tor_keymgr/keystore/
ctor.rs

1//! Read-only C Tor key store support.
2
3pub(crate) mod client;
4pub(crate) mod err;
5pub(crate) mod service;
6
7use crate::keystore::fs_utils::{FilesystemAction, FilesystemError, RelKeyPath};
8use crate::{KeystoreId, Result};
9use fs_mistrust::{CheckedDir, Mistrust};
10
11use std::path::{Path, PathBuf};
12
13use err::CTorKeystoreError;
14
15pub use client::CTorClientKeystore;
16pub use service::CTorServiceKeystore;
17
18/// Common fields for C Tor keystores.
19struct CTorKeystore {
20    /// The root of the key store.
21    ///
22    /// All the keys are read from this directory.
23    keystore_dir: CheckedDir,
24    /// The unique identifier of this instance.
25    id: KeystoreId,
26}
27
28impl CTorKeystore {
29    /// Create a new `CTorKeystore` rooted at the specified `keystore_dir` directory.
30    ///
31    /// This function returns an error if `keystore_dir` is not a directory,
32    /// or if it does not conform to the requirements of the specified `Mistrust`.
33    fn from_path_and_mistrust(
34        keystore_dir: impl AsRef<Path>,
35        mistrust: &Mistrust,
36        id: KeystoreId,
37    ) -> Result<Self> {
38        let keystore_dir = mistrust
39            .verifier()
40            .check_content()
41            .secure_dir(&keystore_dir)
42            .map_err(|e| FilesystemError::FsMistrust {
43                action: FilesystemAction::Init,
44                path: keystore_dir.as_ref().into(),
45                err: e.into(),
46            })
47            .map_err(CTorKeystoreError::Filesystem)?;
48
49        Ok(Self { keystore_dir, id })
50    }
51
52    /// Return `rel_path` as a [`RelKeyPath`] relative to `keystore_dir`.
53    fn rel_path(&self, rel_path: PathBuf) -> RelKeyPath {
54        RelKeyPath::from_parts(&self.keystore_dir, rel_path)
55    }
56}