pub struct ScheduledRefreshCipher<C> { /* private fields */ }Expand description
An AEAD cipher that bounds the age of its keys to a TTL by reloading on the
read path — so a decryption key removed upstream is dropped within the TTL
even though it never fails to decrypt (you still hold it). The TTL bounds how
long a removed key lingers; key additions are handled by the miss-triggered
RetryingDecryptor layered on top.
On each decrypt/unseal,
and inside each select_cipher/select_sealer,
the first caller past the TTL reloads single-flight (non-blocking for others),
then proceeds against a frozen snapshot; for the outbound selectors the TTL
bounds how quickly a rotated-in key is discovered rather than how quickly a removed
one is dropped. Using the type directly as
an AeadEncryptor serves the current snapshot without a reload — go through
the selector for the freshness guarantee. The pure swap mechanism without policy
is RefreshableCipher.
See composing crypto strategies for how this layer (removals) pairs with the retrying layer (additions). All clones share the same underlying state, so a refresh through any clone is visible to all others.
Implementations§
Source§impl<C: Debug + MaybeSendSync + 'static> ScheduledRefreshCipher<C>
impl<C: Debug + MaybeSendSync + 'static> ScheduledRefreshCipher<C>
Sourcepub async fn refresh_if_stale(&self) -> bool
pub async fn refresh_if_stale(&self) -> bool
Reloads the key if it has outlived its TTL and the rate-limit/backoff policy permits; a within-TTL key is left in place. Blocking.
A manual staleness poll: the selector paths
(select_cipher,
select_sealer) already reload a stale
key during selection, so this only pre-warms the key ahead of a
latency-sensitive encrypt/seal. Distinct from the inbound miss path
AeadDecryptor::try_refresh, which is not TTL-gated;
refresh reloads unconditionally.
Returns true if this call refreshed successfully, false if the policy
blocked it or the refresh failed.
Sourcepub async fn refresh(&self) -> Result<bool, Error>
pub async fn refresh(&self) -> Result<bool, Error>
Forces a refresh bypassing the scheduling policy, but still records the outcome.
Returns Ok(true) if new key material was fetched by this call, or
Ok(false) if another task already refreshed concurrently.
§Errors
Returns an error if the factory call fails.
Sourcepub fn builder<I1>() -> ScheduledRefreshCipherBuilder<C, I1>where
I1: Fn() -> Pin<Box<dyn MaybeSendFuture<Output = Result<C, Error>>>> + MaybeSendSync + 'static,
pub fn builder<I1>() -> ScheduledRefreshCipherBuilder<C, I1>where
I1: Fn() -> Pin<Box<dyn MaybeSendFuture<Output = Result<C, Error>>>> + MaybeSendSync + 'static,
Creates a new ScheduledRefreshCipher using the given factory and policy parameters.
The factory is called immediately to produce the initial cipher. The same factory is called on subsequent refreshes.
§Errors
Returns an error if the initial factory call fails.
Trait Implementations§
Source§impl<C: AeadEncryptor + 'static> AeadCipherSelector for ScheduledRefreshCipher<C>
impl<C: AeadEncryptor + 'static> AeadCipherSelector for ScheduledRefreshCipher<C>
Source§fn select_cipher(&self) -> MaybeSendBoxFuture<'_, Arc<dyn AeadEncryptor>>
fn select_cipher(&self) -> MaybeSendBoxFuture<'_, Arc<dyn AeadEncryptor>>
Source§impl<C: AeadDecryptor + 'static> AeadDecryptor for ScheduledRefreshCipher<C>
impl<C: AeadDecryptor + 'static> AeadDecryptor for ScheduledRefreshCipher<C>
Source§fn cipher_match(&self, m: &CipherMatch<'_>) -> Option<KeyMatchStrength>
fn cipher_match(&self, m: &CipherMatch<'_>) -> Option<KeyMatchStrength>
Source§fn decrypt<'a>(
&'a self,
cipher_match: Option<&'a CipherMatch<'a>>,
nonce: &'a [u8],
ciphertext: &'a [u8],
tag: &'a [u8],
aad: &'a [u8],
) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>
fn decrypt<'a>( &'a self, cipher_match: Option<&'a CipherMatch<'a>>, nonce: &'a [u8], ciphertext: &'a [u8], tag: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>
Source§fn try_refresh(&self) -> MaybeSendBoxFuture<'_, bool>
fn try_refresh(&self) -> MaybeSendBoxFuture<'_, bool>
JwsVerifier::try_refresh. Read moreSource§impl<C: AeadEncryptor + 'static> AeadEncryptor for ScheduledRefreshCipher<C>
impl<C: AeadEncryptor + 'static> AeadEncryptor for ScheduledRefreshCipher<C>
Source§fn enc_algorithm(&self) -> Cow<'_, str>
fn enc_algorithm(&self) -> Cow<'_, str>
A256GCM).Source§fn encrypt<'a>(
&'a self,
plaintext: &'a [u8],
aad: &'a [u8],
) -> MaybeSendBoxFuture<'a, Result<AeadOutput, Error>>
fn encrypt<'a>( &'a self, plaintext: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<AeadOutput, Error>>
Source§impl<C: AeadEncryptor + 'static> AeadSealerSelector for ScheduledRefreshCipher<C>
impl<C: AeadEncryptor + 'static> AeadSealerSelector for ScheduledRefreshCipher<C>
Source§fn select_sealer(&self) -> MaybeSendBoxFuture<'_, Arc<dyn AeadSealer>>
fn select_sealer(&self) -> MaybeSendBoxFuture<'_, Arc<dyn AeadSealer>>
Source§impl<C: AeadDecryptor + 'static> AeadUnsealer for ScheduledRefreshCipher<C>
impl<C: AeadDecryptor + 'static> AeadUnsealer for ScheduledRefreshCipher<C>
Source§fn unseal<'a>(
&'a self,
cipher_match: Option<&'a CipherMatch<'a>>,
bundle: &'a [u8],
aad: &'a [u8],
) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>
fn unseal<'a>( &'a self, cipher_match: Option<&'a CipherMatch<'a>>, bundle: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>
AeadSealer::seal. Read more