refactor(rust): extract identity as an entity

examples/rust/file_transfer/examples/receiver.rs

@@ -5,10 +5,9 @@ use ockam::access_control::AllowAll;
 use ockam::remote::RemoteForwarderTrustOptions;
 use ockam::{
     errcode::{Kind, Origin},
-    identity::{Identity, TrustEveryonePolicy},
+    identity::TrustEveryonePolicy,
     remote::RemoteForwarder,
-    vault::Vault,
-    Context, Error, Result, Routed, TcpConnectionTrustOptions, TcpTransport, Worker,
+    services, Context, Error, Result, Routed, TcpConnectionTrustOptions, TcpTransport, Worker,
 };
 use tokio::fs::OpenOptions;
 use tokio::io::AsyncWriteExt;
@@ -84,16 +83,15 @@ async fn main(ctx: Context) -> Result<()> {
     // Initialize the TCP Transport.
     let tcp = TcpTransport::create(&ctx).await?;
 
-    // Create a Vault to safely store secret keys for Receiver.
-    let vault = Vault::create();
-
     // Create an Identity to represent Receiver.
-    let receiver = Identity::create(&ctx, vault).await?;
+    let services = services();
+    let receiver = services.identities_creation().create_identity().await?;
 
     // Create a secure channel listener for Receiver that will wait for requests to
     // initiate an Authenticated Key Exchange.
-    receiver
-        .create_secure_channel_listener("listener", TrustEveryonePolicy)
+    services
+        .secure_channels()
+        .create_secure_channel_listener(&ctx, &receiver, "listener", TrustEveryonePolicy)
         .await?;
 
     // The computer that is running this program is likely within a private network and

examples/rust/file_transfer/examples/sender.rs

@@ -1,12 +1,7 @@
 // examples/sender.rs
 
 use file_transfer::{FileData, FileDescription};
-use ockam::{
-    identity::{Identity, TrustEveryonePolicy},
-    route,
-    vault::Vault,
-    Context,
-};
+use ockam::{identity::TrustEveryonePolicy, route, services, Context};
 use ockam::{TcpConnectionTrustOptions, TcpTransport};
 
 use std::path::PathBuf;
@@ -39,11 +34,9 @@ async fn main(ctx: Context) -> Result<()> {
     // Initialize the TCP Transport.
     let tcp = TcpTransport::create(&ctx).await?;
 
-    // Create a Vault to safely store secret keys for Sender.
-    let vault = Vault::create();
-
     // Create an Identity to represent Sender.
-    let sender = Identity::create(&ctx, vault).await?;
+    let services = services();
+    let sender = services.identities_creation().create_identity().await?;
 
     // This program expects that the receiver has setup a forwarding address,
     // for his secure channel listener, on the Ockam node at 1.node.ockam.network:4000.
@@ -62,8 +55,9 @@ async fn main(ctx: Context) -> Result<()> {
 
     // As Sender, connect to the Receiver's secure channel listener, and perform an
     // Authenticated Key Exchange to establish an encrypted secure channel with Receiver.
-    let channel = sender
-        .create_secure_channel(route_to_receiver_listener, TrustEveryonePolicy)
+    let channel = services
+        .secure_channels()
+        .create_secure_channel(&ctx, &sender, route_to_receiver_listener, TrustEveryonePolicy)
         .await?;
 
     println!("\n[✓] End-to-end encrypted secure channel was established.\n");

examples/rust/get_started/examples/05-secure-channel-over-two-transport-hops-initiator.rs

@@ -1,26 +1,27 @@
 // This node creates an end-to-end encrypted secure channel over two tcp transport hops.
 // It then routes a message, to a worker on a different node, through this encrypted channel.
 
-use ockam::identity::{Identity, TrustEveryonePolicy};
-use ockam::{route, vault::Vault, Context, Result, TcpConnectionTrustOptions, TcpTransport};
+use ockam::identity::TrustEveryonePolicy;
+use ockam::{route, services, Context, Result, TcpConnectionTrustOptions, TcpTransport};
 
 #[ockam::node]
 async fn main(mut ctx: Context) -> Result<()> {
     // Initialize the TCP Transport.
     let tcp = TcpTransport::create(&ctx).await?;
 
-    // Create a Vault to safely store secret keys for Alice.
-    let vault = Vault::create();
-
     // Create an Identity to represent Alice.
-    let alice = Identity::create(&ctx, vault).await?;
+    let services = services();
+    let alice = services.identities_creation().create_identity().await?;
 
     // Create a TCP connection to the middle node.
     let connection_to_middle_node = tcp.connect("localhost:3000", TcpConnectionTrustOptions::new()).await?;
 
