[PKI] Client implementation for pki_enrollment_info.

Author: AureliaDolo

libparsec/crates/client/src/client/mod.rs

@@ -5,6 +5,7 @@
 mod list_frozen_users;
 mod organization_info;
 mod pki_enrollment_accept;
+mod pki_enrollment_info;
 mod pki_enrollment_list;
 mod pki_enrollment_reject;
 mod pki_enrollment_submit;
@@ -51,6 +52,7 @@ pub use self::{
 };
 use crate::{
     certif::{CertifPollServerError, CertificateOps},
+    client::pki_enrollment_info::PkiEnrollmentInfoError,
     config::{ClientConfig, ServerConfig},
     event_bus::EventBus,
     monitors::{
@@ -64,6 +66,7 @@ use crate::{
 use libparsec_client_connection::AuthenticatedCmds;
 use libparsec_platform_async::lock::Mutex as AsyncMutex;
 
+use libparsec_protocol::anonymous_cmds::v5::pki_enrollment_info::PkiEnrollmentInfoStatus;
 use libparsec_types::prelude::*;
 pub use organization_info::{
     ClientGetOrganizationBootstrapDateError, ClientOrganizationInfoError, OrganizationInfo,
@@ -690,6 +693,15 @@ impl Client {
         pki_enrollment_list::list_enrollments(&self.cmds).await
     }
 
+    pub async fn pki_enrollment_info(
+        config: Arc<ClientConfig>,
+        addr: ParsecPkiEnrollmentAddr,
+        id: PKIEnrollmentID,
+    ) -> Result<(PkiEnrollmentInfoStatus, Option<PkiEnrollmentAnswerPayload>), PkiEnrollmentInfoError>
+    {
+        pki_enrollment_info::info(config, addr, id).await
+    }
+
     pub async fn pki_enrollment_reject(
         &self,
         enrollment_id: PKIEnrollmentID,

libparsec/crates/client/src/client/pki_enrollment_info.rs

@@ -0,0 +1,71 @@
+// Parsec Cloud (https://parsec.cloud) Copyright (c) BUSL-1.1 2016-present Scille SAS
+
+use std::sync::Arc;
+
+use libparsec_platform_pki::{load_answer_payload, SignedMessage};
+use libparsec_types::prelude::*;
+
+use libparsec_client_connection::{protocol::anonymous_cmds, AnonymousCmds, ConnectionError};
+
+#[derive(Debug, thiserror::Error)]
+pub enum PkiEnrollmentInfoError {
+    #[error("Cannot communicate with the server: {0}")]
+    Offline(#[from] ConnectionError),
+    #[error("No enrollment found with that id")]
+    EnrollmentNotFound,
+    #[error("Invalid accept payload")]
+    InvalidAcceptPayload,
+    #[error(transparent)]
+    Internal(#[from] anyhow::Error),
+}
+
+pub use anonymous_cmds::latest::pki_enrollment_info::PkiEnrollmentInfoStatus;
+
+use crate::ClientConfig;
+
+pub async fn info(
+    config: Arc<ClientConfig>,
+    addr: ParsecPkiEnrollmentAddr,
+    enrollment_id: PKIEnrollmentID,
+) -> Result<(PkiEnrollmentInfoStatus, Option<PkiEnrollmentAnswerPayload>), PkiEnrollmentInfoError> {
+    use anonymous_cmds::latest::pki_enrollment_info::{Rep, Req};
+    let cmds = AnonymousCmds::new(
+        &config.config_dir,
+        ParsecAnonymousAddr::ParsecPkiEnrollmentAddr(addr.clone()),
+        config.proxy.clone(),
+    )?;
+    let rep = cmds.send(Req { enrollment_id }).await?;
+
+    let status = match rep {
+        Rep::Ok(status) => status,
+        Rep::EnrollmentNotFound => return Err(PkiEnrollmentInfoError::EnrollmentNotFound),
+        rep @ Rep::UnknownStatus { .. } => {
+            return Err(anyhow::anyhow!("Unexpected server response: {:?}", rep).into())
+        }
+    };
+
+    // Check that the payload is valid
+    let answer = match &status {
+        PkiEnrollmentInfoStatus::Submitted { .. }
+        | PkiEnrollmentInfoStatus::Rejected { .. }
+        | PkiEnrollmentInfoStatus::Cancelled { .. } => None, // nothing to check
+        PkiEnrollmentInfoStatus::Accepted {
+            accept_payload,
+            accept_payload_signature,
+            accepted_on,
+            accepter_der_x509_certificate,
+            ..
+        } => {
+            let message = SignedMessage {
+                algo: PkiSignatureAlgorithm::RsassaPssSha256, // TODO update after #https://github.com/Scille/parsec-cloud/pull/11604
+                signature: accept_payload_signature.to_vec(),
+                message: accept_payload.to_vec(),
+            };
+            Some(
+                load_answer_payload(accepter_der_x509_certificate, &message, *accepted_on)
+                    .map_err(|_| PkiEnrollmentInfoError::InvalidAcceptPayload)?,
+            )
+        }
+    };
+    Ok((status, answer))
+}