Merge branch 'main' into feat/cat-sign-doc-validator

Author: Mr-Leshiy

rust/catalyst-types/src/uuid/mod.rs

@@ -1,5 +1,6 @@
 //! `UUID` types.
 
+pub use uuid::Uuid;
 #[allow(clippy::module_name_repetitions)]
 pub use uuid_v4::UuidV4;
 #[allow(clippy::module_name_repetitions)]

rust/signed_doc/Cargo.toml

@@ -26,6 +26,7 @@ clap = { version = "4.5.23",  features = ["derive", "env"] }
 
 
 [dev-dependencies]
+base64-url = "3.0.0"
 rand = "0.8.5"
 
 

rust/signed_doc/src/lib.rs

@@ -324,12 +324,15 @@ impl Encode<()> for CatalystSignedDocument {
 
 #[cfg(test)]
 mod tests {
+    use std::str::FromStr;
+
+    use ed25519_dalek::SigningKey;
     use metadata::{ContentEncoding, ContentType};
+    use rand::rngs::OsRng;
 
     use super::*;
 
-    #[test]
-    fn catalyst_signed_doc_cbor_roundtrip_test() {
+    fn test_metadata() -> anyhow::Result<(UuidV7, UuidV4, Metadata)> {
         let uuid_v7 = UuidV7::new();
         let uuid_v4 = UuidV4::new();
         let section = "some section".to_string();
@@ -353,7 +356,13 @@ mod tests {
             "brand_id":  {"id": uuid_v7.to_string()},
             "category_id": {"id": uuid_v7.to_string()},
         }))
-        .unwrap();
+        .map_err(|_| anyhow::anyhow!("Invalid example metadata. This should not happen."))?;
+        Ok((uuid_v7, uuid_v4, metadata))
+    }
+
+    #[test]
+    fn catalyst_signed_doc_cbor_roundtrip_test() {
+        let (uuid_v7, uuid_v4, metadata) = test_metadata().unwrap();
         let content = serde_json::to_vec(&serde_json::Value::Null).unwrap();
 
         let doc = Builder::new()
@@ -371,4 +380,37 @@ mod tests {
         assert_eq!(decoded.doc_content().decoded_bytes(), &content);
         assert_eq!(decoded.doc_meta(), metadata.extra());
     }
+
+    #[test]
+    fn signature_verification_test() {
+        let mut csprng = OsRng;
+        let sk: SigningKey = SigningKey::generate(&mut csprng);
+        let content = serde_json::to_vec(&serde_json::Value::Null).unwrap();
+        let pk = sk.verifying_key();
+
+        let kid_str = format!(
+            "kid.catalyst-rbac://cardano/{}/0/0",
+            base64_url::encode(pk.as_bytes())
+        );
+
+        let kid = KidUri::from_str(&kid_str).unwrap();
+        let (_, _, metadata) = test_metadata().unwrap();
+        let signed_doc = Builder::new()
+            .with_decoded_content(content)
+            .with_metadata(metadata)
+            .add_signature(sk.to_bytes(), kid.clone())
+            .unwrap()
+            .build()
+            .unwrap();
+
+        assert!(signed_doc
+            .verify(|k| {
+                if k.to_string() == kid.to_string() {
+                    pk
+                } else {
+                    k.role0_pk()
+                }
+            })
+            .is_ok());
+    }
 }

rust/signed_doc/src/metadata/extra_fields.rs

@@ -1,6 +1,5 @@
 //! Catalyst Signed Document Extra Fields.
 
-use anyhow::bail;
 use catalyst_types::{problem_report::ProblemReport, uuid::UuidV4};
 use coset::{cbor::Value, Label, ProtectedHeader};
 
@@ -160,12 +159,14 @@ impl ExtraFields {
     }
 
     /// Converting COSE Protected Header to `ExtraFields`.
+    /// Return `None` if it fails during
     #[allow(clippy::too_many_lines)]
     pub(crate) fn from_protected_header(
         protected: &ProtectedHeader, error_report: &ProblemReport,
-    ) -> anyhow::Result<Self> {
+    ) -> Option<Self> {
         /// Context for error messages.
         const CONTEXT: &str = "COSE ProtectedHeader to ExtraFields";
+        let mut valid = true;
 
         let mut extra = ExtraFields::default();
 
@@ -177,6 +178,7 @@ impl ExtraFields {
                     extra.doc_ref = Some(doc_ref);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header doc ref",
                         &format!("{cbor_doc_ref:?}"),
@@ -195,6 +197,7 @@ impl ExtraFields {
                     extra.template = Some(doc_template);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header document template",
                         &format!("{cbor_doc_template:?}"),
@@ -213,6 +216,7 @@ impl ExtraFields {
                     extra.reply = Some(doc_reply);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header document reply",
                         &format!("{cbor_doc_reply:?}"),
@@ -231,6 +235,7 @@ impl ExtraFields {
                     extra.section = Some(doc_section);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "COSE protected header document section",
                         &format!("{cbor_doc_section:?}"),
@@ -253,6 +258,7 @@ impl ExtraFields {
                                 c.push(collaborator);
                             },
                             Err(e) => {
+                                valid = false;
                                 error_report.conversion_error(
                                     &format!("COSE protected header collaborator index {ids}"),
                                     &format!("{collaborator:?}"),
@@ -265,6 +271,7 @@ impl ExtraFields {
                     extra.collabs = c;
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header collaborators",
                         &format!("{cbor_doc_collabs:?}"),
@@ -283,6 +290,7 @@ impl ExtraFields {
                     extra.brand_id = Some(brand_id);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header brand ID",
                         &format!("{cbor_doc_brand_id:?}"),
@@ -301,6 +309,7 @@ impl ExtraFields {
                     extra.campaign_id = Some(campaign_id);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header campaign ID",
                         &format!("{cbor_doc_campaign_id:?}"),
@@ -319,6 +328,7 @@ impl ExtraFields {
                     extra.election_id = Some(election_id);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header election ID",
                         &format!("{cbor_doc_election_id:?}"),
@@ -337,6 +347,7 @@ impl ExtraFields {
                     extra.category_id = Some(category_id);
                 },
                 Err(e) => {
+                    valid = false;
                     error_report.conversion_error(
                         "CBOR COSE protected header category ID",
                         &format!("{cbor_doc_category_id:?}"),
@@ -347,10 +358,7 @@ impl ExtraFields {
             }
         }
 
-        if error_report.is_problematic() {
-            bail!("Failed to convert COSE ProtectedHeader to ExtraFields");
-        }
-        Ok(extra)
+        valid.then_some(extra)
     }
 }
 

rust/signed_doc/src/metadata/mod.rs

@@ -217,18 +217,7 @@ impl Metadata {
             error_report.missing_field("ver", "Missing ver field in COSE protected header");
         }
 
-        let extra = ExtraFields::from_protected_header(protected, error_report).map_or_else(
-            |e| {
-                error_report.conversion_error(
-                    "COSE protected header",
-                    &format!("{protected:?}"),
-                    &format!("Expected ExtraField: {e}"),
-                    &format!("{CONTEXT}, ExtraFields"),
-                );
-                None
-            },
-            Some,
-        );
+        let extra = ExtraFields::from_protected_header(protected, error_report);
 
         match (content_type, content_encoding, id, doc_type, ver, extra) {
             (