rustls::ticketer

Struct TicketRotator

Source 
pub struct TicketRotator {
    pub(crate) generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>,
    lifetime: u32,
    state: RwLock<TicketRotatorState>,
}
Expand description

A ticketer that has a ‘current’ sub-ticketer and a single ‘previous’ ticketer. It creates a new ticketer every so often, demoting the current ticketer.

Fields§

§generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>§lifetime: u32§state: RwLock<TicketRotatorState>

Implementations§

Source§

impl TicketRotator

Source

pub fn new( lifetime: u32, generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>, ) -> Result<Self, Error>

Creates a new TicketRotator, which rotates through sub-ticketers based on the passage of time.

lifetime is in seconds, and is how long the current ticketer is used to generate new tickets. Tickets are accepted for no longer than twice this duration. generator produces a new ProducesTickets implementation.

Source

pub(crate) fn maybe_roll( &self, now: UnixTime, ) -> Option<RwLockReadGuard<'_, TicketRotatorState>>

If it’s time, demote the current ticketer to previous (so it does no new encryptions but can do decryption) and replace it with a new one.

Calling this regularly will ensure timely key erasure. Otherwise, key erasure will be delayed until the next encrypt/decrypt call.

For efficiency, this is also responsible for locking the state rwlock and returning it for read.

Trait Implementations§

Source§

impl Debug for TicketRotator

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl ProducesTickets for TicketRotator

Source§

fn lifetime(&self) -> u32

Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time. Read more
Source§

fn enabled(&self) -> bool

Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.
Source§

fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>

Encrypt and authenticate plain, returning the resulting ticket. Return None if plain cannot be encrypted for some reason: an empty ticket will be sent and the connection will continue.
Source§

fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>

Decrypt cipher, validating its authenticity protection and recovering the plaintext. cipher is fully attacker controlled, so this decryption must be side-channel free, panic-proof, and otherwise bullet-proof. If the decryption fails, return None.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.