Struct TrustStore 

pub struct TrustStore {
    pub schema: String,
    pub pins: Vec<TrustPin>,
}

The persisted trust store: a schema tag plus the ordered list of pins.

Fields

schema: String

Schema identifier. Always TRUST_STORE_SCHEMA for files this version writes; parsing tolerates a missing tag (legacy/empty).

pins: Vec<TrustPin>

Pinned identities, in insertion order.

Implementations

impl TrustStore

pub fn default_path() -> PathBuf

Default store path: <config-root>/trust-store.json.

Honors TSAFE_VAULT_DIR via crate::profile::config_path’s sibling logic so tests and sandboxes can redirect it.

pub fn load(path: &Path) -> Result<TrustStore, TrustStoreError>

Load the store from path, returning an empty store if the file does not exist (first-run is not an error).

pub fn load_default() -> Result<TrustStore, TrustStoreError>

Load from the default path.

pub fn save(&self, path: &Path) -> Result<(), TrustStoreError>

Persist the store to path atomically (write-tmp + rename).

pub fn add( &mut self, name: &str, algo: &str, pubkey: &str, ) -> Result<(), TrustStoreError>

Add a pin. Validates that pubkey decodes to a real Ed25519 key and algo is supported BEFORE persisting, so a corrupt pin can never enter the store. Rejects a duplicate name (use TrustStore::remove first to rotate a key under an existing name).

pub fn remove(&mut self, name: &str) -> Result<TrustPin, TrustStoreError>

Remove the pin named name. Errors if no such pin exists.

pub fn identity_for_pubkey(&self, pubkey_b64url: &str) -> Option<&TrustPin>

Look up the pinned identity that owns pubkey, if any.

Comparison is on the decoded key bytes, not the string, so two base64url encodings of the same key (or differing-by-padding representations) still match.

pub fn identity_for_signature( &self, sig: &SignaturePayload, ) -> Option<&TrustPin>

Resolve which pinned identity (if any) a signature payload’s embedded pubkey corresponds to. This is the fail-closed gate’s core question: “is the signer a key we have pinned?”

pub fn is_empty(&self) -> bool

True when at least one pin is present.

pub fn len(&self) -> usize

Number of pinned identities.

Trait Implementations

impl Clone for TrustStore

fn clone(&self) -> TrustStore

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for TrustStore

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for TrustStore

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for TrustStore

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Eq for TrustStore

impl PartialEq for TrustStore

fn eq(&self, other: &TrustStore) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for TrustStore

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for TrustStore