Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
467 Commits
12 Branches
27 Tags
2.1 MiB
Tree: 1afc6dc27e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1afc6dc27e'
${ noResults }
acmed/acmed/src/account/storage.rs

188 lines
5.3 KiB
Raw Normal View History

Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Add external account binding
4 years ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Add external account binding
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Add external account binding
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Add external account binding
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Add external account binding
4 years ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Create a new account if the external account has changed
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Create a new account if the external account has changed
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Create a new account if the external account has changed
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Create a new account if the external account has changed
4 years ago
Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/
1 year ago
Create a new account if the external account has changed
4 years ago
  1. use crate::account::contact::AccountContact;
  2. use crate::account::{Account, AccountEndpoint, AccountKey, ExternalAccount};
  3. use crate::storage::{account_files_exists, get_account_data, set_account_data, FileManager};
  4. use acme_common::crypto::KeyPair;
  5. use acme_common::error::Error;
  6. use serde::{Deserialize, Serialize};
  7. use std::collections::HashMap;
  8. use std::time::SystemTime;
  10. #[derive(Serialize, Deserialize, PartialEq, Debug)]
  11. pub struct ExternalAccountStorage {
  12. pub identifier: String,
  13. pub key: Vec<u8>,
  14. pub signature_algorithm: String,
  15. }
  17. impl ExternalAccountStorage {
  18. fn new(external_account: &ExternalAccount) -> Self {
  19. ExternalAccountStorage {
  20. identifier: external_account.identifier.to_owned(),
  21. key: external_account.key.to_owned(),
  22. signature_algorithm: external_account.signature_algorithm.to_string(),
  23. }
  24. }
  26. fn to_generic(&self) -> Result<ExternalAccount, Error> {
  27. Ok(ExternalAccount {
  28. identifier: self.identifier.to_owned(),
  29. key: self.key.to_owned(),
  30. signature_algorithm: self.signature_algorithm.parse()?,
  31. })
  32. }
  33. }
  35. #[derive(Serialize, Deserialize, PartialEq, Debug)]
  36. struct AccountKeyStorage {
  37. creation_date: SystemTime,
  38. key: Vec<u8>,
  39. signature_algorithm: String,
  40. }
  42. impl AccountKeyStorage {
  43. fn new(key: &AccountKey) -> Result<Self, Error> {
  44. Ok(AccountKeyStorage {
  45. creation_date: key.creation_date,
  46. key: key.key.private_key_to_der()?,
  47. signature_algorithm: key.signature_algorithm.to_string(),
  48. })
  49. }
  51. fn to_generic(&self) -> Result<AccountKey, Error> {
  52. Ok(AccountKey {
  53. creation_date: self.creation_date,
  54. key: KeyPair::from_der(&self.key)?,
  55. signature_algorithm: self.signature_algorithm.parse()?,
  56. })
  57. }
  58. }
  60. #[derive(Serialize, Deserialize, PartialEq, Debug)]
  61. struct AccountEndpointStorage {
  62. creation_date: SystemTime,
  63. account_url: String,
  64. orders_url: String,
  65. key_hash: Vec<u8>,
  66. contacts_hash: Vec<u8>,
  67. external_account_hash: Vec<u8>,
  68. }
  70. impl AccountEndpointStorage {
  71. fn new(account_endpoint: &AccountEndpoint) -> Self {
  72. AccountEndpointStorage {
  73. creation_date: account_endpoint.creation_date,
  74. account_url: account_endpoint.account_url.clone(),
  75. orders_url: account_endpoint.orders_url.clone(),
  76. key_hash: account_endpoint.key_hash.clone(),
  77. contacts_hash: account_endpoint.contacts_hash.clone(),
  78. external_account_hash: account_endpoint.external_account_hash.clone(),
  79. }
  80. }
  82. fn to_generic(&self) -> AccountEndpoint {
  83. AccountEndpoint {
  84. creation_date: self.creation_date,
  85. account_url: self.account_url.clone(),
  86. orders_url: self.orders_url.clone(),
  87. key_hash: self.key_hash.clone(),
  88. contacts_hash: self.contacts_hash.clone(),
  89. external_account_hash: self.external_account_hash.clone(),
  90. }
  91. }
  92. }
  94. #[derive(Serialize, Deserialize, PartialEq, Debug)]
  95. struct AccountStorage {
  96. name: String,
  97. endpoints: HashMap<String, AccountEndpointStorage>,
  98. contacts: Vec<(String, String)>,
  99. current_key: AccountKeyStorage,
  100. past_keys: Vec<AccountKeyStorage>,
  101. external_account: Option<ExternalAccountStorage>,
  102. }
  104. fn do_fetch(file_manager: &FileManager, name: &str) -> Result<Option<Account>, Error> {
  105. if account_files_exists(file_manager) {
  106. let data = get_account_data(file_manager)?;
  107. let obj: AccountStorage = bincode::deserialize(&data[..])
