Skip to main content

SmartIdClient

smart_id_rust_client::client::smart_id_client

Struct SmartIdClient 

Source 
pub struct SmartIdClient {
    pub cfg: SmartIDConfig,
    /* private fields */
}
Expand description

Smart ID Client

This struct provides methods to interact with the Smart ID service, including starting authentication, certificate choice, and signature sessions using device links. It also includes methods to generate device links, retrieve session status, and validate session responses.

The client maintains session state and authenticated user identity to ensure the correct user is signing and to validate session responses.

Fields§

§cfg: SmartIDConfig

Implementations§

Source§

impl SmartIdClient

Source

pub fn new( cfg: &SmartIDConfig, user_identity: Option<UserIdentity>, root_certificates: Vec<String>, intermediate_certificates: Vec<String>, ) -> Self

Creates a new SmartIdClient instance with the given configuration.

§Arguments
  • cfg - A reference to the SmartIDConfig.
  • user_identity - An optional UserIdentity. This will be compared with the certificate subject to ensure the correct user is signing. If not provided, the UserIdentity will be set from the certificate during the first successful authentication.
  • root_certificates - A vector of base64 der encoded root certificates (not bundles), this is used to validate the smart id certificate chain. If not provided, only the default root certificates will be used. If you are using an older version of this library, you will need to provide the latest root certificates yourself.
  • intermediate_certificates - A vector of base64 der encoded intermediate certificates (not bundles), this is used to validate the smart id certificate chain. If not provided, only the default intermediate certificates will be used. If you are using an older version of this library, you will need to provide the latest intermediate certificates yourself
§Returns

A new instance of SmartIdClient.

Source

pub fn from_session( cfg: &SmartIDConfig, session_config: SessionConfig, user_identity: Option<UserIdentity>, root_certificates: Vec<String>, intermediate_certificates: Vec<String>, ) -> Self

Creates a new SmartIdClient instance with the given session configuration. This should not be used to start a new session! This should be used when you need to cache the session configuration in a serialized form between requests.

Example Use Case: After starting an authentication session, you can cache the session_configuration (serialized). Then, when you receive a request for session status, you rebuild the client. After you cache the session_configuration again. Then, when you receive a request for a Device Link, you can rebuild the client from the session_configuration.

§Arguments
  • cfg - A reference to the SmartIDConfig.
  • session_config - The session configuration from a previous session.
  • user_identity - An optional UserIdentity. This will be compared with the certificate subject to ensure the correct user is signing. If not provided, the UserIdentity will be set from the certificate during the first successful authentication.
  • root_certificates - A vector of root certificates, this is used to validate the smart id certificate chain. If not provided, only the default root certificates will be used. If you are using an older version of this library, you will need to provide the latest root certificates yourself.
  • intermediate_certificates - A vector of intermediate certificates, this is used to validate the smart id certificate chain. If not provided, only the default intermediate certificates will be used. If you are using an older version of this library, you will need to provide the latest intermediate certificates yourself
§Returns

A new instance of SmartIdClient.

Source

pub async fn get_session_status(&self) -> Result<SessionStatusResponse>

Retrieves the session status with a specified timeout. The session must first be started with one of the start session methods.

§Arguments
  • timeoutMs - Timeout in milliseconds. The upper bound of timeout: 120000, minimum 1000.
§Returns

A Result containing the SessionStatus or an error.

§Errors

This function will return an error if:

  • The session is not found or not running.
  • The session status request fails.
  • The session did not complete within the specified timeout.
  • The session response endResult is not OK.
  • The session response is missing a certificate.
  • The session response is missing a signature.
  • The session response certificate is invalid.
  • The session response signature is invalid.

Starts an authentication session using a device link. Use the create device link methods to generate the device link to send to the user to continue the authentication process. Use the get_session_status method to poll for the result.

§Arguments
  • authentication_request - The authentication request.
§Returns

A Result indicating success or failure.

Starts an authentication session with a document using a device link. Use the create device link methods to generate the device link to send to the user to continue the authentication process. Use the get_session_status method to poll for the result.

§Arguments
  • authentication_request - The authentication request.
  • document_number - The document number.
§Returns

A Result indicating success or failure.

Starts an authentication session with an etsi using a device link. Use the create device link methods to generate the device link to send to the user to continue the authentication process. Use the get_session_status method to poll for the result.

§Arguments
  • authentication_request - The authentication request.
  • etsi - The ETSI semantic identifier.
§Returns

A Result indicating success or failure.

Source

pub async fn start_authentication_notification_etsi_session( &self, authentication_request: AuthenticationNotificationRequest, etsi: String, ) -> Result<VCCode>

Starts an authentication session using a notification. Use the get_session_status method to poll for the result.

