Add ListKeys implementation

Author: Joe Ellis

src/back/backend_handler.rs

@@ -207,6 +207,11 @@ impl BackEndHandler {
                 trace!("list_authenticators egress");
                 self.result_to_response(NativeResult::ListAuthenticators(result), header)
             }
+            NativeOperation::ListKeys(op_list_keys) => {
+                let result = unwrap_or_else_return!(self.provider.list_keys(op_list_keys));
+                trace!("list_keys egress");
+                self.result_to_response(NativeResult::ListKeys(result), header)
+            }
             NativeOperation::PsaHashCompute(op_hash_compute) => {
                 let _app_name =
                     unwrap_or_else_return!(app_name.ok_or(ResponseStatus::NotAuthenticated));

src/providers/core_provider/mod.rs

@@ -8,9 +8,11 @@
 use super::{KeyInfoStore, Provide};
 use derivative::Derivative;
 use log::trace;
-use parsec_interface::operations::{list_authenticators, list_opcodes, list_providers, ping};
 use parsec_interface::operations::{
-    list_authenticators::AuthenticatorInfo, list_providers::ProviderInfo,
+    list_authenticators, list_keys, list_opcodes, list_providers, ping,
+};
+use parsec_interface::operations::{
+    list_authenticators::AuthenticatorInfo, list_keys::KeyInfo, list_providers::ProviderInfo,
 };
 use parsec_interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
 use std::collections::{HashMap, HashSet};
@@ -20,11 +22,12 @@ use std::sync::Arc;
 use uuid::Uuid;
 use version::{version, Version};
 
-const SUPPORTED_OPCODES: [Opcode; 4] = [
+const SUPPORTED_OPCODES: [Opcode; 5] = [
     Opcode::ListProviders,
     Opcode::ListOpcodes,
     Opcode::Ping,
     Opcode::ListAuthenticators,
+    Opcode::ListKeys,
 ];
 
 /// Service information provider
@@ -82,6 +85,45 @@ impl Provide for CoreProvider {
         })
     }
 
+    fn list_keys(&self, _op: list_keys::Operation) -> Result<list_keys::Result> {
+        trace!("list_keys ingress");
+
+        let mut keys: Vec<KeyInfo> = Vec::new();
+        for provider in &self.prov_list {
+            let provider_id = provider.provider_id();
+
+            let key_info_store = match provider.get_key_info_store() {
+                Some(key_info_store) => key_info_store,
+                _ => continue,
+            };
+
+            let key_info_store = key_info_store.read().expect("Key store lock poisoned");
+            let key_triples = key_info_store.get_all(provider_id).map_err(|e| {
+                format_error!("Error occurred when fetching key triples", e);
+                ResponseStatus::KeyInfoManagerError
+            })?;
+
+            for key_triple in key_triples {
+                let key_info = key_info_store.get(key_triple).map_err(|e| {
+                    format_error!("Error occurred when fetching key info", e);
+                    ResponseStatus::KeyInfoManagerError
+                })?;
+
+                let key_info = match key_info {
+                    Some(key_info) => key_info,
+                    _ => continue,
+                };
+
+                keys.push(KeyInfo {
+                    provider_id,
+                    name: key_triple.key_name().to_string(),
+                    attributes: key_info.attributes,
+                });
+            }
+        }
+        Ok(list_keys::Result { keys })
+    }
+
     fn ping(&self, _op: ping::Operation) -> Result<ping::Result> {
         trace!("ping ingress");
         let result = ping::Result {

src/providers/mod.rs

@@ -93,15 +93,13 @@ impl ProviderConfig {
 
 use crate::authenticators::ApplicationName;
 use parsec_interface::operations::{
-    list_authenticators, list_opcodes, list_providers, ping, psa_aead_decrypt, psa_aead_encrypt,
-    psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key, psa_export_key,
-    psa_export_public_key, psa_generate_key, psa_generate_random, psa_hash_compare,
+    list_authenticators, list_keys, list_opcodes, list_providers, ping, psa_aead_decrypt,
+    psa_aead_encrypt, psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key,
+    psa_export_key, psa_export_public_key, psa_generate_key, psa_generate_random, psa_hash_compare,
     psa_hash_compute, psa_import_key, psa_raw_key_agreement, psa_sign_hash, psa_verify_hash,
 };
 use parsec_interface::requests::{ResponseStatus, Result};
 
-// If Parsec is built with no provider, this will be dead code -- suppress.
-#[allow(dead_code)]
 type KeyInfoStore = Arc<RwLock<dyn ManageKeyInfo + Send + Sync>>;
 
 /// Provider interface for servicing client operations
@@ -145,6 +143,12 @@ pub trait Provide {
         Err(ResponseStatus::PsaErrorNotSupported)
     }
 
+    /// Lists all keys belonging to the application.
+    fn list_keys(&self, _op: list_keys::Operation) -> Result<list_keys::Result> {
+        trace!("list_keys ingress");
+        Err(ResponseStatus::PsaErrorNotSupported)
+    }
+
     /// Execute a Ping operation to get the wire protocol version major and minor information.
     ///
     /// # Errors