NextGraph
/
nextgraph-rs
1
2
Fork 0
Code Issues 1 Pull Requests Packages Projects 2 Releases 3 Activity

signature verification in CLI with ExtRequest. Display snapshot

Browse Source
master
Niko PLP 1 month ago
parent 17e1eb95e3
commit 48c63ead2f
14 changed files with 647 additions and 138 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 103
      ng-net/src/actors/ext/get.rs
  2. 2
      ng-net/src/actors/ext/mod.rs
  3. 134
      ng-net/src/app_protocol.rs
  4. 1
      ng-net/src/connection.rs
  5. 115
      ng-net/src/types.rs
  6. 6
      ng-repo/src/block.rs
  7. 4
      ng-repo/src/commit.rs
  8. 24
      ng-repo/src/object.rs
  9. 4
      ng-repo/src/store.rs
  10. 40
      ng-repo/src/types.rs
  11. 13
      ng-verifier/src/request_processor.rs
  12. 14
      ng-wallet/src/types.rs
  13. 8
      ngcli/src/get.rs
  14. 189
      ngcli/src/main.rs

103
ng-net/src/actors/ext/get.rs
Unescape View File

@ -0,0 +1,103 @@
/*
* Copyright (c) 2022-2024 Niko Bonnieure, Par le Peuple, NextGraph.org developers
* All rights reserved.
* Licensed under the Apache License, Version 2.0
* <LICENSE-APACHE2 or http://www.apache.org/licenses/LICENSE-2.0>
* or the MIT license <LICENSE-MIT or http://opensource.org/licenses/MIT>,
* at your option. All files in the project carrying such
* notice may not be copied, modified, or distributed except
* according to those terms.
*/
use std::sync::Arc;
use async_std::sync::Mutex;
use ng_repo::errors::*;
use ng_repo::log::*;
use ng_repo::object::Object;
use ng_repo::store::Store;
use ng_repo::types::Block;
use super::super::StartProtocol;
use crate::broker::BROKER;
use crate::connection::NoiseFSM;
use crate::types::*;
use crate::{actor::*, types::ProtocolMessage};
impl ExtObjectGetV0 {
pub fn get_actor(&self) -> Box<dyn EActor> {
Actor::<ExtObjectGetV0, Vec<Block>>::new_responder(0)
}
}
impl TryFrom<ProtocolMessage> for ExtObjectGetV0 {
type Error = ProtocolError;
fn try_from(msg: ProtocolMessage) -> Result<Self, Self::Error> {
if let ProtocolMessage::Start(StartProtocol::Ext(ExtRequest::V0(ExtRequestV0 {
content: ExtRequestContentV0::ExtObjectGet(a),
..
}))) = msg
{
Ok(a)
} else {
log_debug!("INVALID {:?}", msg);
Err(ProtocolError::InvalidValue)
}
}
}
impl From<ExtObjectGetV0> for ProtocolMessage {
fn from(_msg: ExtObjectGetV0) -> ProtocolMessage {
unimplemented!();
}
}
impl From<ExtObjectGetV0> for ExtRequestContentV0 {
fn from(msg: ExtObjectGetV0) -> ExtRequestContentV0 {
ExtRequestContentV0::ExtObjectGet(msg)
}
}
impl TryFrom<ProtocolMessage> for Vec<Block> {
type Error = ProtocolError;
fn try_from(msg: ProtocolMessage) -> Result<Vec<Block>, Self::Error> {
let content: ExtResponseContentV0 = msg.try_into()?;
if let ExtResponseContentV0::Blocks(res) = content {
Ok(res)
} else {
Err(ProtocolError::InvalidValue)
}
}
}
impl Actor<'_, ExtObjectGetV0, Vec<Block>> {}
#[async_trait::async_trait]
impl EActor for Actor<'_, ExtObjectGetV0, Vec<Block>> {
async fn respond(
&mut self,
msg: ProtocolMessage,
fsm: Arc<Mutex<NoiseFSM>>,
) -> Result<(), ProtocolError> {
let req = ExtObjectGetV0::try_from(msg)?;
let sb = {
let broker = BROKER.read().await;
broker.get_server_broker()?
};
let lock = sb.read().await;
let store = Store::new_from_overlay_id(&req.overlay, lock.get_block_storage());
let mut blocks = Vec::new();
for obj_id in req.ids {
// TODO: deal with RandomAccessFiles (or is it just working?)
if let Ok(obj) = Object::load_without_header(obj_id, None, &store) {
blocks.append(&mut obj.into_blocks());
//TODO: load the obj.files too (if req.include_files)
}
}
let response: ExtResponseV0 = Ok(ExtResponseContentV0::Blocks(blocks)).into();
fsm.lock().await.send(response.into()).await?;
Ok(())
}
}

2
ng-net/src/actors/ext/mod.rs
Unescape View File

@ -1 +1,3 @@
pub mod wallet_get_export; pub mod wallet_get_export;
pub mod get;

