Skip to content
docsv0.1.0

StateSignerInterface

Signs and verifies an opaque payload string, independent of what that payload contains — the tamper-evidence primitive underneath {@see \Milpa\Live\Contracts\Transport\StateTransferCodecInterface} and {@see \Milpa\Live\Contracts\Sync\SyncCodecInterface} signed variants. Callers embed domain claims (component id, kind, revision, ...) in `$claims`/`$requiredClaims` so a signature valid for one payload/claim set cannot be replayed against another.

StateSignerInterface::sign()

abstract public function sign(string $payload, array $claims = []): Milpa\Live\ValueObjects\StateSignature

Signs `$payload`, binding `$claims` into the signature so {@see verify()} can later confirm both the payload and the claims are unmodified and intact.

Parameters

Parameters of sign()
NameTypeDescription
$payloadstring
$claimsarray<string, mixed>Domain data to bind into the signature (e.g. component id, kind).

StateSignerInterface::verify()

abstract public function verify(string $payload, Milpa\Live\ValueObjects\StateSignature $signature, array $requiredClaims = []): bool

Verifies that `$signature` was produced by {@see sign()} for this exact `$payload`, has not expired, and — if `$requiredClaims` is given — that every required claim is present in the signature with a matching value. MUST NOT throw on an invalid signature; failure is reported via the boolean return.

Parameters

Parameters of verify()
NameTypeDescription
$payloadstring
$signatureMilpa\Live\ValueObjects\StateSignature
$requiredClaimsarray<string, mixed>Claims that MUST be present (and match) in `$signature` for verification to succeed; an empty array checks only the cryptographic signature and expiry.