diff --git a/Cargo.lock b/Cargo.lock index 08bb94ffb..fd649ae5f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -627,6 +627,15 @@ dependencies = [ "cfg-if 1.0.0", ] +[[package]] +name = "crypto" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf1e6e5492f8f0830c37f301f6349e0dac8b2466e4fe89eef90e9eef906cd046" +dependencies = [ + "crypto-common", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -1045,10 +1054,12 @@ dependencies = [ "mockall", "pin-project 1.1.3", "prost 0.11.9", + "prost-derive 0.11.9", "rand 0.8.5", "rcgen", "reqwest", "ring 0.16.20", + "runeauth", "rustls-pemfile", "secp256k1 0.26.0", "serde", @@ -2591,6 +2602,22 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "runeauth" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b8cf56aa3c9bcafc184853e8b356df61728a6f41da65fe2f0cc9e2a3f9f2318" +dependencies = [ + "anyhow", + "base64 0.21.5", + "crypto", + "env_logger 0.10.1", + "hex", + "indexmap 2.1.0", + "sha2", + "thiserror", +] + [[package]] name = "rustc-demangle" version = "0.1.23" diff --git a/libs/gl-client/Cargo.toml b/libs/gl-client/Cargo.toml index 613ae9312..da9509f3e 100644 --- a/libs/gl-client/Cargo.toml +++ b/libs/gl-client/Cargo.toml @@ -30,6 +30,7 @@ prost = "0.11" prost-derive = "0.11" reqwest = {version="^0.11", features=["json", "rustls-tls-native-roots"], default-features = false} ring = "~0.16.20" +runeauth = "0.1" rustls-pemfile = "1.0.3" sha256 = "1.1.4" tokio = { version = "1", features = ["full"] } @@ -48,7 +49,6 @@ serde_json = "^1.0" thiserror = "1" cln-grpc = { workspace = true } chacha20poly1305 = { version = "0.10.1", optional = true } -futhark = { git = "https://github.com/nepet/futhark.git", branch = "main"} serde_bolt = "0.2" secp256k1 = { version = "0.26.0", optional = true } diff --git a/libs/gl-client/src/node/mod.rs b/libs/gl-client/src/node/mod.rs index 51b80fb41..df2567ee6 100644 --- a/libs/gl-client/src/node/mod.rs +++ b/libs/gl-client/src/node/mod.rs @@ -66,14 +66,14 @@ impl NodeBuilder { self } - /// Sets a `futhark::Rune` for the `Node`. Overrides a `futhark::Rune` that + /// Sets a `runeauth::Rune` for the `Node`. Overrides a `runeauth::Rune` that /// is extracted from the auth blob via `with_auth`. pub fn with_rune(mut self, rune: &str) -> Self { self.rune = rune.to_string(); self } - /// Use the auth blob to create the `TlsConfig` and the `futhark::Rune` for + /// Use the auth blob to create the `TlsConfig` and the `runeauth::Rune` for /// the `Node`. Will be overridden by `with_rune()` and `with_tls`. pub fn with_auth(mut self, auth: &[u8]) -> Result { let blob = serialize::AuthBlob::deserialize(&auth[..])?; diff --git a/libs/gl-client/src/scheduler.rs b/libs/gl-client/src/scheduler.rs index d4c5c68fb..638e9cc32 100644 --- a/libs/gl-client/src/scheduler.rs +++ b/libs/gl-client/src/scheduler.rs @@ -135,9 +135,9 @@ impl Scheduler { // Create a new rune for the tls certs public key and append it to the // grpc response. Restricts the rune to the public key used for mTLS // authentication. - let alt = futhark::Alternative::new( + let alt = runeauth::Alternative::new( "pubkey".to_string(), - futhark::Condition::Equal, + runeauth::Condition::Equal, hex::encode(public_key), false, )?; @@ -210,9 +210,9 @@ impl Scheduler { // Create a new rune for the tls certs public key and append it to the // grpc response. Restricts the rune to the public key used for mTLS // authentication. - let alt = futhark::Alternative::new( + let alt = runeauth::Alternative::new( "pubkey".to_string(), - futhark::Condition::Equal, + runeauth::Condition::Equal, hex::encode(public_key), false, )?; diff --git a/libs/gl-client/src/signer/mod.rs b/libs/gl-client/src/signer/mod.rs index 1f5c95a6a..f677e2a34 100644 --- a/libs/gl-client/src/signer/mod.rs +++ b/libs/gl-client/src/signer/mod.rs @@ -10,7 +10,6 @@ use anyhow::anyhow; use base64::engine::general_purpose; use base64::Engine; use bytes::BufMut; -use futhark::{Restriction, Rune}; use http::uri::InvalidUri; use lightning_signer::bitcoin::hashes::Hash; use lightning_signer::bitcoin::secp256k1::PublicKey; @@ -19,6 +18,7 @@ use lightning_signer::node::NodeServices; use lightning_signer::policy::filter::FilterRule; use lightning_signer::util::crypto_utils; use log::{debug, info, trace, warn}; +use runeauth::{Condition, MapChecker, Restriction, Rune, RuneError}; use std::collections::HashMap; use std::convert::TryFrom; use std::convert::TryInto; @@ -326,7 +326,7 @@ impl Signer { match self .master_rune - .check_with_reason(&rune64, futhark::MapChecker { map: checks }) + .check_with_reason(&rune64, MapChecker { map: checks }) { Ok(_) => Ok(()), Err(e) => Err(e.into()), @@ -864,7 +864,7 @@ impl Signer { let joined = alts.join("|"); Restriction::try_from(joined.as_str()) }) - .collect::, futhark::RuneError>>()?; + .collect::, RuneError>>()?; // New rune, we need a unique id. // FIXME: Add a counter that persists in SSS. @@ -872,9 +872,9 @@ impl Signer { // Check that at least one restriction has a `pubkey` field set. let has_pubkey_field = res.iter().any(|r: &Restriction| { - r.alternatives.iter().any(|a| { - a.get_field() == *"pubkey" && a.get_condition() == futhark::Condition::Equal - }) + r.alternatives + .iter() + .any(|a| a.get_field() == *"pubkey" && a.get_condition() == Condition::Equal) }); if !has_pubkey_field { return Err(anyhow!("Missing a restriction on the pubkey"));