mirror of
https://github.com/postmannen/ctrl.git
synced 2025-01-18 21:59:30 +00:00
renamed keys to pki
This commit is contained in:
parent
e9b1829f56
commit
6cf3bac506
3 changed files with 51 additions and 51 deletions
|
@ -15,21 +15,21 @@ import (
|
||||||
type centralAuth struct {
|
type centralAuth struct {
|
||||||
// schema map[Node]map[argsString]signatureBase32
|
// schema map[Node]map[argsString]signatureBase32
|
||||||
authorization *authorization
|
authorization *authorization
|
||||||
keys *keys
|
pki *pki
|
||||||
}
|
}
|
||||||
|
|
||||||
// newCentralAuth will return a new and prepared *centralAuth
|
// newCentralAuth will return a new and prepared *centralAuth
|
||||||
func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth {
|
func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth {
|
||||||
c := centralAuth{
|
c := centralAuth{
|
||||||
authorization: newAuthorization(),
|
authorization: newAuthorization(),
|
||||||
keys: newKeys(configuration, errorKernel),
|
pki: newPKI(configuration, errorKernel),
|
||||||
}
|
}
|
||||||
|
|
||||||
return &c
|
return &c
|
||||||
}
|
}
|
||||||
|
|
||||||
type keys struct {
|
type pki struct {
|
||||||
NodePublicKeys *nodePublicKeys
|
nodeKeysAndHash *nodeKeysAndHash
|
||||||
nodeNotAckedPublicKeys *nodeNotAckedPublicKeys
|
nodeNotAckedPublicKeys *nodeNotAckedPublicKeys
|
||||||
configuration *Configuration
|
configuration *Configuration
|
||||||
db *bolt.DB
|
db *bolt.DB
|
||||||
|
@ -38,10 +38,10 @@ type keys struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// newKeys will return a prepared *keys with input values set.
|
// newKeys will return a prepared *keys with input values set.
|
||||||
func newKeys(configuration *Configuration, errorKernel *errorKernel) *keys {
|
func newPKI(configuration *Configuration, errorKernel *errorKernel) *pki {
|
||||||
c := keys{
|
p := pki{
|
||||||
// schema: make(map[Node]map[argsString]signatureBase32),
|
// schema: make(map[Node]map[argsString]signatureBase32),
|
||||||
NodePublicKeys: newNodePublicKeys(configuration),
|
nodeKeysAndHash: newNodeKeysAndHash(configuration),
|
||||||
nodeNotAckedPublicKeys: newNodeNotAckedPublicKeys(configuration),
|
nodeNotAckedPublicKeys: newNodeNotAckedPublicKeys(configuration),
|
||||||
configuration: configuration,
|
configuration: configuration,
|
||||||
bucketNamePublicKeys: "publicKeys",
|
bucketNamePublicKeys: "publicKeys",
|
||||||
|
@ -57,27 +57,27 @@ func newKeys(configuration *Configuration, errorKernel *errorKernel) *keys {
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
c.db = db
|
p.db = db
|
||||||
|
|
||||||
// Get public keys from db storage.
|
// Get public keys from db storage.
|
||||||
keys, err := c.dbDumpPublicKey()
|
keys, err := p.dbDumpPublicKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("debug: dbPublicKeyDump failed, probably empty db: %v\n", err)
|
log.Printf("debug: dbPublicKeyDump failed, probably empty db: %v\n", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only assign from storage to in memory map if the storage contained any values.
|
// Only assign from storage to in memory map if the storage contained any values.
|
||||||
if keys != nil {
|
if keys != nil {
|
||||||
c.NodePublicKeys.KeyMap = keys
|
p.nodeKeysAndHash.KeyMap = keys
|
||||||
for k, v := range keys {
|
for k, v := range keys {
|
||||||
log.Printf("info: public keys db contains: %v, %v\n", k, []byte(v))
|
log.Printf("info: public keys db contains: %v, %v\n", k, []byte(v))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return &c
|
return &p
|
||||||
}
|
}
|
||||||
|
|
||||||
// addPublicKey to the db if the node do not exist, or if it is a new value.
