feat(xmldsig): add full signature verify pipeline

[polaz]

Summary

• add end-to-end XMLDSig verification pipeline API (verify_signature_with_pem_key)
• verify SignedInfo references first, then canonicalize SignedInfo and verify SignatureValue
• add integration tests for RSA/ECDSA donor vectors and tampered digest/signature cases
• update README status to reflect full verification pipeline support

Issue

Closes #29

Validation

• cargo build
• cargo check --workspace
• cargo clippy --all-targets -- -D warnings
• cargo nextest run --workspace
• cargo test --doc --workspace

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ec0b1bf8-c015-43ed-b7c2-266d50baf012

📥 Commits

Reviewing files that changed from the base of the PR and between d22f7ca and 28a2540.

📒 Files selected for processing (1)

• src/xmldsig/verify.rs

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Public end-to-end XMLDSig verification API with structured result and error reporting
  • Added ECDSA verification support (P-256/SHA-256, P-384/SHA-384)

• Bug Fixes / Validation

  • Stricter parsing/validation for SignatureValue and DigestValue (allowed whitespace, length, structure); clearer classified errors and fail-fast behavior on digest mismatches

• Tests

  • Extensive integration tests for success, tampering, and malformed inputs

• Documentation

  • README updated to reflect verification status and expanded algorithm support

Walkthrough

Adds an end-to-end XMLDSig verification pipeline: new public entrypoint verify_signature_with_pem_key, new pipeline result/error types, stricter Signature/SignedInfo/SignatureValue parsing and base64 rules, SignedInfo canonicalization and RSA/ECDSA verification, parse/transform namespace adjustments, and new integration tests.

Changes

Cohort / File(s)	Summary
Documentation README.md	Updated feature/status bullets: verify pipeline marked implemented; added ECDSA (P-256/P-384) verification helpers; changed planned VerifyContext to a builder API.
Public exports src/xmldsig/mod.rs	Re-exported new verification symbols: SignatureVerificationPipelineError, SignatureVerificationResult, verify_signature_with_pem_key.
Verification pipeline src/xmldsig/verify.rs	New end-to-end pipeline and public types: enforces single <Signature>, exact <SignedInfo>/<SignatureValue> positions, fail-fast reference digest checks, canonicalizes <SignedInfo>, normalizes/decodes/validates <SignatureValue> (only XML whitespace allowed, max lengths, no nested elements), performs RSA/ECDSA verification, maps certain ECDSA format errors to signature-invalid, and returns structured result/error variants; added tests.
Integration tests tests/signature_pipeline_integration.rs	New integration tests covering RSA/ECDSA happy paths, tampering cases (DigestValue vs SignatureValue), base64/whitespace/format edge cases, structural validations, and pipeline-stage assertions.
Parsing src/xmldsig/parse.rs	Made XMLDSIG_NS pub(crate); tightened DigestValue parsing to only direct text node children and reject element children; base64 digest decoding now allows only XML base64 whitespace (' ', '\t', '\r', '\n') and rejects other ASCII whitespace.
Transforms namespace usage src/xmldsig/transforms.rs	Replaced local XMLDSig namespace constant with shared super::parse::XMLDSIG_NS and updated namespace checks used in transform parsing, filtering, and tests.

Sequence Diagram(s)

sequenceDiagram
    actor Caller
    participant Pipeline as "verify_signature_with_pem_key"
    participant Parser as "XML Parser"
    participant RefProcessor as "process_all_references"
    participant Canonicalizer as "c14n::canonicalize"
    participant CryptoVerifier as "RSA/ECDSA verifier"

