Enable Azure KeyVault

The Azure keyvault can now be used to sign transactions sent to EthSigner.

This includes a new commandline sub-command which creates the signing mechanism with appropriate credentials to connect to, and use Azure.

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/dsl/signer/SignerConfigurationBuilder.java

@@ -23,6 +23,7 @@ public class SignerConfigurationBuilder {
   private int webSocketPort;
   private int hashicorpVaultPort;
   private String ipAddress;
+  private String keyVaultName;
 
   public SignerConfigurationBuilder withHttpRpcPort(final int port) {
     httpRpcPort = port;
@@ -44,9 +45,14 @@ public SignerConfigurationBuilder withHashicorpIpAddress(final String address) {
     return this;
   }
 
+  public SignerConfigurationBuilder withAzureKeyVault(final String keyVaultName) {
+    this.keyVaultName = keyVaultName;
+    return this;
+  }
+
   public SignerConfiguration build() {
     final TransactionSignerParamsSupplier transactionSignerParamsSupplier =
-        new TransactionSignerParamsSupplier(hashicorpVaultPort, ipAddress);
+        new TransactionSignerParamsSupplier(hashicorpVaultPort, ipAddress, keyVaultName);
     return new SignerConfiguration(
         CHAIN_ID, LOCALHOST, httpRpcPort, webSocketPort, transactionSignerParamsSupplier);
   }

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/dsl/signer/TransactionSignerParamsSupplier.java

@@ -28,34 +28,55 @@
 import com.google.common.io.Resources;
 
 public class TransactionSignerParamsSupplier {
+
   private final int hashicorpVaultPort;
   private final String ipAddress;
+  private final String azureKeyVault;
 
-  public TransactionSignerParamsSupplier(final int hashicorpVaultPort, final String ipAddress) {
+  public TransactionSignerParamsSupplier(
+      final int hashicorpVaultPort, final String ipAddress, final String azureKeyVault) {
     this.hashicorpVaultPort = hashicorpVaultPort;
     this.ipAddress = ipAddress;
+    this.azureKeyVault = azureKeyVault;
   }
 
   public Collection<String> get() {
     final ArrayList<String> params = new ArrayList<>();
-    if (hashicorpVaultPort == 0) {
-      params.add("file-based-signer");
-      params.add("--password-file");
-      params.add(createPasswordFile().getAbsolutePath());
-      params.add("--key-file");
-      params.add(createKeyFile().getAbsolutePath());
-    } else {
+    if (hashicorpVaultPort != 0) {
       params.add("hashicorp-signer");
       params.add("--auth-file");
       params.add(createVaultAuthFile().getAbsolutePath());
       params.add("--host");
       params.add(ipAddress);
       params.add("--port");
       params.add(String.valueOf(hashicorpVaultPort));
+    } else if (azureKeyVault != null) {
+      params.add("azure-signer");
+      params.add("--keyvault-name");
+      params.add(azureKeyVault);
+      params.add("--key-name");
+      params.add("TestKey");
+      params.add("--key-version");
+      params.add("7c01fe58d68148bba5824ce418241092");
+      params.add("--client-id");
+      params.add(System.getenv("ETHSIGNER_AZURE_CLIENT_ID"));
+      params.add("--client-secret-path");
+      params.add(createAzureSecretFile().getAbsolutePath());
+    } else {
+      params.add("file-based-signer");
+      params.add("--password-file");
+      params.add(createPasswordFile().getAbsolutePath());
+      params.add("--key-file");
+      params.add(createKeyFile().getAbsolutePath());
     }
     return params;
   }
 
+  private File createAzureSecretFile() {
+    return createTmpFile(
+        "azure_secret", System.getenv("ETHSIGNER_AZURE_CLIENT_SECRET").getBytes(UTF_8));
+  }
+
   private File createPasswordFile() {
     return createTmpFile(
         "ethsigner_passwordfile", Accounts.GENESIS_ACCOUNT_ONE_PASSWORD.getBytes(UTF_8));

