Added aries_askar as storage layer

Cargo.toml

@@ -18,6 +18,7 @@ rust-version = "1.77"
 base64ct = { version = "1.6", default-features = false, features = ["alloc", "std"] }
 thiserror = "1.0"
 url = { version = "2.5", features = ["serde"] }
+zeroize = "1.8.1"
 #crypto
 ed25519-dalek = { version = "2.1.1", default-features = false, features = ["fast", "std", "zeroize", "rand_core"] }
 hpke = { git = "https://github.com/marlonbaeten/rust-hpke", branch = "keys-by-reference", features = ["alloc", "std"] }
@@ -27,6 +28,7 @@ sha2 = { version = "0.10.8" }
 async-stream = { version = "0.3"}
 futures = { version = "0.3" }
 tokio = { version = "1.0", default-features = false, features = ["rt-multi-thread", "net", "macros"] }
+aries-askar = { git = "https://github.com/marlonbaeten/aries-askar", branch = "ciborium", default-features = false, features = ["sqlite"] }
 # logging
 tracing = "0.1"
 tracing-subscriber = { version = "0.3.1", default-features = false, features = ["fmt", "ansi", "env-filter", "tracing-log"] }

deny.toml

@@ -3,6 +3,9 @@ targets = [
     { triple = "x86_64-unknown-linux-gnu" },
 ]
 
+[bans]
+
+
 [licenses]
 allow-osi-fsf-free = "either"
 copyleft = "deny"
@@ -18,4 +21,5 @@ license-files = [ { path = "LICENSE", hash = 0xbd0eed23 } ]
 [sources]
 allow-git = [
     "https://github.com/marlonbaeten/rust-hpke",
+    "https://github.com/marlonbaeten/aries-askar",
 ]

examples/cli-test-direct.sh

@@ -4,25 +4,25 @@
 cargo install --path .
 
 echo "---- cleanup the database"
-rm -f marlon.json marc.json
+rm -f marlon.sqlite marc.sqlite
 
 echo "---- create a new sender identity"
-tsp --database marlon.json create --alias marlon marlon
+tsp --database marlon create --alias marlon marlon
 
 echo "---- create a new receiver identity"
-tsp --database marc.json create --alias marc marc
+tsp --database marc create --alias marc marc
 
 echo "---- verify the address of the receiver"
-tsp --database marlon.json verify --alias marc did:web:tsp-test.org:user:marc
+tsp --database marlon verify --alias marc did:web:tsp-test.org:user:marc
 
 echo "---- verify the address of the sender"
-tsp --database marc.json verify --alias marlon did:web:tsp-test.org:user:marlon
+tsp --database marc verify --alias marlon did:web:tsp-test.org:user:marlon
 
 echo "---- wait 2 seconds and then send a message to the receiver"
-sleep 2 && echo "Oh hello Marc" | tsp --database marlon.json send -s marlon -r marc &
+sleep 2 && echo "Oh hello Marc" | tsp --database marlon send -s marlon -r marc &
 
 echo "---- receive the message"
-tsp --database marc.json receive --one marc
+tsp --database marc receive --one marc
 
 echo "---- cleanup databases"
-rm -f marc.json marlon.json
+rm -f marc.sqlite marlon.sqlite

examples/cli-test-nested.sh

@@ -4,34 +4,34 @@
 cargo install --path .
 
 echo "---- cleanup databases"
-rm -f a.json b.json
+rm -f a.sqlite b.sqlite
 
 echo "---- load the sender identity"
-tsp --database a.json create-from-file --alias a test/a.json
-tsp --database a.json create-peer a-inner
-tsp --database a.json set-parent a-inner a
+tsp --database a create-from-file --alias a test/a.json
+tsp --database a create-peer a-inner
+tsp --database a set-parent a-inner a
 
 echo "---- load the receiver identity"
-tsp --database b.json create-from-file --alias b test/b.json
-tsp --database b.json create-peer b-inner
+tsp --database b create-from-file --alias b test/b.json
+tsp --database b create-peer b-inner
 
 echo "---- verify sender vids"
-tsp --database a.json print a | xargs tsp --database b.json verify --alias a
-tsp --database a.json print a-inner | xargs tsp --database b.json verify --alias a-inner
+tsp --database a print a | xargs tsp --database b verify --alias a
+tsp --database a print a-inner | xargs tsp --database b verify --alias a-inner
 
 echo "---- verify receiver vids"
-tsp --database b.json print b | xargs tsp --database a.json verify --alias b
-tsp --database b.json print b-inner | xargs tsp --database a.json verify --alias b-inner
-tsp --database a.json set-parent b-inner b
+tsp --database b print b | xargs tsp --database a verify --alias b
+tsp --database b print b-inner | xargs tsp --database a verify --alias b-inner
+tsp --database a set-parent b-inner b
 
 echo "---- configure relations"
-tsp --database a.json set-relation b-inner a-inner
+tsp --database a set-relation b-inner a-inner
 
 echo "---- wait 2 seconds and then send a message to the receiver"
-sleep 2 && echo "Hi b" | tsp --database a.json send -s a-inner -r b-inner &
+sleep 2 && echo "Hi b" | tsp --database a send -s a-inner -r b-inner &
 
 echo "---- receive the message"
-tsp --database b.json receive --one b
+tsp --database b receive --one b
 
 echo "---- cleanup databases"
-rm -f a.json b.json
+rm -f a.sqlite b.sqlite

examples/cli-test-routed.sh

@@ -4,32 +4,32 @@
 cargo install --path .
 
 echo "---- cleanup databases"
-rm -f a.json b.json
+rm -f a.sqlite b.sqlite
 
 echo "---- load the sender identity"
-tsp --database a.json create-from-file --alias a test/a.json
+tsp --database a create-from-file --alias a test/a.json
 
 echo "---- load the receiver identity"
-tsp --database b.json create-from-file --alias b test/b.json
+tsp --database b create-from-file --alias b test/b.json
 
 echo "---- verify sender vids"
-tsp --database a.json print a | xargs tsp --database b.json verify --alias a
+tsp --database a print a | xargs tsp --database b verify --alias a
 
 echo "---- verify receiver vids"
-tsp --database b.json print b | xargs tsp --database a.json verify --alias b
-tsp --database b.json verify did:web:did.tsp-test.org:user:q --alias q
+tsp --database b print b | xargs tsp --database a verify --alias b
+tsp --database b verify did:web:did.tsp-test.org:user:q --alias q
 
 echo "---- configure route"
-tsp --database a.json verify did:web:did.tsp-test.org:user:p --alias p --sender a
-tsp --database a.json verify did:web:did.tsp-test.org:user:b --alias b --sender a
-tsp --database a.json verify did:web:did.tsp-test.org:user:q --alias q
-tsp --database a.json set-route b p,q,q
+tsp --database a verify did:web:did.tsp-test.org:user:p --alias p --sender a
+tsp --database a verify did:web:did.tsp-test.org:user:b --alias b --sender a
+tsp --database a verify did:web:did.tsp-test.org:user:q --alias q
+tsp --database a set-route b p,q,q
 
 echo "---- wait 2 seconds and then send a message to the receiver"
-sleep 2 && echo "Hi b" | tsp --database a.json send -s a -r b &
+sleep 2 && echo "Hi b" | tsp --database a send -s a -r b &
 
 echo "---- receive the message"
-tsp --database b.json receive --one b
+tsp --database b receive --one b
 
 echo "---- cleanup databases"
-rm -f a.json b.json
+rm -f a.sqlite b.sqlite

examples/src/cli.rs

@@ -2,28 +2,28 @@ use base64ct::{Base64UrlUnpadded, Encoding};
 use clap::{Parser, Subcommand};
 use futures::StreamExt;
 use serde::{Deserialize, Serialize};
-use std::{
-    collections::HashMap,
-    path::{Path, PathBuf},
-};
+use std::{collections::HashMap, path::PathBuf};
 use tokio::io::AsyncReadExt;
 use tracing::{info, trace};
 use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
-use tsp::{cesr::Part, AsyncStore, Error, ExportVid, OwnedVid, ReceivedTspMessage, VerifiedVid};
+use tsp::{
+    cesr::Part, AsyncStore, Error, ExportVid, OwnedVid, ReceivedTspMessage, Vault, VerifiedVid,
+};
 
 #[derive(Debug, Parser)]
 #[command(name = "tsp")]
 #[command(about = "Send and receive TSP messages", long_about = None)]
 struct Cli {
     #[command(subcommand)]
     command: Commands,
+    #[arg(short, long, default_value = "database", help = "Database name to use")]
+    database: String,
     #[arg(
-        short,
         long,
-        default_value = "database.json",
-        help = "Database file path"
+        default_value = "unsecure",
+        help = "Password used to encrypt the database"
     )]
-    database: String,
+    password: String,
     #[arg(
         short,
         long,
@@ -94,53 +94,47 @@ struct DatabaseContents {
     aliases: Aliases,
 }
 
-async fn write_database(
-    database_file: &str,
-    db: &AsyncStore,
-    aliases: Aliases,
-) -> Result<(), Error> {
-    let db_path = Path::new(database_file);
-
-    let db_contents = DatabaseContents {
-        data: db.export()?,
-        aliases,
-    };
+async fn write_database(vault: &Vault, db: &AsyncStore, aliases: Aliases) -> Result<(), Error> {
+    let aliases = serde_json::to_value(&aliases).ok();
+    vault.persist(db.export()?, aliases).await?;
 
-    let db_contents_json =
-        serde_json::to_string_pretty(&db_contents).expect("Could not serialize database");
-
-    tokio::fs::write(db_path, db_contents_json)
-        .await
-        .expect("Could not write database");
-
-    trace!("persisted database to {database_file}");
+    trace!("persisted database");
 