    Caller->>Pipeline: call(xml, public_key_pem, store_pre_digest)
    Pipeline->>Parser: parse XML
    Parser-->>Pipeline: Document
    Pipeline->>Pipeline: locate Signature & SignedInfo (ensure single Signature)
    Pipeline->>RefProcessor: process_all_references(SignedInfo)
    RefProcessor-->>Pipeline: ReferencesResult
    alt references all valid
        Pipeline->>Canonicalizer: canonicalize(SignedInfo)
        Canonicalizer-->>Pipeline: canonical bytes
        Pipeline->>Pipeline: normalize & base64-decode SignatureValue
        Pipeline->>CryptoVerifier: verify(signature_bytes, alg, public_key_pem)
        CryptoVerifier-->>Pipeline: signature_valid / crypto error
        Pipeline-->>Caller: SignatureVerificationResult { references, signature_checked=true, signature_valid }
    else references invalid
        Pipeline-->>Caller: SignatureVerificationResult { references, signature_checked=false, signature_valid=false }
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(xmldsig): add reference verification pipeline #20 — Overlaps: modifies xmldsig verification pipeline and touches verify.rs, parse.rs, transforms.rs, mod.rs, and tests.
• feat(xmldsig): add ecdsa signature verification #27 — Adds/extends ECDSA verification helpers consumed by the new pipeline (ECDSA P-256/P-384 support).
• feat(xmldsig): enveloped signature transform and pipeline executor #14 — Related namespace/transform handling changes used by the transforms updates.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately and concisely describes the main change: addition of a full signature verification pipeline API.
Description check	✅ Passed	Description clearly relates to the changeset, detailing the verification pipeline API, test additions, and README updates that match the code changes.
Linked Issues check	✅ Passed	All linked issue #29 objectives are met: end-to-end verification pipeline API, fail-fast digest verification, SignatureValue verification, integration tests for RSA/ECDSA, tampered digest/signature tests, and README updates.
Out of Scope Changes check	✅ Passed	All changes are scoped to issue #29: verification pipeline implementation, base64 whitespace normalization, namespace constant sharing, and associated tests.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/#29-p1-021-signature-pipeline

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/xmldsig/verify.rs`:
- Around line 166-179: The SignatureVerificationResult struct can be dropped
without inspection, so add the #[must_use] attribute to the
SignatureVerificationResult declaration to force callers to handle verification
outcomes; update the struct definition (the one starting with "pub struct
SignatureVerificationResult") to include #[must_use] above it and ensure callers
of verify_signature_with_pem_key(...) respond to the returned value accordingly.

In `@tests/signature_pipeline_integration.rs`:
- Around line 87-126: Add a new unit test (e.g.,
tampered_signature_value_malformed_base64_fails) similar to
tampered_signature_value_fails_after_references_pass that reads the same
fixture, mutates the <SignatureValue> to inject an invalid base64 character (use
mutate_ds_tag_content(&xml, "SignatureValue") but introduce a non-base64 char),
calls verify_signature_with_pem_key(&tampered_xml, &public_key_pem, false) and
assert that it returns
Err(SignatureVerificationPipelineError::SignatureValueBase64(_)); reference
verify_signature_with_pem_key, mutate_ds_tag_content, and the
SignatureVerificationPipelineError::SignatureValueBase64 variant to locate the
relevant code paths.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: dbcfb7b3-a2f1-4b05-8217-703294f58cd3

📥 Commits

Reviewing files that changed from the base of the PR and between 4647e05 and e0dbe94.

📒 Files selected for processing (4)

• README.md
• src/xmldsig/mod.rs
• src/xmldsig/verify.rs
• tests/signature_pipeline_integration.rs

[Copilot]

Pull request overview

Adds an end-to-end XMLDSig verification pipeline to the xmldsig module, allowing callers to verify <SignedInfo> reference digests first and then verify <SignatureValue> over canonicalized <SignedInfo> using an RSA/ECDSA public key.

Changes:

• Introduces verify_signature_with_pem_key plus structured SignatureVerificationResult / SignatureVerificationPipelineError.
• Adds integration tests covering RSA/ECDSA donor vectors and negative cases (tampered digest/signature, malformed base64).
• Updates README to reflect full signature verification pipeline support.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
src/xmldsig/verify.rs	Implements the end-to-end signature verification pipeline and new public result/error types.
src/xmldsig/mod.rs	Re-exports the new pipeline API and associated types.
tests/signature_pipeline_integration.rs	Adds integration coverage for full pipeline success/failure scenarios.
README.md	Updates project status to reflect full pipeline support and ECDSA helpers.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/signature_pipeline_integration.rs`:
- Around line 67-92: The helper inject_invalid_base64_in_signature_value only
searches for an unprefixed "<SignatureValue>" and will panic if the fixture uses
a prefixed "<ds:SignatureValue>"; to fix this, replace the custom logic in
inject_invalid_base64_in_signature_value with a call to the existing
replace_ds_tag_content_with helper (which handles both prefixed and unprefixed
ds tags) or implement the same prefix-aware search/replace using
replace_ds_tag_content_with's approach; update
inject_invalid_base64_in_signature_value to locate the SignatureValue content
via replace_ds_tag_content_with, mutate one base64 char to '!' in the returned
content, and return the reconstructed XML so the behavior and fixture coverage
match other mutation helpers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e57a35d2-aaa2-4f5a-840b-77ab4ef1b92e

📥 Commits

Reviewing files that changed from the base of the PR and between 4ec6af2 and 8428140.

