CLI: dynamic signing

book/src/paper-wallet/usage.md

@@ -166,22 +166,22 @@ Refer to the following page for a comprehensive guide on running a validator:
 Solana CLI tooling supports secure keypair input for stake delegation. To do so,
 first create a stake account with some SOL. Use the special `ASK` keyword to
 trigger a seed phrase input prompt for the stake account and use
-`--ask-seed-phrase keypair` to securely input the funding keypair.
+`--keypair ASK` to securely input the funding keypair.
 
 ```bash
-solana create-stake-account ASK 1 --ask-seed-phrase keypair
+solana create-stake-account ASK 1 --keypair ASK
 
 [stake_account] seed phrase: 🔒
 [stake_account] If this seed phrase has an associated passphrase, enter it now. Otherwise, press ENTER to continue:
 [keypair] seed phrase: 🔒
 [keypair] If this seed phrase has an associated passphrase, enter it now. Otherwise, press ENTER to continue:
 ```
 
-Then, to delegate that stake to a validator, use `--ask-seed-phrase keypair` to
+Then, to delegate that stake to a validator, use `--keypair ASK` to
 securely input the funding keypair.
 
 ```bash
-solana delegate-stake --ask-seed-phrase keypair <STAKE_ACCOUNT_PUBKEY> <VOTE_ACCOUNT_PUBKEY>
+solana delegate-stake --keypair ASK <STAKE_ACCOUNT_PUBKEY> <VOTE_ACCOUNT_PUBKEY>
 
 [keypair] seed phrase: 🔒
 [keypair] If this seed phrase has an associated passphrase, enter it now. Otherwise, press ENTER to continue:

clap-utils/src/input_parsers.rs

@@ -1,4 +1,6 @@
-use crate::keypair::{keypair_from_seed_phrase, ASK_KEYWORD, SKIP_SEED_PHRASE_VALIDATION_ARG};
+use crate::keypair::{
+    keypair_from_seed_phrase, keypair_util_from_path, ASK_KEYWORD, SKIP_SEED_PHRASE_VALIDATION_ARG,
+};
 use chrono::DateTime;
 use clap::ArgMatches;
 use solana_remote_wallet::remote_wallet::DerivationPath;
@@ -93,6 +95,18 @@ pub fn pubkeys_sigs_of(matches: &ArgMatches<'_>, name: &str) -> Option<Vec<(Pubk
     })
 }
 
+// Return a signer from matches at `name`
+pub fn signer_of(
+    name: &str,
+    matches: &ArgMatches<'_>,
+) -> Result<Option<Box<dyn KeypairUtil>>, Box<dyn std::error::Error>> {
+    if let Some(location) = matches.value_of(name) {
+        keypair_util_from_path(matches, location, name).map(Some)
+    } else {
+        Ok(None)
+    }
+}
+
 pub fn lamports_of_sol(matches: &ArgMatches<'_>, name: &str) -> Option<u64> {
     value_of(matches, name).map(sol_to_lamports)
 }

clap-utils/src/input_validators.rs

@@ -1,5 +1,6 @@
-use crate::keypair::ASK_KEYWORD;
+use crate::keypair::{parse_keypair_path, KeypairUrl, ASK_KEYWORD};
 use chrono::DateTime;
+use solana_remote_wallet::remote_keypair::generate_remote_keypair;
 use solana_sdk::{
     hash::Hash,
     pubkey::Pubkey,
@@ -50,6 +51,16 @@ pub fn is_pubkey_or_keypair_or_ask_keyword(string: String) -> Result<(), String>
     is_pubkey(string.clone()).or_else(|_| is_keypair_or_ask_keyword(string))
 }
 
+pub fn is_valid_signer(string: String) -> Result<(), String> {
+    match parse_keypair_path(&string) {
+        KeypairUrl::Usb(path) => generate_remote_keypair(path, None)
+            .map(|_| ())
+            .map_err(|err| format!("{:?}", err)),
+        KeypairUrl::Filepath(path) => is_keypair(path),
+        _ => Ok(()),
+    }
+}
+
 // Return an error if string cannot be parsed as pubkey=signature string
 pub fn is_pubkey_sig(string: String) -> Result<(), String> {
     let mut signer = string.split('=');

clap-utils/src/keypair.rs

@@ -1,22 +1,32 @@
-use crate::ArgConstant;
+use crate::{
+    input_parsers::{derivation_of, pubkeys_sigs_of},
+    offline::SIGNER_ARG,
+    ArgConstant,
+};
 use bip39::{Language, Mnemonic, Seed};
-use clap::values_t;
+use clap::{values_t, ArgMatches, Error, ErrorKind};
