[Remote signer] Add signer consumer lib (#1763)

Adds a library `common/remote_signer_consumer`
2026-05-07 16:55:46 +00:00 · 2020-11-19 04:04:52 +00:00
parent 3db9072fee
commit 1a530e5a93
19 changed files with 2233 additions and 320 deletions
--- a/common/remote_signer_consumer/tests/message_preparation.rs
+++ b/common/remote_signer_consumer/tests/message_preparation.rs
@@ -0,0 +1,181 @@
+mod message_preparation {
+    use remote_signer_consumer::Error;
+    use remote_signer_test::*;
+    use types::Domain;
+
+    #[test]
+    fn beacon_block_and_bls_domain_mismatch() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        macro_rules! test_case {
+            ($f: expr, $bls_domain: expr, $msg: expr) => {
+                match do_sign_request(&test_client, get_input_data_and_set_domain($f, $bls_domain))
+                    .unwrap_err()
+                {
+                    Error::InvalidParameter(message) => assert_eq!(message, $msg),
+                    e => panic!("{:?}", e),
+                }
+            };
+        }
+
+        test_case!(
+            get_input_data_block,
+            Domain::BeaconAttester,
+            "Domain mismatch for the BeaconBlock object. Expected BeaconProposer, got BeaconAttester"
+        );
+        test_case!(
+            get_input_data_block,
+            Domain::Randao,
+            "Domain mismatch for the BeaconBlock object. Expected BeaconProposer, got Randao"
+        );
+        test_case!(
+            get_input_data_attestation,
+            Domain::BeaconProposer,
+            "Domain mismatch for the AttestationData object. Expected BeaconAttester, got BeaconProposer"
+        );
+        test_case!(
+            get_input_data_attestation,
+            Domain::Randao,
+            "Domain mismatch for the AttestationData object. Expected BeaconAttester, got Randao"
+        );
+        test_case!(
+            get_input_data_randao,
+            Domain::BeaconProposer,
+            "Domain mismatch for the Epoch object. Expected Randao, got BeaconProposer"
+        );
+        test_case!(
+            get_input_data_randao,
+            Domain::BeaconAttester,
+            "Domain mismatch for the Epoch object. Expected Randao, got BeaconAttester"
+        );
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn empty_public_key_parameter() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        macro_rules! test_case {
+            ($f: expr, $p: expr, $msg: expr) => {
+                match do_sign_request(&test_client, get_input_data_and_set_public_key($f, $p))
+                    .unwrap_err()
+                {
+                    Error::InvalidParameter(message) => assert_eq!(message, $msg),
+                    e => panic!("{:?}", e),
+                }
+            };
+        }
+
+        test_case!(get_input_data_block, "", "Empty parameter public_key");
+        test_case!(get_input_data_attestation, "", "Empty parameter public_key");
+        test_case!(get_input_data_randao, "", "Empty parameter public_key");
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn invalid_public_key_param() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        macro_rules! test_case {
+            ($f: expr, $p: expr, $msg: expr) => {
+                match do_sign_request(&test_client, get_input_data_and_set_public_key($f, $p))
+                    .unwrap_err()
+                {
+                    Error::ServerMessage(message) => assert_eq!(message, $msg),
+                    e => panic!("{:?}", e),
+                }
+            };
+        }
+
+        test_case!(get_input_data_block, "/", "Invalid public key: %2F");
+        test_case!(get_input_data_attestation, "/", "Invalid public key: %2F");
+        test_case!(get_input_data_randao, "/", "Invalid public key: %2F");
+        test_case!(get_input_data_block, "//", "Invalid public key: %2F%2F");
+        test_case!(get_input_data_block, "///", "Invalid public key: %2F%2F%2F");
+        test_case!(
+            get_input_data_block,
+            "/?'or 1 = 1 --",
+            "Invalid public key: %2F%3F\'or%201%20=%201%20--"
+        );
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn unsupported_bls_domain() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let test_case = |bls_domain, msg| {
+            let mut test_input = get_input_data_block(0xc137);
+            test_input.bls_domain = bls_domain;
+            let signature = do_sign_request(&test_client, test_input);
+
+            match signature.unwrap_err() {
+                Error::InvalidParameter(message) => assert_eq!(message, msg),