📒 Files selected for processing (2)

• src/xmldsig/verify.rs
• tests/signature_pipeline_integration.rs

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/signature_pipeline_integration.rs`:
- Around line 117-156: Add an ECDSA variant of the two tampering tests to
exercise the ECDSA code path: duplicate
tampered_signature_value_fails_after_references_pass and
tampered_digest_value_fails_before_signature_stage but load the ECDSA fixtures
(use the ECDSA XML fixture and the corresponding ECDSA public key PEM), keep
calls to mutate_ds_tag_content and verify_signature_with_pem_key, and assert the
same expectations (references.all_valid / !references.all_valid,
signature_checked true/false, signature_valid false) to ensure
algorithm-specific dispatch handles negative cases.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d6848fce-0e07-4ee2-becb-ac8c74b6f785

📥 Commits

Reviewing files that changed from the base of the PR and between 8428140 and b889178.

📒 Files selected for processing (1)

• tests/signature_pipeline_integration.rs

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/signature_pipeline_integration.rs`:
- Around line 41-58: The helper replace_ds_tag_content_with is too strict when
building exact opening strings (prefixed_open/plain_open) and panics if there is
harmless whitespace or attributes before the closing '>' — change the logic to
locate the opening element by scanning for the start marker "<ds:{tag}" or
"<{tag}" (using contains or find for that prefix), then advance from that index
to the next '>' to compute start = index_of('>') + 1 so the mutation targets
element content only; keep the existing closing-tag detection (</ds:{tag}> or
</{tag}>) but ensure you search for the closing sequence after start to avoid
mismatches.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 834314c2-f18f-4012-b45e-0930da373cd5

📥 Commits

Reviewing files that changed from the base of the PR and between b889178 and d3d60d7.

📒 Files selected for processing (1)

• tests/signature_pipeline_integration.rs

[polaz]

@coderabbitai re-review

[coderabbitai]

@polaz Sure, I'll re-review the PR now!

✅ Actions performed

Full review triggered.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

tests/signature_pipeline_integration.rs (1)

41-55: ⚠️ Potential issue | 🟡 Minor

Make the mutation helper tolerant of start-tag trivia.

This still requires an exact <ds:{tag}> / <{tag}> opening tag. A benign attribute or whitespace before > makes the test panic before it reaches verify_signature_with_pem_key, so the corruption case no longer isolates verifier behavior.

♻️ Proposed fix

-    let prefixed_open = format!("<ds:{tag}>");
+    let prefixed_open = format!("<ds:{tag}");
     let prefixed_close = format!("</ds:{tag}>");
-    let plain_open = format!("<{tag}>");
+    let plain_open = format!("<{tag}");
     let plain_close = format!("</{tag}>");
@@
-    let start = xml
-        .find(&open)
-        .unwrap_or_else(|| panic!("missing opening tag {open}"))
-        + open.len();
+    let open_start = xml
+        .find(&open)
+        .unwrap_or_else(|| panic!("missing opening tag prefix {open}"));
+    let start = xml[open_start..]
+        .find('>')
+        .unwrap_or_else(|| panic!("missing closing `>` for opening tag {tag}"))
+        + open_start
+        + 1;

