config.rs

Overview

The config.rs file defines the NetworkConfig struct, which encapsulates the network configuration parameters necessary for establishing and managing network communication within the system. This includes binding addresses, security credentials, subscription peers, and proxy nodes. The file also provides the construction logic for NetworkConfig, integrating certificate handling and cryptographic keys to facilitate secure network communication.

Detailed Description

Struct: NetworkConfig

The NetworkConfig struct holds the core configuration for the network layer:

• Fields:

  • bind: SocketAddr
    The local socket address on which the network service will bind and listen for incoming connections.

  • credential: NetCredential
    Encapsulates the cryptographic credentials used for authentication and encryption in the network transport layer. Includes certificates, private keys, and trusted public keys.

  • subscribe: Vec<Vec<SocketAddr>>
    A nested vector representing groups of socket addresses to which the node subscribes. Each inner vector can represent a set of peers for a particular subscription or topic.

  • proxies: Vec<SocketAddr>
    A list of proxy addresses that the node may use to route its network traffic.

• Trait Implementations:

  • Clone and PartialEq: Enables cloning and comparison of NetworkConfig instances.

  • Debug: Custom implementation that only outputs the bind address for privacy/security reasons when logging.

Methods

NetworkConfig::new

pub fn new(
    bind: SocketAddr,
    my_cert: CertFile,
    my_key: PrivateKeyFile,
    my_ed_keys: &[transport_layer::SigningKey],
    trusted_certs: CertStore,
    trusted_pubkeys: HashSet<transport_layer::VerifyingKey>,
    subscribe: Vec<Vec<SocketAddr>>,
    proxies: Vec<SocketAddr>,
    tls_cert_cache: Option<TlsCertCache>,
) -> anyhow::Result<Self>

• Purpose:
  Constructs a new NetworkConfig instance, resolving cryptographic credentials and preparing the network configuration for use.

• Parameters:

  • bind: The local socket address where the service will bind.

  • my_cert: The certificate file representing the node’s identity.

  • my_key: The private key file corresponding to the certificate.

  • my_ed_keys: A slice of signing keys used for Ed25519 signatures.

  • trusted_certs: A certificate store containing trusted certificates.

  • trusted_pubkeys: A set of trusted public keys for verification.

  • subscribe: Nested vectors of socket addresses for subscription peers.

  • proxies: Vector of proxy socket addresses.

  • tls_cert_cache: Optional TLS certificate cache to optimize certificate handling.

• Return:
  Returns Ok(NetworkConfig) on success, or an error wrapped in anyhow::Result if any step fails (e.g., resolving certificates).

• Usage Example:

  let network_config = NetworkConfig::new(
      bind_address,
      cert_file,
      key_file,
      &signing_keys,
      trusted_cert_store,
      trusted_pubkeys_set,
      subscription_peers,
      proxy_addresses,
      Some(tls_cache),
  )?;
  

• Implementation Details:

  • Logs the creation of the configuration with the bind address.

  • Calls my_cert.resolve to combine the certificate, private key, Ed25519 keys, and optionally the TLS certificate cache into a usable credential form.

  • Constructs a NetCredential with resolved certificates, keys, trusted public keys, and certificate hashes.

  • Returns a new NetworkConfig instance populated with the provided and derived data.

Important Implementation Details

• The NetworkConfig struct relies heavily on types and functionality from the transport_layer module, particularly for cryptographic operations and certificate management.

• The use of CertFile, PrivateKeyFile, and CertStore from the pub_sub module indicates the integration of this configuration with the publication-subscription system of the application.

• The method my_cert.resolve is a crucial step that processes raw certificate and key files into a form usable by the network transport layer, including support for Ed25519 signing keys and optional TLS certificate caching.

• The Debug trait implementation is intentionally minimal to avoid exposing sensitive credential information in logs, only printing the binding address.

Interactions with Other System Components

• transport_layer Module:
  Provides cryptographic primitives such as NetCredential, signing and verifying keys, and TLS certificate caches. NetworkConfig depends on this module for establishing secure network identities and trust relationships.

• pub_sub Module:
  Supplies certificate and key file abstractions (CertFile, PrivateKeyFile) and certificate stores (CertStore). This connection ties network configuration to the messaging and subscription framework of the system.

• The subscribe and proxies fields suggest that NetworkConfig configures the node's participation in a peer-to-peer network with subscription groups and potentially proxy routing, which likely interact with higher-level networking or messaging components.

Diagram: Structure of config.rs

classDiagram
class NetworkConfig {
+bind: SocketAddr
+credential: NetCredential
+subscribe: Vec<Vec<SocketAddr>>
+proxies: Vec<SocketAddr>
+new()
}
NetworkConfig ..> NetCredential : uses
NetworkConfig ..> CertFile : uses
NetworkConfig ..> PrivateKeyFile : uses
NetworkConfig ..> CertStore : uses
NetworkConfig ..> TlsCertCache : optional
NetworkConfig ..> transport_layer::SigningKey : uses
NetworkConfig ..> transport_layer::VerifyingKey : uses

This diagram shows the core NetworkConfig struct and its dependencies on certificate, key, and transport layer types. The new method orchestrates the creation and assembly of these components into a network configuration instance.