diff --git a/.changelog/5865.internal.md b/.changelog/5865.internal.md new file mode 100644 index 00000000000..d0dd0e2c7fd --- /dev/null +++ b/.changelog/5865.internal.md @@ -0,0 +1 @@ +keymanager: Expose runtime ID and RSK in the key manager client diff --git a/keymanager/src/client/interface.rs b/keymanager/src/client/interface.rs index 407506b2231..8b287d3790f 100644 --- a/keymanager/src/client/interface.rs +++ b/keymanager/src/client/interface.rs @@ -3,7 +3,10 @@ use std::sync::Arc; use async_trait::async_trait; -use oasis_core_runtime::{common::crypto::signature::PublicKey, consensus::beacon::EpochTime}; +use oasis_core_runtime::{ + common::{crypto::signature::PublicKey, namespace::Namespace}, + consensus::beacon::EpochTime, +}; use crate::{ api::KeyManagerError, @@ -14,6 +17,13 @@ use crate::{ /// Key manager client interface. #[async_trait] pub trait KeyManagerClient: Send + Sync { + /// Key manager runtime identifier this client is connected to. It may be `None` in case the + /// identifier is not known yet (e.g. the client has not yet been initialized). + fn runtime_id(&self) -> Option; + + /// Key manager runtime signing key used to sign messages from the key manager. + fn runtime_signing_key(&self) -> Option; + /// Clear local key cache. /// /// This will make the client re-fetch the keys from the key manager. @@ -108,6 +118,14 @@ pub trait KeyManagerClient: Send + Sync { #[async_trait] impl KeyManagerClient for Arc { + fn runtime_id(&self) -> Option { + KeyManagerClient::runtime_id(&**self) + } + + fn runtime_signing_key(&self) -> Option { + KeyManagerClient::runtime_signing_key(&**self) + } + fn clear_cache(&self) { KeyManagerClient::clear_cache(&**self) } diff --git a/keymanager/src/client/mock.rs b/keymanager/src/client/mock.rs index ba416096459..c8c58974d57 100644 --- a/keymanager/src/client/mock.rs +++ b/keymanager/src/client/mock.rs @@ -4,7 +4,10 @@ use std::{collections::HashMap, sync::Mutex}; use async_trait::async_trait; use oasis_core_runtime::{ - common::crypto::signature::{PublicKey, Signature}, + common::{ + crypto::signature::{PublicKey, Signature}, + namespace::Namespace, + }, consensus::beacon::EpochTime, }; @@ -35,6 +38,14 @@ impl MockClient { #[async_trait] impl KeyManagerClient for MockClient { + fn runtime_id(&self) -> Option { + Some(Namespace::default()) + } + + fn runtime_signing_key(&self) -> Option { + None + } + fn clear_cache(&self) {} async fn get_or_create_keys( diff --git a/keymanager/src/client/remote.rs b/keymanager/src/client/remote.rs index e57ccf2fc6e..baebfe37f1a 100644 --- a/keymanager/src/client/remote.rs +++ b/keymanager/src/client/remote.rs @@ -82,6 +82,8 @@ pub struct RemoteClient { ephemeral_public_keys: RwLock>, /// Local cache for the state keys. state_keys: RwLock>, + /// Key manager runtime ID. + key_manager_id: RwLock>, /// Key manager's runtime signing key. rsk: RwLock>, } @@ -104,6 +106,7 @@ impl RemoteClient { ephemeral_private_keys: RwLock::new(LruCache::new(cap)), ephemeral_public_keys: RwLock::new(LruCache::new(cap)), state_keys: RwLock::new(LruCache::new(cap)), + key_manager_id: RwLock::new(None), rsk: RwLock::new(None), } } @@ -196,6 +199,7 @@ impl RemoteClient { } // Set key manager runtime ID. + *self.key_manager_id.write().unwrap() = Some(status.id); self.rpc_client.update_runtime_id(Some(status.id)); // Verify and apply the policy, if set. @@ -322,6 +326,14 @@ impl RemoteClient { #[async_trait] impl KeyManagerClient for RemoteClient { + fn runtime_id(&self) -> Option { + *self.key_manager_id.read().unwrap() + } + + fn runtime_signing_key(&self) -> Option { + *self.rsk.read().unwrap() + } + fn clear_cache(&self) { // We explicitly only take one lock at a time.