1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
use crate::chain;
use abscissa::secret::{CloneableSecret, DebugSecret, ExposeSecret, Secret};
use serde::Deserialize;
use tendermint::net;
use yubihsm::Credentials;
use zeroize::Zeroize;
#[derive(Clone, Deserialize, Debug)]
#[serde(deny_unknown_fields)]
pub struct YubihsmConfig {
pub adapter: AdapterConfig,
pub auth: AuthConfig,
#[serde(default)]
pub keys: Vec<SigningKeyConfig>,
pub serial_number: Option<String>,
#[cfg(feature = "yubihsm-server")]
pub connector_server: Option<ConnectorServerConfig>,
}
#[derive(Clone, Deserialize, Debug)]
#[serde(deny_unknown_fields, tag = "type")]
pub enum AdapterConfig {
#[serde(rename = "usb")]
Usb {
#[serde(default = "usb_timeout_ms_default")]
timeout_ms: u64,
},
#[serde(rename = "http")]
Http {
addr: net::Address,
},
}
#[derive(Clone, Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct AuthConfig {
pub key: u16,
pub password: Secret<Password>,
}
impl AuthConfig {
pub fn credentials(&self) -> Credentials {
Credentials::from_password(self.key, self.password.expose_secret().0.as_bytes())
}
}
#[derive(Clone, Deserialize, Zeroize)]
#[serde(deny_unknown_fields)]
#[zeroize(drop)]
pub struct Password(String);
impl CloneableSecret for Password {}
impl DebugSecret for Password {
fn debug_secret() -> &'static str {
"REDACTED PASSWORD"
}
}
#[derive(Clone, Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct SigningKeyConfig {
pub chain_ids: Vec<chain::Id>,
pub key: u16,
}
fn usb_timeout_ms_default() -> u64 {
1000
}
#[cfg(feature = "yubihsm-server")]
#[derive(Clone, Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct ConnectorServerConfig {
pub laddr: net::Address,
pub cli: Option<CliConfig>,
}
#[cfg(feature = "yubihsm-server")]
#[derive(Clone, Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct CliConfig {
pub auth_key: Option<u16>,
}