Skip to content

Commit

Permalink
Add UnverifiedBiscuit::verify (#189)
Browse files Browse the repository at this point in the history
* UnverifiedBiscuit::check_signature: take a RootKeyProvider

Instead of a closure. This makes behaviour consistent with Biscuit::from_base64

* deprecate UnverifiedBiscuit::check_signature
divarvel authored Mar 26, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent c94c085 commit e67f8a3
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions biscuit-auth/src/token/unverified.rs
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ use crate::{
error,
format::{convert::proto_block_to_token_block, schema, SerializedBiscuit},
token::{ThirdPartyBlockContents, ThirdPartyRequest},
KeyPair,
KeyPair, RootKeyProvider,
};
use prost::Message;

@@ -19,7 +19,7 @@ use prost::Message;
/// Use this if you want to attenuate or print the content of a token
/// without verifying it.
///
/// It can be converted to a [Biscuit] using [UnverifiedBiscuit::check_signature],
/// It can be converted to a [Biscuit] using [UnverifiedBiscuit::verify],
/// and then used for authorization
#[derive(Clone, Debug)]
pub struct UnverifiedBiscuit {
@@ -47,13 +47,22 @@ impl UnverifiedBiscuit {
Self::from_base64_with_symbols(slice, default_symbol_table())
}

#[deprecated(since = "4.1.0", note = "please use `verify` instead")]
/// checks the signature of the token and convert it to a [Biscuit] for authorization
pub fn check_signature<F>(self, f: F) -> Result<Biscuit, error::Format>
where
F: Fn(Option<u32>) -> PublicKey,
{
let root = f(self.container.root_key_id);
self.container.verify(&root)?;
self.verify(|kid| Ok(f(kid)))
}

/// checks the signature of the token and convert it to a [Biscuit] for authorization
pub fn verify<KP>(self, key_provider: KP) -> Result<Biscuit, error::Format>
where
KP: RootKeyProvider,
{
let key = key_provider.choose(self.root_key_id())?;
self.container.verify(&key)?;

Ok(Biscuit {
root_key_id: self.container.root_key_id,

0 comments on commit e67f8a3

Please sign in to comment.