diff options
| author | Stuart Stock <stuart@int08h.com> | 2018-10-11 21:33:08 -0500 |
|---|---|---|
| committer | Stuart Stock <stuart@int08h.com> | 2018-10-11 21:33:08 -0500 |
| commit | ed89d98692ac273ec7dfc39c19008334077779a3 (patch) | |
| tree | e2e18b84b6bda3473ed88745ae14a9337cbd5d28 /src | |
| parent | dda76cfc88d6673358c6dd21007c227c45ccb13f (diff) | |
| download | roughenough-ed89d98692ac273ec7dfc39c19008334077779a3.zip | |
rustfmt
Diffstat (limited to 'src')
| -rw-r--r-- | src/bin/roughenough-kms.rs | 36 | ||||
| -rw-r--r-- | src/config/environment.rs | 4 | ||||
| -rw-r--r-- | src/config/file.rs | 3 | ||||
| -rw-r--r-- | src/error.rs | 18 | ||||
| -rw-r--r-- | src/key/mod.rs | 13 |
5 files changed, 46 insertions, 28 deletions
diff --git a/src/bin/roughenough-kms.rs b/src/bin/roughenough-kms.rs index c8d3c74..072f451 100644 --- a/src/bin/roughenough-kms.rs +++ b/src/bin/roughenough-kms.rs @@ -57,27 +57,33 @@ pub fn main() { let matches = App::new("Roughenough key management") .version(VERSION) - .arg(Arg::with_name("KEY_ID") - .short("k") - .long("kms-key") - .takes_value(true) - .required(true) - .help("Identity of the KMS key to be used")) - .arg(Arg::with_name("SEED") - .short("s") - .long("seed") - .takes_value(true) - .required(true) - .help("Seed for the server's long-term identity")) - .get_matches(); + .arg( + Arg::with_name("KEY_ID") + .short("k") + .long("kms-key") + .takes_value(true) + .required(true) + .help("Identity of the KMS key to be used"), + ).arg( + Arg::with_name("SEED") + .short("s") + .long("seed") + .takes_value(true) + .required(true) + .help("Seed for the server's long-term identity"), + ).get_matches(); let kms_key = matches.value_of("KEY_ID").unwrap(); - let plaintext_seed = matches.value_of("SEED") + let plaintext_seed = matches + .value_of("SEED") .map(|seed| hex::decode(seed).expect("Error parsing seed value")) .unwrap(); if plaintext_seed.len() != 32 { - error!("Seed must be 32 bytes long; provided seed is {}", plaintext_seed.len()); + error!( + "Seed must be 32 bytes long; provided seed is {}", + plaintext_seed.len() + ); return; } diff --git a/src/config/environment.rs b/src/config/environment.rs index 14559d1..b7fe0da 100644 --- a/src/config/environment.rs +++ b/src/config/environment.rs @@ -74,8 +74,8 @@ impl EnvironmentConfig { }; if let Ok(seed) = env::var(ROUGHENOUGH_SEED) { - cfg.seed = hex::decode(&seed) - .expect("invalid seed value; 'seed' should be a hex value"); + cfg.seed = + hex::decode(&seed).expect("invalid seed value; 'seed' should be a hex value"); }; if let Ok(batch_size) = env::var(ROUGHENOUGH_BATCH_SIZE) { diff --git a/src/config/file.rs b/src/config/file.rs index fd84404..602baa1 100644 --- a/src/config/file.rs +++ b/src/config/file.rs @@ -87,7 +87,8 @@ impl FileConfig { config.status_interval = Duration::from_secs(val as u64) } "key_protection" => { - let val = value.as_str().unwrap().parse() + let val = value.as_str().unwrap() + .parse() .expect(format!("invalid key_protection value: {:?}", value).as_ref()); config.key_protection = val } diff --git a/src/error.rs b/src/error.rs index 971bccd..7ffe1eb 100644 --- a/src/error.rs +++ b/src/error.rs @@ -14,8 +14,8 @@ use std; -use tag::Tag; use key::KmsError; +use tag::Tag; /// Error types generated by this implementation #[derive(Debug)] @@ -63,10 +63,18 @@ impl From<std::io::Error> for Error { impl From<KmsError> for Error { fn from(err: KmsError) -> Self { match err { - KmsError::OperationFailed(m) => Error::InvalidConfiguration(m), - KmsError::InvalidConfiguration(m) => Error::InvalidConfiguration(m), - KmsError::InvalidData(m) => Error::InvalidConfiguration(m), - KmsError::InvalidKey(m) => Error::InvalidConfiguration(m), + KmsError::OperationFailed(m) => { + Error::InvalidConfiguration(format!("KMS operation failed: {}", m)) + } + KmsError::InvalidConfiguration(m) => { + Error::InvalidConfiguration(format!("invalid KMS config: {}", m)) + } + KmsError::InvalidData(m) => { + Error::InvalidConfiguration(format!("invalid KMS data: {}", m)) + } + KmsError::InvalidKey(m) => { + Error::InvalidConfiguration(format!("invalid KMS key: {}", m)) + } } } } diff --git a/src/key/mod.rs b/src/key/mod.rs index 3fe365f..e59bfda 100644 --- a/src/key/mod.rs +++ b/src/key/mod.rs @@ -32,8 +32,8 @@ pub use self::envelope::EnvelopeEncryption; pub use self::longterm::LongTermKey; pub use self::online::OnlineKey; -use super::error; use super::config::ServerConfig; +use super::error; #[derive(Debug, PartialEq, Eq, PartialOrd, Hash, Clone)] pub enum KeyProtection { @@ -65,7 +65,7 @@ impl FromStr for KeyProtection { "plaintext" => Ok(KeyProtection::Plaintext), s if s.starts_with("arn") => Ok(KeyProtection::AwsKmsEnvelope(s.to_string())), s if s.starts_with("gcp") => Ok(KeyProtection::GoogleKmsEnvelope(s.to_string())), - _ => Err(()) + _ => Err(()), } } } @@ -130,7 +130,9 @@ pub fn load_seed(config: &Box<ServerConfig>) -> Result<Vec<u8>, error::Error> { let seed = EnvelopeEncryption::decrypt_seed(&kms, &config.seed())?; Ok(seed) } - _ => Err(error::Error::InvalidConfiguration("Google KMS not supported".to_string())) + _ => Err(error::Error::InvalidConfiguration( + "Google KMS not supported".to_string(), + )), } } @@ -138,7 +140,8 @@ pub fn load_seed(config: &Box<ServerConfig>) -> Result<Vec<u8>, error::Error> { pub fn load_seed(config: &Box<ServerConfig>) -> Result<Vec<u8>, error::Error> { match config.key_protection() { KeyProtection::Plaintext => Ok(config.seed()), - v => Err(error::Error::InvalidConfiguration( - format!("key_protection '{}' implies KMS but server was not compiled with KMS support", v))) + v => Err(error::Error::InvalidConfiguration(format!( + "key_protection '{}' implies KMS but server was not compiled with KMS support", v + ))), } } |