client/src/peer_manager.rs

@@ -1,6 +1,7 @@
 use std::str::FromStr;
 use std::sync::Arc;
 
+use aspect_proto::auth::AspAuthConfig;
 use ecksport_rpc::client::RpcClient;
 use ecksport_rpc::errors::ClientError;
 use thiserror::Error;
@@ -10,7 +11,7 @@ use tracing::*;
 use aspect_core::addrfmt;
 use aspect_core::message_queue::MessageQueueId;
 use aspect_db::state_prop::StatePropDatastore;
-use aspect_ident::{DeviceIdent, DirPackage};
+use aspect_ident::{DeviceIdent, DirPackage, IdentSigner};
 use aspect_proto::identity::AnnResponse;
 use aspect_proto::msg_queue::{MqListRequest, QueueViewState};
 use aspect_proto::user::UserCreds;
@@ -47,18 +48,37 @@ pub enum Error {
     Datastore(#[from] aspect_db::errors::Error),
 }
 
+/// Used to indicate how we decide to authenticate with a server.
+#[derive(Clone)]
+pub enum PeerAuthConfig {
+    Anon,
+    Ident(Arc<IdentSigner>),
+}
+
+impl PeerAuthConfig {
+    /// Constructs an [``AspAuthConfig``] from the auth config.
+    pub fn to_ecks_auth_config(&self) -> AspAuthConfig {
+        match self {
+            Self::Anon => AspAuthConfig::new_unauth(),
+            Self::Ident(signer) => AspAuthConfig::new_auth(signer.clone()),
+        }
+    }
+}
+
 /// Manages a client's peers, in the context-dependent forms they might take.
 pub struct PeerManager {
     stateprop_ds: Arc<StatePropDatastore>,
     creds: RwLock<Option<HomeserverCreds>>,
     homeserver_client: RwLock<Option<Arc<HomeserverClient>>>,
     signer_man: Arc<RwLock<SignerManager>>,
+    peer_auth_config: PeerAuthConfig,
 }
 
 impl PeerManager {
     pub async fn new(
         stateprop_ds: Arc<StatePropDatastore>,
         signer_man: Arc<RwLock<SignerManager>>,
+        peer_auth_config: PeerAuthConfig,
     ) -> Result<Self, Error> {
         let creds = stateprop_ds
             .get_prop::<HomeserverCreds>(DSK_HOMESERVER_CREDS)
@@ -69,6 +89,7 @@ impl PeerManager {
             creds: RwLock::new(creds),
             homeserver_client: RwLock::new(None),
             signer_man,
+            peer_auth_config,
         })
     }
 
@@ -117,6 +138,12 @@ impl PeerManager {
         self.get_creds().await.ok_or(Error::NoHomeserverCreds)
     }
 
+    /// Creates an instance of an auth config to use based on the peer auth
+    /// config.
+    pub fn create_ecks_auth_config(&self) -> AspAuthConfig {
+        self.peer_auth_config.to_ecks_auth_config()
+    }
+
     /// Connects to a homeserver and registers an account on it.
     pub async fn connect_and_register(
         &self,
@@ -128,7 +155,8 @@ impl PeerManager {
         info!(%homeserver, "connecting to homeserver...");
         let addr = addrfmt::Address::from_str(&homeserver)?;
 
-        let rpc_client = connect_to_server(addr).await?;
+        let acfg = self.create_ecks_auth_config();
+        let rpc_client = connect_to_server(addr, acfg).await?;
         let client = HomeserverClient::from_client(rpc_client);
         let client = Arc::new(client);
         client
@@ -168,7 +196,8 @@ impl PeerManager {
         info!(%homeserver, "connecting to homeserver...");
         let addr = addrfmt::Address::from_str(&homeserver)?;
 
-        let rpc_client = connect_to_server(addr).await?;
+        let acfg = self.create_ecks_auth_config();
+        let rpc_client = connect_to_server(addr, acfg).await?;
         let client = HomeserverClient::from_client(rpc_client);
         let client = Arc::new(client);
 
@@ -205,7 +234,8 @@ impl PeerManager {
 
         info!(%homeserver, "connecting to homeserver...");
         let addr = addrfmt::Address::from_str(&homeserver)?;
-        let rpc_client = connect_to_server(addr).await?;
+        let acfg = self.create_ecks_auth_config();
+        let rpc_client = connect_to_server(addr, acfg).await?;
         let client = HomeserverClient::from_client(rpc_client);
         let mut hsc = self.homeserver_client.write().await;
         *hsc = Some(Arc::new(client));
@@ -315,11 +345,14 @@ impl PeerManager {
     }
 }
 
-async fn connect_to_server(addr: addrfmt::Address) -> Result<RpcClient, Error> {
+async fn connect_to_server(
+    addr: addrfmt::Address,
+    auth: AspAuthConfig,
+) -> Result<RpcClient, Error> {
     match addr {
         addrfmt::Address::Sock(addr) => {
             let conn = ecksport_net::builder::ClientBuilder::new(aspect_proto::protocol::PROTO_V0)
-                .connect_tcp(addr)
+                .connect_tcp_authed(addr, auth)
                 .await?;
 
