feat: add Manifest::signature to get Cose_Sign1 signature (#1699)

ok-nick · web-flow · commit 06155ebea7c9 · 2026-01-09T14:12:28.000-05:00
* feat: add `Manifest::signature` to get Cose_Sign1 signature

* fix: skip serializing signature value in manifest

* fix: optionally include signature in manifest if parsable
diff --git a/sdk/src/claim.rs b/sdk/src/claim.rs
@@ -20,6 +20,7 @@ use std::{
 
 use async_generic::async_generic;
 use chrono::{DateTime, Utc};
+use coset::CoseSign1;
 use serde::{ser::SerializeStruct, Deserialize, Serialize, Serializer};
 use serde_json::{json, Map, Value};
 use uuid::Uuid;
@@ -1051,6 +1052,17 @@ impl Claim {
         &self.signature_val
     }
 
+    /// Returns the `COSE_Sign1_Tagged` structure found in the claim signature box.
+    pub fn cose_sign1(&self) -> Result<CoseSign1> {
+        let sig = self.signature_val();
+        let data = self.data()?;
+        let mut validation_log =
+            StatusTracker::with_error_behavior(ErrorBehavior::StopOnFirstError);
+
+        let sign1 = parse_cose_sign1(sig, &data, &mut validation_log)?;
+        Ok(sign1)
+    }
+
     /// get claim generator
     pub fn claim_generator(&self) -> Option<&str> {
         self.claim_generator.as_deref()
diff --git a/sdk/src/manifest.rs b/sdk/src/manifest.rs
@@ -118,6 +118,12 @@ pub struct Manifest {
     #[serde(skip_serializing_if = "Option::is_none")]
     label: Option<String>,
 
+    /// The [`CoseSign1::signature`] value.
+    ///
+    /// [`CoseSign1::signature`]: coset::CoseSign1::signature
+    #[serde(skip)]
+    signature: Option<Vec<u8>>,
+
     /// Indicates where a generated manifest goes
     #[serde(skip)]
     remote_manifest: Option<RemoteManifest>,
@@ -236,6 +242,12 @@ impl Manifest {
         self.signature_info.as_ref()
     }
 
+    /// Returns the signature field of the `COSE_Sign1_Tagged` structure found in the
+    /// claim signature box.
+    pub fn signature(&self) -> Option<&[u8]> {
+        self.signature.as_deref()
+    }
+
     /// Returns the parent ingredient if it exists.
     pub fn parent(&self) -> Option<&Ingredient> {
         self.ingredients.iter().find(|i| i.is_parent())
@@ -368,6 +380,10 @@ impl Manifest {
             format: claim.format().map(|s| s.to_owned()),
             instance_id: claim.instance_id().to_owned(),
             label: Some(claim.label().to_owned()),
+            signature: claim
+                .cose_sign1()
+                .ok()
+                .map(|cose_sign1| cose_sign1.signature),
             ..Default::default()
         };
 
