feat(xmldsig): resolve RSAKeyValue keys#68
Conversation
- parse bounded Modulus and Exponent CryptoBinary values - construct validated RSA SPKI keys for verification - cover malformed, weak, and incompatible key parameters Closes #67
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📝 WalkthroughSummary by CodeRabbit
WalkthroughAdds structured RSAKeyValue parsing with bounded XML base64 decoding, resolves decoded RSA key material into verification keys, and updates verification tests, donor-suite handling, and README status text. ChangesRSAKeyValue Parsing and Key Resolution
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/xmldsig/parse.rs`:
- Around line 592-606: The length check in the XML base64 parsing path is
happening after `normalize_xml_base64_text` has already appended the full child
text into `cleaned`, so oversized `<Modulus>`/`<Exponent>` nodes can still drive
large allocations. Update the `parse.rs` base64 normalization flow around
`normalize_xml_base64_text` and `cleaned` so the maximum decoded length is
enforced during accumulation, rejecting input before `cleaned` grows past
`max_base64_len` while preserving the existing XML-whitespace normalization
behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 4faf5dcd-520d-4314-b3d6-e30f2bd15185
📒 Files selected for processing (4)
README.mdsrc/xmldsig/keys.rssrc/xmldsig/parse.rstests/donor_full_verification_suite.rs
Summary
RSAKeyValuemodulus and exponent CryptoBinary parameters.DefaultKeyResolver.Security behavior
ModulusandExponentchildren in the XMLDSig namespace.Testing
cargo check --workspacecargo clippy --all-targets --all-features -- -D warningscargo nextest run --workspace(473/473)cargo test --doc --workspace(3/3)cargo build --workspace --all-featuresCloses #67