File: OCSPNonce.swift

package info (click to toggle)
swiftlang 6.0.3-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,519,992 kB
  • sloc: cpp: 9,107,863; ansic: 2,040,022; asm: 1,135,751; python: 296,500; objc: 82,456; f90: 60,502; lisp: 34,951; pascal: 19,946; sh: 18,133; perl: 7,482; ml: 4,937; javascript: 4,117; makefile: 3,840; awk: 3,535; xml: 914; fortran: 619; cs: 573; ruby: 573
file content (90 lines) | stat: -rw-r--r-- 3,146 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftCertificates open source project
//
// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

import SwiftASN1

/// ``OCSPNonce`` is defined in ASN.1 as:
/// ```
/// Nonce ::= OCTET STRING(SIZE(1..32))
/// ```
/// RFC: https://www.rfc-editor.org/rfc/rfc8954.html
struct OCSPNonce: DERImplicitlyTaggable, Hashable, Sendable {
    static var defaultIdentifier: ASN1Identifier {
        ASN1OctetString.defaultIdentifier
    }
    var rawValue: ASN1OctetString

    init() {
        var generator = SystemRandomNumberGenerator()
        self.init(generator: &generator)
    }

    init(generator: inout some RandomNumberGenerator) {
        self.rawValue = .init(contentBytes: generator.bytes(count: 32))
    }

    init(_ ext: Certificate.Extension) throws {
        guard ext.oid == .OCSPExtensionID.nonceIdentifier else {
            throw CertificateError.incorrectOIDForExtension(
                reason: "Expected \(ASN1ObjectIdentifier.OCSPExtensionID.nonceIdentifier), got \(ext.oid)"
            )
        }

        try self.init(derEncoded: ext.value)
    }

    init(derEncoded rootNode: ASN1Node, withIdentifier identifier: ASN1Identifier) throws {
        self.rawValue = try ASN1OctetString(derEncoded: rootNode, withIdentifier: identifier)
        guard (1...32).contains(self.rawValue.bytes.count) else {
            throw ASN1Error.unsupportedFieldLength(
                reason: "OCSP Nonce has invalid number of bytes: \(self.rawValue.bytes.count)"
            )
        }
    }

    func serialize(into coder: inout DER.Serializer, withIdentifier identifier: ASN1Identifier) throws {
        try rawValue.serialize(into: &coder, withIdentifier: identifier)
    }
}

extension ASN1ObjectIdentifier.OCSPExtensionID {
    static let nonceIdentifier: ASN1ObjectIdentifier = [1, 3, 6, 1, 5, 5, 7, 48, 1, 2]
}

extension Certificate.Extension {
    /// Construct an opaque ``Certificate/Extension`` from this Key Usage extension.
    ///
    /// - Parameters:
    ///   - keyUsage: The extension to wrap
    ///   - critical: Whether this extension should have the critical bit set.
    init(_ nonce: OCSPNonce, critical: Bool) throws {
        var serializer = DER.Serializer()
        try serializer.serialize(nonce)
        self.init(oid: .OCSPExtensionID.nonceIdentifier, critical: critical, value: serializer.serializedBytes[...])
    }
}

extension OCSPNonce: CertificateExtensionConvertible {
    func makeCertificateExtension() throws -> Certificate.Extension {
        try .init(self, critical: false)
    }
}

extension Certificate.Extensions {
    var ocspNonce: OCSPNonce? {
        get throws {
            try self[oid: .OCSPExtensionID.nonceIdentifier].map { try .init($0) }
        }
    }
}