Struct IngestService

Source

pub struct IngestService<R, L, O>where
    R: RawDataStore,
    L: AuditLedger,
    O: OperationLogStore,
{ /* private fields */ }

Implementations§

Source §

impl<R, L, O> IngestService<R, L, O>
where R: RawDataStore, L: AuditLedger, O: OperationLogStore,

Source

pub fn new( verifier: IngestState, raw_data_store: R, audit_ledger: L, operation_log: O, ) -> Self

Examples found in repository ?

examples/lift_inspection_flow.rs (lines 12-17)

7fn main() {
8    let device_id = "lift-01";
9    let signing_key = SigningKey::from_bytes(&[1u8; 32]);
10    let verifying_key = signing_key.verifying_key();
11
12    let mut service = IngestService::new(
13        IngestState::default(),
14        InMemoryRawDataStore::default(),
15        InMemoryAuditLedger::default(),
16        InMemoryOperationLog::default(),
17    );
18    service.register_device(device_id, verifying_key);
19
20    let payloads = [
21        b"check=door,status=ok" as &[u8],
22        b"check=vibration,status=ok",
23        b"check=emergency_brake,status=ok",
24    ];
25
26    let mut prev_hash = AuditRecord::zero_hash();
27    let mut records = Vec::new();
28
29    for (index, payload) in payloads.iter().enumerate() {
30        let sequence = (index as u64) + 1;
31        let record = build_signed_record(
32            device_id,
33            sequence,
34            1_700_000_000_000 + sequence,
35            payload,
36            prev_hash,
37            format!("s3://bucket/{device_id}/inspection-{sequence}.bin"),
38            &signing_key,
39        );
40        prev_hash = record.hash();
41        records.push(record);
42    }
43
44    for record in &records {
45        service
46            .ingest(record.clone(), payloads[record.sequence as usize - 1])
47            .expect("ingest should succeed");
48    }
49
50    println!("Stored {} audit records", service.audit_ledger().records().len());
51
52    let tampered_payload = b"tampered";
53    let tampered_record = build_signed_record(
54        device_id,
55        4,
56        1_700_000_000_004,
57        tampered_payload,
58        prev_hash,
59        "s3://bucket/lift-01/inspection-4.bin",
60        &signing_key,
61    );
62    let mut tampered = tampered_record;
63    tampered.payload_hash[0] ^= 0x01;
64
65    let result = service.ingest(tampered, tampered_payload);
66    assert!(result.is_err(), "tampered record should be rejected");
67    println!("Tampered record rejected: {:?}", result.unwrap_err());
68
69    println!("Operation log entries: {}", service.operation_log().entries().len());
70    for entry in service.operation_log().entries() {
71        println!("  {:?} device={} seq={} msg={}", entry.decision, entry.device_id, entry.sequence, entry.message);
72    }
73}

Source

pub fn register_device( &mut self, device_id: impl Into<String>, key: VerifyingKey, )

Examples found in repository ?

examples/lift_inspection_flow.rs (line 18)

7fn main() {
8    let device_id = "lift-01";
9    let signing_key = SigningKey::from_bytes(&[1u8; 32]);
10    let verifying_key = signing_key.verifying_key();
11
12    let mut service = IngestService::new(
13        IngestState::default(),
14        InMemoryRawDataStore::default(),
15        InMemoryAuditLedger::default(),
16        InMemoryOperationLog::default(),
17    );
18    service.register_device(device_id, verifying_key);
19
20    let payloads = [
21        b"check=door,status=ok" as &[u8],
22        b"check=vibration,status=ok",
23        b"check=emergency_brake,status=ok",
24    ];
25
26    let mut prev_hash = AuditRecord::zero_hash();
27    let mut records = Vec::new();
28
29    for (index, payload) in payloads.iter().enumerate() {
30        let sequence = (index as u64) + 1;
31        let record = build_signed_record(
32            device_id,
33            sequence,
34            1_700_000_000_000 + sequence,
35            payload,
36            prev_hash,
37            format!("s3://bucket/{device_id}/inspection-{sequence}.bin"),
38            &signing_key,
39        );
40        prev_hash = record.hash();
41        records.push(record);
42    }
43
44    for record in &records {
45        service
46            .ingest(record.clone(), payloads[record.sequence as usize - 1])
47            .expect("ingest should succeed");
48    }
49
50    println!("Stored {} audit records", service.audit_ledger().records().len());
51
52    let tampered_payload = b"tampered";
53    let tampered_record = build_signed_record(
54        device_id,
55        4,
56        1_700_000_000_004,
57        tampered_payload,
58        prev_hash,
59        "s3://bucket/lift-01/inspection-4.bin",
60        &signing_key,
61    );
62    let mut tampered = tampered_record;
63    tampered.payload_hash[0] ^= 0x01;
64
65    let result = service.ingest(tampered, tampered_payload);
66    assert!(result.is_err(), "tampered record should be rejected");
67    println!("Tampered record rejected: {:?}", result.unwrap_err());
68
69    println!("Operation log entries: {}", service.operation_log().entries().len());
70    for entry in service.operation_log().entries() {
71        println!("  {:?} device={} seq={} msg={}", entry.decision, entry.device_id, entry.sequence, entry.message);
72    }
73}

