search

microsoft / scitt-ccf-ledger

Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)
MIT License
35 stars 18 forks source link

Fixes pretty-receipt command for COSE envelopes with embedded receipts #219

Closed ivarprudnikov closed 2 months ago

ivarprudnikov commented 2 months ago

pretty-receipt CLI command fails when presented with the receipt embedded in the cose envelope. Fixing it here to make the command more resilient when parsing arbitrary CBOR. I am fairly sure there is an edge case that is not handled properly at the moment though as JSON encoder does not like pycose objects.

After the change COSE_Sign1 with the embedded receipt output will look like:

{
  "protected": {
    "Algorithm": "Ps256",
    "ContentType": "application/json+cose-hash-v",
    "CWTClaims": {
      "iss": "did:x509:0:sha256:HnwZ4lezuxq_GVcl_Sk7YWW170qAD0DZBLXilXet0jg::eku:1.3.6.1.4.1.311.10.3.13",
      "sub": "Test",
      "iat": "2024-08-20T20:38:00+00:00",
      "svn": "0"
    },
    "X5chain": [
     "MIIERDCCAiygAwIBAgI....3TTV6s0qg==",
      "MIIFLDCCAxSgAwIBA....M1SHsro5I=",
      "MIIFDjCCA...PWC4+72M="
    ],
    "X5t": {
      "alg": -16,
      "hash": "26d40d8e012c3358c01b494dc188e9bf1b77ee9a29987ed9f6a06fb0bf9188f4"
    }
  },
  "unprotected": {
    "SCITTReceipts": [
      {
        "protected": {
          "tree_alg": "CCF",
          "SCITTIssuer": "did:web:....",
          "KID": "#113c86fc073e81cda6d031909123e03eae846c39a9ad51aad1904461de5d4774",
          "service_id": "113c86fc073e81cda6d031909123e03eae846c39a9ad51aad1904461de5d4774",
          "enclave_measurement": "96c40e2532ba329849e7fede3f3d888a0423a1dc0f3d0511b138617cc3aa9e94",
          "registration_time": "1723582574"
        },
        "contents": {
          "signature": "cfBLt5uVN8qJxbYgn4vX691KEPEkE/TNVpoRRnNlgOT/e48ewk0fYt8rHmH5efkqVZONTRYBdZ2E8nQNE69VTZ6SYTFyfSfqsHIYhT0V7zu7N/ArADnRLR2hmLJHqYZ5",
          "node_certificate": "MIIB+TCCAX6gAwIBAgIRAM...cNWJwWIEe5+E=",
          "inclusion_proof": [
            {
              "left": "cb99e3e579a8e9b15f114698ce5ca5b9bb66cc65fbdf72bc0f05ac6ddc6d3a79"
            },
            {
              "left": "68e649b295fb445f7e3555674ae7737397ade859d0cbbee8c4a2cd82bd6ca6c6"
            },
            {
              "left": "39e813d29a6e91a2abae8d50c63a572c6b28f104b05807caffc4da86bf005b42"
            },
            {
              "left": "caeb4b0fc559339e96f3d56cec3bae91ec91e3e41007c39cfc122b9a9ee56c05"
            },
            {
              "left": "eab83a86fff687e59b795b6665d3e026f942575fb54dcf89eca98d5f5833059b"
            },
            {
              "left": "e37cb3d0460332dbd959ba585914a6ef823d223ed9f8436070d574196fd6858e"
            },
            {
              "left": "1258d09965c7253ec0864665ee54756d188a0dbcf88e6859cdd3301cdb2fb8aa"
            },
            {
              "left": "8daac9fb88effe244fe2f1adf68acd96264f81b2edcbc2d2adff1c405332c711"
            }
          ],
          "leaf_info": {
            "internal_hash": "399ac6d8379ac1b95de59ae0a555068f453b14981bdb15b4f1ec70a4b978778f",
            "internal_data": "ce:214.3533:c02f3e7cf7472ea5ed399280cbc657da24d0a1a8aba73d2cb4d4518696474425"
          }
        }
      }
    ]
  },
  "payload": "gy9YIAFavX9cxXot2Ut1kPBK2AhCc5Be4z7Fzr6uYidql/hidmh0dHBzOi8vdXJsLXRvLWNvbnRlbnQ="
}