parsec-tool-0.7.0/.cargo/audit.toml000064400000000000000000000020201046102023000152260ustar 00000000000000[advisories] ignore = [] informational_warnings = ["unmaintained"] # warn for categories of informational advisories severity_threshold = "low" # CVSS severity ("none", "low", "medium", "high", "critical") # Advisory Database Configuration [database] path = "/tmp/advisory-db" # Path where advisory git repo will be cloned url = "https://github.com/RustSec/advisory-db.git" # URL to git repo fetch = true # Perform a `git fetch` before auditing stale = false # Allow stale advisory DB (i.e. no commits for 90 days) # Output Configuration [output] deny = ["unmaintained"] # exit on error if unmaintained dependencies are found format = "terminal" # "terminal" (human readable report) or "json" quiet = false # Only print information on error show_tree = true # Show inverse dependency trees along with advisories # Target Configuration [target] os = "linux" # Ignore advisories for operating systems other than this one [yanked] enabled = true # Warn for yanked crates in Cargo.lock update_index = true # Auto-update the crates.io index parsec-tool-0.7.0/.cargo_vcs_info.json0000644000000001360000000000100132700ustar { "git": { "sha1": "662219039543cdbc914a01d38cec4a48674e4c71" }, "path_in_vcs": "" }parsec-tool-0.7.0/.github/workflows/ci.yml000064400000000000000000000015001046102023000165670ustar 00000000000000name: Continuous Integration on: [push, pull_request, workflow_dispatch] jobs: build: name: Execute CI script runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Install and run Parsec with the Mbed Crypto provider run: | git clone https://github.com/parallaxsecond/parsec.git cd parsec cargo build --features "mbed-crypto-provider" ./target/debug/parsec -c ../tests/test_config.toml & - name: Execute CI script run: ./tests/ci.sh links: name: Check links runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Link Checker uses: peter-evans/link-checker@v1 with: args: -v -r *.md - name: Fail if there were link errors run: exit ${{ steps.lc.outputs.exit_code }} parsec-tool-0.7.0/.github/workflows/nightly.yml000064400000000000000000000021661046102023000176630ustar 00000000000000name: Nightly Checks on: schedule: # Every night at midnight - cron: '0 0 * * *' workflow_dispatch: inputs: rev: description: "Revision hash to run against" required: false default: "" jobs: dependencies: name: Check for unused dependencies runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: ref: "${{ github.event.inputs.rev }}" - name: Install latest Rust uses: actions-rs/toolchain@v1 with: toolchain: nightly - name: Install cargo udeps run: cargo install cargo-udeps --locked - name: Execute cargo udeps run: cargo +nightly udeps audit: name: Check for crates with security vulnerabilities runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: ref: "${{ github.event.inputs.rev }}" - name: Install latest Rust uses: actions-rs/toolchain@v1 with: toolchain: nightly - name: Install cargo audit run: cargo install cargo-audit - name: Execute cargo audit run: cargo audit parsec-tool-0.7.0/.gitignore000064400000000000000000000000351046102023000140460ustar 00000000000000/target *patch .devcontainer parsec-tool-0.7.0/.travis.yml.disabled000064400000000000000000000001351046102023000157360ustar 00000000000000# Executing our tests on Arm64 with Travis CI arch: arm64 language: rust script: - ./ci.sh parsec-tool-0.7.0/CHANGELOG.md000064400000000000000000000402751046102023000137010ustar 00000000000000# Changelog ## [0.7.0](https://github.com/parallaxsecond/parsec-tool/tree/0.7.0) (2023-10-17) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.7.0-rc1...0.7.0) ## [0.7.0-rc1](https://github.com/parallaxsecond/parsec-tool/tree/0.7.0-rc1) (2023-10-17) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.6.0...0.7.0-rc1) **Closed issues:** - Intermittent test failure for test\_csr\(\) and test\_signing\(\) [\#101](https://github.com/parallaxsecond/parsec-tool/issues/101) **Merged pull requests:** - Remove unused atty dependency [\#110](https://github.com/parallaxsecond/parsec-tool/pull/110) ([tgonzalezorlandoarm](https://github.com/tgonzalezorlandoarm)) - Disable structopt default features [\#109](https://github.com/parallaxsecond/parsec-tool/pull/109) ([tgonzalezorlandoarm](https://github.com/tgonzalezorlandoarm)) - Update parsec-interface [\#108](https://github.com/parallaxsecond/parsec-tool/pull/108) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) - Remove unmaintained ansi\_term, clap crates and update env\_logger [\#107](https://github.com/parallaxsecond/parsec-tool/pull/107) ([tgonzalezorlandoarm](https://github.com/tgonzalezorlandoarm)) - Align crates with parsec service [\#106](https://github.com/parallaxsecond/parsec-tool/pull/106) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) - Bump parsec-client and other crates [\#105](https://github.com/parallaxsecond/parsec-tool/pull/105) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) - ci: Add workflow dispatch [\#104](https://github.com/parallaxsecond/parsec-tool/pull/104) ([tgonzalezorlandoarm](https://github.com/tgonzalezorlandoarm)) - Bump ASN1 crates dependencies [\#102](https://github.com/parallaxsecond/parsec-tool/pull/102) ([anta5010](https://github.com/anta5010)) ## [0.6.0](https://github.com/parallaxsecond/parsec-tool/tree/0.6.0) (2023-03-27) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.6.0-rc2...0.6.0) ## [0.6.0-rc2](https://github.com/parallaxsecond/parsec-tool/tree/0.6.0-rc2) (2023-03-27) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.6.0-rc1...0.6.0-rc2) **Merged pull requests:** - Align crates version with parsec-service [\#99](https://github.com/parallaxsecond/parsec-tool/pull/99) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) - Fix nightly CI and update lock [\#98](https://github.com/parallaxsecond/parsec-tool/pull/98) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) ## [0.6.0-rc1](https://github.com/parallaxsecond/parsec-tool/tree/0.6.0-rc1) (2023-03-15) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.5.4...0.6.0-rc1) **Merged pull requests:** - Bump parsec-client [\#97](https://github.com/parallaxsecond/parsec-tool/pull/97) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) - Add support for RSA OAEP into parsec-tool and parsec-cli-tests.sh [\#96](https://github.com/parallaxsecond/parsec-tool/pull/96) ([anta5010](https://github.com/anta5010)) - Update lib.rs to remove const\_err [\#95](https://github.com/parallaxsecond/parsec-tool/pull/95) ([marcsvll](https://github.com/marcsvll)) ## [0.5.4](https://github.com/parallaxsecond/parsec-tool/tree/0.5.4) (2022-10-12) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.5.3...0.5.4) **Closed issues:** - parsec-cli-tests.sh incorrectly fails with openssl 3.0.5 [\#90](https://github.com/parallaxsecond/parsec-tool/issues/90) **Merged pull requests:** - Create 0.5.4 point release [\#93](https://github.com/parallaxsecond/parsec-tool/pull/93) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) - Make RSA key string generic [\#92](https://github.com/parallaxsecond/parsec-tool/pull/92) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) ## [0.5.3](https://github.com/parallaxsecond/parsec-tool/tree/0.5.3) (2022-09-12) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.5.2...0.5.3) **Implemented enhancements:** - Support serialNumber attribute as part of DN for CSR [\#84](https://github.com/parallaxsecond/parsec-tool/issues/84) - Allow strength of RSA keys to be specified on the command-line [\#83](https://github.com/parallaxsecond/parsec-tool/issues/83) **Merged pull requests:** - Update Chanege log for the release 0.5.3 [\#89](https://github.com/parallaxsecond/parsec-tool/pull/89) ([mohamedasaker-arm](https://github.com/mohamedasaker-arm)) - Release prep 0.5.3 [\#88](https://github.com/parallaxsecond/parsec-tool/pull/88) ([mohamedasaker-arm](https://github.com/mohamedasaker-arm)) - Support a 'bits' argument for specifying the size/strength of RSA keys. [\#86](https://github.com/parallaxsecond/parsec-tool/pull/86) ([paulhowardarm](https://github.com/paulhowardarm)) - Support serialNumber field of Distinguished Name for CSRs. [\#85](https://github.com/parallaxsecond/parsec-tool/pull/85) ([paulhowardarm](https://github.com/paulhowardarm)) - Update cargo audit configuration [\#81](https://github.com/parallaxsecond/parsec-tool/pull/81) ([hug-dev](https://github.com/hug-dev)) - Add an encrypt command plus tests. [\#80](https://github.com/parallaxsecond/parsec-tool/pull/80) ([paulhowardarm](https://github.com/paulhowardarm)) ## [0.5.2](https://github.com/parallaxsecond/parsec-tool/tree/0.5.2) (2022-03-21) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.5.1...0.5.2) **Merged pull requests:** - Prepare 0.5.2 release [\#78](https://github.com/parallaxsecond/parsec-tool/pull/78) ([ionut-arm](https://github.com/ionut-arm)) - Update `regex` to 1.5.5 [\#77](https://github.com/parallaxsecond/parsec-tool/pull/77) ([ionut-arm](https://github.com/ionut-arm)) - Update version of `rcgen` we use [\#76](https://github.com/parallaxsecond/parsec-tool/pull/76) ([ionut-arm](https://github.com/ionut-arm)) ## [0.5.1](https://github.com/parallaxsecond/parsec-tool/tree/0.5.1) (2022-02-22) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.5.0...0.5.1) **Merged pull requests:** - Update changelog for 0.5.x [\#74](https://github.com/parallaxsecond/parsec-tool/pull/74) ([ionut-arm](https://github.com/ionut-arm)) - Update dependencies that have been yanked [\#73](https://github.com/parallaxsecond/parsec-tool/pull/73) ([ionut-arm](https://github.com/ionut-arm)) - Bump version of PSA Crypto crates [\#72](https://github.com/parallaxsecond/parsec-tool/pull/72) ([ionut-arm](https://github.com/ionut-arm)) ## [0.5.0](https://github.com/parallaxsecond/parsec-tool/tree/0.5.0) (2022-02-15) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.4.0...0.5.0) **Fixed bugs:** - Some commands should not need authentication [\#49](https://github.com/parallaxsecond/parsec-tool/issues/49) **Closed issues:** - Error detection broken in parsec-cli-tests.sh [\#66](https://github.com/parallaxsecond/parsec-tool/issues/66) **Merged pull requests:** - Prepare to release new version [\#71](https://github.com/parallaxsecond/parsec-tool/pull/71) ([ionut-arm](https://github.com/ionut-arm)) - Small output fixes [\#70](https://github.com/parallaxsecond/parsec-tool/pull/70) ([anta5010](https://github.com/anta5010)) - Support the creation of RSA signing keys as well as encryption keys [\#69](https://github.com/parallaxsecond/parsec-tool/pull/69) ([paulhowardarm](https://github.com/paulhowardarm)) - Early support for certificate request generation in parsec-tool [\#68](https://github.com/parallaxsecond/parsec-tool/pull/68) ([paulhowardarm](https://github.com/paulhowardarm)) - Avoid using pipes to run all test commands in the same sub-shell [\#67](https://github.com/parallaxsecond/parsec-tool/pull/67) ([anta5010](https://github.com/anta5010)) - fix \#49 [\#65](https://github.com/parallaxsecond/parsec-tool/pull/65) ([jn9e9](https://github.com/jn9e9)) - Upgrade client's version [\#64](https://github.com/parallaxsecond/parsec-tool/pull/64) ([hug-dev](https://github.com/hug-dev)) - Update CHANGELOG.md with 0.4.0 details [\#63](https://github.com/parallaxsecond/parsec-tool/pull/63) ([anta5010](https://github.com/anta5010)) ## [0.4.0](https://github.com/parallaxsecond/parsec-tool/tree/0.4.0) (2021-09-24) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.3.1...0.4.0) **Implemented enhancements:** - Add round-trip testing [\#47](https://github.com/parallaxsecond/parsec-tool/issues/47) **Merged pull requests:** - Bump version to 0.4.0 [\#62](https://github.com/parallaxsecond/parsec-tool/pull/62) ([anta5010](https://github.com/anta5010)) - Bash wrapper for parsec-tool to run basic e2e Parsec tests [\#61](https://github.com/parallaxsecond/parsec-tool/pull/61) ([anta5010](https://github.com/anta5010)) - Update CHaNGELOG [\#59](https://github.com/parallaxsecond/parsec-tool/pull/59) ([hug-dev](https://github.com/hug-dev)) ## [0.3.1](https://github.com/parallaxsecond/parsec-tool/tree/0.3.1) (2021-08-04) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.3.0...0.3.1) **Implemented enhancements:** - --provider option for list-opcodes is not consistent [\#53](https://github.com/parallaxsecond/parsec-tool/issues/53) - Use the implicit provider for list\_opcodes [\#54](https://github.com/parallaxsecond/parsec-tool/pull/54) ([hug-dev](https://github.com/hug-dev)) **Fixed bugs:** - Update sha2 version [\#57](https://github.com/parallaxsecond/parsec-tool/pull/57) ([hug-dev](https://github.com/hug-dev)) **Closed issues:** - Update the demo with most recent contents [\#44](https://github.com/parallaxsecond/parsec-tool/issues/44) **Merged