use super::*;
pub use self::key_operations::KeyOperations;
pub mod key_operations {
bitflags_set! {
pub struct KeyOperations: u64 {
const SIGN = 0x0000000000000001;
const VERIFY = 0x0000000000000002;
const ENCRYPT = 0x0000000000000004;
const DECRYPT = 0x0000000000000008;
const WRAPKEY = 0x0000000000000010;
const UNWRAPKEY = 0x0000000000000020;
const DERIVEKEY = 0x0000000000000040;
const MACGENERATE = 0x0000000000000080;
const MACVERIFY = 0x0000000000000100;
const EXPORT = 0x0000000000000200;
const APPMANAGEABLE = 0x0000000000000400;
const HIGHVOLUME = 0x0000000000000800;
const AGREEKEY = 0x0000000000001000;
}
}
}
#[derive(Debug, Eq, PartialEq, Copy, Hash, Serialize, Deserialize, Clone)]
#[serde(rename_all = "UPPERCASE")]
pub enum ObjectType {
Aes,
Des,
Des3,
Rsa,
Ec,
Opaque,
Hmac,
Secret,
Certificate,
}
#[derive(Copy, PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
pub enum ObjectOrigin {
FortanixHSM,
Transient,
External,
}
#[derive(Copy, Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
pub enum EllipticCurve {
X25519,
Ed25519,
X448,
SecP192K1,
SecP224K1,
SecP256K1,
NistP192,
NistP224,
NistP256,
NistP384,
NistP521,
Gost256A,
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct KeyLinks {
#[serde(default)]
pub replacement: Option<Uuid>,
#[serde(default)]
pub replaced: Option<Uuid>,
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "lowercase")]
pub enum Principal {
App(Uuid),
User(Uuid),
Plugin(Uuid),
UserViaApp {
user_id: Uuid,
scopes: HashSet<OauthScope>,
},
}
#[derive(Debug, Eq, PartialEq, Copy, Serialize, Deserialize, Clone)]
#[serde(rename_all = "UPPERCASE")]
pub enum DigestAlgorithm {
Blake2b256,
Blake2b384,
Blake2b512,
Blake2s256,
Ripemd160,
Ssl3,
Sha1,
Sha256,
Sha384,
Sha512,
Streebog256,
Streebog512,
Sha3_224,
Sha3_256,
Sha3_384,
Sha3_512,
}
#[derive(Debug, PartialEq, Eq, Hash, Serialize, Deserialize, Clone)]
#[serde(rename_all = "lowercase")]
pub enum OauthScope {
App,
}
singleton_backcompat! {
#[derive(Debug, Eq, PartialEq, Copy, Clone)]
#[serde(rename_all = "UPPERCASE")]
pub enum UserGroupRole {
GroupAuditor,
GroupAdministrator
}
}
#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "lowercase", tag = "kind")]
pub enum JwtSigningKeys {
Stored {
keys: HashMap<String, Blob>,
},
Fetched {
url: String,
cache_duration: u64,
},
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
pub struct RsaEncryptionPolicy {
pub padding: Option<RsaEncryptionPaddingPolicy>,
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum RsaEncryptionPaddingPolicy {
Oaep { mgf: Option<MgfPolicy> },
Pkcs1V15 {},
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
pub struct RsaSignaturePolicy {
pub padding: Option<RsaSignaturePaddingPolicy>,
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum RsaSignaturePaddingPolicy {
Pss { mgf: Option<MgfPolicy> },
Pkcs1V15 {},
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "snake_case")]
pub enum MgfPolicy {
Mgf1 { hash: Option<DigestAlgorithm> },
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
pub struct RsaOptions {
pub key_size: Option<u32>,
#[serde(default)]
pub public_exponent: Option<u32>,
pub encryption_policy: Vec<RsaEncryptionPolicy>,
pub signature_policy: Vec<RsaSignaturePolicy>,
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
pub struct FpeOptions {
pub radix: u32,
pub min_length: u32,
pub max_length: u32,
pub preserve: Vec<isize>,
pub mask: Option<Vec<isize>>,
pub luhn_check: Option<bool>,
pub name: Option<String>,
}
#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
pub struct ApprovalPolicy {
#[serde(default)]
pub quorum: Option<ApprovalPolicyQuorum>,
#[serde(default)]
pub user: Option<Uuid>,
#[serde(default)]
pub app: Option<Uuid>,
}
#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
pub struct ApprovalPolicyQuorum {
pub n: usize,
pub members: Vec<ApprovalPolicy>,
