86 lines
2.7 KiB
Rust
86 lines
2.7 KiB
Rust
|
use std::time::Duration;
|
||
|
|
||
|
use serde::Deserialize;
|
||
|
|
||
|
#[derive(Deserialize)]
|
||
|
/// Specification for how the OpenPGP certificate is supposed to look like
|
||
|
pub(crate) struct Spec {
|
||
|
/// KeySpec for the primary key
|
||
|
pub(crate) primary: KeySpec,
|
||
|
/// List of KeySpec elements for the sub keys
|
||
|
pub(crate) subs: Vec<KeySpec>,
|
||
|
/// List of UserIdSpec elements for the user ids
|
||
|
pub(crate) user_ids: Vec<UserIdSpec>,
|
||
|
#[serde(flatten)]
|
||
|
/// Expiry information
|
||
|
pub(crate) expiry: Expiry,
|
||
|
}
|
||
|
|
||
|
#[derive(Deserialize)]
|
||
|
/// Specification for how the (sub) key is supposed to be configured
|
||
|
pub(crate) struct KeySpec {
|
||
|
/// List of flags to set for the key, detailing what for and how the key can be used.
|
||
|
pub(crate) flags: Vec<KeyFlag>,
|
||
|
/// Which kind of cryptography the key is going to use
|
||
|
pub(crate) cipher_suite: sequoia_openpgp::cert::CipherSuite,
|
||
|
#[serde(flatten)]
|
||
|
/// Expiry information
|
||
|
pub(crate) expiry: Expiry,
|
||
|
}
|
||
|
|
||
|
#[derive(Deserialize)]
|
||
|
/// Specification on how a user ID is supposed to look
|
||
|
pub(crate) struct UserIdSpec {
|
||
|
/// The string value of the user ID itself
|
||
|
pub(crate) value: String,
|
||
|
#[serde(default)]
|
||
|
/// A list of notation keys and values to add to the binding signature of the user ID.
|
||
|
pub(crate) notation: Vec<(String, String)>,
|
||
|
}
|
||
|
|
||
|
#[derive(Deserialize)]
|
||
|
/// Expiry spec, including right now only a validity period
|
||
|
pub(crate) struct Expiry {
|
||
|
#[serde(with = "humantime_serde::option", default)]
|
||
|
/// Validity period, how long a key is supposed to be usable for, starting with the date it was
|
||
|
/// created
|
||
|
pub(crate) validity_period: Option<Duration>,
|
||
|
}
|
||
|
|
||
|
#[derive(Deserialize)]
|
||
|
#[serde(rename_all = "snake_case")]
|
||
|
/// Flags that can be set for keys
|
||
|
pub(crate) enum KeyFlag {
|
||
|
/// Key can certify
|
||
|
Certify,
|
||
|
/// Key can sign
|
||
|
Sign,
|
||
|
/// Key can be used for transport encryption
|
||
|
EncryptForTransport,
|
||
|
/// Key can be used for encrypting data at rest
|
||
|
EncryptAtRest,
|
||
|
/// Key is split by a secret-sharing mechanism
|
||
|
SplitKey,
|
||
|
/// Key can be used for authentication
|
||
|
Authenticate,
|
||
|
/// Key is in the possession of more than one person
|
||
|
GroupKey,
|
||
|
}
|
||
|
|
||
|
impl KeyFlag {
|
||
|
pub(crate) fn fold(
|
||
|
flags: sequoia_openpgp::types::KeyFlags,
|
||
|
flag: &Self,
|
||
|
) -> sequoia_openpgp::types::KeyFlags {
|
||
|
match flag {
|
||
|
Self::Certify => flags.set_certification(),
|
||
|
Self::Sign => flags.set_signing(),
|
||
|
Self::EncryptForTransport => flags.set_transport_encryption(),
|
||
|
Self::EncryptAtRest => flags.set_storage_encryption(),
|
||
|
Self::SplitKey => flags.set_split_key(),
|
||
|
Self::Authenticate => flags.set_authentication(),
|
||
|
Self::GroupKey => flags.set_group_key(),
|
||
|
}
|
||
|
}
|
||
|
}
|