pull requests:** - Prepare for the next release [\#58](https://github.com/parallaxsecond/parsec-tool/pull/58) ([hug-dev](https://github.com/hug-dev)) - Add cargo-audit config file [\#56](https://github.com/parallaxsecond/parsec-tool/pull/56) ([ionut-arm](https://github.com/ionut-arm)) - Update the CHANGELOG file [\#51](https://github.com/parallaxsecond/parsec-tool/pull/51) ([hug-dev](https://github.com/hug-dev)) ## [0.3.0](https://github.com/parallaxsecond/parsec-tool/tree/0.3.0) (2021-03-18) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.2.0...0.3.0) **Closed issues:** - Tag 0.2.0 and upload on crates.io [\#45](https://github.com/parallaxsecond/parsec-tool/issues/45) **Merged pull requests:** - Prepare for 0.3.0 release [\#50](https://github.com/parallaxsecond/parsec-tool/pull/50) ([hug-dev](https://github.com/hug-dev)) - Specify format of public keys in README [\#48](https://github.com/parallaxsecond/parsec-tool/pull/48) ([ionut-arm](https://github.com/ionut-arm)) ## [0.2.0](https://github.com/parallaxsecond/parsec-tool/tree/0.2.0) (2021-02-23) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/0.1.0...0.2.0) **Implemented enhancements:** - Make the output of export-public-key more useful. [\#28](https://github.com/parallaxsecond/parsec-tool/issues/28) - Add encrypt/decrypt support [\#27](https://github.com/parallaxsecond/parsec-tool/issues/27) - Format public key to PEM [\#38](https://github.com/parallaxsecond/parsec-tool/pull/38) ([ionut-arm](https://github.com/ionut-arm)) - Add BasicClient to ParsecToolApp [\#35](https://github.com/parallaxsecond/parsec-tool/pull/35) ([ionut-arm](https://github.com/ionut-arm)) **Fixed bugs:** - Review the default options [\#30](https://github.com/parallaxsecond/parsec-tool/issues/30) **Closed issues:** - Add basic CLI tests on the CI [\#42](https://github.com/parallaxsecond/parsec-tool/issues/42) - Check if it is possible to use the BasicClient for operations [\#36](https://github.com/parallaxsecond/parsec-tool/issues/36) - Add support for sign/verify [\#31](https://github.com/parallaxsecond/parsec-tool/issues/31) - Automatic key creation for some operations [\#29](https://github.com/parallaxsecond/parsec-tool/issues/29) - Rename commands to remove PSA prefix and make them more user-friendly [\#26](https://github.com/parallaxsecond/parsec-tool/issues/26) - Add support for ListClients and DeleteClient [\#22](https://github.com/parallaxsecond/parsec-tool/issues/22) **Merged pull requests:** - Add some CLI tests on the CI [\#46](https://github.com/parallaxsecond/parsec-tool/pull/46) ([hug-dev](https://github.com/hug-dev)) - Use log crate instead of custom logging logic [\#43](https://github.com/parallaxsecond/parsec-tool/pull/43) ([hug-dev](https://github.com/hug-dev)) - Add a timeout CLI option [\#41](https://github.com/parallaxsecond/parsec-tool/pull/41) ([hug-dev](https://github.com/hug-dev)) - Add decrypt/sign and simplify things [\#39](https://github.com/parallaxsecond/parsec-tool/pull/39) ([hug-dev](https://github.com/hug-dev)) - Rectify the key creation operations [\#34](https://github.com/parallaxsecond/parsec-tool/pull/34) ([hug-dev](https://github.com/hug-dev)) - Rename things with more friendly names [\#33](https://github.com/parallaxsecond/parsec-tool/pull/33) ([hug-dev](https://github.com/hug-dev)) - Replace default\_value with Option [\#32](https://github.com/parallaxsecond/parsec-tool/pull/32) ([hug-dev](https://github.com/hug-dev)) - Update the Rust client to the spiffe-less version [\#25](https://github.com/parallaxsecond/parsec-tool/pull/25) ([hug-dev](https://github.com/hug-dev)) - Add ListClients and DeleteClient operations [\#24](https://github.com/parallaxsecond/parsec-tool/pull/24) ([hug-dev](https://github.com/hug-dev)) - Update dependencies [\#23](https://github.com/parallaxsecond/parsec-tool/pull/23) ([ionut-arm](https://github.com/ionut-arm)) - Disable Travis CI builds and update Cargo.lock [\#21](https://github.com/parallaxsecond/parsec-tool/pull/21) ([ionut-arm](https://github.com/ionut-arm)) - Add project changelog [\#20](https://github.com/parallaxsecond/parsec-tool/pull/20) ([ionut-arm](https://github.com/ionut-arm)) - Remove unused anyhow [\#19](https://github.com/parallaxsecond/parsec-tool/pull/19) ([hug-dev](https://github.com/hug-dev)) - Upgrade the client's version to add SPIFFE support [\#18](https://github.com/parallaxsecond/parsec-tool/pull/18) ([hug-dev](https://github.com/hug-dev)) - Add list-authenticators subcommand [\#17](https://github.com/parallaxsecond/parsec-tool/pull/17) ([hug-dev](https://github.com/hug-dev)) ## [0.1.0](https://github.com/parallaxsecond/parsec-tool/tree/0.1.0) (2020-10-20) [Full Changelog](https://github.com/parallaxsecond/parsec-tool/compare/d36eb9f5d2e57fc29924c7e32c11da0c66b4ba4e...0.1.0) **Implemented enhancements:** - Make use of client bootstrapping functionality [\#16](https://github.com/parallaxsecond/parsec-tool/pull/16) ([ionut-arm](https://github.com/ionut-arm)) - Add the generate and destroy key operations [\#13](https://github.com/parallaxsecond/parsec-tool/pull/13) ([hug-dev](https://github.com/hug-dev)) - Upgrade the client version [\#12](https://github.com/parallaxsecond/parsec-tool/pull/12) ([hug-dev](https://github.com/hug-dev)) - Upgrade dependencies [\#10](https://github.com/parallaxsecond/parsec-tool/pull/10) ([hug-dev](https://github.com/hug-dev)) - Add asciinema demo [\#5](https://github.com/parallaxsecond/parsec-tool/pull/5) ([joechrisellis](https://github.com/joechrisellis)) - Add initial parsec-tool implementation [\#1](https://github.com/parallaxsecond/parsec-tool/pull/1) ([joechrisellis](https://github.com/joechrisellis)) **Closed issues:** - Use the bootstrapping client [\#15](https://github.com/parallaxsecond/parsec-tool/issues/15) - asciinema demo [\#2](https://github.com/parallaxsecond/parsec-tool/issues/2) **Merged pull requests:** - Add list-keys subcommand [\#14](https://github.com/parallaxsecond/parsec-tool/pull/14) ([joechrisellis](https://github.com/joechrisellis)) - Add psa-export-key subcommand [\#9](https://github.com/parallaxsecond/parsec-tool/pull/9) ([joechrisellis](https://github.com/joechrisellis)) - Add psa-export-public-key subcommand [\#8](https://github.com/parallaxsecond/parsec-tool/pull/8) ([joechrisellis](https://github.com/joechrisellis)) - List providers UUID fix [\#6](https://github.com/parallaxsecond/parsec-tool/pull/6) ([joechrisellis](https://github.com/joechrisellis)) - Move subcommand dispatching to `Subcommand` enum [\#4](https://github.com/parallaxsecond/parsec-tool/pull/4) ([joechrisellis](https://github.com/joechrisellis)) - Add psa-generate-random subcommand [\#3](https://github.com/parallaxsecond/parsec-tool/pull/3) ([joechrisellis](https://github.com/joechrisellis)) \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* parsec-tool-0.7.0/Cargo.lock0000644000001236430000000000100112540ustar # This file is automatically @generated by Cargo. # It is not intended for manual editing. version = 3 [[package]] name = "aho-corasick" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" dependencies = [ "memchr", ] [[package]] name = "anyhow" version = "1.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" [[package]] name = "asn1-rs" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30ff05a702273012438132f449575dbc804e27b2f3cbe3069aa237d26c98fa33" dependencies = [ "asn1-rs-derive", "asn1-rs-impl", "displaydoc", "nom 7.1.3", "num-traits", "rusticata-macros", "thiserror", "time", ] [[package]] name = "asn1-rs-derive" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "db8b7511298d5b7784b40b092d9e9dcd3a627a5707e4b5e507931ab0d44eeebf" dependencies = [ "proc-macro2", "quote", "syn 1.0.109", "synstructure", ] [[package]] name = "asn1-rs-impl" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" dependencies = [ "proc-macro2", "quote", "syn 1.0.109", ] [[package]] name = "autocfg" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "base64" version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" version = "0.21.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" [[package]] name = "bincode" version = "1.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" dependencies = [ "serde", ] [[package]] name = "bindgen" version = "0.57.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd4865004a46a0aafb2a0a5eb19d3c9fc46ee5f063a6cfc605c69ac9ecf5263d" dependencies = [ "bitflags 1.3.2", "cexpr", "clang-sys", "lazy_static", "lazycell", "peeking_take_while", "proc-macro2", "quote", "regex", "rustc-hash", "shlex", ] [[package]] name = "bitflags" version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "block-buffer" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" dependencies = [ "generic-array", ] [[package]] name = "bumpalo" version = "3.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytes" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cc" version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ "libc", ] [[package]] name = "cexpr" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f4aedb84272dbe89af497cf81375129abda4fc0a9e7c5d317498c15cc30c0d27" dependencies = [ "nom 5.1.3", ] [[package]] name = "cfg-if" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "clang-sys" version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" dependencies = [ "glob", "libc", "libloading", ] [[package]] name = "clap" version = "2.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" dependencies = [ "bitflags 1.3.2", "textwrap", "unicode-width", ] [[package]] name = "cmake" version = "0.1.50" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" dependencies = [ "cc", ] [[package]] name = "const-oid" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" [[package]] name = "cpufeatures" version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" dependencies = [ "libc", ] [[package]] name = "data-encoding" version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308" [[package]] name = "der" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" dependencies = [ "const-oid", ] [[package]] name = "der-parser" version = "7.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe398ac75057914d7d07307bf67dc7f3f574a26783b4fc7805a20ffa9f506e82" dependencies = [ "asn1-rs", "displaydoc", "nom 7.1.3", "num-bigint", "num-traits", "rusticata-macros", ] [[package]] name = "derivative" version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" dependencies = [ "proc-macro2", "quote", "syn 1.0.109", ] [[package]] name = "digest" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" dependencies = [ "generic-array", ] [[package]] name = "displaydoc" version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", ] [[package]] name = "either" version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" [[package]] name = "env_logger" version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0" dependencies = [ "humantime", "is-terminal", "log", "regex", "termcolor", ] [[package]] name = "errno" version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" dependencies = [ "libc", "windows-sys", ] [[package]] name = "form_urlencoded" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652" dependencies = [ "percent-encoding", ] [[package]] name = "futures" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "23342abe12aba583913b2e62f22225ff9c950774065e4bfb61a19cd9770fec40" dependencies = [ "futures-channel", "futures-core", "futures-executor", "futures-io", "futures-sink", "futures-task", "futures-util", ] [[package]] name = "futures-channel" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" dependencies = [ "futures-core", "futures-sink", ] [[package]] name = "futures-core" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" [[package]] name = "futures-executor" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0" dependencies = [ "futures-core", "futures-task", "futures-util", ] [[package]] name = "futures-io" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" [[package]] name = "futures-macro" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", ] [[package]] name = "futures-sink" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e" [[package]] name = "futures-task" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" [[package]] name = "futures-util" version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" dependencies = [ "futures-channel", "futures-core", "futures-io", "futures-macro", "futures-sink", "futures-task", "memchr", "pin-project-lite", "pin-utils", "slab", ] [[package]] name = "generic-array" version = "0.14.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", ] [[package]] name = "glob" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "grpcio" version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24d99e00eed7e0a04ee2705112e7cfdbe1a3cc771147f22f016a8cd2d002187b" dependencies = [ "futures", "grpcio-sys", "libc", "log", "parking_lot", "protobuf", ] [[package]] name = "grpcio-sys" version = "0.9.1+1.