use crate::signature::Verifier as SignatureVerifier;
use crate::Bundle;
use p384::ecdsa::signature::Verifier;
use p384::ecdsa::{Signature, VerifyingKey};
use p384::pkcs8::DecodePublicKey;
pub struct EcdsaSecp384r1Verifier {
key: VerifyingKey,
}
impl EcdsaSecp384r1Verifier {
pub fn from_sec1_bytes(bytes: &[u8]) -> crate::Result<Self> {
let key = VerifyingKey::from_sec1_bytes(bytes).map_err(crate::Error::invalid_verifying_key)?;
Ok(Self { key })
}
pub fn from_public_key_der(bytes: &[u8]) -> crate::Result<Self> {
let key =
VerifyingKey::from_public_key_der(bytes).map_err(crate::Error::invalid_verifying_key)?;
Ok(Self { key })
}
pub fn from_public_key_pem(pem: &str) -> crate::Result<Self> {
let key =
VerifyingKey::from_public_key_pem(pem).map_err(crate::Error::invalid_verifying_key)?;
Ok(Self { key })
}
}
impl SignatureVerifier for EcdsaSecp384r1Verifier {
async fn verify(&self, _bundle: &Bundle, data: &[u8], signature: &str) -> crate::Result<bool> {
let signature =
Signature::from_slice(signature.as_bytes()).map_err(|_| crate::Error::InvalidSignature)?;
Ok(self.key.verify(data, &signature).is_ok())
}
}