integrate new cidre features

Author: StjepanovicSrdjan

CHANGELOG.md

@@ -17,7 +17,7 @@
       * `X500Name`
 * Dependency update:
   * Add `com.eygraber:uri-kmp:0.0.20` (for URI parsing)
-  * Add `at.asitplus:cidre:0.2.0` (CIDR math)
+  * Add `at.asitplus:cidre:0.3.0` (CIDR math)
 * Changed `AttributeTypeAndValue` from sealed to open and removed the `Other` subclass. Unknown OIDs now fall back to a plain `AttributeTypeAndValue` instance
 * Add stricter length checks to be more resilient towards adversarial inputs
 * Correct serialization logic for symmetric `CoseKey` in `CoseKeySerializer`

gradle/libs.versions.toml

@@ -13,7 +13,7 @@ kotlinpoet = "2.2.0"
 runner = "1.5.2"
 kotlincryptoRandom = "0.5.0"
 kotest= "6.0.0.M6"
-cidre = "0.2.0"
+cidre = "0.3.0"
 urikmp = "0.0.20"
 
 [libraries]

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/RelativeDistinguishedName.kt

@@ -254,6 +254,7 @@ open class AttributeTypeAndValue(
 
         if (toRFC2253String() != other.toRFC2253String()) return false
         if (oid != other.oid) return false
+        if (attrType != other.attrType) return false
 
         return true
     }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/GeneralName.kt

@@ -14,6 +14,11 @@ sealed interface GeneralNameOption {
      * - `null`: no validation implemented
      */
     val isValid: Boolean?
+
+    /**
+     * Indicates whether validation was performed when this object was created.
+     * This flag is controlled internally by the class and cannot be set by external users.
+     */
     val performValidation: Boolean
 
     enum class NameType(val value: ULong) {

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/IPAddressName.kt

@@ -5,16 +5,13 @@ import at.asitplus.cidre.IpAddressAndPrefix
 import at.asitplus.cidre.IpFamily
 import at.asitplus.cidre.IpInterface
 import at.asitplus.cidre.IpNetwork
-import at.asitplus.cidre.byteops.toNetmask
-import at.asitplus.cidre.byteops.toPrefix
 import at.asitplus.cidre.isV4
 import at.asitplus.cidre.isV6
 import at.asitplus.signum.indispensable.asn1.Asn1Decodable
 import at.asitplus.signum.indispensable.asn1.Asn1Encodable
 import at.asitplus.signum.indispensable.asn1.Asn1Exception
 import at.asitplus.signum.indispensable.asn1.Asn1Primitive
 import at.asitplus.signum.indispensable.asn1.encoding.encodeToAsn1OctetStringPrimitive
-import kotlinx.io.IOException
 
 data class IPAddressName internal constructor(
     val address: IpAddress<*, *>?,
@@ -24,24 +21,25 @@ data class IPAddressName internal constructor(
     override val type: GeneralNameOption.NameType = GeneralNameOption.NameType.IP
 ) : GeneralNameOption, Asn1Encodable<Asn1Primitive> {
 
+    override val isValid: Boolean by lazy { address != null }
+
+    init {
+        if (performValidation && !isValid) throw Asn1Exception("Invalid IpAddressName.")
+    }
+
     /**
-     * Always `true`, since creation of [IPAddressName] is only possible if the
-     * underlying [IpAddress] or [IpAddressAndPrefix] are valid
+     * @throws Asn1Exception if illegal IpAddress is provided
      */
-    override val isValid: Boolean = address != null
+    @Throws(Asn1Exception::class)
+    constructor(address: IpAddress<*, *>, addressAndPrefix: IpAddressAndPrefix<*, *>? = null)
+            : this(address, addressAndPrefix, addressAndPrefix?.toX509Octets() ?: address.octets, true)
 
     /**
-     * @throws Asn1Exception if illegal IpAddressName is provided
+     * @throws Asn1Exception if illegal IpAddress is provided
      */
     @Throws(Asn1Exception::class)
-    constructor(
-        address: IpAddress<*, *>? = null,
-        addressAndPrefix: IpAddressAndPrefix<*, *>? = null,
-    // TODO remove rawBytes param, use CIDRE method for calculating rawBytes
-        rawBytes: ByteArray
-    ) : this (address, addressAndPrefix, rawBytes, true) {
-        if (!isValid) throw Asn1Exception("Invalid IpAddressName.")
-    }
+    constructor(addressAndPrefix: IpAddressAndPrefix<*, *>)
+            : this(addressAndPrefix.address, addressAndPrefix, addressAndPrefix.toX509Octets(), true)
 
