Supply Chain Integrity, Transparency, and Trust (IETF SCITT)
ocaml-scitt: rewrite README example to typecheck
Several issues compounded into a syntax error: a missing [in] joining
the [Transparent_statement.v] line into [match], unbound free
variables ([clock], [ts_private_key], [issuer_key], etc.), [signed] /
[receipt] used as bare values when both [Signed_statement.sign] and
[Transparency_service.register] return [(_, error) result], and
[verify] called with the issuer's private key instead of the public
one.
Wrap the whole thing in a [run ~clock ~ts_private_key ~ts_public_key
~issuer_key ~issuer_public_key ~sbom_json] function, [match] each
result, switch [Format.printf] / [Format.eprintf] to [Fmt.pr] /
[Fmt.epr], and add [cose] / [fmt] to the mdx libraries.
+39
-30
+38
-29
README.md
+38
-29
README.md
···
43
43
## Quick Start
44
44
45
45
```ocaml
46
-
(* Create a transparency service with RFC 9162 VDS *)
47
-
let vds = Scitt.Vds_rfc9162.in_memory ()
48
-
let ts =
49
-
Scitt.Transparency_service.v ~service_id:"my-ts" ~vds
50
-
~algorithm:Cose.Algorithm.ES256
51
-
~sign:(Scitt.Signer.of_key ts_private_key)
52
-
clock
53
-
in
54
-
55
-
(* Register a signed statement *)
56
-
let statement =
57
-
Scitt.Statement.v ~issuer:"did:web:example.com"
58
-
~subject:"sha256:abcdef..." ~content_type:"application/spdx+json"
59
-
~payload:sbom_json
60
-
in
61
-
let signed = Scitt.Signed_statement.sign ~key:issuer_key statement
62
-
let receipt =
63
-
Scitt.Transparency_service.register ts ~issuer_key:issuer_public_key signed
64
-
in
65
-
66
-
(* Create and verify a transparent statement *)
67
-
let transparent = Scitt.Transparent_statement.v signed [ receipt ]match
68
-
Scitt.Transparent_statement.verify
69
-
~ts_keys:(fun ~service_id:_ -> Some ts_public_key)
70
-
~issuer_key transparent
71
-
with
72
-
| Ok (stmt, _level, _summary) ->
73
-
Format.printf "Verified: %s\n" (Scitt.Statement.issuer stmt)
74
-
| Error e -> Format.eprintf "Failed: %a\n" Scitt.pp_error e
46
+
let run ~clock ~ts_private_key ~ts_public_key ~issuer_key ~issuer_public_key
47
+
~sbom_json =
48
+
(* Create a transparency service with RFC 9162 VDS. *)
49
+
let vds = Scitt.Vds_rfc9162.in_memory () in
50
+
let ts =
51
+
Scitt.Transparency_service.v ~service_id:"my-ts" ~vds
52
+
~algorithm:Cose.Algorithm.ES256
53
+
~sign:(Scitt.Signer.of_key ts_private_key)
54
+
clock
55
+
in
56
+
(* Register a signed statement. *)
57
+
let statement =
58
+
Scitt.Statement.v ~issuer:"did:web:example.com" ~subject:"sha256:abcdef..."
59
+
~content_type:"application/spdx+json" ~payload:sbom_json
60
+
in
61
+
let signed =
62
+
match Scitt.Signed_statement.sign ~key:issuer_key statement with
63
+
| Ok s -> s
64
+
| Error e -> Fmt.failwith "sign: %a" Scitt.pp_error e
65
+
in
66
+
let receipt =
67
+
match
68
+
Scitt.Transparency_service.register ts ~issuer_key:issuer_public_key
69
+
signed
70
+
with
71
+
| Ok r -> r
72
+
| Error e -> Fmt.failwith "register: %a" Scitt.pp_error e
73
+
in
74
+
(* Create and verify a transparent statement. *)
75
+
let transparent = Scitt.Transparent_statement.v signed [ receipt ] in
76
+
match
77
+
Scitt.Transparent_statement.verify
78
+
~ts_keys:(fun ~service_id:_ -> Some ts_public_key)
79
+
~issuer_key:issuer_public_key transparent
80
+
with
81
+
| Ok (stmt, _level, _summary) ->
82
+
Fmt.pr "Verified: %s@." (Scitt.Statement.issuer stmt)
83
+
| Error e -> Fmt.epr "Failed: %a@." Scitt.pp_error e
75
84
```
76
85
77
86
## API Overview