+                e => panic!("{:?}", e),
+            }
+        };
+
+        test_case(Domain::Deposit, "Unsupported BLS Domain: Deposit");
+        test_case(
+            Domain::VoluntaryExit,
+            "Unsupported BLS Domain: VoluntaryExit",
+        );
+        test_case(
+            Domain::SelectionProof,
+            "Unsupported BLS Domain: SelectionProof",
+        );
+        test_case(
+            Domain::AggregateAndProof,
+            "Unsupported BLS Domain: AggregateAndProof",
+        );
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn invalid_public_key_param_additional_path_segments() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        macro_rules! test_case {
+            ($f: expr, $p: expr, $msg: expr) => {
+                match do_sign_request(&test_client, get_input_data_and_set_public_key($f, $p))
+                    .unwrap_err()
+                {
+                    Error::ServerMessage(message) => assert_eq!(message, $msg),
+                    e => panic!("{:?}", e),
+                }
+            };
+        }
+
+        test_case!(
+            get_input_data_block,
+            "this/receipt",
+            "Invalid public key: this%2Freceipt"
+        );
+        test_case!(
+            get_input_data_attestation,
+            "/this/receipt/please",
+            "Invalid public key: %2Fthis%2Freceipt%2Fplease"
+        );
+        test_case!(
+            get_input_data_randao,
+            "this/receipt/please?",
+            "Invalid public key: this%2Freceipt%2Fplease%3F"
+        );
+        test_case!(
+            get_input_data_block,
+            &format!("{}/valid/pk", PUBLIC_KEY_1),
+            format!("Invalid public key: {}%2Fvalid%2Fpk", PUBLIC_KEY_1)
+        );
+
+        test_signer.shutdown();
+    }
+}
--- a/common/remote_signer_consumer/tests/mock.rs
+++ b/common/remote_signer_consumer/tests/mock.rs
@@ -0,0 +1,168 @@
+mod mock {
+    use remote_signer_consumer::Error;
+    use remote_signer_test::*;
+
+    #[test]
+    fn timeout() {
+        let mock_server =
+            set_up_mock_server_with_timeout(200, "{\"signature\":\"irrelevant_value\"}", 2);
+        let test_client = set_up_test_consumer_with_timeout(&mock_server.url(""), 1);
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::Reqwest(e) => {
+                let error_msg = e.to_string();
+                assert!(error_msg.contains("error sending request for url (http://127.0.0.1:"));
+                assert!(error_msg.contains("/sign/"));
+                assert!(error_msg.contains(PUBLIC_KEY_1));
+                assert!(error_msg.contains("): operation timed out"));
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn no_json_in_ok_response() {
+        let mock_server = set_up_mock_server(200, "NO JSON");
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::Reqwest(e) => {
+                let error_msg = e.to_string();
+                assert_eq!(
+                    error_msg,
+                    "error decoding response body: expected value at line 1 column 1"
+                );
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn missing_signature_in_ok_json() {
+        let mock_server = set_up_mock_server(200, "{\"foo\":\"bar\"}");
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::Reqwest(e) => {
+                let error_msg = e.to_string();
+                assert_eq!(
+                    error_msg,
+                    "error decoding response body: missing field `signature` at line 1 column 13"
+                );
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn empty_signature_in_ok_json() {
+        let mock_server = set_up_mock_server(200, "{\"signature\":\"\"}");
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap();
+
+        assert_eq!(r, "");
+    }
+
+    #[test]
+    fn extra_fields_in_ok_json() {
+        let mock_server = set_up_mock_server(
+            200,
+            &format!(
+                "{{\"signature\":\"{}\", \"foo\":\"bar\", \"red\":\"green\"}}",
+                EXPECTED_SIGNATURE_1
+            ),
+        );
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap();
+
+        assert_eq!(r, EXPECTED_SIGNATURE_1);
+    }
+
+    #[test]
+    fn no_json_in_error_response() {
+        let mock_server = set_up_mock_server(500, "NO JSON");
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::Reqwest(e) => {
+                let error_msg = e.to_string();
+                assert_eq!(
+                    error_msg,
+                    "error decoding response body: expected value at line 1 column 1"
+                );
