1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

//! Optional `Secret` wrapper type for the `bytes::BytesMut` crate.

use super::{CloneableSecret, DebugSecret, ExposeSecret, Secret};
use bytes_crate::{Bytes, BytesMut};
use core::fmt;
use zeroize::Zeroize;

#[cfg(feature = "serde")]
use serde::de::{Deserialize, Deserializer};

/// Instance of `Bytes` protected by a type that impls the `ExposeSecret`
/// trait like `Secret<T>`.
///
/// Because of the nature of how the `Bytes` type works, it needs some special
/// care in order to have a proper zeroizing drop handler.
#[derive(Clone)]
pub struct SecretBytes(Option<Bytes>);

impl SecretBytes {
    /// Wrap bytes in `SecretBytes`
    pub fn new(bytes: impl Into<Bytes>) -> SecretBytes {
        SecretBytes(Some(bytes.into()))
    }
}

impl ExposeSecret<Bytes> for SecretBytes {
    fn expose_secret(&self) -> &Bytes {
        self.0.as_ref().unwrap()
    }
}

impl fmt::Debug for SecretBytes {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "SecretBytes(...)")
    }
}

impl From<Bytes> for SecretBytes {
    fn from(bytes: Bytes) -> SecretBytes {
        SecretBytes::new(bytes)
    }
}

impl From<BytesMut> for SecretBytes {
    fn from(bytes: BytesMut) -> SecretBytes {
        SecretBytes::new(bytes)
    }
}

impl Drop for SecretBytes {
    fn drop(&mut self) {
        // To zero the contents of `Bytes`, we have to take ownership of it
        // and then attempt to convert it to a `BytesMut`. If that succeeds,
        // we are holding the last reference to the inner byte buffer, which
        // indicates its lifetime has ended and it's ready to be zeroed.
        if let Some(bytes) = self.0.take() {
            if let Ok(mut bytes_mut) = bytes.try_mut() {
                bytes_mut.zeroize();
            }
        }
    }
}

#[cfg(feature = "serde")]
impl<'de> Deserialize<'de> for SecretBytes {
    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
    where
        D: Deserializer<'de>,
    {
        Bytes::deserialize(deserializer).map(SecretBytes::new)
    }
}

/// Alias for `Secret<BytesMut>`
pub type SecretBytesMut = Secret<BytesMut>;

impl DebugSecret for BytesMut {}
impl CloneableSecret for BytesMut {}