feat: store signatures

Cargo.toml

@@ -12,6 +12,7 @@ members = [
     "modules/graphql",
     "modules/importer",
     "modules/ingestor",
+    "modules/signature",
     "modules/storage",
     "modules/ui",
     "modules/user",
@@ -119,7 +120,7 @@ semver = "1"
 serde = "1.0.183"
 serde-cyclonedx = "0.9.1"
 serde_json = "1.0.114"
-serde_with = "3.11.0"
+serde_with = { version = "3.12.0", features = ["base64"] }
 serde_yml = { package = "serde_yaml_ng", version = "0.10" }
 sha2 = "0.10.8"
 spdx = "0.10.6"
@@ -165,17 +166,18 @@ trustify-cvss = { path = "cvss" }
 trustify-entity = { path = "entity" }
 trustify-infrastructure = { path = "common/infrastructure" }
 trustify-migration = { path = "migration" }
+trustify-module-analysis = { path = "modules/analysis" }
 trustify-module-fundamental = { path = "modules/fundamental" }
+trustify-module-graphql = { path = "modules/graphql" }
 trustify-module-importer = { path = "modules/importer" }
-trustify-module-ui = { path = "modules/ui", default-features = false }
-trustify-server = { path = "server", default-features = false }
-trustify-ui = { git = "https://github.com/trustification/trustify-ui.git", branch = "publish/main" }
 trustify-module-ingestor = { path = "modules/ingestor" }
+trustify-module-signature = { path = "modules/signature" }
 trustify-module-storage = { path = "modules/storage" }
-trustify-module-graphql = { path = "modules/graphql" }
-trustify-test-context = { path = "test-context" }
-trustify-module-analysis = { path = "modules/analysis" }
+trustify-module-ui = { path = "modules/ui", default-features = false }
 trustify-module-user = { path = "modules/user" }
+trustify-server = { path = "server", default-features = false }
+trustify-test-context = { path = "test-context" }
+trustify-ui = { git = "https://github.com/trustification/trustify-ui.git", branch = "publish/main" }
 
 # These dependencies are active during both the build time and the run time. So they are normal dependencies
 # as well as build-dependencies. However, we can't control feature flags for build dependencies the way we do

common/auth/src/permission.rs

@@ -108,6 +108,15 @@ permission! {
 
         #[strum(serialize = "delete.vulnerability")]
         DeleteVulnerability,
+
+        #[strum(serialize = "create.trustAnchor")]
+        CreateTrustAnchor,
+        #[strum(serialize = "read.trustAnchor")]
+        ReadTrustAnchor,
+        #[strum(serialize = "update.trustAnchor")]
+        UpdateTrustAnchor,
+        #[strum(serialize = "delete.trustAnchor")]
+        DeleteTrustAnchor,
     }
 }
 

common/src/endpoints.rs

@@ -0,0 +1,9 @@
+pub mod guards {
+    use actix_web::guard::{self, Guard, GuardContext};
+
+    pub const JSON_MERGE_CONTENT_TYPE: &str = "application/merge-patch+json";
+
+    pub fn json_merge(ctx: &GuardContext) -> bool {
+        guard::Header("content-type", JSON_MERGE_CONTENT_TYPE).check(ctx)
+    }
+}

common/src/lib.rs

@@ -3,6 +3,7 @@ pub mod config;
 pub mod cpe;
 pub mod db;
 pub mod decompress;
+pub mod endpoints;
 pub mod error;
 pub mod hashing;
 pub mod id;

entity/src/advisory.rs

@@ -29,7 +29,7 @@ pub struct Model {
     pub withdrawn: Option<OffsetDateTime>,
     pub title: Option<String>,
     pub labels: Labels,
-    pub source_document_id: Option<Uuid>,
+    pub source_document_id: Uuid,
 }
 