134
ng-net/src/app_protocol.rs
Unescape View File

@ -39,6 +39,13 @@ lazy_static! {
#[doc(hidden)] #[doc(hidden)]
static ref RE_NAMED_BRANCH_OR_COMMIT: Regex = static ref RE_NAMED_BRANCH_OR_COMMIT: Regex =
Regex::new(r"^did:ng:o:([A-Za-z0-9-_]*):v:([A-Za-z0-9-_]*):a:([A-Za-z0-9-_%]*)$").unwrap(); //TODO: allow international chars. disallow digit as first char Regex::new(r"^did:ng:o:([A-Za-z0-9-_]*):v:([A-Za-z0-9-_]*):a:([A-Za-z0-9-_%]*)$").unwrap(); //TODO: allow international chars. disallow digit as first char
#[doc(hidden)]
static ref RE_OBJECTS: Regex =
Regex::new(r"^did:ng(?::o:([A-Za-z0-9-_]{44}))?:v:([A-Za-z0-9-_]{44})((?::c:[A-Za-z0-9-_]{44}:k:[A-Za-z0-9-_]{44})+)(?::s:([A-Za-z0-9-_]{44}):k:([A-Za-z0-9-_]{44}))?:l:([A-Za-z0-9-_]*)$").unwrap();
#[doc(hidden)]
static ref RE_OBJECT_READ_CAPS: Regex =
Regex::new(r":[cj]:([A-Za-z0-9-_]{44}):k:([A-Za-z0-9-_]{44})").unwrap();
} }
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
@ -193,13 +200,15 @@ pub struct NuriV0 {
pub target: NuriTargetV0, pub target: NuriTargetV0,
pub entire_store: bool, // If it is a store, will include all the docs belonging to the store pub entire_store: bool, // If it is a store, will include all the docs belonging to the store
pub object: Option<ObjectId>, // used only for FileGet. // cannot be used for queries. only to download an object (file,commit..) pub objects: Vec<ObjectRef>, // used only for FileGet. // cannot be used for queries. only to download an object (file,commit..)
pub signature: Option<ObjectRef>,
pub branch: Option<TargetBranchV0>, // if None, the main branch is chosen pub branch: Option<TargetBranchV0>, // if None, the main branch is chosen
pub overlay: Option<OverlayLink>, pub overlay: Option<OverlayLink>,
pub access: Vec<NgAccessV0>, pub access: Vec<NgAccessV0>,
pub topic: Option<TopicId>, pub topic: Option<TopicId>,
pub locator: Vec<PeerAdvert>, pub locator: Option<Locator>,
} }
impl NuriV0 { impl NuriV0 {
@ -208,12 +217,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::None, target: NuriTargetV0::None,
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
} }
} }
pub fn copy_target_from(&mut self, nuri: &NuriV0) { pub fn copy_target_from(&mut self, nuri: &NuriV0) {
@ -232,12 +242,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::Repo(store_repo.repo_id().clone()), target: NuriTargetV0::Repo(store_repo.repo_id().clone()),
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
} }
} }
@ -303,7 +314,7 @@ impl NuriV0 {
} }
pub fn is_branch_identifier(&self) -> bool { pub fn is_branch_identifier(&self) -> bool {
self.locator.is_empty() self.locator.is_none()
&& self.topic.is_none() && self.topic.is_none()
&& self.access.is_empty() && self.access.is_empty()
&& self.overlay.as_ref().map_or(false, |o| o.is_outer()) && self.overlay.as_ref().map_or(false, |o| o.is_outer())
@ -311,13 +322,15 @@ impl NuriV0 {
.branch .branch
.as_ref() .as_ref()
.map_or(true, |b| b.is_valid_for_sparql_update()) .map_or(true, |b| b.is_valid_for_sparql_update())
&& self.object.is_none() && self.objects.is_empty()
&& self.signature.is_none()
&& !self.entire_store && !self.entire_store
&& self.target.is_repo_id() && self.target.is_repo_id()
} }
pub fn is_valid_for_sparql_update(&self) -> bool { pub fn is_valid_for_sparql_update(&self) -> bool {
self.object.is_none() self.objects.is_empty()
&& self.signature.is_none()
&& self.entire_store == false && self.entire_store == false
&& self.target.is_valid_for_sparql_update() && self.target.is_valid_for_sparql_update()
&& self && self
@ -326,7 +339,8 @@ impl NuriV0 {
.map_or(true, |b| b.is_valid_for_sparql_update()) .map_or(true, |b| b.is_valid_for_sparql_update())
} }
pub fn is_valid_for_discrete_update(&self) -> bool { pub fn is_valid_for_discrete_update(&self) -> bool {
self.object.is_none() self.objects.is_empty()
&& self.signature.is_none()
&& self.entire_store == false && self.entire_store == false
&& self.target.is_valid_for_discrete_update() && self.target.is_valid_for_discrete_update()
&& self && self
@ -340,12 +354,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::Repo(repo_id), target: NuriTargetV0::Repo(repo_id),
