cdx-core 0.7.1

Core library for reading, writing, and validating Codex Document Format (.cdx) files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439

//! Error types for cdx-core.

use std::path::PathBuf;
use thiserror::Error;

/// Result type alias using [`enum@Error`].
pub type Result<T> = std::result::Result<T, Error>;

/// Errors that can occur when working with Codex documents.
#[derive(Debug, Error)]
pub enum Error {
    /// The file is not a valid ZIP archive.
    #[error("invalid ZIP archive: {0}")]
    InvalidArchive(#[from] zip::result::ZipError),

    /// JSON parsing or serialization failed.
    #[error("JSON error: {0}")]
    Json(#[from] serde_json::Error),

    /// I/O operation failed.
    #[error("I/O error: {0}")]
    Io(#[from] std::io::Error),

    /// A required file is missing from the archive.
    #[error("missing required file: {path}")]
    MissingFile {
        /// Path of the missing file.
        path: String,
    },

    /// The manifest is invalid.
    #[error("invalid manifest: {reason}")]
    InvalidManifest {
        /// Description of the validation failure.
        reason: String,
    },

    /// The document's Codex version is not supported.
    #[error("unsupported Codex version: {version}")]
    UnsupportedVersion {
        /// The unsupported version string.
        version: String,
    },

    /// Hash verification failed.
    #[error("hash mismatch for {path}: expected {expected}, got {actual}")]
    HashMismatch {
        /// Path of the file with mismatched hash.
        path: String,
        /// Expected hash value.
        expected: String,
        /// Actual computed hash value.
        actual: String,
    },

    /// Document ID verification failed.
    #[error("document ID mismatch: expected {expected}, got {actual}")]
    DocumentIdMismatch {
        /// Expected document ID.
        expected: String,
        /// Actual computed document ID.
        actual: String,
    },

    /// Invalid document state transition.
    #[error("invalid state transition from {from:?} to {to:?}")]
    InvalidStateTransition {
        /// Current state.
        from: crate::DocumentState,
        /// Attempted target state.
        to: crate::DocumentState,
    },

    /// State requirements not met.
    #[error("state {state:?} requires {requirement}")]
    StateRequirementNotMet {
        /// The document state with unmet requirements.
        state: crate::DocumentState,
        /// Description of the unmet requirement.
        requirement: String,
    },

    /// Path traversal attempt detected (security).
    #[error("path traversal detected: {path}")]
    PathTraversal {
        /// The suspicious path.
        path: String,
    },

    /// Hash algorithm is not supported.
    #[error("unsupported hash algorithm: {algorithm}")]
    UnsupportedHashAlgorithm {
        /// The unsupported algorithm identifier.
        algorithm: String,
    },

    /// Invalid hash format.
    #[error("invalid hash format: {value}")]
    InvalidHashFormat {
        /// The invalid hash string.
        value: String,
    },

    /// File not found.
    #[error("file not found: {}", path.display())]
    FileNotFound {
        /// Path to the missing file.
        path: PathBuf,
    },

    /// Invalid certificate.
    #[error("invalid certificate: {reason}")]
    InvalidCertificate {
        /// Description of the certificate issue.
        reason: String,
    },

    /// Network operation failed.
    #[error("network error: {message}")]
    Network {
        /// Description of the network error.
        message: String,
    },

    /// Feature not implemented.
    #[error("not implemented: {feature}")]
    NotImplemented {
        /// Description of the unimplemented feature.
        feature: String,
    },

    /// Cannot modify document in immutable state.
    #[error("cannot {action} in {state:?} state")]
    ImmutableDocument {
        /// The action that was attempted.
        action: String,
        /// Current document state.
        state: crate::DocumentState,
    },

    /// Extension not found or not loaded.
    #[error("extension not available: {extension}")]
    ExtensionNotAvailable {
        /// Name of the missing extension.
        extension: String,
    },

    /// Content validation failed.
    #[error("content validation failed: {reason}")]
    ValidationFailed {
        /// Description of the validation failure.
        reason: String,
    },

