Merge branch 'main' into feat/vote-proof

Author: Mr-Leshiy

Earthfile

@@ -1,7 +1,7 @@
 VERSION 0.8
 
-IMPORT github.com/input-output-hk/catalyst-ci/earthly/mdlint:v3.2.13 AS mdlint-ci
-IMPORT github.com/input-output-hk/catalyst-ci/earthly/cspell:v3.2.13 AS cspell-ci
+IMPORT github.com/input-output-hk/catalyst-ci/earthly/mdlint:v3.2.15 AS mdlint-ci
+IMPORT github.com/input-output-hk/catalyst-ci/earthly/cspell:v3.2.15 AS cspell-ci
 
 FROM debian:stable-slim
 

docs/Earthfile

@@ -1,6 +1,6 @@
 VERSION 0.8
 
-IMPORT github.com/input-output-hk/catalyst-ci/earthly/docs:v3.2.13 AS docs-ci
+IMPORT github.com/input-output-hk/catalyst-ci/earthly/docs:v3.2.15 AS docs-ci
 
 IMPORT .. AS repo
 

docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl

@@ -1,86 +1,64 @@
 ; This c509 Certificate format is based upon:
-; https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/
+; https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/
 ; And is restricted/customized to better enable compatibility with Plutus scripts
-; that would consume them, without loosing necessary features of x509
+; that would consume them, without losing necessary features of x509
 ; Not all x509 features are supported and some fields have different semantics to improve
 ; certificate size and ability to be processed by Plutus Scripts.
 
-; cspell: words reencoded, biguint 
+; cspell: words reencoded, biguint, stake1uyehkck0lajq8gr28t9uxnuvgcqrc6070x3k9r8048z8y5gh6ffgw
 
-C509CertificatePlutusRestrictedSubset = [ TBSCertificate, issuerSignatureValue: ed25519Signature, ]
+C509CertificatePlutusRestrictedSubset = [
+    TBSCertificate, 
+    issuerSignatureValue: ed25519Signature
+]
 
 ; The elements of the following group are used in a CBOR Sequence:
 TBSCertificate = (
-	c509CertificateType: &c509CertificateTypeValues, ; Always 0
-	certificateSerialNumber: CertificateSerialNumber, ; Can be ignored/set to 0 or used as intended.
-	issuer: Name, ; This could be an on-chain reference to the issuer cert, what would be the best way?  Transaction hash/cert hash?
-	validityNotBefore: Time, ; c509 uses UTC
-	validityNotAfter: Time, ; c509 uses UTC
-	subject: Name, ; Reference to on-chain keys related to this certificate
-	subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
-	subjectPublicKey: subjectPublicKey, ; Ed25519 public key
-	extensions: Extensions, ; No extensions are currently supported must be set to []
-	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
+    c509CertificateType: int, ; Always 2 as a natively signed
+    certificateSerialNumber: CertificateSerialNumber, ; Can be ignored/set to 0 or used as intended.
+    issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
+    issuer: Name / null, ; If the 'issuer' field is identical to the 'subject' field (in case of self-signed), then it must be encoded as CBOR null 
+                         ; This could be an on-chain reference to the issuer cert. What would be the best way? Transaction hash/cert hash?
+    validityNotBefore: ~time, ; c509 uses UTC
+    validityNotAfter: ~time / null, ; c509 uses UTC, no expiration date must be set to null
+    subject: Name, ; Reference to on-chain keys related to this certificate
+    subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
+    subjectPublicKey: subjectPublicKey, ; Ed25519 public key
+    extensions: Extensions ; Set to [] if no Extensions provided
 )
 
-; 0 = Native CBOR Certificate type
-; 1 = reencoded-der-cert -  Not supported in this restricted version of the format.
-c509CertificateTypeValues = ( native-cbor: 0,
-	; reencoded-der: 1 ; Not supported in this restricted encoding format
-)
-
-CertificateSerialNumber = biguint
-
-Name = [ * RelativeDistinguishedName ]
-	/ text
-	/ bytes
-
-RelativeDistinguishedName = Attribute / [ 2* Attribute ]
+CertificateSerialNumber = ~biguint
 
