Skip to main content

CrossRegistryResolver

acdp_client::cross_registry

Struct CrossRegistryResolver 

Source 
pub struct CrossRegistryResolver { /* private fields */ }
Expand description

Resolver for cross-registry references.

Holds a WebResolver for DID lookups and caches a RegistryClient

  • capabilities document per authority for the lifetime of the resolver.

The SsrfPolicy is consulted on every URL the resolver constructs (RFC-ACDP-0006 §7.1, §7.2).

Implementations§

Source§

impl CrossRegistryResolver

Source

pub fn new() -> Self

Build a resolver with default settings: no allowlist, depth 10, HTTPS-only / no IP literals SSRF policy.

Source

pub fn with_ssrf_policy(self, policy: SsrfPolicy) -> Self

Override the SsrfPolicy applied to outbound URLs.

Useful for test environments that need to allow http:// or IP-literal hosts. Production deployments SHOULD keep the default.

Source

pub fn with_max_depth(self, depth: usize) -> Self

Cap the number of derived_from hops walked in a single Self::walk_derived_from call.

Source

pub fn with_options(self, options: ResolverOptions) -> Self

Replace the complete options struct (overrides every individual with_* setter that wasn’t already applied).

Source

pub fn options(&self) -> &ResolverOptions

Borrow the active options. Useful for tests + telemetry.

Source

pub fn with_did_resolver(self, resolver: WebResolver) -> Self

Override the WebResolver used for DID document lookups.

Primary use is supplying a WebResolver::with_root_cert_pem instance in tests so a self-signed mock can answer DID-document requests for did:web:localhost%3A<port>. Production callers do not need this — the default resolver trusts the system CA bundle.

Source

pub fn seed_client(&self, authority: impl Into<String>, client: RegistryClient)

Pre-populate the per-authority RegistryClient cache.

Primary use is the conformance harness: tests supply a client whose HTTP layer trusts the in-process TLS server’s self-signed root certificate (via RegistryClient::with_root_cert_pem), so the resolver hits the mock instead of attempting a real network call. The seeded client wins over the lazy RegistryClient::new_pinned constructor that Self::resolve would otherwise invoke on first access.

Source

pub fn with_allowlist<I, S>(self, authorities: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Restrict cross-registry resolution to a fixed set of authorities (lowercase DNS hostnames). When set, any reference outside the allowlist is rejected with AcdpError::CrossRegistryResolutionFailed.

Source

pub async fn resolve( &self, ctx_id: &CtxId, ) -> Result<VerifiedContext, AcdpError>

Resolve a single cross-registry CtxId end-to-end.

Steps 1–6 of RFC-ACDP-0006 §4.1: parse, fetch capabilities, verify the registry DID and its DID document’s web binding, retrieve, recompute hash, verify signature. The SsrfPolicy is checked first so a hostile authority cannot drive an internal-network request.

Source

pub async fn walk_derived_from( &self, body: &Body, ) -> Result<Vec<VerifiedContext>, AcdpError>

Walk the derived_from graph rooted at body with cycle detection, a per-edge depth cap of ResolverOptions::max_depth, a total- nodes cap of max_nodes, a per-context fanout cap of max_fanout, and a wall-clock total_timeout. Returns each verified ancestor (excluding the root). Breadth-first; closer ancestors are returned first.

Trait Implementations§

Source§

impl Default for CrossRegistryResolver

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more