Struct SignedRefsReader 

pub struct SignedRefsReader<'a, R, V> { /* private fields */ }

A SignedRefsReader reads and verifies a commit chain for a rad/sigrefs entry.

To create a new reader, use SignedRefsReader::new.

The construction expects:

• A RepoId which is the repository identifier of the Radicle repository.
• A Tip which describes where and how to start the verification.
• A repository which is the Git repository that is being used for the reading.
• A verifier which is the entity that verifies the cryptographic signatures.

Implementations

impl<'a, R, V> SignedRefsReader<'a, R, V>

where R: Reader + Reader, V: Verifier<Signature>,

pub fn new( rid: RepoId, tip: Tip, repository: &'a R, verifier: &'a V, ) -> SignedRefsReader<'a, R, V>

Construct a new SignedRefsReader.

pub fn read(self) -> Result<VerifiedCommit, Read>

Read a VerifiedCommit using the SignedRefsReader, from a linear history.

The VerifiedCommit will be the latest commit, if the commit verifies and contains its parent in its Refs entry.

If the commit does not contain a parent, but its signature is not repeated, then it is still returned.

Otherwise, the latest commit that has no duplicate signatures in its ancestry is returned.

Replay Attacks

The SignedRefsReader prevents replay attacks via two mechanisms:

• The first is recording the parent commit in the /refs blob. This prevents a replay by not allowing the same signature payload to be used in a new commit, since the parents would not match. Note that this does not detect replays by older clients, since they will not include this entry in /refs.
• The second mechanism uses the fact that a replay will give duplicate signatures. This means that any repeated signatures will be skipped, and the commit returned will be the first valid commit, that was not a replay.