deploy: 87b43d0c14

docs/master/rustdoc/help.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Documentation for Rustdoc"><meta name="keywords" content="rust, rustlang, rust-lang"><title>Rustdoc help</title><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="./static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="./static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="./static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="./static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="./static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="./static.files/storage-d43fa987303ecbbb.js"></script><script defer src="./static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="./static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="./static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="./static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="./static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="./kanidmd_core/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="./kanidmd_core/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2 class="location">Help</h2><div class="sidebar-elems"></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="./help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="./settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="./static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn">Rustdoc help</h1><span class="out-of-band"><a id="back" href="javascript:void(0)" onclick="history.back();">Back</a></span></div><noscript><section><p>You need to enable Javascript to use keyboard commands or search.</p><p>For more information, browse the <a href="https://doc.rust-lang.org/rustdoc/">rustdoc handbook</a>.</p></section></noscript></section></div></main><div id="rustdoc-vars" data-root-path="./" data-static-root-path="./static.files/" data-current-crate="kanidmd_core" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Documentation for Rustdoc"><meta name="keywords" content="rust, rustlang, rust-lang"><title>Rustdoc help</title><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="./static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="./static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="./static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="./static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="./static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="./static.files/storage-d43fa987303ecbbb.js"></script><script defer src="./static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="./static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="./static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="./static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="./static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="./kanidmd_web_ui/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="./kanidmd_web_ui/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2 class="location">Help</h2><div class="sidebar-elems"></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="./help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="./settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="./static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn">Rustdoc help</h1><span class="out-of-band"><a id="back" href="javascript:void(0)" onclick="history.back();">Back</a></span></div><noscript><section><p>You need to enable Javascript to use keyboard commands or search.</p><p>For more information, browse the <a href="https://doc.rust-lang.org/rustdoc/">rustdoc handbook</a>.</p></section></noscript></section></div></main><div id="rustdoc-vars" data-root-path="./" data-static-root-path="./static.files/" data-current-crate="kanidmd_web_ui" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>

docs/master/rustdoc/kanidmd_lib/idm/server/sidebar-items.js

@@ -1 +1 @@
-window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};
+window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["DomainKeys",""],["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};

docs/master/rustdoc/kanidmd_testkit/fn.setup_async_test.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `setup_async_test` fn in crate `kanidmd_testkit`."><meta name="keywords" content="rust, rustlang, rust-lang, setup_async_test"><title>setup_async_test in kanidmd_testkit - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="../static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="../static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="../static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="../static.files/storage-d43fa987303ecbbb.js"></script><script defer src="sidebar-items.js"></script><script defer src="../static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="../static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="../static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="../static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="../static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc fn"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../kanidmd_testkit/index.html"><div class="logo-container"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../kanidmd_testkit/index.html"><div class="logo-container"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><div class="sidebar-elems"><h2><a href="index.html">In kanidmd_testkit</a></h2></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn">Function <a href="index.html">kanidmd_testkit</a>::<wbr><a class="fn" href="#">setup_async_test</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../static.files/clipboard-7571035ce49a181d.svg" width="19" height="18" alt="Copy item path"></button></h1><span class="out-of-band"><a class="srclink" href="../src/kanidmd_testkit/lib.rs.html#39-89">source</a> · <button id="toggle-all-docs" title="collapse all docs">[<span>&#x2212;</span>]</button></span></div><div class="item-decl"><pre class="rust fn"><code>pub async fn setup_async_test() -&gt; (KanidmClient, CoreHandle)</code></pre></div></section></div></main><div id="rustdoc-vars" data-root-path="../" data-static-root-path="../static.files/" data-current-crate="kanidmd_testkit" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `setup_async_test` fn in crate `kanidmd_testkit`."><meta name="keywords" content="rust, rustlang, rust-lang, setup_async_test"><title>setup_async_test in kanidmd_testkit - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="../static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="../static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="../static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="../static.files/storage-d43fa987303ecbbb.js"></script><script defer src="sidebar-items.js"></script><script defer src="../static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="../static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="../static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="../static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="../static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc fn"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../kanidmd_testkit/index.html"><div class="logo-container"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../kanidmd_testkit/index.html"><div class="logo-container"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><div class="sidebar-elems"><h2><a href="index.html">In kanidmd_testkit</a></h2></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn">Function <a href="index.html">kanidmd_testkit</a>::<wbr><a class="fn" href="#">setup_async_test</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../static.files/clipboard-7571035ce49a181d.svg" width="19" height="18" alt="Copy item path"></button></h1><span class="out-of-band"><a class="srclink" href="../src/kanidmd_testkit/lib.rs.html#39-89">source</a> · <button id="toggle-all-docs" title="collapse all docs">[<span>&#x2212;</span>]</button></span></div><div class="item-decl"><pre class="rust fn"><code>pub async fn setup_async_test() -&gt; (<a class="struct" href="../kanidm_client/struct.KanidmClient.html" title="struct kanidm_client::KanidmClient">KanidmClient</a>, CoreHandle)</code></pre></div></section></div></main><div id="rustdoc-vars" data-root-path="../" data-static-root-path="../static.files/" data-current-crate="kanidmd_testkit" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>

docs/master/rustdoc/settings.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Settings of Rustdoc"><meta name="keywords" content="rust, rustlang, rust-lang"><title>Rustdoc settings</title><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="./static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="./static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="./static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="./static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="./static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="./static.files/storage-d43fa987303ecbbb.js"></script><script defer src="./static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="./static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="./static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="./static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="./static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="./kanidmd_core/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="./kanidmd_core/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2 class="location">Settings</h2><div class="sidebar-elems"></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="./help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="./settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="./static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn">Rustdoc settings</h1><span class="out-of-band"><a id="back" href="javascript:void(0)" onclick="history.back();">Back</a></span></div><noscript><section>You need to enable Javascript be able to update your settings.</section></noscript><link rel="stylesheet" type="text/css" href="./static.files/settings-af96d9e2fc13e081.css"><script defer src="./static.files/settings-bebeae96e00e4617.js"></script></section></div></main><div id="rustdoc-vars" data-root-path="./" data-static-root-path="./static.files/" data-current-crate="kanidmd_core" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Settings of Rustdoc"><meta name="keywords" content="rust, rustlang, rust-lang"><title>Rustdoc settings</title><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="./static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="./static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="./static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="./static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="./static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="./static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="./static.files/storage-d43fa987303ecbbb.js"></script><script defer src="./static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="./static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="./static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="./static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="./static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="./kanidmd_web_ui/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="./kanidmd_web_ui/index.html"><div class="logo-container"><img class="rust-logo" src="./static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></div></a><h2 class="location">Settings</h2><div class="sidebar-elems"></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="./help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="./settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="./static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn">Rustdoc settings</h1><span class="out-of-band"><a id="back" href="javascript:void(0)" onclick="history.back();">Back</a></span></div><noscript><section>You need to enable Javascript be able to update your settings.</section></noscript><link rel="stylesheet" type="text/css" href="./static.files/settings-af96d9e2fc13e081.css"><script defer src="./static.files/settings-bebeae96e00e4617.js"></script></section></div></main><div id="rustdoc-vars" data-root-path="./" data-static-root-path="./static.files/" data-current-crate="kanidmd_web_ui" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>

