wip: fixing up PolykeyAgent usage

[ci skip]

Author: tegefaulkes

src/PolykeyAgent.ts

@@ -267,6 +267,9 @@ class PolykeyAgent {
         keyRing ??
         (await KeyRing.createKeyRing({
           keysPath,
+          recoveryCode: optionsDefaulted.keys.recoveryCode,
+          privateKey: optionsDefaulted.keys.privateKey,
+          privateKeyPath: optionsDefaulted.keys.privateKeyPath,
           passwordOpsLimit: optionsDefaulted.keys.passwordOpsLimit,
           passwordMemLimit: optionsDefaulted.keys.passwordMemLimit,
           strictMemoryLock: optionsDefaulted.keys.strictMemoryLock,
@@ -701,14 +704,16 @@ class PolykeyAgent {
     this.fs = fs;
   }
 
+  // TODO: add getters for runtime service information?
+
   public async start({
     password,
-    options,
+    options = {},
     workers,
     fresh = false,
   }: {
     password: string;
-    options: Partial<PolykeyAgentStartOptions>;
+    options?: Partial<PolykeyAgentStartOptions>;
     workers?: number;
     fresh?: boolean;
   }) {

src/bootstrap/utils.ts

@@ -4,6 +4,7 @@ import type { PasswordMemLimit, PasswordOpsLimit } from '../keys/types';
 import path from 'path';
 import Logger from '@matrixai/logger';
 import { DB } from '@matrixai/db';
+import { CertManager } from '@/keys';
 import * as bootstrapErrors from './errors';
 import TaskManager from '../tasks/TaskManager';
 import { IdentitiesManager } from '../identities';
@@ -43,8 +44,6 @@ async function bootstrapState({
   // Required parameters
   password,
   // Optional configuration
-  // nodePath = config.defaults.nodePath,
-  // keyRingConfig = {},
   options = {},
   fresh = false,
   // Optional dependencies
@@ -53,30 +52,37 @@ async function bootstrapState({
 }: {
   password: string;
   options?: DeepPartial<BootstrapOptions>;
-  // NodePath?: string;
-  // keyRingConfig?: {
-  //   recoveryCode?: RecoveryCode;
-  //   privateKey?: PrivateKey;
-  //   privateKeyPath?: string;
-  //   passwordOpsLimit?: PasswordOpsLimit;
-  //   passwordMemLimit?: PasswordMemLimit;
-  // };
   fresh?: boolean;
   fs?: FileSystem;
   logger?: Logger;
 }): Promise<RecoveryCode | undefined> {
   const umask = 0o077;
   logger.info(`Setting umask to ${umask.toString(8).padStart(3, '0')}`);
   process.umask(umask);
-  logger.info(`Setting node path to ${nodePath}`);
-  if (nodePath == null) {
+  const optionsDefaulted = utils.mergeObjects(options, {
+    nodePath: config.defaultsUser.nodePath,
+    keys: {
+      certDuration: config.defaultsUser.certDuration,
+    },
+  });
+  logger.info(`Setting node path to ${optionsDefaulted.nodePath}`);
+  if (optionsDefaulted.nodePath == null) {
     throw new errors.ErrorUtilsNodePath();
   }
-  await mkdirExists(fs, nodePath);
+  await mkdirExists(fs, optionsDefaulted.nodePath);
   // Setup node path and sub paths
-  const statusPath = path.join(nodePath, config.paths.statusBase);
-  const statusLockPath = path.join(nodePath, config.paths.statusLockBase);
-  const statePath = path.join(nodePath, config.paths.stateBase);
+  const statusPath = path.join(
+    optionsDefaulted.nodePath,
+    config.paths.statusBase,
+  );
+  const statusLockPath = path.join(
+    optionsDefaulted.nodePath,
+    config.paths.statusLockBase,
+  );
+  const statePath = path.join(
+    optionsDefaulted.nodePath,
+    config.paths.stateBase,
+  );
   const dbPath = path.join(statePath, config.paths.dbBase);
   const keysPath = path.join(statePath, config.paths.keysBase);
   const vaultsPath = path.join(statePath, config.paths.vaultsBase);
@@ -90,7 +96,7 @@ async function bootstrapState({
     await status.start({ pid: process.pid });
     if (!fresh) {
       // Check the if number of directory entries is greater than 1 due to status.json and status.lock
-      if ((await fs.promises.readdir(nodePath)).length > 2) {
+      if ((await fs.promises.readdir(optionsDefaulted.nodePath)).length > 2) {
         throw new bootstrapErrors.ErrorBootstrapExistingState();
       }
     }
@@ -110,7 +116,12 @@ async function bootstrapState({
       fs,
       logger: logger.getChild(KeyRing.name),
       fresh,
-      ...keyRingConfig,
+      recoveryCode: optionsDefaulted.recoveryCode,
+      privateKey: optionsDefaulted.privateKey,
+      privateKeyPath: optionsDefaulted.privateKeyPath,
+      passwordOpsLimit: optionsDefaulted.passwordOpsLimit,
+      passwordMemLimit: optionsDefaulted.passwordMemLimit,
+      strictMemoryLock: optionsDefaulted.strictMemoryLock,
     });
     const db = await DB.createDB({
       dbPath,
@@ -135,6 +146,19 @@ async function bootstrapState({
       },
       fresh,
     });
+    const taskManager = await TaskManager.createTaskManager({
+      db,
+      logger,
+      lazy: true,
+    });
+    const certManager = await CertManager.createCertManager({
+      keyRing,
+      db,
+      taskManager,
+      fresh,
+      logger,
+      certDuration: optionsDefaulted.certDuration,
+    });
     const sigchain = await Sigchain.createSigchain({
       db,
       keyRing,
@@ -166,11 +190,7 @@ async function bootstrapState({
       keyRing,
       logger: logger.getChild(NodeGraph.name),
     });
-    const taskManager = await TaskManager.createTaskManager({
-      db,
-      logger,
-      lazy: true,
-    });
+
     const nodeManager = new NodeManager({
       db,
       keyRing,
@@ -217,6 +237,7 @@ async function bootstrapState({
     await gestaltGraph.stop();
     await acl.stop();
     await sigchain.stop();
+    await certManager.stop();
     await taskManager.stop();
     await db.stop();
     await keyRing.stop();

src/client/handlers/agentStatus.ts

@@ -20,8 +20,8 @@ class AgentStatusHandler extends UnaryHandler<
       nodeIdEncoded: nodesUtils.encodeNodeId(pkAgent.keyRing.getNodeId()),
       clientHost: pkAgent.webSocketServerClient.getHost(),
       clientPort: pkAgent.webSocketServerClient.getPort(),
-      agentHost: pkAgent.quicSocket.host,
-      agentPort: pkAgent.quicSocket.port,
+      agentHost: pkAgent.nodeConnectionManager.host,
+      agentPort: pkAgent.nodeConnectionManager.port,
       publicKeyJwk: keysUtils.publicKeyToJWK(pkAgent.keyRing.keyPair.publicKey),
       certChainPEM: await pkAgent.certManager.getCertPEMsChainPEM(),
     };

tests/PolykeyAgent.test.ts

@@ -14,6 +14,7 @@ import * as keysUtils from '@/keys/utils/index';
 
 describe('PolykeyAgent', () => {
   const password = 'password';
+  const localhost = '127.0.0.1';
   const logger = new Logger('PolykeyAgent Test', LogLevel.WARN, [
     new StreamHandler(),
   ]);
@@ -33,13 +34,17 @@ describe('PolykeyAgent', () => {
     const nodePath = path.join(dataDir, 'polykey');
     const pkAgent = await PolykeyAgent.createPolykeyAgent({
       password,
-      nodePath,
-      logger,
-      keyRingConfig: {
-        passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-        passwordMemLimit: keysUtils.passwordMemLimits.min,
-        strictMemoryLock: false,
+      options: {
+        nodePath,
+        agentServiceHost: localhost,
+        clientServiceHost: localhost,
+        keys: {
+          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+          passwordMemLimit: keysUtils.passwordMemLimits.min,
+          strictMemoryLock: false,
+        },
       },
+      logger,
     });
     await expect(pkAgent.destroy(password)).rejects.toThrow(
       errors.ErrorPolykeyAgentRunning,
@@ -56,14 +61,18 @@ describe('PolykeyAgent', () => {
     const nodePath = `${dataDir}/polykey`;
     const pkAgent = await PolykeyAgent.createPolykeyAgent({
       password,
-      nodePath,
-      logger,
-      keyRingConfig: {
-        passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-        passwordMemLimit: keysUtils.passwordMemLimits.min,
-        strictMemoryLock: false,
+      options: {
+        nodePath,
+        workers: 0,
+        agentServiceHost: localhost,
+        clientServiceHost: localhost,
+        keys: {
+          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+          passwordMemLimit: keysUtils.passwordMemLimits.min,
+          strictMemoryLock: false,
+        },
       },
-      workers: 0,
+      logger,
     });
     let nodePathContents = await fs.promises.readdir(nodePath);
     expect(nodePathContents).toContain(config.paths.statusBase);
@@ -96,13 +105,17 @@ describe('PolykeyAgent', () => {
     const statusLockPath = path.join(nodePath, config.paths.statusLockBase);
     const pkAgent = await PolykeyAgent.createPolykeyAgent({
       password,
-      nodePath,
-      logger,
-      keyRingConfig: {
-        passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-        passwordMemLimit: keysUtils.passwordMemLimits.min,
-        strictMemoryLock: false,
+      options: {
+        nodePath,
+        agentServiceHost: localhost,
+        clientServiceHost: localhost,
+        keys: {
+          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+          passwordMemLimit: keysUtils.passwordMemLimits.min,
+          strictMemoryLock: false,
+        },
       },
+      logger,
     });
     const status = new Status({
       statusPath,
@@ -131,13 +144,17 @@ describe('PolykeyAgent', () => {
     });
     const pkAgent = await PolykeyAgent.createPolykeyAgent({
       password,
-      nodePath,
-      logger,
-      keyRingConfig: {
-        passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-        passwordMemLimit: keysUtils.passwordMemLimits.min,
-        strictMemoryLock: false,
+      options: {
+        nodePath,
+        agentServiceHost: localhost,
+        clientServiceHost: localhost,
+        keys: {
+          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+          passwordMemLimit: keysUtils.passwordMemLimits.min,
+          strictMemoryLock: false,
+        },
