Struct X509CredentialAcquisition 

pub struct X509CredentialAcquisition<T: Debug = Initialized> { /* private fields */ }

The type representing the X509 acquisition process.

Performs the two ACME challenges necessary to obtain a certificate, wire-dpop-01 and wire-oidc-01, in that order.

State transitions: (*) | | ::try_new() | v Initialized | | .complete_dpop_challenge() | v DpopChallengeCompleted | | .complete_oidc_challenge() | v (no final state, acquisition is consumed)

After the second (OIDC) challenge, the signing keypair and the certificate chain is returned to the caller. Regardless of success, the acquisition instance is consumed and cannot be used anymore.

Sample usage:

let acq = X509CredentialAcquisition::try_new(pki_env, config)?;
let (sign_kp, certs) = acq
    .complete_dpop_challenge().await?
    .complete_oidc_challenge().await?;

Implementations

impl X509CredentialAcquisition<Initialized>

pub async fn complete_dpop_challenge( self, ) -> Result<X509CredentialAcquisition<DpopChallengeCompleted>>

Complete the DPoP challenge.

impl X509CredentialAcquisition<Initialized>

pub fn try_new( pki_env: Arc<PkiEnvironment>, config: X509CredentialConfiguration, ) -> E2eIdentityResult<Self>

Create the acquisition object.

Generates the signing and ACME keypairs, but does not perform any network I/O.

impl X509CredentialAcquisition<DpopChallengeCompleted>

pub async fn complete_oidc_challenge(self) -> Result<(Pem, Vec<Vec<u8>>)>

Complete the OIDC challenge and get the certificate chain.

Returns (signing keypair in PEM format, certificate chain). The first certificate in the chain is the end-entity certificate, i.e. the one certifying the public portion of the signing keypair.

Trait Implementations

impl<T: Debug> Debug for X509CredentialAcquisition<T>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<T: Debug> ToValue for X509CredentialAcquisition<T>

fn to_value(&self) -> Value<'_>

Perform the conversion.