Source

pub fn ingest( &mut self, record: AuditRecord, raw_payload: &[u8], ) -> Result<(), IngestServiceError>

Examples found in repository ?

examples/lift_inspection_flow.rs (line 46)

7fn main() {
8    let device_id = "lift-01";
9    let signing_key = SigningKey::from_bytes(&[1u8; 32]);
10    let verifying_key = signing_key.verifying_key();
11
12    let mut service = IngestService::new(
13        IngestState::default(),
14        InMemoryRawDataStore::default(),
15        InMemoryAuditLedger::default(),
16        InMemoryOperationLog::default(),
17    );
18    service.register_device(device_id, verifying_key);
19
20    let payloads = [
21        b"check=door,status=ok" as &[u8],
22        b"check=vibration,status=ok",
23        b"check=emergency_brake,status=ok",
24    ];
25
26    let mut prev_hash = AuditRecord::zero_hash();
27    let mut records = Vec::new();
28
29    for (index, payload) in payloads.iter().enumerate() {
30        let sequence = (index as u64) + 1;
31        let record = build_signed_record(
32            device_id,
33            sequence,
34            1_700_000_000_000 + sequence,
35            payload,
36            prev_hash,
37            format!("s3://bucket/{device_id}/inspection-{sequence}.bin"),
38            &signing_key,
39        );
40        prev_hash = record.hash();
41        records.push(record);
42    }
43
44    for record in &records {
45        service
46            .ingest(record.clone(), payloads[record.sequence as usize - 1])
47            .expect("ingest should succeed");
48    }
49
50    println!("Stored {} audit records", service.audit_ledger().records().len());
51
52    let tampered_payload = b"tampered";
53    let tampered_record = build_signed_record(
54        device_id,
55        4,
56        1_700_000_000_004,
57        tampered_payload,
58        prev_hash,
59        "s3://bucket/lift-01/inspection-4.bin",
60        &signing_key,
61    );
62    let mut tampered = tampered_record;
63    tampered.payload_hash[0] ^= 0x01;
64
65    let result = service.ingest(tampered, tampered_payload);
66    assert!(result.is_err(), "tampered record should be rejected");
67    println!("Tampered record rejected: {:?}", result.unwrap_err());
68
69    println!("Operation log entries: {}", service.operation_log().entries().len());
70    for entry in service.operation_log().entries() {
71        println!("  {:?} device={} seq={} msg={}", entry.decision, entry.device_id, entry.sequence, entry.message);
72    }
73}

Source

pub fn raw_data_store(&self) -> &R

Source

pub fn audit_ledger(&self) -> &L

Examples found in repository ?

examples/lift_inspection_flow.rs (line 50)

