microsoft
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎doc/schemas/app_openapi.json‎
Lines changed: 24 additions & 0 deletions b/‎doc/schemas/app_openapi.json‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎include/ccf/historical_queries_utils.h‎
Lines changed: 7 additions & 1 deletion b/‎include/ccf/historical_queries_utils.h‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎samples/apps/logging/logging.cpp‎
Lines changed: 56 additions & 0 deletions b/‎samples/apps/logging/logging.cpp‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎src/crypto/test/cose.cpp‎
Lines changed: 39 additions & 0 deletions b/‎src/crypto/test/cose.cpp‎
Lines changed: 39 additions & 0 deletions
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - In the C++ API, the method `get_txid()` on `ccf::kv::ReadOnlyStore` has been renamed to `current_txid()`. This may affect historical query code which works directly with the returned `StorePtr` (#7477).
 - The C++ API for installing endpoints with local commit handlers has changed. These handlers should now be added to an `Endpoint` with `.set_locally_committed_function(handler)`, and the `make_[read_only_]endpoint_with_local_commit_handler` methods on `EndpointRegistry` have been removed (#7487).
 - The format of CCF's stdout logging has changed. Each line previously tried to align host logs with enclave logs containing a timestamp offset. Since enclave logs no longer exist, this timestamp is never present, so the padding whitespace has been removed (#7491).
+- Introduced `ccf::historical::verify_cose_receipt` to verify COSE CCF receipts against current service identity (#7494).
 
 ## [7.0.0-dev5]
 
 
@@ -1466,6 +1466,30 @@
         }
       }
     },
+    "/app/log/public/verify_cose_receipt": {
+      "get": {
+        "operationId": "GetAppLogPublicVerifyCoseReceipt",
+        "responses": {
+          "204": {
+            "description": "Default response description"
+          },
+          "default": {
+            "$ref": "#/components/responses/default"
+          }
+        },
+        "security": [
+          {
+            "jwt": []
+          },
+          {
+            "user_cose_sign1": []
+          }
+        ],
+        "x-ccf-forwarding": {
+          "$ref": "#/components/x-ccf-forwarding/never"
+        }
+      }
+    },
     "/app/log/request_query": {
       "get": {
         "operationId": "GetAppLogRequestQuery",
 
@@ -40,4 +40,10 @@ namespace ccf::historical
     ccf::kv::ReadOnlyTx& tx,
     ccf::historical::StatePtr& state,
     AbstractStateCache& state_cache);
-}
+
+  // Verifies CCF COSE receipt using the current network identity's certificate.
+  void verify_cose_receipt(
+    const std::vector<uint8_t>& cose_receipt,
+    std::shared_ptr<NetworkIdentitySubsystemInterface>
+      network_identity_subsystem);
+}
@@ -2162,6 +2162,62 @@ namespace loggingapp
         .set_forwarding_required(ccf::endpoints::ForwardingRequired::Never)
         .install();
 
+      auto verify_cose_receipt =
+        [&](ccf::endpoints::ReadOnlyEndpointContext& ctx) {
+          const auto* const expected =
+            ccf::http::headervalues::contenttype::COSE;
+          const auto actual =
+            ctx.rpc_ctx->get_request_header(ccf::http::headers::CONTENT_TYPE)
+              .value_or("");
+          if (expected != actual)
+          {
+            ctx.rpc_ctx->set_error(
+              HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE,
+              ccf::errors::InvalidHeaderValue,
+              fmt::format(
+                "Expected content-type '{}'. Got '{}'.", expected, actual));
+            return;
+          }
+
+          const std::vector<uint8_t>& receipt = ctx.rpc_ctx->get_request_body();
+
+          auto network_identity_subsystem =
+            context.get_subsystem<ccf::NetworkIdentitySubsystemInterface>();
+          if (network_identity_subsystem == nullptr)
+          {
+            ctx.rpc_ctx->set_error(
+              HTTP_STATUS_INTERNAL_SERVER_ERROR,
+              ccf::errors::InternalError,
+              "Network identity subsystem not available");
+            return;
+          }
+
+          try
+          {
+            ccf::historical::verify_cose_receipt(
+              receipt, network_identity_subsystem);
+          }
+          catch (const std::exception& e)
+          {
+            ctx.rpc_ctx->set_error(
+              HTTP_STATUS_BAD_REQUEST,
+              ccf::errors::InvalidInput,
+              fmt::format("COSE receipt verification failed: {}", e.what()));
+            return;
+          }
+
+          ctx.rpc_ctx->set_response_status(HTTP_STATUS_OK);
+        };
+
+      make_read_only_endpoint(
+        "/log/public/verify_cose_receipt",
+        HTTP_GET,
+        verify_cose_receipt,
+        auth_policies)
+        .set_auto_schema<void, void>()
+        .set_forwarding_required(ccf::endpoints::ForwardingRequired::Never)
+        .install();
+
       auto get_cose_signatures_config =
         [&](ccf::endpoints::ReadOnlyEndpointContext& ctx) {
           auto subsystem =
 
