pairing: Add pairing session approval

Adds the approval of the old device. This does not check the signature
and does also not check the restrictions. This soley approves the
pairing request.
This needs a tls cert and a rune to be present as we need these to sign
and attestate the approval.

Signed-off-by: Peter Neuroth <[email protected]>

libs/gl-client-py/glclient/__init__.py

@@ -130,13 +130,17 @@ def pair_device(self, name: str, desc: str, restrs: str) -> Generator[schedpb.Pa
 
 
 class AttestationDevicePairingClient(object):
-    def __init__(self, tls: Optional["TlsConfig"]=None, auth: Optional[bytes]=None, uri: Optional[str]=None):
+    def __init__(self, tls: Optional["TlsConfig"]=None, auth: Optional[bytes]=None, rune: Optional[str]=None, uri: Optional[str]=None):
         tls_arg = tls.inner if tls is not None else None
-        self.inner = native.AttestationDevicePairingClient(tls=tls_arg, auth=auth, uri=uri)
+        self.inner = native.AttestationDevicePairingClient(tls=tls_arg, auth=auth, rune=rune, uri=uri)
 
     def get_pairing_data(self, session_id: str) -> schedpb.GetPairingDataResponse:
         res = self.inner.get_pairing_data(session_id=session_id)
         return schedpb.GetPairingDataResponse.FromString(bytes(res))
+
+    def approve_pairing(self, session_id: str, node_id: bytes, device_name: str, restrs: str):
+        self.inner.approve_pairing(session_id, node_id, device_name, restrs)
+
 
 class Node(object):
     def __init__(self, node_id: bytes, network: str, grpc_uri: str, tls: Optional[TlsConfig] = None, rune: Optional[str] = None, auth: Optional[bytes] = None) -> None:

libs/gl-client-py/glclient/glclient.pyi

@@ -41,8 +41,10 @@ class NewDevicePairingClient:
     def pair_device(self, name: str, desc: str, restrs: str): ...
 
 class AttestationDevicePairingClient:
-    def __init__(self, tls: Optional["TlsConfig"], auth: Optional[bytes], uri: Optional[str]): ...
+    def __init__(self, tls: Optional["TlsConfig"], auth: Optional[bytes], rune: Optional[bytes], uri: Optional[str]): ...
     def get_pairing_data(self, session_id: str) -> bytes: ...
+    def approve_pairing(self, session_id: str, node_id: bytes, device_name: str, restrs: str):...
+
 
 class Node:
     def __init__(

libs/gl-client-py/src/pairing.rs

@@ -70,18 +70,21 @@ impl AttestationDevicePairingClient {
     fn new(
         tls: Option<TlsConfig>,
         auth: Option<&[u8]>,
+        rune: Option<String>,
         uri: Option<String>,
     ) -> Result<Self, PairingError> {
         let inner = exec({
-            let mut builder = attestation_device::Client::builder();
-
-            if let Some(tls) = tls {
-                builder = builder.with_tls(tls.inner);
-            }
-
-            if let Some(auth) = auth {
-                builder = builder.with_auth(auth)?;
-            }
+            let mut builder = if let Some(auth) = auth {
+                attestation_device::Client::builder_from_auth(auth)?
+            } else {
+                let tls = tls.ok_or(PairingError(Error::BuildClientError(
+                    "missing tls key".to_string(),
+                )))?;
+                let rune = rune.ok_or(PairingError(Error::BuildClientError(
+                    "missing rune".to_string(),
+                )))?;
+                attestation_device::Client::builder_from_parts(tls.inner, rune)
+            };
 
             if let Some(uri) = uri {
                 builder = builder.with_uri(uri);
@@ -97,6 +100,20 @@ impl AttestationDevicePairingClient {
             self.inner.get_pairing_data(session_id).await
         }))?)
     }
+
+    fn approve_pairing(
+        &self,
+        session_id: &str,
+        node_id: &[u8],
+        device_name: &str,
+        restrs: &str,
+    ) -> Result<Vec<u8>, PairingError> {
+        Ok(convert(exec(async move {
+            self.inner
+                .approve_pairing(session_id, node_id, device_name, restrs)
+                .await
+        }))?)
+    }
 }
 
 /// A wrapper class to return an iterable from a mpsc channel.