From bb02913c3915dfb2c58866c802e202c1e77ad8a5 Mon Sep 17 00:00:00 2001
From: Anton Nikiforov <an.nikiforov@yadro.com>
Date: Fri, 16 Sep 2022 09:48:12 +0300
Subject: [PATCH] [nspcc-dev#1128] cli: Remove WIF and NEP2 support in --wallet
 argument

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
---
 CHANGELOG.md                                |  2 +-
 cmd/neofs-cli/internal/commonflags/flags.go |  2 +-
 cmd/neofs-cli/internal/key/key_test.go      | 26 +++--------
 cmd/neofs-cli/internal/key/nep2.go          | 26 -----------
 cmd/neofs-cli/internal/key/raw.go           | 49 +++++----------------
 cmd/neofs-cli/internal/key/wallet.go        |  3 +-
 6 files changed, 23 insertions(+), 85 deletions(-)
 delete mode 100644 cmd/neofs-cli/internal/key/nep2.go

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ddd7b7de..bf62c1df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,7 @@ Changelog for NeoFS Node
 ### Fixed
 
 ### Removed
-
+- Remove WIF and NEP2 support in `neofs-cli`'s --wallet flag (#1128)
 ### Updated
 
 ### Updating from v0.32.0
diff --git a/cmd/neofs-cli/internal/commonflags/flags.go b/cmd/neofs-cli/internal/commonflags/flags.go
index 5d819650..5c6ad12b 100644
--- a/cmd/neofs-cli/internal/commonflags/flags.go
+++ b/cmd/neofs-cli/internal/commonflags/flags.go
@@ -16,7 +16,7 @@ const (
 	WalletPath          = "wallet"
 	WalletPathShorthand = "w"
 	WalletPathDefault   = ""
-	WalletPathUsage     = "WIF (NEP-2) string or path to the wallet or binary key"
+	WalletPathUsage     = "path to the wallet or binary key"
 
 	Account          = "address"
 	AccountShorthand = ""
diff --git a/cmd/neofs-cli/internal/key/key_test.go b/cmd/neofs-cli/internal/key/key_test.go
index f0c12016..587a838f 100644
--- a/cmd/neofs-cli/internal/key/key_test.go
+++ b/cmd/neofs-cli/internal/key/key_test.go
@@ -23,6 +23,9 @@ func Test_getOrGenerate(t *testing.T) {
 	w, err := wallet.NewWallet(wallPath)
 	require.NoError(t, err)
 
+	badWallPath := filepath.Join(dir, "bad_wallet.json")
+	require.NoError(t, os.WriteFile(badWallPath, []byte("bad content"), os.ModePerm))
+
 	acc1, err := wallet.NewAccount()
 	require.NoError(t, err)
 	require.NoError(t, acc1.Encrypt("pass", keys.NEP2ScryptParams()))
@@ -55,7 +58,8 @@ func Test_getOrGenerate(t *testing.T) {
 		Writer: io.Discard,
 	}, "")
 
-	checkKeyError(t, filepath.Join(dir, "badfile"), ErrInvalidKey)
+	checkKeyError(t, filepath.Join(dir, "badfile"), ErrFs)
+	checkKeyError(t, badWallPath, ErrInvalidKey)
 
 	t.Run("wallet", func(t *testing.T) {
 		checkKeyError(t, wallPath, ErrInvalidPassword)
@@ -80,27 +84,11 @@ func Test_getOrGenerate(t *testing.T) {
 	})
 
 	t.Run("WIF", func(t *testing.T) {
-		checkKey(t, wifKey.WIF(), wifKey)
+		checkKeyError(t, wifKey.WIF(), ErrFs)
 	})
 
 	t.Run("NEP-2", func(t *testing.T) {
-		checkKeyError(t, nep2, ErrInvalidPassword)
-
-		in.WriteString("invalid\r")
-		checkKeyError(t, nep2, ErrInvalidPassword)
-
-		in.WriteString("pass\r")
-		checkKey(t, nep2, nep2Key)
-
-		t.Run("password from config", func(t *testing.T) {
-			viper.Set("password", "invalid")
-			in.WriteString("pass\r")
-			checkKeyError(t, nep2, ErrInvalidPassword)
-
-			viper.Set("password", "pass")
-			in.WriteString("invalid\r")
-			checkKey(t, nep2, nep2Key)
-		})
+		checkKeyError(t, nep2, ErrFs)
 	})
 
