World-class documentation, working examples, and dependency cleanup#195
Open
JeromySt wants to merge 10 commits intousers/jstatia/native_ports_finalfrom
Open
World-class documentation, working examples, and dependency cleanup#195JeromySt wants to merge 10 commits intousers/jstatia/native_ports_finalfrom
JeromySt wants to merge 10 commits intousers/jstatia/native_ports_finalfrom
Conversation
Create README.md for crates that were missing documentation: - primitives/cose/ (cose_primitives): RFC 9052 COSE building blocks - signing/headers/ (cose_sign1_headers): CWT claims and header management - validation/test_utils/ (cose_sign1_validation_test_utils): test helpers - extension_packs/mst/client/ (code_transparency_client): Azure CT REST client Each README follows the established project style with: - Copyright header, crate name, overview, architecture diagram - Modules table, key types with code examples - Memory design notes, dependencies, and cross-references Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ive stack Comprehensive document covering: - Philosophy: parse-once/share-everywhere, lazy parsing, streaming, Cow errors - Core primitives: Arc<[u8]>, ArcSlice, ArcStr, Arc<str>, LazyHeaderMap, CoseData - Operation memory profiles with O() analysis for parse/sign/verify - Cross-layer patterns: Rust → FFI → C → C++ data flow and ownership rules - Structurally required allocations inventory with justification - Allocation review checklist for PR reviews Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…rates Upgrade all 13 FFI crate lib.rs files with standardized module-level documentation including sections for ABI Stability, Panic Safety, Error Handling, Memory Ownership, and Thread Safety. Each crate's description is tailored to its specific functionality. Create 9 missing README.md files for FFI crates (crypto/openssl, headers, validation/core, validation/primitives, certificates, certificates/local, mst, azure_key_vault, did/x509) following the existing README pattern with exported function tables, handle types, build instructions, and links to parent library crates. Also add missing copyright headers to FFI crate lib.rs files that lacked them (validation/core, validation/primitives, certificates, mst, azure_key_vault). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…rust Add three new example programs to the native Rust workspace: - did/x509/examples/did_x509_basics.rs: Demonstrates parsing, building, validating, and resolving DID:x509 identifiers with ephemeral CA + leaf certificate chains created via rcgen. - signing/headers/examples/cwt_claims_basics.rs: Shows CWT claims builder fluent API, CBOR serialization/deserialization roundtrip, header label constants, and minimal SCITT claims patterns. - extension_packs/certificates/examples/certificate_trust_validation.rs: Demonstrates X.509 certificate trust validation pipeline including COSE_Sign1 message construction with x5chain header, trust pack configuration, and custom trust plan building with fluent extensions. All examples compile and run successfully. Each uses only existing dev-dependencies (rcgen, hex, sha2) and produces visible stdout output. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dependency cleanup: - Remove parking_lot (declared but never imported) - Remove azure_security_keyvault_certificates (declared but never imported) - Migrate once_cell::sync::Lazy to std::sync::LazyLock across 7 crates Top-level documentation: - native/README.md — root entry point with quick start for Rust/C/C++ - native/CONTRIBUTING.md — development setup, code style, testing, PR checklist - native/docs/FFI-OWNERSHIP.md — Rust-owns/C-borrows rules with diagrams - native/docs/DEPENDENCY-PHILOSOPHY.md — why each dep exists, minimal footprint Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
JeromySt
force-pushed
the
native_docs_and_examples
branch
from
c66cd2c to
7dc01a3
Compare
- CertificateSigningService::verify_signature: Full COSE_Sign1 signature verification using OpenSSL X.509 public key extraction + EvpVerifier - AKV fetch_certificate: Real Azure Key Vault CertificateClient SDK integration using azure_security_keyvault_certificates v0.11 - AAS ensure_fetched: Full PKCS#7 chain parsing with ASN.1 SEQUENCE scanning to extract embedded X.509 certificates - AAS extract_eku_oids: Direct X.509 EKU extension parsing via x509-parser instead of round-tripping through DID construction - EC curve detection: P-256/P-384/P-521 curve detection from OpenSSL NID for proper ES256/ES384/ES512 algorithm selection - AAS fluent trust policy: Typed Field<T,bool> constants and fluent Where<> extensions for require_ats_identified/require_ats_compliant - AAS FFI trust policy builders: Two new FFI functions for C/C++ trust policy authoring - NullCryptoProvider docs: Reworded from 'stub' to 'Null Object pattern' - Platform fallbacks: Renamed 'stub' comments to 'fallback' for feature-gated non-Windows/non-PFX code paths - Fixed clippy io_other_error lint in factories FFI Zero stubs remaining in production code. All 65 test suites pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add openssl, x509-parser to azure_artifact_signing allowlist entries - Add azure_security_keyvault_certificates to azure_key_vault allowlist - Rewrite test_verify_signature_returns_true with real crypto roundtrip: generate EC P-256 key+cert, sign COSE_Sign1, verify via service - Add test_verify_signature_rejects_tampered_message (negative case) - Add test_verify_signature_invalid_message_returns_error (garbage input) - All 12 certificate signing service tests pass Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace every third-party action with first-party GitHub actions or inline shell commands. Zero third-party actions remain in all workflow files. Replaced: - dorny/paths-filter@v3 → git diff --name-only (dotnet.yml + codeql.yml) - dtolnay/rust-toolchain@stable/nightly → rustup toolchain install - Swatinem/rust-cache@v2 → actions/cache@v4 with explicit paths - tj-actions/github-changelog-generator@v1.19 → GitHub API + jq script (tj-actions had known supply chain compromise incidents) - svenstaro/upload-release-action@v2 → gh release upload - toshimaru/auto-author-assign@v1.6.2 → gh pr edit --add-assignee All remaining 'uses:' are actions/* or github/* (first-party only). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add native pre-release jobs: auto-increment native-v{ver}-preN tags on push to main
- Add native GA release via workflow_dispatch with release_scope input (native/dotnet/both)
- Add native release asset archiving: static libs + headers + C/C++ includes
- Upgrade changelog to cumulative pattern using GitHub generate-notes API
- Add workspace version (0.1.0) to native/rust/Cargo.toml as version source of truth
- Fix signing_key_resolver test to expect correct P-384→ES384 curve detection
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
All P-384 tests now correctly expect ES384 (-35) instead of ES256 (-7), matching the actual curve detection implementation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documentation & Examples Pass
Dependency Cleanup
Top-Level Documentation (4 new files)
Memory Principles (1 new file)
Crate READMEs (4 new files)
FFI Documentation (13 lib.rs upgrades + 9 new READMEs)
Working Rust Examples (3 new examples)
All examples compile and run successfully. Full test suite passes (7,886 tests), clippy clean, rustfmt clean.