Merge branch 'v1.0-rc.1' into nonce-simplification

Signed-off-by: Brooklyn Zelenka <be.zelenka@gmail.com>
fission-codes · Mar 27, 2024 · 435358b · 435358b
2 parents 824517a + 7f680d3
commit 435358b
Show file tree

Hide file tree

Showing 27 changed files with 1,092 additions and 499 deletions.
diff --git a/proptest-regressions/delegation/policy/selector/select.txt b/proptest-regressions/delegation/policy/selector/select.txt
@@ -0,0 +1,7 @@
+# Seeds for failure cases proptest has generated in the past. It is
+# automatically read and these particular cases re-run before any
+# novel cases are generated.
+#
+# It is recommended to check this file in to source control so that
+# everyone who runs the test benefits from these saved cases.
+cc 6496f8ae07f0fa0d57c9bc4d581551bc9940c50fe830880006156471a72e806b # shrinks to data = Newtype(null), more = [ArrayIndex(0)]
diff --git a/src/ability/pipe.rs b/src/ability/pipe.rs
@@ -1,22 +1,22 @@
 use crate::{crypto::varsig, delegation, did::Did, ipld};
 use libipld_core::{codec::Codec, ipld::Ipld};
 
-pub struct Pipe<DID: Did, V: varsig::Header<C>, C: Codec + TryFrom<u64> + Into<u64>> {
+pub struct Pipe<DID: Did, V: varsig::Header<C>, C: Codec> {
     pub source: Cap<DID, V, C>,
     pub sink: Cap<DID, V, C>,
 }
 
-pub enum Cap<DID: Did, V: varsig::Header<C>, C: Codec + TryFrom<u64> + Into<u64>> {
+pub enum Cap<DID: Did, V: varsig::Header<C>, C: Codec> {
     Proof(delegation::Proof<DID, V, C>),
     Literal(Ipld),
 }
 
-pub struct PromisedPipe<DID: Did, V: varsig::Header<C>, C: Codec + TryFrom<u64> + Into<u64>> {
+pub struct PromisedPipe<DID: Did, V: varsig::Header<C>, C: Codec> {
     pub source: PromisedCap<DID, V, C>,
     pub sink: PromisedCap<DID, V, C>,
 }
 
-pub enum PromisedCap<DID: Did, V: varsig::Header<C>, C: Codec + TryFrom<u64> + Into<u64>> {
+pub enum PromisedCap<DID: Did, V: varsig::Header<C>, C: Codec> {
     Proof(delegation::Proof<DID, V, C>),
     Promised(ipld::Promised),
 }
diff --git a/src/ability/ucan/batch.rs b/src/ability/ucan/batch.rs
@@ -3,11 +3,11 @@
 // use std::collections::BTreeMap;
 //
 // #[derive(Debug, Clone, PartialEq, serde::Serialize, serde::Deserialize)]
-// pub struct Batch<A, DID: Did, V: varsig::Header<Enc>, Enc: Codec + TryFrom<u64> + Into<u64>> {
+// pub struct Batch<A, DID: Did, V: varsig::Header<Enc>, Enc: Codec> {
 //     pub batch: Vec<Step<A, DID, V, Enc>>, // FIXME not quite right; would be nice to include meta etc
 // }
 //
-// pub struct Step<A, DID: Did, V: varsig::Header<Enc>, Enc: Codec + TryFrom<u64> + Into<u64>> {
+// pub struct Step<A, DID: Did, V: varsig::Header<Enc>, Enc: Codec> {
 //     pub subject: DID,
 //     pub audience: Option<DID>,
 //     pub ability: A, // FIXME promise version instead? Promised version shoudl be able to promise any field

diff --git a/src/crypto/signature/envelope.rs b/src/crypto/signature/envelope.rs
@@ -16,7 +16,7 @@ pub trait Envelope: Sized {
     type DID: Did;
     type Payload: Clone + Capsule + TryFrom<Named<Ipld>> + Into<Named<Ipld>>;
     type VarsigHeader: varsig::Header<Self::Encoder> + Clone;
-    type Encoder: Codec + TryFrom<u64> + Into<u64>;
+    type Encoder: Codec;
 
     fn varsig_header(&self) -> &Self::VarsigHeader;
     fn signature(&self) -> &<Self::DID as Did>::Signature;
@@ -186,11 +186,11 @@ pub trait Envelope: Sized {
 
     fn cid(&self) -> Result<Cid, libipld_core::error::Error>
     where
-        Self: Encode<Self::Encoder>,
+        Ipld: Encode<Self::Encoder>,
     {
         let codec = varsig::header::Header::codec(self.varsig_header()).clone();
         let mut ipld_buffer = vec![];
-        self.encode(codec, &mut ipld_buffer)?;
+        self.to_ipld_envelope().encode(codec, &mut ipld_buffer)?;
 
         let multihash = Code::Sha2_256.digest(&ipld_buffer);
         Ok(Cid::new_v1(

diff --git a/src/crypto/varsig/header/eddsa.rs b/src/crypto/varsig/header/eddsa.rs
@@ -33,7 +33,7 @@ impl<C: Into<u64> + Clone> From<EdDsaHeader<C>> for Vec<u8> {
     }
 }
 
