Rewrite get_json_signature to return signer type along with other info

2022-11-02 17:15:15 +00:00 · 2022-11-02 17:15:15 +00:00 · cdd3bfb6df
commit cdd3bfb6df
parent 75fe4df328
2 changed files with 25 additions and 11 deletions
--- a/src/activitypub/authentication.rs
+++ b/src/activitypub/authentication.rs
@ -11,8 +11,9 @@ use crate::http_signatures::verify::{
 };
 use crate::json_signatures::verify::{
    get_json_signature,
-    verify_json_signature,
+    verify_jcs_rsa_signature,
    JsonSignatureVerificationError as JsonSignatureError,
+    JsonSigner,
 };
 use crate::models::profiles::queries::get_profile_by_remote_actor_id;
 use crate::models::profiles::types::DbActorProfile;
@ -106,7 +107,9 @@ pub async fn verify_signed_activity(
            other_error => other_error.into(),
        }
    })?;
-    let actor_id = key_id_to_actor_id(&signature_data.key_id)?;
+
+    let JsonSigner::ActorKeyId(ref key_id) = signature_data.signer;
+    let actor_id = key_id_to_actor_id(key_id)?;
    let actor_profile = match get_or_import_profile_by_actor_id(
        db_client,
        &config.instance(),
@ -123,7 +126,7 @@ pub async fn verify_signed_activity(
        .ok_or(AuthenticationError::ActorError("invalid profile".to_string()))?;
    let public_key = deserialize_public_key(&actor.public_key.public_key_pem)?;

-    verify_json_signature(&signature_data, &public_key)?;
+    verify_jcs_rsa_signature(&signature_data, &public_key)?;

    Ok(actor_profile)
 }
--- a/src/json_signatures/verify.rs
+++ b/src/json_signatures/verify.rs
@ -15,8 +15,13 @@ use super::create::{
    PROOF_PURPOSE,
 };

+#[derive(Debug, PartialEq)]
+pub enum JsonSigner {
+    ActorKeyId(String),
+}
+
 pub struct SignatureData {
-    pub key_id: String,
+    pub signer: JsonSigner,
    pub message: String,
    pub signature: String,
 }
@ -54,21 +59,23 @@ pub fn get_json_signature(
        .ok_or(VerificationError::NoProof)?;
    let proof: IntegrityProof = serde_json::from_value(proof_value)
        .map_err(|_| VerificationError::InvalidProof("invalid proof"))?;
-    if proof.proof_type != PROOF_TYPE_JCS_RSA ||
-        proof.proof_purpose != PROOF_PURPOSE
-    {
+    if proof.proof_purpose != PROOF_PURPOSE {
+        return Err(VerificationError::InvalidProof("invalid proof purpose"));
+    };
+    if proof.proof_type != PROOF_TYPE_JCS_RSA {
        return Err(VerificationError::InvalidProof("unsupported proof type"));
    };
+    let signer = JsonSigner::ActorKeyId(proof.verification_method);
    let message = canonicalize_object(&object)?;
    let signature_data = SignatureData {
-        key_id: proof.verification_method,
+        signer: signer,
        message: message,
        signature: proof.proof_value,
    };
    Ok(signature_data)
 }

-pub fn verify_json_signature(
+pub fn verify_jcs_rsa_signature(
    signature_data: &SignatureData,
    signer_key: &RsaPublicKey,
 ) -> Result<(), VerificationError> {
@ -129,10 +136,14 @@ mod tests {
        ).unwrap();

        let signature_data = get_json_signature(&signed_object).unwrap();
-        assert_eq!(signature_data.key_id, signer_key_id);
+        let expected_signer = JsonSigner::ActorKeyId(signer_key_id.to_string());
+        assert_eq!(signature_data.signer, expected_signer);

        let signer_public_key = RsaPublicKey::from(signer_key);
-        let result = verify_json_signature(&signature_data, &signer_public_key);
+        let result = verify_jcs_rsa_signature(
+            &signature_data,
+            &signer_public_key,
+        );
        assert_eq!(result.is_ok(), true);
    }
 }