keystore v2 work
This commit is contained in:
parent
3dadd40bba
commit
de16535651
6 changed files with 32 additions and 54 deletions
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="DataSourceManagerImpl" format="xml" multifile-model="true">
|
||||
<data-source source="LOCAL" name="trifidapi@localhost" uuid="39c81b89-3fc4-493f-b203-7a00527cffe6">
|
||||
<data-source source="LOCAL" name="trifid@localhost" uuid="39c81b89-3fc4-493f-b203-7a00527cffe6">
|
||||
<driver-ref>postgresql</driver-ref>
|
||||
<synchronize>true</synchronize>
|
||||
<jdbc-driver>org.postgresql.Driver</jdbc-driver>
|
||||
|
|
4
Cargo.lock
generated
4
Cargo.lock
generated
|
@ -3928,14 +3928,14 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "trifid_api_entities"
|
||||
version = "0.1.2"
|
||||
version = "0.2.0"
|
||||
dependencies = [
|
||||
"sea-orm",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "trifid_api_migration"
|
||||
version = "0.1.2"
|
||||
version = "0.2.0"
|
||||
dependencies = [
|
||||
"async-std",
|
||||
"async-trait",
|
||||
|
|
|
@ -26,8 +26,8 @@ log = "0.4" # Logging
|
|||
simple_logger = "4" # Logging
|
||||
|
||||
sea-orm = { version = "0.12", features = [ "sqlx-postgres", "runtime-actix-rustls", "macros" ]} # Database
|
||||
trifid_api_migration = { version = "0.1", path = "trifid_api_migration" } # Database
|
||||
trifid_api_entities = { version = "0.1", path = "trifid_api_entities" } # Database
|
||||
trifid_api_migration = { version = "0.2", path = "trifid_api_migration" } # Database
|
||||
trifid_api_entities = { version = "0.2", path = "trifid_api_entities" } # Database
|
||||
|
||||
rand = "0.8" # Misc.
|
||||
hex = "0.4" # Misc.
|
||||
|
|
|
@ -22,6 +22,7 @@ use crate::error::APIErrorsResponse;
|
|||
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
|
||||
use sea_orm::ActiveValue::Set;
|
||||
use trifid_api_entities::entity::prelude::KeystoreHost;
|
||||
use crate::tokens::random_id;
|
||||
|
||||
#[post("/v1/dnclient")]
|
||||
pub async fn dnclient(
|
||||
|
@ -321,25 +322,11 @@ pub async fn dnclient(
|
|||
}
|
||||
};
|
||||
|
||||
//// START KEYSTORE ENTRY - THIS IS THE BUGGY ZONE ////
|
||||
|
||||
let ks = keystore_header;
|
||||
|
||||
ks.certs.push(KSCert {
|
||||
id: ks.current_cert + 1,
|
||||
cert,
|
||||
});
|
||||
ks.current_cert += 1;
|
||||
|
||||
ks.config.push(KSConfig {
|
||||
id: ks.current_config + 1,
|
||||
config: cfg.clone(),
|
||||
});
|
||||
ks.current_config += 1;
|
||||
|
||||
ks.signing_keys.push(KSSigningKey {
|
||||
id: ks.current_signing_key + 1,
|
||||
key: ks.signing_keys[0].key.clone(),
|
||||
});
|
||||
ks.current_signing_key += 1;
|
||||
// make a new keystore entity
|
||||
|
||||
let dh_pubkey = match deserialize_x25519_public(&do_update_req.dh_pubkey_pem) {
|
||||
Ok(r) => r,
|
||||
|
@ -365,28 +352,30 @@ pub async fn dnclient(
|
|||
}
|
||||
};
|
||||
|
||||
let dh_pubkey_typed: [u8; 32] = dh_pubkey.try_into().unwrap();
|
||||
|
||||
ks.client_keys.push(KSClientKey {
|
||||
id: ks.current_client_key + 1,
|
||||
dh_pub: PublicKey::from(dh_pubkey_typed),
|
||||
ed_pub: VerifyingKey::from_bytes(&ed_pubkey.try_into().unwrap()).unwrap(),
|
||||
});
|
||||
ks.current_client_key += 1;
|
||||
|
||||
let host_in_ks = ks.clone();
|
||||
|
||||
match keystore_flush(&keystore) {
|
||||
Ok(_) => (),
|
||||
let config_str = match serde_yaml::to_string(&cfg) {
|
||||
Ok(c_str) => c_str,
|
||||
Err(e) => {
|
||||
error!("keystore save error: {}", e);
|
||||
error!("config serialization error: {}", e);
|
||||
return HttpResponse::InternalServerError().json(vec![APIError {
|
||||
code: "ERR_SAVE_ERR".to_string(),
|
||||
message: "There was an error saving the keystore.".to_string(),
|
||||
code: "ERR_CFG_SERIALIZATION".to_string(),
|
||||
message: "There was an error serializing the new configuration."
|
||||
.to_string(),
|
||||
path: None,
|
||||
}]);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
let new_ks_entry = keystore_entry::Model {
|
||||
id: random_id("ksentry"),
|
||||
host: keystore_header.id.clone(),
|
||||
counter: counter + 1,
|
||||
signing_key: keystore_data.signing_key.clone(), // TODO: Rotate keys
|
||||
client_signing_key: ed_pubkey,
|
||||
client_dh_key: dh_pubkey,
|
||||
config: config_str.clone()
|
||||
};
|
||||
|
||||
//// THIS IS THE END OF THE KEYSTORE ADDING BUGGY AREA ////
|
||||
|
||||
// get the signing key that the client last trusted based on its current config version
|
||||
// this is their current counter
|
||||
|
@ -397,19 +386,8 @@ pub async fn dnclient(
|
|||
.unwrap();
|
||||
|
||||
let msg = DoUpdateResponse {
|
||||
config: match serde_yaml::to_string(&cfg) {
|
||||
Ok(c_str) => c_str.as_bytes().to_vec(),
|
||||
Err(e) => {
|
||||
error!("config serialization error: {}", e);
|
||||
return HttpResponse::InternalServerError().json(vec![APIError {
|
||||
code: "ERR_CFG_SERIALIZATION".to_string(),
|
||||
message: "There was an error serializing the new configuration."
|
||||
.to_string(),
|
||||
path: None,
|
||||
}]);
|
||||
}
|
||||
},
|
||||
counter: host_in_ks.current_config as u32,
|
||||
config: config_str.as_bytes().to_vec(),
|
||||
counter: counter as u32,
|
||||
nonce: do_update_req.nonce,
|
||||
trusted_keys: ed25519_public_keys_to_pem(&[signing_key.key.verifying_key()]),
|
||||
};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "trifid_api_entities"
|
||||
version = "0.1.2"
|
||||
version = "0.2.0"
|
||||
edition = "2021"
|
||||
description = "Database entities for trifid-api"
|
||||
license = "GPL-3.0-or-later"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "trifid_api_migration"
|
||||
version = "0.1.2"
|
||||
version = "0.2.0"
|
||||
edition = "2021"
|
||||
description = "Database migrations for trifid-api"
|
||||
license = "GPL-3.0-or-later"
|
||||
|
|
Loading…
Reference in a new issue