added support for self signed TLS certificates

2025-03-28 17:17:12 +02:00 · 2025-03-28 17:17:12 +02:00 · 94867476b6
commit 94867476b6
parent 8e0bca9dd8
7 changed files with 36 additions and 8 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1495,7 +1495,9 @@ version = "0.23.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
 dependencies = [
 "log",
 "once_cell",
 "ring",
 "rustls-pki-types",
 "rustls-webpki",
 "subtle",
@ -1916,8 +1918,10 @@ dependencies = [
 "percent-encoding",
 "pin-project",
 "prost",
 "rustls-pemfile",
 "socket2",
 "tokio",
 "tokio-rustls",
 "tokio-stream",
 "tower 0.4.13",
 "tower-layer",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -19,7 +19,7 @@ prost-types = "0.13.4"
 rand = "0.8.5"
 tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] }
 tokio-stream = "0.1.17"
-tonic = "0.12"
+tonic = { version = "0.12", features = ["tls"] }
 serde_json = "1.0.135"
 bs58 = "0.5.1"
 chrono = "0.4.39"
--- a/scripts/install_daemon.sh
+++ b/scripts/install_daemon.sh
@ -15,6 +15,7 @@ chmod +x /usr/local/bin/detee-snp-daemon
 wget -O /usr/local/bin/detee/start_qemu_vm.sh https://registry.detee.ltd/daemon/start_qemu_vm.sh
 chmod +x /usr/local/bin/detee/start_qemu_vm.sh
 wget -O /etc/systemd/system/detee-snp-daemon.service https://registry.detee.ltd/daemon/detee-snp-daemon.service
 wget -O /etc/detee/root_ca.pem https://registry.detee.ltd/root_ca.pem
 echo "Take a look at /etc/detee/daemon/sample_config.yaml"
 echo "Modify config based on your setup and save it to /etc/detee/daemon/config.yaml"
--- a/src/config.rs
+++ b/src/config.rs
@ -45,7 +45,7 @@ pub enum InterfaceType {
 #[derive(Deserialize, Debug)]
 pub struct Config {
    pub owner_wallet: String,
-    pub brain_url: String,
+    pub network: String,
    pub max_cores_per_vm: usize,
    pub max_vcpu_reservation: usize,
    pub max_mem_reservation_mb: usize,
--- a/src/global.rs
+++ b/src/global.rs
@ -5,6 +5,9 @@ use log::{info, warn};
 use sha2::{Digest, Sha256};
 use std::{fs::File, io::Read, io::Write};
 pub(crate) const DETEE_ROOT_CA: &str = "/etc/detee/root_ca.pem";
 pub(crate) const BRAIN_STAGING: (&str, &str) = ("https://159.65.58.38:31337", "staging-brain");
 pub(crate) const BRAIN_TESTING: (&str, &str) = ("https://164.92.249.180:31337", "testing-brain");
 pub(crate) const VM_BOOT_DIR: &str = "/var/lib/detee/boot/";
 pub(crate) const USED_RESOURCES: &str = "/etc/detee/daemon/used_resources.yaml";
 pub(crate) const VM_CONFIG_DIR: &str = "/etc/detee/daemon/vms/";
--- a/src/grpc.rs
+++ b/src/grpc.rs
@ -10,16 +10,36 @@ use tokio::{
    task::JoinSet,
 };
 use tokio_stream::{wrappers::ReceiverStream, StreamExt};
-use tonic::transport::Channel;
+use tonic::transport::{Certificate, Channel, ClientTlsConfig};
 pub mod snp_proto {
    pub use detee_shared::vm_proto::*;
 }
 pub async fn client(network: &str) -> Result<BrainVmDaemonClient<Channel>> {
    let (brain_url, brain_san) = match network {
        "staging" => BRAIN_STAGING,
        "testnet" => BRAIN_TESTING,
        _ => {
            return Err(anyhow::anyhow!(
                "The only networks currently supported are staging and testnet."
            ))
        }
    };
    let pem = std::fs::read_to_string(DETEE_ROOT_CA)?;
    let ca = Certificate::from_pem(pem);
    let tls = ClientTlsConfig::new().ca_certificate(ca).domain_name(brain_san);
    let channel = Channel::from_shared(brain_url.to_string())?.tls_config(tls)?.connect().await?;
    Ok(BrainVmDaemonClient::new(channel))
 }
 pub async fn register_node(config: &crate::config::Config) -> Result<Vec<VmContract>> {
    use tonic::metadata::AsciiMetadataValue;
    use tonic::Request;
-    let mut client = BrainVmDaemonClient::connect(config.brain_url.clone()).await?;
+    let mut client = client(&config.network).await?;
    debug!("Starting node registration...");
    let ip_info = IP_INFO.clone();
    let req = RegisterVmNodeReq {
@ -109,14 +129,14 @@ async fn send_messages(
 pub struct ConnectionData {
    pub contracts: Vec<String>,
-    pub brain_url: String,
+    pub network: String,
    pub brain_msg_tx: Sender<BrainVmMessage>,
    pub daemon_msg_rx: Receiver<VmDaemonMessage>,
    pub daemon_msg_tx: Sender<VmDaemonMessage>,
 }
 pub async fn connect_and_run(cd: ConnectionData) -> Result<()> {
-    let client = BrainVmDaemonClient::connect(cd.brain_url).await?;
+    let client = client(&cd.network).await?;
    let mut streaming_tasks = JoinSet::new();
    streaming_tasks.spawn(receive_messages(client.clone(), cd.contracts.clone(), cd.brain_msg_tx));
--- a/src/main.rs
+++ b/src/main.rs
@ -251,7 +251,7 @@ async fn main() {
        let (daemon_msg_tx, daemon_msg_rx) = tokio::sync::mpsc::channel(6);
        let mut vm_handler = VMHandler::new(brain_msg_rx, daemon_msg_tx.clone());
-        let brain_url = vm_handler.config.brain_url.clone();
+        let network = vm_handler.config.network.clone();
        info!("Registering with the brain and getting back VM Contracts (if they exist).");
        let mut contracts: Vec<String> = Vec::new();
@ -270,7 +270,7 @@ async fn main() {
        info!("Connecting to brain...");
        if let Err(e) = grpc::connect_and_run(grpc::ConnectionData {
            contracts,
-            brain_url,
+            network,
            brain_msg_tx,
            daemon_msg_rx,
            daemon_msg_tx,