Skip to content

feat(xmldsig): cover donor signing templates#88

Merged
polaz merged 5 commits into
mainfrom
test/#87-donor-signing-templates
Jul 13, 2026
Merged

feat(xmldsig): cover donor signing templates#88
polaz merged 5 commits into
mainfrom
test/#87-donor-signing-templates

Conversation

@polaz

@polaz polaz commented Jul 13, 2026

Copy link
Copy Markdown
Member

Summary

  • Add supported xmlsec1 donor signing templates as fixtures.
  • Sign RSA and ECDSA donor templates through SignContext and verify the generated XML with the existing verifier.
  • Repair missing unreleased changelog entries and skip release-maintenance commits in release-plz output.

Testing

  • cargo fmt -- --check
  • cargo nextest run
  • cargo test --doc
  • cargo clippy --all-targets -- -D warnings
  • cargo build --all-features
  • release-plz update --config .release-plz.toml --repo-url https://github.com/structured-world/xml-sec --allow-dirty (temp clone)

Closes #87

polaz added 4 commits July 13, 2026 12:29
- Add supported xmlsec1 donor signing templates as fixtures
- Sign RSA and ECDSA donor templates through SignContext and verify results
- Repair unreleased changelog entries lost after dependency branch merge history

Closes #87
Keep only the release entries that release-plz lost after the dependency branch merge. The current feature entry is generated from its conventional commit.
Exclude docs(release) commits from generated release notes so changelog maintenance does not appear as user-facing documentation changes.
Exclude fix(release) commits from generated release notes together with docs(release) maintenance commits.
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 21aaa5ef-2730-422c-ae2d-820a2e47f2d9

📥 Commits

Reviewing files that changed from the base of the PR and between 3ab8039 and 6b73cd8.

📒 Files selected for processing (2)
  • .release-plz.toml
  • tests/fixtures/xmldsig/aleksey-xmldsig-01/enveloping-sha384-ecdsa-sha384.tmpl

📝 Walkthrough

Summary by CodeRabbit

  • New Features
    • Added support for generating and writing X.509 signing key information in XML digital signatures.
  • Bug Fixes
    • Hardened signing key information writing to improve robustness and reliability.
  • Tests
    • Expanded XML signature fixture coverage and added end-to-end verification for RSA and ECDSA across multiple digest/signature algorithms.
    • Updated smoke/fixture completeness checks and verification helpers to ensure generated signatures contain expected values.

Walkthrough

Added five XMLDSig donor templates, updated fixture completeness expectations, and added RSA/ECDSA signing verification tests. The unreleased changelog and release commit parser configuration were also updated.

Changes

XMLDSig donor signing coverage

Layer / File(s) Summary
Donor template fixtures
tests/fixtures/xmldsig/aleksey-xmldsig-01/*.tmpl, tests/fixtures_smoke.rs
Added RSA and ECDSA enveloping templates and updated the expected fixture count from 82 to 87.
Signing and verification tests
tests/signing_digest.rs
Added shared signed-template verification and end-to-end RSA and ECDSA donor-template tests.
Release metadata updates
CHANGELOG.md, .release-plz.toml
Added unreleased XMLDSig signing entries, restricted scoped release commits, and skipped release documentation and fix commits.

Estimated code review effort: 2 (Simple) | ~15 minutes

Sequence Diagram(s)

sequenceDiagram
  participant SignContext
  participant DonorTemplates
  participant verify_signature_with_pem_key
  SignContext->>DonorTemplates: Load donor signing template
  SignContext->>SignContext: Sign template
  SignContext->>verify_signature_with_pem_key: Verify signed XML with PEM public key
  verify_signature_with_pem_key-->>SignContext: Return DsigStatus::Valid
Loading

Possibly related PRs

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning The fixture and signing coverage plus changelog fixes address #87, but the required docs alignment is not shown in the changes. Update the architecture/roadmap docs to reflect the current RustCrypto signing implementation, or clarify where that requirement is satisfied.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and matches the main change: adding coverage for donor signing templates in xmldsig.
Description check ✅ Passed The description is clearly related to the fixture, signing, and changelog updates in this PR.
Out of Scope Changes check ✅ Passed The changes stay focused on donor signing fixtures, verification tests, and release-note maintenance.
Docstring Coverage ✅ Passed Docstring coverage is 85.71% which is sufficient. The required threshold is 80.00%.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch test/#87-donor-signing-templates

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented Jul 13, 2026

Copy link
Copy Markdown

Greptile Summary

This PR adds donor XML signing coverage and release maintenance updates. The main changes are:

  • New xmlsec1-style RSA and ECDSA donor signing templates.
  • Round-trip signing tests for donor templates through SignContext and the verifier.
  • Updated fixture smoke count for the added donor files.
  • Changelog entries for unreleased XMLDSIG work.
  • Release-plz filtering for release-maintenance commits.

Confidence Score: 5/5

This looks safe to merge.

No blocking issues found in the changed code.

None.

T-Rex T-Rex Logs

What T-Rex did

  • Ran the donor signing test command in the documented working directory, producing test output and exiting with code 0.
  • Ran the fixture smoke test command in the documented working directory, producing test output and exiting with code 0.

View all artifacts

T-Rex Ran code and verified through T-Rex

Important Files Changed

Filename Overview
.release-plz.toml Updates release commit matching and changelog skip rules for release-maintenance commits.
tests/fixtures/xmldsig/aleksey-xmldsig-01/enveloping-sha384-ecdsa-sha384.tmpl Adds the ECDSA P-384 donor signing template with a matching P-384 KeyName.
tests/signing_digest.rs Adds donor template signing tests for RSA and ECDSA fixtures.

Reviews (2): Last reviewed commit: "fix(release): narrow release-trigger sco..." | Re-trigger Greptile

Comment thread tests/fixtures/xmldsig/aleksey-xmldsig-01/enveloping-sha384-ecdsa-sha384.tmpl Outdated
Comment thread .release-plz.toml
- Align the P-384 donor template KeyName with the signing key fixture
- Prevent release-maintenance scopes from triggering release-plz while keeping user-facing scopes release-significant
@polaz polaz merged commit d712da1 into main Jul 13, 2026
10 checks passed
@polaz polaz deleted the test/#87-donor-signing-templates branch July 13, 2026 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Test donor signing templates

1 participant