From 253523b888636fe4674c591988eb46cfc9def7fc Mon Sep 17 00:00:00 2001
From: Matt Davis <mattdavis@cloudflare.com>
Date: Mon, 13 May 2024 13:27:52 +0100
Subject: [PATCH] 93: added support for reading asymmetric keys from the
 /transit/keys route

Previously the route assumed a symmetric key's creation unix timestamp would be returned.
For asymmetric keys the response differs; it returns the creation RFC3339 timestamp, public key, and key type.

Mentions #93.

Signed-off-by: Matt Davis <mattdavis@cloudflare.com>
---
 Cargo.toml                   |  1 +
 src/api/transit.rs           |  4 ++++
 src/api/transit/responses.rs | 20 +++++++++++++++++++-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 6e37817..de670fe 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -25,6 +25,7 @@ native-tls-vendored = [ "reqwest/native-tls-vendored", "rustify/default" ]
 [dependencies]
 async-trait = "0.1.68"
 bytes = "1.4.0"
+chrono = { version = "0.4.38", features = ["serde"] }
 derive_builder = "0.12.0"
 http = "0.2.9"
 reqwest = { version = "0.11.15", default-features = false }
diff --git a/src/api/transit.rs b/src/api/transit.rs
index c17b11b..58568e2 100644
--- a/src/api/transit.rs
+++ b/src/api/transit.rs
@@ -26,10 +26,14 @@ pub enum KeyType {
     /// ECDSA using the P-521 elliptic curve (asymmetric)
     EcdsaP521,
     /// RSA with bit size of 2048 (asymmetric)
+    // kebab-case conversion doesn't work for words starting with a digit.
+    #[serde(rename = "rsa-2048")]
     Rsa2048,
     /// RSA with bit size of 3072 (asymmetric)
+    #[serde(rename = "rsa-3072")]
     Rsa3072,
     /// RSA with bit size of 4096 (asymmetric)
+    #[serde(rename = "rsa-4096")]
     Rsa4096,
 }
 
diff --git a/src/api/transit/responses.rs b/src/api/transit/responses.rs
index 446cb58..1de8e04 100644
--- a/src/api/transit/responses.rs
+++ b/src/api/transit/responses.rs
@@ -1,4 +1,5 @@
 use super::KeyType;
+use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 
@@ -12,7 +13,8 @@ pub struct ReadKeyResponse {
     pub derived: bool,
     pub exportable: bool,
     pub allow_plaintext_backup: bool,
-    pub keys: HashMap<String, u64>,
+    /// If the key is asymmetric, the API returns the public keys
+    pub keys: ReadKeyData,
     pub min_decryption_version: u64,
     pub min_encryption_version: u64,
     pub name: String,
@@ -23,6 +25,22 @@ pub struct ReadKeyResponse {
     pub imported: Option<bool>,
 }
 
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum ReadKeyData {
+    /// A key ID integer (string) to unix timestamp.
+    Symmetric(HashMap<String, u64>),
+    /// A key ID integer (string) to public key mapping.
+    Asymmetric(HashMap<String, ReadPublicKeyEntry>),
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ReadPublicKeyEntry {
+    creation_time: DateTime<Utc>,
+    name: String,
+    public_key: String,
+}
+
 /// Response from executing
 /// [ListKeysRequest][crate::api::transit::requests::ListKeysRequest]
 #[derive(Deserialize, Debug, Serialize)]