-impl<C: Codec + Into<u64> + TryFrom<u64>> Header<C> for EdDsaHeader<C> {
+impl<C: Codec> Header<C> for EdDsaHeader<C> {
     type Signature = ed25519_dalek::Signature;
     type Verifier = ed25519_dalek::VerifyingKey;
 

diff --git a/src/crypto/varsig/header/es256.rs b/src/crypto/varsig/header/es256.rs
@@ -38,7 +38,7 @@ impl<C: Into<u64>> From<Es256Header<C>> for Vec<u8> {
     }
 }
 
-impl<C: Codec + Into<u64> + TryFrom<u64>> Header<C> for Es256Header<C> {
+impl<C: Codec> Header<C> for Es256Header<C> {
     type Signature = p256::ecdsa::Signature;
     type Verifier = p256::ecdsa::VerifyingKey;
 

diff --git a/src/crypto/varsig/header/es256k.rs b/src/crypto/varsig/header/es256k.rs
@@ -38,7 +38,7 @@ impl<C: Into<u64>> From<Es256kHeader<C>> for Vec<u8> {
     }
 }
 
-impl<C: Codec + Into<u64> + TryFrom<u64>> Header<C> for Es256kHeader<C> {
+impl<C: Codec> Header<C> for Es256kHeader<C> {
     type Signature = k256::ecdsa::Signature;
     type Verifier = k256::ecdsa::VerifyingKey;
 

diff --git a/src/crypto/varsig/header/es512.rs b/src/crypto/varsig/header/es512.rs
@@ -38,7 +38,7 @@ impl<C: Into<u64>> From<Es512Header<C>> for Vec<u8> {
     }
 }
 
-impl<C: Codec + Into<u64> + TryFrom<u64>> Header<C> for Es512Header<C> {
+impl<C: Codec> Header<C> for Es512Header<C> {
     type Signature = p521::ecdsa::Signature;
     type Verifier = p521::ecdsa::VerifyingKey;
 

diff --git a/src/crypto/varsig/header/rs256.rs b/src/crypto/varsig/header/rs256.rs
@@ -51,7 +51,7 @@ impl<C: Into<u64>> From<Rs256Header<C>> for Vec<u8> {
     }
 }
 
-impl<C: Codec + Into<u64> + TryFrom<u64>> Header<C> for Rs256Header<C> {
+impl<C: Codec> Header<C> for Rs256Header<C> {
     type Signature = Signature;
     type Verifier = VerifyingKey;
 

diff --git a/src/crypto/varsig/header/rs512.rs b/src/crypto/varsig/header/rs512.rs
@@ -39,7 +39,7 @@ impl<C: Into<u64>> From<Rs512Header<C>> for Vec<u8> {
     }
 }
 
-impl<C: Codec + Into<u64> + TryFrom<u64>> Header<C> for Rs512Header<C> {
+impl<C: Codec> Header<C> for Rs512Header<C> {
     type Signature = Signature;
     type Verifier = VerifyingKey;
 

diff --git a/src/crypto/varsig/header/traits.rs b/src/crypto/varsig/header/traits.rs
@@ -2,9 +2,7 @@ use libipld_core::codec::{Codec, Encode};
 use signature::Verifier;
 use thiserror::Error;
 
-pub trait Header<Enc: Codec + TryFrom<u64> + Into<u64>>:
-    for<'a> TryFrom<&'a [u8]> + Into<Vec<u8>>
-{
+pub trait Header<Enc: Codec>: for<'a> TryFrom<&'a [u8]> + Into<Vec<u8>> {
     type Signature: signature::SignatureEncoding;
     type Verifier: signature::Verifier<Self::Signature>;
 

diff --git a/src/delegation.rs b/src/delegation.rs
@@ -42,7 +42,7 @@ use web_time::SystemTime;
 pub struct Delegation<
     DID: Did = did::preset::Verifier,
     V: varsig::Header<C> = varsig::header::Preset,
-    C: Codec + TryFrom<u64> + Into<u64> = varsig::encoding::Preset,
+    C: Codec = varsig::encoding::Preset,
 > {
     pub varsig_header: V,
     pub payload: Payload<DID>,
@@ -54,18 +54,16 @@ pub struct Delegation<
 pub struct Proof<
     DID: Did = did::preset::Verifier,
     V: varsig::Header<C> = varsig::header::Preset,
-    C: Codec + TryFrom<u64> + Into<u64> = varsig::encoding::Preset,
+    C: Codec = varsig::encoding::Preset,
 > {
     pub prf: Vec<Link<Delegation<DID, V, C>>>,
 }
 