docs/master/rustdoc/src/kanidmd_lib/idm/credupdatesession.rs.html

@@ -2561,6 +2561,8 @@
 <a href="#2561" id="2561">2561</a>
 <a href="#2562" id="2562">2562</a>
 <a href="#2563" id="2563">2563</a>
+<a href="#2564" id="2564">2564</a>
+<a href="#2565" id="2565">2565</a>
 </pre><pre class="rust"><code><span class="kw">use </span>core::ops::Deref;
 <span class="kw">use </span>std::collections::BTreeMap;
 <span class="kw">use </span>std::fmt;
@@ -2976,7 +2978,7 @@
             OperationError::SerdeJsonError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>token_enc = <span class="self">self</span>.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
+        <span class="kw">let </span>token_enc = <span class="self">self</span>.domain_keys.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
 
         <span class="comment">// Point of no return
 
@@ -3289,7 +3291,8 @@
         OperationError,
     &gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);
@@ -3507,7 +3510,8 @@
         ct: Duration,
     ) -&gt; <span class="prelude-ty">Result</span>&lt;CredentialUpdateSessionMutex, OperationError&gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);

docs/master/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -4022,17 +4022,7 @@
 <a href="#4022" id="4022">4022</a>
 <a href="#4023" id="4023">4023</a>
 <a href="#4024" id="4024">4024</a>
-<a href="#4025" id="4025">4025</a>
-<a href="#4026" id="4026">4026</a>
-<a href="#4027" id="4027">4027</a>
-<a href="#4028" id="4028">4028</a>
-<a href="#4029" id="4029">4029</a>
-<a href="#4030" id="4030">4030</a>
-<a href="#4031" id="4031">4031</a>
-<a href="#4032" id="4032">4032</a>
-<a href="#4033" id="4033">4033</a>
 </pre><pre class="rust"><code><span class="kw">use </span>std::convert::TryFrom;
-<span class="kw">use </span>std::ops::Deref;
 <span class="kw">use </span>std::str::FromStr;
 <span class="kw">use </span>std::sync::Arc;
 <span class="kw">use </span>std::time::Duration;
@@ -4093,6 +4083,14 @@
 <span class="kw">type </span>AuthSessionMutex = Arc&lt;Mutex&lt;AuthSession&gt;&gt;;
 <span class="kw">type </span>CredSoftLockMutex = Arc&lt;Mutex&lt;CredSoftLock&gt;&gt;;
 
+<span class="attr">#[derive(Clone)]
+</span><span class="kw">pub struct </span>DomainKeys {
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_signer: JwsSigner,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_validator: JwsValidator,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: Fernet,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) cookie_key: [u8; <span class="number">32</span>],
+}
+
 <span class="kw">pub struct </span>IdmServer {
     <span class="comment">// There is a good reason to keep this single thread - it
     // means that limits to sessions can be easily applied and checked to
@@ -4112,10 +4110,7 @@
     </span>webauthn: Webauthn,
     pw_badlist_cache: Arc&lt;CowCell&lt;HashSet&lt;String&gt;&gt;&gt;,
     oauth2rs: Arc&lt;Oauth2ResourceServers&gt;,
-    uat_jwt_signer: Arc&lt;CowCell&lt;JwsSigner&gt;&gt;,
-    uat_jwt_validator: Arc&lt;CowCell&lt;JwsValidator&gt;&gt;,
-    token_enc_key: Arc&lt;CowCell&lt;Fernet&gt;&gt;,
-    cookie_key: Arc&lt;CowCell&lt;[u8; <span class="number">32</span>]&gt;&gt;,
+    domain_keys: Arc&lt;CowCell&lt;DomainKeys&gt;&gt;,
 }
 
 <span class="doccomment">/// Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.
@@ -4131,8 +4126,7 @@
     </span>async_tx: Sender&lt;DelayedAction&gt;,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellReadTxn&lt;JwsSigner&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
 }
 
 <span class="kw">pub struct </span>IdmServerCredUpdateTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
@@ -4141,14 +4135,14 @@
     </span><span class="kw">pub</span>(<span class="kw">crate</span>) webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     <span class="kw">pub</span>(<span class="kw">crate</span>) pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) cred_update_sessions: BptreeMapReadTxn&lt;<span class="lifetime">&#39;a</span>, Uuid, CredentialUpdateSessionMutex&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellReadTxn&lt;Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
 }
 
 <span class="doccomment">/// This contains read-only methods, like getting users, groups and other structured content.
 </span><span class="kw">pub struct </span>IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
     <span class="kw">pub </span>qs_read: QueryServerReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersReadTransaction,
     <span class="kw">pub</span>(<span class="kw">crate</span>) async_tx: Sender&lt;DelayedAction&gt;,
 }
@@ -4163,10 +4157,7 @@
     crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsSigner&gt;,
-    uat_jwt_validator: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsValidator&gt;,
-    cookie_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, [u8; <span class="number">32</span>]&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersWriteTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
 }
 
@@ -4246,26 +4237,27 @@
             })<span class="question-mark">?</span>;
 
         <span class="comment">// Setup our auth token signing key.
-        </span><span class="kw">let </span>fernet_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
+        </span><span class="kw">let </span>token_enc_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
             <span class="macro">admin_error!</span>(<span class="string">&quot;Unable to load Fernet encryption key&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
-        <span class="kw">let </span>token_enc_key = Arc::new(CowCell::new(fernet_key));
 
-        <span class="kw">let </span>jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
+        <span class="kw">let </span>uat_jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsSigner from DER&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>jwt_validator = jwt_signer.get_validator().map_err(|e| {
+        <span class="kw">let </span>uat_jwt_validator = uat_jwt_signer.get_validator().map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsValidator from JwsSigner&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>uat_jwt_signer = Arc::new(CowCell::new(jwt_signer));
-        <span class="kw">let </span>uat_jwt_validator = Arc::new(CowCell::new(jwt_validator));
-
-        <span class="kw">let </span>cookie_key = Arc::new(CowCell::new(cookie_key));
+        <span class="kw">let </span>domain_keys = Arc::new(CowCell::new(DomainKeys {
+            uat_jwt_signer,
+            uat_jwt_validator,
+            token_enc_key,
+            cookie_key,
+        }));
 
