Merge pull request parallaxsecond#220 from joechrisellis/add_list_authenticators

Add implementation for ListAuthenticators operation

Author: hug-dev

e2e_tests/src/lib.rs

@@ -12,6 +12,7 @@ pub use parsec_client::error;
 use log::error;
 use parsec_client::auth::AuthenticationData;
 use parsec_client::core::basic_client::BasicClient;
+use parsec_client::core::interface::operations::list_authenticators::AuthenticatorInfo;
 use parsec_client::core::interface::operations::list_providers::ProviderInfo;
 use parsec_client::core::interface::operations::psa_algorithm::{
     Aead, AeadWithDefaultLengthTag, Algorithm, AsymmetricEncryption, AsymmetricSignature, Hash,
@@ -688,6 +689,13 @@ impl TestClient {
         self.basic_client.list_providers().map_err(convert_error)
     }
 
+    /// Lists the authenticators available for the Parsec service.
+    pub fn list_authenticators(&mut self) -> Result<Vec<AuthenticatorInfo>> {
+        self.basic_client
+            .list_authenticators()
+            .map_err(convert_error)
+    }
+
     /// Lists the opcodes available for one provider to execute.
     pub fn list_opcodes(&mut self, provider_id: ProviderID) -> Result<HashSet<Opcode>> {
         self.basic_client

e2e_tests/tests/all_providers/mod.rs

@@ -1,7 +1,7 @@
 // Copyright 2019 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 use e2e_tests::TestClient;
-use parsec_client::core::interface::requests::{Opcode, ProviderID, Result};
+use parsec_client::core::interface::requests::{AuthType, Opcode, ProviderID, Result};
 use std::collections::HashSet;
 use uuid::Uuid;
 
@@ -21,6 +21,18 @@ fn list_providers() {
     assert!(uuids.contains(&Uuid::parse_str("1e4954a4-ff21-46d3-ab0c-661eeb667e1d").unwrap()));
 }
 
+#[test]
+fn list_authenticators() {
+    let mut client = TestClient::new();
+    let authenticators = client
+        .list_authenticators()
+        .expect("list authenticators failed");
+    assert_eq!(authenticators.len(), 1);
+    let ids: HashSet<AuthType> = authenticators.iter().map(|p| p.id).collect();
+    // Direct authenticator
+    assert!(ids.contains(&AuthType::Direct));
+}
+
 #[test]
 fn list_opcodes() {
     let mut client = TestClient::new();
@@ -48,6 +60,7 @@ fn list_opcodes() {
 
     let _ = core_provider_opcodes.insert(Opcode::Ping);
     let _ = core_provider_opcodes.insert(Opcode::ListProviders);
+    let _ = core_provider_opcodes.insert(Opcode::ListAuthenticators);
     let _ = core_provider_opcodes.insert(Opcode::ListOpcodes);
 
     assert_eq!(

src/authenticators/direct_authenticator/mod.rs

@@ -12,7 +12,9 @@ use super::ApplicationName;
 use super::Authenticate;
 use crate::front::listener::ConnectionMetadata;
 use log::error;
+use parsec_interface::operations::list_authenticators;
 use parsec_interface::requests::request::RequestAuth;
+use parsec_interface::requests::AuthType;
 use parsec_interface::requests::{ResponseStatus, Result};
 use parsec_interface::secrecy::ExposeSecret;
 use std::str;
@@ -21,6 +23,19 @@ use std::str;
 pub struct DirectAuthenticator;
 
 impl Authenticate for DirectAuthenticator {
+    fn describe(&self) -> Result<list_authenticators::AuthenticatorInfo> {
+        Ok(list_authenticators::AuthenticatorInfo {
+            description: String::from(
+                "Directly parses the authentication field as a UTF-8 string and uses that as the \
+                application identity. Should be used for testing only.",
+            ),
+            version_maj: 0,
+            version_min: 1,
+            version_rev: 0,
+            id: AuthType::Direct,
+        })
+    }
+
     fn authenticate(
         &self,
         auth: &RequestAuth,

src/authenticators/mod.rs

@@ -14,6 +14,7 @@
 pub mod direct_authenticator;
 
 use crate::front::listener::ConnectionMetadata;
+use parsec_interface::operations::list_authenticators;
 use parsec_interface::requests::request::RequestAuth;
 use parsec_interface::requests::Result;
 
@@ -25,6 +26,12 @@ pub struct ApplicationName(String);
 ///
 /// Interface that must be implemented for each authentication type available for the service.
 pub trait Authenticate {
+    /// Return a description of the authenticator.
+    ///
+    /// The descriptions are gathered in the Core Provider and returned for a ListAuthenticators
+    /// operation.
+    fn describe(&self) -> Result<list_authenticators::AuthenticatorInfo>;
+
     /// Authenticates a `RequestAuth` payload and returns the `ApplicationName` if successful. A
     /// optional `ConnectionMetadata` object is passed in too, since it is sometimes possible to
     /// perform authentication based on the connection's metadata (i.e. as is the case for UNIX

src/back/backend_handler.rs

@@ -204,8 +204,12 @@ impl BackEndHandler {
                 trace!("psa_aead_decrypt_egress");
                 self.result_to_response(NativeResult::PsaAeadDecrypt(result), header)
             }
-            NativeOperation::ListAuthenticators(_) => {
-                panic!("Unsupported in this PR");
+            NativeOperation::ListAuthenticators(op_list_authenticators) => {
+                let result = unwrap_or_else_return!(self
+                    .provider
+                    .list_authenticators(op_list_authenticators));
+                trace!("list_authenticators egress");
+                self.result_to_response(NativeResult::ListAuthenticators(result), header)
             }
             NativeOperation::PsaHashCompute(op_hash_compute) => {
                 let _app_name =

src/providers/core_provider/mod.rs

@@ -8,8 +8,10 @@
 use super::Provide;
 use derivative::Derivative;
 use log::trace;
-use parsec_interface::operations::list_providers::ProviderInfo;
-use parsec_interface::operations::{list_opcodes, list_providers, ping};
+use parsec_interface::operations::{list_authenticators, list_opcodes, list_providers, ping};
+use parsec_interface::operations::{
+    list_authenticators::AuthenticatorInfo, list_providers::ProviderInfo,
+};
 use parsec_interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
 use std::collections::{HashMap, HashSet};
 use std::io::{Error, ErrorKind};
@@ -18,7 +20,12 @@ use std::sync::Arc;
 use uuid::Uuid;
 use version::{version, Version};
 
-const SUPPORTED_OPCODES: [Opcode; 3] = [Opcode::ListProviders, Opcode::ListOpcodes, Opcode::Ping];
+const SUPPORTED_OPCODES: [Opcode; 4] = [
+    Opcode::ListProviders,
+    Opcode::ListOpcodes,
+    Opcode::Ping,
+    Opcode::ListAuthenticators,
+];
 
 /// Service information provider
 ///
@@ -32,6 +39,7 @@ pub struct CoreProvider {
     wire_protocol_version_maj: u8,
     provider_info: Vec<ProviderInfo>,
     provider_opcodes: HashMap<ProviderID, HashSet<Opcode>>,
+    authenticator_info: Vec<AuthenticatorInfo>,
     #[derivative(Debug = "ignore")]
     prov_list: Vec<Arc<dyn Provide + Send + Sync>>,
 }
@@ -55,6 +63,16 @@ impl Provide for CoreProvider {
         })
     }
 
+    fn list_authenticators(
+        &self,
+        _op: list_authenticators::Operation,
+    ) -> Result<list_authenticators::Result> {
+        trace!("list_authenticators ingress");
+        Ok(list_authenticators::Result {
+            authenticators: self.authenticator_info.clone(),
+        })
+    }
+
     fn ping(&self, _op: ping::Operation) -> Result<ping::Result> {
         trace!("ping ingress");
         let result = ping::Result {
@@ -74,6 +92,8 @@ pub struct CoreProviderBuilder {
     version_min: Option<u8>,
     #[derivative(Debug = "ignore")]
     prov_list: Vec<Arc<dyn Provide + Send + Sync>>,
+    #[derivative(Debug = "ignore")]
+    authenticator_info: Vec<AuthenticatorInfo>,
 }
 
 impl CoreProviderBuilder {
@@ -82,6 +102,7 @@ impl CoreProviderBuilder {
             version_maj: None,
             version_min: None,
             prov_list: Vec::new(),
+            authenticator_info: Vec::new(),
         }
     }
 
@@ -98,6 +119,12 @@ impl CoreProviderBuilder {
         self
     }
 
+    pub fn with_authenticator_info(mut self, authenticator_info: AuthenticatorInfo) -> Self {
+        self.authenticator_info.push(authenticator_info);
+
+        self
+    }
+
     pub fn build(self) -> std::io::Result<CoreProvider> {
         let mut provider_opcodes = HashMap::new();
         let _ = provider_opcodes.insert(
@@ -144,6 +171,7 @@ impl CoreProviderBuilder {
                 .ok_or_else(|| Error::new(ErrorKind::InvalidData, "version min is missing"))?,
             provider_opcodes,
             provider_info: provider_info_vec,
+            authenticator_info: self.authenticator_info,
             prov_list: self.prov_list,
         };
 
@@ -161,6 +189,7 @@ mod tests {
             wire_protocol_version_min: 8,
             wire_protocol_version_maj: 10,
             provider_info: Vec::new(),
+            authenticator_info: Vec::new(),
             provider_opcodes: HashMap::new(),
             prov_list: Vec::new(),
         };

src/providers/mod.rs

@@ -75,10 +75,10 @@ impl ProviderConfig {
 
 use crate::authenticators::ApplicationName;
 use parsec_interface::operations::{
-    list_opcodes, list_providers, ping, psa_aead_decrypt, psa_aead_encrypt, psa_asymmetric_decrypt,
-    psa_asymmetric_encrypt, psa_destroy_key, psa_export_key, psa_export_public_key,
-    psa_generate_key, psa_hash_compare, psa_hash_compute, psa_import_key, psa_raw_key_agreement,
-    psa_sign_hash, psa_verify_hash,
+    list_authenticators, list_opcodes, list_providers, ping, psa_aead_decrypt, psa_aead_encrypt,
+    psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key, psa_export_key,
+    psa_export_public_key, psa_generate_key, psa_hash_compare, psa_hash_compute, psa_import_key,
+    psa_raw_key_agreement, psa_sign_hash, psa_verify_hash,
 };
 use parsec_interface::requests::{ResponseStatus, Result};
 
@@ -107,6 +107,15 @@ pub trait Provide {
         Err(ResponseStatus::PsaErrorNotSupported)
     }
 
+    /// List the authenticators supported by the given provider.
+    fn list_authenticators(
+        &self,
+        _op: list_authenticators::Operation,
+    ) -> Result<list_authenticators::Result> {
+        trace!("list_authenticators ingress");
+        Err(ResponseStatus::PsaErrorNotSupported)
+    }
+
     /// Execute a Ping operation to get the wire protocol version major and minor information.
     ///
     /// # Errors

src/utils/service_builder.rs

@@ -6,6 +6,7 @@
 //! provided configuration.
 use super::global_config::GlobalConfigBuilder;
 use crate::authenticators::direct_authenticator::DirectAuthenticator;
+use crate::authenticators::Authenticate;
 use crate::back::{
     backend_handler::{BackEndHandler, BackEndHandlerBuilder},
     dispatcher::DispatcherBuilder,
@@ -54,6 +55,7 @@ const DEFAULT_BODY_LEN_LIMIT: usize = 1 << 19;
 
 type KeyInfoManager = Arc<RwLock<dyn ManageKeyInfo + Send + Sync>>;
 type Provider = Arc<dyn Provide + Send + Sync>;
+type Authenticator = Box<dyn Authenticate + Send + Sync>;
 
 #[derive(Copy, Clone, Deserialize, Debug)]
 pub struct CoreSettings {
@@ -109,24 +111,33 @@ impl ServiceBuilder {
             return Err(Error::new(ErrorKind::InvalidData, "need one provider"));
         }
 
-        let backend_handlers = build_backend_handlers(providers)?;
+        // The authenticators supported by the Parsec service.
+        // NOTE: order here is important. The order in which the elements are added here is the
+        //       order in which they will be returned to any client requesting them!
+        let mut authenticators: Vec<(AuthType, Authenticator)> = Vec::new();
+        authenticators.push((AuthType::Direct, Box::from(DirectAuthenticator {})));
+
+        let backend_handlers = build_backend_handlers(providers, &authenticators)?;
 
         let dispatcher = DispatcherBuilder::new()
             .with_backends(backend_handlers)
             .build()?;
 
-        let direct_authenticator = Box::from(DirectAuthenticator {});
-
-        Ok(FrontEndHandlerBuilder::new()
+        let mut front_end_handler_builder = FrontEndHandlerBuilder::new();
+        for (auth_type, authenticator) in authenticators {
+            front_end_handler_builder =
+                front_end_handler_builder.with_authenticator(auth_type, authenticator);
+        }
+        front_end_handler_builder = front_end_handler_builder
             .with_dispatcher(dispatcher)
-            .with_authenticator(AuthType::Direct, direct_authenticator)
             .with_body_len_limit(
                 config
                     .core_settings
                     .body_len_limit
                     .unwrap_or(DEFAULT_BODY_LEN_LIMIT),
-            )
-            .build()?)
+            );
+
+        Ok(front_end_handler_builder.build()?)
     }
 
     /// Construct the service IPC front component and return ownership to it.
@@ -152,12 +163,20 @@ impl ServiceBuilder {
 
 fn build_backend_handlers(
     mut providers: Vec<(ProviderID, Provider)>,
+    authenticators: &[(AuthType, Authenticator)],
 ) -> Result<HashMap<ProviderID, BackEndHandler>> {
     let mut map = HashMap::new();
 
     let mut core_provider_builder = CoreProviderBuilder::new()
         .with_wire_protocol_version(WIRE_PROTOCOL_VERSION_MINOR, WIRE_PROTOCOL_VERSION_MAJOR);
 
+    for (_auth_type, authenticator) in authenticators {
+        let authenticator_info = authenticator
+            .describe()
+            .map_err(|_| Error::new(ErrorKind::Other, "Failed to describe authenticator"))?;
+        core_provider_builder = core_provider_builder.with_authenticator_info(authenticator_info);
+    }
+
     for (provider_id, provider) in providers.drain(..) {
         core_provider_builder = core_provider_builder.with_provider(provider.clone());