wire_e2e_identity/pki_env/
crl.rs

1use std::collections::HashMap;
2
3use core_crypto_keystore::entities::E2eiCrl;
4
5use super::{Error, Result};
6use crate::{
7    pki_env::{PkiEnvironment, hooks::HttpMethod},
8    x509_check::revocation::{CrlStore, PkiEnvironment as RjtPkiEnvironment, now},
9};
10
11impl PkiEnvironment {
12    /// Fetch certificate revocation lists from the given URIs, return a map from the URLs to a DER-encoded certificate
13    /// list.
14    pub async fn fetch_crls(&self, uris: impl Iterator<Item = &str>) -> Result<HashMap<String, Vec<u8>>> {
15        let mut crls = HashMap::with_capacity(uris.size_hint().0);
16
17        for uri in uris {
18            let uri = uri.to_owned();
19            let response = self
20                .hooks
21                .http_request(HttpMethod::Get, uri.clone(), vec![], vec![])
22                .await?;
23            if !(200..300).contains(&response.status) {
24                return Err(Error::CrlFetchUnsuccessful {
25                    uri,
26                    status: response.status,
27                });
28            }
29
30            crls.insert(uri, response.body);
31        }
32
33        Ok(crls)
34    }
35
36    /// Validate the CRL (trust anchors must be configured prior to this) and
37    /// save it to the database.
38    pub async fn save_crl(&self, crl_dp: &str, crl_der: &[u8]) -> Result<()> {
39        let mut guard = self.rjt_pki_env.lock().await;
40        let crl = guard.validate_crl_with_raw(crl_der)?;
41
42        let crl_source = CrlStore::from([crl.clone()].as_slice());
43        crl_source.index_crls(now()?)?;
44
45        guard.add_crl_source(Box::new(crl_source));
46
47        let crl_data = E2eiCrl {
48            content: RjtPkiEnvironment::encode_crl_to_der(&crl)?,
49            distribution_point: crl_dp.to_owned(),
50        };
51        self.transactionally(async || self.database.save(crl_data).await).await
52    }
53}
wire_e2e_identity/pki_env/crl.rs

wire_e2e_identity/pki_env/
crl.rs
