keystore v2 done !
This commit is contained in:
parent
810b87986b
commit
1b85754971
GPG Key ID:
FDBF740DADDCEECF
|
|
@ -4,7 +4,7 @@ use actix_web::body::EitherBody;
|
||||||
use actix_web::web::Json;
|
use actix_web::web::Json;
|
||||||
use log::error;
|
use log::error;
|
||||||
use sea_orm::DbErr;
|
use sea_orm::DbErr;
|
||||||
use serde::Serialize;
|
|
||||||
use crate::error::{APIError, APIErrorsResponse};
|
use crate::error::{APIError, APIErrorsResponse};
|
||||||
|
|
||||||
pub struct OkResponse<T: Responder>(T);
|
pub struct OkResponse<T: Responder>(T);
|
||||||
|
|
@ -30,15 +30,13 @@ impl Responder for ErrResponse {
|
||||||
impl From<DbErr> for ErrResponse {
|
impl From<DbErr> for ErrResponse {
|
||||||
fn from(value: DbErr) -> Self {
|
fn from(value: DbErr) -> Self {
|
||||||
error!("database error: {}", value);
|
error!("database error: {}", value);
|
||||||
Self {
|
Self(APIErrorsResponse { errors: vec![
|
||||||
0: APIErrorsResponse { errors: vec![
|
|
||||||
APIError {
|
APIError {
|
||||||
code: "ERR_DB_ERROR".to_string(),
|
code: "ERR_DB_ERROR".to_string(),
|
||||||
message: "There was an error performing the database query. Please try again later.".to_string(),
|
message: "There was an error performing the database query. Please try again later.".to_string(),
|
||||||
path: None,
|
path: None,
|
||||||
}
|
}
|
||||||
] },
|
] })
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,10 +12,9 @@ use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
|
||||||
use log::{error, warn};
|
use log::{error, warn};
|
||||||
use std::clone::Clone;
|
use std::clone::Clone;
|
||||||
use std::time::{SystemTime, UNIX_EPOCH};
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
use ed25519_dalek::ed25519::signature::Keypair;
|
|
||||||
use sea_orm::{ActiveModelTrait, EntityTrait};
|
use sea_orm::{ActiveModelTrait, EntityTrait};
|
||||||
use trifid_pki::cert::{deserialize_ed25519_public, deserialize_x25519_public};
|
use trifid_pki::cert::{deserialize_ed25519_public, deserialize_x25519_public};
|
||||||
use trifid_pki::x25519_dalek::PublicKey;
|
|
||||||
use trifid_api_entities::entity::{host, keystore_entry, keystore_host};
|
use trifid_api_entities::entity::{host, keystore_entry, keystore_host};
|
||||||
use crate::error::APIErrorsResponse;
|
use crate::error::APIErrorsResponse;
|
||||||
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
|
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
|
||||||
|
|
@ -43,7 +42,7 @@ pub async fn dnclient(
|
||||||
|
|
||||||
let host_in_ks = match keystore_host::Entity::find().filter(keystore_host::Column::Id.eq(host)).one(&db.conn).await {
|
let host_in_ks = match keystore_host::Entity::find().filter(keystore_host::Column::Id.eq(host)).one(&db.conn).await {
|
||||||
Ok(maybe_host) => maybe_host,
|
Ok(maybe_host) => maybe_host,
|
||||||
Err(e) => {
|
Err(_e) => {
|
||||||
return HttpResponse::InternalServerError().json(vec![APIError {
|
return HttpResponse::InternalServerError().json(vec![APIError {
|
||||||
code: "ERR_DB_ERROR".to_string(),
|
code: "ERR_DB_ERROR".to_string(),
|
||||||
message: "There was an error finding the keys for your host, please contact your administrator".to_string(),
|
message: "There was an error finding the keys for your host, please contact your administrator".to_string(),
|
||||||
|
|
@ -70,7 +69,7 @@ pub async fn dnclient(
|
||||||
|
|
||||||
let key_info = match keystore_entry::Entity::find().filter(keystore_entry::Column::Host.eq(&keystore_header.id)).one(&db.conn).await {