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn missing_error_field_in_error_json() {
+        let mock_server = set_up_mock_server(500, "{\"foo\":\"bar\"}");
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::Reqwest(e) => {
+                let error_msg = e.to_string();
+                assert_eq!(
+                    error_msg,
+                    "error decoding response body: missing field `error` at line 1 column 13"
+                );
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn empty_error_field_in_error_json() {
+        let mock_server = set_up_mock_server(500, "{\"error\":\"\"}");
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::ServerMessage(msg) => {
+                assert_eq!(msg, "");
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn extra_fields_in_error_json() {
+        let mock_server = set_up_mock_server(
+            500,
+            "{\"error\":\"some_error_msg\", \"foo\":\"bar\", \"red\":\"green\"}",
+        );
+        let test_client = set_up_test_consumer(&mock_server.url(""));
+        let test_input = get_input_data_block(0xc137);
+
+        let r = do_sign_request(&test_client, test_input).unwrap_err();
+
+        match r {
+            Error::ServerMessage(msg) => {
+                assert_eq!(msg, "some_error_msg");
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+}
--- a/common/remote_signer_consumer/tests/post.rs
+++ b/common/remote_signer_consumer/tests/post.rs
@@ -0,0 +1,225 @@
+mod post {
+    use remote_signer_consumer::{Error, RemoteSignerHttpConsumer};
+    use remote_signer_test::*;
+    use reqwest::{ClientBuilder, Url};
+    use tokio::time::Duration;
+
+    #[test]
+    fn server_unavailable() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        test_signer.shutdown();
+
+        let test_input = get_input_data_block(0xc137);
+        let signature = do_sign_request(&test_client, test_input);
+
+        match signature.unwrap_err() {
+            Error::Reqwest(e) => {
+                let error_msg = e.to_string();
+                assert!(error_msg.contains("error sending request for url"));
+                assert!(error_msg.contains(PUBLIC_KEY_1));
+                assert!(error_msg.contains("error trying to connect"));
+                assert!(error_msg.contains("tcp connect error"));
+                assert!(error_msg.contains("Connection refused"));
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn server_error() {
+        let (test_signer, tmp_dir) = set_up_api_test_signer_to_sign_message();
+        set_permissions(tmp_dir.path(), 0o40311);
+        set_permissions(&tmp_dir.path().join(PUBLIC_KEY_1), 0o40311);
+
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_block(0xc137);
+        let signature = do_sign_request(&test_client, test_input);
+
+        set_permissions(tmp_dir.path(), 0o40755);
+        set_permissions(&tmp_dir.path().join(PUBLIC_KEY_1), 0o40755);
+
+        match signature.unwrap_err() {
+            Error::ServerMessage(message) => assert_eq!(message, "Storage error: PermissionDenied"),
+            e => panic!("{:?}", e),
+        }
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn invalid_url() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+
+        let run_testcase = |u: &str| -> Result<String, String> {
+            let url: Url = u.parse().map_err(|e| format!("[ParseError] {:?}", e))?;
+
+            let reqwest_client = ClientBuilder::new()
+                .timeout(Duration::from_secs(12))
+                .build()
+                .unwrap();
+
+            let test_client = RemoteSignerHttpConsumer::from_components(url, reqwest_client);
+
+            let test_input = get_input_data_block(0xc137);
+            let signature = do_sign_request(&test_client, test_input);
+
+            signature.map_err(|e| match e {
+                Error::InvalidUrl(message) => format!("[InvalidUrl] {:?}", message),
+                Error::Reqwest(re) => {
+                    if re.is_builder() {
+                        format!("[Reqwest - Builder] {:?}", re.url().unwrap())
+                    } else if re.is_request() {
+                        format!("[Reqwest - Request] {:?}", re.url().unwrap())
+                    } else {
+                        format!("[Reqwest] {:?}", re)
+                    }
+                }
+                _ => format!("{:?}", e),
+            })
+        };
+
+        let testcase = |u: &str, msg: &str| assert_eq!(run_testcase(u).unwrap_err(), msg);
+
+        // url::parser::ParseError.
+        // These cases don't even make it to the step of building a RemoteSignerHttpConsumer.
