2019-09-05 16:11:21 +01:00
|
|
|
// Copyright (C) 2019 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package certificate
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2019-09-11 09:36:44 +01:00
|
|
|
"net"
|
2019-09-05 16:11:21 +01:00
|
|
|
|
2019-11-08 20:40:39 +00:00
|
|
|
"github.com/spacemonkeygo/monkit/v3"
|
2019-09-05 16:11:21 +01:00
|
|
|
"github.com/zeebo/errs"
|
|
|
|
"go.uber.org/zap"
|
2019-09-23 23:19:13 +01:00
|
|
|
"golang.org/x/sync/errgroup"
|
2019-09-05 16:11:21 +01:00
|
|
|
|
2019-12-27 11:48:47 +00:00
|
|
|
"storj.io/common/errs2"
|
|
|
|
"storj.io/common/identity"
|
|
|
|
"storj.io/common/pb"
|
|
|
|
"storj.io/common/peertls/tlsopts"
|
2019-09-26 17:11:05 +01:00
|
|
|
"storj.io/storj/certificate/authorization"
|
2019-09-05 16:11:21 +01:00
|
|
|
"storj.io/storj/pkg/revocation"
|
|
|
|
"storj.io/storj/pkg/server"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
mon = monkit.Package()
|
|
|
|
|
|
|
|
// Error is the default error class for the certificates peer.
|
|
|
|
Error = errs.Class("certificates peer error")
|
|
|
|
)
|
|
|
|
|
|
|
|
// Config is the global certificates config.
|
|
|
|
type Config struct {
|
|
|
|
Identity identity.Config
|
|
|
|
Server server.Config
|
|
|
|
|
2019-09-11 09:36:44 +01:00
|
|
|
Signer identity.FullCAConfig
|
|
|
|
AuthorizationDB authorization.DBConfig
|
|
|
|
AuthorizationAddr string `default:"127.0.0.1:9000" help:"address for authorization http proxy to listen on"`
|
2019-09-05 16:11:21 +01:00
|
|
|
|
2019-11-11 10:27:09 +00:00
|
|
|
MinDifficulty uint `default:"36" help:"minimum difficulty of the requester's identity required to claim an authorization"`
|
2019-09-05 16:11:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Peer is the certificates server.
|
|
|
|
type Peer struct {
|
|
|
|
// core dependencies
|
|
|
|
Log *zap.Logger
|
|
|
|
Identity *identity.FullIdentity
|
|
|
|
|
2019-09-11 09:36:44 +01:00
|
|
|
Server *server.Server
|
|
|
|
AuthorizationDB *authorization.DB
|
2019-09-05 16:11:21 +01:00
|
|
|
|
|
|
|
// services and endpoints
|
2019-09-11 09:36:44 +01:00
|
|
|
Certificate struct {
|
|
|
|
Endpoint *Endpoint
|
|
|
|
}
|
|
|
|
|
|
|
|
Authorization struct {
|
|
|
|
Listener net.Listener
|
|
|
|
Service *authorization.Service
|
|
|
|
Endpoint *authorization.Endpoint
|
2019-09-05 16:11:21 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// New creates a new certificates peer.
|
|
|
|
func New(log *zap.Logger, ident *identity.FullIdentity, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, revocationDB *revocation.DB, config *Config) (*Peer, error) {
|
|
|
|
peer := &Peer{
|
|
|
|
Log: log,
|
|
|
|
Identity: ident,
|
|
|
|
}
|
|
|
|
|
2019-09-11 09:36:44 +01:00
|
|
|
{ // setup server
|
2019-09-05 16:11:21 +01:00
|
|
|
log.Debug("Starting listener and server")
|
|
|
|
sc := config.Server
|
|
|
|
|
2019-09-19 05:46:39 +01:00
|
|
|
tlsOptions, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB)
|
2019-09-05 16:11:21 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, Error.Wrap(errs.Combine(err, peer.Close()))
|
|
|
|
}
|
|
|
|
|
2019-09-19 05:46:39 +01:00
|
|
|
peer.Server, err = server.New(log.Named("server"), tlsOptions, sc.Address, sc.PrivateAddress, nil)
|
2019-09-05 16:11:21 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, Error.Wrap(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-11 09:36:44 +01:00
|
|
|
peer.AuthorizationDB = authorizationDB
|
|
|
|
|
|
|
|
peer.Certificate.Endpoint = NewEndpoint(log.Named("certificate"), ca, authorizationDB, uint16(config.MinDifficulty))
|
|
|
|
pb.RegisterCertificatesServer(peer.Server.GRPC(), peer.Certificate.Endpoint)
|
2019-09-12 22:09:46 +01:00
|
|
|
pb.DRPCRegisterCertificates(peer.Server.DRPC(), peer.Certificate.Endpoint)
|
2019-09-11 09:36:44 +01:00
|
|
|
|
|
|
|
var err error
|
|
|
|
peer.Authorization.Listener, err = net.Listen("tcp", config.AuthorizationAddr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errs.Combine(err, peer.Close())
|
|
|
|
}
|
|
|
|
|
|
|
|
authorizationService := authorization.NewService(log, authorizationDB)
|
|
|
|
peer.Authorization.Endpoint = authorization.NewEndpoint(log.Named("authorization"), authorizationService, peer.Authorization.Listener)
|
2019-09-05 16:11:21 +01:00
|
|
|
|
|
|
|
return peer, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Run runs the certificates peer until it's either closed or it errors.
|
|
|
|
func (peer *Peer) Run(ctx context.Context) (err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2019-09-23 23:19:13 +01:00
|
|
|
group := errgroup.Group{}
|
|
|
|
|
|
|
|
group.Go(func() error {
|
|
|
|
return errs2.IgnoreCanceled(peer.Server.Run(ctx))
|
|
|
|
})
|
|
|
|
|
|
|
|
group.Go(func() error {
|
|
|
|
return errs2.IgnoreCanceled(peer.Authorization.Endpoint.Run(ctx))
|
|
|
|
})
|
|
|
|
|
|
|
|
return group.Wait()
|
2019-09-05 16:11:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Close closes all resources.
|
|
|
|
func (peer *Peer) Close() error {
|
|
|
|
var errlist errs.Group
|
|
|
|
|
2019-09-11 09:36:44 +01:00
|
|
|
if peer.Authorization.Endpoint != nil {
|
|
|
|
errlist.Add(peer.Authorization.Endpoint.Close())
|
|
|
|
}
|
|
|
|
|
|
|
|
if peer.AuthorizationDB != nil {
|
|
|
|
errlist.Add(peer.AuthorizationDB.Close())
|
2019-09-05 16:11:21 +01:00
|
|
|
}
|
|
|
|
|
2019-09-11 09:36:44 +01:00
|
|
|
if peer.Server != nil {
|
|
|
|
errlist.Add(peer.Server.Close())
|
2019-09-05 16:11:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return Error.Wrap(errlist.Err())
|
|
|
|
}
|