     val network: IpNetwork<*, *>? by lazy {
         when (addressAndPrefix) {
@@ -60,36 +58,31 @@ data class IPAddressName internal constructor(
         override fun doDecode(src: Asn1Primitive): IPAddressName {
             val content = src.content
             return when (content.size) {
-                IpFamily.V4.numberOfOctets -> IPAddressName(IpAddress.V4(content), rawBytes = IpAddress.V4(content).octets)
-                IpFamily.V6.numberOfOctets -> IPAddressName(IpAddress.V6(content), rawBytes = IpAddress.V6(content).octets)
-                2 * IpFamily.V4.numberOfOctets -> createNetworkV4(content)
-                2 * IpFamily.V6.numberOfOctets -> createNetworkV6(content)
-                else -> throw IOException("Invalid IP/Network length: ${content.size}")
-            }
-        }
-        //TODO change after CIDRE update
-        private fun createNetworkV4(bytes: ByteArray): IPAddressName {
-            val address = IpAddress.V4(bytes.copyOfRange(0, 4))
-            val prefix = bytes.copyOfRange(4, 8).toPrefix()
-            return IPAddressName(address, addressAndPrefix = IpInterface.V4(address, prefix), address.octets + prefix.toNetmask(4))
-        }
-        //TODO change after CIDRE update
-        private fun createNetworkV6(bytes: ByteArray): IPAddressName {
-            val address = IpAddress.V6(bytes.copyOfRange(0, 16))
-            val prefix = bytes.copyOfRange(16, 32).toPrefix()
-            return IPAddressName(address, addressAndPrefix = IpInterface.V6(address, prefix), address.octets + prefix.toNetmask(16))
-        }
+                IpFamily.V4.numberOfOctets -> IPAddressName(
+                    IpAddress.V4(content), rawBytes = IpAddress.V4(content).octets
+                )
+
+                IpFamily.V6.numberOfOctets -> IPAddressName(
+                    IpAddress.V6(content), rawBytes = IpAddress.V6(content).octets
+                )
 
-        @Throws(Asn1Exception::class)
-        fun fromString(name: String): IPAddressName =
-            runCatching {
-                IpInterface(name).let { iface ->
-                    IPAddressName(iface.address, iface, iface.address.octets + iface.netmask)
+                else -> {
+                    val addressAndPrefix = IpInterface.fromX509Octets(content)
+                    IPAddressName(addressAndPrefix)
                 }
-            }.getOrElse {
-                val addr = IpAddress(name)
-                IPAddressName(addr, null, addr.octets)
             }
+        }
+
+        /**
+         * @throws IllegalArgumentException if an invalid string is provided
+         * @throws Asn1Exception if an invalid [address] is provided
+         * */
+        @Throws(Asn1Exception::class, IllegalArgumentException::class)
+        fun fromString(stringRepresentation: String): IPAddressName = runCatching {
+            IPAddressName(IpInterface(stringRepresentation))
+        }.getOrElse {
+            IPAddressName(IpAddress(stringRepresentation))
+        }
     }
 
     override fun toString(): String = addressAndPrefix?.toString() ?: address.toString()
@@ -123,8 +116,7 @@ data class IPAddressName internal constructor(
         if (input !is IPAddressName) return GeneralNameOption.ConstraintResult.DIFF_TYPE
         if (this == input) return GeneralNameOption.ConstraintResult.MATCH
 
-        if (network == null && input.network == null &&
-            ((address!!.isV4() && input.address!!.isV4()) || (address.isV6() && input.address!!.isV6()))) {
+        if (network == null && input.network == null && ((address!!.isV4() && input.address!!.isV4()) || (address.isV6() && input.address!!.isV6()))) {
             return GeneralNameOption.ConstraintResult.SAME_TYPE
         }
 
@@ -144,17 +136,15 @@ data class IPAddressName internal constructor(
         if (network != null) {
             val thisNet = network as IpNetwork<Number, Any>
             val otherAddress = input.address as IpAddress<Number, Any>
-            return if (thisNet.contains(otherAddress))
-                GeneralNameOption.ConstraintResult.WIDENS
+            return if (thisNet.contains(otherAddress)) GeneralNameOption.ConstraintResult.WIDENS
             else GeneralNameOption.ConstraintResult.SAME_TYPE
         }
 
         // Other is subnet, this is host
         if (input.network != null) {
             val thisAddress = address as IpAddress<Number, Any>
             val otherNet = input.network as IpNetwork<Number, Any>
-            return if (otherNet.contains(thisAddress))
-                GeneralNameOption.ConstraintResult.NARROWS
+            return if (otherNet.contains(thisAddress)) GeneralNameOption.ConstraintResult.NARROWS
             else GeneralNameOption.ConstraintResult.SAME_TYPE
         }
 

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/X500Name.kt

@@ -82,6 +82,8 @@ data class X500Name internal constructor(
 
     override fun toString() = "X500Name(RDNs=${relativeDistinguishedNames.joinToString()})"
 
+
+
     override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
         if (!isValid || input?.isValid == false) throw Asn1Exception("Invalid X500Name")
         if (input !is X500Name) return GeneralNameOption.ConstraintResult.DIFF_TYPE
@@ -117,4 +119,24 @@ data class X500Name internal constructor(
             rdn.sortedAttrsAndValues.joinToString("+") { atv -> atv.toRFC2253String() }
         }
     }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other == null || this::class != other::class) return false
+
+        other as X500Name
+
+        if (relativeDistinguishedNames != other.relativeDistinguishedNames) return false
+        if (type != other.type) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = performValidation.hashCode()
+        result = 31 * result + isValid.hashCode()
+        result = 31 * result + relativeDistinguishedNames.hashCode()
+        result = 31 * result + type.hashCode()
+        return result
+    }
 }

indispensable/src/jvmTest/kotlin/at/asitplus/signum/indispensable/pki/generalNames/GeneralNamesConstrainsTest.kt

@@ -72,7 +72,7 @@ class GeneralNamesConstrainsTest : FreeSpec ({
     val testEmailIsNotConstraint = arrayOf(".abc.test.com", "www.test.com", "test1@abc.test.com", "bc.test.com")
     val widenNames = arrayOf(".test.com")
     val narrowNames = arrayOf(".test.com")
-    val dummyOtherDNS = DNSName(Asn1String.IA5(""), allowWildcard = true, performValidation = false)
+    val dummyOtherDNS = DNSName(Asn1String.IA5("example.com"), allowWildcard = true, performValidation = false)
 
     testGeneralNameConstraints(
         name = "RFC822Name.constrains",