Struct libkeycard::Entry

pub struct Entry { /* private fields */ }

Entry represents a single entry in a keycard and contains both fields and authentication strings, which can be a digital signature or a cryptographic hash.

Implementations

impl Entry

pub fn new_from_str(entrytype: &str) -> Result<Entry, LKCError>

Creates a new entry given the value held in the passed string. As if this writing only “Organization”, “User”, or “” are valid, the last of which creating an Entry of type None.

pub fn new(entrytype: EntryType) -> Result<Entry, LKCError>

Creates a new entry based on the type given

pub fn from(s: &str) -> Result<Entry, LKCError>

Creates a new entry from the text data given it. The format of an entry is documented in the Mensago Identity Services design document.

pub fn has_field(&self, field: &str) -> bool

Returns true if the entry has a specific field

pub fn get_field(&self, field: &str) -> Result<String, LKCError>

Gets the specified field for an entry. Naming for the field exactly matches the spec.

pub fn set_field(&mut self, field: &str, value: &str) -> Result<(), LKCError>

Sets an entry field. Naming for the field exactly matches the spec.

pub fn set_fields(
    &mut self,
    fields: &Vec<(String, String)>
) -> Result<(), LKCError>

Sets multiple entry fields from a list of type-value mappings

pub fn delete_field(&mut self, field: &str) -> Result<(), LKCError>

Deletes a field from the entry

pub fn is_data_compliant(&self) -> Result<(), LKCError>

Checks the formatting of the regular fields in the entry and returns false if a field does not comply. This method is usually called to ensure that the data in an entry is valid before proceeding with the signing and hashing process.

pub fn is_compliant(&self) -> Result<(), LKCError>

Returns false if the entry has any compliance issues, including missing or bad hashes and/or signatures. This method performs all the checks made in is_data_compliant() and more. Note that only the format of signatures and hashes are checked. The validity of a hash or signature must be checked using verify() or verify_chain().

For an entry to be compliant, an organization entry MUST have the following fields:

• Type
• Index
• Name
• Contact-Admin
• Primary-Verification-Key
• Encryption-Key
• Time-To-Live“
• Expires
• Timestamp

Organizational entries may also have any of the following optional fields:

• Contact-Abuse
• Contact-Support
• Language
• Secondary-Verification-Key

User entries MUST have the following fields:

• Type
• Index
• Workspace-ID
• Domain
• Contact-Request-Verification-Key
• Contact-Request-Encryption-Key
• Verification-Key
• Encryption-Key
• Time-To-Live“
• Expires
• Timestamp

User entries MAY also have a Name or User-ID field, although these are optional.

Additionally, any entry MUST also have signatures and hashes applied in the order specified in the description for get_full_text().

pub fn set_expiration(&mut self, numdays: u16) -> Result<(), LKCError>

Sets the expiration date for the entry. The maximum number of days for entries is 1095 (~3 years). The recommended value are 365 for an organization entry and 90 for a user entry.

pub fn is_expired(&self) -> Result<bool, LKCError>

Returns true if the entry has exceeded its expiration date

pub fn get_text(&self) -> Result<String, LKCError>

Returns the body text of the entry

pub fn get_full_text(&self, siglevel: &str) -> Result<String, LKCError>

Returns the full text of the entry, including signatures, up to but not including the one specified. Passing an empty string as the signature level will result in the entire entry being returned.

The order for organization entries:

• Custody-Signature
• Previous-Hash
• Hash
• Organization-Signature

The order for user entries:

• Custody-Signature
• Organization-Signature
• Previous-Hash
• Hash
• User-Signature

pub fn has_authstr(&self, astype: &str) -> bool

Returns true if the supplied AuthStr is populated and valid

pub fn get_authstr(&self, astype: &str) -> Result<&CryptoString, LKCError>

Returns the specified authentication string

pub fn add_authstr(
    &mut self,
    astype: &str,
    astr: &CryptoString
) -> Result<(), LKCError>

Sets the specified authentication string to the value passed. NOTE: no validation of the authentication string is performed by this call. The primary use for this method is to set the Previous-Hash for the entry

pub fn sign(
    &mut self,
    astype: &str,
    signing_pair: &SigningPair
) -> Result<(), LKCError>

Creates the requested signature. Requirements for this call vary with the entry implementation. ErrOutOfOrderSignature is returned if a signature is requested before another required authentication string has been set. ErrBadValue is returned for a signature type not used by the specific implementation.

pub fn verify_signature(
    &self,
    astype: &str,
    verify_key: &dyn VerifySignature
) -> Result<(), LKCError>

Verifies the requested signature. ErrBadValue is returned for a signature type not used by the specific implementation. ErrVerificationFailure is returned if the signature fails to verify

pub fn hash(&mut self, algorithm: &str) -> Result<(), LKCError>

Calculates the hash for the entry text using the specified algorithm. For information on signature order, please see get_full_text(). All signatures are required except for Custody-Signature and Previous-Hash, which are not required for an organization’s root keycard entry. ErrOutOfOrderSignature is returned if a hash is requested before another required authentication string has been set.

pub fn verify_hash(&self) -> Result<(), LKCError>

Verifies the data of the entry with the hash currently assigned. Returns Ok on success and ErrHashMismatch on failure.

pub fn chain(
    &self,
    spair: &SigningPair,
    expires: u16
) -> Result<(Entry, HashMap<&'static str, CryptoString>), LKCError>

Creates a new Entry object with new keys and a custody signature. It requires the contact request signing keypair used for the entry so that the Custody-Signature field is generated correctly. For handling of expiration date, see set_expiration().

pub fn verify_chain(&self, previous: &Entry) -> Result<(), LKCError>

Verifies the chain of custody between the provided entry and the current one. If either card is invalid, ErrInvalidKeycard is returned. If the index of entry is not the immediate successor to the previous one, ErrBadValue is returned.

pub fn revoke(
    &self,
    expires: u16
) -> Result<(Entry, HashMap<&'static str, CryptoString>), LKCError>

This method is called when the current entry must be revoked because one or more keys were compromised. A new root entry is created with a Revoke field containing the hash of the current one and an Index which is, like chain(), one greater than the current entry. For handling of the expiration interval, see set_expiration().

Trait Implementations

impl Clone for Entry

fn clone(&self) -> Entry

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Entry

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.