Function deepkey_csr::change_rule::update_change_rule

source ·

pub fn update_change_rule(
    input: UpdateChangeRuleInput,
) -> ExternResult<ChangeRule>

Expand description

Update the rules for updating keys and the rules themselves

A ChangeRule is created in the init process with the cell agent as the authorized signer. This means that the first change rule update can be authorized by the coordinator zome who has the ability to sign with the cell agent.

§Example usage (first update)

use hdk::prelude::*;
use hc_deepkey_sdk::*;

use rand::rngs::OsRng;
use ed25519_dalek::SigningKey;
use serde_bytes::ByteArray;

// Generate some revocation keys (unsafely)
let rev_key1 = SigningKey::generate(&mut OsRng);
let rev_key2 = SigningKey::generate(&mut OsRng);

let rev_pubkey1 = rev_key1.verifying_key();
let rev_pubkey2 = rev_key2.verifying_key();

let rev_auth1 = ByteArray::<32>::new( rev_pubkey1.to_bytes() );
let rev_auth2 = ByteArray::<32>::new( rev_pubkey2.to_bytes() );

// Define a multi-sig spec with 1 of 2
let authority_spec = AuthoritySpecInput {
    sigs_required: 1,
    authorized_signers: vec![
        rev_auth1,
        rev_auth2,
    ],
};

let result = deepkey_csr::change_rule::update_change_rule(UpdateChangeRuleInput {
    authority_spec,
    authorizations: None, // Not required for the first update because the cell agent
                          // can sign the 'authority_spec' in the coordinator function
});

Now that the authorized signers are set to keys outside of Lair, the authorizations signatures must be provided in the call.

§Example usage (second update)

use ed25519_dalek::Signer;

let rev_key3 = SigningKey::generate(&mut OsRng);
let rev_key4 = SigningKey::generate(&mut OsRng);
let rev_key5 = SigningKey::generate(&mut OsRng);

let rev_pubkey3 = rev_key3.verifying_key();
let rev_pubkey4 = rev_key4.verifying_key();
let rev_pubkey5 = rev_key4.verifying_key();

let rev_auth3 = ByteArray::<32>::new( rev_pubkey3.to_bytes() );
let rev_auth4 = ByteArray::<32>::new( rev_pubkey4.to_bytes() );
let rev_auth5 = ByteArray::<32>::new( rev_pubkey4.to_bytes() );

// Define a multi-sig spec with 2 of 3
let authority_spec = AuthoritySpecInput {
    sigs_required: 2,
    authorized_signers: vec![
        rev_auth3,
        rev_auth4,
        rev_auth5,
    ],
};
// Serialize spec for signing
let serialized = deepkey::utils::serialize( &authority_spec )?;

let result = deepkey_csr::change_rule::update_change_rule(UpdateChangeRuleInput {
    authority_spec,
    authorizations: Some(vec![
        // Sign new spec with the 2nd authorized signer from the previous rule.  The previous
        // spec only requires 1 signature.
        ( 1, Signature( rev_key2.sign( &serialized ).to_bytes() ) ),
    ]),
});

Function deepkey_csr::change_rule::update_change_ruleCopy item path

§Example usage (first update)

§Example usage (second update)

Function deepkey_csr::change_rule::update_change_rule