micro-tss 0.1.0

A simple implementation of a Tatsu Signing Server.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

use image4_pki::DigestAlgo;
use serde::{Deserialize, Serialize};
use std::{net::SocketAddr, path::PathBuf};

mod digest_serde {
    use super::*;
    /// `serde` handles `Option`'s a bit specially. Visitors have `visit_none`, `visit_some` and
    /// `__private_visit_untagged_option` method with the latter being obviously private API, thus
    /// writing a visitor for an option directly isn't a good idea. We can, however, wrap the type
    /// we want to deserialize, and let the umbrella implementation of `Deserialize` on `Option`'s
    /// do part of the work for us.
    use serde::{
        de::{Unexpected, Visitor},
        Deserializer, Serializer,
    };

    struct DigestAlgoWrapper(DigestAlgo);

    impl Serialize for DigestAlgoWrapper {
        fn serialize<S: Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
            serializer.serialize_some(match self.0 {
                DigestAlgo::Sha1 => "sha1",
                DigestAlgo::Sha256 => "sha256",
                DigestAlgo::Sha384 => "sha384",
                _ => panic!("unhandled digest algorithm"),
            })
        }
    }

    struct DigestAlgoVisitor;

    impl Visitor<'_> for DigestAlgoVisitor {
        type Value = DigestAlgo;

        fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
        where
            E: serde::de::Error,
        {
            match v {
                "sha1" => Ok(DigestAlgo::Sha1),
                "sha256" => Ok(DigestAlgo::Sha256),
                "sha384" => Ok(DigestAlgo::Sha384),
                other => Err(E::invalid_value(Unexpected::Str(other), &self)),
            }
        }

        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
            formatter.write_str("\"sha1\", \"sha256\" or \"sha384\"")
        }
    }

    impl<'de> Deserialize<'de> for DigestAlgoWrapper {
        fn deserialize<D: Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
            deserializer
                .deserialize_str(DigestAlgoVisitor)
                .map(DigestAlgoWrapper)
        }
    }

    pub(super) fn serialize<S: Serializer>(
        algo: &Option<DigestAlgo>,
        serializer: S,
    ) -> Result<S::Ok, S::Error> {
        (*algo).map(DigestAlgoWrapper).serialize(serializer)
    }

    pub(super) fn deserialize<'de, D: Deserializer<'de>>(
        deserializer: D,
    ) -> Result<Option<DigestAlgo>, D::Error> {
        let deserialized = Option::<DigestAlgoWrapper>::deserialize(deserializer)?;
        Ok(deserialized.map(|wrapper| wrapper.0))
    }
}

#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct SignerConfig {
    pub certificate_chain_path: PathBuf,
    pub private_key_path: PathBuf,
    #[serde(with = "digest_serde", default)]
    pub digest_algorithm: Option<DigestAlgo>,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct SignersConfig {
    pub ap_ticket_signer: SignerConfig,
    pub local_policy_signer: SignerConfig,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct SetupConfig {
    pub listen_addr: SocketAddr,
    #[serde(flatten)]
    pub signers: SignersConfig,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct RuntimeConfig {
    #[serde(default)]
    pub forward_local_policy: bool,
    #[serde(default)]
    pub user_agent: Option<String>,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct Config {
    #[serde(flatten)]
    pub setup: SetupConfig,
    #[serde(flatten)]
    pub runtime: RuntimeConfig,
}