Skip to main content

X509CredentialAcquisition

wire_e2e_identity::acquisition

Struct X509CredentialAcquisition 

Source 
pub struct X509CredentialAcquisition<T: Debug = Initialized> { /* private fields */ }
Expand description

The type representing the X509 acquisition process.

Performs the two ACME challenges necessary to obtain a certificate, wire-dpop-01 and wire-oidc-01, in that order.

State transitions: (*) | | ::try_new() | v Initialized | | .complete_dpop_challenge() | v DpopChallengeCompleted | | .complete_oidc_challenge() | v (no final state, acquisition is consumed)

After the second (OIDC) challenge, the signing keypair and the certificate chain is returned to the caller. Regardless of success, the acquisition instance is consumed and cannot be used anymore.

Sample usage:

let acq = X509CredentialAcquisition::try_new(pki_env, config)?;
let (sign_kp, certs) = acq
    .complete_dpop_challenge().await?
    .complete_oidc_challenge().await?;

Implementations§

Source§

impl X509CredentialAcquisition<Initialized>

Source

pub async fn complete_dpop_challenge( self, ) -> Result<X509CredentialAcquisition<DpopChallengeCompleted>>

Complete the DPoP challenge.

Source§

impl X509CredentialAcquisition<Initialized>

Source

pub fn try_new( pki_env: Arc<PkiEnvironment>, config: X509CredentialConfiguration, ) -> E2eIdentityResult<Self>

Create the acquisition object.

Generates the signing and ACME keypairs, but does not perform any network I/O.

Source

pub fn try_new_from_pem( pki_env: Arc<PkiEnvironment>, config: X509CredentialConfiguration, sign_kp: Pem, ) -> E2eIdentityResult<Self>

Create the acquisition object using an existing sign keypair. This API is temporary until our system decouples client identities from a client’s public signature key. See https://wearezeta.atlassian.net/wiki/x/RABtrQ.

Source§

impl X509CredentialAcquisition<DpopChallengeCompleted>

Source

pub async fn complete_oidc_challenge(self) -> Result<(Pem, Vec<Certificate>)>

Complete the OIDC challenge and get the certificate chain.

Returns (signing keypair in PEM format, certificate chain). The first certificate in the chain is the end-entity certificate, i.e. the one certifying the public portion of the signing keypair.

Source§

impl X509CredentialAcquisition<DpopChallengeCompleted>

Source

pub fn deserialize(pki_env: Arc<PkiEnvironment>, bytes: &[u8]) -> Result<Self>

Source§

impl<T: Debug> X509CredentialAcquisition<T>

Source

pub fn sign_alg(&self) -> JwsAlgorithm

The signing algorithm used for certificate acquisition.

Trait Implementations§

Source§

impl<T: Debug> Debug for X509CredentialAcquisition<T>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T> Serialize for X509CredentialAcquisition<T>
where T: Serialize + Debug,

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl<T: Debug> ToValue for X509CredentialAcquisition<T>

Source§

fn to_value(&self) -> Value<'_>

Perform the conversion.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> Serialize for T
where T: Serialize + ?Sized,

Source§

fn erased_serialize(&self, serializer: &mut dyn Serializer) -> Result<(), Error>

Source§

fn do_erased_serialize( &self, serializer: &mut dyn Serializer, ) -> Result<(), ErrorImpl>

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> ErasedDestructor for T
where T: 'static,

§

impl<T> MaybeSendSync for T