As per coding guidelines, corruption/validation tests: tamper the relevant field (e.g., digest value, signature bytes, base64 encoding) and assert the error.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/signature_pipeline_integration.rs` around lines 41 - 55, The helper
currently requires an exact opening tag string (prefixed_open/plain_open) and
fails if there are attributes or whitespace before the closing '>'; change the
discovery logic to search for the start of the tag prefix (e.g., look for
"<ds:{tag}" and "<{tag}" using the existing prefixed_open/plain_open variables
or xml.contains checks), then locate the next '>' after that match and set start
to the index after that '>' (instead of matching a full "<...>"); keep the
existing close/tag selection but ensure you still find the matching closing tag
string (prefixed_close/plain_close) for later use.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/xmldsig/verify.rs`:
- Around line 308-315: The code currently uses signature_value_node.text() which
only returns the first text child and then removes characters with
char::is_whitespace(), causing truncated signature data and over-removal of
Unicode whitespace; update the logic that builds the base64 string from
SignatureValue by iterating all child nodes of signature_value_node, filtering
for text nodes (e.g., children().filter(|n| n.is_text())), concatenating each
node.text() result to form the full text content, then strip only the four XML
whitespace characters (' ', '\t', '\r', '\n') (not char::is_whitespace()) before
calling base64::engine::general_purpose::STANDARD.decode; adjust the code around
signature_value_node and the existing normalized variable to perform these steps
so decoding receives the correct concatenated/normalized string.

---

Duplicate comments:
In `@tests/signature_pipeline_integration.rs`:
- Around line 41-55: The helper currently requires an exact opening tag string
(prefixed_open/plain_open) and fails if there are attributes or whitespace
before the closing '>'; change the discovery logic to search for the start of
the tag prefix (e.g., look for "<ds:{tag}" and "<{tag}" using the existing
prefixed_open/plain_open variables or xml.contains checks), then locate the next
'>' after that match and set start to the index after that '>' (instead of
matching a full "<...>"); keep the existing close/tag selection but ensure you
still find the matching closing tag string (prefixed_close/plain_close) for
later use.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 398ad8ee-c2d3-47db-8515-f5ec699cb821

📥 Commits

Reviewing files that changed from the base of the PR and between 4647e05 and d3d60d7.

📒 Files selected for processing (4)

• README.md
• src/xmldsig/mod.rs
• src/xmldsig/verify.rs
• tests/signature_pipeline_integration.rs

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/xmldsig/verify.rs`:
- Around line 431-440: The conversion u8::try_from(u32::from(ch)) in the
ch.is_ascii_whitespace() branch is infallible and the map_err arm is dead code;
replace that try_from(...).map_err(...) with a direct cast or an expect (e.g.,
let invalid_byte = ch as u8 or use u8::try_from(...).expect("ch is ASCII
whitespace") ) and then return
SignatureVerificationPipelineError::SignatureValueBase64(base64::DecodeError::InvalidByte(normalized.len(),
invalid_byte)); keep references to ch.is_ascii_whitespace(),
SignatureVerificationPipelineError::SignatureValueBase64,
base64::DecodeError::InvalidByte and normalized.len() so the intent and error
payload remain identical.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2e487e9e-7be3-4c5f-b6b2-e5a044899b47

📥 Commits

Reviewing files that changed from the base of the PR and between dfd4c63 and c05e33b.

📒 Files selected for processing (3)

• src/xmldsig/parse.rs
• src/xmldsig/verify.rs
• tests/signature_pipeline_integration.rs

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

[coderabbitai]

♻️ Duplicate comments (1)

src/xmldsig/verify.rs (1)

431-435: 🛠️ Refactor suggestion | 🟠 Major

Make the narrowing on Line 432 explicit.

The ASCII guard makes this safe, but a raw as u8 still violates the repo conversion rule. Please either switch this branch back to an explicit u8::try_from(u32::from(ch)) conversion or annotate the cast with the required lint justification.

The first command should still show let invalid_byte = ch as u8; without a nearby cast_possible_truncation annotation.

#!/bin/bash
sed -n '428,436p' src/xmldsig/verify.rs
rg -n 'cast_possible_truncation|is_ascii_whitespace|as u8' src/xmldsig/verify.rs -C 2

