Skip to content

Commit b5830c0

Browse files
Mr-LeshiyMr-Leshiy
committed
fix
1 parent 167327b commit b5830c0

File tree

3 files changed

+47
-51
lines changed

3 files changed

+47
-51
lines changed

rust/rbac-registration/src/cardano/cip509/cip509.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -243,7 +243,7 @@ impl Cip509 {
243243
LocalRefInt::X509Certs => {
244244
m.x509_certs.get(key_ref.key_offset).and_then(|c| {
245245
if let X509DerCert::X509Cert(c) = c {
246-
extract_key::x509_key(&c).ok()
246+
extract_key::x509_key(c).ok()
247247
} else {
248248
None
249249
}
@@ -252,7 +252,7 @@ impl Cip509 {
252252
LocalRefInt::C509Certs => {
253253
m.c509_certs.get(key_ref.key_offset).and_then(|c| {
254254
if let C509Cert::C509Certificate(c) = c {
255-
extract_key::c509_key(&c).ok()
255+
extract_key::c509_key(c).ok()
256256
} else {
257257
None
258258
}
@@ -261,7 +261,7 @@ impl Cip509 {
261261
LocalRefInt::PubKeys => {
262262
m.pub_keys.get(key_ref.key_offset).and_then(|c| {
263263
if let SimplePublicKeyType::Ed25519(c) = c {
264-
Some(c.clone())
264+
Some(*c)
265265
} else {
266266
None
267267
}

rust/rbac-registration/src/cardano/cip509/utils/cip134_uri_set.rs

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ struct Cip0134UriSetInner {
4040
/// URIs from c509 certificates.
4141
c_uris: UrisMap,
4242
/// URIs which are taken by another certificates.
43-
taken_uris: HashSet<Cip0134Uri>,
43+
taken: HashSet<Cip0134Uri>,
4444
}
4545

4646
impl Cip0134UriSet {
@@ -57,7 +57,7 @@ impl Cip0134UriSet {
5757
Self(Arc::new(Cip0134UriSetInner {
5858
x_uris,
5959
c_uris,
60-
taken_uris,
60+
taken: taken_uris,
6161
}))
6262
}
6363

@@ -79,7 +79,7 @@ impl Cip0134UriSet {
7979
.values()
8080
.chain(self.c_uris().values())
8181
.flat_map(|uris| uris.iter())
82-
.filter(|v| !self.0.taken_uris.contains(v))
82+
.filter(|v| !self.0.taken.contains(v))
8383
}
8484

8585
/// Returns `true` if both x509 and c509 certificate maps are empty.
@@ -167,7 +167,7 @@ impl Cip0134UriSet {
167167
let Cip0134UriSetInner {
168168
mut x_uris,
169169
mut c_uris,
170-
mut taken_uris,
170+
taken: mut taken_uris,
171171
} = Arc::unwrap_or_clone(self.0);
172172

173173
for (index, cert) in metadata.x509_certs.iter().enumerate() {
@@ -214,7 +214,7 @@ impl Cip0134UriSet {
214214
Self(Arc::new(Cip0134UriSetInner {
215215
x_uris,
216216
c_uris,
217-
taken_uris,
217+
taken: taken_uris,
218218
}))
219219
}
220220

@@ -239,15 +239,15 @@ impl Cip0134UriSet {
239239
let Cip0134UriSetInner {
240240
x_uris,
241241
c_uris,
242-
mut taken_uris,
242+
taken: mut taken_uris,
243243
} = Arc::unwrap_or_clone(self.0);
244244

245245
taken_uris.extend(latest_taken_uris);
246246

247247
Self(Arc::new(Cip0134UriSetInner {
248248
x_uris,
249249
c_uris,
250-
taken_uris,
250+
taken: taken_uris,
251251
}))
252252
}
253253
}

rust/rbac-registration/src/registration/cardano/mod.rs

Lines changed: 37 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ impl RegistrationChain {
4646
///
4747
/// # Errors
4848
/// - Propagates any I/O or provider-level errors encountered while checking key
49-
/// ownership (e.g., database lookup failures).
49+
/// ownership (e.g., database lookup failures).
5050
pub async fn new<State>(
5151
cip509: &Cip509,
5252
state: &mut State,
@@ -68,20 +68,7 @@ impl RegistrationChain {
6868
);
6969
}
7070

