storj/pkg/certificate/peer.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package certificate

import (
	"context"
	"net"

	"github.com/zeebo/errs"
	"go.uber.org/zap"
	"gopkg.in/spacemonkeygo/monkit.v2"

	"storj.io/storj/internal/errs2"
	"storj.io/storj/pkg/certificate/authorization"
	"storj.io/storj/pkg/identity"
	"storj.io/storj/pkg/pb"
	"storj.io/storj/pkg/peertls/tlsopts"
	"storj.io/storj/pkg/revocation"
	"storj.io/storj/pkg/server"
)

var (
	mon = monkit.Package()

	// Error is the default error class for the certificates peer.
	Error = errs.Class("certificates peer error")
)

// Config is the global certificates config.
type Config struct {
	Identity identity.Config
	Server   server.Config

	Signer            identity.FullCAConfig
	AuthorizationDB   authorization.DBConfig
	AuthorizationAddr string `default:"127.0.0.1:9000" help:"address for authorization http proxy to listen on"`

	MinDifficulty uint `default:"30" help:"minimum difficulty of the requester's identity required to claim an authorization"`
}

// Peer is the certificates server.
type Peer struct {
	// core dependencies
	Log      *zap.Logger
	Identity *identity.FullIdentity

	Server          *server.Server
	AuthorizationDB *authorization.DB

	// services and endpoints
	Certificate struct {
		Endpoint *Endpoint
	}

	Authorization struct {
		Listener net.Listener
		Service  *authorization.Service
		Endpoint *authorization.Endpoint
	}
}

// New creates a new certificates peer.
func New(log *zap.Logger, ident *identity.FullIdentity, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, revocationDB *revocation.DB, config *Config) (*Peer, error) {
	peer := &Peer{
		Log:      log,
		Identity: ident,
	}

	{ // setup server
		log.Debug("Starting listener and server")
		sc := config.Server

		options, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB)
		if err != nil {
			return nil, Error.Wrap(errs.Combine(err, peer.Close()))
		}

		peer.Server, err = server.New(log.Named("server"), options, sc.Address, sc.PrivateAddress, nil)
		if err != nil {
			return nil, Error.Wrap(err)
		}
	}

	peer.AuthorizationDB = authorizationDB

	peer.Certificate.Endpoint = NewEndpoint(log.Named("certificate"), ca, authorizationDB, uint16(config.MinDifficulty))
	pb.RegisterCertificatesServer(peer.Server.GRPC(), peer.Certificate.Endpoint)
	pb.DRPCRegisterCertificates(peer.Server.DRPC(), peer.Certificate.Endpoint)

	var err error
	peer.Authorization.Listener, err = net.Listen("tcp", config.AuthorizationAddr)
	if err != nil {
		return nil, errs.Combine(err, peer.Close())
	}

	authorizationService := authorization.NewService(log, authorizationDB)
	peer.Authorization.Endpoint = authorization.NewEndpoint(log.Named("authorization"), authorizationService, peer.Authorization.Listener)

	return peer, nil
}

// Run runs the certificates peer until it's either closed or it errors.
func (peer *Peer) Run(ctx context.Context) (err error) {
	defer mon.Task()(&ctx)(&err)

	return errs2.IgnoreCanceled(peer.Server.Run(ctx))
}

// Close closes all resources.
func (peer *Peer) Close() error {
	var errlist errs.Group

	if peer.Authorization.Endpoint != nil {
		errlist.Add(peer.Authorization.Endpoint.Close())
	}

	if peer.AuthorizationDB != nil {
		errlist.Add(peer.AuthorizationDB.Close())
	}

	if peer.Server != nil {
		errlist.Add(peer.Server.Close())
	}

	return Error.Wrap(errlist.Err())
}
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package certificate`

			`import (`
			`"context"`
pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`"net"`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00
			`"github.com/zeebo/errs"`
			`"go.uber.org/zap"`
			`"gopkg.in/spacemonkeygo/monkit.v2"`

			`"storj.io/storj/internal/errs2"`
			`"storj.io/storj/pkg/certificate/authorization"`
			`"storj.io/storj/pkg/identity"`
			`"storj.io/storj/pkg/pb"`
			`"storj.io/storj/pkg/peertls/tlsopts"`
			`"storj.io/storj/pkg/revocation"`
			`"storj.io/storj/pkg/server"`
			`)`

