1
0
Fork 0
mirror of https://github.com/postmannen/ctrl.git synced 2025-01-18 21:59:30 +00:00

renamed keys to pki

This commit is contained in:
postmannen 2022-05-12 09:25:10 +02:00
parent e9b1829f56
commit 6cf3bac506
3 changed files with 51 additions and 51 deletions

View file

@ -15,21 +15,21 @@ import (
type centralAuth struct { type centralAuth struct {
// schema map[Node]map[argsString]signatureBase32 // schema map[Node]map[argsString]signatureBase32
authorization *authorization authorization *authorization
keys *keys pki *pki
} }
// newCentralAuth will return a new and prepared *centralAuth // newCentralAuth will return a new and prepared *centralAuth
func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth { func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth {
c := centralAuth{ c := centralAuth{
authorization: newAuthorization(), authorization: newAuthorization(),
keys: newKeys(configuration, errorKernel), pki: newPKI(configuration, errorKernel),
} }
return &c return &c
} }
type keys struct { type pki struct {
NodePublicKeys *nodePublicKeys nodeKeysAndHash *nodeKeysAndHash
nodeNotAckedPublicKeys *nodeNotAckedPublicKeys nodeNotAckedPublicKeys *nodeNotAckedPublicKeys
configuration *Configuration configuration *Configuration
db *bolt.DB db *bolt.DB
@ -38,10 +38,10 @@ type keys struct {
} }
// newKeys will return a prepared *keys with input values set. // newKeys will return a prepared *keys with input values set.
func newKeys(configuration *Configuration, errorKernel *errorKernel) *keys { func newPKI(configuration *Configuration, errorKernel *errorKernel) *pki {
c := keys{ p := pki{
// schema: make(map[Node]map[argsString]signatureBase32), // schema: make(map[Node]map[argsString]signatureBase32),
NodePublicKeys: newNodePublicKeys(configuration), nodeKeysAndHash: newNodeKeysAndHash(configuration),
nodeNotAckedPublicKeys: newNodeNotAckedPublicKeys(configuration), nodeNotAckedPublicKeys: newNodeNotAckedPublicKeys(configuration),
configuration: configuration, configuration: configuration,
bucketNamePublicKeys: "publicKeys", bucketNamePublicKeys: "publicKeys",
@ -57,27 +57,27 @@ func newKeys(configuration *Configuration, errorKernel *errorKernel) *keys {
os.Exit(1) os.Exit(1)
} }
c.db = db p.db = db
// Get public keys from db storage. // Get public keys from db storage.
keys, err := c.dbDumpPublicKey() keys, err := p.dbDumpPublicKey()
if err != nil { if err != nil {
log.Printf("debug: dbPublicKeyDump failed, probably empty db: %v\n", err) log.Printf("debug: dbPublicKeyDump failed, probably empty db: %v\n", err)
} }
// Only assign from storage to in memory map if the storage contained any values. // Only assign from storage to in memory map if the storage contained any values.
if keys != nil { if keys != nil {
c.NodePublicKeys.KeyMap = keys p.nodeKeysAndHash.KeyMap = keys
for k, v := range keys { for k, v := range keys {
log.Printf("info: public keys db contains: %v, %v\n", k, []byte(v)) log.Printf("info: public keys db contains: %v, %v\n", k, []byte(v))
} }
} }
return &c return &p
} }
// addPublicKey to the db if the node do not exist, or if it is a new value. // addPublicKey to the db if the node do not exist, or if it is a new value.
func (c *keys) addPublicKey(proc process, msg Message) { func (p *pki) addPublicKey(proc process, msg Message) {
// TODO: When receiviving a new or different keys for a node we should // TODO: When receiviving a new or different keys for a node we should
// have a service with it's own storage for these keys, and an operator // have a service with it's own storage for these keys, and an operator
@ -90,32 +90,32 @@ func (c *keys) addPublicKey(proc process, msg Message) {
// key for a host. // key for a host.
// Check if a key for the current node already exists in the map. // Check if a key for the current node already exists in the map.
c.NodePublicKeys.mu.Lock() p.nodeKeysAndHash.mu.Lock()
existingKey, ok := c.NodePublicKeys.KeyMap[msg.FromNode] existingKey, ok := p.nodeKeysAndHash.KeyMap[msg.FromNode]
c.NodePublicKeys.mu.Unlock() p.nodeKeysAndHash.mu.Unlock()
if ok && bytes.Equal(existingKey, msg.Data) { if ok && bytes.Equal(existingKey, msg.Data) {
fmt.Printf(" * \nkey value for REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode) fmt.Printf(" * \nkey value for REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode)
return return
} }
c.nodeNotAckedPublicKeys.mu.Lock() p.nodeNotAckedPublicKeys.mu.Lock()
