diff --git a/Cargo.toml b/Cargo.toml index 90df1cf..038808e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,6 +18,7 @@ tracing = { version = "0.1.26" } serde = { version = "1.0.219", features = ["derive"] } thiserror = "2.0.11" rust-bitvmx-storage-backend = { git = "https://github.com/FairgateLabs/rust-bitvmx-storage-backend.git", optional = true, tag = "v0.5.1" } +bitvmx-settings = { git = "https://github.com/FairgateLabs/rust-bitvmx-settings.git", tag = "v0.5.1" } tokio-rustls = "0.26.2" tokio-util = "0.7.14" rustls = "0.23.29" diff --git a/examples/server.rs b/examples/server.rs index e904c32..042203d 100644 --- a/examples/server.rs +++ b/examples/server.rs @@ -1,5 +1,4 @@ use std::{ - fs, net::{IpAddr, Ipv4Addr}, sync::{ atomic::{AtomicBool, Ordering}, @@ -11,6 +10,7 @@ use std::{ #[cfg(feature = "storagebackend")] use bitvmx_broker::broker_storage; +use bitvmx_settings::settings; #[cfg(feature = "storagebackend")] use broker_storage::BrokerStorage; #[cfg(feature = "storagebackend")] @@ -63,8 +63,9 @@ fn wait_ctrl() { fn main() { init_tracing().unwrap(); let flags = Flags::parse(); - let privk = fs::read_to_string("certs/services.key").expect("Failed to read private key file"); - let cert = Cert::new_with_privk(&privk).unwrap(); + let privk = settings::decrypt_or_read_file("certs/services.key") + .expect("Failed to read private key file"); + let cert = Cert::new_with_privk(privk.as_str()).unwrap(); let allow_list = AllowList::from_certs(vec![cert.clone()], vec![IpAddr::V4(Ipv4Addr::LOCALHOST)]).unwrap(); let routing = RoutingTable::new(); diff --git a/src/channel/queue_channel.rs b/src/channel/queue_channel.rs index 580078b..0e61468 100644 --- a/src/channel/queue_channel.rs +++ b/src/channel/queue_channel.rs @@ -5,6 +5,7 @@ use std::{ sync::{Arc, Mutex}, }; +use bitvmx_settings::settings; use serde::{Deserialize, Serialize}; use storage_backend::{ storage::{KeyValueStore, Storage}, @@ -150,7 +151,7 @@ impl QueueChannel { ) -> Result { let allow_list = AllowList::from_file(allow_list)?; let routing_table = RoutingTable::from_file(routing_table)?; - let privk = std::fs::read_to_string(privk)?; + let privk = settings::decrypt_or_read_file(privk)?; Self::new( name, address, diff --git a/src/rpc/errors.rs b/src/rpc/errors.rs index a09d5e4..efa2e8a 100644 --- a/src/rpc/errors.rs +++ b/src/rpc/errors.rs @@ -1,5 +1,6 @@ use crate::settings::MAX_MSG_SIZE_KB; use crate::{channel::retry_helper::RetryPolicyError, identification}; +use bitvmx_settings::errors::ConfigError; use serde::{Deserialize, Serialize}; use std::sync::{Arc, Mutex, MutexGuard, PoisonError}; use thiserror::Error; @@ -84,6 +85,9 @@ pub enum BrokerError { #[error("Other error: {0}")] Other(String), + + #[error("Setting file error: {0}")] + Settings(#[from] ConfigError), } impl From> for BrokerError { diff --git a/src/rpc/tls_helper.rs b/src/rpc/tls_helper.rs index 95c561c..f5124d1 100644 --- a/src/rpc/tls_helper.rs +++ b/src/rpc/tls_helper.rs @@ -86,17 +86,9 @@ impl Cert { } pub fn from_key_file(key_path: &str) -> Result { let key_pem = std::fs::read_to_string(key_path)?; - let cert = Self::create_cert(Some(&key_pem))?; - let (generated_key_pem, cert_pem, spki_der, ca_der) = Self::get_vars(&cert, CA_KEY)?; - let pubk_hash = Self::pubk_hash_from_der(&spki_der)?; - Ok(Self { - key_pem: generated_key_pem, - cert_pem, - spki_der, - ca_der, - pubk_hash, - }) + Self::new_with_privk(&key_pem) } + pub fn from_file(path: &str, name: &str) -> Result { let cert_path = format!("{path}/{name}.pem"); let key_path = format!("{path}/{name}.key"); @@ -253,12 +245,6 @@ impl Cert { let fingerprint = digest(&SHA256, spki); Ok(hex::encode(fingerprint.as_ref())) } - - pub fn get_pubk_hash_from_privk(privk: &str) -> Result { - let cert = Cert::new_with_privk(privk)?; - let fingerprint = cert.get_pubk_hash()?; - Ok(fingerprint) - } } #[derive(Debug)]