Skip to content

Commit

Permalink
Added KeyIdentity.
Browse files Browse the repository at this point in the history 
Closes parallaxsecond#488

Signed-off-by: Matt Davis <[email protected]>
  • Loading branch information
@MattDavis00
MattDavis00 committed Jul 30, 2021
1 parent 8632fef commit 4a18f45
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 50 deletions.
84 changes: 54 additions & 30 deletions src/key_info_managers/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
//! information of the keys they manage. Different implementors might store this mapping using different
//! means but it has to be persistent.

use crate::authenticators::ApplicationName;
use crate::utils::config::{KeyInfoManagerConfig, KeyInfoManagerType};
use anyhow::Result;
use derivative::Derivative;
Expand All @@ -24,18 +23,27 @@ pub mod on_disk_manager;
/// This structure corresponds to a unique identifier of the key. It is used internally by the Key
/// ID manager to refer to a key.
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub struct KeyTriple {
app_name: ApplicationName,
provider_id: ProviderId,

pub struct ApplicationIdentity {
name: String,
authenticator_id: u8,
}
pub struct ProviderIdentity {
uuid: String,
name: String,
}
pub struct KeyIdentity {
application: ApplicationIdentity,
provider: ProviderIdentity,
key_name: String,
}

impl fmt::Display for KeyTriple {
impl fmt::Display for KeyIdentity {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(
f,
"Application Name: \"{}\", Provider ID: {}, Key Name: \"{}\"",
self.app_name, self.provider_id, self.key_name
"Application: [name=\"{}\", authenticator_id=\"{}\"],\nProvider: [name=\"{}\", uuid=\"{}\"],\nKey Name: \"{}\"",
self.application.name, self.application.authenticator_id, self.provider.name, self.provider.uuid, self.key_name
)
}
}
Expand All @@ -50,19 +58,34 @@ struct KeyInfo {
attributes: Attributes,
}

impl KeyTriple {
/// Creates a new instance of KeyTriple.
pub fn new(app_name: ApplicationName, provider_id: ProviderId, key_name: String) -> KeyTriple {
KeyTriple {
app_name,
provider_id,
impl KeyIdentity {
/// Creates a new instance of KeyIdentity.
// pub fn new(application_name: String, authenticator_id: u8, provider_name: String, provider_uuid: String, key_name: String) -> KeyIdentity {
// KeyIdentity {
// application: ApplicationIdentity {
// name: application_name,
// authenticator_id,
// },
// provider: ProviderIdentity {
// name: provider_name,
// uuid: provider_uuid,
// },
// key_name,
// }
// }

/// Creates a new instance of KeyIdentity.
pub fn new(application: ApplicationIdentity, provider: ProviderIdentity, key_name: String) -> KeyIdentity {
KeyIdentity {
application,
provider,
key_name,
}
}

/// Checks if this key belongs to a specific provider.
pub fn belongs_to_provider(&self, provider_id: ProviderId) -> bool {
self.provider_id == provider_id
pub fn belongs_to_provider(&self, provider_name: String) -> bool {
self.provider.name == provider_name
}

/// Get the key name
Expand All @@ -71,8 +94,8 @@ impl KeyTriple {
}

/// Get the app name
pub fn app_name(&self) -> &ApplicationName {
&self.app_name
pub fn app_name(&self) -> &String {
&self.application.name
}
}

Expand All @@ -96,14 +119,14 @@ trait ManageKeyInfo {
/// # Errors
///
/// Returns an error as a String if there was a problem accessing the Key Info Manager.
fn get(&self, key_triple: &KeyTriple) -> Result<Option<&KeyInfo>, String>;
fn get(&self, key_identity: &KeyIdentity) -> Result<Option<&KeyInfo>, String>;

/// Returns a Vec of reference to the key triples corresponding to this provider.
///
/// # Errors
///
/// Returns an error as a String if there was a problem accessing the Key Info Manager.
fn get_all(&self, provider_id: ProviderId) -> Result<Vec<&KeyTriple>, String>;
fn get_all(&self, provider_id: ProviderId) -> Result<Vec<&KeyIdentity>, String>;

