pub struct BlockingClient { /* private fields */ }Expand description
A blocking wrapper around the async gRPC client.
Implementations§
Source§impl BlockingClient
impl BlockingClient
Sourcepub fn connect_with_timeout(path: &str, default_timeout: u64) -> Result<Self>
pub fn connect_with_timeout(path: &str, default_timeout: u64) -> Result<Self>
Connect with an explicit default per-request timeout in seconds.
Sourcepub fn new_key(&mut self, key_id: &str, key_type: KeyType) -> Result<KeyHandle>
pub fn new_key(&mut self, key_id: &str, key_type: KeyType) -> Result<KeyHandle>
Create a key under catalog name key_id.
Sourcepub fn import(
&mut self,
key_id: &str,
key_type: KeyType,
material: KeyMaterial,
) -> Result<KeyHandle>
pub fn import( &mut self, key_id: &str, key_type: KeyType, material: KeyMaterial, ) -> Result<KeyHandle>
Import caller-provided key material.
Sourcepub fn import_set(
&mut self,
entries: Vec<ImportEntry>,
) -> Result<Vec<KeyHandle>>
pub fn import_set( &mut self, entries: Vec<ImportEntry>, ) -> Result<Vec<KeyHandle>>
Import several keys in one call (e.g. an nsc-init bundle). See
Client::import_set.
Sourcepub fn sign(&mut self, key_id: &str, message: &[u8]) -> Result<Vec<u8>>
pub fn sign(&mut self, key_id: &str, message: &[u8]) -> Result<Vec<u8>>
Sign message with key_id, returning the raw signature. message is
the raw bytes to be signed, not a precomputed digest, and can be a NATS
server nonce or JWT signing input (see Client::sign).
Sourcepub fn verify(
&mut self,
key_id: &str,
message: &[u8],
signature: &[u8],
) -> Result<bool>
pub fn verify( &mut self, key_id: &str, message: &[u8], signature: &[u8], ) -> Result<bool>
Verify signature over message with key_id.
Sourcepub fn get_public_key(
&mut self,
key_id: &str,
version: Option<u32>,
) -> Result<GetPublicKeyResponse>
pub fn get_public_key( &mut self, key_id: &str, version: Option<u32>, ) -> Result<GetPublicKeyResponse>
Fetch a public key by catalog name and optional version.
Sourcepub fn encrypt(
&mut self,
key_id: &str,
algorithm: AeadAlgorithm,
plaintext: &[u8],
aad: Option<&[u8]>,
) -> Result<CiphertextEnvelope>
pub fn encrypt( &mut self, key_id: &str, algorithm: AeadAlgorithm, plaintext: &[u8], aad: Option<&[u8]>, ) -> Result<CiphertextEnvelope>
Encrypt plaintext. Basil owns nonce generation.
Sourcepub fn decrypt(
&mut self,
key_id: &str,
envelope: CiphertextEnvelope,
aad: Option<&[u8]>,
) -> Result<Vec<u8>>
pub fn decrypt( &mut self, key_id: &str, envelope: CiphertextEnvelope, aad: Option<&[u8]>, ) -> Result<Vec<u8>>
Decrypt a Basil ciphertext envelope.
Sourcepub fn wrap_envelope(
&mut self,
key_id: &str,
kem_algorithm: KemAlgorithm,
envelope_algorithm: EnvelopeAlgorithm,
plaintext: &[u8],
aad: Option<&[u8]>,
) -> Result<KemEnvelope>
pub fn wrap_envelope( &mut self, key_id: &str, kem_algorithm: KemAlgorithm, envelope_algorithm: EnvelopeAlgorithm, plaintext: &[u8], aad: Option<&[u8]>, ) -> Result<KemEnvelope>
Wrap plaintext with a KEM/envelope operation.
Sourcepub fn unwrap_envelope(
&mut self,
key_id: &str,
envelope: KemEnvelope,
aad: Option<&[u8]>,
) -> Result<Vec<u8>>
pub fn unwrap_envelope( &mut self, key_id: &str, envelope: KemEnvelope, aad: Option<&[u8]>, ) -> Result<Vec<u8>>
Unwrap a KEM/envelope ciphertext.
Sourcepub fn get_secret(
&mut self,
secret_id: &str,
version: Option<u32>,
) -> Result<SecretValue>
pub fn get_secret( &mut self, secret_id: &str, version: Option<u32>, ) -> Result<SecretValue>
Fetch a secret payload.
Sourcepub fn set_secret(&mut self, secret_id: &str, value: &[u8]) -> Result<u32>
pub fn set_secret(&mut self, secret_id: &str, value: &[u8]) -> Result<u32>
Store a secret payload, returning the new version.
Sourcepub fn rotate_secret(&mut self, secret_id: &str) -> Result<u32>
pub fn rotate_secret(&mut self, secret_id: &str) -> Result<u32>
Rotate a secret, returning the new version.
Sourcepub fn list_catalog(
&mut self,
prefix: Option<&str>,
) -> Result<Vec<CatalogEntry>>
pub fn list_catalog( &mut self, prefix: Option<&str>, ) -> Result<Vec<CatalogEntry>>
List visible catalog entries, optionally filtered by prefix.
Sourcepub fn mint_jwt(
&mut self,
key_id: &str,
sub: &str,
ttl_secs: Option<u64>,
claims: impl Serialize,
) -> Result<MintedJwt>
pub fn mint_jwt( &mut self, key_id: &str, sub: &str, ttl_secs: Option<u64>, claims: impl Serialize, ) -> Result<MintedJwt>
Mint a generic JWT credential.
Sourcepub fn mint_jwt_json(
&mut self,
key_id: &str,
sub: &str,
ttl_secs: Option<u64>,
extra_claims_json: impl Into<Vec<u8>>,
) -> Result<MintedJwt>
pub fn mint_jwt_json( &mut self, key_id: &str, sub: &str, ttl_secs: Option<u64>, extra_claims_json: impl Into<Vec<u8>>, ) -> Result<MintedJwt>
Mint a generic JWT credential from pre-encoded additional claim JSON.
Sourcepub fn mint_nats_user(
&mut self,
key_id: &str,
subject_user_nkey: &str,
issuer_account: Option<&str>,
name: &str,
ttl_secs: Option<u64>,
permissions: NatsUserPermissions,
) -> Result<String>
pub fn mint_nats_user( &mut self, key_id: &str, subject_user_nkey: &str, issuer_account: Option<&str>, name: &str, ttl_secs: Option<u64>, permissions: NatsUserPermissions, ) -> Result<String>
Mint a NATS user JWT signed by an account key held by Basil.
issuer_account is the owning account’s identity public NKey (A…),
required when key_id is an account signing key (it sets
nats.issuer_account); pass None when key_id is the account identity
key itself.
Sourcepub fn mint_nats_account(
&mut self,
signing_key_id: &str,
subject_account_nkey: &str,
name: &str,
signing_keys: &[String],
expires_in_secs: Option<u64>,
) -> Result<String>
pub fn mint_nats_account( &mut self, signing_key_id: &str, subject_account_nkey: &str, name: &str, signing_keys: &[String], expires_in_secs: Option<u64>, ) -> Result<String>
Mint a NATS account JWT signed by an operator key (or self-signed) held by Basil.
Sourcepub fn mint_nats_operator(
&mut self,
signing_key_id: &str,
subject_operator_nkey: Option<&str>,
name: &str,
signing_keys: &[String],
account_server_url: Option<&str>,
system_account: Option<&str>,
expires_in_secs: Option<u64>,
) -> Result<String>
pub fn mint_nats_operator( &mut self, signing_key_id: &str, subject_operator_nkey: Option<&str>, name: &str, signing_keys: &[String], account_server_url: Option<&str>, system_account: Option<&str>, expires_in_secs: Option<u64>, ) -> Result<String>
Mint a NATS operator JWT. With subject_operator_nkey set to None the issuer self-signs.
Sourcepub fn mint_nats_signer(
&mut self,
signing_key_id: &str,
subject_nkey: &str,
name: &str,
expires_in_secs: Option<u64>,
) -> Result<String>
pub fn mint_nats_signer( &mut self, signing_key_id: &str, subject_nkey: &str, name: &str, expires_in_secs: Option<u64>, ) -> Result<String>
Mint a NATS account-signing-key JWT (subject is an N-prefixed signer nkey).
Sourcepub fn mint_nats_server(
&mut self,
signing_key_id: &str,
subject_server_nkey: &str,
name: &str,
expires_in_secs: Option<u64>,
) -> Result<String>
pub fn mint_nats_server( &mut self, signing_key_id: &str, subject_server_nkey: &str, name: &str, expires_in_secs: Option<u64>, ) -> Result<String>
Mint a NATS server JWT (subject is an N-prefixed server nkey).
