bucky-objects 0.1.0

Bucky objects library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

use crate::*;

use async_trait::async_trait;
use crate::signature::ObjSignature;
// 提供一个默认签名器实现

pub struct RsaCPUObjectVerifier {
    public_key: PublicKey,
}

impl RsaCPUObjectVerifier {
    pub fn new(public_key: PublicKey) -> RsaCPUObjectVerifier {
        RsaCPUObjectVerifier {
            public_key: public_key,
        }
    }
}

#[async_trait]
impl ObjVerifier for RsaCPUObjectVerifier {
    fn public_key(&self) -> &PublicKey {
        return &self.public_key;
    }

    async fn verify(&self, data: &[u8], sign: &ObjSignature) -> bool {
        self.public_key.verify(data, sign.signature())
    }
}
/*
pub async fn verify_object<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
    where D: ObjectType,
        D::DescType: RawEncode,
        D::ContentType: RawEncode,
        V: Verifier,
        N: NamedObject<D>,
        N: PublicKeySearch,  // 必须实现Key查找Trait
{
    let ret = verify_object_desc(verifier, obj).await?;
    if !ret {
        return Ok(false);
    }

    let ret = verify_object_body(verifier, obj).await?;
    if !ret {
        return Ok(false);
    }

    Ok(true)
}


pub async fn verify_object_desc<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
    where D: ObjectType,
        D::DescType: RawEncode,
        D::ContentType: RawEncode,
        V: Verifier,
        N: NamedObject<D>,
        N: PublicKeySearch,  // 必须实现Key查找Trait
{
    let signs = obj.signs().desc_signs().as_ref();
    if signs.is_none() {
        return  Ok(false);
    }

    let signs = signs.unwrap();
    for sign in signs {
        let public_key = obj.search_public_key(sign).await?;
        let ret = verify_object_desc_sign(verifier, obj, public_key, sign).await?;
        if !ret {
            return  Ok(false);
        }
    }

    Ok(true)
}

//TODO:该函数的意义是验证object的body是否有有效的签名,是和对象的类型有关的,我们有如下几种
//  1.有权对象,分Single和MN判断。
//  2.有主对象,根据Owner的类型区分判断。

pub async fn verify_object_body<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
    where D: ObjectType,
        D::DescType: RawEncode,
        D::ContentType: RawEncode,
        V: Verifier,
        N: NamedObject<D>,
        N: PublicKeySearch,  // 必须实现Key查找Trait
{
    let signs = obj.signs().body_signs().as_ref();
    if signs.is_none() {
        return  Ok(false);
    }

    let signs = signs.unwrap();
    for sign in signs {
        let public_key = obj.search_public_key(sign).await?;
        let ret = verify_object_desc_sign(verifier, obj, public_key, sign).await?;
        if !ret {
            return  Ok(false);
        }
    }

    Ok(true)
}
*/

// 具体每个 NamedObject 应该自己根据 Signature 的 sign_source 取到对应的PublicKey,然后调用本方法验证
pub async fn verify_object_desc_sign<D, V, N>(
    verifier: &V,
    obj: &N,
    sign: &ObjSignature,
) -> BuckyResult<bool>
where
    D: ObjectType,
    D::DescType: RawEncode,
    D::ContentType: RawEncode + BodyContent,
    V: ObjVerifier,
    N: NamedObject<D>,
{
    let hash_value = obj.desc().raw_hash_value()?;

    let ret = verifier.verify(hash_value.as_slice(), sign).await;

    Ok(ret)
}

//TODO:

pub async fn verify_object_body_sign<D, V, N>(
    verifier: &V,
    obj: &N,
    sign: &ObjSignature,
) -> BuckyResult<bool>
where
    D: ObjectType,
    D::DescType: RawEncode,
    D::ContentType: RawEncode + BodyContent,
    V: ObjVerifier,
    N: NamedObject<D>,
{
    let ret = if let Some(body) = obj.body() {
        // Need to check whether body.object_id matches with desc.object_id in the place where check body signature
        if body.object_id().is_some() {
            body.verify_object_id(&obj.desc().object_id())?;
        }

        let hash_value = body.raw_hash_value()?;

        verifier.verify(hash_value.as_slice(), sign).await
    } else {
        // FIXME What should we do with object verify signatures that do not have a body?
        false
    };

    Ok(ret)
}

pub struct AnyNamedObjectVerifyHelper;

impl AnyNamedObjectVerifyHelper {
    pub async fn verify_desc_sign<V>(
        verifier: &V,
        obj: &AnyNamedObject,
        sign: &ObjSignature,
    ) -> BuckyResult<bool>
    where
        V: ObjVerifier,
    {
        let hash_value = obj.desc_hash()?;

        let ret = verifier.verify(hash_value.as_slice(), sign).await;

        Ok(ret)
    }

    pub async fn verify_body_sign<V>(
        verifier: &V,
        obj: &AnyNamedObject,
        sign: &ObjSignature,
    ) -> BuckyResult<bool>
    where
        V: ObjVerifier,
    {
        match obj.has_body()? {
            true => {
                if obj.body_object_id().is_some() {
                    obj.verify_body_object_id(&obj.object_id())?;
                }

                let body_hash = obj.body_hash()?.unwrap();
                let ret = verifier.verify(body_hash.as_slice(), sign).await;

                Ok(ret)
            }
            false => {
                Ok(false)
            }
        }
    }
}