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9447d1a926beeef466606cc45717f80897998b548e7dc622873d453e1ecb4be4" dependencies = [ "bindgen", "cc", "cmake", "libc", "libz-sys", "pkg-config", "walkdir", ] [[package]] name = "heck" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c" dependencies = [ "unicode-segmentation", ] [[package]] name = "hermit-abi" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" [[package]] name = "humantime" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "idna" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" dependencies = [ "unicode-bidi", "unicode-normalization", ] [[package]] name = "instant" version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" dependencies = [ "cfg-if", ] [[package]] name = "is-terminal" version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", "rustix", "windows-sys", ] [[package]] name = "itertools" version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" dependencies = [ "either", ] [[package]] name = "itoa" version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" [[package]] name = "js-sys" version = "0.3.64" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" dependencies = [ "wasm-bindgen", ] [[package]] name = "jsonwebkey" version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c57c852b14147e2bd58c14fde40398864453403ef632b1101db130282ee6e2cc" dependencies = [ "base64 0.13.1", "bitflags 1.3.2", "generic-array", "jsonwebtoken", "num-bigint", "serde", "serde_json", "thiserror", "yasna 0.4.0", "zeroize", ] [[package]] name = "jsonwebtoken" version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" dependencies = [ "base64 0.21.4", "pem", "ring", "serde", "serde_json", "simple_asn1", ] [[package]] name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "lazycell" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" version = "0.2.149" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" [[package]] name = "libloading" version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" dependencies = [ "cfg-if", "winapi", ] [[package]] name = "libz-sys" version = "1.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d97137b25e321a73eef1418d1d5d2eda4d77e12813f8e6dead84bc52c5870a7b" dependencies = [ "cc", "libc", "pkg-config", "vcpkg", ] [[package]] name = "linux-raw-sys" version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "lock_api" version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" dependencies = [ "autocfg", "scopeguard", ] [[package]] name = "log" version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "memchr" version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] name = "minimal-lexical" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "nom" version = "5.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08959a387a676302eebf4ddbcbc611da04285579f76f88ee0506c63b1a61dd4b" dependencies = [ "memchr", "version_check", ] [[package]] name = "nom" version = "7.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" dependencies = [ "memchr", "minimal-lexical", ] [[package]] name = "num" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b05180d69e3da0e530ba2a1dae5110317e49e3b7f3d41be227dc5f92e49ee7af" dependencies = [ "num-bigint", "num-complex", "num-integer", "num-iter", "num-rational", "num-traits", ] [[package]] name = "num-bigint" version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" dependencies = [ "autocfg", "num-integer", "num-traits", ] [[package]] name = "num-complex" version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ba157ca0885411de85d6ca030ba7e2a83a28636056c7c699b07c8b6f7383214" dependencies = [ "num-traits", ] [[package]] name = "num-derive" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", ] [[package]] name = "num-integer" version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" dependencies = [ "autocfg", "num-traits", ] [[package]] name = "num-iter" version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" dependencies = [ "autocfg", "num-integer", "num-traits", ] [[package]] name = "num-rational" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0638a1c9d0a3c0914158145bc76cff373a75a627e6ecbfb71cbe6f453a5a19b0" dependencies = [ "autocfg", "num-bigint", "num-integer", "num-traits", ] [[package]] name = "num-traits" version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" dependencies = [ "autocfg", ] [[package]] name = "oid" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2" dependencies = [ "serde", ] [[package]] name = "oid-registry" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "38e20717fa0541f39bd146692035c37bedfa532b3e5071b35761082407546b2a" dependencies = [ "asn1-rs", ] [[package]] name = "once_cell" version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" [[package]] name = "opaque-debug" version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "parking_lot" version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" dependencies = [ "instant", "lock_api", "parking_lot_core", ] [[package]] name = "parking_lot_core" version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "60a2cfe6f0ad2bfc16aefa463b497d5c7a5ecd44a23efa72aa342d90177356dc" dependencies = [ "cfg-if", "instant", "libc", "redox_syscall", "smallvec", "winapi", ] [[package]] name = "parsec-client" version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a36f9d8e27166cf0586913812454174286e094d594cc8b28d8a8d02d64406bbc" dependencies = [ "derivative", "libc", "log", "num", "parsec-interface", "spiffe", "url", "zeroize", ] [[package]] name = "parsec-interface" version = "0.29.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cc706e09209b30f10baa35709d41b9cc01d4931b21c00679f59db96cd1650add" dependencies = [ "bincode", "derivative", "log", "num", "num-derive", "num-traits", "prost", "psa-crypto", "secrecy", "serde", "uuid", "zeroize", ] [[package]] name = "parsec-tool" version = "0.7.0" dependencies = [ "base64 0.13.1", "env_logger", "log", "oid", "parsec-client", "pem", "picky-asn1", "picky-asn1-der", "picky-asn1-x509", "rcgen", "serde", "sha2", "structopt", "thiserror", ] [[package]] name = "peeking_take_while" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" [[package]] name = "pem" version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" dependencies = [ "base64 0.13.1", ] [[package]] name = "percent-encoding" version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" [[package]] name = "picky-asn1" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "295eea0f33c16be21e2a98b908fdd4d73c04dd48c8480991b76dbcf0cb58b212" dependencies = [ "oid", "serde", "serde_bytes", ] [[package]] name = "picky-asn1-der" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5df7873a9e36d42dadb393bea5e211fe83d793c172afad5fb4ec846ec582793f" dependencies = [ "picky-asn1", "serde", "serde_bytes", ] [[package]] name = "picky-asn1-x509" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208" dependencies = [ "base64 0.21.4", "oid", "picky-asn1", "picky-asn1-der", "serde", ] [[package]] name = "pin-project-lite" version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" [[package]] name = "pin-utils" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkcs8" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" dependencies = [ "der", "spki", ] [[package]] name = "pkg-config" version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" [[package]] name = "proc-macro-error" version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" dependencies = [ "proc-macro-error-attr", "proc-macro2", "quote", "syn 1.0.109", "version_check", ] [[package]] name = "proc-macro-error-attr" version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" dependencies = [ "proc-macro2", "quote", "version_check", ] [[package]] name = "proc-macro2" version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" dependencies = [ "unicode-ident", ] [[package]] name = "prost" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "444879275cb4fd84958b1a1d5420d15e6fcf7c235fe47f053c9c2a80aceb6001" dependencies = [ "bytes", "prost-derive", ] [[package]] name = "prost-derive" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9cc1a3263e07e0bf68e96268f37665207b49560d98739662cdfaae215c720fe" dependencies = [ "anyhow", "itertools", "proc-macro2", "quote", "syn 1.0.109", ] [[package]] name = "protobuf" version = "2.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" [[package]] name = "psa-crypto" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "89c2256e525b9a45ec3bbb3382a43dd8809240279e0aab8ea7ee220e9295445b" dependencies = [ "log", "psa-crypto-sys", "serde", "zeroize", ] [[package]] name = "psa-crypto-sys" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f170cac3a328e1678916b276067ec170a5a51db1b9b8b4c00b44c2839819a963" dependencies = [ "cc", "cmake", "regex", "walkdir", ] [[package]] name = "quote" version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" dependencies = [ "proc-macro2", ] [[package]] name = "rcgen" version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6413f3de1edee53342e6138e75b56d32e7bc6e332b3bd62d497b1929d4cfbcdd" dependencies = [ "pem", "ring", "time", "yasna 0.5.2", ] [[package]] name = "redox_syscall" version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" dependencies = [ "bitflags 1.3.2", ] [[package]] name = "regex" version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d119d7c7ca818f8a53c300863d4f87566aac09943aef5b355bb83969dae75d87" dependencies = [ "aho-corasick", "memchr", "regex-automata", "regex-syntax", ] [[package]] name = "regex-automata" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "465c6fc0621e4abc4187a2bda0937bfd4f722c2730b29562e19689ea796c9a4b" dependencies = [ "aho-corasick", "memchr", "regex-syntax", ] [[package]] name = "regex-syntax" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3cbb081b9784b07cceb8824c8583f86db4814d172ab043f3c23f7dc600bf83d" [[package]] name = "ring" version = "0.16.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" dependencies = [ "cc", "libc", "once_cell", "spin", "untrusted", "web-sys", "winapi", ] [[package]] name = "rustc-hash" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rusticata-macros" version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" dependencies = [ "nom 7.1.3", ] [[package]] name = "rustix" version = "0.38.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "745ecfa778e66b2b63c88a61cb36e0eea109e803b0b86bf9879fbc77c70e86ed" dependencies = [ "bitflags 2.4.1", "errno", "libc", "linux-raw-sys", "windows-sys", ] [[package]] name = "ryu" version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" [[package]] name = "same-file" version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" dependencies = [ "winapi-util", ] [[package]] name = "scopeguard" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "secrecy" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" dependencies = [ "serde", "zeroize", ] [[package]] name = "serde" version = "1.0.188" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" dependencies = [ "serde_derive", ] [[package]] name = "serde_bytes" version = "0.11.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ab33ec92f677585af6d88c65593ae2375adde54efdbf16d597f2cbc7a6d368ff" dependencies = [ "serde", ] [[package]] name = "serde_derive" version = "1.0.188" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", ] [[package]] name = "serde_json" version = "1.0.107" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" dependencies = [ "itoa", "ryu", "serde", ] [[package]] name = "sha2" version = "0.9.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" dependencies = [ "block-buffer", "cfg-if", "cpufeatures", "digest", "opaque-debug", ] [[package]] name = "shlex" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2" [[package]] name = "simple_asn1" version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "adc4e5204eb1910f40f9cfa375f6f05b68c3abac4b6fd879c8ff5e7ae8a0a085" dependencies = [ "num-bigint", "num-traits", "thiserror", "time", ] [[package]] name = "slab" version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" dependencies = [ "autocfg", ] [[package]] name = "smallvec" version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" [[package]] name = "spiffe" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f30161ecb25b9acc06eb61d750aaf1c4b3a536e22ff19fc2d250976537e93a11" dependencies = [ "futures", "grpcio", "jsonwebkey", "jsonwebtoken", "pkcs8", "protobuf", "serde", "serde_json", "simple_asn1", "thiserror", "time", "url", "x509-parser", "zeroize", ] [[package]] name = "spin" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" dependencies = [ "der", ] [[package]] name = "structopt" version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c6b5c64445ba8094a6ab0c3cd2ad323e07171012d9c98b0b15651daf1787a10" dependencies = [ "clap", "lazy_static", "structopt-derive", ] [[package]] name = "structopt-derive" version = "0.