Struct TrustRootStore 

pub struct TrustRootStore { /* private fields */ }

In-memory view of the trust root file.

Implementations

impl TrustRootStore

pub fn default_path() -> PathBuf

Default file location: ~/.treeship/trust_roots.json.

The TREESHIP_TRUST_ROOTS env var overrides the path. When set, a one-time warning is emitted on stderr (deduplicated per process via std::sync::Once) so CI logs show that the trust boundary moved.

pub fn empty() -> Self

Construct an empty in-memory store. Useful for tests; the verification path treats an empty store the same as a missing file (no trust configured).

pub fn with_roots(roots: Vec<TrustRoot>) -> Self

Construct a store from an explicit list of roots. Tests use this to thread a known trust set into the verifier; production callers should open the on-disk file.

pub fn open_or_empty(path: &Path) -> Result<Self, TrustRootError>

Convenience wrapper for code paths that want to “load if present, otherwise treat as no-trust-configured”. Returns an empty store on NotConfigured/Empty, propagates Malformed and PermissionsTooOpen (operator misconfiguration that shouldn’t silently downgrade to empty).

pub fn open_default_or_empty() -> Result<Self, TrustRootError>

Convenience: open the default-path file or return empty if it’s missing. Loud on malformed/perms errors. Suitable for the “thread trust through internal verify pipelines” use case.

pub fn open(path: &Path) -> Result<Self, TrustRootError>

Open the trust root file at path. Returns NotConfigured if it does not exist, Empty if it exists but has zero roots.

pub fn save(&self, path: &Path) -> Result<(), TrustRootError>

Save the store to path. Creates parent directories with mode 0o700 and writes the file with mode 0o600.

pub fn contains(&self, key: &VerifyingKey, kind: TrustRootKind) -> bool

Returns true if key is pinned for kind. The CLI helper does not pre-decode; callers that already hold a VerifyingKey should use this directly.

pub fn contains_bytes(&self, key_bytes: &[u8; 32], kind: TrustRootKind) -> bool

Convenience: lookup against a raw 32-byte Ed25519 key without first constructing a VerifyingKey. Returns false if the bytes are not a valid public key (mirrors the verifier’s reject-on-decode-failure behavior).

pub fn is_empty(&self) -> bool

True when the store carries zero pinned roots. Verifiers reject any artifact when this returns true with a clear “configure trust” error.

pub fn is_empty_for_kind(&self, kind: TrustRootKind) -> bool

True when the store has no pinned root of kind. Used by verifiers to surface a kind-specific error message when an operator has set up agent_cert trust but is verifying a hub_checkpoint (or vice versa).

pub fn add(&mut self, root: TrustRoot)

Append a root. Idempotent: re-adding the same (key_id, kind) pair replaces the previous entry. The CLI treeship trust add goes through here.

pub fn remove(&mut self, key_id: &str) -> bool

Remove a root by key_id. Returns true if a root was removed. Removes every entry matching the id across all kinds.

pub fn roots(&self) -> &[TrustRoot]

Iterate over every root.

pub fn len(&self) -> usize

Number of roots configured.

Trait Implementations

impl Clone for TrustRootStore

fn clone(&self) -> TrustRootStore

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for TrustRootStore

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for TrustRootStore

fn default() -> TrustRootStore

Returns the “default value” for a type.