vaultrs/
pki.rs

1pub mod cert {
2    use crate::api;
3    use crate::api::pki::requests::{
4        GenerateCertificateRequest, GenerateCertificateRequestBuilder, ListCertificatesRequest,
5        ReadCertificateRequest, RevokeCertificateRequest, TidyRequest,
6    };
7    use crate::api::pki::responses::{
8        GenerateCertificateResponse, ReadCertificateResponse, RevokeCertificateResponse,
9    };
10    use crate::client::Client;
11    use crate::error::ClientError;
12
13    /// Generates a certificate using the given role and options
14    ///
15    /// See [GenerateCertificateRequest]
16    pub async fn generate(
17        client: &impl Client,
18        mount: &str,
19        role: &str,
20        opts: Option<&mut GenerateCertificateRequestBuilder>,
21    ) -> Result<GenerateCertificateResponse, ClientError> {
22        let mut t = GenerateCertificateRequest::builder();
23        let endpoint = opts
24            .unwrap_or(&mut t)
25            .mount(mount)
26            .role(role)
27            .build()
28            .unwrap();
29        api::exec_with_result(client, endpoint).await
30    }
31
32    /// Lists all certificates
33    ///
34    /// See [ListCertificatesRequest]
35    pub async fn list(client: &impl Client, mount: &str) -> Result<Vec<String>, ClientError> {
36        let endpoint = ListCertificatesRequest::builder()
37            .mount(mount)
38            .build()
39            .unwrap();
40        Ok(api::exec_with_result(client, endpoint).await?.keys)
41    }
42
43    /// Read a certificate using its serial
44    ///
45    /// See [ReadCertificateRequest]
46    pub async fn read(
47        client: &impl Client,
48        mount: &str,
49        serial: &str,
50    ) -> Result<ReadCertificateResponse, ClientError> {
51        let endpoint = ReadCertificateRequest::builder()
52            .mount(mount)
53            .serial(serial)
54            .build()
55            .unwrap();
56        api::exec_with_result(client, endpoint).await
57    }
58
59    /// Revokes a certificate using its serial
60    ///
61    /// See [RevokeCertificateRequest]
62    pub async fn revoke(
63        client: &impl Client,
64        mount: &str,
65        serial: &str,
66    ) -> Result<RevokeCertificateResponse, ClientError> {
67        let endpoint = RevokeCertificateRequest::builder()
68            .mount(mount)
69            .serial_number(serial)
70            .build()
71            .unwrap();
72        api::exec_with_result(client, endpoint).await
73    }
74
75    /// Tidy's up the certificate backend
76    ///
77    /// See [TidyRequest]
78    pub async fn tidy(client: &impl Client, mount: &str) -> Result<(), ClientError> {
79        let endpoint = TidyRequest::builder().mount(mount).build().unwrap();
80        api::exec_with_empty_result(client, endpoint).await
81    }
82
83    pub mod ca {
84        use crate::api;
85        use crate::api::pki::responses::SignSelfIssuedResponse;
86        use crate::{
87            api::pki::{
88                requests::{
89                    DeleteRootRequest, GenerateRootRequest, GenerateRootRequestBuilder,
90                    SignCertificateRequest, SignCertificateRequestBuilder, SignIntermediateRequest,
91                    SignIntermediateRequestBuilder, SignSelfIssuedRequest, SubmitCARequest,
92                },
93                responses::{
94                    GenerateRootResponse, SignCertificateResponse, SignIntermediateResponse,
95                },
96            },
97            client::Client,
98            error::ClientError,
99        };
100
101        /// Delete's the root CA
102        ///
103        /// See [DeleteRootRequest]
104        pub async fn delete(client: &impl Client, mount: &str) -> Result<(), ClientError> {
105            let endpoint = DeleteRootRequest::builder().mount(mount).build().unwrap();
106            api::exec_with_empty(client, endpoint).await
107        }
108
109        /// Generates a new root CA
110        ///
111        /// See [GenerateRootRequest]
112        pub async fn generate(
113            client: &impl Client,
114            mount: &str,
115            cert_type: &str,
116            opts: Option<&mut GenerateRootRequestBuilder>,
117        ) -> Result<Option<GenerateRootResponse>, ClientError> {
118            let mut t = GenerateRootRequest::builder();
119            let endpoint = opts
120                .unwrap_or(&mut t)
121                .mount(mount)
122                .cert_type(cert_type)
123                .build()
124                .unwrap();
125            api::exec_with_result(client, endpoint).await
126        }
127
128        /// Signs a certificate using the root CA
129        ///
130        /// See [SignCertificateRequest]
131        pub async fn sign(
132            client: &impl Client,
133            mount: &str,
134            role: &str,
135            csr: &str,
136            common_name: &str,
137            opts: Option<&mut SignCertificateRequestBuilder>,
138        ) -> Result<SignCertificateResponse, ClientError> {
139            let mut t = SignCertificateRequest::builder();
140            let endpoint = opts
141                .unwrap_or(&mut t)
142                .mount(mount)
143                .role(role)
144                .csr(csr)
145                .common_name(common_name)
146                .build()
147                .unwrap();
148            api::exec_with_result(client, endpoint).await
149        }
150
151        /// Signs an intermediate CA using the root CA
152        ///
153        /// See [SignIntermediateRequest]
154        pub async fn sign_intermediate(
155            client: &impl Client,
156            mount: &str,
157            csr: &str,
158            common_name: &str,
159            opts: Option<&mut SignIntermediateRequestBuilder>,
160        ) -> Result<SignIntermediateResponse, ClientError> {
161            let mut t = SignIntermediateRequest::builder();
162            let endpoint = opts
163                .unwrap_or(&mut t)
164                .mount(mount)
165                .csr(csr)
166                .common_name(common_name)
167                .build()
168                .unwrap();
169            api::exec_with_result(client, endpoint).await
170        }
171
172        /// Signs a self issued certificate using the root CA
173        ///
174        /// See [SignSelfIssuedRequest]
175        pub async fn sign_self_issued(
176            client: &impl Client,
177            mount: &str,
178            certificate: &str,
179        ) -> Result<SignSelfIssuedResponse, ClientError> {
180            let endpoint = SignSelfIssuedRequest::builder()
181                .mount(mount)
182                .certificate(certificate)
183                .build()
184                .unwrap();
185            api::exec_with_result(client, endpoint).await
186        }
187
188        /// Configures the root CA
189        ///
190        /// See [SubmitCARequest]
191        pub async fn submit(
192            client: &impl Client,
193            mount: &str,
194            pem_bundle: &str,
195        ) -> Result<(), ClientError> {
196            let endpoint = SubmitCARequest::builder()
197                .mount(mount)
198                .pem_bundle(pem_bundle)
199                .build()
200                .unwrap();
201            api::exec_with_empty(client, endpoint).await
202        }
203
204        pub mod int {
205            use crate::api;
206            use crate::{
207                api::pki::{
208                    requests::{
209                        GenerateIntermediateRequest, GenerateIntermediateRequestBuilder,
210                        SetSignedIntermediateRequest,
211                    },
212                    responses::GenerateIntermediateResponse,
213                },
214                client::Client,
215                error::ClientError,
216            };
217
218            /// Generates an intermediate CA
219            ///
220            /// See [GenerateIntermediateRequest]
221            pub async fn generate(
222                client: &impl Client,
223                mount: &str,
224                cert_type: &str,
225                common_name: &str,
226                opts: Option<&mut GenerateIntermediateRequestBuilder>,
227            ) -> Result<GenerateIntermediateResponse, ClientError> {
228                let mut t = GenerateIntermediateRequest::builder();
229                let endpoint = opts
230                    .unwrap_or(&mut t)
231                    .mount(mount)
232                    .cert_type(cert_type)
233                    .common_name(common_name)
234                    .build()
235                    .unwrap();
236                api::exec_with_result(client, endpoint).await
237            }
238
239            /// Sets the signed CA certificate
240            ///
241            /// See [SetSignedIntermediateRequest]
242            pub async fn set_signed(
243                client: &impl Client,
244                mount: &str,
245                certificate: &str,
246            ) -> Result<(), ClientError> {
247                let endpoint = SetSignedIntermediateRequest::builder()
248                    .mount(mount)
249                    .certificate(certificate)
250                    .build()
251                    .unwrap();
252                api::exec_with_empty(client, endpoint).await
253            }
254        }
255    }
256
257    pub mod crl {
258        use crate::api::pki::{
259            requests::{
260                ReadCRLConfigRequest, RotateCRLsRequest, SetCRLConfigRequest,
261                SetCRLConfigRequestBuilder,
262            },
263            responses::{ReadCRLConfigResponse, RotateCRLsResponse},
264        };
265        use crate::api::{self, exec_with_empty};
266        use crate::client::Client;