7fn main() {
8    let device_id = "lift-01";
9    let signing_key = SigningKey::from_bytes(&[1u8; 32]);
10    let verifying_key = signing_key.verifying_key();
11
12    let mut service = IngestService::new(
13        IngestState::default(),
14        InMemoryRawDataStore::default(),
15        InMemoryAuditLedger::default(),
16        InMemoryOperationLog::default(),
17    );
18    service.register_device(device_id, verifying_key);
19
20    let payloads = [
21        b"check=door,status=ok" as &[u8],
22        b"check=vibration,status=ok",
23        b"check=emergency_brake,status=ok",
24    ];
25
26    let mut prev_hash = AuditRecord::zero_hash();
27    let mut records = Vec::new();
28
29    for (index, payload) in payloads.iter().enumerate() {
30        let sequence = (index as u64) + 1;
31        let record = build_signed_record(
32            device_id,
33            sequence,
34            1_700_000_000_000 + sequence,
35            payload,
36            prev_hash,
37            format!("s3://bucket/{device_id}/inspection-{sequence}.bin"),
38            &signing_key,
39        );
40        prev_hash = record.hash();
41        records.push(record);
42    }
43
44    for record in &records {
45        service
46            .ingest(record.clone(), payloads[record.sequence as usize - 1])
47            .expect("ingest should succeed");
48    }
49
50    println!("Stored {} audit records", service.audit_ledger().records().len());
51
52    let tampered_payload = b"tampered";
53    let tampered_record = build_signed_record(
54        device_id,
55        4,
56        1_700_000_000_004,
57        tampered_payload,
58        prev_hash,
59        "s3://bucket/lift-01/inspection-4.bin",
60        &signing_key,
61    );
62    let mut tampered = tampered_record;
63    tampered.payload_hash[0] ^= 0x01;
64
65    let result = service.ingest(tampered, tampered_payload);
66    assert!(result.is_err(), "tampered record should be rejected");
67    println!("Tampered record rejected: {:?}", result.unwrap_err());
68
69    println!("Operation log entries: {}", service.operation_log().entries().len());
70    for entry in service.operation_log().entries() {
71        println!("  {:?} device={} seq={} msg={}", entry.decision, entry.device_id, entry.sequence, entry.message);
72    }
73}

Source

pub fn operation_log(&self) -> &O

Examples found in repository ?

examples/lift_inspection_flow.rs (line 69)

7fn main() {
8    let device_id = "lift-01";
9    let signing_key = SigningKey::from_bytes(&[1u8; 32]);
10    let verifying_key = signing_key.verifying_key();
11
12    let mut service = IngestService::new(
13        IngestState::default(),
14        InMemoryRawDataStore::default(),
15        InMemoryAuditLedger::default(),
16        InMemoryOperationLog::default(),
17    );
18    service.register_device(device_id, verifying_key);
19
20    let payloads = [
21        b"check=door,status=ok" as &[u8],
22        b"check=vibration,status=ok",
23        b"check=emergency_brake,status=ok",
24    ];
25
26    let mut prev_hash = AuditRecord::zero_hash();
27    let mut records = Vec::new();
28
29    for (index, payload) in payloads.iter().enumerate() {
30        let sequence = (index as u64) + 1;
31        let record = build_signed_record(
32            device_id,
33            sequence,
34            1_700_000_000_000 + sequence,
35            payload,
36            prev_hash,
37            format!("s3://bucket/{device_id}/inspection-{sequence}.bin"),
38            &signing_key,
39        );
40        prev_hash = record.hash();
41        records.push(record);
42    }
43
44    for record in &records {
45        service
46            .ingest(record.clone(), payloads[record.sequence as usize - 1])
47            .expect("ingest should succeed");
48    }
49
50    println!("Stored {} audit records", service.audit_ledger().records().len());
51
52    let tampered_payload = b"tampered";
53    let tampered_record = build_signed_record(
54        device_id,
55        4,
56        1_700_000_000_004,
57        tampered_payload,
58        prev_hash,
59        "s3://bucket/lift-01/inspection-4.bin",
60        &signing_key,
61    );
62    let mut tampered = tampered_record;
63    tampered.payload_hash[0] ^= 0x01;
64
65    let result = service.ingest(tampered, tampered_payload);
66    assert!(result.is_err(), "tampered record should be rejected");
67    println!("Tampered record rejected: {:?}", result.unwrap_err());
68
69    println!("Operation log entries: {}", service.operation_log().entries().len());
70    for entry in service.operation_log().entries() {
71        println!("  {:?} device={} seq={} msg={}", entry.decision, entry.device_id, entry.sequence, entry.message);
72    }
73}

Auto Trait Implementations§

§

impl<R, L, O> Freeze for IngestService<R, L, O>
where R: Freeze, L: Freeze, O: Freeze,

§

impl<R, L, O> RefUnwindSafe for IngestService<R, L, O>
where R: RefUnwindSafe, L: RefUnwindSafe, O: RefUnwindSafe,

§

impl<R, L, O> Send for IngestService<R, L, O>
where R: Send, L: Send, O: Send,

§

impl<R, L, O> Sync for IngestService<R, L, O>
where R: Sync, L: Sync, O: Sync,

§

impl<R, L, O> Unpin for IngestService<R, L, O>
where R: Unpin, L: Unpin, O: Unpin,

§

impl<R, L, O> UnsafeUnpin for IngestService<R, L, O>
where R: UnsafeUnpin, L: UnsafeUnpin, O: UnsafeUnpin,

§

impl<R, L, O> UnwindSafe for IngestService<R, L, O>
where R: UnwindSafe, L: UnwindSafe, O: UnwindSafe,

Blanket Implementations§

Source §

impl<T> Any for T
where T: 'static + ?Sized,

Source §

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

Source §

impl<T> Borrow<T> for T
where T: ?Sized,

Source §

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

Source §

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source §

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

Source §

impl<T> From<T> for T

Source §

fn from(t: T) -> T

Returns the argument unchanged.

