Merge pull request #257 from hug-dev/new-socket-path

Modify socket path to conform to FHS

Author: hug-dev

Cargo.toml

@@ -52,7 +52,6 @@ features = ["pkcs11-provider", "tpm-provider", "tss-esapi/docs", "mbed-crypto-pr
 
 [features]
 default = []
-no-parsec-user-and-clients-group = []
 mbed-crypto-provider = ["psa-crypto"]
 pkcs11-provider = ["pkcs11", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "psa-crypto", "rand"]
 tpm-provider = ["tss-esapi", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "hex"]

ci.sh

@@ -67,10 +67,10 @@ while [ "$#" -gt 0 ]; do
             PROVIDER_NAME=$1
             cp $(pwd)/e2e_tests/provider_cfg/$1/config.toml $CONFIG_PATH
             if [ "$PROVIDER_NAME" = "all" ]; then
-                FEATURES="--features=all-providers,no-parsec-user-and-clients-group"
+                FEATURES="--features=all-providers"
                 TEST_FEATURES="--features=all-providers"
             else
-                FEATURES="--features=$1-provider,no-parsec-user-and-clients-group"
+                FEATURES="--features=$1-provider"
                 TEST_FEATURES="--features=$1-provider"
             fi
         ;;

config.toml

@@ -17,6 +17,7 @@
 
 # Log level to be applied across the service. Can be overwritten for certain modules which have the same
 # configuration key. Possible values: "debug", "info", "warn", "error", "trace"
+# WARNING: This option will not be updated if the configuration is reloaded with a different one.
 #log_level = "warn"
 
 # Control whether log entries contain a timestamp.
@@ -44,6 +45,12 @@ listener_type = "DomainSocket"
 # timeout expires, the connection is dropped.
 timeout = 200 # in milliseconds
 
+# Specify the Unix Domain Socket path. The path is fixed and should always be the default one for
+# clients to connect. However, it is useful to change it for tests.
+# WARNING: If a file already exists at that path, the service will remove it before creating the
+# socket file.
+#socket_path = "/run/parsec/parsec.sock"
+
 # (Required) Configuration for the components managing key info for providers.
 # Defined as an array of tables: https://github.com/toml-lang/toml#user-content-array-of-tables
 [[key_manager]]
@@ -54,7 +61,7 @@ name = "on-disk-manager"
 manager_type = "OnDisk"
 
 # Path to the location where the mapping will be persisted (in this case, the filesystem path)
-#store_path = "./mappings"
+#store_path = "/var/lib/parsec/mappings"
 
 # (Required) Provider configurations.
 # Defined as an array of tables: https://github.com/toml-lang/toml#user-content-array-of-tables

e2e_tests/Cargo.toml

@@ -14,7 +14,7 @@ publish = false
 
 [dependencies]
 serde = { version = "1.0.115", features = ["derive"] }
-parsec-client = { version = "0.9.0", features = ["testing"] }
+parsec-client = { version = "0.10.0", features = ["testing"] }
 log = "0.4.11"
 rand = "0.7.3"
 

e2e_tests/provider_cfg/all/config.toml

@@ -10,10 +10,12 @@ allow_root = true
 [listener]
 listener_type = "DomainSocket"
 timeout = 200 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "MbedCrypto"

e2e_tests/provider_cfg/mbed-crypto/config.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "MbedCrypto"

e2e_tests/provider_cfg/pkcs11/config.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "Pkcs11"

e2e_tests/provider_cfg/tpm/config.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "Tpm"

e2e_tests/src/lib.rs

@@ -22,11 +22,15 @@ use parsec_client::core::interface::operations::psa_key_attributes::{
     Attributes, EccFamily, Lifetime, Policy, Type, UsageFlags,
 };
 use parsec_client::core::interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
+use parsec_client::core::ipc_handler::unix_socket;
 use parsec_client::core::secrecy::{ExposeSecret, Secret};
 use parsec_client::error::Error;
 use std::collections::HashSet;
 use std::time::Duration;
 
