keystore v2 work
This commit is contained in:
parent
3dadd40bba
commit
de16535651
GPG Key ID:
FDBF740DADDCEECF
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<project version="4">
|
<project version="4">
|
||||||
<component name="DataSourceManagerImpl" format="xml" multifile-model="true">
|
<component name="DataSourceManagerImpl" format="xml" multifile-model="true">
|
||||||
<data-source source="LOCAL" name="trifidapi@localhost" uuid="39c81b89-3fc4-493f-b203-7a00527cffe6">
|
<data-source source="LOCAL" name="trifid@localhost" uuid="39c81b89-3fc4-493f-b203-7a00527cffe6">
|
||||||
<driver-ref>postgresql</driver-ref>
|
<driver-ref>postgresql</driver-ref>
|
||||||
<synchronize>true</synchronize>
|
<synchronize>true</synchronize>
|
||||||
<jdbc-driver>org.postgresql.Driver</jdbc-driver>
|
<jdbc-driver>org.postgresql.Driver</jdbc-driver>
|
||||||
|
|
|
||||||
|
|
@ -3928,14 +3928,14 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "trifid_api_entities"
|
name = "trifid_api_entities"
|
||||||
version = "0.1.2"
|
version = "0.2.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"sea-orm",
|
"sea-orm",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "trifid_api_migration"
|
name = "trifid_api_migration"
|
||||||
version = "0.1.2"
|
version = "0.2.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"async-std",
|
"async-std",
|
||||||
"async-trait",
|
"async-trait",
|
||||||
|
|
|
||||||
|
|
@ -26,8 +26,8 @@ log = "0.4" # Logging
|
||||||
simple_logger = "4" # Logging
|
simple_logger = "4" # Logging
|
||||||
|
|
||||||
sea-orm = { version = "0.12", features = [ "sqlx-postgres", "runtime-actix-rustls", "macros" ]} # Database
|
sea-orm = { version = "0.12", features = [ "sqlx-postgres", "runtime-actix-rustls", "macros" ]} # Database
|
||||||
trifid_api_migration = { version = "0.1", path = "trifid_api_migration" } # Database
|
trifid_api_migration = { version = "0.2", path = "trifid_api_migration" } # Database
|
||||||
trifid_api_entities = { version = "0.1", path = "trifid_api_entities" } # Database
|
trifid_api_entities = { version = "0.2", path = "trifid_api_entities" } # Database
|
||||||
|
|
||||||
rand = "0.8" # Misc.
|
rand = "0.8" # Misc.
|
||||||
hex = "0.4" # Misc.
|
hex = "0.4" # Misc.
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ use crate::error::APIErrorsResponse;
|
||||||
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
|
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
|
||||||
use sea_orm::ActiveValue::Set;
|
use sea_orm::ActiveValue::Set;
|
||||||
use trifid_api_entities::entity::prelude::KeystoreHost;
|
use trifid_api_entities::entity::prelude::KeystoreHost;
|
||||||
|
use crate::tokens::random_id;
|
||||||
|
|
||||||
#[post("/v1/dnclient")]
|
#[post("/v1/dnclient")]
|
||||||
pub async fn dnclient(
|
pub async fn dnclient(
|
||||||
|
|
@ -321,25 +322,11 @@ pub async fn dnclient(
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
//// START KEYSTORE ENTRY - THIS IS THE BUGGY ZONE ////
|
||||||
|
|
||||||
let ks = keystore_header;
|
let ks = keystore_header;
|
||||||
|
|
||||||
ks.certs.push(KSCert {
|
// make a new keystore entity
|
||||||
id: ks.current_cert + 1,
|
|
||||||
cert,
|
|
||||||
});
|
|
||||||
ks.current_cert += 1;
|
|
||||||
|
|
||||||
ks.config.push(KSConfig {
|
|
||||||
id: ks.current_config + 1,
|
|
||||||
config: cfg.clone(),
|
|
||||||
});
|
|
||||||
ks.current_config += 1;
|
|
||||||
|
|
||||||
ks.signing_keys.push(KSSigningKey {
|
|
||||||
id: ks.current_signing_key + 1,
|
|
||||||
key: ks.signing_keys[0].key.clone(),
|
|
||||||
});
|
|
||||||
ks.current_signing_key += 1;
|
|
||||||
|
|
||||||
let dh_pubkey = match deserialize_x25519_public(&do_update_req.dh_pubkey_pem) {
|
let dh_pubkey = match deserialize_x25519_public(&do_update_req.dh_pubkey_pem) {
|
||||||
Ok(r) => r,
|
Ok(r) => r,
|
||||||
