Struct Client 

pub struct Client<D, L, R>
where
    D: Pouf,
    L: RepositoryProvider<D> + RepositoryStorage<D>,
    R: RepositoryProvider<D>,
{ /* private fields */ }

A client that interacts with TUF repositories.

Implementations

impl<D, L, R> Client<D, L, R>

where D: Pouf, L: RepositoryProvider<D> + RepositoryStorage<D>, R: RepositoryProvider<D>,

pub async fn with_trusted_local( config: Config, local: L, remote: R, ) -> Result<Self>

Create a new TUF client. It will attempt to load the latest root metadata from the local repo and use it as the initial trusted root metadata, or it will return an error if it cannot do so.

WARNING: This is trust-on-first-use (TOFU) and offers weaker security guarantees than the related methods Client::with_trusted_root, Client::with_trusted_root_keys.

Examples

let mut local = EphemeralRepository::<Pouf1>::new();
let remote = EphemeralRepository::<Pouf1>::new();

let root_version = 1;
let root = RootMetadataBuilder::new()
    .version(root_version)
    .expires(Utc.with_ymd_and_hms(2038, 1, 1, 0, 0, 0).unwrap())
    .root_key(public_key.clone())
    .snapshot_key(public_key.clone())
    .targets_key(public_key.clone())
    .timestamp_key(public_key.clone())
    .signed::<Pouf1>(&private_key)?;

let root_path = MetadataPath::root();
let root_version = MetadataVersion::Number(root_version);

local.store_metadata(
    &root_path,
    root_version,
    &mut root.to_raw().unwrap().as_bytes()
).await?;

let client = Client::with_trusted_local(
    Config::default(),
    local,
    remote,
).await?;

pub async fn with_trusted_root( config: Config, trusted_root: &RawSignedMetadata<D, RootMetadata>, local: L, remote: R, ) -> Result<Self>

Create a new TUF client. It will trust this initial root metadata.

Examples

let local = EphemeralRepository::<Pouf1>::new();
let remote = EphemeralRepository::<Pouf1>::new();

let root_version = 1;
let root_threshold = 1;
let raw_root = RootMetadataBuilder::new()
    .version(root_version)
    .expires(Utc.with_ymd_and_hms(2038, 1, 1, 0, 0, 0).unwrap())
    .root_key(public_key.clone())
    .root_threshold(root_threshold)
    .snapshot_key(public_key.clone())
    .targets_key(public_key.clone())
    .timestamp_key(public_key.clone())
    .signed::<Pouf1>(&private_key)
    .unwrap()
    .to_raw()
    .unwrap();

let client = Client::with_trusted_root(
    Config::default(),
    &raw_root,
    local,
    remote,
).await?;

pub async fn with_trusted_root_keys<'a, I>( config: Config, root_version: MetadataVersion, root_threshold: u32, trusted_root_keys: I, local: L, remote: R, ) -> Result<Self>

where I: IntoIterator<Item = &'a PublicKey>,

Create a new TUF client. It will attempt to load initial root metadata from the local and remote repositories using the provided keys to pin the verification.

Examples

let local = EphemeralRepository::<Pouf1>::new();
let mut remote = EphemeralRepository::<Pouf1>::new();

let root_version = 1;
let root_threshold = 1;
let root = RootMetadataBuilder::new()
    .version(root_version)
    .expires(Utc.with_ymd_and_hms(2038, 1, 1, 0, 0, 0).unwrap())
    .root_key(public_key.clone())
    .root_threshold(root_threshold)
    .snapshot_key(public_key.clone())
    .targets_key(public_key.clone())
    .timestamp_key(public_key.clone())
    .signed::<Pouf1>(&private_key)?;

let root_path = MetadataPath::root();
let root_version = MetadataVersion::Number(root_version);

remote.store_metadata(
    &root_path,
    root_version,
    &mut root.to_raw().unwrap().as_bytes()
).await?;

let client = Client::with_trusted_root_keys(
    Config::default(),
    root_version,
    root_threshold,
    once(&public_key),
    local,
    remote,
).await?;

pub fn from_database( config: Config, tuf: Database<D>, local: L, remote: R, ) -> Self

Create a new TUF client. It will trust and update the TUF database.

pub fn from_parts(parts: Parts<D, L, R>) -> Self

Construct a client with the given parts.

Note: Since this was created by a prior Client, it does not try to load metadata from the included local repository, since we would have done that when the prior Client was constructed.

pub async fn update(&mut self) -> Result<bool>

Update TUF metadata from the remote repository.

Returns true if an update occurred and false otherwise.

pub async fn update_with_start_time( &mut self, start_time: &DateTime<Utc>, ) -> Result<bool>

Update TUF metadata from the remote repository, using the specified time to determine if the metadata is expired.

Returns true if an update occurred and false otherwise.

WARNING: Using an older time opens up users to a freeze attack.

pub fn into_parts(self) -> Parts<D, L, R>

Consumes the Client and returns the inner Database and other parts.

pub fn database(&self) -> &Database<D>

Returns a reference to the TUF database.

pub fn database_mut(&mut self) -> &mut Database<D>

Returns a mutable reference to the TUF database.

pub fn local_repo(&self) -> &L

Returns a refrerence to the local repository.

pub fn local_repo_mut(&mut self) -> &mut L

Returns a mutable reference to the local repository.

pub fn remote_repo(&self) -> &R

Returns a refrerence to the remote repository.

pub fn remote_repo_mut(&mut self) -> &mut R

Returns a mutable reference to the remote repository.

pub async fn update_root(&mut self, start_time: &DateTime<Utc>) -> Result<bool>

Update TUF root metadata from the remote repository.

Returns true if an update occurred and false otherwise.

pub async fn fetch_target( &mut self, target: &TargetPath, ) -> Result<impl AsyncRead + Send + Unpin + '_>

Fetch a target from the remote repo.

It is critical that none of the bytes written to the write are used until this future returns Ok, as the hash of the target is not verified until all bytes are read from the repository.

pub async fn fetch_target_with_start_time( &mut self, target: &TargetPath, start_time: &DateTime<Utc>, ) -> Result<impl AsyncRead + Send + Unpin + '_>

Fetch a target from the remote repo.

It is critical that none of the bytes written to the write are used until this future returns Ok, as the hash of the target is not verified until all bytes are read from the repository.

pub async fn fetch_target_to_local(&mut self, target: &TargetPath) -> Result<()>

Fetch a target from the remote repo and write it to the local repo.

It is critical that none of the bytes written to the write are used until this future returns Ok, as the hash of the target is not verified until all bytes are read from the repository.

pub async fn fetch_target_to_local_with_start_time( &mut self, target: &TargetPath, start_time: &DateTime<Utc>, ) -> Result<()>

Fetch a target from the remote repo and write it to the local repo.

It is critical that none of the bytes written to the write are used until this future returns Ok, as the hash of the target is not verified until all bytes are read from the repository.

pub async fn fetch_target_description( &mut self, target: &TargetPath, ) -> Result<TargetDescription>

Fetch a target description from the remote repo and return it.

pub async fn fetch_target_description_with_start_time( &mut self, target: &TargetPath, start_time: &DateTime<Utc>, ) -> Result<TargetDescription>

Fetch a target description from the remote repo and return it.

Trait Implementations

impl<D, L, R> Debug for Client<D, L, R>

where D: Pouf + Debug, L: RepositoryProvider<D> + RepositoryStorage<D> + Debug, R: RepositoryProvider<D> + Debug,

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.