Skip to main content

VerifiedContext

acdp_client::verified

Struct VerifiedContext 

Source 
pub struct VerifiedContext {
    pub inner: FullContext,
    pub key_status: KeyAuthorization,
    pub verified_receipt: Option<RegistryReceipt>,
}
Expand description

A retrieved context that has been cryptographically verified.

Fields§

§inner: FullContext§key_status: KeyAuthorization

Whether the body verified against a currently authorized key or a receipt-attested historical one (ACDP 0.2, WS-B).

§verified_receipt: Option<RegistryReceipt>

The verified registry receipt, when one was present and the policy verified it (RFC-ACDP-0010). None under ReceiptPolicy::Ignore or when the registry minted none.

Implementations§

Source§

impl VerifiedContext

Source

pub async fn fetch( client: &RegistryClient, resolver: &WebResolver, ctx_id: &CtxId, ) -> Result<Self, AcdpError>

Retrieve a context and verify its signature using the strict default VerificationPolicy.

Source

pub async fn fetch_with_policy( client: &RegistryClient, resolver: &WebResolver, ctx_id: &CtxId, policy: &VerificationPolicy, ) -> Result<Self, AcdpError>

Retrieve a context and verify its signature with caller-controlled strictness.

  1. Fetches body + registry_state from the registry.
  2. Optionally runs validate_body — structural schema checks plus embedded-DataRef hash verification (policy-controlled).
  3. Recomputes content_hash over ProducerContent.
  4. Resolves the producer’s DID document. did:web is required unconditionally for v0.1.0 (RFC-ACDP-0001 §5.4).
  5. Verifies the Ed25519 signature (or other supported algorithm).
  6. Optionally verifies the registry_receipt placeholder.
  7. Optionally rejects unknown statuses.
Source

pub async fn fetch_report( client: &RegistryClient, resolver: &WebResolver, ctx_id: &CtxId, policy: &VerificationPolicy, ) -> Result<(Self, VerificationReport), AcdpError>

Retrieve + verify, returning a structured VerificationReport alongside the verified context. Does NOT attempt external DataRef fetches — use Self::fetch_report_with_fetcher for that. Each data_ref_external slot in the returned report is None.

Unlike Self::fetch_with_policy, per-DataRef embedded-hash failures are recorded in the report instead of aborting the verification. The top-level checks (schema, body hash, signature) remain hard-fail: if any of them fails, the method returns an AcdpError and produces no report.

For diagnostic callers that want a populated report even when a top-level check fails (e.g. an audit walker that needs to distinguish “wrong hash” from “wrong signature”), use Self::fetch_report_diagnose instead.

Source

pub async fn fetch_report_diagnose( client: &RegistryClient, resolver: &WebResolver, ctx_id: &CtxId, policy: &VerificationPolicy, ) -> Result<(Option<Self>, VerificationReport), AcdpError>

Diagnostic variant of Self::fetch_report that never short-circuits on a top-level failure — schema, body-hash, and signature outcomes are each recorded individually in the returned VerificationReport. Returns Ok((None, report)) when any top-level stage failed (the report shows which one); Ok((Some(verified), report)) only when every check passed (FEAT-05).

Use cases:

  • Audit walkers that need to classify failures by stage.
  • Admin tooling that wants to distinguish “hash mismatch” (probable tampering / encoding drift) from “signature verification failed” (key compromise / DID resolution problem).

Network errors (retrieve, DID resolution) still propagate as Err — there’s no body to inspect when the registry is unreachable.

Source

pub async fn fetch_report_with_fetcher<F: DataRefFetcher>( client: &RegistryClient, resolver: &WebResolver, ctx_id: &CtxId, policy: &VerificationPolicy, fetcher: &F, ) -> Result<(Self, VerificationReport), AcdpError>

Retrieve + verify like Self::fetch_report, and additionally fetch every DataRef whose location resolves through fetcher. Each external fetch outcome is recorded in report.data_ref_external.

Source

pub fn body(&self) -> &Body

Source

pub fn registry_state(&self) -> &RegistryState

Source

pub fn receipt(&self) -> Option<&Value>

Raw registry receipt value as served on the wire (RFC-ACDP-0010), preserved verbatim. For the verified, typed form see Self::verified_receipt.

Source

pub async fn verify_receipt( &self, resolver: &WebResolver, ) -> Result<Option<RegistryReceipt>, AcdpError>

Verify the registry receipt, when one is present (RFC-ACDP-0010).

Standalone variant for contexts obtained via the report paths or constructed externally; fetch_with_policy already does this under ReceiptPolicy::VerifyIfPresent/Require. The serving authority is taken from the context’s own ctx_id — correct when the context was fetched from its home registry, which is the only retrieval shape v0.2 defines.

Returns Ok(None) when no receipt is present, Ok(Some(_)) with the verified receipt otherwise.

Trait Implementations§

Source§

impl Debug for VerifiedContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more