fix(rust/signed-doc): refactor cli tool to sign

saibatizoku · saibatizoku · commit 0f850575bda1 · 2025-01-29T12:48:33.000-06:00
diff --git a/rust/signed_doc/examples/mk_signed_doc.rs b/rust/signed_doc/examples/mk_signed_doc.rs
@@ -71,50 +71,60 @@ impl Cli {
                     .with_content(payload)
                     .with_metadata(metadata)
                     .build()?;
-                let mut bytes: Vec<u8> = Vec::new();
-                minicbor::encode(signed_doc, &mut bytes)
-                    .map_err(|e| anyhow::anyhow!("Failed to encode document: {e}"))?;
-
-                write_bytes_to_file(&bytes, &output)?;
+                save_signed_doc(signed_doc, &output)?;
             },
             Self::Sign { sk, doc, kid } => {
                 let sk = load_secret_key_from_file(&sk)
                     .map_err(|e| anyhow::anyhow!("Failed to load SK FILE: {e}"))?;
-                let mut cose = load_cose_from_file(&doc)
-                    .map_err(|e| anyhow::anyhow!("Failed to load COSE FROM FILE: {e}"))?;
-                add_signature_to_cose(&mut cose, &sk, kid.to_string());
-                store_cose_file(cose, &doc)?;
+                let cose_bytes = read_bytes_from_file(&doc)?;
+                let signed_doc = signed_doc_from_bytes(cose_bytes.as_slice())?;
+                let new_signed_doc = signed_doc.sign(sk.to_bytes(), kid)?;
+                save_signed_doc(new_signed_doc, &doc)?;
             },
             Self::Inspect { path } => {
-                let mut cose_file = File::open(path)?;
-                let mut cose_bytes = Vec::new();
-                cose_file.read_to_end(&mut cose_bytes)?;
-                decode_signed_doc(&cose_bytes);
+                let cose_bytes = read_bytes_from_file(&path)?;
+                inspect_signed_doc(&cose_bytes)?;
             },
             Self::InspectBytes { cose_sign_hex } => {
                 let cose_bytes = hex::decode(&cose_sign_hex)?;
-                decode_signed_doc(&cose_bytes);
+                inspect_signed_doc(&cose_bytes)?;
             },
         }
         println!("Done");
         Ok(())
     }
 }
 
-fn decode_signed_doc(cose_bytes: &[u8]) {
+fn read_bytes_from_file(path: &PathBuf) -> anyhow::Result<Vec<u8>> {
+    let mut cose_file = File::open(path)?;
+    let mut cose_bytes = Vec::new();
+    cose_file.read_to_end(&mut cose_bytes)?;
+    Ok(cose_bytes)
+}
+
+fn inspect_signed_doc(cose_bytes: &[u8]) -> anyhow::Result<()> {
     println!(
-        "Decoding {} bytes: {}",
+        "Decoding {} bytes:\n{}",
         cose_bytes.len(),
         hex::encode(cose_bytes)
     );
+    let cat_signed_doc = signed_doc_from_bytes(cose_bytes)?;
+    println!("This is a valid Catalyst Document.");
+    println!("{cat_signed_doc}");
+    Ok(())
+}
 
-    match CatalystSignedDocument::try_from(cose_bytes) {
-        Ok(cat_signed_doc) => {
-            println!("This is a valid Catalyst Document.");
-            println!("{cat_signed_doc}");
-        },
-        Err(e) => eprintln!("Invalid Catalyst Document, err: {e}"),
-    }
+fn save_signed_doc(signed_doc: CatalystSignedDocument, path: &PathBuf) -> anyhow::Result<()> {
+    let mut bytes: Vec<u8> = Vec::new();
+    minicbor::encode(signed_doc, &mut bytes)
+        .map_err(|e| anyhow::anyhow!("Failed to encode document: {e}"))?;
+
+    write_bytes_to_file(&bytes, path)
+}
+
+fn signed_doc_from_bytes(cose_bytes: &[u8]) -> anyhow::Result<CatalystSignedDocument> {
+    CatalystSignedDocument::try_from(cose_bytes)
+        .map_err(|e| anyhow::anyhow!("Invalid Catalyst Document: {e}"))
 }
 
 fn load_json_from_file<T>(path: &PathBuf) -> anyhow::Result<T>
@@ -124,45 +134,20 @@ where T: for<'de> serde::Deserialize<'de> {
     Ok(json)
 }
 
-fn load_cose_from_file(cose_path: &PathBuf) -> anyhow::Result<coset::CoseSign> {
-    let cose_file_bytes = read_bytes_from_file(cose_path)?;
-    let cose = coset::CoseSign::from_slice(&cose_file_bytes).map_err(|e| anyhow::anyhow!("{e}"))?;
-    Ok(cose)
-}
-
-fn read_bytes_from_file(path: &PathBuf) -> anyhow::Result<Vec<u8>> {
-    let mut file_bytes = Vec::new();
-    File::open(path)?.read_to_end(&mut file_bytes)?;
-    Ok(file_bytes)
-}
-
 fn write_bytes_to_file(bytes: &[u8], output: &PathBuf) -> anyhow::Result<()> {
     File::create(output)?
         .write_all(bytes)
         .map_err(|e| anyhow::anyhow!("Failed to write to file {output:?}: {e}"))
 }
 
-fn store_cose_file(cose: coset::CoseSign, output: &PathBuf) -> anyhow::Result<()> {
-    let cose_bytes = cose
-        .to_vec()
-        .map_err(|e| anyhow::anyhow!("Failed to Store COSE SIGN: {e}"))?;
-    write_bytes_to_file(&cose_bytes, output)
-}
-
 fn load_secret_key_from_file(sk_path: &PathBuf) -> anyhow::Result<ed25519_dalek::SigningKey> {
     let sk_str = read_to_string(sk_path)?;
     let sk = ed25519_dalek::SigningKey::from_pkcs8_pem(&sk_str)?;
     Ok(sk)
 }
 
-fn add_signature_to_cose(cose: &mut coset::CoseSign, sk: &ed25519_dalek::SigningKey, kid: String) {
-    let protected_header = coset::HeaderBuilder::new()
-        .key_id(kid.into_bytes())
-        .algorithm(coset::iana::Algorithm::EdDSA);
-    let mut signature = coset::CoseSignatureBuilder::new()
-        .protected(protected_header.build())
-        .build();
-    let data_to_sign = cose.tbs_data(&[], &signature);
-    signature.signature = sk.sign(&data_to_sign).to_vec();
-    cose.signatures.push(signature);
+fn load_public_key_from_file(pk_path: &PathBuf) -> anyhow::Result<ed25519_dalek::VerifyingKey> {
+    let pk_str = read_to_string(pk_path)?;
+    let pk = ed25519_dalek::VerifyingKey::from_public_key_pem(&pk_str)?;
+    Ok(pk)
 }
