Struct krill::daemon::ca::ResourceClass
source · pub struct ResourceClass { /* private fields */ }
Expand description
A CA may have multiple parents, e.g. two RIRs, and it may not get all its resource entitlements in one set, but in a number of so-called “resource classes”.
Each ResourceClass has a namespace, which can be anything, but for Krill is based on the name of the parent ca, and the name of the resource class under that parent.
Furthermore a resource class manages the key life cycle, and certificates for each key, as well as products that need to be issued by the ‘current’ key for this class.
Implementations§
source§impl ResourceClass
impl ResourceClass
sourcepub fn create(
name: ResourceClassName,
name_space: String,
parent_handle: ParentHandle,
parent_rc_name: ResourceClassName,
pending_key: KeyIdentifier
) -> Self
pub fn create( name: ResourceClassName, name_space: String, parent_handle: ParentHandle, parent_rc_name: ResourceClassName, pending_key: KeyIdentifier ) -> Self
Creates a new ResourceClass with a single pending key only.
pub fn for_ta( parent_rc_name: ResourceClassName, pending_key: KeyIdentifier ) -> Self
source§impl ResourceClass
impl ResourceClass
pub fn name_space(&self) -> &str
sourcepub fn parent_handle(&self) -> &ParentHandle
pub fn parent_handle(&self) -> &ParentHandle
Returns the name of the parent where we got this RC from.
sourcepub fn parent_rc_name(&self) -> &ResourceClassName
pub fn parent_rc_name(&self) -> &ResourceClassName
Returns the name that the parent uses for this RC.
sourcepub fn add_request(&mut self, key_id: KeyIdentifier, req: IssuanceRequest)
pub fn add_request(&mut self, key_id: KeyIdentifier, req: IssuanceRequest)
Adds a request to an existing key for future reference.
sourcepub fn current_certificate(&self) -> Option<&ReceivedCert>
pub fn current_certificate(&self) -> Option<&ReceivedCert>
Returns the current certificate, if there is any
sourcepub fn current_resources(&self) -> Option<&ResourceSet>
pub fn current_resources(&self) -> Option<&ResourceSet>
Returns the current resources for this resource class
sourcepub fn current_key(&self) -> Option<&CurrentKey>
pub fn current_key(&self) -> Option<&CurrentKey>
Returns a reference to current key for this RC, if there is any.
pub fn get_current_key(&self) -> KrillResult<&CurrentKey>
pub fn key_roll_possible(&self) -> bool
sourcepub fn get_new_key(&self) -> KrillResult<&NewKey>
pub fn get_new_key(&self) -> KrillResult<&NewKey>
Gets the new key for a key roll, or returns an error if there is none.
sourcepub fn as_info(&self) -> ResourceClassInfo
pub fn as_info(&self) -> ResourceClassInfo
Returns a ResourceClassInfo for this, which contains all the same data, but which does not have any behavior.
source§impl ResourceClass
impl ResourceClass
pub fn set_old_repo(&mut self, repo: RepoInfo)
source§impl ResourceClass
impl ResourceClass
sourcepub fn update_received_cert(
&self,
handle: &CaHandle,
rcvd_cert: ReceivedCert,
all_routes: &Routes,
all_aspas: &AspaDefinitions,
all_bgpsecs: &BgpSecDefinitions,
config: &Config,
signer: &KrillSigner
) -> KrillResult<Vec<CertAuthEvent>>
pub fn update_received_cert( &self, handle: &CaHandle, rcvd_cert: ReceivedCert, all_routes: &Routes, all_aspas: &AspaDefinitions, all_bgpsecs: &BgpSecDefinitions, config: &Config, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>
Returns event details for receiving the certificate.
sourcepub fn make_entitlement_events(
&self,
handle: &CaHandle,
entitlement: &ResourceClassEntitlements,
base_repo: &RepoInfo,
signer: &KrillSigner
) -> KrillResult<Vec<CertAuthEvent>>
pub fn make_entitlement_events( &self, handle: &CaHandle, entitlement: &ResourceClassEntitlements, base_repo: &RepoInfo, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>
Request certificates for any key that needs it. Also, create revocation events for any unexpected keys to recover from issues where the parent believes we have keys that we do not know. This can happen in corner cases where re-initialization of Krill as a child is done without proper revocation at the parent, or as is the case with ARIN - Krill is sometimes told to just drop all resources.
sourcepub fn make_request_events_new_repo(
&self,
base_repo: &RepoInfo,
signer: &KrillSigner
) -> KrillResult<Vec<CertAuthEvent>>
pub fn make_request_events_new_repo( &self, base_repo: &RepoInfo, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>
Request new certificates for all keys when the base repo changes.
sourcepub fn cert_requests(&self) -> Vec<IssuanceRequest>
pub fn cert_requests(&self) -> Vec<IssuanceRequest>
This function returns all current certificate requests.
