feat: NCM, NM and Sigchain handle the certs changed event

[ci skip]

Author: tegefaulkes

src/PolykeyAgent.ts

@@ -2,7 +2,7 @@ import type { DeepPartial, FileSystem, PromiseDeconstructed } from './types';
 import type { PolykeyWorkerManagerInterface } from './workers/types';
 import type { TLSConfig } from './network/types';
 import type { SeedNodes } from './nodes/types';
-import type { CertManagerChangeData, Key } from './keys/types';
+import type { Key } from './keys/types';
 import type { RecoveryCode, PrivateKey } from './keys/types';
 import type { PasswordMemLimit, PasswordOpsLimit } from './keys/types';
 import path from 'path';
@@ -99,7 +99,6 @@ interface PolykeyAgent extends CreateDestroyStartStop {}
   new errors.ErrorPolykeyAgentDestroyed(),
 )
 class PolykeyAgent {
-
   /**
    * Create the Polykey Agent.
    *
@@ -321,8 +320,9 @@ class PolykeyAgent {
       sigchain =
         sigchain ??
         (await Sigchain.createSigchain({
-          keyRing,
           db,
+          keyRing,
+          certManager,
           logger: logger.getChild(Sigchain.name),
           fresh,
         }));
@@ -370,6 +370,7 @@ class PolykeyAgent {
         new NodeConnectionManager({
           keyRing,
           nodeGraph,
+          certManager,
           tlsConfig,
           seedNodes: optionsDefaulted.seedNodes,
           connectionFindConcurrencyLimit:
@@ -396,6 +397,7 @@ class PolykeyAgent {
           nodeConnectionManager,
           taskManager,
           gestaltGraph,
+          certManager,
           logger: logger.getChild(NodeManager.name),
         });
       await nodeManager.start();
@@ -611,6 +613,22 @@ class PolykeyAgent {
     this.rpcServerAgent.handleStream(stream);
   };
 
+  protected handleEventsCertManagerCertChange = async (
+    evt: keysEvents.EventsCertManagerCertChange,
+  ) => {
+    const data = evt.detail;
+    this.logger.info(`${KeyRing.name} change propagating`);
+    await this.status.updateStatusLive({
+      nodeId: data.nodeId,
+    });
+    const tlsConfig: TLSConfig = {
+      keyPrivatePem: keysUtils.privateKeyToPEM(data.keyPair.privateKey),
+      certChainPem: await this.certManager.getCertPEMsChainPEM(),
+    };
+    this.webSocketServerClient.setTlsConfig(tlsConfig);
+    this.logger.info(`${KeyRing.name} change propagated`);
+  };
+
   constructor({
     nodePath,
     status,
@@ -709,25 +727,10 @@ class PolykeyAgent {
     try {
       this.logger.info(`Starting ${this.constructor.name}`);
       // Register event handlers
-      // FIXME: we need to handle the EventCertManagerCertChanged event to update the status
-      const handleCertChange = async (evt: keysEvents.EventsCertManagerCertChange) => {
-        const data = evt.detail
-        this.logger.info(`${KeyRing.name} change propagating`);
-        await this.status.updateStatusLive({
-          nodeId: data.nodeId,
-        });
-        await this.nodeManager.resetBuckets();
-        // Update the sigchain
-        await this.sigchain.onKeyRingChange();
-        const tlsConfig: TLSConfig = {
-          keyPrivatePem: keysUtils.privateKeyToPEM(data.keyPair.privateKey),
-          certChainPem: await this.certManager.getCertPEMsChainPEM(),
-        };
-        this.webSocketServerClient.setTlsConfig(tlsConfig);
-        this.nodeConnectionManager.updateTlsConfig(tlsConfig);
-        this.logger.info(`${KeyRing.name} change propagated`);
-      }
-      this.certManager.addEventListener(keysEvents.EventsCertManagerCertChange.name, handleCertChange);
+      this.certManager.addEventListener(
+        keysEvents.EventsCertManagerCertChange.name,
+        this.handleEventsCertManagerCertChange,
+      );
       await this.status.start({ pid: process.pid });
       await this.schema.start({ fresh });
       // Starting modules
@@ -818,7 +821,10 @@ class PolykeyAgent {
       this.logger.warn(
         `Failed Starting ${this.constructor.name} with ${e.message}`,
       );
-      this.certManager.removeEventListener(keysEvents.EventsCertManagerCertChange.name, handleCertChange);
+      this.certManager.removeEventListener(
+        keysEvents.EventsCertManagerCertChange.name,
+        this.handleEventsCertManagerCertChange,
+      );
       await this.status?.beginStop({ pid: process.pid });
       await this.taskManager?.stopProcessing();
       await this.taskManager?.stopTasks();
@@ -856,7 +862,10 @@ class PolykeyAgent {
    */
   public async stop() {
     this.logger.info(`Stopping ${this.constructor.name}`);
-    this.certManager.removeEventListener(keysEvents.EventsCertManagerCertChange.name, handleCertChange);
+    this.certManager.removeEventListener(
+      keysEvents.EventsCertManagerCertChange.name,
+      this.handleEventsCertManagerCertChange,
+    );
     await this.status.beginStop({ pid: process.pid });
     await this.taskManager.stopProcessing();
     await this.taskManager.stopTasks();