existingNotAckedKey, ok := c.nodeNotAckedPublicKeys.KeyMap[msg.FromNode] existingNotAckedKey, ok := p.nodeNotAckedPublicKeys.KeyMap[msg.FromNode]
// We only want to send one notification to the error kernel about new key detection, // We only want to send one notification to the error kernel about new key detection,
// so we check if the values are the same as the one we already got before we continue // so we check if the values are the same as the one we already got before we continue
// with registering and logging for the the new key. // with registering and logging for the the new key.
if ok && bytes.Equal(existingNotAckedKey, msg.Data) { if ok && bytes.Equal(existingNotAckedKey, msg.Data) {
fmt.Printf(" * \nkey value for NOT-REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode) fmt.Printf(" * \nkey value for NOT-REGISTERED node %v is the same, doing nothing\n\n", msg.FromNode)
c.nodeNotAckedPublicKeys.mu.Unlock() p.nodeNotAckedPublicKeys.mu.Unlock()
return return
} }
c.nodeNotAckedPublicKeys.KeyMap[msg.FromNode] = msg.Data p.nodeNotAckedPublicKeys.KeyMap[msg.FromNode] = msg.Data
c.nodeNotAckedPublicKeys.mu.Unlock() p.nodeNotAckedPublicKeys.mu.Unlock()
er := fmt.Errorf("info: detected new public key for node: %v. This key will need to be authorized by operator to be allowed into the system", msg.FromNode) er := fmt.Errorf("info: detected new public key for node: %v. This key will need to be authorized by operator to be allowed into the system", msg.FromNode)
fmt.Printf(" * %v\n", er) fmt.Printf(" * %v\n", er)
c.errorKernel.infoSend(proc, msg, er) p.errorKernel.infoSend(proc, msg, er)
} }
// // dbGetPublicKey will look up and return a specific value if it exists for a key in a bucket in a DB. // // dbGetPublicKey will look up and return a specific value if it exists for a key in a bucket in a DB.
@ -145,10 +145,10 @@ func (c *keys) addPublicKey(proc process, msg Message) {
// } // }
//dbUpdatePublicKey will update the public key for a node in the db. //dbUpdatePublicKey will update the public key for a node in the db.
func (c *keys) dbUpdatePublicKey(node string, value []byte) error { func (p *pki) dbUpdatePublicKey(node string, value []byte) error {
err := c.db.Update(func(tx *bolt.Tx) error { err := p.db.Update(func(tx *bolt.Tx) error {
//Create a bucket //Create a bucket
bu, err := tx.CreateBucketIfNotExists([]byte(c.bucketNamePublicKeys)) bu, err := tx.CreateBucketIfNotExists([]byte(p.bucketNamePublicKeys))
if err != nil { if err != nil {
return fmt.Errorf("error: CreateBuckerIfNotExists failed: %v", err) return fmt.Errorf("error: CreateBuckerIfNotExists failed: %v", err)
} }
@ -184,11 +184,11 @@ func (c *keys) dbUpdatePublicKey(node string, value []byte) error {
// dumpBucket will dump out all they keys and values in the // dumpBucket will dump out all they keys and values in the
// specified bucket, and return a sorted []samDBValue // specified bucket, and return a sorted []samDBValue
func (c *keys) dbDumpPublicKey() (map[Node][]byte, error) { func (p *pki) dbDumpPublicKey() (map[Node][]byte, error) {
m := make(map[Node][]byte) m := make(map[Node][]byte)
err := c.db.View(func(tx *bolt.Tx) error { err := p.db.View(func(tx *bolt.Tx) error {
bu := tx.Bucket([]byte(c.bucketNamePublicKeys)) bu := tx.Bucket([]byte(p.bucketNamePublicKeys))
if bu == nil { if bu == nil {
return fmt.Errorf("error: dumpBucket: tx.bucket returned nil") return fmt.Errorf("error: dumpBucket: tx.bucket returned nil")
} }
@ -209,9 +209,9 @@ func (c *keys) dbDumpPublicKey() (map[Node][]byte, error) {
return m, nil return m, nil
} }
// nodePublicKeys holds all the gathered public keys of nodes in the system. // nodeKeysAndHash holds all the gathered public keys of nodes in the system.
// The keys will be written to a k/v store for persistence. // The keys will be written to a k/v store for persistence.
type nodePublicKeys struct { type nodeKeysAndHash struct {
mu sync.RWMutex mu sync.RWMutex
KeyMap map[Node][]byte KeyMap map[Node][]byte
// TODO TOMOROW: implement sorting of KeyMap, // TODO TOMOROW: implement sorting of KeyMap,
@ -221,9 +221,9 @@ type nodePublicKeys struct {
Hash [32]byte Hash [32]byte
} }
// newNodePublicKeys will return a prepared type of nodePublicKeys. // newNnodeKeysAndHash will return a prepared type of nodeKeysAndHash.
func newNodePublicKeys(configuration *Configuration) *nodePublicKeys { func newNodeKeysAndHash(configuration *Configuration) *nodeKeysAndHash {
n := nodePublicKeys{ n := nodeKeysAndHash{
KeyMap: make(map[Node][]byte), KeyMap: make(map[Node][]byte),
} }

View file

@ -445,13 +445,13 @@ func (s startup) subREQHello(p process) {
return nil return nil
} }
s.centralAuth.keys.addPublicKey(proc, m) s.centralAuth.pki.addPublicKey(proc, m)
// update the prometheus metrics // update the prometheus metrics
s.server.centralAuth.keys.NodePublicKeys.mu.Lock() s.server.centralAuth.pki.nodeKeysAndHash.mu.Lock()
mapLen := len(s.server.centralAuth.keys.NodePublicKeys.KeyMap) mapLen := len(s.server.centralAuth.pki.nodeKeysAndHash.KeyMap)
s.server.centralAuth.keys.NodePublicKeys.mu.Unlock() s.server.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
s.metrics.promHelloNodesTotal.Set(float64(mapLen)) s.metrics.promHelloNodesTotal.Set(float64(mapLen))
s.metrics.promHelloNodesContactLast.With(prometheus.Labels{"nodeName": string(m.FromNode)}).SetToCurrentTime() s.metrics.promHelloNodesContactLast.With(prometheus.Labels{"nodeName": string(m.FromNode)}).SetToCurrentTime()

View file

@ -2064,14 +2064,14 @@ func (m methodREQPublicKeysGet) handler(proc process, message Message, node stri
case <-ctx.Done(): case <-ctx.Done():
// case out := <-outCh: // case out := <-outCh:
case <-outCh: case <-outCh:
proc.centralAuth.keys.NodePublicKeys.mu.Lock() proc.centralAuth.pki.nodeKeysAndHash.mu.Lock()
// TODO: We should probably create a hash of the current map content, // TODO: We should probably create a hash of the current map content,
// store it alongside the KeyMap, and send both the KeyMap and hash // store it alongside the KeyMap, and send both the KeyMap and hash
// back. We can then later send that hash when asking for keys, compare // back. We can then later send that hash when asking for keys, compare
// it with the current one for the KeyMap, and know if we need to send // it with the current one for the KeyMap, and know if we need to send
// and update back to the node who published the request to here. // and update back to the node who published the request to here.
b, err := json.Marshal(proc.centralAuth.keys.NodePublicKeys.KeyMap) b, err := json.Marshal(proc.centralAuth.pki.nodeKeysAndHash.KeyMap)
proc.centralAuth.keys.NodePublicKeys.mu.Unlock() proc.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
if err != nil { if err != nil {
er := fmt.Errorf("error: REQPublicKeysGet, failed to marshal keys map: %v", err) er := fmt.Errorf("error: REQPublicKeysGet, failed to marshal keys map: %v", err)
proc.errorKernel.errSend(proc, message, er) proc.errorKernel.errSend(proc, message, er)
@ -2193,28 +2193,28 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
select { select {
case <-ctx.Done(): case <-ctx.Done():
case <-outCh: case <-outCh:
proc.centralAuth.keys.nodeNotAckedPublicKeys.mu.Lock() proc.centralAuth.pki.nodeNotAckedPublicKeys.mu.Lock()
defer proc.centralAuth.keys.nodeNotAckedPublicKeys.mu.Unlock() defer proc.centralAuth.pki.nodeNotAckedPublicKeys.mu.Unlock()
// Range over all the MethodArgs, where each element represents a node to allow, // Range over all the MethodArgs, where each element represents a node to allow,
