test(xmldsig): add donor full verification suite accounting

[polaz]

Summary

• implement P1-025 donor full verification suite with deterministic pass/fail/skip accounting
• migrate XMLDSig crypto backend from ring to RustCrypto (rsa + p256/p384/p521 + sha1/sha2)
• add Aleksey P-521 (ecdsa-sha384) donor coverage with explicit interop validation rules and exact skip inventory assertions
• track Merlin donor vectors as explicit expected skips with concrete reasons

Testing

• cargo fmt -- --check
• cargo clippy --all-targets -- -D warnings
• cargo nextest run --all-features
• cargo build

Closes #40

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d882ad55-82ef-4e71-abd1-0218a47e2380

📥 Commits

Reviewing files that changed from the base of the PR and between 68fa067 and 1b6631e.

📒 Files selected for processing (2)

• Cargo.toml
• tests/donor_full_verification_suite.rs

---

📝 Walkthrough

Summary by CodeRabbit

• Tests

  • Added a donor full XML signature verification suite (verifies 6 passing cases and records 8 skipped cases) and updated a smoke test’s fixture counts.
  • Added 7 new XML signature fixtures covering DSA, RSA and multiple X.509 variants.

• Chores

  • Updated cryptographic dependency and implementation wiring to new crypto components for signature and digest handling.

Walkthrough

Adds a donor XMLDSig integration test tracking pass/fail/skip counts, introduces seven Merlin donor XMLDSig fixtures, updates fixture inventory expectations, replaces the ring crypto backend with RustCrypto crates, and reimplements digest and signature verification to use the new primitives and formats.

Changes

Cohort / File(s)	Summary
Integration test tests/donor_full_verification_suite.rs	Adds donor_full_verification_suite_tracks_pass_fail_skip_counts that enumerates donor vectors, runs verification (PEM and probe paths), and asserts exact passed/failed/skipped counts and ordered skip reasons.
Merlin donor fixtures tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/... signature-enveloped-dsa.xml, signature-enveloping-rsa.xml, signature-x509-crt-crl.xml, signature-x509-crt.xml, signature-x509-is.xml, signature-x509-ski.xml, signature-x509-sn.xml	Adds seven XMLDSig fixtures (enveloped/enveloping, DSA/RSA, X.509 variants) used by the new donor test.
Fixture inventory test tests/fixtures_smoke.rs	Updates expected fixture totals and embedded message text to reflect added fixtures (total count updated to 77; donor xmldsig count updated).
Cargo dependency changes Cargo.toml	Removes ring; adds optional RustCrypto-style crates (rsa, sha1, sha2, p256, p384, p521, signature, subtle, optional x509-parser/der) and wires them into xmldsig feature.
Digest implementation src/xmldsig/digest.rs	Replaces ring hashing with RustCrypto (sha1, sha2) and swaps ring constant-time equality for subtle::ConstantTimeEq.
Signature verification src/xmldsig/signature.rs	Reimplements RSA and ECDSA verification via RustCrypto: SPKI parsing, RSA PKCS#1 v1.5 verification per-hash, modulus-bit checks, curve-specific ECDSA (p256/p384/p521) handling, and DER vs fixed-width signature interpretation.
Test helpers / ECDSA tests tests/c14n_golden.rs, tests/ecdsa_signature_integration.rs	Switches SHA-1 test helper to sha1 crate; replaces ring P-384 signing with p384 signing primitives and emits raw/DER bytes as required by tests.
Docs/comments src/xmldsig/parse.rs	Doc-only clarification for SignatureAlgorithm::EcdsaP384Sha384.

Sequence Diagram(s)

sequenceDiagram
    participant Test Runner
    participant Fixture
    participant Verify Pipeline
    participant RustCrypto
    Test Runner->>Fixture: load XML vector (+ optional PEM)
    Test Runner->>Verify Pipeline: verify_signature_with_pem_key(xml, key) / VerifyContext::verify(xml)
    Verify Pipeline->>Fixture: parse SignedInfo / References / KeyInfo
    Verify Pipeline->>RustCrypto: compute digest (SHA-1/SHA-2)
    Verify Pipeline->>RustCrypto: parse SPKI / prepare verifying key
    Verify Pipeline->>RustCrypto: verify signature (RSA PKCS#1 v1.5 or ECDSA)
    RustCrypto-->>Verify Pipeline: verification result / parse errors
    Verify Pipeline-->>Test Runner: Ok(Valid)/Ok(Invalid(reason))/Err(Unsupported)
    Test Runner->>Test Runner: increment passed/failed/skipped and record diagnostics

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• #40 — test(xmldsig): implement P1-025 donor full verification suite — This PR implements the donor full verification test and Merlin vectors that match the issue objectives.
• structured-world/xml-sec#39 — Adds donor full verification vectors and deterministic test accounting consistent with that issue's scope.

Possibly related PRs

• structured-world/xml-sec#34 — Related: interacts with VerifyContext/VerifyResult model and status-based outcomes used by the new integration test.
• structured-world/xml-sec#27 — Related: overlaps on ECDSA verification logic, curve handling, and signature format processing.
• structured-world/xml-sec#22 — Related: overlaps on RSA verification changes and PKCS#1 v1.5 verification implementation.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'test(xmldsig): add donor full verification suite accounting' directly summarizes the main change—implementing P1-025 donor full verification suite with deterministic pass/fail/skip accounting for XMLDSig.
Description check	✅ Passed	The description clearly covers the changeset: implementing P1-025 donor full verification suite, migrating from ring to RustCrypto, adding Aleksey P-521 coverage, and tracking Merlin vectors as expected skips.
Linked Issues check	✅ Passed	The PR fulfills all acceptance criteria from issue #40: deterministic pass/fail/skip accounting test, Aleksey RSA-SHA* and ECDSA-SHA* vectors passing, Merlin vectors with explicit skip reasons, and build/test/lint commands passing.
Out of Scope Changes check	✅ Passed	All changes are in scope: test fixtures, test implementations, crypto dependency migration (ring→RustCrypto) supporting the verification suite, and documentation updates necessary for the full verification suite implementation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/#40-p1-025-donor-verification-suite

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds an integration test suite for ROADMAP task P1-025 to run end-to-end XMLDSig verification against donor vectors while tracking deterministic pass/fail/skip accounting.

Changes:

• Introduces a new integration test enumerating donor vector cases with expected outcomes (valid vs explicit skip).
• Runs supported Aleksey RSA/ECDSA vectors through xmldsig::verify_signature_with_pem_key and asserts overall validity.
• Records skip reasons for deferred Merlin vectors and asserts expected pass/skip counts.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/donor_full_verification_suite.rs`:
- Around line 137-139: The test eagerly calls read_fixture before matching on
case.expectation, causing Skip cases to attempt filesystem reads; move the
read_fixture call inside the match so only the ValidWithKey (or other variants
that actually need the fixture) arm(s) call read_fixture. Specifically, in the
loop over cases() defer calling read_fixture(&root.join(case.xml_path)) until
inside the match for Expectation::ValidWithKey (and any other expectation
variants that require the XML), leaving Skip arms to avoid filesystem access and
simply count as skipped.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a2c9b5fc-5390-4910-af75-81205b2b3a8a

📥 Commits

Reviewing files that changed from the base of the PR and between 561d6fd and 272381b.

📒 Files selected for processing (1)

• tests/donor_full_verification_suite.rs

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/donor_full_verification_suite.rs`:
- Around line 163-167: The test assertion uses assert!(failed.is_empty(), ...)
which should be replaced with assert_eq!(failed.len(), 0, ...) to provide
structured failure output; update the assertion referencing the failed variable
(the existing assert block that prints failed.join("\n")) to use
assert_eq!(failed.len(), 0, "donor full verification suite had failures:\n{}",
failed.join("\n")) so failure counts and messages are clearer.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 275bf27e-5f2c-4941-a1a9-d011af2d416b

📥 Commits

Reviewing files that changed from the base of the PR and between 272381b and 0dd410f.

📒 Files selected for processing (1)

• tests/donor_full_verification_suite.rs

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/donor_full_verification_suite.rs`:
- Around line 16-20: The VectorCase struct's xml_path field should be changed
from Option<&'static str> to &'static str to enforce the invariant at compile
time; update the struct definition (VectorCase { xml_path: &'static str, ... }),
adjust every VectorCase construction to supply the fixture string instead of
Some(...), and remove any runtime .expect(...) / match arms that handle None
(use xml_path directly in the test loop and in helper calls like the XML-loading
logic). Also update other places that referenced xml_path as Option (e.g., where
instances are created around the other noted cases) so they pass plain &'static
str values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: dfd8e466-5690-48a1-9ce6-295af073a94a

📥 Commits

Reviewing files that changed from the base of the PR and between 75f07d0 and ba269ff.

📒 Files selected for processing (9)

• tests/donor_full_verification_suite.rs
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-crt.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-is.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-ski.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-sn.xml
• tests/fixtures_smoke.rs

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/donor_full_verification_suite.rs`:
- Around line 164-166: Replace the loose length-only check for skipped entries
with an exact comparison: build an expected_skipped Vec (or slice) of the exact
"case.name: reason" strings you expect and assert equality against the collected
skipped Vec (or, if ordering is not stable, sort both before comparing); update
the code that pushes format!("{}: {}", case.name, reason) in the
Expectation::Skip arm (symbols: Expectation::Skip, skipped, case.name, reason,
read_fixture) and replace the later skipped.len() assertion with
assert_eq!(skipped, expected_skipped) (or assert_eq!(sorted_skipped,
sorted_expected_skipped)) so failures show the concrete missing/extra entries
and reasons; apply the same change to the other occurrence referenced around the
later block.
- Around line 70-74: The test entry currently marks the vector
"aleksey-ecdsa-p521-sha384" as Expectation::Skip which incorrectly removes it
from the pass set; change that Expectation to include the vector in the passing
set (e.g., replace Expectation::Skip { ... } with Expectation::ValidWithKey {
... } or the appropriate passing variant used in this suite) so the Aleksey
P-521 ECDSA-SHA384 fixture is exercised and counted as passed, and if you
instead intend to narrow Aleksey coverage, update the suite’s claimed
coverage/summary to exclude P-521 rather than leaving the specific name skipped;
locate the entry by the name "aleksey-ecdsa-p521-sha384" and the
Expectation::Skip construct to apply the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 81b4231c-235e-4c0f-8e93-15e1bc19c751

📥 Commits

Reviewing files that changed from the base of the PR and between 75f07d0 and bff2b95.

📒 Files selected for processing (9)

• tests/donor_full_verification_suite.rs
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-crt.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-is.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-ski.xml
• tests/fixtures/xmldsig/merlin-xmldsig-twenty-three/signature-x509-sn.xml
• tests/fixtures_smoke.rs

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.

[polaz]

@coderabbitai re-review

[coderabbitai]

@polaz: Sure! Kicking off a full re-review of PR #41 now.

---

🧠 Learnings used

Learnt from: polaz
Repo: structured-world/xml-sec PR: 0
File: :0-0
Timestamp: 2026-03-28T15:50:07.840Z
Learning: In `src/xmldsig/verify.rs` (xml-sec Rust project), `push_normalized_signature_text` strips only the four XML whitespace characters (space 0x20, tab 0x09, CR 0x0D, LF 0x0A) from `SignatureValue` text before base64 decoding, and explicitly rejects any other ASCII whitespace (e.g., form feed 0x0C, vertical tab 0x0B) as `SignatureVerificationPipelineError::SignatureValueBase64(base64::DecodeError::InvalidByte(...))`. The regression test `push_normalized_signature_text_rejects_form_feed` covers the form-feed boundary case.

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 0
File: :0-0
Timestamp: 2026-03-28T18:51:49.919Z
Learning: In `src/xmldsig/parse.rs` (xml-sec Rust project), the private function `n` (formerly `base64_decode_digest`) strips only the four XML whitespace characters (space 0x20, tab 0x09, CR 0x0D, LF 0x0A) from `DigestValue` base64 text before decoding, and returns `ParseError::Base64(format!("invalid XML whitespace U+{:04X} ...", ...))` for any other `is_ascii_whitespace()` character (e.g. form feed 0x0C). Regression tests `n_accepts_xml_whitespace_chars` and `n_rejects_non_xml_ascii_whitespace` cover these cases.

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 16
File: tests/fixtures_smoke.rs:104-104
Timestamp: 2026-03-17T15:17:20.125Z
Learning: In structured-world/xml-sec (Rust), `expect()` on `fs::read_to_string()` and other I/O calls is acceptable and idiomatic inside `#[test]` functions. The Tier 2 rule (use `Result` propagation instead of `expect()` on I/O paths) applies only to production code paths, not test code. Repo instructions (line 51) state: "Test code style: Tests prioritize readability and explicitness over DRY."

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 32
File: src/xmldsig/verify.rs:34-51
Timestamp: 2026-03-28T22:00:29.444Z
Learning: In `src/xmldsig/verify.rs` (xml-sec Rust project), the `VerifyingKey` and `KeyResolver` public traits intentionally omit `Send + Sync` supertraits to preserve lightweight single-threaded implementations. The single-threaded-only constraint is documented on both trait definitions. Do not flag the absence of `Send + Sync` on these traits as a review issue.

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 41
File: tests/donor_full_verification_suite.rs:164-168
Timestamp: 2026-04-03T14:47:20.446Z
Learning: In `tests/donor_full_verification_suite.rs` (xml-sec, Rust), using `let _ = read_fixture(...)` to intentionally discard a `String` return value triggers `clippy::let_underscore_drop` under `-D warnings`, because `String` has a non-trivial `Drop` impl. The correct idiom is a plain statement call (e.g., `read_fixture(&root.join(case.xml_path));`) with an inline comment to document intent. Do not suggest `let _ = expr` for types with meaningful `Drop` implementations in this codebase.

---

Learnt from: CR
Repo: structured-world/xml-sec PR: 0
File: .github/instructions/code-review.instructions.md:0-0
Timestamp: 2026-03-17T12:12:07.790Z
Learning: Applies to **/*.rs : Corruption/validation tests: tamper the relevant field (e.g., digest value, signature bytes, base64 encoding) and assert the error

---

Learnt from: CR
Repo: structured-world/xml-sec PR: 0
File: .github/instructions/rust.instructions.md:0-0
Timestamp: 2026-03-17T12:12:28.146Z
Learning: Applies to **/*.rs : Tier 1 - Flag logic bugs: checksum/hash mismatches (computing over wrong byte range, verifying against stale value)

---

Learnt from: CR
Repo: structured-world/xml-sec PR: 0
File: .github/instructions/rust.instructions.md:0-0
Timestamp: 2026-03-17T12:12:28.146Z
Learning: Applies to **/*.rs : Tier 1 - Flag logic bugs: data corruption (wrong algorithm, incorrect ordering, dropped or duplicated data)

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 0
File: :0-0
Timestamp: 2026-03-28T20:47:05.798Z
Learning: In `src/xmldsig/verify.rs` (xml-sec Rust project), the ASCII-whitespace branch in `push_normalized_signature_text` uses `u8::try_from(u32::from(ch)).expect("ASCII whitespace always fits into u8")` for the explicit narrowing conversion, producing `base64::DecodeError::InvalidByte(normalized.len(), invalid_byte)` as the error payload. The conversion is provably infallible because `ch.is_ascii_whitespace()` guarantees the character is in the 0x00–0x7F range.

---

Learnt from: CR
Repo: structured-world/xml-sec PR: 0
File: .github/instructions/code-review.instructions.md:0-0
Timestamp: 2026-03-17T12:12:07.790Z
Learning: Review ONLY code within the PR's diff. Do not suggest inline fixes for unchanged lines. For issues in code outside the diff, suggest creating a separate issue instead of proposing code changes.

✅ Actions performed

Full review triggered.

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 5 comments.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/donor_full_verification_suite.rs`:
- Around line 165-178: The test's Skip arm calls
verify_signature_with_pem_key(&xml, &skip_probe_key, false), which injects an
explicit PEM key and bypasses the KeyValue/X.509 resolution the skip is supposed
to exercise; instead call the real verification entry that does not supply an
explicit key (the resolver path in src/xmldsig/verify.rs) so the KeyValue/X.509
resolution logic runs (replace the verify_signature_with_pem_key call with the
verification function that performs normal key resolution), then assert the
concrete outcome expected by the skip reason (e.g., specific Err or DsigStatus
result) rather than accepting any Err/Invalid as a successful skip; update the
Expectation::Skip arm in tests/donor_full_verification_suite.rs to use the
non-injecting verifier and concrete assertions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 950279ea-65a1-4ed0-b618-7e1329c36091

📥 Commits

Reviewing files that changed from the base of the PR and between f82bf20 and 68fa067.

📒 Files selected for processing (2)

• src/xmldsig/signature.rs
• tests/donor_full_verification_suite.rs

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated no new comments.

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated no new comments.