§Arguments
  • authentication_request - The authentication request.
  • etsi - The ETSI identifier of the user.
§Returns

A Result containing the verification code the user will see on screen.

Source

pub async fn start_authentication_notification_document_session( &self, authentication_request: AuthenticationNotificationRequest, document_number: String, ) -> Result<VCCode>

Starts an authentication session using a notification. Use the get_session_status method to poll for the result.

§Arguments
  • authentication_request - The authentication request.
  • document_number - The document number.
§Returns

A Result containing the verification code the user will see on screen.

Starts a signature session using a device link and an ETSI identifier. Use the create device link methods to generate the device link to send to the user to continue the signature process. Use the get_session_status method to poll for the result.

§Arguments
  • signature_request - The signature request.
  • etsi - The ETSI identifier.
§Returns

A Result indicating success or failure.

Starts a signature session using a device link and a document number. Use the create device link methods to generate the device link to send to the user to continue the signature process. Use the get_session_status method to poll for the result.

§Arguments
  • signature_request - The signature request.
  • document_number - The document number.
§Returns

A Result indicating success or failure.

Source

pub async fn start_signature_notification_etsi_session( &self, signature_request: SignatureNotificationRequest, etsi: String, ) -> Result<VCCode>

Starts a signature session using a notification. Use the get_session_status method to poll for the result.

§Arguments
  • signature_request - The signature request.
  • etsi - The ETSI identifier.
§Returns

A Result containing the verification code the user will see on screen.

Source

pub async fn start_signature_notification_document_session( &self, signature_request: SignatureNotificationRequest, document_number: String, ) -> Result<VCCode>

Starts a signature session using a notification. Use the get_session_status method to poll for the result.

§Arguments
  • signature_request - The signature request.
  • document_number - The document number.
§Returns

A Result containing the verification code the user will see on screen.

Source

pub async fn start_signature_notification_document_linked_session( &self, signature_request: SignatureNotificationLinkedRequest, document_number: String, ) -> Result<()>

Starts a linked signature session using a notification. This is the same as the start_signature_notification_document_session method, but can be linked to a previous certificate choice session. Use the get_session_status method to poll for the result.

§Arguments
  • signature_request - The signature request.
  • document_number - The document number.
§Returns

A Result indicating success or failure.

Source

pub async fn start_certificate_choice_notification_etsi_session( &self, certificate_choice_request: CertificateChoiceNotificationRequest, etsi: String, ) -> Result<()>

Starts a certificate choice session using a notification and an ETSI identifier. Use the get_session_status method to poll for the result.

§Arguments
  • certificate_choice_request - The certificate choice request.
  • etsi - The ETSI identifier.
§Returns

A Result indicating success or failure.

Source

pub async fn start_certificate_choice_anonymous_session( &self, certificate_choice_request: CertificateChoiceDeviceLinkRequest, ) -> Result<()>

Starts an anonymous certificate choice session using a ge link Use the get_session_status method to poll for the result. This should be proceeded by a signature session.

§Arguments
  • certificate_choice_request - The certificate choice request.
§Returns

A Result indicating success or failure.

Source

pub async fn get_signing_certificate( &self, document_number: String, signing_certificate_request: SigningCertificateRequest, ) -> Result<SigningCertificate>

Get the signing certificate of the requested document number. If the document number has been previously aquired via the certificate choice session or authentication session, this can be used to get the signing certificate. This does not require a session.

§Arguments
  • document_number - The document number.
  • signing_certificate_request - The signing certificate request.
§Returns

A Result containing a SigningCertificateResult or an error.

Generates a device link for the current session. The link will redirect the device to the Smart-ID app. The link must be refreshed every 1 second.

§Arguments
  • device_link_type - This can be a QR, Web2App or App2App link.
  • language_code - The language code (3-letter ISO 639-2 code).
§Returns

A Result containing the generated device link as a String or an error.

§Errors

This function will return an error if:

  • There is no running session.
  • The session type is CertificateChoice.
Source

pub fn verify_certificate(&self, cert: String) -> Result<Vec<String>>

Verifies a certificate chain using the root and intermediate certificates.

This is done automatically when validating the session response. You only need to call this method if you want to validate a certificate that has not just been returned from a session. Or if you want to get the certificate chain (Example: For PAdES-L/LTA signatures)

§Arguments
  • cert - The base64 der encoded certificate to be validated.
§Returns

A valid certificate chain.

Source

pub fn reset_session(&self)

Resets the current session by clearing the session configuration and the authenticated user identity.

If a different user wants to log in you must call this method to clear the current session identity.

Source

pub fn get_session(&self) -> Result<SessionConfig>

Source

pub fn get_user_identity(&self) -> Result<Option<UserIdentity>>

Trait Implementations§

Source§

impl Debug for SmartIdClient

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more