feat(rust/signed-doc): Add a function to check deprecated version below v0.04 for a signed doc (#441)

* initial

* chore: minor comment

* wip tests

* wip

* wip

* wip

* chore: minor test to check non-deterministic

* test: minor

* chore: add error doc to the function

* chore: fmtfix

---------

Co-authored-by: Mr-Leshiy <leshiy12345678@gmail.com>

Author: apskhem

rust/signed_doc/src/lib.rs

@@ -29,7 +29,7 @@ pub use metadata::{
 use minicbor::{decode, encode, Decode, Decoder, Encode};
 pub use signature::{CatalystId, Signatures};
 
-use crate::builder::SignaturesBuilder;
+use crate::{builder::SignaturesBuilder, metadata::SupportedLabel};
 
 /// `COSE_Sign` object CBOR tag <https://datatracker.ietf.org/doc/html/rfc8152#page-8>
 const COSE_SIGN_CBOR_TAG: minicbor::data::Tag = minicbor::data::Tag::new(98);
@@ -180,6 +180,38 @@ impl CatalystSignedDocument {
             .collect()
     }
 
+    /// Checks if the CBOR body of the signed doc is in the older version format before
+    /// v0.04.
+    ///
+    /// # Errors
+    ///
+    /// Errors from CBOR decoding.
+    pub fn is_deprecated(&self) -> anyhow::Result<bool> {
+        let mut e = minicbor::Encoder::new(Vec::new());
+
+        let e = e.encode(self.inner.metadata.clone())?;
+        let e = e.to_owned().into_writer();
+
+        for entry in cbork_utils::map::Map::decode(
+            &mut minicbor::Decoder::new(e.as_slice()),
+            &mut cbork_utils::decode_context::DecodeCtx::non_deterministic(),
+        )? {
+            match minicbor::Decoder::new(&entry.key_bytes).decode::<SupportedLabel>()? {
+                SupportedLabel::Template
+                | SupportedLabel::Ref
+                | SupportedLabel::Reply
+                | SupportedLabel::Parameters => {
+                    if DocumentRefs::is_deprecated_cbor(&entry.value)? {
+                        return Ok(true);
+                    }
+                },
+                _ => {},
+            }
+        }
+
+        Ok(false)
+    }
+
     /// Returns a collected problem report for the document.
     /// It accumulates all kind of errors, collected during the decoding, type based
     /// validation and signature verification.

rust/signed_doc/src/metadata/document_refs/mod.rs

@@ -17,6 +17,28 @@ use crate::CompatibilityPolicy;
 #[derive(Clone, Debug, PartialEq, Hash, Eq)]
 pub struct DocumentRefs(Vec<DocumentRef>);
 
+impl DocumentRefs {
+    /// Returns true if provided `cbor` bytes is a valid old format.
+    /// ```cddl
+    /// old_format = [id, ver]
+    /// ```
+    /// Returns false if provided `cbor` bytes is a valid new format.
+    /// ```cddl
+    /// new_format = [ +[id, ver, cid] ]
+    /// ```
+    pub(crate) fn is_deprecated_cbor(cbor: &[u8]) -> Result<bool, minicbor::decode::Error> {
+        let mut d = minicbor::Decoder::new(cbor);
+        d.array()?;
+        match d.datatype()? {
+            // new_format = [ +[id, ver, cid] ]
+            minicbor::data::Type::Array => Ok(false),
+            // old_format = [id, ver]
+            minicbor::data::Type::Tag => Ok(true),
+            ty => Err(minicbor::decode::Error::type_mismatch(ty)),
+        }
+    }
+}
+
 /// Document reference error.
 #[derive(Debug, Clone, thiserror::Error)]
 pub enum DocRefError {

rust/signed_doc/src/metadata/supported_field.rs

@@ -208,19 +208,10 @@ impl minicbor::Decode<'_, crate::decode_context::DecodeContext> for Option<Suppo
     ) -> Result<Self, minicbor::decode::Error> {
         const REPORT_CONTEXT: &str = "Metadata field decoding";
 
-        let label = Label::decode(d, &mut ())?;
-        let Some(key) = SupportedLabel::from_cose(label) else {
-            let value_start = d.position();
-            d.skip()?;
-            let value_end = d.position();
-            // Since the high level type isn't know, the value CBOR is tokenized and reported as
-            // such.
-            let value = minicbor::decode::Tokenizer::new(
-                d.input().get(value_start..value_end).unwrap_or_default(),
-            )
-            .to_string();
-            ctx.report()
-                .unknown_field(&label.to_string(), &value, REPORT_CONTEXT);
+        let Ok(key) = d
+            .decode::<SupportedLabel>()
+            .inspect_err(|e| ctx.report().other(e.to_string().as_str(), REPORT_CONTEXT))
+        else {
             return Ok(None);
         };
 
@@ -272,6 +263,17 @@ impl minicbor::Decode<'_, crate::decode_context::DecodeContext> for Option<Suppo
     }
 }
 