 #[ComplexObject]

entity/src/lib.rs

@@ -29,8 +29,11 @@ pub mod sbom_package;
 pub mod sbom_package_cpe_ref;
 pub mod sbom_package_license;
 pub mod sbom_package_purl_ref;
+pub mod signature_type;
 pub mod source_document;
+pub mod source_document_signature;
 pub mod status;
+pub mod trust_anchor;
 pub mod user_preferences;
 pub mod version_range;
 pub mod version_scheme;

entity/src/sbom.rs

@@ -19,7 +19,7 @@ pub struct Model {
     pub suppliers: Vec<String>,
     pub data_licenses: Vec<String>,
 
-    pub source_document_id: Option<Uuid>,
+    pub source_document_id: Uuid,
 
     #[graphql(derived(owned, into = "HashMap<String,String>", with = "Labels::from"))]
     pub labels: Labels,

entity/src/signature_type.rs

@@ -0,0 +1,42 @@
+use sea_orm::{DeriveActiveEnum, EnumIter};
+use std::fmt;
+
+#[derive(
+    Debug,
+    Copy,
+    Clone,
+    Hash,
+    PartialEq,
+    Eq,
+    EnumIter,
+    DeriveActiveEnum,
+    strum::VariantArray,
+    strum::EnumString,
+    serde::Serialize,
+    serde::Deserialize,
+    utoipa::ToSchema,
+)]
+#[sea_orm(rs_type = "String", db_type = "Enum", enum_name = "signature_type")]
+#[serde(rename_all = "lowercase")]
+#[strum(serialize_all = "lowercase")]
+// When adding a new variant, also add this to the "signature_type" enum.
+pub enum SignatureType {
+    #[sea_orm(string_value = "pgp")]
+    Pgp,
+}
+
+impl fmt::Display for SignatureType {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn names() {
+        assert_eq!(SignatureType::Pgp.to_string(), "pgp");
+    }
+}

entity/src/source_document.rs

@@ -13,6 +13,9 @@ pub struct Model {
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
-pub enum Relation {}
+pub enum Relation {
+    #[sea_orm(has_many = "super::source_document_signature::Entity")]
+    Signature,
+}
 
 impl ActiveModelBehavior for ActiveModel {}

entity/src/source_document_signature.rs

@@ -0,0 +1,30 @@
+use crate::signature_type::SignatureType;
+use sea_orm::entity::prelude::*;
+
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel)]
+#[sea_orm(table_name = "source_document_signature")]
+pub struct Model {
+    #[sea_orm(primary_key)]
+    pub id: Uuid,
+    pub document_id: Uuid,
+    pub r#type: SignatureType,
+    pub payload: Vec<u8>,
+}
+
+#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
+pub enum Relation {
+    #[sea_orm(
+        belongs_to = "super::source_document::Entity",
+        from = "Column::DocumentId",
+        to = "super::source_document::Column::Id"
+    )]
+    SourceDocument,
+}
+
+impl ActiveModelBehavior for ActiveModel {}
+
+impl Related<super::source_document::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::SourceDocument.def()
+    }
+}

entity/src/trust_anchor.rs

@@ -0,0 +1,21 @@
+use crate::signature_type::SignatureType;
+use sea_orm::entity::prelude::*;
+
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel)]
+#[sea_orm(table_name = "trust_anchor")]
+pub struct Model {
+    #[sea_orm(primary_key)]
+    pub id: String,
+    pub revision: Uuid,
+
+    pub disabled: bool,
+    pub description: String,
+
+    pub r#type: SignatureType,
+    pub payload: Vec<u8>,
+}
+
+#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
+pub enum Relation {}
+
+impl ActiveModelBehavior for ActiveModel {}

etc/datasets/Makefile

@@ -15,3 +15,8 @@ ds3.zip:
 ds3-sboms.zip:
 	-rm ds3-sbom.zip
 	cd ds3 && zip -r ../ds3-sboms.zip ./spdx
+
+.PHONY: ds6.zip
+ds6.zip:
+	-rm ds6.zip
+	cd ds6 && zip -r ../ds6.zip .