+        testcase("", "[ParseError] RelativeUrlWithoutBase");
+        testcase("/4/8/15/16/23/42", "[ParseError] RelativeUrlWithoutBase");
+        testcase("localhost", "[ParseError] RelativeUrlWithoutBase");
+        testcase(":", "[ParseError] RelativeUrlWithoutBase");
+        testcase("0.0:0", "[ParseError] RelativeUrlWithoutBase");
+        testcase(":aa", "[ParseError] RelativeUrlWithoutBase");
+        testcase("0:", "[ParseError] RelativeUrlWithoutBase");
+        testcase("ftp://", "[ParseError] EmptyHost");
+        testcase("http://", "[ParseError] EmptyHost");
+        testcase("http://127.0.0.1:abcd", "[ParseError] InvalidPort");
+        testcase("http://280.0.0.1", "[ParseError] InvalidIpv4Address");
+
+        // `Error::InvalidUrl`.
+        // The RemoteSignerHttpConsumer is created, but fails at `path_segments_mut()`.
+        testcase("localhost:abcd", "[InvalidUrl] Url { scheme: \"localhost\", host: None, port: None, path: \"abcd\", query: None, fragment: None }");
+        testcase("localhost:", "[InvalidUrl] Url { scheme: \"localhost\", host: None, port: None, path: \"\", query: None, fragment: None }");
+
+        // `Reqwest::Error` of the `Builder` kind.
+        // POST is not made.
+        testcase(
+            "unix:/run/foo.socket",
+            &format!(
+                "[Reqwest - Builder] Url {{ scheme: \"unix\", host: None, port: None, path: \"/run/foo.socket/sign/{}\", query: None, fragment: None }}",
+                PUBLIC_KEY_1
+            ),
+        );
+        // `Reqwest::Error` of the `Request` kind.
+        testcase(
+            "http://127.0.0.1:0",
+            &format!(
+                "[Reqwest - Request] Url {{ scheme: \"http\", host: Some(Ipv4(127.0.0.1)), port: Some(0), path: \"/sign/{}\", query: None, fragment: None }}",
+                PUBLIC_KEY_1
+            ),
+        );
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn wrong_url() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+
+        let run_testcase = |u: &str| -> Result<String, String> {
+            let url: Url = u.parse().unwrap();
+
+            let reqwest_client = ClientBuilder::new()
+                .timeout(Duration::from_secs(12))
+                .build()
+                .unwrap();
+
+            let test_client = RemoteSignerHttpConsumer::from_components(url, reqwest_client);
+
+            let test_input = get_input_data_block(0xc137);
+            let signature = do_sign_request(&test_client, test_input);
+
+            signature.map_err(|e| format!("{:?}", e))
+        };
+
+        let testcase = |u: &str, msgs: Vec<&str>| {
+            let r = run_testcase(u).unwrap_err();
+
+            for msg in msgs.iter() {
+                assert!(r.contains(msg), format!("{:?} should contain {:?}", r, msg));
+            }
+        };
+
+        testcase(
+            "http://error-dns",
+            vec![
+                "reqwest::Error",
+                "kind: Request",
+                &format!("/sign/{}", PUBLIC_KEY_1),
+                "hyper::Error(Connect, ConnectError",
+                "dns error",
+                "failed to lookup address information",
+            ],
+        );
+
+        test_signer.shutdown();
+    }
+
+    #[test]
+    fn wrong_public_key() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let mut test_input = get_input_data_block(0xc137);
+        test_input.public_key = ABSENT_PUBLIC_KEY.to_string();
+
+        let signature = do_sign_request(&test_client, test_input);
+
+        match signature.unwrap_err() {
+            Error::ServerMessage(msg) => {
+                assert_eq!(msg, format!("Key not found: {}", ABSENT_PUBLIC_KEY))
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn invalid_secret_key() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let mut test_input = get_input_data_block(0xc137);
+        test_input.public_key = PUBLIC_KEY_FOR_INVALID_SECRET_KEY.to_string();
+
+        let signature = do_sign_request(&test_client, test_input);
+
+        match signature.unwrap_err() {
+            Error::ServerMessage(msg) => assert_eq!(
+                msg,
+                format!(
+                    "Invalid secret key: public_key: {}; Invalid hex character: W at index 0",
+                    PUBLIC_KEY_FOR_INVALID_SECRET_KEY
+                )
+            ),
+            e => panic!("{:?}", e),
+        }
+    }
+
+    #[test]
+    fn key_mismatch() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let mut test_input = get_input_data_block(0xc137);
+        test_input.public_key = MISMATCHED_PUBLIC_KEY.to_string();
+
