D8538.diff
No OneTemporary
Actions

Size

8 KB

Referenced Files

None

Subscribers

None

D8538.diff
View Options

	diff --git a/keyserver/addons/rust-node-addon/Cargo.lock b/keyserver/addons/rust-node-addon/Cargo.lock
	--- a/keyserver/addons/rust-node-addon/Cargo.lock
	+++ b/keyserver/addons/rust-node-addon/Cargo.lock
	@@ -19,6 +19,28 @@
	"password-hash",
	]

	+[[package]]
	+name = "async-stream"
	+version = "0.3.5"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "cd56dd203fef61ac097dd65721a419ddccb106b2d2b70ba60a6b529f03961a51"
	+dependencies = [
	+ "async-stream-impl",
	+ "futures-core",
	+ "pin-project-lite",
	+]
	+
	+[[package]]
	+name = "async-stream-impl"
	+version = "0.3.5"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
	+dependencies = [
	+ "proc-macro2",
	+ "quote",
	+ "syn 2.0.15",
	+]
	+
	[[package]]
	name = "async-trait"
	version = "0.1.68"
	@@ -141,6 +163,12 @@
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be"

	+[[package]]
	+name = "cc"
	+version = "1.0.79"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
	+
	[[package]]
	name = "cfg-if"
	version = "1.0.0"
	@@ -618,6 +646,15 @@
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"

	+[[package]]
	+name = "js-sys"
	+version = "0.3.61"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
	+dependencies = [
	+ "wasm-bindgen",
	+]
	+
	[[package]]
	name = "lazy_static"
	version = "1.4.0"
	@@ -1045,6 +1082,21 @@
	"winapi",
	]

	+[[package]]
	+name = "ring"
	+version = "0.16.20"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
	+dependencies = [
	+ "cc",
	+ "libc",
	+ "once_cell",
	+ "spin",
	+ "untrusted",
	+ "web-sys",
	+ "winapi",
	+]
	+
	[[package]]
	name = "rust-node-addon"
	version = "0.1.0"
	@@ -1067,6 +1119,37 @@
	"tracing-subscriber",
	]

	+[[package]]
	+name = "rustls"
	+version = "0.21.2"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "e32ca28af694bc1bbf399c33a516dbdf1c90090b8ab23c2bc24f834aa2247f5f"
	+dependencies = [
	+ "log",
	+ "ring",
	+ "rustls-webpki",
	+ "sct",
	+]
	+
	+[[package]]
	+name = "rustls-pemfile"
	+version = "1.0.3"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2"
	+dependencies = [
	+ "base64",
	+]
	+
	+[[package]]
	+name = "rustls-webpki"
	+version = "0.100.1"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
	+dependencies = [
	+ "ring",
	+ "untrusted",
	+]
	+
	[[package]]
	name = "rustversion"
	version = "1.0.11"
	@@ -1079,6 +1162,16 @@
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"

	+[[package]]
	+name = "sct"
	+version = "0.7.0"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
	+dependencies = [
	+ "ring",
	+ "untrusted",
	+]
	+
	[[package]]
	name = "sec1"
	version = "0.3.0"
	@@ -1168,6 +1261,12 @@
	"winapi",
	]

	+[[package]]
	+name = "spin"
	+version = "0.5.2"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
	+
	[[package]]
	name = "subtle"
	version = "2.4.1"
	@@ -1277,6 +1376,16 @@
	"syn 1.0.107",
	]

	+[[package]]
	+name = "tokio-rustls"
	+version = "0.24.1"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
	+dependencies = [
	+ "rustls",
	+ "tokio",
	+]
	+
	[[package]]
	name = "tokio-stream"
	version = "0.1.12"
	@@ -1308,6 +1417,7 @@
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a"
	dependencies = [
	+ "async-stream",
	"async-trait",
	"axum",
	"base64",
	@@ -1322,7 +1432,9 @@
	"percent-encoding",
	"pin-project",
	"prost",
	+ "rustls-pemfile",
	"tokio",
	+ "tokio-rustls",
	"tokio-stream",
	"tower",
	"tower-layer",
	@@ -1467,6 +1579,12 @@
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"

	+[[package]]
	+name = "untrusted"
	+version = "0.7.1"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
	+
	[[package]]
	name = "valuable"
	version = "0.1.0"
	@@ -1568,6 +1686,16 @@
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"

