99#include " ccf/common_auth_policies.h"
1010#include " ccf/cose_signatures_config_interface.h"
1111#include " ccf/crypto/cose.h"
12+ #include " ccf/crypto/sha256_hash.h"
1213#include " ccf/crypto/verifier.h"
1314#include " ccf/ds/hash.h"
1415#include " ccf/endpoints/authentication/all_of_auth.h"
2122#include " ccf/json_handler.h"
2223#include " ccf/network_identity_interface.h"
2324#include " ccf/version.h"
24- #include " crypto/public_key.h"
2525
2626#include < charconv>
27- #include < crypto/cose.h>
2827#define FMT_HEADER_ONLY
2928#include < fmt/format.h>
3029
@@ -43,6 +42,11 @@ namespace loggingapp
4342 static constexpr auto COSE_SIGNED_STATEMENTS =
4443 " public:cose_transparent_statements" ;
4544
45+ // IANA COSE header labels
46+ // https://www.iana.org/assignments/cose/cose.xhtml
47+ static constexpr int64_t COSE_HEADER_PARAM_INCLUSION_PROOFS = -1 ;
48+ static constexpr int64_t COSE_HEADER_PARAM_VDP = 396 ;
49+
4650 // SNIPPET_START: indexing_strategy_definition
4751 using RecordsIndexingStrategy = ccf::indexing::LazyStrategy<
4852 ccf::indexing::strategies::SeqnosByKey_Bucketed<RecordsMap>>;
@@ -266,9 +270,9 @@ namespace loggingapp
266270 }
267271
268272 auto inclusion_proof =
269- ccf::cose::edit::pos::AtKey{ccf::cose::header::iana:: INCLUSION_PROOFS };
273+ ccf::cose::edit::pos::AtKey{COSE_HEADER_PARAM_INCLUSION_PROOFS };
270274 ccf::cose::edit::desc::Value desc{
271- inclusion_proof, ccf::cose::header::iana:: VDP , *proof};
275+ inclusion_proof, COSE_HEADER_PARAM_VDP , *proof};
272276 return ccf::cose::edit::set_unprotected_header (*signature, desc);
273277 }
274278
@@ -2149,31 +2153,32 @@ namespace loggingapp
21492153 .set_forwarding_required (ccf::endpoints::ForwardingRequired::Never)
21502154 .install ();
21512155
2152- auto get_trusted_keys = [&](
2153- ccf::endpoints::ReadOnlyEndpointContext& ctx) {
2154- auto network_identity_subsystem =
2155- context.get_subsystem <ccf::NetworkIdentitySubsystemInterface>();
2156- if (network_identity_subsystem == nullptr )
2157- {
2158- ctx.rpc_ctx ->set_error (
2159- HTTP_STATUS_INTERNAL_SERVER_ERROR ,
2160- ccf::errors::InternalError,
2161- " Network identity subsystem not available" );
2162- return ;
2163- }
2156+ auto get_trusted_keys =
2157+ [&]( ccf::endpoints::ReadOnlyEndpointContext& ctx) {
2158+ auto network_identity_subsystem =
2159+ context.get_subsystem <ccf::NetworkIdentitySubsystemInterface>();
2160+ if (network_identity_subsystem == nullptr )
2161+ {
2162+ ctx.rpc_ctx ->set_error (
2163+ HTTP_STATUS_INTERNAL_SERVER_ERROR ,
2164+ ccf::errors::InternalError,
2165+ " Network identity subsystem not available" );
2166+ return ;
2167+ }
21642168
2165- auto keys = network_identity_subsystem->get_trusted_keys ();
2166- nlohmann::json jwks = nlohmann::json::object ();
2167- auto keys_array = nlohmann::json::array ();
2168- for (const auto & [seqno, key_ptr] : keys)
2169- {
2170- const auto kid = ccf::crypto::kid_from_key (key_ptr->public_key_der ());
2171- keys_array.push_back (key_ptr->public_key_jwk (kid));
2172- }
2173- jwks[" keys" ] = keys_array;
2169+ auto keys = network_identity_subsystem->get_trusted_keys ();
2170+ nlohmann::json jwks = nlohmann::json::object ();
2171+ auto keys_array = nlohmann::json::array ();
2172+ for (const auto & [seqno, key_ptr] : keys)
2173+ {
2174+ const auto kid =
2175+ ccf::crypto::Sha256Hash (key_ptr->public_key_der ()).hex_str ();
2176+ keys_array.push_back (key_ptr->public_key_jwk (kid));
2177+ }
2178+ jwks[" keys" ] = keys_array;
21742179
2175- ctx.rpc_ctx ->set_response_json (jwks, HTTP_STATUS_OK );
2176- };
2180+ ctx.rpc_ctx ->set_response_json (jwks, HTTP_STATUS_OK );
2181+ };
21772182 make_read_only_endpoint (
21782183 " /log/public/trusted_keys" ,
21792184 HTTP_GET ,
@@ -2383,7 +2388,7 @@ namespace loggingapp
23832388 // Build "transparent statement".
23842389 ccf::cose::edit::desc::Value receipts_desc{
23852390 ccf::cose::edit::pos::InArray{},
2386- ccf::cose::header::iana:: VDP ,
2391+ COSE_HEADER_PARAM_VDP ,
23872392 *cose_receipt};
23882393 auto transparent_statement =
23892394 ccf::cose::edit::set_unprotected_header (*entry, receipts_desc);
0 commit comments