This refactoring combines all RCAR (attestation) related code into one
module. This would help to better modularization and error handling.

Signed-off-by: Xynnn007 <[email protected]>

Actually, the ITA token and CoCo Token are both JWTs. They both need a
JWK to verify the JWT. The difference is the way to gather the JWK.

This commit combined the two logic, and add two ways to get the JWK.
1. From the configured JwkSet when launching KBS
2. From the JWT's Header's jwk field.

The two ways will check the jwk endorsement in different ways. The first
way is to configure the trusted JwkSet from the config. The second way
is to configure the trusted CA in config. Then get the public key cert
chain from Jwk's x5c field. The both ways are also supported in this
patch.

Rust does not provide a mature crate to verify cert chain, thus openssl
is used in this patch. We also abondon rustls and openssl feature of KBS
because openssl is by default used. Then we use openssl by default to
make the code base simpler.

Signed-off-by: Xynnn007 <[email protected]>

This commit does some refactoring upon policy engine module. Including
1. Change ResourcePolicyError to PolicyEngineError. This is because in
future, different client plugins would share same policy engine thus the
new name will match better.
2. add a new `set_policy` api for PolicyEngine. This api will handle
SetPolicyInput format request rather than the plaintext of policy. This
would help to integrate into the KBS server.

The plugin mechanism is by default enabled, thus we delete `opa` and
`policy` feature. By default integrate `regorus` crate for policy.

Signed-off-by: Xynnn007 <[email protected]>

This module brings all admin authentication logic together. Currently it
allows to use a public key to verify the admin access.

Signed-off-by: Xynnn007 <[email protected]>

The resource module brings all resource storage logic together thus
helps modularization. Also, it changes both `read_secret_resource` and
`write_secret_resource` to Fn rather than FnMut. This leaves the
synchronization handling to concrete underlying plugins, thus promote
the performance because we can avoid a global Mutex.

Signed-off-by: Xynnn007 <[email protected]>

The Plugins module could provide a plugin way for developers to extend
the ability of KBS client APIs. This also provides a Sample
implementation for example.

Signed-off-by: Xynnn007 <[email protected]>

This is mostly a refactoring patch for KBS. It brings API serving into
one function, and will perform different sub-function due to the
requested plugin name.

This also changes all configuration codes to have a default value.

This patch would have some compatibility issue as it changes the old
configuration format. The old configuration format is not well
classified. This patch tidies the configuration items.

Signed-off-by: Xynnn007 <[email protected]>

This patch fixes example configurations of KBS inside this codebase.
Also, it fixes the CI test.

Signed-off-by: Xynnn007 <[email protected]>

Signed-off-by: Xynnn007 <[email protected]>

Now the KBS could be built with support for all backend ASes and enable
one of them runtimely due to configuration file.

Signed-off-by: Xynnn007 <[email protected]>

Signed-off-by: Xynnn007 <[email protected]>

Signed-off-by: Xynnn007 <[email protected]>