// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////

//! Example program demonstrating signature creation.
use coset::{iana, CborSerializable, CoseError};

#[derive(Copy, Clone)]
struct FakeSigner {}

// Use a fake signer/verifier (to avoid pulling in lots of dependencies).
impl FakeSigner {
    fn sign(&self, data: &[u8]) -> Vec<u8> {
        data.to_vec()
    }

    fn verify(&self, sig: &[u8], data: &[u8]) -> Result<(), String> {
        if sig != self.sign(data) {
            Err("failed to verify".to_owned())
        } else {
            Ok(())
        }
    }
}

fn main() -> Result<(), CoseError> {
    // Build a fake signer/verifier (to avoid pulling in lots of dependencies).
    let signer = FakeSigner {};
    let verifier = signer;

    // Inputs.
    let pt = b"This is the content";
    let aad = b"this is additional data";

    // Build a `CoseSign1` object.
    let protected = coset::HeaderBuilder::new()
        .algorithm(iana::Algorithm::ES256)
        .key_id(b"11".to_vec())
        .build();
    let sign1 = coset::CoseSign1Builder::new()
        .protected(protected)
        .payload(pt.to_vec())
        .create_signature(aad, |pt| signer.sign(pt))
        .build();

    // Serialize to bytes.
    let sign1_data = sign1.to_vec()?;
    println!(
        "'{}' + '{}' => {}",
        String::from_utf8_lossy(pt),
        String::from_utf8_lossy(aad),
        hex::encode(&sign1_data)
    );

    // At the receiving end, deserialize the bytes back to a `CoseSign1` object.
    let mut sign1 = coset::CoseSign1::from_slice(&sign1_data)?;

    // Check the signature, which needs to have the same `aad` provided.
    let result = sign1.verify_signature(aad, |sig, data| verifier.verify(sig, data));
    println!("Signature verified: {:?}.", result);
    assert!(result.is_ok());

    // Changing an unprotected header leaves the signature valid.
    sign1.unprotected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
    assert!(sign1
        .verify_signature(aad, |sig, data| verifier.verify(sig, data))
        .is_ok());

    // Providing a different `aad` means the signature won't validate.
    assert!(sign1
        .verify_signature(b"not aad", |sig, data| verifier.verify(sig, data))
        .is_err());

    // Changing a protected header invalidates the signature.
    sign1.protected.header.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
    sign1.protected.original_data = None;
    assert!(sign1
        .verify_signature(aad, |sig, data| verifier.verify(sig, data))
        .is_err());
    Ok(())
}