kanidmd_lib/valueset/
jws.rs

1use crate::prelude::*;
2use crate::schema::SchemaAttribute;
3use crate::valueset::ScimResolveStatus;
4use crate::valueset::{DbValueSetV2, ValueSet};
5use base64urlsafedata::Base64UrlSafeData;
6use compact_jwt::{crypto::JwsRs256Signer, JwsEs256Signer, JwsSigner};
7use crypto_glue::traits::Zeroizing;
8use hashbrown::HashSet;
9
10#[derive(Debug, Clone)]
11pub struct ValueSetJwsKeyEs256 {
12    set: HashSet<JwsEs256Signer>,
13}
14
15impl ValueSetJwsKeyEs256 {
16    pub fn new(k: JwsEs256Signer) -> Box<Self> {
17        let mut set = HashSet::new();
18        set.insert(k);
19        Box::new(ValueSetJwsKeyEs256 { set })
20    }
21
22    pub fn push(&mut self, k: JwsEs256Signer) -> bool {
23        self.set.insert(k)
24    }
25
26    pub fn from_dbvs2(data: &[Zeroizing<Vec<u8>>]) -> Result<ValueSet, OperationError> {
27        let set = data
28            .iter()
29            .map(|b| {
30                JwsEs256Signer::from_es256_der(b).map_err(|e| {
31                    debug!(?e, "Error occurred parsing ES256 DER");
32                    OperationError::InvalidValueState
33                })
34            })
35            .collect::<Result<HashSet<_>, _>>()?;
36        Ok(Box::new(ValueSetJwsKeyEs256 { set }))
37    }
38
39    pub fn from_repl_v1(data: &[Base64UrlSafeData]) -> Result<ValueSet, OperationError> {
40        let set = data
41            .iter()
42            .map(|b| {
43                JwsEs256Signer::from_es256_der(b.as_slice()).map_err(|e| {
44                    debug!(?e, "Error occurred parsing ES256 DER");
45                    OperationError::InvalidValueState
46                })
47            })
48            .collect::<Result<HashSet<_>, _>>()?;
49        Ok(Box::new(ValueSetJwsKeyEs256 { set }))
50    }
51
52    // We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
53    // types, and jwssigner is foreign
54    #[allow(clippy::should_implement_trait)]
55    pub fn from_iter<T>(iter: T) -> Option<Box<ValueSetJwsKeyEs256>>
56    where
57        T: IntoIterator<Item = JwsEs256Signer>,
58    {
59        let set: HashSet<JwsEs256Signer> = iter.into_iter().collect();
60        Some(Box::new(ValueSetJwsKeyEs256 { set }))
61    }
62}
63
64impl ValueSetT for ValueSetJwsKeyEs256 {
65    fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
66        match value {
67            Value::JwsKeyEs256(k) => Ok(self.set.insert(k)),
68            _ => {
69                debug_assert!(false);
70                Err(OperationError::InvalidValueState)
71            }
72        }
73    }
74
75    fn clear(&mut self) {
76        self.set.clear();
77    }
78
79    fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
80        match pv {
81            PartialValue::Iutf8(kid) => {
82                let x = self.set.len();
83                self.set.retain(|k| k.get_kid() != kid);
84                x != self.set.len()
85            }
86            _ => false,
87        }
88    }
89
90    fn contains(&self, pv: &PartialValue) -> bool {
91        match pv {
92            PartialValue::Iutf8(kid) => self.set.iter().any(|k| k.get_kid() == kid),
93            _ => false,
94        }
95    }
96
97    fn substring(&self, _pv: &PartialValue) -> bool {
98        false
99    }
100
101    fn startswith(&self, _pv: &PartialValue) -> bool {
102        false
103    }
104
105    fn endswith(&self, _pv: &PartialValue) -> bool {
106        false
107    }
108
109    fn lessthan(&self, _pv: &PartialValue) -> bool {
110        false
111    }
112
113    fn len(&self) -> usize {
114        self.set.len()
115    }
116
117    fn generate_idx_eq_keys(&self) -> Vec<String> {
118        self.set.iter().map(|k| k.get_kid().to_string()).collect()
119    }
120
121    fn syntax(&self) -> SyntaxType {
122        SyntaxType::JwsKeyEs256
123    }
124
125    fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
126        true
127    }
128
129    fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
130        Box::new(self.set.iter().map(|k| k.get_kid().to_string()))
131    }
132
133    fn to_scim_value(&self) -> Option<ScimResolveStatus> {
134        None
135    }
136
137    fn to_db_valueset_v2(&self) -> DbValueSetV2 {
138        DbValueSetV2::JwsKeyEs256(self.set.iter()
139            .map(|k| {
140                #[allow(clippy::expect_used)]
141                k.private_key_to_der()
142                    .expect("Unable to process private key to der, likely corrupted. You must restore from backup.")
