Save delegation signatures on local store

ManuelBilbao · ManuelBilbao · commit 755b2b50312b · 2025-01-14T15:49:18.000-03:00
diff --git a/crates/common/src/config/signer.rs b/crates/common/src/config/signer.rs
@@ -66,6 +66,8 @@ pub enum SignerType {
         /// Whether to unlock the accounts in case they are locked
         #[serde(default)]
         unlock: bool,
+        /// How to store proxy keys
+        store: Option<ProxyStore>,
     },
 }
 
@@ -118,6 +120,7 @@ impl StartSignerConfig {
                 ca_cert_path,
                 server_domain,
                 unlock,
+                store,
                 ..
             } => {
                 let cert_path = load_env_var(DIRK_CERT_ENV).map(PathBuf::from).unwrap_or(cert_path);
@@ -132,7 +135,7 @@ impl StartSignerConfig {
                     server_port,
                     jwts,
                     loader: None,
-                    store: None,
+                    store,
                     dirk: Some(DirkConfig {
                         url,
                         wallets,
diff --git a/crates/common/src/signer/store.rs b/crates/common/src/signer/store.rs
@@ -153,6 +153,32 @@ impl ProxyStore {
         Ok(())
     }
 
+    pub fn store_proxy_bls_delegation(
+        &self,
+        module_id: &ModuleId,
+        delegation: &SignedProxyDelegation<BlsPublicKey>,
+    ) -> eyre::Result<()> {
+        let base_path = match self {
+            ProxyStore::File { proxy_dir } => proxy_dir,
+            ProxyStore::ERC2335 { keys_path, .. } => keys_path,
+        };
+        let file_path = base_path
+            .join("delegations")
+            .join(module_id.to_string())
+            .join("bls")
+            .join(delegation.message.proxy.to_string());
+        let content = serde_json::to_vec(&delegation)?;
+
+        if let Some(parent) = file_path.parent() {
+            create_dir_all(parent)?;
+        }
+
+        let mut file = std::fs::File::create(file_path)?;
+        file.write_all(content.as_ref())?;
+
+        Ok(())
+    }
+
     #[allow(clippy::type_complexity)]
     pub fn load_proxies(
         &self,
diff --git a/crates/signer/src/manager/dirk.rs b/crates/signer/src/manager/dirk.rs
@@ -6,12 +6,13 @@ use cb_common::{
     config::DirkConfig,
     constants::COMMIT_BOOST_DOMAIN,
     signature::compute_domain,
-    signer::{BlsPublicKey, BlsSignature},
+    signer::{BlsPublicKey, BlsSignature, ProxyStore},
     types::{Chain, ModuleId},
 };
 use rand::Rng;
 use tonic::transport::{Channel, ClientTlsConfig};
 use tracing::info;
+use tree_hash::TreeHash;
 
 use crate::proto::v1::{
     account_manager_client::AccountManagerClient, lister_client::ListerClient,
@@ -26,6 +27,7 @@ pub struct DirkManager {
     wallets: Vec<String>,
     unlock: bool,
     secrets_path: PathBuf,
+    proxy_store: Option<ProxyStore>,
 }
 
 impl DirkManager {
@@ -54,9 +56,14 @@ impl DirkManager {
             wallets: config.wallets,
             unlock: config.unlock,
             secrets_path: config.secrets_path,
+            proxy_store: None,
         })
     }
 
+    pub fn with_proxy_store(self, proxy_store: ProxyStore) -> eyre::Result<Self> {
+        Ok(Self { proxy_store: Some(proxy_store), ..self })
+    }
+
     async fn get_all_accounts(&self) -> eyre::Result<Vec<DirkAccount>> {
         let mut client = ListerClient::new(self.channel.clone());
         let pubkeys_request =
@@ -248,10 +255,16 @@ impl DirkManager {
 
         self.unlock_account(account_name, new_password).await?;
 
-        Ok(SignedProxyDelegation {
-            message: ProxyDelegation { delegator: consensus_pubkey, proxy: proxy_key },
-            signature: BlsSignature::ZERO,
-        })
+        let message = ProxyDelegation { delegator: consensus_pubkey, proxy: proxy_key };
+        let signature =
+            self.request_signature(consensus_pubkey, message.tree_hash_root().0).await?;
+        let delegation = SignedProxyDelegation { message, signature };
+
+        if let Some(store) = &self.proxy_store {
+            store.store_proxy_bls_delegation(&module_id, &delegation)?;
+        }
+
+        Ok(delegation)
     }
 
     pub async fn request_signature(
diff --git a/crates/signer/src/service.rs b/crates/signer/src/service.rs
@@ -59,12 +59,17 @@ impl SigningService {
         let module_ids: Vec<String> = config.jwts.left_values().cloned().map(Into::into).collect();
 
         let state = match config.dirk {
-            Some(dirk) => SigningState {
-                manager: SigningManager::Dirk(
-                    DirkManager::new_from_config(config.chain, dirk).await?,
-                ),
-                jwts: config.jwts.into(),
-            },
+            Some(dirk) => {
+                let mut dirk_manager = DirkManager::new_from_config(config.chain, dirk).await?;
+                if let Some(store) = config.store {
+                    dirk_manager = dirk_manager.with_proxy_store(store.init_from_env()?)?;
+                }
+
+                SigningState {
+                    manager: SigningManager::Dirk(dirk_manager),
+                    jwts: config.jwts.into(),
+                }
+            }
             None => {
                 let proxy_store = if let Some(store) = config.store {
                     Some(store.init_from_env()?)
