Struct apple_codesign::app_store_connect::UnifiedApiKey

source · 
pub struct UnifiedApiKey { /* private fields */ }
Expand description

Represents all metadata for an App Store Connect API Key.

This is a convenience type to aid in the generic representation of all the components of an App Store Connect API Key. The type supports serialization so we save as a single file or payload to enhance usability (so people don’t need to provide all 3 pieces of the API Key for all operations).

Implementations§

Construct an instance from constitute parts and a PEM encoded ECDSA private key.

This is what you want to use if importing a private key from the file downloaded from the App Store Connect web interface.

Examples found in repository?
src/cli.rs (line 1112)
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125

fn command_encode_app_store_connect_api_key(args: &ArgMatches) -> Result<(), AppleCodesignError> {
    let issuer_id = args
        .get_one::<String>("issuer_id")
        .expect("arg should have been required");
    let key_id = args
        .get_one::<String>("key_id")
        .expect("arg should have been required");
    let private_key_path = args
        .get_one::<PathBuf>("private_key_path")
        .expect("arg should have been required");

    let unified = UnifiedApiKey::from_ecdsa_pem_path(issuer_id, key_id, private_key_path)?;

    if let Some(output_path) = args.get_one::<PathBuf>("output_path") {
        eprintln!("writing unified key JSON to {}", output_path.display());
        unified.write_json_file(output_path)?;
        eprintln!(
            "consider auditing the file's access permissions to ensure its content remains secure"
        );
    } else {
        println!("{}", unified.to_json_string()?);
    }

    Ok(())
}

Construct an instance from serialized JSON.

Examples found in repository?
src/app_store_connect/mod.rs (line 91)
88
89
90
91
92

    pub fn from_json_path(path: impl AsRef<Path>) -> Result<Self, AppleCodesignError> {
        let data = std::fs::read(path.as_ref())?;

        Self::from_json(data)
    }

Construct an instance from a JSON file.

Examples found in repository?
src/cli.rs (line 1911)
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918

fn notarizer_from_args(
    args: &ArgMatches,
) -> Result<crate::notarization::Notarizer, AppleCodesignError> {
    let api_key_path = args.get_one::<PathBuf>("api_key_path");
    let api_issuer = args.get_one::<String>("api_issuer");
    let api_key = args.get_one::<String>("api_key");

    let mut notarizer = crate::notarization::Notarizer::new()?;

    if let Some(api_key_path) = api_key_path {
        let unified = UnifiedApiKey::from_json_path(api_key_path)?;
        notarizer.set_token_encoder(unified.try_into()?);
    } else if let (Some(issuer), Some(key)) = (api_issuer, api_key) {
        notarizer.set_api_key(issuer, key)?;
    }

    Ok(notarizer)
}

Serialize this instance to a JSON object.

Examples found in repository?
src/app_store_connect/mod.rs (line 114)
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

    pub fn write_json_file(&self, path: impl AsRef<Path>) -> Result<(), AppleCodesignError> {
        let path = path.as_ref();

        if let Some(parent) = path.parent() {
            std::fs::create_dir_all(parent)?;
        }

        let data = self.to_json_string()?;

        let mut fh = std::fs::File::create(path)?;
        let mut permissions = fh.metadata()?.permissions();
        set_permissions_private(&mut permissions);
        fh.set_permissions(permissions)?;
        fh.write_all(data.as_bytes())?;

        Ok(())
    }
More examples
Hide additional examples
src/cli.rs (line 1121)
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125

fn command_encode_app_store_connect_api_key(args: &ArgMatches) -> Result<(), AppleCodesignError> {
    let issuer_id = args
        .get_one::<String>("issuer_id")
        .expect("arg should have been required");
    let key_id = args
        .get_one::<String>("key_id")
        .expect("arg should have been required");
    let private_key_path = args
        .get_one::<PathBuf>("private_key_path")
        .expect("arg should have been required");

    let unified = UnifiedApiKey::from_ecdsa_pem_path(issuer_id, key_id, private_key_path)?;

    if let Some(output_path) = args.get_one::<PathBuf>("output_path") {
        eprintln!("writing unified key JSON to {}", output_path.display());
        unified.write_json_file(output_path)?;
        eprintln!(
            "consider auditing the file's access permissions to ensure its content remains secure"
        );
    } else {
        println!("{}", unified.to_json_string()?);
    }

    Ok(())
}

Write this instance to a JSON file.