     // Connect to a secure channel listener and perform a handshake.
     let r = route![connection_to_middle_node, "forward_to_bob", "bob_listener"];
-    let channel = alice.create_secure_channel(r, TrustEveryonePolicy).await?;
+    let channel = services
+        .secure_channels()
+        .create_secure_channel(&ctx, &alice, r, TrustEveryonePolicy)
+        .await?;
 
     // Send a message to the echoer worker via the channel.
     ctx.send(route![channel, "echoer"], "Hello Ockam!".to_string()).await?;

examples/rust/get_started/examples/05-secure-channel-over-two-transport-hops-responder.rs

@@ -3,8 +3,8 @@
 
 use hello_ockam::Echoer;
 use ockam::access_control::AllowAll;
-use ockam::identity::{Identity, TrustEveryonePolicy};
-use ockam::{vault::Vault, Context, Result, TcpListenerTrustOptions, TcpTransport};
+use ockam::identity::TrustEveryonePolicy;
+use ockam::{services, Context, Result, TcpListenerTrustOptions, TcpTransport};
 
 #[ockam::node]
 async fn main(ctx: Context) -> Result<()> {
@@ -13,15 +13,14 @@ async fn main(ctx: Context) -> Result<()> {
     // Initialize the TCP Transport.
     let tcp = TcpTransport::create(&ctx).await?;
 
-    // Create a Vault to safely store secret keys for Bob.
-    let vault = Vault::create();
-
-    // Create an Identity to represent Bob.
-    let bob = Identity::create(&ctx, vault).await?;
+    let services = services();
+    let bob = services.identities_creation().create_identity().await?;
 
     // Create a secure channel listener for Bob that will wait for requests to
     // initiate an Authenticated Key Exchange.
-    bob.create_secure_channel_listener("bob_listener", TrustEveryonePolicy)
+    services
+        .secure_channels()
+        .create_secure_channel_listener(&ctx, &bob, "bob_listener", TrustEveryonePolicy)
         .await?;
 
     // Create a TCP listener and wait for incoming connections.

examples/rust/get_started/examples/06-credentials-exchange-client.rs

@@ -1,9 +1,6 @@
-use ockam::authenticated_storage::AuthenticatedAttributeStorage;
-use ockam::identity::credential_issuer::{CredentialIssuerApi, CredentialIssuerClient};
-use ockam::identity::{Identity, SecureChannelTrustOptions, TrustEveryonePolicy};
+use ockam::identity::{CredentialIssuerApi, CredentialIssuerClient, SecureChannelTrustOptions, TrustEveryonePolicy};
 use ockam::sessions::Sessions;
-use ockam::{route, vault::Vault, Context, Result, TcpConnectionTrustOptions, TcpTransport};
-use std::sync::Arc;
+use ockam::{route, services, Context, Result, TcpConnectionTrustOptions, TcpTransport};
 
 #[ockam::node]
 async fn main(mut ctx: Context) -> Result<()> {
@@ -14,7 +11,7 @@ async fn main(mut ctx: Context) -> Result<()> {
     // We preload the client vault with a change history and secret key corresponding to the identity identifier
     // Pe92f183eb4c324804ef4d62962dea94cf095a265d4d28500c34e1a4e0d5ef638
     // which is an identifier known to the credential issuer, with some preset attributes
-    let vault = Vault::create();
+    let services = services();
 
     // Create an Identity representing the server
     // Load an identity corresponding to the following public identifier
@@ -24,8 +21,10 @@ async fn main(mut ctx: Context) -> Result<()> {
     // to the credential issuer as a member of the production cluster.
     let change_history = "01dcf392551f796ef1bcb368177e53f9a5875a962f67279259207d24a01e690721000547c93239ba3d818ec26c9cdadd2a35cbdf1fa3b6d1a731e06164b1079fb7b8084f434b414d5f524b03012000000020a0d205f09cab9a9467591fcee560429aab1215d8136e5c985a6b7dc729e6f08203010140b098463a727454c0e5292390d8f4cbd4dd0cae5db95606832f3d0a138936487e1da1489c40d8a0995fce71cc1948c6bcfd67186467cdd78eab7e95c080141505";
     let secret = "41b6873b20d95567bf958e6bab2808e9157720040882630b1bb37a72f4015cd2";
-    let client = Identity::create_identity_with_change_history(&ctx, vault, change_history, secret).await?;
-    let store = client.authenticated_storage();
+    let client = services
+        .identities_creation()
+        .import_private_identity(change_history, secret)
+        .await?;
 
