diff --git a/Cargo.lock b/Cargo.lock index 73989661..6cb148be 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -52,15 +52,15 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "const-oid" -version = "0.9.5" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "core-foundation" -version = "0.9.3" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" dependencies = [ "core-foundation-sys", "libc", @@ -68,9 +68,9 @@ dependencies = [ [[package]] name = "core-foundation-sys" -version = "0.8.4" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" +checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" [[package]] name = "cpufeatures" @@ -121,7 +121,7 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -154,12 +154,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.7" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -244,20 +244,20 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" +checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" dependencies = [ "hermit-abi", "rustix", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "lazy_static" @@ -267,9 +267,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.150" +version = "0.2.151" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" [[package]] name = "libloading" @@ -283,9 +283,9 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" +checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" [[package]] name = "log" @@ -355,9 +355,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "openssl-probe" @@ -406,54 +406,54 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] [[package]] name = "ring" -version = "0.17.5" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" dependencies = [ "cc", "getrandom", "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] name = "rustix" -version = "0.38.25" +version = "0.38.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" +checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" dependencies = [ "bitflags 2.4.1", "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "rustls" -version = "0.21.9" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring", @@ -494,17 +494,17 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -542,29 +542,29 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.193" +version = "1.0.194" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.194" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.110" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257" dependencies = [ "itoa", "ryu", @@ -573,9 +573,9 @@ dependencies = [ [[package]] name = "serde_yaml" -version = "0.9.27" +version = "0.9.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cc7a1570e38322cfe4154732e5110f887ea57e22b76f4bfd32b5bdd3368666c" +checksum = "b1bf28c79a99f70ee1f1d83d10c875d2e70618417fda01ad1785e027579d9d38" dependencies = [ "indexmap", "itoa", @@ -614,9 +614,9 @@ checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", "der", @@ -635,9 +635,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.39" +version = "2.0.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" dependencies = [ "proc-macro2", "quote", @@ -676,9 +676,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-bidi" -version = "0.3.13" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +checksum = "6f2528f27a9eb2b21e69c95319b30bd0efd85d09c379741b0f78ea1d86be2416" [[package]] name = "unicode-ident" @@ -697,9 +697,9 @@ dependencies = [ [[package]] name = "unsafe-libyaml" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f28467d3e1d3c6586d8f25fa243f544f5800fec42d97032474e17222c2b75cfa" +checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b" [[package]] name = "untrusted" @@ -790,7 +790,16 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.0", ] [[package]] @@ -799,13 +808,28 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +dependencies = [ + "windows_aarch64_gnullvm 0.52.0", + "windows_aarch64_msvc 0.52.0", + "windows_i686_gnu 0.52.0", + "windows_i686_msvc 0.52.0", + "windows_x86_64_gnu 0.52.0", + "windows_x86_64_gnullvm 0.52.0", + "windows_x86_64_msvc 0.52.0", ] [[package]] @@ -814,47 +838,89 