add validatedCopy method in GeneralName interface for introducing validation for generalNames without one

Author: StjepanovicSrdjan

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/DNSName.kt

@@ -91,38 +91,39 @@ data class DNSName internal constructor(
     }
 
     override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
-        if (!isValid || input?.isValid == false) throw Asn1Exception("Invalid DNSName")
-        if (input !is DNSName) {
-            return GeneralNameOption.ConstraintResult.DIFF_TYPE
-        }
-
-        val thisName = value.value.lowercase()
-        val inputName = input.value.value.lowercase()
-
-        if (thisName == inputName) {
-            return GeneralNameOption.ConstraintResult.MATCH
-        }
+        return try {
+            super.constrains(input)
+        } catch (_: UnsupportedOperationException) {
+            val thisName = value.value.lowercase()
+            val inputName = (input as DNSName).value.value.lowercase()
+
+            when {
+                thisName == inputName -> GeneralNameOption.ConstraintResult.MATCH
+
+                thisName.endsWith(inputName) -> {
+                    val index = thisName.lastIndexOf(inputName)
+                    val charBefore = thisName.getOrNull(index - 1)
+                    val inputStartsWithDot = inputName.startsWith('.')
+                    if ((charBefore == '.' && !inputStartsWithDot) || (charBefore != '.' && inputStartsWithDot)) {
+                        GeneralNameOption.ConstraintResult.NARROWS
+                    } else {
+                        GeneralNameOption.ConstraintResult.SAME_TYPE
+                    }
+                }
 
-        if (thisName.endsWith(inputName)) {
-            val index = thisName.lastIndexOf(inputName)
-            val charBefore = thisName.getOrNull(index - 1)
-            val inputStartsWithDot = inputName.startsWith('.')
-            if ((charBefore == '.' && !inputStartsWithDot) || (charBefore != '.' && inputStartsWithDot)) {
-                return GeneralNameOption.ConstraintResult.NARROWS
-            }
-            return GeneralNameOption.ConstraintResult.SAME_TYPE
-        }
+                inputName.endsWith(thisName) -> {
+                    val index = inputName.lastIndexOf(thisName)
+                    val charBefore = inputName.getOrNull(index - 1)
+                    val thisStartsWithDot = thisName.startsWith('.')
+                    if ((charBefore == '.' && !thisStartsWithDot) || (charBefore != '.' && thisStartsWithDot)) {
+                        GeneralNameOption.ConstraintResult.WIDENS
+                    } else {
+                        GeneralNameOption.ConstraintResult.SAME_TYPE
+                    }
+                }
 
-        if (inputName.endsWith(thisName)) {
-            val index = inputName.lastIndexOf(thisName)
-            val charBefore = inputName.getOrNull(index - 1)
-            val thisStartsWithDot = thisName.startsWith('.')
-            if ((charBefore == '.' && !thisStartsWithDot) || (charBefore != '.' && thisStartsWithDot)) {
-                return GeneralNameOption.ConstraintResult.WIDENS
+                else -> GeneralNameOption.ConstraintResult.SAME_TYPE
             }
-            return GeneralNameOption.ConstraintResult.SAME_TYPE
         }
-
-        return GeneralNameOption.ConstraintResult.SAME_TYPE
     }
 }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/EDIPartyName.kt

@@ -4,23 +4,22 @@ import at.asitplus.signum.indispensable.asn1.Asn1Decodable
 import at.asitplus.signum.indispensable.asn1.Asn1Element
 import at.asitplus.signum.indispensable.asn1.Asn1Encodable
 import at.asitplus.signum.indispensable.asn1.Asn1ExplicitlyTagged
+import at.asitplus.signum.indispensable.asn1.Asn1String
 import at.asitplus.signum.indispensable.asn1.Asn1StructuralException
 
-data class EDIPartyName (
+data class EDIPartyName internal constructor(
     val value: Asn1ExplicitlyTagged,
     override val performValidation: Boolean = false,
+    override val isValid: Boolean? = null,
     override val type: GeneralNameOption.NameType = GeneralNameOption.NameType.OTHER
 ): GeneralNameOption, Asn1Encodable<Asn1Element> {
 