Sourcepub fn mint_nats_curve(
&mut self,
signing_key_id: &str,
subject_curve_nkey: &str,
name: &str,
expires_in_secs: Option<u64>,
) -> Result<String>
pub fn mint_nats_curve( &mut self, signing_key_id: &str, subject_curve_nkey: &str, name: &str, expires_in_secs: Option<u64>, ) -> Result<String>
Mint a NATS curve (x25519) JWT (subject is an X-prefixed curve nkey).
Sourcepub fn encrypt_nats_curve(
&mut self,
key_id: &str,
recipient_public_xkey: &str,
plaintext: &[u8],
) -> Result<Vec<u8>>
pub fn encrypt_nats_curve( &mut self, key_id: &str, recipient_public_xkey: &str, plaintext: &[u8], ) -> Result<Vec<u8>>
Encrypt with a custodied NATS curve xkey to a recipient public xkey.
Sourcepub fn decrypt_nats_curve(
&mut self,
key_id: &str,
sender_public_xkey: &str,
ciphertext: &[u8],
) -> Result<Vec<u8>>
pub fn decrypt_nats_curve( &mut self, key_id: &str, sender_public_xkey: &str, ciphertext: &[u8], ) -> Result<Vec<u8>>
Decrypt a NATS curve xkey box from a sender public xkey.
Sourcepub fn sign_nats_jwt(
&mut self,
key_id: &str,
claims: impl Serialize,
options: SignNatsJwtOptions,
) -> Result<MintedJwt>
pub fn sign_nats_jwt( &mut self, key_id: &str, claims: impl Serialize, options: SignNatsJwtOptions, ) -> Result<MintedJwt>
Validate and sign a caller-supplied NATS JWT claim document.
Sourcepub fn sign_nats_jwt_json(
&mut self,
key_id: &str,
claims_json: impl Into<Vec<u8>>,
options: SignNatsJwtOptions,
) -> Result<MintedJwt>
pub fn sign_nats_jwt_json( &mut self, key_id: &str, claims_json: impl Into<Vec<u8>>, options: SignNatsJwtOptions, ) -> Result<MintedJwt>
Validate and sign a pre-encoded NATS JWT claim document.
Sourcepub fn validate_nats_jwt(
&mut self,
jwt: &str,
allowed_signers: impl IntoIterator<Item = AllowedNatsSigner>,
expected_type: Option<NatsJwtType>,
) -> Result<NatsJwtValidation>
pub fn validate_nats_jwt( &mut self, jwt: &str, allowed_signers: impl IntoIterator<Item = AllowedNatsSigner>, expected_type: Option<NatsJwtType>, ) -> Result<NatsJwtValidation>
Validate a presented NATS JWT against candidate catalog keys or public NKeys.
Sourcepub fn issue_certificate(
&mut self,
issuer_key_id: &str,
common_name: &str,
dns_sans: &[String],
ip_sans: &[String],
ttl_secs: u64,
) -> Result<IssuedCertificate>
pub fn issue_certificate( &mut self, issuer_key_id: &str, common_name: &str, dns_sans: &[String], ip_sans: &[String], ttl_secs: u64, ) -> Result<IssuedCertificate>
Issue a DNS/IP-SAN X.509 leaf (TLS cert). See Client::issue_certificate.
Sourcepub fn status(&mut self) -> Result<AgentStatus>
pub fn status(&mut self) -> Result<AgentStatus>
The broker’s backend identifier, build version, and wire protocol version.
Sourcepub fn health(&mut self) -> Result<AgentHealth>
pub fn health(&mut self) -> Result<AgentHealth>
Broker liveness: is the daemon up and serving the socket? No backend I/O.
Sourcepub fn readiness(&mut self) -> Result<AgentReadiness>
pub fn readiness(&mut self) -> Result<AgentReadiness>
Broker readiness: can the broker actually serve? Returns a non-secret summary (counts, coarse reason, active generation id).
Sourcepub fn reload(&mut self, check: bool) -> Result<AgentReload>
pub fn reload(&mut self, check: bool) -> Result<AgentReload>
Trigger a permission-gated catalog/policy hot reload from disk
(basil-atq). check = true is a dry-run (validate, do not swap). The
config is read from the broker’s on-disk paths only, never the wire.
Auto Trait Implementations§
impl !Freeze for BlockingClient
impl !RefUnwindSafe for BlockingClient
impl !UnwindSafe for BlockingClient
impl Send for BlockingClient
impl Sync for BlockingClient
impl Unpin for BlockingClient
impl UnsafeUnpin for BlockingClient
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
Source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T in a tonic::Request