ava-labs · sukantoraymond · Sep 2, 2025 · Sep 2, 2025 · Sep 3, 2025 · Sep 3, 2025
@@ -0,0 +1,238 @@
+// Copyright (C) 2025, Ava Labs, Inc. All rights reserved.
+// See the file LICENSE for licensing terms.
+package cubist
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/ava-labs/avalanche-cli/pkg/cobrautils"
+
+	"github.com/ava-labs/avalanchego/utils/crypto/secp256k1"
+
+	"github.com/ava-labs/avalanche-cli/pkg/utils"
+	"github.com/ava-labs/avalanche-cli/pkg/ux"
+	sdkutils "github.com/ava-labs/avalanche-cli/sdk/utils"
+	"github.com/ava-labs/avalanchego/vms/components/verify"
+	"github.com/ava-labs/avalanchego/wallet/chain/p"
+
+	"github.com/ava-labs/avalanchego/ids"
+	"github.com/ava-labs/avalanchego/utils/constants"
+	"github.com/ava-labs/avalanchego/utils/formatting/address"
+	"github.com/ava-labs/avalanchego/utils/set"
+	"github.com/ava-labs/avalanchego/vms/platformvm"
+	"github.com/ava-labs/avalanchego/vms/platformvm/txs"
+	"github.com/ava-labs/avalanchego/vms/secp256k1fx"
+	pbuilder "github.com/ava-labs/avalanchego/wallet/chain/p/builder"
+	pwallet "github.com/ava-labs/avalanchego/wallet/chain/p/wallet"
+	"github.com/ava-labs/avalanchego/wallet/subnet/primary"
+	"github.com/ava-labs/avalanchego/wallet/subnet/primary/common"
+	"github.com/cubist-labs/cubesigner-go-sdk/client"
+	"github.com/cubist-labs/cubesigner-go-sdk/models"
+	"github.com/cubist-labs/cubesigner-go-sdk/session"
+	"github.com/spf13/cobra"
+)
+
+func newCreateCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "create",
+		Short: "Create a signing key",
+		Long: `The key create command generates a new private key to use for creating and controlling
+test Subnets. Keys generated by this command are NOT cryptographically secure enough to
+use in production environments. DO NOT use these keys on Mainnet.
+
+The command works by generating a secp256 key and storing it with the provided keyName. You
+can use this key in other commands by providing this keyName.
+
+If you'd like to import an existing key instead of generating one from scratch, provide the
+--file flag.`,
+		Args: cobrautils.ExactArgs(0),
+		RunE: callDemo,
+	}
+
+	return cmd
+}
+func callDemo(_ *cobra.Command, _ []string) error {
+	filePath := "/Users/raymondsukanto/Desktop/management-session.json"
+	manager, err := session.NewJsonSessionManager(&filePath)
+	if err != nil {
+		return err
+	}
+	apiClient, err := client.NewApiClient(manager)
+	if err != nil {
+		return err
+	}
+
+	sampleAddr := "P-fuji1u8933yvsmf5d6cqkm3qgewzlpr7sac3v3eufj9"
+	destinationAddr, err := address.ParseToID(sampleAddr)
+	if err != nil {
+		return err
+	}
+	customAddrsSet := set.Set[ids.ShortID]{}
+	customAddrsSet.Add(destinationAddr)
+	fmt.Printf("customAddrsSet %s \n", customAddrsSet)
+	newPWallet, _, builder, err := CreateReadOnlyWallet("https://api.avax-test.network", customAddrsSet, primary.WalletConfig{})
+	if err != nil {
+		return err
+	}
+
+	owners := &secp256k1fx.OutputOwners{
+		Addrs:     []ids.ShortID{destinationAddr},
+		Threshold: 1,
+		Locktime:  0,
+	}
+	oldTx, err := builder.NewCreateSubnetTx(owners)
+	if err != nil {
+		return err
+	}
+	tx := txs.Tx{Unsigned: oldTx}
+
+	unsignedBytes, err := txs.Codec.Marshal(txs.CodecVersion, &tx.Unsigned)
+	if err != nil {
+		return fmt.Errorf("couldn't marshal unsigned tx: %w", err)
+	}
+	txStr := hex.EncodeToString(unsignedBytes)
+	txStr = "0x" + txStr
+
+	fmt.Printf("txStr %s \n", txStr)
+	avaRequest := models.AvaSerializedTxSignRequest{
+		Tx: txStr,
+	}
+	response, err := apiClient.AvaSerializedTxSign("P", "fuji1u8933yvsmf5d6cqkm3qgewzlpr7sac3v3eufj9", avaRequest)
+	if err != nil {
+		return fmt.Errorf("response err: %w", err)
+	}
+
+	// Extract the actual signed transaction string and use it
+	if response.ResponseData != nil {
+		b, err := json.MarshalIndent(response.ResponseData, "", " ")
+		if err != nil {