-    /**
-     * Always `null`, since no validation logic is implemented
-     */
-    override val isValid: Boolean? = null
+    constructor(value: Asn1ExplicitlyTagged) : this(value, false)
 
     override fun encodeToTlv() = value
 
-    companion object : Asn1Decodable<Asn1Element, OtherName> {
-        override fun doDecode(src: Asn1Element): OtherName {
+    companion object : Asn1Decodable<Asn1Element, EDIPartyName> {
+        override fun doDecode(src: Asn1Element): EDIPartyName {
             if (src !is Asn1ExplicitlyTagged) throw Asn1StructuralException("Invalid ediPartyName Alternative Name found: ${src.toDerHexString()}")
 
             src.also { it ->
@@ -29,20 +28,15 @@ data class EDIPartyName (
                     "Invalid partyName Alternative Name found (illegal implicit tag): ${it.toDerHexString()}"
                 )
             }
-            return OtherName(src)
+            return EDIPartyName(src)
         }
     }
 
     override fun toString(): String {
         return value.prettyPrint()
     }
 
-
-    override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
-        if (input !is EDIPartyName) {
-            return GeneralNameOption.ConstraintResult.DIFF_TYPE
-        } else {
-            throw UnsupportedOperationException("Narrows, widens and match are not yet implemented for EDIPartyName.")
-        }
+    override fun validatedCopy(checkIsValid: (GeneralNameOption) -> Boolean): EDIPartyName {
+        return EDIPartyName(value, true, checkIsValid(this))
     }
 }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/GeneralName.kt

@@ -40,7 +40,36 @@ sealed interface GeneralNameOption {
 
     val type: NameType
 
-    fun constrains(input: GeneralNameOption?): ConstraintResult
+    fun constrains(input: GeneralNameOption?): ConstraintResult {
+        when {
+            input == null || this::class != input::class -> return ConstraintResult.DIFF_TYPE
+
+            isValid == null || input.isValid == null ->
+                throw IllegalArgumentException(
+                    "Validation for ${this::class.simpleName} has not been performed. " +
+                            "Use ${this::class.simpleName}.validatedCopy { /* validation lambda */ } to set isValid before calling constrains."
+                )
+
+            !isValid!! || !input.isValid!! -> {
+                throw Asn1Exception("Invalid ${this::class.simpleName}")
+            }
+
+            else -> throw UnsupportedOperationException(
+                "Narrows, widens and match are not yet implemented for ${this::class.simpleName}."
+            )
+        }
+    }
+
+    /**
+     * Returns a copy of this GeneralNameOption with the `isValid` property set
+     * according to the [checkIsValid] lambda.
+     *
+     * Intended for subclasses that do not implement validation (`isValid == null`)
+     * and allows marking them as valid or invalid before performing constraint checks.
+    * */
+    fun validatedCopy(checkIsValid: (GeneralNameOption) -> Boolean) : GeneralNameOption {
+        throw IllegalArgumentException()
+    }
 }
 
 data class GeneralName(
@@ -76,6 +105,7 @@ data class GeneralName(
                         src.asExplicitlyTagged().children.first().asSequence()
                     )
                 )
+
                 else -> throw Asn1Exception("Unsupported GeneralName tag")
             }
         }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/IPAddressName.kt

@@ -112,42 +112,43 @@ data class IPAddressName internal constructor(
     }
 
     override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
-        if (!isValid || input?.isValid == false) throw Asn1Exception("Invalid IpAddressName")
-        if (input !is IPAddressName) return GeneralNameOption.ConstraintResult.DIFF_TYPE
-        if (this == input) return GeneralNameOption.ConstraintResult.MATCH
+        return try {
+            super.constrains(input)
+        } catch (_: UnsupportedOperationException) {
+            when {
+                this == input as IPAddressName -> GeneralNameOption.ConstraintResult.MATCH
+
+                network == null && input.network == null &&
+                        ((address!!.isV4() && input.address!!.isV4()) || (address!!.isV6() && input.address!!.isV6())) ->
+                    GeneralNameOption.ConstraintResult.SAME_TYPE
+
+                network != null && input.network != null -> {
+                    val thisNet = network as IpNetwork<Number, Any>
+                    val otherNet = input.network as IpNetwork<Number, Any>
+                    when {
+                        thisNet == otherNet -> GeneralNameOption.ConstraintResult.MATCH
+                        thisNet.contains(otherNet) -> GeneralNameOption.ConstraintResult.WIDENS
+                        otherNet.contains(thisNet) -> GeneralNameOption.ConstraintResult.NARROWS
+                        else -> GeneralNameOption.ConstraintResult.SAME_TYPE
+                    }
+                }
 
