1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
//! # canaad-core
//!
//! Core library for AAD (Additional Authenticated Data) canonicalization
//! according to RFC 8785 (JSON Canonicalization Scheme).
//!
//! This library provides:
//!
//! - Strict validation of AAD fields per the AAD specification
//! - Duplicate key detection (unlike `serde_json` which silently drops duplicates)
//! - JCS-compliant canonicalization for deterministic serialization
//! - Type-safe field construction with validation
//!
//! ## Quick Start
//!
//! ```rust
//! use canaad_core::{parse, canonicalize, canonicalize_string, AadContext};
//!
//! // Parse and validate existing JSON
//! let json = r#"{"v":1,"tenant":"org_abc","resource":"secrets/db","purpose":"encryption"}"#;
//! let ctx = parse(json)?;
//! let canonical = ctx.canonicalize_string()?;
//!
//! // Or build from scratch
//! let ctx = AadContext::new("org_abc", "secrets/db", "encryption")?
//! .with_timestamp(1706400000)?
//! .with_string_extension("x_vault_cluster", "us-east-1")?;
//!
//! let bytes = ctx.canonicalize()?;
//! # Ok::<(), canaad_core::AadError>(())
//! ```
//!
//! ## Validation Rules
//!
//! - Version (`v`): Must be 1
//! - Tenant: 1-256 bytes, no NUL bytes
//! - Resource: 1-1024 bytes, no NUL bytes
//! - Purpose: 1+ bytes, no NUL bytes
//! - Timestamp (`ts`): Optional, 0 to 2^53-1
//! - Extension keys: Must match pattern `x_<app>_<field>` where app is `[a-z]+` and field is `[a-z_]+`
//! - All integers: 0 to 2^53-1 (JavaScript safe integer range)
//! - Total serialized size: Maximum 16 KiB
//! - No duplicate keys allowed
// Re-export public API
pub use ;
pub use ;
pub use ;
pub use ;