feat(rust): use Idenitifer as a return type in public api

build-trust · Nov 13, 2023 · 2fa54bb · 2fa54bb
1 parent f161fd5
commit 2fa54bb
Show file tree

Hide file tree

Showing 36 changed files with 326 additions and 418 deletions.
diff --git a/examples/rust/get_started/examples/06-credentials-exchange-client.rs b/examples/rust/get_started/examples/06-credentials-exchange-client.rs
@@ -36,23 +36,23 @@ async fn main(ctx: Context) -> Result<()> {
     // We're hard coding this specific identity because its public identifier is known
     // to the credential issuer as a member of the production cluster.
     let change_history = hex::decode("81a201583ba20101025835a4028201815820530d1c2e9822433b679a66a60b9c2ed47c370cd0ce51cbe1a7ad847b5835a96303f4041a64dd4060051a77a94360028201815840042fff8f6c80603fb1cec4a3cf1ff169ee36889d3ed76184fe1dfbd4b692b02892df9525c61c2f1286b829586d13d5abf7d18973141f734d71c1840520d40a0e").unwrap();
-    let client = node.import_private_identity(&change_history, &secret).await?;
-    println!("issuer identifier {}", client.identifier());
+    let client = node.import_private_identity(None, &change_history, &secret).await?;
+    println!("issuer identifier {}", client);
 
     // Connect to the authority node and ask that node to create a
     // credential for the client.
     let issuer_identity = "81a201583ba20101025835a4028201815820afbca9cf5d440147450f9f0d0a038a337b3fe5c17086163f2c54509558b62ef403f4041a64dd404a051a77a9434a0282018158407754214545cda6e7ff49136f67c9c7973ec309ca4087360a9f844aac961f8afe3f579a72c0c9530f3ff210f02b7c5f56e96ce12ee256b01d7628519800723805";
-    let issuer = node.import_identity_hex(issuer_identity).await?;
+    let issuer = node.import_identity_hex(None, issuer_identity).await?;
 
     // The authority node already knows the public identifier of the client
     // as a member of the production cluster so it returns a signed credential
     // attesting to that knowledge.
     let authority_node = NodeManager::authority_node(
         &tcp,
         node.secure_channels().clone(),
-        issuer.identifier(),
+        &issuer,
         &MultiAddr::try_from("/dnsaddr/localhost/tcp/5000/secure/api")?,
-        client.identifier(),
+        &client,
     )
     .await?;
     let credential = authority_node.issue_credential(node.context()).await.unwrap();
@@ -62,24 +62,20 @@ async fn main(ctx: Context) -> Result<()> {
     // and match the identity used to start the issuer node
     node.credentials()
         .credentials_verification()
-        .verify_credential(Some(client.identifier()), &[issuer.identifier().clone()], &credential)
+        .verify_credential(Some(&client), &[issuer.clone()], &credential)
         .await?;
 
     // Create a trust context that will be used to authenticate credential exchanges
     let trust_context = TrustContext::new(
         "trust_context_id".to_string(),
-        Some(AuthorityService::new(
-            node.credentials(),
-            issuer.identifier().clone(),
-            None,
-        )),
+        Some(AuthorityService::new(node.credentials(), issuer.clone(), None)),
     );
 
     // Create a secure channel to the node that is running the Echoer service.
     let server_connection = tcp.connect("127.0.0.1:4000", TcpConnectionOptions::new()).await?;
     let channel = node
         .create_secure_channel(
-            client.identifier(),
+            &client,
             route![server_connection, DefaultAddress::SECURE_CHANNEL_LISTENER],
             SecureChannelOptions::new()
                 .with_trust_context(trust_context)

diff --git a/examples/rust/get_started/examples/06-credentials-exchange-issuer.rs b/examples/rust/get_started/examples/06-credentials-exchange-issuer.rs
@@ -27,8 +27,8 @@ async fn main(ctx: Context) -> Result<()> {
     let node = Node::builder().with_vault(vault).build(&ctx).await?;
 