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dcb5ae327f9cc13b68763b5749770cb9e048a99bd9dfdfa58d0cf05d5f64afe0" dependencies = [ "heck", "proc-macro-error", "proc-macro2", "quote", "syn 1.0.109", ] [[package]] name = "syn" version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] [[package]] name = "syn" version = "2.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] [[package]] name = "synstructure" version = "0.12.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" dependencies = [ "proc-macro2", "quote", "syn 1.0.109", "unicode-xid", ] [[package]] name = "termcolor" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6093bad37da69aab9d123a8091e4be0aa4a03e4d601ec641c327398315f62b64" dependencies = [ "winapi-util", ] [[package]] name = "textwrap" version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" dependencies = [ "unicode-width", ] [[package]] name = "thiserror" version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", ] [[package]] name = "time" version = "0.3.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59e399c068f43a5d116fedaf73b203fa4f9c519f17e2b34f63221d3792f81446" dependencies = [ "itoa", "serde", "time-core", "time-macros", ] [[package]] name = "time-core" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" [[package]] name = "time-macros" version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96ba15a897f3c86766b757e5ac7221554c6750054d74d5b28844fce5fb36a6c4" dependencies = [ "time-core", ] [[package]] name = "tinyvec" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" dependencies = [ "tinyvec_macros", ] [[package]] name = "tinyvec_macros" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "typenum" version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-bidi" version = "0.3.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" [[package]] name = "unicode-ident" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" version = "0.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" dependencies = [ "tinyvec", ] [[package]] name = "unicode-segmentation" version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1dd624098567895118886609431a7c3b8f516e41d30e0643f03d94592a147e36" [[package]] name = "unicode-width" version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" [[package]] name = "unicode-xid" version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" [[package]] name = "untrusted" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" [[package]] name = "url" version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "143b538f18257fac9cad154828a57c6bf5157e1aa604d4816b5995bf6de87ae5" dependencies = [ "form_urlencoded", "idna", "percent-encoding", ] [[package]] name = "uuid" version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" [[package]] name = "vcpkg" version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] name = "version_check" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "walkdir" version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" dependencies = [ "same-file", "winapi-util", ] [[package]] name = "wasm-bindgen" version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" dependencies = [ "cfg-if", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", "syn 2.0.38", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" dependencies = [ "quote", "wasm-bindgen-macro-support", ] [[package]] name = "wasm-bindgen-macro-support" version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" [[package]] name = "web-sys" version = "0.3.64" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" dependencies = [ "js-sys", "wasm-bindgen", ] [[package]] name = "winapi" version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" dependencies = [ "winapi-i686-pc-windows-gnu", "winapi-x86_64-pc-windows-gnu", ] [[package]] name = "winapi-i686-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" dependencies = [ "winapi", ] [[package]] name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", "windows_x86_64_msvc", ] [[package]] name = "windows_aarch64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "x509-parser" version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9fb9bace5b5589ffead1afb76e43e34cff39cd0f3ce7e170ae0c29e53b88eb1c" dependencies = [ "asn1-rs", "base64 0.13.1", "data-encoding", "der-parser", "lazy_static", "nom 7.1.3", "oid-registry", "rusticata-macros", "thiserror", "time", ] [[package]] name = "yasna" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e262a29d0e61ccf2b6190d7050d4b237535fc76ce4c1210d9caa316f71dffa75" dependencies = [ "num-bigint", ] [[package]] name = "yasna" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" dependencies = [ "time", ] [[package]] name = "zeroize" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" dependencies = [ "zeroize_derive", ] [[package]] name = "zeroize_derive" version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", "syn 2.0.38", ] parsec-tool-0.7.0/Cargo.toml0000644000000033320000000000100112670ustar # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2018" rust-version = "1.66.0" name = "parsec-tool" version = "0.7.0" authors = ["Contributors to the Parsec project"] description = "Parsec Command Line Interface" documentation = "https://docs.rs/crate/parsec-tool" readme = "README.md" keywords = [ "parsec", "cli", "tool", ] categories = [ "development-tools", "command-line-utilities", ] license = "Apache-2.0" repository = "https://github.com/parallaxsecond/parsec-tool" [lib] name = "parsec_tool" path = "src/lib.rs" [[bin]] name = "parsec-tool" [dependencies.base64] version = "0.13.0" [dependencies.env_logger] version = "0.10.0" [dependencies.log] version = "0.4.14" [dependencies.oid] version = "0.2" features = ["serde_support"] [dependencies.parsec-client] version = "0.16.0" [dependencies.pem] version = "1.1.0" [dependencies.picky-asn1] version = "0.8.0" [dependencies.picky-asn1-der] version = "0.4.1" [dependencies.picky-asn1-x509] version = "0.12.0" [dependencies.rcgen] version = "0.9.2" features = ["pem"] [dependencies.serde] version = "1.0.123" [dependencies.sha2] version = "0.9.9" [dependencies.structopt] version = "0.3.17" default-features = false [dependencies.thiserror] version = "1.0.20" [features] default = [] spiffe-auth = ["parsec-client/spiffe"] parsec-tool-0.7.0/Cargo.toml.orig000064400000000000000000000017321046102023000147520ustar 00000000000000[package] name = "parsec-tool" version = "0.7.0" authors = ["Contributors to the Parsec project"] description = "Parsec Command Line Interface" license = "Apache-2.0" repository = "https://github.com/parallaxsecond/parsec-tool" readme = "README.md" keywords = ["parsec", "cli", "tool"] categories = ["development-tools", "command-line-utilities"] edition = "2018" documentation = "https://docs.rs/crate/parsec-tool" rust-version = "1.66.0" [dependencies] parsec-client = "0.16.0" structopt = { version = "0.3.17", default-features = false } thiserror = "1.0.20" env_logger = "0.10.0" oid = { version = "0.2", features = ["serde_support"] } pem = "1.1.0" base64 = "0.13.0" picky-asn1 = "0.8.0" picky-asn1-der = "0.4.1" picky-asn1-x509 = "0.12.0" serde = "1.0.123" sha2 = "0.9.9" log = "0.4.14" rcgen = { version = "0.9.2", features = ["pem"] } [lib] name = "parsec_tool" path = "src/lib.rs" [[bin]] name = "parsec-tool" [features] default = [] spiffe-auth = ["parsec-client/spiffe"] parsec-tool-0.7.0/LICENSE000064400000000000000000000261361046102023000130750ustar 00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. parsec-tool-0.7.0/MAINTAINERS.toml000064400000000000000000000021621046102023000145300ustar 00000000000000# parsec-tool maintainers file # # This file lists the maintainers of the parallaxsecond/parsec-tool # project. # # Its structure is inspired from the maintainers files in the Docker Github # repositories. Please see the MAINTAINERS file in docker/opensource for more # information. [maintainers] # Core maintainers of the project. [maintainers.core] people = [ "hug-dev", "ionut-arm", "justincormack", "paulhowardarm", "joechrisellis", ] [people] # A reference list of all people associated with the project. [people.hug-dev] Name = "Hugues de Valon" Email = "hugues.devalon@arm.com" GitHub = "hug-dev" [people.ionut-arm] Name = "Ionut Mihalcea" Email = "ionut.mihalcea@docker.com" GitHub = "ionut-arm" [people.justincormack] Name = "Justin Cormack" Email = "justin.cormack@docker.com" GitHub = "justincormack" [people.paulhowardarm] Name = "Paul Howard" Email = "paul.howard@arm.com" GitHub = "paulhowardarm" [people.joechrisellis] Name = "Joe Ellis" Email = "joe.ellis@arm.com" GitHub = "joechrisellis" parsec-tool-0.7.0/README.md000064400000000000000000000057501046102023000133460ustar 00000000000000# Parsec Tool

Crates.io Code documentation

This repository contains a tool to communicate with the [Parsec service](https://github.com/parallaxsecond/parsec) on the command-line. ## Getting started To compile and list the available commands: ``` $ cargo build $ cargo run ``` Ping the service: ``` $ cargo run -- ping ``` ## Modifying Parsec service endpoint For demos and to test the Parsec service, you might want to change the Parsec endpoint location. For that, set the `PARSEC_SERVICE_ENDPOINT` environment variable to correction endpoint. To set a Unix Domain Socket Listener endpoint at `/tmp/parsec.sock`: ``` $ export PARSEC_SERVICE_ENDPOINT=unix:/tmp/parsec.sock ``` ## Modifying logging output You can set the `RUST_LOG` environment variable to modify the logging outpout. See [the documentation](https://docs.rs/env_logger/0.8.3/env_logger/index.html) for more information. ## Data format Unless specified otherwise below, the data format expected by the commands is the same as describe in the [Parsec Book](https://parallaxsecond.github.io/parsec-book/parsec_client/operations/index.html). The `--help` option of commands might give more information about the expected format. - ECDSA signatures are formatted using the ASN.1 representation `Ecdsa-Sig-Value` described in [RFC 3279](https://tools.ietf.org/html/rfc3279#section-2.2.3). - Plaintext data is expected/shown as a UTF-8 string (input data of `sign`, output data of `decrypt`). - Ciphertext data is expected/shown as base 64 (output data of `sign`, input data of `decrypt`). - Exported public keys are encoded in PEM. By default PKCS#8 format is used for RSA [RFC 3279](https://datatracker.ietf.org/doc/html/rfc3279#section-2.3.1) and ECC [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2) public keys. With `--pkcs1` parameter RSA keys exported in PKCS#1 format [RFC 2313](https://datatracker.ietf.org/doc/html/rfc2313#section-7.1). ## SPIFFE based authenticator To be able to authenticate with the [JWT-SVID authenticator](https://parallaxsecond.github.io/parsec-book/parsec_service/authenticators.html#jwt-spiffe-verifiable-identity-document-authenticator), compile this crate with the `spiffe-auth` feature. # Demo [![asciicast](https://asciinema.org/a/RNPjvbgKDlQ0FRFUUKjjNUom6.svg)](https://asciinema.org/a/RNPjvbgKDlQ0FRFUUKjjNUom6) `tests/parsec-cli-tests.sh` can be used for end to end Parsec tests using parsec-tool. # License The software is provided under Apache-2.0. Contributions to this project are accepted under the same license. # Contributing Please check the [**Contribution Guidelines**](https://parallaxsecond.github.io/parsec-book/contributing/index.html) to know more about the contribution process. *Copyright 2020 Contributors to the Parsec project.