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" + [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" + [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" + [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" + [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" + [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" + [[package]] name = "x509-cert" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25eefca1d99701da3a57feb07e5079fc62abba059fc139e98c13bbb250f3ef29" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid", "der", diff --git a/p11nethsm.conf b/p11nethsm.conf index 7d401aea..074d79e3 100644 --- a/p11nethsm.conf +++ b/p11nethsm.conf @@ -15,4 +15,7 @@ slots: danger_insecure_cert: true # sha256_fingerprints: # - "31:92:8E:A4:5E:16:5C:A7:33:44:E8:E9:8E:64:C4:AE:7B:2A:57:E5:77:43:49:F3:69:C9:8F:C4:2F:3A:3B:6E" - \ No newline at end of file + retries: + count: 10 + delay_seconds: 1 + timeout_seconds: 10 diff --git a/pkcs11/src/api/generation.rs b/pkcs11/src/api/generation.rs index 330a72d3..19b336f4 100644 --- a/pkcs11/src/api/generation.rs +++ b/pkcs11/src/api/generation.rs @@ -244,7 +244,7 @@ pub extern "C" fn C_GenerateRandom( let data = match session.login_ctx.try_( |api_config| { default_api::random_post( - &api_config, + api_config, nethsm_sdk_rs::models::RandomRequestData { length: ulRandomLen as i32, }, diff --git a/pkcs11/src/api/object.rs b/pkcs11/src/api/object.rs index 19da63bf..adf5e753 100644 --- a/pkcs11/src/api/object.rs +++ b/pkcs11/src/api/object.rs @@ -270,6 +270,7 @@ mod tests { login::LoginCtx, session::Session, }, + config::config_file::RetryConfig, data::SESSION_MANAGER, }; @@ -393,7 +394,15 @@ mod tests { device_error: 0, enum_ctx: None, flags: 0, - login_ctx: LoginCtx::new(None, None, vec![]), + login_ctx: LoginCtx::new( + None, + None, + vec![], + Some(RetryConfig { + count: 2, + delay_seconds: 0, + }), + ), slot_id: 0, }; diff --git a/pkcs11/src/api/token.rs b/pkcs11/src/api/token.rs index 0dd92b8b..bc343506 100644 --- a/pkcs11/src/api/token.rs +++ b/pkcs11/src/api/token.rs @@ -87,10 +87,10 @@ pub extern "C" fn C_GetSlotInfo( let mut flags = 0; - let mut login_ctx = LoginCtx::new(None, None, slot.instances.clone()); + let mut login_ctx = LoginCtx::new(None, None, slot.instances.clone(), slot.retries); let result = login_ctx.try_( - |conf| default_api::info_get(&conf), + default_api::info_get, crate::backend::login::UserMode::Guest, ); @@ -108,7 +108,7 @@ pub extern "C" fn C_GetSlotInfo( }; let result = login_ctx.try_( - |conf| default_api::health_state_get(&conf), + default_api::health_state_get, crate::backend::login::UserMode::Guest, ); @@ -160,10 +160,15 @@ pub extern "C" fn C_GetTokenInfo( return cryptoki_sys::CKR_ARGUMENTS_BAD; } - let mut login_ctx = LoginCtx::new(None, slot.administrator.clone(), slot.instances.clone()); + let mut login_ctx = LoginCtx::new( + None, + slot.administrator.clone(), + slot.instances.clone(), + slot.retries, + ); let result = login_ctx.try_( - |conf| default_api::info_get(&conf), + default_api::info_get, crate::backend::login::UserMode::Guest, ); @@ -184,10 +189,7 @@ pub extern "C" fn C_GetTokenInfo( // Try to fech system info if login_ctx.can_run_mode(crate::backend::login::UserMode::Administrator) { - match login_ctx.try_( - |conf| default_api::system_info_get(&conf), - UserMode::Administrator, - ) { + match login_ctx.try_(default_api::system_info_get, UserMode::Administrator) { Err(e) => { warn!("Error getting system info: {:?}", e); } diff --git a/pkcs11/src/backend/decrypt.rs b/pkcs11/src/backend/decrypt.rs index 22bd82f9..fdd39e4e 100644 --- a/pkcs11/src/backend/decrypt.rs +++ b/pkcs11/src/backend/decrypt.rs @@ -75,7 +75,7 @@ impl DecryptCtx { let output = self.login_ctx.try_( |api_config| { default_api::keys_key_id_decrypt_post( - &api_config, + api_config, key_id, nethsm_sdk_rs::models::DecryptRequestData { mode, diff --git a/pkcs11/src/backend/encrypt.rs b/pkcs11/src/backend/encrypt.rs index fb37b78e..84a0e712 100644 --- a/pkcs11/src/backend/encrypt.rs +++ b/pkcs11/src/backend/encrypt.rs @@ -122,7 +122,7 @@ fn encrypt_data( .try_( |api_config| { default_api::keys_key_id_encrypt_post( - &api_config, + api_config, key_id, nethsm_sdk_rs::models::EncryptRequestData { mode, diff --git a/pkcs11/src/backend/events.rs b/pkcs11/src/backend/events.rs index 2b373224..a797c816 100644 --- a/pkcs11/src/backend/events.rs +++ b/pkcs11/src/backend/events.rs @@ -36,12 +36,9 @@ pub fn update_slot_state(slot_id: CK_SLOT_ID, present: bool) { pub fn fetch_slots_state() { for (index, slot) in DEVICE.slots.iter().enumerate() { - let mut login_ctx = LoginCtx::new(None, None, slot.instances.clone()); + let mut login_ctx = LoginCtx::new(None, None, slot.instances.clone(), slot.retries); let status = login_ctx - .try_( - |conf| default_api::health_state_get(&conf), - super::login::UserMode::Guest, - ) + .try_(default_api::health_state_get, super::login::UserMode::Guest) .map(|state| state.entity.state == SystemState::Operational) .unwrap_or(false); diff --git a/pkcs11/src/backend/key.rs b/pkcs11/src/backend/key.rs index 6a35b37a..0ebbd915 100644 --- a/pkcs11/src/backend/key.rs +++ b/pkcs11/src/backend/key.rs @@ -185,7 +185,7 @@ fn upload_certificate( let key_id = id.as_str(); login_ctx.try_( - |api_config| default_api::keys_key_id_cert_put(&api_config, key_id, body.into_bytes()), + |api_config| default_api::keys_key_id_cert_put(api_config, key_id, body.into_bytes()), login::UserMode::Administrator, )?; @@ -324,7 +324,7 @@ pub fn create_key_from_template( if let Err(err) = login_ctx.try_( |api_config| { default_api::keys_key_id_put( - &api_config, + api_config, key_id, default_api::KeysKeyIdPutBody::ApplicationJson(private_key), ) @@ -339,7 +339,7 @@ pub fn create_key_from_template( let resp = login_ctx.try_( |api_config| { default_api::keys_post( - &api_config, + api_config, default_api::KeysPostBody::ApplicationJson(private_key), ) }, @@ -439,7 +439,7 @@ pub fn generate_key_from_template( let id = login_ctx.try_( |api_config| { default_api::keys_generate_post( - &api_config, + api_config, KeyGenerateRequestData { mechanisms: api_mechs, r#type: key_type, @@ -471,7 +471,7 @@ pub fn fetch_key( } let key_data = match login_ctx.try_( - |api_config| default_api::keys_key_id_get(&api_config, key_id), + |api_config| default_api::keys_key_id_get(api_config, key_id), super::login::UserMode::OperatorOrAdministrator, ) { Ok(key_data) => key_data.entity, @@ -514,7 +514,7 @@ pub fn fetch_certificate( } let cert_data = login_ctx.try_( - |api_config| default_api::keys_key_id_cert_get(&api_config, key_id), + |api_config| default_api::keys_key_id_cert_get(api_config, key_id), super::login::UserMode::OperatorOrAdministrator, )?; diff --git a/pkcs11/src/backend/login.rs b/pkcs11/src/backend/login.rs index 386fb5ea..9b35222a 100644 --- a/pkcs11/src/backend/login.rs +++ b/pkcs11/src/backend/login.rs @@ -3,14 +3,15 @@ use cryptoki_sys::{ CKR_USER_TYPE_INVALID, CKS_RO_PUBLIC_SESSION, CKS_RW_SO_FUNCTIONS, CKS_RW_USER_FUNCTIONS, CKU_CONTEXT_SPECIFIC, CKU_SO, CKU_USER, CK_RV, CK_STATE, CK_USER_TYPE, }; -use log::{debug, error, trace}; +use log::{debug, error, trace, warn}; use nethsm_sdk_rs::{ apis::{self, configuration::Configuration, default_api, ResponseContent}, models::UserRole, + ureq, }; -use std::fmt::Debug; +use std::{thread, time::Duration}; -use crate::config::config_file::UserConfig; +use crate::config::config_file::{RetryConfig, UserConfig}; use super::{ApiError, Error}; @@ -21,6 +22,7 @@ pub struct LoginCtx { instances: Vec, index: usize, ck_state: CK_STATE, + retries: Option, } #[derive(Debug, Clone)] @@ -64,6 +66,7 @@ impl LoginCtx { operator: Option, administrator: Option, instances: Vec, + retries: Option, ) -> Self { let mut ck_state = CKS_RO_PUBLIC_SESSION; @@ -81,6 +84,7 @@ impl LoginCtx { operator, administrator, instances, + retries, index: 0, ck_state, } @@ -190,7 +194,7 @@ impl LoginCtx { // Try to run the api call on each instance until one succeeds pub fn try_(&mut self, api_call: F, user_mode: UserMode) -> Result where - F: FnOnce(Configuration) -> Result> + Clone, + F: FnOnce(&Configuration) -> Result> + Clone, { // we loop for a maximum of instances.len() times for _ in 0..self.instances.len() { @@ -199,19 +203,48 @@ impl LoginCtx { None => continue, }; - let api_call_clone = api_call.clone(); - match api_call_clone(conf) { - Ok(result) => return