affinidi-secrets-resolver 0.5.4

Common utilities for Affinidi Trust Development Kit.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315

/*!
 * Affinidi Secrets Resolver
 *
 * Handles everything and anything to do with DID Secrets
 *
 * SecretsResolver is the main struct
 * You can instantiate SecretsResolver in one of two ways:
 * 1. A simple cache of Secrets used directly (not thread-safe)
 *   - SimpleSecretsResolver
 * 2. A task-based cache of Secrets used in a multi-threaded environment
 *   - ThreadedSecretsResolver
 */

use ahash::AHashMap;
use secrets::Secret;
use std::{cell::RefCell, time::Duration};
use task::{SecretTaskCommand, SecretsTask};
use tokio::{
    sync::{
        mpsc::{self, error::TrySendError},
        oneshot,
    },
    task::JoinHandle,
};
use tracing::{debug, warn};

// Private module - contains impl Secret blocks for generate_* methods
mod crypto;

pub mod errors;
pub mod secrets;
pub mod task;

// Re-export multicodec from affinidi-encoding
pub use affinidi_encoding::multicodec;

/// Affinidi Secrets Resolver
#[allow(async_fn_in_trait)]
pub trait SecretsResolver {
    /// Insert a single Secret
    async fn insert(&self, secret: Secret);

    /// Insert multiple Secrets
    async fn insert_vec(&self, secrets: &[Secret]);

    /// Get a Secret by its ID
    async fn get_secret(&self, secret_id: &str) -> Option<Secret>;

    /// Find secrets by their key IDs
    /// # Arguments
    /// * `secret_ids` - A list of secret IDs to find
    ///
    /// # Returns
    /// A list of secret IDs that were found
    async fn find_secrets(&self, secret_ids: &[String]) -> Vec<String>;

    /// Removes the secret with the given ID
    async fn remove_secret(&self, secret_id: &str) -> Option<Secret>;

    /// Returns the number of known secrets
    async fn len(&self) -> usize;

    /// Returns true if there are no known secrets
    async fn is_empty(&self) -> bool;
}

/// Affinidi Secrets Resolver
///
/// Helps with loading and working with DID Secrets
pub struct SimpleSecretsResolver {
    known_secrets: RefCell<AHashMap<String, Secret>>,
}

impl SimpleSecretsResolver {
    /// Instantiate a new SimpleSecretsResolver
    ///
    /// # Arguments
    /// * `known_secrets` - A list of known secrets (can be empty)
    ///
    /// # Returns
    /// A new SimpleSecretsResolver
    ///
    /// ```
    /// use affinidi_secrets_resolver::SimpleSecretsResolver;
    ///
    /// let secrets_resolver = SimpleSecretsResolver::new(&[]);
    /// ```
    pub async fn new(known_secrets: &[Secret]) -> Self {
        let secrets = SimpleSecretsResolver {
            known_secrets: RefCell::new(AHashMap::new()),
        };

        secrets.insert_vec(known_secrets).await;

        secrets
    }
}

impl SecretsResolver for SimpleSecretsResolver {
    async fn insert(&self, secret: Secret) {
        self.insert_vec(&[secret]).await;
    }

    async fn insert_vec(&self, secrets: &[Secret]) {
        for secret in secrets {
            debug!("Adding secret ({})", secret.id);
            self.known_secrets
                .borrow_mut()
                .insert(secret.id.to_owned(), secret.to_owned());
        }
    }

    async fn get_secret(&self, secret_id: &str) -> Option<Secret> {
        self.known_secrets.borrow().get(secret_id).cloned()
    }

    async fn find_secrets(&self, secret_ids: &[String]) -> Vec<String> {
        secret_ids
            .iter()
            .filter_map(|sid| {
                if self.known_secrets.borrow().contains_key(sid) {
                    Some(sid.to_string())
                } else {
                    None
                }
            })
            .collect()
    }

    async fn remove_secret(&self, secret_id: &str) -> Option<Secret> {
        self.known_secrets.borrow_mut().remove(secret_id)
    }

    async fn len(&self) -> usize {
        self.known_secrets.borrow().len()
    }

    async fn is_empty(&self) -> bool {
        self.known_secrets.borrow().is_empty()
    }
}

// *****************************************************************************************************
// *****************************************************************************************************
// *****************************************************************************************************

