pub fn verify_json(
public_key_map: &PublicKeyMap,
object: &CanonicalJsonObject,
) -> Result<(), Error>
Expand description
Uses a set of public keys to verify a signed JSON object.
Unlike content_hash
and reference_hash
, this function does not report an error if the
canonical JSON is larger than 65535 bytes; this function may be used for requests that are
larger than just one PDU’s maximum size.
§Parameters
- public_key_map: A map from entity identifiers to a map from key identifiers to public keys. Generally, entity identifiers are server names — the host/IP/port of a homeserver (e.g. “example.com”) for which a signature must be verified. Key identifiers for each server (e.g. “ed25519:1”) then map to their respective public keys.
- object: The JSON object that was signed.
§Errors
Returns an error if verification fails.
§Examples
use std::collections::BTreeMap;
use ruma_common::serde::Base64;
const PUBLIC_KEY: &[u8] = b"XGX0JRS2Af3be3knz2fBiRbApjm2Dh61gXDJA8kcJNI";
// Deserialize the signed JSON.
let object = serde_json::from_str(
r#"{
"signatures": {
"domain": {
"ed25519:1": "K8280/U9SSy9IVtjBuVeLr+HpOB4BQFWbg+UZaADMtTdGYI7Geitb76LTrr5QV/7Xg4ahLwYGYZzuHGZKM5ZAQ"
}
}
}"#
).unwrap();
// Create the `PublicKeyMap` that will inform `verify_json` which signatures to verify.
let mut public_key_set = BTreeMap::new();
public_key_set.insert("ed25519:1".into(), Base64::parse(PUBLIC_KEY.to_owned()).unwrap());
let mut public_key_map = BTreeMap::new();
public_key_map.insert("domain".into(), public_key_set);
// Verify at least one signature for each entity in `public_key_map`.
assert!(ruma_signatures::verify_json(&public_key_map, &object).is_ok());