sourcepub fn revoke_request(&self) -> Option<&RevocationRequest>
pub fn revoke_request(&self) -> Option<&RevocationRequest>
Returns the revocation request for the old key, if it exists.
pub fn has_pending_requests(&self) -> bool
source§impl ResourceClass
impl ResourceClass
sourcepub fn revoke(
&self,
signer: &KrillSigner
) -> KrillResult<Vec<RevocationRequest>>
pub fn revoke( &self, signer: &KrillSigner ) -> KrillResult<Vec<RevocationRequest>>
Returns revocation requests for all certified keys in this resource class.
source§impl ResourceClass
impl ResourceClass
sourcepub fn received_cert(&mut self, key_id: KeyIdentifier, cert: ReceivedCert)
pub fn received_cert(&mut self, key_id: KeyIdentifier, cert: ReceivedCert)
This function marks a certificate as received.
sourcepub fn pending_key_id_added(&mut self, key_id: KeyIdentifier)
pub fn pending_key_id_added(&mut self, key_id: KeyIdentifier)
Adds a pending key.
sourcepub fn pending_key_to_new(&mut self, new: CertifiedKey)
pub fn pending_key_to_new(&mut self, new: CertifiedKey)
Moves a pending key to new
sourcepub fn pending_key_to_active(&mut self, new: CertifiedKey)
pub fn pending_key_to_active(&mut self, new: CertifiedKey)
Moves a pending key to current
sourcepub fn new_key_activated(&mut self, revoke_req: RevocationRequest)
pub fn new_key_activated(&mut self, revoke_req: RevocationRequest)
Activates the new key
sourcepub fn old_key_removed(&mut self)
pub fn old_key_removed(&mut self)
Removes the old key, we return the to the state where there is one active key.
sourcepub fn keyroll_initiate(
&self,
base_repo: &RepoInfo,
duration: Duration,
signer: &KrillSigner
) -> KrillResult<Vec<CertAuthEvent>>
pub fn keyroll_initiate( &self, base_repo: &RepoInfo, duration: Duration, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>
Initiate a key roll
sourcepub fn keyroll_activate(
&self,
staging_time: Duration,
issuance_timing: &IssuanceTimingConfig,
signer: &KrillSigner
) -> KrillResult<Vec<CertAuthEvent>>
pub fn keyroll_activate( &self, staging_time: Duration, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<Vec<CertAuthEvent>>
Activate a new key, if it’s been longer than the staging period.
sourcepub fn keyroll_finish(&self) -> KrillResult<CertAuthEvent>
pub fn keyroll_finish(&self) -> KrillResult<CertAuthEvent>
Finish a key roll, withdraw the old key
source§impl ResourceClass
impl ResourceClass
sourcepub fn issue_cert(
&self,
csr: CsrInfo,
child_resources: &ResourceSet,
limit: RequestResourceLimit,
issuance_timing: &IssuanceTimingConfig,
signer: &KrillSigner
) -> KrillResult<IssuedCertificate>
pub fn issue_cert( &self, csr: CsrInfo, child_resources: &ResourceSet, limit: RequestResourceLimit, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<IssuedCertificate>
Makes a single CA certificate and wraps it in an issuance response.
Will use the intersection of the requested child resources, and the resources actually held by the this resource class. An error will be returned if a ResourceRequestLimit was used that includes resources that are not in this intersection.
Note that this certificate still needs to be added to this RC by calling the update_certs function.
sourcepub fn certificate_issued(&mut self, issued: IssuedCertificate)
pub fn certificate_issued(&mut self, issued: IssuedCertificate)
Stores an IssuedCert
pub fn certificate_unsuspended(&mut self, unsuspended: UnsuspendedCert)
pub fn certificate_suspended(&mut self, suspended: SuspendedCert)
sourcepub fn issued(&self, ki: &KeyIdentifier) -> Option<&IssuedCertificate>
pub fn issued(&self, ki: &KeyIdentifier) -> Option<&IssuedCertificate>
Returns an issued certificate for a key, if it exists
sourcepub fn suspended(&self, ki: &KeyIdentifier) -> Option<&SuspendedCert>
pub fn suspended(&self, ki: &KeyIdentifier) -> Option<&SuspendedCert>
Returns a suspended certificate for a key, if it exists
sourcepub fn key_revoked(&mut self, key: &KeyIdentifier)
pub fn key_revoked(&mut self, key: &KeyIdentifier)
Removes a revoked key.
