core_crypto/e2e_identity/
pki_env.rs

1use crate::KeystoreError;
2
3use super::Result;
4use core_crypto_keystore::{
5    connection::FetchFromDatabase,
6    entities::{E2eiAcmeCA, E2eiCrl, E2eiIntermediateCert},
7};
8use std::collections::HashSet;
9use wire_e2e_identity::prelude::x509::revocation::{PkiEnvironment, PkiEnvironmentParams};
10use x509_cert::der::Decode;
11
12/// New Certificate Revocation List distribution points.
13#[derive(Debug, Clone, derive_more::From, derive_more::Into, derive_more::Deref, derive_more::DerefMut)]
14pub struct NewCrlDistributionPoints(Option<HashSet<String>>);
15
16impl From<NewCrlDistributionPoints> for Option<Vec<String>> {
17    fn from(mut dp: NewCrlDistributionPoints) -> Self {
18        dp.take().map(|d| d.into_iter().collect())
19    }
20}
21
22impl IntoIterator for NewCrlDistributionPoints {
23    type Item = String;
24
25    type IntoIter = std::collections::hash_set::IntoIter<String>;
26
27    fn into_iter(self) -> Self::IntoIter {
28        let items = self.0.unwrap_or_default();
29        items.into_iter()
30    }
31}
32
33pub(crate) async fn restore_pki_env(data_provider: &impl FetchFromDatabase) -> Result<Option<PkiEnvironment>> {
34    let mut trust_roots = vec![];
35    let Ok(ta_raw) = data_provider.find_unique::<E2eiAcmeCA>().await else {
36        return Ok(None);
37    };
38
39    trust_roots.push(
40        x509_cert::Certificate::from_der(&ta_raw.content).map(x509_cert::anchor::TrustAnchorChoice::Certificate)?,
41    );
42
43    let intermediates = data_provider
44        .find_all::<E2eiIntermediateCert>(Default::default())
45        .await
46        .map_err(KeystoreError::wrap("finding intermediate certificates"))?
47        .into_iter()
48        .map(|inter| x509_cert::Certificate::from_der(&inter.content))
49        .collect::<Result<Vec<_>, _>>()?;
50
51    let crls = data_provider
52        .find_all::<E2eiCrl>(Default::default())
53        .await
54        .map_err(KeystoreError::wrap("finding crls"))?
55        .into_iter()
56        .map(|crl| x509_cert::crl::CertificateList::from_der(&crl.content))
57        .collect::<Result<Vec<_>, _>>()?;
58
59    let params = PkiEnvironmentParams {
60        trust_roots: &trust_roots,
61        intermediates: &intermediates,
62        crls: &crls,
63        time_of_interest: None,
64    };
65
66    Ok(Some(PkiEnvironment::init(params)?))
67}