-Attribute = (
-	( attributeType: int, attributeValue: text )
-	// ( attributeType: oid, attributeValue: bytes )
-	// ( attributeType: pen, attributeValue: bytes )
-	// CardanoPublicKey
-)
-
-subjectPublicKey = bytes .size (32..32); Ed25519 public key stored in bytes, adjust size of this if other key types are supported.  
+; Currently ONLY AlgorithmIdentifier int(12) - Ed25519 is supported.
+; oid and [ algorithm: oid, parameters: bytes ] are not supported by Plutus.
+AlgorithmIdentifier = int / ~oid / [ algorithm: ~oid, parameters: bytes ]
 
-; This is a completely custom Attribute for the RelativeDistinguishedName which is only for use with Plutus scripts.
-; attributeType = The type of Cardano key we associate with this certificate.
-; proof = Does the transaction require proof that the key is owned by the transaction signer?
-; attributeValue = The Cardano public key hash of the attribute type
+Name = [ * Attribute ] / text / bytes
 
-CardanoPublicKey = ( attributeType: &cardanoKeyTypes proof: bool, attributeValue: bytes .size (28..28) )
+Attribute = ( attributeType: int, attributeValue: text ) 
+          // ( attributeType: ~oid, attributeValue: bytes )
 
-cardanoKeyTypes = (
-	paymentKeyHash: 0,
-	stakeKeyHash: 1,
-	drepVerificationKeyHash: 2,
-	ccColdVerificationKeyHash: 3,
-	ccHotVerificationKeyHash: 4,
-)
+subjectPublicKey = bytes .size (32..32) ; Ed25519 public key stored in bytes, adjust size if other key types are supported.
 
-; Plutus will need to convert the Unix epoch timestamp to the nearest slot number
+; For ~time, Plutus will need to convert the Unix epoch timestamp to the nearest slot number
 ; validityNotBefore rounds up to the next Slot after that time.
 ; validityNotAfter rounds down to the next Slot before that time.
-Time = ( ~time / null )
-
-ed25519Signature = bstr .size 64; Ed25519 signature must be tagged to identify their type.
 
+ed25519Signature = bstr .size 64 ; Ed25519 signature must be tagged to identify their type.
 
-; Currently ONLY AlgorithmIdentifier int(12) - Ed25519 is supported.
-; oid and [ algorithm: oid, parameters: bytes ] are not supported by Plutus.
-AlgorithmIdentifier = (int
-	/ ~oid
-	/ [ algorithm: ~oid, parameters: bytes ])
+; The only Extension supported is int(3) = SubjectAltName where GeneralNames need to be 
+; int(6) = uniformResourceIdentifier.
+; This uniformResourceIdentifier must conform to the URI based line in CIP-0134:
+; https://github.com/input-output-hk/catalyst-CIPs/tree/cip13-simple-cardano-address-extension/CIP-0134
+; for example, web+cardano://addr/stake1uyehkck0lajq8gr28t9uxnuvgcqrc6070x3k9r8048z8y5gh6ffgw
 
-; Extensions are not currently supported by plutus and should be set to []
-; Any extensions present in the certificate will be ignored by plutus scripts.
 Extensions = [ * Extension ] / int
 
 Extension = (
-	( extensionID: int, extensionValue: any )
-	// ( extensionID: ~oid, ? critical: true, extensionValue: bytes )
-	// ( extensionID: pen, ? critical: true, extensionValue: bytes )
+    ( extensionID: int, extensionValue: any )
+    // ( extensionID: ~oid, ? critical: true, extensionValue: bytes )
 )
+
+SubjectAltName = GeneralNames / text
+GeneralNames = [ + GeneralName ]
+GeneralName = ( GeneralNameType: int, GeneralNameValue: any )

integration_tests/rust/overhead_benchmark/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "overhead_benchmark"
-version = "0.1.0"
+version = "0.1.1"
 edition.workspace = true
 
 [lints]
@@ -9,8 +9,8 @@ workspace = true
 [dependencies]
 cardano-chain-follower = { path = "../.." }
 