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
}) })
} }
@ -354,12 +369,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::None, target: NuriTargetV0::None,
entire_store: false, entire_store: false,
object: Some(obj_ref.id), objects: vec![obj_ref.clone()],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![NgAccessV0::Key(obj_ref.key.clone())], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
} }
} }
@ -368,12 +384,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::PrivateStore, target: NuriTargetV0::PrivateStore,
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
} }
} }
pub fn new_entire_user_site() -> Self { pub fn new_entire_user_site() -> Self {
@ -381,14 +398,71 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::UserSite, target: NuriTargetV0::UserSite,
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
} }
} }
pub fn new_for_readcaps(from: &str) -> Result<Self, NgError> {
let c = RE_OBJECTS.captures(from);
if let Some(c) = c {
let target = c.get(1).map_or(NuriTargetV0::None, |repo_match| {
if let Ok(id) = decode_key(repo_match.as_str()) {
NuriTargetV0::Repo(id)
} else {
NuriTargetV0::None
}
});
let overlay_id = decode_overlayid(c.get(2).ok_or(NgError::InvalidNuri)?.as_str())?;
let read_caps = c.get(3).ok_or(NgError::InvalidNuri)?.as_str();
let sign_obj_id = c.get(4).map(|c| decode_digest(c.as_str()));
let sign_obj_key = c.get(5).map(|c| decode_sym_key(c.as_str()));
let locator =
TryInto::<Locator>::try_into(c.get(6).ok_or(NgError::InvalidNuri)?.as_str())?;
let signature = if sign_obj_id.is_some() && sign_obj_key.is_some() {
Some(ObjectRef::from_id_key(
sign_obj_id.unwrap()?,
sign_obj_key.unwrap()?,
))
} else {
None
};
let objects = RE_OBJECT_READ_CAPS
.captures_iter(read_caps)
.map(|c| {
Ok(ObjectRef::from_id_key(
decode_digest(c.get(1).ok_or(NgError::InvalidNuri)?.as_str())?,
decode_sym_key(c.get(2).ok_or(NgError::InvalidNuri)?.as_str())?,
))
})
.collect::<Result<Vec<ObjectRef>, NgError>>()?;
if objects.len() < 1 {
return Err(NgError::InvalidNuri);
}
Ok(Self {
identity: None,
target,
entire_store: false,
objects,
signature,
branch: None,
overlay: Some(overlay_id.into()),
access: vec![],
topic: None,
locator: Some(locator),
})
} else {
Err(NgError::InvalidNuri)
}
}
pub fn new_from(from: &String) -> Result<Self, NgError> { pub fn new_from(from: &String) -> Result<Self, NgError> {
let c = RE_REPO_O.captures(from); let c = RE_REPO_O.captures(from);
@ -401,12 +475,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::Repo(repo_id), target: NuriTargetV0::Repo(repo_id),
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
}) })
} else { } else {
let c = RE_FILE_READ_CAP.captures(from); let c = RE_FILE_READ_CAP.captures(from);
@ -423,12 +498,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::None, target: NuriTargetV0::None,
entire_store: false, entire_store: false,
object: Some(id), objects: vec![ObjectRef::from_id_key(id, key)],
signature: None,
branch: None, branch: None,
overlay: None, overlay: None,
access: vec![NgAccessV0::Key(key)], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
}) })
} else { } else {
let c = RE_REPO.captures(from); let c = RE_REPO.captures(from);
@ -447,12 +523,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::Repo(repo_id), target: NuriTargetV0::Repo(repo_id),
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: None, branch: None,
overlay: Some(overlay_id.into()), overlay: Some(overlay_id.into()),
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
}) })
} else { } else {
let c = RE_BRANCH.captures(from); let c = RE_BRANCH.captures(from);
@ -473,12 +550,13 @@ impl NuriV0 {
identity: None, identity: None,
target: NuriTargetV0::Repo(repo_id), target: NuriTargetV0::Repo(repo_id),
entire_store: false, entire_store: false,
object: None, objects: vec![],
signature: None,
branch: Some(TargetBranchV0::BranchId(branch_id)), branch: Some(TargetBranchV0::BranchId(branch_id)),
overlay: Some(overlay_id.into()), overlay: Some(overlay_id.into()),
access: vec![], access: vec![],
topic: None, topic: None,
locator: vec![], locator: None,
}) })
} else { } else {
Err(NgError::InvalidNuri) Err(NgError::InvalidNuri)

