From 8214b1cc5c3275178a47f6ed46d6bf4d4adce845 Mon Sep 17 00:00:00 2001 From: Aleksey Proshutisnkiy Date: Mon, 13 Dec 2021 19:40:16 +0300 Subject: [PATCH] Fix revocations logic (#34) --- Cargo.lock | 130 +++++++++++------------ Cargo.toml | 1 + aqua/package.json | 2 +- aqua/trust-graph-api.aqua | 4 +- aqua/trust-graph.aqua | 6 +- example/index.ts | 2 +- keypair/src/rsa.rs | 4 +- keypair/src/signature.rs | 2 +- service/Cargo.toml | 2 +- service/src/dto.rs | 14 +-- service/src/results.rs | 14 +-- service/src/service_api.rs | 8 +- service/src/storage_impl.rs | 84 +++++++++++---- service/src/tests.rs | 87 ++++++++++++--- src/chain.rs | 47 ++++++++ src/lib.rs | 3 +- src/revoke.rs | 22 ++-- src/trust_graph.rs | 41 +++---- src/trust_graph_storage.rs | 8 +- src/trust_node.rs | 206 ------------------------------------ src/trust_relation.rs | 15 +-- 21 files changed, 320 insertions(+), 382 deletions(-) create mode 100644 src/chain.rs delete mode 100644 src/trust_node.rs diff --git a/Cargo.lock b/Cargo.lock index dd15940..040dabd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -39,9 +39,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.45" +version = "1.0.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee10e43ae4a853c0a3591d4e2ada1719e553be18199d9da9d4a83f5927c2f5c7" +checksum = "8b26702f315f53b6071259e15dd9d64528213b44d61de1ec926eca7715d62203" [[package]] name = "arrayref" @@ -529,9 +529,9 @@ dependencies = [ [[package]] name = "ed25519" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4620d40f6d2601794401d6dd95a5cf69b6c157852539470eeda433a99b3c0efc" +checksum = "74e1069e39f1454367eb2de793ed062fac4c35c2934b76a81d90dd9abcd28816" dependencies = [ "serde", "signature", @@ -656,9 +656,9 @@ checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d" [[package]] name = "fluence-app-service" -version = "0.9.0" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58d92fd37b7673513efafb0d1e0c366b8d6f297b74e9bfcda27c452f400af70a" +checksum = "01c66660de99826038c5ec4ad0f5dccf10b1c8a15924aeaa5315ab49d718bfc9" dependencies = [ "fluence-faas", "log", @@ -819,9 +819,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a12aa0eb539080d55c3f2d45a67c3b58b6b0773c1a3ca2dfec66d58c97fd66ca" +checksum = "8cd0210d8c325c245ff06fd95a3b13689a1a276ac8cfa8e8720cb840bfb84b9e" dependencies = [ "futures-channel", "futures-core", @@ -834,9 +834,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5da6ba8c3bb3c165d3c7319fc1cc8304facf1fb8db99c5de877183c08a273888" +checksum = "7fc8cd39e3dbf865f7340dce6a2d401d24fd37c6fe6c4f0ee0de8bfca2252d27" dependencies = [ "futures-core", "futures-sink", @@ -844,15 +844,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" +checksum = "629316e42fe7c2a0b9a65b47d159ceaa5453ab14e8f0a3c5eedbb8cd55b4a445" [[package]] name = "futures-executor" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45025be030969d763025784f7f355043dc6bc74093e4ecc5000ca4dc50d8745c" +checksum = "7b808bf53348a36cab739d7e04755909b9fcaaa69b7d7e588b37b6ec62704c97" dependencies = [ "futures-core", "futures-task", @@ -862,18 +862,16 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377" +checksum = "e481354db6b5c353246ccf6a728b0c5511d752c08da7260546fc0933869daa11" [[package]] name = "futures-macro" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18e4a4b95cea4b4ccbcf1c5675ca7c4ee4e9e75eb79944d07defde18068f79bb" +checksum = "a89f17b21645bc4ed773c69af9c9a0effd4a3f1a3876eadd453469f8854e7fdd" dependencies = [ - "autocfg", - "proc-macro-hack", "proc-macro2", "quote", "syn", @@ -881,15 +879,15 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36ea153c13024fe480590b3e3d4cad89a0cfacecc24577b68f86c6ced9c2bc11" +checksum = "996c6442437b62d21a32cd9906f9c41e7dc1e19a9579843fad948696769305af" [[package]] name = "futures-task" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d3d00f4eddb73e498a54394f228cd55853bdf059259e8e7bc6e69d408892e99" +checksum = "dabf1872aaab32c886832f2276d2f5399887e2bd613698a02359e4ea83f8de12" [[package]] name = "futures-timer" @@ -899,11 +897,10 @@ checksum = "e64b03909df88034c26dc1547e8970b91f98bdb65165d6a4e9110d94263dbb2c" [[package]] name = "futures-util" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36568465210a3a6ee45e1f165136d68671471a501e632e9a98d96872222b5481" +checksum = "41d22213122356472061ac0f1ab2cee28d2bac8491410fd68c2af53d1cedb83e" dependencies = [ - "autocfg", "futures-channel", "futures-core", "futures-io", @@ -913,8 +910,6 @@ dependencies = [ "memchr", "pin-project-lite", "pin-utils", - "proc-macro-hack", - "proc-macro-nested", "slab", ] @@ -1147,9 +1142,9 @@ dependencies = [ [[package]] name = "itertools" -version = "0.10.1" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69ddb889f9d0d08a67338271fa9b62996bc788c7796a5c18cf057420aaed5eaf" +checksum = "a9a9d19fa1e79b6215ff29b9d6880b706147f16e9b1dbb1e4e5947b5b02bc5e3" dependencies = [ "either", ] @@ -1196,9 +1191,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.107" +version = "0.2.