hypercall/startup/

rsm_signer.rs

//! Startup wiring for RSM signer services.

use std::sync::Arc;

use hypercall_types::WalletAddress;
use tokio::sync::OnceCell;

use crate::db_handler::DbAuthConfig;

pub struct StandbyRsmSignerService {
    standby_controller: crate::runtime::standby::StandbyController,
    config: crate::backend_config::BackendConfig,
    secrets: crate::backend_config::BackendSecrets,
    db_auth: DbAuthConfig,
    chain_id: u64,
    inner: OnceCell<Arc<dyn hypercall_signer::RsmSigner>>,
}

impl StandbyRsmSignerService {
    pub fn new(
        standby_controller: crate::runtime::standby::StandbyController,
        config: crate::backend_config::BackendConfig,
        secrets: crate::backend_config::BackendSecrets,
        db_auth: DbAuthConfig,
        chain_id: u64,
    ) -> Self {
        Self {
            standby_controller,
            config,
            secrets,
            db_auth,
            chain_id,
            inner: OnceCell::new(),
        }
    }

    async fn inner(
        &self,
    ) -> Result<Arc<dyn hypercall_signer::RsmSigner>, hypercall_signer::RsmSignerError> {
        if self.standby_controller.is_standby().await {
            return Err(hypercall_signer::RsmSignerError::SigningFailed(
                "RSM signer is deferred while standby mode is active".to_string(),
            ));
        }

        self.inner
            .get_or_try_init(|| async {
                let diesel_db = Arc::new(
                    hypercall_db_diesel::DieselDb::new_with_auth(self.db_auth.clone(), 4)
                        .await
                        .map_err(|error| {
                            hypercall_signer::RsmSignerError::PersistenceFailed(format!(
                                "failed to initialize RSM signer DieselDb after standby promotion: {}",
                                error
                            ))
                        })?,
                );
                build_rsm_signer_service(&self.config, &self.secrets, diesel_db, self.chain_id)
                    .await
            })
            .await
            .cloned()
    }
}

#[async_trait::async_trait]
impl hypercall_signer::RsmSigner for StandbyRsmSignerService {
    fn signer_address(&self) -> WalletAddress {
        self.inner
            .get()
            .expect("standby RSM signer address unavailable before initialization")
            .signer_address()
    }

    async fn sign(
        &self,
        request_id: &str,
        account: &WalletAddress,
        action: &[u8],
    ) -> Result<hypercall_signer::SignedDirective, hypercall_signer::RsmSignerError> {
        self.inner().await?.sign(request_id, account, action).await
    }

    async fn sign_preallocated(
        &self,
        request_id: &str,
        account: &WalletAddress,
        action: &[u8],
        nonce: u64,
    ) -> Result<hypercall_signer::SignedDirective, hypercall_signer::RsmSignerError> {
        self.inner()
            .await?
            .sign_preallocated(request_id, account, action, nonce)
            .await
    }

    async fn status(
        &self,
    ) -> Result<hypercall_signer::RsmSignerStatus, hypercall_signer::RsmSignerError> {
        self.inner().await?.status().await
    }

    async fn is_nonce_used(&self, nonce: u64) -> Result<bool, hypercall_signer::RsmSignerError> {
        self.inner().await?.is_nonce_used(nonce).await
    }
}

pub async fn build_rsm_signer_service(
    config: &crate::backend_config::BackendConfig,
    secrets: &crate::backend_config::BackendSecrets,
    diesel_handler: Arc<hypercall_db_diesel::DieselDb>,
    chain_id: u64,
) -> Result<Arc<dyn hypercall_signer::RsmSigner>, hypercall_signer::RsmSignerError> {
    match config.rsm_signer.provider {
        crate::backend_config::RsmSignerProvider::AwsKms => {
            build_aws_kms_rsm_signer_service(
                &config.rsm_signer.aws_kms_key_id,
                &config.transaction_submitter.rpc_url,
                &config.contracts.exchange_contract_address,
                diesel_handler,
                chain_id,
            )
            .await
        }
        crate::backend_config::RsmSignerProvider::Local => {
            let private_key = secrets
                .transaction_submitter_private_key
                .as_deref()
                .ok_or_else(|| {
                    hypercall_signer::RsmSignerError::SigningFailed(
                        "local RSM signer requires TRANSACTION_SUBMITTER_PRIVATE_KEY".to_string(),
                    )
                })?;
            Ok(Arc::new(
                hypercall_signer_local::LocalRsmSignerService::new(
                    private_key,
                    &config.transaction_submitter.rpc_url,
                    &config.contracts.exchange_contract_address,
                    chain_id,
                    diesel_handler,
                )
                .await?,
            ) as Arc<dyn hypercall_signer::RsmSigner>)
        }
    }
}

#[cfg(feature = "aws")]
async fn build_aws_kms_rsm_signer_service(
    key_id: &str,
    rpc_url: &str,
    exchange_contract_address: &str,
    diesel_handler: Arc<hypercall_db_diesel::DieselDb>,
    chain_id: u64,
) -> Result<Arc<dyn hypercall_signer::RsmSigner>, hypercall_signer::RsmSignerError> {
    hypercall_signer_aws::build_aws_kms_rsm_signer_service(
        key_id,
        rpc_url,
        exchange_contract_address,
        chain_id,
        diesel_handler,
    )
    .await
}

#[cfg(not(feature = "aws"))]
async fn build_aws_kms_rsm_signer_service(
    _key_id: &str,
    _rpc_url: &str,
    _exchange_contract_address: &str,
    _diesel_handler: Arc<hypercall_db_diesel::DieselDb>,
    _chain_id: u64,
) -> Result<Arc<dyn hypercall_signer::RsmSigner>, hypercall_signer::RsmSignerError> {
    Err(hypercall_signer::RsmSignerError::SigningFailed(
        "AWS KMS RSM signer requires building hypercall with the aws feature".to_string(),
    ))
}