From 5bd5671ead221328b1bb15ec138bfc607638fd70 Mon Sep 17 00:00:00 2001
From: Alain Mebsout <alain.mebsout@functori.com>
Date: Tue, 4 Feb 2025 14:49:19 +0100
Subject: [PATCH] Tezt/Rollup node: test rollup node operating with a remote
 signer

---
 tezt/lib_tezos/sc_rollup_node.ml  |  3 ++
 tezt/lib_tezos/sc_rollup_node.mli |  4 ++
 tezt/tests/sc_rollup.ml           | 88 ++++++++++++++++++++++++++++++-
 3 files changed, 94 insertions(+), 1 deletion(-)

diff --git a/tezt/lib_tezos/sc_rollup_node.ml b/tezt/lib_tezos/sc_rollup_node.ml
index 203f9f73d618..9294d336aac0 100644
--- a/tezt/lib_tezos/sc_rollup_node.ml
+++ b/tezt/lib_tezos/sc_rollup_node.ml
@@ -792,6 +792,9 @@ let as_rpc_endpoint (t : t) =
   let scheme = "http" in
   Endpoint.{scheme; host = state.rpc_host; port = state.rpc_port}
 
+let operators t =
+  (t.persistent_state.default_operator, t.persistent_state.operators)
+
 module RPC = struct
   module RPC_callers : RPC_core.CALLERS with type uri_provider := t = struct
     let call ?rpc_hooks ?log_request ?log_response_status ?log_response_body
diff --git a/tezt/lib_tezos/sc_rollup_node.mli b/tezt/lib_tezos/sc_rollup_node.mli
index 44f7cca6c2cb..603ffc0ac0df 100644
--- a/tezt/lib_tezos/sc_rollup_node.mli
+++ b/tezt/lib_tezos/sc_rollup_node.mli
@@ -393,4 +393,8 @@ val list_metrics :
 (** Expose the RPC server address of this node as a foreign endpoint. *)
 val as_rpc_endpoint : t -> Endpoint.t
 
+(** [operators node] returns a pair with the default operator and all other
+    operators with their purpose. *)
+val operators : t -> string option * (purpose * string) list
+
 module RPC : RPC_core.CALLERS with type uri_provider := t
diff --git a/tezt/tests/sc_rollup.ml b/tezt/tests/sc_rollup.ml
index d8a301c35e08..39815ede44b0 100644
--- a/tezt/tests/sc_rollup.ml
+++ b/tezt/tests/sc_rollup.ml
@@ -3925,6 +3925,91 @@ let test_interrupt_rollup_node =
   let* _ = Sc_rollup_node.wait_for_level ~timeout:20. sc_rollup_node 18 in
   unit
 
+let test_remote_signer =
+  let default_operator = Constant.bootstrap2 in
+  let operators =
+    [
+      (Sc_rollup_node.Operating, Constant.bootstrap3);
+      (Cementing, Constant.bootstrap4);
+      (Batching, Constant.bootstrap5);
+    ]
+  in
+  test_full_scenario
+    {
+      tags = ["remote"; "signer"];
+      variant = None;
+      description = "rollup node can sign operations with remote signer";
+    }
+    ~uses:(fun _ -> [Constant.octez_signer])
+    ~commitment_period:3
+    ~challenge_window:5
+    ~mode:Operator
+    ~operator:default_operator.public_key_hash
+    ~operators:
+      (List.map (fun (p, k) -> (p, k.Account.public_key_hash)) operators)
+  @@ fun _protocol sc_rollup_node sc_rollup node client ->
+  let keys = default_operator :: List.map snd operators in
+  Log.info "Starting remote signer" ;
+  let* signer = Signer.init ~keys () in
+  Log.info "Registering keys as remote in client" ;
+  let import (k : Account.key) =
+    Client.import_signer_key
+      client
+      ~force:true
+      ~public_key_hash:k.public_key_hash
+      ~alias:k.alias
+      (Signer.uri signer)
+  in
+  let* () = Lwt_list.iter_s import keys in
+  let sks =
+    JSON.parse_file (Filename.concat (Client.base_dir client) "secret_keys")
+    |> JSON.as_list
+  in
+  Log.info "Check configuration uses remote signer" ;
+  let check_config_key (k : Account.key) =
+    let open JSON in
+    let entry = List.find (fun e -> e |-> "name" |> as_string = k.alias) sks in
+    let sk = entry |-> "value" |> as_string in
+    if not @@ String.starts_with ~prefix:"http://" sk then
+      Test.fail ~__LOC__ "Key %s not using remote signer" k.alias
+  in
+  List.iter check_config_key keys ;
+  Log.info "Create wallet just for baking" ;
+  let baking_client =
+    Client.create ~name:"baking_client" ~endpoint:(Node node) ()
+  in
+  let* () =
+    Client.import_secret_key
+      baking_client
+      Constant.bootstrap1.secret_key
+      ~alias:Constant.bootstrap1.alias
+  in
+  Log.info "Starting rollup node" ;
+  let* () =
+    Sc_rollup_node.run ~event_level:`Debug sc_rollup_node sc_rollup []
+  in
+  let signer_has_signed =
+    Lwt.pick
+      [
+        Signer.wait_for signer "signing_data.v0" (fun _ ->
+            Log.info ~color:Log.Color.BG.green "Remote signer signed!" ;
+            Some ());
+        (let* () = Lwt_unix.sleep 120. in
+         Test.fail "Remote signer did not sign");
+      ]
+  in
+  Log.info "Progressing until rollup node publishes and cements" ;
+  let* _ =
+    bake_until_lcc_updated
+      ~at_least:5
+      ~timeout:120.
+      ~level:3
+      baking_client
+      sc_rollup_node
+  in
+  let* () = signer_has_signed in
+  unit
+
 let test_refutation_reward_and_punishment ~kind =
   let timeout_period = 3 in
   let commitment_period = 2 in
@@ -7073,4 +7158,5 @@ let register_protocol_independent () =
   bailout_mode_not_publish ~kind protocols ;
   bailout_mode_fail_to_start_without_operator ~kind protocols ;
   bailout_mode_fail_operator_no_stake ~kind protocols ;
-  bailout_mode_recover_bond_starting_no_commitment_staked ~kind protocols
+  bailout_mode_recover_bond_starting_no_commitment_staked ~kind protocols ;
+  test_remote_signer ~kind protocols
-- 
GitLab