-        if (network == null && input.network == null && ((address!!.isV4() && input.address!!.isV4()) || (address.isV6() && input.address!!.isV6()))) {
-            return GeneralNameOption.ConstraintResult.SAME_TYPE
-        }
+                network != null -> {
+                    val thisNet = network as IpNetwork<Number, Any>
+                    val otherAddress = input.address as IpAddress<Number, Any>
+                    if (thisNet.contains(otherAddress)) GeneralNameOption.ConstraintResult.WIDENS
+                    else GeneralNameOption.ConstraintResult.SAME_TYPE
+                }
+
+                input.network != null -> {
+                    val thisAddress = address as IpAddress<Number, Any>
+                    val otherNet = input.network as IpNetwork<Number, Any>
+                    if (otherNet.contains(thisAddress)) GeneralNameOption.ConstraintResult.NARROWS
+                    else GeneralNameOption.ConstraintResult.SAME_TYPE
+                }
 
-        // Subnet vs Subnet
-        if (network != null && input.network != null) {
-            val thisNet = network as IpNetwork<Number, Any>
-            val otherNet = input.network as IpNetwork<Number, Any>
-            when {
-                thisNet == otherNet -> GeneralNameOption.ConstraintResult.MATCH
-                thisNet.contains(otherNet) -> GeneralNameOption.ConstraintResult.WIDENS
-                otherNet.contains(thisNet) -> GeneralNameOption.ConstraintResult.NARROWS
                 else -> GeneralNameOption.ConstraintResult.SAME_TYPE
             }
         }
-
-        // Other is subnet, this is host
-        if (network != null) {
-            val thisNet = network as IpNetwork<Number, Any>
-            val otherAddress = input.address as IpAddress<Number, Any>
-            return if (thisNet.contains(otherAddress)) GeneralNameOption.ConstraintResult.WIDENS
-            else GeneralNameOption.ConstraintResult.SAME_TYPE
-        }
-
-        // Other is subnet, this is host
-        if (input.network != null) {
-            val thisAddress = address as IpAddress<Number, Any>
-            val otherNet = input.network as IpNetwork<Number, Any>
-            return if (otherNet.contains(thisAddress)) GeneralNameOption.ConstraintResult.NARROWS
-            else GeneralNameOption.ConstraintResult.SAME_TYPE
-        }
-
-        return GeneralNameOption.ConstraintResult.SAME_TYPE
     }
 }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/OtherName.kt

@@ -6,16 +6,14 @@ import at.asitplus.signum.indispensable.asn1.Asn1Encodable
 import at.asitplus.signum.indispensable.asn1.Asn1ExplicitlyTagged
 import at.asitplus.signum.indispensable.asn1.Asn1StructuralException
 
-data class OtherName (
+data class OtherName internal constructor(
     val value: Asn1ExplicitlyTagged,
     override val performValidation: Boolean = false,
+    override val isValid: Boolean? = null,
     override val type: GeneralNameOption.NameType = GeneralNameOption.NameType.OTHER
 ): GeneralNameOption, Asn1Encodable<Asn1Element> {
 
-    /**
-     * Always `null`, since no validation logic is implemented
-     */
-    override val isValid: Boolean? = null
+    constructor(value: Asn1ExplicitlyTagged) : this(value, false)
 
     override fun encodeToTlv() = value
 
@@ -32,11 +30,7 @@ data class OtherName (
         return value.prettyPrint()
     }
 
-    override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
-        if (input !is X400AddressName) {
-            return GeneralNameOption.ConstraintResult.DIFF_TYPE
-        } else {
-            throw UnsupportedOperationException("Narrows, widens and match are not yet implemented for OtherName.")
-        }
+    override fun validatedCopy(checkIsValid: (GeneralNameOption) -> Boolean): OtherName {
+        return OtherName(value, true, checkIsValid(this))
     }
 }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/RFC822Name.kt

@@ -44,39 +44,37 @@ data class RFC822Name internal constructor(
     }
 
     override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
-        if (!isValid || input?.isValid == false) throw Asn1Exception("Invalid RFC822Name")
-        if (input !is RFC822Name) {
-            return GeneralNameOption.ConstraintResult.DIFF_TYPE
-        }
-
-        val thisName = value.value.lowercase()
-        val inputName = input.value.value.lowercase()
-
-        if (thisName == inputName) {
-            return GeneralNameOption.ConstraintResult.MATCH
-        }
-
-        fun isEmailLike(name: String) = '@' in name
-        fun hasDomainPrefix(name: String) = name.startsWith(".")
+        return try {
+            super.constrains(input)
+        } catch (_: UnsupportedOperationException) {
+            val thisName = value.value.lowercase()
+            val inputName = (input as RFC822Name).value.value.lowercase()
+            fun isEmailLike(name: String) = '@' in name
+            fun hasDomainPrefix(name: String) = name.startsWith(".")
+
+            when {
+                thisName == inputName -> GeneralNameOption.ConstraintResult.MATCH
+
+                thisName.endsWith(inputName) -> {
+                    when {
+                        isEmailLike(inputName) -> GeneralNameOption.ConstraintResult.SAME_TYPE
+                        hasDomainPrefix(inputName) -> GeneralNameOption.ConstraintResult.NARROWS
+                        thisName.getOrNull(thisName.lastIndexOf(inputName) - 1) == '@' -> GeneralNameOption.ConstraintResult.NARROWS
+                        else -> GeneralNameOption.ConstraintResult.SAME_TYPE
+                    }
+                }
+
+                inputName.endsWith(thisName) -> {
+                    when {
+                        isEmailLike(thisName) -> GeneralNameOption.ConstraintResult.SAME_TYPE
+                        hasDomainPrefix(thisName) -> GeneralNameOption.ConstraintResult.WIDENS
+                        inputName.getOrNull(inputName.lastIndexOf(thisName) - 1) == '@' -> GeneralNameOption.ConstraintResult.WIDENS
+                        else -> GeneralNameOption.ConstraintResult.SAME_TYPE
+                    }
+                }
 
-        if (thisName.endsWith(inputName)) {
-            return when {
-                isEmailLike(inputName) -> GeneralNameOption.ConstraintResult.SAME_TYPE
-                hasDomainPrefix(inputName) -> GeneralNameOption.ConstraintResult.NARROWS
-                thisName.getOrNull(thisName.lastIndexOf(inputName) - 1) == '@' -> GeneralNameOption.ConstraintResult.NARROWS
                 else -> GeneralNameOption.ConstraintResult.SAME_TYPE
             }
         }
-
-        if (inputName.endsWith(thisName)) {
-            return when {
-                isEmailLike(thisName) -> GeneralNameOption.ConstraintResult.SAME_TYPE
-                hasDomainPrefix(thisName) -> GeneralNameOption.ConstraintResult.WIDENS
-                inputName.getOrNull(inputName.lastIndexOf(thisName) - 1) == '@' -> GeneralNameOption.ConstraintResult.WIDENS
-                else -> GeneralNameOption.ConstraintResult.SAME_TYPE
-            }
-        }
-
-        return GeneralNameOption.ConstraintResult.SAME_TYPE
     }
 }

indispensable/src/commonMain/kotlin/at/asitplus/signum/indispensable/pki/generalNames/RegisteredIDName.kt

@@ -5,11 +5,14 @@ import at.asitplus.signum.indispensable.asn1.Asn1Encodable
 import at.asitplus.signum.indispensable.asn1.Asn1Primitive
 import at.asitplus.signum.indispensable.asn1.ObjectIdentifier
 
-data class RegisteredIDName (
+data class RegisteredIDName internal constructor(
     val value: ObjectIdentifier,
     override val performValidation: Boolean = false,
     override val type: GeneralNameOption.NameType = GeneralNameOption.NameType.OID
 ): GeneralNameOption, Asn1Encodable<Asn1Primitive> {
+
+    constructor(value: ObjectIdentifier) : this(value, false)
+
     override fun encodeToTlv() = value.encodeToTlv()
 
     /**
@@ -27,12 +30,4 @@ data class RegisteredIDName (
     override fun toString(): String {
         return value.toString()
     }
-
-    override fun constrains(input: GeneralNameOption?): GeneralNameOption.ConstraintResult {
-        if (input !is RegisteredIDName) {
-            return GeneralNameOption.ConstraintResult.DIFF_TYPE
-        } else {
-            throw UnsupportedOperationException("Narrows, widens and match are not yet implemented for RegisteredIDName.")
-        }
-    }
 }