#[serde(flatten)]
pub config: ApprovalAuthConfig,
}
#[derive(Copy, PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
pub struct ApprovalAuthConfig {
pub require_password: bool,
pub require_2fa: bool,
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
pub struct RevocationReason {
pub code: RevocationReasonCode,
pub message: Option<String>,
pub compromise_occurance_date: Option<Time>,
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
pub enum RevocationReasonCode {
Unspecified,
KeyCompromise,
CACompromise,
AffiliationChanged,
Superseded,
CessationOfOperation,
PrivilegeWithdrawn,
}
#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "snake_case", tag = "state")]
pub enum PublishPublicKeyConfig {
Enabled {
list_previous_version: bool,
},
Disabled,
}
#[derive(Eq, PartialEq, Debug, Serialize, Deserialize, Clone)]
pub struct Sobject {
pub acct_id: Uuid,
#[serde(default)]
pub activation_date: Option<Time>,
#[serde(default)]
pub compromise_date: Option<Time>,
pub created_at: Time,
pub creator: Principal,
#[serde(default)]
pub custom_metadata: Option<HashMap<String, String>>,
#[serde(default)]
pub deactivation_date: Option<Time>,
#[serde(default)]
pub description: Option<String>,
#[serde(default)]
pub deterministic_signatures: Option<bool>,
#[serde(default)]
pub elliptic_curve: Option<EllipticCurve>,
pub enabled: bool,
#[serde(default)]
pub fpe: Option<FpeOptions>,
pub key_ops: KeyOperations,
#[serde(default)]
pub key_size: Option<u32>,
#[serde(default)]
pub kid: Option<Uuid>,
pub lastused_at: Time,
#[serde(default)]
pub links: Option<KeyLinks>,
#[serde(default)]
pub name: Option<String>,
pub never_exportable: Option<bool>,
pub obj_type: ObjectType,
pub origin: ObjectOrigin,
#[serde(default)]
pub pub_key: Option<Blob>,
pub public_only: bool,
#[serde(default)]
pub publish_public_key: Option<PublishPublicKeyConfig>,
#[serde(default)]
pub revocation_reason: Option<RevocationReason>,
#[serde(default)]
pub rsa: Option<RsaOptions>,
#[serde(default)]
pub state: Option<SobjectState>,
#[serde(default)]
pub transient_key: Option<Blob>,
#[serde(default)]
pub value: Option<Blob>,
#[serde(default)]
pub group_id: Option<Uuid>,
}
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct SignRequest {
#[serde(default)]
pub key: Option<SobjectDescriptor>,
pub hash_alg: DigestAlgorithm,
pub hash: Option<Blob>,
pub data: Option<Blob>,
pub mode: Option<SignatureMode>,
pub deterministic_signature: Option<bool>,
}
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct SignResponse {
#[serde(default)]
pub kid: Option<Uuid>,
pub signature: Blob,
}
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct VerifyRequest {
#[serde(default)]
pub key: Option<SobjectDescriptor>,
pub hash_alg: DigestAlgorithm,
pub hash: Option<Blob>,
pub data: Option<Blob>,
pub mode: Option<SignatureMode>,
pub signature: Blob,
}
#[derive(Default, Debug, Serialize, Deserialize, Clone)]
pub struct VerifyResponse {
#[serde(default)]
pub kid: Option<Uuid>,
pub result: bool,
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "snake_case")]
pub enum Mgf {
Mgf1 { hash: DigestAlgorithm },
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
#[serde(untagged)]
pub enum SignatureMode {
Rsa(RsaSignaturePadding),
}
#[derive(Copy, Debug, PartialEq, Eq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum RsaSignaturePadding {
Pss { mgf: Mgf },
Pkcs1V15 {},
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "snake_case")]
pub enum SobjectDescriptor {
Kid(Uuid),
Name(String),
TransientKey(Blob),
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct U2fAuthRequest {
pub key_handle: Blob,
pub signature_data: Blob,
pub client_data: Blob,
}
#[derive(Debug, Eq, PartialEq, Copy, Serialize, Deserialize, Clone)]
pub enum SobjectState {
PreActive,
Active,
Deactivated,
Compromised,
}