kanidmd_lib/server/keys/
object.rs

1use crate::prelude::*;
2use compact_jwt::{compact::JweCompact, jwe::Jwe};
3use compact_jwt::{Jwk, JwkKeySet, Jws, JwsCompact};
4use smolset::SmolSet;
5use std::collections::BTreeSet;
6use uuid::Uuid;
7
8pub type KeyObject = Box<dyn KeyObjectT + Send + Sync + 'static>;
9
10// currently only used in testing, so no need to to exist until then
11#[cfg(test)]
12pub type KeyObjectRef<'a> = &'a (dyn KeyObjectT + Send + Sync + 'static);
13
14pub trait KeyObjectT {
15    fn uuid(&self) -> Uuid;
16
17    fn jws_es256_import(
18        &mut self,
19        import_keys: &SmolSet<[Vec<u8>; 1]>,
20        valid_from: Duration,
21        cid: &Cid,
22    ) -> Result<(), OperationError>;
23
24    fn jws_es256_assert(&mut self, valid_from: Duration, cid: &Cid) -> Result<(), OperationError>;
25
26    fn jws_es256_sign(
27        &self,
28        jws: &Jws,
29        current_time: Duration,
30    ) -> Result<JwsCompact, OperationError>;
31
32    fn jws_es256_jwks(&self) -> Option<JwkKeySet>;
33
34    fn jws_rs256_import(
35        &mut self,
36        import_keys: &SmolSet<[Vec<u8>; 1]>,
37        valid_from: Duration,
38        cid: &Cid,
39    ) -> Result<(), OperationError>;
40
41    fn jws_rs256_assert(&mut self, valid_from: Duration, cid: &Cid) -> Result<(), OperationError>;
42
43    fn jws_rs256_sign(
44        &self,
45        jws: &Jws,
46        current_time: Duration,
47    ) -> Result<JwsCompact, OperationError>;
48
49    fn jws_rs256_jwks(&self) -> Option<JwkKeySet>;
50
51    fn jws_verify(&self, jwsc: &JwsCompact) -> Result<Jws, OperationError>;
52
53    fn jws_public_jwk(&self, kid: &str) -> Result<Option<Jwk>, OperationError>;
54
55    fn jwe_a128gcm_assert(&mut self, valid_from: Duration, cid: &Cid)
56        -> Result<(), OperationError>;
57
58    fn jwe_a128gcm_encrypt(
59        &self,
60        jwe: &Jwe,
61        current_time: Duration,
62    ) -> Result<JweCompact, OperationError>;
63
64    fn jwe_decrypt(&self, jwec: &JweCompact) -> Result<Jwe, OperationError>;
65
66    fn as_valuesets(&self) -> Result<Vec<(Attribute, ValueSet)>, OperationError>;
67
68    fn duplicate(&self) -> KeyObject;
69
70    fn rotate_keys(&mut self, current_time: Duration, cid: &Cid) -> Result<(), OperationError>;
71
72    fn revoke_keys(
73        &mut self,
74        revoke_set: &BTreeSet<String>,
75        cid: &Cid,
76    ) -> Result<(), OperationError>;
77
78    #[cfg(test)]
79    fn kid_status(
80        &self,
81        kid: &super::KeyId,
82    ) -> Result<Option<crate::value::KeyStatus>, OperationError>;
83}