Struct btlib::crypto::file_cred_store::FileCredStore
source · pub struct FileCredStore { /* private fields */ }
Expand description
An implementation of CredStore which uses a file to store credentials.
This struct relies on the security of the underlying filesystem to protect the credentials stored in it. Even with this protection, all processes that run with the same UID as the process which creates the credential file will be able to read them. In addition, the private keys associated with these credentials are loaded into main memory as long as this struct is alive. Thus, this struct does not provide anywhere near the level of protection that crate::crypto::tpm::TpmCredStore does.
Implementations§
source§impl FileCredStore
impl FileCredStore
sourcepub fn new(path: PathBuf) -> Result<Self>
pub fn new(path: PathBuf) -> Result<Self>
Returns a new FileCredStore which is stored at the given path.
If no file is present at file_path
, then a new one will be created containing
freshly generated credentials.
Trait Implementations§
source§impl CredStore for FileCredStore
impl CredStore for FileCredStore
§type CredHandle = Arc<ConcreteCreds>
type CredHandle = Arc<ConcreteCreds>
The type of the credential handle returned by this store.
§type ExportedCreds = TaggedCiphertext<Envelope<ConcreteCreds>, DerivationParams>
type ExportedCreds = TaggedCiphertext<Envelope<ConcreteCreds>, DerivationParams>
The type of the exported credentials returned by this store.
source§fn node_creds(&self) -> Result<Self::CredHandle>
fn node_creds(&self) -> Result<Self::CredHandle>
Returns the node credentials. If credentials haven’t been generated, they are generated
stored and returned.
source§fn root_creds(&self, password: &str) -> Result<Self::CredHandle>
fn root_creds(&self, password: &str) -> Result<Self::CredHandle>
Returns the root credentials. If no root credentials have been generated, or the provided
password is incorrect, then an error is returned.
source§fn storage_key(&self) -> Result<AsymKeyPub<Encrypt>>
fn storage_key(&self) -> Result<AsymKeyPub<Encrypt>>
Returns a public key which can be used to encrypt data intended only to be accessed by this
node. The returned key can be given as the
new_parent
parameter to the
CredStore::export_root_creds method.source§fn export_root_creds(
&self,
root_creds: &Self::CredHandle,
password: &str,
new_parent: &AsymKeyPub<Encrypt>
) -> Result<Self::ExportedCreds>
fn export_root_creds( &self, root_creds: &Self::CredHandle, password: &str, new_parent: &AsymKeyPub<Encrypt> ) -> Result<Self::ExportedCreds>
Exports the root credentials. These can be serialized and persisted external to the
application and later loaded and deserialized and passed to the
CredStoreMut::import_root_creds method.
The
password
argument must match the value provided when the CredStore::root_creds
method was called. The new_parent
argument is the public key of the node that is to import
the root key, which can be obtained using the CredStoreMut::gen_root_creds method on the
importing node.source§impl CredStoreMut for FileCredStore
impl CredStoreMut for FileCredStore
source§fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle>
fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle>
Generates the root credentials and protects them using the given password. If the root
credentials have already been generated then an error is returned.
source§fn import_root_creds(
&self,
password: &str,
exported: Self::ExportedCreds
) -> Result<Self::CredHandle>
fn import_root_creds( &self, password: &str, exported: Self::ExportedCreds ) -> Result<Self::CredHandle>
Imports root credentials that were previously created with CredStore::export_root_creds.
The provided password must match the value that was given to that method.
source§fn assign_node_writecap(
&self,
handle: &mut Self::CredHandle,
writecap: Writecap
) -> Result<()>
fn assign_node_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>
source§fn assign_root_writecap(
&self,
handle: &mut Self::CredHandle,
writecap: Writecap
) -> Result<()>
fn assign_root_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>
Assigns
writecap
to the root credentials referred to by handle
. This method
is responsible for committing the given Writecap to durable storage.source§fn provision_root(
&self,
password: &str,
expires: Epoch
) -> Result<Self::CredHandle>
fn provision_root( &self, password: &str, expires: Epoch ) -> Result<Self::CredHandle>
Generates new root credentials protected by
password
and issues them a self-signed
Writecap which expires after valid_for
. The newly generated root credentials are
returned.source§fn provision_node_start(&self) -> Result<Principal>
fn provision_node_start(&self) -> Result<Principal>
source§fn provision_node_finish(&self, writecap: Writecap) -> Result<Self::CredHandle>
fn provision_node_finish(&self, writecap: Writecap) -> Result<Self::CredHandle>
Assigns the given Writecap to the node credentials and commits it to durable storage.
A handle to the node credentials is returned.
Auto Trait Implementations§
impl RefUnwindSafe for FileCredStore
impl Send for FileCredStore
impl Sync for FileCredStore
impl Unpin for FileCredStore
impl UnwindSafe for FileCredStore
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more