runx-receipts 0.6.19

Pure Rust receipt model, canonicalization, and verification parity for runx.
Documentation
use runx_contracts::{ReceiptIssuer, ReceiptSignature};

use super::super::ReceiptFindingCode;

pub trait SignatureVerifier {
    fn verify(
        &self,
        issuer: &ReceiptIssuer,
        signature: &ReceiptSignature,
        body_digest: &str,
    ) -> Result<(), SignatureVerificationFailure>;
}

#[derive(Clone, Debug, PartialEq, Eq)]
pub enum SignatureVerificationFailure {
    MissingKey,
    MalformedKey,
    KeyHashMismatch,
    UnsupportedIssuer,
    UnsupportedAlgorithm,
    MalformedSignature,
    SignatureMismatch,
}

pub(super) fn signature_failure_code(error: &SignatureVerificationFailure) -> ReceiptFindingCode {
    match error {
        SignatureVerificationFailure::MissingKey => ReceiptFindingCode::SignatureKeyMissing,
        SignatureVerificationFailure::MalformedKey => ReceiptFindingCode::SignatureKeyMalformed,
        SignatureVerificationFailure::KeyHashMismatch => {
            ReceiptFindingCode::SignatureKeyHashMismatch
        }
        SignatureVerificationFailure::UnsupportedIssuer => {
            ReceiptFindingCode::SignatureUnsupportedIssuer
        }
        SignatureVerificationFailure::UnsupportedAlgorithm => {
            ReceiptFindingCode::SignatureUnsupportedAlgorithm
        }
        SignatureVerificationFailure::MalformedSignature => ReceiptFindingCode::SignatureMalformed,
        SignatureVerificationFailure::SignatureMismatch => ReceiptFindingCode::SignatureInvalid,
    }
}

pub(super) fn signature_failure_path(error: &SignatureVerificationFailure) -> &'static str {
    match error {
        SignatureVerificationFailure::MissingKey
        | SignatureVerificationFailure::MalformedKey
        | SignatureVerificationFailure::KeyHashMismatch
        | SignatureVerificationFailure::UnsupportedIssuer => "issuer",
        SignatureVerificationFailure::UnsupportedAlgorithm => "signature.alg",
        SignatureVerificationFailure::MalformedSignature
        | SignatureVerificationFailure::SignatureMismatch => "signature.value",
    }
}

pub(super) fn signature_failure_message(error: &SignatureVerificationFailure) -> &'static str {
    match error {
        SignatureVerificationFailure::MissingKey => {
            "signature verifier could not resolve the issuer key"
        }
        SignatureVerificationFailure::MalformedKey => {
            "signature verifier resolved malformed issuer key material"
        }
        SignatureVerificationFailure::KeyHashMismatch => {
            "issuer public key hash does not match the resolved verifier key"
        }
        SignatureVerificationFailure::UnsupportedIssuer => {
            "signature verifier does not support this issuer type"
        }
        SignatureVerificationFailure::UnsupportedAlgorithm => {
            "signature verifier does not support this algorithm"
        }
        SignatureVerificationFailure::MalformedSignature => "signature value is malformed",
        SignatureVerificationFailure::SignatureMismatch => {
            "signature does not verify against the receipt body commitment"
        }
    }
}