use super::ROLE_ATTESTATION_SIGNING_DOMAIN;
use crate::{
InternalError,
dto::auth::RoleAttestation,
ops::{auth::AuthValidationError, prelude::*},
};
use candid::encode_one;
use sha2::{Digest, Sha256};
pub(super) fn encode_candid<T: CandidType>(
context: &'static str,
value: &T,
) -> Result<Vec<u8>, InternalError> {
encode_one(value).map_err(|err| {
AuthValidationError::EncodeFailed {
context,
source: err,
}
.into()
})
}
pub(super) fn role_attestation_hash(
attestation: &RoleAttestation,
) -> Result<[u8; 32], InternalError> {
let payload = encode_candid("role attestation", attestation)?;
Ok(domain_separated_hash(
ROLE_ATTESTATION_SIGNING_DOMAIN,
payload,
))
}
fn domain_separated_hash(domain: &[u8], payload: Vec<u8>) -> [u8; 32] {
let mut hasher = Sha256::new();
hasher.update(domain);
hasher.update(payload);
hasher.finalize().into()
}