feat: added --private-key option to CommandStart.ts and `CommandB…

…ootstrap.ts`

This should allow us to override the keypair generation with the provided private key. this will speed up agent starting.

Still need to test this for `agent start` and `bootstrap`.

Related #404

src/bin/agent/CommandStart.ts

@@ -37,6 +37,7 @@ class CommandStart extends CommandPolykey {
     this.addOption(binOptions.backgroundOutFile);
     this.addOption(binOptions.backgroundErrFile);
     this.addOption(binOptions.fresh);
+    this.addOption(binOptions.privateKey);
     this.action(async (options) => {
       options.clientHost =
         options.clientHost ?? config.defaults.networkConfig.clientHost;
@@ -94,6 +95,7 @@ class CommandStart extends CommandPolykey {
         keysConfig: {
           rootKeyPairBits: options.rootKeyPairBits,
           recoveryCode: recoveryCodeIn,
+          privateKeyOverride: options.privateKey,
         },
         proxyConfig: {
           connConnectTime: options.connectionTimeout,

src/bin/bootstrap/CommandBootstrap.ts

@@ -11,6 +11,7 @@ class CommandBootstrap extends CommandPolykey {
     this.addOption(binOptions.recoveryCodeFile);
     this.addOption(binOptions.rootKeyPairBits);
     this.addOption(binOptions.fresh);
+    this.addOption(binOptions.privateKey);
     this.action(async (options) => {
       const bootstrapUtils = await import('../../bootstrap/utils');
       const password = await binProcessors.processNewPassword(
@@ -27,6 +28,7 @@ class CommandBootstrap extends CommandPolykey {
         keysConfig: {
           rootKeyPairBits: options.rootKeyPairBits,
           recoveryCode: recoveryCodeIn,
+          privateKeyOverride: options.privateKey,
         },
         fresh: options.fresh,
         fs: this.fs,

src/bin/utils/options.ts

@@ -163,6 +163,13 @@ const noPing = new commander.Option('--no-ping', 'Skip ping step').default(
   true,
 );
 
+const privateKey = new commander.Option(
+  '--private-key <privateKey>',
+  'Override key generation with a private key Pem',
+)
+  .argParser(binParsers.parsePrivateKeyPem)
+  .default(undefined);
+
 export {
   nodePath,
   format,
@@ -187,4 +194,5 @@ export {
   pullVault,
   forceNodeAdd,
   noPing,
+  privateKey,
 };

src/bin/utils/parsers.ts

@@ -92,6 +92,10 @@ function parseSecretPath(secretPath: string): [string, string, string?] {
   return [vaultName, directoryPath, undefined];
 }
 
+const parsePrivateKeyPem = validateParserToArgListParser(
+  validationUtils.parsePrivateKeyPem,
+);
+
 export {
   parseInteger,
   parseNumber,
@@ -109,4 +113,5 @@ export {
   parseProviderIdList,
   parseCoreCount,
   parseSecretPath,
+  parsePrivateKeyPem,
 };

src/bootstrap/utils.ts

@@ -1,5 +1,5 @@
 import type { FileSystem } from '../types';
-import type { RecoveryCode } from '../keys/types';
+import type { RecoveryCode, PrivateKey } from '../keys/types';
 import path from 'path';
 import Logger from '@matrixai/logger';
 import { DB } from '@matrixai/db';
@@ -40,6 +40,7 @@ async function bootstrapState({
     rootCertDuration?: number;
     dbKeyBits?: number;
     recoveryCode?: RecoveryCode;
+    privateKeyOverride?: PrivateKey;
   };
   fresh?: boolean;
   fs?: FileSystem;

src/validation/utils.ts

@@ -12,12 +12,14 @@ import type { GestaltAction, GestaltId } from '../gestalts/types';
 import type { VaultAction, VaultId } from '../vaults/types';
 import type { Host, Hostname, Port } from '../network/types';
 import type { ClaimId } from '../claims/types';
+import type { PrivateKey } from '../keys/types';
 import * as validationErrors from './errors';
 import * as nodesUtils from '../nodes/utils';
 import * as gestaltsUtils from '../gestalts/utils';
 import * as vaultsUtils from '../vaults/utils';
 import * as networkUtils from '../network/utils';
 import * as claimsUtils from '../claims/utils';
+import * as keysUtils from '../keys/utils';
 import config from '../config';
 
 function parseInteger(data: any): number {
@@ -259,6 +261,21 @@ function parseSeedNodes(data: any): [SeedNodes, boolean] {
   return [seedNodes, defaults];
 }
 
+function parsePrivateKeyPem(data: any): PrivateKey {
+  if (typeof data !== 'string') {
+    throw new validationErrors.ErrorParse('Private key Pem must be a string');
+  }
+  let privateKey: PrivateKey;
+  try {
+    privateKey = keysUtils.privateKeyFromPem(data);
+  } catch (e) {
+    throw new validationErrors.ErrorParse(
+      'Must provide a valid private key Pem',
+    );
+  }
+  return privateKey;
+}
+
 export {
   parseInteger,
   parseNumber,
@@ -276,4 +293,5 @@ export {
   parsePort,
   parseNetwork,
   parseSeedNodes,
+  parsePrivateKeyPem,
 };

tests/keys/KeyManager.test.ts

@@ -164,20 +164,25 @@ describe('KeyManager', () => {
   test('override key generation with privateKeyOverride', async () => {
     const keysPath = `${dataDir}/keys`;
     const keyPair = await keysUtils.generateKeyPair(4096);
-    const mockedGenerateKeyPair = jest.spyOn(keysUtils, 'generateDeterministicKeyPair');
+    const mockedGenerateKeyPair = jest.spyOn(
+      keysUtils,
+      'generateDeterministicKeyPair',
+    );
     const keyManager = await KeyManager.createKeyManager({
       keysPath,
       password,
       privateKeyOverride: keyPair.privateKey,
       logger,
     });
-    expect(mockedGenerateKeyPair).not.toHaveBeenCalled()
+    expect(mockedGenerateKeyPair).not.toHaveBeenCalled();
     const keysPathContents = await fs.promises.readdir(keysPath);
     expect(keysPathContents).toContain('root.pub');
     expect(keysPathContents).toContain('root.key');
-    expect(keysUtils.publicKeyToPem(keyManager.getRootKeyPair().publicKey)).toEqual(keysUtils.publicKeyToPem(keyPair.publicKey));
+    expect(
+      keysUtils.publicKeyToPem(keyManager.getRootKeyPair().publicKey),
+    ).toEqual(keysUtils.publicKeyToPem(keyPair.publicKey));
     await keyManager.stop();
-  })
+  });
   test('uses WorkerManager for generating root key pair', async () => {
     const keysPath = `${dataDir}/keys`;
     const keyManager = await KeyManager.createKeyManager({