Skip to main content

SignedAuditEvent

okami::audit

Struct SignedAuditEvent 

Source 
pub struct SignedAuditEvent {
    pub event: AuditEvent,
    pub signature: Vec<u8>,
}
Expand description

A signed audit event: an AuditEvent plus PQC signature bytes.

Produced by AuditEvent::sign. Verify with SignedAuditEvent::verify.

§Examples

use okami::identity::AgentIdentity;
use okami::audit::{AuditEvent, SignedAuditEvent};

let identity = AgentIdentity::new("example.com", "agent/worker").unwrap();
let vk_bytes = identity.credential().verifying_key_bytes.clone();

let ev = AuditEvent::new(
    identity.spiffe_id().clone(),
    "key.rotated",
    serde_json::json!({}),
    None,
);
let signed: SignedAuditEvent = ev.sign(&identity).unwrap();

// Signature is valid with the correct key.
assert!(signed.verify(&vk_bytes).unwrap());

// Round-trip through bytes.
let bytes = signed.to_bytes().unwrap();
let signed2 = SignedAuditEvent::from_bytes(&bytes).unwrap();
assert!(signed2.verify(&vk_bytes).unwrap());

Fields§

§event: AuditEvent

The audit event payload.

§signature: Vec<u8>

PQC signature over the bincode-serialized event bytes.

Implementations§

Source§

impl SignedAuditEvent

Source

pub fn verify(&self, verifying_key_bytes: &[u8]) -> Result<bool>

Verify the PQC signature on this event.

Serializes the event to bincode and verifies the signature against the provided verifying key.

Returns Ok(true) if the signature is valid, Ok(false) if not.

§Errors

Returns Error::Serialization if the event cannot be re-serialized, or Error::Crypto if the verifying key is structurally invalid.

Source

pub fn hash_hex(&self) -> Result<String>

Compute the SHA-256 hex digest of this signed event’s bincode bytes.

Pass the result as previous_event_hash to the next AuditEvent::new call to link the chain.

§Errors

Returns Error::Serialization if serialization fails.

Source

pub fn to_bytes(&self) -> Result<Vec<u8>>

Serialize to bytes (bincode).

§Errors

Returns Error::Serialization if bincode encoding fails.

Source

pub fn from_bytes(bytes: &[u8]) -> Result<Self>

Deserialize from bytes (bincode).

Enforces a MAX_SIGNED_AUDIT_EVENT_BYTES allocation cap to prevent DoS via crafted length-prefix fields. See /cso audit Finding #4 (fingerprint 30a553fc).

§Errors

Returns Error::Serialization if the input exceeds MAX_SIGNED_AUDIT_EVENT_BYTES or if bincode decoding fails.

Trait Implementations§

Source§

impl Clone for SignedAuditEvent

Source§

fn clone(&self) -> SignedAuditEvent

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SignedAuditEvent

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for SignedAuditEvent

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for SignedAuditEvent

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,