wip (#3601)

Author: Mr-Leshiy

catalyst-gateway/bin/Cargo.toml

@@ -15,12 +15,12 @@ repository.workspace = true
 workspace = true
 
 [dependencies]
-cardano-chain-follower = { version = "0.0.16", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "cardano-chain-follower/v0.0.16" }
-rbac-registration = { version = "0.0.12", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "rbac-registration/v0.0.12" }
-catalyst-signed-doc = { version = "0.0.8", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-signed-doc/v0.0.8" }
+cardano-chain-follower = { version = "0.0.17", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "cardano-chain-follower/v0.0.17" }
+rbac-registration = { version = "0.0.13", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "rbac-registration/v0.0.13" }
+catalyst-signed-doc = { version = "0.0.9", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-signed-doc/v0.0.9" }
 catalyst-signed-doc-v1 = { package = "catalyst-signed-doc", version = "0.0.4", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-signed-doc/v.0.0.4" }
 c509-certificate = { version = "0.0.3", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "c509-certificate-v0.0.3" }
-catalyst-types = { version = "0.0.8", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-types/v0.0.8" }
+catalyst-types = { version = "0.0.9", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-types/v0.0.9" }
 
 clap = { version = "4.5.20", features = ["derive", "env"] }
 tracing = { version = "0.1.40", features = ["log"] }

catalyst-gateway/bin/src/rbac/get_chain.rs

@@ -23,15 +23,13 @@ use crate::{
 /// Returns the latest (including the volatile part) registration chain by the given
 /// Catalyst ID.
 pub async fn latest_rbac_chain(id: &CatalystId) -> Result<Option<ChainInfo>> {
-    let id = id.as_short_id();
-
     let volatile_session =
         CassandraSession::get(false).context("Failed to get volatile Cassandra session")?;
     // Get the persistent part of the chain and volatile registrations. Both of these parts
     // can be non-existing.
     let (chain, volatile_regs) = try_join(
-        persistent_rbac_chain(&id),
-        indexed_regs(&volatile_session, &id),
+        persistent_rbac_chain(id),
+        indexed_regs(&volatile_session, id),
     )
     .await?;
 
@@ -70,14 +68,11 @@ pub async fn latest_rbac_chain(id: &CatalystId) -> Result<Option<ChainInfo>> {
 /// Returns only the persistent part of a registration chain by the given Catalyst ID.
 pub async fn persistent_rbac_chain(id: &CatalystId) -> Result<Option<RegistrationChain>> {
     let session = CassandraSession::get(true).context("Failed to get Cassandra session")?;
-
-    let id = id.as_short_id();
-
-    if let Some(chain) = cached_persistent_rbac_chain(&session, &id) {
+    if let Some(chain) = cached_persistent_rbac_chain(&session, id) {
         return Ok(Some(chain));
     }
 
-    let regs = indexed_regs(&session, &id).await?;
+    let regs = indexed_regs(&session, id).await?;
     let chain = build_rbac_chain(regs).await?.inspect(|c| {
         cache_persistent_rbac_chain(id.clone(), c.clone());
     });

catalyst-gateway/bin/src/service/api/documents/common/mod.rs

@@ -1,8 +1,6 @@
 //! A module for placing common structs, functions, and variables across the `document`
 //! endpoint module not specified to a specific endpoint.
 
-use std::collections::HashMap;
-
 use catalyst_signed_doc::CatalystSignedDocument;
 
 use crate::{
@@ -157,16 +155,23 @@ impl catalyst_signed_doc_v1::providers::CatalystSignedDocumentProvider for DocPr
 // TODO: make the struct to support multi sigs validation
 /// A struct which implements a
 /// `catalyst_signed_doc::providers::CatalystSignedDocumentProvider` trait
-pub(crate) struct VerifyingKeyProvider(
-    HashMap<catalyst_signed_doc::CatalystId, ed25519_dalek::VerifyingKey>,
-);
+pub(crate) struct VerifyingKeyProvider {
+    /// A user's `CatalystId` from the corresponding `CatalystRBACTokenV1`
+    kid: catalyst_signed_doc::CatalystId,
+    /// A corresponding `VerifyingKey` derived from the `CatalystRBACTokenV1`
+    pk: ed25519_dalek::VerifyingKey,
+}
 
