Skip to content

Module BSV::Auth::ValidateCertificates

Utility module for validating certificates received in an authenticated message.

Exposes a single module method, {.call}, which is also available as BSV::Auth.validate_certificates via extend.

Algorithm: 1. Raise AuthError if message[:certificates] is nil or empty. 2. For each certificate in the array: 1. Verify cert subject == message identity key. 2. Construct a VerifiableCertificate if the input is a plain Hash. 3. Call cert.verify — raise if signature is invalid. 4. If requested_certificates is provided, check certifier and type. 5. Call +cert.decrypt_fields(wallet)+ — wrap any error in AuthError.

Wallet is duck-typed — any object responding to verify_signature and decrypt is accepted.

Public Class Methods

validate_certificates(wallet, message, requested_certificates = nil)

Validates certificates attached to an incoming authenticated message. - @param wallet [#verify_signature, #decrypt] the verifier's wallet - @param message [Hash] incoming authenticated message; must contain +:certificates+ and +:identity_key+ (symbol or string keys accepted) - @param requested_certificates [Hash, nil] optional filter with keys +:certifiers+ (Array of pubkey hex strings) and +:types+ (Hash of type string => fields) - @raise [AuthError] on any validation failure