Source §

impl<T, U> Into for T
where U: From<T>,

Source §

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source §

impl<T> Same for T

Source §

type Output = T

Should always be Self

Source §

impl<T, U> TryFrom for T
where U: Into<T>,

Source §

type Error = Infallible

The type returned in the event of a conversion error.

Source §

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

Source §

impl<T, U> TryInto for T
where U: TryFrom<T>,

Source §

type Error = >::Error

The type returned in the event of a conversion error.

Source §

fn try_into(self) -> Result<U, >::Error>

Performs the conversion.

Struct IngestService Copy item path

Implementations§

impl<R, L, O> IngestService<R, L, O>where R: RawDataStore, L: AuditLedger, O: OperationLogStore,

pub fn new( verifier: IngestState, raw_data_store: R, audit_ledger: L, operation_log: O, ) -> Self

pub fn register_device( &mut self, device_id: impl Into<String>, key: VerifyingKey, )

pub fn ingest( &mut self, record: AuditRecord, raw_payload: &[u8], ) -> Result<(), IngestServiceError>

pub fn raw_data_store(&self) -> &R

pub fn audit_ledger(&self) -> &L

pub fn operation_log(&self) -> &O

Auto Trait Implementations§

impl<R, L, O> Freeze for IngestService<R, L, O>where R: Freeze, L: Freeze, O: Freeze,

impl<R, L, O> RefUnwindSafe for IngestService<R, L, O>where R: RefUnwindSafe, L: RefUnwindSafe, O: RefUnwindSafe,

impl<R, L, O> Send for IngestService<R, L, O>where R: Send, L: Send, O: Send,

impl<R, L, O> Sync for IngestService<R, L, O>where R: Sync, L: Sync, O: Sync,

impl<R, L, O> Unpin for IngestService<R, L, O>where R: Unpin, L: Unpin, O: Unpin,

impl<R, L, O> UnsafeUnpin for IngestService<R, L, O>where R: UnsafeUnpin, L: UnsafeUnpin, O: UnsafeUnpin,

impl<R, L, O> UnwindSafe for IngestService<R, L, O>where R: UnwindSafe, L: UnwindSafe, O: UnwindSafe,

Blanket Implementations§

impl<T> Any for Twhere T: 'static + ?Sized,

fn type_id(&self) -> TypeId

impl<T> Borrow<T> for Twhere T: ?Sized,

fn borrow(&self) -> &T

impl<T> BorrowMut<T> for Twhere T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

impl<T> From<T> for T

fn from(t: T) -> T

impl<T, U> Into<U> for Twhere U: From<T>,

fn into(self) -> U

impl<T> Same for T

type Output = T

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

type Error = Infallible

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Struct IngestService

impl<R, L, O> IngestService<R, L, O>
where R: RawDataStore, L: AuditLedger, O: OperationLogStore,

impl<R, L, O> Freeze for IngestService<R, L, O>
where R: Freeze, L: Freeze, O: Freeze,

impl<R, L, O> RefUnwindSafe for IngestService<R, L, O>
where R: RefUnwindSafe, L: RefUnwindSafe, O: RefUnwindSafe,

impl<R, L, O> Send for IngestService<R, L, O>
where R: Send, L: Send, O: Send,

impl<R, L, O> Sync for IngestService<R, L, O>
where R: Sync, L: Sync, O: Sync,

impl<R, L, O> Unpin for IngestService<R, L, O>
where R: Unpin, L: Unpin, O: Unpin,

impl<R, L, O> UnsafeUnpin for IngestService<R, L, O>
where R: UnsafeUnpin, L: UnsafeUnpin, O: UnsafeUnpin,

impl<R, L, O> UnwindSafe for IngestService<R, L, O>
where R: UnwindSafe, L: UnwindSafe, O: UnwindSafe,

impl<T> Any for T
where T: 'static + ?Sized,

impl<T> Borrow<T> for T
where T: ?Sized,

impl<T> BorrowMut<T> for T
where T: ?Sized,

impl<T, U> Into<U> for T
where U: From<T>,

impl<T, U> TryFrom<U> for T
where U: Into<T>,

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,