use super::{EventVerificationPolicy, TrustSet, verify_event_signature};
use crate::crypto::EventVerificationStatus;
use crate::error::{Result, ShoreError};
use crate::model::EventId;
use crate::session::event::{EventType, ShoreEvent};
use crate::session::store::EventWriteOutcome;
#[derive(Clone, Debug, Eq, PartialEq)]
pub struct IngestEventVerification {
pub event_id: EventId,
pub status: EventVerificationStatus,
pub message: Option<String>,
pub write_outcome: Option<EventWriteOutcome>,
}
pub(crate) fn verify_events_for_ingest(
events: &[ShoreEvent],
policy: EventVerificationPolicy,
trust_set: &TrustSet,
) -> Result<Vec<IngestEventVerification>> {
let mut verification = Vec::with_capacity(events.len());
for event in events {
if event.event_type == EventType::EventSignatureRecorded {
continue;
}
let status = verify_event_signature(event, trust_set)?;
let report = IngestEventVerification {
event_id: event.event_id.clone(),
status,
message: verification_message(status),
write_outcome: None,
};
if policy.rejects(status) {
return Err(ShoreError::EventVerificationRejected {
event_id: event.event_id.clone(),
status,
});
}
verification.push(report);
}
Ok(verification)
}
fn verification_message(status: EventVerificationStatus) -> Option<String> {
match status {
EventVerificationStatus::Valid => None,
EventVerificationStatus::Invalid => Some("event signature is invalid".to_owned()),
EventVerificationStatus::UntrustedKey => {
Some("event signer is not authorized by the trust set".to_owned())
}
EventVerificationStatus::Unsigned => Some("event is unsigned".to_owned()),
}
}