Ok(result), - - // If the server is in an unusable state, try the next one - Err(apis::Error::ResponseError(ResponseContent { status: 500, .. })) - | Err(apis::Error::ResponseError(ResponseContent { status: 501, .. })) - | Err(apis::Error::ResponseError(ResponseContent { status: 502, .. })) - | Err(apis::Error::ResponseError(ResponseContent { status: 503, .. })) - | Err(apis::Error::ResponseError(ResponseContent { status: 412, .. })) => continue, - - // Otherwise, return the error - Err(err) => return Err(err.into()), + let mut retry_count = 0; + let RetryConfig { + count: retry_limit, + delay_seconds, + } = self.retries.unwrap_or(RetryConfig { + count: 1, + delay_seconds: 0, + }); + + let delay = Duration::from_secs(delay_seconds); + + loop { + retry_count += 1; + let api_call_clone = api_call.clone(); + match api_call_clone(&conf) { + Ok(result) => return Ok(result), + + // If the server is in an unusable state, skip retries and try the next one + Err(apis::Error::ResponseError(ResponseContent { status: 500, .. })) + | Err(apis::Error::ResponseError(ResponseContent { status: 501, .. })) + | Err(apis::Error::ResponseError(ResponseContent { status: 502, .. })) + | Err(apis::Error::ResponseError(ResponseContent { status: 503, .. })) + | Err(apis::Error::ResponseError(ResponseContent { status: 412, .. })) => break, + + // If the connection to the server failed with a network error, reconnecting might solve the issue + Err(apis::Error::Ureq(ureq::Error::Transport(err))) + if matches!( + err.kind(), + ureq::ErrorKind::Io | ureq::ErrorKind::ConnectionFailed + ) => + { + if retry_count == retry_limit { + error!("Retry count exceeded, instance is unreachable: {err}"); + return Err(ApiError::InstanceRemoved); + } + + warn!("IO error connecting to the instance, {err}, retrying in {delay_seconds}s"); + thread::sleep(delay); + } + // Otherwise, return the error + Err(err) => return Err(err.into()), + } } } Err(ApiError::NoInstance) @@ -244,7 +277,7 @@ impl LoginCtx { match self.try_( |config| { default_api::users_user_id_passphrase_post( - &config, + config, &options.0, nethsm_sdk_rs::models::UserPassphrasePostData { passphrase: pin }, ) diff --git a/pkcs11/src/backend/mod.rs b/pkcs11/src/backend/mod.rs index 39725a54..0275ff54 100644 --- a/pkcs11/src/backend/mod.rs +++ b/pkcs11/src/backend/mod.rs @@ -7,9 +7,10 @@ use self::{ }; use cryptoki_sys::{ CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_VALUE_INVALID, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE, - CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_ENCRYPTED_DATA_LEN_RANGE, CKR_KEY_HANDLE_INVALID, - CKR_MECHANISM_INVALID, CKR_OPERATION_ACTIVE, CKR_OPERATION_NOT_INITIALIZED, - CKR_TOKEN_NOT_PRESENT, CKR_USER_NOT_LOGGED_IN, CK_ATTRIBUTE_TYPE, CK_OBJECT_HANDLE, CK_RV, + CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_ENCRYPTED_DATA_LEN_RANGE, + CKR_KEY_HANDLE_INVALID, CKR_MECHANISM_INVALID, CKR_OPERATION_ACTIVE, + CKR_OPERATION_NOT_INITIALIZED, CKR_TOKEN_NOT_PRESENT, CKR_USER_NOT_LOGGED_IN, + CK_ATTRIBUTE_TYPE, CK_OBJECT_HANDLE, CK_RV, }; use log::error; use nethsm_sdk_rs::apis; @@ -38,6 +39,7 @@ pub enum ApiError { Serde(serde_json::Error), Io(std::io::Error), ResponseError(ResponseContent), + InstanceRemoved, NoInstance, StringParse(std::string::FromUtf8Error), } @@ -51,7 +53,7 @@ impl From> for ApiError { apis::Error::ResponseError(resp) => ApiError::ResponseError(ResponseContent { status: resp.status, content: String::from_utf8(resp.content).unwrap_or_else(|e| { - format!( + error!( "Unable to parse response content into string: {:?}", e.as_bytes() ); @@ -153,6 +155,7 @@ impl From for CK_RV { _ => CKR_DEVICE_ERROR, }, ApiError::StringParse(_) => CKR_DEVICE_ERROR, + ApiError::InstanceRemoved => CKR_DEVICE_REMOVED, }, } } @@ -205,6 +208,7 @@ impl std::fmt::Display for Error { _ => format!("Api error: {:?}", resp), }, ApiError::StringParse(err) => format!("String parse error: {:?}", err), + ApiError::InstanceRemoved => "Failed to connect to instance".to_string(), }, Error::Base64(err) => format!("Base64 Decode error: {:?}", err), Error::StringParse(err) => format!("String parse error: {:?