feature(client-cli): add function in VerifiedDigests to list tampered immutables files

turmelclem · turmelclem · commit 8d91cc79b390 · 2025-07-11T15:26:49.000+02:00
diff --git a/mithril-client/src/cardano_database_client/proving.rs b/mithril-client/src/cardano_database_client/proving.rs
@@ -32,6 +32,37 @@ pub struct VerifiedDigests {
     pub merkle_tree: MKTree<MKTreeStoreInMemory>,
 }
 
+#[derive(PartialEq, Debug)]
+pub(crate) struct InvalidImmutableFiles {
+    pub tampered_files: Vec<ImmutableFileName>,
+    pub non_verifiable_files: Vec<ImmutableFileName>,
+}
+
+impl VerifiedDigests {
+    pub(crate) fn list_tampered_immutable_files(
+        &self,
+        computed_digests: &BTreeMap<ImmutableFileName, HexEncodedDigest>,
+    ) -> MithrilResult<InvalidImmutableFiles> {
+        let mut tampered_files = vec![];
+        let mut non_verifiable_files = vec![];
+
+        computed_digests.iter().for_each(|(immutable_file_name, digest)| {
+            if let Some(verified_digest) = self.digests.get(immutable_file_name) {
+                if verified_digest != digest {
+                    tampered_files.push(immutable_file_name.clone());
+                }
+            } else {
+                non_verifiable_files.push(immutable_file_name.clone());
+            }
+        });
+
+        Ok(InvalidImmutableFiles {
+            tampered_files,
+            non_verifiable_files,
+        })
+    }
+}
+
 pub struct InternalArtifactProver {
     http_file_downloader: Arc<dyn FileDownloader>,
     logger: slog::Logger,
@@ -211,6 +242,92 @@ mod tests {
 
     use super::*;
 
+    mod list_tampered_immutable_files {
+
+        use super::*;
+
+        #[test]
+        fn should_return_empty_list_when_no_tampered_files() {
+            let digests_to_verify = BTreeMap::from([
+                ("00001.chunk".to_string(), "digest-1".to_string()),
+                ("00002.chunk".to_string(), "digest-2".to_string()),
+            ]);
+
+            let verified_digests = VerifiedDigests {
+                digests: BTreeMap::from([
+                    ("00001.chunk".to_string(), "digest-1".to_string()),
+                    ("00002.chunk".to_string(), "digest-2".to_string()),
+                ]),
+                merkle_tree: MKTree::new(&["whatever"]).unwrap(),
+            };
+
+            let invalid_files = verified_digests
+                .list_tampered_immutable_files(&digests_to_verify)
+                .unwrap();
+
+            assert_eq!(
+                invalid_files,
+                InvalidImmutableFiles {
+                    tampered_files: vec![],
+                    non_verifiable_files: vec![],
+                }
+            );
+        }
+
+        #[test]
+        fn should_return_list_with_tampered_files() {
+            let digests_to_verify = BTreeMap::from([
+                ("00001.chunk".to_string(), "digest-1".to_string()),
+                ("00002.chunk".to_string(), "digest-2".to_string()),
+            ]);
+
+            let verified_digests = VerifiedDigests {
+                digests: BTreeMap::from([
+                    ("00001.chunk".to_string(), "digest-1".to_string()),
+                    ("00002.chunk".to_string(), "INVALID".to_string()),
+                ]),
+                merkle_tree: MKTree::new(&["whatever"]).unwrap(),
+            };
+
+            let invalid_files = verified_digests
+                .list_tampered_immutable_files(&digests_to_verify)
+                .unwrap();
+
+            assert_eq!(
+                invalid_files,
+                InvalidImmutableFiles {
+                    tampered_files: vec!["00002.chunk".to_string()],
+                    non_verifiable_files: vec![],
+                }
+            );
+        }
+
+        #[test]
+        fn should_return_list_with_non_verifiable() {
+            let digests_to_verify = BTreeMap::from([
+                ("00001.chunk".to_string(), "digest-1".to_string()),
+                ("00002.not.verifiable".to_string(), "digest-2".to_string()),
+            ]);
+
+            let verified_digests = VerifiedDigests {
+                digests: BTreeMap::from([("00001.chunk".to_string(), "digest-1".to_string())]),
+                merkle_tree: MKTree::new(&["whatever"]).unwrap(),
+            };
+
+            let invalid_files = verified_digests
+                .list_tampered_immutable_files(&digests_to_verify)
+                .unwrap();
+
+            assert_eq!(
+                invalid_files,
+                InvalidImmutableFiles {
+                    tampered_files: vec![],
+                    non_verifiable_files: vec!["00002.not.verifiable".to_string()],
+                }
+            );
+        }
+    }
+
     mod download_and_verify_digests {
         use mithril_common::{
             StdResult,
