cryptex 2.1.1

Cryptex uses system keyrings to store and retrieve secrets or a local file
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

/*
    Copyright Michael Lodder. All Rights Reserved.
    SPDX-License-Identifier: Apache-2.0
*/

mod keyringsecret;

#[cfg(any(feature = "yubihsm-usb", feature = "yubihsm-http"))]
pub mod kms;
#[cfg(all(target_os = "linux", feature = "linux-secret-service"))]
pub mod linux;
#[cfg(all(target_os = "macos", feature = "macos-keychain"))]
pub mod macos;
#[cfg(feature = "file")]
pub mod sqlcipher;
#[cfg(all(target_os = "windows", feature = "windows-credentials"))]
pub mod windows;
#[cfg(any(feature = "yubihsm-usb", feature = "yubihsm-http"))]
pub mod yubihsm;

#[cfg(all(target_os = "macos", feature = "macos-keychain"))]
#[cfg_attr(docsrs, doc(cfg(all(target_os = "macos", feature = "macos-keychain"))))]
pub use self::macos::MacOsKeyRing as OsKeyRing;

#[cfg(all(target_os = "linux", feature = "linux-secret-service"))]
#[cfg_attr(
    docsrs,
    doc(cfg(all(target_os = "linux", feature = "linux-secret-service")))
)]
pub use self::linux::LinuxOsKeyRing as OsKeyRing;

#[cfg(all(target_os = "windows", feature = "windows-credentials"))]
#[cfg_attr(
    docsrs,
    doc(cfg(all(target_os = "windows", feature = "windows-credentials")))
)]
pub use self::windows::WindowsOsKeyRing as OsKeyRing;

use std::collections::BTreeMap;

pub type Result<T> = std::result::Result<T, crate::error::KeyRingError>;

pub use keyringsecret::*;

#[cfg(any(
    all(target_os = "linux", feature = "linux-secret-service"),
    all(target_os = "macos", feature = "macos-keychain"),
))]
use uzers::{get_current_username, get_effective_username};

/// Return the OS keyring if available
#[cfg(any(
    all(target_os = "macos", feature = "macos-keychain"),
    all(target_os = "windows", feature = "windows-credentials"),
))]
#[cfg_attr(
    docsrs,
    doc(cfg(any(
        all(target_os = "macos", feature = "macos-keychain"),
        all(target_os = "windows", feature = "windows-credentials"),
    )))
)]
pub fn get_os_keyring(service: &str) -> Result<OsKeyRing> {
    OsKeyRing::new(service)
}

/// Return the OS keyring if available
#[cfg(all(target_os = "linux", feature = "linux-secret-service"))]
#[cfg_attr(
    docsrs,
    doc(cfg(all(target_os = "linux", feature = "linux-secret-service")))
)]
pub fn get_os_keyring(service: &str) -> Result<OsKeyRing<'_>> {
    OsKeyRing::new(service)
}

#[cfg(not(any(
    all(target_os = "macos", feature = "macos-keychain"),
    all(target_os = "windows", feature = "windows-credentials"),
    all(target_os = "linux", feature = "linux-secret-service"),
    feature = "file",
    feature = "yubihsm-usb",
    feature = "yubihsm-http",
)))]
compile_error!("no keyring implementation is selected or available for this platform");

#[cfg(any(
    all(target_os = "linux", feature = "linux-secret-service"),
    all(target_os = "macos", feature = "macos-keychain"),
))]
fn get_username() -> String {
    fn fallback_username() -> String {
        whoami::username().unwrap_or_else(|_| String::from("unknown"))
    }

    fn get_current_user() -> String {
        match get_current_username() {
            Some(s) => s.into_string().unwrap_or_else(|_| fallback_username()),
            None => fallback_username(),
        }
    }

    match get_effective_username() {
        Some(s) => s.into_string().unwrap_or_else(|_| get_current_user()),
        None => get_current_user(),
    }
}

#[cfg(feature = "file")]
pub const fn allows_file() -> bool {
    true
}

#[cfg(not(feature = "file"))]
pub const fn allows_file() -> bool {
    false
}

/// A trait for all key rings
pub trait KeyRing: Send + Sync {
    fn get_secret<S: AsRef<str>>(&mut self, id: S) -> Result<KeyRingSecret>;

    fn set_secret<S: AsRef<str>, B: AsRef<[u8]>>(&mut self, id: S, secret: B) -> Result<()>;

    fn delete_secret<S: AsRef<str>>(&mut self, id: S) -> Result<()>;
}

/// Modification of [`KeyRing`] trait suitable for trait Objects. Implementers
/// should use this trait and [`KeyRing`] will be implemented automatically
pub trait DynKeyRing: Send + Sync {
    fn get_secret(&mut self, id: &str) -> Result<KeyRingSecret>;

    fn set_secret(&mut self, id: &str, secret: &[u8]) -> Result<()>;

    fn delete_secret(&mut self, id: &str) -> Result<()>;
}

impl<D: DynKeyRing> KeyRing for D {
    fn get_secret<S: AsRef<str>>(&mut self, id: S) -> Result<KeyRingSecret> {
        DynKeyRing::get_secret(self, id.as_ref())
    }

    fn set_secret<S: AsRef<str>, B: AsRef<[u8]>>(&mut self, id: S, secret: B) -> Result<()> {
        DynKeyRing::set_secret(self, id.as_ref(), secret.as_ref())
    }

    fn delete_secret<S: AsRef<str>>(&mut self, id: S) -> Result<()> {
        DynKeyRing::delete_secret(self, id.as_ref())
    }
}

/// A KeyRing that can be created from a service name
pub trait NewKeyRing: Sized {
    fn new<S: AsRef<str>>(service: S) -> Result<Self>;
}

/// A Keyring that allows inspecting the identifiers
pub trait PeekableKeyRing {
    fn peek_secret<S: AsRef<str>>(id: S) -> Result<Vec<(String, KeyRingSecret)>>;
}

/// A Keyring that allows listing the identifiers
pub trait ListKeyRing {
    fn list_secrets() -> Result<Vec<BTreeMap<String, String>>>;
}

#[cfg(any(
    all(target_os = "macos", feature = "macos-keychain"),
    all(target_os = "linux", feature = "linux-secret-service"),
))]
pub(crate) fn parse_peek_criteria(id: &str) -> BTreeMap<String, String> {
    let mut result = BTreeMap::new();
    if !id.is_empty() {
        for pair in id.split(',') {
            let s = pair.split('=').collect::<Vec<&str>>();
            result.insert(s[0].to_string(), s[1].to_string());
        }
    }
    result
}