         <span class="kw">let </span>oauth2rs =
             Oauth2ResourceServers::try_from((oauth2rs_set, origin_url)).map_err(|e| {
@@ -4284,10 +4276,7 @@
                 async_tx,
                 webauthn,
                 pw_badlist_cache: Arc::new(CowCell::new(pw_badlist_set)),
-                uat_jwt_signer,
-                uat_jwt_validator,
-                token_enc_key,
-                cookie_key,
+                domain_keys,
                 oauth2rs: Arc::new(oauth2rs),
             },
             IdmServerDelayed { async_rx },
@@ -4295,7 +4284,7 @@
     }
 
     <span class="kw">pub fn </span>get_cookie_key(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; [u8; <span class="number">32</span>] {
-        <span class="kw-2">*</span><span class="self">self</span>.cookie_key.read().deref()
+        <span class="self">self</span>.domain_keys.read().cookie_key
     }
 
     <span class="attr">#[cfg(test)]
@@ -4319,8 +4308,7 @@
             async_tx: <span class="self">self</span>.async_tx.clone(),
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.read(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
         }
     }
 
@@ -4329,7 +4317,7 @@
     </span><span class="kw">pub async fn </span>proxy_read(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;_</span>&gt; {
         IdmServerProxyReadTransaction {
             qs_read: <span class="self">self</span>.qs.read().<span class="kw">await</span>,
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             oauth2rs: <span class="self">self</span>.oauth2rs.read(),
             async_tx: <span class="self">self</span>.async_tx.clone(),
         }
@@ -4350,10 +4338,7 @@
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.write(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.write(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.write(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.write(),
-            cookie_key: <span class="self">self</span>.cookie_key.write(),
+            domain_keys: <span class="self">self</span>.domain_keys.write(),
             oauth2rs: <span class="self">self</span>.oauth2rs.write(),
         }
     }
@@ -4370,7 +4355,7 @@
             </span>webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
             cred_update_sessions: <span class="self">self</span>.cred_update_sessions.read(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
         }
     }
@@ -4926,7 +4911,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5200,7 +5185,7 @@
                             <span class="kw-2">&amp;</span><span class="self">self</span>.async_tx,
                             <span class="self">self</span>.webauthn,
                             pw_badlist_cache,
-                            <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_signer,
+                            <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_signer,
                         )
                         .map(|aus| {
                             <span class="comment">// Inspect the result:
@@ -5469,7 +5454,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5572,7 +5557,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -6233,7 +6218,7 @@
                     })
                 })
                 .map(|new_handle| {
-                    <span class="kw-2">*</span><span class="self">self</span>.token_enc_key = new_handle;
+                    <span class="self">self</span>.domain_keys.token_enc_key = new_handle;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_es256_private_key()
@@ -6253,21 +6238,18 @@
                         .map(|validator| (signer, validator))
                 })
                 .map(|(new_signer, new_validator)| {
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_signer = new_signer;
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_validator = new_validator;
+                    <span class="self">self</span>.domain_keys.uat_jwt_signer = new_signer;
+                    <span class="self">self</span>.domain_keys.uat_jwt_validator = new_validator;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_cookie_key()
                 .map(|new_cookie_key| {
-                    <span class="kw-2">*</span><span class="self">self</span>.cookie_key = new_cookie_key;
+                    <span class="self">self</span>.domain_keys.cookie_key = new_cookie_key;
                 })<span class="question-mark">?</span>;
         }
         <span class="comment">// Commit everything.
         </span><span class="self">self</span>.oauth2rs.commit();
-        <span class="self">self</span>.uat_jwt_signer.commit();
-        <span class="self">self</span>.uat_jwt_validator.commit();
-        <span class="self">self</span>.cookie_key.commit();
-        <span class="self">self</span>.token_enc_key.commit();
+        <span class="self">self</span>.domain_keys.commit();
         <span class="self">self</span>.pw_badlist_cache.commit();
         <span class="self">self</span>.cred_update_sessions.commit();
         <span class="macro">trace!</span>(<span class="string">&quot;cred_update_session.commit&quot;</span>);

docs/pykanidm/sitemap.xml

@@ -2,27 +2,27 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>None</loc>
-         <lastmod>2023-02-17</lastmod>
+         <lastmod>2023-02-19</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2023-02-17</lastmod>
+         <lastmod>2023-02-19</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2023-02-17</lastmod>
+         <lastmod>2023-02-19</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2023-02-17</lastmod>
+         <lastmod>2023-02-19</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2023-02-17</lastmod>
+         <lastmod>2023-02-19</lastmod>
          <changefreq>daily</changefreq>
     </url>
 </urlset>

docs/stable/rustdoc/kanidmd_lib/idm/server/sidebar-items.js

@@ -1 +1 @@
-window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};
+window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["DomainKeys",""],["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};

docs/stable/rustdoc/src/kanidmd_lib/idm/credupdatesession.rs.html

@@ -2561,6 +2561,8 @@
 <a href="#2561" id="2561">2561</a>
 <a href="#2562" id="2562">2562</a>
 <a href="#2563" id="2563">2563</a>
+<a href="#2564" id="2564">2564</a>
+<a href="#2565" id="2565">2565</a>
 </pre><pre class="rust"><code><span class="kw">use </span>core::ops::Deref;
 <span class="kw">use </span>std::collections::BTreeMap;
 <span class="kw">use </span>std::fmt;
@@ -2976,7 +2978,7 @@
             OperationError::SerdeJsonError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>token_enc = <span class="self">self</span>.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
+        <span class="kw">let </span>token_enc = <span class="self">self</span>.domain_keys.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
 
         <span class="comment">// Point of no return
 
@@ -3289,7 +3291,8 @@
         OperationError,
     &gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);
@@ -3507,7 +3510,8 @@
         ct: Duration,
     ) -&gt; <span class="prelude-ty">Result</span>&lt;CredentialUpdateSessionMutex, OperationError&gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);

docs/stable/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -4022,17 +4022,7 @@
 <a href="#4022" id="4022">4022</a>
 <a href="#4023" id="4023">4023</a>
 <a href="#4024" id="4024">4024</a>
-<a href="#4025" id="4025">4025</a>
-<a href="#4026" id="4026">4026</a>
-<a href="#4027" id="4027">4027</a>
-<a href="#4028" id="4028">4028</a>
-<a href="#4029" id="4029">4029</a>
-<a href="#4030" id="4030">4030</a>
-<a href="#4031" id="4031">4031</a>
-<a href="#4032" id="4032">4032</a>
-<a href="#4033" id="4033">4033</a>
 </pre><pre class="rust"><code><span class="kw">use </span>std::convert::TryFrom;
-<span class="kw">use </span>std::ops::Deref;
 <span class="kw">use </span>std::str::FromStr;
 <span class="kw">use </span>std::sync::Arc;
 <span class="kw">use </span>std::time::Duration;
@@ -4093,6 +4083,14 @@
 <span class="kw">type </span>AuthSessionMutex = Arc&lt;Mutex&lt;AuthSession&gt;&gt;;
 <span class="kw">type </span>CredSoftLockMutex = Arc&lt;Mutex&lt;CredSoftLock&gt;&gt;;
 
