From a00db2d764825d9a39b420c8f89c98e089d13b2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20Kr=C3=BCger?= Date: Thu, 28 Mar 2024 21:49:25 +0100 Subject: [PATCH] Rename `CannotCidOr`, API for creating powerlines & more (#18) --- src/crypto/signature/envelope.rs | 100 +++++++++++++++---------------- src/delegation.rs | 23 ++++--- src/delegation/agent.rs | 58 ++++++++---------- src/delegation/payload.rs | 23 ++++--- src/delegation/store.rs | 2 +- src/delegation/store/memory.rs | 32 ++-------- src/delegation/store/traits.rs | 49 ++++++--------- src/invocation/agent.rs | 13 ++-- src/invocation/payload.rs | 6 +- src/invocation/store/memory.rs | 13 +--- src/invocation/store/traits.rs | 31 +++------- 11 files changed, 146 insertions(+), 204 deletions(-) diff --git a/src/crypto/signature/envelope.rs b/src/crypto/signature/envelope.rs index 58282a53..60165def 100644 --- a/src/crypto/signature/envelope.rs +++ b/src/crypto/signature/envelope.rs @@ -1,4 +1,5 @@ use crate::ability::arguments::Named; +use crate::crypto::varsig::Header; use crate::{capsule::Capsule, crypto::varsig, did::Did}; use libipld_core::{ cid::Cid, @@ -10,6 +11,7 @@ use libipld_core::{ use signature::SignatureEncoding; use signature::Verifier; use std::collections::BTreeMap; +use std::io::Write; use thiserror::Error; pub trait Envelope: Sized { @@ -30,60 +32,61 @@ pub trait Envelope: Sized { ) -> Self; fn to_ipld_envelope(&self) -> Ipld { - let inner_args: Named = self.payload().clone().into(); - let inner_ipld: Ipld = inner_args.into(); - - let wrapped_payload: Ipld = - BTreeMap::from_iter([(Self::Payload::TAG.into(), inner_ipld)]).into(); - - let header_bytes: Vec = (*self.varsig_header()).clone().into(); + let wrapped_payload = Self::wrap_payload(self.payload().clone()); + let header_bytes: Vec = self.varsig_header().clone().into(); let header: Ipld = vec![header_bytes.into(), wrapped_payload].into(); let sig_bytes: Ipld = self.signature().to_vec().into(); vec![sig_bytes.into(), header].into() } + fn wrap_payload(payload: Self::Payload) -> Ipld { + let inner_args: Named = payload.into(); + let inner_ipld: Ipld = inner_args.into(); + BTreeMap::from_iter([(Self::Payload::TAG.into(), inner_ipld)]).into() + } + fn try_from_ipld_envelope( ipld: Ipld, ) -> Result>>::Error>> { - if let Ipld::List(list) = ipld { - if let [Ipld::Bytes(sig), Ipld::List(inner)] = list.as_slice() { - if let [Ipld::Bytes(varsig_header), Ipld::Map(btree)] = inner.as_slice() { - if let (1, Some(Ipld::Map(inner))) = ( - btree.len(), - btree.get(::TAG.into()), - ) { - let payload = Self::Payload::try_from(Named(inner.clone())) - .map_err(FromIpldError::CannotParsePayload)?; - - let varsig_header = Self::VarsigHeader::try_from(varsig_header.as_slice()) - .map_err(|_| FromIpldError::CannotParseVarsigHeader)?; - - let signature = ::Signature::try_from(sig.as_slice()) - .map_err(|_| FromIpldError::CannotParseSignature)?; - - Ok(Self::construct(varsig_header, signature, payload)) - } else { - Err(FromIpldError::InvalidPayloadCapsule) - } - } else { - Err(FromIpldError::InvalidVarsigContainer) - } - } else { - Err(FromIpldError::InvalidSignatureContainer) - } - } else { - Err(FromIpldError::InvalidSignatureContainer) - } + let Ipld::List(list) = ipld else { + return Err(FromIpldError::InvalidSignatureContainer); + }; + + let [Ipld::Bytes(sig), Ipld::List(inner)] = list.as_slice() else { + return Err(FromIpldError::InvalidSignatureContainer); + }; + + let [Ipld::Bytes(varsig_header), Ipld::Map(btree)] = inner.as_slice() else { + return Err(FromIpldError::InvalidVarsigContainer); + }; + + let (1, Some(Ipld::Map(inner))) = ( + btree.len(), + btree.get(::TAG.into()), + ) else { + return Err(FromIpldError::InvalidPayloadCapsule); + }; + + let payload = Self::Payload::try_from(Named(inner.clone())) + .map_err(FromIpldError::CannotParsePayload)?; + + let