pmetal_distributed/
identity.rs

1//! Persistent node identity management.
2//!
3//! Each node in the cluster has a unique, persistent identity based on an
4//! Ed25519 keypair. The keypair is stored at `~/.pmetal/node_keypair` and
5//! loaded on startup (or generated if not present).
6//!
7//! This design ensures:
8//! - Consistent node identification across restarts
9//! - Cryptographic verification of peer identity
10//! - Compatibility with libp2p's PeerId system
11
12use crate::error::DistributedError;
13use anyhow::Result;
14use libp2p::PeerId;
15use libp2p::identity::{Keypair, ed25519};
16use std::fs::{self, File};
17use std::io::{Read, Write};
18use std::path::PathBuf;
19use tracing::{debug, info};
20
21/// Default directory name for pmetal data.
22const PMETAL_DIR: &str = ".pmetal";
23
24/// Filename for the node keypair.
25const KEYPAIR_FILE: &str = "node_keypair";
26
27/// Node identity containing the keypair and derived PeerId.
28#[derive(Clone)]
29pub struct NodeIdentity {
30    /// The Ed25519 keypair for this node.
31    keypair: Keypair,
32    /// The PeerId derived from the public key.
33    peer_id: PeerId,
34}
35
36impl NodeIdentity {
37    /// Load or generate a persistent node identity.
38    ///
39    /// The keypair is stored at `~/.pmetal/node_keypair`.
40    /// If the file doesn't exist, a new keypair is generated and saved.
41    pub fn load_or_generate() -> Result<Self> {
42        let keypair_path = Self::keypair_path()?;
43
44        let keypair = if keypair_path.exists() {
45            Self::load_keypair(&keypair_path)?
46        } else {
47            let kp = Self::generate_and_save(&keypair_path)?;
48            info!("Generated new node identity");
49            kp
50        };
51
52        let peer_id = PeerId::from(keypair.public());
53        info!("Node identity: {}", peer_id);
54
55        Ok(Self { keypair, peer_id })
56    }
57
58    /// Generate a new ephemeral identity (for testing).
59    pub fn ephemeral() -> Self {
60        let keypair = Keypair::generate_ed25519();
61        let peer_id = PeerId::from(keypair.public());
62        debug!("Generated ephemeral identity: {}", peer_id);
63        Self { keypair, peer_id }
64    }
65
66    /// Get the keypair.
67    pub fn keypair(&self) -> &Keypair {
68        &self.keypair
69    }
70
71    /// Get the PeerId.
72    pub fn peer_id(&self) -> &PeerId {
73        &self.peer_id
74    }
75
76    /// Get the PeerId as a base58 string.
77    pub fn peer_id_string(&self) -> String {
78        self.peer_id.to_base58()
79    }
80
81    /// Get the path to the keypair file.
82    fn keypair_path() -> Result<PathBuf> {
83        let home = dirs::home_dir()
84            .ok_or_else(|| DistributedError::Config("Cannot determine home directory".into()))?;
85
86        let pmetal_dir = home.join(PMETAL_DIR);
87        if !pmetal_dir.exists() {
88            fs::create_dir_all(&pmetal_dir).map_err(|e| {
89                DistributedError::Config(format!(
90                    "Failed to create {}: {}",
91                    pmetal_dir.display(),
92                    e
93                ))
94            })?;
95        }
96
97        Ok(pmetal_dir.join(KEYPAIR_FILE))
98    }
99
100    /// Load a keypair from a file.
101    fn load_keypair(path: &PathBuf) -> Result<Keypair> {
102        let mut file = File::open(path)
103            .map_err(|e| DistributedError::Config(format!("Failed to open keypair file: {}", e)))?;
104
105        let mut bytes = Vec::new();
106        file.read_to_end(&mut bytes)
107            .map_err(|e| DistributedError::Config(format!("Failed to read keypair file: {}", e)))?;
108
109        // Decode the Ed25519 secret key (32 bytes)
110        if bytes.len() != 32 {
111            return Err(DistributedError::Config(format!(
112                "Invalid keypair file: expected 32 bytes, got {}",
113                bytes.len()
114            ))
115            .into());
116        }
117
118        let secret = ed25519::SecretKey::try_from_bytes(&mut bytes)
119            .map_err(|e| DistributedError::Config(format!("Invalid Ed25519 secret key: {}", e)))?;
120
121        let keypair = ed25519::Keypair::from(secret);
122        debug!("Loaded keypair from {}", path.display());
123
124        Ok(keypair.into())
125    }
126
127    /// Generate a new keypair and save it to a file.
128    fn generate_and_save(path: &PathBuf) -> Result<Keypair> {
129        // Generate a new Ed25519 keypair using libp2p's internal method
130        let ed25519_keypair = ed25519::Keypair::generate();
131        let keypair: Keypair = ed25519_keypair.clone().into();
132
133        // Get the secret key bytes (32 bytes)
134        let secret = ed25519_keypair.secret();
135        let secret_bytes = secret.as_ref();
136
137        // Write to file with restrictive permissions
138        let mut file = File::create(path).map_err(|e| {
139            DistributedError::Config(format!("Failed to create keypair file: {}", e))
140        })?;
141
142        // Set file permissions to 600 (owner read/write only) on Unix
143        #[cfg(unix)]
144        {
145            use std::os::unix::fs::PermissionsExt;
146            let permissions = fs::Permissions::from_mode(0o600);
147            fs::set_permissions(path, permissions).map_err(|e| {
148                DistributedError::Config(format!("Failed to set keypair permissions: {}", e))
149            })?;
150        }
151
152        file.write_all(secret_bytes)
153            .map_err(|e| DistributedError::Config(format!("Failed to write keypair: {}", e)))?;
154
155        debug!("Saved keypair to {}", path.display());
156        Ok(keypair)
157    }
158}
159
160impl std::fmt::Debug for NodeIdentity {
161    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
162        f.debug_struct("NodeIdentity")
163            .field("peer_id", &self.peer_id.to_base58())
164            .finish()
165    }
166}
167
168#[cfg(test)]
169mod tests {
170    use super::*;
171
172    #[test]
173    fn test_ephemeral_identity() {
174        let id1 = NodeIdentity::ephemeral();
175        let id2 = NodeIdentity::ephemeral();
176
177        // Each ephemeral identity should be unique
178        assert_ne!(id1.peer_id(), id2.peer_id());
179    }
180
181    #[test]
182    fn test_peer_id_string() {
183        let id = NodeIdentity::ephemeral();
184        let s = id.peer_id_string();
185
186        // Base58 encoded PeerId should be a reasonable length
187        assert!(s.len() > 40);
188        assert!(s.len() < 60);
189    }
190}
pmetal_distributed/identity.rs

pmetal_distributed/
identity.rs