71-
// Checks that a new registration doesn't contain a signing key that was used by any
72-
// other chain. Returns a list of public keys in the registration.
73-
for role in cip509.all_roles() {
74-
if let Some(key) = cip509.signing_pk_for_role(role) {
75-
if let Some(previous) = state.chain_catalyst_id_from_public_key(&key).await? {
76-
if &previous != cat_id {
77-
cip509.report().functional_validation(
78-
&format!("An update to {cat_id} registration chain uses the same public key ({key:?}) as {previous} chain"),
79-
"It isn't allowed to use role 0 signing (certificate subject public) key in different chains",
80-
);
81-
}
82-
}
83-
}
84-
}
71+
check_signing_pk(cat_id, cip509, state).await?;
8572
}
8673

8774
if cip509.report().is_problematic() {
@@ -113,7 +100,7 @@ impl RegistrationChain {
113100
///
114101
/// # Errors
115102
/// - Propagates any I/O or provider-level errors encountered while checking key
116-
/// ownership (e.g., database lookup failures).
103+
/// ownership (e.g., database lookup failures).
117104
pub async fn update<State>(
118105
&self,
119106
cip509: &Cip509,
@@ -143,23 +130,7 @@ impl RegistrationChain {
143130
}
144131
}
145132

146-
// Checks that a new registration doesn't contain a signing key that was used by any
147-
// other chain. Returns a list of public keys in the registration.
148-
{
149-
let cat_id = self.catalyst_id();
150-
for role in cip509.all_roles() {
151-
if let Some(key) = cip509.signing_pk_for_role(role) {
152-
if let Some(previous) = state.chain_catalyst_id_from_public_key(&key).await? {
153-
if &previous != cat_id {
154-
cip509.report().functional_validation(
155-
&format!("An update to {cat_id} registration chain uses the same public key ({key:?}) as {previous} chain"),
156-
"It isn't allowed to use role 0 signing (certificate subject public) key in different chains",
157-
);
158-
}
159-
}
160-
}
161-
}
162-
}
133+
check_signing_pk(self.catalyst_id(), cip509, state).await?;
163134

164135
if cip509.report().is_problematic() {
165136
Ok(None)
@@ -453,15 +424,15 @@ impl RegistrationChainInner {
453424

454425
check_validation_signature(
455426
cip509.validation_signature(),
456-
&cip509.raw_aux_data(),
427+
cip509.raw_aux_data(),
457428
signing_pk,
458429
cip509.report(),
459430
context,
460431
);
461432

462433
if cip509.txn_inputs_hash().is_none() {
463434
cip509.report().missing_field("txn inputs hash", context);
464-
};
435+
}
465436

466437
let Some(purpose) = cip509.purpose() else {
467438
cip509.report().missing_field("purpose", context);
@@ -551,12 +522,11 @@ impl RegistrationChainInner {
551522
}
552523

553524
return Some(new_inner.update_cause_another_chain(cip509));
554-
} else {
555-
cip509
556-
.report()
557-
.missing_field("previous transaction ID", context);
558-
return None;
559525
}
526+
cip509
527+
.report()
528+
.missing_field("previous transaction ID", context);
529+
return None;
560530
};
561531

562532
// Previous transaction ID in the CIP509 should equal to the current transaction ID
@@ -586,7 +556,7 @@ impl RegistrationChainInner {
586556

587557
if cip509.txn_inputs_hash().is_none() {
588558
cip509.report().missing_field("txn inputs hash", context);
589-
};
559+
}
590560

591561
let Some(purpose) = cip509.purpose() else {
592562
cip509.report().missing_field("purpose", context);
@@ -749,6 +719,32 @@ fn check_validation_signature(
749719
}
750720
}
751721

722+
/// Checks that a new registration doesn't contain a signing key that was used by any
723+
/// other chain.
724+
async fn check_signing_pk<State>(
725+
cat_id: &CatalystId,
726+
cip509: &Cip509,
727+
state: &State,
728+
) -> anyhow::Result<()>
729+
where
730+
State: RBACState,
731+
{
732+
for role in cip509.all_roles() {
733+
if let Some(key) = cip509.signing_pk_for_role(role) {
734+
if let Some(previous) = state.chain_catalyst_id_from_public_key(&key).await? {
735+
if &previous != cat_id {
736+
cip509.report().functional_validation(
737+
&format!("An update to {cat_id} registration chain uses the same public key ({key:?}) as {previous} chain"),
738+
"It isn't allowed to use role 0 signing (certificate subject public) key in different chains",
739+
);
740+
}
741+
}
742+
}
743+
}
744+
745+
Ok(())
746+
}
747+
752748
#[cfg(test)]
753749
mod test {
754750
use catalyst_types::catalyst_id::role_index::RoleId;

0 commit comments

Comments
 (0)