wire_e2e_identity/pki_env/
crl.rs

1use std::collections::HashMap;
2
3use core_crypto_keystore::entities::E2eiCrl;
4
5use super::{Error, Result};
6use crate::{
7    pki_env::{PkiEnvironment, hooks::HttpMethod},
8    x509_check::revocation::PkiEnvironment as RjtPkiEnvironment,
9};
10
11impl PkiEnvironment {
12    /// Fetch certificate revocation lists from the given URIs, return a map from the URLs to a DER-encoded certificate
13    /// list.
14    pub async fn fetch_crls(&self, uris: impl Iterator<Item = &str>) -> Result<HashMap<String, Vec<u8>>> {
15        let mut crls = HashMap::with_capacity(uris.size_hint().0);
16
17        for uri in uris {
18            let uri = uri.to_owned();
19            let response = self
20                .hooks
21                .http_request(HttpMethod::Get, uri.clone(), vec![], vec![])
22                .await?;
23            if !(200..300).contains(&response.status) {
24                return Err(Error::CrlFetchUnsuccessful {
25                    uri,
26                    status: response.status,
27                });
28            }
29
30            crls.insert(uri, response.body);
31        }
32
33        Ok(crls)
34    }
35
36    /// Validate the CRL (trust anchors must be configured prior to this) and
37    /// save it to the database.
38    pub async fn save_crl(&self, crl_dp: &str, crl_der: &[u8]) -> Result<()> {
39        let crl = self.rjt_pki_env.lock().await.validate_crl_with_raw(crl_der)?;
40        let crl_data = E2eiCrl {
41            content: RjtPkiEnvironment::encode_crl_to_der(&crl)?,
42            distribution_point: crl_dp.to_owned(),
43        };
44        self.database.save(crl_data).await.map_err(Into::into)
45    }
46}
wire_e2e_identity/pki_env/crl.rs

wire_e2e_identity/pki_env/
crl.rs