-impl<DID: Did, V: varsig::Header<C>, C: Codec + TryFrom<u64> + Into<u64>> Capsule
-    for Proof<DID, V, C>
-{
+impl<DID: Did, V: varsig::Header<C>, C: Codec> Capsule for Proof<DID, V, C> {
     const TAG: &'static str = "ucan/prf";
 }
 
-impl<DID: Did, V: varsig::Header<C>, C: Codec + Into<u64> + TryFrom<u64>> Delegation<DID, V, C> {
+impl<DID: Did, V: varsig::Header<C>, C: Codec> Delegation<DID, V, C> {
     pub fn new(
         varsig_header: V,
         signature: DID::Signature,
@@ -124,8 +122,7 @@ impl<DID: Did, V: varsig::Header<C>, C: Codec + Into<u64> + TryFrom<u64>> Delega
     }
 }
 
-impl<DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec + TryFrom<u64> + Into<u64>> Envelope
-    for Delegation<DID, V, C>
+impl<DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec> Envelope for Delegation<DID, V, C>
 where
     Payload<DID>: TryFrom<Named<Ipld>>,
     Named<Ipld>: From<Payload<DID>>,
@@ -165,8 +162,7 @@ where
     }
 }
 
-impl<DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec + TryFrom<u64> + Into<u64>> Serialize
-    for Delegation<DID, V, C>
+impl<DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec> Serialize for Delegation<DID, V, C>
 where
     Payload<DID>: TryFrom<Named<Ipld>>,
 {
@@ -178,8 +174,8 @@ where
     }
 }
 
-impl<'de, DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec + TryFrom<u64> + Into<u64>>
-    Deserialize<'de> for Delegation<DID, V, C>
+impl<'de, DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec> Deserialize<'de>
+    for Delegation<DID, V, C>
 where
     Payload<DID>: TryFrom<Named<Ipld>>,
     <Payload<DID> as TryFrom<Named<Ipld>>>::Error: std::fmt::Display,

diff --git a/src/delegation/agent.rs b/src/delegation/agent.rs
@@ -1,8 +1,8 @@
 use super::{payload::Payload, policy::Predicate, store::Store, Delegation};
-use crate::ability::arguments::Named;
-use crate::did;
 use crate::{
+    ability::arguments::Named,
     crypto::{signature::Envelope, varsig, Nonce},
+    did,
     did::Did,
     time::Timestamp,
 };
@@ -20,29 +20,29 @@ use web_time::SystemTime;
 /// This is helpful for sessions where more than one delegation will be made.
 #[derive(Debug)]
 pub struct Agent<
-    S: Store<DID, V, Enc>,
-    DID: Did = did::preset::Verifier,
-    V: varsig::Header<Enc> + Clone = varsig::header::Preset,
-    Enc: Codec + Into<u64> + TryFrom<u64> = varsig::encoding::Preset,
-> {
+    S: Store<DID, V, C>,
+    DID: Did + Clone = did::preset::Verifier,
+    V: varsig::Header<C> + Clone = varsig::header::Preset,
+    C: Codec = varsig::encoding::Preset,
+> where
+    Ipld: Encode<C>,
+    Payload<DID>: TryFrom<Named<Ipld>>,
+    Named<Ipld>: From<Payload<DID>>,
+{
     /// The [`Did`][Did] of the agent.
     pub did: DID,
 
     /// The attached [`deleagtion::Store`][super::store::Store].
     pub store: S,
 
     signer: <DID as Did>::Signer,
-    _marker: PhantomData<(V, Enc)>,
+    _marker: PhantomData<(V, C)>,
 }
 
-impl<
-        S: Store<DID, V, Enc> + Clone,
-        DID: Did + Clone,
-        V: varsig::Header<Enc> + Clone,
-        Enc: Codec + TryFrom<u64> + Into<u64>,
-    > Agent<S, DID, V, Enc>
+impl<S: Store<DID, V, C> + Clone, DID: Did + Clone, V: varsig::Header<C> + Clone, C: Codec>
+    Agent<S, DID, V, C>
 where
-    Ipld: Encode<Enc>,
+    Ipld: Encode<C>,
     Payload<DID>: TryFrom<Named<Ipld>>,
     Named<Ipld>: From<Payload<DID>>,
 {
@@ -58,7 +58,7 @@ where
     pub fn delegate(
         &self,
         audience: DID,
-        subject: Option<DID>,
+        subject: &DID,
         via: Option<DID>,
         command: String,
         new_policy: Vec<Predicate>,
@@ -67,34 +67,30 @@ where
         not_before: Option<Timestamp>,
         now: SystemTime,
         varsig_header: V,
-    ) -> Result<Delegation<DID, V, Enc>, DelegateError<S::DelegationStoreError>> {
+    ) -> Result<Delegation<DID, V, C>, DelegateError<S::DelegationStoreError>> {
         let mut salt = self.did.clone().to_string().into_bytes();
         let nonce = Nonce::generate_16();
 