+<span class="attr">#[derive(Clone)]
+</span><span class="kw">pub struct </span>DomainKeys {
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_signer: JwsSigner,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_validator: JwsValidator,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: Fernet,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) cookie_key: [u8; <span class="number">32</span>],
+}
+
 <span class="kw">pub struct </span>IdmServer {
     <span class="comment">// There is a good reason to keep this single thread - it
     // means that limits to sessions can be easily applied and checked to
@@ -4112,10 +4110,7 @@
     </span>webauthn: Webauthn,
     pw_badlist_cache: Arc&lt;CowCell&lt;HashSet&lt;String&gt;&gt;&gt;,
     oauth2rs: Arc&lt;Oauth2ResourceServers&gt;,
-    uat_jwt_signer: Arc&lt;CowCell&lt;JwsSigner&gt;&gt;,
-    uat_jwt_validator: Arc&lt;CowCell&lt;JwsValidator&gt;&gt;,
-    token_enc_key: Arc&lt;CowCell&lt;Fernet&gt;&gt;,
-    cookie_key: Arc&lt;CowCell&lt;[u8; <span class="number">32</span>]&gt;&gt;,
+    domain_keys: Arc&lt;CowCell&lt;DomainKeys&gt;&gt;,
 }
 
 <span class="doccomment">/// Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.
@@ -4131,8 +4126,7 @@
     </span>async_tx: Sender&lt;DelayedAction&gt;,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellReadTxn&lt;JwsSigner&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
 }
 
 <span class="kw">pub struct </span>IdmServerCredUpdateTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
@@ -4141,14 +4135,14 @@
     </span><span class="kw">pub</span>(<span class="kw">crate</span>) webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     <span class="kw">pub</span>(<span class="kw">crate</span>) pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) cred_update_sessions: BptreeMapReadTxn&lt;<span class="lifetime">&#39;a</span>, Uuid, CredentialUpdateSessionMutex&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellReadTxn&lt;Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
 }
 
 <span class="doccomment">/// This contains read-only methods, like getting users, groups and other structured content.
 </span><span class="kw">pub struct </span>IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
     <span class="kw">pub </span>qs_read: QueryServerReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersReadTransaction,
     <span class="kw">pub</span>(<span class="kw">crate</span>) async_tx: Sender&lt;DelayedAction&gt;,
 }
@@ -4163,10 +4157,7 @@
     crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsSigner&gt;,
-    uat_jwt_validator: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsValidator&gt;,
-    cookie_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, [u8; <span class="number">32</span>]&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersWriteTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
 }
 
@@ -4246,26 +4237,27 @@
             })<span class="question-mark">?</span>;
 
         <span class="comment">// Setup our auth token signing key.
-        </span><span class="kw">let </span>fernet_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
+        </span><span class="kw">let </span>token_enc_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
             <span class="macro">admin_error!</span>(<span class="string">&quot;Unable to load Fernet encryption key&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
-        <span class="kw">let </span>token_enc_key = Arc::new(CowCell::new(fernet_key));
 
-        <span class="kw">let </span>jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
+        <span class="kw">let </span>uat_jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsSigner from DER&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>jwt_validator = jwt_signer.get_validator().map_err(|e| {
+        <span class="kw">let </span>uat_jwt_validator = uat_jwt_signer.get_validator().map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsValidator from JwsSigner&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>uat_jwt_signer = Arc::new(CowCell::new(jwt_signer));
-        <span class="kw">let </span>uat_jwt_validator = Arc::new(CowCell::new(jwt_validator));
-
-        <span class="kw">let </span>cookie_key = Arc::new(CowCell::new(cookie_key));
+        <span class="kw">let </span>domain_keys = Arc::new(CowCell::new(DomainKeys {
+            uat_jwt_signer,
+            uat_jwt_validator,
+            token_enc_key,
+            cookie_key,
+        }));
 
         <span class="kw">let </span>oauth2rs =
             Oauth2ResourceServers::try_from((oauth2rs_set, origin_url)).map_err(|e| {
@@ -4284,10 +4276,7 @@
                 async_tx,
                 webauthn,
                 pw_badlist_cache: Arc::new(CowCell::new(pw_badlist_set)),
-                uat_jwt_signer,
-                uat_jwt_validator,
-                token_enc_key,
-                cookie_key,
+                domain_keys,
                 oauth2rs: Arc::new(oauth2rs),
             },
             IdmServerDelayed { async_rx },
@@ -4295,7 +4284,7 @@
     }
 
     <span class="kw">pub fn </span>get_cookie_key(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; [u8; <span class="number">32</span>] {
-        <span class="kw-2">*</span><span class="self">self</span>.cookie_key.read().deref()
+        <span class="self">self</span>.domain_keys.read().cookie_key
     }
 
     <span class="attr">#[cfg(test)]
@@ -4319,8 +4308,7 @@
             async_tx: <span class="self">self</span>.async_tx.clone(),
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.read(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
         }
     }
 