1
ng-net/src/connection.rs
Unescape View File

@ -789,7 +789,6 @@ impl NoiseFSM {
let ext_req = ExtRequestV0 { let ext_req = ExtRequestV0 {
content: ext_config.request.clone(), content: ext_config.request.clone(),
id: 0, id: 0,
overlay: None,
}; };
let protocol_start = StartProtocol::Ext(ExtRequest::V0(ext_req)); let protocol_start = StartProtocol::Ext(ExtRequest::V0(ext_req));

115
ng-net/src/types.rs
Unescape View File

@ -197,8 +197,21 @@ pub struct BrokerServerV0 {
} }
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash)] #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub enum BrokerServer { pub struct BrokerServerContentV0 {
V0(BrokerServerV0), pub servers: Vec<BrokerServerTypeV0>,
pub version: u32,
}
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub struct BrokerServer {
pub content: BrokerServerContentV0,
/// peerId of the server
pub peer_id: PubKey,
/// optional signature over content by peer_id
pub sig: Option<Sig>,
} }
pub type LocatorV0 = Vec<BrokerServer>; pub type LocatorV0 = Vec<BrokerServer>;
@ -219,11 +232,64 @@ impl Locator {
pub fn empty() -> Self { pub fn empty() -> Self {
Self::V0(vec![]) Self::V0(vec![])
} }
pub fn first_broker_server(&self) -> Result<BrokerServerV0, NgError> {
match self {
Self::V0(v0) => {
let bs = v0.get(0).ok_or(NgError::BrokerNotFound)?;
Ok(BrokerServerV0 {
server_type: bs
.content
.servers
.get(0)
.ok_or(NgError::BrokerNotFound)?
.clone(),
can_verify: false,
can_forward: false,
peer_id: bs.peer_id,
})
}
}
}
pub fn add(&mut self, bs: BrokerServerV0) {
match self {
Self::V0(v0) => {
for b in v0.iter_mut() {
if b.peer_id == bs.peer_id {
b.content.servers.push(bs.server_type);
return;
}
}
v0.push(BrokerServer {
peer_id: bs.peer_id,
sig: None,
content: BrokerServerContentV0 {
version: 0,
servers: vec![bs.server_type],
},
});
}
}
}
}
impl TryFrom<&str> for Locator {
type Error = NgError;
fn try_from(string: &str) -> Result<Self, NgError> {
let vec = base64_url::decode(string).map_err(|_| NgError::InvalidKey)?;
Ok(serde_bare::from_slice(&vec).map_err(|_| NgError::InvalidKey)?)
}
} }
impl From<BrokerServerV0> for Locator { impl From<BrokerServerV0> for Locator {
fn from(bs: BrokerServerV0) -> Self { fn from(bs: BrokerServerV0) -> Self {
Locator::V0(vec![BrokerServer::V0(bs)]) Locator::V0(vec![BrokerServer {
peer_id: bs.peer_id,
content: BrokerServerContentV0 {
version: 0,
servers: vec![bs.server_type],
},
sig: None,
}])
} }
} }
@ -1388,6 +1454,18 @@ impl OverlayLink {
} }
} }
impl TryFrom<OverlayLink> for OverlayId {
type Error = NgError;
fn try_from(link: OverlayLink) -> Result<Self, Self::Error> {
Ok(match link {
OverlayLink::Inner(Digest::Blake3Digest32(i)) => OverlayId::Inner(i),
OverlayLink::Outer(Digest::Blake3Digest32(i)) => OverlayId::Outer(i),
OverlayLink::Global => OverlayId::Global,
_ => return Err(NgError::InvalidArgument),
})
}
}
impl From<OverlayId> for OverlayLink { impl From<OverlayId> for OverlayLink {
fn from(id: OverlayId) -> Self { fn from(id: OverlayId) -> Self {
match id { match id {
@ -3962,29 +4040,23 @@ impl ClientMessage {
// EXTERNAL REQUESTS // EXTERNAL REQUESTS
// //
/// Request object(s) by ID from a repository by non-members /// Request object(s) by ID by non-members to a broker
///
/// The request is sent by a non-member to an overlay member node,
/// which has a replica of the repository.
/// ///
/// The response includes the requested objects and all their children recursively, /// The response includes the requested objects and all their children recursively,
/// and optionally all object dependencies recursively. /// and optionally all file object dependencies and their children recursively.
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ExtObjectGetV0 { pub struct ExtObjectGetV0 {
/// Repository to request the objects from /// outer overlayId
pub repo: PubKey, pub overlay: OverlayId,
/// List of Object IDs to request, including their children /// List of Object IDs to request, including their children
pub ids: Vec<ObjectId>, pub ids: Vec<ObjectId>,
/// Whether or not to include all children recursively /// Whether or not to include all files objects
pub include_children: bool, pub include_files: bool,
/// Expiry time after which the link becomes invalid
pub expiry: Option<Timestamp>,
} }
/// Request object(s) by ID from a repository by non-members /// Request object(s) by ID by non-members
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub enum ExtObjectGet { pub enum ExtObjectGet {
V0(ExtObjectGetV0), V0(ExtObjectGetV0),
@ -4003,7 +4075,7 @@ pub type ExtTopicSyncReq = TopicSyncReq;
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub enum ExtRequestContentV0 { pub enum ExtRequestContentV0 {
WalletGetExport(ExtWalletGetExportV0), WalletGetExport(ExtWalletGetExportV0),
ExtObjectGet(ExtObjectGet), ExtObjectGet(ExtObjectGetV0),
ExtTopicSyncReq(ExtTopicSyncReq), ExtTopicSyncReq(ExtTopicSyncReq),
// TODO inbox requests // TODO inbox requests
// TODO subreq ? // TODO subreq ?
@ -4013,9 +4085,8 @@ impl ExtRequestContentV0 {
pub fn get_actor(&self) -> Box<dyn EActor> { pub fn get_actor(&self) -> Box<dyn EActor> {
match self { match self {
Self::WalletGetExport(a) => a.get_actor(), Self::WalletGetExport(a) => a.get_actor(),
_ => unimplemented!() Self::ExtObjectGet(a) => a.get_actor(),
// Self::ExtObjectGet(a) => a.get_actor(), _ => unimplemented!(), // Self::ExtTopicSyncReq(a) => a.get_actor(),
// Self::ExtTopicSyncReq(a) => a.get_actor(),
} }
} }
} }
@ -4023,9 +4094,6 @@ impl ExtRequestContentV0 {
/// External request with its request ID /// External request with its request ID
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ExtRequestV0 { pub struct ExtRequestV0 {
/// outer overlayId
pub overlay: Option<Digest>,
/// Request ID /// Request ID
pub id: i64, pub id: i64,
@ -4070,6 +4138,7 @@ pub struct ExportedWallet(pub serde_bytes::ByteBuf);
pub enum ExtResponseContentV0 { pub enum ExtResponseContentV0 {
EmptyResponse, EmptyResponse,
Block(Block), Block(Block),
Blocks(Vec<Block>),
Wallet(ExportedWallet), Wallet(ExportedWallet),
// TODO inbox related replies // TODO inbox related replies
// TODO event ? // TODO event ?

