1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftCertificates open source project
//
// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
import SwiftASN1
/// A CSR Attribute that encapsulates the X.509 v3 extensions that the subscriber wishes to apply.
///
/// X.509 certificates contain a number of extensions. This attribute includes the extensions that the
/// subscriber wishes the CA to embed into the certificate.
public struct ExtensionRequest: Hashable, Sendable {
/// The underlying extensions.
public var extensions: Certificate.Extensions
/// Construct an ``ExtensionRequest`` from a given set of extensions.
///
/// - parameters:
/// - extensions: The extensions to attach to this ``ExtensionRequest``.
@inlinable
public init(extensions: Certificate.Extensions) {
self.extensions = extensions
}
/// Unwrap a ``CertificateSigningRequest/Attribute`` that contains an ``ExtensionRequest``.
///
/// - parameters:
/// - attribute: The attribute to unwrap
/// - throws: If the attribute is ill-formed, or does not contain an ``ExtensionRequest``.
@inlinable
public init(_ attribute: CertificateSigningRequest.Attribute) throws {
guard attribute.oid == .CSRAttributes.extensionRequest else {
throw CertificateError.incorrectOIDForAttribute(
reason: "Expected \(ASN1ObjectIdentifier.CSRAttributes.extensionRequest), got \(attribute.oid)"
)
}
guard attribute.values.count == 1 else {
throw CertificateError.invalidCSRAttribute(
reason: "Invalid number of values for extension request attribute: \(attribute.values)"
)
}
let extRequest = try ExtensionRequestAttribute(asn1Any: attribute.values.first!)
self.extensions = extRequest.extensions
}
}
extension CertificateSigningRequest.Attribute {
/// Wrap an ``ExtensionRequest`` into a ``CertificateSigningRequest/Attribute``.
///
/// - parameters:
/// - extensionRequest: The ``ExtensionRequest`` to wrap.
@inlinable
public init(_ extensionRequest: ExtensionRequest) throws {
self.init(
oid: .CSRAttributes.extensionRequest,
values: [try ASN1Any(erasing: ExtensionRequestAttribute(extensionRequest))]
)
}
}
@usableFromInline
struct ExtensionRequestAttribute: Hashable, Sendable, DERImplicitlyTaggable {
@inlinable
static var defaultIdentifier: ASN1Identifier {
.sequence
}
@usableFromInline
var extensions: Certificate.Extensions
@inlinable
init(_ extensionRequest: ExtensionRequest) {
self.extensions = extensionRequest.extensions
}
@inlinable
init(derEncoded rootNode: ASN1Node, withIdentifier identifier: ASN1Identifier) throws {
self.extensions = try Certificate.Extensions(
DER.sequence(
of: Certificate.Extension.self,
identifier: identifier,
rootNode: rootNode
)
)
}
@inlinable
func serialize(into coder: inout DER.Serializer, withIdentifier identifier: ASN1Identifier) throws {
try coder.serializeSequenceOf(self.extensions, identifier: identifier)
}
}
|
