push-yyxvkwvyspxv #21
@@ -43,11 +43,11 @@ pub enum BootstrapError {
|
||||
}
|
||||
|
||||
#[derive(Actor)]
|
||||
pub struct BootstrapActor {
|
||||
pub struct Bootstrapper {
|
||||
token: Option<String>,
|
||||
}
|
||||
|
||||
impl BootstrapActor {
|
||||
impl Bootstrapper {
|
||||
pub async fn new(db: &DatabasePool) -> Result<Self, BootstrapError> {
|
||||
let mut conn = db.get().await?;
|
||||
|
||||
@@ -77,7 +77,7 @@ impl BootstrapActor {
|
||||
}
|
||||
|
||||
#[messages]
|
||||
impl BootstrapActor {
|
||||
impl Bootstrapper {
|
||||
#[message]
|
||||
pub fn is_correct_token(&self, token: String) -> bool {
|
||||
match &self.token {
|
||||
|
||||
@@ -29,7 +29,7 @@ use x25519_dalek::{EphemeralSecret, PublicKey};
|
||||
use crate::{
|
||||
ServerContext,
|
||||
actors::{
|
||||
bootstrap::{BootstrapActor, ConsumeToken},
|
||||
bootstrap::{Bootstrapper, ConsumeToken},
|
||||
user_agent::state::{
|
||||
AuthRequestContext, ChallengeContext, DummyContext, UnsealContext, UserAgentEvents,
|
||||
UserAgentStateMachine, UserAgentStates,
|
||||
@@ -49,7 +49,7 @@ pub(crate) use transport::handle_user_agent;
|
||||
#[derive(Actor)]
|
||||
pub struct UserAgentActor {
|
||||
db: db::DatabasePool,
|
||||
bootstapper: ActorRef<BootstrapActor>,
|
||||
bootstapper: ActorRef<Bootstrapper>,
|
||||
state: UserAgentStateMachine<DummyContext>,
|
||||
// will be used in future
|
||||
_tx: Sender<Result<UserAgentResponse, Status>>,
|
||||
@@ -71,7 +71,7 @@ impl UserAgentActor {
|
||||
#[cfg(test)]
|
||||
pub(crate) fn new_manual(
|
||||
db: db::DatabasePool,
|
||||
bootstapper: ActorRef<BootstrapActor>,
|
||||
bootstapper: ActorRef<Bootstrapper>,
|
||||
tx: Sender<Result<UserAgentResponse, Status>>,
|
||||
) -> Self {
|
||||
Self {
|
||||
|
||||
@@ -11,7 +11,7 @@ use kameo::actor::Spawn;
|
||||
|
||||
use crate::{
|
||||
actors::{
|
||||
bootstrap::BootstrapActor,
|
||||
bootstrap::Bootstrapper,
|
||||
user_agent::{HandleAuthChallengeRequest, HandleAuthChallengeSolution},
|
||||
},
|
||||
db::{self, schema},
|
||||
@@ -24,10 +24,10 @@ use super::UserAgentActor;
|
||||
pub async fn test_bootstrap_token_auth() {
|
||||
let db = db::create_test_pool().await;
|
||||
// explicitly not installing any user_agent pubkeys
|
||||
let bootstrapper = BootstrapActor::new(&db).await.unwrap(); // this will create bootstrap token
|
||||
let bootstrapper = Bootstrapper::new(&db).await.unwrap(); // this will create bootstrap token
|
||||
let token = bootstrapper.get_token().unwrap();
|
||||
|
||||
let bootstrapper_ref = BootstrapActor::spawn(bootstrapper);
|
||||
let bootstrapper_ref = Bootstrapper::spawn(bootstrapper);
|
||||
let user_agent = UserAgentActor::new_manual(
|
||||
db.clone(),
|
||||
bootstrapper_ref,
|
||||
@@ -78,9 +78,9 @@ pub async fn test_bootstrap_token_auth() {
|
||||
pub async fn test_bootstrap_invalid_token_auth() {
|
||||
let db = db::create_test_pool().await;
|
||||
// explicitly not installing any user_agent pubkeys
|
||||
let bootstrapper = BootstrapActor::new(&db).await.unwrap(); // this will create bootstrap token
|
||||
let bootstrapper = Bootstrapper::new(&db).await.unwrap(); // this will create bootstrap token
|
||||
|
||||
let bootstrapper_ref = BootstrapActor::spawn(bootstrapper);
|
||||
let bootstrapper_ref = Bootstrapper::spawn(bootstrapper);
|
||||
let user_agent = UserAgentActor::new_manual(
|
||||
db.clone(),
|
||||
bootstrapper_ref,
|
||||
@@ -126,7 +126,7 @@ pub async fn test_bootstrap_invalid_token_auth() {
|
||||
pub async fn test_challenge_auth() {
|
||||
let db = db::create_test_pool().await;
|
||||
|
||||
let bootstrapper_ref = BootstrapActor::spawn(BootstrapActor::new(&db).await.unwrap());
|
||||
let bootstrapper_ref = Bootstrapper::spawn(Bootstrapper::new(&db).await.unwrap());
