diff --git a/dnapi-rs/src/client_blocking.rs b/dnapi-rs/src/client_blocking.rs index 8b04920..46fe4e8 100644 --- a/dnapi-rs/src/client_blocking.rs +++ b/dnapi-rs/src/client_blocking.rs @@ -101,6 +101,8 @@ impl Client { } /// Send a signed message to the DNClient API to learn if there is a new configuration available. + /// # Errors + /// This function returns an error if the dnclient request fails, or the server returns invalid data. pub fn check_for_update(&self, creds: &Credentials) -> Result> { let body = self.post_dnclient(CHECK_FOR_UPDATE, &[], &creds.host_id, creds.counter, &creds.ed_privkey)?; @@ -113,6 +115,13 @@ impl Client { /// DH X25519 keypair is generated for the new Nebula certificate as well as a new Ed25519 keypair for DNClient API /// communication. On success it returns the new config, a Nebula private key PEM to be inserted into the config /// and new DNClient API credentials + /// # Errors + /// This function returns an error in any of the following scenarios: + /// - if the message could not be serialized + /// - if the request fails + /// - if the response could not be deserialized + /// - if the signature is invalid + /// - if the keys are invalid pub fn do_update(&self, creds: &Credentials) -> Result<(NebulaConfig, DHPrivateKeyPEM, Credentials), Box> { let (dh_pubkey_pem, dh_privkey_pem, ed_pubkey, ed_privkey) = new_keys(); @@ -130,7 +139,7 @@ impl Client { let mut valid = false; - for ca_pubkey in creds.trusted_keys { + for ca_pubkey in &creds.trusted_keys { if ca_pubkey.verify(&result_wrapper.data.message, &Signature::from_slice(&result_wrapper.data.signature)?).is_ok() { valid = true; break;