kanidmd_lib/valueset/
jws.rs
1use crate::prelude::*;
2use crate::schema::SchemaAttribute;
3use crate::valueset::ScimResolveStatus;
4use crate::valueset::{DbValueSetV2, ValueSet};
5use base64urlsafedata::Base64UrlSafeData;
6use compact_jwt::{crypto::JwsRs256Signer, JwsEs256Signer, JwsSigner};
7use crypto_glue::traits::Zeroizing;
8use hashbrown::HashSet;
9
10#[derive(Debug, Clone)]
11pub struct ValueSetJwsKeyEs256 {
12 set: HashSet<JwsEs256Signer>,
13}
14
15impl ValueSetJwsKeyEs256 {
16 pub fn new(k: JwsEs256Signer) -> Box<Self> {
17 let mut set = HashSet::new();
18 set.insert(k);
19 Box::new(ValueSetJwsKeyEs256 { set })
20 }
21
22 pub fn push(&mut self, k: JwsEs256Signer) -> bool {
23 self.set.insert(k)
24 }
25
26 pub fn from_dbvs2(data: &[Zeroizing<Vec<u8>>]) -> Result<ValueSet, OperationError> {
27 let set = data
28 .iter()
29 .map(|b| {
30 JwsEs256Signer::from_es256_der(b).map_err(|e| {
31 debug!(?e, "Error occurred parsing ES256 DER");
32 OperationError::InvalidValueState
33 })
34 })
35 .collect::<Result<HashSet<_>, _>>()?;
36 Ok(Box::new(ValueSetJwsKeyEs256 { set }))
37 }
38
39 pub fn from_repl_v1(data: &[Base64UrlSafeData]) -> Result<ValueSet, OperationError> {
40 let set = data
41 .iter()
42 .map(|b| {
43 JwsEs256Signer::from_es256_der(b.as_slice()).map_err(|e| {
44 debug!(?e, "Error occurred parsing ES256 DER");
45 OperationError::InvalidValueState
46 })
47 })
48 .collect::<Result<HashSet<_>, _>>()?;
49 Ok(Box::new(ValueSetJwsKeyEs256 { set }))
50 }
51
52 #[allow(clippy::should_implement_trait)]
55 pub fn from_iter<T>(iter: T) -> Option<Box<ValueSetJwsKeyEs256>>
56 where
57 T: IntoIterator<Item = JwsEs256Signer>,
58 {
59 let set: HashSet<JwsEs256Signer> = iter.into_iter().collect();
60 Some(Box::new(ValueSetJwsKeyEs256 { set }))
61 }
62}
63
64impl ValueSetT for ValueSetJwsKeyEs256 {
65 fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
66 match value {
67 Value::JwsKeyEs256(k) => Ok(self.set.insert(k)),
68 _ => {
69 debug_assert!(false);
70 Err(OperationError::InvalidValueState)
71 }
72 }
73 }
74
75 fn clear(&mut self) {
76 self.set.clear();
77 }
78
79 fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
80 match pv {
81 PartialValue::Iutf8(kid) => {
82 let x = self.set.len();
83 self.set.retain(|k| k.get_kid() != kid);
84 x != self.set.len()
85 }
86 _ => false,
87 }
88 }
89
90 fn contains(&self, pv: &PartialValue) -> bool {
91 match pv {
92 PartialValue::Iutf8(kid) => self.set.iter().any(|k| k.get_kid() == kid),
93 _ => false,
94 }
95 }
96
97 fn substring(&self, _pv: &PartialValue) -> bool {
98 false
99 }
100
101 fn startswith(&self, _pv: &PartialValue) -> bool {
102 false
103 }
104
105 fn endswith(&self, _pv: &PartialValue) -> bool {
106 false
107 }
108
109 fn lessthan(&self, _pv: &PartialValue) -> bool {
110 false
111 }
112
113 fn len(&self) -> usize {
114 self.set.len()
115 }
116
117 fn generate_idx_eq_keys(&self) -> Vec<String> {
118 self.set.iter().map(|k| k.get_kid().to_string()).collect()
119 }
120
121 fn syntax(&self) -> SyntaxType {
122 SyntaxType::JwsKeyEs256
123 }
124
125 fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
126 true
127 }
128
129 fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
130 Box::new(self.set.iter().map(|k| k.get_kid().to_string()))
131 }
132
133 fn to_scim_value(&self) -> Option<ScimResolveStatus> {
134 None
135 }
136
137 fn to_db_valueset_v2(&self) -> DbValueSetV2 {
138 DbValueSetV2::JwsKeyEs256(self.set.iter()
139 .map(|k| {
140 #[allow(clippy::expect_used)]
141 k.private_key_to_der()
142 .expect("Unable to process private key to der, likely corrupted. You must restore from backup.")