As per coding guidelines "Use TryFrom/TryInto for fallible conversions; as casts need #[expect(clippy::cast_possible_truncation)] with reason".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/xmldsig/verify.rs` around lines 431 - 435, In the
SignatureVerificationPipelineError::SignatureValueBase64 branch inside the
verify flow, replace the raw cast `let invalid_byte = ch as u8;` with an
explicit, fallible conversion using `u8::try_from(u32::from(ch))` (propagate/map
the error as needed) so the narrowing is explicit and complies with the
conversion guideline; update the code that constructs the base64::DecodeError to
use the resulting u8 value. This targets the block that checks `if
ch.is_ascii_whitespace()` in src/xmldsig/verify.rs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@src/xmldsig/verify.rs`:
- Around line 431-435: In the
SignatureVerificationPipelineError::SignatureValueBase64 branch inside the
verify flow, replace the raw cast `let invalid_byte = ch as u8;` with an
explicit, fallible conversion using `u8::try_from(u32::from(ch))` (propagate/map
the error as needed) so the narrowing is explicit and complies with the
conversion guideline; update the code that constructs the base64::DecodeError to
use the resulting u8 value. This targets the block that checks `if
ch.is_ascii_whitespace()` in src/xmldsig/verify.rs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7f7461a2-4b22-431d-b4a4-83b23c9e53f5

📥 Commits

Reviewing files that changed from the base of the PR and between c05e33b and d22f7ca.

📒 Files selected for processing (1)

• src/xmldsig/verify.rs

[polaz]

@coderabbitai Fixed the duplicate finding in src/xmldsig/verify.rs: the ASCII-whitespace branch now uses explicit narrowing via u8::try_from(u32::from(ch)), with the same InvalidByte(normalized.len(), invalid_byte) error payload.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
echo "=== push_normalized_signature_text and surrounding context ==="
rg -n "push_normalized_signature_text\|try_from\|u32::from\|InvalidByte\|is_ascii_whitespace\|ascii_whitespace\|0x0[Cc]\|invalid_byte\|narrowing" src/xmldsig/verify.rs -A5 -B3

Length of output: 62

---

🏁 Script executed:

#!/bin/bash
echo "=== Search for try_from, u8, whitespace normalization in verify.rs ==="
rg -n "try_from\|u8\|whitespace\|ascii\|InvalidByte\|invalid_byte\|normalized" src/xmldsig/verify.rs -A3 -B2

echo ""
echo "=== Full verify.rs ==="
cat src/xmldsig/verify.rs

Length of output: 35031

---

@polaz The fix in push_normalized_signature_text looks correct. The relevant section now reads:

if ch.is_ascii_whitespace() {
    let invalid_byte =
        u8::try_from(u32::from(ch)).expect("ASCII whitespace always fits into u8");
    return Err(SignatureVerificationPipelineError::SignatureValueBase64(
        base64::DecodeError::InvalidByte(normalized.len(), invalid_byte),
    ));
}

A few confirmations:

• Infallibility — ch.is_ascii_whitespace() guarantees ch ≤ U+007F, so u32::from(ch) ≤ 127 which always fits in a u8. The .expect() message documents this invariant clearly. ✅
• Error payload — InvalidByte(normalized.len(), invalid_byte) preserves both the position (byte offset into the normalized accumulator) and the byte value. This is identical to what the previous form produced. ✅
• Regression test — push_normalized_signature_text_rejects_form_feed exercises \u{000C} and asserts InvalidByte(_, 0x0C) exactly, which still passes with this path. ✅

---

✏️ Learnings added

Learnt from: polaz
URL: https://github.com/structured-world/xml-sec/pull/30

Timestamp: 2026-03-28T20:47:05.766Z
Learning: In `src/xmldsig/verify.rs` (xml-sec Rust project), the ASCII-whitespace branch in `push_normalized_signature_text` uses `u8::try_from(u32::from(ch)).expect("ASCII whitespace always fits into u8")` for the explicit narrowing conversion, producing `base64::DecodeError::InvalidByte(normalized.len(), invalid_byte)` as the error payload. The conversion is provably infallible because `ch.is_ascii_whitespace()` guarantees the character is in the 0x00–0x7F range.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: polaz
Repo: structured-world/xml-sec PR: 0
File: :0-0
Timestamp: 2026-03-28T15:50:07.817Z
Learning: In `src/xmldsig/verify.rs` (xml-sec Rust project), `push_normalized_signature_text` strips only the four XML whitespace characters (space 0x20, tab 0x09, CR 0x0D, LF 0x0A) from `SignatureValue` text before base64 decoding, and explicitly rejects any other ASCII whitespace (e.g., form feed 0x0C, vertical tab 0x0B) as `SignatureVerificationPipelineError::SignatureValueBase64(base64::DecodeError::InvalidByte(...))`. The regression test `push_normalized_signature_text_rejects_form_feed` covers the form-feed boundary case.