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbe5e23404da5b4f555ef85ebed98fb4083e55a00c317800bc2a50ede9f3d219" +checksum = "f98a04dce437184842841303488f70d0188c5f51437d2a834dc097eafa909a01" [[package]] name = "libsecp256k1" @@ -1261,9 +1256,9 @@ checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" [[package]] name = "marine-build-rs-generator" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c81d725ea49f554e23d3a0eb9464fcdad0bc190e42bb5a5a27699fb56557177c" +checksum = "0108407ef0528984cd5b226e6d69552b1658b205f60c83305ca33179d6e9eee1" dependencies = [ "marine-test-macro-impl", ] @@ -1303,7 +1298,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "edd97bd85072fc540763769be153a7c8ee83391e668b37ef96d6c48decec2cd5" dependencies = [ "anyhow", - "itertools 0.10.1", + "itertools 0.10.3", "marine-it-interfaces", "marine-module-interface", "nom", @@ -1362,7 +1357,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06bc36ef268bf7436916f1fa9b0c84104692a717ea5eef3c90b9f25c3407f6b7" dependencies = [ "anyhow", - "itertools 0.10.1", + "itertools 0.10.3", "marine-it-interfaces", "nom", "semver 0.11.0", @@ -1398,9 +1393,9 @@ dependencies = [ [[package]] name = "marine-rs-sdk-test" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe77591c893dcfda3acd02b89ad42102a6739ead8200717e4cf325c52ba7001e" +checksum = "03e286a347527936cf97456b928bd6271e0d39fc1c6b78e99461f00e6d74f018" dependencies = [ "fluence-app-service", "marine-build-rs-generator", @@ -1451,9 +1446,9 @@ dependencies = [ [[package]] name = "marine-test-macro" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c73a012946439eb619375cc825f008ac74489092f826fe596e465d355542cf" +checksum = "bf4d0463358f6c2459089ef8f130983dc911fd0c2aa4cb7c6b59de206f4a816e" dependencies = [ "marine-test-macro-impl", "proc-macro-error", @@ -1464,13 +1459,13 @@ dependencies = [ [[package]] name = "marine-test-macro-impl" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa833b78d05abb43ca46c2c85cce1e664bde4b8b1926ae2bd420aba426a9b22a" +checksum = "b8f4f1ae0ba20e9241e8882e6eb1b2302daa479d67eee5badb54b1520e17c0cb" dependencies = [ "darling 0.12.4", "fluence-app-service", - "itertools 0.10.1", + "itertools 0.10.3", "marine-it-parser", "proc-macro-error", "proc-macro2", @@ -1520,9 +1515,9 @@ dependencies = [ [[package]] name = "memoffset" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" +checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" dependencies = [ "autocfg", ] @@ -1597,6 +1592,12 @@ dependencies = [ "version_check", ] +[[package]] +name = "nonempty" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9e591e719385e6ebaeb5ce5d3887f7d5676fceca6411d1925ccc95745f3d6f7" + [[package]] name = "num-integer" version = "0.1.44" @@ -1803,9 +1804,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.22" +version = "0.3.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" +checksum = "d1a3ea4f0dd7f1f3e512cf97bf100819aa547f36a6eccac8dbaae839eb92363e" [[package]] name = "polyplets" @@ -1858,23 +1859,11 @@ dependencies = [ "version_check", ] -[[package]] -name = "proc-macro-hack" -version = "0.5.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" - -[[package]] -name = "proc-macro-nested" -version = "0.1.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc881b2c22681370c6a780e47af9840ef841837bc98118431d4e1868bd0c1086" - [[package]] name = "proc-macro2" -version = "1.0.32" +version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +checksum = "fb37d2df5df740e582f28f8560cf425f52bb267d872fe58358eadb554909f07a" dependencies = [ "unicode-xid", ] @@ -2219,9 +2208,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.5" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" +checksum = "3c9613b5a66ab9ba26415184cfc41156594925a9cf3a2057e57f31ff145f6568" [[package]] name = "safe-transmute" @@ -2319,9 +2308,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.69" +version = "1.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e466864e431129c7e0d3476b92f20458e5879919a0596c6472738d9fa2d342f8" +checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" dependencies = [ "itoa", "ryu", @@ -2425,9 +2414,9 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "syn" -version = "1.0.81" +version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2afee18b8beb5a596ecb4a2dce128c719b4ba399d34126b9e4396e3f9860966" +checksum = "8daf5dd0bb60cbd4137b1b587d2fc0ae729bc07cf01cd70b36a1ed5ade3b9d59" dependencies = [ "proc-macro2", "quote", @@ -2531,6 +2520,7 @@ dependencies = [ "fluence-fork-libp2p-core", "fluence-keypair", "log", + "nonempty", "rand 0.7.3", "ref-cast", "serde", @@ -2543,7 +2533,7 @@ dependencies = [ [[package]] name = "trust-graph-wasm" -version = "0.2.1" +version = "0.3.0" dependencies = [ "anyhow", "bincode", @@ -2848,7 +2838,7 @@ dependencies = [ "fluence-it-types", "it-lilo", "it-to-bytes", - "itertools 0.10.1", + "itertools 0.10.3", "log", "nom", "safe-transmute", diff --git a/Cargo.toml b/Cargo.toml index 8e3f099..11f8c91 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,6 +23,7 @@ serde_with = "1.6.0" thiserror = "1.0.23" sha2 = "0.9.5" rand = "0.7.0" +nonempty = "0.7.0" [workspace] members = [ diff --git a/aqua/package.json b/aqua/package.json index 4cbb4f6..6a21c1a 100644 --- a/aqua/package.json +++ b/aqua/package.json @@ -1,6 +1,6 @@ { "name": "@fluencelabs/trust-graph", - "version": "0.1.12", + "version": "0.2.0", "description": "Aqua Trust Graph API library", "files": [ "*.aqua" diff --git a/aqua/trust-graph-api.aqua b/aqua/trust-graph-api.aqua index e33d449..65bfbcd 100644 --- a/aqua/trust-graph-api.aqua +++ b/aqua/trust-graph-api.aqua @@ -67,10 +67,10 @@ func issue_revocation(node: string, revoked_peer_id: string, revoked_by_peer_id: result <- TrustGraph.issue_revocation(revoked_peer_id, revoked_by_peer_id, revoked_at_sec, signature_bytes) <- result -func revoke(node: string, revoke: Revoke) -> RevokeResult: +func revoke(node: string, revocation: Revocation) -> RevokeResult: on node: timestamp_sec <- Peer.timestamp_sec() - result <- TrustGraph.revoke(revoke, timestamp_sec) + result <- TrustGraph.revoke(revocation, timestamp_sec) <- result service TrustOp("op"): diff --git a/aqua/trust-graph.aqua b/aqua/trust-graph.aqua index 7516815..5bed864 100644 --- a/aqua/trust-graph.aqua +++ b/aqua/trust-graph.aqua @@ -38,7 +38,7 @@ data InsertResult: success: bool error: string -data Revoke: +data Revocation: revoked_peer_id: string revoked_at: u64 signature: string @@ -48,7 +48,7 @@ data Revoke: data IssueRevocationResult: success: bool error: string - revoke: Revoke + revocation: Revocation data IssueTrustResult: success: bool @@ -83,5 +83,5 @@ service TrustGraph("trust-graph"): insert_cert_raw(certificate: string, timestamp_sec: u64) -> InsertResult issue_revocation(revoked_peer_id: string, revoked_by_peer_id: string, revoked_at_sec: u64, signature_bytes: []u8) -> IssueRevocationResult issue_trust(issued_for_peer_id: string, expires_at_sec: u64, issued_at_sec: u64, trust_bytes: []u8) -> IssueTrustResult - revoke(revoke: Revoke, timestamp_sec: u64) -> RevokeResult + revoke(revoke: Revocation, timestamp_sec: u64) -> RevokeResult verify_trust(trust: Trust, issuer_peer_id: string, timestamp_sec: u64) -> VerifyTrustResult diff --git a/example/index.ts b/example/index.ts index 1954eb4..76c769b 100644 --- a/example/index.ts +++ b/example/index.ts @@ -65,7 +65,7 @@ async function revoke_helper(node: string, issuer_kp: KeyPair, revoked_by_peer_i let revocation = await tg.issue_revocation(node, revoked_peer_id, revoked_by_peer_id, revoked_at_sec, Array.from(signed_metadata)); assert(revocation.success) - let result_add = await tg.revoke(node, revocation.revoke); + let result_add = await tg.revoke(node, revocation.revocation); assert(result_add.success) } diff --git a/keypair/src/rsa.rs b/keypair/src/rsa.rs index 1f816bf..86f9e78 100644 --- a/keypair/src/rsa.rs +++ b/keypair/src/rsa.rs @@ -43,7 +43,7 @@ impl Keypair { /// /// [RFC5208]: https://tools.ietf.org/html/rfc5208#section-5 pub fn from_pkcs8(der: &mut [u8]) -> Result { - let kp = RsaKeyPair::from_pkcs8(&der).map_err(|_| DecodingError::Rsa)?; + let kp = RsaKeyPair::from_pkcs8(der).map_err(|_| DecodingError::Rsa)?; der.zeroize(); Ok(Keypair(Arc::new(kp))) } @@ -57,7 +57,7 @@ impl Keypair { pub fn sign(&self, data: &[u8]) -> Result, SigningError> { let mut signature = vec![0; self.0.public_modulus_len()]; let rng = SystemRandom::new(); - match self.0.sign(&RSA_PKCS1_SHA256, &rng, &data, &mut signature) { + match self.0.sign(&RSA_PKCS1_SHA256, &rng, data, &mut signature) { Ok(()) => Ok(signature), Err(_) => Err(SigningError::Rsa), } diff --git a/keypair/src/signature.rs b/keypair/src/signature.rs index f794c8b..fc89472 100644 --- a/keypair/src/signature.rs +++ b/keypair/src/signature.rs @@ -98,7 +98,7 @@ impl Signature { pub fn get_raw_signature(&self) -> RawSignature { RawSignature { - bytes: self.to_vec().clone().to_vec(), + bytes: self.to_vec().to_vec(), sig_type: self.get_signature_type(), } } diff --git a/service/Cargo.toml b/service/Cargo.toml index 05292fd..b9d5835 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "trust-graph-wasm" -version = "0.2.1" +version = "0.3.0" authors = ["Fluence Labs"] edition = "2018" description = "trust graph wasm" diff --git a/service/src/dto.rs b/service/src/dto.rs index f51c7cf..df48e3c 100644 --- a/service/src/dto.rs +++ b/service/src/dto.rs @@ -113,7 +113,7 @@ impl From for Trust { #[marine] #[derive(Default)] -pub struct Revoke { +pub struct Revocation { /// who is revoked pub revoked_peer_id: String, /// date when revocation was created @@ -126,10 +126,10 @@ pub struct Revoke { pub revoked_by: String, } -impl TryFrom for trust_graph::Revoke { +impl TryFrom for trust_graph::Revocation { type Error = DtoConversionError; - fn try_from(r: Revoke) -> Result { + fn try_from(r: Revocation) -> Result { let revoked_pk = PublicKey::try_from( PeerId::from_str(&r.revoked_peer_id) .map_err(|e| PeerIdDecodeError(format!("{:?}", e)))?, @@ -142,7 +142,7 @@ impl TryFrom for trust_graph::Revoke { let signature = bs58::decode(&r.signature).into_vec()?; let signature = Signature::from_bytes(KeyFormat::from_str(&r.sig_type)?, signature); let revoked_at = Duration::from_secs(r.revoked_at); - return Ok(trust_graph::Revoke { + return Ok(trust_graph::Revocation { pk: revoked_pk, revoked_at, revoked_by: revoked_by_pk, @@ -151,14 +151,14 @@ impl TryFrom for trust_graph::Revoke { } } -impl From for Revoke { - fn from(r: trust_graph::Revoke) -> Self { +impl From for Revocation { + fn from(r: trust_graph::Revocation) -> Self { let revoked_by = r.revoked_by.to_peer_id().to_base58(); let revoked_peer_id = r.pk.to_peer_id().to_base58(); let raw_signature = r.signature.get_raw_signature(); let signature = bs58::encode(raw_signature.bytes).into_string(); let revoked_at = r.revoked_at.as_secs(); - return Revoke { + return Revocation { revoked_peer_id, revoked_at, signature, diff --git a/service/src/results.rs b/service/src/results.rs index 578ed70..f5eaa9c 100644 --- a/service/src/results.rs +++ b/service/src/results.rs @@ -1,4 +1,4 @@ -use crate::dto::{Certificate, Revoke, Trust}; +use crate::dto::{Certificate, Revocation, Trust}; use crate::error::ServiceError; use marine_rs_sdk::marine; @@ -216,21 +216,21 @@ impl From, ServiceError>> for GetRevokeBytesResult { pub struct IssueRevocationResult { pub success: bool, pub error: String, - pub revoke: Revoke, + pub revocation: Revocation, } -impl From> for IssueRevocationResult { - fn from(result: Result) -> Self { +impl From> for IssueRevocationResult { + fn from(result: Result) -> Self { match result { - Ok(revoke) => IssueRevocationResult { + Ok(revocation) => IssueRevocationResult { success: true, error: "".to_string(), - revoke, + revocation, }, Err(e) => IssueRevocationResult { success: false, error: format!("{}", e), - revoke: Revoke::default(), + revocation: Revocation::default(), }, } } diff --git a/service/src/service_api.rs b/service/src/service_api.rs index 20cb631..6408d80 100644 --- a/service/src/service_api.rs +++ b/service/src/service_api.rs @@ -1,4 +1,4 @@ -use crate::dto::{Certificate, Revoke, Trust}; +use crate::dto::{Certificate, Revocation, Trust}; use crate::error::ServiceError; use crate::misc::{check_timestamp_tetraplets, extract_public_key, with_tg, wrapped_try}; use crate::results::{ @@ -201,7 +201,7 @@ fn add_trust(trust: Trust, issuer_peer_id: String, timestamp_sec: u64) -> AddTru fn get_revoke_bytes(revoked_peer_id: String, revoked_at: u64) -> GetRevokeBytesResult { wrapped_try(|| { let public_key = extract_public_key(revoked_peer_id)?; - Ok(trust_graph::Revoke::signature_bytes( + Ok(trust_graph::Revocation::signature_bytes( &public_key, Duration::from_secs(revoked_at), )) @@ -222,13 +222,13 @@ fn issue_revocation( let revoked_at = Duration::from_secs(revoked_at_sec); let signature = Signature::from_bytes(revoked_by_pk.get_key_format(), signature_bytes); - Ok(trust_graph::Revoke::new(revoked_pk, revoked_by_pk, revoked_at, signature).into()) + Ok(trust_graph::Revocation::new(revoked_pk, revoked_by_pk, revoked_at, signature).into()) }) .into() } #[marine] -fn revoke(revoke: Revoke, timestamp_sec: u64) -> RevokeResult { +fn revoke(revoke: Revocation, timestamp_sec: u64) -> RevokeResult { with_tg(|tg| { check_timestamp_tetraplets(&marine_rs_sdk::get_call_parameters(), 1)?; diff --git a/service/src/storage_impl.rs b/service/src/storage_impl.rs index 4d8568d..854f363 100644 --- a/service/src/storage_impl.rs +++ b/service/src/storage_impl.rs @@ -17,12 +17,12 @@ use std::str::FromStr; use std::time::Duration; use thiserror::Error as ThisError; use trust_graph::{ - Auth, PublicKeyHashable as PK, PublicKeyHashable, Revoke, Storage, StorageError, Trust, + Auth, PublicKeyHashable as PK, PublicKeyHashable, Revocation, Storage, StorageError, Trust, TrustRelation, WeightFactor, }; static AUTH_TYPE: i64 = 0; -static REVOKE_TYPE: i64 = 1; +static REVOCATION_TYPE: i64 = 1; pub static DB_PATH: &str = "/tmp/trust-graph.sqlite"; pub fn create_tables() { @@ -72,7 +72,7 @@ impl SQLiteStorage { } } - Some(TrustRelation::Revoke(revoke)) => { + Some(TrustRelation::Revocation(revoke)) => { if revoke.revoked_at < relation.issued_at() { self.insert(relation)?; } @@ -85,6 +85,35 @@ impl SQLiteStorage { Ok(()) } + + fn get_relations( + &self, + issued_for: &PublicKeyHashable, + relation_type: i64, + ) -> Result, SQLiteStorageError> { + let mut cursor = self + .connection + .prepare( + "SELECT relation_type, issued_for, issued_by, issued_at, expires_at, signature \ + FROM trust_relations WHERE issued_for = ? and relation_type = ?", + )? + .cursor(); + + cursor.bind(&[ + Value::String(format!("{}", issued_for)), + Value::Integer(relation_type), + ])?; + let mut relations: Vec = vec![]; + + while let Some(row) = cursor.next()? { + match parse_relation(row) { + Ok(r) => relations.push(r), + Err(e) => log::error!("parse_relation: {:?}", e), + } + } + + Ok(relations) + } } #[derive(ThisError, Debug)] @@ -143,7 +172,7 @@ fn parse_relation(row: &[Value]) -> Result { issued_by: issued_by.into(), })) } else { - Ok(TrustRelation::Revoke(Revoke { + Ok(TrustRelation::Revocation(Revocation { pk: issued_for.into(), revoked_at: issued_at, revoked_by: issued_by.into(), @@ -189,25 +218,34 @@ impl Storage for SQLiteStorage { } /// return all auths issued for pk - fn get_authorizations(&self, pk: &PublicKeyHashable) -> Result, Self::Error> { - let mut cursor = self - .connection - .prepare( - "SELECT relation_type, issued_for, issued_by, issued_at, expires_at, signature \ - FROM trust_relations WHERE issued_for = ? and relation_type = ?", - )? - .cursor(); + fn get_authorizations(&self, issued_for: &PublicKeyHashable) -> Result, Self::Error> { + Ok(self + .get_relations(issued_for, AUTH_TYPE)? + .into_iter() + .fold(vec![], |mut acc, r| { + if let TrustRelation::Auth(a) = r { + acc.push(a); + } - cursor.bind(&[Value::String(format!