[−][src]Struct krill::daemon::ca::CaServer
Methods
impl<S: Signer> CaServer<S>
[src]
pub fn build(
work_dir: &PathBuf,
events_queue: Arc<EventQueueListener>,
signer: Arc<RwLock<S>>
) -> ServerResult<Self>
[src]
work_dir: &PathBuf,
events_queue: Arc<EventQueueListener>,
signer: Arc<RwLock<S>>
) -> ServerResult<Self>
Builds a new CaServer. Will return an error if the TA store cannot be initialised.
pub fn get_trust_anchor(&self) -> ServerResult<Arc<CertAuth<S>>>
[src]
Gets the TrustAnchor, if present. Returns an error if the TA is uninitialized.
pub fn init_ta(
&self,
info: RepoInfo,
ta_aia: Rsync,
ta_uris: Vec<Https>
) -> ServerResult<()>
[src]
&self,
info: RepoInfo,
ta_aia: Rsync,
ta_uris: Vec<Https>
) -> ServerResult<()>
Initialises an embedded trust anchor with all resources.
pub fn republish_all(&self) -> ServerResult<()>
[src]
Republish the embedded TA and CAs if needed, i.e. if they are close to their next update time.
pub fn republish(&self, handle: &Handle) -> ServerResult<()>
[src]
Republish a CA, this is a no-op when there is nothing to publish.
pub fn update_repo(
&self,
handle: Handle,
new_contact: RepositoryContact
) -> ServerResult<()>
[src]
&self,
handle: Handle,
new_contact: RepositoryContact
) -> ServerResult<()>
Update repository where a CA publishes.
pub fn remove_old_repo(&self, handle: &Handle) -> ServerResult<()>
[src]
Clean up old repo, if present.
pub fn refresh_all(&self)
[src]
Refresh all CAs: ask for updates and shrink as needed.
pub fn ca_add_child(
&self,
parent: &ParentHandle,
req: AddChildRequest,
service_uri: &Https
) -> ServerResult<ParentCaContact>
[src]
&self,
parent: &ParentHandle,
req: AddChildRequest,
service_uri: &Https
) -> ServerResult<ParentCaContact>
Adds a child under an embedded CA
pub fn ca_parent_contact(
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> ServerResult<ParentCaContact>
[src]
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> ServerResult<ParentCaContact>
Show a contact for a child. Shows "embedded" if the parent does not know any id cert for the child.
pub fn ca_parent_response(
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> ServerResult<ParentResponse>
[src]
&self,
parent: &ParentHandle,
child_handle: ChildHandle,
tag: Option<String>,
service_uri: &Https
) -> ServerResult<ParentResponse>
Gets an RFC8183 Parent Response for the child, regardless of whether the parent knows the ID certificate for this child. Note: a child can be updated and an ID cert can be added at all times.
pub fn ca_show_child(
&self,
parent: &ParentHandle,
child: &ChildHandle
) -> ServerResult<ChildCaInfo>
[src]
&self,
parent: &ParentHandle,
child: &ChildHandle
) -> ServerResult<ChildCaInfo>
Show details for a child under the TA.
pub fn ca_child_update(
&self,
handle: &Handle,
child: ChildHandle,
req: UpdateChildRequest
) -> ServerResult<()>
[src]
&self,
handle: &Handle,
child: ChildHandle,
req: UpdateChildRequest
) -> ServerResult<()>
Update a child under this CA.
pub fn ca_child_remove(
&self,
handle: &Handle,
child: ChildHandle
) -> ServerResult<()>
[src]
&self,
handle: &Handle,
child: ChildHandle
) -> ServerResult<()>
Update a child under this CA.
impl<S: Signer> CaServer<S>
[src]
pub fn get_ca(&self, handle: &Handle) -> ServerResult<Arc<CertAuth<S>>>
[src]
Gets a CA by the given handle, returns an Err(ServerError::UnknownCA)
if it
does not exist.
pub fn get_ca_history(&self, handle: &Handle) -> ServerResult<CertAuthHistory>
[src]
Gets the history for a CA.
pub fn has_ca(&self, handle: &Handle) -> bool
[src]
Checks whether a CA by the given handle exists.
pub fn rfc6492(
&self,
ca_handle: &Handle,
msg_bytes: Bytes
) -> ServerResult<Bytes>
[src]
&self,
ca_handle: &Handle,
msg_bytes: Bytes
) -> ServerResult<Bytes>
Processes an RFC6492 sent to this CA.
