feat(rust/signed-doc): Serialize Signed Documents in CLI tool (#155)

* fix(rust/signed-doc): use tagged cbor for uuid types

* feat(rust/signed-doc): add Builder type for signed documents

* wip(rust/signed_doc): add CBOR encode for signed doc

* feat(rust/signed-doc): example CLI builds signed documents

* fix(rust/signed-doc): example cleanup

* fix(rust/signed-doc): add algorithm field to metadata

* fix(rust/signed-doc): more example cleanup

* fix

* remove unused jsonschema

* fix

* refactor

* provide consts for key values

* refactor, add test

* fix

* add cbor roundtrip test

* fix builder

* fix cli

* refactor Content type

* wip

* fix

* fix readme.md

* fix spelling

---------

Co-authored-by: Steven Johnson <[email protected]>
Co-authored-by: Mr-Leshiy <[email protected]>

Author: 3 people

rust/signed_doc/Cargo.toml

@@ -11,12 +11,10 @@ license.workspace = true
 workspace = true
 
 [dependencies]
-catalyst-types = { version = "0.0.1", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "r20250114-02" }
+catalyst-types = { version = "0.0.1", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "r20250122-00" }
 anyhow = "1.0.95"
 serde = { version = "1.0.217", features = ["derive"] }
 serde_json = "1.0.134"
-# TODO: Bump this to the latest version and fix the code
-jsonschema = "0.18.3"
 coset = "0.3.8"
 minicbor = "0.25.1"
 brotli = "7.0.0"

rust/signed_doc/README.md

@@ -17,8 +17,7 @@ Prepare non-signed document,
 `meta.json` file should follow the [`meta.schema.json`](./meta.schema.json).
 
 ```shell
-cargo run -p catalyst-signed-doc --example mk_signed_doc build
-signed_doc/doc.json  signed_doc/schema.json signed_doc/doc.cose signed_doc/meta.json
+cargo run -p catalyst-signed-doc --example mk_signed_doc build signed_doc/doc.json signed_doc/doc.cose signed_doc/meta.json
 ```
 
 Inspect document

rust/signed_doc/examples/mk_signed_doc.rs

@@ -8,9 +8,9 @@ use std::{
     path::PathBuf,
 };
 
-use catalyst_signed_doc::{CatalystSignedDocument, Decode, Decoder, KidUri, Metadata};
+use catalyst_signed_doc::{Builder, CatalystSignedDocument, Decode, Decoder, KidUri, Metadata};
 use clap::Parser;
-use coset::{iana::CoapContentFormat, CborSerializable};
+use coset::CborSerializable;
 use ed25519_dalek::{ed25519::signature::Signer, pkcs8::DecodePrivateKey};
 
 fn main() {
@@ -19,27 +19,26 @@ fn main() {
     }
 }
 
-/// Hermes cli commands
+/// Catalyst Sign Document CLI Commands
 #[derive(clap::Parser)]
+#[allow(clippy::large_enum_variant)]
 enum Cli {
     /// Builds a COSE document without signatures
     Build {
         /// Path to the document in the json format
         doc: PathBuf,
-        /// Path to the json schema (Draft 7) to validate document against it
-        schema: PathBuf,
         /// Path to the output COSE file to store.
         output: PathBuf,
         /// Document metadata, must be in JSON format
         meta: PathBuf,
     },
     /// Adds a signature to already formed COSE document
     Sign {
-        /// Path to the secret key in PEM format
-        sk: PathBuf,
         /// Path to the formed (could be empty, without any signatures) COSE document
         /// This exact file would be modified and new signature would be added
         doc: PathBuf,
+        /// Path to the secret key in PEM format
+        sk: PathBuf,
         /// Signer kid
         kid: KidUri,
     },
@@ -55,34 +54,28 @@ enum Cli {
     },
 }
 
