;; title: stx-deed-trust
;; version:
;; summary:
;; description:
;; Document Authentication Registry Smart Contract
;;
;; A comprehensive blockchain-based document verification platform that enables secure registration,
;; authentication, and management of digital documents with cryptographic integrity guarantees.
;; Features include multi-party verification workflows, granular access controls, version tracking,
;; and immutable audit trails for complete document lifecycle management.
;; Error constants for contract operations
(define-constant ERR-UNAUTHORIZED-ACCESS (err u100))
(define-constant ERR-DOCUMENT-ALREADY-EXISTS (err u101))
(define-constant ERR-DOCUMENT-NOT-FOUND (err u102))
(define-constant ERR-VERIFICATION-ALREADY-COMPLETED (err u103))
(define-constant ERR-INVALID-DOCUMENT-ID (err u104))
(define-constant ERR-INVALID-HASH-FORMAT (err u105))
(define-constant ERR-INVALID-METADATA (err u106))
(define-constant ERR-INVALID-VERIFIER-ADDRESS (err u107))
(define-constant ERR-INVALID-PARAMETERS (err u108))
(define-constant ERR-INSUFFICIENT-PERMISSIONS (err u109))
(define-constant ERR-NULL-VALUE-ERROR (err u110))
;; Document verification status constants
(define-constant verification-status-pending "PENDING_REVIEW")
(define-constant verification-status-verified "VERIFIED")
(define-constant verification-status-rejected "REJECTED")
;; Validation constraints for data integrity
(define-constant required-hash-byte-length u32)
(define-constant maximum-metadata-character-limit u256)
;; Primary document record structure template
(define-data-var document-record-template
{
original-registrant: principal,
content-hash: (buff 32),
registration-timestamp: uint,
verification-status: (string-ascii 20),
assigned-verifier: (optional principal),
descriptive-metadata: (string-utf8 256),
revision-number: uint,
modification-locked: bool
}
{
original-registrant: tx-sender,
content-hash: 0x0000000000000000000000000000000000000000000000000000000000000000,
registration-timestamp: u0,
verification-status: verification-status-pending,
assigned-verifier: none,
descriptive-metadata: u"",
revision-number: u0,
modification-locked: false
}
)
;; Main registry for storing authenticated documents
(define-map document-authentication-registry
{ document-identifier: (buff 32) }
{
original-registrant: principal,
content-hash: (buff 32),
registration-timestamp: uint,
verification-status: (string-ascii 20),
assigned-verifier: (optional principal),
descriptive-metadata: (string-utf8 256),
revision-number: uint,
modification-locked: bool
}
)
;; Access control matrix for verifier permissions
(define-map verifier-permission-registry
{ document-identifier: (buff 32), verifier-principal: principal }
{ read-access-granted: bool, verification-authority-granted: bool }
)
;; Utility function to validate hash buffer length
(define-private (is-valid-hash-length (hash-buffer (buff 32)))
(is-eq (len hash-buffer) required-hash-byte-length))
;; Utility function to validate metadata string constraints
(define-private (is-valid-metadata-format (metadata-content (string-utf8 256)))
(and
(<= (len metadata-content) maximum-metadata-character-limit)
(> (len metadata-content) u0)))
;; Utility function to validate principal addresses
;; Comprehensive document identifier validation
(define-private (validate-document-identifier (document-id (buff 32)))
(if (is-valid-hash-length document-id)
(ok document-id)
ERR-INVALID-DOCUMENT-ID))
;; Comprehensive content hash validation
(define-private (validate-content-hash (hash-value (buff 32)))
(if (is-valid-hash-length hash-value)
(ok hash-value)
ERR-INVALID-HASH-FORMAT))
;; Comprehensive metadata validation
(define-private (validate-metadata-content (metadata-string (string-utf8 256)))
(if (is-valid-metadata-format metadata-string)
(ok metadata-string)
ERR-INVALID-METADATA))
;; Enhanced document identifier validation with assertions
(define-private (perform-document-id-validation (document-id (buff 32)))
(begin
(asserts! (is-valid-hash-length document-id) ERR-INVALID-DOCUMENT-ID)
(validate-document-identifier document-id)))
;; Enhanced metadata validation with assertions
(define-private (perform-metadata-validation (metadata-input (string-utf8 256)))
(begin
(asserts! (is-valid-metadata-format metadata-input) ERR-INVALID-METADATA)
(validate-metadata-content metadata-input)))
;; Secure document record retrieval function
(define-private (get-document-record (document-id (buff 32)))
(begin
(asserts! (is-valid-hash-length document-id) ERR-INVALID-DOCUMENT-ID)
