Extension Signing request endpoint

[usmansaleem]

PR Description

An extension sign endpoint /api/v1/eth2/ext/sign/:identifier which can be enabled with cli option --Xsigning-ext-enabled=true The cli option is associated with eth2 subcommand. For example ./web3signer eth2 --Xsigning-ext-enabled=true .... This extension covers some additional signing types and use-cases which are not covered by the remoting API specs and hence should be used at your own risk.

The format of request payload is:

{
  "type" : "PROOF_OF_VALIDATION",
  "platform" : "dappnode",
  "timestamp" : "1711338489397"
}

Only PROOF_OF_VALIDATION extension type is supported at the moment. Any other type would result in an error.

The signature is hex encoded string calculated as:

signature = BLS.sign(payload.getBytes()).asHexString()

For default accept type (*/*) and JSON accept type headers, the response is in following format:
Note:
Payload is returned in the response as Base64 encoded String.
Signature is returned as Hex encoded String

{
    "payload": "eyJ0eXBlIjoiUFJPT0ZfT0ZfVkFMSURBVElPTiIsInBsYXRmb3JtIjoiQVQiLCJ0aW1lc3RhbXAiOiIxNzE0NTI0NTQ0NDA3In0=",
    "signature": "0xb792ace1bae87b02457957bfa753065094e153855049074c880b943e7239d4277f4b2384d6aa19a3c03043b92bc8e90302ae48b9ac6b0a5e50796fc5e1d3993e9df6621ad6906e7a754147a9ccacdc9e7c18c1be355a647db19591904575bd30"
}

This would allow the users of this endpoint to verify the payload is signed by appropriate private key.

Fixed Issue(s)

Fixes #976

Documentation

• I thought about documentation and added the doc-change-required label to this PR if updates are required.

Changelog

• I thought about adding a changelog entry, and added one if I deemed necessary.

Testing

• I thought about testing these changes in a realistic/non-local environment.

[jframe]

These look like specific properties for a PROOF_OF_VALIDATION type rather than a generic signing type. Perhaps just rename SigningExtensionBody to ProofOfValidationBody?

[jframe]

Why does this need a header? This is done differently from how we sign everything else.

[jframe]

We don't need to include the original data, the sender already hash that. And this change response format to being specific for extension signing

[siladu]

What do we now in terms of API docs for this?

I'm thinking it will be hard for a future user to understand how to use this API, e.g. what should they put for "platform"? Also, wondering if platform is strictly necessary in the request?

[siladu]

Wonder if we should put this under a web3signer-specific namespace? e.g. /w3s/v1/eth2/sign, /w3s/v1/sign or/v1/eth2/w3s/sign.

There's precedent in teku for spec vs teku-specific https://consensys.github.io/teku/#tag/Teku and I think there's some merit for web3signer to follow that pattern.
Other CLs too: https://lighthouse-book.sigmaprime.io/api-lighthouse.html

[siladu]

why is this deprecated?

[usmansaleem]

this class was used when we had vertx "openapi router". We have since removed that router and this interface is unused.

[siladu]

Can this be timestamp typed? Makes sense to me to be the same as other timestamps, i.e. UInt64

Not sure platform should be types...what is platform actually used for?

[usmansaleem]

I am thinking to use uint64 as well because that would allow numerical literals both quoted and unquoted.

[usmansaleem]

done.