fix(rust/signed_doc): cleanup examples, fix signatures decoding

Author: saibatizoku

rust/signed_doc/examples/cat-signed-doc.rs

@@ -8,13 +8,10 @@ use std::{
     path::PathBuf,
 };
 
-use catalyst_signed_doc::{DocumentRef, KidUri, Metadata};
+use catalyst_signed_doc::{CatalystSignedDocument, Decode, Decoder, DocumentRef, KidUri, Metadata};
 use clap::Parser;
 use coset::{iana::CoapContentFormat, CborSerializable};
-use ed25519_dalek::{
-    ed25519::signature::Signer,
-    pkcs8::{DecodePrivateKey, DecodePublicKey},
-};
+use ed25519_dalek::{ed25519::signature::Signer, pkcs8::DecodePrivateKey};
 
 fn main() {
     if let Err(err) = Cli::parse().exec() {
@@ -44,21 +41,21 @@ enum Cli {
         /// This exact file would be modified and new signature would be added
         doc: PathBuf,
         /// Signer kid
-        kid: String,
+        kid: KidUri,
     },
-    /// Verifies COSE document
-    Verify {
-        /// Path to the public key in PEM format
-        pk: PathBuf,
+    /// Inspects Catalyst Signed Document
+    Inspect {
         /// Path to the fully formed (should has at least one signature) COSE document
-        doc: PathBuf,
-        /// Path to the json schema (Draft 7) to validate document against it
-        schema: PathBuf,
+        path: PathBuf,
+    },
+    /// Inspects Catalyst Signed Document from hex-encoded bytes
+    InspectBytes {
+        /// Hex-formatted COSE SIGN Bytes
+        cose_sign_hex: String,
     },
 }
 
 const CONTENT_ENCODING_KEY: &str = "Content-Encoding";
-const CONTENT_ENCODING_VALUE: &str = "br";
 const UUID_CBOR_TAG: u64 = 37;
 
 fn encode_cbor_uuid(uuid: &uuid::Uuid) -> coset::cbor::Value {
@@ -68,31 +65,6 @@ fn encode_cbor_uuid(uuid: &uuid::Uuid) -> coset::cbor::Value {
     )
 }
 
-fn _decode_cbor_uuid(val: &coset::cbor::Value) -> anyhow::Result<uuid::Uuid> {
-    let Some((UUID_CBOR_TAG, coset::cbor::Value::Bytes(bytes))) = val.as_tag() else {
-        anyhow::bail!("Invalid CBOR encoded UUID type");
-    };
-    let uuid = uuid::Uuid::from_bytes(
-        bytes
-            .clone()
-            .try_into()
-            .map_err(|_| anyhow::anyhow!("Invalid CBOR encoded UUID type, invalid bytes size"))?,
-    );
-    Ok(uuid)
-}
-
-fn _encode_cbor_document_ref(doc_ref: &DocumentRef) -> coset::cbor::Value {
-    match doc_ref {
-        DocumentRef::Latest { id } => encode_cbor_uuid(&id.uuid()),
-        DocumentRef::WithVer { id, ver } => {
-            coset::cbor::Value::Array(vec![
-                encode_cbor_uuid(&id.uuid()),
-                encode_cbor_uuid(&ver.uuid()),
-            ])
-        },
-    }
-}
-
 #[allow(clippy::indexing_slicing)]
 fn _decode_cbor_document_ref(val: &coset::cbor::Value) -> anyhow::Result<DocumentRef> {
     DocumentRef::try_from(val)
@@ -118,28 +90,44 @@ impl Cli {
                 store_cose_file(empty_cose_sign, &output)?;
             },
             Self::Sign { sk, doc, kid } => {
-                let sk = load_secret_key_from_file(&sk)?;
-                let mut cose = load_cose_from_file(&doc)?;
-                add_signature_to_cose(&mut cose, &sk, kid);
+                let sk = load_secret_key_from_file(&sk)
+                    .map_err(|e| anyhow::anyhow!("Failed to load SK FILE: {e}"))?;
+                let mut cose = load_cose_from_file(&doc)
+                    .map_err(|e| anyhow::anyhow!("Failed to load COSE FROM FILE: {e}"))?;
+                add_signature_to_cose(&mut cose, &sk, kid.to_string());
                 store_cose_file(cose, &doc)?;
             },
-            Self::Verify { pk, doc, schema } => {
-                let pk = load_public_key_from_file(&pk)
-                    .map_err(|e| anyhow::anyhow!("Failed to load public key from file: {e}"))?;
-                let schema = load_schema_from_file(&schema).map_err(|e| {
-                    anyhow::anyhow!("Failed to load document schema from file: {e}")
-                })?;
-                let cose = load_cose_from_file(&doc)
-                    .map_err(|e| anyhow::anyhow!("Failed to load COSE SIGN from file: {e}"))?;
-                validate_cose(&cose, &pk, &schema)?;
-                println!("Document is valid.");
+            Self::Inspect { path } => {
+                let mut cose_file = File::open(path)?;
+                let mut cose_bytes = Vec::new();
+                cose_file.read_to_end(&mut cose_bytes)?;
+                decode_signed_doc(&cose_bytes);
+            },
+            Self::InspectBytes { cose_sign_hex } => {
+                let cose_bytes = hex::decode(&cose_sign_hex)?;
+                decode_signed_doc(&cose_bytes);
             },
         }
         println!("Done");
         Ok(())
     }
 }
 
