feat(rust/signed-doc): add signatures to Catalyst Signed Document

saibatizoku · saibatizoku · commit 22c46f0215c8 · 2025-01-28T18:55:48.000-06:00
diff --git a/rust/signed_doc/src/lib.rs b/rust/signed_doc/src/lib.rs
@@ -17,7 +17,7 @@ pub use builder::Builder;
 use catalyst_types::problem_report::ProblemReport;
 pub use content::Content;
 use coset::{CborSerializable, Header};
-use ed25519_dalek::VerifyingKey;
+use ed25519_dalek::{ed25519::signature::Signer, SecretKey, VerifyingKey};
 use error::CatalystSignedDocError;
 pub use metadata::{DocumentRef, ExtraFields, Metadata, UuidV4, UuidV7};
 pub use minicbor::{decode, encode, Decode, Decoder, Encode};
@@ -259,6 +259,44 @@ impl CatalystSignedDocument {
         Ok(())
     }
 
+    /// Add a signature to the Catalyst Signed Document.
+    ///
+    /// # Returns
+    ///
+    /// A new Catalyst Signed Document with the added signature.
+    ///
+    /// # Errors
+    ///
+    /// Fails if the current signed document cannot be encoded as COSE SIGN,
+    /// or if the Arc inner value cannot be obtained.
+    pub fn sign(self, sk: SecretKey, kid: KidUri) -> anyhow::Result<Self> {
+        let cose_sign = self.as_cose_sign()?;
+        let Some(InnerCatalystSignedDocument {
+            metadata,
+            content,
+            mut signatures,
+        }) = Arc::into_inner(self.inner)
+        else {
+            anyhow::bail!("Failed to extract inner signed document");
+        };
+        let sk = ed25519_dalek::SigningKey::from_bytes(&sk);
+        let protected_header = coset::HeaderBuilder::new()
+            .key_id(kid.to_string().into_bytes())
+            .algorithm(metadata.algorithm().into());
+        let mut signature = coset::CoseSignatureBuilder::new()
+            .protected(protected_header.build())
+            .build();
+        let data_to_sign = cose_sign.tbs_data(&[], &signature);
+        signature.signature = sk.sign(&data_to_sign).to_vec();
+        signatures.push(kid, signature);
+        Ok(InnerCatalystSignedDocument {
+            metadata,
+            content,
+            signatures,
+        }
+        .into())
+    }
+
     /// Convert Catalyst Signed Document into `coset::CoseSign`
     fn as_cose_sign(&self) -> anyhow::Result<coset::CoseSign> {
         let mut cose_bytes: Vec<u8> = Vec::new();
diff --git a/rust/signed_doc/src/metadata/mod.rs b/rust/signed_doc/src/metadata/mod.rs
@@ -59,6 +59,12 @@ pub struct Metadata {
 }
 
 impl Metadata {
+    /// Return Document Cryptographic Algorithm
+    #[must_use]
+    pub fn algorithm(&self) -> Algorithm {
+        self.alg
+    }
+
     /// Return Document Type `UUIDv4`.
     #[must_use]
     pub fn doc_type(&self) -> UuidV4 {
diff --git a/rust/signed_doc/src/signature/mod.rs b/rust/signed_doc/src/signature/mod.rs
@@ -37,6 +37,11 @@ impl Signatures {
         self.0.iter().map(|sig| sig.signature.clone()).collect()
     }
 
+    /// Add a new signature
+    pub fn push(&mut self, kid: KidUri, signature: CoseSignature) {
+        self.0.push(Signature { kid, signature });
+    }
+
     /// Number of signatures.
     #[must_use]
     pub fn len(&self) -> usize {