/// Inserts a new mapping between the key triple and the key info. If the triple already exists,
/// overwrite the existing mapping and returns the old `KeyInfo`. Otherwise returns `None`.
Expand All @@ -113,7 +136,7 @@ trait ManageKeyInfo {
/// Returns an error as a String if there was a problem accessing the Key Info Manager.
fn insert(
&mut self,
key_triple: KeyTriple,
key_identity: KeyIdentity,
key_info: KeyInfo,
) -> Result<Option<KeyInfo>, String>;

Expand All @@ -123,14 +146,14 @@ trait ManageKeyInfo {
/// # Errors
///
/// Returns an error as a String if there was a problem accessing the Key Info Manager.
fn remove(&mut self, key_triple: &KeyTriple) -> Result<Option<KeyInfo>, String>;
fn remove(&mut self, key_identity: &KeyIdentity) -> Result<Option<KeyInfo>, String>;

/// Check if a key triple mapping exists.
///
/// # Errors
///
/// Returns an error as a String if there was a problem accessing the Key Info Manager.
fn exists(&self, key_triple: &KeyTriple) -> Result<bool, String>;
fn exists(&self, key_identity: &KeyIdentity) -> Result<bool, String>;
}

/// KeyInfoManager client structure that bridges between the KIM and the providers that need
Expand All @@ -139,14 +162,15 @@ trait ManageKeyInfo {
#[derivative(Debug)]
pub struct KeyInfoManagerClient {
provider_id: ProviderId,
provider: ProviderIdentity,
#[derivative(Debug = "ignore")]
key_info_manager_impl: Arc<RwLock<dyn ManageKeyInfo + Send + Sync>>,
}

impl KeyInfoManagerClient {
/// Get the KeyTriple representing a key.
pub fn get_key_triple(&self, app_name: ApplicationName, key_name: String) -> KeyTriple {
KeyTriple::new(app_name, self.provider_id, key_name)
pub fn get_key_triple(&self, application: ApplicationIdentity, key_name: String) -> KeyIdentity {
KeyIdentity::new(application, self.provider, key_name)
}

/// Get the key ID for a given key triple
Expand All @@ -161,7 +185,7 @@ impl KeyInfoManagerClient {
/// type fails, InvalidEncoding is returned.
pub fn get_key_id<T: DeserializeOwned>(
&self,
key_triple: &KeyTriple,
key_triple: &KeyIdentity,
) -> parsec_interface::requests::Result<T> {
let key_info_manager_impl = self
.key_info_manager_impl
Expand All @@ -185,7 +209,7 @@ impl KeyInfoManagerClient {
/// KeyInfoManagerError is returned.
pub fn get_key_attributes(
&self,
key_triple: &KeyTriple,
key_triple: &KeyIdentity,
) -> parsec_interface::requests::Result<Attributes> {
let key_info_manager_impl = self
.key_info_manager_impl
Expand All @@ -200,7 +224,7 @@ impl KeyInfoManagerClient {
}

