kanidmd_lib/valueset/
jws.rs

Help
1use crate::prelude::*;
2use crate::schema::SchemaAttribute;
3use crate::valueset::ScimResolveStatus;
4use crate::valueset::{DbValueSetV2, ValueSet};
5use base64urlsafedata::Base64UrlSafeData;
6use compact_jwt::{crypto::JwsRs256Signer, JwsEs256Signer, JwsSigner};
7use hashbrown::HashSet;
8
9#[derive(Debug, Clone)]
10pub struct ValueSetJwsKeyEs256 {
11    set: HashSet<JwsEs256Signer>,
12}
13
14impl ValueSetJwsKeyEs256 {
15    pub fn new(k: JwsEs256Signer) -> Box<Self> {
16        let mut set = HashSet::new();
17        set.insert(k);
18        Box::new(ValueSetJwsKeyEs256 { set })
19    }
20
21    pub fn push(&mut self, k: JwsEs256Signer) -> bool {
22        self.set.insert(k)
23    }
24
25    pub fn from_dbvs2(data: &[Vec<u8>]) -> Result<ValueSet, OperationError> {
26        let set = data
27            .iter()
28            .map(|b| {
29                JwsEs256Signer::from_es256_der(b).map_err(|e| {
30                    debug!(?e, "Error occurred parsing ES256 DER");
31                    OperationError::InvalidValueState
32                })
33            })
34            .collect::<Result<HashSet<_>, _>>()?;
35        Ok(Box::new(ValueSetJwsKeyEs256 { set }))
36    }
37
38    pub fn from_repl_v1(data: &[Base64UrlSafeData]) -> Result<ValueSet, OperationError> {
39        let set = data
40            .iter()
41            .map(|b| {
42                JwsEs256Signer::from_es256_der(b.as_slice()).map_err(|e| {
43                    debug!(?e, "Error occurred parsing ES256 DER");
44                    OperationError::InvalidValueState
45                })
46            })
47            .collect::<Result<HashSet<_>, _>>()?;
48        Ok(Box::new(ValueSetJwsKeyEs256 { set }))
49    }
50
51    // We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
52    // types, and jwssigner is foreign
53    #[allow(clippy::should_implement_trait)]
54    pub fn from_iter<T>(iter: T) -> Option<Box<ValueSetJwsKeyEs256>>
55    where
56        T: IntoIterator<Item = JwsEs256Signer>,
57    {
58        let set: HashSet<JwsEs256Signer> = iter.into_iter().collect();
59        Some(Box::new(ValueSetJwsKeyEs256 { set }))
60    }
61}
62
63impl ValueSetT for ValueSetJwsKeyEs256 {
64    fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
65        match value {
66            Value::JwsKeyEs256(k) => Ok(self.set.insert(k)),
67            _ => {
68                debug_assert!(false);
69                Err(OperationError::InvalidValueState)
70            }
71        }
72    }
73
74    fn clear(&mut self) {
75        self.set.clear();
76    }
77
78    fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
79        match pv {
80            PartialValue::Iutf8(kid) => {
81                let x = self.set.len();
82                self.set.retain(|k| k.get_kid() != kid);
83                x != self.set.len()
84            }
85            _ => false,
86        }
87    }
88
89    fn contains(&self, pv: &PartialValue) -> bool {
90        match pv {
91            PartialValue::Iutf8(kid) => self.set.iter().any(|k| k.get_kid() == kid),
92            _ => false,
93        }
94    }
95
96    fn substring(&self, _pv: &PartialValue) -> bool {
97        false
98    }
99
100    fn startswith(&self, _pv: &PartialValue) -> bool {
101        false
102    }
103
104    fn endswith(&self, _pv: &PartialValue) -> bool {
105        false
106    }
107
108    fn lessthan(&self, _pv: &PartialValue) -> bool {
109        false
110    }
111
112    fn len(&self) -> usize {
113        self.set.len()
114    }
115
116    fn generate_idx_eq_keys(&self) -> Vec<String> {
117        self.set.iter().map(|k| k.get_kid().to_string()).collect()
118    }
119
120    fn syntax(&self) -> SyntaxType {
121        SyntaxType::JwsKeyEs256
122    }
123
124    fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
125        true
126    }
127
128    fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
129        Box::new(self.set.iter().map(|k| k.get_kid().to_string()))
130    }
131
132    fn to_scim_value(&self) -> Option<ScimResolveStatus> {
133        None
134    }
135
136    fn to_db_valueset_v2(&self) -> DbValueSetV2 {
137        DbValueSetV2::JwsKeyEs256(self.set.iter()
138            .map(|k| {
139                #[allow(clippy::expect_used)]
140                k.private_key_to_der()
141                    .expect("Unable to process private key to der, likely corrupted. You must restore from backup.")
