Skip to content

FIWARE/data_integrity

BranchesTags

Repository files navigation

🔐 NGSI-LD JSON-LD Data Integrity

Rust Axum OpenAPI License

This project is a Rust-based microservice that signs and verifies ETSI NGSI-LD entity payloads using Ed25519 digital signatures in compliance with ETSI NGSI-LD API cross-cutting Context Information Management (CIM); handling of provenance information in NGSI-LD.

📦 Features

  • /info – Service metadata
  • /config – Define per-entity signing rules
  • /sign – Apply per-entity signing logic
  • /verify – Field-level signature validation
  • Auto-generated OpenAPI YAML (doc/openapi.yaml)
  • Fallback for undefined endpoints (405, structured error)
  • 🚀 Docker-ready

3577 cargo run -p mock_server 3578 cargo run -p sign 3579 cargo run -p signer

RUST_LOG=info cargo run -p signer

📘 Project Structure

src/
├── main.rs          # App entrypoint
├── handlers/
│   ├── sign.rs      # /sign logic
│   ├── verify.rs    # /verify logic
│   ├── config.rs    # /config logic
│   └── version.rs   # /info logic
├── openapi.rs       # Utoipa-based OpenAPI generator
build.rs             # Auto-generates doc/openapi.yaml

🛠 API Endpoints

GET /info

Returns service version and uptime.

{
  "version": "0.1.0",
  "repository": "https://github.com/flopezag/data_integrity",
  "uptime_seconds": 123
}

POST /config

Store signing rules per entity type.

{
  "entity_type": "Store",
  "properties_to_sign": ["address"]
}

Empty properties_to_sign → sign all object properties.

POST /sign

Signs a JSON-LD NGSI-LD entity using the configured rules.

Example request:

{
  "id": "urn:ngsi-ld:Store:002",
  "type": "Store",
  "address": { "type": "Property", "value": { "city": "Rome" } },
  "location": { "type": "GeoProperty", "value": { "type": "Point", "coordinates": [10, 10] } },
  "@context": "https://uri.etsi.org/ngsi-ld/primer/store-context.jsonld"
}

Received JSON payload:
{
  "id": "urn:ngsi-ld:Notification:b99f41be-5023-11f0-b732-e6ff9c082ab3",
  "type": "Notification",
  "notifiedAt": "2025-06-23T11:18:01.677Z",
  "subscriptionId": "urn:ngsi-ld:Subscription:abf76686-5023-11f0-905d-e6ff9c082ab3",
  "data": [
    {
      "id": "urn:ngsi-ld:EntityType:E1",
      "type": "EntityType",
      "A1": {
        "type": "Property",
        "value": "@none"
      },
      "A2": {
        "type": "Property",
        "value": "@none"
      }
    }
  ]
}
---

### `POST /verify`

Verify each signed field in a document.

Response:

```json
{
  "results": {
    "address": "true",
    "location": "na"
  }
}
  • "true": proof valid
  • "false": proof invalid
  • "na": no proof found

🔁 Fallback Handler

{
  "error": "Endpoint not implemented"
}

Returned for any unsupported route or method (status: 405).

📚 OpenAPI + Swagger

Auto-generate YAML

cargo build
# -> Generates ./doc/openapi.yaml

Swagger UI (Optional)

Uncomment Swagger lines in main.rs to activate:

http://localhost:3000/docs

🐳 Docker Usage

Build image

docker build -t ngsild-signer .

Run container

docker run -p 3000:3000 ngsild-signer

You can now call:

http://localhost:3000/info
http://localhost:3000/sign

🧪 Run Tests

cargo test

Includes tests for:

  • Config-based signing logic
  • 405 fallback behavior
  • Signature injection
  • Signature verification

🔮 Roadmap

Take a look to the file ROADMAP.md

📘 License

Apache 2.0 © 2025 — Built to support ETSI NGSI-LD and JSON-LD DataIntegrityProof

About

Service to manage the Data Integrity as it is defined in ETSI NGSI-LD security group

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages