9
0
Fork
You've already forked locksmith
0

Add public certificate contract models #8

Open
caution-bot wants to merge 3 commits from feat/public-cert-contract into main
pull from: feat/public-cert-contract
merge into: caution:main
caution:main
caution:chore/agpl-commercial-license
caution:feat/hosted-keymaker
caution:deploy/hosted
caution:deploy-tests
caution:fix/preferred-hash-fallback
caution:anton/fix-error-handling

Summary

  • Add shared keymaker-models::public_certificates request and response types for the public certificate derivation API.
  • Encode the reviewed v1 contract shape: data plus top-level necroproof, strict request fields, certificate entries with index and armored_certificate, and no trusted derivation path/fingerprint/signature metadata fields.
  • Add validation helpers for certificate count, UTC expiration bounds, payload version/profile/count/order, canonical UUID parsing, and masked UUID-derived account indices for the m/pgp'/kmkr'/... namespace.

Test plan

  • rustfmt --edition 2024 --check crates/keymaker-models/src/lib.rs
  • git diff --check
  • cargo test -p keymaker-models
  • cargo clippy -p keymaker-models --all-targets -- -D warnings
  • cargo test --workspace (passes; existing warnings remain for minipgp6 cfg, unused now, unreachable reboot expression, unused secrets, and unused get_shards_test_util)

Deferred follow-ups

  • Add the actual public certificate service process, HTTP route, Locksmith/Keyfork readiness flow, CA UID certification embedding, and necroproof computation.
  • Select or implement the shared deterministic structure-hash/necroproof registry before producing real artifacts.

Refs caution/platform#383

## Summary - Add shared `keymaker-models::public_certificates` request and response types for the public certificate derivation API. - Encode the reviewed v1 contract shape: `data` plus top-level `necroproof`, strict request fields, certificate entries with `index` and `armored_certificate`, and no trusted derivation path/fingerprint/signature metadata fields. - Add validation helpers for certificate count, UTC expiration bounds, payload version/profile/count/order, canonical UUID parsing, and masked UUID-derived account indices for the `m/pgp'/kmkr'/...` namespace. ## Test plan - `rustfmt --edition 2024 --check crates/keymaker-models/src/lib.rs` - `git diff --check` - `cargo test -p keymaker-models` - `cargo clippy -p keymaker-models --all-targets -- -D warnings` - `cargo test --workspace` (passes; existing warnings remain for `minipgp6` cfg, unused `now`, unreachable reboot expression, unused `secrets`, and unused `get_shards_test_util`) ## Deferred follow-ups - Add the actual public certificate service process, HTTP route, Locksmith/Keyfork readiness flow, CA UID certification embedding, and necroproof computation. - Select or implement the shared deterministic structure-hash/necroproof registry before producing real artifacts. Refs https://codeberg.org/caution/platform/issues/383
@ -20,2 +20,4 @@
}
}
pubmod public_certificates{

this should be a new models crate specific to The Service That Derives Public Certificates, and should not incorporate business logic like validation.

this should be a new models crate specific to The Service That Derives Public Certificates, and should not incorporate business logic like validation.
@ -22,0 +124,4 @@
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
#[serde(deny_unknown_fields)]
pubstruct PublicCertificatePayload{

missing documentation on what these fields mean. specifically: what is certificate_profile ?

missing documentation on what these fields mean. specifically: what is certificate_profile ?
@ -22,0 +133,4 @@
puborganization_id: Uuid,
#[serde(deserialize_with = "deserialize_canonical_uuid")]
pubbundle_id: Uuid,
pubcertificate_count: u8,

this value can be derived from the length of certificates

this value can be derived from the length of certificates
@ -22,0 +188,4 @@
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
#[serde(deny_unknown_fields)]
pubstruct PublicCertificate{
pubindex: u8,

the index of a certificate should live as a self-notation on the certificate to ensure immutability

the index of a certificate should live as a self-notation on the certificate to ensure immutability
Author
Member
Copy link

Addressed the review comments in commit 64bf509f8c8c76f376f1bd2c1536dc7d643a2e4a:

  • Moved the public certificate contract into a dedicated public-certificate-models crate instead of keymaker-models.
  • Removed validation/derivation business logic from the model crate.
  • Removed response certificate_count; callers can derive it from certificates.len().
  • Documented the public contract fields, including certificate_profile.
  • Removed the response-level certificate index; the model now documents that the immutable index belongs inside the OpenPGP certificate self-notation.

