Fix tonic TLS issues #1
2
Cargo.lock
generated
2
Cargo.lock
generated
@ -3585,10 +3585,8 @@ dependencies = [
|
||||
"percent-encoding",
|
||||
"pin-project",
|
||||
"prost",
|
||||
"rustls-pemfile",
|
||||
"socket2",
|
||||
"tokio",
|
||||
"tokio-rustls",
|
||||
"tokio-stream",
|
||||
"tower 0.4.13",
|
||||
"tower-layer",
|
||||
|
||||
@ -19,7 +19,7 @@ serde_yaml = "0.9.34"
|
||||
tabled = "0.17.0"
|
||||
tokio-stream = "0.1.17"
|
||||
tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] }
|
||||
tonic = { version = "0.12", features = ["tls"] }
|
||||
tonic = { version = "0.12" }
|
||||
thiserror = "2.0.9"
|
||||
bs58 = "0.5.1"
|
||||
chrono = "0.4.39"
|
||||
|
||||
@ -83,6 +83,10 @@ pub enum Error {
|
||||
SshKeyNoDefined,
|
||||
#[error{"RSA Error: {0}"}]
|
||||
RSAError(#[from] openssl::error::ErrorStack),
|
||||
#[error{"Internal CLI error: {0}"}]
|
||||
InternalError(String),
|
||||
#[error(transparent)]
|
||||
BrainConnection(#[from] tonic::transport::Error),
|
||||
}
|
||||
|
||||
impl Config {
|
||||
@ -310,6 +314,46 @@ impl Config {
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn get_brain_channel() -> Result<tonic::transport::Channel, Error> {
|
||||
let (brain_url, brain_san) = Self::get_brain_info();
|
||||
|
||||
use hyper_rustls::HttpsConnectorBuilder;
|
||||
use rustls::pki_types::pem::PemObject;
|
||||
use rustls::pki_types::CertificateDer;
|
||||
use rustls::{ClientConfig, RootCertStore};
|
||||
|
||||
let mut detee_root_ca_store = RootCertStore::empty();
|
||||
detee_root_ca_store
|
||||
.add(CertificateDer::from_pem_file(Config::get_root_ca_path()?).map_err(|e| {
|
||||
Error::InternalError(format!("Could not parse PEM certificate: {e}"))
|
||||
})?)
|
||||
.unwrap();
|
||||
|
||||
let client_tls_config = ClientConfig::builder()
|
||||
.with_root_certificates(detee_root_ca_store)
|
||||
.with_no_client_auth();
|
||||
let connector = HttpsConnectorBuilder::new()
|
||||
.with_tls_config(client_tls_config)
|
||||
.https_only()
|
||||
.with_server_name_resolver(hyper_rustls::FixedServerNameResolver::new(
|
||||
brain_san.clone().try_into().map_err(|e| {
|
||||
Error::InternalError(format!(
|
||||
"Could not parse {brain_san} into domain resolver: {e}"
|
||||
))
|
||||
})?,
|
||||
))
|
||||
.enable_http2()
|
||||
.build();
|
||||
Ok(tonic::transport::Channel::from_shared(brain_url.to_string())
|
||||
.map_err(|e| {
|
||||
Error::InternalError(format!(
|
||||
"Could not parse {brain_san} into domain resolver: {e}"
|
||||
))
|
||||
})?
|
||||
.connect_with_connector(connector)
|
||||
.await?)
|
||||
}
|
||||
|
||||
pub fn set_network(mut network: &str) {
|
||||
if network != "staging" {
|
||||
log::error!(
|
||||
|
||||
@ -4,7 +4,7 @@ use crate::utils::sign_request;
|
||||
use detee_shared::general_proto::ReportNodeReq;
|
||||
use log::{debug, info, warn};
|
||||
use tokio_stream::StreamExt;
|
||||
use tonic::transport::{Certificate, Channel, ClientTlsConfig};
|
||||
use tonic::transport::Channel;
|
||||
|
||||
pub mod proto {
|
||||
pub use detee_shared::common_proto::*;
|
||||
@ -35,20 +35,7 @@ pub enum Error {
|
||||
}
|
||||
|
||||
async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> {
|
||||
let (brain_url, brain_san) = Config::get_brain_info();
|
||||
Ok(BrainGeneralCliClient::new(
|
||||
Channel::from_shared(brain_url.to_string())
|
||||
.map_err(|_| Error::CorruptedBrainUrl)?
|
||||
.tls_config(
|
||||
ClientTlsConfig::new()
|
||||
.ca_certificate(Certificate::from_pem(std::fs::read_to_string(
|
||||
Config::get_root_ca_path()?,
|
||||
)?))