6
ng-repo/src/block.rs
Unescape View File

@ -193,6 +193,12 @@ impl Block {
} }
} }
pub fn destroy_header(&mut self) {
match self {
Block::V0(b) => b.commit_header_key = None,
}
}
/// Get the header reference /// Get the header reference
pub fn header_ref(&self) -> Option<CommitHeaderRef> { pub fn header_ref(&self) -> Option<CommitHeaderRef> {
match self { match self {

4
ng-repo/src/commit.rs
Unescape View File

@ -492,6 +492,10 @@ impl Commit {
} }
} }
pub fn body_ref(&self) -> &ObjectRef {
&self.content_v0().body
}
/// Get commit content V0 /// Get commit content V0
pub fn content_v0(&self) -> &CommitContentV0 { pub fn content_v0(&self) -> &CommitContentV0 {
match self { match self {

24
ng-repo/src/object.rs
Unescape View File

@ -489,6 +489,23 @@ impl Object {
id: ObjectId, id: ObjectId,
key: Option<SymKey>, key: Option<SymKey>,
store: &Store, store: &Store,
) -> Result<Object, ObjectParseError> {
Self::load_(id, key, store, true)
}
pub fn load_without_header(
id: ObjectId,
key: Option<SymKey>,
store: &Store,
) -> Result<Object, ObjectParseError> {
Self::load_(id, key, store, false)
}
fn load_(
id: ObjectId,
key: Option<SymKey>,
store: &Store,
with_header: bool,
) -> Result<Object, ObjectParseError> { ) -> Result<Object, ObjectParseError> {
fn load_tree( fn load_tree(
parents: Vec<BlockId>, parents: Vec<BlockId>,
@ -540,7 +557,8 @@ impl Object {
root.set_key(key); root.set_key(key);
} }
let header = match Self::load_header_(root, store) { let header = if with_header {
match Self::load_header_(root, store) {
Err(ObjectParseError::MissingBlocks(m)) => { Err(ObjectParseError::MissingBlocks(m)) => {
return Err(ObjectParseError::MissingHeaderBlocks(( return Err(ObjectParseError::MissingHeaderBlocks((
Object { Object {
@ -556,6 +574,10 @@ impl Object {
} }
Err(e) => return Err(e), Err(e) => return Err(e),
Ok(h) => h, Ok(h) => h,
}
} else {
root.destroy_header();
(None, vec![])
}; };
Ok(Object { Ok(Object {

4
ng-repo/src/store.rs
Unescape View File

@ -324,6 +324,8 @@ impl Store {
&self, &self,
)?; )?;
let repository_commit_body_ref = repository_commit.body_ref().clone();
//log_debug!("REPOSITORY COMMIT {}", repository_commit); //log_debug!("REPOSITORY COMMIT {}", repository_commit);
let repository_commit_ref = repository_commit.reference().unwrap(); let repository_commit_ref = repository_commit.reference().unwrap();
@ -492,7 +494,7 @@ impl Store {
// creating root certificate of the repo // creating root certificate of the repo
let cert_content = CertificateContentV0 { let cert_content = CertificateContentV0 {
previous: repository_commit_ref, previous: repository_commit_body_ref,
readcap_id: root_branch_readcap_id, readcap_id: root_branch_readcap_id,
owners_pk_set: pk_set.public_key(), owners_pk_set: pk_set.public_key(),
orders_pk_sets: OrdersPublicKeySetsV0::None, orders_pk_sets: OrdersPublicKeySetsV0::None,

