Struct TrustBundle 

pub struct TrustBundle {
    pub format_version: u8,
    pub version: u32,
    pub bundle_id: String,
    pub created_at: u64,
    pub validity: ValidityPeriod,
    pub certificate_authorities: Vec<CertificateAuthority>,
    pub transparency_logs: Vec<TransparencyLog>,
    pub revocations: Vec<String>,
}

Trust bundle containing all trust anchors for offline verification

This structure contains:

• Fulcio root certificates (to anchor certificate chains)
• Rekor public keys (to verify Signed Entry Timestamps)
• Revocation list (certificate fingerprints to reject)
• Validity period with grace period support

The bundle is versioned for anti-rollback protection - devices reject bundles with a version lower than their stored version.

Fields

format_version: u8

Format version for forward compatibility

version: u32

Monotonically increasing bundle version (anti-rollback)

Devices must reject bundles with version < stored_version. Increment this on every bundle update.

bundle_id: String

Unique bundle identifier (SHA-256 of canonical form, hex-encoded)

created_at: u64

When this bundle was created (Unix timestamp)

validity: ValidityPeriod

Bundle validity period

certificate_authorities: Vec<CertificateAuthority>

Fulcio certificate authorities

Contains root and intermediate certificates used to anchor the certificate chains in keyless signatures.

transparency_logs: Vec<TransparencyLog>

Rekor transparency log configurations

Contains public keys for verifying Signed Entry Timestamps.

revocations: Vec<String>

Revoked certificate fingerprints

SHA-256 hashes of DER-encoded leaf certificates that should be rejected even if otherwise valid. Hex-encoded.

Implementations

impl TrustBundle

pub fn new(version: u32, validity_days: u32) -> Self

Create a new empty trust bundle

pub fn add_certificate_authority(&mut self, ca: CertificateAuthority)

Add a certificate authority

pub fn add_transparency_log(&mut self, log: TransparencyLog)

Add a transparency log

pub fn add_revocation(&mut self, fingerprint: String)

Add a revoked certificate fingerprint

pub fn is_valid(&self, current_time: u64) -> bool

Check if the bundle is currently valid

pub fn is_in_grace_period(&self, current_time: u64) -> bool

Check if the bundle is in grace period

pub fn is_revoked(&self, fingerprint: &str) -> bool

Check if a certificate fingerprint is revoked

pub fn compute_bundle_id(&mut self) -> Result<(), WSError>

Compute bundle ID (SHA-256 of canonical JSON)

pub fn to_json(&self) -> Result<Vec<u8>, WSError>

Serialize to JSON bytes

pub fn from_json(data: &[u8]) -> Result<Self, WSError>

Deserialize from JSON bytes

Trait Implementations

impl Clone for TrustBundle

fn clone(&self) -> TrustBundle

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for TrustBundle

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for TrustBundle

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for TrustBundle

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.