[][src]Struct krill::daemon::ca::CaServer

pub struct CaServer<S: Signer> { /* fields omitted */ }

Methods

impl<S: Signer> CaServer<S>[src]

pub fn build(
    work_dir: &PathBuf,
    events_queue: Arc<EventQueueListener>,
    signer: Arc<RwLock<S>>
) -> ServerResult<Self>[src]

Builds a new CaServer. Will return an error if the TA store cannot be initialised.

pub fn get_trust_anchor(&self) -> ServerResult<Arc<CertAuth<S>>>[src]

Gets the TrustAnchor, if present. Returns an error if the TA is uninitialized.

pub fn init_ta(
    &self,
    info: RepoInfo,
    ta_aia: Rsync,
    ta_uris: Vec<Https>
) -> ServerResult<()>[src]

Initialises an embedded trust anchor with all resources.

pub fn republish_all(&self) -> ServerResult<()>[src]

Republish the embedded TA and CAs if needed, i.e. if they are close to their next update time.

pub fn republish(&self, handle: &Handle) -> ServerResult<()>[src]

Republish a CA, this is a no-op when there is nothing to publish.

pub fn update_repo(
    &self,
    handle: Handle,
    new_contact: RepositoryContact
) -> ServerResult<()>[src]

Update repository where a CA publishes.

pub fn remove_old_repo(&self, handle: &Handle) -> ServerResult<()>[src]

Clean up old repo, if present.

pub fn refresh_all(&self)[src]

Refresh all CAs: ask for updates and shrink as needed.

pub fn ca_add_child(
    &self,
    parent: &ParentHandle,
    req: AddChildRequest,
    service_uri: &Https
) -> ServerResult<ParentCaContact>[src]

Adds a child under an embedded CA

pub fn ca_parent_contact(
    &self,
    parent: &ParentHandle,
    child_handle: ChildHandle,
    tag: Option<String>,
    service_uri: &Https
) -> ServerResult<ParentCaContact>[src]

Show a contact for a child. Shows "embedded" if the parent does not know any id cert for the child.

pub fn ca_parent_response(
    &self,
    parent: &ParentHandle,
    child_handle: ChildHandle,
    tag: Option<String>,
    service_uri: &Https
) -> ServerResult<ParentResponse>[src]

Gets an RFC8183 Parent Response for the child, regardless of whether the parent knows the ID certificate for this child. Note: a child can be updated and an ID cert can be added at all times.

pub fn ca_show_child(
    &self,
    parent: &ParentHandle,
    child: &ChildHandle
) -> ServerResult<ChildCaInfo>[src]

Show details for a child under the TA.

pub fn ca_child_update(
    &self,
    handle: &Handle,
    child: ChildHandle,
    req: UpdateChildRequest
) -> ServerResult<()>[src]

Update a child under this CA.

pub fn ca_child_remove(
    &self,
    handle: &Handle,
    child: ChildHandle
) -> ServerResult<()>[src]

Update a child under this CA.

impl<S: Signer> CaServer<S>[src]

CA support

pub fn get_ca(&self, handle: &Handle) -> ServerResult<Arc<CertAuth<S>>>[src]

Gets a CA by the given handle, returns an Err(ServerError::UnknownCA) if it does not exist.

pub fn get_ca_history(&self, handle: &Handle) -> ServerResult<CertAuthHistory>[src]

Gets the history for a CA.

pub fn has_ca(&self, handle: &Handle) -> bool[src]

Checks whether a CA by the given handle exists.

pub fn rfc6492(
    &self,
    ca_handle: &Handle,
    msg_bytes: Bytes
) -> ServerResult<Bytes>[src]

Processes an RFC6492 sent to this CA.

pub fn list(
    &self,
    parent: &Handle,
    child: &Handle
) -> ServerResult<Entitlements>[src]

List the entitlements for a child: 3.3.2 of RFC6492

pub fn issue(
    &self,
    parent: &Handle,
    child: &ChildHandle,
    issue_req: IssuanceRequest
) -> ServerResult<IssuanceResponse>[src]

