feat(rust): Update the KidURI struct to match the formal spec

Author: stevenj

.config/dictionaries/project.dic

@@ -49,6 +49,7 @@ coverallsapp
 cpus
 crontabs
 crontagged
+csprng
 cstring
 dalek
 dashmap
@@ -208,6 +209,8 @@ reqwest
 retriggering
 ristretto
 rlib
+rngs
+rsplit
 rulelist
 RULENAME
 runable

rust/signed_doc/Cargo.toml

@@ -11,16 +11,21 @@ license.workspace = true
 workspace = true
 
 [dependencies]
+cardano-blockchain-types = { version = "0.0.1", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "v0.0.11" }
 anyhow = "1.0.95"
 serde = { version = "1.0.217", features = ["derive"] }
 serde_json = "1.0.134"
 # TODO: Bump this to the latest version and fix the code
 jsonschema = "0.18.3"
 coset = "0.3.8"
 brotli = "7.0.0"
-ed25519-dalek = { version = "2.1.1", features = ["pem"] }
+ed25519-dalek = { version = "2.1.1", features = ["pem", "rand_core"] }
 uuid = { version = "1.11.0", features = ["v4", "v7", "serde"] }
 hex = "0.4.3"
+fluent-uri = "0.3.2"
+thiserror = "2.0.9"
+base64-url = "3.0.0"
 
 [dev-dependencies]
 clap = { version = "4.5.23",  features = ["derive", "env"] }
+rand = "0.8.5"

rust/signed_doc/examples/mk_signed_doc.rs

@@ -14,7 +14,7 @@ use ed25519_dalek::{
     ed25519::signature::Signer,
     pkcs8::{DecodePrivateKey, DecodePublicKey},
 };
-use signed_doc::{DocumentRef, Kid, Metadata, UuidV7};
+use signed_doc::{DocumentRef, KidURI, Metadata, UuidV7};
 
 fn main() {
     if let Err(err) = Cli::parse().exec() {
@@ -305,7 +305,7 @@ fn validate_cose(
             "COSE missing signature protected header `kid` field "
         );
 
-        let kid = Kid::try_from(key_id.as_ref())?;
+        let kid = KidURI::try_from(key_id.as_ref())?;
         println!("Signature Key ID: {kid}");
         let data_to_sign = cose.tbs_data(&[], sign);
         let signature_bytes = sign.signature.as_slice().try_into().map_err(|_| {

rust/signed_doc/src/lib.rs

@@ -12,7 +12,7 @@ mod metadata;
 mod signature;
 
 pub use metadata::{DocumentRef, Metadata, UuidV7};
-pub use signature::Kid;
+pub use signature::KidURI;
 
 /// Keep all the contents private.
 /// Better even to use a structure like this.  Wrapping in an Arc means we don't have to
@@ -154,5 +154,4 @@ impl CatalystSignedDocument {
     pub fn doc_section(&self) -> Option<String> {
         self.inner.metadata.doc_section()
     }
-
 }

rust/signed_doc/src/signature/kid/errors.rs

@@ -0,0 +1,43 @@
+//! Errors returned by this type
+
+use thiserror::Error;
+
+use super::{key_rotation::KeyRotationError, role_index::RoleIndexError};
+
+/// Errors that can occur when parsing a `KidURI`
+#[derive(Error, Debug)]
+pub enum KidURIError {
+    /// Invalid KID URI
+    #[error("Invalid URI")]
+    InvalidURI(#[from] fluent_uri::error::ParseError),
+    /// Invalid Scheme, not a KID URI
+    #[error("Invalid Scheme, not a KID URI")]
+    InvalidScheme,
+    /// Network not defined in URI
+    #[error("No defined Network")]
+    NoDefinedNetwork,
+    /// Path of URI is invalid
+    #[error("Invalid Path")]
+    InvalidPath,
+    /// Role 0 Key in path is invalid
+    #[error("Invalid Role 0 Key")]
+    InvalidRole0Key,
+    /// Role 0 Key in path is not encoded correctly
+    #[error("Invalid Role 0 Key Encoding")]
+    InvalidRole0KeyEncoding(#[from] base64_url::base64::DecodeError),
+    /// Role Index is invalid
+    #[error("Invalid Role")]
+    InvalidRole,
+    /// Role Index is not encoded correctly
+    #[error("Invalid Role Index")]
+    InvalidRoleIndex(#[from] RoleIndexError),
+    /// Role Key Rotation is invalid
+    #[error("Invalid Rotation")]
+    InvalidRotation,
+    /// Role Key Rotation is not encoded correctly
+    #[error("Invalid Rotation Value")]
+    InvalidRotationValue(#[from] KeyRotationError),
+    /// Encryption key Identifier Fragment is not valid
+    #[error("Invalid Encryption Key Fragment")]
+    InvalidEncryptionKeyFragment,
+}

rust/signed_doc/src/signature/kid/key_rotation.rs

@@ -0,0 +1,42 @@
+//! COSE Signature Protected Header `kid` Role0 Key Version.
+
+use std::{
+    fmt::{Display, Formatter},
+    num::ParseIntError,
+    str::FromStr,
+};
+
+use thiserror::Error;
+
+/// Errors from parsing the `KeyRotation`
+#[derive(Error, Debug)]
+#[allow(clippy::module_name_repetitions)]
+pub enum KeyRotationError {
+    /// Key Rotation could not be parsed from a string
+    #[error("Invalid Role Key Rotation")]
+    InvalidRole(#[from] ParseIntError),
+}
+
+/// Rotation count of the Role Key.
+#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
+pub struct KeyRotation(u16);
+
+impl From<u16> for KeyRotation {
+    fn from(value: u16) -> Self {
+        Self(value)
+    }
+}
+
+impl FromStr for KeyRotation {
+    type Err = KeyRotationError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(Self(s.parse::<u16>()?))
+    }
+}
+
+impl Display for KeyRotation {
+    fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> {
+        write!(f, "{}", self.0)
+    }
+}