			`var (`
			`mon = monkit.Package()`

			`// Error is the default error class for the certificates peer.`
			`Error = errs.Class("certificates peer error")`
			`)`

			`// Config is the global certificates config.`
			`type Config struct {`
			`Identity identity.Config`
			`Server server.Config`

pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`Signer identity.FullCAConfig`
			`AuthorizationDB authorization.DBConfig`
			AuthorizationAddr string `default:"127.0.0.1:9000" help:"address for authorization http proxy to listen on"`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00
			MinDifficulty uint `default:"30" help:"minimum difficulty of the requester's identity required to claim an authorization"`
			`}`

			`// Peer is the certificates server.`
			`type Peer struct {`
			`// core dependencies`
			`Log *zap.Logger`
			`Identity *identity.FullIdentity`

pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`Server *server.Server`
			`AuthorizationDB *authorization.DB`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00
			`// services and endpoints`
pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`Certificate struct {`
			`Endpoint *Endpoint`
			`}`

			`Authorization struct {`
			`Listener net.Listener`
			`Service *authorization.Service`
			`Endpoint *authorization.Endpoint`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00			`}`
			`}`

			`// New creates a new certificates peer.`
			`func New(log zap.Logger, ident identity.FullIdentity, ca identity.FullCertificateAuthority, authorizationDB authorization.DB, revocationDB revocation.DB, config Config) (*Peer, error) {`
			`peer := &Peer{`
			`Log: log,`
			`Identity: ident,`
			`}`

pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`{ // setup server`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00			`log.Debug("Starting listener and server")`
			`sc := config.Server`

			`options, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB)`
			`if err != nil {`
			`return nil, Error.Wrap(errs.Combine(err, peer.Close()))`
			`}`

			`peer.Server, err = server.New(log.Named("server"), options, sc.Address, sc.PrivateAddress, nil)`
			`if err != nil {`
			`return nil, Error.Wrap(err)`
			`}`
			`}`

pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`peer.AuthorizationDB = authorizationDB`

			`peer.Certificate.Endpoint = NewEndpoint(log.Named("certificate"), ca, authorizationDB, uint16(config.MinDifficulty))`
			`pb.RegisterCertificatesServer(peer.Server.GRPC(), peer.Certificate.Endpoint)`
bootstrap/satellite/certificate/storagenode: register drpc services Change-Id: Id29f14b76a8c9cb2be31001b9a7a4356a4bda183 2019-09-12 22:09:46 +01:00			`pb.DRPCRegisterCertificates(peer.Server.DRPC(), peer.Certificate.Endpoint)`
pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00
			`var err error`
			`peer.Authorization.Listener, err = net.Listen("tcp", config.AuthorizationAddr)`
			`if err != nil {`
			`return nil, errs.Combine(err, peer.Close())`
			`}`

			`authorizationService := authorization.NewService(log, authorizationDB)`
			`peer.Authorization.Endpoint = authorization.NewEndpoint(log.Named("authorization"), authorizationService, peer.Authorization.Listener)`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00
			`return peer, nil`
			`}`

			`// Run runs the certificates peer until it's either closed or it errors.`
			`func (peer *Peer) Run(ctx context.Context) (err error) {`
			`defer mon.Task()(&ctx)(&err)`

			`return errs2.IgnoreCanceled(peer.Server.Run(ctx))`
			`}`

			`// Close closes all resources.`
			`func (peer *Peer) Close() error {`
			`var errlist errs.Group`

pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`if peer.Authorization.Endpoint != nil {`
			`errlist.Add(peer.Authorization.Endpoint.Close())`
			`}`

			`if peer.AuthorizationDB != nil {`
			`errlist.Add(peer.AuthorizationDB.Close())`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00			`}`

pkg/certificates: add authorization endpoint and refactor (#2971) 2019-09-11 09:36:44 +01:00			`if peer.Server != nil {`
			`errlist.Add(peer.Server.Close())`
{cmd,pkg}/certificates: service refactor (#2938) 2019-09-05 16:11:21 +01:00			`}`

			`return Error.Wrap(errlist.Err())`
			`}`