142            })
143            .collect())
144    }
145
146    fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
147        Box::new(
148            self.set
149                .iter()
150                .cloned()
151                .map(|k| PartialValue::new_iutf8(k.get_kid())),
152        )
153    }
154
155    fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
156        Box::new(self.set.iter().cloned().map(Value::JwsKeyEs256))
157    }
158
159    fn equal(&self, other: &ValueSet) -> bool {
160        if let Some(other) = other.as_jws_key_es256_set() {
161            &self.set == other
162        } else {
163            debug_assert!(false);
164            false
165        }
166    }
167
168    fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
169        if let Some(b) = other.as_jws_key_es256_set() {
170            mergesets!(self.set, b)
171        } else {
172            debug_assert!(false);
173            Err(OperationError::InvalidValueState)
174        }
175    }
176
177    fn to_jws_key_es256_single(&self) -> Option<&JwsEs256Signer> {
178        if self.set.len() == 1 {
179            self.set.iter().take(1).next()
180        } else {
181            None
182        }
183    }
184
185    fn as_jws_key_es256_set(&self) -> Option<&HashSet<JwsEs256Signer>> {
186        Some(&self.set)
187    }
188}
189
190#[derive(Debug, Clone)]
191pub struct ValueSetJwsKeyRs256 {
192    set: HashSet<JwsRs256Signer>,
193}
194
195impl ValueSetJwsKeyRs256 {
196    pub fn new(k: JwsRs256Signer) -> Box<Self> {
197        let mut set = HashSet::new();
198        set.insert(k);
199        Box::new(ValueSetJwsKeyRs256 { set })
200    }
201
202    pub fn push(&mut self, k: JwsRs256Signer) -> bool {
203        self.set.insert(k)
204    }
205
206    pub fn from_dbvs2(data: &[Vec<u8>]) -> Result<ValueSet, OperationError> {
207        let set = data
208            .iter()
209            .map(|b| {
210                JwsRs256Signer::from_rs256_der(b).map_err(|e| {
211                    debug!(?e, "Error occurred parsing RS256 DER");
212                    OperationError::InvalidValueState
213                })
214            })
215            .collect::<Result<HashSet<_>, _>>()?;
216        Ok(Box::new(ValueSetJwsKeyRs256 { set }))
217    }
218
219    // We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
220    // types, and jwssigner is foreign
221    #[allow(clippy::should_implement_trait)]
222    pub fn from_iter<T>(iter: T) -> Option<Box<ValueSetJwsKeyRs256>>
223    where
224        T: IntoIterator<Item = JwsRs256Signer>,
225    {
226        let set: HashSet<JwsRs256Signer> = iter.into_iter().collect();
227        Some(Box::new(ValueSetJwsKeyRs256 { set }))
228    }
229}
230
231impl ValueSetT for ValueSetJwsKeyRs256 {
232    fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
233        match value {
234            Value::JwsKeyRs256(k) => Ok(self.set.insert(k)),
235            _ => {
236                debug_assert!(false);
237                Err(OperationError::InvalidValueState)
238            }
239        }
240    }
241
242    fn clear(&mut self) {
243        self.set.clear();
244    }
245
246    fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
247        match pv {
248            PartialValue::Iutf8(kid) => {
249                let x = self.set.len();
250                self.set.retain(|k| k.get_kid() != kid);
251                x != self.set.len()
252            }
253            _ => false,
254        }
255    }
256
257    fn contains(&self, _pv: &PartialValue) -> bool {
258        false
259    }
260
261    fn substring(&self, _pv: &PartialValue) -> bool {
262        false
263    }
264
265    fn startswith(&self, _pv: &PartialValue) -> bool {
266        false
267    }
268
269    fn endswith(&self, _pv: &PartialValue) -> bool {
270        false
271    }
272
273    fn lessthan(&self, _pv: &PartialValue) -> bool {
274        false
275    }
276
277    fn len(&self) -> usize {
278        self.set.len()
279    }
280
281    fn generate_idx_eq_keys(&self) -> Vec<String> {
282        self.set.iter().map(|k| k.get_kid().to_string()).collect()
283    }
284
285    fn syntax(&self) -> SyntaxType {
286        SyntaxType::JwsKeyRs256
287    }
288
289    fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
290        true
291    }
292
293    fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
294        Box::new(self.set.iter().map(|k| k.get_kid().to_string()))
295    }
296
297    fn to_scim_value(&self) -> Option<ScimResolveStatus> {
298        None
299    }
300
301    fn to_db_valueset_v2(&self) -> DbValueSetV2 {
302        DbValueSetV2::JwsKeyRs256(self.set.iter()
303            .map(|k| {
304                #[allow(clippy::expect_used)]
305                k.private_key_to_der()
306                    .expect("Unable to process private key to der, likely corrupted. You must restore from backup.")
307            })
308            .collect())
309    }
310
311    fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
312        Box::new(
313            self.set
314                .iter()
315                .cloned()
316                .map(|k| PartialValue::new_iutf8(k.get_kid())),
317        )
318    }
319
320    fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
321        Box::new(self.set.iter().cloned().map(Value::JwsKeyRs256))
322    }
323
324    fn equal(&self, other: &ValueSet) -> bool {
325        if let Some(other) = other.as_jws_key_rs256_set() {
326            &self.set == other
327        } else {
328            debug_assert!(false);
329            false
330        }
331    }
332
333    fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
334        if let Some(b) = other.as_jws_key_rs256_set() {
335            mergesets!(self.set, b)
336        } else {
337            debug_assert!(false);
338            Err(OperationError::InvalidValueState)
339        }
340    }
341
342    fn to_jws_key_rs256_single(&self) -> Option<&JwsRs256Signer> {
343        if self.set.len() == 1 {
344            self.set.iter().take(1).next()
345        } else {
346            None
347        }
348    }
349
350    fn as_jws_key_rs256_set(&self) -> Option<&HashSet<JwsRs256Signer>> {
351        Some(&self.set)
352    }
353}
kanidmd_lib/valueset/jws.rs

kanidmd_lib/valueset/
jws.rs