varsig_header = Self::VarsigHeader::try_from(varsig_header.as_slice()) + .map_err(|_| FromIpldError::CannotParseVarsigHeader)?; + + let signature = ::Signature::try_from(sig.as_slice()) + .map_err(|_| FromIpldError::CannotParseSignature)?; + + Ok(Self::construct(varsig_header, signature, payload)) } - fn varsig_encode(self, w: &mut Vec) -> Result<(), libipld_core::error::Error> + fn varsig_encode(&self, mut w: W) -> Result where - Ipld: Encode + From, + Ipld: Encode, { - let codec = varsig::header::Header::codec(self.varsig_header()).clone(); - let ipld = Ipld::from(self); - ipld.encode(codec, w) + let codec = self.varsig_header().codec().clone(); + self.to_ipld_envelope().encode(codec, &mut w)?; + Ok(w) } /// Attempt to sign some payload with a given signer. @@ -132,14 +135,9 @@ pub trait Envelope: Sized { Ipld: Encode, Named: From, { - let ipld: Ipld = BTreeMap::from_iter([( - Self::Payload::TAG.into(), - Named::::from(payload.clone()).into(), - )]) - .into(); - + let ipld = Self::wrap_payload(payload.clone()); let mut buffer = vec![]; - ipld.encode(*varsig::header::Header::codec(&varsig_header), &mut buffer) + ipld.encode(*varsig_header.codec(), &mut buffer) .map_err(SignError::PayloadEncodingError)?; let signature = @@ -188,11 +186,9 @@ pub trait Envelope: Sized { where Ipld: Encode, { - let codec = varsig::header::Header::codec(self.varsig_header()).clone(); - let mut ipld_buffer = vec![]; - self.to_ipld_envelope().encode(codec, &mut ipld_buffer)?; + let encoded = self.varsig_encode(Vec::new())?; + let multihash = Code::Sha2_256.digest(&encoded); - let multihash = Code::Sha2_256.digest(&ipld_buffer); Ok(Cid::new_v1( varsig::header::Header::codec(self.varsig_header()) .clone() diff --git a/src/delegation.rs b/src/delegation.rs index e5c75842..a452f6b3 100644 --- a/src/delegation.rs +++ b/src/delegation.rs @@ -21,15 +21,14 @@ mod payload; pub use agent::Agent; pub use payload::*; -use crate::ability::arguments::Named; use crate::{ + ability::arguments::Named, capsule::Capsule, crypto::{signature::Envelope, varsig, Nonce}, did::{self, Did}, time::{TimeBoundError, Timestamp}, }; -use libipld_core::link::Link; -use libipld_core::{codec::Codec, ipld::Ipld}; +use libipld_core::{codec::Codec, ipld::Ipld, link::Link}; use policy::Predicate; use serde::{Deserialize, Serialize}; use std::collections::BTreeMap; @@ -83,8 +82,8 @@ impl, C: Codec> Delegation { } /// Retrive the `subject` of a [`Delegation`] - pub fn subject(&self) -> &Option { - &self.payload.subject + pub fn subject(&self) -> Option<&DID> { + self.payload.subject.as_ref() } /// Retrive the `audience` of a [`Delegation`] @@ -92,6 +91,16 @@ impl, C: Codec> Delegation { &self.payload.audience } + /// Retrieve the `via` of a [`Delegation`] + pub fn via(&self) -> Option<&DID> { + self.payload.via.as_ref() + } + + /// Retrieve the `command` of a [`Delegation`] + pub fn command(&self) -> &String { + &self.payload.command + } + /// Retrive the `policy` of a [`Delegation`] pub fn policy(&self) -> &Vec { &self.payload.policy @@ -113,8 +122,8 @@ impl, C: Codec> Delegation { } /// Retrive the `expiration` of a [`Delegation`] - pub fn expiration(&self) -> &Timestamp { - &self.payload.expiration + pub fn expiration(&self) -> Option<&Timestamp> { + self.payload.expiration.as_ref() } pub fn check_time(&self, now: SystemTime) -> Result<(), TimeBoundError> { diff --git a/src/delegation/agent.rs b/src/delegation/agent.rs index 38108824..c4395056 100644 --- a/src/delegation/agent.rs +++ b/src/delegation/agent.rs @@ -58,57 +58,47 @@ where pub fn delegate( &self, audience: DID, - subject: &DID, + subject: Option<&DID>, via: Option, command: String, new_policy: Vec, metadata: BTreeMap, - expiration: Timestamp, + expiration: Option, not_before: Option, now: SystemTime, varsig_header: V, - ) -> Result, DelegateError> { + ) -> Result, DelegateError> { let mut salt = self.did.clone().to_string().into_bytes(); let nonce = Nonce::generate_16(); - if *subject == self.did { - let payload: Payload = Payload { - issuer: self.did.clone(), - audience, - subject: Some(subject.clone()), - via, - command, - metadata, - nonce, - expiration: expiration.into(), - not_before: not_before.map(Into::into), - policy: new_policy, - }; - - return Ok(Delegation::try_sign(&self.signer, varsig_header, payload).expect("FIXME")); - } - - let proofs = &self - .store - .get_chain(&self.did, &subject, &command, vec![], now) - .map_err(DelegateError::StoreError)? - .ok_or(DelegateError::ProofsNotFound)?; - let to_delegate = proofs.first().1.payload(); - - let mut policy = to_delegate.policy.clone(); - policy.append(&mut new_policy.clone()); + let (subject, policy) = match subject { + Some(subject) if *subject == self.did => (Some(subject.clone()), new_policy), + None => (None, new_policy), + Some(subject) => { + let proofs = &self + .store + .get_chain(&self.did, &subject, &command, vec![], now) + .map_err(DelegateError::StoreError)? + .ok_or(DelegateError::ProofsNotFound)?; + let to_delegate = proofs.first().1.payload(); + + let mut policy = to_delegate.policy.clone(); + policy.extend(new_policy); + (Some(subject.clone()), policy) + } + }; let payload: Payload = Payload { issuer: self.did.clone(), audience, - subject: Some(subject.clone()), + subject, via, command, - policy, metadata, nonce, - expiration: expiration.into(), - not_before: not_before.map(Into::into), + expiration, + not_before, + policy, }; Ok(Delegation::try_sign(&self.signer, varsig_header, payload).expect("FIXME")) @@ -118,7 +108,7 @@ where &self, cid: Cid, // FIXME remove and generate from the capsule header? delegation: Delegation, - ) -> Result<(), ReceiveError> { + ) -> Result<(), ReceiveError> { if self.store.get(&cid).is_ok() { return Ok(()); } diff --git a/src/delegation/payload.rs b/src/delegation/payload.rs index 064fdca1..f65c18ae 100644 --- a/src/delegation/payload.rs +++ b/src/delegation/payload.rs @@ -77,7 +77,8 @@ pub struct Payload { /// given as a [Unix timestamp]. /// /// [Unix timestamp]: https://en.wikipedia.org/wiki/Unix_time - pub expiration: Timestamp, + #[builder(default)] + pub expiration: Option, /// An optional earliest wall-clock time that the UCAN is valid from, /// given as a [Unix timestamp]. @@ -91,8 +92,10 @@ impl Payload { pub fn check_time(&self, now: SystemTime) -> Result<(), TimeBoundError> { let ts_now = &Timestamp::postel(now); - if &self.expiration < ts_now { - return Err(TimeBoundError::Expired); + if let Some(ref exp) = self.expiration { + if exp < ts_now { + return Err(TimeBoundError::Expired); + } } if let Some(ref nbf) = self.not_before { @@ -190,8 +193,11 @@ where }, "exp" => match ipld { Ipld::Integer(i) => { - expiration = Some(Timestamp::try_from(i).map_err(ParseError::BadTimestamp)?) + expiration = Some(Some( + Timestamp::try_from(i).map_err(ParseError::BadTimestamp)?, + )) } + Ipld::Null => expiration = Some(None), bad => return Err(ParseError::WrongTypeForField("exp".to_string(), bad)), }, "nbf" => match ipld { @@ -308,7 +314,10 @@ impl From> for Named { Ipld::List(payload.policy.into_iter().map(|p| p.into()).collect()) }), ("nonce".to_string(), payload.nonce.into()), - ("exp".to_string(), payload.expiration.into()), + ( + "exp".to_string(), + payload.expiration.map_or(Ipld::Null, |e| e.into()), + ), ]); if let Some(subject) = payload.subject { @@ -348,7 +357,7 @@ where DID::arbitrary_with(did_args), String::arbitrary(), Nonce::arbitrary(), - Timestamp::arbitrary(), + Option::::arbitrary(), Option::::arbitrary(), prop::collection::btree_map(".