diff --git a/src/functions.rs b/src/functions.rs index a0299fe8..d1e92c3e 100644 --- a/src/functions.rs +++ b/src/functions.rs @@ -179,8 +179,10 @@ pub fn canonical_json(value: &Value) -> Result { /// # Parameters /// /// * verifier: A `Verifier` appropriate for the digital signature algorithm that was used. -/// * public_key: The public key of the key pair used to sign the JSON, as a series of bytes. -/// * signature: The `Signature` to verify. +/// * public_key_map: A map from entity identifiers to a map from key identifiers to public keys. +/// Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g. +/// "example.com") for which a signature must be verified. Key identifiers for each server (e.g. +/// "ed25519:1") then map to their respective public keys. /// * value: The `serde_json::Value` (JSON value) that was signed. /// /// # Errors @@ -220,15 +222,15 @@ pub fn canonical_json(value: &Value) -> Result { /// // Create the `SignatureMap` that will inform `verify_json` which signatures to verify. /// let mut signature_set = HashMap::new(); /// signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); -/// let mut verify_key_map = HashMap::new(); -/// verify_key_map.insert("example.com".to_string(), signature_set); +/// let mut public_key_map = HashMap::new(); +/// public_key_map.insert("example.com".to_string(), signature_set); /// -/// // Verify at least one signature for each entity in `verify_key_map`. -/// assert!(ruma_signatures::verify_json(&verifier, &verify_key_map, &value).is_ok()); +/// // Verify at least one signature for each entity in `public_key_map`. +/// assert!(ruma_signatures::verify_json(&verifier, &public_key_map, &value).is_ok()); /// ``` pub fn verify_json( verifier: &V, - verify_key_map: &SignatureMap, + public_key_map: &SignatureMap, value: &Value, ) -> Result<(), Error> where @@ -247,7 +249,7 @@ where None => return Err(Error::new("JSON object must contain a `signatures` field.")), }; - for (entity_id, verify_keys) in verify_key_map { + for (entity_id, public_keys) in public_key_map { let signature_set = match signature_map.get(entity_id) { Some(set) => set, None => { @@ -259,12 +261,12 @@ where }; let mut maybe_signature = None; - let mut maybe_verify_key = None; + let mut maybe_public_key = None; - for (key_id, verify_key) in verify_keys { + for (key_id, public_key) in public_keys { if let Some(signature) = signature_set.get(key_id) { maybe_signature = Some(signature); - maybe_verify_key = Some(verify_key); + maybe_public_key = Some(public_key); break; } @@ -274,25 +276,25 @@ where Some(signature) => signature, None => { return Err(Error::new( - "event is not signed with any of the given verify keys", + "event is not signed with any of the given public keys", )) } }; - let verify_key = match maybe_verify_key { - Some(verify_key) => verify_key, + let public_key = match maybe_public_key { + Some(public_key) => public_key, None => { return Err(Error::new( - "event is not signed with any of the given verify keys", + "event is not signed with any of the given public keys", )) } }; let signature_bytes = decode_config(signature, STANDARD_NO_PAD)?; - let verify_key_bytes = decode_config(&verify_key, STANDARD_NO_PAD)?; + let public_key_bytes = decode_config(&public_key, STANDARD_NO_PAD)?; - verify_json_with(verifier, &verify_key_bytes, &signature_bytes, value)?; + verify_json_with(verifier, &public_key_bytes, &signature_bytes, value)?; } Ok(()) @@ -313,7 +315,7 @@ where /// /// * The provided JSON value is not a JSON object. /// * Verification fails. -pub fn verify_json_with( +fn verify_json_with( verifier: &V, public_key: &[u8], signature: &[u8], @@ -464,11 +466,7 @@ pub fn reference_hash(value: &Value) -> Result { /// ``` /// /// Notice the addition of `hashes` and `signatures`. -pub fn hash_and_sign_event( - entity_id: &str, - key_pair: &K, - value: &mut Value, -) -> Result<(), Error> +pub fn hash_and_sign_event(entity_id: &str, key_pair: &K, value: &mut Value) -> Result<(), Error> where K: KeyPair, { @@ -517,7 +515,7 @@ where /// # Parameters /// /// * verifier: A `Verifier` appropriate for the digital signature algorithm that was used. -/// * verify_key_map: A map from entity identifiers to a map from key identifiers to public keys. +/// * public_key_map: A map from entity identifiers to a map from key identifiers to public keys. /// Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g. /// "example.com") for which a signature must be verified. Key identifiers for each server (e.g. /// "ed25519:1") then map to their respective public keys. @@ -564,15 +562,15 @@ where /// example_server_keys.