("{}", pk)), Value::Integer(AUTH_TYPE)])?; - let mut auths: Vec = vec![]; + acc + })) + } - while let Some(row) = cursor.next()? { - if let TrustRelation::Auth(auth) = parse_relation(row)? { - auths.push(auth); - } - } + /// return all revocations issued for pk + fn get_revocations( + &self, + issued_for: &PublicKeyHashable, + ) -> Result, Self::Error> { + Ok(self + .get_relations(issued_for, REVOCATION_TYPE)? + .into_iter() + .fold(vec![], |mut acc, r| { + if let TrustRelation::Revocation(revocation) = r { + acc.push(revocation); + } - Ok(auths) + acc + })) } fn insert(&mut self, relation: TrustRelation) -> Result<(), Self::Error> { @@ -217,7 +255,7 @@ impl Storage for SQLiteStorage { let relation_type = match relation { TrustRelation::Auth(_) => AUTH_TYPE, - TrustRelation::Revoke(_) => REVOKE_TYPE, + TrustRelation::Revocation(_) => REVOCATION_TYPE, }; statement.bind(1, &Value::Integer(relation_type))?; @@ -293,8 +331,8 @@ impl Storage for SQLiteStorage { Ok(roots) } - fn revoke(&mut self, revoke: Revoke) -> Result<(), Self::Error> { - self.update_relation(TrustRelation::Revoke(revoke)) + fn revoke(&mut self, revoke: Revocation) -> Result<(), Self::Error> { + self.update_relation(TrustRelation::Revocation(revoke)) } fn update_auth(&mut self, auth: Auth, _cur_time: Duration) -> Result<(), Self::Error> { diff --git a/service/src/tests.rs b/service/src/tests.rs index f035a76..35cde98 100644 --- a/service/src/tests.rs +++ b/service/src/tests.rs @@ -23,7 +23,7 @@ mod service_tests { use fluence_keypair::KeyPair; use libp2p_core::PeerId; use marine_rs_sdk::{CallParameters, SecurityTetraplet}; - use marine_test_env::trust_graph::{Certificate, Revoke, ServiceInterface, Trust}; + use marine_test_env::trust_graph::{Certificate, Revocation, ServiceInterface, Trust}; use rusqlite::Connection; use std::collections::HashMap; use std::time::{SystemTime, UNIX_EPOCH}; @@ -200,7 +200,7 @@ mod service_tests { issuer_kp: &KeyPair, revoked_peer_id: &PeerId, revoked_at_sec: u64, - ) -> Revoke { + ) -> Revocation { let result = trust_graph.get_revoke_bytes(revoked_peer_id.to_base58(), revoked_at_sec); assert!(result.success, "{}", result.error); @@ -214,14 +214,14 @@ mod service_tests { assert!(issue_result.success, "{}", issue_result.error); let revoke_result = trust_graph.revoke_cp( - issue_result.revoke.clone(), + issue_result.revocation.clone(), revoked_at_sec, get_correct_timestamp_cp(1), ); assert!(revoke_result.success, "{}", revoke_result.error); - issue_result.revoke + issue_result.revocation } fn generate_trust_chain_with( @@ -436,39 +436,98 @@ mod service_tests { assert_eq!(certs.len(), 0); } + /// 1. peer `A` gives trusts to `B` + /// 2. weight of `B` is not 0 + /// 3. peer `A` revokes `B` + /// 4. there is no path from `A` to `B`, weight of `A` is 0 #[test] - fn revoke_test() { + fn trust_direct_revoke_test() { let mut trust_graph = marine_test_env::trust_graph::ServiceInterface::new(); clear_env(); - let root_kp = KeyPair::generate_ed25519(); + let peerA_kp = KeyPair::generate_ed25519(); let mut cur_time = 100u64; - add_root_with_trust(&mut trust_graph, &root_kp, cur_time, cur_time + 9999, 4u32); + add_root_with_trust(&mut trust_graph, &peerA_kp, cur_time, cur_time + 9999, 4u32); - let trust_kp = KeyPair::generate_ed25519(); + let peerB_kp = KeyPair::generate_ed25519(); add_trust( &mut trust_graph, - &root_kp, - &trust_kp.get_peer_id(), + &peerA_kp, + &peerB_kp.get_peer_id(), cur_time, cur_time + 99999, ); - let weight = get_weight(&mut trust_graph, trust_kp.get_peer_id(), cur_time); + let weight = get_weight(&mut trust_graph, peerB_kp.get_peer_id(), cur_time); assert_ne!(weight, 0u32); cur_time += 1; + // A revokes B and cancels trust revoke( &mut trust_graph, - &root_kp, - &trust_kp.get_peer_id(), + &peerA_kp, + &peerB_kp.get_peer_id(), cur_time, ); - let weight = get_weight(&mut trust_graph, trust_kp.get_peer_id(), cur_time); + let weight = get_weight(&mut trust_graph, peerB_kp.get_peer_id(), cur_time); assert_eq!(weight, 0u32); } + /// There is chain of trusts [0] -> [1] -> [2] -> [3] -> [4] + /// 1. [1] revokes [4] + /// 2. there is no path from [0] to [4], weight of [4] is 0 + /// 3. [0] gives trust to [2] + /// 4. now there is path [0] -> [2] -> [3] -> [4] + /// 5. weight of [4] is not 0 + #[test] + fn indirect_revoke_test() { + let mut trust_graph = marine_test_env::trust_graph::ServiceInterface::new(); + clear_env(); + + let (key_pairs, trusts) = + generate_trust_chain_with_len(&mut trust_graph, 5, HashMap::new()); + let mut cur_time = current_time(); + + let root_peer_id = key_pairs[0].get_peer_id(); + add_root_peer_id(&mut trust_graph, root_peer_id, 2); + add_trusts(&mut trust_graph, &trusts, cur_time); + + let target_peer_id = key_pairs[4].get_peer_id(); + let revoked_by = &key_pairs[1]; + let weight = get_weight(&mut trust_graph, target_peer_id, cur_time); + assert_ne!(weight, 0u32); + + cur_time += 1; + // [1] revokes [4] + revoke(&mut trust_graph, &revoked_by, &target_peer_id, cur_time); + + // now there are no path from root to [4] + let weight = get_weight(&mut trust_graph, target_peer_id, cur_time); + assert_eq!(weight, 0u32); + + // [0] trusts [2] + add_trust( + &mut trust_graph, + &key_pairs[0], + &key_pairs[2].get_peer_id(), + cur_time, + cur_time + 99999, + ); + // [2] trusts [4] + add_trust( + &mut trust_graph, + &key_pairs[2], + &target_peer_id, + cur_time, + cur_time + 99999, + ); + + // now we have [0] -> [2] -> [4] path + let weight = get_weight(&mut trust_graph, target_peer_id, cur_time); + assert_ne!