+impl<C> minicbor::Decode<'_, C> for SupportedLabel {
+    fn decode(
+        d: &mut minicbor::Decoder<'_>, _ctx: &mut C,
+    ) -> Result<Self, minicbor::decode::Error> {
+        let label = d.decode()?;
+        Self::from_cose(label).ok_or(minicbor::decode::Error::message(format!(
+            "Unsupported key {label}"
+        )))
+    }
+}
+
 impl minicbor::Encode<()> for SupportedField {
     fn encode<W: minicbor::encode::Write>(
         &self, e: &mut minicbor::Encoder<W>, ctx: &mut (),

rust/signed_doc/tests/decoding.rs

@@ -22,6 +22,68 @@ struct TestCase {
     post_checks: Option<Box<PostCheck>>,
 }
 
+fn signed_doc_deprecated_doc_ref_case(field_name: &'static str) -> TestCase {
+    let uuid_v7 = UuidV7::new();
+    let doc_type = DocType::from(UuidV4::new());
+    let doc_ref = DocumentRef::new(UuidV7::new(), UuidV7::new(), DocLocator::default());
+    TestCase {
+        name: format!(
+            "Catalyst Signed Doc with deprecated {field_name} version before v0.04 validating."
+        ),
+        bytes_gen: Box::new({
+            move || {
+                let mut e = Encoder::new(Vec::new());
+                e.tag(Tag::new(98))?;
+                e.array(4)?;
+
+                // protected headers (metadata fields)
+                e.bytes({
+                    let mut p_headers = Encoder::new(Vec::new());
+                    p_headers.map(5)?;
+                    p_headers.u8(3)?.encode(ContentType::Json)?;
+                    p_headers
+                        .str("id")?
+                        .encode_with(uuid_v7, &mut catalyst_types::uuid::CborContext::Tagged)?;
+                    p_headers
+                        .str("ver")?
+                        .encode_with(uuid_v7, &mut catalyst_types::uuid::CborContext::Tagged)?;
+                    p_headers.str("type")?.encode(&doc_type)?;
+                    p_headers.str(field_name)?;
+                    p_headers.array(2)?;
+                    p_headers.encode_with(
+                        doc_ref.id(),
+                        &mut catalyst_types::uuid::CborContext::Tagged,
+                    )?;
+                    p_headers.encode_with(
+                        doc_ref.ver(),
+                        &mut catalyst_types::uuid::CborContext::Tagged,
+                    )?;
+
+                    p_headers.into_writer().as_slice()
+                })?;
+
+                // empty unprotected headers
+                e.map(0)?;
+                // content
+                e.bytes(serde_json::to_vec(&serde_json::Value::Null)?.as_slice())?;
+                // zero signatures
+                e.array(0)?;
+
+                Ok(e)
+            }
+        }),
+        policy: CompatibilityPolicy::Accept,
+        can_decode: true,
+        valid_doc: true,
+        post_checks: Some(Box::new({
+            move |doc| {
+                anyhow::ensure!(doc.is_deprecated()?);
+                Ok(())
+            }
+        })),
+    }
+}
+
 fn signed_doc_with_valid_alias_case(alias: &'static str) -> TestCase {
     let uuid_v7 = UuidV7::new();
     let doc_type = DocType::from(UuidV4::new());
@@ -537,6 +599,7 @@ fn signed_doc_with_minimal_metadata_fields_case() -> TestCase {
                     doc.encoded_content() == serde_json::to_vec(&serde_json::Value::Null)?
                 );
                 anyhow::ensure!(doc.kids().len() == 1);
+                anyhow::ensure!(!doc.is_deprecated()?);
                 Ok(())
             }
         })),
@@ -622,6 +685,7 @@ fn signed_doc_with_complete_metadata_fields_case() -> TestCase {
                 anyhow::ensure!(doc.doc_content_type()? == ContentType::Json);
                 anyhow::ensure!(doc.encoded_content() == serde_json::to_vec(&serde_json::Value::Null)?);
                 anyhow::ensure!(doc.kids().len() == 1);
+                anyhow::ensure!(!doc.is_deprecated()?);
                 Ok(())
             }
         })),
@@ -1240,6 +1304,13 @@ fn signed_doc_with_non_supported_protected_signature_header_invalid() -> TestCas
 fn catalyst_signed_doc_decoding_test() {
     let test_cases = [
         decoding_empty_bytes_case(),
+        signed_doc_deprecated_doc_ref_case("template"),
+        signed_doc_deprecated_doc_ref_case("ref"),
+        signed_doc_deprecated_doc_ref_case("reply"),
+        signed_doc_deprecated_doc_ref_case("parameters"),
+        signed_doc_deprecated_doc_ref_case("category_id"),
+        signed_doc_deprecated_doc_ref_case("brand_id"),
+        signed_doc_deprecated_doc_ref_case("campaign_id"),
         signed_doc_with_minimal_metadata_fields_case(),
         signed_doc_with_complete_metadata_fields_case(),
         signed_doc_valid_null_as_no_content(),