feat(pki): Load answer payload

Closes #11366

Author: FirelightFlagboy

libparsec/crates/platform_pki/src/errors.rs

@@ -58,4 +58,5 @@ error_set::error_set! {
         DataError(libparsec_types::DataError)
     }
     LoadSubmitPayloadError := ValidatePayloadError || DataError
+    LoadAnswerPayloadError := ValidatePayloadError || DataError
 }

libparsec/crates/platform_pki/src/lib.rs

@@ -182,3 +182,6 @@ pub use shared::verify_certificate;
 
 pub use errors::LoadSubmitPayloadError;
 pub use shared::load_submit_payload;
+
+pub use errors::LoadAnswerPayloadError;
+pub use shared::load_answer_payload;

libparsec/crates/platform_pki/src/shared/mod.rs

@@ -5,14 +5,16 @@ mod signature_verification;
 use crate::{
     encrypt_message,
     errors::{
-        InvalidPemContent, ValidatePayloadError, VerifyCertificateError, VerifySignatureError,
+        InvalidPemContent, LoadAnswerPayloadError, ValidatePayloadError, VerifyCertificateError,
+        VerifySignatureError,
     },
     shared::signature_verification::{RsassaPssSha256SignatureVerifier, SUPPORTED_SIG_ALGS},
     EncryptedMessage, SignatureAlgorithm,
 };
 use libparsec_types::{
     DateTime, EnrollmentID, LocalPendingEnrollment, ParsecPkiEnrollmentAddr,
-    PkiEnrollmentSubmitPayload, PrivateParts, SecretKey, X509CertificateReference,
+    PkiEnrollmentAnswerPayload, PkiEnrollmentSubmitPayload, PrivateParts, SecretKey,
+    X509CertificateReference,
 };
 use rustls_pki_types::{pem::PemObject, CertificateDer, TrustAnchor};
 use webpki::{EndEntityCert, Error as WebPkiError, KeyUsage};
@@ -167,3 +169,12 @@ pub fn validate_payload<'message>(
 
     verify_message(signed_message, trusted_cert).map_err(Into::into)
 }
+
+pub fn load_answer_payload(
+    der_certificate: &[u8],
+    signed_message: &SignedMessage,
+    now: DateTime,
+) -> Result<PkiEnrollmentAnswerPayload, LoadAnswerPayloadError> {
+    let validated_payload = validate_payload(der_certificate, signed_message, now)?;
+    PkiEnrollmentAnswerPayload::load(validated_payload).map_err(Into::into)
+}