canic_core/api/auth/
root.rs1use super::AuthApi;
8use crate::{
9 dto::{
10 auth::{
11 RootDelegationProofBatchProof, RootIssuerPolicyResponse, RootIssuerPolicyUpsertRequest,
12 RootIssuerRenewalStatusRequest, RootIssuerRenewalStatusResponse,
13 RootIssuerRenewalTemplateResponse, RootIssuerRenewalTemplateUpsertRequest,
14 },
15 error::Error,
16 },
17 ops::{auth::AuthOps, ic::IcOps, runtime::env::EnvOps},
18 workflow::runtime::auth::RuntimeAuthWorkflow,
19};
20
21impl AuthApi {
22 pub fn upsert_root_issuer_policy_root(
24 request: RootIssuerPolicyUpsertRequest,
25 ) -> Result<RootIssuerPolicyResponse, Error> {
26 EnvOps::require_root().map_err(Error::from)?;
27 AuthOps::upsert_root_issuer_policy(request, IcOps::now_nanos())
28 .map_err(Self::map_auth_error)
29 }
30
31 pub fn upsert_root_issuer_renewal_template_root(
33 request: RootIssuerRenewalTemplateUpsertRequest,
34 ) -> Result<RootIssuerRenewalTemplateResponse, Error> {
35 EnvOps::require_root().map_err(Error::from)?;
36 let response = AuthOps::upsert_root_issuer_renewal_template(request, IcOps::now_nanos())
37 .map_err(Self::map_auth_error)?;
38 if response.template.enabled {
39 RuntimeAuthWorkflow::start_root_delegation_renewal_timer_soon_if_configured()
40 .map_err(Self::map_auth_error)?;
41 }
42 Ok(response)
43 }
44
45 pub fn root_issuer_renewal_status_root(
47 request: RootIssuerRenewalStatusRequest,
48 ) -> Result<RootIssuerRenewalStatusResponse, Error> {
49 EnvOps::require_root().map_err(Error::from)?;
50 Ok(AuthOps::root_issuer_renewal_status(request))
51 }
52
53 pub async fn get_or_create_chain_key_delegation_proof_root()
55 -> Result<RootDelegationProofBatchProof, Error> {
56 EnvOps::require_root().map_err(Error::from)?;
57 RuntimeAuthWorkflow::get_or_create_chain_key_delegation_proof_for_issuer_root(
58 IcOps::msg_caller(),
59 )
60 .await
61 .map_err(Self::map_auth_error)
62 }
63}