diff options
-rw-r--r-- | Cargo.lock | 10 | ||||
-rw-r--r-- | lockchain-core/examples/user_registry.rs | 33 | ||||
-rw-r--r-- | lockchain-core/src/crypto/encoding.rs (renamed from lockchain-core/src/crypto/utils/encoding.rs) | 0 | ||||
-rw-r--r-- | lockchain-core/src/crypto/hashing.rs (renamed from lockchain-core/src/crypto/utils/hashing.rs) | 0 | ||||
-rw-r--r-- | lockchain-core/src/crypto/mod.rs | 9 | ||||
-rw-r--r-- | lockchain-core/src/crypto/random.rs (renamed from lockchain-core/src/crypto/utils/random.rs) | 0 | ||||
-rw-r--r-- | lockchain-core/src/crypto/store.rs | 15 | ||||
-rw-r--r-- | lockchain-core/src/crypto/utils/mod.rs | 5 | ||||
-rw-r--r-- | lockchain-core/src/users/keystore.rs (renamed from lockchain-core/src/crypto/keystore.rs) | 0 | ||||
-rw-r--r-- | lockchain-core/src/users/mod.rs | 32 | ||||
-rw-r--r-- | lockchain-core/src/users/rights.rs | 22 | ||||
-rw-r--r-- | lockchain-core/src/users/secrets.rs (renamed from lockchain-core/src/crypto/secrets.rs) | 9 | ||||
-rw-r--r-- | lockchain-core/src/users/store.rs | 39 | ||||
-rw-r--r-- | lockchain-crypto/Cargo.toml | 2 | ||||
-rw-r--r-- | lockchain-files/Cargo.toml | 2 | ||||
-rw-r--r-- | lockchain-http/Cargo.toml | 2 |
16 files changed, 91 insertions, 89 deletions
@@ -901,7 +901,7 @@ dependencies = [ name = "lockchain-crypto" version = "0.8.1-alpha.0" dependencies = [ - "lockchain-core 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", + "lockchain-core 0.9.1-alpha.0", "miscreant 0.4.0-beta2 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.70 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.70 (registry+https://github.com/rust-lang/crates.io-index)", @@ -911,18 +911,18 @@ dependencies = [ name = "lockchain-files" version = "0.9.1-alpha.0" dependencies = [ - "lockchain-core 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", + "lockchain-core 0.9.1-alpha.0", ] [[package]] name = "lockchain-http" -version = "0.4.0" +version = "0.4.1-alpha.0" dependencies = [ "actix 0.5.8 (registry+https://github.com/rust-lang/crates.io-index)", "actix-web 0.6.15 (registry+https://github.com/rust-lang/crates.io-index)", "env_logger 0.5.10 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.22 (registry+https://github.com/rust-lang/crates.io-index)", - "lockchain-core 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", + "lockchain-core 0.9.1-alpha.0", "serde 1.0.70 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.70 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -935,7 +935,7 @@ dependencies = [ "insult 2.0.3 (registry+https://github.com/rust-lang/crates.io-index)", "lockchain-core 0.9.1-alpha.0", "lockchain-files 0.9.1-alpha.0", - "lockchain-http 0.4.0", + "lockchain-http 0.4.1-alpha.0", ] [[package]] diff --git a/lockchain-core/examples/user_registry.rs b/lockchain-core/examples/user_registry.rs deleted file mode 100644 index 8bb5c69..0000000 --- a/lockchain-core/examples/user_registry.rs +++ /dev/null @@ -1,33 +0,0 @@ -//! User registry in a vault is done via the metadata store -//! -//! In addition to that the `lockchain-core ` provides some simple -//! utilities to manage Users and UserStore objects, mapping them -//! onto metadata stores. -//! -//! In this example we will define a function that takes a generic -//! Vault implementation backend (because lockchain-core doesn't -//! provide a concrete way of doing this) and registering a user -//! into it. -//! -//! Please note you can't actually _run_ this code example, because -//! no concrete type can be known. The exact same example (with a type) -//! can however be found in `lockchain-files` - - -extern crate lockchain_core as lockchain; -use lockchain::users::{User, UserStore, Access, Role}; -use lockchain::traits::Vault; -use lockchain::EncryptedBody; - -fn main() { - // register(your_vault_here, "spacekookie", "password"); -} - -/// This function takes a generic Vault which MUST implement -/// the EncryptedBody backend. This would normally be the case -/// for the `DataVault` provided by `lockchain-files` -fn register<V: Vault<EncryptedBody>>(vault: &mut V, username: &str, password: &str) { - let me = User::register(username, password); -} - - diff --git a/lockchain-core/src/crypto/utils/encoding.rs b/lockchain-core/src/crypto/encoding.rs index 0c49490..0c49490 100644 --- a/lockchain-core/src/crypto/utils/encoding.rs +++ b/lockchain-core/src/crypto/encoding.rs diff --git a/lockchain-core/src/crypto/utils/hashing.rs b/lockchain-core/src/crypto/hashing.rs index 4a24a17..4a24a17 100644 --- a/lockchain-core/src/crypto/utils/hashing.rs +++ b/lockchain-core/src/crypto/hashing.rs diff --git a/lockchain-core/src/crypto/mod.rs b/lockchain-core/src/crypto/mod.rs index ad9c0e1..ef52912 100644 --- a/lockchain-core/src/crypto/mod.rs +++ b/lockchain-core/src/crypto/mod.rs @@ -13,11 +13,10 @@ mod keys { } mod data; -mod utils; -pub use utils::*; -pub mod keystore; -pub mod store; +pub mod encoding; +pub mod random; +pub mod hashing; pub use self::data::PackedData; -pub use self::keystore::KeyStore; pub use self::keys::{Key, KeyType}; +pub use users::KeyStore;
\ No newline at end of file diff --git a/lockchain-core/src/crypto/utils/random.rs b/lockchain-core/src/crypto/random.rs index 7d31992..7d31992 100644 --- a/lockchain-core/src/crypto/utils/random.rs +++ b/lockchain-core/src/crypto/random.rs diff --git a/lockchain-core/src/crypto/store.rs b/lockchain-core/src/crypto/store.rs deleted file mode 100644 index f57359d..0000000 --- a/lockchain-core/src/crypto/store.rs +++ /dev/null @@ -1,15 +0,0 @@ - -use std::collections::HashMap; - -/// A thin user keystore -/// -/// It's implementation can manage multiple keys per user, of various -/// types and constrained for limited access rights. -pub struct KeyStore { - -} - -struct StoreUser { - name: String, - HashMap< -}
\ No newline at end of file diff --git a/lockchain-core/src/crypto/utils/mod.rs b/lockchain-core/src/crypto/utils/mod.rs deleted file mode 100644 index d57689c..0000000 --- a/lockchain-core/src/crypto/utils/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -//! A collection of common cryptography utilities. - -pub mod encoding; -pub mod random; -pub mod hashing;
\ No newline at end of file diff --git a/lockchain-core/src/crypto/keystore.rs b/lockchain-core/src/users/keystore.rs index 71d7be2..71d7be2 100644 --- a/lockchain-core/src/crypto/keystore.rs +++ b/lockchain-core/src/users/keystore.rs diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs index 338cc5e..e9205d1 100644 --- a/lockchain-core/src/users/mod.rs +++ b/lockchain-core/src/users/mod.rs @@ -14,10 +14,19 @@ //! data to load and store them into a metadata store. mod auth; +mod rights; mod tokens; +mod keystore; + +mod store; +mod secrets; + pub use self::auth::pam_authenticate; +pub use self::keystore::KeyStore; pub use self::tokens::Token; + pub use errors::AuthError; +pub use self::rights::{Access, Role}; use crypto::{encoding, hashing, random}; use std::collections::HashMap; @@ -26,27 +35,6 @@ use { traits::{AutoEncoder, Base64AutoEncoder}, }; -/// Specifies access to a resource -#[derive(Hash, Serialize, Deserialize, Clone, PartialEq, Eq)] -pub enum Access { - /// Allows access to vault metadata & index files - Vault(Role), - /// Allows access to a record resource inside a vault - Record(Role, String), -} - -impl AutoEncoder for Access {} - -/// Specifies the capabilities of a user -#[derive(Hash, Serialize, Deserialize, Clone, PartialEq, Eq)] -pub enum Role { - Reader, - Editor, - Admin, -} - -impl AutoEncoder for Role {} - /// A generic user representation /// /// A user has an identify check built in that can verify a passphrase @@ -83,7 +71,7 @@ impl User { self.pw_hash == encoding::base64_encode(&hashing::blake2(pw, &self.name).to_vec()) } /// Provides a hook to use second-factor authentication to authorise - /// + /// /// This is meant to be used with an external Yubikey pub fn second_auth_verify(&mut self) -> bool { unimplemented!