	+[[package]]
	+name = "web-sys"
	+version = "0.3.61"
	+source = "registry+https://github.com/rust-lang/crates.io-index"
	+checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
	+dependencies = [
	+ "js-sys",
	+ "wasm-bindgen",
	+]
	+
	[[package]]
	name = "which"
	version = "4.4.0"
	diff --git a/keyserver/addons/rust-node-addon/Cargo.toml b/keyserver/addons/rust-node-addon/Cargo.toml
	--- a/keyserver/addons/rust-node-addon/Cargo.toml
	+++ b/keyserver/addons/rust-node-addon/Cargo.toml
	@@ -16,7 +16,7 @@
	napi-derive = { version = "2.9.1", default-features = false }
	opaque-ke = "1.2"
	rand = "0.8"
	-tonic = "0.9.1"
	+tonic = { version = "0.9.1", features = ["tls"]}
	tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
	tokio-stream = "0.1"
	tracing = "0.1"
	diff --git a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
	--- a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
	+++ b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
	@@ -16,6 +16,8 @@
	use napi::bindgen_prelude::*;
	use serde::{Deserialize, Serialize};
	use std::env::var;
	+use std::path::Path;
	+use tonic::transport::{Certificate, ClientTlsConfig};
	use tonic::{transport::Channel, Request};
	use tracing::{self, info, instrument, warn, Level};
	use tracing_subscriber::EnvFilter;
	@@ -40,6 +42,23 @@
	};
	}

	+const CERT_PATHS: &'static [&'static str] = &[
	+ // MacOS and newer Ubuntu
	+ "/etc/ssl/cert.pem",
	+ // Common CA cert paths
	+ "/etc/ssl/certs/ca-bundle.crt",
	+ "/etc/ssl/certs/ca-certificates.crt",
	+];
	+
	+pub fn get_ca_cert_contents() -> Option<String> {
	+ CERT_PATHS
	+ .iter()
	+ .map(Path::new)
	+ .filter(\|p\| p.exists())
	+ .filter_map(\|f\| std::fs::read_to_string(f).ok())
	+ .next()
	+}
	+
	#[derive(Serialize, Deserialize)]
	#[serde(rename_all = "camelCase")]
	struct IdentityServiceConfig {
	@@ -50,22 +69,39 @@
	fn default() -> Self {
	info!("Using default identity configuration");
	Self {
	- identity_socket_addr: "https://[::1]:50054".to_string(),
	+ identity_socket_addr: "http://[::1]:50054".to_string(),
	}
	}
	}

	async fn get_identity_service_channel() -> Result<Channel> {
	+ let ca_cert = get_ca_cert_contents().expect("Unable to get CA bundle");
	+
	info!("Connecting to identity service");
	- Channel::from_static(&IDENTITY_SERVICE_CONFIG.identity_socket_addr)
	- .connect()
	- .await
	- .map_err(\|_\| {
	- Error::new(
	- Status::GenericFailure,
	- "Unable to connect to identity service".to_string(),
	+
	+ let mut channel =
	+ Channel::from_static(&IDENTITY_SERVICE_CONFIG.identity_socket_addr);
	+
	+ // tls_config will fail if the underlying URI is only http://
	+ if IDENTITY_SERVICE_CONFIG
	+ .identity_socket_addr
	+ .starts_with("https:")
	+ {
	+ channel = channel
	+ .tls_config(
	+ ClientTlsConfig::new().ca_certificate(Certificate::from_pem(&ca_cert)),
	)
	- })
	+ .map_err(\|_\| {
	+ Error::new(Status::GenericFailure, "TLS configure failed")
	+ })?;
	+ }
	+
	+ channel.connect().await.map_err(\|_\| {
	+ Error::new(
	+ Status::GenericFailure,
	+ "Unable to connect to identity service".to_string(),
	+ )
	+ })
	}

	#[napi(object)]

File Metadata

Mime Type: text/plain
Expires: Fri, Nov 29, 6:48 PM (20 h, 59 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2597817
Default Alt Text: D8538.diff (8 KB)

D8538.diffNo OneTemporaryActions

D8538.diffView Options

File Metadata

Event Timeline

D8538.diff
No OneTemporary
Actions

D8538.diff
View Options