|
// addPublicKey to the db if the node do not exist, or if it is a new value.
|
||||||
func (c *keys) addPublicKey(proc process, msg Message) {
|
func (p *pki) addPublicKey(proc process, msg Message) {
|
||||||
|
|
||||||
// TODO: When receiviving a new or different keys for a node we should
|
// TODO: When receiviving a new or different keys for a node we should
|
||||||
// have a service with it's own storage for these keys, and an operator
|
// have a service with it's own storage for these keys, and an operator
|
||||||
|
@ -90,32 +90,32 @@ func (c *keys) addPublicKey(proc process, msg Message) {
|
||||||
// key for a host.
|
// key for a host.
|
||||||
|
|
||||||
// Check if a key for the current node already exists in the map.
|
// Check if a key for the current node already exists in the map.
|
||||||
c.NodePublicKeys.mu.Lock()
|
p.nodeKeysAndHash.mu.Lock()
|
||||||
existingKey, ok := c.NodePublicKeys.KeyMap[msg.FromNode]
|
existingKey, ok := p.nodeKeysAndHash.KeyMap[msg.FromNode]
|
||||||
c.NodePublicKeys.mu.Unlock()
|
p.nodeKeysAndHash.mu.Unlock()
|
||||||
|
|
||||||
if ok && bytes.Equal(existingKey, msg.Data) {
|
if ok && bytes.Equal(existingKey, msg.Data) {
|
||||||
fmt.Printf(" * \nkey value for REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode)
|
fmt.Printf(" * \nkey value for REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.nodeNotAckedPublicKeys.mu.Lock()
|
p.nodeNotAckedPublicKeys.mu.Lock()
|
||||||
existingNotAckedKey, ok := c.nodeNotAckedPublicKeys.KeyMap[msg.FromNode]
|
existingNotAckedKey, ok := p.nodeNotAckedPublicKeys.KeyMap[msg.FromNode]
|
||||||
// We only want to send one notification to the error kernel about new key detection,
|
// We only want to send one notification to the error kernel about new key detection,
|
||||||
// so we check if the values are the same as the one we already got before we continue
|
// so we check if the values are the same as the one we already got before we continue
|
||||||
// with registering and logging for the the new key.
|
// with registering and logging for the the new key.
|
||||||
if ok && bytes.Equal(existingNotAckedKey, msg.Data) {
|
if ok && bytes.Equal(existingNotAckedKey, msg.Data) {
|
||||||
fmt.Printf(" * \nkey value for NOT-REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode)
|
fmt.Printf(" * \nkey value for NOT-REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode)
|
||||||
c.nodeNotAckedPublicKeys.mu.Unlock()
|
p.nodeNotAckedPublicKeys.mu.Unlock()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.nodeNotAckedPublicKeys.KeyMap[msg.FromNode] = msg.Data
|
p.nodeNotAckedPublicKeys.KeyMap[msg.FromNode] = msg.Data
|
||||||
c.nodeNotAckedPublicKeys.mu.Unlock()
|
p.nodeNotAckedPublicKeys.mu.Unlock()
|
||||||
|
|
||||||
er := fmt.Errorf("info: detected new public key for node: %v. This key will need to be authorized by operator to be allowed into the system", msg.FromNode)
|
er := fmt.Errorf("info: detected new public key for node: %v. This key will need to be authorized by operator to be allowed into the system", msg.FromNode)
|
||||||
fmt.Printf(" * %v\n", er)
|
fmt.Printf(" * %v\n", er)
|
||||||
c.errorKernel.infoSend(proc, msg, er)
|
p.errorKernel.infoSend(proc, msg, er)
|
||||||
}
|
}
|
||||||
|
|
||||||
// // dbGetPublicKey will look up and return a specific value if it exists for a key in a bucket in a DB.