-anyhow = "1.0.82"
-clap = { version = "4.5.4", features = ["derive", "help", "usage", "std"], default-features = false }
-pallas-traverse = "0.30.1"
-pallas-hardano = "0.30.1"
-tokio = { version = "1.37.0", features = ["macros", "sync", "rt-multi-thread", "rt", "net"] }
+anyhow = "1.0.89"
+clap = { version = "4.5.19", features = ["derive", "help", "usage", "std"], default-features = false }
+pallas-traverse = "0.30.2"
+pallas-hardano = "0.30.2"
+tokio = { version = "1.40.0", features = ["macros", "sync", "rt-multi-thread", "rt", "net"] }

rust/Earthfile

@@ -1,6 +1,6 @@
 VERSION 0.8
 
-IMPORT github.com/input-output-hk/catalyst-ci/earthly/rust:v3.2.13 AS rust-ci
+IMPORT github.com/input-output-hk/catalyst-ci/earthly/rust:v3.2.15 AS rust-ci
 
 COPY_SRC:
     FUNCTION
@@ -15,15 +15,16 @@ COPY_SRC:
         hermes-ipfs \
         .
 
+# builder : Set up our target toolchains, and copy our files.
+builder:
+    DO rust-ci+SETUP
+
 # sync-cfg: Synchronize local config with CI version.
 # Must be run by the developer manually.
 sync-cfg:
+    FROM +builder
     DO rust-ci+SYNC_STD_CFG
 
-# builder : Set up our target toolchains, and copy our files.
-builder:
-    DO rust-ci+SETUP
-
 builder-src:
     FROM +builder
 

rust/Justfile

@@ -26,8 +26,8 @@ code-format:
 
 # Lint the rust code
 code-lint:
-    cargo lintfix
-    cargo lint
+    cargo lintfix -r
+    cargo lint -r
 
 # Pre Push Checks
 pre-push: sync-cfg code-format code-lint license-check

rust/c509-certificate/Cargo.toml

@@ -2,7 +2,7 @@
 name = "c509-certificate"
 description = "C509 certificate implementation"
 keywords = ["cardano", "catalyst", "c509 certificate", "certificate", "x509"]
-version = "0.0.2"
+version = "0.0.3"
 authors = [
     "Arissara Chotivichit <[email protected]>"
 ]
@@ -21,26 +21,26 @@ workspace = true
 minicbor = { version = "0.25.1", features = ["std"] }
 hex = "0.4.3"
 oid = "0.2.1"
-oid-registry = "0.7.0"
-asn1-rs = "0.6.0"
-anyhow = "1.0.86"
+oid-registry = "0.7.1"
+asn1-rs = "0.6.2"
+anyhow = "1.0.89"
 bimap = "0.6.3"
-once_cell = "1.19.0"
+once_cell = "1.20.2"
 strum = "0.26.3"
-strum_macros = "0.26.3"
-regex = "1.10.5"
+strum_macros = "0.26.4"
+regex = "1.11.0"
 ed25519-dalek = { version = "2.1.1", features = ["pem"] }
-thiserror = "1.0.56"
-serde = { version = "1.0.204", features = ["derive"] }
-wasm-bindgen = "0.2.92"
+thiserror = "1.0.64"
+serde = { version = "1.0.210", features = ["derive"] }
+wasm-bindgen = "0.2.93"
 serde-wasm-bindgen = "0.6.5"
 
 [package.metadata.cargo-machete]
 ignored = ["strum"]
 
 [dev-dependencies]
-clap = { version = "4.5.9", features = ["derive"] }
-serde_json = "1.0.120"
+clap = { version = "4.5.19", features = ["derive"] }
+serde_json = "1.0.128"
 rand = "0.8.5"
 chrono = "0.4.38"
 

rust/c509-certificate/Earthfile

@@ -1,6 +1,6 @@
 VERSION 0.8
 
-IMPORT github.com/input-output-hk/catalyst-ci/earthly/rust::v3.2.13 AS rust-ci
+IMPORT github.com/input-output-hk/catalyst-ci/earthly/rust::v3.2.15 AS rust-ci
 
 IMPORT .. AS rust-local
 IMPORT ../.. AS repo

rust/c509-certificate/examples/cli/data/cert_sample_1.json

@@ -1,7 +1,8 @@
 {
 	"self_signed": true,
-	"c509_certificate_type": 0,
+	"c509_certificate_type": 2,
 	"certificate_serial_number": 128269,
+	"issuer_signature_algorithm": null,
 	"issuer": [
 		{
 			"oid": "2.5.4.3",
@@ -24,6 +25,5 @@
 			"value": { "int": 1 },
 			"critical": false
 		}
-	],
-	"issuer_signature_algorithm": null
+	]
 }