* parsec-tool-0.7.0/SECURITY.md000064400000000000000000000032321046102023000136510ustar 00000000000000# Security policy Security is of paramount importance to the Parsec project. We do all we can to identify and fix issues, however some problems might slip through the cracks. Any efforts towards responsible disclosure of security problems are greatly appreciated and your contributions will be acknowledged. ## Supported versions Currently only the most recent version of the Parsec tool is eligible for patching. This could change in the future. | Version | Supported | |------------------|-----------| | 0.5.0 and higher | ✅ | | 0.4.0 and lower | ❌ | ## Our disclosure policy All security vulnerabilities affecting the Parsec service - including those reported using the steps highlighted below, those discovered during routine testing, and those found in our dependency tree either through `cargo-audit` or otherwise - will receive [security advisories](https://github.com/parallaxsecond/parsec-tool/security/advisories) in a timely manner. The advisories should include sufficient information about the cause, effect, and possible mitigations for the vulnerability. If any information is missing, or you would like to raise a question about the advisories, please open an issue in [our repo](https://github.com/parallaxsecond/parsec-tool). Efforts to mitigate for the reported vulnerabilities will be tracked using Github issues linked to the corresponding advisories. ## Reporting a vulnerability To report a vulnerability, please send an email to [cncf-parsec-maintainers@lists.cncf.io](mailto:cncf-parsec-maintainers@lists.cncf.io). We will reply to acknowledge your report and we'll strive to keep you in the loop as we try to reach a resolution. parsec-tool-0.7.0/src/cli/mod.rs000064400000000000000000000020171046102023000145430ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Base CLI implementation. use crate::common::{PROJECT_AUTHOR, PROJECT_DESC, PROJECT_NAME, PROJECT_VERSION}; use crate::subcommands::Subcommand; use structopt::StructOpt; /// Struct representing the command-line interface of parsec-tool. #[derive(Debug, StructOpt)] #[structopt(name=PROJECT_NAME, about=PROJECT_DESC, author=PROJECT_AUTHOR, version=PROJECT_VERSION)] pub struct ParsecToolApp { /// The ID of the provider to target for the command. Will use the default provider if not specified. #[structopt(short = "p", long = "provider")] pub provider: Option, /// The timeout time used for all commands in seconds. Will use the client's default if not specified. If /// set to 0, will not use any timeout and will block indefinitely. #[structopt(short = "t", long = "timeout")] pub timeout: Option, /// The subcommand -- e.g., ping. #[structopt(subcommand)] pub subcommand: Subcommand, } parsec-tool-0.7.0/src/common.rs000064400000000000000000000007661046102023000145160ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Common variables. /// The project name from Cargo. pub const PROJECT_NAME: &str = env!("CARGO_PKG_NAME"); /// The project description from Cargo. pub const PROJECT_DESC: &str = env!("CARGO_PKG_DESCRIPTION"); /// The project author from Cargo. pub const PROJECT_AUTHOR: &str = env!("CARGO_PKG_AUTHORS"); /// The project version from Cargo. pub const PROJECT_VERSION: &str = env!("CARGO_PKG_VERSION"); parsec-tool-0.7.0/src/error.rs000064400000000000000000000034371046102023000143550ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Error definitions/handling. use thiserror::Error; /// Errors in parsec-tool. #[derive(Error, Debug)] pub enum Error { /// Error emanating from the parsec_client crate. #[error(transparent)] IoError(#[from] std::io::Error), /// Error emanating from the parsec_client crate. #[error(transparent)] ParsecClientError(#[from] parsec_client::error::Error), /// Error emanating from the parsec_client::core::interface crate. #[error(transparent)] ParsecInterfaceError(#[from] parsec_client::core::interface::requests::ResponseStatus), /// Error emanating from the parsec-tool. #[error(transparent)] ParsecToolError(#[from] ToolErrorKind), /// Error emanating from the base64 crate. #[error(transparent)] Base64Decode(#[from] base64::DecodeError), /// Error emanating from the rcgen create (can occur when creating certificates or CSRs) #[error(transparent)] RcgenError(#[from] rcgen::RcgenError), } /// Errors originating in the parsec-tool. #[derive(Error, Debug)] pub enum ToolErrorKind { /// Operation not supported by the parsec-tool #[error("Operation not supported by the parsec-tool")] NotSupported, /// They key was not created with the correct algorithm for this operation #[error("They key was not created with the correct algorithm for this operation")] WrongKeyAlgorithm, /// Expected input data was not given #[error("A command expected input data that was not given")] NoInput, /// Cannot serialise or deserialise data #[error("Incorrect data format")] IncorrectData, } /// A Result type with the Err variant set as a ParsecToolError pub type Result = std::result::Result; parsec-tool-0.7.0/src/lib.rs000064400000000000000000000016431046102023000137670ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Source code for the `parsec-tool` project. This is a command-line interface for interacting //! with the Parsec service. #![deny( nonstandard_style, dead_code, improper_ctypes, non_shorthand_field_patterns, no_mangle_generic_items, overflowing_literals, path_statements, patterns_in_fns_without_body, private_in_public, unconditional_recursion, unused, unused_allocation, unused_comparisons, unused_parens, while_true, missing_debug_implementations, missing_docs, trivial_casts, trivial_numeric_casts, unused_extern_crates, unused_import_braces, unused_qualifications, unused_results )] // This one is hard to avoid. #![allow(clippy::multiple_crate_versions)] pub mod cli; pub mod common; pub mod error; pub mod subcommands; pub mod util; parsec-tool-0.7.0/src/main.rs000064400000000000000000000034751046102023000141520ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! parsec-tool: a tool for interfacing with the Parsec service from the command-line. use log::error; use parsec_tool::cli; use parsec_tool::common::PROJECT_NAME; use std::convert::TryInto; use structopt::StructOpt; fn main() { let mut env_log_builder = env_logger::Builder::new(); // By default, only show the logs from this crate. env_log_builder.filter_level(log::LevelFilter::Info); env_log_builder.format_timestamp(None); env_log_builder.format_module_path(false); // Allows to still set configuration via the default environment variable env_log_builder.parse_default_env(); env_log_builder.init(); let matches = cli::ParsecToolApp::from_args(); let mut client = match matches .subcommand .create_client(Some(PROJECT_NAME.to_string())) { Err(e) => { error!("Error spinning up the BasicClient: {}", e); std::process::exit(1); } Ok(client) => client, }; if let Some(provider) = matches.provider { let provider = match provider.try_into() { Err(_) => { error!("The provider ID entered does not map with an existing provider"); std::process::exit(1); } Ok(provider) => provider, }; client.set_implicit_provider(provider); } if let Some(timeout) = matches.timeout { let timeout = if timeout == 0 { None } else { Some(std::time::Duration::from_secs(timeout.into())) }; client.set_timeout(timeout); } if let Err(e) = matches.subcommand.run(client) { error!("Subcommand failed: {} ({:?})", e, e); std::process::exit(1); } std::process::exit(0); } parsec-tool-0.7.0/src/subcommands/create_csr.rs000064400000000000000000000275051046102023000176530ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Creates a Certificate Signing Request (CSR) from a keypair. use crate::error::{Error, Result, ToolErrorKind}; use crate::util::sign_message_with_policy; use log::error; use parsec_client::core::interface::operations::psa_algorithm::{ Algorithm, AsymmetricSignature, Hash, SignHash, }; use parsec_client::core::interface::operations::psa_key_attributes::{EccFamily, Type}; use parsec_client::BasicClient; use rcgen::{ Certificate, CertificateParams, DistinguishedName, DnType, KeyPair, RcgenError, RemoteKeyPair, SignatureAlgorithm, PKCS_ECDSA_P256_SHA256, PKCS_ECDSA_P384_SHA384, PKCS_RSA_SHA256, PKCS_RSA_SHA384, PKCS_RSA_SHA512, }; use structopt::StructOpt; /// Creates an X509 Certificate Signing Request (CSR) from a keypair, using the signing algorithm /// that is associated with the key. /// /// The CSR is written to the standard output in PEM format by default. #[derive(Debug, StructOpt)] pub struct CreateCsr { /// The name of the key to use for signing. This must be an existing key that is accessible /// to the user, and it must be a signing key (either an RSA key or an elliptic curve key). /// /// Elliptic curve keys must use the NIST P256 or P384 curves. #[structopt(short = "k", long = "key-name")] key_name: String, /// The common name to be used within the Distinguished Name (DN) specification of /// the CSR. #[structopt(long = "cn")] common_name: Option, /// The locality name to be used within the Distinguished Name (DN) specification of /// the CSR. #[structopt(long = "l")] locality: Option, /// The organization name to be used within the Distinguished Name (DN) specification of /// the CSR. #[structopt(long = "o")] organization: Option, /// The organizational unit name to be used within the Distinguished Name (DN) specification /// of the CSR. #[structopt(long = "ou")] organizational_unit: Option, /// The state name to be used within the Distinguished Name (DN) specification of the CSR. #[structopt(long = "st")] state: Option, /// The country name to be used within the Distinguished Name (DN) specification of the CSR. #[structopt(long = "c")] country: Option, /// The serial number to be used within the Distinguished Name (DN) specification of the CSR. #[structopt(long = "serialNumber")] serial_number: Option, /// A Subject Alternative Name (SAN) for the domain of the CSR. #[structopt(long = "san")] subject_alternative_name: Option>, } /// Short-lived structure to encapsulate the key name and the client, so that we can implement the /// RemoteKeyPair trait for rcgen. struct ParsecRemoteKeyPair { key_name: String, public_key_der: Vec, parsec_client: BasicClient, rcgen_algorithm: &'static SignatureAlgorithm, } impl CreateCsr { /// Creates a Certificate Signing Request (CSR) from a keypair. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let public_key = basic_client.psa_export_public_key(&self.key_name)?; let rcgen_algorithm = self.get_rcgen_algorithm(&basic_client)?; let parsec_key_pair = ParsecRemoteKeyPair { key_name: self.key_name.clone(), public_key_der: public_key, // "Move" the client into the struct here. parsec_client: basic_client, rcgen_algorithm, }; let remote_key_pair = KeyPair::from_remote(Box::new(parsec_key_pair))?; let subject_alt_names = match &self.subject_alternative_name { Some(san) => san.to_owned(), None => Vec::new(), }; let mut dn = DistinguishedName::new(); if let Some(common_name) = &self.common_name { dn.push(DnType::CommonName, common_name.clone()); } if let Some(organizational_unit) = &self.organizational_unit { // NOTE: X509 permits multiple OUs, but the RCGEN crate only preserves one entry, so for now the // parsec-tool also only accepts one entry on the command-line. If this changes in the future, it // will be possible to evolve the command-line parser to accept multiple values without it being // a breaking change. dn.push(DnType::OrganizationalUnitName, organizational_unit.clone()); } if let Some(organization) = &self.organization { dn.push(DnType::OrganizationName, organization.clone()); } if let Some(locality) = &self.locality { dn.push(DnType::LocalityName, locality.clone()); } if let Some(state) = &self.state { dn.push(DnType::StateOrProvinceName, state.clone()); } if let Some(country) = &self.country { dn.push(DnType::CountryName, country.clone()); } if let Some(serial_number) = &self.serial_number { // Rcgen does not have a DnType::SerialNumber, so use DnType::CustomDnType and supply the // Object ID (OID) numerically. The OID for X509 serialNumber is 2.5.4.5 according to // https://www.alvestrand.no/objectid/2.5.4.5.html and other sources. dn.push( DnType::CustomDnType(vec![2, 5, 4, 5]), serial_number.clone(), ); } let mut params = CertificateParams::new(subject_alt_names); params.alg = rcgen_algorithm; params.key_pair = Some(remote_key_pair); params.distinguished_name = dn; let cert = Certificate::from_params(params)?; let pem_string = cert.serialize_request_pem()?; println!("{}", pem_string); Ok(()) } // Inspect the attributes of the signing key and map them down to one of rcgen's supported hash-and-sign // schemes (throwing an error if there isn't a suitable mapping). // // There's rather a lot of complexity here, because we need to map down lots of nested PSA properties onto a small number // of hash-and-sign schemes that RCGEN supports. fn get_rcgen_algorithm( &self, basic_client: &BasicClient, ) -> Result<&'static SignatureAlgorithm> { let attributes = basic_client.key_attributes(&self.key_name)?; if let Algorithm::AsymmetricSignature(alg) = attributes.policy.permitted_algorithms { match alg { AsymmetricSignature::RsaPkcs1v15Sign { hash_alg } => match hash_alg { SignHash::Specific(Hash::Sha256) => Ok(&PKCS_RSA_SHA256), SignHash::Specific(Hash::Sha384) => Ok(&PKCS_RSA_SHA384), SignHash::Specific(Hash::Sha512) => Ok(&PKCS_RSA_SHA512), SignHash::Any => Ok(&PKCS_RSA_SHA256), // Default hash algorithm for the tool. _ => { // The algorithm is specific, but not one that RCGEN can use, so fail the operation. error!("Signing key requires use of hashing algorithm ({:?}), which is not supported for certificate requests.", alg); Err(ToolErrorKind::NotSupported.into()) } }, AsymmetricSignature::RsaPkcs1v15SignRaw => { // Key policy specifies raw RSA signatures. RCGEN will always hash-and-sign, so fail. error!