             Ok(ecksport_rpc::client::RpcClient::new(conn))

client/src/signer_manager.rs

@@ -2,7 +2,7 @@ use std::path::PathBuf;
 
 use futures::TryFutureExt;
 
-use aspect_ident::crypto;
+use aspect_ident::{crypto, IdentSigner};
 
 use crate::errors::Error;
 
@@ -61,6 +61,12 @@ impl SignerManager {
     pub fn current_dirpkg(&self) -> &aspect_ident::DirPackage {
         self.signer.cur_package()
     }
+
+    /// Extracts a copy of the signer, shouldn't be used for signing new identity updates.
+    // TODO remove this, it's bad
+    pub fn get_internal_signer(&self) -> IdentSigner {
+        self.signer.clone()
+    }
 }
 
 async fn save_signer(signer: &aspect_ident::IdentSigner, path: &PathBuf) -> Result<(), Error> {

homeserver/src/main.rs

@@ -96,8 +96,9 @@ async fn main_task(config: &Config) -> anyhow::Result<()> {
     net_builder.add_protocol(aspect_proto::protocol::PROTO_V0, v0reg);
 
     // Start listening.
+    let auth = aspect_proto::auth::AspAuthConfig::new_unauth();
     let lis_addr = net::SocketAddr::from((net::Ipv4Addr::new(0, 0, 0, 0), config.listen_port));
-    let lis_handle = net_builder.bind_tcp_listener((), lis_addr).await?;
+    let lis_handle = net_builder.bind_tcp_listener(auth, lis_addr).await?;
     tokio::time::sleep(time::Duration::from_millis(100)).await;
 
     // Build and start the RPC server.

proto/src/auth.rs

@@ -16,7 +16,6 @@ pub struct AspAuthConfig {
 impl AspAuthConfig {
     // TODO make a constructor that takes the inner data or something?
     pub fn new_auth(signer: Arc<IdentSigner>) -> Self {
-        // TODO verify the keypair matches the package
         Self {
             signer: Some(signer),
         }
@@ -29,10 +28,7 @@ impl AspAuthConfig {
 
 impl ecksport_core::traits::AuthConfig for AspAuthConfig {
     fn get_intent(&self) -> frame::AuthIntent {
-        match self.signer {
-            Some(_) => frame::AuthIntent::ClientOnly,
-            None => frame::AuthIntent::Neither,
-        }
+        frame::AuthIntent::ClientOnly
     }
 
     fn sign_challenge(

test/run-tests.sh

@@ -3,7 +3,7 @@
 cd $(dirname $(realpath $0))
 
 # TODO make these not override external settings
-export RUST_LOG=trace,sqlx::query=warn,sled=warn,aspect_db=trace,hyper=info,aspect_transport2::connection=info
+export RUST_LOG=trace,sqlx::query=warn,sled=warn,aspect_db=trace,hyper=info,ecksport_core=trace,ecksport_net=trace,soketto=debug
 export RUST_BACKTRACE=1
 
 # also figure out the bins path

user/src/main.rs

@@ -5,7 +5,12 @@ use thiserror::Error;
 use tokio::sync::{oneshot, RwLock};
 use tracing::*;
 
-use aspect_client::{device_resolver, errors::Error, peer_manager, signer_manager};
+use aspect_client::{
+    device_resolver,
+    errors::Error,
+    peer_manager::{self, PeerAuthConfig},
+    signer_manager,
+};
 use aspect_client_rpc::ClientRpcServer;
 use aspect_db::prelude::*;
 use aspect_svc_common::{logging, make_rt};
@@ -70,6 +75,7 @@ async fn main_task(config: &Config) -> Result<(), InitError> {
 
     // Ready the device signer.
     let sm_inner = open_or_create_device(&config.datadir, config).await?;
+    let internal_signer = Arc::new(sm_inner.get_internal_signer());
     let ident = *sm_inner.current_update_pkg().ident();
     info!(%ident, "loaded device");
     let signer_man = Arc::new(RwLock::new(sm_inner));
@@ -78,8 +84,10 @@ async fn main_task(config: &Config) -> Result<(), InitError> {
     let state_prop_ds = Arc::new(StatePropDatastore::new(dbc.clone())?);
     let ident_ds = Arc::new(DeviceDatastore::new(dbc)?);
 
-    let peer_man =
-        Arc::new(peer_manager::PeerManager::new(state_prop_ds, signer_man.clone()).await?);
+    let peer_auth_config = PeerAuthConfig::Ident(internal_signer);
+    let peer_man = Arc::new(
+        peer_manager::PeerManager::new(state_prop_ds, signer_man.clone(), peer_auth_config).await?,
+    );
     let dev_resolv = Arc::new(device_resolver::DeviceResolver::new(
         peer_man.clone(),
         ident_ds.clone(),