(let ((validation-result (validate-document-identifier document-id)))
(match validation-result
validated-id
(match (map-get? document-authentication-registry { document-identifier: validated-id })
document-record (ok document-record)
ERR-DOCUMENT-NOT-FOUND)
validation-error (err validation-error)))))
;; Document ownership verification function
(define-private (confirm-document-ownership (document-id (buff 32)) (requesting-user principal))
(match (get-document-record document-id)
document-record
(ok (is-eq (get original-registrant document-record) requesting-user))
error-response (err error-response)))
;; Read-only function to retrieve document information
(define-read-only (get-document-details (document-id (buff 32)))
(begin
(asserts! (is-valid-hash-length document-id) ERR-INVALID-DOCUMENT-ID)
(get-document-record document-id)))
;; Read-only function to check verifier authorization status
;; Read-only function to verify if document exists in registry
(define-read-only (check-document-exists (document-id (buff 32)))
(begin
(asserts! (is-valid-hash-length document-id) ERR-INVALID-DOCUMENT-ID)
(ok (is-some (map-get? document-authentication-registry { document-identifier: document-id })))))
;; Public function to register new document in authentication registry
(define-public (register-new-document
(document-identifier (buff 32))
(document-hash (buff 32))
(metadata-description (string-utf8 256)))
(begin
(asserts! (is-valid-hash-length document-identifier) ERR-INVALID-DOCUMENT-ID)
(asserts! (is-valid-hash-length document-hash) ERR-INVALID-HASH-FORMAT)
(asserts! (is-valid-metadata-format metadata-description) ERR-INVALID-METADATA)
(let ((id-validation-result (perform-document-id-validation document-identifier))
(hash-validation-result (validate-content-hash document-hash))
(metadata-validation-result (perform-metadata-validation metadata-description)))
(match id-validation-result
validated-document-id
(match hash-validation-result
validated-content-hash
(match metadata-validation-result
validated-metadata
(match (map-get? document-authentication-registry { document-identifier: validated-document-id })
existing-document ERR-DOCUMENT-ALREADY-EXISTS
(ok (map-set document-authentication-registry
{ document-identifier: validated-document-id }
{
original-registrant: tx-sender,
content-hash: validated-content-hash,
registration-timestamp: stacks-block-height,
verification-status: verification-status-pending,
assigned-verifier: none,
descriptive-metadata: validated-metadata,
revision-number: u1,
modification-locked: false
})))
validation-error (err validation-error))
validation-error (err validation-error))
validation-error (err validation-error)))))
;; Public function to update existing document version
(define-public (update-document-revision
(document-identifier (buff 32))
(new-document-hash (buff 32))
(updated-metadata (string-utf8 256)))
(begin
(asserts! (is-valid-hash-length document-identifier) ERR-INVALID-DOCUMENT-ID)
(asserts! (is-valid-hash-length new-document-hash) ERR-INVALID-HASH-FORMAT)
(asserts! (is-valid-metadata-format updated-metadata) ERR-INVALID-METADATA)
(let ((id-validation-result (perform-document-id-validation document-identifier))
(hash-validation-result (validate-content-hash new-document-hash))
(metadata-validation-result (perform-metadata-validation updated-metadata)))
(match id-validation-result
validated-document-id
(begin
(asserts! (is-some (map-get? document-authentication-registry { document-identifier: validated-document-id })) ERR-DOCUMENT-NOT-FOUND)
(let ((current-document-record (unwrap-panic (map-get? document-authentication-registry { document-identifier: validated-document-id }))))
(match hash-validation-result
validated-new-hash
(match metadata-validation-result
validated-updated-metadata
(begin
(asserts! (is-eq (get original-registrant current-document-record) tx-sender) ERR-UNAUTHORIZED-ACCESS)
(asserts! (not (get modification-locked current-document-record)) ERR-VERIFICATION-ALREADY-COMPLETED)
(ok (map-set document-authentication-registry
{ document-identifier: validated-document-id }
(merge current-document-record
{
content-hash: validated-new-hash,
descriptive-metadata: validated-updated-metadata,
registration-timestamp: stacks-block-height,
revision-number: (+ (get revision-number current-document-record) u1),
verification-status: verification-status-pending,
modification-locked: false
}))))
validation-error (err validation-error))
validation-error (err validation-error))))
validation-error (err validation-error)))))