@@ -3,8 +3,10 @@
 #define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN
 #include "ccf/crypto/cose.h"
 
+#include "ccf/ds/hex.h"
 #include "crypto/openssl/cose_sign.h"
 #include "crypto/openssl/cose_verifier.h"
+#include "node/cose_common.h"
 
 #include <cstdint>
 #include <doctest/doctest.h>
@@ -274,4 +276,41 @@ TEST_CASE("Check unprotected header")
       err = QCBORDecode_Finish(&ctx);
     }
   }
+}
+
+TEST_CASE("Decode CCF COSE receipt")
+{
+  const std::string receipt_hex =
+    "d284588ca50138220458403464393230653531646339303636373336653433333738636131"
+    "34323863656165306435343335326634306535316232306564633863366237633536316430"
+    "3519018b020fa3061a692875730173736572766963652e6578616d706c652e636f6d02706c"
+    "65646765722e7369676e6174757265666363662e7631a1647478696464322e3137a119018c"
+    "a1208158b7a201835820e2a97fad0c69119d6e216158b762b19277a579d7a89047d98aa37f"
+    "152f194a92784863653a322e31363a38633765646230386135323963613237326166623062"
+    "31653664613939306233636137336665313064336535663462356633663231613561346638"
+    "37663637635820000000000000000000000000000000000000000000000000000000000000"
+    "0000028182f55820d774c9dfeec96478a0797f8ce3d78464767833d052fb78d72b2b8eeda5"
+    "21215af658604568ff2c93350fa181bf02186b26d3f04728a61fd2ef2c9388a55268ed8bf7"
+    "88a6bd06bfa195c78676bebeef5560a87980e8dd13725a87ef0b00ac0b78ff07ab7eb4646a"
+    "4a54b421456d14e90b7dea1f0b32044bf93116d85ef0834f493681d5";
+
+  const auto receipt_bytes = ccf::ds::from_hex(receipt_hex);
+
+  auto receipt =
+    ccf::cose::decode_ccf_receipt(receipt_bytes, /*recompute_root*/ true);
+
+  REQUIRE(receipt.phdr.alg == -35);
+  REQUIRE(
+    ccf::ds::to_hex(receipt.phdr.kid) ==
+    "34643932306535316463393036363733366534333337386361313432386365616530643534"
+    "333532663430653531623230656463386336623763353631643035");
+  REQUIRE(receipt.phdr.cwt.iat == 1764259187);
+  REQUIRE(receipt.phdr.cwt.iss == "service.example.com");
+  REQUIRE(receipt.phdr.cwt.sub == "ledger.signature");
+  REQUIRE(receipt.phdr.ccf.txid == "2.17");
+  REQUIRE(receipt.phdr.vds == 2);
+
+  REQUIRE(
+    ccf::ds::to_hex(receipt.merkle_root) ==
+    "209f5aefb0f45d7647c917337044c44a1b848fe833fa2869d016bea797d79a9e");
 }