Trait MappingBackendDomain 

pub trait MappingBackendDomain<T>
where
    T: BackendDomainFilter,
{
    // Required method
    fn backend_domain(&self, filter: Option<&T>) -> Option<String>;
}

An interface for returning a backend domain based on an optional filter.

A backend domain usually describes a form of access restriction for a backend. With them restrictions to the access of cryptographic key material is enforced for backend users.

If a filter is provided, the domain ID must only be returned if the filter matches.

Example

use signstar_config::{
    SystemUserId,
    config::{BackendDomainFilter, MappingBackendDomain},
};
use signstar_crypto::{passphrase::Passphrase, traits::UserWithPassphrase};

#[derive(Clone, Debug, PartialEq)]
enum KeyFeature {
    V1,
    V2,
}

#[derive(Debug)]
struct KeySetup {
    pub feature: KeyFeature,
    pub id: u8,
}

#[derive(Debug)]
struct Domain {
    pub id: u8,
    pub special: bool,
}

#[derive(Debug)]
enum ExampleUserMapping {
    Admin {
        backend_id: u8,
    },
    Backup {
        backend_id: u8,
        system_user: SystemUserId,
    },
    Metrics {
        backend_id: u8,
        system_user: SystemUserId,
    },
    Signer {
        backend_id: u8,
        domain: Domain,
        key_setup: KeySetup,
        system_user: SystemUserId,
    },
}

#[derive(Debug)]
struct DomainFilter {
    pub special: bool,
}

impl BackendDomainFilter for DomainFilter {}

impl MappingBackendDomain<DomainFilter> for ExampleUserMapping {
    fn backend_domain(&self, filter: Option<&DomainFilter>) -> Option<String> {
        match self {
            Self::Admin { .. } | Self::Backup { .. } | Self::Metrics { .. } => None,
            Self::Signer { domain, .. } => {
                if let Some(filter) = filter {
                    if domain.special == filter.special {
                        Some(domain.id.to_string())
                    } else {
                        None
                    }
                } else {
                    Some(domain.id.to_string())
                }
            }
        }
    }
}

let domain_id = 1;
let mapping = ExampleUserMapping::Signer {
    backend_id: 1,
    domain: Domain {
        id: domain_id,
        special: true,
    },
    key_setup: KeySetup {
        feature: KeyFeature::V1,
        id: 1,
    },
    system_user: "backup".parse()?,
};

// A domain ID is only returned, if the custom filter matches.
assert!(
    mapping
        .backend_domain(Some(&DomainFilter { special: true }))
        .is_some_and(|id| id == domain_id.to_string())
);
// .. or if no filter is provided and a backend user with a domain is found.
assert!(
    mapping
        .backend_domain(Some(&DomainFilter { special: true }))
        .is_some_and(|id| id == domain_id.to_string())
);
assert!(
    mapping
        .backend_domain(Some(&DomainFilter { special: false }))
        .is_none()
);

Required Methods

fn backend_domain(&self, filter: Option<&T>) -> Option<String>

Returns a String representing a backend domain according to an optional filter.

Implementors

impl MappingBackendDomain<YubiHsm2DomainFilter> for YubiHsm2UserMapping

impl<'a> MappingBackendDomain<NetHsmConfigDomainFilter<'a>> for NetHsmUserMapping