}", err), diff --git a/pkcs11/src/backend/session.rs b/pkcs11/src/backend/session.rs index a240611a..9d6074ce 100644 --- a/pkcs11/src/backend/session.rs +++ b/pkcs11/src/backend/session.rs @@ -95,6 +95,7 @@ impl SessionManager { 0, Arc::new(Slot { administrator: None, + retries: None, db: Arc::new(Mutex::new(Db::new())), description: None, instances: vec![], @@ -125,6 +126,7 @@ impl Session { slot.operator.clone(), slot.administrator.clone(), slot.instances.clone(), + slot.retries, ); Self { @@ -513,7 +515,7 @@ impl Session { let keys = self .login_ctx .try_( - |api_config| default_api::keys_get(&api_config, None), + |api_config| default_api::keys_get(api_config, None), super::login::UserMode::OperatorOrAdministrator, )? .entity; @@ -617,13 +619,13 @@ impl Session { match key.kind { ObjectKind::Certificate => { self.login_ctx.try_( - |api_config| default_api::keys_key_id_cert_delete(&api_config, &key.id), + |api_config| default_api::keys_key_id_cert_delete(api_config, &key.id), crate::backend::login::UserMode::Administrator, )?; } ObjectKind::SecretKey | ObjectKind::PrivateKey => { self.login_ctx.try_( - |api_config| default_api::keys_key_id_delete(&api_config, &key.id), + |api_config| default_api::keys_key_id_delete(api_config, &key.id), crate::backend::login::UserMode::Administrator, )?; } diff --git a/pkcs11/src/backend/sign.rs b/pkcs11/src/backend/sign.rs index 09e296db..6bfb92d7 100644 --- a/pkcs11/src/backend/sign.rs +++ b/pkcs11/src/backend/sign.rs @@ -110,7 +110,7 @@ impl SignCtx { let signature = login_ctx.try_( |conf| { default_api::keys_key_id_sign_post( - &conf, + conf, &self.key.id.clone(), nethsm_sdk_rs::models::SignRequestData { mode, diff --git a/pkcs11/src/config/config_file.rs b/pkcs11/src/config/config_file.rs index 8793c572..3aa013fe 100644 --- a/pkcs11/src/config/config_file.rs +++ b/pkcs11/src/config/config_file.rs @@ -87,6 +87,12 @@ pub struct P11Config { pub slots: Vec, } +#[derive(Debug, Clone, Copy, Serialize, Deserialize)] +pub struct RetryConfig { + pub count: u32, + pub delay_seconds: u64, +} + #[derive(Debug, Clone, Serialize, Deserialize)] pub struct InstanceConfig { pub url: String, @@ -103,6 +109,10 @@ pub struct SlotConfig { pub administrator: Option, pub description: Option, pub instances: Vec, + #[serde(default)] + pub retries: Option, + #[serde(default)] + pub timeout_seconds: Option, } // An user diff --git a/pkcs11/src/config/device.rs b/pkcs11/src/config/device.rs index 0c2b3048..977d073d 100644 --- a/pkcs11/src/config/device.rs +++ b/pkcs11/src/config/device.rs @@ -4,7 +4,7 @@ use nethsm_sdk_rs::apis::configuration::Configuration; use crate::backend::db::Db; -use super::config_file::UserConfig; +use super::config_file::{RetryConfig, UserConfig}; // stores the global configuration of the module #[derive(Debug, Clone)] @@ -22,6 +22,7 @@ pub struct ClusterInstance { #[derive(Debug, Clone)] pub struct Slot { pub label: String, + pub retries: Option, pub description: Option, pub instances: Vec, pub operator: Option, diff --git a/pkcs11/src/config/initialization.rs b/pkcs11/src/config/initialization.rs index 3d828218..b64f53e7 100644 --- a/pkcs11/src/config/initialization.rs +++ b/pkcs11/src/config/initialization.rs @@ -1,4 +1,7 @@ -use std::sync::{Arc, Mutex}; +use std::{ + sync::{Arc, Mutex}, + time::Duration, +}; use super::{ config_file::SlotConfig, @@ -117,11 +120,16 @@ fn slot_from_config(slot: &SlotConfig) -> Result { tls_conf.with_root_certificates(roots).with_no_client_auth() }; - let agent = ureq::AgentBuilder::new() + let mut builder = ureq::AgentBuilder::new() .tls_config(Arc::new(tls_conf)) .max_idle_connections(2) - .max_idle_connections_per_host(2) - .build(); + .max_idle_connections_per_host(2); + + if let Some(t) = slot.timeout_seconds { + builder = builder.timeout(Duration::from_secs(t)); + } + + let agent = builder.build(); let api_config = nethsm_sdk_rs::apis::configuration::Configuration { client: agent, @@ -139,6 +147,7 @@ fn slot_from_config(slot: &SlotConfig) -> Result { instances, administrator: slot.administrator.clone(), operator: slot.operator.clone(), + retries: slot.retries, db: Arc::new(Mutex::new(crate::backend::db::Db::new())), }) }