fix(rust/catalyst-types): refactor sigining logic into builder

saibatizoku · saibatizoku · commit 262b1ad3a890 · 2025-01-29T14:28:40.000-06:00
diff --git a/rust/signed_doc/examples/mk_signed_doc.rs b/rust/signed_doc/examples/mk_signed_doc.rs
@@ -77,7 +77,7 @@ impl Cli {
                 let payload = serde_json::to_vec(&json_doc)?;
                 // Start with no signatures.
                 let signed_doc = Builder::new()
-                    .with_content(payload)
+                    .with_decoded_content(payload)
                     .with_metadata(metadata)
                     .build()?;
                 save_signed_doc(signed_doc, &output)?;
@@ -87,7 +87,8 @@ impl Cli {
                     .map_err(|e| anyhow::anyhow!("Failed to load SK FILE: {e}"))?;
                 let cose_bytes = read_bytes_from_file(&doc)?;
                 let signed_doc = signed_doc_from_bytes(cose_bytes.as_slice())?;
-                let new_signed_doc = signed_doc.sign(sk.to_bytes(), kid)?;
+                let builder = signed_doc.as_signed_doc_builder();
+                let new_signed_doc = builder.add_signature(sk.to_bytes(), kid)?.build()?;
                 save_signed_doc(new_signed_doc, &doc)?;
             },
             Self::Inspect { path } => {
diff --git a/rust/signed_doc/src/builder.rs b/rust/signed_doc/src/builder.rs
@@ -1,15 +1,18 @@
 //! Catalyst Signed Document Builder.
+use catalyst_types::kid_uri::KidUri;
+use ed25519_dalek::{ed25519::signature::Signer, SecretKey};
+
 use crate::{CatalystSignedDocument, Content, InnerCatalystSignedDocument, Metadata, Signatures};
 
 /// Catalyst Signed Document Builder.
-#[derive(Debug, Default)]
+#[derive(Debug, Default, Clone)]
 pub struct Builder {
     /// Document Metadata
-    metadata: Option<Metadata>,
+    pub(crate) metadata: Option<Metadata>,
     /// Document Content
-    content: Option<Vec<u8>>,
+    pub(crate) content: Option<Vec<u8>>,
     /// Signatures
-    signatures: Signatures,
+    pub(crate) signatures: Signatures,
 }
 
 impl Builder {
@@ -26,13 +29,58 @@ impl Builder {
         self
     }
 
-    /// Set document content
+    /// Set decoded (original) document content bytes
     #[must_use]
-    pub fn with_content(mut self, content: Vec<u8>) -> Self {
+    pub fn with_decoded_content(mut self, content: Vec<u8>) -> Self {
         self.content = Some(content);
         self
     }
 