|
let key_info = match keystore_entry::Entity::find().filter(keystore_entry::Column::Host.eq(&keystore_header.id)).one(&db.conn).await {
|
||||||
Ok(maybe_keys) => maybe_keys,
|
Ok(maybe_keys) => maybe_keys,
|
||||||
Err(e) => {
|
Err(_e) => {
|
||||||
return HttpResponse::InternalServerError().json(vec![APIError {
|
return HttpResponse::InternalServerError().json(vec![APIError {
|
||||||
code: "ERR_DB_ERROR".to_string(),
|
code: "ERR_DB_ERROR".to_string(),
|
||||||
message: "There was an error finding the keys for your host, please contact your administrator".to_string(),
|
message: "There was an error finding the keys for your host, please contact your administrator".to_string(),
|
||||||
|
|
@ -107,7 +106,7 @@ pub async fn dnclient(
|
||||||
|
|
||||||
let key = VerifyingKey::from_bytes(&keystore_data.client_signing_key.try_into().unwrap()).unwrap();
|
let key = VerifyingKey::from_bytes(&keystore_data.client_signing_key.try_into().unwrap()).unwrap();
|
||||||
|
|
||||||
if !key.verify(&req.message.as_bytes(), &signature).is_ok() {
|
if key.verify(req.message.as_bytes(), &signature).is_err() {
|
||||||
// Be intentionally vague as the message is invalid.
|
// Be intentionally vague as the message is invalid.
|
||||||
warn!("! invalid signature from {}", host);
|
warn!("! invalid signature from {}", host);
|
||||||
return HttpResponse::Unauthorized().json(vec![APIError {
|
return HttpResponse::Unauthorized().json(vec![APIError {
|
||||||
|
|
@ -344,7 +343,7 @@ pub async fn dnclient(
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let ks_entry_model = keystore_entry::Model {
|
let _ks_entry_model = keystore_entry::Model {
|
||||||
id: random_id("ksentry"),
|
id: random_id("ksentry"),
|
||||||
host: host.clone(),
|
host: host.clone(),
|
||||||
counter: counter + 1,
|
counter: counter + 1,
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
use actix_web::web::{Data, Json};
|
use actix_web::web::{Data, Json};
|
||||||
use actix_web::{post, HttpRequest, HttpResponse, Responder, ResponseError};
|
use actix_web::{post, HttpRequest, HttpResponse, Responder};
|
||||||
use base64::Engine;
|
|
||||||
use dnapi_rs::message::{
|
use dnapi_rs::message::{
|
||||||
APIError, EnrollRequest, EnrollResponse, EnrollResponseData, EnrollResponseDataOrg,
|
APIError, EnrollRequest, EnrollResponse, EnrollResponseData, EnrollResponseDataOrg,
|
||||||
};
|
};
|
||||||
use ed25519_dalek::{SigningKey, VerifyingKey};
|
use ed25519_dalek::{SigningKey};
|
||||||
use log::{debug, error};
|
use log::{debug, error};
|
||||||
use rand::rngs::OsRng;
|
use rand::rngs::OsRng;
|
||||||
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
|
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
|
||||||
|
|
@ -202,7 +202,7 @@ pub async fn enroll(
|
||||||
config: cfg.as_bytes().to_vec(),
|
config: cfg.as_bytes().to_vec(),
|
||||||
host_id: enroll_info.host.clone(),
|
host_id: enroll_info.host.clone(),
|
||||||
counter: 1,
|
counter: 1,
|
||||||
trusted_keys: serialize_ed25519_public(&key.verifying_key().to_bytes().to_vec()),
|
trusted_keys: serialize_ed25519_public(key.verifying_key().to_bytes().as_ref()),
|
||||||
organization: EnrollResponseDataOrg {
|
organization: EnrollResponseDataOrg {
|
||||||
id: info.organization.id.clone(),
|
id: info.organization.id.clone(),
|
||||||
name: info.organization.name.clone(),
|
name: info.organization.name.clone(),
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue