helium · jeffgrunewald · Apr 12, 2023 · Apr 11, 2023 · Apr 11, 2023 · Apr 12, 2023
diff --git a/iot_config/src/admin_service.rs b/iot_config/src/admin_service.rs
@@ -7,7 +7,7 @@ use anyhow::{anyhow, Result};
 use chrono::Utc;
 use file_store::traits::{MsgVerify, TimestampEncode};
 use futures::future::TryFutureExt;
-use helium_crypto::{Keypair, Network, PublicKey, PublicKeyBinary, Sign};
+use helium_crypto::{Keypair, PublicKey, PublicKeyBinary, Sign};
 use helium_proto::{
     services::iot_config::{
         self, AdminAddKeyReqV1, AdminKeyResV1, AdminLoadRegionReqV1, AdminLoadRegionResV1,
@@ -25,7 +25,6 @@ pub struct AdminService {
     pool: Pool<Postgres>,
     region_map: RegionMapReader,
     region_updater: watch::Sender<RegionMap>,
-    required_network: Network,
     signing_key: Keypair,
 }
 
@@ -44,7 +43,6 @@ impl AdminService {
             pool,
             region_map,
             region_updater,
-            required_network: settings.network,
             signing_key: settings.signing_keypair()?,
         })
     }
@@ -73,23 +71,9 @@ impl AdminService {
         Ok(())
     }
 
-    fn verify_network(&self, public_key: PublicKey) -> Result<PublicKey, Status> {
-        if self.required_network == public_key.network {
-            Ok(public_key)
-        } else {
-            Err(Status::invalid_argument(format!(
-                "invalid network: {}",
-                public_key.network
-            )))
-        }
-    }
-
-    fn sign_response<R>(&self, response: &R) -> Result<Vec<u8>, Status>
-    where
-        R: Message,
-    {
+    fn sign_response(&self, response: &[u8]) -> Result<Vec<u8>, Status> {
         self.signing_key
-            .sign(&response.encode_to_vec())
+            .sign(response)
             .map_err(|_| Status::internal("response signing error"))
     }
 }
@@ -104,7 +88,6 @@ impl iot_config::Admin for AdminService {
 
         let key_type = request.key_type().into();
         let pubkey = verify_public_key(request.pubkey.as_ref())
-            .and_then(|pubkey| self.verify_network(pubkey))
             .map_err(|_| Status::invalid_argument("invalid pubkey supplied"))?;
 
         admin::insert_key(request.pubkey.clone().into(), key_type, &self.pool)

diff --git a/iot_config/src/gateway_service.rs b/iot_config/src/gateway_service.rs
@@ -44,12 +44,9 @@ impl GatewayService {
         })
     }
 
-    fn sign_response<R>(&self, response: &R) -> Result<Vec<u8>, Status>
-    where
-        R: Message,
-    {
+    fn sign_response(&self, response: &[u8]) -> Result<Vec<u8>, Status> {
         self.signing_key
-            .sign(&response.encode_to_vec())
+            .sign(response)
             .map_err(|_| Status::internal("response signing error"))
     }
 
@@ -105,7 +102,7 @@ impl iot_config::Gateway for GatewayService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -182,7 +179,7 @@ impl iot_config::Gateway for GatewayService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
         tracing::debug!(
             pubkey = address.to_string(),
             region = region.to_string(),

diff --git a/iot_config/src/org_service.rs b/iot_config/src/org_service.rs
@@ -7,7 +7,7 @@ use crate::{
 use anyhow::Result;
 use chrono::Utc;
 use file_store::traits::{MsgVerify, TimestampEncode};
-use helium_crypto::{Keypair, Network, PublicKey, Sign};
+use helium_crypto::{Keypair, PublicKey, Sign};
 use helium_proto::{
     services::iot_config::{
         self, route_stream_res_v1, ActionV1, OrgCreateHeliumReqV1, OrgCreateRoamerReqV1,
@@ -23,7 +23,6 @@ use tonic::{Request, Response, Status};
 pub struct OrgService {
     auth_cache: AuthCache,
     pool: Pool<Postgres>,
-    required_network: Network,
     route_update_tx: Sender<RouteStreamResV1>,
     signing_key: Keypair,
 }
@@ -38,23 +37,11 @@ impl OrgService {
         Ok(Self {
             auth_cache,
             pool,
-            required_network: settings.network,
             route_update_tx,
             signing_key: settings.signing_keypair()?,
         })
     }
 
-    fn verify_network(&self, public_key: PublicKey) -> Result<PublicKey, Status> {
-        if self.required_network == public_key.network {
-            Ok(public_key)
-        } else {
-            Err(Status::invalid_argument(format!(
-                "invalid network: {}",
-                public_key.network
-            )))
-        }
-    }
-
     fn verify_admin_request_signature<R>(
         &self,
         signer: &PublicKey,
@@ -79,12 +66,9 @@ impl OrgService {
         Ok(())
     }
 