     let issuer_identity = hex::decode("81a201583ba20101025835a4028201815820afbca9cf5d440147450f9f0d0a038a337b3fe5c17086163f2c54509558b62ef403f4041a64dd404a051a77a9434a0282018158407754214545cda6e7ff49136f67c9c7973ec309ca4087360a9f844aac961f8afe3f579a72c0c9530f3ff210f02b7c5f56e96ce12ee256b01d7628519800723805").unwrap();
-    let issuer = node.import_private_identity(&issuer_identity, &secret).await?;
-    println!("issuer identifier {}", issuer.identifier());
+    let issuer = node.import_private_identity(None, &issuer_identity, &secret).await?;
+    println!("issuer identifier {}", issuer);
 
     // Tell the credential issuer about a set of public identifiers that are
     // known, in advance, to be members of the production cluster.
@@ -50,7 +50,7 @@ async fn main(ctx: Context) -> Result<()> {
     let credential_issuer = CredentialsIssuer::new(
         node.identities().repository(),
         node.credentials(),
-        issuer.identifier(),
+        &issuer,
         "trust_context".into(),
     );
     for identifier in known_identifiers.iter() {
@@ -68,12 +68,8 @@ async fn main(ctx: Context) -> Result<()> {
     // Start a secure channel listener that only allows channels where the identity
     // at the other end of the channel can authenticate with the latest private key
     // corresponding to one of the above known public identifiers.
-    node.create_secure_channel_listener(
-        issuer.identifier(),
-        DefaultAddress::SECURE_CHANNEL_LISTENER,
-        sc_listener_options,
-    )
-    .await?;
+    node.create_secure_channel_listener(&issuer, DefaultAddress::SECURE_CHANNEL_LISTENER, sc_listener_options)
+        .await?;
 
     // Start a credential issuer worker that will only accept incoming requests from
     // authenticated secure channels with our known public identifiers.

diff --git a/examples/rust/get_started/examples/06-credentials-exchange-server.rs b/examples/rust/get_started/examples/06-credentials-exchange-server.rs
@@ -41,10 +41,10 @@ async fn main(ctx: Context) -> Result<()> {
     // We're hard coding this specific identity because its public identifier is known
     // to the credential issuer as a member of the production cluster.
     let change_history = hex::decode("81a201583ba20101025835a40282018158201d387ce453816d91159740a55e9a62ad3b58be9ecf7ef08760c42c0d885b6c2e03f4041a64dd4074051a77a9437402820181584053de69d82c9c4b12476c889b437be1d9d33bd0041655c4836a3a57ac5a67703e7f500af5bacaed291cfd6783d255fe0f0606638577d087a5612bfb4671f2b70a").unwrap();
-    let server = node.import_private_identity(&change_history, &secret).await?;
+    let server = node.import_private_identity(None, &change_history, &secret).await?;
 
     let issuer_identity = "81a201583ba20101025835a4028201815820afbca9cf5d440147450f9f0d0a038a337b3fe5c17086163f2c54509558b62ef403f4041a64dd404a051a77a9434a0282018158407754214545cda6e7ff49136f67c9c7973ec309ca4087360a9f844aac961f8afe3f579a72c0c9530f3ff210f02b7c5f56e96ce12ee256b01d7628519800723805";
-    let issuer = node.import_identity_hex(issuer_identity).await?;
+    let issuer = node.import_identity_hex(None, issuer_identity).await?;
 
     // Connect with the credential issuer and authenticate using the latest private
     // key of this program's hardcoded identity.
@@ -55,9 +55,9 @@ async fn main(ctx: Context) -> Result<()> {
     let authority_node = NodeManager::authority_node(
         &tcp,
         node.secure_channels().clone(),
-        issuer.identifier(),
+        &issuer,
         &MultiAddr::try_from("/dnsaddr/localhost/tcp/5000/secure/api").unwrap(),
-        server.identifier(),
+        &server,
     )
     .await?;
     let credential = authority_node.issue_credential(node.context()).await.unwrap();
@@ -67,17 +67,13 @@ async fn main(ctx: Context) -> Result<()> {
     // and match the identity used to start the issuer node
     node.credentials()
         .credentials_verification()
-        .verify_credential(Some(server.identifier()), &[issuer.identifier().clone()], &credential)
+        .verify_credential(Some(&server), &[issuer.clone()], &credential)
         .await?;
 
     // Create a trust context that will be used to authenticate credential exchanges
     let trust_context = TrustContext::new(
         "trust_context_id".to_string(),
-        Some(AuthorityService::new(
-            node.credentials(),
-            issuer.identifier().clone(),
-            None,
-        )),
+        Some(AuthorityService::new(node.credentials(), issuer.clone(), None)),
     );
 
     // Start an echoer worker that will only accept incoming requests from
@@ -100,12 +96,8 @@ async fn main(ctx: Context) -> Result<()> {
 
     // Start a secure channel listener that only allows channels with
     // authenticated identities.
-    node.create_secure_channel_listener(
-        server.identifier(),
-        DefaultAddress::SECURE_CHANNEL_LISTENER,
-        sc_listener_options,
-    )
-    .await?;
+    node.create_secure_channel_listener(&server, DefaultAddress::SECURE_CHANNEL_LISTENER, sc_listener_options)
+        .await?;
 
     // Create a TCP listener and wait for incoming connections
     tcp.listen("127.0.0.1:4000", tcp_listener_options).await?;

diff --git a/examples/rust/get_started/src/project.rs b/examples/rust/get_started/src/project.rs
@@ -57,9 +57,10 @@ pub async fn import_project(path: &str, identities: Arc<Identities>) -> Result<P
 
             let authority_identity = get_field_as_str(&values, "authority_identity")?;
             let identities_creation = identities.identities_creation();
-            let authority_public_identity = identities_creation
+            let authority_public_identifier = identities_creation
                 .import(None, &hex::decode(authority_identity).unwrap())
                 .await?;
+            let authority_identity = identities.get_identity(&authority_public_identifier).await?;
 
             let authority_access_route = get_field_as_str(&values, "authority_access_route")?;
             let authority_route =
@@ -71,7 +72,7 @@ pub async fn import_project(path: &str, identities: Arc<Identities>) -> Result<P
 
             Ok(Project {
                 project_identifier,
-                authority_identity: authority_public_identity,
+                authority_identity,
                 authority_route,
                 project_route,
             })

diff --git a/implementations/rust/ockam/ockam/src/node.rs b/implementations/rust/ockam/ockam/src/node.rs
@@ -5,7 +5,7 @@ use crate::identity::{
     IdentitiesKeys, IdentitiesRepository, SecureChannel, SecureChannelListener,
     SecureChannelRegistry, SecureChannels, SecureChannelsBuilder,
 };
-use crate::identity::{Identity, SecureChannelListenerOptions, SecureChannelOptions};
+use crate::identity::{SecureChannelListenerOptions, SecureChannelOptions};
 use ockam_core::compat::string::String;
 use ockam_core::compat::sync::Arc;
 use ockam_core::flow_control::FlowControls;
@@ -102,12 +102,7 @@ impl Node {
 
     /// Create an Identity
     pub async fn create_identity(&self) -> Result<Identifier> {
-        Ok(self
-            .identities_creation()
-            .create_identity()
-            .await?
-            .identifier()
-            .clone())
+        self.identities_creation().create_identity().await
     }
 
     /// Create the [`SecureChannel`] [`PurposeKey`]
@@ -123,22 +118,26 @@ impl Node {
     }
 
     /// Import an Identity given its private key and change history
-    /// Note: the data is not persisted!
     pub async fn import_private_identity(
         &self,
+        expected_identifier: Option<&Identifier>,
         identity_change_history: &[u8],
         key: &SigningSecretKeyHandle,
-    ) -> Result<Identity> {
+    ) -> Result<Identifier> {
         self.identities_creation()
-            .import_private_identity(identity_change_history, key)
+            .import_private_identity(expected_identifier, identity_change_history, key)
             .await
     }
 