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/signing/ValueTransferWithAzureAcceptanceTest.java

@@ -0,0 +1,97 @@
+/*
+ * Copyright 2019 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.ethsigner.tests.signing;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static tech.pegasys.ethsigner.tests.dsl.Gas.GAS_PRICE;
+import static tech.pegasys.ethsigner.tests.dsl.Gas.INTRINSIC_GAS;
+
+import tech.pegasys.ethsigner.tests.dsl.Account;
+import tech.pegasys.ethsigner.tests.dsl.DockerClientFactory;
+import tech.pegasys.ethsigner.tests.dsl.node.Node;
+import tech.pegasys.ethsigner.tests.dsl.node.NodeConfiguration;
+import tech.pegasys.ethsigner.tests.dsl.node.NodeConfigurationBuilder;
+import tech.pegasys.ethsigner.tests.dsl.node.PantheonNode;
+import tech.pegasys.ethsigner.tests.dsl.signer.Signer;
+import tech.pegasys.ethsigner.tests.dsl.signer.SignerConfiguration;
+import tech.pegasys.ethsigner.tests.dsl.signer.SignerConfigurationBuilder;
+
+import java.math.BigInteger;
+
+import com.github.dockerjava.api.DockerClient;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.web3j.protocol.core.methods.request.Transaction;
+import org.web3j.utils.Convert;
+
+@Ignore
+public class ValueTransferWithAzureAcceptanceTest {
+
+  private static final String RECIPIENT = "0x1b00ba00ca00bb00aa00bc00be00ac00ca00da00";
+
+  private static Node ethNode;
+  private static Signer ethSigner;
+
+  @BeforeClass
+  public static void setUpBase() {
+
+    final DockerClient docker = new DockerClientFactory().create();
+    final NodeConfiguration nodeConfig = new NodeConfigurationBuilder().build();
+
+    ethNode = new PantheonNode(docker, nodeConfig);
+    ethNode.start();
+    ethNode.awaitStartupCompletion();
+
+    final SignerConfiguration signerConfig =
+        new SignerConfigurationBuilder().withAzureKeyVault("ethsignertestkey").build();
+
+    ethSigner = new Signer(signerConfig, nodeConfig, ethNode.ports());
+    ethSigner.start();
+    ethSigner.awaitStartupCompletion();
+  }
+
+  private Account richBenefactor() {
+    return ethSigner.accounts().richBenefactor();
+  }
+
+  private Signer ethSigner() {
+    return ethSigner;
+  }
+
+  private Node ethNode() {
+    return ethNode;
+  }
+
+  @Test
+  public void valueTransfer() {
+    final BigInteger transferAmountWei =
+        Convert.toWei("1.75", Convert.Unit.ETHER).toBigIntegerExact();
+    final BigInteger startBalance = ethNode().accounts().balance(RECIPIENT);
+    final Transaction transaction =
+        Transaction.createEtherTransaction(
+            richBenefactor().address(),
+            null,
+            GAS_PRICE,
+            INTRINSIC_GAS,
+            RECIPIENT,
+            transferAmountWei);
+
+    final String hash = ethSigner().transactions().submit(transaction);
+    ethNode().transactions().awaitBlockContaining(hash);
+
+    final BigInteger expectedEndBalance = startBalance.add(transferAmountWei);
+    final BigInteger actualEndBalance = ethNode().accounts().balance(RECIPIENT);
+    assertThat(actualEndBalance).isEqualTo(expectedEndBalance);
+  }
+}

