[−][src]Struct krill::daemon::ca::CaServer
Implementations
impl<S: Signer> CaServer<S>
[src]
pub fn build(
work_dir: &PathBuf,
rfc8181_log_dir: Option<&PathBuf>,
rfc6492_log_dir: Option<&PathBuf>,
events_queue: Arc<EventQueueListener>,
signer: Arc<RwLock<S>>
) -> KrillResult<Self>
[src]
work_dir: &PathBuf,
rfc8181_log_dir: Option<&PathBuf>,
rfc6492_log_dir: Option<&PathBuf>,
events_queue: Arc<EventQueueListener>,
signer: Arc<RwLock<S>>
) -> KrillResult<Self>
Builds a new CaServer. Will return an error if the TA store cannot be initialised.
pub fn get_trust_anchor(&self) -> KrillResult<Arc<CertAuth<S>>>
[src]
Gets the TrustAnchor, if present. Returns an error if the TA is uninitialized.
pub fn init_ta(
&self,
info: RepoInfo,
ta_aia: Rsync,
ta_uris: Vec<Https>
) -> KrillResult<()>
[src]
&self,
info: RepoInfo,
ta_aia: Rsync,
ta_uris: Vec<Https>
) -> KrillResult<()>
Initialises an embedded trust anchor with all resources.
pub fn republish_all(&self) -> KrillResult<()>
[src]
Republish the embedded TA and CAs if needed, i.e. if they are close to their next update time.
pub fn republish(&self, handle: &Handle) -> KrillResult<()>
[src]
Republish a CA, this is a no-op when there is nothing to publish.
pub fn update_repo(
&self,
handle: Handle,
new_contact: RepositoryContact
) -> KrillResult<()>
[src]
&self,
handle: Handle,
new_contact: RepositoryContact
) -> KrillResult<()>
Update repository where a CA publishes.
pub fn remove_old_repo(&self, handle: &Handle) -> KrillResult<()>
[src]
Clean up old repo, if present.
pub async fn refresh_all<'_>(&'_ self)
[src]
Refresh all CAs: ask for updates and shrink as needed.
pub fn ca_add_child(
&self,
parent: &ParentHandle,
req: AddChildRequest,
service_uri: &Https
) -> KrillResult<ParentCaContact>
[src]
&self,
parent: &ParentHandle,
req: AddChildRequest,
service_uri: &Https
) -> KrillResult<ParentCaContact>
Adds a child under an embedded CA
pub fn ca_parent_contact(
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> KrillResult<ParentCaContact>
[src]
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> KrillResult<ParentCaContact>
Show a contact for a child. Shows "embedded" if the parent does not know any id cert for the child.
pub fn ca_parent_response(
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> KrillResult<ParentResponse>
[src]
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> KrillResult<ParentResponse>
Gets an RFC8183 Parent Response for the child, regardless of whether the parent knows the ID certificate for this child. Note: a child can be updated and an ID cert can be added at all times.
pub fn ca_show_child(
&self,
parent: &ParentHandle,
child: &ChildHandle
) -> KrillResult<ChildCaInfo>
[src]
&self,
parent: &ParentHandle,
child: &ChildHandle
) -> KrillResult<ChildCaInfo>
Show details for a child under the TA.
pub fn ca_child_update(
&self,
handle: &Handle,
child: ChildHandle,
req: UpdateChildRequest
) -> KrillResult<()>
[src]
&self,
handle: &Handle,
child: ChildHandle,
req: UpdateChildRequest
) -> KrillResult<()>
Update a child under this CA.
pub fn ca_child_remove(
&self,
handle: &Handle,
child: ChildHandle
) -> KrillResult<()>
[src]
&self,
handle: &Handle,
child: ChildHandle
) -> KrillResult<()>
Update a child under this CA.
impl<S: Signer> CaServer<S>
[src]
pub fn get_ca(&self, handle: &Handle) -> KrillResult<Arc<CertAuth<S>>>
[src]
Gets a CA by the given handle, returns an Err(ServerError::UnknownCA)
if it
does not exist.
pub fn get_ca_history(
&self,
handle: &Handle,
crit: CommandHistoryCriteria
) -> KrillResult<CommandHistory>
[src]
&self,
handle: &Handle,
crit: CommandHistoryCriteria
) -> KrillResult<CommandHistory>
Gets the history for a CA.
pub fn get_ca_command_details(
&self,
handle: &Handle,
command: CommandKey
) -> KrillResult<Option<CaCommandDetails>>
[src]
&self,
handle: &Handle,
command: CommandKey
) -> KrillResult<Option<CaCommandDetails>>
Shows the details for a CA command
pub fn has_ca(&self, handle: &Handle) -> bool
[src]
Checks whether a CA by the given handle exists.
pub fn rfc6492(
&self,
ca_handle: &Handle,
msg_bytes: Bytes
) -> KrillResult<Bytes>
[src]
&self,
ca_handle: &Handle,
msg_bytes: Bytes
) -> KrillResult<Bytes>
Processes an RFC6492 sent to this CA.
