Upstream advisory, reachable panic in certificate revocation list
parsing via `BorrowedCertRevocationList::from_der` /
`OwnedCertRevocationList::from_der`. Unrelated to this PR, dropped
into the advisory DB since the last green CI run and broke the `deny`
job. Fix is the recommended version bump.
Addresses the following review comments from @Arjentix:
- "I think we can move this into `derive_from_outputs()`"
(on the position → npk map construction in main())
I moved the construction inside ExecutionState::derive_from_outputs
and stored the map as a field of ExecutionState. derive_from_outputs
now takes `private_account_keys` directly and builds the map as part
of state initialization. main() no longer owns the intermediate
structure. validate_and_sync_states reads the npk through
self.private_pda_npk_by_position.
- "Let's move this whole `is_authorized` computation into a separate
function. This became really bulky"
I extracted the caller-seeds resolution, family-binding recording,
and is_authorized computation into a free function
`resolve_authorization_and_record_bindings`. It takes the three
field borrows it needs (`&mut pda_family_binding`, `&mut
private_pda_bound_positions`, `&private_pda_npk_by_position`), same
shape as `assert_family_binding`. A method would have conflicted
with the `&mut self.post_states` borrow held by the Occupied match
arm; the free function lets rustc split-borrow the self fields.
Addresses the following review comments from @Arjentix:
- "I think there are too many internal implementation information
exposed here. This structure is used by our users, program devs. And
they should not care about distinction between private or public pda
or different masks"
(on ChainedCall.pda_seeds, same feedback repeated on Claim::Pda)
I rewrote both docstrings to drop internal details (visibility masks,
per-form derivation names, npk handling). Program devs see only that
they emit a seed and the `AccountId` is derived from
`(program_id, seed)` regardless of whether the account is public or
private.
- "Let's reflect the new nuance in the name"
(on compute_authorized_pdas returning public-form derivations only)
I renamed the function to `compute_public_authorized_pdas`. After
the PR #446 rework the function only returns public-form
derivations, the private-form authorization lives in the circuit
guest. Updated the call site in nssa/src/validated_state_diff.rs
and the two unit tests.