@@ -4329,7 +4317,7 @@
     </span><span class="kw">pub async fn </span>proxy_read(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;_</span>&gt; {
         IdmServerProxyReadTransaction {
             qs_read: <span class="self">self</span>.qs.read().<span class="kw">await</span>,
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             oauth2rs: <span class="self">self</span>.oauth2rs.read(),
             async_tx: <span class="self">self</span>.async_tx.clone(),
         }
@@ -4350,10 +4338,7 @@
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.write(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.write(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.write(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.write(),
-            cookie_key: <span class="self">self</span>.cookie_key.write(),
+            domain_keys: <span class="self">self</span>.domain_keys.write(),
             oauth2rs: <span class="self">self</span>.oauth2rs.write(),
         }
     }
@@ -4370,7 +4355,7 @@
             </span>webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
             cred_update_sessions: <span class="self">self</span>.cred_update_sessions.read(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
         }
     }
@@ -4926,7 +4911,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5200,7 +5185,7 @@
                             <span class="kw-2">&amp;</span><span class="self">self</span>.async_tx,
                             <span class="self">self</span>.webauthn,
                             pw_badlist_cache,
-                            <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_signer,
+                            <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_signer,
                         )
                         .map(|aus| {
                             <span class="comment">// Inspect the result:
@@ -5469,7 +5454,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5572,7 +5557,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -6233,7 +6218,7 @@
                     })
                 })
                 .map(|new_handle| {
-                    <span class="kw-2">*</span><span class="self">self</span>.token_enc_key = new_handle;
+                    <span class="self">self</span>.domain_keys.token_enc_key = new_handle;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_es256_private_key()
@@ -6253,21 +6238,18 @@
                         .map(|validator| (signer, validator))
                 })
                 .map(|(new_signer, new_validator)| {
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_signer = new_signer;
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_validator = new_validator;
+                    <span class="self">self</span>.domain_keys.uat_jwt_signer = new_signer;
+                    <span class="self">self</span>.domain_keys.uat_jwt_validator = new_validator;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_cookie_key()
                 .map(|new_cookie_key| {
-                    <span class="kw-2">*</span><span class="self">self</span>.cookie_key = new_cookie_key;
+                    <span class="self">self</span>.domain_keys.cookie_key = new_cookie_key;
                 })<span class="question-mark">?</span>;
         }
         <span class="comment">// Commit everything.
         </span><span class="self">self</span>.oauth2rs.commit();
-        <span class="self">self</span>.uat_jwt_signer.commit();
-        <span class="self">self</span>.uat_jwt_validator.commit();
-        <span class="self">self</span>.cookie_key.commit();
-        <span class="self">self</span>.token_enc_key.commit();
+        <span class="self">self</span>.domain_keys.commit();
         <span class="self">self</span>.pw_badlist_cache.commit();
         <span class="self">self</span>.cred_update_sessions.commit();
         <span class="macro">trace!</span>(<span class="string">&quot;cred_update_session.commit&quot;</span>);

docs/v1.0.0-rc10/rustdoc/kanidmd_lib/idm/server/sidebar-items.js

@@ -1 +1 @@
-window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};
+window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["DomainKeys",""],["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};

docs/v1.0.0-rc10/rustdoc/src/kanidmd_lib/idm/credupdatesession.rs.html

@@ -2561,6 +2561,8 @@
 <a href="#2561" id="2561">2561</a>
 <a href="#2562" id="2562">2562</a>
 <a href="#2563" id="2563">2563</a>
+<a href="#2564" id="2564">2564</a>
+<a href="#2565" id="2565">2565</a>
 </pre><pre class="rust"><code><span class="kw">use </span>core::ops::Deref;
 <span class="kw">use </span>std::collections::BTreeMap;
 <span class="kw">use </span>std::fmt;
@@ -2976,7 +2978,7 @@
             OperationError::SerdeJsonError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>token_enc = <span class="self">self</span>.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
+        <span class="kw">let </span>token_enc = <span class="self">self</span>.domain_keys.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
 
         <span class="comment">// Point of no return
 
@@ -3289,7 +3291,8 @@
         OperationError,
     &gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);
@@ -3507,7 +3510,8 @@
         ct: Duration,
     ) -&gt; <span class="prelude-ty">Result</span>&lt;CredentialUpdateSessionMutex, OperationError&gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);

docs/v1.0.0-rc10/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -4022,17 +4022,7 @@
 <a href="#4022" id="4022">4022</a>
 <a href="#4023" id="4023">4023</a>
 <a href="#4024" id="4024">4024</a>
-<a href="#4025" id="4025">4025</a>
-<a href="#4026" id="4026">4026</a>
-<a href="#4027" id="4027">4027</a>
-<a href="#4028" id="4028">4028</a>
-<a href="#4029" id="4029">4029</a>
-<a href="#4030" id="4030">4030</a>
-<a href="#4031" id="4031">4031</a>
-<a href="#4032" id="4032">4032</a>
-<a href="#4033" id="4033">4033</a>
 </pre><pre class="rust"><code><span class="kw">use </span>std::convert::TryFrom;
-<span class="kw">use </span>std::ops::Deref;
 <span class="kw">use </span>std::str::FromStr;
 <span class="kw">use </span>std::sync::Arc;
 <span class="kw">use </span>std::time::Duration;
@@ -4093,6 +4083,14 @@
 <span class="kw">type </span>AuthSessionMutex = Arc&lt;Mutex&lt;AuthSession&gt;&gt;;
 <span class="kw">type </span>CredSoftLockMutex = Arc&lt;Mutex&lt;CredSoftLock&gt;&gt;;
 
+<span class="attr">#[derive(Clone)]
+</span><span class="kw">pub struct </span>DomainKeys {
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_signer: JwsSigner,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_validator: JwsValidator,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: Fernet,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) cookie_key: [u8; <span class="number">32</span>],
+}
+
 <span class="kw">pub struct </span>IdmServer {
     <span class="comment">// There is a good reason to keep this single thread - it
     // means that limits to sessions can be easily applied and checked to
@@ -4112,10 +4110,7 @@
     </span>webauthn: Webauthn,
     pw_badlist_cache: Arc&lt;CowCell&lt;HashSet&lt;String&gt;&gt;&gt;,
     oauth2rs: Arc&lt;Oauth2ResourceServers&gt;,
-    uat_jwt_signer: Arc&lt;CowCell&lt;JwsSigner&gt;&gt;,
-    uat_jwt_validator: Arc&lt;CowCell&lt;JwsValidator&gt;&gt;,
-    token_enc_key: Arc&lt;CowCell&lt;Fernet&gt;&gt;,
-    cookie_key: Arc&lt;CowCell&lt;[u8; <span class="number">32</span>]&gt;&gt;,
+    domain_keys: Arc&lt;CowCell&lt;DomainKeys&gt;&gt;,
 }
 
 <span class="doccomment">/// Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.
@@ -4131,8 +4126,7 @@
     </span>async_tx: Sender&lt;DelayedAction&gt;,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellReadTxn&lt;JwsSigner&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
 }
 
 <span class="kw">pub struct </span>IdmServerCredUpdateTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
@@ -4141,14 +4135,14 @@
     </span><span class="kw">pub</span>(<span class="kw">crate</span>) webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     <span class="kw">pub</span>(<span class="kw">crate</span>) pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) cred_update_sessions: BptreeMapReadTxn&lt;<span class="lifetime">&#39;a</span>, Uuid, CredentialUpdateSessionMutex&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellReadTxn&lt;Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
 }
 