40
ng-repo/src/types.rs
Unescape View File

@ -27,7 +27,7 @@ use crate::errors::NgError;
use crate::utils::{ use crate::utils::{
decode_key, decode_priv_key, dh_pubkey_array_from_ed_pubkey_slice, decode_key, decode_priv_key, dh_pubkey_array_from_ed_pubkey_slice,
dh_pubkey_from_ed_pubkey_slice, ed_privkey_to_ed_pubkey, from_ed_privkey_to_dh_privkey, dh_pubkey_from_ed_pubkey_slice, ed_privkey_to_ed_pubkey, from_ed_privkey_to_dh_privkey,
random_key, random_key, verify,
}; };
// //
@ -2345,6 +2345,14 @@ pub enum SignatureContent {
V0(SignatureContentV0), V0(SignatureContentV0),
} }
impl SignatureContent {
pub fn commits(&self) -> &[ObjectId] {
match self {
Self::V0(v0) => &v0.commits,
}
}
}
impl fmt::Display for SignatureContent { impl fmt::Display for SignatureContent {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self { match self {
@ -2398,6 +2406,21 @@ pub struct SignatureV0 {
pub certificate_ref: ObjectRef, pub certificate_ref: ObjectRef,
} }
impl SignatureV0 {
pub fn verify(&self, cert: &CertificateV0) -> Result<(), NgError> {
let ser = serde_bare::to_vec(&self.content).unwrap();
match &self.threshold_sig {
ThresholdSignatureV0::Owners(sig) => {
if !cert.get_owners_pub_key().verify(sig, &ser) {
return Err(NgError::InvalidSignature);
}
return Ok(());
}
_ => unimplemented!(),
}
}
}
impl fmt::Display for Signature { impl fmt::Display for Signature {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self { match self {
@ -2454,7 +2477,7 @@ pub enum OrdersPublicKeySetsV0 {
/// A Certificate content, that will be signed by the previous certificate signers. /// A Certificate content, that will be signed by the previous certificate signers.
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct CertificateContentV0 { pub struct CertificateContentV0 {
/// the previous certificate in the chain of trust. Can be another Certificate or the Repository commit when we are at the root of the chain of trust. /// the previous certificate in the chain of trust. Can be another Certificate or the Repository commit's body when we are at the root of the chain of trust.
pub previous: ObjectRef, pub previous: ObjectRef,
/// The Commit Id of the latest RootBranch definition (= the ReadCap ID) in order to keep in sync with the options for signing. /// The Commit Id of the latest RootBranch definition (= the ReadCap ID) in order to keep in sync with the options for signing.
@ -2497,6 +2520,19 @@ pub struct CertificateV0 {
pub sig: CertificateSignatureV0, pub sig: CertificateSignatureV0,
} }
impl CertificateV0 {
pub fn verify_with_repo_id(&self, repo_id: &RepoId) -> Result<(), NgError> {
let ser = serde_bare::to_vec(&self.content).unwrap();
match self.sig {
CertificateSignatureV0::Repo(sig) => verify(&ser, sig, repo_id.clone()),
_ => Err(NgError::InvalidArgument),
}
}
pub fn get_owners_pub_key(&self) -> &threshold_crypto::PublicKey {
&self.content.owners_pk_set
}
}
/// A certificate object /// A certificate object
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum Certificate { pub enum Certificate {

13
ng-verifier/src/request_processor.rs
Unescape View File

@ -55,16 +55,14 @@ impl Verifier {
_ => unimplemented!(), _ => unimplemented!(),
}, },
AppRequestCommandV0::FileGet => { AppRequestCommandV0::FileGet => {
if nuri.access.len() < 1 || nuri.object.is_none() { if nuri.objects.len() < 1 {
return Err(NgError::InvalidArgument); return Err(NgError::InvalidArgument);
} }
let (repo_id, _, store_repo) = self.resolve_target(&nuri.target)?; let (repo_id, _, store_repo) = self.resolve_target(&nuri.target)?;
let access = nuri.access.get(0).unwrap(); let obj = nuri.objects.get(0).unwrap();
if let NgAccessV0::Key(key) = access {
let repo = self.get_repo(&repo_id, &store_repo)?; let repo = self.get_repo(&repo_id, &store_repo)?;
let obj_id = nuri.object.unwrap();
if let Some(mut stream) = self if let Some(mut stream) = self
.fetch_blocks_if_needed(&obj_id, &repo_id, &store_repo) .fetch_blocks_if_needed(&obj.id, &repo_id, &store_repo)
.await? .await?
{ {
// TODO: start opening the file and running the sending_loop after we received 10 (3 mandatory and 7 depths max) blocks. // TODO: start opening the file and running the sending_loop after we received 10 (3 mandatory and 7 depths max) blocks.
@ -74,7 +72,7 @@ impl Verifier {
} }
} }
let file = let file =
RandomAccessFile::open(obj_id, key.clone(), Arc::clone(&repo.store))?; RandomAccessFile::open(obj.id, obj.key.clone(), Arc::clone(&repo.store))?;
let (mut tx, rx) = mpsc::unbounded::<AppResponse>(); let (mut tx, rx) = mpsc::unbounded::<AppResponse>();
tx.send(AppResponse::V0(AppResponseV0::FileMeta(FileMetaV0 { tx.send(AppResponse::V0(AppResponseV0::FileMeta(FileMetaV0 {
@ -117,9 +115,6 @@ impl Verifier {
tx.close_channel(); tx.close_channel();
}); });
Ok((rx, fnonce)) Ok((rx, fnonce))
} else {
return Err(NgError::InvalidArgument);
}
} }
_ => unimplemented!(), _ => unimplemented!(),
} }

