[PKI] Client implementation for pki_enrollment_info.

Author: AureliaDolo

libparsec/crates/client/src/client/mod.rs

@@ -5,6 +5,7 @@
 mod list_frozen_users;
 mod organization_info;
 mod pki_enrollment_accept;
+mod pki_enrollment_info;
 mod pki_enrollment_list;
 mod pki_enrollment_reject;
 mod pki_enrollment_submit;
@@ -51,6 +52,7 @@ pub use self::{
 };
 use crate::{
     certif::{CertifPollServerError, CertificateOps},
+    client::pki_enrollment_info::{PKIInfoItem, PkiEnrollmentInfoError},
     config::{ClientConfig, ServerConfig},
     event_bus::EventBus,
     monitors::{
@@ -690,6 +692,14 @@ impl Client {
         pki_enrollment_list::list_enrollments(&self.cmds).await
     }
 
+    pub async fn pki_enrollment_info(
+        config: Arc<ClientConfig>,
+        addr: ParsecPkiEnrollmentAddr,
+        id: PKIEnrollmentID,
+    ) -> Result<PKIInfoItem, PkiEnrollmentInfoError> {
+        pki_enrollment_info::info(config, addr, id).await
+    }
+
     pub async fn pki_enrollment_reject(
         &self,
         enrollment_id: PKIEnrollmentID,

libparsec/crates/client/src/client/pki_enrollment_info.rs

@@ -0,0 +1,105 @@
+// Parsec Cloud (https://parsec.cloud) Copyright (c) BUSL-1.1 2016-present Scille SAS
+
+use crate::ClientConfig;
+pub use anonymous_cmds::latest::pki_enrollment_info::PkiEnrollmentInfoStatus;
+use libparsec_client_connection::{protocol::anonymous_cmds, AnonymousCmds, ConnectionError};
+use libparsec_platform_pki::{load_answer_payload, SignedMessage};
+use libparsec_types::prelude::*;
+use std::sync::Arc;
+
+#[derive(Debug, thiserror::Error)]
+pub enum PkiEnrollmentInfoError {
+    #[error("Cannot communicate with the server: {0}")]
+    Offline(#[from] ConnectionError),
+    #[error("No enrollment found with that id")]
+    EnrollmentNotFound,
+    #[error("Invalid accept payload")]
+    InvalidAcceptPayload,
+    #[error(transparent)]
+    Internal(#[from] anyhow::Error),
+}
+
+pub enum PKIInfoItem {
+    Accepted {
+        // Serialized version of the provided payload
+        // signature should have been checked before loading it
+        answer: PkiEnrollmentAnswerPayload,
+        accepted_on: DateTime,
+        submitted_on: DateTime,
+    },
+    Submitted {
+        submitted_on: DateTime,
+    },
+    Rejected {
+        rejected_on: DateTime,
+        submitted_on: DateTime,
+    },
+    Cancelled {
+        submitted_on: DateTime,
+        cancelled_on: DateTime,
+    },
+}
+
+pub async fn info(
+    config: Arc<ClientConfig>,
+    addr: ParsecPkiEnrollmentAddr,
+    enrollment_id: PKIEnrollmentID,
+) -> Result<PKIInfoItem, PkiEnrollmentInfoError> {
+    use anonymous_cmds::latest::pki_enrollment_info::{Rep, Req};
+    let cmds = AnonymousCmds::new(
+        &config.config_dir,
+        ParsecAnonymousAddr::ParsecPkiEnrollmentAddr(addr.clone()),
+        config.proxy.clone(),
+    )?;
+    let rep = cmds.send(Req { enrollment_id }).await?;
+
+    let status = match rep {
+        Rep::Ok(status) => status,
+        Rep::EnrollmentNotFound => return Err(PkiEnrollmentInfoError::EnrollmentNotFound),
+        rep @ Rep::UnknownStatus { .. } => {
+            return Err(anyhow::anyhow!("Unexpected server response: {:?}", rep).into())
+        }
+    };
+
+    // Check that the payload is valid
+    let answer = match status {
+        PkiEnrollmentInfoStatus::Submitted { submitted_on } => {
+            PKIInfoItem::Submitted { submitted_on }
+        }
+        PkiEnrollmentInfoStatus::Rejected {
+            rejected_on,
+            submitted_on,
+        } => PKIInfoItem::Rejected {
+            rejected_on,
+            submitted_on,
+        },
+        PkiEnrollmentInfoStatus::Cancelled {
+            submitted_on,
+            cancelled_on,
+        } => PKIInfoItem::Cancelled {
+            submitted_on,
+            cancelled_on,
+        },
+        PkiEnrollmentInfoStatus::Accepted {
+            accept_payload,
+            accept_payload_signature,
+            accepted_on,
+            accepter_der_x509_certificate,
+            submitted_on,
+        } => {
+            let message = SignedMessage {
+                algo: PkiSignatureAlgorithm::RsassaPssSha256, // TODO update after #https://github.com/Scille/parsec-cloud/pull/11604
+                signature: accept_payload_signature.to_vec(),
+                message: accept_payload.to_vec(),
+            };
+            let answer = load_answer_payload(&accepter_der_x509_certificate, &message, accepted_on)
+                .map_err(|_| PkiEnrollmentInfoError::InvalidAcceptPayload)?;
+            PKIInfoItem::Accepted {
+                answer,
+                accepted_on,
+                submitted_on,
+            }
+        }
+    };
+    Ok(answer)
+}