Function ruma_signatures::verify_json

source ·
pub fn verify_json(
    public_key_map: &PublicKeyMap,
    object: &CanonicalJsonObject,
) -> Result<(), Error>
Expand description

Uses a set of public keys to verify a signed JSON object.

Unlike content_hash and reference_hash, this function does not report an error if the canonical JSON is larger than 65535 bytes; this function may be used for requests that are larger than just one PDU’s maximum size.

§Parameters

  • public_key_map: A map from entity identifiers to a map from key identifiers to public keys. Generally, entity identifiers are server names — the host/IP/port of a homeserver (e.g. “example.com”) for which a signature must be verified. Key identifiers for each server (e.g. “ed25519:1”) then map to their respective public keys.
  • object: The JSON object that was signed.

§Errors

Returns an error if verification fails.

§Examples

use std::collections::BTreeMap;

use ruma_common::serde::Base64;

const PUBLIC_KEY: &[u8] = b"XGX0JRS2Af3be3knz2fBiRbApjm2Dh61gXDJA8kcJNI";

// Deserialize the signed JSON.
let object = serde_json::from_str(
    r#"{
        "signatures": {
            "domain": {
                "ed25519:1": "K8280/U9SSy9IVtjBuVeLr+HpOB4BQFWbg+UZaADMtTdGYI7Geitb76LTrr5QV/7Xg4ahLwYGYZzuHGZKM5ZAQ"
            }
        }
    }"#
).unwrap();

// Create the `PublicKeyMap` that will inform `verify_json` which signatures to verify.
let mut public_key_set = BTreeMap::new();
public_key_set.insert("ed25519:1".into(), Base64::parse(PUBLIC_KEY.to_owned()).unwrap());
let mut public_key_map = BTreeMap::new();
public_key_map.insert("domain".into(), public_key_set);

// Verify at least one signature for each entity in `public_key_map`.
assert!(ruma_signatures::verify_json(&public_key_map, &object).is_ok());