/// Get all the key triples for the current provider
pub fn get_all(&self) -> parsec_interface::requests::Result<Vec<KeyTriple>> {
pub fn get_all(&self) -> parsec_interface::requests::Result<Vec<KeyIdentity>> {
let key_info_manager_impl = self
.key_info_manager_impl
.read()
Expand All @@ -220,7 +244,7 @@ impl KeyInfoManagerClient {
/// KeyInfoManagerError is returned.
pub fn remove_key_info(
&self,
key_triple: &KeyTriple,
key_triple: &KeyIdentity,
) -> parsec_interface::requests::Result<()> {
let mut key_info_manager_impl = self
.key_info_manager_impl
Expand All @@ -241,7 +265,7 @@ impl KeyInfoManagerClient {
/// any other error occurring in the KIM, KeyInfoManagerError is returned.
pub fn insert_key_info<T: Serialize>(
&self,
key_triple: KeyTriple,
key_triple: KeyIdentity,
key_id: &T,
attributes: Attributes,
) -> parsec_interface::requests::Result<()> {
Expand Down Expand Up @@ -336,7 +360,7 @@ impl KeyInfoManagerClient {
///
/// Returns PsaErrorAlreadyExists if the key triple already exists or KeyInfoManagerError for
/// another error.
pub fn does_not_exist(&self, key_triple: &KeyTriple) -> Result<(), ResponseStatus> {
pub fn does_not_exist(&self, key_triple: &KeyIdentity) -> Result<(), ResponseStatus> {
let key_info_manager_impl = self
.key_info_manager_impl
.read()
Expand Down
40 changes: 20 additions & 20 deletions src/key_info_managers/on_disk_manager/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
//! example, for operating systems having a limit of 255 characters for filenames (Unix systems),
//! names will be limited to 188 bytes of UTF-8 characters.
//! For security reasons, only the PARSEC service should have the ability to modify these files.
use super::{KeyInfo, KeyTriple, ManageKeyInfo};
use super::{KeyInfo, KeyIdentity, ManageKeyInfo};
use crate::authenticators::ApplicationName;
use anyhow::{Context, Result};
use log::{error, info, warn};
Expand All @@ -32,7 +32,7 @@ pub const DEFAULT_MAPPINGS_PATH: &str = "/var/lib/parsec/mappings";
#[derive(Debug)]
pub struct OnDiskKeyInfoManager {
/// Internal mapping, used for non-modifying operations.
key_store: HashMap<KeyTriple, KeyInfo>,
key_store: HashMap<KeyIdentity, KeyInfo>,
/// Folder where all the key triple to key info mappings are saved. This folder will be created
/// if it does already exist.
mappings_dir_path: PathBuf,
Expand All @@ -41,7 +41,7 @@ pub struct OnDiskKeyInfoManager {
/// Encodes a KeyTriple's data into base64 strings that can be used as filenames.
/// The ProviderId will not be converted as a base64 as it can always be represented as a String
/// being a number from 0 and 255.
fn key_triple_to_base64_filenames(key_triple: &KeyTriple) -> (String, String, String) {
fn key_triple_to_base64_filenames(key_triple: &KeyIdentity) -> (String, String, String) {
(
base64::encode_config(key_triple.app_name.as_bytes(), base64::URL_SAFE),
(key_triple.provider_id as u8).to_string(),
Expand Down Expand Up @@ -74,11 +74,11 @@ fn base64_data_triple_to_key_triple(
app_name: &[u8],
provider_id: ProviderId,
key_name: &[u8],
) -> Result<KeyTriple, String> {
) -> Result<KeyIdentity, String> {
let app_name = ApplicationName::from_name(base64_data_to_string(app_name)?);
let key_name = base64_data_to_string(key_name)?;

Ok(KeyTriple {
Ok(KeyIdentity {
app_name,
provider_id,
key_name,
Expand Down Expand Up @@ -254,7 +254,7 @@ impl OnDiskKeyInfoManager {
/// Saves the key triple to key info mapping in its own file.
/// The filename will be `mappings/[APP_NAME]/[PROVIDER_NAME]/[KEY_NAME]` under the same path as the
/// on-disk manager. It will contain the Key info data.
fn save_mapping(&self, key_triple: &KeyTriple, key_info: &KeyInfo) -> std::io::Result<()> {
fn save_mapping(&self, key_triple: &KeyIdentity, key_info: &KeyInfo) -> std::io::Result<()> {
if crate::utils::GlobalConfig::log_error_details() {
warn!(
"Saving Key Triple ({}) mapping to disk.",
Expand Down Expand Up @@ -287,7 +287,7 @@ impl OnDiskKeyInfoManager {

