SecretStore: administrative sessions prototypes

parity/cli/mod.rs

@@ -591,6 +591,10 @@ usage! {
 			"--secretstore-secret=[SECRET]",
 			"Hex-encoded secret key of this node.",
 
+			ARG arg_secretstore_admin_public: (Option<String>) = None, or |c: &Config| otry!(c.secretstore).admin_public.clone(),
+			"--secretstore-admin-public=[PUBLIC]",
+			"Hex-encoded public key of secret store administrator.",
+
 		["Sealing/Mining options"]
 			FLAG flag_force_sealing: (bool) = false, or |c: &Config| otry!(c.mining).force_sealing.clone(),
 			"--force-sealing",
@@ -1089,6 +1093,7 @@ struct SecretStore {
 	disable_http: Option<bool>,
 	disable_acl_check: Option<bool>,
 	self_secret: Option<String>,
+	admin_public: Option<String>,
 	nodes: Option<Vec<String>>,
 	interface: Option<String>,
 	port: Option<u16>,
@@ -1445,6 +1450,7 @@ mod tests {
 			flag_no_secretstore_http: false,
 			flag_no_secretstore_acl_check: false,
 			arg_secretstore_secret: None,
+			arg_secretstore_admin_public: None,
 			arg_secretstore_nodes: "".into(),
 			arg_secretstore_interface: "local".into(),
 			arg_secretstore_port: 8083u16,
@@ -1684,6 +1690,7 @@ mod tests {
 				disable_http: None,
 				disable_acl_check: None,
 				self_secret: None,
+				admin_public: None,
 				nodes: None,
 				interface: None,
 				port: Some(8083),

parity/configuration.rs

@@ -626,6 +626,7 @@ impl Configuration {
 			http_interface: self.secretstore_http_interface(),
 			http_port: self.args.arg_ports_shift + self.args.arg_secretstore_http_port,
 			data_path: self.directories().secretstore,
+			admin_public: self.secretstore_admin_public()?,
 		})
 	}
 
@@ -1037,6 +1038,13 @@ impl Configuration {
 		}
 	}
 
+	fn secretstore_admin_public(&self) -> Result<Option<Public>, String> {
+		match self.args.arg_secretstore_admin_public.as_ref() {
+			Some(admin_public) => Ok(Some(admin_public.parse().map_err(|e| format!("Invalid secret store admin public: {}", e))?)),
+			None => Ok(None),
+		}
+	}
+
 	fn secretstore_nodes(&self) -> Result<BTreeMap<Public, (String, u16)>, String> {
 		let mut nodes = BTreeMap::new();
 		for node in self.args.arg_secretstore_nodes.split(',').filter(|n| n != &"") {

parity/secretstore.rs

@@ -55,6 +55,8 @@ pub struct Configuration {
 	pub http_port: u16,
 	/// Data directory path for secret store
 	pub data_path: String,
+	/// Administrator public key.
+	pub admin_public: Option<Public>,
 }
 
 /// Secret store dependencies
@@ -145,6 +147,7 @@ mod server {
 						port: port,
 					})).collect(),
 					allow_connecting_to_higher_nodes: true,
+					admin_public: conf.admin_public,
 				},
 			};
 
@@ -170,6 +173,7 @@ impl Default for Configuration {
 			http_enabled: true,
 			acl_check_enabled: true,
 			self_secret: None,
+			admin_public: None,
 			nodes: BTreeMap::new(),
 			interface: "127.0.0.1".to_owned(),
 			port: 8083,

secret_store/Cargo.toml

@@ -20,6 +20,7 @@ serde_derive = "1.0"
 futures = "0.1"
 futures-cpupool = "0.1"
 rustc-hex = "1.0"
+tiny-keccak = "1.3"
 tokio-core = "0.1.6"
 tokio-io = "0.1.0"
 tokio-service = "0.1"

secret_store/src/key_server.rs

@@ -153,6 +153,7 @@ impl KeyServerCore {
 			allow_connecting_to_higher_nodes: config.allow_connecting_to_higher_nodes,
 			acl_storage: acl_storage,
 			key_storage: key_storage,
+			admin_public: None,
 		};
 
 		let (stop, stopped) = futures::oneshot();
@@ -255,6 +256,7 @@ pub mod tests {
 						port: start_port + (j as u16),
 					})).collect(),
 				allow_connecting_to_higher_nodes: false,
+				admin_public: None,
 			}).collect();
 		let key_servers_set: BTreeMap<Public, SocketAddr> = configs[0].nodes.iter()
 			.map(|(k, a)| (k.clone(), format!("{}:{}", a.address, a.port).parse().unwrap()))

secret_store/src/key_server_cluster/admin_sessions/mod.rs

@@ -0,0 +1,48 @@
+// Copyright 2015-2017 Parity Technologies (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+pub mod servers_set_change_session;
+pub mod share_add_session;
+pub mod share_change_session;
+pub mod share_move_session;
+pub mod share_remove_session;
+
+mod sessions_queue;
+
+use key_server_cluster::{SessionId, NodeId, SessionMeta};
+
+/// Share change session metadata.
+#[derive(Debug, Clone)]
+pub struct ShareChangeSessionMeta {
+	/// Key id.
+	pub id: SessionId,
+	/// Id of node, which has started this session.
+	pub master_node_id: NodeId,
+	/// Id of node, on which this session is running.
+	pub self_node_id: NodeId,
+}
+
+impl ShareChangeSessionMeta {
+	/// Convert to consensus session meta. `all_nodes_set` is the union of `old_nodes_set` && `new_nodes_set`.
+	pub fn into_consensus_meta(self, all_nodes_set_len: usize) -> SessionMeta {
+		SessionMeta {
+			id: self.id,
+			master_node_id: self.master_node_id,
+			self_node_id: self.self_node_id,
+			threshold: all_nodes_set_len - 1,
+		}
+	}
+}