() diff --git a/lockchain-core/src/users/rights.rs b/lockchain-core/src/users/rights.rs new file mode 100644 index 0000000..4404253 --- /dev/null +++ b/lockchain-core/src/users/rights.rs @@ -0,0 +1,22 @@ +use traits::AutoEncoder; + +/// Specifies access to a resource +#[derive(Hash, Serialize, Deserialize, Clone, PartialEq, Eq)] +pub enum Access { + /// Allows access to vault metadata & index files + Vault(Role), + /// Allows access to a record resource inside a vault + Record(Role, String), +} + +impl AutoEncoder for Access {} + +/// Specifies the capabilities of a user +#[derive(Hash, Serialize, Deserialize, Clone, PartialEq, Eq)] +pub enum Role { + Reader, + Editor, + Admin, +} + +impl AutoEncoder for Role {} diff --git a/lockchain-core/src/crypto/secrets.rs b/lockchain-core/src/users/secrets.rs index 87e2c13..8210a09 100644 --- a/lockchain-core/src/crypto/secrets.rs +++ b/lockchain-core/src/users/secrets.rs @@ -1,5 +1,7 @@ +use traits::AutoEncoder; /// Specifies the type of secret that's used to derive a vault user secret +#[derive(Serialize, Deserialize)] pub enum SecretType { /// A simple password Plain, @@ -9,6 +11,8 @@ pub enum SecretType { Combine, } +impl AutoEncoder for SecretType {} + /// The backing secret for user authentication /// /// This is _always_ in a non-recoverable form, i.e. a hash @@ -19,7 +23,10 @@ pub enum SecretType { /// might be supported to verify operations. For example, a `Keyfile` /// secret can deposit the entire public key in the `content` field, /// then use asymmetric operations to verify operations more thoroughly. +#[derive(Serialize, Deserialize)] pub struct UserSecret { - type: SecretType, + tt: SecretType, content: String, } + +impl AutoEncoder for UserSecret {} diff --git a/lockchain-core/src/users/store.rs b/lockchain-core/src/users/store.rs new file mode 100644 index 0000000..d400668 --- /dev/null +++ b/lockchain-core/src/users/store.rs @@ -0,0 +1,39 @@ +use super::rights::Access; +use super::secrets::SecretType; +use crypto::Key; +use std::collections::HashMap; + +/// A thin user keystore +/// +/// It's implementation can manage multiple keys per user, of various +/// types and constrained for limited access rights. +pub struct KeyStore { + store: HashMap<String, StoreUser>, +} + +struct StoreUser { + name: String, + keys: HashMap<Access, Key>, +} + +impl KeyStore { + /// Create a new, empty keystore + /// + /// This is most likely *not* what you want. Instead, transform + /// a `MetaData` object into a keystore. + pub fn new() -> Self { + Self { + store: HashMap::new(), + } + } + + pub fn add_user(&mut self) {} + + pub fn rm_user(&mut self) {} + + pub fn add_key(&mut self, user: String, k: Key, access: Access) {} + + pub fn get_key(&self, user: String, access: Access) -> &Key { + unimplemented!() + } +} diff --git a/lockchain-crypto/Cargo.toml b/lockchain-crypto/Cargo.toml index 656f60f..10a69ae 100644 --- a/lockchain-crypto/Cargo.toml +++ b/lockchain-crypto/Cargo.toml @@ -9,7 +9,7 @@ version = "0.8.1-alpha.0" authors = ["Katharina Fey <kookie@spacekookie.de>"] [dependencies] -lockchain-core = { version = "0.9.0", path = "../lockchain-core" } +lockchain-core = { version = "0.9.1-alpha.0", path = "../lockchain-core" } serde_derive = "1.0" serde = "1.0" diff --git a/lockchain-files/Cargo.toml b/lockchain-files/Cargo.toml index 8656fbf..e63455a 100644 --- a/lockchain-files/Cargo.toml +++ b/lockchain-files/Cargo.toml @@ -10,4 +10,4 @@ readme = "README.md" license = "MIT/X11 OR Apache-2.0" [dependencies] -lockchain-core = { version = "0.9.0" } # lockchain-core = { version = "0.9.1-alpha.0", path = "../lockchain-core" } +lockchain-core = { version = "0.9.1-alpha.0", path = "../lockchain-core" } diff --git a/lockchain-http/Cargo.toml b/lockchain-http/Cargo.toml index 128c9c9..9150033 100644 --- a/lockchain-http/Cargo.toml +++ b/lockchain-http/Cargo.toml @@ -10,7 +10,7 @@ readme = "README.md" license = "MIT/X11 OR Apache-2.0" [dependencies] -lockchain-core = { version = "0.9.0" }# lockchain-core = { version = "0.9.1-alpha.0", path = "../lockchain-core" } +lockchain-core = { version = "0.9.1-alpha.0", path = "../lockchain-core" } env_logger = "0.5" # Serialisation stack |