14
ng-wallet/src/types.rs
Unescape View File

@ -1134,14 +1134,12 @@ impl BrokerInfoV0 {
} }
} }
pub fn vec_into_locator(list: Vec<BrokerInfoV0>) -> Locator { pub fn vec_into_locator(list: Vec<BrokerInfoV0>) -> Locator {
Locator::V0( let mut loc = Locator::empty();
list.into_iter() list.into_iter().for_each(|info| match info {
.filter_map(|info| match info { Self::CoreV0(_) => {}
Self::CoreV0(_) => None, Self::ServerV0(bs) => loc.add(bs),
Self::ServerV0(bs) => Some(BrokerServer::V0(bs)), });
}) loc
.collect(),
)
} }
} }

8
ngcli/src/get.rs
Unescape View File

@ -0,0 +1,8 @@
// Copyright (c) 2022-2024 Niko Bonnieure, Par le Peuple, NextGraph.org developers
// All rights reserved.
// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE2 or http://www.apache.org/licenses/LICENSE-2.0>
// or the MIT license <LICENSE-MIT or http://opensource.org/licenses/MIT>,
// at your option. All files in the project carrying such
// notice may not be copied, modified, or distributed except
// according to those terms.

189
ngcli/src/main.rs
Unescape View File

@ -10,6 +10,7 @@
#![doc(hidden)] #![doc(hidden)]
use core::fmt; use core::fmt;
use std::collections::HashSet;
use std::error::Error; use std::error::Error;
use std::fs::{read_to_string, write}; use std::fs::{read_to_string, write};
use std::net::IpAddr; use std::net::IpAddr;
@ -24,15 +25,20 @@ use zeroize::Zeroize;
use ng_repo::errors::*; use ng_repo::errors::*;
use ng_repo::log::*; use ng_repo::log::*;
use ng_repo::object::Object;
use ng_repo::store::Store;
use ng_repo::types::*; use ng_repo::types::*;
use ng_repo::utils::{decode_priv_key, display_timestamp, generate_keypair, timestamp_after}; use ng_repo::utils::{decode_priv_key, display_timestamp, generate_keypair, timestamp_after};
use ng_net::actors::admin::*; use ng_net::actors::admin::*;
use ng_net::broker::BROKER; use ng_net::app_protocol::{NuriTargetV0, NuriV0};
use ng_net::broker::{Broker, BROKER};
use ng_net::types::*; use ng_net::types::*;
use ng_client_ws::remote_ws::ConnectionWebSocket; use ng_client_ws::remote_ws::ConnectionWebSocket;
mod get;
/// CliConfig Version 0 /// CliConfig Version 0
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub struct CliConfigV0 { pub struct CliConfigV0 {
@ -227,6 +233,10 @@ async fn main_inner() -> Result<(), NgcliError> {
.subcommand( .subcommand(
Command::new("gen-key") Command::new("gen-key")
.about("Generates a new key pair () public key and private key ) to be used by example for user authentication.") .about("Generates a new key pair () public key and private key ) to be used by example for user authentication.")
).subcommand(
Command::new("get")
.about("fetches one or several commits, or a binary object, with an optional signature, from a broker, using the Ext Protocol, and connecting on the Outer Overlay. The request is anonymous and doesn't need any authentication")
.arg(arg!([NURI] "NextGraph URI of the commit(s) or object, containing the ReadCap in the form :c:k :j:k and optionally :s:k and the usual :o:v:l").required(true))
) )
.get_matches(); .get_matches();
@ -329,6 +339,183 @@ async fn main_inner() -> Result<(), NgcliError> {
None::<()> None::<()>
}); });
match matches.subcommand() {
Some(("get", sub_matches)) => {
log_debug!("processing get command");
let nuri = NuriV0::new_for_readcaps(sub_matches.get_one::<String>("NURI").unwrap())?;
let overlay_id = nuri.overlay.unwrap().try_into()?;
let peer_privk = PrivKey::Ed25519PrivKey(keys[1]);
let peer_pubk = peer_privk.to_pub();
let broker_server = nuri.locator.unwrap().first_broker_server()?;
let mut ids = nuri.objects.iter().map(|o| o.id).collect::<Vec<ObjectId>>();
let in_nuri: HashSet<Digest> = HashSet::from_iter(ids.iter().cloned());
nuri.signature.as_ref().map(|s| ids.push(s.id.clone()));
let mut store = Store::new_temp_in_mem();
store.overlay_id = overlay_id;
let blocks: Vec<Block> = Broker::ext(
Box::new(ConnectionWebSocket {}),
peer_privk.clone(),
peer_pubk,
broker_server.peer_id,
broker_server.get_ws_url(&None).await.unwrap().0, // for now we are only connecting to NextGraph SaaS cloud (nextgraph.eu) so it is safe.
ExtObjectGetV0 {
overlay: overlay_id,
