Skip to main content

ap_client/
lib.rs

1//! Noise Protocol Clients for access-protocol
2//!
3//! This crate provides both remote and user client implementations for
4//! connecting through a proxy using the Noise Protocol.
5//!
6//! ## Features
7//!
8//! - PSK-based authentication using pairing codes
9//! - Noise Protocol NNpsk2 pattern for secure 2-message handshake
10//! - Connection caching for reconnection without re-pairing
11//! - Supports both classical (Curve25519) and post-quantum (Kyber768) cryptography
12//!
13//! ## Remote Client Usage (untrusted device)
14//!
15//! ```ignore
16//! use ap_client::{RemoteClient, RemoteClientHandle, DefaultProxyClient, IdentityProvider, ConnectionStore};
17//!
18//! // Create proxy client — identity is wired internally by connect()
19//! let proxy_client = Box::new(DefaultProxyClient::from_url("ws://localhost:8080".to_string()));
20//!
21//! // Connect — spawns event loop internally, returns handle with channels
22//! let RemoteClientHandle { client, mut notifications, mut requests } =
23//!     RemoteClient::connect(identity_provider, connection_store, proxy_client).await?;
24//!
25//! // Pair with rendezvous code
26//! client.pair_with_handshake("ABCDEF123".to_string(), false).await?;
27//!
28//! let query = ap_client::CredentialQuery::Domain("example.com".to_string());
29//! let credential = client.request_credential(&query).await?;
30//! ```
31//!
32//! ## User Client Usage (trusted device)
33//!
34//! ```ignore
35//! use ap_client::{DefaultProxyClient, IdentityProvider, UserClient, UserClientHandle};
36//!
37//! // Create proxy client — identity is wired internally by connect()
38//! let proxy_client = Box::new(DefaultProxyClient::from_url("ws://localhost:8080".to_string()));
39//!
40//! // Connect — spawns event loop internally, returns handle with channels
41//! let UserClientHandle { client, mut notifications, mut requests } =
42//!     UserClient::connect(identity_provider, connection_store, proxy_client, None, None).await?;
43//!
44//! // Already listening. Just use it.
45//! let token = client.get_psk_token(None, false).await?;
46//! // Or: let code = client.get_rendezvous_token(None).await?;
47//! ```
48
49/// Error types
50pub mod error;
51/// Proxy client trait and default implementation
52pub mod proxy;
53/// Traits for storage implementations
54pub mod traits;
55/// Protocol types and events
56pub mod types;
57
58mod clients;
59pub(crate) mod compat;
60mod memory_connection_store;
61mod memory_psk_store;
62
63pub use clients::remote_client::{
64    RemoteClient, RemoteClientFingerprintReply, RemoteClientHandle, RemoteClientNotification,
65    RemoteClientRequest,
66};
67pub use clients::user_client::{
68    CredentialRequestReply, FingerprintVerificationReply, UserClient, UserClientHandle,
69    UserClientNotification, UserClientRequest,
70};
71pub use error::ClientError;
72pub use memory_connection_store::MemoryConnectionStore;
73pub use memory_psk_store::MemoryPskStore;
74#[cfg(feature = "native-websocket")]
75pub use proxy::DefaultProxyClient;
76pub use proxy::ProxyClient;
77pub use traits::{
78    AuditConnectionType, AuditEvent, AuditLog, ConnectionInfo, ConnectionStore, ConnectionUpdate,
79    CredentialFieldSet, IdentityProvider, MemoryIdentityProvider, NoOpAuditLog, PskEntry, PskStore,
80};
81pub use types::{ConnectionMode, CredentialData, CredentialQuery, PskId, PskToken};
82
83// Re-export ap-proxy-protocol types
84pub use ap_proxy_protocol::{IdentityFingerprint, RendezvousCode};
85// Re-export PSK type from noise protocol
86pub use ap_noise::{MultiDeviceTransport, Psk};