143 })
144 .collect())
145 }
146
147 fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
148 Box::new(
149 self.set
150 .iter()
151 .cloned()
152 .map(|k| PartialValue::new_iutf8(k.get_kid())),
153 )
154 }
155
156 fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
157 Box::new(self.set.iter().cloned().map(Value::JwsKeyEs256))
158 }
159
160 fn equal(&self, other: &ValueSet) -> bool {
161 if let Some(other) = other.as_jws_key_es256_set() {
162 &self.set == other
163 } else {
164 debug_assert!(false);
165 false
166 }
167 }
168
169 fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
170 if let Some(b) = other.as_jws_key_es256_set() {
171 mergesets!(self.set, b)
172 } else {
173 debug_assert!(false);
174 Err(OperationError::InvalidValueState)
175 }
176 }
177
178 fn to_jws_key_es256_single(&self) -> Option<&JwsEs256Signer> {
179 if self.set.len() == 1 {
180 self.set.iter().take(1).next()
181 } else {
182 None
183 }
184 }
185
186 fn as_jws_key_es256_set(&self) -> Option<&HashSet<JwsEs256Signer>> {
187 Some(&self.set)
188 }
189}
190
191#[derive(Debug, Clone)]
192pub struct ValueSetJwsKeyRs256 {
193 set: HashSet<JwsRs256Signer>,
194}
195
196impl ValueSetJwsKeyRs256 {
197 pub fn new(k: JwsRs256Signer) -> Box<Self> {
198 let mut set = HashSet::new();
199 set.insert(k);
200 Box::new(ValueSetJwsKeyRs256 { set })
201 }
202
203 pub fn push(&mut self, k: JwsRs256Signer) -> bool {
204 self.set.insert(k)
205 }
206
207 pub fn from_dbvs2(data: &[Vec<u8>]) -> Result<ValueSet, OperationError> {
208 let set = data
209 .iter()
210 .map(|b| {
211 JwsRs256Signer::from_rs256_der(b).map_err(|e| {
212 debug!(?e, "Error occurred parsing RS256 DER");
213 OperationError::InvalidValueState
214 })
215 })
216 .collect::<Result<HashSet<_>, _>>()?;
217 Ok(Box::new(ValueSetJwsKeyRs256 { set }))
218 }
219
220 #[allow(clippy::should_implement_trait)]
223 pub fn from_iter<T>(iter: T) -> Option<Box<ValueSetJwsKeyRs256>>
224 where
225 T: IntoIterator<Item = JwsRs256Signer>,
226 {
227 let set: HashSet<JwsRs256Signer> = iter.into_iter().collect();
228 Some(Box::new(ValueSetJwsKeyRs256 { set }))
229 }
230}
231
232impl ValueSetT for ValueSetJwsKeyRs256 {
233 fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
234 match value {
235 Value::JwsKeyRs256(k) => Ok(self.set.insert(k)),
236 _ => {
237 debug_assert!(false);
238 Err(OperationError::InvalidValueState)
239 }
240 }
241 }
242
243 fn clear(&mut self) {
244 self.set.clear();
245 }
246
247 fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
248 match pv {
249 PartialValue::Iutf8(kid) => {
250 let x = self.set.len();
251 self.set.retain(|k| k.get_kid() != kid);
252 x != self.set.len()
253 }
254 _ => false,
255 }
256 }
257
258 fn contains(&self, _pv: &PartialValue) -> bool {
259 false
260 }
261
262 fn substring(&self, _pv: &PartialValue) -> bool {
263 false
264 }
265
266 fn startswith(&self, _pv: &PartialValue) -> bool {
267 false
268 }
269
270 fn endswith(&self, _pv: &PartialValue) -> bool {
271 false
272 }
273
274 fn lessthan(&self, _pv: &PartialValue) -> bool {
275 false
276 }
277
278 fn len(&self) -> usize {
279 self.set.len()
280 }
281
282 fn generate_idx_eq_keys(&self) -> Vec<String> {
283 self.set.iter().map(|k| k.get_kid().to_string()).collect()
284 }
285
286 fn syntax(&self) -> SyntaxType {
287 SyntaxType::JwsKeyRs256
288 }
289
290 fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
291 true
292 }
293
294 fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
295 Box::new(self.set.iter().map(|k| k.get_kid().to_string()))
296 }
297
298 fn to_scim_value(&self) -> Option<ScimResolveStatus> {
299 None
300 }
301
302 fn to_db_valueset_v2(&self) -> DbValueSetV2 {
303 DbValueSetV2::JwsKeyRs256(self.set.iter()
304 .map(|k| {
305 #[allow(clippy::expect_used)]
306 k.private_key_to_der()
307 .expect("Unable to process private key to der, likely corrupted. You must restore from backup.")
308 })
309 .collect())
310 }
311
312 fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
313 Box::new(
314 self.set
315 .iter()
316 .cloned()
317 .map(|k| PartialValue::new_iutf8(k.get_kid())),
318 )
319 }
320
321 fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
322 Box::new(self.set.iter().cloned().map(Value::JwsKeyRs256))
323 }
324
325 fn equal(&self, other: &ValueSet) -> bool {
326 if let Some(other) = other.as_jws_key_rs256_set() {
327 &self.set == other
328 } else {
329 debug_assert!(false);
330 false
331 }
332 }
333
334 fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
335 if let Some(b) = other.as_jws_key_rs256_set() {
336 mergesets!(self.set, b)
337 } else {
338 debug_assert!(false);
339 Err(OperationError::InvalidValueState)
340 }
341 }
342
343 fn to_jws_key_rs256_single(&self) -> Option<&JwsRs256Signer> {
344 if self.set.len() == 1 {
345 self.set.iter().take(1).next()
346 } else {
347 None
348 }
349 }
350
351 fn as_jws_key_rs256_set(&self) -> Option<&HashSet<JwsRs256Signer>> {
352 Some(&self.set)
353 }
354}