canic_core/api/auth/
root.rs1use super::AuthApi;
8use crate::{
9 cdk::types::Principal,
10 dto::{
11 auth::{
12 RootDelegationProofBatchProof, RootIssuerPolicyResponse, RootIssuerPolicyUpsertRequest,
13 RootIssuerRenewalStatusRequest, RootIssuerRenewalStatusResponse,
14 RootIssuerRenewalTemplateResponse, RootIssuerRenewalTemplateUpsertRequest,
15 },
16 error::Error,
17 },
18 ops::{auth::AuthOps, ic::IcOps, runtime::env::EnvOps},
19 workflow::runtime::auth::RuntimeAuthWorkflow,
20};
21
22impl AuthApi {
23 pub fn upsert_root_issuer_policy_root(
25 request: RootIssuerPolicyUpsertRequest,
26 ) -> Result<RootIssuerPolicyResponse, Error> {
27 EnvOps::require_root().map_err(Error::from)?;
28 AuthOps::upsert_root_issuer_policy(request, IcOps::now_nanos())
29 .map_err(Self::map_auth_error)
30 }
31
32 pub fn upsert_root_issuer_renewal_template_root(
34 request: RootIssuerRenewalTemplateUpsertRequest,
35 ) -> Result<RootIssuerRenewalTemplateResponse, Error> {
36 EnvOps::require_root().map_err(Error::from)?;
37 let response = AuthOps::upsert_root_issuer_renewal_template(request, IcOps::now_nanos())
38 .map_err(Self::map_auth_error)?;
39 if response.template.enabled {
40 RuntimeAuthWorkflow::start_root_delegation_renewal_timer_soon_if_configured()
41 .map_err(Self::map_auth_error)?;
42 }
43 Ok(response)
44 }
45
46 pub fn root_issuer_renewal_status_root(
48 request: RootIssuerRenewalStatusRequest,
49 ) -> Result<RootIssuerRenewalStatusResponse, Error> {
50 EnvOps::require_root().map_err(Error::from)?;
51 Ok(AuthOps::root_issuer_renewal_status(request))
52 }
53
54 pub async fn get_or_create_chain_key_delegation_proof_root()
56 -> Result<RootDelegationProofBatchProof, Error> {
57 EnvOps::require_root().map_err(Error::from)?;
58 RuntimeAuthWorkflow::get_or_create_chain_key_delegation_proof_for_issuer_root(
59 IcOps::msg_caller(),
60 )
61 .await
62 .map_err(Self::map_auth_error)
63 }
64
65 pub async fn provision_chain_key_delegation_proof_for_issuer_root(
70 issuer_pid: Principal,
71 ) -> Result<(), Error> {
72 EnvOps::require_root().map_err(Error::from)?;
73 RuntimeAuthWorkflow::provision_chain_key_delegation_proof_for_issuer_root(issuer_pid)
74 .await
75 .map_err(Self::map_auth_error)
76 }
77}