|
// // dbGetPublicKey will look up and return a specific value if it exists for a key in a bucket in a DB.
|
||||||
|
@ -145,10 +145,10 @@ func (c *keys) addPublicKey(proc process, msg Message) {
|
||||||
// }
|
// }
|
||||||
|
|
||||||
//dbUpdatePublicKey will update the public key for a node in the db.
|
//dbUpdatePublicKey will update the public key for a node in the db.
|
||||||
func (c *keys) dbUpdatePublicKey(node string, value []byte) error {
|
func (p *pki) dbUpdatePublicKey(node string, value []byte) error {
|
||||||
err := c.db.Update(func(tx *bolt.Tx) error {
|
err := p.db.Update(func(tx *bolt.Tx) error {
|
||||||
//Create a bucket
|
//Create a bucket
|
||||||
bu, err := tx.CreateBucketIfNotExists([]byte(c.bucketNamePublicKeys))
|
bu, err := tx.CreateBucketIfNotExists([]byte(p.bucketNamePublicKeys))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error: CreateBuckerIfNotExists failed: %v", err)
|
return fmt.Errorf("error: CreateBuckerIfNotExists failed: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -184,11 +184,11 @@ func (c *keys) dbUpdatePublicKey(node string, value []byte) error {
|
||||||
|
|
||||||
// dumpBucket will dump out all they keys and values in the
|
// dumpBucket will dump out all they keys and values in the
|
||||||
// specified bucket, and return a sorted []samDBValue
|
// specified bucket, and return a sorted []samDBValue
|
||||||
func (c *keys) dbDumpPublicKey() (map[Node][]byte, error) {
|
func (p *pki) dbDumpPublicKey() (map[Node][]byte, error) {
|
||||||
m := make(map[Node][]byte)
|
m := make(map[Node][]byte)
|
||||||
|
|
||||||
err := c.db.View(func(tx *bolt.Tx) error {
|
err := p.db.View(func(tx *bolt.Tx) error {
|
||||||
bu := tx.Bucket([]byte(c.bucketNamePublicKeys))
|
bu := tx.Bucket([]byte(p.bucketNamePublicKeys))
|
||||||
if bu == nil {
|
if bu == nil {
|
||||||
return fmt.Errorf("error: dumpBucket: tx.bucket returned nil")
|
return fmt.Errorf("error: dumpBucket: tx.bucket returned nil")
|
||||||
}
|
}
|
||||||
|
@ -209,9 +209,9 @@ func (c *keys) dbDumpPublicKey() (map[Node][]byte, error) {
|
||||||
return m, nil
|
return m, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// nodePublicKeys holds all the gathered public keys of nodes in the system.
|
// nodeKeysAndHash holds all the gathered public keys of nodes in the system.
|
||||||
// The keys will be written to a k/v store for persistence.
|
// The keys will be written to a k/v store for persistence.
|
||||||
type nodePublicKeys struct {
|
type nodeKeysAndHash struct {
|
||||||
mu sync.RWMutex
|
mu sync.RWMutex
|
||||||
KeyMap map[Node][]byte
|
KeyMap map[Node][]byte
|
||||||
// TODO TOMOROW: implement sorting of KeyMap,
|
// TODO TOMOROW: implement sorting of KeyMap,
|
||||||
|
@ -221,9 +221,9 @@ type nodePublicKeys struct {
|
||||||
Hash [32]byte
|
Hash [32]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// newNodePublicKeys will return a prepared type of nodePublicKeys.
|
// newNnodeKeysAndHash will return a prepared type of nodeKeysAndHash.