143            })
144            .collect())
145    }
146
147    fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
148        Box::new(
149            self.set
150                .iter()
151                .cloned()
152                .map(|k| PartialValue::new_iutf8(k.get_kid())),
153        )
154    }
155
156    fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
157        Box::new(self.set.iter().cloned().map(Value::JwsKeyEs256))
158    }
159
160    fn equal(&self, other: &ValueSet) -> bool {
161        if let Some(other) = other.as_jws_key_es256_set() {
162            &self.set == other
163        } else {
164            debug_assert!(false);
165            false
166        }
167    }
168
169    fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
170        if let Some(b) = other.as_jws_key_es256_set() {
171            mergesets!(self.set, b)
172        } else {
173            debug_assert!(false);
174            Err(OperationError::InvalidValueState)
175        }
176    }
177
178    fn to_jws_key_es256_single(&self) -> Option<&JwsEs256Signer> {
179        if self.set.len() == 1 {
180            self.set.iter().take(1).next()
181        } else {
182            None
183        }
184    }
185
186    fn as_jws_key_es256_set(&self) -> Option<&HashSet<JwsEs256Signer>> {
187        Some(&self.set)
188    }
189}
190
191#[derive(Debug, Clone)]
192pub struct ValueSetJwsKeyRs256 {
193    set: HashSet<JwsRs256Signer>,
194}
195
196impl ValueSetJwsKeyRs256 {
197    pub fn new(k: JwsRs256Signer) -> Box<Self> {
198        let mut set = HashSet::new();
199        set.insert(k);
200        Box::new(ValueSetJwsKeyRs256 { set })
201    }
202
203    pub fn push(&mut self, k: JwsRs256Signer) -> bool {
204        self.set.insert(k)
205    }
206
207    pub fn from_dbvs2(data: &[Vec<u8>]) -> Result<ValueSet, OperationError> {
208        let set = data
209            .iter()
210            .map(|b| {
211                JwsRs256Signer::from_rs256_der(b).map_err(|e| {
212                    debug!(?e, "Error occurred parsing RS256 DER");
213                    OperationError::InvalidValueState
214                })
215            })
216            .collect::<Result<HashSet<_>, _>>()?;
217        Ok(Box::new(ValueSetJwsKeyRs256 { set }))
218    }
219
220    // We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
221    // types, and jwssigner is foreign
222    #[allow(clippy::should_implement_trait)]
223    pub fn from_iter<T>(iter: T) -> Option<Box<ValueSetJwsKeyRs256>>
224    where
225        T: IntoIterator<Item = JwsRs256Signer>,
226    {
227        let set: HashSet<JwsRs256Signer> = iter.into_iter().collect();
228        Some(Box::new(ValueSetJwsKeyRs256 { set }))
229    }
230}
231
232impl ValueSetT for ValueSetJwsKeyRs256 {
233    fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
234        match value {
235            Value::JwsKeyRs256(k) => Ok(self.set.insert(k)),
236            _ => {
237                debug_assert!(false);
238                Err(OperationError::InvalidValueState)
239            }
240        }
241    }
242
243    fn clear(&mut self) {
244        self.set.clear();
245    }
246
247    fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
248        match pv {
249            PartialValue::Iutf8(kid) => {
250                let x = self.set.len();
251                self.set.retain(|k| k.get_kid() != kid);
252                x != self.set.len()
253            }
254            _ => false,
255        }
256    }
257
258    fn contains(&self, _pv: &PartialValue) -> bool {
259        false
260    }
261
262    fn substring(&self, _pv: &PartialValue) -> bool {
263        false
264    }
265
266    fn startswith(&self, _pv: &PartialValue) -> bool {
267        false
268    }
269
270    fn endswith(&self, _pv: &PartialValue) -> bool {
271        false
272    }
273
274    fn lessthan(&self, _pv: &PartialValue) -> bool {
275        false
276    }
277
278    fn len(&self) -> usize {
279        self.set.len()
280    }
281
282    fn generate_idx_eq_keys(&self) -> Vec<String> {
283        self.set.iter().map(|k| k.get_kid().to_string()).collect()
284    }
285
286    fn syntax(&self) -> SyntaxType {
287        SyntaxType::JwsKeyRs256
288    }
289
290    fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
291        true
292    }
293
294    fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
295        Box::new(self.set.iter().map(|k| k.get_kid().to_string()))
296    }
297
298    fn to_scim_value(&self) -> Option<ScimResolveStatus> {
299        None
300    }
301
302    fn to_db_valueset_v2(&self) -> DbValueSetV2 {
303        DbValueSetV2::JwsKeyRs256(self.set.iter()
304            .map(|k| {
305                #[allow(clippy::expect_used)]
306                k.private_key_to_der()
307                    .expect("Unable to process private key to der, likely corrupted. You must restore from backup.")
308            })
309            .collect())
310    }
311
312    fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
313        Box::new(
314            self.set
315                .iter()
316                .cloned()
317                .map(|k| PartialValue::new_iutf8(k.get_kid())),
318        )
319    }
320
321    fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
322        Box::new(self.set.iter().cloned().map(Value::JwsKeyRs256))
323    }
324
325    fn equal(&self, other: &ValueSet) -> bool {
326        if let Some(other) = other.as_jws_key_rs256_set() {
327            &self.set == other
328        } else {
329            debug_assert!(false);
330            false
331        }
332    }
333
334    fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
335        if let Some(b) = other.as_jws_key_rs256_set() {
336            mergesets!(self.set, b)
337        } else {
338            debug_assert!(false);
339            Err(OperationError::InvalidValueState)
340        }
341    }
342
343    fn to_jws_key_rs256_single(&self) -> Option<&JwsRs256Signer> {
344        if self.set.len() == 1 {
345            self.set.iter().take(1).next()
346        } else {
347            None
348        }
349    }
350
351    fn as_jws_key_rs256_set(&self) -> Option<&HashSet<JwsRs256Signer>> {
352        Some(&self.set)
353    }
354}