NetHsmBackend

signstar_config::nethsm::backend

Struct NetHsmBackend 

Source 
pub struct NetHsmBackend<'a, 'b> {
    nethsm: NetHsm,
    admin_credentials: &'a NetHsmAdminCredentials,
    signstar_config: &'b SignstarConfig,
}
Expand description

A NetHSM backend that provides full control over its data.

This backend allows full control over the data in a [NetHsm], to the extend that is configured by the tracked NetHsmAdminCredentials and SignstarConfig.

Fields§

§nethsm: NetHsm§admin_credentials: &'a NetHsmAdminCredentials§signstar_config: &'b SignstarConfig

Implementations§

Source§

impl<'a, 'b> NetHsmBackend<'a, 'b>

Source

pub fn new( nethsm: NetHsm, admin_credentials: &'a NetHsmAdminCredentials, signstar_config: &'b SignstarConfig, ) -> Result<Self, Error>

Creates a new NetHsmBackend.

§Errors

Returns an error if

  • the iteration of the admin_credentials does not match that of the signstar_config,
  • or retrieving the default administrator from the admin_credentials fails.
§Examples
use std::collections::HashSet;

use nethsm::{Connection, ConnectionSecurity, FullCredentials, NetHsm};
use signstar_config::{
    NetHsmAdminCredentials,
    AdministrativeSecretHandling,
    BackendConnection,
    NetHsmBackend,
    NonAdministrativeSecretHandling,
    SignstarConfig,
    UserMapping,
};

// The NetHSM connection.
let nethsm = NetHsm::new(
    Connection::new(
        "https://example.org/api/v1".try_into()?,
        ConnectionSecurity::Unsafe,
    ),
    None,
    None,
    None,
)?;
// The administrative credentials.
let admin_credentials = NetHsmAdminCredentials::new(
    1,
    "backup-passphrase".parse()?,
    "unlock-passphrase".parse()?,
    vec![FullCredentials::new(
        "admin".parse()?,
        "admin-passphrase".parse()?,
    )],
    vec![FullCredentials::new(
        "ns1~admin".parse()?,
        "ns1-admin-passphrase".parse()?,
    )],
)?;
// The Signstar config.
let signstar_config = SignstarConfig::new(
    1,
    AdministrativeSecretHandling::ShamirsSecretSharing,
    NonAdministrativeSecretHandling::SystemdCreds,
    HashSet::from([BackendConnection::NetHsm(Connection::new(
        "https://localhost:8443/api/v1/".parse()?,
        "Unsafe".parse()?,
    ))]),
    HashSet::from([
        UserMapping::NetHsmOnlyAdmin("admin".parse()?),
        UserMapping::SystemOnlyShareDownload {
            system_user: "ssh-share-down".parse()?,
            ssh_authorized_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh96uFTnvX6P1ebbLxXFvy6sK7qFqlMHDOuJ0TmuXQQ user@host".parse()?,
        },
        UserMapping::SystemOnlyShareUpload {
            system_user: "ssh-share-up".parse()?,
            ssh_authorized_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh96uFTnvX6P1ebbLxXFvy6sK7qFqlMHDOuJ0TmuXQQ user@host".parse()?,
        }]),
)?;

let nethsm_backend = NetHsmBackend::new(nethsm, &admin_credentials, &signstar_config)?;
Source

pub fn nethsm(&self) -> &NetHsm

Returns a reference to the tracked [NetHsm].

Source

pub(crate) fn unlock_nethsm(&self) -> Result<(), Error>

Unlocks a locked [NetHsm] backend.

Source

pub(crate) fn user_states(&self) -> Result<Vec<UserState>, Error>

Retrieves the state for all users on the [NetHsm] backend.

§Note

Uses the nethsm with the default R-Administrator.