(weight, 0u32); + } + #[test] fn test_add_one_trust_to_cert_last() { let mut trust_graph = ServiceInterface::new(); diff --git a/src/chain.rs b/src/chain.rs new file mode 100644 index 0000000..23091f5 --- /dev/null +++ b/src/chain.rs @@ -0,0 +1,47 @@ +/* + * Copyright 2021 Fluence Labs Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +use crate::{Auth, PublicKeyHashable, Revocation}; +use fluence_keypair::PublicKey; +use nonempty::NonEmpty; +use std::collections::HashSet; + +#[derive(Clone)] +pub(crate) struct Chain { + pub(crate) auths: NonEmpty, + revoked_by: HashSet, +} +impl Chain { + pub(crate) fn new(auths: NonEmpty, revocations: Vec) -> Self { + let mut chain = Self { + auths, + revoked_by: Default::default(), + }; + chain.add_revocations(revocations); + + chain + } + pub(crate) fn can_be_extended_by(&self, pk: &PublicKey) -> bool { + !self.revoked_by.contains(pk.as_ref()) + && !self.auths.iter().any(|a| a.trust.issued_for.eq(pk)) + } + + pub(crate) fn add_revocations(&mut self, revocations: Vec) { + revocations.into_iter().for_each(move |r| { + self.revoked_by.insert(r.revoked_by.into()); + }); + } +} diff --git a/src/lib.rs b/src/lib.rs index ad57023..2b1c191 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -29,6 +29,7 @@ mod certificate; pub mod certificate_serde; +mod chain; mod misc; mod public_key_hashable; mod revoke; @@ -40,7 +41,7 @@ mod trust_relation; pub use crate::certificate::{Certificate, CertificateError}; pub use crate::misc::current_time; pub use crate::public_key_hashable::PublicKeyHashable; -pub use crate::revoke::Revoke; +pub use crate::revoke::Revocation; pub use crate::trust::{Trust, TrustError}; pub use crate::trust_graph::{TrustGraph, TrustGraphError, WeightFactor, MAX_WEIGHT_FACTOR}; pub use crate::trust_graph_storage::{Storage, StorageError}; diff --git a/src/revoke.rs b/src/revoke.rs index 43e37cf..22aa426 100644 --- a/src/revoke.rs +++ b/src/revoke.rs @@ -36,7 +36,7 @@ pub enum RevokeError { /// "A document" that cancels trust created before. /// TODO delete pk from Revoke (it is already in a trust node) #[derive(Clone, Debug, Serialize, Deserialize)] -pub struct Revoke { +pub struct Revocation { /// who is revoked pub pk: PublicKey, /// date when revocation was created @@ -47,7 +47,7 @@ pub struct Revoke { pub signature: Signature, } -impl Revoke { +impl Revocation { #[allow(dead_code)] pub fn new( pk: PublicKey, @@ -66,10 +66,10 @@ impl Revoke { /// Creates new revocation signed by a revoker. #[allow(dead_code)] pub fn create(revoker: &KeyPair, to_revoke: PublicKey, revoked_at: Duration) -> Self { - let msg = Revoke::signature_bytes(&to_revoke, revoked_at); + let msg = Revocation::signature_bytes(&to_revoke, revoked_at); let signature = revoker.sign(&msg).unwrap(); - Revoke::new(to_revoke, revoker.public(), revoked_at, signature) + Revocation::new(to_revoke, revoker.public(), revoked_at, signature) } pub fn signature_bytes(pk: &PublicKey, revoked_at: Duration) -> Vec { @@ -83,8 +83,8 @@ impl Revoke { } /// Verifies that revocation is cryptographically correct. - pub fn verify(revoke: &Revoke) -> Result<(), RevokeError> { - let msg = Revoke::signature_bytes(&revoke.pk, revoke.revoked_at); + pub fn verify(revoke: &Revocation) -> Result<(), RevokeError> { + let msg = Revocation::signature_bytes(&revoke.pk, revoke.revoked_at); revoke .revoked_by @@ -104,9 +104,9 @@ mod tests { let duration = Duration::new(100, 0); - let revoke = Revoke::create(&revoker, to_revoke.public(), duration); + let revoke = Revocation::create(&revoker, to_revoke.public(), duration); - assert_eq!(Revoke::verify(&revoke).is_ok(), true); + assert_eq!(Revocation::verify(&revoke).is_ok(), true); } #[test] @@ -116,16 +116,16 @@ mod tests { let duration = Duration::new(100, 0); - let revoke = Revoke::create(&revoker, to_revoke.public(), duration); + let revoke = Revocation::create(&revoker, to_revoke.public(), duration); let duration2 = Duration::new(95, 0); - let corrupted_revoke = Revoke::new( + let corrupted_revoke = Revocation::new( to_revoke.public(), revoker.public(), duration2, revoke.signature, ); - assert_eq!(Revoke::verify(&corrupted_revoke).is_ok(), false); + assert_eq!(Revocation::verify(&corrupted_revoke).is_ok(), false); } } diff --git a/src/trust_graph.rs b/src/trust_graph.rs index 4927bd1..a69445b 100644 --- a/src/trust_graph.rs +++ b/src/trust_graph.rs @@ -16,8 +16,9 @@ use crate::certificate::CertificateError::CertificateLengthError; use crate::certificate::{Certificate, CertificateError}; +use crate::chain::Chain; use crate::public_key_hashable::PublicKeyHashable as PK; -use crate::revoke::Revoke; +use crate::revoke::Revocation; use crate::revoke::RevokeError; use crate::trust::Trust; use crate::trust_graph::TrustGraphError::{ @@ -27,6 +28,7 @@ use crate::trust_graph_storage::Storage; use crate::trust_relation::Auth; use crate::{StorageError, TrustError}; use fluence_keypair::public_key::PublicKey; +use nonempty::NonEmpty; use std::borrow::Borrow; use std::collections::{HashSet, VecDeque}; use std::convert::{From, Into}; @@ -93,7 +95,7 @@ impl From for String { } pub fn get_weight_from_factor(wf: WeightFactor) -> u32 { - 2u32.pow(MAX_WEIGHT_FACTOR.checked_sub(wf).unwrap_or(0u32)) + 2u32.pow(MAX_WEIGHT_FACTOR.saturating_sub(wf)) } impl TrustGraph @@ -245,12 +247,14 @@ where roots: HashSet<&PK>, ) -> Result>, TrustGraphError> { // queue to collect all chains in the trust graph (each chain is a path in the trust graph) - let mut chains_queue: VecDeque> = VecDeque::new(); + let mut chains_queue: VecDeque = VecDeque::new(); let node_auths: Vec = self.storage.get_authorizations(pk)?; + let node_revocations = self.storage.get_revocations(pk)?; + // put all auth in the queue as the first possible paths through the graph for auth in node_auths { - chains_queue.push_back(vec![auth]); + chains_queue.push_back(Chain::new(NonEmpty::new(auth), node_revocations.clone())); } // List of all chains that converge (terminate) to known roots @@ -261,22 +265,21 @@ where .pop_front() .expect("`chains_queue` always has at least one element"); - let last = cur_chain - .last() - .expect("`cur_chain` always has at least one element"); + let last = cur_chain.auths.last(); let auths = self .storage .get_authorizations(&last.issued_by.clone().into())?; for auth in auths { - // if there is auth, that we not visited in the current chain, copy chain and append this auth - if !cur_chain - .iter() - .any(|a| a.trust.issued_for == auth.issued_by) - { + // if there is auth, that we not visited in the current chain and no revocations to any chain member -- copy chain and append this auth + if cur_chain.can_be_extended_by(&auth.issued_by) { let mut new_chain = cur_chain.clone(); - new_chain.push(auth); + new_chain.add_revocations( + self.storage + .get_revocations(&auth.issued_by.clone().into())?, + ); + new_chain.auths.push(auth); chains_queue.push_back(new_chain); } } @@ -289,8 +292,8 @@ where let issued_by: &PK = last.issued_by.as_ref(); let converges_to_root = roots.contains(issued_by); - if self_signed && converges_to_root && cur_chain.len() > 1 { - terminated_chains.push(cur_chain); + if self_signed && converges_to_root && cur_chain.auths.len() > 1 { + terminated_chains.push(cur_chain.auths.into()); } } @@ -334,9 +337,11 @@ where } /// Mark public key as revoked. - pub fn revoke(&mut self, revoke: Revoke) -> Result<(), TrustGraphError> { - Revoke::verify(&revoke)?; + /// Every chain that contains path from `revoked_by` to revoked `pk` + /// will be excluded from valid certificates until revocation canceled by giving trust + pub fn revoke(&mut self, revocation: Revocation) -> Result<(), TrustGraphError> { + Revocation::verify(&revocation)?; - Ok(self.storage.revoke(revoke)?) + Ok(self.storage.revoke(revocation)?) } } diff --git a/src/trust_graph_storage.rs b/src/trust_graph_storage.rs index 4bbcbb8..d932751 100644 --- a/src/trust_graph_storage.rs +++ b/src/trust_graph_storage.rs @@ -1,5 +1,5 @@ use crate::public_key_hashable::PublicKeyHashable as PK; -use crate::revoke::Revoke; +use crate::revoke::Revocation; use crate::trust_graph::WeightFactor; use crate::trust_relation::{Auth, TrustRelation}; use std::fmt::Display; @@ -16,13 +16,15 @@ pub trait Storage { issued_by: &PK, ) -> Result, Self::Error>; - fn get_authorizations(&self, pk: &PK) -> Result, Self::Error>; + fn get_authorizations(&self, issued_for: &PK) -> Result, Self::Error>; + fn get_revocations(&self, issued_for: &PK) -> Result, Self::Error>; + fn insert(&mut self, node: TrustRelation) -> Result<(), Self::Error>; fn get_root_weight_factor(&self, pk: &PK) -> Result, Self::Error>; fn add_root_weight_factor(&mut self, pk: PK, weight: WeightFactor) -> Result<(), Self::Error>; fn root_keys(&self) -> Result, Self::Error>; - fn revoke(&mut self, revoke: Revoke) -> Result<(), Self::Error>; + fn revoke(&mut self, revocation: Revocation) -> Result<(), Self::Error>; fn update_auth(&mut self, auth: Auth, cur_time: Duration) -> Result<(), Self::Error>; fn remove_expired(&mut self, current_time: Duration) -> Result<(), Self::Error>; } diff --git a/src/trust_node.rs b/src/trust_node.rs deleted file mode 100644 index 33465d4..0000000 --- a/src/trust_node.rs +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright 2020 Fluence Labs Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -use crate::public_key_hashable::PublicKeyHashable; -use crate::revoke::Revoke; -use crate::trust::Trust; -use failure::_core::time::Duration; -use fluence_keypair::public_key::PublicKey; -use serde::{Deserialize, Serialize}; -use serde_with::serde_as; -use std::collections::HashMap; - -#[derive(Debug, Clone, Serialize, Deserialize)] -enum TrustRelation { - Auth(Auth), - Revoke(Revoke), -} - -impl TrustRelation { - /// Returns timestamp of when this relation was created - pub fn issued_at(&self) -> Duration { - match self { - TrustRelation::Auth(auth) => auth.trust.issued_at, - TrustRelation::Revoke(revoke) => revoke.revoked_at, - } - } - - /// Returns public key of the creator of this relation - pub fn issued_by(&self) -> &PublicKey { - match self { - TrustRelation::Auth(auth) => &auth.issued_by, - TrustRelation::Revoke(revoke) => &revoke.revoked_by, - } - } -} - -/// Represents who give a certificate -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct Auth { - /// proof of this authorization - pub trust: Trust, - /// the issuer of this authorization - pub issued_by: PublicKey, -} - -/// An element of trust graph that store relations (trust or revoke) -/// that given by some owners of public keys. -#[serde_as] -#[derive(Debug, Serialize, Deserialize, Clone)] -pub