Struct krill::daemon::ca::ResourceClass

pub struct ResourceClass { /* fields omitted */ }

A CA may have multiple parents, e.g. two RIRs, and it may not get all its resource entitlements in one set, but in a number of so-called "resource classes".

Each ResourceClass has a namespace, which can be anything, but for Krill is based on the name of the parent ca, and the name of the resource class under that parent.

Furthermore a resource class manages the key life cycle, and certificates for each key, as well as products that need to be issued by the 'current' key for this class.

Implementations

impl ResourceClass

Creating new instances

pub fn create(
    name: ResourceClassName,
    name_space: String,
    parent_handle: ParentHandle,
    parent_rc_name: ResourceClassName,
    pending_key: KeyIdentifier
) -> Self

Creates a new ResourceClass with a single pending key only.

pub fn for_ta(
    parent_rc_name: ResourceClassName,
    pending_key: KeyIdentifier
) -> Self

impl ResourceClass

Data Access

pub fn name_space(&self) -> &str

pub fn parent_handle(&self) -> &ParentHandle

Returns the name of the parent where we got this RC from.

pub fn parent_rc_name(&self) -> &ResourceClassName

Returns the name that the parent uses for this RC.

pub fn add_request(&mut self, key_id: KeyIdentifier, req: IssuanceRequest)

Adds a request to an existing key for future reference.

pub fn current_certificate(&self) -> Option<&RcvdCert>

Returns the current certificate, if there is any

pub fn current_resources(&self) -> Option<&ResourceSet>

Returns the current resources for this resource class

pub fn current_key(&self) -> Option<&CurrentKey>

Returns a reference to current key for this RC, if there is any.

pub fn get_current_key(&self) -> KrillResult<&CurrentKey>

pub fn get_new_key(&self) -> KrillResult<&NewKey>

Gets the new key for a key roll, or returns an error if there is none.

pub fn current_objects(&self) -> CurrentObjects

pub fn as_info(&self) -> ResourceClassInfo

Returns a ResourceClassInfo for this, which contains all the same data, but which does not have any behaviour.

impl ResourceClass

Request certificates

pub fn update_received_cert<S: Signer>(
    &self,
    rcvd_cert: RcvdCert,
    repo_info: &RepoInfo,
    signer: &S
) -> KrillResult<Vec<EvtDet>>

Returns event details for receiving the certificate.

pub fn make_entitlement_events<S: Signer>(
    &self,
    entitlement: &EntitlementClass,
    base_repo: &RepoInfo,
    signer: &S
) -> KrillResult<Vec<EvtDet>>

Request certificates for any key that needs it. Also, create revocation events for any unexpected keys to recover from issues where the parent believes we have keys that we do not know. This can happen in corner cases where re-initialisation of Krill as a child is done without proper revocation at the parent, or as is the case with ARIN - Krill is sometimes told to just drop all resources.

pub fn make_request_events_new_repo<S: Signer>(
    &self,
    base_repo: &RepoInfo,
    signer: &S
) -> KrillResult<Vec<EvtDet>>

Request new certificates for all keys when the base repo changes.

pub fn cert_requests(&self) -> Vec<IssuanceRequest>

This function returns all current certificate requests.

pub fn revoke_request(&self) -> Option<&RevocationRequest>

Returns the revocation request for the old key, if it exists.

impl ResourceClass

Publishing

pub fn apply_delta(
    &mut self,
    delta: CurrentObjectSetDelta,
    key_id: KeyIdentifier
)

Applies a publication delta to the appropriate key in this resource class.

pub fn publish_objects<S: Signer>(
    &self,
    repo_info: &RepoInfo,
    objects_delta: ObjectsDelta,
    new_revocations: Vec<Revocation>,
    mode: &PublishMode,
    signer: &S
) -> KrillResult<EvtDet>

Publish/update/withdraw objects under the key, determined by the [PublishMode]. Will revoke updated and withdrawn objects under the correct key as well, i.e. when activating a new key objects will be re-published and updated in terms of publication, but will only be revoked under the old key.

