pub struct KeyRevocation {
pub revoked_key_fingerprint: String,
pub compromised_since: DateTime<Utc>,
pub reason: Option<String>,
pub revoked_key_id: Option<String>,
pub revoked_key_controller: AgentDid,
pub publisher: AgentDid,
pub trust_class: RevocationTrustClass,
}Expand description
Typed, shape-validated view of a key-revocation context body
(RFC-ACDP-0014 §4).
Obtain via KeyRevocation::from_body. Field semantics:
- The fingerprint is authoritative;
revoked_key_idis human traceability only (§4). compromised_sinceis the compromise boundary T: signatures made strictly before T are attributable to the producer; at or after T they are not (§7). Across a superseding revocation lineage the earliest T is effective (§4,effective_boundary).- A revocation is permanent — there is no un-revoking. Consumers SHOULD cache verified revocations indefinitely (§7); the type is serde-serializable for exactly that.
Fields§
§revoked_key_fingerprint: StringRFC-ACDP-0010 §6 fingerprint of the revoked public key
(sha256: + 64 lowercase hex), byte-for-byte the encoding
receipts record. Authoritative over revoked_key_id.
compromised_since: DateTime<Utc>The compromise boundary T (canonical millisecond RFC 3339 UTC on the wire).
reason: Option<String>Optional human-readable circumstances (≤ 1024 chars). Informational only — apply output hygiene before display (RFC-ACDP-0014 §13).
revoked_key_id: Option<String>Optional DID URL of the revoked verification method. On any disagreement with the fingerprint, the fingerprint governs.
revoked_key_controller: AgentDidThe producer DID that controls the revoked key. Defaults to the
body’s agent_id when the metadata field is absent
(producer-signed form); on registry-attested revocations it
names the affected producer while agent_id is the registry.
publisher: AgentDidThe body’s agent_id — the identity the revocation was
published under (the producer for RevocationTrustClass::ProducerSigned,
the registry for RevocationTrustClass::RegistryAttested).
trust_class: RevocationTrustClass§5/§6 trust class, derived from the controller binding:
revoked_key_controller absent or equal to agent_id ⇒
producer-signed; different ⇒ registry-attested. MUST NOT be
collapsed when reporting (§6). For a registry-attested claim the
caller still owns confirming that publisher really is the DID
of a registry it talks to (capabilities.registry_did).
Implementations§
Source§impl KeyRevocation
impl KeyRevocation
Sourcepub fn from_body(body: &Body) -> Result<KeyRevocation, AcdpError>
pub fn from_body(body: &Body) -> Result<KeyRevocation, AcdpError>
Parse and shape-validate a key-revocation context body per
RFC-ACDP-0014 §4.
Enforced here (violations are AcdpError::SchemaViolation, the
code a 0.3.0 registry rejects them with at publish):
typeiskey-revocation(or the §10 interimacdp:key-revocation).visibilityispublic— an audience-restricted revocation protects nobody outside the audience.metadata.revoked_key_fingerprintpresent, in the RFC-ACDP-0010 §6 formsha256:+ 64 lowercase hex.metadata.compromised_sincepresent, canonical millisecond-precision RFC 3339 UTC (RFC-ACDP-0001 §5.3).metadata.reason, when present, ≤ 1024 characters.metadata.revoked_key_controller, when present, a valid DID.
Additionally, when the signing key’s fingerprint is derivable
purely from the body (a did:key signer), the §5 step 2
not-self-signed rule is enforced here too. For did:web signers
the fingerprint requires DID resolution: callers MUST follow up
with Self::check_not_self_signed against the resolved
fingerprint (acdp-client’s revocation pipeline does).
This does NOT verify the body’s hash or signature — a parsed revocation is untrusted until the strict §5.11 pipeline passes.
Sourcepub fn check_not_self_signed(
&self,
signing_key_fingerprint: &str,
) -> Result<(), AcdpError>
pub fn check_not_self_signed( &self, signing_key_fingerprint: &str, ) -> Result<(), AcdpError>
RFC-ACDP-0014 §5 step 2 — the revocation MUST NOT be signed by
the very key it revokes: such a statement proves only possession
of the (by hypothesis, attacker-held) key. Registries at ≥ 0.3.0
reject the publish with key_not_authorized; consumers MUST
treat one as unverified (at most a hint to seek a real
signal).
signing_key_fingerprint is the RFC-ACDP-0010 §6 fingerprint of
the resolved key that signed the revocation body (see
acdp_crypto::fingerprint).
Trait Implementations§
Source§impl Clone for KeyRevocation
impl Clone for KeyRevocation
Source§fn clone(&self) -> KeyRevocation
fn clone(&self) -> KeyRevocation
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for KeyRevocation
impl Debug for KeyRevocation
Source§impl<'de> Deserialize<'de> for KeyRevocation
impl<'de> Deserialize<'de> for KeyRevocation
Source§fn deserialize<__D>(
__deserializer: __D,
) -> Result<KeyRevocation, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(
__deserializer: __D,
) -> Result<KeyRevocation, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
impl Eq for KeyRevocation
Source§impl PartialEq for KeyRevocation
impl PartialEq for KeyRevocation
Source§fn eq(&self, other: &KeyRevocation) -> bool
fn eq(&self, other: &KeyRevocation) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for KeyRevocation
impl Serialize for KeyRevocation
Source§fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
impl StructuralPartialEq for KeyRevocation
Auto Trait Implementations§
impl Freeze for KeyRevocation
impl RefUnwindSafe for KeyRevocation
impl Send for KeyRevocation
impl Sync for KeyRevocation
impl Unpin for KeyRevocation
impl UnsafeUnpin for KeyRevocation
impl UnwindSafe for KeyRevocation
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.