source§impl ResourceClass
impl ResourceClass
sourcepub fn renew_roas(
&self,
force: bool,
issuance_timing: &IssuanceTimingConfig,
signer: &KrillSigner
) -> KrillResult<RoaUpdates>
pub fn renew_roas( &self, force: bool, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<RoaUpdates>
Renew all ROAs under the current for which the not-after time closer than the given number of weeks
sourcepub fn active_key_roas(
&self,
issuance_timing: &IssuanceTimingConfig,
signer: &KrillSigner
) -> KrillResult<RoaUpdates>
pub fn active_key_roas( &self, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<RoaUpdates>
Publish all ROAs under the new key
sourcepub fn update_roas(
&self,
routes: &Routes,
config: &Config,
signer: &KrillSigner
) -> KrillResult<RoaUpdates>
pub fn update_roas( &self, routes: &Routes, config: &Config, signer: &KrillSigner ) -> KrillResult<RoaUpdates>
Updates the ROAs in accordance with the current authorizations
sourcepub fn roas_updated(&mut self, updates: RoaUpdates)
pub fn roas_updated(&mut self, updates: RoaUpdates)
Marks the ROAs as updated from a RoaUpdated event.
sourcepub fn matching_roa_infos(&self, config: &RoaConfiguration) -> Vec<RoaInfo>
pub fn matching_roa_infos(&self, config: &RoaConfiguration) -> Vec<RoaInfo>
find all matching ROA infos for the given configuration
source§impl ResourceClass
impl ResourceClass
sourcepub fn renew_aspas(
&self,
issuance_timing: &IssuanceTimingConfig,
signer: &KrillSigner
) -> KrillResult<AspaObjectsUpdates>
pub fn renew_aspas( &self, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<AspaObjectsUpdates>
Renew all ASPA objects under the current for which the not-after time is closer than the given number of weeks
sourcepub fn update_aspas(
&self,
all_aspas: &AspaDefinitions,
config: &Config,
signer: &KrillSigner
) -> KrillResult<AspaObjectsUpdates>
pub fn update_aspas( &self, all_aspas: &AspaDefinitions, config: &Config, signer: &KrillSigner ) -> KrillResult<AspaObjectsUpdates>
Updates the ASPA objects in accordance with the supplied definitions
sourcepub fn aspa_objects_updated(&mut self, updates: AspaObjectsUpdates)
pub fn aspa_objects_updated(&mut self, updates: AspaObjectsUpdates)
Apply ASPA object changes from events
source§impl ResourceClass
impl ResourceClass
sourcepub fn update_bgpsec_certs(
&self,
definitions: &BgpSecDefinitions,
config: &Config,
signer: &KrillSigner
) -> KrillResult<BgpSecCertificateUpdates>
pub fn update_bgpsec_certs( &self, definitions: &BgpSecDefinitions, config: &Config, signer: &KrillSigner ) -> KrillResult<BgpSecCertificateUpdates>
Updates the BGPSec certificates in accordance with the supplied definitions and the resources (still) held in this resource class
sourcepub fn renew_bgpsec_certs(
&self,
issuance_timing: &IssuanceTimingConfig,
signer: &KrillSigner
) -> KrillResult<BgpSecCertificateUpdates>
pub fn renew_bgpsec_certs( &self, issuance_timing: &IssuanceTimingConfig, signer: &KrillSigner ) -> KrillResult<BgpSecCertificateUpdates>
Renew BGPSec certificates that would expire otherwise.
sourcepub fn bgpsec_certificates_updated(&mut self, updates: BgpSecCertificateUpdates)
pub fn bgpsec_certificates_updated(&mut self, updates: BgpSecCertificateUpdates)
Apply BGPSec Certificate changes from events
source§impl ResourceClass
impl ResourceClass
sourcepub fn create_rta_ee(
&self,
resources: &ResourceSet,
validity: Validity,
key: KeyIdentifier,
signer: &KrillSigner
) -> KrillResult<Cert>
pub fn create_rta_ee( &self, resources: &ResourceSet, validity: Validity, key: KeyIdentifier, signer: &KrillSigner ) -> KrillResult<Cert>
Create an EE certificate to be used on an RTA, returns None if there is no overlap in resources between the desired resources on the RTA and this ResourceClass current resources.
Trait Implementations§
source§impl Clone for ResourceClass
impl Clone for ResourceClass
source§fn clone(&self) -> ResourceClass
fn clone(&self) -> ResourceClass
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for ResourceClass
impl Debug for ResourceClass
source§impl<'de> Deserialize<'de> for ResourceClass
impl<'de> Deserialize<'de> for ResourceClass
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
source§impl PartialEq for ResourceClass
impl PartialEq for ResourceClass
source§fn eq(&self, other: &ResourceClass) -> bool
fn eq(&self, other: &ResourceClass) -> bool
self
and other
values to be equal, and is used
by ==
.source§impl Serialize for ResourceClass
impl Serialize for ResourceClass
impl Eq for ResourceClass
impl StructuralEq for ResourceClass
impl StructuralPartialEq for ResourceClass
Auto Trait Implementations§
impl RefUnwindSafe for ResourceClass
impl Send for ResourceClass
impl Sync for ResourceClass
impl Unpin for ResourceClass
impl UnwindSafe for ResourceClass
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key
and return true
if they are equal.