struct TicketSwitcher {
generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>,
lifetime: u32,
state: Mutex<TicketSwitcherState>,
}
Expand description
A ticketer that has a ‘current’ sub-ticketer and a single ‘previous’ ticketer. It creates a new ticketer every so often, demoting the current ticketer.
Fields§
§generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>
§lifetime: u32
§state: Mutex<TicketSwitcherState>
Implementations§
source§impl TicketSwitcher
impl TicketSwitcher
sourcefn new(
lifetime: u32,
generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>
) -> Result<Self, Error>
fn new(
lifetime: u32,
generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>
) -> Result<Self, Error>
lifetime
is in seconds, and is how long the current ticketer
is used to generate new tickets. Tickets are accepted for no
longer than twice this duration. generator
produces a new
ProducesTickets
implementation.
sourcefn maybe_roll(
&self,
now: TimeBase
) -> Option<MutexGuard<'_, TicketSwitcherState>>
fn maybe_roll(
&self,
now: TimeBase
) -> Option<MutexGuard<'_, TicketSwitcherState>>
If it’s time, demote the current
ticketer to previous
(so it
does no new encryptions but can do decryption) and use next for a
new current
ticketer.
Calling this regularly will ensure timely key erasure. Otherwise, key erasure will be delayed until the next encrypt/decrypt call.
For efficiency, this is also responsible for locking the state mutex and returning the mutexguard.
Trait Implementations§
source§impl ProducesTickets for TicketSwitcher
impl ProducesTickets for TicketSwitcher
source§fn lifetime(&self) -> u32
fn lifetime(&self) -> u32
Returns the lifetime in seconds of tickets produced now.
The lifetime is provided as a hint to clients that the
ticket will not be useful after the given time. Read more
source§fn enabled(&self) -> bool
fn enabled(&self) -> bool
Returns true if this implementation will encrypt/decrypt
tickets. Should return false if this is a dummy
implementation: the server will not send the SessionTicket
extension and will not call the other functions.
source§fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>
fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>
Encrypt and authenticate
plain
, returning the resulting
ticket. Return None if plain
cannot be encrypted for
some reason: an empty ticket will be sent and the connection
will continue.source§fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>
fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>
Decrypt
cipher
, validating its authenticity protection
and recovering the plaintext. cipher
is fully attacker
controlled, so this decryption must be side-channel free,
panic-proof, and otherwise bullet-proof. If the decryption
fails, return None.Auto Trait Implementations§
impl RefUnwindSafe for TicketSwitcher
impl Send for TicketSwitcher
impl Sync for TicketSwitcher
impl Unpin for TicketSwitcher
impl UnwindSafe for TicketSwitcher
Blanket Implementations§
§impl<Tail, T> Prepend<T> for Tail
impl<Tail, T> Prepend<T> for Tail
§type PreprendResult = Tail
type PreprendResult = Tail
The Resulting [
TupleList
], of an [Prepend::prepend()
] call,
including the prepended entry.