Struct apple_codesign::remote_signing::InitiatorClient

source · 
pub struct InitiatorClient { /* private fields */ }
Expand description

A client fulfilling the role of the initiator.

Implementations§

The X.509 certificate that will be used to sign.

Examples found in repository?
src/cli.rs (line 660)
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668

fn collect_certificates_from_args(
    args: &ArgMatches,
    scan_smartcard: bool,
) -> Result<(Vec<Box<dyn PrivateKey>>, Vec<CapturedX509Certificate>), AppleCodesignError> {
    let mut keys: Vec<Box<dyn PrivateKey>> = vec![];
    let mut certs = vec![];

    if let Some(p12_path) = args.get_one::<String>("p12_path") {
        let p12_data = std::fs::read(p12_path)?;

        let p12_password = if let Some(password) = args.get_one::<String>("p12_password") {
            password.to_string()
        } else if let Some(path) = args.get_one::<String>("p12_password_file") {
            std::fs::read_to_string(path)?
                .lines()
                .next()
                .expect("should get a single line")
                .to_string()
        } else {
            dialoguer::Password::new()
                .with_prompt("Please enter password for p12 file")
                .interact()?
        };

        let (cert, key) = parse_pfx_data(&p12_data, &p12_password)?;

        keys.push(Box::new(key));
        certs.push(cert);
    }

    if let Some(values) = args.get_many::<String>("pem_source") {
        for pem_source in values {
            warn!("reading PEM data from {}", pem_source);
            let pem_data = std::fs::read(pem_source)?;

            for pem in pem::parse_many(pem_data).map_err(AppleCodesignError::CertificatePem)? {
                match pem.tag.as_str() {
                    "CERTIFICATE" => {
                        certs.push(CapturedX509Certificate::from_der(pem.contents)?);
                    }
                    "PRIVATE KEY" => {
                        keys.push(Box::new(InMemoryPrivateKey::from_pkcs8_der(&pem.contents)?));
                    }
                    "RSA PRIVATE KEY" => {
                        keys.push(Box::new(InMemoryPrivateKey::from_pkcs1_der(&pem.contents)?));
                    }
                    tag => warn!("(unhandled PEM tag {}; ignoring)", tag),
                }
            }
        }
    }

    if let Some(values) = args.get_many::<String>("der_source") {
        for der_source in values {
            warn!("reading DER file {}", der_source);
            let der_data = std::fs::read(der_source)?;

            certs.push(CapturedX509Certificate::from_der(der_data)?);
        }
    }

    find_certificates_in_keychain(args, &mut keys, &mut certs)?;

    if scan_smartcard {
        if let Some(slot) = args.get_one::<String>("smartcard_slot") {
            let pin_env_var = args.get_one::<String>("smartcard_pin_env");
            handle_smartcard_sign_slot(slot, pin_env_var.map(|x| &**x), &mut keys, &mut certs)?;
        }
    }

    let remote_signing_url = if args.get_flag("remote_signer") {
        args.get_one::<String>("remote_signing_url")
    } else {
        None
    };

    if let Some(remote_signing_url) = remote_signing_url {
        let initiator = get_remote_signing_initiator(args)?;

        let client = UnjoinedSigningClient::new_initiator(
            remote_signing_url,
            initiator,
            Some(print_session_join),
        )?;

        // As part of the handshake we obtained the public certificates from the signer.
        // So make them the canonical set.
        if !certs.is_empty() {
            warn!(
                "ignoring {} local certificates and using remote signer's certificate(s)",
                certs.len()
            );
        }

        certs = vec![client.signing_certificate().clone()];
        certs.extend(client.certificate_chain().iter().cloned());

        // The client implements Sign, so we just use it as the private key.
        keys = vec![Box::new(client)];
    }

    Ok((keys, certs))
}

Additional X.509 certificates in the signing chain.

Examples found in repository?
src/cli.rs (line 661)
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668

fn collect_certificates_from_args(
    args: &ArgMatches,
    scan_smartcard: bool,
) -> Result<(Vec<Box<dyn PrivateKey>>, Vec<CapturedX509Certificate>), AppleCodesignError> {
    let mut keys: Vec<Box<dyn PrivateKey>> = vec![];
    let mut certs = vec![];

    if let Some(p12_path) = args.get_one::<String>("p12_path") {
        let p12_data = std::fs::read(p12_path)?;

        let p12_password = if let Some(password) = args.get_one::<String>("p12_password") {
            password.to_string()
        } else if let Some(path) = args.get_one::<String>("p12_password_file") {
            std::fs::read_to_string(path)?
                .lines()
                .next()
                .expect("should get a single line")
                .to_string()
        } else {
            dialoguer::Password::new()
                .with_prompt("Please enter password for p12 file")
                .interact()?
        };

        let (cert, key) = parse_pfx_data(&p12_data, &p12_password)?;

        keys.push(Box::new(key));
        certs.push(cert);
    }

    if let Some(values) = args.get_many::<String>("pem_source") {
        for pem_source in values {
            warn!("reading PEM data from {}", pem_source);
            let pem_data = std::fs::read(pem_source)?;

