Skip to main content

KraClient

kipuka_dogtag::kra

Struct KraClient 

Source 
pub struct KraClient { /* private fields */ }
Expand description

Client for Dogtag KRA REST API operations.

Manages a separate HTTP client configured for the KRA subsystem. The KRA may run on the same host as the CA but uses a different subsystem path (/kra/rest/...).

Implementations§

Source§

impl KraClient

Source

pub fn new(config: &DogtagConfig) -> DogtagResult<Self>

Create a new KRA client from the Dogtag configuration.

Uses the same agent credentials as the CA client but connects to the KRA subsystem URL. Returns an error if kra_url is not configured.

Source

pub async fn generate_key( &self, key_type: &str, key_size: u32, ) -> DogtagResult<KeyGenResult>

Generate a key pair on the KRA.

Sends POST /kra/rest/agent/keys/generate to create a new key pair. The private key is archived in the KRA and the public key is returned for inclusion in the certificate request.

§Supported Algorithms
  • RSA: key_type = "RSA", key_size = 2048 | 3072 | 4096
  • ECDSA: key_type = "EC", key_size = 256 | 384 | 521
  • ML-KEM: key_type = "ML-KEM-512" | "ML-KEM-768" | "ML-KEM-1024", key_size = 0
Source

pub async fn archive_key( &self, key_id: &str, wrapped_key: &[u8], ) -> DogtagResult<String>

Archive a private key in the KRA.

Sends POST /kra/rest/agent/keys/archive to store a wrapped private key for later recovery. Returns the KRA key identifier.

Source

pub async fn recover_key(&self, key_id: &str) -> DogtagResult<Vec<u8>>

Recover an archived private key from the KRA.

Sends POST /kra/rest/agent/keys/{key_id}/recover to retrieve a previously archived key. The key is returned in its wrapped form.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more