-const CONTENT_ENCODING_KEY: &str = "Content-Encoding";
-const UUID_CBOR_TAG: u64 = 37;
-
-fn encode_cbor_uuid(uuid: &uuid::Uuid) -> coset::cbor::Value {
-    coset::cbor::Value::Tag(
-        UUID_CBOR_TAG,
-        coset::cbor::Value::Bytes(uuid.as_bytes().to_vec()).into(),
-    )
-}
-
 impl Cli {
     fn exec(self) -> anyhow::Result<()> {
         match self {
-            Self::Build {
-                doc,
-                schema,
-                output,
-                meta,
-            } => {
-                let doc_schema = load_schema_from_file(&schema)?;
-                let json_doc = load_json_from_file(&doc)?;
-                let json_meta = load_json_from_file(&meta)
+            Self::Build { doc, output, meta } => {
+                // Load Metadata from JSON file
+                let metadata: Metadata = load_json_from_file(&meta)
                     .map_err(|e| anyhow::anyhow!("Failed to load metadata from file: {e}"))?;
-                println!("{json_meta}");
-                validate_json(&json_doc, &doc_schema)?;
-                let compressed_doc = brotli_compress_json(&json_doc)?;
-                let empty_cose_sign = build_empty_cose_doc(compressed_doc, &json_meta);
-                store_cose_file(empty_cose_sign, &output)?;
+                println!("{metadata}");
+                // Load Document from JSON file
+                let json_doc: serde_json::Value = load_json_from_file(&doc)?;
+                // Possibly encode if Metadata has an encoding set.
+                let payload = serde_json::to_vec(&json_doc)?;
+                // Start with no signatures.
+                let signed_doc = Builder::new()
+                    .with_content(payload)
+                    .with_metadata(metadata)
+                    .build()?;
+                let mut bytes: Vec<u8> = Vec::new();
+                minicbor::encode(signed_doc, &mut bytes)
+                    .map_err(|e| anyhow::anyhow!("Failed to encode document: {e}"))?;
+
+                write_bytes_to_file(&bytes, &output)?;
             },
             Self::Sign { sk, doc, kid } => {
                 let sk = load_secret_key_from_file(&sk)
@@ -116,99 +109,43 @@ fn decode_signed_doc(cose_bytes: &[u8]) {
     );
     match CatalystSignedDocument::decode(&mut Decoder::new(cose_bytes), &mut ()) {
         Ok(cat_signed_doc) => {
-            println!("This is a valid Catalyst Signed Document.");
+            println!("This is a valid Catalyst Document.");
             println!("{cat_signed_doc}");
         },
-        Err(e) => eprintln!("Invalid Catalyst Signed Document, err: {e}"),
+        Err(e) => eprintln!("Invalid Catalyst Document, err: {e}"),
     }
 }
 
-fn load_schema_from_file(schema_path: &PathBuf) -> anyhow::Result<jsonschema::JSONSchema> {
-    let schema_file = File::open(schema_path)?;
-    let schema_json = serde_json::from_reader(schema_file)?;
-    let schema = jsonschema::JSONSchema::options()
-        .with_draft(jsonschema::Draft::Draft7)
-        .compile(&schema_json)
-        .map_err(|e| anyhow::anyhow!("{e}"))?;
-    Ok(schema)
-}
-
 fn load_json_from_file<T>(path: &PathBuf) -> anyhow::Result<T>
 where T: for<'de> serde::Deserialize<'de> {
     let file = File::open(path)?;
     let json = serde_json::from_reader(file)?;
     Ok(json)
 }
 
-fn validate_json(doc: &serde_json::Value, schema: &jsonschema::JSONSchema) -> anyhow::Result<()> {
-    schema.validate(doc).map_err(|err| {
-        let mut validation_error = String::new();
-        for e in err {
-            validation_error.push_str(&format!("\n - {e}"));
-        }
-        anyhow::anyhow!("{validation_error}")
-    })?;
-    Ok(())
-}
-
-fn brotli_compress_json(doc: &serde_json::Value) -> anyhow::Result<Vec<u8>> {
-    let brotli_params = brotli::enc::BrotliEncoderParams::default();
-    let doc_bytes = serde_json::to_vec(&doc)?;
-    let mut buf = Vec::new();
-    brotli::BrotliCompress(&mut doc_bytes.as_slice(), &mut buf, &brotli_params)?;
-    Ok(buf)
+fn load_cose_from_file(cose_path: &PathBuf) -> anyhow::Result<coset::CoseSign> {
+    let cose_file_bytes = read_bytes_from_file(cose_path)?;
+    let cose = coset::CoseSign::from_slice(&cose_file_bytes).map_err(|e| anyhow::anyhow!("{e}"))?;
+    Ok(cose)
 }
 
