Store and update certificate URIs in the registration chain

Author: stanislav-tkach

rust/rbac-registration/src/cardano/cip509/utils/cip134/uri.rs

@@ -13,7 +13,7 @@ use pallas::ledger::addresses::Address;
 /// See the [proposal] for more details.
 ///
 /// [proposal]: https://github.com/cardano-foundation/CIPs/pull/888
-#[derive(Debug, Eq, PartialEq)]
+#[derive(Debug, Clone, Eq, PartialEq)]
 #[allow(clippy::module_name_repetitions)]
 pub struct Cip0134Uri {
     /// A URI string.

rust/rbac-registration/src/cardano/cip509/utils/cip134/uri_set.rs

@@ -14,7 +14,10 @@ use x509_cert::der::oid::db::rfc5912::ID_CE_SUBJECT_ALT_NAME;
 
 use crate::{
     cardano::cip509::{
-        rbac::certs::{C509Cert, X509DerCert},
+        rbac::{
+            certs::{C509Cert, X509DerCert},
+            Cip509RbacMetadata,
+        },
         utils::Cip0134Uri,
         validation::URI,
     },
@@ -33,7 +36,7 @@ type UrisMap = HashMap<usize, Box<[Cip0134Uri]>>;
 pub struct Cip0134UriSet(Arc<Cip0134UriSetInner>);
 
 /// Internal `Cip0134UriSet` data.
-#[derive(Debug, Eq, PartialEq)]
+#[derive(Debug, Clone, Eq, PartialEq)]
 struct Cip0134UriSetInner {
     /// URIs from x509 certificates.
     x_uris: UrisMap,
@@ -71,6 +74,74 @@ impl Cip0134UriSet {
     pub fn is_empty(&self) -> bool {
         self.x_uris().is_empty() && self.c_uris().is_empty()
     }
+
+    /// Return the updated URIs set.
+    ///
+    /// The resulting set includes all the data from both the original and a new one. In
+    /// the following example for brevity we only consider ony type of uris:
+    /// ```text
+    /// // Original data:
+    /// 0: [uri_1]
+    /// 1: [uri_2, uri_3]
+    ///
+    /// // New data:
+    /// 0: undefined
+    /// 1: deleted
+    /// 2: [uri_4]
+    ///
+    /// // Resulting data:
+    /// 0: [uri_1]
+    /// 2: [uri_4]
+    /// ```
+    #[must_use]
+    pub fn update(self, metadata: &Cip509RbacMetadata) -> Self {
+        if self == metadata.certificate_uris {
+            // Nothing to update.
+            return self;
+        }
+
+        let Cip0134UriSetInner {
+            mut x_uris,
+            mut c_uris,
+        } = Arc::unwrap_or_clone(self.0);
+
+        for (index, cert) in metadata.x509_certs.iter().enumerate() {
+            match cert {
+                X509DerCert::Undefined => {
+                    // The certificate wasn't changed - there is nothing to do.
+                },
+                X509DerCert::Deleted => {
+                    x_uris.remove(&index);
+                },
+                X509DerCert::X509Cert(_) => {
+                    if let Some(uris) = metadata.certificate_uris.x_uris().get(&index) {
+                        x_uris.insert(index, uris.clone());
+                    }
+                },
+            }
+        }
+
+        for (index, cert) in metadata.c509_certs.iter().enumerate() {
+            match cert {
+                C509Cert::Undefined => {
+                    // The certificate wasn't changed - there is nothing to do.
+                },
+                C509Cert::Deleted => {
+                    c_uris.remove(&index);
+                },
+                C509Cert::C509CertInMetadatumReference(_) => {
+                    debug!("Ignoring unsupported metadatum reference");
+                },
+                C509Cert::C509Certificate(_) => {
+                    if let Some(uris) = metadata.certificate_uris.c_uris().get(&index) {
+                        c_uris.insert(index, uris.clone());
+                    }
+                },
+            }
+        }
+
+        Self(Arc::new(Cip0134UriSetInner { x_uris, c_uris }))
+    }
 }
 
 /// Iterates over X509 certificates and extracts CIP-0134 URIs.

rust/rbac-registration/src/registration/cardano/mod.rs

@@ -32,6 +32,7 @@ use crate::{
             pub_key::SimplePublicKeyType,
         },
         types::cert_key_hash::CertKeyHash,
+        utils::Cip0134UriSet,
         Cip509, Cip509Validation,
     },
     utils::general::decremented_index,
@@ -151,6 +152,8 @@ struct RegistrationChainInner {
     x509_certs: HashMap<usize, (PointTxIdx, X509Certificate)>,
     /// Map of index in array to point, transaction index, and c509 certificate.
     c509_certs: HashMap<usize, (PointTxIdx, C509)>,
+    /// A set of URIs contained in both x509 and c509 certificates.
+    certificate_uris: Cip0134UriSet,
     /// Map of index in array to point, transaction index, and public key.
     simple_keys: HashMap<usize, (PointTxIdx, VerifyingKey)>,
     /// List of point, transaction index, and certificate key hash.
@@ -202,6 +205,7 @@ impl RegistrationChainInner {
         let registration = cip509.metadata;
         let point_tx_idx = PointTxIdx::new(point, tx_idx);
 
+        let certificate_uris = registration.certificate_uris;
         let x509_cert_map = chain_root_x509_certs(registration.x509_certs, &point_tx_idx);
         let c509_cert_map = chain_root_c509_certs(registration.c509_certs, &point_tx_idx);
         let public_key_map = chain_root_public_keys(registration.pub_keys, &point_tx_idx);
@@ -221,6 +225,7 @@ impl RegistrationChainInner {
             current_tx_id_hash: txn.hash(),
             x509_certs: x509_cert_map,
             c509_certs: c509_cert_map,
+            certificate_uris,
             simple_keys: public_key_map,
             revocations,
             role_data: role_data_map,
@@ -272,7 +277,7 @@ impl RegistrationChainInner {
 
         let registration = cip509.metadata;
         let point_tx_idx = PointTxIdx::new(point, tx_idx);
-
+        new_inner.certificate_uris = new_inner.certificate_uris.update(&registration);
         update_x509_certs(&mut new_inner, registration.x509_certs, &point_tx_idx);
         update_c509_certs(&mut new_inner, registration.c509_certs, &point_tx_idx)?;
         update_public_keys(&mut new_inner, registration.pub_keys, &point_tx_idx);