[server] Read known client ids from secrets file
Remove explicit client id file
This commit is contained in:
parent
ba74599fa2
commit
e5032b33eb
5 changed files with 47 additions and 9 deletions
1
Cargo.lock
generated
1
Cargo.lock
generated
|
@ -100,6 +100,7 @@ version = "0.4.0"
|
|||
dependencies = [
|
||||
"base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
|
|
5
Makefile
5
Makefile
|
@ -8,6 +8,9 @@ release:
|
|||
|
||||
publish:
|
||||
podman pull clux/muslrust
|
||||
podman run -v .:/volume --rm -t clux/muslrust cargo build --release
|
||||
podman run -v .:/volume:Z --rm -t clux/muslrust cargo build --release
|
||||
strip target/x86_64-unknown-linux-musl/release/coffer-server
|
||||
strip target/x86_64-unknown-linux-musl/release/coffer-client
|
||||
strip target/x86_64-unknown-linux-musl/release/coffer-companion
|
||||
|
||||
.PHONY: default release publish
|
||||
|
|
|
@ -21,6 +21,7 @@ serde = { version = "^1.0", features = ["derive"]}
|
|||
serde_cbor = "^0.10"
|
||||
toml = "^0.5"
|
||||
base64 = "^0.11"
|
||||
hex = "^0.4"
|
||||
# Key management/Cryptography
|
||||
sodiumoxide = "^0.2"
|
||||
seckey = "^0.9"
|
||||
|
|
|
@ -8,6 +8,8 @@ use quick_error::quick_error;
|
|||
use sodiumoxide::crypto::box_;
|
||||
use sodiumoxide::crypto::sealedbox;
|
||||
|
||||
use toml::Value as TomlValue;
|
||||
|
||||
use crate::certificate::{Certificate, CertificateError};
|
||||
|
||||
quick_error! {
|
||||
|
@ -18,6 +20,12 @@ quick_error! {
|
|||
Certificate(err: CertificateError) {
|
||||
from()
|
||||
}
|
||||
HexDecodeError(err: hex::FromHexError) {
|
||||
from()
|
||||
}
|
||||
IoError(err: std::io::Error) {
|
||||
from()
|
||||
}
|
||||
Msg(err: &'static str) {
|
||||
from(err)
|
||||
display("{}", err)
|
||||
|
@ -50,6 +58,32 @@ impl Keyring {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn add_known_keys_toml(&mut self, toml: &str) -> Result<(), KeyringError> {
|
||||
// parse the string into a toml Table
|
||||
let clients: toml::value::Table = match toml.parse::<TomlValue>().unwrap() {
|
||||
TomlValue::Table(t) => t,
|
||||
_ => panic!{"Invalid secrets file"}
|
||||
};
|
||||
|
||||
for (_k, v) in clients {
|
||||
|
||||
let client = match v {
|
||||
TomlValue::Table(client) => client,
|
||||
_ => panic!{"Invalid secrets file"}
|
||||
};
|
||||
|
||||
match client.get("id") {
|
||||
Some(TomlValue::String(id)) => {
|
||||
let id = id.to_owned();
|
||||
self.add_known_key(&hex::decode(id)?)?;
|
||||
},
|
||||
_ => panic!{"Invalid id, only hex encoded ids supported"}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn add_known_key(&mut self, key: &[u8]) -> Result<(), KeyringError> {
|
||||
let public_key = box_::PublicKey::from_slice(key)
|
||||
.ok_or(KeyringError::InvalidClientKey)?;
|
||||
|
|
|
@ -33,9 +33,6 @@ struct Args {
|
|||
/// Address, the coffer server should bind to
|
||||
#[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "127.0.0.1:9187")]
|
||||
address: SocketAddr,
|
||||
|
||||
#[structopt(long, parse(from_os_str))]
|
||||
client: PathBuf
|
||||
}
|
||||
|
||||
#[tokio::main]
|
||||
|
@ -45,20 +42,22 @@ async fn main() {
|
|||
|
||||
_print_banner();
|
||||
|
||||
// create keyring from server certificate
|
||||
let mut keyring = Keyring::new_from_path(&args.certificate);
|
||||
|
||||
// read in client key
|
||||
let mut client_key = Vec::new();
|
||||
File::open(&args.client).unwrap().read_to_end(&mut client_key).unwrap();
|
||||
keyring.add_known_key(&client_key).unwrap();
|
||||
|
||||
// decrypt secrets file and put into coffer
|
||||
let mut secrets_file = File::open(&args.secrets).unwrap();
|
||||
let mut secrets_buf = Vec::new();
|
||||
secrets_file.read_to_end(&mut secrets_buf).unwrap();
|
||||
let secrets_buf_clear = String::from_utf8(keyring.open(&secrets_buf).unwrap()).unwrap();
|
||||
|
||||
// read known client ids from secrets file
|
||||
keyring.add_known_keys_toml(&secrets_buf_clear).unwrap();
|
||||
|
||||
// read secrets from secrets file
|
||||
let coffer = CofferMap::from_toml(&secrets_buf_clear);
|
||||
|
||||
// start server
|
||||
let server = Server::new(keyring, coffer);
|
||||
server.run(args.address).await;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue