#![allow(clippy::doc_markdown)]
use crate::error::{self, Result};
use snafu::ResultExt;
use std::path::PathBuf;
use tough::key_source::{KeySource, LocalKeySource};
use tough_kms::{KmsKeySource, KmsSigningAlgorithm};
use tough_ssm::SsmKeySource;
use url::Url;
pub(crate) fn parse_key_source(input: &str) -> Result<Box<dyn KeySource>> {
let pwd_url =
Url::from_directory_path(std::env::current_dir().context(error::CurrentDirSnafu)?)
.expect("expected current directory to be absolute");
let url = Url::options()
.base_url(Some(&pwd_url))
.parse(input)
.context(error::UrlParseSnafu { url: input })?;
match url.scheme() {
"file" => Ok(Box::new(LocalKeySource {
path: PathBuf::from(url.path()),
})),
#[cfg(any(feature = "aws-sdk-rust-native-tls", feature = "aws-sdk-rust-rustls"))]
"aws-ssm" => Ok(Box::new(SsmKeySource {
profile: url.host_str().and_then(|s| {
if s.is_empty() {
None
} else {
Some(s.to_owned())
}
}),
parameter_name: url.path().to_owned(),
key_id: url.query_pairs().find_map(|(k, v)| {
if k == "kms-key-id" {
Some(v.into_owned())
} else {
None
}
}),
})),
"aws-kms" => Ok(Box::new(KmsKeySource {
profile: url.host_str().and_then(|s| {
if s.is_empty() {
None
} else {
Some(s.to_owned())
}
}),
key_id: if url.path().is_empty() {
String::from("")
} else {
url.path()[1..].to_string()
},
client: None,
signing_algorithm: KmsSigningAlgorithm::RsassaPssSha256,
})),
_ => error::UnrecognizedSchemeSnafu {
scheme: url.scheme(),
}
.fail(),
}
}