|
|
@ -365,28 +352,30 @@ pub async fn dnclient(
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let dh_pubkey_typed: [u8; 32] = dh_pubkey.try_into().unwrap();
|
let config_str = match serde_yaml::to_string(&cfg) {
|
||||||
|
Ok(c_str) => c_str,
|
||||||
ks.client_keys.push(KSClientKey {
|
|
||||||
id: ks.current_client_key + 1,
|
|
||||||
dh_pub: PublicKey::from(dh_pubkey_typed),
|
|
||||||
ed_pub: VerifyingKey::from_bytes(&ed_pubkey.try_into().unwrap()).unwrap(),
|
|
||||||
});
|
|
||||||
ks.current_client_key += 1;
|
|
||||||
|
|
||||||
let host_in_ks = ks.clone();
|
|
||||||
|
|
||||||
match keystore_flush(&keystore) {
|
|
||||||
Ok(_) => (),
|
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("keystore save error: {}", e);
|
error!("config serialization error: {}", e);
|
||||||
return HttpResponse::InternalServerError().json(vec![APIError {
|
return HttpResponse::InternalServerError().json(vec![APIError {
|
||||||
code: "ERR_SAVE_ERR".to_string(),
|
code: "ERR_CFG_SERIALIZATION".to_string(),
|
||||||
message: "There was an error saving the keystore.".to_string(),
|
message: "There was an error serializing the new configuration."
|
||||||
|
.to_string(),
|
||||||
path: None,
|
path: None,
|
||||||
}]);
|
}]);
|
||||||
}
|
}
|
||||||
}
|
};
|
||||||
|
|
||||||
|
let new_ks_entry = keystore_entry::Model {
|
||||||
|
id: random_id("ksentry"),
|
||||||
|
host: keystore_header.id.clone(),
|
||||||
|
counter: counter + 1,
|
||||||
|
signing_key: keystore_data.signing_key.clone(), // TODO: Rotate keys
|
||||||
|
client_signing_key: ed_pubkey,
|
||||||
|
client_dh_key: dh_pubkey,
|
||||||
|
config: config_str.clone()
|
||||||
|
};
|
||||||
|
|
||||||
|
//// THIS IS THE END OF THE KEYSTORE ADDING BUGGY AREA ////
|
||||||
|
|
||||||
// get the signing key that the client last trusted based on its current config version
|
// get the signing key that the client last trusted based on its current config version
|
||||||
// this is their current counter
|
// this is their current counter
|
||||||
|
|
@ -397,19 +386,8 @@ pub async fn dnclient(
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
let msg = DoUpdateResponse {
|
let msg = DoUpdateResponse {
|
||||||
config: match serde_yaml::to_string(&cfg) {
|
config: config_str.as_bytes().to_vec(),
|
||||||
Ok(c_str) => c_str.as_bytes().to_vec(),
|
counter: counter as u32,
|
||||||
Err(e) => {
|
|
||||||
error!("config serialization error: {}", e);
|
|
||||||
return HttpResponse::InternalServerError().json(vec![APIError {
|
|
||||||
code: "ERR_CFG_SERIALIZATION".to_string(),
|
|
||||||
message: "There was an error serializing the new configuration."
|
|
||||||
.to_string(),
|
|
||||||
path: None,
|
|
||||||
}]);
|
|
||||||
}
|
|
||||||
},
|
|
||||||
counter: host_in_ks.current_config as u32,
|
|
||||||
nonce: do_update_req.nonce,
|
nonce: do_update_req.nonce,
|
||||||
trusted_keys: ed25519_public_keys_to_pem(&[signing_key.key.verifying_key()]),
|
trusted_keys: ed25519_public_keys_to_pem(&[signing_key.key.verifying_key()]),
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "trifid_api_entities"
|
name = "trifid_api_entities"
|
||||||
version = "0.1.2"
|
version = "0.2.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
description = "Database entities for trifid-api"
|
description = "Database entities for trifid-api"
|
||||||
license = "GPL-3.0-or-later"
|
license = "GPL-3.0-or-later"
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "trifid_api_migration"
|
name = "trifid_api_migration"
|
||||||
version = "0.1.2"
|
version = "0.2.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
description = "Database migrations for trifid-api"
|
description = "Database migrations for trifid-api"
|
||||||
license = "GPL-3.0-or-later"
|
license = "GPL-3.0-or-later"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue