feat(xmldsig): write x509 signing key info#81
Conversation
- Add signing KeyInfoWriter and X509 certificate writer - Populate direct Signature/KeyInfo placeholders during signing - Verify embedded certificate KeyInfo through DefaultKeyResolver Closes #80
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
📝 WalkthroughSummary by CodeRabbit
WalkthroughXMLDSig signing now optionally embeds X.509 certificates in ChangesXMLDSig KeyInfo signing
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant SignContext
participant X509CertificateKeyInfoWriter
participant fill_key_info
participant DefaultKeyResolver
SignContext->>X509CertificateKeyInfoWriter: Generate embedded X.509 KeyInfo
SignContext->>fill_key_info: Populate latest Signature KeyInfo
fill_key_info-->>SignContext: Return signed XML
DefaultKeyResolver->>SignContext: Resolve verification key from certificate
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
| Filename | Overview |
|---|---|
| src/xmldsig/mutation.rs | Scopes signing placeholder mutation to the latest XMLDSig signature and adds direct KeyInfo filling. |
| src/xmldsig/sign.rs | Adds the KeyInfo writer API, X.509 certificate embedding, certificate/key matching, and latest-signature signing selection. |
| src/xmldsig/mod.rs | Re-exports the new KeyInfo writer types and errors. |
| Cargo.toml | Updates the p521 dependency requirement to stable 0.14. |
| tests/signing_digest.rs | Adds signing tests for embedded X.509 KeyInfo, certificate/key mismatch rejection, and existing-signature handling. |
Reviews (2): Last reviewed commit: "fix(xmldsig): harden signing key info wr..." | Re-trigger Greptile
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@tests/signing_digest.rs`:
- Around line 266-302: The signing tests cover a missing direct KeyInfo
placeholder but not duplicate placeholders. Add a test alongside
key_info_writer_requires_direct_template_placeholder that signs a template
containing two direct ds:KeyInfo elements and asserts SigningError::XmlMutation
with ValueCountMismatch { element: "KeyInfo", expected: 2, actual: 1 }.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 1b514777-04c7-48b3-9540-04e6fffc3fc1
📒 Files selected for processing (6)
Cargo.tomlREADME.mdsrc/xmldsig/mod.rssrc/xmldsig/mutation.rssrc/xmldsig/sign.rstests/signing_digest.rs
|
@coderabbitai review |
✅ Action performedReview finished.
|
Summary
Testing
Closes #80