Struct krill::daemon::ca::ResourceClass

source · 
pub struct ResourceClass { /* private fields */ }
Expand description

A CA may have multiple parents, e.g. two RIRs, and it may not get all its resource entitlements in one set, but in a number of so-called “resource classes”.

Each ResourceClass has a namespace, which can be anything, but for Krill is based on the name of the parent ca, and the name of the resource class under that parent.

Furthermore a resource class manages the key life cycle, and certificates for each key, as well as products that need to be issued by the ‘current’ key for this class.

Implementations§

source§

impl ResourceClass

Creating new instances

source

pub fn create( name: ResourceClassName, name_space: String, parent_handle: ParentHandle, parent_rc_name: ResourceClassName, pending_key: KeyIdentifier ) -> Self

Creates a new ResourceClass with a single pending key only.

source

pub fn for_ta( parent_rc_name: ResourceClassName, pending_key: KeyIdentifier ) -> Self

source§

impl ResourceClass

Data Access

source

pub fn name_space(&self) -> &str

source

pub fn parent_handle(&self) -> &ParentHandle

Returns the name of the parent where we got this RC from.

source

pub fn parent_rc_name(&self) -> &ResourceClassName

Returns the name that the parent uses for this RC.

source

pub fn add_request(&mut self, key_id: KeyIdentifier, req: IssuanceRequest)

Adds a request to an existing key for future reference.

source

pub fn current_certificate(&self) -> Option<&ReceivedCert>

Returns the current certificate, if there is any

source

pub fn current_resources(&self) -> Option<&ResourceSet>

Returns the current resources for this resource class

source

pub fn current_key(&self) -> Option<&CurrentKey>

Returns a reference to current key for this RC, if there is any.

source

pub fn get_current_key(&self) -> KrillResult<&CurrentKey>

source

pub fn key_roll_possible(&self) -> bool

source

pub fn get_new_key(&self) -> KrillResult<&NewKey>

Gets the new key for a key roll, or returns an error if there is none.

source

pub fn as_info(&self) -> ResourceClassInfo

Returns a ResourceClassInfo for this, which contains all the same data, but which does not have any behavior.

source§

impl ResourceClass

Support repository migrations

source

pub fn set_old_repo(&mut self, repo: RepoInfo)

source§

impl ResourceClass

Request certificates

source

pub fn update_received_cert( &self, handle: &CaHandle, rcvd_cert: ReceivedCert, all_routes: &Routes, all_aspas: &AspaDefinitions, all_bgpsecs: &BgpSecDefinitions, config: &Config, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>

Returns event details for receiving the certificate.

source

pub fn make_entitlement_events( &self, handle: &CaHandle, entitlement: &ResourceClassEntitlements, base_repo: &RepoInfo, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>

Request certificates for any key that needs it. Also, create revocation events for any unexpected keys to recover from issues where the parent believes we have keys that we do not know. This can happen in corner cases where re-initialization of Krill as a child is done without proper revocation at the parent, or as is the case with ARIN - Krill is sometimes told to just drop all resources.

source

pub fn make_request_events_new_repo( &self, base_repo: &RepoInfo, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>

Request new certificates for all keys when the base repo changes.

source

pub fn cert_requests(&self) -> Vec<IssuanceRequest>

This function returns all current certificate requests.

source

pub fn revoke_request(&self) -> Option<&RevocationRequest>

Returns the revocation request for the old key, if it exists.

source

pub fn has_pending_requests(&self) -> bool

source§

impl ResourceClass

Removing a resource class

source

pub fn revoke( &self, signer: &KrillSigner ) -> KrillResult<Vec<RevocationRequest>>

Returns revocation requests for all certified keys in this resource class.

source§

impl ResourceClass

Key Life Cycle and Receiving Certificates

source

pub fn received_cert(&mut self, key_id: KeyIdentifier, cert: ReceivedCert)

This function marks a certificate as received.

source

pub fn pending_key_id_added(&mut self, key_id: KeyIdentifier)

Adds a pending key.

source

pub fn pending_key_to_new(&mut self, new: CertifiedKey)

Moves a pending key to new

source

pub fn pending_key_to_active(&mut self, new: CertifiedKey)

Moves a pending key to current

source

pub fn new_key_activated(&mut self, revoke_req: RevocationRequest)

Activates the new key

source

pub fn old_key_removed(&mut self)

Removes the old key, we return the to the state where there is one active key.

source

pub fn keyroll_initiate( &self, base_repo: &RepoInfo, duration: Duration, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>

Initiate a key roll

source

pub fn keyroll_activate( &self, staging_time: Duration, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>

Activate a new key, if it’s been longer than the staging period.

source

pub fn keyroll_finish(&self) -> KrillResult<CertAuthEvent>

Finish a key roll, withdraw the old key

source§

impl ResourceClass

Issuing certificates

source

pub fn issue_cert( &self, csr: CsrInfo, child_resources: &ResourceSet, limit: RequestResourceLimit, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<IssuedCertificate>

Makes a single CA certificate and wraps it in an issuance response.