Since the file contains sensitive data, it will have limited read permissions on platforms where this is implemented. Parent directories will be created if missing using default permissions for created directories.

Permissions on the resulting file may not be as restrictive as desired. It is up to callers to additionally harden as desired.

Examples found in repository?
src/cli.rs (line 1116)
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125

fn command_encode_app_store_connect_api_key(args: &ArgMatches) -> Result<(), AppleCodesignError> {
    let issuer_id = args
        .get_one::<String>("issuer_id")
        .expect("arg should have been required");
    let key_id = args
        .get_one::<String>("key_id")
        .expect("arg should have been required");
    let private_key_path = args
        .get_one::<PathBuf>("private_key_path")
        .expect("arg should have been required");

    let unified = UnifiedApiKey::from_ecdsa_pem_path(issuer_id, key_id, private_key_path)?;

    if let Some(output_path) = args.get_one::<PathBuf>("output_path") {
        eprintln!("writing unified key JSON to {}", output_path.display());
        unified.write_json_file(output_path)?;
        eprintln!(
            "consider auditing the file's access permissions to ensure its content remains secure"
        );
    } else {
        println!("{}", unified.to_json_string()?);
    }

    Ok(())
}

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Deserialize this value from the given Serde deserializer. Read more
Serialize this value into the given Serde serializer. Read more
The type returned in the event of a conversion error.
Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Converts self into T using Into<T>. Read more
Causes self to use its Binary implementation when Debug-formatted.
Causes self to use its Display implementation when Debug-formatted.
Causes self to use its LowerExp implementation when Debug-formatted.
Causes self to use its LowerHex implementation when Debug-formatted.
Causes self to use its Octal implementation when Debug-formatted.
Causes self to use its Pointer implementation when Debug-formatted.
Causes self to use its UpperExp implementation when Debug-formatted.
Causes self to use its UpperHex implementation when Debug-formatted.
Formats each item in a sequence. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Pipes by value. This is generally the method you want to use. Read more
Borrows self and passes that borrow into the pipe function. Read more
Mutably borrows self and passes that borrow into the pipe function. Read more
Borrows self, then passes self.borrow() into the pipe function. Read more
Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
Borrows self, then passes self.as_ref() into the pipe function.
Mutably borrows self, then passes self.as_mut() into the pipe function.
Borrows self, then passes self.deref() into the pipe function.
Mutably borrows self, then passes self.deref_mut() into the pipe function.
The alignment of pointer.
The type for initializers.
Initializes a with the given initializer. Read more
Dereferences the given pointer. Read more
Mutably dereferences the given pointer. Read more
Drops the object pointed to by the given pointer. Read more
Should always be Self
Immutable access to a value. Read more
Mutable access to a value. Read more
Immutable access to the Borrow<B> of a value. Read more
Mutable access to the BorrowMut<B> of a value. Read more
Immutable access to the AsRef<R> view of a value. Read more
Mutable access to the AsMut<R> view of a value. Read more
Immutable access to the Deref::Target of a value. Read more
Mutable access to the Deref::Target of a value. Read more
Calls .tap() only in debug builds, and is erased in release builds.
Calls .tap_mut() only in debug builds, and is erased in release builds.
Calls .tap_borrow() only in debug builds, and is erased in release builds.
Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
Calls .tap_ref() only in debug builds, and is erased in release builds.
Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
Calls .tap_deref() only in debug builds, and is erased in release builds.
Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
Attempts to convert self into T using TryInto<T>. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more