-    fn sign_response<R>(&self, response: &R) -> Result<Vec<u8>, Status>
-    where
-        R: Message,
-    {
+    fn sign_response(&self, response: &[u8]) -> Result<Vec<u8>, Status> {
         self.signing_key
-            .sign(&response.encode_to_vec())
+            .sign(response)
             .map_err(|_| Status::internal("response signing error"))
     }
 }
@@ -105,7 +89,7 @@ impl iot_config::Org for OrgService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -143,7 +127,7 @@ impl iot_config::Org for OrgService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -164,12 +148,10 @@ impl iot_config::Org for OrgService {
         _ = verify_keys
             .iter()
             .map(|key| {
-                verify_public_key(key)
-                    .and_then(|pub_key| self.verify_network(pub_key))
-                    .map_err(|err| {
-                        tracing::error!("failed pubkey validation: {err}");
-                        Status::invalid_argument(format!("failed pubkey validation: {err}"))
-                    })
+                verify_public_key(key).map_err(|err| {
+                    tracing::error!("failed pubkey validation: {err}");
+                    Status::invalid_argument(format!("failed pubkey validation: {err}"))
+                })
             })
             .collect::<Result<Vec<PublicKey>, Status>>()?;
 
@@ -215,7 +197,7 @@ impl iot_config::Org for OrgService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -236,11 +218,9 @@ impl iot_config::Org for OrgService {
         _ = verify_keys
             .iter()
             .map(|key| {
-                verify_public_key(key)
-                    .and_then(|pub_key| self.verify_network(pub_key))
-                    .map_err(|err| {
-                        Status::invalid_argument(format!("failed pubkey validation: {err}"))
-                    })
+                verify_public_key(key).map_err(|err| {
+                    Status::invalid_argument(format!("failed pubkey validation: {err}"))
+                })
             })
             .collect::<Result<Vec<PublicKey>, Status>>()?;
 
@@ -282,7 +262,7 @@ impl iot_config::Org for OrgService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -329,7 +309,7 @@ impl iot_config::Org for OrgService {
                     signer: signer.clone(),
                     signature: vec![],
                 };
-                update.signature = self.sign_response(&update)?;
+                update.signature = self.sign_response(&update.encode_to_vec())?;
                 if self.route_update_tx.send(update).is_err() {
                     tracing::info!(
                         route_id = route_id,
@@ -347,7 +327,7 @@ impl iot_config::Org for OrgService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -394,7 +374,7 @@ impl iot_config::Org for OrgService {
                     signer: signer.clone(),
                     signature: vec![],
                 };
-                update.signature = self.sign_response(&update)?;
+                update.signature = self.sign_response(&update.encode_to_vec())?;
                 if self.route_update_tx.send(update).is_err() {
                     tracing::info!(
                         route_id = route_id,
@@ -412,7 +392,7 @@ impl iot_config::Org for OrgService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }

diff --git a/iot_config/src/route_service.rs b/iot_config/src/route_service.rs
@@ -119,12 +119,9 @@ impl RouteService {
         }
     }
 
-    fn sign_response<R>(&self, response: &R) -> Result<Vec<u8>, Status>
-    where
-        R: Message,
-    {
+    fn sign_response(&self, response: &[u8]) -> Result<Vec<u8>, Status> {
         self.signing_key
-            .sign(&response.encode_to_vec())
+            .sign(response)
             .map_err(|_| Status::internal("response signing error"))
     }
 
@@ -163,7 +160,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -190,7 +187,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -238,7 +235,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -280,7 +277,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -316,7 +313,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -502,7 +499,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }
@@ -646,7 +643,7 @@ impl iot_config::Route for RouteService {
             signer: self.signing_key.public_key().into(),
             signature: vec![],
         };
-        resp.signature = self.sign_response(&resp)?;
+        resp.signature = self.sign_response(&resp.encode_to_vec())?;
 
         Ok(Response::new(resp))
     }

diff --git a/iot_config/src/session_key_service.rs b/iot_config/src/session_key_service.rs
@@ -108,12 +108,9 @@ impl SessionKeyFilterService {
         }
     }
 
-    fn sign_response<R>(&self, response: &R) -> Result<Vec<u8>, Status>
-    where
-        R: Message,
-    {
+    fn sign_response(&self, response: &[u8]) -> Result<Vec<u8>, Status> {
         self.signing_key
-            .sign(&response.encode_to_vec())
+            .sign(response)
             .map_err(|_| Status::internal("response signing error"))
     }
 

diff --git a/iot_config/src/settings.rs b/iot_config/src/settings.rs
@@ -1,5 +1,4 @@
 use config::{Config, Environment, File};
-use helium_crypto::Network;
 use serde::Deserialize;
 use std::{
     net::{AddrParseError, SocketAddr},
@@ -20,8 +19,6 @@ pub struct Settings {
     pub keypair: String,
     /// B58 encoded public key of the admin keypair
     pub admin: String,
-    /// Network required in all public keys: mainnet | testnet
-    pub network: Network,
     pub database: db_store::Settings,
     /// Settings passed to the db_store crate for connecting to
     /// the database for Solana on-chain data