     // Connect with the credential issuer and authenticate using the latest private
     // key of this program's hardcoded identity.
@@ -40,13 +39,13 @@ async fn main(mut ctx: Context) -> Result<()> {
     let issuer_trust_options = SecureChannelTrustOptions::new()
         .with_trust_policy(TrustEveryonePolicy)
         .as_consumer(&sessions, &session_id);
-    let issuer_channel = client
-        .create_secure_channel(route![issuer_connection, "secure"], issuer_trust_options)
+    let issuer_channel = services
+        .secure_channels()
+        .create_secure_channel(&ctx, &client, route![issuer_connection, "secure"], issuer_trust_options)
         .await?;
     let issuer_client = CredentialIssuerClient::new(&ctx, route![issuer_channel]).await?;
-    let credential = issuer_client.get_credential(client.identifier()).await?.unwrap();
+    let credential = issuer_client.get_credential(&client.identifier()).await?.unwrap();
     println!("Credential:\n{credential}");
-    client.set_credential(credential).await;
 
     // Create a secure channel to the node that is running the Echoer service.
     let server_session_id = sessions.generate_session_id();
@@ -55,15 +54,23 @@ async fn main(mut ctx: Context) -> Result<()> {
     let channel_trust_options = SecureChannelTrustOptions::new()
         .with_trust_policy(TrustEveryonePolicy)
         .as_consumer(&sessions, &server_session_id);
-    let channel = client
-        .create_secure_channel(route![server_connection, "secure"], channel_trust_options)
+    let channel = services
+        .secure_channels()
+        .create_secure_channel(
+            &ctx,
+            &client,
+            route![server_connection, "secure"],
+            channel_trust_options,
+        )
         .await?;
 
     // Present credentials over the secure channel
-    let storage = Arc::new(AuthenticatedAttributeStorage::new(store.clone()));
-    let issuer = issuer_client.public_identity().await?;
+    let issuer = issuer_client.identity().await?;
     let r = route![channel.clone(), "credentials"];
-    client.present_credential_mutual(r, &[issuer], storage, None).await?;
+    services
+        .credentials_server()
+        .present_credential_mutual(&ctx, r, &[issuer], credential)
+        .await?;
 
     // Send a message to the worker at address "echoer".
     ctx.send(route![channel, "echoer"], "Hello Ockam!".to_string()).await?;

examples/rust/get_started/examples/06-credentials-exchange-issuer.rs

@@ -1,17 +1,18 @@
 use ockam::access_control::AllowAll;
 use ockam::access_control::IdentityIdAccessControl;
-use ockam::identity::credential_issuer::CredentialIssuer;
-use ockam::identity::TrustEveryonePolicy;
-use ockam::{Context, Result, TcpListenerTrustOptions, TcpTransport};
+use ockam::identity::{CredentialIssuer, TrustEveryonePolicy};
+use ockam::{services, Context, Result, TcpListenerTrustOptions, TcpTransport};
 
 #[ockam::node]
 async fn main(ctx: Context) -> Result<()> {
-    let issuer = CredentialIssuer::create(&ctx).await?;
-    let issuer_change_history = issuer.identity().change_history().await;
-    let exported = issuer_change_history.export().unwrap();
-    println!("Credential Issuer Identifier: {}", issuer.identity().identifier());
+    let services = services();
+    let issuer = services.identities_creation().create_identity().await?;
+    let credential_issuer = CredentialIssuer::new(services.repository(), services.credentials(), &issuer);
+    let exported = issuer.change_history().export().unwrap();
+    println!("Credential Issuer Identifier: {}", issuer.identifier());
     println!("Credential Issuer Change History: {}", hex::encode(exported));
 
+    // credential_issuer
     // Tell this credential issuer about a set of public identifiers that are
     // known, in advance, to be members of the production cluster.
     let known_identifiers = vec![
@@ -30,19 +31,25 @@ async fn main(ctx: Context) -> Result<()> {
     // For a different application this attested attribute set can be different and
     // distinct for each identifier, but for this example we'll keep things simple.
     for identifier in known_identifiers.iter() {
-        issuer.put_attribute_value(identifier, "cluster", "production").await?;
+        credential_issuer
+            .put_attribute_value(identifier, "cluster", "production")
+            .await?;
     }
 
     // Start a secure channel listener that only allows channels where the identity
     // at the other end of the channel can authenticate with the latest private key
     // corresponding to one of the above known public identifiers.
     let p = TrustEveryonePolicy;
-    issuer.identity().create_secure_channel_listener("secure", p).await?;
+    services
+        .secure_channels()
+        .create_secure_channel_listener(&ctx, &issuer, "secure", p)
+        .await?;
 
     // Start a credential issuer worker that will only accept incoming requests from
     // authenticated secure channels with our known public identifiers.
     let allow_known = IdentityIdAccessControl::new(known_identifiers);
-    ctx.start_worker("issuer", issuer, allow_known, AllowAll).await?;
+    ctx.start_worker("issuer", credential_issuer, allow_known, AllowAll)
+        .await?;
 
     // Initialize TCP Transport, create a TCP listener, and wait for connections.
     let tcp = TcpTransport::create(&ctx).await?;