Struct krill::daemon::ca::CertAuth

pub struct CertAuth<S: Signer> { /* fields omitted */ }

This type defines a Certification Authority at a slightly higher level than one might expect.

Implementations

impl<S: Signer> CertAuth<S>

Data presentation

pub fn as_ca_info(&self) -> CertAuthInfo

pub fn roa_definitions(&self) -> Vec<RoaDefinition>

pub fn child_request(&self) -> ChildRequest

pub fn publisher_request(&self) -> PublisherRequest

pub fn id_cert(&self) -> &IdCert

pub fn id_key(&self) -> &KeyIdentifier

pub fn handle(&self) -> &Handle

pub fn all_resources(&self) -> ResourceSet

impl<S: Signer> CertAuth<S>

Publishing

pub fn all_objects(&self) -> Vec<PublishElement>

pub fn get_repository_contact(&self) -> KrillResult<&RepositoryContact>

pub fn old_repository_contact(&self) -> Option<&RepositoryContact>

impl<S: Signer> CertAuth<S>

Being a parent

pub fn verify_rfc6492(&self, msg: SignedMessage) -> KrillResult<Message>

pub fn sign_rfc6492_response(
    &self,
    msg: Message,
    signer: &S
) -> KrillResult<Bytes>

pub fn list(&self, child_handle: &Handle) -> KrillResult<Entitlements>

List entitlements (section 3.3.2 of RFC6492). Return an error if the child is not authorized -- or unknown etc.

pub fn issuance_response(
    &self,
    child_handle: &Handle,
    class_name: &ResourceClassName,
    pub_key: &PublicKey
) -> KrillResult<IssuanceResponse>

Returns an issuance response for a child and a specific resource class name and public key for the issued certificate.

pub fn get_child(&self, child: &Handle) -> KrillResult<&ChildDetails>

Returns a child, or an error if the child is unknown.

pub fn children(&self) -> impl Iterator<Item = &ChildHandle>

Returns an iterator for the handles of all children under this CA.

impl<S: Signer> CertAuth<S>

Being a child

pub fn parents(&self) -> impl Iterator<Item = &ParentHandle>

List all parents

pub fn is_ta(&self) -> bool

Returns true if this CertAuth is set up as a TA.

pub fn parent(&self, parent: &ParentHandle) -> KrillResult<&ParentCaContact>

Gets the ParentCaContact for this ParentHandle. Returns an Err when the parent does not exist.

pub fn parent_for_rc(
    &self,
    rcn: &ResourceClassName
) -> KrillResult<&ParentHandle>

Find the parent for a given resource class name.

pub fn cert_requests(
    &self,
    parent_handle: &ParentHandle
) -> HashMap<ResourceClassName, Vec<IssuanceRequest>>

Get all the current open certificate requests for a parent. Returns an empty list if the parent is not found.

pub fn revoke_requests(
    &self,
    parent: &ParentHandle
) -> HashMap<ResourceClassName, Vec<RevocationRequest>>

Returns the open revocation requests for the given parent.

impl<S: Signer> CertAuth<S>

Publishing

pub fn republish(&self, signer: Arc<RwLock<S>>) -> KrillResult<Vec<Evt>>

Republish objects for this CA

pub fn update_repo(
    &self,
    new_contact: RepositoryContact,
    signer: Arc<RwLock<S>>
) -> KrillResult<Vec<Evt>>

Update repository:

• check that it is indeed different
• regenerate all objects under the new URI (CRL URIs updated)
• request new certs for all keys

Note that this will then trigger (asynchronous):

• updated objects synchronised with repository
• CSRs submitted to parent(s)

pub fn has_old_repo(&self) -> bool

Trait Implementations

impl<S: Signer> Aggregate for CertAuth<S>

type Command = Cmd<S>

type StorableCommandDetails = StorableCaCommand

type Event = Evt

type InitEvent = Ini

type Error = Error

fn init(event: Ini) -> KrillResult<Self>

Creates a new instance. Expects an event with data needed to initialise the instance. Typically this means that a specific 'create' event is passed, with all the needed data, or just an empty marker if no data is needed. Implementations must return an error in case the instance cannot be created.

fn version(&self) -> u64

Returns the current version of the aggregate.

fn apply(&mut self, event: Evt)

Applies the event to this. This MUST not result in any errors, and this MUST be side-effect free. Applying the event just updates the internal data of the aggregate.

fn process_command(&self, command: Cmd<S>) -> KrillResult<Vec<Evt>>

Processes a command. I.e. validate the command, and return a list of events that will result in the desired new state, but do not apply these event here.

fn apply_all(&mut self, events: Vec<Self::Event>)

Applies all events. Assumes that the list ordered, starting with the oldest event, applicable, self.version matches the oldest event, and contiguous, i.e. there are no missing events.

impl<S: Clone + Signer> Clone for CertAuth<S>

fn clone(&self) -> CertAuth<S>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<S: Debug + Signer> Debug for CertAuth<S>

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<'de, S: Signer> Deserialize<'de> for CertAuth<S>

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl<S: Signer> EventListener<CertAuth<S>> for EventQueueListener

Implement listening for CertAuth Published events.

fn listen(&self, _ca: &CertAuth<S>, event: &Evt)

impl<S: Signer> Serialize for CertAuth<S>

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.