 <span class="doccomment">/// This contains read-only methods, like getting users, groups and other structured content.
 </span><span class="kw">pub struct </span>IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
     <span class="kw">pub </span>qs_read: QueryServerReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersReadTransaction,
     <span class="kw">pub</span>(<span class="kw">crate</span>) async_tx: Sender&lt;DelayedAction&gt;,
 }
@@ -4163,10 +4157,7 @@
     crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsSigner&gt;,
-    uat_jwt_validator: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsValidator&gt;,
-    cookie_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, [u8; <span class="number">32</span>]&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersWriteTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
 }
 
@@ -4246,26 +4237,27 @@
             })<span class="question-mark">?</span>;
 
         <span class="comment">// Setup our auth token signing key.
-        </span><span class="kw">let </span>fernet_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
+        </span><span class="kw">let </span>token_enc_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
             <span class="macro">admin_error!</span>(<span class="string">&quot;Unable to load Fernet encryption key&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
-        <span class="kw">let </span>token_enc_key = Arc::new(CowCell::new(fernet_key));
 
-        <span class="kw">let </span>jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
+        <span class="kw">let </span>uat_jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsSigner from DER&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>jwt_validator = jwt_signer.get_validator().map_err(|e| {
+        <span class="kw">let </span>uat_jwt_validator = uat_jwt_signer.get_validator().map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsValidator from JwsSigner&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>uat_jwt_signer = Arc::new(CowCell::new(jwt_signer));
-        <span class="kw">let </span>uat_jwt_validator = Arc::new(CowCell::new(jwt_validator));
-
-        <span class="kw">let </span>cookie_key = Arc::new(CowCell::new(cookie_key));
+        <span class="kw">let </span>domain_keys = Arc::new(CowCell::new(DomainKeys {
+            uat_jwt_signer,
+            uat_jwt_validator,
+            token_enc_key,
+            cookie_key,
+        }));
 
         <span class="kw">let </span>oauth2rs =
             Oauth2ResourceServers::try_from((oauth2rs_set, origin_url)).map_err(|e| {
@@ -4284,10 +4276,7 @@
                 async_tx,
                 webauthn,
                 pw_badlist_cache: Arc::new(CowCell::new(pw_badlist_set)),
-                uat_jwt_signer,
-                uat_jwt_validator,
-                token_enc_key,
-                cookie_key,
+                domain_keys,
                 oauth2rs: Arc::new(oauth2rs),
             },
             IdmServerDelayed { async_rx },
@@ -4295,7 +4284,7 @@
     }
 
     <span class="kw">pub fn </span>get_cookie_key(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; [u8; <span class="number">32</span>] {
-        <span class="kw-2">*</span><span class="self">self</span>.cookie_key.read().deref()
+        <span class="self">self</span>.domain_keys.read().cookie_key
     }
 
     <span class="attr">#[cfg(test)]
@@ -4319,8 +4308,7 @@
             async_tx: <span class="self">self</span>.async_tx.clone(),
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.read(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
         }
     }
 
@@ -4329,7 +4317,7 @@
     </span><span class="kw">pub async fn </span>proxy_read(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;_</span>&gt; {
         IdmServerProxyReadTransaction {
             qs_read: <span class="self">self</span>.qs.read().<span class="kw">await</span>,
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             oauth2rs: <span class="self">self</span>.oauth2rs.read(),
             async_tx: <span class="self">self</span>.async_tx.clone(),
         }
@@ -4350,10 +4338,7 @@
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.write(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.write(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.write(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.write(),
-            cookie_key: <span class="self">self</span>.cookie_key.write(),
+            domain_keys: <span class="self">self</span>.domain_keys.write(),
             oauth2rs: <span class="self">self</span>.oauth2rs.write(),
         }
     }
@@ -4370,7 +4355,7 @@
             </span>webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
             cred_update_sessions: <span class="self">self</span>.cred_update_sessions.read(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
         }
     }
@@ -4926,7 +4911,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5200,7 +5185,7 @@
                             <span class="kw-2">&amp;</span><span class="self">self</span>.async_tx,
                             <span class="self">self</span>.webauthn,
                             pw_badlist_cache,
-                            <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_signer,
+                            <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_signer,
                         )
                         .map(|aus| {
                             <span class="comment">// Inspect the result:
@@ -5469,7 +5454,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5572,7 +5557,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -6233,7 +6218,7 @@
                     })
                 })
                 .map(|new_handle| {
-                    <span class="kw-2">*</span><span class="self">self</span>.token_enc_key = new_handle;
+                    <span class="self">self</span>.domain_keys.token_enc_key = new_handle;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_es256_private_key()
@@ -6253,21 +6238,18 @@
                         .map(|validator| (signer, validator))
                 })
                 .map(|(new_signer, new_validator)| {
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_signer = new_signer;
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_validator = new_validator;
+                    <span class="self">self</span>.domain_keys.uat_jwt_signer = new_signer;
+                    <span class="self">self</span>.domain_keys.uat_jwt_validator = new_validator;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_cookie_key()
                 .map(|new_cookie_key| {
-                    <span class="kw-2">*</span><span class="self">self</span>.cookie_key = new_cookie_key;
+                    <span class="self">self</span>.domain_keys.cookie_key = new_cookie_key;
                 })<span class="question-mark">?</span>;
         }
         <span class="comment">// Commit everything.
         </span><span class="self">self</span>.oauth2rs.commit();
-        <span class="self">self</span>.uat_jwt_signer.commit();
-        <span class="self">self</span>.uat_jwt_validator.commit();
-        <span class="self">self</span>.cookie_key.commit();
-        <span class="self">self</span>.token_enc_key.commit();
+        <span class="self">self</span>.domain_keys.commit();
         <span class="self">self</span>.pw_badlist_cache.commit();
         <span class="self">self</span>.cred_update_sessions.commit();
         <span class="macro">trace!</span>(<span class="string">&quot;cred_update_session.commit&quot;</span>);

docs/v1.0.0rc1/rustdoc/kanidmd_lib/idm/server/sidebar-items.js

@@ -1 +1 @@
-window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};
+window.SIDEBAR_ITEMS = {"enum":[["Token",""]],"struct":[["DomainKeys",""],["IdmServer",""],["IdmServerAuthTransaction","Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication."],["IdmServerCredUpdateTransaction",""],["IdmServerDelayed",""],["IdmServerProxyReadTransaction","This contains read-only methods, like getting users, groups and other structured content."],["IdmServerProxyWriteTransaction",""]],"trait":[["IdmServerTransaction",""]]};

docs/v1.0.0rc1/rustdoc/src/kanidmd_lib/idm/credupdatesession.rs.html

@@ -2561,6 +2561,8 @@
 <a href="#2561" id="2561">2561</a>
 <a href="#2562" id="2562">2562</a>
 <a href="#2563" id="2563">2563</a>
+<a href="#2564" id="2564">2564</a>
+<a href="#2565" id="2565">2565</a>
 </pre><pre class="rust"><code><span class="kw">use </span>core::ops::Deref;
 <span class="kw">use </span>std::collections::BTreeMap;
 <span class="kw">use </span>std::fmt;
@@ -2976,7 +2978,7 @@
             OperationError::SerdeJsonError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>token_enc = <span class="self">self</span>.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
+        <span class="kw">let </span>token_enc = <span class="self">self</span>.domain_keys.token_enc_key.encrypt(<span class="kw-2">&amp;</span>token_data);
 