Issue a Certificate in response to a Certificate Issuance request

See: https://tools.ietf.org/html/rfc6492#section3.4.1-2

pub fn revoke(
    &self,
    ca_handle: &Handle,
    child: ChildHandle,
    revoke_request: RevocationRequest
) -> ServerResult<RevocationResponse>[src]

See: https://tools.ietf.org/html/rfc6492#section3.5.1-2

pub fn cas(&self) -> CertAuthList[src]

Get the current CAs

pub fn init_ca(&self, handle: &Handle, repo_info: RepoInfo) -> ServerResult<()>[src]

Initialises an embedded CA, without any parents (for now).

pub fn ca_update_id(&self, handle: Handle) -> ServerResult<()>[src]

pub fn ca_add_parent(
    &self,
    handle: Handle,
    parent: ParentCaReq
) -> ServerResult<()>[src]

Adds a parent to a CA

pub fn ca_update_parent(
    &self,
    handle: Handle,
    parent: ParentHandle,
    contact: ParentCaContact
) -> ServerResult<()>[src]

Updates a parent of a CA

pub fn ca_remove_parent(
    &self,
    handle: Handle,
    parent: ParentHandle
) -> ServerResult<()>[src]

Removes a parent from a CA

pub fn ca_keyroll_init(
    &self,
    handle: Handle,
    max_age: Duration
) -> ServerResult<()>[src]

Perform a key roll for all active keys in a CA older than the specified duration.

pub fn ca_keyroll_activate(
    &self,
    handle: Handle,
    staging: Duration
) -> ServerResult<()>[src]

Activate a new key, as part of the key roll process (RFC6489). Only new keys that have an age equal to or greater than the staging period are promoted. The RFC mandates a staging period of 24 hours, but we may use a shorter period for testing and/or emergency manual key rolls.

pub fn get_updates_for_all_cas(&self) -> ServerResult<()>[src]

Try to get updates for all embedded CAs, will skip the TA and/or CAs that have no parents. Will try to process all and log possible errors, i.e. do not bail out because of issues with one CA.

pub fn get_updates_from_parent(
    &self,
    handle: &Handle,
    parent: &ParentHandle
) -> ServerResult<()>[src]

Try to update a specific CA

pub fn send_requests(
    &self,
    handle: &Handle,
    parent: &ParentHandle
) -> ServerResult<()>[src]

Sends requests to a specific parent for the CA matching handle.

pub fn send_all_requests(&self, handle: &Handle) -> ServerResult<()>[src]

Sends requests to all parents for the CA matching the handle.

pub fn send_revoke_requests(
    &self,
    handle: &Handle,
    parent: &ParentHandle,
    revoke_requests: HashMap<ResourceClassName, Vec<RevocationRequest>>
) -> ServerResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>[src]

impl<S: Signer> CaServer<S>[src]

Support sending publication messages, and verifying responses.

pub fn send_rfc8181_list(
    &self,
    ca_handle: &Handle,
    repository: &RepositoryResponse
) -> ServerResult<ListReply>[src]

pub fn send_rfc8181_delta(
    &self,
    ca_handle: &Handle,
    repository: &RepositoryResponse,
    delta: PublishDelta
) -> ServerResult<()>[src]

impl<S: Signer> CaServer<S>[src]

Support Route Authorization functions

pub fn ca_routes_update(
    &self,
    handle: Handle,
    updates: RouteAuthorizationUpdates
) -> ServerResult<()>[src]

Update the routes authorized by a CA

Trait Implementations

impl<S: Clone + Signer> Clone for CaServer<S>[src]

Auto Trait Implementations

impl<S> Send for CaServer<S>

impl<S> Sync for CaServer<S>

impl<S> Unpin for CaServer<S>

impl<S> !UnwindSafe for CaServer<S>

impl<S> !RefUnwindSafe for CaServer<S>

Blanket Implementations

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = !

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<V, T> VZip<V> for T where
    V: MultiLane<T>, 

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 

type Err = <U as TryFrom<T>>::Err