+fn decode_signed_doc(cose_bytes: &[u8]) {
+    println!(
+        "Decoding {} bytes: {}",
+        cose_bytes.len(),
+        hex::encode(cose_bytes)
+    );
+    match CatalystSignedDocument::decode(&mut Decoder::new(cose_bytes), &mut ()) {
+        Ok(cat_signed_doc) => {
+            println!("This is a valid Catalyst Signed Document.");
+            println!("{cat_signed_doc}");
+        },
+        Err(e) => eprintln!("Invalid Cataylyst Signed Document, err: {e}"),
+    }
+}
+
 fn load_schema_from_file(schema_path: &PathBuf) -> anyhow::Result<jsonschema::JSONSchema> {
     let schema_file = File::open(schema_path)?;
     let schema_json = serde_json::from_reader(schema_file)?;
@@ -176,23 +164,6 @@ fn brotli_compress_json(doc: &serde_json::Value) -> anyhow::Result<Vec<u8>> {
     Ok(buf)
 }
 
-fn brotli_decompress_json(mut doc_bytes: &[u8]) -> anyhow::Result<serde_json::Value> {
-    let mut buf = Vec::new();
-    brotli::BrotliDecompress(&mut doc_bytes, &mut buf)?;
-    let json_doc = serde_json::from_slice(&buf)?;
-    Ok(json_doc)
-}
-
-fn cose_protected_header() -> coset::Header {
-    coset::HeaderBuilder::new()
-        .content_format(CoapContentFormat::Json)
-        .text_value(
-            CONTENT_ENCODING_KEY.to_string(),
-            CONTENT_ENCODING_VALUE.to_string().into(),
-        )
-        .build()
-}
-
 fn build_empty_cose_doc(doc_bytes: Vec<u8>, meta: &Metadata) -> coset::CoseSign {
     let mut builder =
         coset::HeaderBuilder::new().content_format(CoapContentFormat::from(meta.content_type()));
@@ -238,7 +209,9 @@ fn load_cose_from_file(cose_path: &PathBuf) -> anyhow::Result<coset::CoseSign> {
 
 fn store_cose_file(cose: coset::CoseSign, output: &PathBuf) -> anyhow::Result<()> {
     let mut cose_file = File::create(output)?;
-    let cose_bytes = cose.to_vec().map_err(|e| anyhow::anyhow!("{e}"))?;
+    let cose_bytes = cose
+        .to_vec()
+        .map_err(|e| anyhow::anyhow!("Failed to Store COSE SIGN: {e}"))?;
     cose_file.write_all(&cose_bytes)?;
     Ok(())
 }
@@ -249,12 +222,6 @@ fn load_secret_key_from_file(sk_path: &PathBuf) -> anyhow::Result<ed25519_dalek:
     Ok(sk)
 }
 
