Skip to content

Commit

Permalink
make secrets configurable (#1122)
Browse files Browse the repository at this point in the history
  • Loading branch information
@al8n
al8n authored Jun 10, 2024
1 parent 0d7a1dc commit 19a544f
Show file tree
Hide file tree
Showing 7 changed files with 341 additions and 88 deletions.
89 changes: 31 additions & 58 deletions crates/core/src/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,17 @@ use std::{
time::Duration,
};

use anyhow::Context;
use directories::ProjectDirs;
use either::Either;
use once_cell::sync::Lazy;
use rsa::pkcs8::DecodePrivateKey;
use serde::{Deserialize, Serialize};
use tokio::runtime::Runtime;

use crate::{dev_tool::PeerId, local_node::OperationMode, transport::TransportKeypair};

mod secret;
pub use secret::*;

/// Default maximum number of connections for the peer.
pub const DEFAULT_MAX_CONNECTIONS: usize = 20;
/// Default minimum number of connections for the peer.
Expand Down Expand Up @@ -53,9 +54,8 @@ pub struct ConfigArgs {
#[clap(flatten)]
pub network_listener: NetworkArgs,

/// Path to the RSA private key for the transport layer.
#[clap(long, value_parser, default_value=None, env = "TRANSPORT_KEYPAIR")]
pub transport_keypair: Option<PathBuf>,
#[clap(flatten)]
pub secrets: SecretArgs,

#[clap(long, env = "LOG_LEVEL")]
pub log_level: Option<tracing::log::LevelFilter>,
Expand Down Expand Up @@ -83,7 +83,7 @@ impl Default for ConfigArgs {
address: Some(default_address()),
ws_api_port: Some(default_http_gateway_port()),
},
transport_keypair: None,
secrets: Default::default(),
log_level: Some(tracing::log::LevelFilter::Info),
config_paths: Default::default(),
id: None,
Expand Down Expand Up @@ -122,6 +122,7 @@ impl ConfigArgs {

None
});

match config_args {
Some((filename, ext)) => {
let path = dir.join(&filename).with_extension(&ext);
Expand All @@ -131,14 +132,26 @@ impl ConfigArgs {
let mut file = File::open(&path)?;
let mut content = String::new();
file.read_to_string(&mut content)?;
let config = toml::from_str::<Config>(&content).map_err(|e| {
let mut config = toml::from_str::<Config>(&content).map_err(|e| {
std::io::Error::new(std::io::ErrorKind::InvalidData, e.to_string())
})?;
let secrets = Self::read_secrets(
config.secrets.transport_keypair_path,
config.secrets.nonce_path,
config.secrets.cipher_path,
)?;
config.secrets = secrets;
Ok(Some(config))
}
"json" => {
let mut file = File::open(&path)?;
let config = serde_json::from_reader::<_, Config>(&mut file)?;
let mut config = serde_json::from_reader::<_, Config>(&mut file)?;
let secrets = Self::read_secrets(
config.secrets.transport_keypair_path,
config.secrets.nonce_path,
config.secrets.cipher_path,
)?;
config.secrets = secrets;
Ok(Some(config))
}
ext => Err(std::io::Error::new(
Expand All @@ -151,33 +164,6 @@ impl ConfigArgs {
}
}

fn read_transport_keypair(
path_to_key: PathBuf,
) -> std::io::Result<(PathBuf, TransportKeypair)> {
let mut key_file = File::open(&path_to_key).map_err(|e| {
std::io::Error::new(
e.kind(),
format!("Failed to open key file {}: {e}", path_to_key.display()),
)
})?;
let mut buf = String::new();
key_file.read_to_string(&mut buf).map_err(|e| {
std::io::Error::new(
e.kind(),
format!("Failed to read key file {}: {e}", path_to_key.display()),
)
})?;

let pk = rsa::RsaPrivateKey::from_pkcs8_pem(&buf).map_err(|e| {
std::io::Error::new(
std::io::ErrorKind::InvalidData,
format!("Failed to read key file {}: {e}", path_to_key.display()),
)
})?;

Ok::<_, std::io::Error>((path_to_key, TransportKeypair::from_private_key(pk)))
}

/// Parse the command line arguments and return the configuration.
pub fn build(mut self) -> anyhow::Result<Config> {
let cfg = if let Some(path) = self.config_paths.config_dir.as_ref() {
Expand Down Expand Up @@ -214,9 +200,7 @@ impl ConfigArgs {

// merge the configuration from the file with the command line arguments
if let Some(cfg) = cfg {
if let Some(key) = cfg.transport_keypair_path {
self.transport_keypair.get_or_insert(key);
}
self.secrets.merge(cfg.secrets);
self.mode.get_or_insert(cfg.mode);
self.ws_api.address.get_or_insert(cfg.ws_api.address);
self.ws_api.ws_api_port.get_or_insert(cfg.ws_api.port);
Expand All @@ -227,25 +211,17 @@ impl ConfigArgs {
let mode = self.mode.unwrap_or(OperationMode::Network);
let config_paths = self.config_paths.build(self.id.as_deref())?;

let transport_key = self
.transport_keypair
.map(Self::read_transport_keypair)
.transpose()
.with_context(|| "failed while reading transport key file")?;
let (transport_keypair_path, transport_keypair) =
if let Some((transport_key_path, transport_key)) = transport_key {
(Some(transport_key_path), transport_key)
} else {
let transport_key = TransportKeypair::new();
(None, transport_key)
};
let secrets = self.secrets.build()?;

let peer_id = self
.network_listener
.public_address
.zip(self.network_listener.public_port)
.map(|(addr, port)| {
PeerId::new((addr, port).into(), transport_keypair.public().clone())
PeerId::new(
(addr, port).into(),
secrets.transport_keypair.public().clone(),
)
});
let gateways_file = config_paths.config_dir.join("gateways.toml");
let gateways = match File::open(&*gateways_file) {
Expand Down Expand Up @@ -301,8 +277,7 @@ impl ConfigArgs {
.ws_api_port
.unwrap_or(default_http_gateway_port()),
},
transport_keypair,
transport_keypair_path,
secrets,
log_level: self.log_level.unwrap_or(tracing::log::LevelFilter::Info),
config_paths: Arc::new(config_paths),
gateways,
Expand Down Expand Up @@ -376,10 +351,8 @@ pub struct Config {
pub network_api: NetworkApiConfig,
#[serde(flatten)]
pub ws_api: WebsocketApiConfig,
#[serde(skip)]
pub transport_keypair: TransportKeypair,
#[serde(rename = "transport_keypair", skip_serializing_if = "Option::is_none")]
pub transport_keypair_path: Option<PathBuf>,
#[serde(flatten)]
pub secrets: Secrets,
#[serde(with = "serde_log_level_filter")]
pub log_level: tracing::log::LevelFilter,
#[serde(flatten)]
Expand All @@ -393,7 +366,7 @@ pub struct Config {

impl Config {
pub fn transport_keypair(&self) -> &TransportKeypair {
&self.transport_keypair
self.secrets.transport_keypair()
}

pub(crate) fn paths(&self) -> Arc<ConfigPaths> {
Expand Down
Loading

0 comments on commit 19a544f

Please sign in to comment.