pub fn list(&self, parent: &Handle, child: &Handle) -> KrillResult<Entitlements>
[src]
List the entitlements for a child: 3.3.2 of RFC6492
pub fn issue(
&self,
parent: &Handle,
child: &ChildHandle,
issue_req: IssuanceRequest
) -> KrillResult<IssuanceResponse>
[src]
&self,
parent: &Handle,
child: &ChildHandle,
issue_req: IssuanceRequest
) -> KrillResult<IssuanceResponse>
Issue a Certificate in response to a Certificate Issuance request
See: https://tools.ietf.org/html/rfc6492#section3.4.1-2
pub fn revoke(
&self,
ca_handle: &Handle,
child: ChildHandle,
revoke_request: RevocationRequest
) -> KrillResult<RevocationResponse>
[src]
&self,
ca_handle: &Handle,
child: ChildHandle,
revoke_request: RevocationRequest
) -> KrillResult<RevocationResponse>
See: https://tools.ietf.org/html/rfc6492#section3.5.1-2
pub fn ca_list(&self) -> CertAuthList
[src]
Get the current CAs
pub fn init_ca(&self, handle: &Handle) -> KrillResult<()>
[src]
Initialises a CA without a repo, no parents, no children, no nothing
pub fn ca_update_id(&self, handle: Handle) -> KrillResult<()>
[src]
pub fn ca_parent_add(
&self,
handle: Handle,
parent: ParentCaReq
) -> KrillResult<()>
[src]
&self,
handle: Handle,
parent: ParentCaReq
) -> KrillResult<()>
Adds a parent to a CA
pub fn ca_parent_update(
&self,
handle: Handle,
parent: ParentHandle,
contact: ParentCaContact
) -> KrillResult<()>
[src]
&self,
handle: Handle,
parent: ParentHandle,
contact: ParentCaContact
) -> KrillResult<()>
Updates a parent of a CA
pub fn ca_parent_remove(
&self,
handle: Handle,
parent: ParentHandle
) -> KrillResult<()>
[src]
&self,
handle: Handle,
parent: ParentHandle
) -> KrillResult<()>
Removes a parent from a CA
pub fn ca_keyroll_init(
&self,
handle: Handle,
max_age: Duration
) -> KrillResult<()>
[src]
&self,
handle: Handle,
max_age: Duration
) -> KrillResult<()>
Perform a key roll for all active keys in a CA older than the specified duration.
pub fn ca_keyroll_activate(
&self,
handle: Handle,
staging: Duration
) -> KrillResult<()>
[src]
&self,
handle: Handle,
staging: Duration
) -> KrillResult<()>
Activate a new key, as part of the key roll process (RFC6489). Only new keys that have an age equal to or greater than the staging period are promoted. The RFC mandates a staging period of 24 hours, but we may use a shorter period for testing and/or emergency manual key rolls.
pub async fn get_updates_for_all_cas<'_>(&'_ self) -> KrillResult<()>
[src]
Try to get updates for all embedded CAs, will skip the TA and/or CAs that have no parents. Will try to process all and log possible errors, i.e. do not bail out because of issues with one CA.
pub async fn get_delayed_updates<'_, '_>(
&'_ self,
ca_handle: &'_ Handle
) -> KrillResult<()>
[src]
&'_ self,
ca_handle: &'_ Handle
) -> KrillResult<()>
Try to get update for parents, if they were delayed because there was no repository configured when they were added
pub async fn get_updates_from_parent<'_, '_, '_>(
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle
) -> KrillResult<()>
[src]
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle
) -> KrillResult<()>
Try to update a specific CA
pub async fn send_requests<'_, '_, '_>(
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle
) -> KrillResult<()>
[src]
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle
) -> KrillResult<()>
Sends requests to a specific parent for the CA matching handle.
pub async fn send_all_requests<'_, '_>(
&'_ self,
handle: &'_ Handle
) -> KrillResult<()>
[src]
&'_ self,
handle: &'_ Handle
) -> KrillResult<()>
Sends requests to all parents for the CA matching the handle.
pub async fn send_revoke_requests<'_, '_, '_>(
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle,
revoke_requests: HashMap<ResourceClassName, Vec<RevocationRequest>>
) -> KrillResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>
[src]
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle,
revoke_requests: HashMap<ResourceClassName, Vec<RevocationRequest>>
) -> KrillResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>
pub async fn send_revoke_unexpected_key<'_, '_>(
&'_ self,
handle: &'_ Handle,
rcn: ResourceClassName,
revocation: RevocationRequest
) -> KrillResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>
[src]
&'_ self,
handle: &'_ Handle,
rcn: ResourceClassName,
revocation: RevocationRequest
) -> KrillResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>
pub async fn get_entitlements_from_parent_and_contact<'_, '_, '_, '_>(
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle,
contact: &'_ ParentCaContact
) -> KrillResult<Entitlements>
[src]
&'_ self,
handle: &'_ Handle,
parent: &'_ ParentHandle,
contact: &'_ ParentCaContact
) -> KrillResult<Entitlements>
impl<S: Signer> CaServer<S>
[src]
pub async fn send_rfc8181_list<'_, '_, '_>(
&'_ self,
ca_handle: &'_ Handle,
repository: &'_ RepositoryResponse
) -> KrillResult<ListReply>
[src]
&'_ self,
ca_handle: &'_ Handle,
repository: &'_ RepositoryResponse
) -> KrillResult<ListReply>
pub async fn send_rfc8181_delta<'_, '_, '_>(
&'_ self,
ca_handle: &'_ Handle,
repository: &'_ RepositoryResponse,
delta: PublishDelta
) -> KrillResult<()>
[src]
&'_ self,
ca_handle: &'_ Handle,
repository: &'_ RepositoryResponse,
delta: PublishDelta
) -> KrillResult<()>
impl<S: Signer> CaServer<S>
[src]
pub fn ca_routes_update(
&self,
handle: Handle,
updates: RouteAuthorizationUpdates
) -> KrillResult<()>
[src]
&self,
handle: Handle,
updates: RouteAuthorizationUpdates
) -> KrillResult<()>
Update the routes authorized by a CA
Trait Implementations
Auto Trait Implementations
impl<S> !RefUnwindSafe for CaServer<S>
impl<S> Send for CaServer<S>
impl<S> Sync for CaServer<S>
impl<S> Unpin for CaServer<S>
impl<S> !UnwindSafe for CaServer<S>
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,