Verification:

  • rustfmt --edition 2024 crates/public-certificate-models/src/lib.rs crates/keymaker-models/src/lib.rs
  • cargo check --workspace
  • cargo test -p public-certificate-models
  • cargo test -p keymaker-models
  • git diff --check

All passed; cargo check --workspace still reports pre-existing warnings in keymaker/locksmith unrelated to this patch.

Addressed the review comments in commit `64bf509f8c8c76f376f1bd2c1536dc7d643a2e4a`: - Moved the public certificate contract into a dedicated `public-certificate-models` crate instead of `keymaker-models`. - Removed validation/derivation business logic from the model crate. - Removed response `certificate_count`; callers can derive it from `certificates.len()`. - Documented the public contract fields, including `certificate_profile`. - Removed the response-level certificate `index`; the model now documents that the immutable index belongs inside the OpenPGP certificate self-notation. Verification: - `rustfmt --edition 2024 crates/public-certificate-models/src/lib.rs crates/keymaker-models/src/lib.rs` - `cargo check --workspace` - `cargo test -p public-certificate-models` - `cargo test -p keymaker-models` - `git diff --check` All passed; `cargo check --workspace` still reports pre-existing warnings in `keymaker`/`locksmith` unrelated to this patch.
Author
Member
Copy link

Follow-up pushed in commit ab0117c0a23d3302bd2a7f19cfc64f23ffdf460e after re-checking the inline review thread.

The dedicated public-certificate-models crate is now data-only: I removed the custom UUID/timestamp deserializers and the validation-oriented tests so the crate just carries the request/response contract and field documentation. The previous changes still keep certificate_count out of the response and keep certificate indexes inside the OpenPGP certificate self-notation rather than as response fields.

Verification:

  • rustfmt --edition 2024 crates/public-certificate-models/src/lib.rs
  • cargo check --workspace
  • cargo test -p public-certificate-models
  • git diff --check

All passed; cargo check --workspace still reports the same pre-existing warnings in keymaker/locksmith.

Follow-up pushed in commit `ab0117c0a23d3302bd2a7f19cfc64f23ffdf460e` after re-checking the inline review thread. The dedicated `public-certificate-models` crate is now data-only: I removed the custom UUID/timestamp deserializers and the validation-oriented tests so the crate just carries the request/response contract and field documentation. The previous changes still keep `certificate_count` out of the response and keep certificate indexes inside the OpenPGP certificate self-notation rather than as response fields. Verification: - `rustfmt --edition 2024 crates/public-certificate-models/src/lib.rs` - `cargo check --workspace` - `cargo test -p public-certificate-models` - `git diff --check` All passed; `cargo check --workspace` still reports the same pre-existing warnings in `keymaker`/`locksmith`.
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/public-cert-contract:feat/public-cert-contract
git switch feat/public-cert-contract

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff feat/public-cert-contract
git switch feat/public-cert-contract
git rebase main
git switch main
git merge --ff-only feat/public-cert-contract
git switch feat/public-cert-contract
git rebase main
git switch main
git merge --no-ff feat/public-cert-contract
git switch main
git merge --squash feat/public-cert-contract
git switch main
git merge --ff-only feat/public-cert-contract
git switch main
git merge feat/public-cert-contract
git push origin main
Sign in to join this conversation.
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
caution/locksmith!8
Reference in a new issue
caution/locksmith
No description provided.
Delete branch "feat/public-cert-contract"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?