1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
use ckb_app_config::NetworkAlertConfig; use ckb_logger::{debug, trace}; use ckb_multisig::secp256k1::{verify_m_of_n, Message, Pubkey, Signature}; use ckb_types::{packed, prelude::*}; use failure::Error; use std::collections::HashSet; pub struct Verifier { config: NetworkAlertConfig, pubkeys: HashSet<Pubkey>, } impl Verifier { pub fn new(config: NetworkAlertConfig) -> Self { let pubkeys = config .public_keys .iter() .map(|raw| Pubkey::from_slice(raw.as_bytes())) .collect::<Result<HashSet<Pubkey>, _>>() .expect("builtin pubkeys"); Verifier { config, pubkeys } } pub fn verify_signatures(&self, alert: &packed::Alert) -> Result<(), Error> { trace!("verify alert {:?}", alert); let message = Message::from_slice(alert.calc_alert_hash().as_slice())?; let signatures: Vec<Signature> = alert .signatures() .into_iter() .filter_map( |sig_data| match Signature::from_slice(sig_data.as_reader().raw_data()) { Ok(sig) => { if sig.is_valid() { Some(sig) } else { debug!("invalid signature: {:?}", sig); None } } Err(err) => { debug!("signature error: {}", err); None } }, ) .collect(); verify_m_of_n( &message, self.config.signatures_threshold, &signatures, &self.pubkeys, ) .map_err(|err| err.kind())?; Ok(()) } }