    /// Signature operation failed.
    #[error("signature error: {reason}")]
    SignatureError {
        /// Description of the signature issue.
        reason: String,
    },

    /// Encryption operation failed.
    #[error("encryption error: {reason}")]
    EncryptionError {
        /// Description of the encryption issue.
        reason: String,
    },

    /// File exceeds the maximum allowed size (decompression bomb protection).
    #[error("file too large: {path} is {size} bytes (limit: {limit} bytes)")]
    FileTooLarge {
        /// Path of the oversized file.
        path: String,
        /// Actual or declared size in bytes.
        size: u64,
        /// Maximum allowed size in bytes.
        limit: u64,
    },

    /// Archive structure is invalid.
    #[error("invalid archive structure: {reason}")]
    InvalidArchiveStructure {
        /// Description of the structural issue.
        reason: String,
    },
}

/// Create an [`Error::InvalidManifest`] with a formatted reason.
pub(crate) fn invalid_manifest(reason: impl Into<String>) -> Error {
    Error::InvalidManifest {
        reason: reason.into(),
    }
}

/// Create an [`Error::SignatureError`] with a formatted reason.
pub(crate) fn signature_error(reason: impl Into<String>) -> Error {
    Error::SignatureError {
        reason: reason.into(),
    }
}

/// Create an [`Error::EncryptionError`] with a formatted reason.
pub(crate) fn encryption_error(reason: impl Into<String>) -> Error {
    Error::EncryptionError {
        reason: reason.into(),
    }
}

/// Create an [`Error::Network`] error with a formatted message.
pub(crate) fn network_error(message: impl Into<String>) -> Error {
    Error::Network {
        message: message.into(),
    }
}

/// Create an [`Error::InvalidCertificate`] with a formatted reason.
pub(crate) fn invalid_certificate(reason: impl Into<String>) -> Error {
    Error::InvalidCertificate {
        reason: reason.into(),
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::path::PathBuf;

    #[test]
    fn display_invalid_archive() {
        let err = Error::InvalidArchive(zip::result::ZipError::FileNotFound);
        assert!(err.to_string().contains("invalid ZIP archive"));
    }

    #[test]
    fn display_json() {
        let json_err = serde_json::from_str::<serde_json::Value>("not json").unwrap_err();
        let err = Error::Json(json_err);
        assert!(err.to_string().starts_with("JSON error:"));
    }

    #[test]
    fn display_io() {
        let io_err = std::io::Error::new(std::io::ErrorKind::NotFound, "gone");
        let err = Error::Io(io_err);
        assert!(err.to_string().starts_with("I/O error:"));
    }

    #[test]
    fn display_missing_file() {
        let err = Error::MissingFile {
            path: "manifest.json".to_string(),
        };
        assert_eq!(err.to_string(), "missing required file: manifest.json");
    }

    #[test]
    fn display_invalid_manifest() {
        let err = Error::InvalidManifest {
            reason: "bad version".to_string(),
        };
        assert_eq!(err.to_string(), "invalid manifest: bad version");
    }

    #[test]
    fn display_unsupported_version() {
        let err = Error::UnsupportedVersion {
            version: "99.0".to_string(),
        };
        assert_eq!(err.to_string(), "unsupported Codex version: 99.0");
    }

    #[test]
    fn display_hash_mismatch() {
        let err = Error::HashMismatch {
            path: "content.json".to_string(),
            expected: "abc".to_string(),
            actual: "def".to_string(),
        };
        assert_eq!(
            err.to_string(),
            "hash mismatch for content.json: expected abc, got def"
        );
    }

    #[test]
    fn display_document_id_mismatch() {
        let err = Error::DocumentIdMismatch {
            expected: "id1".to_string(),
            actual: "id2".to_string(),
        };
        assert_eq!(
            err.to_string(),
            "document ID mismatch: expected id1, got id2"
        );
    }

    #[test]
    fn display_invalid_state_transition() {
        let err = Error::InvalidStateTransition {
            from: crate::DocumentState::Draft,
            to: crate::DocumentState::Frozen,
        };
        assert!(err.to_string().contains("invalid state transition"));
        assert!(err.to_string().contains("Draft"));
        assert!(err.to_string().contains("Frozen"));
    }

    #[test]
    fn display_state_requirement_not_met() {
        let err = Error::StateRequirementNotMet {
            state: crate::DocumentState::Frozen,
            requirement: "at least one signature".to_string(),
        };
        assert!(err.to_string().contains("Frozen"));
        assert!(err.to_string().contains("at least one signature"));
    }

    #[test]
    fn display_path_traversal() {
        let err = Error::PathTraversal {
            path: "../etc/passwd".to_string(),
        };
        assert_eq!(err.to_string(), "path traversal detected: ../etc/passwd");
    }

    #[test]
    fn display_unsupported_hash_algorithm() {
        let err = Error::UnsupportedHashAlgorithm {
            algorithm: "md5".to_string(),
        };
        assert_eq!(err.to_string(), "unsupported hash algorithm: md5");
    }

    #[test]
    fn display_invalid_hash_format() {
        let err = Error::InvalidHashFormat {
            value: "not-a-hash".to_string(),
        };
        assert_eq!(err.to_string(), "invalid hash format: not-a-hash");
    }

    #[test]
    fn display_file_not_found() {
        let err = Error::FileNotFound {
            path: PathBuf::from("/tmp/missing.cdx"),
        };
        assert!(err.to_string().contains("file not found"));
        assert!(err.to_string().contains("missing.cdx"));
    }

    #[test]
    fn display_invalid_certificate() {
        let err = Error::InvalidCertificate {
            reason: "expired".to_string(),
        };
        assert_eq!(err.to_string(), "invalid certificate: expired");
    }

    #[test]
    fn display_network() {
        let err = Error::Network {
            message: "timeout".to_string(),
        };
        assert_eq!(err.to_string(), "network error: timeout");
    }

    #[test]
    fn display_not_implemented() {
        let err = Error::NotImplemented {
            feature: "blockchain anchoring".to_string(),
        };
        assert_eq!(err.to_string(), "not implemented: blockchain anchoring");
    }

    #[test]
    fn display_immutable_document() {
        let err = Error::ImmutableDocument {
            action: "modify content".to_string(),
            state: crate::DocumentState::Frozen,
        };
        assert!(err.to_string().contains("cannot modify content"));
        assert!(err.to_string().contains("Frozen"));
    }

    #[test]
    fn display_extension_not_available() {
        let err = Error::ExtensionNotAvailable {
            extension: "forms".to_string(),
        };
        assert_eq!(err.to_string(), "extension not available: forms");
    }

    #[test]
    fn display_validation_failed() {
        let err = Error::ValidationFailed {
            reason: "empty content".to_string(),
        };
        assert_eq!(err.to_string(), "content validation failed: empty content");
    }

    #[test]
    fn display_signature_error() {
        let err = Error::SignatureError {
            reason: "invalid key".to_string(),
        };
        assert_eq!(err.to_string(), "signature error: invalid key");
    }

    #[test]
    fn display_encryption_error() {
        let err = Error::EncryptionError {
            reason: "wrong password".to_string(),
        };
        assert_eq!(err.to_string(), "encryption error: wrong password");
    }

    #[test]
    fn display_file_too_large() {
        let err = Error::FileTooLarge {
            path: "assets/huge.bin".to_string(),
            size: 512 * 1024 * 1024,
            limit: 256 * 1024 * 1024,
        };
        let msg = err.to_string();
        assert!(msg.contains("file too large"));
        assert!(msg.contains("assets/huge.bin"));
    }

    #[test]
    fn display_invalid_archive_structure() {
        let err = Error::InvalidArchiveStructure {
            reason: "manifest not first".to_string(),
        };
        assert_eq!(
            err.to_string(),
            "invalid archive structure: manifest not first"
        );
    }
}