       },
+      logger,
     });
     expect(await schema.readVersion()).toBe(config.stateVersion);
     await pkAgent.stop();
@@ -158,13 +175,17 @@ describe('PolykeyAgent', () => {
     await expect(
       PolykeyAgent.createPolykeyAgent({
         password,
-        nodePath,
-        logger,
-        keyRingConfig: {
-          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-          passwordMemLimit: keysUtils.passwordMemLimits.min,
-          strictMemoryLock: false,
+        options: {
+          nodePath,
+          agentServiceHost: localhost,
+          clientServiceHost: localhost,
+          keys: {
+            passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+            passwordMemLimit: keysUtils.passwordMemLimits.min,
+            strictMemoryLock: false,
+          },
         },
+        logger,
       }),
     ).rejects.toThrow(errors.ErrorSchemaVersionTooNew);
     // The 0 version will always be too old
@@ -179,13 +200,17 @@ describe('PolykeyAgent', () => {
     await expect(
       PolykeyAgent.createPolykeyAgent({
         password,
-        nodePath,
-        logger,
-        keyRingConfig: {
-          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-          passwordMemLimit: keysUtils.passwordMemLimits.min,
-          strictMemoryLock: false,
+        options: {
+          nodePath,
+          agentServiceHost: localhost,
+          clientServiceHost: localhost,
+          keys: {
+            passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+            passwordMemLimit: keysUtils.passwordMemLimits.min,
+            strictMemoryLock: false,
+          },
         },
+        logger,
       }),
     ).rejects.toThrow(errors.ErrorSchemaVersionTooOld);
   });
@@ -195,13 +220,17 @@ describe('PolykeyAgent', () => {
     try {
       pkAgent = await PolykeyAgent.createPolykeyAgent({
         password,
-        nodePath,
-        logger,
-        keyRingConfig: {
-          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-          passwordMemLimit: keysUtils.passwordMemLimits.min,
-          strictMemoryLock: false,
+        options: {
+          nodePath,
+          agentServiceHost: localhost,
+          clientServiceHost: localhost,
+          keys: {
+            passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+            passwordMemLimit: keysUtils.passwordMemLimits.min,
+            strictMemoryLock: false,
+          },
         },
+        logger,
       });
       const prom = promise<CertManagerChangeData>();
       pkAgent.events.on(
@@ -224,13 +253,17 @@ describe('PolykeyAgent', () => {
     try {
       pkAgent = await PolykeyAgent.createPolykeyAgent({
         password,
-        nodePath,
-        logger,
-        keyRingConfig: {
-          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-          passwordMemLimit: keysUtils.passwordMemLimits.min,
-          strictMemoryLock: false,
+        options: {
+          nodePath,
+          agentServiceHost: localhost,
+          clientServiceHost: localhost,
+          keys: {
+            passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+            passwordMemLimit: keysUtils.passwordMemLimits.min,
+            strictMemoryLock: false,
+          },
         },
+        logger,
       });
       const prom = promise<CertManagerChangeData>();
       pkAgent.events.on(
@@ -253,13 +286,17 @@ describe('PolykeyAgent', () => {
     try {
       pkAgent = await PolykeyAgent.createPolykeyAgent({
         password,
-        nodePath,
-        logger,
-        keyRingConfig: {
-          passwordOpsLimit: keysUtils.passwordOpsLimits.min,
-          passwordMemLimit: keysUtils.passwordMemLimits.min,
-          strictMemoryLock: false,
+        options: {
+          nodePath,
+          agentServiceHost: localhost,
+          clientServiceHost: localhost,
+          keys: {
+            passwordOpsLimit: keysUtils.passwordOpsLimits.min,
+            passwordMemLimit: keysUtils.passwordMemLimits.min,
+            strictMemoryLock: false,
+          },
         },
+        logger,
       });
       const prom = promise<CertManagerChangeData>();
       pkAgent.events.on(