("Signing key specifies raw signing only, which is not supported for certificate requests."); Err(ToolErrorKind::NotSupported.into()) } AsymmetricSignature::RsaPss { .. } => { error!("Signing key specifies RSA PSS scheme, which is not supported for certificate requests."); Err(ToolErrorKind::NotSupported.into()) } AsymmetricSignature::Ecdsa { hash_alg } => { if !matches!( attributes.key_type, Type::EccKeyPair { curve_family: EccFamily::SecpR1 } ) { error!( "Signing key must use curve family SecpR1 for certificate requests." ); return Err(ToolErrorKind::NotSupported.into()); }; match hash_alg { SignHash::Specific(Hash::Sha256) => { if attributes.bits == 256 { Ok(&PKCS_ECDSA_P256_SHA256) } else { error!("Signing key should have strength 256, but actually has strength {}.", attributes.bits); Err(ToolErrorKind::NotSupported.into()) } } SignHash::Specific(Hash::Sha384) => { if attributes.bits == 384 { Ok(&PKCS_ECDSA_P384_SHA384) } else { error!("Signing key should have strength 384, but actually has strength {}.", attributes.bits); Err(ToolErrorKind::NotSupported.into()) } } SignHash::Any => { match attributes.bits { 256 => Ok(&PKCS_ECDSA_P256_SHA256), _ => { // We have to fail this, because ParsecRemoteKeyPair::sign() defaults the hash to SHA-256, and RCGEN // doesn't support a hash algorithm that is different from the key strength. error!("Signing keys of strength other than 256-bit not supported without specific hash algorithm."); Err(ToolErrorKind::NotSupported.into()) } } } _ => { // The algorithm is specific, but not one that RCGEN can use, so fail the operation. error!("Signing key requires use of hashing algorithm ({:?}), which is not supported for certificate requests.", alg); Err(ToolErrorKind::NotSupported.into()) } } } _ => { // Unsupported algorithm. error!("The specified key is not supported for certificate requests."); Err(ToolErrorKind::NotSupported.into()) } } } else { error!("Specified key is not an asymmetric signing key, which is needed for certificate requests."); Err(ToolErrorKind::WrongKeyAlgorithm.into()) } } } impl RemoteKeyPair for ParsecRemoteKeyPair { fn public_key(&self) -> &[u8] { &self.public_key_der } fn sign(&self, msg: &[u8]) -> std::result::Result, RcgenError> { let signature = sign_message_with_policy(&self.parsec_client, &self.key_name, msg, Some(Hash::Sha256)) .map_err(RcgenError::from)?; Ok(signature) } fn algorithm(&self) -> &'static SignatureAlgorithm { self.rcgen_algorithm } } impl From for RcgenError { fn from(_e: Error) -> Self { // There isn't a suitable mapping, because RcgenError does not have a variant for the // case where RemoteKeyPair failed for third-party reasons. // See: https://github.com/est31/rcgen/issues/67 // The crate will publish a new enum variant. When this change is released, we can rework this to be a // more suitable error. RcgenError::KeyGenerationUnavailable } } parsec-tool-0.7.0/src/subcommands/create_ecc_key.rs000064400000000000000000000034011046102023000204530ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Create an ECC key pair. //! use crate::error::Result; use log::info; /// The curve will be secp256r1. Used by default for asymmetric signing with ECDSA (SHA-256). use parsec_client::core::interface::operations::psa_algorithm::{AsymmetricSignature, Hash}; use parsec_client::core::interface::operations::psa_key_attributes::{ Attributes, EccFamily, Lifetime, Policy, Type, UsageFlags, }; use parsec_client::BasicClient; use structopt::StructOpt; /// Create an ECC key pair. #[derive(Debug, StructOpt)] pub struct CreateEccKey { #[structopt(short = "k", long = "key-name")] key_name: String, } impl CreateEccKey { /// Exports a key. pub fn run(&self, basic_client: BasicClient) -> Result<()> { info!("Creating ECC signing key..."); let attributes = Attributes { lifetime: Lifetime::Persistent, key_type: Type::EccKeyPair { curve_family: EccFamily::SecpR1, }, bits: 256, policy: Policy { usage_flags: { let mut usage_flags = UsageFlags::default(); let _ = usage_flags .set_sign_hash() .set_sign_message() .set_verify_hash() .set_verify_message(); usage_flags }, permitted_algorithms: AsymmetricSignature::Ecdsa { hash_alg: Hash::Sha256.into(), } .into(), }, }; basic_client.psa_generate_key(&self.key_name, attributes)?; info!("Key \"{}\" created.", self.key_name); Ok(()) } } parsec-tool-0.7.0/src/subcommands/create_rsa_key.rs000064400000000000000000000065531046102023000205210ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Create a RSA key pair //! //! The key will be 2048 bits long. Used by default for asymmetric encryption with RSA PKCS#1 v1.5. use crate::error::Result; use log::info; use parsec_client::core::interface::operations::psa_algorithm::{ AsymmetricEncryption, AsymmetricSignature, Hash, SignHash, }; use parsec_client::core::interface::operations::psa_key_attributes::{ Attributes, Lifetime, Policy, Type, UsageFlags, }; use parsec_client::BasicClient; use structopt::StructOpt; /// Create a RSA key pair. #[derive(Debug, StructOpt)] pub struct CreateRsaKey { #[structopt(short = "k", long = "key-name")] key_name: String, /// This command creates RSA encryption keys by default. Supply this flag to create a signing key instead. /// Signing keys, by default, will specify the SHA-256 hash algorithm and use PKCS#1 v1.5. #[structopt(short = "s", long = "for-signing")] is_for_signing: bool, /// Specifies the size (strength) of the key in bits. The default size for RSA keys is 2048 bits. #[structopt(short = "b", long = "bits")] bits: Option, /// Specifies if the RSA key should be created with permitted RSA OAEP (SHA256) encryption algorithm /// instead of the default RSA PKCS#1 v1.5 one. #[structopt(short = "o", long = "oaep")] oaep: bool, } impl CreateRsaKey { /// Exports a key. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let policy = if self.is_for_signing { info!("Creating RSA signing key..."); Policy { usage_flags: { let mut usage_flags = UsageFlags::default(); let _ = usage_flags .set_sign_hash() .set_verify_hash() .set_sign_message() .set_verify_message(); usage_flags }, permitted_algorithms: AsymmetricSignature::RsaPkcs1v15Sign { hash_alg: SignHash::Specific(Hash::Sha256), } .into(), } } else { info!("Creating RSA encryption key..."); Policy { usage_flags: { let mut usage_flags = UsageFlags::default(); let _ = usage_flags.set_encrypt().set_decrypt(); usage_flags }, permitted_algorithms: if self.oaep { AsymmetricEncryption::RsaOaep { hash_alg: Hash::Sha256, } .into() } else { AsymmetricEncryption::RsaPkcs1v15Crypt.into() }, } }; let attributes = Attributes { lifetime: Lifetime::Persistent, key_type: Type::RsaKeyPair, // No prior validation of 'bits' argument. We have to let the service (and back-end hardware) // decide what is valid. The PSA specification does not enforce any minimum/maximum/supported // sizes for RSA keys. bits: self.bits.unwrap_or(2048), policy, }; basic_client.psa_generate_key(&self.key_name, attributes)?; info!("Key \"{}\" created.", self.key_name); Ok(()) } } parsec-tool-0.7.0/src/subcommands/decrypt.rs000064400000000000000000000034651046102023000172120ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Decrypts data. //! //! Will use the algorithm set to the key's policy during creation. use crate::error::{Result, ToolErrorKind}; use log::{error, info}; use parsec_client::core::interface::operations::psa_algorithm::Algorithm; use parsec_client::BasicClient; use structopt::StructOpt; /// Decrypts data. #[derive(Debug, StructOpt)] pub struct Decrypt { #[structopt(short = "k", long = "key-name")] key_name: String, /// Ciphertext base64 encoded input_data: String, } impl Decrypt { /// Decrypts data. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let input = base64::decode(self.input_data.as_bytes())?; let alg = basic_client .key_attributes(&self.key_name)? .policy .permitted_algorithms; let plaintext = match alg { Algorithm::AsymmetricEncryption(alg) => { info!("Decrypting data with {:?}...", alg); basic_client.psa_asymmetric_decrypt(&self.key_name, alg, &input, None)? } Algorithm::Cipher(_) | Algorithm::Aead(_) => { error!( "Key's algorithm is {:?} which is not currently supported for decryption.", alg ); return Err(ToolErrorKind::NotSupported.into()); } other => { error!( "Key's algorithm is {:?} which can not be used for decryption.", other ); return Err(ToolErrorKind::WrongKeyAlgorithm.into()); } }; let plaintext = String::from_utf8_lossy(&plaintext).to_string(); println!("{}", plaintext); Ok(()) } } parsec-tool-0.7.0/src/subcommands/delete_client.rs000064400000000000000000000012341046102023000203300ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Delete all data a client has in the service (admin operation). use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Delete all data a client has in the service (admin operation). #[derive(Debug, StructOpt)] pub struct DeleteClient { #[structopt(short = "c", long = "client")] client: String, } impl DeleteClient { pub fn run(&self, basic_client: BasicClient) -> Result<()> { basic_client.delete_client(&self.client)?; info!("Client \"{}\" deleted.", self.client); Ok(()) } } parsec-tool-0.7.0/src/subcommands/delete_key.rs000064400000000000000000000011671046102023000176470ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Delete a key. use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Delete a key. #[derive(Debug, StructOpt)] pub struct DeleteKey { #[structopt(short = "k", long = "key-name")] key_name: String, } impl DeleteKey { /// Destroys a key. pub fn run(&self, basic_client: BasicClient) -> Result<()> { info!("Deleting a key..."); basic_client.psa_destroy_key(&self.key_name)?; info!("Key \"{}\" deleted.", self.key_name); Ok(()) } } parsec-tool-0.7.0/src/subcommands/encrypt.rs000064400000000000000000000044411046102023000172170ustar 00000000000000// Copyright 2022 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Encrypts some plaintext data with a specified key. //! //! Will use the algorithm set to the key's policy during creation. Currently only //! supports asymmetric encryption such as RSA, in which case the specified key must //! be a public key or an asymmetric key pair (of which the public part will be //! used). It is not possible to encrypt data using the private part of an asymmetric //! key pair. Encryption with symmetric keys will be added in the future. //! //! No salt is used. //! //! The input is a plain text message string, which is treated as raw bytes. //! //! The output is base64-encoded ciphertext. use crate::error::{Result, ToolErrorKind}; use log::{error, info}; use parsec_client::core::interface::operations::psa_algorithm::Algorithm; use parsec_client::BasicClient; use structopt::StructOpt; /// Encrypts data. #[derive(Debug, StructOpt)] pub struct Encrypt { #[structopt(short = "k", long = "key-name")] key_name: String, /// Plaintext input string. input_data: String, } impl Encrypt { /// Encrypts data. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let input = self.input_data.as_bytes(); let alg = basic_client .key_attributes(&self.key_name)? .policy .permitted_algorithms; let ciphertext = match alg { Algorithm::AsymmetricEncryption(alg) => { info!("Encrypting data with {:?}...", alg); basic_client.psa_asymmetric_encrypt(&self.key_name, alg, input, None)? } Algorithm::Cipher(_) | Algorithm::Aead(_) => { error!( "Key's algorithm is {:?} which is not currently supported for encryption.", alg ); return Err(ToolErrorKind::NotSupported.into()); } other => { error!( "Key's algorithm is {:?} which cannot be used for encryption.", other ); return Err(ToolErrorKind::WrongKeyAlgorithm.into()); } }; let ciphertext = base64::encode(ciphertext); println!("{}", ciphertext); Ok(()) } } parsec-tool-0.7.0/src/subcommands/export_public_key.rs000064400000000000000000000135301046102023000212610ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Exports a public key. use crate::error::{Result, ToolErrorKind}; use log::error; use oid::prelude::*; use parsec_client::core::interface::operations::psa_key_attributes::{EccFamily, Type}; use parsec_client::BasicClient; use picky_asn1::bit_string::BitString; use picky_asn1_x509::{ AlgorithmIdentifier, EcParameters, PublicKey, RsaPublicKey, SubjectPublicKeyInfo, }; use structopt::StructOpt; /// Exports a PEM-encoded public key. #[derive(Debug, StructOpt)] pub struct ExportPublicKey { #[structopt(short = "k", long = "key-name")] key_name: String, /// Export RSA Public Key in PKCS#1 format. #[structopt(long = "pkcs1")] pkcs1: bool, } impl ExportPublicKey { /// Exports a public key. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let mut tag = String::from("PUBLIC KEY"); let mut psa_public_key = basic_client.psa_export_public_key(&self.key_name)?; let psa_key_attributes = basic_client.key_attributes(&self.key_name)?; match psa_key_attributes.key_type { Type::RsaKeyPair | Type::RsaPublicKey => { if self.pkcs1 { tag = String::from("RSA PUBLIC KEY"); } else { psa_public_key = picky_asn1_der::to_vec(&SubjectPublicKeyInfo { algorithm: AlgorithmIdentifier::new_rsa_encryption(), subject_public_key: PublicKey::Rsa( picky_asn1_der::from_bytes::(&psa_public_key) .map_err(|_| { error!