// and move the node from the notAcked map to the allowed map. // and move the node from the notAcked map to the allowed map.
for _, n := range message.MethodArgs { for _, n := range message.MethodArgs {
key, ok := proc.centralAuth.keys.nodeNotAckedPublicKeys.KeyMap[Node(n)] key, ok := proc.centralAuth.pki.nodeNotAckedPublicKeys.KeyMap[Node(n)]
if ok { if ok {
func() { func() {
proc.centralAuth.keys.NodePublicKeys.mu.Lock() proc.centralAuth.pki.nodeKeysAndHash.mu.Lock()
defer proc.centralAuth.keys.NodePublicKeys.mu.Unlock() defer proc.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
// Store/update the node and public key on the allowed pubKey map. // Store/update the node and public key on the allowed pubKey map.
proc.centralAuth.keys.NodePublicKeys.KeyMap[Node(n)] = key proc.centralAuth.pki.nodeKeysAndHash.KeyMap[Node(n)] = key
}() }()
// Add key to persistent storage. // Add key to persistent storage.
proc.centralAuth.keys.dbUpdatePublicKey(string(n), key) proc.centralAuth.pki.dbUpdatePublicKey(string(n), key)
// Delete the key from the NotAcked map // Delete the key from the NotAcked map
delete(proc.centralAuth.keys.nodeNotAckedPublicKeys.KeyMap, Node(n)) delete(proc.centralAuth.pki.nodeNotAckedPublicKeys.KeyMap, Node(n))
er := fmt.Errorf("info: REQPublicKeysAllow : allowed new/updated public key for %v to allowed public key map", n) er := fmt.Errorf("info: REQPublicKeysAllow : allowed new/updated public key for %v to allowed public key map", n)
proc.errorKernel.infoSend(proc, message, er) proc.errorKernel.infoSend(proc, message, er)
@ -2224,8 +2224,8 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
// All new elements are now added, and we can create a new hash // All new elements are now added, and we can create a new hash
// representing the current keys in the allowed map. // representing the current keys in the allowed map.
func() { func() {
proc.centralAuth.keys.NodePublicKeys.mu.Lock() proc.centralAuth.pki.nodeKeysAndHash.mu.Lock()
defer proc.centralAuth.keys.NodePublicKeys.mu.Unlock() defer proc.centralAuth.pki.nodeKeysAndHash.mu.Unlock()
type NodesAndKeys struct { type NodesAndKeys struct {
Node Node Node Node
@ -2236,7 +2236,7 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
sortedNodesAndKeys := []NodesAndKeys{} sortedNodesAndKeys := []NodesAndKeys{}
// Range the map, and add each k/v to the sorted slice, to be sorted later. // Range the map, and add each k/v to the sorted slice, to be sorted later.
for k, v := range proc.centralAuth.keys.NodePublicKeys.KeyMap { for k, v := range proc.centralAuth.pki.nodeKeysAndHash.KeyMap {
nk := NodesAndKeys{ nk := NodesAndKeys{
Node: k, Node: k,
Key: v, Key: v,
@ -2262,7 +2262,7 @@ func (m methodREQPublicKeysAllow) handler(proc process, message Message, node st
return return
} }
proc.centralAuth.keys.NodePublicKeys.Hash = sha256.Sum256(b) proc.centralAuth.pki.nodeKeysAndHash.Hash = sha256.Sum256(b)
}() }()