/// Removes the mapping file.
/// Will do nothing if the mapping file does not exist.
fn delete_mapping(&self, key_triple: &KeyTriple) -> std::io::Result<()> {
fn delete_mapping(&self, key_triple: &KeyIdentity) -> std::io::Result<()> {
let (app_name, prov, key_name) = key_triple_to_base64_filenames(key_triple);
let key_name_file_path = self
.mappings_dir_path
Expand All @@ -303,7 +303,7 @@ impl OnDiskKeyInfoManager {
}

impl ManageKeyInfo for OnDiskKeyInfoManager {
fn get(&self, key_triple: &KeyTriple) -> Result<Option<&KeyInfo>, String> {
fn get(&self, key_triple: &KeyIdentity) -> Result<Option<&KeyInfo>, String> {
// An Option<&Vec<u8>> can not automatically coerce to an Option<&[u8]>, it needs to be
// done by hand.
if let Some(key_info) = self.key_store.get(key_triple) {
Expand All @@ -313,7 +313,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager {
}
}

fn get_all(&self, provider_id: ProviderId) -> Result<Vec<&KeyTriple>, String> {
fn get_all(&self, provider_id: ProviderId) -> Result<Vec<&KeyIdentity>, String> {
Ok(self
.key_store
.keys()
Expand All @@ -323,7 +323,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager {

fn insert(
&mut self,
key_triple: KeyTriple,
key_triple: KeyIdentity,
key_info: KeyInfo,
) -> Result<Option<KeyInfo>, String> {
if let Err(err) = self.save_mapping(&key_triple, &key_info) {
Expand All @@ -333,7 +333,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager {
}
}

fn remove(&mut self, key_triple: &KeyTriple) -> Result<Option<KeyInfo>, String> {
fn remove(&mut self, key_triple: &KeyIdentity) -> Result<Option<KeyInfo>, String> {
if let Err(err) = self.delete_mapping(key_triple) {
Err(err.to_string())
} else if let Some(key_info) = self.key_store.remove(key_triple) {
Expand All @@ -343,7 +343,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager {
}
}

fn exists(&self, key_triple: &KeyTriple) -> Result<bool, String> {
fn exists(&self, key_triple: &KeyIdentity) -> Result<bool, String> {
Ok(self.key_store.contains_key(key_triple))
}
}
Expand Down Expand Up @@ -380,7 +380,7 @@ impl OnDiskKeyInfoManagerBuilder {

#[cfg(test)]
mod test {
use super::super::{KeyInfo, KeyTriple, ManageKeyInfo};
use super::super::{KeyInfo, KeyIdentity, ManageKeyInfo};
use super::OnDiskKeyInfoManager;
use crate::authenticators::ApplicationName;
use parsec_interface::operations::psa_algorithm::{
Expand Down Expand Up @@ -531,7 +531,7 @@ mod test {
let big_app_name_ascii = ApplicationName::from_name(" Lorem ipsum dolor sit amet, ei suas viris sea, deleniti repudiare te qui. Natum paulo decore ut nec, ne propriae offendit adipisci has. Eius clita legere mel at, ei vis minimum tincidunt.".to_string());
let big_key_name_ascii = " Lorem ipsum dolor sit amet, ei suas viris sea, deleniti repudiare te qui. Natum paulo decore ut nec, ne propriae offendit adipisci has. Eius clita legere mel at, ei vis minimum tincidunt.".to_string();

let key_triple = KeyTriple::new(big_app_name_ascii, ProviderId::Core, big_key_name_ascii);
let key_triple = KeyIdentity::new(big_app_name_ascii, ProviderId::Core, big_key_name_ascii);
let key_info = test_key_info();

