Replace ic-certified-map with ic-certification

The new library is maintained by the trust team, includes the required impelemntation for nested trees and will eventually offer a lot of tooling around asset certification.
dfinity · Nov 20, 2023 · 6a12290 · 6a12290
1 parent 0b2d86c
commit 6a12290
Show file tree

Hide file tree

Showing 12 changed files with 38 additions and 249 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/src/canister_sig_util/Cargo.toml b/src/canister_sig_util/Cargo.toml
@@ -7,7 +7,7 @@ edition = "2021"
 [dependencies]
 # ic dependencies
 candid = "0.9"
-ic-certified-map = "0.4"
+ic-certification = "1.3"
 
 # other dependencies
 lazy_static = "1.4"

diff --git a/src/canister_sig_util/src/signature_map.rs b/src/canister_sig_util/src/signature_map.rs
@@ -1,5 +1,5 @@
 //! Maintains anchor signatures and expirations.
-use ic_certified_map::{leaf_hash, AsHashTree, Hash, HashTree, RbTree};
+use ic_certification::{leaf, leaf_hash, AsHashTree, Hash, HashTree, RbTree};
 use std::borrow::Cow;
 use std::collections::BinaryHeap;
 
@@ -11,8 +11,8 @@ impl AsHashTree for Unit {
     fn root_hash(&self) -> Hash {
         leaf_hash(&b""[..])
     }
-    fn as_hash_tree(&self) -> HashTree<'_> {
-        HashTree::Leaf(Cow::from(&b""[..]))
+    fn as_hash_tree(&self) -> HashTree {
+        leaf(Cow::from(&b""[..]))
     }
 }
 
@@ -102,7 +102,7 @@ impl SignatureMap {
         self.certified_map.root_hash()
     }
 
-    pub fn witness(&self, seed: Hash, message: Hash) -> Option<HashTree<'_>> {
+    pub fn witness(&self, seed: Hash, message: Hash) -> Option<HashTree> {
         self.certified_map.get(&seed[..])?.get(&message[..])?;
         let witness = self
             .certified_map

diff --git a/src/canister_sig_util/src/signature_map/test.rs b/src/canister_sig_util/src/signature_map/test.rs
@@ -1,5 +1,5 @@
 use super::*;
-use ic_certified_map::Hash;
+use ic_certification::Hash;
 use sha2::{Digest, Sha256};
 
 fn hash_bytes(value: impl AsRef<[u8]>) -> Hash {
@@ -99,7 +99,7 @@ fn test_random_modifications() {
         for (k, v) in pairs.iter() {
             if let Some(witness) = map.witness(*k, *v) {
                 assert_eq!(
-                    witness.reconstruct(),
+                    witness.digest(),
                     map.root_hash(),
                     "produced a bad witness: {witness:?}"
                 );

diff --git a/src/internet_identity/Cargo.toml b/src/internet_identity/Cargo.toml
@@ -29,7 +29,7 @@ captcha = { git = "https://github.com/nmattia/captcha", rev = "9c0d2dd9bf519e255
 candid = "0.9"
 ic-cdk = "0.10"
 ic-cdk-macros = "0.7"
-ic-certified-map = "0.4"
+ic-certification = "1.3"
 ic-metrics-encoder = "1"
 ic-stable-structures = "0.5"
 

diff --git a/src/internet_identity/src/assets.rs b/src/internet_identity/src/assets.rs
@@ -4,13 +4,12 @@
 
 use crate::hash::{hash_of_map, Value};
 use crate::http::{security_headers, IC_CERTIFICATE_EXPRESSION_HEADER};
-use crate::nested_tree::NestedTree;
 use crate::state;
 use base64::engine::general_purpose::STANDARD as BASE64;
 use base64::Engine;
 use ic_cdk::api;
-use ic_certified_map::{
-    fork, fork_hash, labeled, labeled_hash, AsHashTree, Hash, HashTree, RbTree,
+use ic_certification::{
+    fork, fork_hash, labeled, labeled_hash, pruned, AsHashTree, Hash, HashTree, NestedTree, RbTree,
 };
 use include_dir::{include_dir, Dir, File};
 use internet_identity_interface::http_gateway::HeaderField;
@@ -47,7 +46,7 @@ impl CertifiedAssets {
         let witness = self.certification_v1.witness(path.as_bytes());
         fork(
             labeled(LABEL_ASSETS_V1, witness),
-            HashTree::Pruned(labeled_hash(
+            pruned(labeled_hash(
                 LABEL_ASSETS_V2,
                 &self.certification_v2.root_hash(),
             )),
@@ -64,7 +63,7 @@ impl CertifiedAssets {
         let witness = self.certification_v2.witness(&path_bytes);
 
