-
-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signatures: use OwnedKeyId instead of String for PublicKeySet index #1808
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I have mostly nitpicks.
e4b4528
to
a7c01c6
Compare
a7c01c6
to
1803267
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like the error has changed
thread 'functions::tests::verify_event_with_single_key_with_unknown_algorithm_should_not_accept_event' panicked at crates/ruma-signatures/src/functions.rs:1163:9:
match assertion failed
pattern: `Err(Error::Verification(VerificationError::UnknownPublicKeysForSignature))`
value: `Err(Verification(Signature(signature::Error { source: Some(Verification equation was not satisfied) })))`
I am not sure why though, as even when setting the let ok ... else
statements to panic on else
, it still seems to get this new error instead of panicking there. 🤔
@@ -1,5 +1,8 @@ | |||
# [unreleased] | |||
|
|||
Breaking changes: | |||
- Use `OwnedServerSigningKeyId` for the keys of `PublicKeySet` instead of `String`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A double space.
- Use `OwnedServerSigningKeyId` for the keys of `PublicKeySet` instead of `String`. | |
- Use `OwnedServerSigningKeyId` for the keys of `PublicKeySet` instead of `String`. |
So I believe that we should remove |
So should I wait for your pull request to be merged, and then rebase on top of that?
|
It's probably better, if you don't want to have to edit your code again. But if you don't mind that, you can probably start to make changes. |
@@ -181,7 +181,7 @@ pub type PublicKeyMap = BTreeMap<String, PublicKeySet>; | |||
/// A set of public keys for a single homeserver. | |||
/// | |||
/// This is represented as a map from key ID to base64-encoded signature. | |||
pub type PublicKeySet = BTreeMap<String, Base64>; | |||
pub type PublicKeySet = BTreeMap<OwnedServerSigningKeyId, Base64>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related to this change, is there any value for PublicKeyMap
to use OwnedServerName
for the keys? Or is it used in cases where the entity is not a server name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it could be good, would make working with this function much more clear, and also ensure that consumers of the function are passing in the correct type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I do that in this pull request, or a new one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can do that separately, it will make this PR a bit smaller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be ok to also convert entity_id
of sign_json
and friends to &ServerName
(currently &str
)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking more into it, both sign_json
and verify_json
could be used on the client side (to sign/verify devices or cross-signing keys signatures), so they shouldn't use server signatures specific types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like this isn't as big of a deal as I thought for us anyways, and if there is a usecase outside of servers, then I think it would be best to close this then.
It actually turns out that There is a small difference in validation in that |
As per #1808 (comment) |
No description provided.