adding local cache for certificates.

Rafał Maciąg · Rafał Maciąg · commit c5b940d9d1ac · 2024-05-15T16:36:54.000+02:00
diff --git a/src/MicroPlumberd.Encryption/CertManager.cs b/src/MicroPlumberd.Encryption/CertManager.cs
@@ -18,13 +18,16 @@ public class CertificateNotFoundException : Exception
     public string Recipient { get; init; }
 }
 
-class CertManagerInitializer(ICertManager cm) : BackgroundService
+class CertManagerInitializer(ICertManager cm, IPlumber plumber) : BackgroundService
 {
     protected override async Task ExecuteAsync(CancellationToken stoppingToken)
     {
         await cm.Init();
+        await plumber.Subscribe("$et-PublicCertificateSnapShotted", FromRelativeStreamPosition.Start)
+            .WithSnapshotHandler<PubCertEventHandler>();
     }
 }
+
 class CertManager(IPlumber plumber, IConfiguration configuration) : ICertManager
 {
     private ConcurrentDictionary<string, X509Certificate2> _private = new();
@@ -34,19 +37,16 @@ public X509Certificate2 Get(string recipient)
         return _public.GetOrAdd(recipient, r =>
         {
             var certDir = configuration.GetValue<string>("CertsPath") ?? "./certs";
-            var file = Path.Combine(certDir, r + ".pfx");
+            
             if (!Directory.Exists(certDir))
                 Directory.CreateDirectory(certDir);
+            var file = Path.Combine(certDir, $"{r}.cer");
             if (File.Exists(file))
                 return new X509Certificate2(file);
-            else
-            {
-                var result = plumber.GetState<PublicCertificate>(recipient).Result;
-                if (result == null)
-                    throw new CertificateNotFoundException() { Recipient = recipient };
-
-                return new X509Certificate2(result.Value.Data);
-            }
+            file = Path.Combine(certDir, $"{r}.pfx");
+            if (File.Exists(file))
+                return new X509Certificate2(file);
+            throw new CertificateNotFoundException() { Recipient = recipient};
         });
     }
 