267        use crate::error::ClientError;
268
269        /// Rotates the CRL
270        ///
271        /// See [RotateCRLsRequest]
272        pub async fn rotate(
273            client: &impl Client,
274            mount: &str,
275        ) -> Result<RotateCRLsResponse, ClientError> {
276            let endpoint = RotateCRLsRequest::builder().mount(mount).build().unwrap();
277            api::exec_with_result(client, endpoint).await
278        }
279
280        /// Reads the CRL configuration
281        ///
282        /// See [ReadCRLConfigRequest]
283        pub async fn read_config(
284            client: &impl Client,
285            mount: &str,
286        ) -> Result<ReadCRLConfigResponse, ClientError> {
287            let endpoint = ReadCRLConfigRequest::builder()
288                .mount(mount)
289                .build()
290                .unwrap();
291            api::exec_with_result(client, endpoint).await
292        }
293
294        /// Sets the CRL configuration
295        ///
296        /// See [SetCRLConfigRequest]
297        pub async fn set_config(
298            client: &impl Client,
299            mount: &str,
300            opts: Option<&mut SetCRLConfigRequestBuilder>,
301        ) -> Result<(), ClientError> {
302            let mut t = SetCRLConfigRequest::builder();
303            let endpoint = opts.unwrap_or(&mut t).mount(mount).build().unwrap();
304            exec_with_empty(client, endpoint).await
305        }
306    }
307
308    pub mod urls {
309        use crate::api;
310        use crate::api::pki::{
311            requests::{ReadURLsRequest, SetURLsRequest, SetURLsRequestBuilder},
312            responses::ReadURLsResponse,
313        };
314        use crate::client::Client;
315        use crate::error::ClientError;
316
317        /// Reads the configured certificate URLs
318        ///
319        /// See [ReadURLsRequest]
320        pub async fn read(
321            client: &impl Client,
322            mount: &str,
323        ) -> Result<ReadURLsResponse, ClientError> {
324            let endpoint = ReadURLsRequest::builder().mount(mount).build().unwrap();
325            api::exec_with_result(client, endpoint).await
326        }
327
328        /// Sets the configured certificate URLs
329        ///
330        /// See [SetURLsRequest]
331        pub async fn set(
332            client: &impl Client,
333            mount: &str,
334            opts: Option<&mut SetURLsRequestBuilder>,
335        ) -> Result<(), ClientError> {
336            let mut t = SetURLsRequest::builder();
337            let endpoint = opts.unwrap_or(&mut t).mount(mount).build().unwrap();
338            api::exec_with_empty(client, endpoint).await
339        }
340    }
341}
342
343pub mod role {
344    use crate::api;
345    use crate::api::pki::{
346        requests::{
347            DeleteRoleRequest, ListRolesRequest, ReadRoleRequest, SetRoleRequest,
348            SetRoleRequestBuilder,
349        },
350        responses::{ListRolesResponse, ReadRoleResponse},
351    };
352    use crate::client::Client;
353    use crate::error::ClientError;
354
355    /// Deletes a role
356    ///
357    /// See [DeleteRoleRequest]
358    pub async fn delete(client: &impl Client, mount: &str, name: &str) -> Result<(), ClientError> {
359        let endpoint = DeleteRoleRequest::builder()
360            .mount(mount)
361            .name(name)
362            .build()
363            .unwrap();
364        api::exec_with_empty(client, endpoint).await
365    }
366
367    /// Lists all roles
368    ///
369    /// See [ListRolesRequest]
370    pub async fn list(client: &impl Client, mount: &str) -> Result<ListRolesResponse, ClientError> {
371        let endpoint = ListRolesRequest::builder().mount(mount).build().unwrap();
372        api::exec_with_result(client, endpoint).await
373    }
374
375    /// Reads a role
376    ///
377    /// See [ReadRoleRequest]
378    pub async fn read(
379        client: &impl Client,
380        mount: &str,
381        name: &str,
382    ) -> Result<ReadRoleResponse, ClientError> {
383        let endpoint = ReadRoleRequest::builder()
384            .mount(mount)
385            .name(name)
386            .build()
387            .unwrap();
388        api::exec_with_result(client, endpoint).await
389    }
390
391    /// Creates or updates a role
392    ///
393    /// See [SetRoleRequest]
394    pub async fn set(
395        client: &impl Client,
396        mount: &str,
397        name: &str,
398        opts: Option<&mut SetRoleRequestBuilder>,
399    ) -> Result<(), ClientError> {
400        let mut t = SetRoleRequest::builder();
401        let endpoint = opts
402            .unwrap_or(&mut t)
403            .mount(mount)
404            .name(name)
405            .build()
406            .unwrap();
407        api::exec_with_empty(client, endpoint).await
408    }
409}
vaultrs/pki.rs

vaultrs/
pki.rs
