libvault 0.2.2

the libvault is modified from RustyVault
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

use super::{PkiBackend, PkiBackendInner, types};
use crate::{
    errors::RvError,
    logical::{Backend, Field, FieldType, Operation, Path, Request, Response},
    modules::RequestExt,
};

impl PkiBackend {
    pub fn revoke_path(&self) -> Path {
        let backend = self.inner.clone();

        Path::builder()
            .pattern(r"revoke/(?P<cert_type>tls|ssh|pgp)")
            .field(
                "cert_type",
                Field::builder()
                    .field_type(FieldType::Str)
                    .required(true)
                    .description("Certificate type: tls, ssh, or pgp"),
            )
            .field(
                "serial_number",
                Field::builder()
                    .field_type(FieldType::Str)
                    .description("Certificate serial number (TLS/SSH)"),
            )
            .field(
                "key_name",
                Field::builder()
                    .field_type(FieldType::Str)
                    .description("PGP key name (PGP)"),
            )
            .operation(Operation::Write, {
                let handler = backend.clone();
                move |backend, req| {
                    let handler = handler.clone();
                    Box::pin(async move { handler.dispatch_revoke(backend, req).await })
                }
            })
            .help("Revoke a certificate or PGP key.")
            .build()
    }

    pub fn crl_rotate_path(&self) -> Path {
        let backend = self.inner.clone();

        Path::builder()
            .pattern("crl/rotate")
            .operation(Operation::Read, {
                let handler = backend.clone();
                move |backend, req| {
                    let handler = handler.clone();
                    Box::pin(async move { handler.read_rotate_crl(backend, req).await })
                }
            })
            .help("Force a rebuild of the CRL.")
            .build()
    }
}

impl PkiBackendInner {
    pub async fn dispatch_revoke(
        &self,
        backend: &dyn Backend,
        req: &mut Request,
    ) -> Result<Option<Response>, RvError> {
        let ct = req.get_data("cert_type")?;
        let ct = ct.as_str().ok_or(RvError::ErrRequestFieldInvalid)?;
        match ct {
            "tls" => self.revoke_cert(backend, req).await,
            "ssh" => self.revoke_ssh_cert(backend, req).await,
            "pgp" => self.revoke_pgp_key(backend, req).await,
            _ => Err(RvError::ErrRequestFieldInvalid),
        }
    }

    pub async fn revoke_cert(
        &self,
        _backend: &dyn Backend,
        req: &mut Request,
    ) -> Result<Option<Response>, RvError> {
        let _payload: types::RevokeCertificateRequest = req.parse_json()?;
        Ok(None)
    }

    pub async fn revoke_ssh_cert(
        &self,
        _backend: &dyn Backend,
        req: &mut Request,
    ) -> Result<Option<Response>, RvError> {
        let _payload: types::RevokeCertificateRequest = req.parse_json()?;
        // TODO: record revocation for KRL
        Ok(None)
    }

    pub async fn revoke_pgp_key(
        &self,
        _backend: &dyn Backend,
        _req: &mut Request,
    ) -> Result<Option<Response>, RvError> {
        // TODO: generate PGP revocation signature
        Ok(None)
    }

    pub async fn read_rotate_crl(
        &self,
        _backend: &dyn Backend,
        _req: &mut Request,
    ) -> Result<Option<Response>, RvError> {
        Ok(None)
    }
}