     /// Import an Identity given that was exported as a hex-encoded string
-    pub async fn import_identity_hex(&self, data: &str) -> Result<Identity> {
+    pub async fn import_identity_hex(
+        &self,
+        expected_identifier: Option<&Identifier>,
+        data: &str,
+    ) -> Result<Identifier> {
         self.identities_creation()
             .import(
-                None,
+                expected_identifier,
                 &hex::decode(data).map_err(|_| OckamError::InvalidHex)?,
             )
             .await

diff --git a/implementations/rust/ockam/ockam/tests/relay.rs b/implementations/rust/ockam/ockam/tests/relay.rs
@@ -166,11 +166,11 @@ async fn test4(ctx: &mut Context) -> Result<()> {
 
     let secure_channels = secure_channels();
     let identities_creation = secure_channels.identities().identities_creation();
-    let cloud_identity = identities_creation.create_identity().await?;
+    let cloud = identities_creation.create_identity().await?;
     secure_channels
         .create_secure_channel_listener(
             ctx,
-            cloud_identity.identifier(),
+            &cloud,
             "cloud_listener",
             cloud_secure_channel_listener_options,
         )
@@ -196,19 +196,19 @@ async fn test4(ctx: &mut Context) -> Result<()> {
     let cloud_server_connection = server_tcp
         .connect(cloud_listener.socket_string(), TcpConnectionOptions::new())
         .await?;
-    let server_identity = identities_creation.create_identity().await?;
+    let server = identities_creation.create_identity().await?;
     let cloud_server_channel = secure_channels
         .create_secure_channel(
             ctx,
-            server_identity.identifier(),
+            &server,
             route![cloud_server_connection, "cloud_listener"],
             server_secure_channel_options,
         )
         .await?;
     secure_channels
         .create_secure_channel_listener(
             ctx,
-            server_identity.identifier(),
+            &server,
             "server_listener",
             server_secure_channel_listener_options,
         )
@@ -222,11 +222,11 @@ async fn test4(ctx: &mut Context) -> Result<()> {
     let cloud_client_connection = client_tcp
         .connect(cloud_listener.socket_string(), TcpConnectionOptions::new())
         .await?;
-    let client_identity = identities_creation.create_identity().await?;
+    let client = identities_creation.create_identity().await?;
     let cloud_client_channel = secure_channels
         .create_secure_channel(
             ctx,
-            client_identity.identifier(),
+            &client,
             route![cloud_client_connection, "cloud_listener"],
             SecureChannelOptions::new(),
         )
@@ -235,7 +235,7 @@ async fn test4(ctx: &mut Context) -> Result<()> {
     let tunnel_channel = secure_channels
         .create_secure_channel(
             ctx,
-            client_identity.identifier(),
+            &client,
             route![
                 cloud_client_channel,
                 remote_info.remote_address(),

diff --git a/implementations/rust/ockam/ockam_api/src/cli_state/mod.rs b/implementations/rust/ockam/ockam_api/src/cli_state/mod.rs
@@ -574,12 +574,12 @@ mod tests {
                 .with_vault(vault)
                 .with_identities_repository(sut.identities.identities_repository().await?)
                 .build();
-            let identity = identities
+            let identifier = identities
                 .identities_creation()
                 .create_identity()
                 .await
                 .unwrap();
-            let config = IdentityConfig::new(identity.identifier()).await;
+            let config = IdentityConfig::new(&identifier).await;
 
             let state = sut.identities.create(&name, config).unwrap();
             let got = sut.identities.get(&name).unwrap();

diff --git a/implementations/rust/ockam/ockam_api/src/cli_state/nodes.rs b/implementations/rust/ockam/ockam_api/src/cli_state/nodes.rs
@@ -583,7 +583,7 @@ pub async fn init_node_state(
     let vault_state = cli_state.create_vault_state(vault_name).await?;
 
