From c5fcb387e1c6ce7e7e559e6cbf8c055b27f11462 Mon Sep 17 00:00:00 2001
From: musitdev <philippe.delrieu@free.fr>
Date: Wed, 19 Feb 2025 19:00:58 +0100
Subject: [PATCH] add testkey admin function

---
 Cargo.lock                                    |  4 +
 .../movement/movement-full-node/Cargo.toml    |  4 +
 .../movement-full-node/src/admin/mod.rs       |  5 ++
 .../src/admin/testkey/mod.rs                  | 77 +++++++++++++++++++
 4 files changed, 90 insertions(+)
 create mode 100644 networks/movement/movement-full-node/src/admin/testkey/mod.rs

diff --git a/Cargo.lock b/Cargo.lock
index 3de311acb..92bf6c83f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -12103,8 +12103,11 @@ dependencies = [
 name = "movement-full-node"
 version = "0.0.2"
 dependencies = [
+ "alloy-signer",
  "anyhow",
+ "aptos-crypto",
  "aptos-framework-elsa-to-biarritz-rc1-migration",
+ "aptos-sdk",
  "bcs 0.1.6 (git+https://github.com/movementlabsxyz/bcs.git?rev=bc16d2d39cabafaabd76173dd1b04b2aa170cf0c)",
  "clap 4.5.21",
  "console-subscriber",
@@ -12113,6 +12116,7 @@ dependencies = [
  "godfig",
  "hex",
  "hyper 1.5.0",
+ "k256",
  "maptos-dof-execution",
  "mcr-settlement-client",
  "mcr-settlement-config",
diff --git a/networks/movement/movement-full-node/Cargo.toml b/networks/movement/movement-full-node/Cargo.toml
index f1731bbbb..0028ad494 100644
--- a/networks/movement/movement-full-node/Cargo.toml
+++ b/networks/movement/movement-full-node/Cargo.toml
@@ -47,6 +47,10 @@ movement-signer = { workspace = true }
 movement-signer-loader = { workspace = true }
 syncador = { workspace = true }
 syncup = { workspace = true }
+aptos-crypto = { workspace = true }
+aptos-sdk = { workspace = true }
+k256 = { workspace = true }
+alloy-signer = { workspace = true }
 
 [features]
 default = []
diff --git a/networks/movement/movement-full-node/src/admin/mod.rs b/networks/movement/movement-full-node/src/admin/mod.rs
index a14fd74e5..590457527 100644
--- a/networks/movement/movement-full-node/src/admin/mod.rs
+++ b/networks/movement/movement-full-node/src/admin/mod.rs
@@ -5,6 +5,8 @@ pub mod governed_gas_pool;
 pub mod mcr;
 pub mod ops;
 pub mod rotate_key;
+pub mod testkey;
+
 use clap::Subcommand;
 
 #[derive(Subcommand, Debug)]
@@ -24,6 +26,8 @@ pub enum Admin {
 	Framework(framework::Framework),
 	#[clap(subcommand)]
 	Config(config::Config),
+	#[clap(subcommand)]
+	TestKey(testkey::TestKey),
 }
 
 impl Admin {
@@ -36,6 +40,7 @@ impl Admin {
 			Admin::Ops(ops) => ops.execute().await,
 			Admin::Framework(framework) => framework.execute().await,
 			Admin::Config(config) => config.execute().await,
+			Admin::TestKey(key) => key.execute().await,
 		}
 	}
 }
diff --git a/networks/movement/movement-full-node/src/admin/testkey/mod.rs b/networks/movement/movement-full-node/src/admin/testkey/mod.rs
new file mode 100644
index 000000000..2988b2e99
--- /dev/null
+++ b/networks/movement/movement-full-node/src/admin/testkey/mod.rs
@@ -0,0 +1,77 @@
+use aptos_crypto::ed25519::Ed25519PublicKey;
+use aptos_sdk::types::transaction::authenticator::AuthenticationKey;
+use clap::Parser;
+use clap::Subcommand;
+use k256::ecdsa::VerifyingKey;
+use movement_signer::cryptography::ed25519::Ed25519;
+use movement_signer::cryptography::secp256k1::Secp256k1;
+use movement_signer::key::TryFromCanonicalString;
+use movement_signer::Signing;
+use movement_signer::Verify;
+use movement_signer_loader::identifiers::SignerIdentifier;
+use movement_signer_loader::{Load, LoadedSigner};
+
+#[derive(Subcommand, Debug)]
+#[clap(rename_all = "kebab-case", about = "Commands to test key name")]
+pub enum TestKey {
+	Ed25519(TestKeyParam),
+	Secp256k1(TestKeyParam),
+}
+
+impl TestKey {
+	pub async fn execute(&self) -> Result<(), anyhow::Error> {
+		match self {
+			TestKey::Ed25519(param) => param.execute_ed25519().await,
+			TestKey::Secp256k1(param) => param.execute_secp256k1().await,
+		}
+	}
+}
+
+#[derive(Debug, Parser, Clone)]
+#[clap(rename_all = "kebab-case", about = "Key to test.")]
+pub struct TestKeyParam {
+	#[clap(default_value = "{maptos,maptos-storage,movement-da-db}/**", value_name = "DB PATTERN")]
+	pub name: String,
+}
+
+impl TestKeyParam {
+	pub async fn execute_ed25519(&self) -> Result<(), anyhow::Error> {
+		let signer_identifier = SignerIdentifier::try_from_canonical_string(&self.name)
+			.map_err(|err| anyhow::anyhow!(err))?;
+		let loader: LoadedSigner<Ed25519> = signer_identifier.load().await?;
+
+		let public_key = Ed25519PublicKey::try_from(loader.public_key().await?.as_bytes())?;
+		let account_address = AuthenticationKey::ed25519(&public_key).account_address();
+
+		tracing::info!("Key loaded, account address:{account_address}");
+		tracing::info!("Try to sign a message ...");
+
+		let message = b"Hello, world!";
+		let signature = loader.sign(message).await?;
+		assert!(Ed25519::verify(message, &signature, &loader.public_key().await?)?);
+
+		tracing::info!("Message sign verify pass");
+
+		Ok(())
+	}
+	pub async fn execute_secp256k1(&self) -> Result<(), anyhow::Error> {
+		let signer_identifier = SignerIdentifier::try_from_canonical_string(&self.name)
+			.map_err(|err| anyhow::anyhow!(err))?;
+		let loader: LoadedSigner<Secp256k1> = signer_identifier.load().await?;
+		let pub_key = loader.public_key().await?;
+		let verify_key = VerifyingKey::from_sec1_bytes(pub_key.as_bytes())?;
+
+		let account_address = alloy_signer::utils::public_key_to_address(&verify_key);
+
+		tracing::info!("Key loaded, account address:{account_address}");
+		tracing::info!("Try to sign a message ...");
+
+		let message = b"Hello, world!";
+		let signature = loader.sign(message).await?;
+		assert!(Secp256k1::verify(message, &signature, &loader.public_key().await?)?);
+
+		tracing::info!("Message sign verify pass");
+
+		Ok(())
+	}
+}