pub struct FileCredStore { /* private fields */ }
Expand description

An implementation of CredStore which uses a file to store credentials.

This struct relies on the security of the underlying filesystem to protect the credentials stored in it. Even with this protection, all processes that run with the same UID as the process which creates the credential file will be able to read them. In addition, the private keys associated with these credentials are loaded into main memory as long as this struct is alive. Thus, this struct does not provide anywhere near the level of protection that crate::crypto::tpm::TpmCredStore does.

Implementations§

source§

impl FileCredStore

source

pub fn new(path: PathBuf) -> Result<Self>

Returns a new FileCredStore which is stored at the given path.

If no file is present at file_path, then a new one will be created containing freshly generated credentials.

Trait Implementations§

source§

impl CredStore for FileCredStore

§

type CredHandle = Arc<ConcreteCreds>

The type of the credential handle returned by this store.
§

type ExportedCreds = TaggedCiphertext<Envelope<ConcreteCreds>, DerivationParams>

The type of the exported credentials returned by this store.
source§

fn node_creds(&self) -> Result<Self::CredHandle>

Returns the node credentials. If credentials haven’t been generated, they are generated stored and returned.
source§

fn root_creds(&self, password: &str) -> Result<Self::CredHandle>

Returns the root credentials. If no root credentials have been generated, or the provided password is incorrect, then an error is returned.
source§

fn storage_key(&self) -> Result<AsymKeyPub<Encrypt>>

Returns a public key which can be used to encrypt data intended only to be accessed by this node. The returned key can be given as the new_parent parameter to the CredStore::export_root_creds method.
source§

fn export_root_creds( &self, root_creds: &Self::CredHandle, password: &str, new_parent: &AsymKeyPub<Encrypt> ) -> Result<Self::ExportedCreds>

Exports the root credentials. These can be serialized and persisted external to the application and later loaded and deserialized and passed to the CredStoreMut::import_root_creds method. The password argument must match the value provided when the CredStore::root_creds method was called. The new_parent argument is the public key of the node that is to import the root key, which can be obtained using the CredStoreMut::gen_root_creds method on the importing node.
source§

impl CredStoreMut for FileCredStore

source§

fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle>

Generates the root credentials and protects them using the given password. If the root credentials have already been generated then an error is returned.
source§

fn import_root_creds( &self, password: &str, exported: Self::ExportedCreds ) -> Result<Self::CredHandle>

Imports root credentials that were previously created with CredStore::export_root_creds. The provided password must match the value that was given to that method.
source§

fn assign_node_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>

Assigns the given Writecap to the node credentials referred to by the given handle. This method is responsible for committing the given Writecap to durable storage.
source§

fn assign_root_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>

Assigns writecap to the root credentials referred to by handle. This method is responsible for committing the given Writecap to durable storage.
source§

fn provision_root( &self, password: &str, expires: Epoch ) -> Result<Self::CredHandle>

Generates new root credentials protected by password and issues them a self-signed Writecap which expires after valid_for. The newly generated root credentials are returned.
source§

fn provision_node_start(&self) -> Result<Principal>

Begin the provisioning process for a node by generating a new set of node credentials. The Principal of the newly generated credentials is returned. This Principal may then be transmitted to a root node which can use it to issue a Writecap to this node.
source§

fn provision_node_finish(&self, writecap: Writecap) -> Result<Self::CredHandle>

Assigns the given Writecap to the node credentials and commits it to durable storage. A handle to the node credentials is returned.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Free for T

§

unsafe default fn free(ptr_ref: NonNull<T>)

Drops the content pointed by this pointer and frees it. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.