         fork(
-            HashTree::Pruned(labeled_hash(
+            pruned(labeled_hash(
                 LABEL_ASSETS_V1,
                 &self.certification_v1.root_hash(),
             )),

diff --git a/src/internet_identity/src/delegation.rs b/src/internet_identity/src/delegation.rs
@@ -7,7 +7,7 @@ use canister_sig_util::signature_map::{SignatureMap, LABEL_SIG};
 use canister_sig_util::CanisterSigPublicKey;
 use ic_cdk::api::{data_certificate, time};
 use ic_cdk::{id, trap};
-use ic_certified_map::{Hash, HashTree};
+use ic_certification::{fork, labeled, pruned, Hash, HashTree};
 use internet_identity_interface::internet_identity::types::*;
 use serde::Serialize;
 use serde_bytes::ByteBuf;
@@ -214,7 +214,7 @@ fn get_signature(
     });
     let witness = sigs.witness(hash::hash_bytes(seed), msg_hash)?;
 
-    let witness_hash = witness.reconstruct();
+    let witness_hash = witness.digest();
     let root_hash = sigs.root_hash();
     if witness_hash != root_hash {
         trap(&format!(
@@ -224,15 +224,12 @@ fn get_signature(
         ));
     }
 
-    let tree = ic_certified_map::fork(
-        HashTree::Pruned(assets.root_hash()),
-        ic_certified_map::labeled(LABEL_SIG, witness),
-    );
+    let tree = fork(pruned(assets.root_hash()), labeled(LABEL_SIG, witness));
 
     #[derive(Serialize)]
-    struct Sig<'a> {
+    struct Sig {
         certificate: ByteBuf,
-        tree: HashTree<'a>,
+        tree: HashTree,
     }
 
     let sig = Sig {

diff --git a/src/internet_identity/src/hash.rs b/src/internet_identity/src/hash.rs
@@ -1,6 +1,6 @@
 //! Provides helper functions to calculate the representation independent hash
 //! of structured data.
-use ic_certified_map::Hash;
+use ic_certification::Hash;
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
 use std::collections::HashMap;

diff --git a/src/internet_identity/src/http.rs b/src/internet_identity/src/http.rs
@@ -6,7 +6,7 @@ use base64::Engine;
 use canister_sig_util::signature_map::LABEL_SIG;
 use ic_cdk::api::data_certificate;
 use ic_cdk::trap;
-use ic_certified_map::HashTree;
+use ic_certification::{fork, labeled_hash, pruned};
 use internet_identity_interface::http_gateway::{HeaderField, HttpRequest, HttpResponse};
 use serde::Serialize;
 use serde_bytes::ByteBuf;
@@ -234,9 +234,9 @@ fn asset_certificate_headers_v1(asset_name: &str) -> Vec<(String, String)> {
         trap("data certificate is only available in query calls");
     });
     state::assets_and_signatures(|assets, sigs| {
-        let tree = ic_certified_map::fork(
+        let tree = fork(
             assets.witness_v1(asset_name),
-            HashTree::Pruned(ic_certified_map::labeled_hash(LABEL_SIG, &sigs.root_hash())),
+            pruned(labeled_hash(LABEL_SIG, &sigs.root_hash())),
         );
         let mut serializer = serde_cbor::ser::Serializer::new(vec![]);
         serializer.self_describe().unwrap();
@@ -266,9 +266,9 @@ fn asset_certificate_headers_v2(absolute_path: &str) -> Vec<(String, String)> {
     path.push(EXACT_MATCH_TERMINATOR.to_string());
 
     state::assets_and_signatures(|assets, sigs| {
-        let tree = ic_certified_map::fork(
+        let tree = fork(
             assets.witness_v2(absolute_path),
-            HashTree::Pruned(ic_certified_map::labeled_hash(LABEL_SIG, &sigs.root_hash())),
+            pruned(labeled_hash(LABEL_SIG, &sigs.root_hash())),
         );
 
         let mut tree_serializer = serde_cbor::ser::Serializer::new(vec![]);

diff --git a/src/internet_identity/src/main.rs b/src/internet_identity/src/main.rs
@@ -25,8 +25,6 @@ mod delegation;
 mod hash;
 mod http;
 mod ii_domain;
-/// Infrastructure to help building nested certification trees.
-mod nested_tree;
 mod state;
 mod storage;
 mod vc_mvp;
@@ -409,7 +407,7 @@ fn save_persistent_state() {
 }
 
 fn update_root_hash() {
-    use ic_certified_map::{fork_hash, labeled_hash};
+    use ic_certification::{fork_hash, labeled_hash};
     state::assets_and_signatures(|assets, sigs| {
         let prefixed_root_hash = fork_hash(
             &assets.root_hash(),