Add RFC 5280 Extension types, document X.509 cert/CRL generators

Author: Xor-el

CryptoLib.Tests/src/Asn1/X509/X509ExtensionsTests.pas

@@ -40,6 +40,7 @@ interface
   ClpAsn1Core,
   ClpIAsn1Core,
   ClpCryptoLibTypes,
+  ClpArrayUtilities,
   CryptoLibTestBase;
 
 type
@@ -58,6 +59,9 @@   TX509ExtensionsTest = class(TCryptoLibAlgorithmTestCase)
     procedure TestDuplicateExtensions;
     procedure TestAllowedDuplicateExtensions;
     procedure TestEqualsAndEquivalent;
+    procedure TestExtensionRoundTrip;
+    procedure TestExtensionsBridge;
+    procedure TestExtensionsGeneratorIExtension;
 
   end;
 
@@ -243,6 +247,80 @@ procedure TX509ExtensionsTest.TestEqualsAndEquivalent;
   end;
 end;
 
+procedure TX509ExtensionsTest.TestExtensionRoundTrip;
+var
+  LExt: IExtension;
+  LDecoded: IExtension;
+  LBytes: TCryptoLibByteArray;
+begin
+  LExt := TExtension.Create(FOid1, TDerBoolean.False,
+    TDerOctetString.FromContents([$01, $02, $03]));
+  LBytes := LExt.GetEncoded();
+  LDecoded := TExtension.GetInstance(LBytes);
+  CheckTrue(LDecoded.ExtnID.Equals(FOid1), 'extnID');
+  CheckTrue(LDecoded.Critical.IsFalse, 'critical false');
+  CheckTrue(TArrayUtilities.AreEqual(LDecoded.ExtnValue.GetOctets(), LExt.ExtnValue.GetOctets()),
+    'extnValue');
+
+  LExt := TExtension.Create(FOid2, TDerBoolean.True,
+    TDerOctetString.FromContents([$0A]));
+  LBytes := LExt.GetEncoded();
+  LDecoded := TExtension.GetInstance(LBytes);
+  CheckTrue(LDecoded.Critical.IsTrue, 'critical true');
+end;
+
+procedure TX509ExtensionsTest.TestExtensionsBridge;
+var
+  LGen: IX509ExtensionsGenerator;
+  LX509Exts: IX509Extensions;
+  LExts, LRoundTrip: IExtensions;
+  LBytes: TCryptoLibByteArray;
+begin
+  LGen := TX509ExtensionsGenerator.Create();
+  LGen.AddExtension(FOid1, True, TCryptoLibByteArray.Create(1, 2));
+  LGen.AddExtension(FOid2, False, TCryptoLibByteArray.Create(3));
+  LX509Exts := LGen.Generate();
+
+  LExts := TExtensions.FromX509Extensions(LX509Exts);
+  CheckTrue(LExts.Count = 2, 'extensions count');
+  CheckTrue(LExts.Equivalent(TExtensions.FromX509Extensions(LX509Exts)), 'self equivalent');
+
+  LRoundTrip := TExtensions.FromX509Extensions(TExtensions.ToX509Extensions(LExts));
+  CheckTrue(LExts.Equivalent(LRoundTrip), 'bridge round-trip');
+
+  LBytes := LExts.GetEncoded();
+  CheckTrue(TExtensions.GetInstance(TAsn1Sequence.GetInstance(LBytes)).Equivalent(LExts),
+    'encoded round-trip');
+end;
+
+procedure TX509ExtensionsTest.TestExtensionsGeneratorIExtension;
+var
+  LExtGen: IX509ExtensionsGenerator;
+  LExtension: IExtension;
+  LExts: IX509Extensions;
+  LReplacement: IExtension;
+begin
+  LExtension := TExtension.Create(FOid1, TDerBoolean.False,
+    TDerOctetString.FromContents([$05]));
+  LExtGen := TX509ExtensionsGenerator.Create();
+  LExtGen.AddExtension(LExtension);
+  LExts := LExtGen.Generate();
+  CheckNotNull(LExts.GetExtension(FOid1), 'added via IExtension');
+
+  LReplacement := TExtension.Create(FOid1, TDerBoolean.True,
+    TDerOctetString.FromContents([$06]));
+  LExtGen.ReplaceExtension(LReplacement);
+  LExts := LExtGen.Generate();
+  CheckTrue(LExts.GetExtension(FOid1).IsCritical, 'replaced critical flag');
+  CheckTrue(TArrayUtilities.AreEqual(LExts.GetExtension(FOid1).Value.GetOctets(),
+    LReplacement.ExtnValue.GetOctets()), 'replaced value');
+
+  LExtGen.Reset();
+  LExtGen.AddExtensions(TExtensions.Create(LExtension) as IExtensions);
+  LExts := LExtGen.Generate();
+  CheckNotNull(LExts.GetExtension(FOid1), 'added via IExtensions');
+end;
+
 initialization
 
