243 lines
7.3 KiB
Rust
243 lines
7.3 KiB
Rust
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
|
|
// This file is part of Parity.
|
|
|
|
// Parity is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
|
|
// Parity is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
use std::fmt;
|
|
use std::io;
|
|
use std::net;
|
|
use std::collections::BTreeMap;
|
|
use serde_json;
|
|
|
|
use {ethkey, kvdb, bytes, ethereum_types, key_server_cluster};
|
|
|
|
/// Node id.
|
|
pub type NodeId = ethkey::Public;
|
|
/// Server key id. When key is used to encrypt document, it could be document contents hash.
|
|
pub type ServerKeyId = ethereum_types::H256;
|
|
/// Encrypted document key type.
|
|
pub type EncryptedDocumentKey = bytes::Bytes;
|
|
/// Message hash.
|
|
pub type MessageHash = ethereum_types::H256;
|
|
/// Message signature.
|
|
pub type EncryptedMessageSignature = bytes::Bytes;
|
|
/// Request signature type.
|
|
pub type RequestSignature = ethkey::Signature;
|
|
/// Public key type.
|
|
pub use ethkey::Public;
|
|
|
|
/// Secret store error
|
|
#[derive(Debug, PartialEq)]
|
|
pub enum Error {
|
|
/// Insufficient requester data
|
|
InsufficientRequesterData(String),
|
|
/// Access to resource is denied
|
|
AccessDenied,
|
|
/// Requested document not found
|
|
DocumentNotFound,
|
|
/// Hyper error
|
|
Hyper(String),
|
|
/// Serialization/deserialization error
|
|
Serde(String),
|
|
/// Database-related error
|
|
Database(String),
|
|
/// Internal error
|
|
Internal(String),
|
|
}
|
|
|
|
/// Secret store configuration
|
|
#[derive(Debug, Clone)]
|
|
pub struct NodeAddress {
|
|
/// IP address.
|
|
pub address: String,
|
|
/// IP port.
|
|
pub port: u16,
|
|
}
|
|
|
|
/// Contract address.
|
|
#[derive(Debug, Clone)]
|
|
pub enum ContractAddress {
|
|
/// Address is read from registry.
|
|
Registry,
|
|
/// Address is specified.
|
|
Address(ethkey::Address),
|
|
}
|
|
|
|
/// Secret store configuration
|
|
#[derive(Debug)]
|
|
pub struct ServiceConfiguration {
|
|
/// HTTP listener address. If None, HTTP API is disabled.
|
|
pub listener_address: Option<NodeAddress>,
|
|
/// Service contract address.
|
|
pub service_contract_address: Option<ContractAddress>,
|
|
/// Server key generation service contract address.
|
|
pub service_contract_srv_gen_address: Option<ContractAddress>,
|
|
/// Server key retrieval service contract address.
|
|
pub service_contract_srv_retr_address: Option<ContractAddress>,
|
|
/// Document key store service contract address.
|
|
pub service_contract_doc_store_address: Option<ContractAddress>,
|
|
/// Document key shadow retrieval service contract address.
|
|
pub service_contract_doc_sretr_address: Option<ContractAddress>,
|
|
/// Is ACL check enabled. If false, everyone has access to all keys. Useful for tests only.
|
|
pub acl_check_enabled: bool,
|
|
/// Data directory path for secret store
|
|
pub data_path: String,
|
|
/// Cluster configuration.
|
|
pub cluster_config: ClusterConfiguration,
|
|
}
|
|
|
|
/// Key server cluster configuration
|
|
#[derive(Debug)]
|
|
pub struct ClusterConfiguration {
|
|
/// Number of threads reserved by cluster.
|
|
pub threads: usize,
|
|
/// This node address.
|
|
pub listener_address: NodeAddress,
|
|
/// All cluster nodes addresses.
|
|
pub nodes: BTreeMap<ethkey::Public, NodeAddress>,
|
|
/// Allow outbound connections to 'higher' nodes.
|
|
/// This is useful for tests, but slower a bit for production.
|
|
pub allow_connecting_to_higher_nodes: bool,
|
|
/// Administrator public key.
|
|
pub admin_public: Option<Public>,
|
|
/// Should key servers set change session should be started when servers set changes.
|
|
/// This will only work when servers set is configured using KeyServerSet contract.
|
|
pub auto_migrate_enabled: bool,
|
|
}
|
|
|
|
/// Shadow decryption result.
|
|
#[derive(Clone, Debug, PartialEq)]
|
|
pub struct EncryptedDocumentKeyShadow {
|
|
/// Decrypted secret point. It is partially decrypted if shadow decrpytion was requested.
|
|
pub decrypted_secret: ethkey::Public,
|
|
/// Shared common point.
