SignCore.Policy behaviour (sign_core v0.1.0)

Copy Markdown View Source

Behaviour for trust policies.

See docs/specs/api.md §2.3 for the canonical contract. The verify pipeline treats sender-supplied certificates as untrusted input: resolve/2 MUST return {:error, :unknown_signer} when the candidate certificate (or its identity hint) does not match an allowlist the verifier maintains.

Cryptographic verification only runs after resolve/2 succeeds AND validate/3 returns {:ok, subject_id}.

Summary

Types

cert()
chain()
header()
subject_id()

Callbacks

resolve(header, opts)
validate(cert, chain, opts)

Types

cert()

@type cert() :: SignCore.X509.t()

chain()

@type chain() :: [cert()]

header()

@type header() :: map()

subject_id()

@type subject_id() :: term()

Callbacks

resolve(header, opts)

@callback resolve(header(), opts :: keyword()) ::
  {:ok, cert(), chain()} | {:error, term()}

validate(cert, chain, opts)

@callback validate(cert(), chain(), opts :: keyword()) ::
  {:ok, subject_id()} | {:error, term()}