Fix ffi transport #48
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nager - Changed `alwaysApply` in `codeformat.mdc` to `true`, ensuring consistent application of formatting rules. - Refactored error handling in `NodeKeyManager` to improve clarity and maintainability, including updates to method signatures and error propagation. - Enhanced the `Keys` class to utilize the new error handling patterns, ensuring consistent behavior across key management functionalities. - Updated tests to validate the new error handling logic and ensure comprehensive coverage of key management workflows.
- Updated the `get_node_public_key` method to return an error if the public key is not available, improving robustness in key management. - Refactored related code in `InitCommand` and tests to handle the new error cases, ensuring consistent behavior across the application. - Enhanced test coverage for scenarios where the node public key may not be generated, validating the new error handling logic. - Improved logging and error messages for better debugging and user feedback during key management operations.
- Improved error handling for node ID and public key retrieval in the NodeKeyManager, ensuring robust validation and clearer error messages. - Updated transport methods to utilize new callback structures for peer connection and disconnection events, enhancing the overall transport functionality. - Refactored tests to validate the new error handling logic and ensure comprehensive coverage of key management workflows. - Enhanced logging for better debugging and user feedback during key management operations.
…ement - Introduced a comprehensive design for a QUIC-only CA Node infrastructure, detailing enrollment APIs, token systems, and certificate lifecycle management. - Added new data structures for handling enrollment requests, responses, and revocation processes, enhancing the CA Node's capabilities. - Implemented rate limiting for enrollment requests to prevent abuse and ensure fair usage. - Established error handling mechanisms for CA Node operations, improving robustness and user feedback. - Enhanced testing coverage for new functionalities, ensuring reliability and correctness in certificate issuance and management workflows.
…se handling - Added a method to `CertificateAuthority` for signing CA certificate requests with a specified serial number, including necessary extensions for CA certificates. - Introduced methods in `MobileKeyManager` to convert CA Node enrollment and renewal responses into `NodeCertificateMessage`, improving the handling of certificate data. - Enhanced test coverage for CA certificate signing and mobile enrollment processes, ensuring robust validation of the new functionalities.
- Introduced a new method in `CertificateValidator` to validate X.509 extensions for leaf certificates, ensuring compliance with security standards. - Updated the `CaRevocationList` struct to clarify the format of the issuing CA serial number, changing the description to indicate it is stored as raw bytes. - Enhanced tests to validate the new certificate validation logic and ensure correct handling of CRL serial formats, improving overall robustness.
- Changed the representation of the issuing CA serial number in the `CaStatus` struct from a string to a hexadecimal format, improving clarity and consistency in certificate data handling.
- Introduced a new `CaClient` and `CaServer` for handling QUIC-based CA Node operations, including enrollment, renewal, revocation, and CRL management. - Added methods for validating peer certificates against CRL-lite, enhancing security in certificate handling. - Implemented rate limiting for enrollment requests to prevent abuse and ensure fair usage. - Enhanced existing data structures and introduced new configurations for CA Node operations, improving overall functionality. - Added comprehensive tests to validate the new QUIC client and server functionalities, ensuring robust integration and error handling.
- Updated the CA Node design to implement a binary protocol over QUIC, introducing distinct message types for enrollment, renewal, revocation, and status requests. - Added network ID validation to all request structures, ensuring proper routing and security across multiple networks. - Enhanced error handling for invalid message types and network ID mismatches, improving robustness in request processing. - Introduced new request and response structures for chain and CRL operations, streamlining the CA Node's API. - Updated tests to validate the new protocol and request handling, ensuring comprehensive coverage and functionality.
…ionality - Moved existing unit tests from various modules into dedicated test files for `CA Node`, `Certificate`, and `Enrollment Token`, improving organization and maintainability. - Implemented comprehensive unit tests for CA Node creation, enrollment authority configuration, and rate limiting, ensuring robust validation of core functionalities. - Added unit tests for certificate signing and enrollment token generation, enhancing coverage for critical operations. - Removed redundant test code from original modules, streamlining the codebase and focusing on unit testing best practices.
- Updated `CaClient` to support root and issuing CA certificates for server certificate validation, improving security in mTLS operations. - Refactored `CaClient` to utilize `RwLock` for the `NodeKeyManager`, enhancing thread safety. - Implemented message type determination for requests, streamlining request handling. - Enhanced `CaServer` to create certificates using the issuing CA, improving the certificate issuance process. - Updated server methods to return actual socket addresses, improving clarity in server operations. - Improved error handling and logging for certificate addition and request processing. - Enhanced end-to-end tests to validate the complete CA Node infrastructure with real QUIC mTLS connections, ensuring robust integration and functionality.
- Updated `CANode` to remove peer SKI validation against CSR public key SKI during key renewal, allowing for key rotation while ensuring the CSR CN matches the peer identity. - Enhanced `CaClient` to improve message type determination for requests, supporting distinct handling for `CsrEnrollRequest`, `RenewRequest`, and `RevokeRequest`. - Improved logging throughout the `CaClient` and `CaServer` for better visibility into request processing and connection establishment. - Refactored error handling in the `CaServer` to ensure accurate payload length checks and improved clarity in response creation. - Enhanced end-to-end tests to validate the updated request handling and logging functionalities, ensuring robust integration and performance.
- Updated `CaClient` to support new request types including `CrlRequest` and `StatusRequest`, improving message type determination. - Refactored request handling in `CaClient` to utilize structured request objects for `fetch_chain`, `fetch_crl`, and `get_status` methods, enhancing clarity and maintainability. - Improved logging in `CaServer` to provide clearer output for server startup and connection events. - Enhanced end-to-end tests to validate the new request handling and logging functionalities, ensuring robust integration and performance.
- Removed the `ca_types` module, consolidating all type definitions into `runar_keys::ca_node_types` to establish a single source of truth for CA operations. - Updated `CaClient` and `CaServer` to utilize the new type definitions, enhancing clarity and maintainability in request handling. - Implemented replay attack detection and cache cleanup in `CaServer`, improving security measures. - Enhanced end-to-end tests to validate the updated request handling and type usage, ensuring robust integration and performance.
- Expanded the `CaErrorResponse` struct to include an optional `reason` field for more detailed error reporting. - Added constructor methods for creating various error responses, including specific methods for common HTTP error codes (e.g., unauthorized, forbidden, bad request). - Updated tests to validate the new error response constructors and ensure correct serialization/deserialization behavior. - Refactored error handling in `CaServer` to utilize the new `CaErrorResponse` methods, improving clarity and maintainability in error responses.
- Introduced a comprehensive FFI API design document detailing the required changes for the NodeKeyManager dual-role implementation, including lifecycle updates, new APIs, and error handling improvements. - Added a NodeJS API design document outlining the necessary modifications to align with the latest `runar-keys` and `runar-transporter` crates, ensuring consistency with the FFI and introducing new methods for profile key management, CA Node operations, and certificate management. - Both documents emphasize the importance of preserving existing functionality while implementing a clean, modern API design and robust error handling. - The implementation plan includes phased approaches for both FFI and NodeJS APIs to minimize risks and ensure thorough testing of each component before proceeding to the next phase.
- Introduced several new functions in the FFI API for the NodeKeyManager, including `rn_keys_node_has_keys_v2`, `rn_keys_node_generate_keys_v2`, and `rn_keys_node_get_node_id_v2`, enhancing key management capabilities. - Added functions for CA Node and Server creation and management, such as `rn_keys_ca_node_new`, `rn_keys_ca_node_free`, `rn_transport_ca_server_new`, and `rn_transport_ca_server_free`, to support CA operations. - Implemented profile key management functions, including `rn_keys_node_derive_user_profile_key`, `rn_keys_node_install_profile_public_key`, and `rn_keys_node_get_profile_public_key_by_label`, improving user profile key handling. - Enhanced error handling and null pointer checks across new API functions to ensure robustness and reliability. - Updated comprehensive tests to validate the new API functionalities and ensure correct behavior under various scenarios.
- Added new dependencies for base64 encoding in Cargo.toml and Cargo.lock. - Introduced new C-compatible data structures for CA Server and Client configurations in runar_ffi.h. - Enhanced the FFI API with new functions for CA operations, including handling enrollment, renewal, and revocation requests. - Updated error handling and null pointer checks across the new API functions to improve robustness. - Refactored existing tests to accommodate changes in the API and ensure comprehensive coverage of new functionalities.
- Updated the FFI API to retrieve bootstrap and authenticated addresses directly from the server configuration instead of using hardcoded default values. - Introduced new methods in the `CaServer` struct to provide access to the bootstrap and authenticated bind addresses, enhancing flexibility and configurability in address management.
- Introduced new tests for CA Node creation, including happy path scenarios and error handling for null arguments. - Added tests for installing issuing CA with valid and null CA node inputs, ensuring robust validation of CA operations. - Implemented utility functions for creating test data, including test logger, ECDSA key pairs, and certificates, to support the new tests.
…tests - Introduced new functions for generating CSRs, generating keys, and installing certificates in the FFI API, enhancing certificate management capabilities. - Updated Cargo.toml and Cargo.lock to include the rustls dependency for improved security features. - Added comprehensive end-to-end integration tests for the CA Node infrastructure using real QUIC mTLS connections, validating the complete certificate lifecycle including enrollment, renewal, revocation, and CRL-lite enforcement. - Enhanced error handling and null pointer checks across new API functions to ensure robustness and reliability.
…tion tests - Added `rn_keys_node_get_certificate_serial` function to retrieve the serial number of the installed certificate, improving certificate management capabilities. - Updated the FFI API design document to reflect the new functions and their usage. - Enhanced end-to-end integration tests to validate the complete certificate lifecycle, including retrieval of certificate serials and improved error handling. - Refactored existing tests to accommodate changes in the API and ensure comprehensive coverage of new functionalities.
- Introduced new error codes for certificate management in `runar_ffi.h` to enhance error reporting. - Added `CaClientWrapper` struct in `lib.rs` to encapsulate CA client configuration and state. - Implemented new FFI functions for configuring CA client settings, setting root and issuing CA certificates, and managing node key manager. - Updated existing functions to utilize the new wrapper structure, improving memory management and clarity in the API. - Enhanced error handling for null arguments and invalid inputs across new functions, ensuring robustness.
- Introduced functions for creating Root and Issuing CA certificates, retrieving CA certificate DER bytes, and obtaining CA certificate subjects in `runar_ffi.h` and `lib.rs`. - Implemented error handling for null arguments and invalid inputs to enhance robustness. - Added a function to free CA resources, ensuring proper memory management. - Updated documentation comments for clarity on new functionalities.
… handling - Introduced functions for generating and validating enrollment tokens in `runar_ffi.h` and `lib.rs`, enhancing token management capabilities. - Added functions for retrieving QUIC certificate configuration, node certificates, and installing certificates from messages, improving certificate handling. - Implemented error handling for null arguments and invalid inputs to ensure robustness across new functionalities. - Updated existing functions to utilize new data structures and improved memory management practices. - Enhanced integration tests to validate the new functionalities and ensure comprehensive coverage of the certificate lifecycle.
- Added `serde_json` as a dependency in `Cargo.toml` to support JSON serialization features. - Updated `Cargo.lock` to reflect the new dependency. - Expanded the FFI API design document with new sections detailing helper functions, test data creation, async handling strategies, and performance validation for comprehensive testing. - Included detailed descriptions of new test helper functions and their usage in the FFI context, improving clarity and usability for developers.
- Removed `serde_json` from `Cargo.toml` and updated `Cargo.lock` accordingly to streamline dependencies. - Enhanced the FFI API design document with new sections detailing CA Client configuration and key consistency, emphasizing the importance of using the same Enrollment Authority keys for server configuration and token signing. - Improved integration test logging for better traceability during CA Client operations, ensuring clarity in the enrollment process and configuration steps.
- Introduced a new function to validate the certificate chain, ensuring that both Root CA and Issuing CA certificates are properly sized and not empty. - Refactored the CA certificate creation process to consolidate the creation of Root and Issuing CA certificates into a single function, improving clarity and usability. - Updated integration tests to include validation of the certificate chain, enhancing the robustness of the testing framework.
…rations - Updated the FFI API design document to include the new `rn_transport_ca_client_new_with_config` function, detailing the complete configuration options for the CA Client. - Added debug logging statements in the `rn_transport_ca_client_configure`, `rn_transport_ca_client_set_root_ca_cert`, and `rn_transport_ca_client_set_issuing_ca_cert` functions to provide insights into the CA Client's configuration and certificate management processes. - Enhanced integration tests with additional logging for certificate diagnostics and network connectivity checks, improving traceability during end-to-end tests.
- Introduced `rn_transport_ca_client_new_with_config` function to create a CA Client with a comprehensive configuration passed as CBOR, enhancing flexibility and usability. - Removed deprecated CA Client configuration functions to streamline the API and reduce complexity. - Updated integration tests to validate the new client creation process with configuration, ensuring proper handling of server addresses and certificates. - Enhanced error handling for configuration parsing and validation, improving robustness in client initialization.
- Introduced a new `DiscoveryInner` struct to encapsulate discovery event channels, ensuring separation of concerns from transport. - Added dedicated polling functions for discovery events (`rn_discovery_poll_discovered`, `rn_discovery_poll_updated`, `rn_discovery_poll_lost`) to allow independent access to discovery events. - Removed discovery event channels from `TransportInner`, eliminating tight coupling between discovery and transport. - Updated the FFI interface to bind discovery events to its own channels instead of transport channels. - Enhanced tests to validate the new discovery event polling functionality, ensuring comprehensive coverage of the updated architecture.
- Introduced a new test suite for verifying the handshake dataflow, focusing on NodeInfo exchange between peers. - Implemented tests for the complete handshake process, including connection initiation, event verification, and NodeInfo updates during connection. - Enhanced logging and error handling throughout the tests to ensure clarity and traceability. - Updated the test module to include the new handshake tests, ensuring comprehensive coverage of the FFI interface's handshake functionality.
Enhance FFI Transporter API with Source and Destination Peer IDs - Added `source_peer_id` and `destination_peer_id` fields to `TransportRequestEvent` and `TransportEventEvent` structs to address critical architectural flaws. - Updated the FFI layer to ensure these IDs are included in transport events, enhancing security and traceability. - Modified tests to validate the presence and correctness of source and destination peer IDs in transport events, ensuring comprehensive coverage of the new functionality.
- Replaced hardcoded byte arrays in `generate_peer_info_vectors` and `generate_network_message_payload_item_vectors` with new vector representations for improved clarity and consistency. - Adjusted payload data for various network message payload items to use explicit byte vectors instead of string literals, enhancing type safety and readability.
- Added functions to generate vectors for CA server configurations, node metadata, service metadata, action metadata, subscription metadata, field schemas, and schema data types. - Implemented generation of handshake data and connection role vectors to align with Swift expectations. - Introduced discovery options and QUIC transport options vectors to complete the FFI types representation. - Updated existing functions to improve clarity and maintainability of the codebase.
…lization for peer info and options - Updated `rn_discovery_new_with_multicast` to accept `peer_info_cbor` and `options_cbor` as parameters, replacing the previous `keys` parameter. - Removed manual parsing of discovery options, now utilizing standard CBOR serialization for `PeerInfo` and `DiscoveryOptions`. - Refactored related tests to accommodate the new API structure and ensure proper functionality with the updated parameters. - Enhanced error handling for invalid CBOR data, improving robustness of the discovery process.
…ed CBOR serialization - Updated `rn_transport_new_with_keys` to utilize `QuicTransportOptionsConfig` for parsing transport options, replacing manual CBOR map parsing. - Introduced a new struct for transport options configuration, enhancing clarity and maintainability. - Refactored related tests to use the new serialization method for transport options, ensuring consistency and correctness. - Improved error handling for transport options parsing, increasing robustness of the FFI interface.
- Added `PartialEq` derive to `QuicTransportOptionsConfig` for comparison functionality. - Implemented `generate_quic_transport_options_config_vectors` to create serialized vectors for `QuicTransportOptionsConfig`. - Introduced `validate_quic_transport_options_config` to ensure consistency between Rust and Swift serialized data. - Updated main function to include validation of `QuicTransportOptionsConfig`, improving cross-platform compatibility.
…ionsConfig struct - Updated `generate_ffi_quic_transport_options_vectors` to use the `QuicTransportOptionsConfig` struct for serialization, enhancing clarity and maintainability. - Added new fields for certificate and key data in the configuration, aligning with Swift expectations. - Improved the generation of serialized vectors for FFI transport options, ensuring consistency with the updated configuration structure.
…ice registry by deleting the get_all_subscriptions_optimized method, streamlining the codebase for better maintainability.
…keys by ID - Implemented `rn_keys_mobile_get_network_public_key_by_id` and `rn_keys_node_get_network_public_key_by_id` functions to allow mobile and node key managers to fetch network public keys using their respective IDs. - Updated the FFI header to include declarations for the new functions. - Enhanced existing tests to validate the new functionality, ensuring proper error handling and successful retrieval of public keys. - Maintained existing test structure without creating new test files, adhering to project guidelines.
…and remote services - Updated the gateway service to include parameters for excluding internal and remote services when listing available services. - Modified the service registry and related components to accept and process these parameters, allowing for more flexible service discovery. - Adjusted tests to ensure proper functionality with the new parameters, verifying that the correct services are returned based on the inclusion flags.
- Deleted the entire CA Node server implementation from `ca_node_server.rs`, including its configuration, connection handling, and request processing logic. - Removed associated tests that validated the CA Node server functionality, streamlining the codebase by eliminating unused components.
…with - Bumped versions of `serde`, `serde_derive`, and `serde_json` to 1.0.228 and `serde_with` to 3.15.0 in `Cargo.toml`. - Added `serde_core` as a new dependency. - Updated checksums in `Cargo.lock` to reflect the new versions and dependencies. - Removed unused `serde_with::As` type alias from `lib.rs` to streamline the codebase.
- Eliminated the `User` and `MyData` structs from `sqlite_test.rs` to streamline the test file and remove unnecessary code. - This change enhances code clarity and maintainability by focusing on relevant test components.
Enhance NodeJS API with Transport Callback Pattern - Added support for a callback pattern in the Transport class, replacing the previous polling mechanism to improve responsiveness and align with Node.js conventions. - Introduced new callback registration methods for handling requests, events, and peer connections, enhancing the API's usability. - Updated the Transport class documentation to reflect the new callback structure and its benefits. - Implemented comprehensive tests to validate the new callback functionality, ensuring alignment with the existing FFI tests. - Improved overall code quality and maintainability across the API and tests.
Enhance NodeJS API with DashMap and Transport Improvements - Added DashMap dependency to improve concurrent access and performance in the Transport class. - Updated Transport class to implement a polling pattern for event handling, aligning with FFI best practices. - Introduced new envelope types for request and event handling, enhancing the API's structure and usability. - Added comprehensive tests to validate the new transport functionality and ensure alignment with existing FFI tests. - Improved overall code quality and maintainability across the API and tests.
- Introduced a cleanup step in the Rust CI workflow to remove build artifacts and cargo cache, helping to manage disk space effectively. - Added disk space checks before and after the cleanup process for better visibility of resource usage.
- Added a mechanism to prevent multiple shutdown calls in the Discovery class, ensuring that the native shutdown is only invoked once. - Updated the Transport class to check if it has started before attempting to stop, preventing unnecessary calls to the native stop method. - Improved error handling in both classes to ignore errors when already shut down or stopped. - Adjusted related tests to validate the new behavior, ensuring robustness in shutdown and stop operations.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.