Initial commit of KeySource trait

This commit adds the KeySource trait to tough. It is meant to replace the KeySource enum in tuftool and allows for users to implement their own sources of Keys. Initially we implement this trait for local files.
zmrow · Apr 27, 2020 · 98fe031 · 98fe031
1 parent 7006d14
commit 98fe031
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 0 deletions.
diff --git a/tough/src/error.rs b/tough/src/error.rs
@@ -57,6 +57,20 @@ pub enum Error {
         backtrace: Backtrace,
     },
 
+    #[snafu(display("Failed to read {}: {}", path.display(), source))]
+    FileRead {
+        path: PathBuf,
+        source: std::io::Error,
+        backtrace: Backtrace,
+    },
+
+    #[snafu(display("Failed to write to {}: {}", path.display(), source))]
+    FileWrite {
+        path: PathBuf,
+        source: std::io::Error,
+        backtrace: Backtrace,
+    },
+
     /// A downloaded target's checksum does not match the checksum listed in the repository
     /// metadata.
     #[snafu(display(

diff --git a/tough/src/key_source.rs b/tough/src/key_source.rs
@@ -0,0 +1,45 @@
+// Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT OR Apache-2.0
+
+use crate::error;
+use crate::sign::{parse_keypair, Sign};
+use snafu::ResultExt;
+use std::fmt::Debug;
+use std::path::PathBuf;
+use std::result::Result;
+
+/// This trait should be implemented for each source of signing keys. Examples
+/// of sources include: files, AWS SSM, etc.
+pub trait KeySource: Debug + Send + Sync {
+    /// Returns an object that implements the `Sign` trait
+    fn as_sign(&self) -> Result<Box<dyn Sign>, Box<dyn std::error::Error + Send + Sync + 'static>>;
+
+    /// Writes a key back to the `KeySource`
+    fn write(
+        &self,
+        value: &str,
+        key_id_hex: &str,
+    ) -> Result<(), Box<dyn std::error::Error + Send + Sync + 'static>>;
+}
+
+#[derive(Debug)]
+pub struct LocalKeySource {
+    pub path: PathBuf,
+}
+
+/// Implements the `KeySource` trait for a `LocalKeySource` (file)
+impl KeySource for LocalKeySource {
+    fn as_sign(&self) -> Result<Box<dyn Sign>, Box<dyn std::error::Error + Send + Sync + 'static>> {
+        let data = std::fs::read(&self.path).context(error::FileRead { path: &self.path })?;
+        Ok(Box::new(parse_keypair(&data)?))
+    }
+
+    fn write(
+        &self,
+        value: &str,
+        _key_id_hex: &str,
+    ) -> Result<(), Box<dyn std::error::Error + Send + Sync + 'static>> {
+        Ok(std::fs::write(&self.path, value.as_bytes())
+            .context(error::FileWrite { path: &self.path })?)
+    }
+}
diff --git a/tough/src/lib.rs b/tough/src/lib.rs
@@ -24,6 +24,7 @@ mod datastore;
 pub mod error;
 mod fetch;
 mod io;
+pub mod key_source;
 pub mod schema;
 pub mod sign;
 mod transport;