-        if let Some(ref sub) = subject {
-            if sub == &self.did {
-                let payload: Payload<DID> = Payload {
-                    issuer: self.did.clone(),
-                    audience,
-                    subject,
-                    via,
-                    command,
-                    metadata,
-                    nonce,
-                    expiration: expiration.into(),
-                    not_before: not_before.map(Into::into),
-                    policy: new_policy,
-                };
-
-                return Ok(
-                    Delegation::try_sign(&self.signer, varsig_header, payload).expect("FIXME")
-                );
-            }
+        if *subject == self.did {
+            let payload: Payload<DID> = Payload {
+                issuer: self.did.clone(),
+                audience,
+                subject: Some(subject.clone()),
+                via,
+                command,
+                metadata,
+                nonce,
+                expiration: expiration.into(),
+                not_before: not_before.map(Into::into),
+                policy: new_policy,
+            };
+
+            return Ok(Delegation::try_sign(&self.signer, varsig_header, payload).expect("FIXME"));
         }
 
         let proofs = &self
             .store
-            .get_chain(&self.did, &subject, "/".into(), vec![], now)
+            .get_chain(&self.did, &subject, &command, vec![], now)
             .map_err(DelegateError::StoreError)?
             .ok_or(DelegateError::ProofsNotFound)?;
         let to_delegate = proofs.first().1.payload();
@@ -105,7 +101,7 @@ where
         let payload: Payload<DID> = Payload {
             issuer: self.did.clone(),
             audience,
-            subject,
+            subject: Some(subject.clone()),
             via,
             command,
             policy,
@@ -121,7 +117,7 @@ where
     pub fn receive(
         &self,
         cid: Cid, // FIXME remove and generate from the capsule header?
-        delegation: Delegation<DID, V, Enc>,
+        delegation: Delegation<DID, V, C>,
     ) -> Result<(), ReceiveError<S::DelegationStoreError, DID>> {
         if self.store.get(&cid).is_ok() {
             return Ok(());
@@ -135,7 +131,7 @@ where
             .validate_signature()
             .map_err(|_| ReceiveError::InvalidSignature(cid))?;
 
-        self.store.insert(cid, delegation).map_err(Into::into)
+        self.store.insert_keyed(cid, delegation).map_err(Into::into)
     }
 }
 

diff --git a/src/delegation/policy/predicate.rs b/src/delegation/policy/predicate.rs
@@ -79,24 +79,20 @@ impl Predicate {
             Predicate::Not(inner) => !inner.run(data)?,
             Predicate::And(lhs, rhs) => lhs.run(data)? && rhs.run(data)?,
             Predicate::Or(lhs, rhs) => lhs.run(data)? || rhs.run(data)?,
-            Predicate::Every(xs, p) => {
-                xs.get(data)?
-                    .to_vec()
-                    .iter()
-                    .try_fold(true, |acc, each_datum| {
-                        dbg!("every", &p, acc, each_datum);
-                        Ok(acc && p.clone().run(&each_datum.0)?)
-                    })?
-            }
-            Predicate::Some(xs, p) => {
-                xs.get(data)?
-                    .to_vec()
-                    .iter()
-                    .try_fold(false, |acc, each_datum| {
-                        dbg!("some", &p, acc, each_datum);
-                        Ok(acc || p.clone().run(&each_datum.0)?)
-                    })?
-            }
+            Predicate::Every(xs, p) => xs
+                .get(data)?
+                .to_vec()
+                .iter()
+                .try_fold(true, |acc, each_datum| {
+                    Ok(acc && p.clone().run(&each_datum.0)?)
+                })?,
+            Predicate::Some(xs, p) => xs
+                .get(data)?
+                .to_vec()
+                .iter()
+                .try_fold(false, |acc, each_datum| {
+                    Ok(acc || p.clone().run(&each_datum.0)?)
+                })?,
         })
     }
 
@@ -1136,7 +1132,6 @@ mod tests {
 
         #[test_log::test]
         fn test_eq_dot_field_inner_try_null() -> TestResult {
-            // FIXME double check against jq
             let p = Predicate::Equal(Select::from_str(".nope?.not").unwrap(), Ipld::Null.into());
 
             assert!(p.run(&email())?);