wire_e2e_identity/acquisition/
initial.rs1use std::sync::Arc;
2
3use jwt_simple::prelude::{ES256KeyPair, ES384KeyPair, ES512KeyPair, Ed25519KeyPair, Jwk};
4use rusty_jwt_tools::{
5 jwk::TryIntoJwk,
6 prelude::{JwsAlgorithm, Pem},
7};
8
9use super::{X509CredentialAcquisition, X509CredentialConfiguration, states};
10use crate::{error::E2eIdentityResult, pki_env::PkiEnvironment};
11
12impl X509CredentialAcquisition<states::Initialized> {
13 pub fn try_new(pki_env: Arc<PkiEnvironment>, config: X509CredentialConfiguration) -> E2eIdentityResult<Self> {
18 let (sign_kp, acme_kp, acme_jwk) = Self::generate_keys(config.sign_alg)?;
19
20 Ok(Self {
21 pki_env,
22 config,
23 sign_kp,
24 acme_kp,
25 acme_jwk,
26 data: states::Initialized,
27 })
28 }
29
30 fn generate_keys(sign_alg: JwsAlgorithm) -> E2eIdentityResult<(Pem, Pem, Jwk)> {
31 let (sign_kp, acme_kp, acme_jwk) = match sign_alg {
32 JwsAlgorithm::Ed25519 => {
33 let sign_kp = Ed25519KeyPair::generate();
34 let acme_kp = Ed25519KeyPair::generate();
35 (
36 sign_kp.to_pem().into(),
37 acme_kp.to_pem().into(),
38 acme_kp.public_key().try_into_jwk()?,
39 )
40 }
41 JwsAlgorithm::P256 => {
42 let sign_kp = ES256KeyPair::generate();
43 let acme_kp = ES256KeyPair::generate();
44 (
45 sign_kp.to_pem()?.into(),
46 acme_kp.to_pem()?.into(),
47 acme_kp.public_key().try_into_jwk()?,
48 )
49 }
50 JwsAlgorithm::P384 => {
51 let sign_kp = ES384KeyPair::generate();
52 let acme_kp = ES384KeyPair::generate();
53 (
54 sign_kp.to_pem()?.into(),
55 acme_kp.to_pem()?.into(),
56 acme_kp.public_key().try_into_jwk()?,
57 )
58 }
59 JwsAlgorithm::P521 => {
60 let sign_kp = ES512KeyPair::generate();
61 let acme_kp = ES512KeyPair::generate();
62 (
63 sign_kp.to_pem()?.into(),
64 acme_kp.to_pem()?.into(),
65 acme_kp.public_key().try_into_jwk()?,
66 )
67 }
68 };
69 Ok((sign_kp, acme_kp, acme_jwk))
70 }
71}