Use Redpoint.LibHydrogen for optional encryption of traffic in Redpoint.GrpcPipes.Transport.Tcp
We need to:
- Create a derived class of
ChannelCredentials
calledHydrogenPublicCredentials
which accepts a public key that we expect to get fromINetworkAutoDiscovery
. - Add a parameter to
CreateNetworkServer
that allows passing in some kind of transport security value (maybe justChannelCredentials
which can beHydrogenPrivateCredentials
?) - Actually pass the gRPC options into the
TcpGrpcClientCall
andTcpGrpcServerCall
instances, which then need to pass the credential intoTcpGrpcTransportConnection
. - Likely have
TcpGrpcTransportConnection
handle the libhydrogen negotiation and encryption directly (rather than wrapping it), since it's dependent onNetworkStream
underneath and accepts an endpoint for connection. Probably just make a private method that wraps the_networkStream.WriteAsync
and_networkStream.ReadExactlyAsync
calls to encrypt/decrypt when needed.
This solves the encryption layer.
We also want to then support basic password authentication for clients to authenticate to servers. We'd want to be able to specify this by using CallCredentials.Compose(new HydrogenPublicCredentials(...), new PasswordCredentials(...))
. To get the composed credentials out, we need to have a class that implements CallCredentialsConfiguratorBase
and call InternalPopulateConfiguration
to get the composite credentials out when we're setting up the server and client.
While the encryption negotiation won't go through Protobuf serialization, we probably do want to add AuthPasswordProvide = 7;
, AuthAccept = 8;
and AuthReject = 9;
as message types and have the password negotiation done after encryption is established. It should be an exception to only provide PasswordCredentials
as the call credentials without Hydrogen...Credentials
also being provided.