struct TrustNode { - /// identity key of this element - pub pk: PublicKey, - - /// one public key could be authorized or revoked by multiple certificates - #[serde_as(as = "Vec<(_, _)>")] - trust_relations: HashMap, - - /// for maintain - pub verified_at: Duration, -} - -#[allow(dead_code)] -impl TrustNode { - pub fn new(pk: PublicKey, verified_at: Duration) -> Self { - Self { - pk, - trust_relations: HashMap::new(), - verified_at, - } - } - - pub fn get_auth(&self, pk: PublicKey) -> Option { - match self.trust_relations.get(&pk.into()) { - Some(TrustRelation::Auth(auth)) => Some(auth.clone()), - _ => None, - } - } - - pub fn get_revoke(&self, pk: PublicKey) -> Option { - match self.trust_relations.get(&pk.into()) { - Some(TrustRelation::Revoke(rev)) => Some(rev.clone()), - _ => None, - } - } - - pub fn authorizations(&self) -> impl Iterator + '_ { - self.trust_relations.values().filter_map(|tr| { - if let TrustRelation::Auth(auth) = tr { - Some(auth) - } else { - None - } - }) - } - - pub fn revocations(&self) -> impl Iterator + '_ { - self.trust_relations.values().filter_map(|tr| { - if let TrustRelation::Revoke(revoke) = tr { - Some(revoke) - } else { - None - } - }) - } - - /// Adds authorization. If the trust node already has this authorization, - /// add auth with later expiration date. - pub fn update_auth(&mut self, auth: Auth) { - self.update_relation(TrustRelation::Auth(auth)); - } - - // insert new trust relation, ignore if there is another one with same public key - fn insert(&mut self, pk: PublicKeyHashable, tr: TrustRelation) { - self.trust_relations.insert(pk, tr); - } - - fn update_relation(&mut self, relation: TrustRelation) { - let issued_by = relation.issued_by().as_ref(); - - match self.trust_relations.get(issued_by) { - Some(TrustRelation::Auth(auth)) => { - if auth.trust.issued_at < relation.issued_at() { - self.insert(issued_by.clone(), relation) - } - } - Some(TrustRelation::Revoke(existed_revoke)) => { - if existed_revoke.revoked_at < relation.issued_at() { - self.insert(issued_by.clone(), relation) - } - } - None => self.insert(issued_by.clone(), relation), - }; - } - - pub fn update_revoke(&mut self, revoke: Revoke) { - self.update_relation(TrustRelation::Revoke(revoke)); - } -} - -#[cfg(test)] -mod tests { - use std::time::Duration; - - use fluence_keypair::key_pair::KeyPair; - - use super::*; - - #[test] - fn test_auth_and_revoke_trust_node() { - let kp = KeyPair::generate_ed25519(); - - let now = Duration::new(50, 0); - let past = Duration::new(5, 0); - let future = Duration::new(500, 0); - - let mut trust_node = TrustNode { - pk: kp.public(), - trust_relations: HashMap::new(), - verified_at: now, - }; - - let truster = KeyPair::generate_ed25519(); - - let revoke = Revoke::create(&truster, kp.public(), now); - - trust_node.update_revoke(revoke); - - assert!(trust_node.get_revoke(truster.public()).is_some()); - - let old_trust = Trust::create(&truster, kp.public(), Duration::new(60, 0), past); - - let old_auth = Auth { - trust: old_trust, - issued_by: truster.public(), - }; - - trust_node.update_auth(old_auth); - - assert!(trust_node.get_revoke(truster.public()).is_some()); - assert!(trust_node.get_auth(truster.public()).is_none()); - - let trust = Trust::create(&truster, kp.public(), Duration::new(60, 0), future); - let auth = Auth { - trust, - issued_by: truster.public(), - }; - - trust_node.update_auth(auth); - - assert!(trust_node.get_auth(truster.public()).is_some()); - assert!(trust_node.get_revoke(truster.public()).is_none()); - } -} diff --git a/src/trust_relation.rs b/src/trust_relation.rs index 9a66c76..3f3a109 100644 --- a/src/trust_relation.rs +++ b/src/trust_relation.rs @@ -14,7 +14,7 @@ * limitations under the License. */ -use crate::revoke::Revoke; +use crate::revoke::Revocation; use crate::trust::Trust; use failure::_core::time::Duration; use fluence_keypair::public_key::PublicKey; @@ -33,7 +33,7 @@ pub struct Auth { #[derive(Debug, Clone, Serialize, Deserialize)] pub enum TrustRelation { Auth(Auth), - Revoke(Revoke), + Revocation(Revocation), } impl TrustRelation { @@ -41,7 +41,7 @@ impl TrustRelation { pub fn issued_at(&self) -> Duration { match self { TrustRelation::Auth(auth) => auth.trust.issued_at, - TrustRelation::Revoke(revoke) => revoke.revoked_at, + TrustRelation::Revocation(r) => r.revoked_at, } } @@ -49,28 +49,29 @@ impl TrustRelation { pub fn issued_by(&self) -> &PublicKey { match self { TrustRelation::Auth(auth) => &auth.issued_by, - TrustRelation::Revoke(revoke) => &revoke.revoked_by, + TrustRelation::Revocation(r) => &r.revoked_by, } } pub fn issued_for(&self) -> &PublicKey { match self { TrustRelation::Auth(auth) => &auth.trust.issued_for, - TrustRelation::Revoke(revoke) => &revoke.pk, + TrustRelation::Revocation(r) => &r.pk, } } pub fn expires_at(&self) -> Duration { match self { TrustRelation::Auth(auth) => auth.trust.expires_at, - TrustRelation::Revoke(_) => Duration::from_secs(0), + // revocations never expire + TrustRelation::Revocation(_) => Duration::from_secs(0), } } pub fn signature(&self) -> &Signature { match self { TrustRelation::Auth(auth) => &auth.trust.signature, - TrustRelation::Revoke(revoke) => &revoke.signature, + TrustRelation::Revocation(r) => &r.signature, } } }