§Errors

Returns an error if

  • using the credentials of the default R-Administrator fails,
  • retrieving all user names of the NetHSM backend fails,
  • retrieving information about a specific NetHSM user fails,
  • or retrieving the tags of an Operator user fails.
Source

fn key_certificate_state( &self, key_id: &KeyId, namespace: Option<&NamespaceId>, ) -> KeyCertificateState

Retrieves the state of a key certificate on the [NetHsm] backend.

Key certificates may be retrieved for system-wide keys or namespaced keys. Returns a KeyCertificateState, which may also encode reasons for why state cannot be retrieved.

§Note

It is assumed that the current credentials for the nethsm provide access to the key certificate of key key_id.

Source

pub(crate) fn key_states(&self) -> Result<Vec<KeyState>, Error>

Retrieves the state for all keys on the [NetHsm] backend.

Collects each key, their KeyType and list of KeyMechanisms. Also attempts to derive a CryptographicKeyContext from the key certificate.

§Note

This function uses the nethsm with the default R-Administrator, but may switch to a namespace-specific N-Administrator for individual operations. If this function succeeds, the nethsm is guaranteed to use the default R-Administrator again. If this function fails, the nethsm may still use a namespace-specific N-Administrator.

§Errors

Returns an error if

  • using the default R-Administrator for authentication against the backend fails,
  • retrieving the names of all system-wide keys on the backend fails,
  • retrieving information on a specific system-wide key on the backend fails,
  • an N-Administrator in admin_credentials is not actually in a namespace,
  • using the credentials of an N-Administrator fails,
  • retrieving the names of all namespaced keys on the backend fails,
  • or retrieving information on a specific namespaced key on the backend fails.
Source

pub fn sync(&self, user_credentials: &[FullCredentials]) -> Result<(), Error>

Syncs the state of a Signstar configuration with the backend using credentials for users in non-administrative roles.

Provisions unprovisioned NetHSM backends and unlocks locked ones. Then works down the following list to

  • create R-Administrators,
    • or set their passphrase if they exist already,
  • create system-wide keys and add tags to them,
    • or remove all tags from existing keys and only add the configured tags,
  • create users in the system-wide, non-administrative roles (i.e. [Backup][UserRole::Backup], [Metrics][UserRole::Metrics] and [Operator][UserRole::Operator]),
    • or set their passphrase if they exist already,
  • create OpenPGP certificates for system-wide keys,
    • or do nothing if they exist already,
  • create N-Administrators and their respective namespaces,
    • or set their passphrase if they exist already,
  • create namespaced keys and add tags to them,
    • or remove all tags from existing keys and only add the configured tags,
  • create users in the namespaced, non-administrative roles (i.e. [Operator][UserRole::Operator]),
    • or set their passphrase if they exist already,
  • and create OpenPGP certificates for namespaced keys,
    • or do nothing if they exist already.
§Note

This function uses the nethsm with the default R-Administrator, but may switch to a namespace-specific N-Administrator or non-administrative user for individual operations. If this function succeeds, the nethsm is guaranteed to use the default R-Administrator again. If this function fails, the nethsm may still use a namespace-specific N-Administrator or non-administrative user.

§Errors

Returns an error if

  • retrieving the state of the [NetHsm] backend fails,
  • provisioning an unprovisioned [NetHsm] fails,
  • unlocking a locked [NetHsm] backend fails,
  • adding users in the system-wide [Administrator][UserRole::Administrator] role fails,
  • adding system-wide keys fails,
  • adding system-wide users in the [Backup][UserRole::Backup], [Metrics][UserRole::Metrics] or [Operator][UserRole::Operator] role fails,
  • adding OpenPGP certificates for system-wide keys fails,
  • adding namespaced users in the [Administrator][UserRole::Administrator] role or adding their respective namespace fails,
  • adding namespaced keys fails,
  • adding namespaced users in the [Operator][UserRole::Operator] role fails,
  • or adding OpenPGP certificates for namespaced keys fails.

