alicecargo run contract deploy --wasm target/wasm32-unknown-unknown/test-wasms/test_hello_world.wasm --build-only --network testnet --source alice | \ cargo run tx sign --network local --sign-with-key alicecargo run contract deploy --wasm target/wasm32-unknown-unknown/test-wasms/test_hello_world.wasm --build-only --network testnet --source alice | \ cargo run tx simulate --network testnet --source alicecargo run keys generate --secure-store --network testnet --no-fund alicecargo run keys generate --secure-store --network testnet --fund bobcargo run keys fund --network testnet alicecargo run keys address alicecargo run keys show alicecargo run contract deploy --wasm target/wasm32-unknown-unknown/test-wasms/test_hello_world.wasm --build-only --network testnet --source alice | \ cargo run tx sign --network local --sign-with-key alicecargo run contract deploy --wasm target/wasm32-unknown-unknown/test-wasms/test_hello_world.wasm --build-only --network testnet --source alice | \ cargo run tx simulate --network testnet --source alice