#![cfg_attr(test, allow(clippy::expect_used, clippy::unwrap_used))]
pub mod credential;
pub mod delegation;
pub mod error;
pub mod receipt;
pub mod registry;
pub mod revocation;
pub mod validation;
pub use credential::{
AVC_CREDENTIAL_SIGNING_DOMAIN, AVC_MAX_SUPPORTED_PROTOCOL_VERSION,
AVC_MIN_SUPPORTED_PROTOCOL_VERSION, AVC_PROTOCOL_DEPRECATION_WINDOW_DAYS, AVC_PROTOCOL_VERSION,
AVC_SCHEMA_VERSION, AuthorityChainRef, AuthorityScope, AutonomousVolitionCredential,
AutonomyLevel, AvcConstraints, AvcDraft, AvcSubjectKind, ConsentRef, DataClass,
DelegatedIntent, MAX_BASIS_POINTS, PolicyRef, TimeWindow, issue_avc,
require_supported_avc_protocol_version,
};
pub use delegation::{delegate_avc, parent_id_of};
pub use error::AvcError;
pub use receipt::{
AVC_RECEIPT_EVIDENCE_SUBJECT_DOMAIN, AVC_RECEIPT_EXTERNAL_TIMESTAMP_DOMAIN,
AVC_RECEIPT_SIGNING_DOMAIN, AvcReceiptEvidenceSubject, AvcReceiptExternalTimestampProof,
AvcReceiptExternalTimestampProofKind, AvcReceiptRfc3161TimestampProof,
AvcReceiptRfc3161TrustAnchorKind, AvcReceiptTimestampProvenance, AvcTrustReceipt,
AvcTrustReceiptEvidence, create_trust_receipt, create_trust_receipt_with_evidence,
};
pub use registry::{
AvcRegistryDurableState, AvcRegistryRead, AvcRegistryWrite, InMemoryAvcRegistry,
};
pub use revocation::{
AVC_REVOCATION_SIGNING_DOMAIN, AvcRevocation, AvcRevocationReason, revoke_avc,
};
pub use validation::{
AVC_ACTION_COMMITMENT_DOMAIN, AVC_ACTION_DESCRIPTOR_DOMAIN, AVC_ACTION_SIGNING_DOMAIN,
AVC_HUMAN_APPROVAL_SIGNING_DOMAIN, AvcActionDescriptor, AvcActionRequest, AvcDecision,
AvcHumanApproval, AvcReasonCode, AvcValidationRequest, AvcValidationResult,
avc_action_commitment_hash, avc_action_descriptor_hash, avc_action_signature_payload,
human_approval_signature_payload, validate_avc,
};
pub const AVC_SIGNING_DOMAINS: &[&str] = &[
AVC_ACTION_COMMITMENT_DOMAIN,
AVC_ACTION_DESCRIPTOR_DOMAIN,
AVC_ACTION_SIGNING_DOMAIN,
AVC_CREDENTIAL_SIGNING_DOMAIN,
AVC_HUMAN_APPROVAL_SIGNING_DOMAIN,
AVC_RECEIPT_EVIDENCE_SUBJECT_DOMAIN,
AVC_RECEIPT_EXTERNAL_TIMESTAMP_DOMAIN,
AVC_RECEIPT_SIGNING_DOMAIN,
AVC_REVOCATION_SIGNING_DOMAIN,
];
#[cfg(test)]
mod hygiene_tests {
use super::*;
#[test]
fn signing_domains_are_distinct() {
let mut sorted = AVC_SIGNING_DOMAINS.to_vec();
sorted.sort_unstable();
let original_len = sorted.len();
sorted.dedup();
assert_eq!(sorted.len(), original_len, "signing domains must be unique");
}
#[test]
fn signing_domains_are_versioned() {
for d in AVC_SIGNING_DOMAINS {
assert!(d.contains(".v1"), "domain {d} must be version-tagged");
}
}
#[test]
fn no_hashmap_or_hashset_in_production_sources() {
let sources = [
include_str!("credential.rs"),
include_str!("delegation.rs"),
include_str!("error.rs"),
include_str!("lib.rs"),
include_str!("receipt.rs"),
include_str!("registry.rs"),
include_str!("revocation.rs"),
include_str!("validation.rs"),
];
let banned_map = ["Hash", "Map"].concat();
let banned_set = ["Hash", "Set"].concat();
for src in sources {
let production = src.split("#[cfg(test)]").next().unwrap();
assert!(
!production.contains(&banned_map),
"AVC production sources must not use HashMap"
);
assert!(
!production.contains(&banned_set),
"AVC production sources must not use HashSet"
);
}
}
#[test]
fn no_floating_point_in_production_sources() {
let sources = [
include_str!("credential.rs"),
include_str!("delegation.rs"),
include_str!("error.rs"),
include_str!("lib.rs"),
include_str!("receipt.rs"),
include_str!("registry.rs"),
include_str!("revocation.rs"),
include_str!("validation.rs"),
];
for src in sources {
let production = src.split("#[cfg(test)]").next().unwrap();
for token in [": f32", ": f64", "as f32", "as f64", "f32::", "f64::"] {
assert!(
!production.contains(token),
"AVC production sources must not contain `{token}`"
);
}
}
}
}