-fn load_public_key_from_file(pk_path: &PathBuf) -> anyhow::Result<ed25519_dalek::VerifyingKey> {
-    let pk_str = read_to_string(pk_path)?;
-    let pk = ed25519_dalek::VerifyingKey::from_public_key_pem(&pk_str)?;
-    Ok(pk)
-}
-
 fn add_signature_to_cose(cose: &mut coset::CoseSign, sk: &ed25519_dalek::SigningKey, kid: String) {
     let protected_header = coset::HeaderBuilder::new()
         .key_id(kid.into_bytes())
@@ -266,152 +233,3 @@ fn add_signature_to_cose(cose: &mut coset::CoseSign, sk: &ed25519_dalek::Signing
     signature.signature = sk.sign(&data_to_sign).to_vec();
     cose.signatures.push(signature);
 }
-
-fn validate_cose(
-    cose: &coset::CoseSign, pk: &ed25519_dalek::VerifyingKey, schema: &jsonschema::JSONSchema,
-) -> anyhow::Result<()> {
-    validate_cose_protected_header(cose)?;
-
-    let Some(payload) = &cose.payload else {
-        anyhow::bail!("COSE missing payload field with the JSON content in it");
-    };
-    let json_doc = brotli_decompress_json(payload.as_slice())?;
-    validate_json(&json_doc, schema)?;
-
-    for sign in &cose.signatures {
-        let key_id = &sign.protected.header.key_id;
-        anyhow::ensure!(
-            !key_id.is_empty(),
-            "COSE missing signature protected header `kid` field "
-        );
-
-        let kid = KidUri::try_from(key_id.as_ref())?;
-        println!("Signature Key ID: {kid}");
-        let data_to_sign = cose.tbs_data(&[], sign);
-        let signature_bytes = sign.signature.as_slice().try_into().map_err(|_| {
-            anyhow::anyhow!(
-                "Invalid signature bytes size: expected {}, provided {}.",
-                ed25519_dalek::Signature::BYTE_SIZE,
-                sign.signature.len()
-            )
-        })?;
-        println!(
-            "Verifying Key Len({}): 0x{}",
-            pk.as_bytes().len(),
-            hex::encode(pk.as_bytes())
-        );
-        let signature = ed25519_dalek::Signature::from_bytes(signature_bytes);
-        pk.verify_strict(&data_to_sign, &signature)?;
-    }
-
-    Ok(())
-}
-
-fn validate_cose_protected_header(cose: &coset::CoseSign) -> anyhow::Result<()> {
-    let expected_header = cose_protected_header();
-    anyhow::ensure!(
-        cose.protected.header.alg == expected_header.alg,
-        "Invalid COSE document protected header `algorithm` field"
-    );
-    anyhow::ensure!(
-        cose.protected.header.content_type == expected_header.content_type,
-        "Invalid COSE document protected header `content-type` field"
-    );
-    println!("HEADER REST: \n{:?}", cose.protected.header.rest);
-    anyhow::ensure!(
-        cose.protected.header.rest.iter().any(|(key, value)| {
-            key == &coset::Label::Text(CONTENT_ENCODING_KEY.to_string())
-                && value == &coset::cbor::Value::Text(CONTENT_ENCODING_VALUE.to_string())
-        }),
-        "Invalid COSE document protected header"
-    );
-
-    // let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("type".to_string()))
-    // else {
-    //     anyhow::bail!("Invalid COSE protected header, missing `type` field");
-    // };
-    // decode_cbor_uuid(value)
-    //     .map_err(|e| anyhow::anyhow!("Invalid COSE protected header `type` field, err:
-    // {e}"))?;
-
-    // let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("id".to_string()))
-    // else {
-    //     anyhow::bail!("Invalid COSE protected header, missing `id` field");
-    // };
-    // decode_cbor_uuid(value)
-    //     .map_err(|e| anyhow::anyhow!("Invalid COSE protected header `id` field, err:
-    // {e}"))?;
-
-    // let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("ver".to_string()))
-    // else {
-    //     anyhow::bail!("Invalid COSE protected header, missing `ver` field");
-    // };
-    // decode_cbor_uuid(value)
-    //     .map_err(|e| anyhow::anyhow!("Invalid COSE protected header `ver` field, err:
-    // {e}"))?;
-
-    // if let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("ref".to_string()))
-    // {
-    //     decode_cbor_document_ref(value)
-    //         .map_err(|e| anyhow::anyhow!("Invalid COSE protected header `ref` field, err:
-    // {e}"))?; }
-
-    // if let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("template".to_string()))
-    // {
-    //     decode_cbor_document_ref(value).map_err(|e| {
-    //         anyhow::anyhow!("Invalid COSE protected header `template` field, err: {e}")
-    //     })?;
-    // }
-
-    // if let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("reply".to_string()))
-    // {
-    //     decode_cbor_document_ref(value).map_err(|e| {
-    //         anyhow::anyhow!("Invalid COSE protected header `reply` field, err: {e}")
-    //     })?;
-    // }
-
-    // if let Some((_, value)) = cose
-    //     .protected
-    //     .header
-    //     .rest
-    //     .iter()
-    //     .find(|(key, _)| key == &coset::Label::Text("section".to_string()))
-    // {
-    //     anyhow::ensure!(
-    //         value.is_text(),
-    //         "Invalid COSE protected header, missing `section` field"
-    //     );
-    // }
-
-    Ok(())
-}