|
||||||
func newNodePublicKeys(configuration *Configuration) *nodePublicKeys {
|
func newNodeKeysAndHash(configuration *Configuration) *nodeKeysAndHash {
|
||||||
n := nodePublicKeys{
|
n := nodeKeysAndHash{
|
||||||
KeyMap: make(map[Node][]byte),
|
KeyMap: make(map[Node][]byte),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -445,13 +445,13 @@ func (s startup) subREQHello(p process) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
s.centralAuth.keys.addPublicKey(proc, m)
|
s.centralAuth.pki.addPublicKey(proc, m)
|
||||||
|
|
||||||
// update the prometheus metrics
|
// update the prometheus metrics
|
||||||
|
|
||||||
s.server.centralAuth.keys.NodePublicKeys.mu.Lock()
|
s.server.centralAuth.pki.nodeKeysAndHash.mu.Lock()
|
||||||
mapLen := len(s.server.centralAuth.keys.NodePublicKeys.KeyMap)
|
mapLen := len(s.server.centralAuth.pki.nodeKeysAndHash.KeyMap)
|
||||||
s.server.centralAuth.keys.NodePublicKeys.mu.Unlock()
|
s.server.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
|
||||||
s.metrics.promHelloNodesTotal.Set(float64(mapLen))
|
s.metrics.promHelloNodesTotal.Set(float64(mapLen))
|
||||||
s.metrics.promHelloNodesContactLast.With(prometheus.Labels{"nodeName": string(m.FromNode)}).SetToCurrentTime()
|
s.metrics.promHelloNodesContactLast.With(prometheus.Labels{"nodeName": string(m.FromNode)}).SetToCurrentTime()
|
||||||
|
|
||||||
|
|
30
requests.go
30
requests.go
|
@ -2064,14 +2064,14 @@ func (m methodREQPublicKeysGet) handler(proc process, message Message, node stri
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
// case out := <-outCh:
|
// case out := <-outCh:
|
||||||
case <-outCh:
|
case <-outCh:
|
||||||
proc.centralAuth.keys.NodePublicKeys.mu.Lock()
|
proc.centralAuth.pki.nodeKeysAndHash.mu.Lock()
|
||||||
// TODO: We should probably create a hash of the current map content,
|
// TODO: We should probably create a hash of the current map content,
|
||||||
// store it alongside the KeyMap, and send both the KeyMap and hash
|
// store it alongside the KeyMap, and send both the KeyMap and hash
|
||||||
// back. We can then later send that hash when asking for keys, compare
|
// back. We can then later send that hash when asking for keys, compare
|
||||||
// it with the current one for the KeyMap, and know if we need to send
|
// it with the current one for the KeyMap, and know if we need to send
|
||||||
// and update back to the node who published the request to here.
|
// and update back to the node who published the request to here.
|
||||||
b, err := json.Marshal(proc.centralAuth.keys.NodePublicKeys.KeyMap)
|
b, err := json.Marshal(proc.centralAuth.pki.nodeKeysAndHash.KeyMap)
|
||||||
proc.centralAuth.keys.NodePublicKeys.mu.Unlock()
|
proc.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
er := fmt.Errorf("error: REQPublicKeysGet, failed to marshal keys map: %v", err)
|
er := fmt.Errorf("error: REQPublicKeysGet, failed to marshal keys map: %v", err)
|
||||||
proc.errorKernel.errSend(proc, message, er)
|
proc.errorKernel.errSend(proc, message, er)
|
||||||
|
@ -2193,28 +2193,28 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
|
||||||
select {
|
select {
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
case <-outCh:
|
case <-outCh:
|
||||||
proc.centralAuth.keys.nodeNotAckedPublicKeys.mu.Lock()
|
proc.centralAuth.pki.nodeNotAckedPublicKeys.mu.Lock()
|
||||||
defer proc.centralAuth.keys.nodeNotAckedPublicKeys.mu.Unlock()
|
defer proc.centralAuth.pki.nodeNotAckedPublicKeys.mu.Unlock()
|
||||||
|
|
||||||
// Range over all the MethodArgs, where each element represents a node to allow,
|
// Range over all the MethodArgs, where each element represents a node to allow,
|
||||||
// and move the node from the notAcked map to the allowed map.
|
// and move the node from the notAcked map to the allowed map.