 {$IFDEF FPC}

CryptoLib/src/Asn1/X509/ClpX509Asn1Generators.pas

@@ -197,7 +197,9 @@   TX509ExtensionsGenerator = class(TInterfacedObject, IX509ExtensionsGenerator)
       const AExtValue: TCryptoLibByteArray); overload;
     procedure AddExtension(const AOid: IDerObjectIdentifier;
       const AX509Extension: IX509Extension); overload;
-    procedure AddExtensions(const AExtensions: IX509Extensions);
+    procedure AddExtension(const AExtension: IExtension); overload;
+    procedure AddExtensions(const AExtensions: IX509Extensions); overload;
+    procedure AddExtensions(const AExtensions: IExtensions); overload;
     function Generate: IX509Extensions;
     function GetExtension(const AOid: IDerObjectIdentifier): IX509Extension;
     function HasExtension(const AOid: IDerObjectIdentifier): Boolean;
@@ -211,6 +213,7 @@   TX509ExtensionsGenerator = class(TInterfacedObject, IX509ExtensionsGenerator)
       const AExtValue: TCryptoLibByteArray); overload;
     procedure ReplaceExtension(const AOid: IDerObjectIdentifier;
       const AX509Extension: IX509Extension); overload;
+    procedure ReplaceExtension(const AExtension: IExtension); overload;
     procedure Reset;
 
   end;
@@ -747,6 +750,11 @@ procedure TX509ExtensionsGenerator.AddExtension(const AOid: IDerObjectIdentifier
   ImplAddExtension(AOid, AX509Extension);
 end;
 
+procedure TX509ExtensionsGenerator.AddExtension(const AExtension: IExtension);
+begin
+  AddExtension(AExtension.ExtnID, AExtension.GetX509Extension);
+end;
+
 procedure TX509ExtensionsGenerator.AddExtensions(const AExtensions: IX509Extensions);
 var
   LOid: IDerObjectIdentifier;
@@ -759,6 +767,18 @@ procedure TX509ExtensionsGenerator.AddExtensions(const AExtensions: IX509Extensi
   end;
 end;
 
+procedure TX509ExtensionsGenerator.AddExtensions(const AExtensions: IExtensions);
+var
+  LOid: IDerObjectIdentifier;
+  LExt: IExtension;
+begin
+  for LOid in AExtensions.ExtensionOids do
+  begin
+    LExt := AExtensions.GetExtension(LOid);
+    AddExtension(LOid, LExt.Critical.IsTrue, LExt.ExtnValue.GetOctets());
+  end;
+end;
+
 function TX509ExtensionsGenerator.Generate: IX509Extensions;
 begin
   Result := TX509Extensions.Create(FOrdering, FExtensions);
@@ -814,6 +834,11 @@ procedure TX509ExtensionsGenerator.ReplaceExtension(const AOid: IDerObjectIdenti
   FExtensions[AOid] := AX509Extension;
 end;
 
+procedure TX509ExtensionsGenerator.ReplaceExtension(const AExtension: IExtension);
+begin
+  ReplaceExtension(AExtension.ExtnID, AExtension.GetX509Extension);
+end;
+
 procedure TX509ExtensionsGenerator.Reset;
 begin
   FExtensions.Clear;