            for pem in pem::parse_many(pem_data).map_err(AppleCodesignError::CertificatePem)? {
                match pem.tag.as_str() {
                    "CERTIFICATE" => {
                        certs.push(CapturedX509Certificate::from_der(pem.contents)?);
                    }
                    "PRIVATE KEY" => {
                        keys.push(Box::new(InMemoryPrivateKey::from_pkcs8_der(&pem.contents)?));
                    }
                    "RSA PRIVATE KEY" => {
                        keys.push(Box::new(InMemoryPrivateKey::from_pkcs1_der(&pem.contents)?));
                    }
                    tag => warn!("(unhandled PEM tag {}; ignoring)", tag),
                }
            }
        }
    }

    if let Some(values) = args.get_many::<String>("der_source") {
        for der_source in values {
            warn!("reading DER file {}", der_source);
            let der_data = std::fs::read(der_source)?;

            certs.push(CapturedX509Certificate::from_der(der_data)?);
        }
    }

    find_certificates_in_keychain(args, &mut keys, &mut certs)?;

    if scan_smartcard {
        if let Some(slot) = args.get_one::<String>("smartcard_slot") {
            let pin_env_var = args.get_one::<String>("smartcard_pin_env");
            handle_smartcard_sign_slot(slot, pin_env_var.map(|x| &**x), &mut keys, &mut certs)?;
        }
    }

    let remote_signing_url = if args.get_flag("remote_signer") {
        args.get_one::<String>("remote_signing_url")
    } else {
        None
    };

    if let Some(remote_signing_url) = remote_signing_url {
        let initiator = get_remote_signing_initiator(args)?;

        let client = UnjoinedSigningClient::new_initiator(
            remote_signing_url,
            initiator,
            Some(print_session_join),
        )?;

        // As part of the handshake we obtained the public certificates from the signer.
        // So make them the canonical set.
        if !certs.is_empty() {
            warn!(
                "ignoring {} local certificates and using remote signer's certificate(s)",
                certs.len()
            );
        }

        certs = vec![client.signing_certificate().clone()];
        certs.extend(client.certificate_chain().iter().cloned());

        // The client implements Sign, so we just use it as the private key.
        keys = vec![Box::new(client)];
    }

    Ok((keys, certs))
}

Trait Implementations§

Signals the end of operations on the private key. Read more
Decrypt an encrypted message.
👎Deprecated since 0.13.0: use the signature::Signer trait instead
Create a cyrptographic signature over a message. Read more
Obtain the algorithm of the private key. Read more
Obtain the raw bytes constituting the public key of the signing certificate. Read more
Obtain the SignatureAlgorithm that this signer will use. Read more
Obtain the raw private key data.
Obtain RSA key primes p and q, if available.
Attempt to sign the given message, returning a digital signature on success, or an error if something went wrong. Read more
Sign the given message and return a digital signature

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Converts self into T using Into<T>. Read more
Causes self to use its Binary implementation when Debug-formatted.
Causes self to use its Display implementation when Debug-formatted.
Causes self to use its LowerExp implementation when Debug-formatted.
Causes self to use its LowerHex implementation when Debug-formatted.
Causes self to use its Octal implementation when Debug-formatted.
Causes self to use its Pointer implementation when Debug-formatted.
Causes self to use its UpperExp implementation when Debug-formatted.
Causes self to use its UpperHex implementation when Debug-formatted.
Formats each item in a sequence. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Pipes by value. This is generally the method you want to use. Read more
Borrows self and passes that borrow into the pipe function. Read more
Mutably borrows self and passes that borrow into the pipe function. Read more
Borrows self, then passes self.borrow() into the pipe function. Read more
Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
Borrows self, then passes self.as_ref() into the pipe function.
Mutably borrows self, then passes self.as_mut() into the pipe function.
Borrows self, then passes self.deref() into the pipe function.
Mutably borrows self, then passes self.deref_mut() into the pipe function.
The alignment of pointer.
The type for initializers.
Initializes a with the given initializer. Read more
Dereferences the given pointer. Read more
Mutably dereferences the given pointer. Read more
Drops the object pointed to by the given pointer. Read more
Should always be Self
Attempt to sign the given message, updating the state, and returning a digital signature on success, or an error if something went wrong. Read more
Sign the given message, update the state, and return a digital signature
Immutable access to a value. Read more
Mutable access to a value. Read more
Immutable access to the Borrow<B> of a value. Read more
Mutable access to the BorrowMut<B> of a value. Read more
Immutable access to the AsRef<R> view of a value. Read more
Mutable access to the AsMut<R> view of a value. Read more
Immutable access to the Deref::Target of a value. Read more
Mutable access to the Deref::Target of a value. Read more
Calls .tap() only in debug builds, and is erased in release builds.
Calls .tap_mut() only in debug builds, and is erased in release builds.
Calls .tap_borrow() only in debug builds, and is erased in release builds.
Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
Calls .tap_ref() only in debug builds, and is erased in release builds.
Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
Calls .tap_deref() only in debug builds, and is erased in release builds.
Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
Attempts to convert self into T using TryInto<T>. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more