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 0
File: :0-0
Timestamp: 2026-03-28T18:51:49.892Z
Learning: In `src/xmldsig/parse.rs` (xml-sec Rust project), the private function `n` (formerly `base64_decode_digest`) strips only the four XML whitespace characters (space 0x20, tab 0x09, CR 0x0D, LF 0x0A) from `DigestValue` base64 text before decoding, and returns `ParseError::Base64(format!("invalid XML whitespace U+{:04X} ...", ...))` for any other `is_ascii_whitespace()` character (e.g. form feed 0x0C). Regression tests `n_accepts_xml_whitespace_chars` and `n_rejects_non_xml_ascii_whitespace` cover these cases.

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 12
File: src/c14n/xml_base.rs:61-93
Timestamp: 2026-03-16T17:23:26.715Z
Learning: In the xml-sec Rust project, the xml:base URI resolver in `src/c14n/xml_base.rs` correctly uses RFC 3986 §5 for IRI resolution in C14N 1.1 mode, as C14N 1.1 §2.4 explicitly delegates to RFC 3986 §5. When the base URI has no scheme, `parse_base()` returns `None` and the reference is returned as-is — this is the correct fallback behavior. The W3C C14N 1.1 interop test suite notes "modifications to RFC 3986 dot segment processing for C14N11" which may represent edge cases worth verifying against the `remove_dot_segments()` implementation.

---

Learnt from: CR
Repo: structured-world/xml-sec PR: 0
File: .github/instructions/code-review.instructions.md:0-0
Timestamp: 2026-03-17T12:12:07.790Z
Learning: Applies to **/*.rs : Corruption/validation tests: tamper the relevant field (e.g., digest value, signature bytes, base64 encoding) and assert the error

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 12
File: src/c14n/serialize.rs:382-398
Timestamp: 2026-03-16T17:41:41.053Z
Learning: Repo: structured-world/xml-sec (Rust)
Context: src/c14n/serialize.rs::collect_inherited_xml_attrs
Learning: For inclusive C14N subsets, collect_inherited_xml_attrs must stop at the nearest included ancestor (A in set → B out → C in) to avoid inheriting xml:* through an included ancestor. A unit test named `no_inheritance_past_included_ancestor` covers this scenario. Exclusive C14N should skip this inheritance step entirely.

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 6
File: src/c14n/ns_exclusive.rs:81-107
Timestamp: 2026-03-15T19:26:11.246Z
Learning: In the xml-sec project (Rust), roxmltree 0.21 does not expose lexical prefixes from parsed QNames — `ExpandedName` only provides `namespace()` and `name()`. As a result, `visibly_utilized_prefixes()` in `src/c14n/ns_exclusive.rs` and `write_qualified_name()` in `src/c14n/serialize.rs` must use `lookup_prefix(namespace_uri)` for prefix resolution. This is a known limitation: when multiple prefixes bind the same namespace URI, the reverse-mapping is ambiguous. The ambiguity is documented in code comments and tracked as a ROADMAP gap; the edge case is considered rare in SAML/XMLDSig use cases.

---

Learnt from: CR
Repo: structured-world/xml-sec PR: 0
File: .github/instructions/rust.instructions.md:0-0
Timestamp: 2026-03-17T12:12:28.146Z
Learning: Applies to **/*.rs : Tier 1 - Flag logic bugs: checksum/hash mismatches (computing over wrong byte range, verifying against stale value)

---

Learnt from: polaz
Repo: structured-world/xml-sec PR: 12
File: src/c14n/serialize.rs:218-222
Timestamp: 2026-03-16T18:07:55.027Z
Learning: In the xml-sec project (Rust), RFC 3741 §1.2 (Exclusive XML Canonicalization) explicitly states that xml:* namespace attributes (xml:lang, xml:space, etc.) are NOT imported into orphan nodes of a document subset. This is one of the two explicit differences from Inclusive C14N. The `collect_inherited_xml_attrs` function in `src/c14n/serialize.rs` must be skipped entirely for Exclusive mode. RFC 3741 §4.4 places the burden on callers to explicitly include required xml:* attributes in the subset — it does NOT restore the inheritance rule.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.