canic-core 0.41.11

Canic — a canister orchestration and management toolkit for the Internet Computer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

use crate::{
    cdk::types::Principal,
    dto::auth::{
        AttestationKeySet, DelegationProof, DelegationProofIssueRequest,
        InternalInvocationProofRequest, RoleAttestationRequest, SignedInternalInvocationProofV1,
        SignedRoleAttestation,
    },
    error::InternalError,
    ops::rpc::RpcOps,
    protocol,
};
use candid::CandidType;
use serde::de::DeserializeOwned;

///
/// RootAuthMaterialClient
///
pub(super) struct RootAuthMaterialClient {
    root_pid: Principal,
}

impl RootAuthMaterialClient {
    const ATTESTATION_KEY_SET: RootAuthMaterialEndpoint =
        RootAuthMaterialEndpoint::structural_bootstrap(protocol::CANIC_ATTESTATION_KEY_SET);
    const DELEGATION: RootAuthMaterialEndpoint =
        RootAuthMaterialEndpoint::structural_bootstrap(protocol::CANIC_REQUEST_DELEGATION);
    const INTERNAL_INVOCATION_PROOF: RootAuthMaterialEndpoint =
        RootAuthMaterialEndpoint::structural_bootstrap(
            protocol::CANIC_REQUEST_INTERNAL_INVOCATION_PROOF,
        );
    const ROLE_ATTESTATION: RootAuthMaterialEndpoint =
        RootAuthMaterialEndpoint::structural_bootstrap(protocol::CANIC_REQUEST_ROLE_ATTESTATION);
    #[cfg(test)]
    const ENDPOINTS: &[RootAuthMaterialEndpoint] = &[
        Self::ATTESTATION_KEY_SET,
        Self::DELEGATION,
        Self::INTERNAL_INVOCATION_PROOF,
        Self::ROLE_ATTESTATION,
    ];

    pub(super) const fn new(root_pid: Principal) -> Self {
        Self { root_pid }
    }

    pub(super) async fn request_delegation(
        &self,
        request: DelegationProofIssueRequest,
    ) -> Result<DelegationProof, InternalError> {
        self.call_rpc_result(Self::DELEGATION, request).await
    }

    pub(super) async fn request_role_attestation(
        &self,
        request: RoleAttestationRequest,
    ) -> Result<SignedRoleAttestation, InternalError> {
        self.call_rpc_result(Self::ROLE_ATTESTATION, request).await
    }

    pub(super) async fn request_internal_invocation_proof(
        &self,
        request: InternalInvocationProofRequest,
    ) -> Result<SignedInternalInvocationProofV1, InternalError> {
        self.call_rpc_result(Self::INTERNAL_INVOCATION_PROOF, request)
            .await
    }

    pub(super) async fn attestation_key_set(&self) -> Result<AttestationKeySet, InternalError> {
        self.call_rpc_result(Self::ATTESTATION_KEY_SET, ()).await
    }

    async fn call_rpc_result<T, A>(
        &self,
        endpoint: RootAuthMaterialEndpoint,
        arg: A,
    ) -> Result<T, InternalError>
    where
        T: CandidType + DeserializeOwned,
        A: CandidType,
    {
        debug_assert!(endpoint.is_structural_bootstrap());
        RpcOps::call_rpc_result(self.root_pid, endpoint.method, arg).await
    }
}

///
/// RootAuthMaterialEndpoint
///
#[derive(Clone, Copy)]
struct RootAuthMaterialEndpoint {
    method: &'static str,
    class: RootAuthMaterialEndpointClass,
}

impl RootAuthMaterialEndpoint {
    const fn structural_bootstrap(method: &'static str) -> Self {
        Self {
            method,
            class: RootAuthMaterialEndpointClass::StructuralBootstrap,
        }
    }

    const fn is_structural_bootstrap(&self) -> bool {
        matches!(
            self.class,
            RootAuthMaterialEndpointClass::StructuralBootstrap
        )
    }
}

///
/// RootAuthMaterialEndpointClass
///
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
enum RootAuthMaterialEndpointClass {
    StructuralBootstrap,
}

#[cfg(test)]
mod tests {
    use super::{RootAuthMaterialClient, RootAuthMaterialEndpointClass};
    use crate::protocol;
    use std::collections::BTreeSet;

    #[test]
    fn root_auth_material_client_endpoint_table_is_structural_bootstrap_only() {
        let expected = BTreeSet::from([
            protocol::CANIC_ATTESTATION_KEY_SET,
            protocol::CANIC_REQUEST_DELEGATION,
            protocol::CANIC_REQUEST_INTERNAL_INVOCATION_PROOF,
            protocol::CANIC_REQUEST_ROLE_ATTESTATION,
        ]);
        let actual = RootAuthMaterialClient::ENDPOINTS
            .iter()
            .inspect(|endpoint| {
                assert_eq!(
                    endpoint.class,
                    RootAuthMaterialEndpointClass::StructuralBootstrap
                );
            })
            .map(|endpoint| endpoint.method)
            .collect::<BTreeSet<_>>();

        assert_eq!(actual, expected);
        assert_eq!(
            actual.len(),
            RootAuthMaterialClient::ENDPOINTS.len(),
            "root auth material client endpoint methods must be unique"
        );
    }
}