cyfs_base/crypto/verifier_util.rs
1use crate::*;
2
3use async_trait::async_trait;
4// 提供一个默认签名器实现
5
6pub struct RsaCPUObjectVerifier {
7 public_key: PublicKey,
8}
9
10impl RsaCPUObjectVerifier {
11 pub fn new(public_key: PublicKey) -> RsaCPUObjectVerifier {
12 RsaCPUObjectVerifier {
13 public_key: public_key,
14 }
15 }
16}
17
18#[async_trait]
19impl Verifier for RsaCPUObjectVerifier {
20 fn public_key(&self) -> &PublicKey {
21 return &self.public_key;
22 }
23
24 async fn verify(&self, data: &[u8], sign: &Signature) -> bool {
25 self.public_key.verify(data, sign)
26 }
27}
28/*
29pub async fn verify_object<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
30 where D: ObjectType,
31 D::DescType: RawEncode,
32 D::ContentType: RawEncode,
33 V: Verifier,
34 N: NamedObject<D>,
35 N: PublicKeySearch, // 必须实现Key查找Trait
36{
37 let ret = verify_object_desc(verifier, obj).await?;
38 if !ret {
39 return Ok(false);
40 }
41
42 let ret = verify_object_body(verifier, obj).await?;
43 if !ret {
44 return Ok(false);
45 }
46
47 Ok(true)
48}
49
50
51pub async fn verify_object_desc<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
52 where D: ObjectType,
53 D::DescType: RawEncode,
54 D::ContentType: RawEncode,
55 V: Verifier,
56 N: NamedObject<D>,
57 N: PublicKeySearch, // 必须实现Key查找Trait
58{
59 let signs = obj.signs().desc_signs().as_ref();
60 if signs.is_none() {
61 return Ok(false);
62 }
63
64 let signs = signs.unwrap();
65 for sign in signs {
66 let public_key = obj.search_public_key(sign).await?;
67 let ret = verify_object_desc_sign(verifier, obj, public_key, sign).await?;
68 if !ret {
69 return Ok(false);
70 }
71 }
72
73 Ok(true)
74}
75
76//TODO:该函数的意义是验证object的body是否有有效的签名,是和对象的类型有关的,我们有如下几种
77// 1.有权对象,分Single和MN判断。
78// 2.有主对象,根据Owner的类型区分判断。
79
80pub async fn verify_object_body<D, V, N>(verifier: &V, obj:& N) -> BuckyResult<bool>
81 where D: ObjectType,
82 D::DescType: RawEncode,
83 D::ContentType: RawEncode,
84 V: Verifier,
85 N: NamedObject<D>,
86 N: PublicKeySearch, // 必须实现Key查找Trait
87{
88 let signs = obj.signs().body_signs().as_ref();
89 if signs.is_none() {
90 return Ok(false);
91 }
92
93 let signs = signs.unwrap();
94 for sign in signs {
95 let public_key = obj.search_public_key(sign).await?;
96 let ret = verify_object_desc_sign(verifier, obj, public_key, sign).await?;
97 if !ret {
98 return Ok(false);
99 }
100 }
101
102 Ok(true)
103}
104*/
105
106// 具体每个 NamedObject 应该自己根据 Signature 的 sign_source 取到对应的PublicKey,然后调用本方法验证
107pub async fn verify_object_desc_sign<D, V, N>(
108 verifier: &V,
109 obj: &N,
110 sign: &Signature,
111) -> BuckyResult<bool>
112where
113 D: ObjectType,
114 D::DescType: RawEncode,
115 D::ContentType: RawEncode + BodyContent,
116 V: Verifier,
117 N: NamedObject<D>,
118{
119 let hash_value = obj.desc().raw_hash_value()?;
120
121 let ret = verifier.verify(hash_value.as_slice(), sign).await;
122
123 Ok(ret)
124}
125
126//TODO:
127
128pub async fn verify_object_body_sign<D, V, N>(
129 verifier: &V,
130 obj: &N,
131 sign: &Signature,
132) -> BuckyResult<bool>
133where
134 D: ObjectType,
135 D::DescType: RawEncode,
136 D::ContentType: RawEncode + BodyContent,
137 V: Verifier,
138 N: NamedObject<D>,
139{
140 let ret = if obj.body().is_some() {
141 let hash_value = obj.body().as_ref().unwrap().raw_hash_value()?;
142
143 verifier.verify(hash_value.as_slice(), sign).await
144 } else {
145 // FIXME 对于没有body的对象校验签名,应该如何处理?
146 false
147 };
148
149 Ok(ret)
150}
151
152pub struct AnyNamedObjectVerifyHelper;
153
154impl AnyNamedObjectVerifyHelper {
155 pub async fn verify_desc_sign<V>(
156 verifier: &V,
157 obj: &AnyNamedObject,
158 sign: &Signature,
159 ) -> BuckyResult<bool>
160 where
161 V: Verifier,
162 {
163 let hash_value = obj.desc_hash()?;
164
165 let ret = verifier.verify(hash_value.as_slice(), sign).await;
166
167 Ok(ret)
168 }
169
170 pub async fn verify_body_sign<V>(
171 verifier: &V,
172 obj: &AnyNamedObject,
173 sign: &Signature,
174 ) -> BuckyResult<bool>
175 where
176 V: Verifier,
177 {
178 match obj.body_hash()? {
179 Some(hash_value) => {
180 let ret = verifier.verify(hash_value.as_slice(), sign).await;
181
182 Ok(ret)
183 }
184 None => {
185 let msg = format!("object has no body: {}", obj.calculate_id());
186 error!("{}", msg);
187 Err(BuckyError::new(BuckyErrorCode::NotFound, msg))
188 }
189 }
190 }
191}