pub fn list(
&self,
parent: &Handle,
child: &Handle
) -> ServerResult<Entitlements>
[src]
&self,
parent: &Handle,
child: &Handle
) -> ServerResult<Entitlements>
List the entitlements for a child: 3.3.2 of RFC6492
pub fn issue(
&self,
parent: &Handle,
child: &ChildHandle,
issue_req: IssuanceRequest
) -> ServerResult<IssuanceResponse>
[src]
&self,
parent: &Handle,
child: &ChildHandle,
issue_req: IssuanceRequest
) -> ServerResult<IssuanceResponse>
Issue a Certificate in response to a Certificate Issuance request
See: https://tools.ietf.org/html/rfc6492#section3.4.1-2
pub fn revoke(
&self,
ca_handle: &Handle,
child: ChildHandle,
revoke_request: RevocationRequest
) -> ServerResult<RevocationResponse>
[src]
&self,
ca_handle: &Handle,
child: ChildHandle,
revoke_request: RevocationRequest
) -> ServerResult<RevocationResponse>
See: https://tools.ietf.org/html/rfc6492#section3.5.1-2
pub fn cas(&self) -> CertAuthList
[src]
Get the current CAs
pub fn init_ca(&self, handle: &Handle, repo_info: RepoInfo) -> ServerResult<()>
[src]
Initialises an embedded CA, without any parents (for now).
pub fn ca_update_id(&self, handle: Handle) -> ServerResult<()>
[src]
pub fn ca_add_parent(
&self,
handle: Handle,
parent: ParentCaReq
) -> ServerResult<()>
[src]
&self,
handle: Handle,
parent: ParentCaReq
) -> ServerResult<()>
Adds a parent to a CA
pub fn ca_update_parent(
&self,
handle: Handle,
parent: ParentHandle,
contact: ParentCaContact
) -> ServerResult<()>
[src]
&self,
handle: Handle,
parent: ParentHandle,
contact: ParentCaContact
) -> ServerResult<()>
Updates a parent of a CA
pub fn ca_remove_parent(
&self,
handle: Handle,
parent: ParentHandle
) -> ServerResult<()>
[src]
&self,
handle: Handle,
parent: ParentHandle
) -> ServerResult<()>
Removes a parent from a CA
pub fn ca_keyroll_init(
&self,
handle: Handle,
max_age: Duration
) -> ServerResult<()>
[src]
&self,
handle: Handle,
max_age: Duration
) -> ServerResult<()>
Perform a key roll for all active keys in a CA older than the specified duration.
pub fn ca_keyroll_activate(
&self,
handle: Handle,
staging: Duration
) -> ServerResult<()>
[src]
&self,
handle: Handle,
staging: Duration
) -> ServerResult<()>
Activate a new key, as part of the key roll process (RFC6489). Only new keys that have an age equal to or greater than the staging period are promoted. The RFC mandates a staging period of 24 hours, but we may use a shorter period for testing and/or emergency manual key rolls.
pub fn get_updates_for_all_cas(&self) -> ServerResult<()>
[src]
Try to get updates for all embedded CAs, will skip the TA and/or CAs that have no parents. Will try to process all and log possible errors, i.e. do not bail out because of issues with one CA.
pub fn get_updates_from_parent(
&self,
handle: &Handle,
parent: &ParentHandle
) -> ServerResult<()>
[src]
&self,
handle: &Handle,
parent: &ParentHandle
) -> ServerResult<()>
Try to update a specific CA
pub fn send_requests(
&self,
handle: &Handle,
parent: &ParentHandle
) -> ServerResult<()>
[src]
&self,
handle: &Handle,
parent: &ParentHandle
) -> ServerResult<()>
Sends requests to a specific parent for the CA matching handle.
pub fn send_all_requests(&self, handle: &Handle) -> ServerResult<()>
[src]
Sends requests to all parents for the CA matching the handle.
pub fn send_revoke_requests(
&self,
handle: &Handle,
parent: &ParentHandle,
revoke_requests: HashMap<ResourceClassName, Vec<RevocationRequest>>
) -> ServerResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>
[src]
&self,
handle: &Handle,
parent: &ParentHandle,
revoke_requests: HashMap<ResourceClassName, Vec<RevocationRequest>>
) -> ServerResult<HashMap<ResourceClassName, Vec<RevocationResponse>>>
impl<S: Signer> CaServer<S>
[src]
pub fn send_rfc8181_list(
&self,
ca_handle: &Handle,
repository: &RepositoryResponse
) -> ServerResult<ListReply>
[src]
&self,
ca_handle: &Handle,
repository: &RepositoryResponse
) -> ServerResult<ListReply>
pub fn send_rfc8181_delta(
&self,
ca_handle: &Handle,
repository: &RepositoryResponse,
delta: PublishDelta
) -> ServerResult<()>
[src]
&self,
ca_handle: &Handle,
repository: &RepositoryResponse,
delta: PublishDelta
) -> ServerResult<()>
impl<S: Signer> CaServer<S>
[src]
pub fn ca_routes_update(
&self,
handle: Handle,
updates: RouteAuthorizationUpdates
) -> ServerResult<()>
[src]
&self,
handle: Handle,
updates: RouteAuthorizationUpdates
) -> ServerResult<()>
Update the routes authorized by a CA
Trait Implementations
Auto Trait Implementations
impl<S> Send for CaServer<S>
impl<S> Sync for CaServer<S>
impl<S> Unpin for CaServer<S>
impl<S> !UnwindSafe for CaServer<S>
impl<S> !RefUnwindSafe for CaServer<S>
Blanket Implementations
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = !
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
V: MultiLane<T>,
fn vzip(self) -> V
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
U: TryFrom<T>,