|
||||
let user_agent = UserAgentActor::new_manual(
|
||||
db.clone(),
|
||||
bootstrapper_ref,
|
||||
|
||||
@@ -4,20 +4,17 @@ use diesel::OptionalExtension as _;
|
||||
use diesel_async::RunQueryDsl as _;
|
||||
use kameo::actor::{ActorRef, Spawn};
|
||||
use miette::Diagnostic;
|
||||
use rand::rngs::StdRng;
|
||||
use smlang::statemachine;
|
||||
use thiserror::Error;
|
||||
use tokio::sync::RwLock;
|
||||
|
||||
use crate::{
|
||||
actors::bootstrap::{self, BootstrapActor}, context::tls::{TlsDataRaw, TlsManager}, db::{
|
||||
self,
|
||||
models::ArbiterSetting,
|
||||
schema::arbiter_settings,
|
||||
}
|
||||
actors::{
|
||||
bootstrap::{self, Bootstrapper},
|
||||
keyholder::KeyHolder,
|
||||
},
|
||||
context::tls::{TlsDataRaw, TlsManager},
|
||||
db::{self, models::ArbiterSetting, schema::arbiter_settings},
|
||||
};
|
||||
|
||||
|
||||
pub mod tls;
|
||||
|
||||
#[derive(Error, Debug, Diagnostic)]
|
||||
@@ -42,41 +39,20 @@ pub enum InitError {
|
||||
#[diagnostic(code(arbiter_server::init::bootstrap_token))]
|
||||
BootstrapToken(#[from] bootstrap::BootstrapError),
|
||||
|
||||
#[error("KeyHolder initialization failed: {0}")]
|
||||
#[diagnostic(code(arbiter_server::init::keyholder_init))]
|
||||
KeyHolder(#[from] crate::actors::keyholder::Error),
|
||||
|
||||
#[error("I/O Error: {0}")]
|
||||
#[diagnostic(code(arbiter_server::init::io))]
|
||||
Io(#[from] std::io::Error),
|
||||
}
|
||||
|
||||
// TODO: Placeholder for secure root key cell implementation
|
||||
pub struct KeyStorage;
|
||||
|
||||
statemachine! {
|
||||
name: Server,
|
||||
transitions: {
|
||||
*NotBootstrapped + Bootstrapped = Sealed,
|
||||
Sealed + Unsealed(KeyStorage) / move_key = Ready(KeyStorage),
|
||||
Ready(KeyStorage) + Sealed / dispose_key = Sealed,
|
||||
}
|
||||
}
|
||||
pub struct _Context;
|
||||
impl ServerStateMachineContext for _Context {
|
||||
fn move_key(&mut self, _event_data: KeyStorage) -> Result<KeyStorage, ()> {
|
||||
todo!()
|
||||
}
|
||||
|
||||
#[allow(missing_docs)]
|
||||
#[allow(clippy::unused_unit)]
|
||||
fn dispose_key(&mut self, _state_data: &KeyStorage) -> Result<(), ()> {
|
||||
todo!()
|
||||
}
|
||||
}
|
||||
|
||||
pub struct _ServerContextInner {
|
||||
pub db: db::DatabasePool,
|
||||
pub state: RwLock<ServerStateMachine<_Context>>,
|
||||
pub rng: StdRng,
|
||||
pub tls: TlsManager,
|
||||
pub bootstrapper: ActorRef<BootstrapActor>,
|
||||
pub bootstrapper: ActorRef<Bootstrapper>,
|
||||
pub keyholder: ActorRef<KeyHolder>,
|
||||
}
|
||||
#[derive(Clone)]
|
||||
pub struct ServerContext(Arc<_ServerContextInner>);
|
||||
@@ -124,7 +100,6 @@ impl ServerContext {
|
||||
|
||||
pub async fn new(db: db::DatabasePool) -> Result<Self, InitError> {
|
||||
let mut conn = db.get().await?;
|
||||
let rng = rand::make_rng();
|
||||
|
||||
let settings = arbiter_settings::table
|
||||
.first::<ArbiterSetting>(&mut conn)
|
||||
@@ -135,21 +110,11 @@ impl ServerContext {
|
||||
|
||||
drop(conn);
|
||||
|
||||
let mut state = ServerStateMachine::new(_Context);
|
||||
|
||||
if let Some(settings) = &settings
|
||||
&& settings.root_key_id.is_some()
|
||||
{
|
||||
// TODO: pass the encrypted root key to the state machine and let it handle decryption and transition to Sealed
|
||||
let _ = state.process_event(ServerEvents::Bootstrapped);
|
||||
}
|
||||
|
||||
Ok(Self(Arc::new(_ServerContextInner {
|
||||
bootstrapper: BootstrapActor::spawn(BootstrapActor::new(&db).await?),
|
||||
bootstrapper: Bootstrapper::spawn(Bootstrapper::new(&db).await?),
|
||||
keyholder: KeyHolder::spawn(KeyHolder::new(db.clone()).await?),
|
||||
db,
|
||||
rng,
|
||||
tls,
|
||||
state: RwLock::new(state),
|
||||
})))
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user