 use rpassword::prompt_password_stderr;
-use solana_sdk::signature::{
-    keypair_from_seed, keypair_from_seed_phrase_and_passphrase, read_keypair_file, Keypair,
-    KeypairUtil,
+use solana_remote_wallet::remote_keypair::generate_remote_keypair;
+use solana_sdk::{
+    pubkey::Pubkey,
+    signature::{
+        keypair_from_seed, keypair_from_seed_phrase_and_passphrase, read_keypair,
+        read_keypair_file, Keypair, KeypairUtil, Presigner, Signature,
+    },
 };
 use std::{
     error,
     io::{stdin, stdout, Write},
     process::exit,
+    str::FromStr,
 };
 
 pub enum KeypairUrl {
     Ask,
     Filepath(String),
     Usb(String),
     Stdin,
+    Pubkey(Pubkey),
 }
 
 pub fn parse_keypair_path(path: &str) -> KeypairUrl {
@@ -26,11 +36,66 @@ pub fn parse_keypair_path(path: &str) -> KeypairUrl {
         KeypairUrl::Ask
     } else if path.starts_with("usb://") {
         KeypairUrl::Usb(path.split_at(6).1.to_string())
+    } else if let Ok(pubkey) = Pubkey::from_str(path) {
+        KeypairUrl::Pubkey(pubkey)
     } else {
         KeypairUrl::Filepath(path.to_string())
     }
 }
 
+pub fn presigner_from_pubkey_sigs(
+    pubkey: &Pubkey,
+    signers: &[(Pubkey, Signature)],
+) -> Option<Presigner> {
+    signers.iter().find_map(|(signer, sig)| {
+        if *signer == *pubkey {
+            Some(Presigner::new(signer, sig))
+        } else {
+            None
+        }
+    })
+}
+
+pub fn keypair_util_from_path(
+    matches: &ArgMatches,
+    path: &str,
+    keypair_name: &str,
+) -> Result<Box<dyn KeypairUtil>, Box<dyn error::Error>> {
+    match parse_keypair_path(path) {
+        KeypairUrl::Ask => {
+            let skip_validation = matches.is_present(SKIP_SEED_PHRASE_VALIDATION_ARG.name);
+            Ok(Box::new(keypair_from_seed_phrase(
+                keypair_name,
+                skip_validation,
+                false,
+            )?))
+        }
+        KeypairUrl::Filepath(path) => Ok(Box::new(read_keypair_file(&path)?)),
+        KeypairUrl::Stdin => {
+            let mut stdin = std::io::stdin();
+            Ok(Box::new(read_keypair(&mut stdin)?))
+        }
+        KeypairUrl::Usb(path) => Ok(Box::new(generate_remote_keypair(
+            path,
+            derivation_of(matches, "derivation_path"),
+        )?)),
+        KeypairUrl::Pubkey(pubkey) => {
+            let presigner = pubkeys_sigs_of(matches, SIGNER_ARG.name)
+                .as_ref()
+                .and_then(|presigners| presigner_from_pubkey_sigs(&pubkey, presigners));
+            if let Some(presigner) = presigner {
+                Ok(Box::new(presigner))
+            } else {
+                Err(Error::with_description(
+                    "Missing signature for supplied pubkey",
+                    ErrorKind::MissingRequiredArgument,
+                )
+                .into())
+            }
+        }
+    }
+}
+
 // Keyword used to indicate that the user should be asked for a keypair seed phrase
 pub const ASK_KEYWORD: &str = "ASK";
 

clap-utils/src/lib.rs

@@ -26,3 +26,4 @@ pub struct ArgConstant<'a> {
 pub mod input_parsers;
 pub mod input_validators;
 pub mod keypair;
+pub mod offline;

clap-utils/src/offline.rs

@@ -0,0 +1,19 @@
+use crate::ArgConstant;
+
+pub const BLOCKHASH_ARG: ArgConstant<'static> = ArgConstant {
+    name: "blockhash",
+    long: "blockhash",
+    help: "Use the supplied blockhash",
+};
+
+pub const SIGN_ONLY_ARG: ArgConstant<'static> = ArgConstant {
+    name: "sign_only",
+    long: "sign-only",
+    help: "Sign the transaction offline",
+};
+
+pub const SIGNER_ARG: ArgConstant<'static> = ArgConstant {
+    name: "signer",
+    long: "signer",
+    help: "Provide a public-key/signature pair for the transaction",
+};