ids,
include_files: true,
},
)
.await?;
blocks.into_iter().for_each(|b| _ = store.put(&b));
let mut next_round = Vec::with_capacity(2);
let mut signature = None;
if let Some(sign_ref) = nuri.signature {
if let Ok(o) = Object::load(sign_ref.id, Some(sign_ref.key), &store) {
match o.content_v0() {
Ok(ObjectContentV0::Signature(Signature::V0(v0))) => {
let in_sig = HashSet::from_iter(v0.content.commits().iter().cloned());
if in_nuri.is_subset(&in_sig) {
next_round.push((v0.certificate_ref.clone(), None));
signature = Some(v0);
} else {
println!("Signature is invalid");
log_err!("Signature is invalid");
}
}
_ => println!("Error: invalid signature object"),
}
}
}
nuri.objects.into_iter().for_each(|obj_ref| {
match Object::load(obj_ref.id, Some(obj_ref.key), &store) {
Err(e) => println!("Error: {:?}", e),
Ok(o) => match o.content_v0() {
Err(e) => println!("Error: {:?}", e),
Ok(ObjectContentV0::Commit(c)) => {
next_round.push((c.body_ref().clone(), Some(obj_ref.id)));
}
_ => println!("unsupported format"),
},
}
});
let blocks: Vec<Block> = Broker::ext(
Box::new(ConnectionWebSocket {}),
peer_privk.clone(),
peer_pubk,
broker_server.peer_id,
broker_server.get_ws_url(&None).await.unwrap().0, // for now we are only connecting to NextGraph SaaS cloud (nextgraph.eu) so it is safe.
ExtObjectGetV0 {
overlay: overlay_id,
ids: next_round
.iter()
.map(|(o, _)| o.id)
.collect::<Vec<ObjectId>>(),
include_files: true,
},
)
.await?;
blocks.into_iter().for_each(|b| _ = store.put(&b));
let mut third_round = Vec::with_capacity(2);
let mut certificate = None;
for (body_ref, commit_id) in next_round.into_iter() {
match Object::load(body_ref.id, Some(body_ref.key), &store) {
Err(e) => println!("Error: {:?}", e),
Ok(o) => match o.content_v0() {
Err(e) => println!("Error: {:?}", e),
Ok(ObjectContentV0::CommitBody(CommitBody::V0(
CommitBodyV0::Snapshot(Snapshot::V0(snap)),
))) => {
println!("Snapshot: {}", commit_id.unwrap());
third_round.push(snap.content);
}
Ok(ObjectContentV0::CommitBody(CommitBody::V0(
CommitBodyV0::AsyncTransaction(_t),
))) => {
println!("Transaction: {}", commit_id.unwrap());
}
Ok(ObjectContentV0::Certificate(Certificate::V0(certif))) => {
if commit_id.is_none() && signature.is_some() {
third_round.push(certif.content.previous.clone());
certificate = Some(certif);
}
}
_ => println!("unsupported object"),
},
}
}
let blocks: Vec<Block> = Broker::ext(
Box::new(ConnectionWebSocket {}),
peer_privk,
peer_pubk,
broker_server.peer_id,
broker_server.get_ws_url(&None).await.unwrap().0, // for now we are only connecting to NextGraph SaaS cloud (nextgraph.eu) so it is safe.
ExtObjectGetV0 {
overlay: overlay_id,
ids: third_round.iter().map(|o| o.id).collect::<Vec<ObjectId>>(),
include_files: true,
},
)
.await?;
blocks.into_iter().for_each(|b| _ = store.put(&b));
for third_ref in third_round.into_iter() {
match Object::load(third_ref.id, Some(third_ref.key), &store) {
Err(e) => println!("Error: {:?}", e),
Ok(o) => match o.content_v0() {
Err(e) => println!("Error: {:?}", e),
Ok(ObjectContentV0::Snapshot(snap)) => match String::from_utf8(snap) {
Err(e) => println!("Error: {:?}", e),
Ok(s) => println!("Here is the snapshot data :\n\r{}", s),
},
Ok(ObjectContentV0::CommitBody(CommitBody::V0(
CommitBodyV0::Repository(repo),
))) => {
// DO THE SIGNATURE VERIFICATION
if signature.is_some() && certificate.is_some() {
if let NuriTargetV0::Repo(repo_id) = nuri.target {
if repo.id() != &repo_id {
println!(
"Repo in Nuri and Certificate differ : {}",
repo_id
)
}
}
println!("Repo that signed : {}", repo.id());
certificate
.as_ref()
.unwrap()
.verify_with_repo_id(&repo.id())?;
signature
.as_ref()
.unwrap()
.verify(certificate.as_ref().unwrap())?;
println!("Signature is valid!");
}
// TODO deal with more rounds needed if root certificate is not the second one in chain
}
_ => println!("unsupported object"),
},
}
}
return Ok(());
}
_ => {}
}
// reading config from file, if any // reading config from file, if any
let mut config_path = path.clone(); let mut config_path = path.clone();
config_path.push("config.json"); config_path.push("config.json");

Write Preview
Loading…
Cancel
Save