Skip to main content

wire_e2e_identity/acquisition/
initial.rs

1use std::sync::Arc;
2
3use obfuscate::Obfuscated;
4use rusty_jwt_tools::prelude::Pem;
5
6use super::{X509CredentialAcquisition, X509CredentialConfiguration, states};
7use crate::{
8    error::E2eIdentityResult,
9    pki_env::PkiEnvironment,
10    utils::{generate_key, public_jwk_from_pem_keypair},
11};
12
13impl X509CredentialAcquisition<states::Initialized> {
14    /// Create the acquisition object.
15    ///
16    /// Generates the signing and ACME keypairs, but does not perform
17    /// any network I/O.
18    pub fn try_new(pki_env: Arc<PkiEnvironment>, config: X509CredentialConfiguration) -> E2eIdentityResult<Self> {
19        let sign_kp = generate_key(config.sign_alg)?;
20        let acme_kp = generate_key(config.sign_alg)?;
21        let acme_jwk = public_jwk_from_pem_keypair(config.sign_alg, &acme_kp)?;
22
23        log::info!(
24            "created acquisition({:?}), sign_alg = {}, acme_url = {}",
25            Obfuscated::from(&sign_kp),
26            config.sign_alg,
27            config.acme_directory_url
28        );
29        Ok(Self {
30            pki_env,
31            config,
32            sign_kp,
33            acme_kp,
34            acme_jwk,
35            data: states::Initialized,
36        })
37    }
38
39    /// Create the acquisition object using an existing sign keypair.
40    /// This API is temporary until our system decouples client identities from a client's public signature key.
41    /// See <https://wearezeta.atlassian.net/wiki/x/RABtrQ>.
42    //
43    // We're intentionally not factoring this into `try_new()`, so that this can be removed more cleanly.
44    pub fn try_new_from_pem(
45        pki_env: Arc<PkiEnvironment>,
46        config: X509CredentialConfiguration,
47        sign_kp: Pem,
48    ) -> E2eIdentityResult<Self> {
49        let acme_kp = generate_key(config.sign_alg)?;
50        let acme_jwk = public_jwk_from_pem_keypair(config.sign_alg, &acme_kp)?;
51        log::info!(
52            "created acquisition from existing {:?}, sign_alg = {}, acme_url = {}",
53            Obfuscated::from(&sign_kp),
54            config.sign_alg,
55            config.acme_directory_url
56        );
57
58        Ok(Self {
59            pki_env,
60            config,
61            sign_kp,
62            acme_kp,
63            acme_jwk,
64            data: states::Initialized,
65        })
66    }
67}