Struct VerifyPolicy 

#[non_exhaustive]
pub struct VerifyPolicy {
    pub max_age: Option<Duration>,
    pub max_clock_skew_future: Option<Duration>,
    pub require_timestamp: bool,
}

Tunables governing which signed timestamps are accepted at verification time.

A max_age of None disables the past-side check and a max_clock_skew_future of None disables the future-side check; both default to Some(...) in the presets.

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

max_age: Option<Duration>

Maximum permissible age of a signature. A created (or Date) timestamp older than now - max_age is rejected. None disables the past-side check.

max_clock_skew_future: Option<Duration>

Maximum permissible future skew. A timestamp claimed to be more than max_clock_skew_future ahead of the verifier’s clock is rejected, to catch badly-set signer clocks and straight-out forgeries. None disables the future-side check.

require_timestamp: bool

If true, a request carrying neither a created parameter nor a Date header is rejected. Defaults to false to stay compatible with servers that only emit one of the two.

Implementations

impl VerifyPolicy

pub const fn mastodon() -> Self

Returns the policy Mastodon applies to inbound federated requests: 12 hours past, 5 minutes future, timestamps optional.

See https://docs.joinmastodon.org/spec/security/.

pub const fn strict() -> Self

Returns a tight policy appropriate for internal services where every hop has NTP-synchronised clocks: 5 minutes past, 1 minute future, and timestamps are mandatory.

pub const fn no_freshness_check() -> Self

Returns a policy that disables freshness checking entirely.

Only intended for byte-level conformance tests against static RFC 9421 / Cavage fixtures that bake fixed timestamps into their inputs. Do not use in production.

pub fn check( &self, created_unix: Option<i64>, expires_unix: Option<i64>, date_header: Option<&str>, now: DateTime<Utc>, ) -> Result<(), Error>

Evaluates the policy against a signature whose created parameter is created_unix (seconds since epoch), expires parameter is expires_unix, and whose companion Date header (if any) contained date_header. Returns Ok when the signature is fresh, or a specific error otherwise.

Errors

Returns Error::TimestampMissing when require_timestamp is on and no source is available, Error::TimestampTooOld when now - source > max_age, Error::TimestampInFuture when the source is too far ahead of now, and Error::TimestampExpired when expires is already in the past.

Trait Implementations

impl Clone for VerifyPolicy

fn clone(&self) -> VerifyPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for VerifyPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for VerifyPolicy

fn default() -> Self

Returns Self::mastodon — the Fediverse-compatible default.

impl PartialEq for VerifyPolicy

fn eq(&self, other: &VerifyPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Copy for VerifyPolicy

impl Eq for VerifyPolicy

impl StructuralPartialEq for VerifyPolicy