|
||||
.domain_name(brain_san),
|
||||
)?
|
||||
.connect()
|
||||
.await?,
|
||||
))
|
||||
Ok(BrainGeneralCliClient::new(Config::get_brain_channel().await?))
|
||||
}
|
||||
|
||||
pub async fn get_balance(account: &str) -> Result<AccountBalance, Error> {
|
||||
@ -162,7 +149,8 @@ pub async fn admin_list_accounts() -> Result<Vec<Account>, Error> {
|
||||
|
||||
pub async fn admin_list_contracts() -> Result<Vec<VmContract>, Error> {
|
||||
let mut contracts = Vec::new();
|
||||
let mut grpc_stream = client().await?.list_all_vm_contracts(sign_request(Empty {})?).await?.into_inner();
|
||||
let mut grpc_stream =
|
||||
client().await?.list_all_vm_contracts(sign_request(Empty {})?).await?.into_inner();
|
||||
while let Some(stream_update) = grpc_stream.next().await {
|
||||
match stream_update {
|
||||
Ok(contract) => {
|
||||
|
||||
@ -5,7 +5,7 @@ use detee_shared::app_proto::{
|
||||
};
|
||||
use detee_shared::sgx::types::brain::AppDeployConfig;
|
||||
use tokio_stream::StreamExt;
|
||||
use tonic::transport::{Certificate, Channel, ClientTlsConfig};
|
||||
use tonic::transport::Channel;
|
||||
|
||||
use crate::config::Config;
|
||||
use crate::sgx::utils::calculate_nanolp_for_app;
|
||||
@ -66,20 +66,7 @@ impl crate::HumanOutput for AppContract {
|
||||
}
|
||||
|
||||
async fn client() -> Result<BrainAppCliClient<Channel>> {
|
||||
let (brain_url, brain_san) = Config::get_brain_info();
|
||||
Ok(BrainAppCliClient::new(
|
||||
Channel::from_shared(brain_url.to_string())
|
||||
.map_err(|_| Error::CorruptedBrainUrl)?
|
||||
.tls_config(
|
||||
ClientTlsConfig::new()
|
||||
.ca_certificate(Certificate::from_pem(std::fs::read_to_string(
|
||||
Config::get_root_ca_path()?,
|
||||
)?))
|
||||
.domain_name(brain_san),
|
||||
)?
|
||||
.connect()
|
||||
.await?,
|
||||
))
|
||||
Ok(BrainAppCliClient::new(Config::get_brain_channel().await?))
|
||||
}
|
||||
|
||||
pub async fn new_app(app_deploy_config: AppDeployConfig) -> Result<NewAppRes> {
|
||||
|
||||
@ -186,7 +186,7 @@ pub struct AppDeployResponse {
|
||||
|
||||
impl crate::HumanOutput for AppDeployResponse {
|
||||
fn human_cli_print(&self) {
|
||||
println!("App deployd with UUID: {}, App Name: {}", self.uuid, self.name);
|
||||
println!("The application got deployed under the UUID: {}", self.uuid);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ use proto::{
|
||||
use tokio_stream::StreamExt;
|
||||
use tonic::metadata::errors::InvalidMetadataValue;
|
||||
use tonic::metadata::AsciiMetadataValue;
|
||||
use tonic::transport::{Certificate, Channel, ClientTlsConfig};
|
||||
use tonic::transport::Channel;
|
||||
use tonic::Request;
|
||||
|
||||
lazy_static! {
|
||||
@ -84,20 +84,7 @@ impl crate::HumanOutput for VmNodeListResp {
|
||||
}
|
||||
|
||||
async fn client() -> Result<BrainVmCliClient<Channel>, Error> {
|
||||
let (brain_url, brain_san) = Config::get_brain_info();
|
||||
Ok(BrainVmCliClient::new(
|
||||
Channel::from_shared(brain_url.to_string())
|
||||
.map_err(|_| Error::CorruptedBrainUrl)?
|
||||
.tls_config(
|
||||
ClientTlsConfig::new()
|
||||
.ca_certificate(Certificate::from_pem(std::fs::read_to_string(
|
||||
Config::get_root_ca_path()?,
|
||||
)?))
|
||||
.domain_name(brain_san),
|
||||
)?
|
||||
.connect()
|
||||
.await?,
|
||||
))
|
||||
Ok(BrainVmCliClient::new(Config::get_brain_channel().await?))
|
||||
}
|
||||
|
||||
fn sign_request<T: std::fmt::Debug>(req: T) -> Result<Request<T>, Error> {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user