pub trait Verifier {
// Required method
async fn verify(
&self,
key_id: &KeyId,
algorithm: SignatureAlgorithm,
protected_headers: &ProtectedHeaders,
sig_structure: &[u8],
signature: &Signature,
) -> Result<(), VerifyError>;
}Expand description
Resolves a kid and verifies a signature.
Implementors enforce their own key/alg pinning (a broker checks the wire alg against its catalog record inside its impl; a client checks against its pinned broker key). Async because kid resolution may be remote (for example resolving an unfamiliar peer kid over an RPC); local pinned-key impls complete synchronously.
Required Methods§
Sourceasync fn verify(
&self,
key_id: &KeyId,
algorithm: SignatureAlgorithm,
protected_headers: &ProtectedHeaders,
sig_structure: &[u8],
signature: &Signature,
) -> Result<(), VerifyError>
async fn verify( &self, key_id: &KeyId, algorithm: SignatureAlgorithm, protected_headers: &ProtectedHeaders, sig_structure: &[u8], signature: &Signature, ) -> Result<(), VerifyError>
Verify signature over the exact Sig_structure bytes, produced by
the key key_id under algorithm.
protected_headers carries the decoded critical protected headers (for
example signer-certificate JWTs under -70006) so an implementor whose
trust decision depends on them can resolve key_id from the message;
implementors that pin keys out of band ignore it.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".