|
||||||
for _, n := range message.MethodArgs {
|
for _, n := range message.MethodArgs {
|
||||||
key, ok := proc.centralAuth.keys.nodeNotAckedPublicKeys.KeyMap[Node(n)]
|
key, ok := proc.centralAuth.pki.nodeNotAckedPublicKeys.KeyMap[Node(n)]
|
||||||
if ok {
|
if ok {
|
||||||
|
|
||||||
func() {
|
func() {
|
||||||
proc.centralAuth.keys.NodePublicKeys.mu.Lock()
|
proc.centralAuth.pki.nodeKeysAndHash.mu.Lock()
|
||||||
defer proc.centralAuth.keys.NodePublicKeys.mu.Unlock()
|
defer proc.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
|
||||||
|
|
||||||
// Store/update the node and public key on the allowed pubKey map.
|
// Store/update the node and public key on the allowed pubKey map.
|
||||||
proc.centralAuth.keys.NodePublicKeys.KeyMap[Node(n)] = key
|
proc.centralAuth.pki.nodeKeysAndHash.KeyMap[Node(n)] = key
|
||||||
}()
|
}()
|
||||||
|
|
||||||
// Add key to persistent storage.
|
// Add key to persistent storage.
|
||||||
proc.centralAuth.keys.dbUpdatePublicKey(string(n), key)
|
proc.centralAuth.pki.dbUpdatePublicKey(string(n), key)
|
||||||
|
|
||||||
// Delete the key from the NotAcked map
|
// Delete the key from the NotAcked map
|
||||||
delete(proc.centralAuth.keys.nodeNotAckedPublicKeys.KeyMap, Node(n))
|
delete(proc.centralAuth.pki.nodeNotAckedPublicKeys.KeyMap, Node(n))
|
||||||
|
|
||||||
er := fmt.Errorf("info: REQPublicKeysAllow : allowed new/updated public key for %v to allowed public key map", n)
|
er := fmt.Errorf("info: REQPublicKeysAllow : allowed new/updated public key for %v to allowed public key map", n)
|
||||||
proc.errorKernel.infoSend(proc, message, er)
|
proc.errorKernel.infoSend(proc, message, er)
|
||||||
|
@ -2224,8 +2224,8 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
|
||||||
// All new elements are now added, and we can create a new hash
|
// All new elements are now added, and we can create a new hash
|
||||||
// representing the current keys in the allowed map.
|
// representing the current keys in the allowed map.
|
||||||
func() {
|
func() {
|
||||||
proc.centralAuth.keys.NodePublicKeys.mu.Lock()
|
proc.centralAuth.pki.nodeKeysAndHash.mu.Lock()
|
||||||
defer proc.centralAuth.keys.NodePublicKeys.mu.Unlock()
|
defer proc.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
|
||||||
|
|
||||||
type NodesAndKeys struct {
|
type NodesAndKeys struct {
|
||||||
Node Node
|
Node Node
|
||||||
|
@ -2236,7 +2236,7 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
|
||||||
sortedNodesAndKeys := []NodesAndKeys{}
|
sortedNodesAndKeys := []NodesAndKeys{}
|
||||||
|
|
||||||
// Range the map, and add each k/v to the sorted slice, to be sorted later.
|
// Range the map, and add each k/v to the sorted slice, to be sorted later.
|
||||||
for k, v := range proc.centralAuth.keys.NodePublicKeys.KeyMap {
|
for k, v := range proc.centralAuth.pki.nodeKeysAndHash.KeyMap {
|
||||||
nk := NodesAndKeys{
|
nk := NodesAndKeys{
|
||||||
Node: k,
|
Node: k,
|
||||||
Key: v,
|
Key: v,
|
||||||
|
@ -2262,7 +2262,7 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
proc.centralAuth.keys.NodePublicKeys.Hash = sha256.Sum256(b)
|
proc.centralAuth.pki.nodeKeysAndHash.Hash = sha256.Sum256(b)
|
||||||
|
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue