// Copyright 2015-2017 Parity Technologies (UK) Ltd. // This file is part of Parity. // Parity is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // Parity is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with Parity. If not, see . use std::collections::BTreeMap; use std::sync::Arc; use dir::default_data_path; use ethcore::account_provider::AccountProvider; use ethcore::client::Client; use ethkey::{Secret, Public}; use helpers::replace_home; use util::Address; #[derive(Debug, PartialEq, Clone)] /// This node secret key. pub enum NodeSecretKey { /// Stored as plain text in configuration file. Plain(Secret), /// Stored as account in key store. KeyStore(Address), } #[derive(Debug, PartialEq, Clone)] /// Secret store configuration pub struct Configuration { /// Is secret store functionality enabled? pub enabled: bool, /// This node secret. pub self_secret: Option, /// Other nodes IDs + addresses. pub nodes: BTreeMap, /// Interface to listen to pub interface: String, /// Port to listen to pub port: u16, /// Interface to listen to pub http_interface: String, /// Port to listen to pub http_port: u16, /// Data directory path for secret store pub data_path: String, } /// Secret store dependencies pub struct Dependencies<'a> { /// Blockchain client. pub client: Arc, /// Account provider. pub account_provider: Arc, /// Passed accounts passwords. pub accounts_passwords: &'a [String], } #[cfg(not(feature = "secretstore"))] mod server { use super::{Configuration, Dependencies}; /// Noop key server implementation pub struct KeyServer; impl KeyServer { /// Create new noop key server pub fn new(_conf: Configuration, _deps: Dependencies) -> Result { Ok(KeyServer) } } } #[cfg(feature="secretstore")] mod server { use std::sync::Arc; use ethcore_secretstore; use ethkey::KeyPair; use super::{Configuration, Dependencies, NodeSecretKey}; /// Key server pub struct KeyServer { _key_server: Box, } impl KeyServer { /// Create new key server pub fn new(mut conf: Configuration, deps: Dependencies) -> Result { let self_secret: Arc = match conf.self_secret.take() { Some(NodeSecretKey::Plain(secret)) => Arc::new(ethcore_secretstore::PlainNodeKeyPair::new( KeyPair::from_secret(secret).map_err(|e| format!("invalid secret: {}", e))?)), Some(NodeSecretKey::KeyStore(account)) => { // Check if account exists if !deps.account_provider.has_account(account.clone()).unwrap_or(false) { return Err(format!("Account {} passed as secret store node key is not found", account)); } // Check if any passwords have been read from the password file(s) if deps.accounts_passwords.is_empty() { return Err(format!("No password found for the secret store node account {}", account)); } // Attempt to sign in the engine signer. let password = deps.accounts_passwords.iter() .find(|p| deps.account_provider.sign(account.clone(), Some((*p).clone()), Default::default()).is_ok()) .ok_or(format!("No valid password for the secret store node account {}", account))?; Arc::new(ethcore_secretstore::KeyStoreNodeKeyPair::new(deps.account_provider, account, password.clone()) .map_err(|e| format!("{}", e))?) }, None => return Err("self secret is required when using secretstore".into()), }; let mut conf = ethcore_secretstore::ServiceConfiguration { listener_address: ethcore_secretstore::NodeAddress { address: conf.http_interface.clone(), port: conf.http_port, }, data_path: conf.data_path.clone(), cluster_config: ethcore_secretstore::ClusterConfiguration { threads: 4, listener_address: ethcore_secretstore::NodeAddress { address: conf.interface.clone(), port: conf.port, }, nodes: conf.nodes.into_iter().map(|(p, (ip, port))| (p, ethcore_secretstore::NodeAddress { address: ip, port: port, })).collect(), allow_connecting_to_higher_nodes: true, }, }; conf.cluster_config.nodes.insert(self_secret.public().clone(), conf.cluster_config.listener_address.clone()); let key_server = ethcore_secretstore::start(deps.client, self_secret, conf) .map_err(Into::::into)?; Ok(KeyServer { _key_server: key_server, }) } } } pub use self::server::KeyServer; impl Default for Configuration { fn default() -> Self { let data_dir = default_data_path(); Configuration { enabled: true, self_secret: None, nodes: BTreeMap::new(), interface: "127.0.0.1".to_owned(), port: 8083, http_interface: "127.0.0.1".to_owned(), http_port: 8082, data_path: replace_home(&data_dir, "$BASE/secretstore"), } } } /// Start secret store-related functionality pub fn start(conf: Configuration, deps: Dependencies) -> Result, String> { if !conf.enabled { return Ok(None); } KeyServer::new(conf, deps) .map(|s| Some(s)) }