pub fn republish<S: Signer>(
    &self,
    authorizations: &[RouteAuthorization],
    repo_info: &RepoInfo,
    mode: &PublishMode,
    signer: &S
) -> KrillResult<Vec<EvtDet>>

Republish all keys in this class (that want it). Also update ROAs as needed.

pub fn republish_certs<S: Signer>(
    &self,
    issued_certs: &[&IssuedCert],
    removed_certs: &[&Cert],
    repo_info: &RepoInfo,
    signer: &S
) -> KrillResult<HashMap<KeyIdentifier, CurrentObjectSetDelta>>

Create a publish event details including the revocations, update, withdrawals needed for updating child certificates.

pub fn all_objects(&self, base_repo: &RepoInfo) -> Vec<PublishElement>

impl ResourceClass

Removing a resource class

pub fn withdraw(&self, base_repo: &RepoInfo) -> ObjectsDelta

Returns withdraws for all current objects, for when this resource class needs to be removed.

pub fn revoke<S: Signer>(
    &self,
    signer: &S
) -> KrillResult<Vec<RevocationRequest>>

Returns revocation requests for all certified keys in this resource class.

impl ResourceClass

Key Life Cycle and Receiving Certificates

pub fn received_cert(&mut self, key_id: KeyIdentifier, cert: RcvdCert)

This function marks a certificate as received.

pub fn pending_key_added(&mut self, key_id: KeyIdentifier)

Adds a pending key.

pub fn pending_key_to_new(&mut self, new: CertifiedKey)

Moves a pending key to new

pub fn pending_key_to_active(&mut self, new: CertifiedKey)

Moves a pending key to current

pub fn new_key_activated(&mut self, revoke_req: RevocationRequest)

Activates the new key

pub fn old_key_removed(&mut self)

Removes the old key, we return the to the state where there is one active key.

pub fn keyroll_initiate<S: Signer>(
    &self,
    base_repo: &RepoInfo,
    duration: Duration,
    signer: &mut S
) -> KrillResult<Vec<EvtDet>>

Initiate a key roll

pub fn keyroll_activate<S: Signer>(
    &self,
    repo_info: &RepoInfo,
    staging: Duration,
    signer: &S
) -> KrillResult<Vec<EvtDet>>

Activate a new key, if it's been longer than the staging period.

pub fn keyroll_finish(&self, base_repo: &RepoInfo) -> KrillResult<EvtDet>

Finish a key roll, withdraw the old key

impl ResourceClass

Issuing certificates

pub fn issue_cert<S: Signer>(
    &self,
    csr: CsrInfo,
    child_resources: &ResourceSet,
    limit: RequestResourceLimit,
    signer: &S
) -> KrillResult<IssuedCert>

Makes a single CA certificate and wraps it in an issuance response.

Will use the intersection of the requested child resources, and the resources actually held by the this resource class. An error will be returned if a ResourceRequestLimit was used that includes resources that are not in this intersection.

Note that this certificate still needs to be added to this RC by calling the update_certs function.

pub fn certificate_issued(&mut self, issued: IssuedCert)

Stores an IssuedCert

pub fn issued(&self, ki: &KeyIdentifier) -> Option<&IssuedCert>

Returns an issued certificate for a key, if it exists

pub fn key_revoked(&mut self, key: &KeyIdentifier)

Removes a revoked key.

impl ResourceClass

ROAs

pub fn update_roas<S: Signer>(
    &self,
    auths: &[RouteAuthorization],
    mode: &PublishMode,
    signer: &S
) -> KrillResult<RoaUpdates>

Updates the ROAs in accordance with the current authorizations, and the target resources and key determined by the PublishMode.

pub fn roas_updated(&mut self, updates: RoaUpdates)

Marks the ROAs as updated from a RoaUpdated event.

Trait Implementations

impl Clone for ResourceClass

fn clone(&self) -> ResourceClass

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ResourceClass

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for ResourceClass

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Eq for ResourceClass

impl PartialEq<ResourceClass> for ResourceClass

fn eq(&self, other: &ResourceClass) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &ResourceClass) -> bool

This method tests for !=.

impl Serialize for ResourceClass

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.

impl StructuralEq for ResourceClass

impl StructuralPartialEq for ResourceClass