("Could not deserialise RSA key"); ToolErrorKind::IncorrectData })? .into(), ), }) .map_err(|_| { error!("Could not serialise RSA key"); ToolErrorKind::IncorrectData })?; } } Type::EccKeyPair { curve_family: curve, } | Type::EccPublicKey { curve_family: curve, } => { if self.pkcs1 { error!("PKCS1 format doesn't support ECC keys"); return Err(ToolErrorKind::WrongKeyAlgorithm.into()); } else { psa_public_key = picky_asn1_der::to_vec(&SubjectPublicKeyInfo { algorithm: AlgorithmIdentifier::new_elliptic_curve( EcParameters::NamedCurve( curve_oid(curve, psa_key_attributes.bits)?.into(), ), ), subject_public_key: PublicKey::Ec( BitString::with_bytes(psa_public_key).into(), ), }) .map_err(|_| { error!("Could not serialise ECC key"); ToolErrorKind::IncorrectData })?; } } _ => { error!("Unsupported type of key"); return Err(ToolErrorKind::NotSupported.into()); } }; let pem_encoded = pem::encode_config( &pem::Pem { tag, contents: psa_public_key, }, pem::EncodeConfig { line_ending: pem::LineEnding::LF, }, ); print!("{}", pem_encoded); Ok(()) } } fn curve_oid(curve: EccFamily, key_bits: usize) -> Result { let curve_oid = match curve { // SEC random curves over prime fields. EccFamily::SecpR1 => match key_bits { 192 => picky_asn1_x509::oids::secp192r1(), 224 => picky_asn1_x509::oids::secp224r1(), 256 => picky_asn1_x509::oids::secp256r1(), 384 => picky_asn1_x509::oids::secp384r1(), 521 => picky_asn1_x509::oids::secp521r1(), _ => return print_error(curve, key_bits), }, // SEC Koblitz curves over prime fields. // OIDs are not defined in picky_asn1_x509::oids and in RFC5480. // Use values from https://www.secg.org/sec2-v2.pdf#subsection.A.2 EccFamily::SecpK1 => match key_bits { 192 => ObjectIdentifier::try_from("1.3.132.0.31").unwrap(), 224 => ObjectIdentifier::try_from("1.3.132.0.32").unwrap(), 256 => ObjectIdentifier::try_from("1.3.132.0.10").unwrap(), _ => return print_error(curve, key_bits), }, // SEC Koblitz curves over binary fields EccFamily::SectK1 => match key_bits { 233 => picky_asn1_x509::oids::sect233k1(), 283 => picky_asn1_x509::oids::sect283k1(), 409 => picky_asn1_x509::oids::sect409k1(), 571 => picky_asn1_x509::oids::sect571k1(), _ => return print_error(curve, key_bits), }, // SEC random curves over binary fields EccFamily::SectR1 => match key_bits { 233 => picky_asn1_x509::oids::sect233r1(), 283 => picky_asn1_x509::oids::sect283r1(), 409 => picky_asn1_x509::oids::sect409r1(), 571 => picky_asn1_x509::oids::sect571r1(), _ => return print_error(curve, key_bits), }, _ => { error!("Unsupported Ecc family \"{}\"", curve); return Err(ToolErrorKind::NotSupported.into()); } }; Ok(curve_oid) } fn print_error(curve: EccFamily, key_bits: usize) -> Result { error!( "Unsupported number of bits {} for Ecc family \"{}\"", key_bits, curve ); Err(ToolErrorKind::NotSupported.into()) } parsec-tool-0.7.0/src/subcommands/generate_random.rs000064400000000000000000000014641046102023000206670ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Generates a sequence of random bytes. use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Generates a sequence of random bytes. #[derive(Debug, StructOpt)] pub struct GenerateRandom { #[structopt(short = "n", long = "nbytes")] nbytes: usize, } impl GenerateRandom { /// Generates a sequence of random bytes. pub fn run(&self, basic_client: BasicClient) -> Result<()> { info!("Generating {} random bytes...", self.nbytes); let result = basic_client.psa_generate_random(self.nbytes)?; info!("Random bytes:"); for byte in result { print!("{:02X} ", byte); } println!(); Ok(()) } } parsec-tool-0.7.0/src/subcommands/list_authenticators.rs000064400000000000000000000021521046102023000216200ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! List the authenticators supported by the Parsec service. use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// List the authenticators supported by the Parsec service. #[derive(Debug, StructOpt)] pub struct ListAuthenticators {} impl ListAuthenticators { /// Lists the available authenticators supported by the Parsec service. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let authenticators = basic_client.list_authenticators()?; info!("Available authenticators:"); for authenticator in authenticators { println!( "ID: 0x{:02x} ({})", authenticator.id as u32, authenticator.id ); println!("Description: {}", authenticator.description); println!( "Version: {}.{}.{}", authenticator.version_maj, authenticator.version_min, authenticator.version_rev ); println!(); } Ok(()) } } parsec-tool-0.7.0/src/subcommands/list_clients.rs000064400000000000000000000014341046102023000202260ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Lists all clients currently having data in the service (admin operation). use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Lists all clients currently having data in the service (admin operation). #[derive(Debug, StructOpt)] pub struct ListClients {} impl ListClients { pub fn run(&self, basic_client: BasicClient) -> Result<()> { let clients = basic_client.list_clients()?; if clients.is_empty() { info!("No clients in the service."); return Ok(()); } info!("Parsec clients:"); for client in clients { println!("{}", client); } Ok(()) } } parsec-tool-0.7.0/src/subcommands/list_keys.rs000064400000000000000000000020421046102023000175340ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Lists all keys belonging to the application. use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Lists all keys belonging to the application. #[derive(Debug, StructOpt)] pub struct ListKeys {} impl ListKeys { /// Lists the available providers supported by the Parsec service. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let keys = basic_client.list_keys()?; if keys.is_empty() { info!("No keys currently available."); return Ok(()); } info!("Available keys:"); for key in keys { println!( "* {} ({}, {:?}, {} bits, permitted algorithm: {:?})", key.name, key.provider_id, key.attributes.key_type, key.attributes.bits, key.attributes.policy.permitted_algorithms ); } Ok(()) } } parsec-tool-0.7.0/src/subcommands/list_opcodes.rs000064400000000000000000000020541046102023000202200ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Lists the supported opcodes for a given provider. use crate::error::Result; use log::info; use parsec_client::BasicClient; use std::convert::TryInto; use structopt::StructOpt; /// Lists the supported opcodes for a given provider. #[derive(Debug, StructOpt)] pub struct ListOpcodes { /// ID of the provider. #[structopt(short = "p", long = "provider")] pub provider: Option, } impl ListOpcodes { /// Lists the supported opcodes for a given provider. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let provider = match self.provider { Some(provider) => provider.try_into()?, None => basic_client.implicit_provider(), }; let opcodes = basic_client.list_opcodes(provider)?; info!("Available opcodes for {}:", provider); for provider_opcode in opcodes { println!("0x{:02x} ({:?})", provider_opcode as u32, provider_opcode); } Ok(()) } } parsec-tool-0.7.0/src/subcommands/list_providers.rs000064400000000000000000000024451046102023000206050ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Lists the available providers supported by the Parsec service. use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Lists the available providers supported by the Parsec service. #[derive(Debug, StructOpt)] pub struct ListProviders {} impl ListProviders { /// Lists the available providers supported by the Parsec service. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let providers = basic_client.list_providers()?; info!("Available providers:"); for provider in providers { println!("ID: 0x{:02x} ({})", provider.id as u32, provider.id); println!("Description: {}", provider.description); println!( "Version: {}.{}.{}", provider.version_maj, provider.version_min, provider.version_rev ); println!( "Vendor: {}", if !provider.vendor.is_empty() { provider.vendor } else { "Unspecified".to_string() }, ); println!("UUID: {}", provider.uuid); println!(); } Ok(()) } } parsec-tool-0.7.0/src/subcommands/mod.rs000064400000000000000000000112641046102023000163130ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Subcommand implementations. Interacts with parsec-client-rust. mod create_csr; mod create_ecc_key; mod create_rsa_key; mod decrypt; mod delete_client; mod delete_key; mod encrypt; mod export_public_key; mod generate_random; mod list_authenticators; mod list_clients; mod list_keys; mod list_opcodes; mod list_providers; mod ping; mod sign; use crate::error::{Error::ParsecClientError, Result}; use crate::subcommands::{ create_csr::CreateCsr, create_ecc_key::CreateEccKey, create_rsa_key::CreateRsaKey, decrypt::Decrypt, delete_client::DeleteClient, delete_key::DeleteKey, encrypt::Encrypt, export_public_key::ExportPublicKey, generate_random::GenerateRandom, list_authenticators::ListAuthenticators, list_clients::ListClients, list_keys::ListKeys, list_opcodes::ListOpcodes, list_providers::ListProviders, ping::Ping, sign::Sign, }; use parsec_client::BasicClient; use structopt::StructOpt; /// Command-line interface to Parsec operations. #[derive(Debug, StructOpt)] pub enum Subcommand { /// Ping the Parsec service and prints the wire protocol version. Ping(Ping), /// List the available providers supported by the Parsec service. ListProviders(ListProviders), /// List the available authenticators supported by the Parsec service. ListAuthenticators(ListAuthenticators), /// List the supported opcodes for a given provider. ListOpcodes(ListOpcodes), /// List all keys belonging to the application. ListKeys(ListKeys), /// Generate a sequence of random bytes. GenerateRandom(GenerateRandom), /// Export the public part of the key pair in PEM format ExportPublicKey(ExportPublicKey), /// Create a RSA key pair (2048 bits). Used by default for asymmetric encryption with RSA PKCS#1 v1.5. CreateRsaKey(CreateRsaKey), /// Create a ECC key pair (curve secp256r1). Used by default for asymmetric signing with ECDSA (SHA-256). CreateEccKey(CreateEccKey), /// Decrypt data using the algorithm of the key Decrypt(Decrypt), /// Sign data using the algorithm of the key (base64 signature) Sign(Sign), /// Delete a key. DeleteKey(DeleteKey), /// Lists all clients currently having data in the service (admin operation). ListClients(ListClients), /// Delete all data a client has in the service (admin operation). DeleteClient(DeleteClient), /// Create a Certificate Signing Request (CSR) from a keypair. CreateCsr(CreateCsr), /// Encrypt data using the algorithm of the key Encrypt(Encrypt), } impl Subcommand { /// Runs the subcommand. pub fn run(&self, client: BasicClient) -> Result<()> { match &self { Subcommand::Ping(cmd) => cmd.run(client), Subcommand::ListProviders(cmd) => cmd.run(client), Subcommand::ListAuthenticators(cmd) => cmd.run(client), Subcommand::ListKeys(cmd) => cmd.run(client), Subcommand::ListClients(cmd) => cmd.run(client), Subcommand::DeleteClient(cmd) => cmd.run(client), Subcommand::ListOpcodes(cmd) => cmd.run(client), Subcommand::GenerateRandom(cmd) => cmd.run(client), Subcommand::ExportPublicKey(cmd) => cmd.run(client), Subcommand::CreateRsaKey(cmd) => cmd.run(client), Subcommand::CreateEccKey(cmd) => cmd.run(client), Subcommand::Sign(cmd) => cmd.run(client), Subcommand::Decrypt(cmd) => cmd.run(client), Subcommand::DeleteKey(cmd) => cmd.run(client), Subcommand::CreateCsr(cmd) => cmd.run(client), Subcommand::Encrypt(cmd) => cmd.run(client), } } /// Indicates if subcommand requires authentication fn authentication_required(&self) -> bool { // Subcommands below don't need authentication - all others do. !matches!( &self, Subcommand::Ping(_) | Subcommand::ListProviders(_) | Subcommand::ListAuthenticators(_) | Subcommand::ListOpcodes(_) ) } /// Get BasicClient for operation pub fn create_client(&self, app_name: Option) -> Result { let client_result = if self.authentication_required() { // BasicClient::new will do default config including setting up authenticator BasicClient::new(app_name) } else { // Create a naked client which should be set up for core operations with no authenticator BasicClient::new_naked() }; match client_result { Ok(client) => Ok(client), Err(err) => Err(ParsecClientError(err)), } } } parsec-tool-0.7.0/src/subcommands/ping.rs000064400000000000000000000011461046102023000164670ustar 00000000000000// Copyright 2020 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Pings the Parsec service. use crate::error::Result; use log::info; use parsec_client::BasicClient; use structopt::StructOpt; /// Pings the Parsec service. #[derive(Debug, StructOpt)] pub struct Ping {} impl Ping { /// Pings the Parsec service and prints the wire protocol version. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let result = basic_client.ping()?; info!("Service wire protocol version",); println!("{}.{}", result.0, result.1); Ok(()) } } parsec-tool-0.7.0/src/subcommands/sign.rs000064400000000000000000000015651046102023000164770ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Signs data. //! //! Will use the algorithm set to the key's policy during creation. use crate::error::Result; use crate::util::sign_message_with_policy; use parsec_client::BasicClient; use structopt::StructOpt; /// Signs data. #[derive(Debug, StructOpt)] pub struct Sign { #[structopt(short = "k", long = "key-name")] key_name: String, /// String of UTF-8 text input_data: String, } impl Sign { /// Signs data. pub fn run(&self, basic_client: BasicClient) -> Result<()> { let signature = sign_message_with_policy( &basic_client, &self.key_name, self.input_data.as_bytes(), None, )?; let signature = base64::encode(signature); println!("{}", signature); Ok(()) } } parsec-tool-0.7.0/src/util.rs000064400000000000000000000063421046102023000141770ustar 00000000000000// Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 //! Utility code that is shared by multiple subcommands; use crate::error::{Result, ToolErrorKind}; use log::{error, info}; use parsec_client::core::interface::operations::psa_algorithm::{Algorithm, Hash, SignHash}; use parsec_client::BasicClient; use picky_asn1::wrapper::IntegerAsn1; use serde::{Deserialize, Serialize}; use sha2::digest::{Digest, DynDigest}; #[derive(Serialize, Deserialize)] struct EccSignature { r: IntegerAsn1, s: IntegerAsn1, } /// Signs a given message using the hashing and signing policy that was associated with the given key when /// it was created. /// /// If the signing key allows for the use of any hashing algorithm, then a default hash can optionally be passed /// by the caller, and this hash will be used (otherwise the function will fail). pub fn sign_message_with_policy( basic_client: &BasicClient, key_name: &str, msg: &[u8], default_hash: Option, ) -> Result> { let alg = basic_client .key_attributes(key_name)? .policy .permitted_algorithms; let signature = match alg { Algorithm::AsymmetricSignature(alg) => { let hash = match alg.hash() { Some(SignHash::Specific(hash)) => hash_data(msg, hash)?, Some(SignHash::Any) => { if let Some(hash) = default_hash { hash_data(msg, hash)? } else { error!("Signing key allows any hashing algorithm, but no default was specified."); return Err(ToolErrorKind::NotSupported.into()); } } _ => { error!("Asymmetric signing algorithm ({:?}) is not supported", alg); return Err(ToolErrorKind::NotSupported.into()); } }; info!("Signing data with {:?}...", alg); let mut sig = basic_client.psa_sign_hash(key_name, &hash, alg)?; if alg.is_ecc_alg() { let s = IntegerAsn1::from_bytes_be_unsigned(sig.split_off(sig.len() / 2)); sig = picky_asn1_der::to_vec(&EccSignature { r: IntegerAsn1::from_bytes_be_unsigned(sig), s, }) .unwrap(); } sig } other => { error!( "Key's algorithm is {:?} which can not be used for signing.", other ); return Err(ToolErrorKind::WrongKeyAlgorithm.into()); } }; Ok(signature) } fn hash_data(data: &[u8], alg: Hash) -> Result> { let mut hasher: Box = match alg { Hash::Sha224 => Box::from(sha2::Sha224::new()), Hash::Sha256 => Box::from(sha2::Sha256::new()), Hash::Sha384 => Box::from(sha2::Sha384::new()), Hash::Sha512 => Box::from(sha2::Sha512::new()), _ => { error!("Hashing algorithm ({:?}) not supported", alg); return Err(ToolErrorKind::NotSupported.into()); } }; info!("Hashing data with {:?}...", alg); hasher.update(data); Ok(hasher.finalize().to_vec()) } parsec-tool-0.7.0/tests/ci.sh000075500000000000000000000015121046102023000141530ustar 00000000000000#!/usr/bin/env bash # Copyright 2020 Contributors to the Parsec project. # SPDX-License-Identifier: Apache-2.0 set -xeuf -o pipefail # Points to Parsec's Unix Domain Socket on the CI export PARSEC_SERVICE_ENDPOINT="unix:/tmp/parsec.sock" export RUST_LOG=error MSRV=1.66.0 ######### # Build # ######### rustup toolchain install ${MSRV} RUST_BACKTRACE=1 cargo +${MSRV} build RUST_BACKTRACE=1 cargo +${MSRV} build --features spiffe-auth ################# # Static checks # ################# # On native target clippy or fmt might not be available. if cargo fmt -h; then cargo fmt --all -- --check fi if cargo clippy -h; then cargo clippy --all-targets -- -D clippy::all -D clippy::cargo fi ############# # CLI tests # ############# ./target/debug/parsec-tool --help PARSEC_TOOL="./target/debug/parsec-tool" tests/parsec-cli-tests.sh -d parsec-tool-0.7.0/tests/parsec-cli-tests.sh000075500000000000000000000235611046102023000167520ustar 00000000000000#!/usr/bin/env sh # Copyright 2021 Contributors to the Parsec project. # SPDX-License-Identifier: Apache-2.0 # Run simple end-two-end Parsec tests using parsec-tool and openssl ping_parsec() { echo "Checking Parsec service... " $PARSEC_TOOL ping } run_cmd() { "$@" EXIT_CODE=$(($EXIT_CODE+$?)) } debug() { if [ -n "$PARSEC_TOOL_DEBUG" ]; then "$@" fi } MY_TMP=$(mktemp -d) cleanup () { if [ -n "$MY_TMP" ]; then rm -rf -- "$MY_TMP" fi } trap cleanup EXIT delete_key() { # $1 - key type # $2 - key name KEY="$2" echo echo "- Deleting the $1 key" run_cmd $PARSEC_TOOL_CMD delete-key --key-name $KEY rm -f ${MY_TMP}/${KEY}.* } create_key() { # $1 - key type ("RSA" or "ECC") # $2 - key name # $3 - key usage ("SIGN" or "OAEP"), only consulted if $1 == "RSA" KEY="$2" if [ "$3" = "SIGN" -a "$1" = "RSA" ]; then EXTRA_CREATE_KEY_ARGS="--for-signing" elif [ "$3" = "OAEP" -a "$1" = "RSA" ]; then EXTRA_CREATE_KEY_ARGS="--oaep" else EXTRA_CREATE_KEY_ARGS="" fi echo echo "- Creating an $1 key and exporting its public part" type_lower=$(echo $1 | tr '[:upper:]' '[:lower:]') run_cmd $PARSEC_TOOL_CMD create-${type_lower}-key --key-name $KEY $EXTRA_CREATE_KEY_ARGS if ! run_cmd $PARSEC_TOOL_CMD list-keys | tee /dev/stderr | grep -q "$KEY"; then echo "Error: $KEY is not listed" EXIT_CODE=$(($EXIT_CODE+1)) fi run_cmd $PARSEC_TOOL_CMD export-public-key --key-name $KEY >${MY_TMP}/${KEY}.pem } test_crypto_provider() { # $1 - provider ID PARSEC_TOOL_CMD="$PARSEC_TOOL -p $1" echo echo "- Test random number generation" if run_cmd $PARSEC_TOOL_CMD list-opcodes 2>/dev/null | grep -q "PsaGenerateRandom"; then run_cmd $PARSEC_TOOL_CMD generate-random --nbytes 10 else echo "This provider doesn't support random number generation" fi if [ -z "$NO_PKCS1_V15" ]; then test_encryption "PKCS#1 v1.5" test_decryption "PKCS#1 v1.5" fi if [ -z "$NO_OAEP" ]; then test_encryption "OAEP" test_decryption "OAEP" fi test_signing "RSA" test_signing "ECC" test_csr "RSA" test_csr "ECC" test_rsa_key_bits test_rsa_key_bits 1024 } test_encryption() { # $1 - algorithm KEY="anta-key-rsa-encrypt" TEST_STR="$(date) Parsec public key encryption test" ALG="$1" create_key "RSA" "$KEY" "$ALG" # If the key was successfully created and exported if [ -s ${MY_TMP}/${KEY}.pem ]; then debug cat ${MY_TMP}/${KEY}.pem echo echo "- Encrypting \"$TEST_STR\" string using Parsec public key RSA $ALG encryption" # Encrypt TEST_STR with the public key using Parsec rather than openssl # (No need to base64 encode this, because parsec-tool already does it) run_cmd $PARSEC_TOOL_CMD encrypt --key-name $KEY "$TEST_STR" > ${MY_TMP}/${KEY}.enc echo echo "- Using Parsec to decrypt the result (with the private key):" run_cmd $PARSEC_TOOL_CMD decrypt $(cat ${MY_TMP}/${KEY}.enc) --key-name $KEY \ >${MY_TMP}/${KEY}.enc_str cat ${MY_TMP}/${KEY}.enc_str if [ "$(cat ${MY_TMP}/${KEY}.enc_str)" != "$TEST_STR" ]; then echo "Error: The result is different from the initial string" EXIT_CODE=$(($EXIT_CODE+1)) fi fi delete_key "RSA" $KEY } test_decryption() { # $1 - algorithm KEY="anta-key-rsa-crypt" TEST_STR="$(date) Parsec decryption test" ALG="$1" create_key "RSA" "$KEY" "$ALG" # If the key was successfully created and exported if [ -s ${MY_TMP}/${KEY}.pem ]; then debug cat ${MY_TMP}/${KEY}.pem echo echo "- Encrypting \"$TEST_STR\" string using openssl with RSA $ALG algorithm and the exported public key" # Encrypt TEST_STR with the public key and base64-encode the result printf "$TEST_STR" >${MY_TMP}/${KEY}.test_str if [ "$ALG" = "OAEP" ]; then pkeyopt="-pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256" else pkeyopt="" fi run_cmd $OPENSSL pkeyutl -encrypt $pkeyopt -pubin -inkey ${MY_TMP}/${KEY}.pem \ -in ${MY_TMP}/${KEY}.test_str -out ${MY_TMP}/${KEY}.bin run_cmd $OPENSSL base64 -A -in ${MY_TMP}/${KEY}.bin -out ${MY_TMP}/${KEY}.enc debug cat ${MY_TMP}/${KEY}.enc echo echo "- Using Parsec to decrypt the result:" run_cmd $PARSEC_TOOL_CMD decrypt $(cat ${MY_TMP}/${KEY}.enc) --key-name $KEY \ >${MY_TMP}/${KEY}.enc_str cat ${MY_TMP}/${KEY}.enc_str if [ "$(cat ${MY_TMP}/${KEY}.enc_str)" != "$TEST_STR" ]; then echo "Error: The result is different from the initial string" EXIT_CODE=$(($EXIT_CODE+1)) fi fi delete_key "RSA" $KEY } test_signing() { # $1 - key type ("RSA" or "ECC") KEY="anta-key-sign" TEST_STR="$(date) Parsec signature test" create_key $1 $KEY "SIGN" # If the key was successfully created and exported if [ -s ${MY_TMP}/${KEY}.pem ]; then debug cat ${MY_TMP}/${KEY}.pem echo echo "- Signing \"$TEST_STR\" string using the created $1 key" run_cmd $PARSEC_TOOL_CMD sign "$TEST_STR" --key-name $KEY >${MY_TMP}/${KEY}.sign debug cat ${MY_TMP}/${KEY}.sign echo echo "- Using openssl and the exported public $1 key to verify the signature" # Parsec-tool produces base64-encoded signatures. Let's decode it before verifing. run_cmd $OPENSSL base64 -d -a -A -in ${MY_TMP}/${KEY}.sign -out ${MY_TMP}/${KEY}.bin printf "$TEST_STR" >${MY_TMP}/${KEY}.test_str run_cmd $OPENSSL dgst -sha256 -verify ${MY_TMP}/${KEY}.pem \ -signature ${MY_TMP}/${KEY}.bin ${MY_TMP}/${KEY}.test_str fi delete_key $1 $KEY } test_csr() { # $1 - key type ("RSA" or "ECC") KEY="anta-key-csr" TEST_CN="parallaxsecond.com" TEST_SAN="localhost" TEST_SERIAL="EZ4U2CIXL" # CSR creation needs a signing key. create_key $1 $KEY "SIGN" # If the key was successfully created and exported if [ -s ${MY_TMP}/${KEY}.pem ]; then debug cat ${MY_TMP}/${KEY}.pem echo echo "- Creating a certificate signing request (CSR) from the test key." run_cmd $PARSEC_TOOL_CMD create-csr --cn ${TEST_CN} --san ${TEST_SAN} --serialNumber ${TEST_SERIAL} --key-name $KEY >${MY_TMP}/${KEY}.csr debug cat ${MY_TMP}/${KEY}.csr echo echo "- Using openssl to inspect the CSR content and verify the public key." run_cmd $OPENSSL req -text -noout -verify -in ${MY_TMP}/${KEY}.csr >${MY_TMP}/${KEY}.txt debug cat ${MY_TMP}/${KEY}.txt if ! cat ${MY_TMP}/${KEY}.txt | grep "Subject:" | grep "serialNumber = ${TEST_SERIAL}"; then echo "Error: The CSR does not contain the serialNumber field of the Distinguished Name" EXIT_CODE=$(($EXIT_CODE+1)) fi fi delete_key $1 $KEY } test_rsa_key_bits() { KEY="anta-key-rsa-bits" DEFAULT_SIZE=2048 if [ -n "$1" ]; then key_size=$1 key_param="--bits $1" else key_size=${DEFAULT_SIZE} key_param="" fi run_cmd $PARSEC_TOOL_CMD create-rsa-key --key-name $KEY $key_param run_cmd $PARSEC_TOOL_CMD export-public-key --key-name $KEY >${MY_TMP}/checksize-${KEY}.pem if ! run_cmd $OPENSSL rsa -pubin -text -noout -in ${MY_TMP}/checksize-${KEY}.pem | grep -q "Public-Key: (${key_size} bit)"; then echo "Error: create-rsa-key should have produced a ${key_size}-bit RSA key." EXIT_CODE=$(($EXIT_CODE+1)) fi delete_key "RSA" $KEY } PARSEC_TOOL_DEBUG= PROVIDER= # Test both RSA PKCS#1 v1.5 (default) and RSA OAEP encryption algorithms NO_OAEP= NO_PKCS1_V15= while [ "$#" -gt 0 ]; do case "$1" in -[0-9]* ) PROVIDER=${1#-} ;; -d ) PARSEC_TOOL_DEBUG="True" RUST_LOG="${RUST_LOG:-trace}" set -x ;; --no-oaep ) NO_OAEP="true" ;; --no-v1.5 ) NO_PKCS1_V15="true" ;; *) cat </dev/null | grep "^ID:" | grep -v "0x00" \ >${MY_TMP}/providers.lst exec < ${MY_TMP}/providers.lst while IFS= read -r prv; do # Format of list-providers output: #ID: 0x01 (Mbed Crypto provider) #ID: 0x03 (TPM provider) prv_id=$(echo $prv | cut -f 2 -d ' ') prv_id=$(echo $(($prv_id))) # Hex -> decimal if [ -z "$PROVIDER" ] || [ "$PROVIDER" -eq "$prv_id" ]; then prv_name=${prv##*(} prv_name=${prv_name%)*} echo echo "Testing $prv_name" test_crypto_provider $prv_id fi done exit $EXIT_CODE parsec-tool-0.7.0/tests/test_config.toml000064400000000000000000000006551046102023000164310ustar 00000000000000[core_settings] allow_root = true log_level = "error" log_timestamp = true log_error_details = true [listener] listener_type = "DomainSocket" timeout = 200 # in milliseconds socket_path = "/tmp/parsec.sock" [authenticator] auth_type = "UnixPeerCredentials" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" store_path = "mappings" [[provider]] provider_type = "MbedCrypto" key_info_manager = "on-disk-manager"