refactor: use polkadot keyring for deriving keys and signing challenges

Author: SalmaElsoly

packages/registrar_client/README.md

@@ -46,7 +46,7 @@ openssl rand -hex 32
 Here is an example:
 
 ```typescript
-const client = new RegistrarClient({ baseURl: "https://registrar.dev4.grid.tf/v1", privateKey: your_private_key });
+const client = new RegistrarClient({ baseURl: "https://registrar.dev4.grid.tf/v1", mnemonicOrSeed: "your_mnemonic_or_seed" });
 ```
 
 To be able to create a farm you need to have a Stellar wallet and provide your Stellar address. For more details on how to create a Stellar wallet and generate a Stellar address, please refer to the [Stellar Account Viewer](https://www.stellar.org/account-viewer/#!/) or the [Stellar Documentation](https://developers.stellar.org/docs/tutorials/create-account/).
@@ -56,7 +56,7 @@ To be able to create a farm you need to have a Stellar wallet and provide your S
 Here is an example of how to use the Registrar Client:
 
 ```typescript
-const client = new RegistrarClient({ baseUrl: URl, privateKey: your_private_key });
+const client = new RegistrarClient({ baseUrl: URl, mnemonicOrSeed: your_mnemonic_or_seed });
 
 // Example: Create an account
 const accountRequest: CreateAccountRequest = {

packages/registrar_client/package.json

@@ -54,6 +54,7 @@
     "typescript": "^5.7.3"
   },
   "dependencies": {
+    "@polkadot/keyring": "^13.4.4",
     "@stellar/stellar-base": "^12.1.1",
     "@types/jest": "^29.5.14",
     "bip39": "^3.1.0",

packages/registrar_client/scripts/create_farm.ts

@@ -2,11 +2,11 @@ import { log } from "console";
 import { Account, RegistrarClient } from "../src/";
 import config from "./config.json";
 import * as base64 from "base64-js";
-import { derivePublicKey } from "./utils";
+import { deriveKeyPair } from "../src/utils";
 
 async function getAccount(client: RegistrarClient): Promise<Account> {
-  const publicKey = await derivePublicKey(config.mnemonicOrSeed);
-  const account = await client.accounts.getAccountByPublicKey(base64.fromByteArray(publicKey));
+  const keyPair = await deriveKeyPair(config.mnemonicOrSeed);
+  const account = await client.accounts.getAccountByPublicKey(base64.fromByteArray(keyPair.publicKey));
   log("================= Getting Account =================");
   log(account);
   log("================= Getting Account =================");

packages/registrar_client/scripts/create_node.ts

@@ -2,11 +2,11 @@ import { log } from "console";
 import { Account, RegistrarClient, NodeRegistrationRequest } from "../src/";
 import config from "./config.json";
 import * as base64 from "base64-js";
-import { derivePublicKey } from "./utils";
+import { deriveKeyPair } from "../src/utils";
 
 async function getAccount(client: RegistrarClient): Promise<Account> {
-  const publicKey = await derivePublicKey(config.mnemonicOrSeed);
-  const account = await client.accounts.getAccountByPublicKey(base64.fromByteArray(publicKey));
+  const keyPair = await deriveKeyPair(config.mnemonicOrSeed);
+  const account = await client.accounts.getAccountByPublicKey(base64.fromByteArray(keyPair.publicKey));
   log("================= Getting Account =================");
   log(account);
   log("================= Getting Account =================");

packages/registrar_client/scripts/utils.ts

@@ -1,47 +1,56 @@
 import * as base64 from "base64-js";
