feat(api): Add add-pre-chain endpoint
This commit is contained in:
parent
ecbf630127
commit
6f290c90e9
3 changed files with 52 additions and 3 deletions
|
@ -44,3 +44,19 @@ type Endpoint<'a> = (reqwest::Method, &'a str);
|
||||||
/// clients.)
|
/// clients.)
|
||||||
/// ```
|
/// ```
|
||||||
pub const ADD_CHAIN_ENDPOINT: Endpoint = (reqwest::Method::POST, "/ct/v1/add-chain");
|
pub const ADD_CHAIN_ENDPOINT: Endpoint = (reqwest::Method::POST, "/ct/v1/add-chain");
|
||||||
|
|
||||||
|
/// Reference: https://datatracker.ietf.org/doc/html/rfc6962#section-4.2
|
||||||
|
/// ```txt
|
||||||
|
/// POST https://<log server>/ct/v1/add-pre-chain
|
||||||
|
///
|
||||||
|
/// Inputs:
|
||||||
|
///
|
||||||
|
/// chain: An array of base64-encoded Precertificates. The first
|
||||||
|
/// element is the end-entity certificate; the second chains to the
|
||||||
|
/// first and so on to the last, which is either the root
|
||||||
|
/// certificate or a certificate that chains to a known root
|
||||||
|
/// certificate.
|
||||||
|
///
|
||||||
|
/// Outputs are the same as in Section 4.1.
|
||||||
|
/// ```
|
||||||
|
pub const ADD_PRE_CHAIN_ENDPOINT: Endpoint = (reqwest::Method::POST, "/ct/v1/add-pre-chain");
|
||||||
|
|
|
@ -17,7 +17,7 @@ impl CtApiClient {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Adds a chain to the CT log.
|
/// Adds a standard x509 chain to the CT log.
|
||||||
///
|
///
|
||||||
/// See: [`endpoints::ADD_CHAIN_ENDPOINT`]
|
/// See: [`endpoints::ADD_CHAIN_ENDPOINT`]
|
||||||
///
|
///
|
||||||
|
@ -44,4 +44,37 @@ impl CtApiClient {
|
||||||
.json()
|
.json()
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Adds a precetificate chain to the CT log. This is largely the same as
|
||||||
|
/// [`CtApiClient::add_chain`], except is used specifically when the chain
|
||||||
|
/// starts with a precertificate rather than the final end-user certificate.
|
||||||
|
///
|
||||||
|
/// See: [`endpoints::ADD_PRE_CHAIN_ENDPOINT`]
|
||||||
|
///
|
||||||
|
/// ## Errors
|
||||||
|
///
|
||||||
|
/// This may error if either the request failed (due to lack of internet or
|
||||||
|
/// invalid domain, for example), or if the CT log gave a 4xx/5xx response.
|
||||||
|
/// Specifically, compliant CT logs will reject chains that do not verify
|
||||||
|
/// properly. For precertificates this will happen is the first entry is not
|
||||||
|
/// a precertificate, or if the precertificate is not directly signed by
|
||||||
|
/// a. The CA certificate signing the real certificate
|
||||||
|
/// b. A special-purpose Precertificate Signing Certificate which is
|
||||||
|
/// directly signed by the CA certificate signing the real certificate.
|
||||||
|
pub async fn add_pre_chain(
|
||||||
|
&self,
|
||||||
|
chain: Vec<String>
|
||||||
|
) -> reqwest::Result<AddChainResponse> {
|
||||||
|
self.inner_client
|
||||||
|
.request(
|
||||||
|
endpoints::ADD_PRE_CHAIN_ENDPOINT.0,
|
||||||
|
self.log_url.to_string() + endpoints::ADD_PRE_CHAIN_ENDPOINT.1
|
||||||
|
)
|
||||||
|
.json(&AddChainRequest { chain })
|
||||||
|
.send()
|
||||||
|
.await?
|
||||||
|
.error_for_status()?
|
||||||
|
.json()
|
||||||
|
.await
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@ use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
/// A request payload for adding a chain to a CT log
|
/// A request payload for adding a chain to a CT log
|
||||||
///
|
///
|
||||||
/// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`]
|
/// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`] or [`super::endpoints::ADD_PRE_CHAIN_ENDPOINT`]
|
||||||
#[derive(Debug, Serialize)]
|
#[derive(Debug, Serialize)]
|
||||||
pub struct AddChainRequest {
|
pub struct AddChainRequest {
|
||||||
pub chain: Vec<String>
|
pub chain: Vec<String>
|
||||||
|
@ -10,7 +10,7 @@ pub struct AddChainRequest {
|
||||||
|
|
||||||
/// A response given when adding a chain to a CT log
|
/// A response given when adding a chain to a CT log
|
||||||
///
|
///
|
||||||
/// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`]
|
/// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`] or [`super::endpoints::ADD_PRE_CHAIN_ENDPOINT`]
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
pub struct AddChainResponse {
|
pub struct AddChainResponse {
|
||||||
pub sct_version: u8,
|
pub sct_version: u8,
|
||||||
|
|
Loading…
Reference in a new issue