ockam 0.150.0

End-to-end encryption and mutual authentication for distributed applications.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

//! End-to-end encrypted, mutually authenticated, secure communication.
//!
//! _[A hands-on guide 👉][e2ee-rust-guide]_.
//!
//! Data, within modern distributed applications, are rarely exchanged over a single point-to-point
//! transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol
//! routes — _across data centers, through queues and caches, via gateways and brokers_ — before reaching
//! their end destination.
//!
//! Transport layer security protocols are unable to protect application messages because their protection
//! is constrained by the length and duration of the underlying transport connection.
//!
//! Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity,
//! and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine
//! or application within the same, usually porous, network boundary. Our application's messages don't have
//! to be vulnerable at every point, along their journey, where a transport connection terminates.
//!
//! Instead, our application can have a strikingly smaller vulnerability surface and easily make
//! _granular authorization decisions about all incoming information and commands._
//!
//! ## Features
//!
//! * End-to-end encrypted, mutually authenticated _secure channels_.
//! * Multi-hop, multi-transport, application layer routing.
//! * Key establishment, rotation, and revocation - _for fleets, at scale_.
//! * Lightweight, Concurrent, Stateful Workers that enable _simple APIs_.
//! * Attribute-based Access Control - credentials with _selective disclosure_.
//! * Add-ons for a variety of operating environments, transport protocols, and _cryptographic hardware_.
//!
//! ## Documentation
//!
//! Tutorials, examples and reference guides are available at [docs.ockam.io](https://docs.ockam.io).
//!
//! [e2ee-rust-guide]: https://docs.ockam.io/reference/libraries/rust

#![deny(unsafe_code)]
#![warn(
    missing_docs,
    trivial_casts,
    trivial_numeric_casts,
    unused_import_braces,
    unused_qualifications
)]
#![cfg_attr(not(feature = "std"), no_std)]

#[cfg(feature = "alloc")]
#[macro_use]
extern crate alloc;
#[cfg(feature = "std")]
extern crate core;
#[macro_use]
extern crate tracing;

pub use error::OckamError;
pub use node::*;
#[cfg(feature = "std")]
pub use ockam_abac as abac;
/// Mark an Ockam Processor implementation.
///
/// This is currently implemented as a re-export of the `async_trait` macro, but
/// may be changed in the future to a [`Processor`](crate::Processor)-specific macro.
pub use ockam_core::processor;
/// Mark an Ockam Worker implementation.
///
/// This is currently implemented as a re-export of the `async_trait` macro, but
/// may be changed in the future to a [`Worker`](crate::Worker)-specific macro.
pub use ockam_core::worker;
pub use ockam_core::{
    allow, deny, deserialize, errcode, route, serialize, Address, Any, Decodable, Encodable,
    Encoded, Error, LocalMessage, Mailbox, Mailboxes, Message, Processor, ProtocolId, Result,
    Route, Routed, TransportMessage, TryClone, Worker,
};
pub use ockam_identity as identity;
// ---
// Export the ockam macros that aren't coming from ockam_core.
pub use ockam_macros::{node, test};
// Export node implementation
#[cfg(feature = "std")]
pub use ockam_node::database::*;
pub use ockam_node::{
    debugger, Context, DelayedEvent, Executor, MessageReceiveOptions, MessageSendReceiveOptions,
    NodeBuilder, WorkerBuilder,
};
#[cfg(feature = "ockam_transport_tcp")]
/// TCP transport
pub mod tcp {
    pub use ockam_transport_tcp::{
        TcpConnection, TcpConnectionMode, TcpConnectionOptions, TcpInletOptions, TcpListener,
        TcpListenerInfo, TcpListenerOptions, TcpOutletOptions, TcpSenderInfo, TcpTransport,
        TcpTransportExtension, MAX_MESSAGE_SIZE, TCP,
    };
}
#[cfg(feature = "ockam_transport_udp")]
/// UDP transport
pub mod udp {
    pub use ockam_transport_udp::{
        RendezvousClient, RendezvousService, UdpBind, UdpBindArguments, UdpBindOptions,
        UdpPuncture, UdpPunctureNegotiation, UdpPunctureNegotiationListener,
        UdpPunctureNegotiationListenerOptions, UdpTransport, UdpTransportExtension,
        MAX_MESSAGE_SIZE, UDP,
    };
}
pub use relay_service::{RelayService, RelayServiceOptions};

/// Transport
pub mod transport {
    pub use ockam_transport_core::{
        parse_socket_addr, HostnamePort, SchemeHostnamePort, StaticHostnamePort, Transport,
    };
}

// ---

// ---

mod error;
mod relay_service;

pub mod remote;

/// Access Control
pub mod access_control {
    pub use ockam_core::access_control::*;
    pub use ockam_identity::secure_channel::access_control::*;
}

/// Flow Controls
pub mod flow_control {
    pub use ockam_core::flow_control::*;
}

// TODO: think about how to handle this more. Probably extract these into an
// `ockam_compat` crate.
pub mod compat {
    //! Compatibility adapter, mostly for `no_std` use.
    //!
    //! Most user code should not use these types.
    pub use ockam_core::compat::*;
    pub use ockam_node::compat::*;
    pub use ockam_node::tokio;
}

/// Helper workers
pub mod workers {
    pub use ockam_node::workers::*;
}

#[cfg(feature = "ockam_vault")]
pub mod vault {
    //! Types and traits relating to ockam vaults.
    pub use ockam_vault::*;

    #[cfg(feature = "storage")]
    /// Storage
    pub mod storage {
        pub use ockam_vault::storage::*;
    }
}

/// List of all top-level services
pub mod node;