     // create an identity for the node
-    let identity = cli_state
+    let identifier = cli_state
         .get_identities(vault_state.get().await?)
         .await?
         .identities_creation()
@@ -593,7 +593,7 @@ pub async fn init_node_state(
         .wrap_err("Failed to create identity")?;
 
     let identity_state = cli_state
-        .create_identity_state(identity.identifier(), identity_name)
+        .create_identity_state(&identifier, identity_name)
         .await?;
 
     // Create the node with the given vault and identity

diff --git a/implementations/rust/ockam/ockam_api/src/cloud/share/create.rs b/implementations/rust/ockam/ockam_api/src/cloud/share/create.rs
@@ -66,8 +66,6 @@ impl CreateServiceInvitation {
                 .identities_creation()
                 .import(None, &as_hex)
                 .await?
-                .identifier()
-                .clone()
         };
         // see also: ockam_command::project::ticket
         let enrollment_ticket = hex::encode(

diff --git a/implementations/rust/ockam/ockam_api/src/config/cli.rs b/implementations/rust/ockam/ockam_api/src/config/cli.rs
@@ -7,8 +7,8 @@ use crate::error::ApiError;
 use crate::{cli_state, multiaddr_to_transport_route, DefaultAddress, HexByteVec};
 use ockam::identity::{
     identities, AuthorityService, CredentialsMemoryRetriever, CredentialsRetriever, Identifier,
-    Identities, Identity, RemoteCredentialsRetriever, RemoteCredentialsRetrieverInfo,
-    SecureChannels, TrustContext,
+    Identities, RemoteCredentialsRetriever, RemoteCredentialsRetrieverInfo, SecureChannels,
+    TrustContext,
 };
 use ockam_core::compat::sync::Arc;
 use ockam_core::{Result, Route};
@@ -115,7 +115,7 @@ impl TrustContextConfig {
         tcp_transport: Option<TcpTransport>,
     ) -> Result<TrustContext> {
         let authority = if let Some(authority_config) = self.authority.as_ref() {
-            let identity = authority_config.identity().await?;
+            let identifier = authority_config.identifier().await?;
             let credential_retriever =
                 if let Some(retriever_type) = &authority_config.own_credential {
                     Some(
@@ -129,7 +129,7 @@ impl TrustContextConfig {
 
             Some(AuthorityService::new(
                 secure_channels.identities().credentials(),
-                identity.identifier().clone(),
+                identifier,
                 credential_retriever,
             ))
         } else {
@@ -236,7 +236,7 @@ impl TrustAuthorityConfig {
         &self.identity
     }
 
-    pub async fn identity(&self) -> Result<Identity> {
+    pub async fn identifier(&self) -> Result<Identifier> {
         identities()
             .identities_creation()
             .import(
@@ -281,7 +281,7 @@ impl CredentialRetrieverConfig {
             CredentialRetrieverConfig::FromCredentialIssuer(issuer_config) => {
                 let _ = tcp_transport.ok_or_else(|| ApiError::core("TCP Transport was not provided when credential retriever was defined as an issuer."))?;
                 let credential_issuer_info = RemoteCredentialsRetrieverInfo::new(
-                    issuer_config.resolve_identity().await?.identifier().clone(),
+                    issuer_config.resolve_identity().await?,
                     issuer_config.resolve_route().await?,
                     DefaultAddress::CREDENTIAL_ISSUER.into(),
                 );
@@ -309,7 +309,7 @@ impl AuthoritiesConfig {
         self.authorities.iter()
     }
 
-    pub async fn to_identities(&self, identities: Arc<Identities>) -> Result<Vec<Identity>> {
+    pub async fn to_identities(&self, identities: Arc<Identities>) -> Result<Vec<Identifier>> {
         let mut v = Vec::new();
         for a in self.authorities.values() {
             v.push(
@@ -375,7 +375,7 @@ impl CredentialIssuerConfig {
         Ok(route)
     }
 
-    async fn resolve_identity(&self) -> Result<Identity> {
+    async fn resolve_identity(&self) -> Result<Identifier> {
         let encoded =
             hex::decode(&self.identity).map_err(|_| ApiError::core("Invalid project authority"))?;
         identities()