-fn build_empty_cose_doc(doc_bytes: Vec<u8>, meta: &Metadata) -> coset::CoseSign {
-    let mut builder =
-        coset::HeaderBuilder::new().content_format(CoapContentFormat::from(meta.content_type()));
-
-    if let Some(content_encoding) = meta.content_encoding() {
-        builder = builder.text_value(
-            CONTENT_ENCODING_KEY.to_string(),
-            format!("{content_encoding}").into(),
-        );
-    }
-    let mut protected_header = builder.build();
-
-    protected_header.rest.push((
-        coset::Label::Text("type".to_string()),
-        encode_cbor_uuid(&meta.doc_type()),
-    ));
-    protected_header.rest.push((
-        coset::Label::Text("id".to_string()),
-        encode_cbor_uuid(&meta.doc_id()),
-    ));
-    protected_header.rest.push((
-        coset::Label::Text("ver".to_string()),
-        encode_cbor_uuid(&meta.doc_ver()),
-    ));
-    let meta_rest = meta.extra().header_rest().unwrap_or_default();
-
-    if !meta_rest.is_empty() {
-        protected_header.rest.extend(meta_rest);
-    }
-    coset::CoseSignBuilder::new()
-        .protected(protected_header)
-        .payload(doc_bytes)
-        .build()
+fn read_bytes_from_file(path: &PathBuf) -> anyhow::Result<Vec<u8>> {
+    let mut file_bytes = Vec::new();
+    File::open(path)?.read_to_end(&mut file_bytes)?;
+    Ok(file_bytes)
 }
 
-fn load_cose_from_file(cose_path: &PathBuf) -> anyhow::Result<coset::CoseSign> {
-    let mut cose_file = File::open(cose_path)?;
-    let mut cose_file_bytes = Vec::new();
-    cose_file.read_to_end(&mut cose_file_bytes)?;
-    let cose = coset::CoseSign::from_slice(&cose_file_bytes).map_err(|e| anyhow::anyhow!("{e}"))?;
-    Ok(cose)
+fn write_bytes_to_file(bytes: &[u8], output: &PathBuf) -> anyhow::Result<()> {
+    File::create(output)?
+        .write_all(bytes)
+        .map_err(|e| anyhow::anyhow!("Failed to write to file {output:?}: {e}"))
 }
 
 fn store_cose_file(cose: coset::CoseSign, output: &PathBuf) -> anyhow::Result<()> {
-    let mut cose_file = File::create(output)?;
     let cose_bytes = cose
         .to_vec()
         .map_err(|e| anyhow::anyhow!("Failed to Store COSE SIGN: {e}"))?;
-    cose_file.write_all(&cose_bytes)?;
-    Ok(())
+    write_bytes_to_file(&cose_bytes, output)
 }
 
 fn load_secret_key_from_file(sk_path: &PathBuf) -> anyhow::Result<ed25519_dalek::SigningKey> {

rust/signed_doc/src/builder.rs

@@ -0,0 +1,63 @@
+//! Catalyst Signed Document Builder.
+use crate::{CatalystSignedDocument, Content, InnerCatalystSignedDocument, Metadata, Signatures};
+
+/// Catalyst Signed Document Builder.
+#[derive(Debug, Default)]
+pub struct Builder {
+    /// Document Metadata
+    metadata: Option<Metadata>,
+    /// Document Content
+    content: Option<Vec<u8>>,
+    /// Signatures
+    signatures: Signatures,
+}
+
+impl Builder {
+    /// Start building a signed document
+    #[must_use]
+    pub fn new() -> Self {
+        Self::default()
+    }
+
+    /// Set document metadata
+    #[must_use]
+    pub fn with_metadata(mut self, metadata: Metadata) -> Self {
+        self.metadata = Some(metadata);
+        self
+    }
+
+    /// Set document content
+    #[must_use]
+    pub fn with_content(mut self, content: Vec<u8>) -> Self {
+        self.content = Some(content);
+        self
+    }
+
+    /// Build a signed document
+    ///
+    /// ## Errors
+    ///
+    /// Fails if any of the fields are missing.
+    pub fn build(self) -> anyhow::Result<CatalystSignedDocument> {
+        let Some(metadata) = self.metadata else {
+            anyhow::bail!("Failed to build Catalyst Signed Document, missing metadata");
+        };
+        let Some(content) = self.content else {
+            anyhow::bail!("Failed to build Catalyst Signed Document, missing document's content");
+        };
+        let signatures = self.signatures;
+
+        let content = Content::from_decoded(
+            content,
+            metadata.content_type(),
+            metadata.content_encoding(),
+        )?;
+
+        Ok(InnerCatalystSignedDocument {
+            metadata,
+            content,
+            signatures,
+        }
+        .into())
+    }
+}