src/keys/CertManager.ts

@@ -454,14 +454,16 @@ class CertManager {
       if (this.tasksRunning) {
         await this.setupRenewCurrentCertTask(now);
       }
-      this.dispatchEvent(new events.EventsCertManagerCertChange({
-        detail: {
-          nodeId: this.keyRing.getNodeId(),
-          keyPair: this.keyRing.keyPair,
-          cert: certNew,
-          recoveryCode: recoveryCodeNew!,
-        },
-      }));
+      this.dispatchEvent(
+        new events.EventsCertManagerCertChange({
+          detail: {
+            nodeId: this.keyRing.getNodeId(),
+            keyPair: this.keyRing.keyPair,
+            cert: certNew,
+            recoveryCode: recoveryCodeNew!,
+          },
+        }),
+      );
       this.logger.info('Renewed certificate chain with new key pair');
     });
     return certNew!;
@@ -518,14 +520,16 @@ class CertManager {
       if (this.tasksRunning) {
         await this.setupRenewCurrentCertTask(now);
       }
-      this.dispatchEvent(new events.EventsCertManagerCertChange({
-        detail: {
-          nodeId: this.keyRing.getNodeId(),
-          keyPair: this.keyRing.keyPair,
-          cert: certNew,
-          recoveryCode: undefined,
-        },
-      }));
+      this.dispatchEvent(
+        new events.EventsCertManagerCertChange({
+          detail: {
+            nodeId: this.keyRing.getNodeId(),
+            keyPair: this.keyRing.keyPair,
+            cert: certNew,
+            recoveryCode: undefined,
+          },
+        }),
+      );
       this.logger.info('Renewed certificate chain with current key pair');
     });
     return certNew!;
@@ -589,14 +593,16 @@ class CertManager {
       if (this.tasksRunning) {
         await this.setupRenewCurrentCertTask(now);
       }
-      this.dispatchEvent(new events.EventsCertManagerCertChange({
-        detail: {
-          nodeId: this.keyRing.getNodeId(),
-          keyPair: this.keyRing.keyPair,
-          cert: certNew!,
-          recoveryCode: recoveryCodeNew!,
-        },
-      }));
+      this.dispatchEvent(
+        new events.EventsCertManagerCertChange({
+          detail: {
+            nodeId: this.keyRing.getNodeId(),
+            keyPair: this.keyRing.keyPair,
+            cert: certNew!,
+            recoveryCode: recoveryCodeNew!,
+          },
+        }),
+      );
       this.logger.info('Resetted certificate chain with new key pair');
     });
     return certNew!;
@@ -648,14 +654,16 @@ class CertManager {
       if (this.tasksRunning) {
         await this.setupRenewCurrentCertTask(now);
       }
-      this.dispatchEvent(new events.EventsCertManagerCertChange({
-        detail: {
-          nodeId: this.keyRing.getNodeId(),
-          keyPair: this.keyRing.keyPair,
-          cert: certNew,
-          recoveryCode: undefined,
-        },
-      }));
+      this.dispatchEvent(
+        new events.EventsCertManagerCertChange({
+          detail: {
+            nodeId: this.keyRing.getNodeId(),
+            keyPair: this.keyRing.keyPair,
+            cert: certNew,
+            recoveryCode: undefined,
+          },
+        }),
+      );
       this.logger.info('Resetted certificate chain with current key pair');
     });
     return certNew!;

src/keys/events.ts

@@ -1,5 +1,5 @@
+import type { CertManagerChangeData } from './types';
 import { AbstractEvent } from '@matrixai/events';
-import { CertManagerChangeData } from "./types";
 
 abstract class EventsKeys<T = null> extends AbstractEvent<T> {}
 
@@ -29,4 +29,4 @@ export {
   EventsCertManagerDestroy,
   EventsCertManagerDestroyed,
   EventsCertManagerCertChange,
-}
+};

src/nodes/NodeConnectionManager.ts

@@ -12,6 +12,7 @@ import type {
   SeedNodes,
 } from './types';
 import type KeyRing from '../keys/KeyRing';
+import type CertManager from '../keys/CertManager';
 import type { Key, CertificatePEM } from '../keys/types';
 import type { ConnectionData, Host, Hostname, Port } from '../network/types';
 import type { TLSConfig } from '../network/types';
@@ -36,6 +37,7 @@ import * as networkUtils from '../network/utils';
 import { clientManifest as agentClientManifest } from '../agent/handlers/clientManifest';
 import * as utils from '../utils';
 import config from '../config';
+import * as keysEvents from '../keys/events';
 
 type AgentClientManifest = typeof agentClientManifest;
 
@@ -123,6 +125,7 @@ class NodeConnectionManager {
   protected logger: Logger;
   protected keyRing: KeyRing;
   protected nodeGraph: NodeGraph;
+  protected certManager?: CertManager;
   protected tlsConfig: TLSConfig;
   protected seedNodes: SeedNodes;
 
@@ -174,9 +177,21 @@ class NodeConnectionManager {
     this.dispatchEvent(event.clone());
   };
 
+  protected handleEventsCertManagerCertChange = async (
+    evt: keysEvents.EventsCertManagerCertChange,
+  ) => {
+    const data = evt.detail;
+    const tlsConfig: TLSConfig = {
+      keyPrivatePem: keysUtils.privateKeyToPEM(data.keyPair.privateKey),
+      certChainPem: await this.certManager!.getCertPEMsChainPEM(),
+    };
+    this.updateTlsConfig(tlsConfig);
+  };
+
   public constructor({
     keyRing,
     nodeGraph,
+    certManager,
     tlsConfig,
     seedNodes = {},
     connectionFindConcurrencyLimit = config.defaultsSystem
@@ -195,6 +210,7 @@ class NodeConnectionManager {
   }: {
     keyRing: KeyRing;
     nodeGraph: NodeGraph;
+    certManager?: CertManager;
     tlsConfig: TLSConfig;
     seedNodes?: SeedNodes;
     connectionFindConcurrencyLimit?: number;
@@ -208,6 +224,7 @@ class NodeConnectionManager {
     this.logger = logger ?? new Logger(this.constructor.name);
     this.keyRing = keyRing;
     this.nodeGraph = nodeGraph;
+    this.certManager = certManager;
     this.tlsConfig = tlsConfig;
     // Filter out own node ID
     const nodeIdEncodedOwn = nodesUtils.encodeNodeId(keyRing.getNodeId());
@@ -339,13 +356,21 @@ class NodeConnectionManager {
       EventDefault.name,
       this.handleQUICServerEvents,
     );
+    this.certManager?.addEventListener(
+      keysEvents.EventsCertManagerCertChange.name,
+      this.handleEventsCertManagerCertChange,
+    );
 
     this.logger.info(`Started ${this.constructor.name}`);
   }
 
   public async stop() {
     this.logger.info(`Stop ${this.constructor.name}`);
 
+    this.certManager?.removeEventListener(
+      keysEvents.EventsCertManagerCertChange.name,
+      this.handleEventsCertManagerCertChange,
+    );
     this.quicServer.removeEventListener(
       EventDefault.name,
       this.handleQUICServerEvents,