krill 0.16.0

Resource Public Key Infrastructure (RPKI) daemon
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

//! Resource Tagged Attestations.

use std::collections::HashMap;
use rpki::ca::provisioning::ResourceClassName;
use rpki::crypto::KeyIdentifier;
use rpki::repository::resources::ResourceSet;
use rpki::repository::x509::Validity;
use serde::{Deserialize, Serialize};
use crate::api::ca::{Revocation, RtaList, RtaName};
use crate::api::rta::ResourceTaggedAttestation; 
use crate::commons::KrillResult;
use crate::commons::error::Error;


//------------ Rtas ---------------------------------------------------------

/// The set of RTAs held by a CA.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
pub struct Rtas {
    /// The RTAs keyed by their name.
    map: HashMap<RtaName, RtaState>,
}

impl Rtas {
    /// Returns whether the set of RTAs is empty.
    pub fn is_empty(&self) -> bool {
        self.map.is_empty()
    }

    /// Returns a list of all current RTAs.
    pub fn list(&self) -> RtaList {
        RtaList::new(self.map.keys().cloned().collect())
    }

    /// Returns whether the set has an RTA with the given name.
    pub fn has(&self, name: &str) -> bool {
        self.map.contains_key(name)
    }

    /// Returns the RTA with the given name if it is already signed.
    ///
    /// Returns an error if there is no such RTA or if it is currently in
    /// prepared state.
    pub fn signed_rta(
        &self, name: &str,
    ) -> KrillResult<ResourceTaggedAttestation> {
        let state = self.map.get(name).ok_or_else(|| {
            Error::custom("Unknown RTA")
        })?;
        match state {
            RtaState::Signed(signed) => Ok(signed.rta.clone()),
            RtaState::Prepared(_) => {
                Err(Error::custom("RTA is not signed yet"))
            }
        }
    }

    /// Returns the prepare RTA with the given name.
    ///
    /// Returns an error if there is no such RTA or if it is already signed.
    pub fn prepared_rta(&self, name: &str) -> KrillResult<&PreparedRta> {
        let state = self.map.get(name).ok_or_else(|| {
            Error::custom("Unknown RTA")
        })?;
        match state {
            RtaState::Signed(_) => {
                Err(Error::custom("RTA was already signed"))
            }
            RtaState::Prepared(prepped) => Ok(prepped),
        }
    }

    /// Adds a prepared RTA with the given name.
    pub fn add_prepared(&mut self, name: RtaName, prepared: PreparedRta) {
        self.map.insert(name, RtaState::Prepared(prepared));
    }

    /// Adds a signed RTA with the given name.
    pub fn add_signed(&mut self, name: RtaName, signed: SignedRta) {
        self.map.insert(name, RtaState::Signed(signed));
    }
}


//------------ RtaState -----------------------------------------------------

/// The state of an RTA.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
enum RtaState {
    /// The RTA is currently being prepared.
    Prepared(PreparedRta),

    /// The RTA is signed and ready to go.
    Signed(SignedRta),
}


//------------ PreparedRta --------------------------------------------------

/// An RTA currently being prepared.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct PreparedRta {
    /// The resources contained in the RTA.
    resources: ResourceSet,

    /// The validity of the RTA.
    validity: Validity,

    /// The keys used to sign the RTA from the various resource classes.
    keys: HashMap<ResourceClassName, KeyIdentifier>,
}

impl PreparedRta {
    /// Creates a new prepared RTA.
    pub fn new(
        resources: ResourceSet,
        validity: Validity,
        keys: HashMap<ResourceClassName, KeyIdentifier>,
    ) -> Self {
        PreparedRta {
            resources,
            validity,
            keys,
        }
    }

    /// Returns the validity of the RTA.
    pub fn validity(&self) -> Validity {
        self.validity
    }

    /// Returns the resources of the RTA.
    pub fn resources(&self) -> &ResourceSet {
        &self.resources
    }

    /// Returns an iterator over the keys of the RTA.
    pub fn keys(&self) -> impl Iterator<Item = KeyIdentifier> + '_ {
        self.keys.values().copied()
    }

    /// Returns an iterator over the keys and their resource classes.
    pub fn rcn_keys(
        &self
    ) -> impl Iterator<Item = (&ResourceClassName, KeyIdentifier)> + '_ {
        self.keys.iter().map(|(rcn, key)| (rcn, *key))
    }
}


//------------ SignedRta -----------------------------------------------------

/// An RTA having been signed.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct SignedRta {
    /// The resources of the RTA.
    resources: ResourceSet,

    /// Revocation information for the various resource classes.
    revocation_info: HashMap<ResourceClassName, Revocation>,

    /// The actual RTA.
    rta: ResourceTaggedAttestation,
}

impl SignedRta {
    /// Creats a new signed RTA.
    pub fn new(
        resources: ResourceSet,
        revocation_info: HashMap<ResourceClassName, Revocation>,
        rta: ResourceTaggedAttestation,
    ) -> Self {
        SignedRta {
            resources,
            revocation_info,
            rta,
        }
    }

    /// Returns the resources of the RTA.
    pub fn resources(&self) -> &ResourceSet {
        &self.resources
    }
}