-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add generic Tag assertion to Asn1Element * rework CSR * Introduce TBS CSR and TBS Cert signing shorthands * restore iOS attestation property * extract function to prepare digest input of iOS attestation client data * remove iOS legacy attestation Co-authored-by: Jakob Heher <jakob.heher@iaik.tugraz.at>
- Loading branch information
1 parent
61d7c17
commit 8f5cc2c
Showing
12 changed files
with
301 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
indispensable/src/jvmTest/kotlin/at/asitplus/signum/indispensable/TagAssertionTest.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package at.asitplus.signum.indispensable | ||
|
||
import at.asitplus.signum.indispensable.asn1.Asn1TagMismatchException | ||
import at.asitplus.signum.indispensable.asn1.assertTag | ||
import at.asitplus.signum.indispensable.asn1.encoding.Asn1 | ||
import io.kotest.assertions.throwables.shouldThrow | ||
import io.kotest.core.spec.style.FreeSpec | ||
import io.kotest.property.Arb | ||
import io.kotest.property.arbitrary.uLong | ||
import io.kotest.property.checkAll | ||
|
||
class TagAssertionTest : FreeSpec({ | ||
"Automated" - { | ||
checkAll(iterations = 100000, Arb.uLong(max = ULong.MAX_VALUE - 2uL)) { | ||
var seq = (Asn1.Sequence { } withImplicitTag it).asStructure() | ||
seq.assertTag(it) | ||
shouldThrow<Asn1TagMismatchException> { | ||
seq.assertTag(it + 1uL) | ||
} | ||
} | ||
} | ||
}) |
37 changes: 37 additions & 0 deletions
37
supreme/src/commonMain/kotlin/at/asitplus/signum/supreme/PkiExtensions.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package at.asitplus.signum.supreme | ||
|
||
import at.asitplus.KmmResult | ||
import at.asitplus.signum.indispensable.asn1.Asn1StructuralException | ||
import at.asitplus.signum.indispensable.equalsCryptographically | ||
import at.asitplus.signum.indispensable.pki.Pkcs10CertificationRequest | ||
import at.asitplus.signum.indispensable.pki.TbsCertificate | ||
import at.asitplus.signum.indispensable.pki.TbsCertificationRequest | ||
import at.asitplus.signum.indispensable.pki.X509Certificate | ||
import at.asitplus.signum.indispensable.toX509SignatureAlgorithm | ||
import at.asitplus.signum.supreme.sign.Signer | ||
|
||
/** | ||
* Shorthand helper to create an [X509Certificate] by signing [tbsCertificate] | ||
*/ | ||
suspend fun Signer.sign(tbsCertificate: TbsCertificate): KmmResult<X509Certificate> { | ||
val toX509SignatureAlgorithm = | ||
this.signatureAlgorithm.toX509SignatureAlgorithm().getOrElse { return KmmResult.failure(it) } | ||
if (toX509SignatureAlgorithm != tbsCertificate.signatureAlgorithm) | ||
return KmmResult.failure(Asn1StructuralException("The signer's signature algorithm does not match the TbsCertificate's.")) | ||
return sign(tbsCertificate.encodeToDer()).asKmmResult().map { | ||
X509Certificate(tbsCertificate, tbsCertificate.signatureAlgorithm, it) | ||
} | ||
} | ||
|
||
/** | ||
* Shorthand helper to create a [Pkcs10CertificationRequest] by signing [tbsCsr] | ||
*/ | ||
suspend fun Signer.sign(tbsCsr: TbsCertificationRequest): KmmResult<Pkcs10CertificationRequest> { | ||
val toX509SignatureAlgorithm = | ||
this.signatureAlgorithm.toX509SignatureAlgorithm().getOrElse { return KmmResult.failure(it) } | ||
if (!tbsCsr.publicKey.equalsCryptographically(this.publicKey)) | ||
return KmmResult.failure(Asn1StructuralException("The signer's public key does not match the TbsCSR's.")) | ||
return sign(tbsCsr.encodeToDer()).asKmmResult().map { | ||
Pkcs10CertificationRequest(tbsCsr, toX509SignatureAlgorithm, it) | ||
} | ||
} |
Oops, something went wrong.