-import * as tweetnacl from "tweetnacl";
 import { AxiosRequestConfig } from "axios";
 import { Buffer } from "buffer";
-import { mnemonicToSeed, validateMnemonic} from "bip39";
+import { Keyring } from "@polkadot/keyring";
+import { KeypairType } from "@polkadot/util-crypto/types";
+import { KeyringPair } from "@polkadot/keyring/types";
+import { validateMnemonic } from "bip39";
+import { cryptoWaitReady } from "@polkadot/util-crypto";
 
-function createSignatureForChallenge(challenge: string, privateKey: string): string {
-  const signature = tweetnacl.sign.detached(Buffer.from(challenge, "utf-8"), base64.toByteArray(privateKey));
+const SUPPORTED_KEYPAIR_TYPES: KeypairType[] = ["sr25519", "ed25519"];
+
+
+
+function createSignatureForChallenge(challenge: string, keypair: KeyringPair): string {
+  const signature = keypair.sign(Buffer.from(challenge));
   return base64.fromByteArray(signature);
 }
 
-async function deriveKeyPair(mnemonicOrSeed: string): Promise<{ publicKey: string; privateKey: string; }> {
-  let seed : Buffer;
-  if (validateMnemonic(mnemonicOrSeed)) {
-    seed = (await mnemonicToSeed(mnemonicOrSeed)).subarray(0, 32);
+export async function deriveKeyPair(
+  mnemonicOrSeed: string,
+  keypairType: KeypairType = SUPPORTED_KEYPAIR_TYPES[0],
+): Promise<KeyringPair> {
+  if (!SUPPORTED_KEYPAIR_TYPES.includes(keypairType)) {
+    throw new Error(`Unsupported keypair type: ${keypairType}`);
+  }
 
-  } else if(mnemonicOrSeed.startsWith("0x")) {
-    seed = Buffer.from(mnemonicOrSeed.slice(2), "hex"); 
-  } else {
+  if (!validateMnemonic(mnemonicOrSeed) && !mnemonicOrSeed.startsWith("0x")) {
     throw new Error("Invalid seed or mnemonic");
   }
-  const keyPair = tweetnacl.sign.keyPair.fromSeed(seed);
-  return {
-    publicKey: base64.fromByteArray(keyPair.publicKey),
-    privateKey: base64.fromByteArray(keyPair.secretKey),
-  };
+  await cryptoWaitReady();
+  const keyring = new Keyring({ type: keypairType });
+  const keypair = keyring.addFromUri(mnemonicOrSeed);
+  return keypair;
 }
 
-export async function createSignatureWithPublicKey(mnemonicOrSeed: string): Promise<{ signature: string; publicKey: string; timestamp: number; }> {
-  const { publicKey, privateKey } = await deriveKeyPair(mnemonicOrSeed);
+export async function createSignatureWithPublicKey(
+  mnemonicOrSeed: string,
+): Promise<{ signature: string; publicKey: string; timestamp: number }> {
+  const keypair = await deriveKeyPair(mnemonicOrSeed);
+  const publicKey = base64.fromByteArray(keypair.publicKey);
   const timestamp = Math.floor(Date.now() / 1000);
   const challenge = `${timestamp}:${publicKey}`;
-  const signature = createSignatureForChallenge(challenge, privateKey);
+  const signature = createSignatureForChallenge(challenge, keypair);
   return { signature, publicKey, timestamp };
 }
 
 export async function createAuthHeader(twinID: number, mnemonicOrSeed: string): Promise<AxiosRequestConfig["headers"]> {
-  const { privateKey } = await deriveKeyPair(mnemonicOrSeed);
+  const keypair = await deriveKeyPair(mnemonicOrSeed);
   const timestamp = Math.floor(Date.now() / 1000);
   const challenge = `${timestamp}:${twinID}`;
-  const signature = createSignatureForChallenge(challenge, privateKey);
+  const signature = createSignatureForChallenge(challenge, keypair);
   const header = {
