Add remotekey API support (#3162)

## Issue Addressed

#3068

## Proposed Changes

Adds support for remote key API.

## Additional Info

Needed to add `is_local_keystore`  argument to `delete_definition_and_keystore` to know if we want to delete local or remote key. Previously this wasn't necessary because remotekeys(web3signers) could be deleted.

validator_client/src/http_api/mod.rs

@@ -1,10 +1,14 @@
 mod api_secret;
 mod create_validator;
 mod keystores;
+mod remotekeys;
 mod tests;
 
 use crate::ValidatorStore;
-use account_utils::mnemonic_from_phrase;
+use account_utils::{
+    mnemonic_from_phrase,
+    validator_definitions::{SigningDefinition, ValidatorDefinition},
+};
 use create_validator::{create_validators_mnemonic, create_validators_web3signer};
 use eth2::lighthouse_vc::{
     std_types::AuthResponse,
@@ -459,7 +463,25 @@ pub fn serve<T: 'static + SlotClock + Clone, E: EthSpec>(
              runtime: Weak<Runtime>| {
                 blocking_signed_json_task(signer, move || {
                     if let Some(runtime) = runtime.upgrade() {
-                        runtime.block_on(create_validators_web3signer(&body, &validator_store))?;
+                        let web3signers: Vec<ValidatorDefinition> = body
+                            .into_iter()
+                            .map(|web3signer| ValidatorDefinition {
+                                enabled: web3signer.enable,
+                                voting_public_key: web3signer.voting_public_key,
+                                graffiti: web3signer.graffiti,
+                                suggested_fee_recipient: web3signer.suggested_fee_recipient,
+                                description: web3signer.description,
+                                signing_definition: SigningDefinition::Web3Signer {
+                                    url: web3signer.url,
+                                    root_certificate_path: web3signer.root_certificate_path,
+                                    request_timeout_ms: web3signer.request_timeout_ms,
+                                },
+                            })
+                            .collect();
+                        runtime.block_on(create_validators_web3signer(
+                            web3signers,
+                            &validator_store,
+                        ))?;
                         Ok(())
                     } else {
                         Err(warp_utils::reject::custom_server_error(
@@ -536,6 +558,7 @@ pub fn serve<T: 'static + SlotClock + Clone, E: EthSpec>(
     // Standard key-manager endpoints.
     let eth_v1 = warp::path("eth").and(warp::path("v1"));
     let std_keystores = eth_v1.and(warp::path("keystores")).and(warp::path::end());
+    let std_remotekeys = eth_v1.and(warp::path("remotekeys")).and(warp::path::end());
 
     // GET /eth/v1/keystores
     let get_std_keystores = std_keystores
@@ -564,16 +587,50 @@ pub fn serve<T: 'static + SlotClock + Clone, E: EthSpec>(
     // DELETE /eth/v1/keystores
     let delete_std_keystores = std_keystores
         .and(warp::body::json())
-        .and(signer)
-        .and(validator_store_filter)
-        .and(runtime_filter)
-        .and(log_filter)
+        .and(signer.clone())
+        .and(validator_store_filter.clone())
+        .and(runtime_filter.clone())
+        .and(log_filter.clone())
         .and_then(|request, signer, validator_store, runtime, log| {
             blocking_signed_json_task(signer, move || {
                 keystores::delete(request, validator_store, runtime, log)
             })
         });
 
+    // GET /eth/v1/remotekeys
+    let get_std_remotekeys = std_remotekeys
+        .and(signer.clone())
+        .and(validator_store_filter.clone())
+        .and_then(|signer, validator_store: Arc<ValidatorStore<T, E>>| {
+            blocking_signed_json_task(signer, move || Ok(remotekeys::list(validator_store)))
+        });
+
+    // POST /eth/v1/remotekeys
+    let post_std_remotekeys = std_remotekeys
+        .and(warp::body::json())
+        .and(signer.clone())
+        .and(validator_store_filter.clone())
+        .and(runtime_filter.clone())
+        .and(log_filter.clone())
+        .and_then(|request, signer, validator_store, runtime, log| {
+            blocking_signed_json_task(signer, move || {
+                remotekeys::import(request, validator_store, runtime, log)
+            })
+        });
+
+    // DELETE /eth/v1/remotekeys
+    let delete_std_remotekeys = std_remotekeys
+        .and(warp::body::json())
+        .and(signer)
+        .and(validator_store_filter)
+        .and(runtime_filter)
+        .and(log_filter.clone())
+        .and_then(|request, signer, validator_store, runtime, log| {
+            blocking_signed_json_task(signer, move || {
+                remotekeys::delete(request, validator_store, runtime, log)
+            })
+        });
+
     let routes = warp::any()
         .and(authorization_header_filter)
         // Note: it is critical that the `authorization_header_filter` is applied to all routes.
@@ -588,17 +645,19 @@ pub fn serve<T: 'static + SlotClock + Clone, E: EthSpec>(
                         .or(get_lighthouse_spec)
                         .or(get_lighthouse_validators)
                         .or(get_lighthouse_validators_pubkey)
-                        .or(get_std_keystores),
+                        .or(get_std_keystores)
+                        .or(get_std_remotekeys),
                 )
                 .or(warp::post().and(
                     post_validators
                         .or(post_validators_keystore)
                         .or(post_validators_mnemonic)
                         .or(post_validators_web3signer)
-                        .or(post_std_keystores),
+                        .or(post_std_keystores)
+                        .or(post_std_remotekeys),
                 ))
                 .or(warp::patch().and(patch_validators))
-                .or(warp::delete().and(delete_std_keystores)),
+                .or(warp::delete().and(delete_std_keystores.or(delete_std_remotekeys))),
         )
         // The auth route is the only route that is allowed to be accessed without the API token.
         .or(warp::get().and(get_auth))