Struct RegistryReceipt 

pub struct RegistryReceipt {
    pub registry_did: String,
    pub ctx_id: CtxId,
    pub lineage_id: LineageId,
    pub origin_registry: String,
    pub created_at: DateTime<Utc>,
    pub content_hash: ContentHash,
    pub key_fingerprint: String,
    pub signature: Signature,
}

A registry-signed publication receipt.

CLOSED schema (RFC-ACDP-0010 §4, additionalProperties: false): a receipt has exactly the eight specified members. Future receipt fields require a schema bump, not field-level extensibility — unknown members are rejected at parse time.

Fields

registry_did: String

The registry’s own identity — MUST be did:web:<authority> where <authority> is the authority the context is served from.

ctx_id: CtxId

The ctx_id this receipt attests.

lineage_id: LineageId

The lineage the registry assigned.

origin_registry: String

The registry’s authority (bare hostname form).

created_at: DateTime<Utc>

Publication acceptance time. Canonical millisecond-precision RFC 3339 UTC, always serialized with exactly three fractional digits (…SS.mmmZ, RFC-ACDP-0010 §8 step 6) — chrono’s default drops trailing zeros, which would change the preimage bytes.

content_hash: ContentHash

The producer’s content hash this receipt binds.

key_fingerprint: String

Fingerprint of the producer key the registry resolved and verified at publish time (see acdp_crypto::fingerprint).

signature: Signature

Registry signature over the receipt preimage.

Implementations

impl RegistryReceipt

pub fn from_value(value: &Value) -> Result<Self, AcdpError>

Parse a receipt from the opaque JSON value carried in crate::body::FullContext::registry_receipt.

pub fn preimage_hash_of_value(value: &Value) -> Result<ContentHash, AcdpError>

Compute the preimage hash from the RAW wire JSON of a receipt (the value minus signature, canonicalized as received).

Verifiers MUST hash the receipt exactly as received rather than re-serializing a parsed struct — the same “hash verification over raw JSON” rule as RFC-ACDP-0001 §6 bodies. Re-serialization can normalize byte details (e.g. timestamp fraction digits) and falsely fail an honest receipt.

pub fn validate_created_at_form(value: &Value) -> Result<(), AcdpError>

Validate the §8 step 6 byte form of the receipt’s raw created_at: canonical millisecond-precision RFC 3339 UTC with exactly three fractional digits and a literal Z.

pub fn cross_check_body(&self, body: &Body) -> Result<(), AcdpError>

§8 step 3 body bindings: lineage_id, origin_registry, and created_at MUST equal the corresponding fields of the accompanying body. (ctx_id is bound separately against the requested identifier in Self::cross_check.)

pub fn preimage_hash(&self) -> Result<ContentHash, AcdpError>

Compute the receipt’s signature preimage hash: SHA-256 over the JCS canonical form of the receipt minus signature only.

Struct-based form, used at MINT time (the struct’s serializer emits the canonical three-digit-millisecond created_at). Verifiers should prefer Self::preimage_hash_of_value over the raw wire JSON.

pub fn verify_signature_with_key( &self, registry_pub_ed25519: Option<&[u8; 32]>, registry_pub_p256_sec1: Option<&[u8]>, ) -> Result<(), AcdpError>

Verify the receipt signature against a known registry public key (pure — no DID resolution; the client feature’s verify_receipt_value resolves the registry DID and calls this).

pub fn verify_signature_against_hash( &self, hash: &ContentHash, registry_pub_ed25519: Option<&[u8; 32]>, registry_pub_p256_sec1: Option<&[u8]>, ) -> Result<(), AcdpError>

Like Self::verify_signature_with_key but over an already-computed preimage hash — pair with Self::preimage_hash_of_value for raw-JSON verification.

pub fn cross_check( &self, expected_ctx_id: &CtxId, recomputed_body_hash: &ContentHash, producer_key_fingerprint: &str, ) -> Result<(), AcdpError>

The pure (offline) subset of the RFC-ACDP-0010 cross-checks — everything except registry-DID resolution and the served-authority comparison, which need the client feature:

• ctx_id equals the requested one.
• content_hash equals the independently recomputed body hash (pass the recomputed value, never the body’s echoed field).
• key_fingerprint equals the fingerprint of the resolved producer key.
• created_at is millisecond-truncated.
• registry_did is did:web:<origin_registry> (internal consistency; the serving-authority comparison is the client’s job).

Trait Implementations

impl Clone for RegistryReceipt

fn clone(&self) -> RegistryReceipt

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for RegistryReceipt

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for RegistryReceipt

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for RegistryReceipt

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.