+    /// Set document signatures
+    #[must_use]
+    pub fn with_signatures(mut self, signatures: Signatures) -> Self {
+        self.signatures = signatures;
+        self
+    }
+
+    /// Add a signature to the document
+    ///
+    /// # Errors
+    ///
+    /// Fails if a `CatalystSignedDocument` cannot be created due to missing metadata or
+    /// content, due to malformed data, or when the signed document cannot be
+    /// converted into `coset::CoseSign`.
+    pub fn add_signature(self, sk: SecretKey, kid: KidUri) -> anyhow::Result<Self> {
+        let cose_sign = self
+            .clone()
+            .build()
+            .map_err(|e| anyhow::anyhow!("Failed to sign: {e}"))?
+            .as_cose_sign()
+            .map_err(|e| anyhow::anyhow!("Failed to sign: {e}"))?;
+        let Self {
+            metadata: Some(metadata),
+            content: Some(content),
+            mut signatures,
+        } = self
+        else {
+            anyhow::bail!("Metadata and Content are needed for signing");
+        };
+        let sk = ed25519_dalek::SigningKey::from_bytes(&sk);
+        let protected_header = coset::HeaderBuilder::new()
+            .key_id(kid.to_string().into_bytes())
+            .algorithm(metadata.algorithm().into());
+        let mut signature = coset::CoseSignatureBuilder::new()
+            .protected(protected_header.build())
+            .build();
+        let data_to_sign = cose_sign.tbs_data(&[], &signature);
+        signature.signature = sk.sign(&data_to_sign).to_vec();
+        signatures.push(kid, signature);
+        Ok(Self::new()
+            .with_decoded_content(content)
+            .with_metadata(metadata)
+            .with_signatures(signatures))
+    }
+
     /// Build a signed document
     ///
     /// ## Errors
diff --git a/rust/signed_doc/src/lib.rs b/rust/signed_doc/src/lib.rs
@@ -17,7 +17,7 @@ pub use builder::Builder;
 use catalyst_types::problem_report::ProblemReport;
 pub use content::Content;
 use coset::{CborSerializable, Header};
-use ed25519_dalek::{ed25519::signature::Signer, SecretKey, VerifyingKey};
+use ed25519_dalek::VerifyingKey;
 use error::CatalystSignedDocError;
 pub use metadata::{DocumentRef, ExtraFields, Metadata, UuidV4, UuidV7};
 pub use minicbor::{decode, encode, Decode, Decoder, Encode};
@@ -259,50 +259,23 @@ impl CatalystSignedDocument {
         Ok(())
     }
 
-    /// Add a signature to the Catalyst Signed Document.
-    ///
-    /// # Returns
-    ///
-    /// A new Catalyst Signed Document with the added signature.
-    ///
-    /// # Errors
-    ///
-    /// Fails if the current signed document cannot be encoded as COSE SIGN,
-    /// or if the Arc inner value cannot be obtained.
-    pub fn sign(self, sk: SecretKey, kid: KidUri) -> anyhow::Result<Self> {
-        let cose_sign = self.as_cose_sign()?;
-        let Some(InnerCatalystSignedDocument {
-            metadata,
-            content,
-            mut signatures,
-        }) = Arc::into_inner(self.inner)
-        else {
-            anyhow::bail!("Failed to extract inner signed document");
-        };
-        let sk = ed25519_dalek::SigningKey::from_bytes(&sk);
-        let protected_header = coset::HeaderBuilder::new()
-            .key_id(kid.to_string().into_bytes())
-            .algorithm(metadata.algorithm().into());
-        let mut signature = coset::CoseSignatureBuilder::new()
-            .protected(protected_header.build())
-            .build();
-        let data_to_sign = cose_sign.tbs_data(&[], &signature);
-        signature.signature = sk.sign(&data_to_sign).to_vec();
-        signatures.push(kid, signature);
-        Ok(InnerCatalystSignedDocument {
-            metadata,
-            content,
-            signatures,
+    /// Returns a signed document `Builder` pre-loaded with the current signed document's
+    /// data.
+    #[must_use]
+    pub fn as_signed_doc_builder(&self) -> Builder {
+        Builder {
+            metadata: Some(self.inner.metadata.clone()),
+            content: Some(self.inner.content.decoded_bytes().to_vec()),
+            signatures: self.inner.signatures.clone(),
         }
-        .into())
     }
 
     /// Convert Catalyst Signed Document into `coset::CoseSign`
     fn as_cose_sign(&self) -> anyhow::Result<coset::CoseSign> {
         let mut cose_bytes: Vec<u8> = Vec::new();
         minicbor::encode(self, &mut cose_bytes)?;
         coset::CoseSign::from_slice(&cose_bytes)
-            .map_err(|e| anyhow::anyhow!("encoding COSE SIGN failed: {e}"))
+            .map_err(|e| anyhow::anyhow!("encoding as COSE SIGN failed: {e}"))
     }
 }
 
@@ -477,7 +450,7 @@ mod tests {
 
         let doc = Builder::new()
             .with_metadata(metadata.clone())
-            .with_content(content.clone())
+            .with_decoded_content(content.clone())
             .build()
             .unwrap();
 