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); /// /// // Insert the public keys into a map keyed by entity ID. -/// let mut verify_key_map = HashMap::new(); -/// verify_key_map.insert("domain".to_string(), example_server_keys); +/// let mut public_key_map = HashMap::new(); +/// public_key_map.insert("domain".to_string(), example_server_keys); /// -/// // Verify at least one signature for each entity in `verify_key_map`. -/// assert!(ruma_signatures::verify_event(&verifier, &verify_key_map, &value).is_ok()); +/// // Verify at least one signature for each entity in `public_key_map`. +/// assert!(ruma_signatures::verify_event(&verifier, &public_key_map, &value).is_ok()); /// ``` pub fn verify_event( verifier: &V, - verify_key_map: &SignatureMap, + public_key_map: &SignatureMap, value: &Value, ) -> Result where @@ -607,7 +605,7 @@ where None => return Err(Error::new("JSON object must contain a `signatures` field.")), }; - for (entity_id, verify_keys) in verify_key_map { + for (entity_id, public_keys) in public_key_map { let signature_set = match signature_map.get(entity_id) { Some(set) => set, None => { @@ -619,12 +617,12 @@ where }; let mut maybe_signature = None; - let mut maybe_verify_key = None; + let mut maybe_public_key = None; - for (key_id, verify_key) in verify_keys { + for (key_id, public_key) in public_keys { if let Some(signature) = signature_set.get(key_id) { maybe_signature = Some(signature); - maybe_verify_key = Some(verify_key); + maybe_public_key = Some(public_key); break; } @@ -634,16 +632,16 @@ where Some(signature) => signature, None => { return Err(Error::new( - "event is not signed with any of the given verify keys", + "event is not signed with any of the given public keys", )) } }; - let verify_key = match maybe_verify_key { - Some(verify_key) => verify_key, + let public_key = match maybe_public_key { + Some(public_key) => public_key, None => { return Err(Error::new( - "event is not signed with any of the given verify keys", + "event is not signed with any of the given public keys", )) } }; @@ -652,11 +650,11 @@ where let signature_bytes = decode_config(signature, STANDARD_NO_PAD)?; - let verify_key_bytes = decode_config(&verify_key, STANDARD_NO_PAD)?; + let public_key_bytes = decode_config(&public_key, STANDARD_NO_PAD)?; verify_json_with( verifier, - &verify_key_bytes, + &public_key_bytes, &signature_bytes, &canonical_json, )?; diff --git a/src/lib.rs b/src/lib.rs index 9c834df5..1e6f5963 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -322,10 +322,10 @@ mod test { let mut signature_set = HashMap::new(); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); - let mut verify_key_map = HashMap::new(); - verify_key_map.insert("example.com".to_string(), signature_set); + let mut public_key_map = HashMap::new(); + public_key_map.insert("example.com".to_string(), signature_set); - assert!(verify_json(&verifier, &verify_key_map, &value).is_ok()); + assert!(verify_json(&verifier, &public_key_map, &value).is_ok()); } #[test] @@ -392,16 +392,16 @@ mod test { let mut signature_set = HashMap::new(); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); - let mut verify_key_map = HashMap::new(); - verify_key_map.insert("example.com".to_string(), signature_set); + let mut public_key_map = HashMap::new(); + public_key_map.insert("example.com".to_string(), signature_set); - assert!(verify_json(&verifier, &verify_key_map, &value).is_ok()); + assert!(verify_json(&verifier, &public_key_map, &value).is_ok()); let reverse_value = from_str( r#"{"two":"Two","signatures":{"example.com":{"ed25519:1":"KqmLSbO39/Bzb0QIYE82zqLwsA+PDzYIpIRA2sRQ4sL53+sN6/fpNSoqE7BP7vBZhG6kYdD13EIMJpvhJI+6Bw"}},"one":1}"# ).unwrap(); - assert!(verify_json(&verifier, &verify_key_map, &reverse_value).is_ok()); + assert!(verify_json(&verifier, &public_key_map, &reverse_value).is_ok()); } #[test] @@ -413,10 +413,10 @@ mod test { let mut signature_set = HashMap::new(); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); - let mut verify_key_map = HashMap::new(); - verify_key_map.insert("example.com".to_string(), signature_set); + let mut public_key_map = HashMap::new(); + public_key_map.insert("example.com".to_string(), signature_set); - assert!(verify_json(&verifier, &verify_key_map, &value).is_err()); + assert!(verify_json(&verifier, &public_key_map, &value).is_err()); } #[test] @@ -501,8 +501,8 @@ mod test { let mut signature_set = HashMap::new(); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); - let mut verify_key_map = HashMap::new(); - verify_key_map.insert("domain".to_string(), signature_set); + let mut public_key_map = HashMap::new(); + public_key_map.insert("domain".to_string(), signature_set); let value = from_str( r#"{ @@ -531,6 +531,6 @@ mod test { let verifier = Ed25519Verifier; - assert!(verify_event(&verifier, &verify_key_map, &value).is_ok()); + assert!(verify_event(&verifier, &public_key_map, &value).is_ok()); } }