-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In-depth validation of certificates #21
Comments
For my point of view let cwt: Cwt = decode_cwt(data).unwrap();
match cwt.validate() {
Ok(_) => { },
Err(err) => { .... },
} As shortcut fn validate(data: &str) -> Result<(), ValidationError> {
let cwt: Cwt = decode_cwt(data).unwrap(); // this error could be transformed into a ValidationError using a dedicated variant
cwt.validate()
} |
Regarding this problem I've seen that
For the parsing and verification I agree with @allevo that they should be in two separate functions. I would also add that given that the I my mind, one should be able to write Also it might be a good idea to rename the EDIT: I missed the discussion on #8, I'll talk about this last part over there |
Right now the library only validates a certificate based ONLY on the status of the signature. In reality a certificate can be considered invalid even if the signature is validated correctly.
As far as I understand there are several other factors that we should support in terms of validation:
DgcContainer
struct already collects these timestamps but we offer no easy way to check the current time against them.In the context of this issue I think it will important to figure out an ergonomic API that:
Maybe we could have a dedicated
CertificateValidity
struct that can contain various fields like this:SignatureValidity
,TimeValidity
andBusinessRulesValidity
could be enums that can encapsulate all the different state of validation that is relevant for them. For instance:Finally we could have a
is_valid()
method on theCertificateValidity
struct that simply returnstrue
orfalse
if all the conditions are satisfied or not...The text was updated successfully, but these errors were encountered: