forked from rust-lang/cargo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: extract asymmetric to its own module
- Loading branch information
Showing
2 changed files
with
162 additions
and
122 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
//! Registry asymmetric authentication support. See [RFC 3231] for more. | ||
//! | ||
//! [RFC 3231]: https://rust-lang.github.io/rfcs/3231-cargo-asymmetric-tokens.html | ||
use pasetors::keys::AsymmetricPublicKey; | ||
use pasetors::keys::AsymmetricSecretKey; | ||
use pasetors::paserk; | ||
use pasetors::paserk::FormatAsPaserk; | ||
use pasetors::version3; | ||
use pasetors::version3::PublicToken; | ||
use time::format_description::well_known::Rfc3339; | ||
use time::OffsetDateTime; | ||
|
||
use crate::core::SourceId; | ||
use crate::ops::RegistryCredentialConfig; | ||
use crate::CargoResult; | ||
|
||
use super::Mutation; | ||
use super::Secret; | ||
|
||
/// The main body of an asymmetric token as describe in RFC 3231. | ||
#[derive(serde::Serialize)] | ||
struct Message<'a> { | ||
iat: &'a str, | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
sub: Option<&'a str>, | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
mutation: Option<&'a str>, | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
name: Option<&'a str>, | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
vers: Option<&'a str>, | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
cksum: Option<&'a str>, | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
challenge: Option<&'a str>, | ||
/// This field is not yet used. This field can be set to a value >1 to | ||
/// indicate a breaking change in the token format. | ||
#[serde(skip_serializing_if = "Option::is_none")] | ||
v: Option<u8>, | ||
} | ||
|
||
/// The footer of an asymmetric token as describe in RFC 3231. | ||
#[derive(serde::Serialize)] | ||
struct Footer<'a> { | ||
url: &'a str, | ||
kip: paserk::Id, | ||
} | ||
|
||
/// Checks that a secret key is valid, and returns the associated public key in | ||
/// Paserk format. | ||
pub fn paserk_public_from_paserk_secret(secret_key: Secret<&str>) -> Option<String> { | ||
let secret: Secret<AsymmetricSecretKey<version3::V3>> = | ||
secret_key.map(|key| key.try_into()).transpose().ok()?; | ||
let public: AsymmetricPublicKey<version3::V3> = secret | ||
.as_ref() | ||
.map(|key| key.try_into()) | ||
.transpose() | ||
.ok()? | ||
.expose(); | ||
let mut paserk_pub_key = String::new(); | ||
FormatAsPaserk::fmt(&public, &mut paserk_pub_key).unwrap(); | ||
Some(paserk_pub_key) | ||
} | ||
|
||
/// Generates a public token from a registry's `credential` configuration for | ||
/// authenticating to a `source_id` | ||
/// | ||
/// An optional `mutation` for authenticating a mutation operation aganist the | ||
/// registry. | ||
pub fn public_token_from_credential( | ||
credential: RegistryCredentialConfig, | ||
source_id: &SourceId, | ||
mutation: Option<&'_ Mutation<'_>>, | ||
) -> CargoResult<Secret<String>> { | ||
let RegistryCredentialConfig::AsymmetricKey((secret_key, secret_key_subject)) = credential else { | ||
anyhow::bail!("credential must be an asymmetric secret key") | ||
}; | ||
|
||
let secret: Secret<AsymmetricSecretKey<version3::V3>> = | ||
secret_key.map(|key| key.as_str().try_into()).transpose()?; | ||
let public: AsymmetricPublicKey<version3::V3> = secret | ||
.as_ref() | ||
.map(|key| key.try_into()) | ||
.transpose()? | ||
.expose(); | ||
let kip = (&public).try_into()?; | ||
let iat = OffsetDateTime::now_utc(); | ||
|
||
let message = Message { | ||
iat: &iat.format(&Rfc3339)?, | ||
sub: secret_key_subject.as_deref(), | ||
mutation: mutation.and_then(|m| { | ||
Some(match m { | ||
Mutation::PrePublish => return None, | ||
Mutation::Publish { .. } => "publish", | ||
Mutation::Yank { .. } => "yank", | ||
Mutation::Unyank { .. } => "unyank", | ||
Mutation::Owners { .. } => "owners", | ||
}) | ||
}), | ||
name: mutation.and_then(|m| { | ||
Some(match m { | ||
Mutation::PrePublish => return None, | ||
Mutation::Publish { name, .. } | ||
| Mutation::Yank { name, .. } | ||
| Mutation::Unyank { name, .. } | ||
| Mutation::Owners { name, .. } => *name, | ||
}) | ||
}), | ||
vers: mutation.and_then(|m| { | ||
Some(match m { | ||
Mutation::PrePublish | Mutation::Owners { .. } => return None, | ||
Mutation::Publish { vers, .. } | ||
| Mutation::Yank { vers, .. } | ||
| Mutation::Unyank { vers, .. } => *vers, | ||
}) | ||
}), | ||
cksum: mutation.and_then(|m| { | ||
Some(match m { | ||
Mutation::PrePublish | ||
| Mutation::Yank { .. } | ||
| Mutation::Unyank { .. } | ||
| Mutation::Owners { .. } => return None, | ||
Mutation::Publish { cksum, .. } => *cksum, | ||
}) | ||
}), | ||
challenge: None, // todo: PASETO with challenges | ||
v: None, | ||
}; | ||
|
||
let footer = Footer { | ||
url: &source_id.url().to_string(), | ||
kip, | ||
}; | ||
|
||
let secret = secret | ||
.map(|secret| { | ||
PublicToken::sign( | ||
&secret, | ||
serde_json::to_string(&message) | ||
.expect("cannot serialize") | ||
.as_bytes(), | ||
Some( | ||
serde_json::to_string(&footer) | ||
.expect("cannot serialize") | ||
.as_bytes(), | ||
), | ||
None, | ||
) | ||
}) | ||
.transpose()?; | ||
|
||
Ok(secret) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters