Trait PkiEnvironmentHooks 

pub trait PkiEnvironmentHooks:
    Debug
    + Send
    + Sync {
    // Required methods
    fn http_request<'life0, 'async_trait>(
        &'life0 self,
        method: HttpMethod,
        url: String,
        headers: Vec<HttpHeader>,
        body: Vec<u8>,
    ) -> Pin<Box<dyn Future<Output = Result<HttpResponse, PkiEnvironmentHooksError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn authenticate<'life0, 'async_trait>(
        &'life0 self,
        idp: String,
        key_auth: String,
        acme_aud: String,
    ) -> Pin<Box<dyn Future<Output = Result<String, PkiEnvironmentHooksError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn get_backend_nonce<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = Result<String, PkiEnvironmentHooksError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn fetch_backend_access_token<'life0, 'async_trait>(
        &'life0 self,
        dpop: String,
    ) -> Pin<Box<dyn Future<Output = Result<String, PkiEnvironmentHooksError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
}

The PKI Environment Hooks used for external calls during e2e enrollment flow. When communicating with the Identity Provider (IDP) and Wire server, CoreCrypto delegates to the client app by calling the relevant methods.

Client App CoreCrypto Acme IDP | | | | | X509CredentialAcquisition().finalize() | | |–––––––––––––>| | | | | GET acme/root.pem | | | |————————> | | | | 200 OK | | | |<———————— | | | authenticate() | | | |<–––––––––––––| | | | | Authentication flow | | | ––––––––––––––––––––––––––––––––––––––> | |<—————————————————————————– | | return Success [PkiEnvironmentHooks.authenticate()] | | |<–––––––––––––| | | | | (excluded several calls for brevity) | | return Success(Credential) [X509CredentialAcquisition().finalize()] | |<–––––––––––––| | |

Required Methods

fn http_request<'life0, 'async_trait>( &'life0 self, method: HttpMethod, url: String, headers: Vec<HttpHeader>, body: Vec<u8>, ) -> Pin<Box<dyn Future<Output = Result<HttpResponse, PkiEnvironmentHooksError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Make an HTTP request Used for requests to ACME servers, CRL distributors etc.

fn authenticate<'life0, 'async_trait>( &'life0 self, idp: String, key_auth: String, acme_aud: String, ) -> Pin<Box<dyn Future<Output = Result<String, PkiEnvironmentHooksError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Authenticate with the user’s identity provider (IdP)

The implementation should perform an [authentication using the authorization code flow] (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) with the PKCE (https://www.rfc-editor.org/rfc/rfc7636) extension. As part of the authorization request, the implementation should specify key_auth and acme_aud claims, along with their values, in the claims parameter. This is to instruct the IdP to add the key_auth and acme_aud claims to the ID token that will be returned as part of the access token.

Once the authentication is completed successfully, the implementation should request an access token from the IdP, extract the ID token from it and return it to the caller.

fn get_backend_nonce<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<String, PkiEnvironmentHooksError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Get a nonce from the backend

fn fetch_backend_access_token<'life0, 'async_trait>( &'life0 self, dpop: String, ) -> Pin<Box<dyn Future<Output = Result<String, PkiEnvironmentHooksError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Fetch an access token to be used for the DPoP challenge (wire-dpop-01)

The implementation should take the provided DPoP token (dpop) and make a request to the backend to obtain an access token, which should be returned to the caller.

Implementors