+        let signature = do_sign_request(&test_client, test_input);
+
+        match signature.unwrap_err() {
+            Error::ServerMessage(msg) => {
+                assert_eq!(msg, format!("Key mismatch: {}", MISMATCHED_PUBLIC_KEY))
+            }
+            e => panic!("{:?}", e),
+        }
+    }
+}
--- a/common/remote_signer_consumer/tests/sign_attestation.rs
+++ b/common/remote_signer_consumer/tests/sign_attestation.rs
@@ -0,0 +1,49 @@
+mod sign_attestation {
+    use rand::Rng;
+    use remote_signer_test::*;
+
+    #[test]
+    fn sanity_check_deterministic() {
+        let test_input_local = get_input_local_signer_attestation(0xc137);
+        let local_signature = test_input_local.sign();
+
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_attestation(0xc137);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(local_signature, remote_signature.unwrap());
+        assert_eq!(local_signature, HAPPY_PATH_ATT_SIGNATURE_C137);
+    }
+
+    #[test]
+    fn sanity_check_random() {
+        let mut rng = rand::thread_rng();
+        let seed = rng.gen::<u64>() / 1024;
+
+        let test_input_local = get_input_local_signer_attestation(seed);
+        let local_signature = test_input_local.sign();
+
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_attestation(seed);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(local_signature, remote_signature.unwrap());
+    }
+
+    #[test]
+    fn happy_path() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_attestation(0xc137);
+
+        let signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(signature.unwrap(), HAPPY_PATH_ATT_SIGNATURE_C137);
+
+        test_signer.shutdown();
+    }
+}
--- a/common/remote_signer_consumer/tests/sign_block.rs
+++ b/common/remote_signer_consumer/tests/sign_block.rs
@@ -0,0 +1,49 @@
+mod sign_block {
+    use rand::Rng;
+    use remote_signer_test::*;
+
+    #[test]
+    fn sanity_check_deterministic() {
+        let test_input_local = get_input_local_signer_block(0xc137);
+        let local_signature = test_input_local.sign();
+
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_block(0xc137);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(local_signature, remote_signature.unwrap());
+        assert_eq!(local_signature, HAPPY_PATH_BLOCK_SIGNATURE_C137);
+    }
+
+    #[test]
+    fn sanity_check_random() {
+        let mut rng = rand::thread_rng();
+        let seed = rng.gen::<u64>() / 1024;
+
+        let test_input_local = get_input_local_signer_block(seed);
+        let local_signature = test_input_local.sign();
+
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_block(seed);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(local_signature, remote_signature.unwrap());
+    }
+
+    #[test]
+    fn happy_path() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+        let test_input = get_input_data_block(0xc137);
+
+        let signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(signature.unwrap(), HAPPY_PATH_BLOCK_SIGNATURE_C137);
+
+        test_signer.shutdown();
+    }
+}
--- a/common/remote_signer_consumer/tests/sign_randao.rs
+++ b/common/remote_signer_consumer/tests/sign_randao.rs
@@ -0,0 +1,50 @@
+mod sign_randao {
+    use rand::Rng;
+    use remote_signer_test::*;
+
+    #[test]
+    fn sanity_check_deterministic() {
+        let test_input_local = get_input_local_signer_randao(0xc137);
+        let local_signature = test_input_local.sign();
+
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let test_input = get_input_data_randao(0xc137);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(local_signature, remote_signature.unwrap());
+        assert_eq!(local_signature, HAPPY_PATH_RANDAO_SIGNATURE_C137);
+    }
+
+    #[test]
+    fn sanity_check_random() {
+        let mut rng = rand::thread_rng();
+        let seed = rng.gen::<u64>();
+
+        let test_input_local = get_input_local_signer_randao(seed);
+        let local_signature = test_input_local.sign();
+
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let test_input = get_input_data_randao(seed);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(local_signature, remote_signature.unwrap());
+    }
+
+    #[test]
+    fn happy_path() {
+        let (test_signer, _tmp_dir) = set_up_api_test_signer_to_sign_message();
+        let test_client = set_up_test_consumer(&test_signer.address);
+
+        let test_input = get_input_data_randao(0xc137);
+
+        let remote_signature = do_sign_request(&test_client, test_input);
+
+        assert_eq!(remote_signature.unwrap(), HAPPY_PATH_RANDAO_SIGNATURE_C137);
+    }
+}