Function ruma::signatures::verify_event

source ·
pub fn verify_event(
    public_key_map: &BTreeMap<String, BTreeMap<String, Base64>>,
    object: &BTreeMap<String, CanonicalJsonValue>,
    version: &RoomVersionId,
) -> Result<Verified, Error>
Available on crate feature signatures only.
Expand description

Verifies that the signed event contains all the required valid signatures.

Some room versions may require signatures from multiple homeservers, so this function takes a map from servers to sets of public keys. Signatures are verified for each required homeserver. All known public keys for a homeserver should be provided. The first one found on the given event will be used.

If the Ok variant is returned by this function, it will contain a Verified value which distinguishes an event with valid signatures and a matching content hash with an event with only valid signatures. See the documentation for Verified for details.

§Parameters

  • public_key_map: A map from entity identifiers to a map from key identifiers to public keys. Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g. “example.com”) for which a signature must be verified. Key identifiers for each server (e.g. “ed25519:1”) then map to their respective public keys.
  • object: The JSON object of the event that was signed.
  • version: Room version of the given event

§Examples

const PUBLIC_KEY: &[u8] = b"XGX0JRS2Af3be3knz2fBiRbApjm2Dh61gXDJA8kcJNI";

// Deserialize an event from JSON.
let object = serde_json::from_str(
    r#"{
        "auth_events": [],
        "content": {},
        "depth": 3,
        "hashes": {
            "sha256": "5jM4wQpv6lnBo7CLIghJuHdW+s2CMBJPUOGOC89ncos"
        },
        "origin": "domain",
        "origin_server_ts": 1000000,
        "prev_events": [],
        "room_id": "!x:domain",
        "sender": "@a:domain",
        "signatures": {
            "domain": {
                "ed25519:1": "KxwGjPSDEtvnFgU00fwFz+l6d2pJM6XBIaMEn81SXPTRl16AqLAYqfIReFGZlHi5KLjAWbOoMszkwsQma+lYAg"
            }
        },
        "type": "X",
        "unsigned": {
            "age_ts": 1000000
        }
    }"#
).unwrap();

// Create the `PublicKeyMap` that will inform `verify_json` which signatures to verify.
let mut public_key_set = BTreeMap::new();
public_key_set.insert("ed25519:1".into(), Base64::parse(PUBLIC_KEY.to_owned()).unwrap());
let mut public_key_map = BTreeMap::new();
public_key_map.insert("domain".into(), public_key_set);

// Verify at least one signature for each entity in `public_key_map`.
let verification_result = verify_event(&public_key_map, &object, &RoomVersionId::V6);
assert!(verification_result.is_ok());
assert_eq!(verification_result.unwrap(), Verified::All);