         <span class="comment">// Point of no return
 
@@ -3289,7 +3291,8 @@
         OperationError,
     &gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);
@@ -3507,7 +3510,8 @@
         ct: Duration,
     ) -&gt; <span class="prelude-ty">Result</span>&lt;CredentialUpdateSessionMutex, OperationError&gt; {
         <span class="kw">let </span>session_token: CredentialUpdateSessionTokenInner = <span class="self">self
-            </span>.token_enc_key
+            </span>.domain_keys
+            .token_enc_key
             .decrypt(<span class="kw-2">&amp;</span>cust.token_enc)
             .map_err(|e| {
                 <span class="macro">admin_error!</span>(<span class="question-mark">?</span>e, <span class="string">&quot;Failed to decrypt credential update session request&quot;</span>);

docs/v1.0.0rc1/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -4022,17 +4022,7 @@
 <a href="#4022" id="4022">4022</a>
 <a href="#4023" id="4023">4023</a>
 <a href="#4024" id="4024">4024</a>
-<a href="#4025" id="4025">4025</a>
-<a href="#4026" id="4026">4026</a>
-<a href="#4027" id="4027">4027</a>
-<a href="#4028" id="4028">4028</a>
-<a href="#4029" id="4029">4029</a>
-<a href="#4030" id="4030">4030</a>
-<a href="#4031" id="4031">4031</a>
-<a href="#4032" id="4032">4032</a>
-<a href="#4033" id="4033">4033</a>
 </pre><pre class="rust"><code><span class="kw">use </span>std::convert::TryFrom;
-<span class="kw">use </span>std::ops::Deref;
 <span class="kw">use </span>std::str::FromStr;
 <span class="kw">use </span>std::sync::Arc;
 <span class="kw">use </span>std::time::Duration;
@@ -4093,6 +4083,14 @@
 <span class="kw">type </span>AuthSessionMutex = Arc&lt;Mutex&lt;AuthSession&gt;&gt;;
 <span class="kw">type </span>CredSoftLockMutex = Arc&lt;Mutex&lt;CredSoftLock&gt;&gt;;
 
+<span class="attr">#[derive(Clone)]
+</span><span class="kw">pub struct </span>DomainKeys {
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_signer: JwsSigner,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) uat_jwt_validator: JwsValidator,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: Fernet,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) cookie_key: [u8; <span class="number">32</span>],
+}
+
 <span class="kw">pub struct </span>IdmServer {
     <span class="comment">// There is a good reason to keep this single thread - it
     // means that limits to sessions can be easily applied and checked to
@@ -4112,10 +4110,7 @@
     </span>webauthn: Webauthn,
     pw_badlist_cache: Arc&lt;CowCell&lt;HashSet&lt;String&gt;&gt;&gt;,
     oauth2rs: Arc&lt;Oauth2ResourceServers&gt;,
-    uat_jwt_signer: Arc&lt;CowCell&lt;JwsSigner&gt;&gt;,
-    uat_jwt_validator: Arc&lt;CowCell&lt;JwsValidator&gt;&gt;,
-    token_enc_key: Arc&lt;CowCell&lt;Fernet&gt;&gt;,
-    cookie_key: Arc&lt;CowCell&lt;[u8; <span class="number">32</span>]&gt;&gt;,
+    domain_keys: Arc&lt;CowCell&lt;DomainKeys&gt;&gt;,
 }
 
 <span class="doccomment">/// Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.
@@ -4131,8 +4126,7 @@
     </span>async_tx: Sender&lt;DelayedAction&gt;,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellReadTxn&lt;JwsSigner&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
 }
 
 <span class="kw">pub struct </span>IdmServerCredUpdateTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
@@ -4141,14 +4135,14 @@
     </span><span class="kw">pub</span>(<span class="kw">crate</span>) webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     <span class="kw">pub</span>(<span class="kw">crate</span>) pw_badlist_cache: CowCellReadTxn&lt;HashSet&lt;String&gt;&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) cred_update_sessions: BptreeMapReadTxn&lt;<span class="lifetime">&#39;a</span>, Uuid, CredentialUpdateSessionMutex&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellReadTxn&lt;Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
 }
 
 <span class="doccomment">/// This contains read-only methods, like getting users, groups and other structured content.
 </span><span class="kw">pub struct </span>IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt; {
     <span class="kw">pub </span>qs_read: QueryServerReadTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
-    uat_jwt_validator: CowCellReadTxn&lt;JwsValidator&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellReadTxn&lt;DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersReadTransaction,
     <span class="kw">pub</span>(<span class="kw">crate</span>) async_tx: Sender&lt;DelayedAction&gt;,
 }
@@ -4163,10 +4157,7 @@
     crypto_policy: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>CryptoPolicy,
     webauthn: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>Webauthn,
     pw_badlist_cache: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, HashSet&lt;String&gt;&gt;,
-    uat_jwt_signer: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsSigner&gt;,
-    uat_jwt_validator: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, JwsValidator&gt;,
-    cookie_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, [u8; <span class="number">32</span>]&gt;,
-    <span class="kw">pub</span>(<span class="kw">crate</span>) token_enc_key: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, Fernet&gt;,
+    <span class="kw">pub</span>(<span class="kw">crate</span>) domain_keys: CowCellWriteTxn&lt;<span class="lifetime">&#39;a</span>, DomainKeys&gt;,
     <span class="kw">pub</span>(<span class="kw">crate</span>) oauth2rs: Oauth2ResourceServersWriteTransaction&lt;<span class="lifetime">&#39;a</span>&gt;,
 }
 
@@ -4246,26 +4237,27 @@
             })<span class="question-mark">?</span>;
 
         <span class="comment">// Setup our auth token signing key.
-        </span><span class="kw">let </span>fernet_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
+        </span><span class="kw">let </span>token_enc_key = Fernet::new(<span class="kw-2">&amp;</span>fernet_private_key).ok_or_else(|| {
             <span class="macro">admin_error!</span>(<span class="string">&quot;Unable to load Fernet encryption key&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
-        <span class="kw">let </span>token_enc_key = Arc::new(CowCell::new(fernet_key));
 
