in proxy_agent/src/key_keeper/key.rs [406:471]
fn validate(&self) -> Result<bool> {
let mut validate_message = String::new();
let mut validate_result = true;
// validate authorizationScheme
let authorization_scheme = self.authorizationScheme.to_string();
if authorization_scheme != constants::AUTHORIZATION_SCHEME {
validate_message.push_str("authorizationScheme must be 'Azure-HMAC-SHA256'; ");
}
// validate
let key_delivery_method = self.keyDeliveryMethod.to_string();
if key_delivery_method != constants::KEY_DELIVERY_METHOD_HTTP
&& key_delivery_method != constants::KEY_DELIVERY_METHOD_VTPM
{
validate_message.push_str(&format!(
"keyDeliveryMethod '{}' is invalid; ",
key_delivery_method
));
}
if self.secureChannelEnabled.is_none() && self.secureChannelState.is_none() {
validate_message.push_str(
format!(
"Both secureChannelEnabled and secureChannelState are missing in version: {}",
self.version.as_str()
)
.as_str(),
);
validate_result = false;
}
// validate secureChannelState, it has to be Disabled, Wireserver or wireserverandImds
match &self.secureChannelState {
Some(s) => {
let state = s.to_lowercase();
if state != super::DISABLE_STATE
&& state != super::MUST_SIG_WIRESERVER
&& state != super::MUST_SIG_WIRESERVER_IMDS
{
validate_message
.push_str(&format!("secureChannelState '{}' is invalid; ", state));
validate_result = false;
}
}
None => {
if self.version == "1.0" {
validate_message.push_str("secureChannelState is missing in version: 1.0");
validate_result = false;
}
}
}
if self.secureChannelEnabled.is_none() && self.version == "2.0" {
validate_message.push_str("secureChannelEnabled is missing in version: 2.0");
validate_result = false;
}
if !validate_result {
return Err(Error::Key(KeyErrorType::KeyStatusValidation(
validate_message,
)));
}
Ok(validate_result)
}