+const TEST_SOCKET_PATH: &str = "/tmp/parsec.sock";
+const TEST_TIMEOUT: Duration = Duration::from_secs(1);
+
 /// Client structure automatically choosing a provider and high-level operation functions.
 #[derive(Debug)]
 pub struct TestClient {
@@ -58,6 +62,9 @@ impl TestClient {
             created_keys: Some(HashSet::new()),
         };
 
+        let ipc_handler = unix_socket::Handler::new(TEST_SOCKET_PATH.into(), Some(TEST_TIMEOUT));
+        client.basic_client.set_ipc_handler(Box::from(ipc_handler));
+
         let crypto_provider = client.find_crypto_provider();
         client.set_provider(crypto_provider);
         client

e2e_tests/src/raw_request.rs

@@ -13,7 +13,7 @@ const MAX_BODY_SIZE: usize = 1 << 31;
 #[derive(Copy, Clone, Debug)]
 pub struct RawRequestClient;
 
-static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock";
+static SOCKET_PATH: &str = "/tmp/parsec.sock";
 const TIMEOUT: Duration = Duration::from_secs(5);
 
 #[allow(clippy::new_without_default)]

e2e_tests/tests/config/tomls/list_providers_1.toml

@@ -6,10 +6,12 @@ log_error_details = true
 [listener]
 listener_type = "DomainSocket"
 timeout = 200 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "MbedCrypto"

e2e_tests/tests/config/tomls/list_providers_2.toml

@@ -6,10 +6,12 @@ log_error_details = true
 [listener]
 listener_type = "DomainSocket"
 timeout = 200 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "Pkcs11"

e2e_tests/tests/config/tomls/pkcs11_software.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "Pkcs11"

e2e_tests/tests/per_provider/normal_tests/export_key.rs

@@ -91,14 +91,14 @@ fn export_without_create() {
 }
 
 #[test]
-fn import_and_export_public_key() -> Result<()> {
+fn import_and_export_key() -> Result<()> {
     let mut client = TestClient::new();
 
     if !client.is_operation_supported(Opcode::PsaExportKey) {
         return Ok(());
     }
 
-    let key_name = String::from("import_and_export_public_key");
+    let key_name = String::from("import_and_export_key");
     let key_data = vec![
         48, 129, 137, 2, 129, 129, 0, 153, 165, 220, 135, 89, 101, 254, 229, 28, 33, 138, 247, 20,
         102, 253, 217, 247, 246, 142, 107, 51, 40, 179, 149, 45, 117, 254, 236, 161, 109, 16, 81,

e2e_tests/tests/per_provider/normal_tests/ping.rs

@@ -7,6 +7,8 @@ use parsec_client::core::interface::requests::Opcode;
 use parsec_client::core::interface::requests::ProviderID;
 use parsec_client::core::interface::requests::ResponseStatus;
 use parsec_client::core::interface::requests::Result;
+use parsec_client::core::ipc_handler::unix_socket;
+use std::time::Duration;
 
 #[test]
 fn test_ping() -> Result<()> {
@@ -20,7 +22,13 @@ fn test_ping() -> Result<()> {
 
 #[test]
 fn mangled_ping() {
-    let client = RequestClient::default();
+    let client = RequestClient {
+        ipc_handler: Box::from(unix_socket::Handler::new(
+            "/tmp/parsec.sock".into(),
+            Some(Duration::from_secs(1)),
+        )),
+        ..Default::default()
+    };
     let mut req = Request::new();
     req.header.provider = ProviderID::Core;
     req.header.opcode = Opcode::Ping;

fuzz/config.toml

@@ -3,10 +3,12 @@
 [listener]
 listener_type = "DomainSocket"
 timeout = 200 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 # [[provider]]
 # provider_type = "MbedCryptoProvider"