let _ = manager
Expand All @@ -549,7 +549,7 @@ mod test {
let big_app_name_emoticons = ApplicationName::from_name("๐Ÿ˜€๐Ÿ˜๐Ÿ˜‚๐Ÿ˜ƒ๐Ÿ˜„๐Ÿ˜…๐Ÿ˜†๐Ÿ˜‡๐Ÿ˜ˆ๐Ÿ˜‰๐Ÿ˜Š๐Ÿ˜‹๐Ÿ˜Œ๐Ÿ˜๐Ÿ˜Ž๐Ÿ˜๐Ÿ˜๐Ÿ˜‘๐Ÿ˜’๐Ÿ˜“๐Ÿ˜”๐Ÿ˜•๐Ÿ˜–๐Ÿ˜—๐Ÿ˜˜๐Ÿ˜™๐Ÿ˜š๐Ÿ˜›๐Ÿ˜œ๐Ÿ˜๐Ÿ˜ž๐Ÿ˜Ÿ๐Ÿ˜ ๐Ÿ˜ก๐Ÿ˜ข๐Ÿ˜ฃ๐Ÿ˜ค๐Ÿ˜ฅ๐Ÿ˜ฆ๐Ÿ˜ง๐Ÿ˜จ๐Ÿ˜ฉ๐Ÿ˜ช๐Ÿ˜ซ๐Ÿ˜ฌ๐Ÿ˜ญ๐Ÿ˜ฎ".to_string());
let big_key_name_emoticons = "๐Ÿ˜€๐Ÿ˜๐Ÿ˜‚๐Ÿ˜ƒ๐Ÿ˜„๐Ÿ˜…๐Ÿ˜†๐Ÿ˜‡๐Ÿ˜ˆ๐Ÿ˜‰๐Ÿ˜Š๐Ÿ˜‹๐Ÿ˜Œ๐Ÿ˜๐Ÿ˜Ž๐Ÿ˜๐Ÿ˜๐Ÿ˜‘๐Ÿ˜’๐Ÿ˜“๐Ÿ˜”๐Ÿ˜•๐Ÿ˜–๐Ÿ˜—๐Ÿ˜˜๐Ÿ˜™๐Ÿ˜š๐Ÿ˜›๐Ÿ˜œ๐Ÿ˜๐Ÿ˜ž๐Ÿ˜Ÿ๐Ÿ˜ ๐Ÿ˜ก๐Ÿ˜ข๐Ÿ˜ฃ๐Ÿ˜ค๐Ÿ˜ฅ๐Ÿ˜ฆ๐Ÿ˜ง๐Ÿ˜จ๐Ÿ˜ฉ๐Ÿ˜ช๐Ÿ˜ซ๐Ÿ˜ฌ๐Ÿ˜ญ๐Ÿ˜ฎ".to_string();

let key_triple = KeyTriple::new(
let key_triple = KeyIdentity::new(
big_app_name_emoticons,
ProviderId::MbedCrypto,
big_key_name_emoticons,
Expand All @@ -569,20 +569,20 @@ mod test {

let app_name1 = ApplicationName::from_name("๐Ÿ˜€ Application One ๐Ÿ˜€".to_string());
let key_name1 = "๐Ÿ˜€ Key One ๐Ÿ˜€".to_string();
let key_triple1 = KeyTriple::new(app_name1, ProviderId::Core, key_name1);
let key_triple1 = KeyIdentity::new(app_name1, ProviderId::Core, key_name1);
let key_info1 = test_key_info();

let app_name2 = ApplicationName::from_name("๐Ÿ˜‡ Application Two ๐Ÿ˜‡".to_string());
let key_name2 = "๐Ÿ˜‡ Key Two ๐Ÿ˜‡".to_string();
let key_triple2 = KeyTriple::new(app_name2, ProviderId::MbedCrypto, key_name2);
let key_triple2 = KeyIdentity::new(app_name2, ProviderId::MbedCrypto, key_name2);
let key_info2 = KeyInfo {
id: vec![0x12, 0x22, 0x32],
attributes: test_key_attributes(),
};

let app_name3 = ApplicationName::from_name("๐Ÿ˜ˆ Application Three ๐Ÿ˜ˆ".to_string());
let key_name3 = "๐Ÿ˜ˆ Key Three ๐Ÿ˜ˆ".to_string();
let key_triple3 = KeyTriple::new(app_name3, ProviderId::Core, key_name3);
let key_triple3 = KeyIdentity::new(app_name3, ProviderId::Core, key_name3);
let key_info3 = KeyInfo {
id: vec![0x13, 0x23, 0x33],
attributes: test_key_attributes(),
Expand Down Expand Up @@ -612,8 +612,8 @@ mod test {
fs::remove_dir_all(path).unwrap();
}

fn new_key_triple(key_name: String) -> KeyTriple {
KeyTriple::new(
fn new_key_triple(key_name: String) -> KeyIdentity {
KeyIdentity::new(
ApplicationName::from_name("Testing Application ๐Ÿ˜Ž".to_string()),
ProviderId::MbedCrypto,
key_name,
Expand Down

0 comments on commit 4a18f45

Please sign in to comment.