nest_data_source_api/
participant_info.rs

1use crate::api::{ApiError, PseudonymServiceErrorHandler};
2use libpep::high_level::contexts::PseudonymizationDomain;
3use libpep::high_level::data_types::{EncryptedPseudonym, Pseudonym};
4use paas_client::pseudonym_service::PseudonymService;
5use paas_client::sessions::EncryptionContexts;
6use rand::{CryptoRng, RngCore};
7use serde::{Deserialize, Serialize};
8
9/// Encrypted information about a participant that still needs to be transcrypted.
10#[derive(Debug, Clone, Serialize, Deserialize)]
11pub struct PEPParticipantInfo {
12    /// An encrypted pseudonym for the participant.
13    pub encrypted_pseudonym: EncryptedPseudonym,
14    /// The sessions in which the pseudonym was encrypted.
15    pub sessions: EncryptionContexts,
16    /// The domain of the pseudonym before encryption.
17    pub domain_from: PseudonymizationDomain,
18}
19
20/// Information about a participant within the DataSource.
21#[derive(Debug, Clone)]
22pub struct ParticipantInfo {
23    /// A pseudonym for the participant existing in the domain.
24    pub pseudonym: Pseudonym,
25    /// The domain of the pseudonym.
26    /// This often maps one-to-one with the DataSource itself (each data source has its own domain),
27    /// but in some cases, a data source may have multiple domains.
28    /// In this case, the data source should treat the participant in every domain as a separate entity.
29    pub domain: PseudonymizationDomain,
30}
31
32impl PEPParticipantInfo {
33    /// Decrypt [PEPParticipantInfo] into [ParticipantInfo] in a specific [PseudonymizationDomain], using a [PseudonymService].
34    pub async fn decrypt(
35        &self,
36        ps: &mut PseudonymService,
37        domain_to: PseudonymizationDomain,
38    ) -> Result<ParticipantInfo, ApiError> {
39        let transcrypted = ps
40            .pseudonymize(
41                &self.encrypted_pseudonym,
42                &self.sessions,
43                &self.domain_from,
44                &domain_to,
45            )
46            .await
47            .handle_pseudonym_error()?;
48        let pseudonym = ps.decrypt(&transcrypted).await.handle_pseudonym_error()?;
49        Ok(ParticipantInfo {
50            domain: domain_to,
51            pseudonym,
52        })
53    }
54}
55
56impl ParticipantInfo {
57    /// Encrypt [ParticipantInfo] into [PEPParticipantInfo] using a [PseudonymService].
58    pub async fn encrypt<R: RngCore + CryptoRng>(
59        &self,
60        ps: &mut PseudonymService,
61        mut rng: R,
62    ) -> Result<PEPParticipantInfo, ApiError> {
63        let (encrypted_pseudonym, sessions) = ps
64            .encrypt(&self.pseudonym, &mut rng)
65            .await
66            .handle_pseudonym_error()?;
67        Ok(PEPParticipantInfo {
68            encrypted_pseudonym,
69            sessions,
70            domain_from: self.domain.clone(),
71        })
72    }
73}