Struct Network

pub struct Network<S>where
    S: Store,
{ /* private fields */ }

Expand description

A certification network.

Implementations§

impl<'a, S> Network<S>
where S: Store + Backend<'a>,

The lifetimes 'a and 'b have the same meaning as for Store: 'a is the lifetime of the object on the backend, 'b is the lifetime of the reference to the object, and the object ('a) must outlive the reference ('b).

pub fn path<U>( &self, khs: &[KeyHandle], userid: U, required_amount: usize, policy: &dyn Policy, ) -> Result<Path>
where U: Borrow<UserID>,

Authenticates a path in the network.

This checks that there are valid certifications from the first certificate in khs to the last over the User ID, userid for the specified trust amount.

This function will return Ok if a path with the required trust amount can be found.

Unlike Network::lint_path, this function returns as soon as an error is encountered.

This function requires that the Network object implement Backend in addition to Store. This is technically needed by Network::lint_path to provide better diagnostics, but it is not strictly required by Network::path, which only needs active certifications. This requirement exists, because Network::path and Network::lint_path share a fair amount of code. This bound may be lifted in the future.

pub fn lint_path<U>( &self, khs: &[KeyHandle], userid: U, required_amount: usize, policy: &dyn Policy, ) -> Result<PathLints<'a>>
where U: Borrow<UserID>,

Lints a path in the network.

This checks that the there are valid certifications from the first certificate in khs to the last over the User ID, userid.

This function almost always returns Ok; it only returns an error in an extraordinary circumstance.

Unlike Network::path, this function does extra work to identify reasons why a path is invalid. For instance, if there is no valid certification for a path segment, but there is an expired certification that is expired, this function will indicate that.

impl<S> Network<S>
where S: Store,

pub fn new<R>(store: S, roots: R) -> Result<Self>
where R: Into<Roots>,

Returns a rooted Network.

By default, the Network is an authentication network. In this mode of operation, plain certifications are only considered certifications, and the target is not considered to be a trusted introducer. An alternative mode of operation is a certification network. This can be configured using NetworkBuilder::certification_network.

pub fn backend(&self) -> &S

Returns a reference to the underlying store.

impl<'a: 'policy, 'policy> Network<CertStore<'a, 'policy, Certs<'a>>>

pub fn from_certs<I, C, T, R>( certs: I, policy: &'policy dyn Policy, t: T, roots: R, ) -> Result<Self>
where T: Into<Option<SystemTime>>, I: IntoIterator<Item = C>, C: Into<Cert>, R: Into<Roots>,

Builds a web of trust network from a set of certificates.

If a certificate is invalid according to the policy, the certificate is silently ignored.

pub fn from_cert_refs<I, C, T, R>( certs: I, policy: &'policy dyn Policy, t: T, roots: R, ) -> Result<Self>
where T: Into<Option<SystemTime>>, I: IntoIterator<Item = C>, C: Into<&'a Cert>, R: Into<Roots>,

Builds a web of trust network from a set of certificates.

If a certificate is invalid according to the policy, the certificate is silently ignored.

pub fn from_bytes<T, R>( certs: &'a [u8], policy: &'policy dyn Policy, t: T, roots: R, ) -> Result<Self>
where T: Into<Option<SystemTime>>, R: Into<Roots>,

Builds a web of trust network from a keyring.

If a certificate is invalid according to the policy, the certificate is silently ignored.

pub fn from_raw_certs<T, R>( certs: impl Iterator<Item = RawCert<'a>>, policy: &'a dyn Policy, t: T, roots: R, ) -> Result<Self>
where T: Into<Option<SystemTime>>, R: Into<Roots>,

Builds a web of trust network from a set of raw certificates.

If a certificate is invalid according to the policy, the certificate is silently ignored.

impl<'a> Network<SynopsisSlice<'a>>

pub fn from_synopses<R>( certs: &'a [CertSynopsis], certifications: &'a [Certification], t: SystemTime, roots: R, ) -> Result<Self>
where R: Into<Roots>,

Builds a web of trust network from a set of certificates.

If a certificate is invalid according to the policy, the certificate is silently ignored.

impl<S> Network<S>
where S: Store,

pub fn roots(&self) -> &Roots

Returns a reference to the roots.

pub fn is_root<F>(&self, fpr: F) -> bool
where F: Borrow<Fingerprint>,

Returns whether the specified certificate is a root.

pub fn root<F>(&self, fpr: F) -> Option<&Root>
where F: Borrow<Fingerprint>,

Returns the specified root.

pub fn certification_network(&self) -> bool

Returns whether the Network is a certification network.

See NetworkBuilder::certification_network for details.

pub fn authentication_network(&self) -> bool

Returns whether the Network is an authentication network.

See NetworkBuilder::certification_network for details.

pub fn maximum_depth(&mut self) -> Option<usize>

Returns the maximum depth.

With the depth limited to 0, the maximum lengths of paths will be two, with the paths containing the certifier and the target).

pub fn authenticate<U, F>( &self, target_userid: U, target_fpr: F, target_trust_amount: usize, ) -> Paths
where U: Borrow<UserID>, F: Borrow<Fingerprint>,

Authenticates the specified binding.

Enough independent paths are gotten to satisfy target_trust_amount. A fully trusted authentication is 120. If you require that a binding be double authenticated, you can specify 240.

pub fn gossip<U, F>(&self, target_fpr: F, target_userid: U) -> Paths
where U: Borrow<UserID>, F: Borrow<Fingerprint>,

Gets gossip about the specified binding.

This is like Network::authenticate, but it also includes all unauthenticated paths to the target binding. The aggregate trust amount is accurate.

Note: the paths are dedup based on whether they are a suffix of another path. That is, if A -> B -> C is a valid gossip path, then so is B -> C.

Trait Implementations§

impl<S> Debug for Network<S>
where S: Store,

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl<S> Deref for Network<S>
where S: Store,

type Target = S

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

Auto Trait Implementations§

impl<S> Freeze for Network<S>
where S: Freeze,

impl<S> RefUnwindSafe for Network<S>
where S: RefUnwindSafe,

impl<S> Send for Network<S>
where S: Send,

impl<S> Sync for Network<S>
where S: Sync,

impl<S> Unpin for Network<S>
where S: Unpin,

impl<S> UnwindSafe for Network<S>
where S: UnwindSafe,

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Pointable for T

const ALIGN: usize

The alignment of pointer.

type Init = T

The type for initializers.

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<P, T> Receiver for P
where P: Deref<Target = T> + ?Sized, T: ?Sized,

type Target = T

🔬This is a nightly-only experimental API. (arbitrary_self_types)

The target type on which the method may be called.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> ErasedDestructor for T
where T: 'static,