JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
be7928d4bd
storj/certificate/peer.go
Egon Elbre 7802ab714f pkg/,private/: merge with private package 
Initially there were pkg and private packages, however for all practical
purposes there's no significant difference between them. It's clearer to
have a single private package - and when we do get a specific
abstraction that needs to be reused, we can move it to storj.io/common
or storj.io/private.

Change-Id: Ibc2036e67f312f5d63cb4a97f5a92e38ae413aa5
2021-04-23 16:37:28 +03:00

139 lines
3.5 KiB
Go
Raw Blame History

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package certificate
import (
"context"
"net"
"github.com/spacemonkeygo/monkit/v3"
"github.com/zeebo/errs"
"go.uber.org/zap"
"golang.org/x/sync/errgroup"
"storj.io/common/errs2"
"storj.io/common/identity"
"storj.io/common/peertls/tlsopts"
"storj.io/storj/certificate/authorization"
"storj.io/storj/certificate/certificatepb"
"storj.io/storj/private/revocation"
"storj.io/storj/private/server"
)
var (
mon = monkit.Package()
// Error is the default error class for the certificates peer.
Error = errs.Class("certificates peer error")
)
// Config is the global certificates config.
type Config struct {
Identity identity.Config
Server server.Config
Signer identity.FullCAConfig
AuthorizationDB authorization.DBConfig
AuthorizationAddr string `default:"127.0.0.1:9000" help:"address for authorization http proxy to listen on"`
MinDifficulty uint `default:"36" help:"minimum difficulty of the requester's identity required to claim an authorization"`
}
// Peer is the certificates server.
type Peer struct {
// core dependencies
Log *zap.Logger
Identity *identity.FullIdentity
Server *server.Server
AuthorizationDB *authorization.DB
// services and endpoints
Certificate struct {
Endpoint *Endpoint
}
Authorization struct {
Listener net.Listener
Service *authorization.Service
Endpoint *authorization.Endpoint
}
}
// New creates a new certificates peer.
func New(log *zap.Logger, ident *identity.FullIdentity, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, revocationDB *revocation.DB, config *Config) (*Peer, error) {
peer := &Peer{
Log: log,
Identity: ident,
}
{ // setup server
sc := config.Server
tlsOptions, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB)
if err != nil {
return nil, Error.Wrap(errs.Combine(err, peer.Close()))
}
peer.Server, err = server.New(log.Named("server"), tlsOptions, sc)
if err != nil {
return nil, Error.Wrap(err)
}
}
peer.AuthorizationDB = authorizationDB
peer.Certificate.Endpoint = NewEndpoint(log.Named("certificate"), ca, authorizationDB, uint16(config.MinDifficulty))
if err := certificatepb.DRPCRegisterCertificates(peer.Server.DRPC(), peer.Certificate.Endpoint); err != nil {
return nil, Error.Wrap(errs.Combine(err, peer.Close()))
}
var err error
peer.Authorization.Listener, err = net.Listen("tcp", config.AuthorizationAddr)
if err != nil {
return nil, errs.Combine(err, peer.Close())
}
authorizationService := authorization.NewService(log, authorizationDB)
peer.Authorization.Endpoint = authorization.NewEndpoint(log.Named("authorization"), authorizationService, peer.Authorization.Listener)
return peer, nil
}
// Run runs the certificates peer until it's either closed or it errors.
func (peer *Peer) Run(ctx context.Context) (err error) {
defer mon.Task()(&ctx)(&err)
group := errgroup.Group{}
group.Go(func() error {
return errs2.IgnoreCanceled(peer.Server.Run(ctx))
})
group.Go(func() error {
return errs2.IgnoreCanceled(peer.Authorization.Endpoint.Run(ctx))
})
return group.Wait()
}
// Close closes all resources.
func (peer *Peer) Close() error {
var errlist errs.Group
if peer.Authorization.Endpoint != nil {
errlist.Add(peer.Authorization.Endpoint.Close())
}
if peer.AuthorizationDB != nil {
errlist.Add(peer.AuthorizationDB.Close())
}
if peer.Server != nil {
errlist.Add(peer.Server.Close())
}
return Error.Wrap(errlist.Err())
}
Reference in New Issue View Git Blame Copy Permalink