Trait Implementations§

Source§

impl<'a, 'b> Debug for NetHsmBackend<'a, 'b>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'a, 'b> TryFrom<&NetHsmBackend<'a, 'b>> for NetHsmState

Source§

fn try_from(value: &NetHsmBackend<'_, '_>) -> Result<Self, Self::Error>

Creates a new NetHsmState from a NetHsmBackend.

§Note

Uses the [NetHsm] backend with the default R-Administrator, but may switch to a namespace-specific N-Administrator for individual operations. If this function succeeds, the nethsm is guaranteed to use the default R-Administrator again. If this function fails, the nethsm may still use a namespace-specific N-Administrator.

§Errors

Returns an error if

  • retrieving the system state of the [NetHsm] backend fails,
  • unlocking a locked [NetHsm] backend fails,
  • or retrieving the state of users or keys on the tracked [NetHsm] backend fails.
Source§

type Error = Error

The type returned in the event of a conversion error.

Auto Trait Implementations§

§

impl<'a, 'b> !Freeze for NetHsmBackend<'a, 'b>

§

impl<'a, 'b> !RefUnwindSafe for NetHsmBackend<'a, 'b>

§

impl<'a, 'b> Send for NetHsmBackend<'a, 'b>

§

impl<'a, 'b> !Sync for NetHsmBackend<'a, 'b>

§

impl<'a, 'b> Unpin for NetHsmBackend<'a, 'b>

§

impl<'a, 'b> !UnwindSafe for NetHsmBackend<'a, 'b>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Conv for T

§

fn conv<T>(self) -> T
where Self: Into<T>,

Converts self into T using Into<T>. Read more
§

impl<T> FmtForward for T

§

fn fmt_binary(self) -> FmtBinary<Self>
where Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.
§

fn fmt_display(self) -> FmtDisplay<Self>
where Self: Display,

Causes self to use its Display implementation when Debug-formatted.
§

fn fmt_lower_exp(self) -> FmtLowerExp<Self>
where Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.
§

fn fmt_lower_hex(self) -> FmtLowerHex<Self>
where Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.
§

fn fmt_octal(self) -> FmtOctal<Self>
where Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.
§

fn fmt_pointer(self) -> FmtPointer<Self>
where Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.
§

fn fmt_upper_exp(self) -> FmtUpperExp<Self>
where Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.
§

fn fmt_upper_hex(self) -> FmtUpperHex<Self>
where Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.
§

fn fmt_list(self) -> FmtList<Self>
where &'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pipe for T
where T: ?Sized,

§

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> R
where Self: Sized,

Pipes by value. This is generally the method you want to use. Read more
§

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> R
where R: 'a,

Borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> R
where R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
where Self: Borrow<B>, B: 'a + ?Sized, R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more
§

fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
where Self: BorrowMut<B>, B: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
§

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
where Self: AsRef<U>, U: 'a + ?Sized, R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.
§

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
where Self: AsMut<U>, U: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.
§

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
where Self: Deref<Target = T>, T: 'a + ?Sized, R: 'a,

Borrows self, then passes self.deref() into the pipe function.
§

fn pipe_deref_mut<'a, T, R>( &'a mut self, func: impl FnOnce(&'a mut T) -> R, ) -> R
where Self: DerefMut<Target = T> + Deref, T: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
§

impl<T> Tap for T

§

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more
§

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more
§

fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Immutable access to the Borrow<B> of a value. Read more
§

fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Mutable access to the BorrowMut<B> of a value. Read more
§

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more
§

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more
§

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Immutable access to the Deref::Target of a value. Read more
§

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Mutable access to the Deref::Target of a value. Read more
§

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.
§

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.
§

fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.
§

fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
§

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.
§

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
§

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.
§

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
§

impl<T> TryConv for T

§

fn try_conv<T>(self) -> Result<T, Self::Error>
where Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> ErasedDestructor for T
where T: 'static,