bucky_objects/
verifier_util.rs

1use crate::*;
2
3use async_trait::async_trait;
4use crate::signature::ObjSignature;
5// 提供一个默认签名器实现
6
7pub struct RsaCPUObjectVerifier {
8    public_key: PublicKey,
9}
10
11impl RsaCPUObjectVerifier {
12    pub fn new(public_key: PublicKey) -> RsaCPUObjectVerifier {
13        RsaCPUObjectVerifier {
14            public_key: public_key,
15        }
16    }
17}
18
19#[async_trait]
20impl ObjVerifier for RsaCPUObjectVerifier {
21    fn public_key(&self) -> &PublicKey {
22        return &self.public_key;
23    }
24
25    async fn verify(&self, data: &[u8], sign: &ObjSignature) -> bool {
26        self.public_key.verify(data, sign.signature())
27    }
28}
29/*
30pub async fn verify_object<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
31    where D: ObjectType,
32        D::DescType: RawEncode,
33        D::ContentType: RawEncode,
34        V: Verifier,
35        N: NamedObject<D>,
36        N: PublicKeySearch,  // 必须实现Key查找Trait
37{
38    let ret = verify_object_desc(verifier, obj).await?;
39    if !ret {
40        return Ok(false);
41    }
42
43    let ret = verify_object_body(verifier, obj).await?;
44    if !ret {
45        return Ok(false);
46    }
47
48    Ok(true)
49}
50
51
52pub async fn verify_object_desc<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
53    where D: ObjectType,
54        D::DescType: RawEncode,
55        D::ContentType: RawEncode,
56        V: Verifier,
57        N: NamedObject<D>,
58        N: PublicKeySearch,  // 必须实现Key查找Trait
59{
60    let signs = obj.signs().desc_signs().as_ref();
61    if signs.is_none() {
62        return  Ok(false);
63    }
64
65    let signs = signs.unwrap();
66    for sign in signs {
67        let public_key = obj.search_public_key(sign).await?;
68        let ret = verify_object_desc_sign(verifier, obj, public_key, sign).await?;
69        if !ret {
70            return  Ok(false);
71        }
72    }
73
74    Ok(true)
75}
76
77//TODO：该函数的意义是验证object的body是否有有效的签名，是和对象的类型有关的，我们有如下几种
78//  1.有权对象，分Single和MN判断。
79//  2.有主对象，根据Owner的类型区分判断。
80
81pub async fn verify_object_body<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
82    where D: ObjectType,
83        D::DescType: RawEncode,
84        D::ContentType: RawEncode,
85        V: Verifier,
86        N: NamedObject<D>,
87        N: PublicKeySearch,  // 必须实现Key查找Trait
88{
89    let signs = obj.signs().body_signs().as_ref();
90    if signs.is_none() {
91        return  Ok(false);
92    }
93
94    let signs = signs.unwrap();
95    for sign in signs {
96        let public_key = obj.search_public_key(sign).await?;
97        let ret = verify_object_desc_sign(verifier, obj, public_key, sign).await?;
98        if !ret {
99            return  Ok(false);
100        }
101    }
102
103    Ok(true)
104}
105*/
106
107// 具体每个 NamedObject 应该自己根据 Signature 的 sign_source 取到对应的PublicKey，然后调用本方法验证
108pub async fn verify_object_desc_sign<D, V, N>(
109    verifier: &V,
110    obj: &N,
111    sign: &ObjSignature,
112) -> BuckyResult<bool>
113where
114    D: ObjectType,
115    D::DescType: RawEncode,
116    D::ContentType: RawEncode + BodyContent,
117    V: ObjVerifier,
118    N: NamedObject<D>,
119{
120    let hash_value = obj.desc().raw_hash_value()?;
121
122    let ret = verifier.verify(hash_value.as_slice(), sign).await;
123
124    Ok(ret)
125}
126
127//TODO：
128
129pub async fn verify_object_body_sign<D, V, N>(
130    verifier: &V,
131    obj: &N,
132    sign: &ObjSignature,
133) -> BuckyResult<bool>
134where
135    D: ObjectType,
136    D::DescType: RawEncode,
137    D::ContentType: RawEncode + BodyContent,
138    V: ObjVerifier,
139    N: NamedObject<D>,
140{
141    let ret = if let Some(body) = obj.body() {
142        // Need to check whether body.object_id matches with desc.object_id in the place where check body signature
143        if body.object_id().is_some() {
144            body.verify_object_id(&obj.desc().object_id())?;
145        }
146
147        let hash_value = body.raw_hash_value()?;
148
149        verifier.verify(hash_value.as_slice(), sign).await
150    } else {
151        // FIXME What should we do with object verify signatures that do not have a body?
152        false
153    };
154
155    Ok(ret)
156}
157
158pub struct AnyNamedObjectVerifyHelper;
159
160impl AnyNamedObjectVerifyHelper {
161    pub async fn verify_desc_sign<V>(
162        verifier: &V,
163        obj: &AnyNamedObject,
164        sign: &ObjSignature,
165    ) -> BuckyResult<bool>
166    where
167        V: ObjVerifier,
168    {
169        let hash_value = obj.desc_hash()?;
170
171        let ret = verifier.verify(hash_value.as_slice(), sign).await;
172
173        Ok(ret)
174    }
175
176    pub async fn verify_body_sign<V>(
177        verifier: &V,
178        obj: &AnyNamedObject,
179        sign: &ObjSignature,
180    ) -> BuckyResult<bool>
181    where
182        V: ObjVerifier,
183    {
184        match obj.has_body()? {
185            true => {
186                if obj.body_object_id().is_some() {
187                    obj.verify_body_object_id(&obj.object_id())?;
188                }
189
190                let body_hash = obj.body_hash()?.unwrap();
191                let ret = verifier.verify(body_hash.as_slice(), sign).await;
192
193                Ok(ret)
194            }
195            false => {
196                Ok(false)
197            }
198        }
199    }
200}
bucky_objects/verifier_util.rs

bucky_objects/
verifier_util.rs