-        <span class="kw">let </span>jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
+        <span class="kw">let </span>uat_jwt_signer = JwsSigner::from_es256_der(<span class="kw-2">&amp;</span>es256_private_key).map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsSigner from DER&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>jwt_validator = jwt_signer.get_validator().map_err(|e| {
+        <span class="kw">let </span>uat_jwt_validator = uat_jwt_signer.get_validator().map_err(|e| {
             <span class="macro">admin_error!</span>(err = <span class="question-mark">?</span>e, <span class="string">&quot;Unable to load ES256 JwsValidator from JwsSigner&quot;</span>);
             OperationError::CryptographyError
         })<span class="question-mark">?</span>;
 
-        <span class="kw">let </span>uat_jwt_signer = Arc::new(CowCell::new(jwt_signer));
-        <span class="kw">let </span>uat_jwt_validator = Arc::new(CowCell::new(jwt_validator));
-
-        <span class="kw">let </span>cookie_key = Arc::new(CowCell::new(cookie_key));
+        <span class="kw">let </span>domain_keys = Arc::new(CowCell::new(DomainKeys {
+            uat_jwt_signer,
+            uat_jwt_validator,
+            token_enc_key,
+            cookie_key,
+        }));
 
         <span class="kw">let </span>oauth2rs =
             Oauth2ResourceServers::try_from((oauth2rs_set, origin_url)).map_err(|e| {
@@ -4284,10 +4276,7 @@
                 async_tx,
                 webauthn,
                 pw_badlist_cache: Arc::new(CowCell::new(pw_badlist_set)),
-                uat_jwt_signer,
-                uat_jwt_validator,
-                token_enc_key,
-                cookie_key,
+                domain_keys,
                 oauth2rs: Arc::new(oauth2rs),
             },
             IdmServerDelayed { async_rx },
@@ -4295,7 +4284,7 @@
     }
 
     <span class="kw">pub fn </span>get_cookie_key(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; [u8; <span class="number">32</span>] {
-        <span class="kw-2">*</span><span class="self">self</span>.cookie_key.read().deref()
+        <span class="self">self</span>.domain_keys.read().cookie_key
     }
 
     <span class="attr">#[cfg(test)]
@@ -4319,8 +4308,7 @@
             async_tx: <span class="self">self</span>.async_tx.clone(),
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.read(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
         }
     }
 
@@ -4329,7 +4317,7 @@
     </span><span class="kw">pub async fn </span>proxy_read(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; IdmServerProxyReadTransaction&lt;<span class="lifetime">&#39;_</span>&gt; {
         IdmServerProxyReadTransaction {
             qs_read: <span class="self">self</span>.qs.read().<span class="kw">await</span>,
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             oauth2rs: <span class="self">self</span>.oauth2rs.read(),
             async_tx: <span class="self">self</span>.async_tx.clone(),
         }
@@ -4350,10 +4338,7 @@
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
             webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.write(),
-            uat_jwt_signer: <span class="self">self</span>.uat_jwt_signer.write(),
-            uat_jwt_validator: <span class="self">self</span>.uat_jwt_validator.write(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.write(),
-            cookie_key: <span class="self">self</span>.cookie_key.write(),
+            domain_keys: <span class="self">self</span>.domain_keys.write(),
             oauth2rs: <span class="self">self</span>.oauth2rs.write(),
         }
     }
@@ -4370,7 +4355,7 @@
             </span>webauthn: <span class="kw-2">&amp;</span><span class="self">self</span>.webauthn,
             pw_badlist_cache: <span class="self">self</span>.pw_badlist_cache.read(),
             cred_update_sessions: <span class="self">self</span>.cred_update_sessions.read(),
-            token_enc_key: <span class="self">self</span>.token_enc_key.read(),
+            domain_keys: <span class="self">self</span>.domain_keys.read(),
             crypto_policy: <span class="kw-2">&amp;</span><span class="self">self</span>.crypto_policy,
         }
     }
@@ -4926,7 +4911,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5200,7 +5185,7 @@
                             <span class="kw-2">&amp;</span><span class="self">self</span>.async_tx,
                             <span class="self">self</span>.webauthn,
                             pw_badlist_cache,
-                            <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_signer,
+                            <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_signer,
                         )
                         .map(|aus| {
                             <span class="comment">// Inspect the result:
@@ -5469,7 +5454,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -5572,7 +5557,7 @@
     }
 
     <span class="kw">fn </span>get_uat_validator_txn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>JwsValidator {
-        <span class="kw-2">&amp;</span><span class="self">self</span>.uat_jwt_validator
+        <span class="kw-2">&amp;</span><span class="self">self</span>.domain_keys.uat_jwt_validator
     }
 }
 
@@ -6233,7 +6218,7 @@
                     })
                 })
                 .map(|new_handle| {
-                    <span class="kw-2">*</span><span class="self">self</span>.token_enc_key = new_handle;
+                    <span class="self">self</span>.domain_keys.token_enc_key = new_handle;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_es256_private_key()
@@ -6253,21 +6238,18 @@
                         .map(|validator| (signer, validator))
                 })
                 .map(|(new_signer, new_validator)| {
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_signer = new_signer;
-                    <span class="kw-2">*</span><span class="self">self</span>.uat_jwt_validator = new_validator;
+                    <span class="self">self</span>.domain_keys.uat_jwt_signer = new_signer;
+                    <span class="self">self</span>.domain_keys.uat_jwt_validator = new_validator;
                 })<span class="question-mark">?</span>;
             <span class="self">self</span>.qs_write
                 .get_domain_cookie_key()
                 .map(|new_cookie_key| {
-                    <span class="kw-2">*</span><span class="self">self</span>.cookie_key = new_cookie_key;
+                    <span class="self">self</span>.domain_keys.cookie_key = new_cookie_key;
                 })<span class="question-mark">?</span>;
         }
         <span class="comment">// Commit everything.
         </span><span class="self">self</span>.oauth2rs.commit();
-        <span class="self">self</span>.uat_jwt_signer.commit();
-        <span class="self">self</span>.uat_jwt_validator.commit();
-        <span class="self">self</span>.cookie_key.commit();
-        <span class="self">self</span>.token_enc_key.commit();
+        <span class="self">self</span>.domain_keys.commit();
         <span class="self">self</span>.pw_badlist_cache.commit();
         <span class="self">self</span>.cred_update_sessions.commit();
         <span class="macro">trace!</span>(<span class="string">&quot;cred_update_session.commit&quot;</span>);