core
/
trifid
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 7 Releases Wiki Activity

keystore v2 done !

This commit is contained in:
core 2023-08-18 23:58:00 -04:00
parent 810b87986b
commit 1b85754971
Signed by: core
GPG Key ID: FDBF740DADDCEECF
3 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
trifid-api/src/response.rs
View File

@ -4,7 +4,7 @@ use actix_web::body::EitherBody;
use actix_web::web::Json;
use log::error;
use sea_orm::DbErr;
use serde::Serialize;
use crate::error::{APIError, APIErrorsResponse};
pub struct OkResponse<T: Responder>(T);
@ -30,15 +30,13 @@ impl Responder for ErrResponse {
impl From<DbErr> for ErrResponse {
fn from(value: DbErr) -> Self {
error!("database error: {}", value);
Self {
0: APIErrorsResponse { errors: vec![
Self(APIErrorsResponse { errors: vec![
APIError {
code: "ERR_DB_ERROR".to_string(),
message: "There was an error performing the database query. Please try again later.".to_string(),
path: None,
}
] },
}
] })
}
}

11
trifid-api/src/routes/v1/dnclient.rs
View File

@ -12,10 +12,9 @@ use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
use log::{error, warn};
use std::clone::Clone;
use std::time::{SystemTime, UNIX_EPOCH};
use ed25519_dalek::ed25519::signature::Keypair;
use sea_orm::{ActiveModelTrait, EntityTrait};
use trifid_pki::cert::{deserialize_ed25519_public, deserialize_x25519_public};
use trifid_pki::x25519_dalek::PublicKey;
use trifid_api_entities::entity::{host, keystore_entry, keystore_host};
use crate::error::APIErrorsResponse;
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
@ -43,7 +42,7 @@ pub async fn dnclient(
let host_in_ks = match keystore_host::Entity::find().filter(keystore_host::Column::Id.eq(host)).one(&db.conn).await {
Ok(maybe_host) => maybe_host,
Err(e) => {
Err(_e) => {
return HttpResponse::InternalServerError().json(vec![APIError {
code: "ERR_DB_ERROR".to_string(),
message: "There was an error finding the keys for your host, please contact your administrator".to_string(),
@ -70,7 +69,7 @@ pub async fn dnclient(
let key_info = match keystore_entry::Entity::find().filter(keystore_entry::Column::Host.eq(&keystore_header.id)).one(&db.conn).await {
Ok(maybe_keys) => maybe_keys,
Err(e) => {
Err(_e) => {
return HttpResponse::InternalServerError().json(vec![APIError {
code: "ERR_DB_ERROR".to_string(),
message: "There was an error finding the keys for your host, please contact your administrator".to_string(),
@ -107,7 +106,7 @@ pub async fn dnclient(
let key = VerifyingKey::from_bytes(&keystore_data.client_signing_key.try_into().unwrap()).unwrap();
if !key.verify(&req.message.as_bytes(), &signature).is_ok() {
if key.verify(req.message.as_bytes(), &signature).is_err() {
// Be intentionally vague as the message is invalid.
warn!("! invalid signature from {}", host);
return HttpResponse::Unauthorized().json(vec![APIError {
@ -344,7 +343,7 @@ pub async fn dnclient(
}
};
let ks_entry_model = keystore_entry::Model {
let _ks_entry_model = keystore_entry::Model {
id: random_id("ksentry"),
host: host.clone(),
counter: counter + 1,

8
trifid-api/src/routes/v2/enroll.rs
View File

@ -1,10 +1,10 @@
use actix_web::web::{Data, Json};
use actix_web::{post, HttpRequest, HttpResponse, Responder, ResponseError};
use base64::Engine;
use actix_web::{post, HttpRequest, HttpResponse, Responder};
use dnapi_rs::message::{
APIError, EnrollRequest, EnrollResponse, EnrollResponseData, EnrollResponseDataOrg,
};
use ed25519_dalek::{SigningKey, VerifyingKey};
use ed25519_dalek::{SigningKey};
use log::{debug, error};
use rand::rngs::OsRng;
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
@ -202,7 +202,7 @@ pub async fn enroll(
config: cfg.as_bytes().to_vec(),
host_id: enroll_info.host.clone(),
counter: 1,
trusted_keys: serialize_ed25519_public(&key.verifying_key().to_bytes().to_vec()),
trusted_keys: serialize_ed25519_public(key.verifying_key().to_bytes().as_ref()),
organization: EnrollResponseDataOrg {
id: info.organization.id.clone(),
name: info.organization.name.clone(),