User avatar
ava@soon39c3:~cursor_blinkingverifiedlesbian @star@amazonawaws.com
2mo
rust nerd shit, long 
            // Here we have to retrieve the idcert from the homeserver
            let cacheable_cert = HTTP_CLIENT
                .get_server_id_cert(
                    Some(i64_to_u64_checked(naive_dt_not_before.and_utc().timestamp())?),
                    &url::Url::parse(&cert.id_cert_tbs.issuer.domain_name.to_string()).map_err(
                        |e| {
                            Error::new(
                                crate::errors::Errcode::IllegalInput,
                                Some(Context::new(
                                    Some("idcert.id_cert_tbs.issuer.domain_name"),
                                    Some(cert.id_cert_tbs.issuer.domain_name.to_string().as_str()),
                                    None,
                                    Some(&format!("Not a valid URL: {e}")),
                                )),
                            )
                        },
                    )?,
                )
                .await
                .map_err(|e| {
                    Error::new_internal_error(Some(&format!(
                        "Failed to retrieve the certificate from home server {}",
                        cert.id_cert_tbs.issuer.domain_name
                    )))
                })?;
            let new_home_server_cert = IdCert::<S, P>::from_pem_unchecked(&cacheable_cert.cert).map_err(|e| {
                warn!("Encountered a new home server ID-Cert which could not be parsed into an IdCert from PEM: {e}");
                Error::new_internal_error(Some(&format!("Failed to build certificate from home server {}'s certificate PEM", cert.id_cert_tbs.issuer.domain_name)))
            })?;
            new_home_server_cert.full_verify_home_server(i64_to_u64_checked(
                naive_dt_not_before.and_utc().timestamp(),
            )?).map_err(|e| {
                warn!("Encountered a new home server ID-Cert which could not be parsed into an IdCert from PEM: {e}");
                Error::new_internal_error(Some(&format!("Failed to verify certificate from home server {}", cert.id_cert_tbs.issuer.domain_name)))
            })?;
            let new_home_server_pubkey = &new_home_server_cert.id_cert_tbs.subject_public_key;
            new_home_server_pubkey.verify_signature(
                &new_home_server_cert.signature,
                &new_home_server_cert.signature_data().map_err(|e| {
                    warn!("Could not verify signature of home server {e}'s ID-Cert, as the signature data is malformed: {e}");
                    Error::new_internal_error(Some(&format!("Failed to verify certificate signature from home server {}", cert.id_cert_tbs.issuer.domain_name)))
                })?,
            ).map_err(|e| {
                warn!("Home server {} sent a certificate which is invalid! {e}", cert.id_cert_tbs.issuer.domain_name);
                Error::new_internal_error(Some(&format!("Failed to verify certificate signature from home server {}", cert.id_cert_tbs.issuer.domain_name)))
            })?;
            Cert::insert_idcert_unchecked(db, new_home_server_cert.clone(), None).await?;
            todo!()
        };




why does building PKI actually have to be complexxxxxxxxxx smhhhhh can't i just do if !work() { work() } neocat_glare_sob