     Ok(())
 }
 
-async fn read_database(database_file: &str) -> Result<(AsyncStore, Aliases), Error> {
-    let db_path = Path::new(database_file);
-    if db_path.exists() {
-        let contents = tokio::fs::read_to_string(db_path)
-            .await
-            .expect("Could not read database file");
+async fn read_database(
+    database_name: &str,
+    password: &str,
+) -> Result<(Vault, AsyncStore, Aliases), Error> {
+    match Vault::open_sqlite(database_name, password.as_bytes()).await {
+        Ok(vault) => {
+            let (vids, aliases) = vault.load().await?;
+
+            let aliases: Aliases = match aliases {
+                Some(aliases) => serde_json::from_value(aliases).expect("Invalid aliases"),
+                None => Aliases::new(),
+            };
 
-        let db_contents: DatabaseContents =
-            serde_json::from_str(&contents).expect("Could not deserialize database");
+            let db = AsyncStore::new();
+            db.import(vids)?;
 
-        let db = AsyncStore::new();
-        db.import(db_contents.data)?;
+            trace!("opened database {database_name}");
 
-        trace!("opened database {database_file}");
+            vault.destroy().await?;
 
-        Ok((db, db_contents.aliases))
-    } else {
-        let db = AsyncStore::new();
-        write_database(database_file, &db, Aliases::new()).await?;
+            let vault = Vault::new_sqlite(database_name, password.as_bytes()).await?;
 
-        info!("created new database");
+            Ok((vault, db, aliases))
+        }
+        Err(_) => {
+            let vault = Vault::new_sqlite(database_name, password.as_bytes()).await?;
 
-        Ok((db, Aliases::new()))
+            let db = AsyncStore::new();
+            info!("created new database");
+
+            Ok((vault, db, Aliases::new()))
+        }
     }
 }
 
@@ -189,7 +183,8 @@ async fn run() -> Result<(), Error> {
         )
         .init();
 
-    let (mut vid_database, mut aliases) = read_database(&args.database).await?;
+    let (vault, mut vid_database, mut aliases) =
+        read_database(&args.database, &args.password).await?;
     let server: String = args.server;
 
     match args.command {
@@ -203,7 +198,7 @@ async fn run() -> Result<(), Error> {
 
             vid_database.set_relation_for_vid(&vid, sender.as_deref())?;
 
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
 
             info!(
                 "{vid} is verified and added to the database {}",
@@ -239,7 +234,7 @@ async fn run() -> Result<(), Error> {
             trace!("published DID document to {url}/did.json");
 
             vid_database.add_private_vid(private_vid.clone())?;
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
         }
         Commands::CreatePeer { alias } => {
             let transport = url::Url::parse(&format!("https://{server}/user/{alias}")).unwrap();
@@ -248,7 +243,7 @@ async fn run() -> Result<(), Error> {
             aliases.insert(alias.clone(), private_vid.identifier().to_string());
 
             vid_database.add_private_vid(private_vid.clone())?;
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
 
             info!("created peer identity {}", private_vid.identifier());
         }
@@ -260,7 +255,7 @@ async fn run() -> Result<(), Error> {
                 aliases.insert(alias.clone(), private_vid.identifier().to_string());
             }
 
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
 
             info!("created identity from file {}", private_vid.identifier());
         }
@@ -272,7 +267,7 @@ async fn run() -> Result<(), Error> {
 
             info!("{vid} is now a child of {other_vid}");
 
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
         }
         Commands::SetRoute { vid, route } => {
             let vid = aliases.get(&vid).cloned().unwrap_or(vid);
@@ -285,7 +280,7 @@ async fn run() -> Result<(), Error> {
             let route_ref = route.iter().map(|s| s.as_str()).collect::<Vec<_>>();
 
             vid_database.set_route_for_vid(&vid, &route_ref)?;
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
 
             info!("{vid} has route {route:?}");
         }
@@ -294,7 +289,7 @@ async fn run() -> Result<(), Error> {
             let other_vid = aliases.get(&other_vid).cloned().unwrap_or(other_vid);
 
             vid_database.set_relation_for_vid(&vid, Some(&other_vid))?;
-            write_database(&args.database, &vid_database, aliases).await?;
+            write_database(&vault, &vid_database, aliases).await?;
 
             info!("{vid} has relation to {other_vid}");
         }
@@ -412,7 +407,7 @@ async fn run() -> Result<(), Error> {
                 if let Some((unknown_vid, payload)) = handle_message(message) {
                     let message = vid_database.verify_and_open(&unknown_vid, payload).await?;
 
-                    write_database(&args.database, &vid_database, aliases.clone()).await?;
+                    write_database(&vault, &vid_database, aliases.clone()).await?;
 
                     info!(
                         "{vid} is verified and added to the database {}",
@@ -428,6 +423,8 @@ async fn run() -> Result<(), Error> {
         }
     }
 
+    vault.close().await?;
+
     Ok(())
 }