build.gradle

@@ -357,23 +357,22 @@ distZip {
     delete fileTree(dir: 'build/distributions', include: '*.zip')
   }
 }
-/*
- task jacocoRootReport(type: org.gradle.testing.jacoco.tasks.JacocoReport) {
- additionalSourceDirs.from files(subprojects.sourceSets.main.allSource.srcDirs)
- sourceDirectories.from files(subprojects.sourceSets.main.allSource.srcDirs)
- classDirectories.from files(subprojects.sourceSets.main.output)
- executionData.from files(subprojects.jacocoTestReport.executionData) //how to exclude some package/classes com.test.**
- reports {
- xml.enabled true
- csv.enabled true
- html.destination file("build/reports/jacocoHtml")
- }
- onlyIf = { true }
- doFirst {
- executionData = files(executionData.findAll { it.exists() })
- }
- }
- */
+
+task jacocoRootReport(type: org.gradle.testing.jacoco.tasks.JacocoReport) {
+  additionalSourceDirs.from files(subprojects.sourceSets.main.allSource.srcDirs)
+  sourceDirectories.from files(subprojects.sourceSets.main.allSource.srcDirs)
+  classDirectories.from files(subprojects.sourceSets.main.output)
+  executionData.from files(subprojects.jacocoTestReport.executionData) //how to exclude some package/classes com.test.**
+  reports {
+    xml.enabled true
+    csv.enabled true
+    html.destination file("build/reports/jacocoHtml")
+  }
+  onlyIf = { true }
+  doFirst {
+    executionData = files(executionData.findAll { it.exists() })
+  }
+}
 
 configurations { annotationProcessor }
 

ethsigner/app/build.gradle

@@ -31,17 +31,12 @@ dependencies {
   implementation project(':ethsigner:signing-api')
   implementation project(':ethsigner:signer:hashicorp')
   implementation project(':ethsigner:signer:file-based')
+  implementation project(':ethsigner:signer:azure')
   implementation project(':ethsigner:commandline')
 
   implementation 'com.google.guava:guava'
 
   implementation 'org.apache.logging.log4j:log4j-api'
   runtime 'org.apache.logging.log4j:log4j-core'
   runtime 'org.apache.logging.log4j:log4j-slf4j-impl'
-
-
-  testImplementation project(':ethsigner:core')
-  testImplementation 'junit:junit'
-  testImplementation 'org.assertj:assertj-core'
-  testImplementation 'org.mockito:mockito-core'
 }

ethsigner/app/src/main/java/tech/pegasys/ethsigner/EthSignerApp.java

@@ -12,6 +12,7 @@
  */
 package tech.pegasys.ethsigner;
 
+import tech.pegasys.ethsigner.signer.azure.AzureSubCommand;
 import tech.pegasys.ethsigner.signer.filebased.FileBasedSubCommand;
 import tech.pegasys.ethsigner.signer.hashicorp.HashicorpSubCommand;
 
@@ -23,6 +24,7 @@ public static void main(final String... args) {
     final CommandlineParser cmdLineParser = new CommandlineParser(baseCommand, System.out);
     cmdLineParser.registerSigner(new HashicorpSubCommand());
     cmdLineParser.registerSigner(new FileBasedSubCommand());
+    cmdLineParser.registerSigner(new AzureSubCommand());
 
     cmdLineParser.parseCommandLine(args);
   }

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/CommandlineParser.java

@@ -34,6 +34,8 @@ public class CommandlineParser {
   private final PrintStream output;
 
   public static final String MISSING_SUBCOMMAND_ERROR = "Signer subcommand must be defined.";
+  public static final String SIGNER_CREATION_ERROR =
+      "Failed to construct a signer from supplied arguments.";
 
   public CommandlineParser(final EthSignerBaseCommand baseCommand, final PrintStream output) {
     this.baseCommand = baseCommand;
@@ -61,9 +63,11 @@ public boolean parseCommandLine(final String... args) {
       handleParameterException(ex);
     } catch (final ExecutionException ex) {
       commandLine.usage(output);
+    } catch (final TransactionSignerInitializationException ex) {
+      // perform no-op (user output already supplied in ExceptionHandler)
     } catch (final Exception ex) {
-      LOG.error("Ethsigner has failed", ex);
-      output.println("Ethsigner has failed " + ex.toString());
+      LOG.error("Ethsigner has suffered an unrecoverable failure", ex);
+      output.println("Ethsigner has suffered an unrecoverable failure " + ex.toString());
     }
     return false;
   }
@@ -93,6 +97,13 @@ public R handleExecutionException(
         final CommandLine.ExecutionException ex, final CommandLine.ParseResult parseResult) {
       if (!parseResult.hasSubcommand()) {
         output.println(MISSING_SUBCOMMAND_ERROR);
+      } else {
+        if (ex.getCause() instanceof TransactionSignerInitializationException) {
+          output.println(SIGNER_CREATION_ERROR);
+          output.println("Cause: " + ex.getCause().getMessage());
+          ex.getCommandLine().usage(output);
+          throw (TransactionSignerInitializationException) ex.getCause();
+        }
       }
       throw ex;
     }

