0.4.0 #3
5 changed files with 47 additions and 9 deletions
1
Cargo.lock
generated
1
Cargo.lock
generated
|
@ -100,6 +100,7 @@ version = "0.4.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
"base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
"quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
"seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
|
5
Makefile
5
Makefile
|
@ -8,6 +8,9 @@ release:
|
||||||
|
|
||||||
publish:
|
publish:
|
||||||
podman pull clux/muslrust
|
podman pull clux/muslrust
|
||||||
podman run -v .:/volume --rm -t clux/muslrust cargo build --release
|
podman run -v .:/volume:Z --rm -t clux/muslrust cargo build --release
|
||||||
|
strip target/x86_64-unknown-linux-musl/release/coffer-server
|
||||||
|
strip target/x86_64-unknown-linux-musl/release/coffer-client
|
||||||
|
strip target/x86_64-unknown-linux-musl/release/coffer-companion
|
||||||
|
|
||||||
.PHONY: default release publish
|
.PHONY: default release publish
|
||||||
|
|
|
@ -21,6 +21,7 @@ serde = { version = "^1.0", features = ["derive"]}
|
||||||
serde_cbor = "^0.10"
|
serde_cbor = "^0.10"
|
||||||
toml = "^0.5"
|
toml = "^0.5"
|
||||||
base64 = "^0.11"
|
base64 = "^0.11"
|
||||||
|
hex = "^0.4"
|
||||||
# Key management/Cryptography
|
# Key management/Cryptography
|
||||||
sodiumoxide = "^0.2"
|
sodiumoxide = "^0.2"
|
||||||
seckey = "^0.9"
|
seckey = "^0.9"
|
||||||
|
|
|
@ -8,6 +8,8 @@ use quick_error::quick_error;
|
||||||
use sodiumoxide::crypto::box_;
|
use sodiumoxide::crypto::box_;
|
||||||
use sodiumoxide::crypto::sealedbox;
|
use sodiumoxide::crypto::sealedbox;
|
||||||
|
|
||||||
|
use toml::Value as TomlValue;
|
||||||
|
|
||||||
use crate::certificate::{Certificate, CertificateError};
|
use crate::certificate::{Certificate, CertificateError};
|
||||||
|
|
||||||
quick_error! {
|
quick_error! {
|
||||||
|
@ -18,6 +20,12 @@ quick_error! {
|
||||||
Certificate(err: CertificateError) {
|
Certificate(err: CertificateError) {
|
||||||
from()
|
from()
|
||||||
}
|
}
|
||||||
|
HexDecodeError(err: hex::FromHexError) {
|
||||||
|
from()
|
||||||
|
}
|
||||||
|
IoError(err: std::io::Error) {
|
||||||
|
from()
|
||||||
|
}
|
||||||
Msg(err: &'static str) {
|
Msg(err: &'static str) {
|
||||||
from(err)
|
from(err)
|
||||||
display("{}", err)
|
display("{}", err)
|
||||||
|
@ -50,6 +58,32 @@ impl Keyring {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn add_known_keys_toml(&mut self, toml: &str) -> Result<(), KeyringError> {
|
||||||
|
// parse the string into a toml Table
|
||||||
|
let clients: toml::value::Table = match toml.parse::<TomlValue>().unwrap() {
|
||||||
|
TomlValue::Table(t) => t,
|
||||||
|
_ => panic!{"Invalid secrets file"}
|
||||||
|
};
|
||||||
|
|
||||||
|
for (_k, v) in clients {
|
||||||
|
|
||||||
|
let client = match v {
|
||||||
|
TomlValue::Table(client) => client,
|
||||||
|
_ => panic!{"Invalid secrets file"}
|
||||||
|
};
|
||||||
|
|
||||||
|
match client.get("id") {
|
||||||
|
Some(TomlValue::String(id)) => {
|
||||||
|
let id = id.to_owned();
|
||||||
|
self.add_known_key(&hex::decode(id)?)?;
|
||||||
|
},
|
||||||
|
_ => panic!{"Invalid id, only hex encoded ids supported"}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
pub fn add_known_key(&mut self, key: &[u8]) -> Result<(), KeyringError> {
|
pub fn add_known_key(&mut self, key: &[u8]) -> Result<(), KeyringError> {
|
||||||
let public_key = box_::PublicKey::from_slice(key)
|
let public_key = box_::PublicKey::from_slice(key)
|
||||||
.ok_or(KeyringError::InvalidClientKey)?;
|
.ok_or(KeyringError::InvalidClientKey)?;
|
||||||
|
|
|
@ -33,9 +33,6 @@ struct Args {
|
||||||
/// Address, the coffer server should bind to
|
/// Address, the coffer server should bind to
|
||||||
#[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "127.0.0.1:9187")]
|
#[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "127.0.0.1:9187")]
|
||||||
address: SocketAddr,
|
address: SocketAddr,
|
||||||
|
|
||||||
#[structopt(long, parse(from_os_str))]
|
|
||||||
client: PathBuf
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
|
@ -45,20 +42,22 @@ async fn main() {
|
||||||
|
|
||||||
_print_banner();
|
_print_banner();
|
||||||
|
|
||||||
|
// create keyring from server certificate
|
||||||
let mut keyring = Keyring::new_from_path(&args.certificate);
|
let mut keyring = Keyring::new_from_path(&args.certificate);
|
||||||
|
|
||||||
// read in client key
|
|
||||||
let mut client_key = Vec::new();
|
|
||||||
File::open(&args.client).unwrap().read_to_end(&mut client_key).unwrap();
|
|
||||||
keyring.add_known_key(&client_key).unwrap();
|
|
||||||
|
|
||||||
// decrypt secrets file and put into coffer
|
// decrypt secrets file and put into coffer
|
||||||
let mut secrets_file = File::open(&args.secrets).unwrap();
|
let mut secrets_file = File::open(&args.secrets).unwrap();
|
||||||
let mut secrets_buf = Vec::new();
|
let mut secrets_buf = Vec::new();
|
||||||
secrets_file.read_to_end(&mut secrets_buf).unwrap();
|
secrets_file.read_to_end(&mut secrets_buf).unwrap();
|
||||||
let secrets_buf_clear = String::from_utf8(keyring.open(&secrets_buf).unwrap()).unwrap();
|
let secrets_buf_clear = String::from_utf8(keyring.open(&secrets_buf).unwrap()).unwrap();
|
||||||
|
|
||||||
|
// read known client ids from secrets file
|
||||||
|
keyring.add_known_keys_toml(&secrets_buf_clear).unwrap();
|
||||||
|
|
||||||
|
// read secrets from secrets file
|
||||||
let coffer = CofferMap::from_toml(&secrets_buf_clear);
|
let coffer = CofferMap::from_toml(&secrets_buf_clear);
|
||||||
|
|
||||||
|
// start server
|
||||||
let server = Server::new(keyring, coffer);
|
let server = Server::new(keyring, coffer);
|
||||||
server.run(args.address).await;
|
server.run(args.address).await;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue