-
Notifications
You must be signed in to change notification settings - Fork 75
Expand file tree
/
Copy pathconfig.rs
More file actions
122 lines (102 loc) · 3.02 KB
/
config.rs
File metadata and controls
122 lines (102 loc) · 3.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
// SPDX-FileCopyrightText: © 2024-2025 Phala Network <dstack@phala.network>
//
// SPDX-License-Identifier: Apache-2.0
use load_config::load_config;
use rocket::figment::Figment;
use serde::Deserialize;
use std::{path::PathBuf, time::Duration};
pub const DEFAULT_CONFIG: &str = include_str!("../kms.toml");
pub fn load_config_figment(config_file: Option<&str>) -> Figment {
load_config("kms", DEFAULT_CONFIG, config_file, false)
}
const TEMP_CA_CERT: &str = "tmp-ca.crt";
const TEMP_CA_KEY: &str = "tmp-ca.key";
const ROOT_CA_CERT: &str = "root-ca.crt";
const ROOT_CA_KEY: &str = "root-ca.key";
const RPC_CERT: &str = "rpc.crt";
const RPC_KEY: &str = "rpc.key";
const RPC_DOMAIN: &str = "rpc-domain";
const K256_KEY: &str = "root-k256.key";
const BOOTSTRAP_INFO: &str = "bootstrap-info.json";
#[derive(Debug, Clone, Deserialize)]
pub(crate) struct ImageConfig {
pub verify: bool,
pub cache_dir: PathBuf,
pub download_url: String,
#[serde(with = "serde_duration")]
pub download_timeout: Duration,
}
#[derive(Debug, Clone, Deserialize)]
pub(crate) struct KmsConfig {
pub cert_dir: PathBuf,
pub pccs_url: Option<String>,
pub auth_api: AuthApi,
pub onboard: OnboardConfig,
pub image: ImageConfig,
#[serde(with = "serde_human_bytes")]
pub admin_token_hash: Vec<u8>,
}
impl KmsConfig {
pub fn keys_exists(&self) -> bool {
self.tmp_ca_cert().exists()
&& self.tmp_ca_key().exists()
&& self.root_ca_cert().exists()
&& self.root_ca_key().exists()
&& self.rpc_cert().exists()
&& self.rpc_key().exists()
&& self.k256_key().exists()
}
pub fn tmp_ca_cert(&self) -> PathBuf {
self.cert_dir.join(TEMP_CA_CERT)
}
pub fn tmp_ca_key(&self) -> PathBuf {
self.cert_dir.join(TEMP_CA_KEY)
}
pub fn root_ca_cert(&self) -> PathBuf {
self.cert_dir.join(ROOT_CA_CERT)
}
pub fn root_ca_key(&self) -> PathBuf {
self.cert_dir.join(ROOT_CA_KEY)
}
pub fn rpc_cert(&self) -> PathBuf {
self.cert_dir.join(RPC_CERT)
}
pub fn rpc_key(&self) -> PathBuf {
self.cert_dir.join(RPC_KEY)
}
pub fn rpc_domain(&self) -> PathBuf {
self.cert_dir.join(RPC_DOMAIN)
}
pub fn k256_key(&self) -> PathBuf {
self.cert_dir.join(K256_KEY)
}
pub fn bootstrap_info(&self) -> PathBuf {
self.cert_dir.join(BOOTSTRAP_INFO)
}
}
#[derive(Debug, Clone, Deserialize)]
#[serde(tag = "type")]
pub(crate) enum AuthApi {
#[serde(rename = "dev")]
Dev { dev: Dev },
#[serde(rename = "webhook")]
Webhook { webhook: Webhook },
}
impl AuthApi {
pub fn is_dev(&self) -> bool {
matches!(self, AuthApi::Dev { .. })
}
}
#[derive(Debug, Clone, Deserialize)]
pub(crate) struct Webhook {
pub url: String,
}
#[derive(Debug, Clone, Deserialize)]
pub(crate) struct Dev {
pub gateway_app_id: String,
}
#[derive(Debug, Clone, Deserialize)]
pub(crate) struct OnboardConfig {
pub enabled: bool,
pub auto_bootstrap_domain: String,
}