*", ipld::Newtype::arbitrary(), 0..5).prop_map(|m| { m.into_iter() @@ -442,7 +451,7 @@ mod tests { prop_assert_eq!(cmd.unwrap(), &Ipld::String(payload.command.clone())); prop_assert_eq!(pol.unwrap(), &Ipld::List(payload.policy.clone().into_iter().map(|p| p.into()).collect())); prop_assert_eq!(nonce.unwrap(), &payload.nonce.into()); - prop_assert_eq!(exp.unwrap(), &payload.expiration.into()); + prop_assert_eq!(exp.unwrap(), &payload.expiration.map_or(Ipld::Null, |e| e.into())); // Optional Fields match (payload.subject, named.get("sub")) { diff --git a/src/delegation/store.rs b/src/delegation/store.rs index 680d5f99..22050f87 100644 --- a/src/delegation/store.rs +++ b/src/delegation/store.rs @@ -4,4 +4,4 @@ mod memory; mod traits; pub use memory::MemoryStore; -pub use traits::Store; +pub use traits::*; diff --git a/src/delegation/store/memory.rs b/src/delegation/store/memory.rs index 43260b00..46a2c5ff 100644 --- a/src/delegation/store/memory.rs +++ b/src/delegation/store/memory.rs @@ -144,12 +144,9 @@ where delegation::Payload: TryFrom>, Ipld: Encode, { - type DelegationStoreError = Infallible; + type Error = Infallible; - fn get( - &self, - cid: &Cid, - ) -> Result>>, Self::DelegationStoreError> { + fn get(&self, cid: &Cid) -> Result>>, Self::Error> { // cheap Arc clone Ok(self.lock().ucans.get(cid).cloned()) // FIXME @@ -159,7 +156,7 @@ where &self, cid: Cid, delegation: Delegation, - ) -> Result<(), Self::DelegationStoreError> { + ) -> Result<(), Self::Error> { let mut tx = self.lock(); tx.index @@ -174,7 +171,7 @@ where Ok(()) } - fn revoke(&self, cid: Cid) -> Result<(), Self::DelegationStoreError> { + fn revoke(&self, cid: Cid) -> Result<(), Self::Error> { self.lock().revocations.insert(cid); Ok(()) } @@ -186,8 +183,7 @@ where command: &str, policy: Vec, // FIXME now: SystemTime, - ) -> Result>)>>, Self::DelegationStoreError> - { + ) -> Result>)>>, Self::Error> { let blank_set = BTreeSet::new(); let blank_map = BTreeMap::new(); let tx = self.lock(); @@ -336,7 +332,6 @@ mod tests { .issuer(did.clone()) .audience(did.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -365,7 +360,6 @@ mod tests { .issuer(did.clone()) .audience(did.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -424,7 +418,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -456,7 +449,6 @@ mod tests { .issuer(bob.clone()) .audience(carol.clone()) .command("/example".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -470,7 +462,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -484,7 +475,6 @@ mod tests { .issuer(alice.clone()) .audience(carol.clone()) .command("/test".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -516,7 +506,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -530,7 +519,6 @@ mod tests { .issuer(bob.clone()) .audience(carol.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -572,7 +560,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/test".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -586,7 +573,6 @@ mod tests { .issuer(bob.clone()) .audience(carol.clone()) .command("/test/me".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -635,7 +621,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/test".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -649,7 +634,6 @@ mod tests { .issuer(carol.clone()) .audience(dan.clone()) .command("/test/me".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -696,7 +680,6 @@ mod tests { .issuer(bob.clone()) .audience(carol.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -709,7 +692,6 @@ mod tests { .issuer(carol.clone()) .audience(dave.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, // I don't love this is now failable )?; @@ -722,7 +704,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -780,7 +761,6 @@ mod tests { .issuer(bob.clone()) .audience(carol.