@@ -78,6 +78,7 @@ public async Task Init()
             PublicCertificate pc = new PublicCertificate() { Data = pubCer };
             await plumber.AppendState(pc, r);
         }
+
     }
     public X509Certificate2 GetPrivate(string recipient)
     {
diff --git a/src/MicroPlumberd.Encryption/ContainerExtensions.cs b/src/MicroPlumberd.Encryption/ContainerExtensions.cs
@@ -10,6 +10,7 @@ public static IServiceCollection AddEncryption(this IServiceCollection services)
         services.AddHostedService<CertManagerInitializer>();
         services.TryAddSingleton<IEncryptor, Encryptor>();
         services.TryAddSingleton<ICertManager, CertManager>();
+        services.AddSingleton<PubCertEventHandler>();
         return services;
     }
     public static IPlumberConfig EnableEncryption(this IPlumberConfig services)
diff --git a/src/MicroPlumberd.Encryption/PubCertCacheModel.cs b/src/MicroPlumberd.Encryption/PubCertCacheModel.cs
@@ -0,0 +1,39 @@
+﻿using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+
+namespace MicroPlumberd.Encryption;
+
+
+class PubCertEventHandler(IConfiguration configuration, ILogger<PubCertEventHandler> log) : IEventHandler, ITypeRegister
+{
+    Task IEventHandler.Handle(Metadata m, object ev) => Given(m, ev);
+    public async Task Given(Metadata m, object ev)
+    {
+        switch (ev)
+        {
+            case PublicCertificate e: await Given(m, e); break;
+            default:
+                throw new ArgumentException("Unknown event type", ev.GetType().Name);
+        }
+    }
+    static IEnumerable<Type> ITypeRegister.Types => [typeof(PublicCertificate)];
+
+    public async Task Given(Metadata m, PublicCertificate cert)
+    {
+        var certDir = configuration.GetValue<string>("CertsPath") ?? "./certs";
+        var recipient = m.SourceStreamId.Substring(m.SourceStreamId.IndexOf('-')+1);
+        var file = Path.Combine(certDir, $"{recipient}.cer");
+        if (!Directory.Exists(certDir))
+            Directory.CreateDirectory(certDir);
+        try
+        {
+            if(!File.Exists(file))
+                log.LogInformation("Persisting new public certificate: " + recipient);
+            await File.WriteAllBytesAsync(file, cert.Data);
+        }
+        catch (Exception ex)
+        {
+            log.LogWarning(ex,"Could not save public certificate.");
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -18,13 +18,16 @@ public class CertificateNotFoundException : Exception`
`18`	`18`	`public string Recipient { get; init; }`
`19`	`19`	`}`
`20`	`20`
`21`		`-class CertManagerInitializer(ICertManager cm) : BackgroundService`
	`21`	`+class CertManagerInitializer(ICertManager cm, IPlumber plumber) : BackgroundService`
`22`	`22`	`{`
`23`	`23`	`protected override async Task ExecuteAsync(CancellationToken stoppingToken)`
`24`	`24`	`{`
`25`	`25`	`await cm.Init();`
	`26`	`+ await plumber.Subscribe("$et-PublicCertificateSnapShotted", FromRelativeStreamPosition.Start)`
	`27`	`+ .WithSnapshotHandler<PubCertEventHandler>();`
`26`	`28`	`}`
`27`	`29`	`}`
	`30`	`+`
`28`	`31`	`class CertManager(IPlumber plumber, IConfiguration configuration) : ICertManager`
`29`	`32`	`{`
`30`	`33`	`private ConcurrentDictionary<string, X509Certificate2> _private = new();`
`@@ -34,19 +37,16 @@ public X509Certificate2 Get(string recipient)`
`34`	`37`	`return _public.GetOrAdd(recipient, r =>`
`35`	`38`	`{`
`36`	`39`	`var certDir = configuration.GetValue<string>("CertsPath") ?? "./certs";`
`37`		`- var file = Path.Combine(certDir, r + ".pfx");`
	`40`	`+`
`38`	`41`	`if (!Directory.Exists(certDir))`
`39`	`42`	`Directory.CreateDirectory(certDir);`
	`43`	`+ var file = Path.Combine(certDir, $"{r}.cer");`
`40`	`44`	`if (File.Exists(file))`
`41`	`45`	`return new X509Certificate2(file);`
`42`		`- else`
`43`		`- {`
`44`		`- var result = plumber.GetState<PublicCertificate>(recipient).Result;`
`45`		`- if (result == null)`
`46`		`- throw new CertificateNotFoundException() { Recipient = recipient };`
`47`		`-`
`48`		`- return new X509Certificate2(result.Value.Data);`
`49`		`- }`
	`46`	`+ file = Path.Combine(certDir, $"{r}.pfx");`
	`47`	`+ if (File.Exists(file))`
	`48`	`+ return new X509Certificate2(file);`
	`49`	`+ throw new CertificateNotFoundException() { Recipient = recipient};`
`50`	`50`	`});`
`51`	`51`	`}`
`52`	`52`
`@@ -78,6 +78,7 @@ public async Task Init()`
`78`	`78`	`PublicCertificate pc = new PublicCertificate() { Data = pubCer };`
`79`	`79`	`await plumber.AppendState(pc, r);`
`80`	`80`	`}`
	`81`	`+`
`81`	`82`	`}`
`82`	`83`	`public X509Certificate2 GetPrivate(string recipient)`
`83`	`84`	`{`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ public static IServiceCollection AddEncryption(this IServiceCollection services)`
`10`	`10`	`services.AddHostedService<CertManagerInitializer>();`
`11`	`11`	`services.TryAddSingleton<IEncryptor, Encryptor>();`
`12`	`12`	`services.TryAddSingleton<ICertManager, CertManager>();`
	`13`	`+ services.AddSingleton<PubCertEventHandler>();`
`13`	`14`	`return services;`
`14`	`15`	`}`
`15`	`16`	`public static IPlumberConfig EnableEncryption(this IPlumberConfig services)`