     "X-Auth": `${Buffer.from(challenge).toString("base64")}:${signature}`,
   };
   return header;
 }
-

packages/registrar_client/src/utils.ts

@@ -1,20 +1,22 @@
 import * as base64 from "base64-js";
-import * as tweetnacl from "tweetnacl";
 import { describe, test, expect, jest, beforeEach } from "@jest/globals";
 import { createSignatureWithPublicKey, createAuthHeader } from "../../src/utils";
 import { generateMnemonic} from "bip39";
 
-jest.mock("tweetnacl", () => ({
-  sign: {
-    detached: jest.fn(() => new Uint8Array([1, 2, 3, 4])),
-    keyPair: {
-      fromSeed: jest.fn(() => ({
-        publicKey: new Uint8Array([1, 2, 3, 4]),
-        secretKey: new Uint8Array([1, 2, 3, 4]),
-      })),
-    },
-  },
-}));
+
+
+const mockPublicKey = new Uint8Array([1, 2, 3, 4]);
+const mockSignature = jest.fn().mockReturnValue(new Uint8Array([1, 2, 3, 4]));
+jest.mock("@polkadot/keyring", () => {
+  return {
+    Keyring: jest.fn().mockImplementation(() => ({
+      addFromUri: jest.fn().mockReturnValue({
+        publicKey: mockPublicKey,
+        sign: mockSignature,
+      }),
+    })),
+  };
+});
 
 describe("Util Functions", () => {
   const mnemonic = generateMnemonic();
@@ -23,39 +25,39 @@ describe("Util Functions", () => {
 
   beforeEach(() => {
     jest.clearAllMocks();
+
+    jest.spyOn(global.Date, "now").mockImplementation(() => 1700000000000);
   });
 
   test("createSignatureWithPublicKey generates a valid signature from mnemonics", async () => {
     const { signature, publicKey, timestamp } = await createSignatureWithPublicKey(mnemonic);
-    expect(tweetnacl.sign.detached).toHaveBeenCalledWith(
+    expect(timestamp).toBe(1700000000);
+    expect(publicKey).toBe(base64.fromByteArray(new Uint8Array([1, 2, 3, 4])));
+
+    expect(mockSignature).toHaveBeenCalledWith(
       Buffer.from(`${timestamp}:${publicKey}`, "utf-8"),
-      new Uint8Array([1, 2, 3, 4]),
     );
-
     expect(signature).toBe(base64.fromByteArray(new Uint8Array([1, 2, 3, 4])));
   });
 
   test("createSignatureWithPublicKey generates a valid signature from seed", async () => {
     const { signature, publicKey, timestamp } = await createSignatureWithPublicKey(seed);
-    expect(tweetnacl.sign.detached).toHaveBeenCalledWith(
+    expect(timestamp).toBe(1700000000);
+    expect(publicKey).toBe(base64.fromByteArray(new Uint8Array([1, 2, 3, 4])));
+    expect(mockSignature).toHaveBeenCalledWith(
       Buffer.from(`${timestamp}:${publicKey}`, "utf-8"),
-      new Uint8Array([1, 2, 3, 4]),
     );
-
-    expect(signature).toBe(base64.fromByteArray(new Uint8Array
-      ([1, 2, 3, 4])));
+    expect(signature).toBe(base64.fromByteArray(new Uint8Array([1, 2, 3, 4])));
   });
 
   test("createAuthHeader generates correct headers", async () => {
-    jest.spyOn(global.Date, "now").mockImplementation(() => 1700000000000);
-    const timestamp = 1700000000;
 
     const headers = await createAuthHeader(twinID, mnemonic);
 
     expect(headers).toHaveProperty("X-Auth");
     const [encodedChallenge, signature] = headers!["X-Auth"].split(":");
 
-    expect(Buffer.from(encodedChallenge, "base64").toString("utf-8")).toBe(`${timestamp}:${twinID}`);
+    expect(encodedChallenge).toBe(base64.fromByteArray(Buffer.from(`${1700000000}:${twinID}`)));
     expect(signature).toBe(base64.fromByteArray(new Uint8Array([1, 2, 3, 4])));
   });