  108. .map_err(|e| Error::from(&e.to_string()).prefix(name))?;
  109. let endpoints = obj
  110. .endpoints
  111. .iter()
  112. .map(|(k, v)| (k.clone(), v.to_generic()))
  113. .collect();
  114. let contacts = obj
  115. .contacts
  116. .iter()
  117. .map(|(t, v)| AccountContact::new(t, v))
  118. .collect::<Result<Vec<AccountContact>, Error>>()?;
  119. let current_key = obj.current_key.to_generic()?;
  120. let past_keys = obj
  121. .past_keys
  122. .iter()
  123. .map(|k| k.to_generic())
  124. .collect::<Result<Vec<AccountKey>, Error>>()?;
  125. let external_account = match obj.external_account {
  126. Some(a) => Some(a.to_generic()?),
  127. None => None,
  128. };
  129. Ok(Some(Account {
  130. name: obj.name,
  131. endpoints,
  132. contacts,
  133. current_key,
  134. past_keys,
  135. file_manager: file_manager.clone(),
  136. external_account,
  137. }))
  138. } else {
  139. Ok(None)
  140. }
  141. }
  143. fn do_save(file_manager: &FileManager, account: &Account) -> Result<(), Error> {
  144. let endpoints: HashMap<String, AccountEndpointStorage> = account
  145. .endpoints
  146. .iter()
  147. .map(|(k, v)| (k.to_owned(), AccountEndpointStorage::new(v)))
  148. .collect();
  149. let contacts: Vec<(String, String)> = account
  150. .contacts
  151. .iter()
  152. .map(|c| (c.contact_type.to_string(), c.value.to_owned()))
  153. .collect();
  154. let past_keys = account
  155. .past_keys
  156. .iter()
  157. .map(AccountKeyStorage::new)
  158. .collect::<Result<Vec<AccountKeyStorage>, Error>>()?;
  159. let external_account = account
  160. .external_account
  161. .as_ref()
  162. .map(ExternalAccountStorage::new);
  163. let account_storage = AccountStorage {
  164. name: account.name.to_owned(),
  165. endpoints,
  166. contacts,
  167. current_key: AccountKeyStorage::new(&account.current_key)?,
  168. past_keys,
  169. external_account,
  170. };
  171. let encoded: Vec<u8> = bincode::serialize(&account_storage)
  172. .map_err(|e| Error::from(&e.to_string()).prefix(&account.name))?;
  173. set_account_data(file_manager, &encoded)
  174. }
  176. pub fn fetch(file_manager: &FileManager, name: &str) -> Result<Option<Account>, Error> {
  177. do_fetch(file_manager, name).map_err(|_| {
  178. format!(
  179. "account \"{}\": unable to load account file: file may be corrupted",
  180. name
  181. )
  182. .into()
  183. })
  184. }
  186. pub fn save(file_manager: &FileManager, account: &Account) -> Result<(), Error> {
  187. do_save(file_manager, account).map_err(|e| format!("unable to save account file: {}", e).into())
  188. }