core_crypto/e2e_identity/
pki_env.rs

1use std::collections::HashSet;
2
3use core_crypto_keystore::{
4    connection::FetchFromDatabase,
5    entities::{E2eiAcmeCA, E2eiCrl, E2eiIntermediateCert},
6};
7use wire_e2e_identity::prelude::x509::revocation::{PkiEnvironment, PkiEnvironmentParams};
8use x509_cert::der::Decode;
9
10use super::Result;
11use crate::KeystoreError;
12
13/// New Certificate Revocation List distribution points.
14#[derive(Debug, Clone, derive_more::From, derive_more::Into, derive_more::Deref, derive_more::DerefMut)]
15pub struct NewCrlDistributionPoints(Option<HashSet<String>>);
16
17impl From<NewCrlDistributionPoints> for Option<Vec<String>> {
18    fn from(mut dp: NewCrlDistributionPoints) -> Self {
19        dp.take().map(|d| d.into_iter().collect())
20    }
21}
22
23impl IntoIterator for NewCrlDistributionPoints {
24    type Item = String;
25
26    type IntoIter = std::collections::hash_set::IntoIter<String>;
27
28    fn into_iter(self) -> Self::IntoIter {
29        let items = self.0.unwrap_or_default();
30        items.into_iter()
31    }
32}
33
34pub(crate) async fn restore_pki_env(data_provider: &impl FetchFromDatabase) -> Result<Option<PkiEnvironment>> {
35    let mut trust_roots = vec![];
36    let Ok(ta_raw) = data_provider.find_unique::<E2eiAcmeCA>().await else {
37        return Ok(None);
38    };
39
40    trust_roots.push(
41        x509_cert::Certificate::from_der(&ta_raw.content).map(x509_cert::anchor::TrustAnchorChoice::Certificate)?,
42    );
43
44    let intermediates = data_provider
45        .find_all::<E2eiIntermediateCert>(Default::default())
46        .await
47        .map_err(KeystoreError::wrap("finding intermediate certificates"))?
48        .into_iter()
49        .map(|inter| x509_cert::Certificate::from_der(&inter.content))
50        .collect::<Result<Vec<_>, _>>()?;
51
52    let crls = data_provider
53        .find_all::<E2eiCrl>(Default::default())
54        .await
55        .map_err(KeystoreError::wrap("finding crls"))?
56        .into_iter()
57        .map(|crl| x509_cert::crl::CertificateList::from_der(&crl.content))
58        .collect::<Result<Vec<_>, _>>()?;
59
60    let params = PkiEnvironmentParams {
61        trust_roots: &trust_roots,
62        intermediates: &intermediates,
63        crls: &crls,
64        time_of_interest: None,
65    };
66
67    Ok(Some(PkiEnvironment::init(params)?))
68}