f328f3fa9e
* Squashing all the changes initial router started expanding the API initial empty openapi/swagger populated build-info endpoint wip: populating rest of swagger missing swagger data + using closure capture for immutable state running the api as a proper task in gateway 'run' fixing some version/feature clashes refactored routes structures initial host information endpoint expanded on gateway-related endpoints signing host information moved all models to separate crate unified http api client routes unification + node api client new generic cache and refresher nym-api caching node self described information removed old cache type temporarily wired up NymContractCache to NodeDescriptionProvider caching self reported host info clients using self-described gateway information fixed request timeouts for wasm fixed wasm builds post rebase fixes cargo fmt brought in wg routes into nym-node router added ErrorResponse for wireguard routes basic swagger support for wg endpoints turns out swagger can be happy with strongly typed requests output type support for wg routes using concrete error type for nym node request error fixed the registration test landing page configurability increased configurability fixed build and lints of other crates added default user-agent to http-api-client reduced severity of gateway details lookup failure changed default http port from 80 to 8080 nym-api using new default port for queries added health endpoint nym-api trying multiple ports for the client using camelcase for node status corrected health endpoint description restored and revamped 'force_tls' flag to filter all gateways that support the wss protocol fixed 'pub_key' path param in open api schema derived Debug on 'NymNodeDescription' ensuring valid public ips added init and run flags to set hostname and public ips fixed listening address being pushed to public ip fixed the positional local flag logging remote ip address of the request updated helper function to query for described gateways enabled tls in gateway client removed hack-opts from mix fetch additional changes after rebasing against origin/develop * clippy * wasm-related target locking * more clippy, but this time in tests
116 lines
3.2 KiB
Rust
116 lines
3.2 KiB
Rust
// Copyright 2021-2023 - Nym Technologies SA <contact@nymtech.net>
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
use crate::traits::{PemStorableKey, PemStorableKeyPair};
|
|
use pem::{self, Pem};
|
|
use std::fs::File;
|
|
use std::io::{self, Read, Write};
|
|
use std::path::{Path, PathBuf};
|
|
|
|
pub mod traits;
|
|
|
|
#[derive(Debug)]
|
|
pub struct KeyPairPath {
|
|
pub private_key_path: PathBuf,
|
|
pub public_key_path: PathBuf,
|
|
}
|
|
|
|
impl KeyPairPath {
|
|
pub fn new<P: AsRef<Path>>(private_key_path: P, public_key_path: P) -> Self {
|
|
KeyPairPath {
|
|
private_key_path: private_key_path.as_ref().to_owned(),
|
|
public_key_path: public_key_path.as_ref().to_owned(),
|
|
}
|
|
}
|
|
}
|
|
|
|
pub fn load_keypair<T>(paths: &KeyPairPath) -> io::Result<T>
|
|
where
|
|
T: PemStorableKeyPair,
|
|
{
|
|
let private: T::PrivatePemKey = load_key(&paths.private_key_path)?;
|
|
let public: T::PublicPemKey = load_key(&paths.public_key_path)?;
|
|
Ok(T::from_keys(private, public))
|
|
}
|
|
|
|
pub fn store_keypair<T>(keypair: &T, paths: &KeyPairPath) -> io::Result<()>
|
|
where
|
|
T: PemStorableKeyPair,
|
|
{
|
|
store_key(keypair.public_key(), &paths.public_key_path)?;
|
|
store_key(keypair.private_key(), &paths.private_key_path)
|
|
}
|
|
|
|
pub fn load_key<T, P>(path: P) -> io::Result<T>
|
|
where
|
|
T: PemStorableKey,
|
|
P: AsRef<Path>,
|
|
{
|
|
let key_pem = read_pem_file(path)?;
|
|
|
|
if T::pem_type() != key_pem.tag {
|
|
return Err(io::Error::new(
|
|
io::ErrorKind::Other,
|
|
format!(
|
|
"unexpected key pem tag. Got '{}', expected: '{}'",
|
|
key_pem.tag,
|
|
T::pem_type()
|
|
),
|
|
));
|
|
}
|
|
|
|
let key = match T::from_bytes(&key_pem.contents) {
|
|
Ok(key) => key,
|
|
Err(err) => return Err(io::Error::new(io::ErrorKind::InvalidData, err.to_string())),
|
|
};
|
|
|
|
Ok(key)
|
|
}
|
|
|
|
pub fn store_key<T, P>(key: &T, path: P) -> io::Result<()>
|
|
where
|
|
T: PemStorableKey,
|
|
P: AsRef<Path>,
|
|
{
|
|
write_pem_file(path, key.to_bytes(), T::pem_type())
|
|
}
|
|
|
|
fn read_pem_file<P: AsRef<Path>>(filepath: P) -> io::Result<Pem> {
|
|
let mut pem_bytes = File::open(filepath)?;
|
|
let mut buf = Vec::new();
|
|
pem_bytes.read_to_end(&mut buf)?;
|
|
pem::parse(&buf).map_err(|e| io::Error::new(io::ErrorKind::Other, e))
|
|
}
|
|
|
|
fn write_pem_file<P: AsRef<Path>>(filepath: P, data: Vec<u8>, tag: &str) -> io::Result<()> {
|
|
// ensure the whole directory structure exists
|
|
if let Some(parent_dir) = filepath.as_ref().parent() {
|
|
std::fs::create_dir_all(parent_dir)?;
|
|
}
|
|
let pem = Pem {
|
|
tag: tag.to_string(),
|
|
contents: data,
|
|
};
|
|
let key = pem::encode(&pem);
|
|
|
|
let mut file = File::create(filepath.as_ref())?;
|
|
file.write_all(key.as_bytes())?;
|
|
|
|
// note: this is only supported on unix (on different systems, like Windows, it will just
|
|
// be ignored)
|
|
// TODO: a possible consideration would be to use `permission.set_readonly(true)`,
|
|
// which would work on both platforms, but that would leave keys on unix with 0444,
|
|
// which I feel is too open.
|
|
#[cfg(target_family = "unix")]
|
|
{
|
|
use std::fs;
|
|
use std::os::unix::fs::PermissionsExt;
|
|
|
|
let mut permissions = file.metadata()?.permissions();
|
|
permissions.set_mode(0o600);
|
|
fs::set_permissions(filepath, permissions)?;
|
|
}
|
|
|
|
Ok(())
|
|
}
|