+			return fmt.Errorf("MarshalIndent err: %w", err)
+		}
+		var m map[string]interface{}
+		if err := json.Unmarshal(b, &m); err != nil {
+			return fmt.Errorf("unmarshal err: %w", err)
+		}
+		signatureStr, _ := m["signature"].(string)
+		fmt.Printf("signature %s \n", signatureStr)
+
+		UseSignature(oldTx, signatureStr, *newPWallet)
+	}
+
+	return nil
+}
+
+func issueTx(newPWallet pwallet.Wallet, tx *txs.Tx) (ids.ID, error) {
+	const (
+		repeats             = 3
+		sleepBetweenRepeats = 2 * time.Second
+	)
+	var (
+		issueTxErr error
+		errors     []error
+	)
+	for i := 0; i < repeats; i++ {
+		ctx, cancel := sdkutils.GetAPILargeContext()
+		defer cancel()
+		options := []common.Option{common.WithContext(ctx)}
+		issueTxErr = newPWallet.IssueTx(tx, options...)
+		if issueTxErr == nil {
+			break
+		}
+		if ctx.Err() != nil {
+			issueTxErr = fmt.Errorf("timeout issuing/verifying tx with ID %s: %w", tx.ID(), issueTxErr)
+		} else {
+			issueTxErr = fmt.Errorf("error issuing tx with ID %s: %w", tx.ID(), issueTxErr)
+		}
+		errors = append(errors, issueTxErr)
+		time.Sleep(sleepBetweenRepeats)
+	}
+	utils.PrintUnreportedErrors(errors, issueTxErr, ux.Logger.PrintToUser)
+	return tx.ID(), issueTxErr
+}
+
+func CreateReadOnlyWallet(
+	uri string,
+	addresses set.Set[ids.ShortID],
+	config primary.WalletConfig,
+) (*pwallet.Wallet, *p.Client, pbuilder.Builder, error) {
+
+	ctx, cancel := sdkutils.GetTimedContext(3 * time.Minute)
+	defer cancel()
+
+	avaxState, err := primary.FetchState(ctx, uri, addresses)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	owners, err := platformvm.GetOwners(avaxState.PClient, ctx, config.SubnetIDs, config.ValidationIDs)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	pUTXOs := common.NewChainUTXOs(constants.PlatformChainID, avaxState.UTXOs)
+	pBackend := pwallet.NewBackend(avaxState.PCTX, pUTXOs, owners)
+	pClient := p.NewClient(avaxState.PClient, pBackend)
+	pBuilder := pbuilder.New(addresses, avaxState.PCTX, pBackend)
+	newPWallet := pwallet.New(pClient, pBuilder, nil)
+
+	return &newPWallet, pClient, pBuilder, nil
+}
+
+// CreateSignedTransaction creates a signed transaction without using the Signer interface
+// This is the simplest approach for your use case
+func CreateSignedTransaction(unsignedTx txs.UnsignedTx, signature string) (*txs.Tx, error) {
+	// Remove "0x" prefix if present
+	sigStr := signature
+	if len(sigStr) > 2 && sigStr[:2] == "0x" {
+		sigStr = sigStr[2:]
+	}
+
+	// Decode hex signature to bytes
+	signatureBytes, err := hex.DecodeString(sigStr)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode signature: %w", err)
+	}
+
+	// Verify signature length
+	if len(signatureBytes) != secp256k1.SignatureLen {
+		return nil, fmt.Errorf("invalid signature length: expected %d bytes, got %d", secp256k1.SignatureLen, len(signatureBytes))
+	}
+
+	// Create the credential with the signature
+	cred := &secp256k1fx.Credential{
+		Sigs: make([][secp256k1.SignatureLen]byte, 1),
+	}
+	copy(cred.Sigs[0][:], signatureBytes)
+
+	// Create the signed transaction
+	signedTx := &txs.Tx{
+		Unsigned: unsignedTx,
+		Creds:    []verify.Verifiable{cred},
+	}
+
+	// Initialize the transaction
+	if err := signedTx.Initialize(txs.Codec); err != nil {
+		return nil, fmt.Errorf("failed to initialize transaction: %w", err)
+	}
+
+	return signedTx, nil
+}
+
+func UseSignature(unsignedTx txs.UnsignedTx, signature string, newPWallet pwallet.Wallet) {
+	signedTx, err := CreateSignedTransaction(unsignedTx, signature)
+	if err != nil {
+		fmt.Printf("Failed to create signed transaction: %v\n", err)
+		return
+	}
+
+	fmt.Printf("Transaction ID: %s\n", signedTx.ID())
+
+	txID, err := issueTx(newPWallet, signedTx)
+	if err != nil {
+		fmt.Printf("failed to issue tx: %w", err)
+	}
+	fmt.Printf("issued txid %s \n", txID.String())
+}
@@ -0,0 +1,32 @@
+// Copyright (C) 2025, Ava Labs, Inc. All rights reserved.