/// Multithreaded Affinidi Secrets Resolver
/// Operates as a common task, using channels to communicate without locks
#[derive(Clone)]
pub struct ThreadedSecretsResolver {
    tx: mpsc::Sender<SecretTaskCommand>,
}

impl ThreadedSecretsResolver {
    pub async fn new(
        secrets_task_tx: Option<mpsc::Sender<SecretTaskCommand>>,
    ) -> (Self, Option<JoinHandle<()>>) {
        if let Some(tx) = secrets_task_tx {
            (ThreadedSecretsResolver { tx }, None)
        } else {
            let (task, tx) = SecretsTask::new();
            (ThreadedSecretsResolver { tx }, Some(task.start().await))
        }
    }

    /// Stops the Secrets Task
    pub async fn stop(&self) {
        let _ = self.tx.send(SecretTaskCommand::Terminate).await;
    }
}

impl SecretsResolver for ThreadedSecretsResolver {
    async fn insert(&self, secret: Secret) {
        self.insert_vec(&[secret]).await;
    }

    async fn insert_vec(&self, secrets: &[Secret]) {
        for secret in secrets {
            debug!("Adding secret ({})", secret.id);
            match self.tx.try_send(SecretTaskCommand::AddSecret {
                secret: secret.to_owned(),
            }) {
                Ok(_) => (),
                Err(TrySendError::Closed(_)) => {
                    warn!("Secrets Task has been closed");
                }
                Err(TrySendError::Full(_)) => {
                    warn!("Secrets Task channel is full");
                }
            }
        }
    }

    async fn get_secret(&self, secret_id: &str) -> Option<Secret> {
        let (tx, rx) = oneshot::channel();
        match self.tx.try_send(SecretTaskCommand::GetSecret {
            key_id: secret_id.to_string(),
            tx,
        }) {
            Ok(_) => (),
            Err(TrySendError::Closed(_)) => {
                warn!("Secrets Task has been closed");
                return None;
            }
            Err(TrySendError::Full(_)) => {
                warn!("Secrets Task channel is full");
                return None;
            }
        }

        let timeout = tokio::time::sleep(Duration::from_secs(1));
        tokio::pin!(timeout);

        tokio::select! {
            _ = &mut timeout => None,
            rx = rx => rx.unwrap_or(None)
        }
    }

    async fn find_secrets(&self, secret_ids: &[String]) -> Vec<String> {
        let (tx, rx) = oneshot::channel();
        match self.tx.try_send(SecretTaskCommand::FindSecrets {
            keys: secret_ids.to_vec(),
            tx,
        }) {
            Ok(_) => (),
            Err(TrySendError::Closed(_)) => {
                warn!("Secrets Task has been closed");
                return vec![];
            }
            Err(TrySendError::Full(_)) => {
                warn!("Secrets Task channel is full");
                return vec![];
            }
        }

        let timeout = tokio::time::sleep(Duration::from_secs(1));
        tokio::pin!(timeout);

        tokio::select! {
            _ = &mut timeout => vec![],
            rx = rx => rx.unwrap_or(vec![])
        }
    }

    /// This implementation will always return None!
    async fn remove_secret(&self, secret_id: &str) -> Option<Secret> {
        match self.tx.try_send(SecretTaskCommand::RemoveSecret {
            key_id: secret_id.to_string(),
        }) {
            Ok(_) => (),
            Err(TrySendError::Closed(_)) => {
                warn!("Secrets Task has been closed");
            }
            Err(TrySendError::Full(_)) => {
                warn!("Secrets Task channel is full");
            }
        }

        None
    }

    async fn len(&self) -> usize {
        let (tx, rx) = oneshot::channel();
        match self.tx.try_send(SecretTaskCommand::SecretsStored { tx }) {
            Ok(_) => (),
            Err(TrySendError::Closed(_)) => {
                warn!("Secrets Task has been closed");
                return 0;
            }
            Err(TrySendError::Full(_)) => {
                warn!("Secrets Task channel is full");
                return 0;
            }
        }

        let timeout = tokio::time::sleep(Duration::from_secs(1));
        tokio::pin!(timeout);

        tokio::select! {
            _ = &mut timeout => 0,
            rx = rx => {
                rx.unwrap_or(0)
            }
        }
    }

    async fn is_empty(&self) -> bool {
        let (tx, rx) = oneshot::channel();
        match self.tx.try_send(SecretTaskCommand::SecretsStored { tx }) {
            Ok(_) => (),
            Err(TrySendError::Closed(_)) => {
                warn!("Secrets Task has been closed");
                return true;
            }
            Err(TrySendError::Full(_)) => {
                warn!("Secrets Task channel is full");
                return true;
            }
        }

        let timeout = tokio::time::sleep(Duration::from_secs(1));
        tokio::pin!(timeout);

        tokio::select! {
            _ = &mut timeout => true,
            rx = rx => {
                match rx {
                    Ok(length) => length == 0,
                    Err(_) => true,
                }
            }
        }
    }
}