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/SignerSubCommand.java

@@ -26,12 +26,12 @@ public abstract class SignerSubCommand implements Runnable {
 
   @CommandLine.ParentCommand private EthSignerBaseCommand config;
 
-  public abstract TransactionSigner createSigner();
+  public abstract TransactionSigner createSigner() throws TransactionSignerInitializationException;
 
   public abstract String getCommandName();
 
   @Override
-  public void run() {
+  public void run() throws TransactionSignerInitializationException {
     // set log level per CLI flags
     System.out.println("Setting logging level to " + config.getLogLevel().name());
     Configurator.setAllLevels("", config.getLogLevel());

ethsigner/signing-api/src/main/java/tech/pegasys/ethsigner/core/signing/TransactionSignerInitializationException.java → ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/TransactionSignerInitializationException.java

@@ -10,7 +10,7 @@
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations under the License.
  */
-package tech.pegasys.ethsigner.core.signing;
+package tech.pegasys.ethsigner;
 
 public class TransactionSignerInitializationException extends RuntimeException {
   public TransactionSignerInitializationException() {

ethsigner/commandline/src/test/java/tech/pegasys/ethsigner/CommandlineParserTest.java

@@ -222,4 +222,26 @@ public void domainNamesDecodeIntoAnInetAddress() {
     parser.parseCommandLine(inputArgs);
     assertThat(config.getDownstreamHttpHost().getHostName()).isEqualTo("google.com");
   }
+
+  @Test
+  public void creatingSignerThrowsDisplaysFailureToCreateSignerText() {
+    subCommand = new NullSignerSubCommand(true);
+    config = new EthSignerBaseCommand();
+    parser = new CommandlineParser(config, outPrintStream);
+    parser.registerSigner(subCommand);
+
+    final boolean result =
+        parser.parseCommandLine(
+            (parentCommandOptionsOnly() + subCommand.getCommandName()).split(" "));
+
+    assertThat(result).isFalse();
+    assertThat(commandOutput.toString())
+        .isEqualTo(
+            CommandlineParser.SIGNER_CREATION_ERROR
+                + "\n"
+                + "Cause: "
+                + NullSignerSubCommand.ERROR_MSG
+                + "\n"
+                + nullCommandHelp);
+  }
 }

ethsigner/commandline/src/test/java/tech/pegasys/ethsigner/NullSignerSubCommand.java

@@ -29,8 +29,17 @@ public class NullSignerSubCommand extends SignerSubCommand {
   @Option(names = "--the-data", description = "Some data required for this subcommand", arity = "1")
   private Integer downstreamHttpPort;
 
+  private boolean shouldThrow = false;
+  public static final String ERROR_MSG = "Null Signer Failed";
+
+  public NullSignerSubCommand() {}
+
+  public NullSignerSubCommand(boolean shouldThrow) {
+    this.shouldThrow = shouldThrow;
+  }
+
   @Override
-  public TransactionSigner createSigner() {
+  public TransactionSigner createSigner() throws TransactionSignerInitializationException {
     return null;
   }
 
@@ -40,5 +49,9 @@ public String getCommandName() {
   }
 
   @Override
-  public void run() {}
+  public void run() {
+    if (shouldThrow) {
+      throw new TransactionSignerInitializationException(ERROR_MSG);
+    }
+  }
 }