feat(api): Add add-pre-chain endpoint

This commit is contained in:
Tyler Beckman 2024-10-27 13:35:40 -06:00
parent ecbf630127
commit 6f290c90e9
Signed by: Ty
GPG key ID: 2813440C772555A4
3 changed files with 52 additions and 3 deletions

View file

@ -44,3 +44,19 @@ type Endpoint<'a> = (reqwest::Method, &'a str);
/// clients.) /// clients.)
/// ``` /// ```
pub const ADD_CHAIN_ENDPOINT: Endpoint = (reqwest::Method::POST, "/ct/v1/add-chain"); pub const ADD_CHAIN_ENDPOINT: Endpoint = (reqwest::Method::POST, "/ct/v1/add-chain");
/// Reference: https://datatracker.ietf.org/doc/html/rfc6962#section-4.2
/// ```txt
/// POST https://<log server>/ct/v1/add-pre-chain
///
/// Inputs:
///
/// chain: An array of base64-encoded Precertificates. The first
/// element is the end-entity certificate; the second chains to the
/// first and so on to the last, which is either the root
/// certificate or a certificate that chains to a known root
/// certificate.
///
/// Outputs are the same as in Section 4.1.
/// ```
pub const ADD_PRE_CHAIN_ENDPOINT: Endpoint = (reqwest::Method::POST, "/ct/v1/add-pre-chain");

View file

@ -17,7 +17,7 @@ impl CtApiClient {
}) })
} }
/// Adds a chain to the CT log. /// Adds a standard x509 chain to the CT log.
/// ///
/// See: [`endpoints::ADD_CHAIN_ENDPOINT`] /// See: [`endpoints::ADD_CHAIN_ENDPOINT`]
/// ///
@ -44,4 +44,37 @@ impl CtApiClient {
.json() .json()
.await .await
} }
/// Adds a precetificate chain to the CT log. This is largely the same as
/// [`CtApiClient::add_chain`], except is used specifically when the chain
/// starts with a precertificate rather than the final end-user certificate.
///
/// See: [`endpoints::ADD_PRE_CHAIN_ENDPOINT`]
///
/// ## Errors
///
/// This may error if either the request failed (due to lack of internet or
/// invalid domain, for example), or if the CT log gave a 4xx/5xx response.
/// Specifically, compliant CT logs will reject chains that do not verify
/// properly. For precertificates this will happen is the first entry is not
/// a precertificate, or if the precertificate is not directly signed by
/// a. The CA certificate signing the real certificate
/// b. A special-purpose Precertificate Signing Certificate which is
/// directly signed by the CA certificate signing the real certificate.
pub async fn add_pre_chain(
&self,
chain: Vec<String>
) -> reqwest::Result<AddChainResponse> {
self.inner_client
.request(
endpoints::ADD_PRE_CHAIN_ENDPOINT.0,
self.log_url.to_string() + endpoints::ADD_PRE_CHAIN_ENDPOINT.1
)
.json(&AddChainRequest { chain })
.send()
.await?
.error_for_status()?
.json()
.await
}
} }

View file

@ -2,7 +2,7 @@ use serde::{Deserialize, Serialize};
/// A request payload for adding a chain to a CT log /// A request payload for adding a chain to a CT log
/// ///
/// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`] /// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`] or [`super::endpoints::ADD_PRE_CHAIN_ENDPOINT`]
#[derive(Debug, Serialize)] #[derive(Debug, Serialize)]
pub struct AddChainRequest { pub struct AddChainRequest {
pub chain: Vec<String> pub chain: Vec<String>
@ -10,7 +10,7 @@ pub struct AddChainRequest {
/// A response given when adding a chain to a CT log /// A response given when adding a chain to a CT log
/// ///
/// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`] /// See: [`super::endpoints::ADD_CHAIN_ENDPOINT`] or [`super::endpoints::ADD_PRE_CHAIN_ENDPOINT`]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct AddChainResponse { pub struct AddChainResponse {
pub sct_version: u8, pub sct_version: u8,