+// See the file LICENSE for licensing terms.
+package cubist
+
+import (
+	"github.com/ava-labs/avalanche-cli/pkg/application"
+	"github.com/ava-labs/avalanche-cli/pkg/cobrautils"
+	"github.com/spf13/cobra"
+)
+
+var app *application.Avalanche
+
+func NewCmd(injectedApp *application.Avalanche) *cobra.Command {
+	app = injectedApp
+
+	cmd := &cobra.Command{
+		Use:   "cubist",
+		Short: "Create and manage testnet signing keys",
+		Long: `The key command suite provides a collection of tools for creating and managing
+signing keys. You can use these keys to deploy Subnets to the Fuji Testnet,
+but these keys are NOT suitable to use in production environments. DO NOT use
+these keys on Mainnet.
+
+To get started, use the key create command.`,
+		RunE: cobrautils.CommandSuiteUsage,
+	}
+
+	// avalanche key create
+	cmd.AddCommand(newCreateCmd())
+
+	return cmd
+}
@@ -5,6 +5,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"github.com/ava-labs/avalanche-cli/cmd/cubist"
 	"os"
 	"os/signal"
 	"os/user"
@@ -87,6 +88,7 @@ in with avalanche blockchain create myNewBlockchain.`,
 
 	// add transaction command
 	rootCmd.AddCommand(transactioncmd.NewCmd(app))
+	rootCmd.AddCommand(cubist.NewCmd(app))
 
 	// add config command
 	rootCmd.AddCommand(configcmd.NewCmd(app))

@@ -16,6 +16,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.200.0
 	github.com/cavaliergopher/grab/v3 v3.0.1
 	github.com/chelnak/ysmrr v0.5.0
+	github.com/cubist-labs/cubesigner-go-sdk v0.0.16
 	github.com/ethereum/go-ethereum v1.13.14
 	github.com/fatih/color v1.18.0
 	github.com/go-git/go-git/v5 v5.13.1
@@ -34,7 +35,7 @@ require (
 	github.com/pborman/ansi v1.0.0
 	github.com/pingcap/errors v0.11.4
 	github.com/posthog/posthog-go v1.4.7
-	github.com/prometheus/client_golang v1.21.1
+	github.com/pquerna/otp v1.5.0
 	github.com/schollz/progressbar/v3 v3.17.1
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/spf13/afero v1.12.0
@@ -47,7 +48,6 @@ require (
 	golang.org/x/crypto v0.36.0
 	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e
 	golang.org/x/mod v0.24.0
-	golang.org/x/net v0.37.0
 	golang.org/x/oauth2 v0.25.0
 	golang.org/x/sync v0.12.0
 	golang.org/x/text v0.23.0
@@ -71,6 +71,7 @@ require (
 	github.com/StephenButtolph/canoto v0.15.0 // indirect
 	github.com/VictoriaMetrics/fastcache v1.12.1 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/ava-labs/icm-contracts v1.0.9-0.20250313201018-6720d04bee51 // indirect
 	github.com/ava-labs/ledger-avalanche/go v0.0.0-20241009183145-e6f90a8a1a60 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.63 // indirect
@@ -81,12 +82,14 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.38.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.19 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect
 	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.10.0 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect
 	github.com/btcsuite/btcd/btcutil v1.1.3 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@@ -130,7 +133,6 @@ require (
 	github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
-	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/mock v1.6.0 // indirect
@@ -182,13 +184,15 @@ require (
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/oapi-codegen/runtime v1.1.1 // indirect
 	github.com/otiai10/mint v1.6.3 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pires/go-proxyproto v0.6.2 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/sftp v1.13.7 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.21.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
@@ -228,6 +232,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.34.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/net v0.37.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/time v0.9.0 // indirect