Crate sequoia_cert_store

source ·
Expand description

A certificate store abstraction.

This crates provides a unified interface for different certificate stores via the Store and StoreUpdate traits. It also provides a number of helper functions and data structures, like UserIDIndex to help implement this functionality.

The CertStore data structure combines multiple certificate backends in a transparent way to users.

§Examples

We can store certificates in an in-memory store, and query the store:

use std::sync::Arc;
use sequoia_openpgp::cert::{Cert, CertBuilder};
use sequoia_cert_store::{CertStore, LazyCert, Store, StoreUpdate};

// Create an in-memory certificate store.  To use the default
// on-disk certificate store, use `CertStore::new`.
let mut certs = CertStore::empty();

let (cert, _rev) = CertBuilder::new().generate()?;
let fpr = cert.fingerprint();

// It's not in the cert store yet:
assert!(certs.lookup_by_cert_fpr(&fpr).is_err());

// Insert a certificate.  If using a backing store, it would
// also be written to disk.
certs.update(Arc::new(LazyCert::from(cert)))?;

// Make sure it is there.
let cert = certs.lookup_by_cert_fpr(&fpr).expect("present");
assert_eq!(cert.fingerprint(), fpr);

// Resolve the `LazyCert` to a `Cert`.  Certificates are stored
// using `LazyCert` so that it is possible to work with `RawCert`s
// and `Cert`s.  This allows the implementation to defer fully parsing
// and validating the certificate until it is actually needed.
let cert: &Cert = cert.to_cert()?;

We can use the same API on a persistent certificate store, kept on the filesystem:

use std::fs;

// Make a certificate store on the file system, in a fresh empty directory.
let directory = "/tmp/test-sequoia-certificate-directory";
fs::create_dir_all(directory)?;
let mut store = CertStore::open(directory)?;

// Make a new certificate.
let (cert, _rev) = CertBuilder::new().generate()?;
let fpr = cert.fingerprint();

// The certificate of course will not be in the store yet.
assert!(store.lookup_by_cert_fpr(&fpr).is_err());

// Add it.
store.update(Arc::new(LazyCert::from(cert)))?;

// Now the certificate can be found.
let found = store.lookup_by_cert_fpr(&fpr).expect("present");
assert_eq!(found.fingerprint(), fpr);

// Again, we can resolve the `LazyCert` to a `Cert`.
let cert: &Cert = found.to_cert()?;

Re-exports§

Modules§

Structs§

  • A unified interface to multiple certificate stores.
  • Stores either a RawCert or a parsed Cert.

Enums§

Functions§