|
|
pub common_point: Option<ethkey::Public>,
|
|
/// If shadow decryption was requested: shadow decryption coefficients, encrypted with requestor public.
|
|
pub decrypt_shadows: Option<Vec<Vec<u8>>>,
|
|
}
|
|
|
|
/// Requester identification data.
|
|
#[derive(Debug, Clone)]
|
|
pub enum Requester {
|
|
/// Requested with server key id signature.
|
|
Signature(ethkey::Signature),
|
|
/// Requested with public key.
|
|
Public(ethkey::Public),
|
|
/// Requested with verified address.
|
|
Address(ethereum_types::Address),
|
|
}
|
|
|
|
impl fmt::Display for Error {
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
|
|
match *self {
|
|
Error::InsufficientRequesterData(ref e) => write!(f, "Insufficient requester data: {}", e),
|
|
Error::AccessDenied => write!(f, "Access dened"),
|
|
Error::DocumentNotFound => write!(f, "Document not found"),
|
|
Error::Hyper(ref msg) => write!(f, "Hyper error: {}", msg),
|
|
Error::Serde(ref msg) => write!(f, "Serialization error: {}", msg),
|
|
Error::Database(ref msg) => write!(f, "Database error: {}", msg),
|
|
Error::Internal(ref msg) => write!(f, "Internal error: {}", msg),
|
|
}
|
|
}
|
|
}
|
|
|
|
impl From<serde_json::Error> for Error {
|
|
fn from(err: serde_json::Error) -> Self {
|
|
Error::Serde(err.to_string())
|
|
}
|
|
}
|
|
|
|
impl From<ethkey::Error> for Error {
|
|
fn from(err: ethkey::Error) -> Self {
|
|
Error::Internal(err.into())
|
|
}
|
|
}
|
|
|
|
impl From<io::Error> for Error {
|
|
fn from(err: io::Error) -> Error {
|
|
Error::Internal(err.to_string())
|
|
}
|
|
}
|
|
|
|
impl From<net::AddrParseError> for Error {
|
|
fn from(err: net::AddrParseError) -> Error {
|
|
Error::Internal(err.to_string())
|
|
}
|
|
}
|
|
|
|
impl From<kvdb::Error> for Error {
|
|
fn from(err: kvdb::Error) -> Self {
|
|
Error::Database(err.to_string())
|
|
}
|
|
}
|
|
|
|
impl From<key_server_cluster::Error> for Error {
|
|
fn from(err: key_server_cluster::Error) -> Self {
|
|
match err {
|
|
key_server_cluster::Error::InsufficientRequesterData(err)
|
|
=> Error::InsufficientRequesterData(err),
|
|
key_server_cluster::Error::ConsensusUnreachable
|
|
| key_server_cluster::Error::AccessDenied => Error::AccessDenied,
|
|
key_server_cluster::Error::MissingKeyShare => Error::DocumentNotFound,
|
|
_ => Error::Internal(err.into()),
|
|
}
|
|
}
|
|
}
|
|
|
|
impl Into<String> for Error {
|
|
fn into(self) -> String {
|
|
format!("{}", self)
|
|
}
|
|
}
|
|
|
|
impl Default for Requester {
|
|
fn default() -> Self {
|
|
Requester::Signature(Default::default())
|
|
}
|
|
}
|
|
|
|
impl Requester {
|
|
pub fn public(&self, server_key_id: &ServerKeyId) -> Result<Public, String> {
|
|
match *self {
|
|
Requester::Signature(ref signature) => ethkey::recover(signature, server_key_id)
|
|
.map_err(|e| format!("bad signature: {}", e)),
|
|
Requester::Public(ref public) => Ok(public.clone()),
|
|
Requester::Address(_) => Err("cannot recover public from address".into()),
|
|
}
|
|
}
|
|
|
|
pub fn address(&self, server_key_id: &ServerKeyId) -> Result<ethkey::Address, String> {
|
|
self.public(server_key_id)
|
|
.map(|p| ethkey::public_to_address(&p))
|
|
}
|
|
}
|
|
|
|
impl From<ethkey::Signature> for Requester {
|
|
fn from(signature: ethkey::Signature) -> Requester {
|
|
Requester::Signature(signature)
|
|
}
|
|
}
|
|
|
|
impl From<ethereum_types::Public> for Requester {
|
|
fn from(public: ethereum_types::Public) -> Requester {
|
|
Requester::Public(public)
|
|
}
|
|
}
|
|
|
|
impl From<ethereum_types::Address> for Requester {
|
|
fn from(address: ethereum_types::Address) -> Requester {
|
|
Requester::Address(address)
|
|
}
|
|
}
|