Noor
0c0bf0b6fa
bindings for is_banned_by_node query tests for ban user mock data for test ban user test key from base58 privatekey
74 lines
2.6 KiB
Rust
74 lines
2.6 KiB
Rust
use anyhow::Result;
|
|
use detee_shared::vm_proto as snp_proto;
|
|
use ed25519_dalek::{Signer, SigningKey};
|
|
use itertools::Itertools;
|
|
use std::sync::OnceLock;
|
|
use tonic::metadata::AsciiMetadataValue;
|
|
use tonic::Request;
|
|
|
|
pub static ADMIN_KEYS: OnceLock<Vec<Key>> = OnceLock::new();
|
|
|
|
pub fn admin_keys() -> Vec<Key> {
|
|
let admin_keys = ADMIN_KEYS.get_or_init(|| {
|
|
let admin_keys = vec![Key::new(), Key::new(), Key::new()];
|
|
let admin_pub_keys = admin_keys.iter().map(|k| k.pubkey.clone()).join(", ");
|
|
std::env::set_var("ADMIN_PUB_KEYS", admin_pub_keys);
|
|
admin_keys.clone()
|
|
});
|
|
|
|
admin_keys.clone()
|
|
}
|
|
|
|
#[derive(Debug, Clone)]
|
|
pub struct Key {
|
|
pub sg_key: SigningKey,
|
|
pub pubkey: String,
|
|
}
|
|
|
|
impl Key {
|
|
pub fn new() -> Self {
|
|
let sk = SigningKey::generate(&mut rand::rngs::OsRng);
|
|
let pubkey = bs58::encode(sk.verifying_key().to_bytes()).into_string();
|
|
Key { sg_key: sk, pubkey }
|
|
}
|
|
|
|
pub fn from(private_key: &str) -> Self {
|
|
let signing_key: SigningKey = bs58::decode(private_key)
|
|
.into_vec()
|
|
.expect("Failed to decode private key")
|
|
.as_slice()
|
|
.try_into()
|
|
.expect("Failed to convert to SigningKey");
|
|
let pubkey = bs58::encode(signing_key.verifying_key().to_bytes()).into_string();
|
|
Key { sg_key: signing_key, pubkey }
|
|
}
|
|
|
|
pub fn sign_request<T: std::fmt::Debug>(&self, req: T) -> Result<Request<T>> {
|
|
let pubkey = self.pubkey.clone();
|
|
let timestamp = chrono::Utc::now().to_rfc3339();
|
|
let signature = self.try_sign_message(&format!("{timestamp}{req:?}"))?;
|
|
let timestamp: AsciiMetadataValue = timestamp.parse()?;
|
|
let pubkey: AsciiMetadataValue = pubkey.parse()?;
|
|
let signature: AsciiMetadataValue = signature.parse()?;
|
|
let mut req = Request::new(req);
|
|
req.metadata_mut().insert("timestamp", timestamp);
|
|
req.metadata_mut().insert("pubkey", pubkey);
|
|
req.metadata_mut().insert("request-signature", signature);
|
|
|
|
Ok(req)
|
|
}
|
|
|
|
pub fn try_sign_message(&self, message: &str) -> Result<String> {
|
|
let key = self.sg_key.clone();
|
|
Ok(bs58::encode(key.sign(message.as_bytes()).to_bytes()).into_string())
|
|
}
|
|
|
|
pub fn sign_stream_auth(&self, contracts: Vec<String>) -> Result<snp_proto::DaemonStreamAuth> {
|
|
let pubkey = self.pubkey.clone();
|
|
let timestamp = chrono::Utc::now().to_rfc3339();
|
|
let signature =
|
|
self.try_sign_message(&(timestamp.to_string() + &format!("{contracts:?}")))?;
|
|
Ok(snp_proto::DaemonStreamAuth { timestamp, pubkey, contracts, signature })
|
|
}
|
|
}
|