Will use the intersection of the requested child resources, and the resources actually held by the this resource class. An error will be returned if a ResourceRequestLimit was used that includes resources that are not in this intersection.

Note that this certificate still needs to be added to this RC by calling the update_certs function.

source

pub fn certificate_issued(&mut self, issued: IssuedCertificate)

Stores an IssuedCert

source

pub fn certificate_unsuspended(&mut self, unsuspended: UnsuspendedCert)

source

pub fn certificate_suspended(&mut self, suspended: SuspendedCert)

source

pub fn issued(&self, ki: &KeyIdentifier) -> Option<&IssuedCertificate>

Returns an issued certificate for a key, if it exists

source

pub fn suspended(&self, ki: &KeyIdentifier) -> Option<&SuspendedCert>

Returns a suspended certificate for a key, if it exists

source

pub fn key_revoked(&mut self, key: &KeyIdentifier)

Removes a revoked key.

source§

impl ResourceClass

ROAs

source

pub fn renew_roas( &self, force: bool, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<RoaUpdates>

Renew all ROAs under the current for which the not-after time closer than the given number of weeks

source

pub fn active_key_roas( &self, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<RoaUpdates>

Publish all ROAs under the new key

source

pub fn update_roas( &self, routes: &Routes, config: &Config, signer: &KrillSigner ) -> KrillResult<RoaUpdates>

Updates the ROAs in accordance with the current authorizations

source

pub fn roas_updated(&mut self, updates: RoaUpdates)

Marks the ROAs as updated from a RoaUpdated event.

source

pub fn matching_roa_infos(&self, config: &RoaConfiguration) -> Vec<RoaInfo>

find all matching ROA infos for the given configuration

source§

impl ResourceClass

Autonomous System Provider Authorization

source

pub fn renew_aspas( &self, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<AspaObjectsUpdates>

Renew all ASPA objects under the current for which the not-after time is closer than the given number of weeks

source

pub fn update_aspas( &self, all_aspas: &AspaDefinitions, config: &Config, signer: &KrillSigner ) -> KrillResult<AspaObjectsUpdates>

Updates the ASPA objects in accordance with the supplied definitions

source

pub fn aspa_objects_updated(&mut self, updates: AspaObjectsUpdates)

Apply ASPA object changes from events

source§

impl ResourceClass

BGPSec

source

pub fn update_bgpsec_certs( &self, definitions: &BgpSecDefinitions, config: &Config, signer: &KrillSigner ) -> KrillResult<BgpSecCertificateUpdates>

Updates the BGPSec certificates in accordance with the supplied definitions and the resources (still) held in this resource class

source

pub fn renew_bgpsec_certs( &self, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<BgpSecCertificateUpdates>

Renew BGPSec certificates that would expire otherwise.

source

pub fn bgpsec_certificates_updated(&mut self, updates: BgpSecCertificateUpdates)

Apply BGPSec Certificate changes from events

source§

impl ResourceClass

Resource Tagged Attestations (RTA)

source

pub fn create_rta_ee( &self, resources: &ResourceSet, validity: Validity, key: KeyIdentifier, signer: &KrillSigner ) -> KrillResult<Cert>

Create an EE certificate to be used on an RTA, returns None if there is no overlap in resources between the desired resources on the RTA and this ResourceClass current resources.

Trait Implementations§

source§

impl Clone for ResourceClass

source§

fn clone(&self) -> ResourceClass

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ResourceClass

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de> Deserialize<'de> for ResourceClass

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl PartialEq for ResourceClass

source§

fn eq(&self, other: &ResourceClass) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Serialize for ResourceClass

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
source§

impl Eq for ResourceClass

source§

impl StructuralEq for ResourceClass

source§

impl StructuralPartialEq for ResourceClass

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<'a, T> ToJmespath for T
where T: Serialize,

source§

fn to_jmespath(self) -> Result<Arc<Variable>, JmespathError>

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

source§

impl<T> Storable for T
where T: Clone + Serialize + DeserializeOwned + 'static,