 impl catalyst_signed_doc::providers::CatalystIdProvider for VerifyingKeyProvider {
     async fn try_get_registered_key(
         &self,
         kid: &catalyst_signed_doc::CatalystId,
     ) -> anyhow::Result<Option<ed25519_dalek::VerifyingKey>> {
-        Ok(self.0.get(kid).copied())
+        if &self.kid == kid {
+            Ok(Some(self.pk))
+        } else {
+            Ok(None)
+        }
     }
 }
 
@@ -203,39 +208,38 @@ impl VerifyingKeyProvider {
             anyhow::bail!("Multi-signature document is currently unsupported");
         }
 
-        if kids
-            .iter()
-            .any(|kid| kid.as_short_id() != token.catalyst_id().as_short_id())
-        {
+        let [kid] = kids else {
+            anyhow::bail!("Multi-signature document is currently unsupported");
+        };
+
+        if kid != token.catalyst_id() {
             anyhow::bail!("RBAC Token CatID does not match with the document KIDs");
         }
 
         let Some(reg_chain) = token.reg_chain().await? else {
             anyhow::bail!("Failed to retrieve a registration from corresponding Catalyst ID");
         };
 
-        let result = kids.iter().map(|kid| {
-            if !kid.is_signature_key() {
-                anyhow::bail!("Invalid KID {kid}: KID must be a signing key not an encryption key");
-            }
+        if !kid.is_signature_key() {
+            anyhow::bail!("Invalid KID {kid}: KID must be a signing key not an encryption key");
+        }
 
-            let (kid_role_index, kid_rotation) = kid.role_and_rotation();
-            let (latest_pk, rotation) = reg_chain
-                .get_latest_signing_pk_for_role(&kid_role_index)
-                .ok_or_else(|| {
+        let (kid_role_index, kid_rotation) = kid.role_and_rotation();
+        let (latest_pk, rotation) = reg_chain
+            .get_latest_signing_pk_for_role(&kid_role_index)
+            .ok_or_else(|| {
                 anyhow::anyhow!(
                     "Failed to get last signing key for the proposer role for {kid} Catalyst ID"
                 )
             })?;
 
-            if rotation != kid_rotation {
-                anyhow::bail!("Invalid KID {kid}: KID's rotation ({kid_rotation}) is not the latest rotation ({rotation})");
-            }
+        if rotation != kid_rotation {
+            anyhow::bail!("Invalid KID {kid}: KID's rotation ({kid_rotation}) is not the latest rotation ({rotation})");
+        }
 
-            Ok((kid.clone(), latest_pk))
+        Ok(Self {
+            kid: kid.clone(),
+            pk: latest_pk,
         })
-        .collect::<Result<_, _>>()?;
-
-        Ok(Self(result))
     }
 }

catalyst-gateway/bin/src/service/api/documents/put_document/mod.rs

@@ -76,7 +76,7 @@ pub(crate) async fn endpoint(
 
     // validate document signatures
     let verifying_key_provider =
-        match VerifyingKeyProvider::try_from_kids(&mut token, &doc.kids()).await {
+        match VerifyingKeyProvider::try_from_kids(&mut token, &doc.authors()).await {
             Ok(value) => value,
             Err(err) if err.is::<CassandraSessionError>() => {
                 return AllResponses::service_unavailable(&err, RetryAfterOption::Default)
@@ -194,7 +194,11 @@ async fn store_document_in_db(
     doc: &catalyst_signed_doc::CatalystSignedDocument,
     doc_bytes: Vec<u8>,
 ) -> anyhow::Result<bool> {
-    let authors = doc.authors().iter().map(ToString::to_string).collect();
+    let authors = doc
+        .authors()
+        .iter()
+        .map(|v| v.as_short_id().to_string())
+        .collect();
 
     let doc_meta_json = doc.doc_meta().to_json()?;