 	t.Run("raw key", func(t *testing.T) {
diff --git a/cmd/neofs-cli/internal/key/nep2.go b/cmd/neofs-cli/internal/key/nep2.go
deleted file mode 100644
index ee460277..00000000
--- a/cmd/neofs-cli/internal/key/nep2.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package key
-
-import (
-	"crypto/ecdsa"
-
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-)
-
-const nep2Base58Length = 58
-
-// FromNEP2 extracts private key from NEP2-encrypted string.
-func FromNEP2(encryptedWif string) (*ecdsa.PrivateKey, error) {
-	pass, err := getPassword()
-	if err != nil {
-		printVerbose("Can't read password: %v", err)
-		return nil, ErrInvalidPassword
-	}
-
-	k, err := keys.NEP2Decrypt(encryptedWif, pass, keys.NEP2ScryptParams())
-	if err != nil {
-		printVerbose("Invalid key or password: %v", err)
-		return nil, ErrInvalidPassword
-	}
-
-	return &k.PrivateKey, nil
-}
diff --git a/cmd/neofs-cli/internal/key/raw.go b/cmd/neofs-cli/internal/key/raw.go
index 016706f5..27e02da6 100644
--- a/cmd/neofs-cli/internal/key/raw.go
+++ b/cmd/neofs-cli/internal/key/raw.go
@@ -16,13 +16,8 @@ import (
 
 var errCantGenerateKey = errors.New("can't generate new private key")
 
-// Get returns private key from the following sources:
-// 1. WIF
-// 2. Raw binary key
-// 3. Wallet file
-// 4. NEP-2 encrypted WIF.
+// Get returns private key from wallet or binary file.
 // Ideally we want to touch file-system on the last step.
-// However, asking for NEP-2 password seems to be confusing if we provide a wallet.
 // This function assumes that all flags were bind to viper in a `PersistentPreRun`.
 func Get(cmd *cobra.Command) *ecdsa.PrivateKey {
 	pk, err := get()
@@ -32,26 +27,20 @@ func Get(cmd *cobra.Command) *ecdsa.PrivateKey {
 
 func get() (*ecdsa.PrivateKey, error) {
 	keyDesc := viper.GetString(commonflags.WalletPath)
-	priv, err := keys.NewPrivateKeyFromWIF(keyDesc)
-	if err == nil {
-		return &priv.PrivateKey, nil
+	data, err := os.ReadFile(keyDesc)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", ErrFs, err)
 	}
 
-	p, err := getKeyFromFile(keyDesc)
-	if err == nil {
-		return p, nil
+	priv, err := keys.NewPrivateKeyFromBytes(data)
+	if err != nil {
+		w, err := wallet.NewWalletFromFile(keyDesc)
+		if err == nil {
+			return FromWallet(w, viper.GetString(commonflags.Account))
+		}
+		return nil, fmt.Errorf("%w: %v", ErrInvalidKey, err)
 	}
-
-	w, err := wallet.NewWalletFromFile(keyDesc)
-	if err == nil {
-		return FromWallet(w, viper.GetString(commonflags.Account))
-	}
-
-	if len(keyDesc) == nep2Base58Length {
-		return FromNEP2(keyDesc)
-	}
-
-	return nil, ErrInvalidKey
+	return &priv.PrivateKey, nil
 }
 
 // GetOrGenerate is similar to get but generates a new key if commonflags.GenerateKey is set.
@@ -71,17 +60,3 @@ func getOrGenerate() (*ecdsa.PrivateKey, error) {
 	}
 	return get()
 }
-
-func getKeyFromFile(keyPath string) (*ecdsa.PrivateKey, error) {
-	data, err := os.ReadFile(keyPath)
-	if err != nil {
-		return nil, fmt.Errorf("%w: %v", ErrInvalidKey, err)
-	}
-
-	priv, err := keys.NewPrivateKeyFromBytes(data)
-	if err != nil {
-		return nil, fmt.Errorf("%w: %v", ErrInvalidKey, err)
-	}
-
-	return &priv.PrivateKey, nil
-}
diff --git a/cmd/neofs-cli/internal/key/wallet.go b/cmd/neofs-cli/internal/key/wallet.go
index 4ae521f5..ace54e4f 100644
--- a/cmd/neofs-cli/internal/key/wallet.go
+++ b/cmd/neofs-cli/internal/key/wallet.go
@@ -15,7 +15,8 @@ import (
 
 // Key-related errors.
 var (
-	ErrInvalidKey      = errors.New("provided key is incorrect")
+	ErrFs              = errors.New("unable to read file from given path")
+	ErrInvalidKey      = errors.New("provided key is incorrect, only wallet or binary key supported")
 	ErrInvalidAddress  = errors.New("--address option must be specified and valid")
 	ErrInvalidPassword = errors.New("invalid password for the encrypted key")
 )