(
keys: &AppKeys,
pccs_url: Option<&str>,
vm_config: String,
)
| 53 | } |
| 54 | |
| 55 | pub async fn create( |
| 56 | keys: &AppKeys, |
| 57 | pccs_url: Option<&str>, |
| 58 | vm_config: String, |
| 59 | ) -> Result<CertRequestClient> { |
| 60 | match &keys.key_provider { |
| 61 | KeyProvider::None { key } |
| 62 | | KeyProvider::Local { key, .. } |
| 63 | | KeyProvider::Tpm { key, .. } => { |
| 64 | let ca = CaCert::new(keys.ca_cert.clone(), key.clone()) |
| 65 | .context("Failed to create CA")?; |
| 66 | Ok(CertRequestClient::Local { ca: Box::new(ca) }) |
| 67 | } |
| 68 | KeyProvider::Kms { |
| 69 | url, |
| 70 | tmp_ca_key, |
| 71 | tmp_ca_cert, |
| 72 | .. |
| 73 | } => { |
| 74 | let client_cert = generate_ra_cert(tmp_ca_cert.clone(), tmp_ca_key.clone()) |
| 75 | .context("Failed to generate RA cert")?; |
| 76 | let ra_client = RaClientConfig::builder() |
| 77 | .remote_uri(url.clone()) |
| 78 | .tls_client_cert(client_cert.cert_pem) |
| 79 | .tls_client_key(client_cert.key_pem) |
| 80 | .tls_ca_cert(keys.ca_cert.clone()) |
| 81 | .tls_built_in_root_certs(false) |
| 82 | .maybe_pccs_url(pccs_url.map(|s| s.to_string())) |
| 83 | .build() |
| 84 | .into_client() |
| 85 | .context("Failed to create RA client")?; |
| 86 | let client = KmsClient::new(ra_client); |
| 87 | Ok(CertRequestClient::Kms { client, vm_config }) |
| 88 | } |
| 89 | } |
| 90 | } |
| 91 | } |
no test coverage detected