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -793,7 +773,6 @@ mod tests { .issuer(carol.clone()) .audience(dave.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, // I don't love this is now failable )?; @@ -806,7 +785,6 @@ mod tests { .issuer(alice.clone()) .audience(bob.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; diff --git a/src/delegation/store/traits.rs b/src/delegation/store/traits.rs index f71cb5db..76486f40 100644 --- a/src/delegation/store/traits.rs +++ b/src/delegation/store/traits.rs @@ -20,31 +20,24 @@ where Payload: TryFrom>, Named: From>, { - type DelegationStoreError: Debug; + type Error: Debug; - fn get( - &self, - cid: &Cid, - ) -> Result>>, Self::DelegationStoreError>; + fn get(&self, cid: &Cid) -> Result>>, Self::Error>; fn insert( &self, delegation: Delegation, - ) -> Result<(), CannotCidOr> { + ) -> Result<(), DelegationInsertError> { self.insert_keyed(delegation.cid()?, delegation) - .map_err(CannotCidOr::StoreError) + .map_err(DelegationInsertError::StoreError) } - fn insert_keyed( - &self, - cid: Cid, - delegation: Delegation, - ) -> Result<(), Self::DelegationStoreError>; + fn insert_keyed(&self, cid: Cid, delegation: Delegation) -> Result<(), Self::Error>; // FIXME validate invocation // store invocation // just... move to invocation - fn revoke(&self, cid: Cid) -> Result<(), Self::DelegationStoreError>; + fn revoke(&self, cid: Cid) -> Result<(), Self::Error>; fn get_chain( &self, @@ -53,7 +46,7 @@ where command: &str, policy: Vec, now: SystemTime, - ) -> Result>)>>, Self::DelegationStoreError>; + ) -> Result>)>>, Self::Error>; fn get_chain_cids( &self, @@ -62,7 +55,7 @@ where command: &str, policy: Vec, now: SystemTime, - ) -> Result>, Self::DelegationStoreError> { + ) -> Result>, Self::Error> { self.get_chain(audience, subject, command, policy, now) .map(|chain| chain.map(|chain| chain.map(|(cid, _)| cid))) } @@ -74,7 +67,7 @@ where command: &str, policy: Vec, now: SystemTime, - ) -> Result { + ) -> Result { self.get_chain(audience, &issuer, command, policy, now) .map(|chain| chain.is_some()) } @@ -82,10 +75,10 @@ where fn get_many( &self, cids: &[Cid], - ) -> Result>>>, Self::DelegationStoreError> { + ) -> Result>>>, Self::Error> { cids.iter() .map(|cid| self.get(cid)) - .collect::>() + .collect::>() } } @@ -96,24 +89,17 @@ where Payload: TryFrom>, Named: From>, { - type DelegationStoreError = >::DelegationStoreError; + type Error = >::Error; - fn get( - &self, - cid: &Cid, - ) -> Result>>, Self::DelegationStoreError> { + fn get(&self, cid: &Cid) -> Result>>, Self::Error> { (**self).get(cid) } - fn insert_keyed( - &self, - cid: Cid, - delegation: Delegation, - ) -> Result<(), Self::DelegationStoreError> { + fn insert_keyed(&self, cid: Cid, delegation: Delegation) -> Result<(), Self::Error> { (**self).insert_keyed(cid, delegation) } - fn revoke(&self, cid: Cid) -> Result<(), Self::DelegationStoreError> { + fn revoke(&self, cid: Cid) -> Result<(), Self::Error> { (**self).revoke(cid) } @@ -124,14 +110,13 @@ where command: &str, policy: Vec, now: SystemTime, - ) -> Result>)>>, Self::DelegationStoreError> - { + ) -> Result>)>>, Self::Error> { (**self).get_chain(audience, subject, command, policy, now) } } #[derive(Debug, Error)] -pub enum CannotCidOr { +pub enum DelegationInsertError { #[error("Cannot make CID from delegation based on supplied Varsig")] CannotMakeCid(#[from] libipld_core::error::Error), diff --git a/src/invocation/agent.rs b/src/invocation/agent.rs index 1910a26f..00cf2431 100644 --- a/src/invocation/agent.rs +++ b/src/invocation/agent.rs @@ -97,7 +97,7 @@ where issued_at: Option, now: SystemTime, varsig_header: V, - ) -> Result, InvokeError> { + ) -> Result, InvokeError> { let proofs = if subject == self.did { vec![] } else { @@ -175,7 +175,7 @@ where pub fn receive( &self, invocation: Invocation, - ) -> Result>, ReceiveError> + ) -> Result>, ReceiveError> where arguments::Named: From, Payload: TryFrom>, @@ -188,7 +188,7 @@ where &self, invocation: Invocation, now: SystemTime, - ) -> Result>, ReceiveError> + ) -> Result>, ReceiveError> where arguments::Named: From, Payload: TryFrom>, @@ -219,7 +219,7 @@ where .ok_or(ReceiveError::DelegationNotFound(*cid))? .payload) }) - .collect::>>()?; + .collect::>>()?; let _ = &invocation .payload @@ -300,7 +300,7 @@ pub enum ReceiveError, V: varsig::Header< SigVerifyError(#[from] signature::ValidateError), #[error("invocation store error: {0}")] - InvocationStoreError(#[source] >::InvocationStoreError), + InvocationStoreError(#[source] >::Error), #[error("delegation store error: {0}")] DelegationStoreError(#[source] D), @@ -650,7 +650,6 @@ mod tests { .issuer(account.clone()) .audience(server.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; @@ -663,7 +662,6 @@ mod tests { .issuer(server.clone()) .audience(device.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, // I don't love this is now failable )?; @@ -676,7 +674,6 @@ mod tests { .issuer(dnslink.clone()) .audience(account.clone()) .command("/".into()) - .expiration(crate::time::Timestamp::five_years_from_now()) .build()?, )?; diff --git a/src/invocation/payload.rs b/src/invocation/payload.rs index d1f8101d..5a2badb0 100644 --- a/src/invocation/payload.rs +++ b/src/invocation/payload.rs @@ -188,8 +188,10 @@ impl Payload { } } - if proof.expiration < now_ts { - return Err(ValidationError::Expired.into()); + if let Some(exp) = proof.expiration { + if exp < now_ts { + return Err(ValidationError::Expired.into()); + } } if let Some(nbf) = proof.not_before.clone() { diff --git a/src/invocation/store/memory.rs b/src/invocation/store/memory.rs index 083624df..06af37c6 100644 --- a/src/invocation/store/memory.rs +++ b/src/invocation/store/memory.rs @@ -49,20 +49,13 @@ impl, Enc: Codec> Default for MemoryStore, Enc: Codec> Store for MemoryStore { - type InvocationStoreError = Infallible; + type Error = Infallible; - fn get( - &self, - cid: Cid, - ) -> Result>>, Self::InvocationStoreError> { + fn get(&self, cid: Cid) -> Result>>, Self::Error> { Ok(self.lock().store.get(&cid).cloned()) } - fn put( - &self, - cid: Cid, - invocation: Invocation, - ) -> Result<(), Self::InvocationStoreError> { + fn put(&self, cid: Cid, invocation: Invocation) -> Result<(), Self::Error> { self.lock().store.insert(cid, Arc::new(invocation)); Ok(()) } diff --git a/src/invocation/store/traits.rs b/src/invocation/store/traits.rs index 7442d449..5340c925 100644 --- a/src/invocation/store/traits.rs +++ b/src/invocation/store/traits.rs @@ -3,20 +3,13 @@ use libipld_core::{cid::Cid, codec::Codec}; use std::{fmt::Debug, sync::Arc}; pub trait Store, C: Codec> { - type InvocationStoreError: Debug; + type Error: Debug; - fn get( - &self, - cid: Cid, - ) -> Result>>, Self::InvocationStoreError>; + fn get(&self, cid: Cid) -> Result>>, Self::Error>; - fn put( - &self, - cid: Cid, - invocation: Invocation, - ) -> Result<(), Self::InvocationStoreError>; + fn put(&self, cid: Cid, invocation: Invocation) -> Result<(), Self::Error>; - fn has(&self, cid: Cid) -> Result { + fn has(&self, cid: Cid) -> Result { Ok(self.get(cid).is_ok()) } } @@ -24,23 +17,13 @@ pub trait Store, C: Codec> { impl, T, DID: Did, V: varsig::Header, C: Codec> Store for &S { - type InvocationStoreError = >::InvocationStoreError; + type Error = >::Error; - fn get( - &self, - cid: Cid, - ) -> Result< - Option>>, - >::InvocationStoreError, - > { + fn get(&self, cid: Cid) -> Result>>, Self::Error> { (**self).get(cid) } - fn put( - &self, - cid: Cid, - invocation: Invocation, - ) -> Result<(), >::InvocationStoreError> { + fn put(&self, cid: Cid, invocation: Invocation) -> Result<(), Self::Error> { (**self).put(cid, invocation) } }