Merge pull request #5555 from oasisprotocol/peternose/internal/enclav…

…e-rpc-ctx

runtime/src/enclave_rpc: Simplify RPC context

.changelog/5555.internal.md

@@ -0,0 +1,6 @@
+runtime/src/enclave_rpc: Simplify RPC context
+
+The RPC context now contains only essential data for secure RPC methods.
+Identity, consensus verifier, and storage have been removed and are now
+available to methods responsible for master and ephemeral secrets after
+initialization.

keymanager/src/runtime/init.rs

@@ -1,24 +1,11 @@
 use oasis_core_runtime::{
     dispatcher::{Initializer, PostInitState, PreInitState},
-    enclave_rpc::{
-        dispatcher::{Method as RpcMethod, MethodDescriptor as RpcMethodDescriptor},
-        types::Kind as RpcKind,
-        Context as RpcContext,
-    },
+    enclave_rpc::dispatcher::Handler,
 };
 
-use crate::{
-    api::{
-        LOCAL_METHOD_GENERATE_EPHEMERAL_SECRET, LOCAL_METHOD_GENERATE_MASTER_SECRET,
-        LOCAL_METHOD_INIT, LOCAL_METHOD_LOAD_EPHEMERAL_SECRET, LOCAL_METHOD_LOAD_MASTER_SECRET,
-        METHOD_GET_OR_CREATE_EPHEMERAL_KEYS, METHOD_GET_OR_CREATE_KEYS,
-        METHOD_GET_PUBLIC_EPHEMERAL_KEY, METHOD_GET_PUBLIC_KEY, METHOD_REPLICATE_EPHEMERAL_SECRET,
-        METHOD_REPLICATE_MASTER_SECRET,
-    },
-    policy::{set_trusted_policy_signers, TrustedPolicySigners},
-};
+use crate::policy::{set_trusted_policy_signers, TrustedPolicySigners};
 
-use super::{context, methods};
+use super::secrets::Secrets;
 
 /// Initialize a keymanager with trusted policy signers.
 pub fn new_keymanager(signers: TrustedPolicySigners) -> Box<dyn Initializer> {
@@ -27,97 +14,13 @@ pub fn new_keymanager(signers: TrustedPolicySigners) -> Box<dyn Initializer> {
         // Initialize the set of trusted policy signers.
         set_trusted_policy_signers(signers.clone());
 
-        // Register RPC methods exposed via EnclaveRPC to remote clients.
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: METHOD_GET_OR_CREATE_KEYS.to_string(),
-                kind: RpcKind::NoiseSession,
-            },
-            methods::get_or_create_keys,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: METHOD_GET_PUBLIC_KEY.to_string(),
-                kind: RpcKind::InsecureQuery,
-            },
-            methods::get_public_key,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: METHOD_GET_OR_CREATE_EPHEMERAL_KEYS.to_string(),
-                kind: RpcKind::NoiseSession,
-            },
-            methods::get_or_create_ephemeral_keys,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: METHOD_GET_PUBLIC_EPHEMERAL_KEY.to_string(),
-                kind: RpcKind::InsecureQuery,
-            },
-            methods::get_public_ephemeral_key,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: METHOD_REPLICATE_MASTER_SECRET.to_string(),
-                kind: RpcKind::NoiseSession,
-            },
-            methods::replicate_master_secret,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: METHOD_REPLICATE_EPHEMERAL_SECRET.to_string(),
-                kind: RpcKind::NoiseSession,
-            },
-            methods::replicate_ephemeral_secret,
-        ));
-
-        // Register local methods, for use by the node key manager component.
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: LOCAL_METHOD_INIT.to_string(),
-                kind: RpcKind::LocalQuery,
-            },
-            methods::init_kdf,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: LOCAL_METHOD_GENERATE_MASTER_SECRET.to_string(),
-                kind: RpcKind::LocalQuery,
-            },
-            methods::generate_master_secret,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: LOCAL_METHOD_GENERATE_EPHEMERAL_SECRET.to_string(),
-                kind: RpcKind::LocalQuery,
-            },
-            methods::generate_ephemeral_secret,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: LOCAL_METHOD_LOAD_MASTER_SECRET.to_string(),
-                kind: RpcKind::LocalQuery,
-            },
-            methods::load_master_secret,
-        ));
-        state.rpc_dispatcher.add_method(RpcMethod::new(
-            RpcMethodDescriptor {
-                name: LOCAL_METHOD_LOAD_EPHEMERAL_SECRET.to_string(),
-                kind: RpcKind::LocalQuery,
-            },
-            methods::load_ephemeral_secret,
-        ));
+        let secrets = Box::leak(Box::new(Secrets::new(
+            state.identity.clone(),
+            state.consensus_verifier.clone(),
+            state.protocol.clone(),
+        )));
 
-        let runtime_id = state.protocol.get_runtime_id();
-        let protocol = state.protocol.clone(); // Shut up the borrow checker.
-        state
-            .rpc_dispatcher
-            .set_context_initializer(move |ctx: &mut RpcContext| {
-                ctx.runtime = Box::new(context::Context {
-                    runtime_id,
-                    protocol: protocol.clone(),
-                })
-            });
+        state.rpc_dispatcher.add_methods(secrets.methods());
 
         // No transaction dispatcher.
         PostInitState::default()