fix(rust/c509-certificate): update docs

Author: bkioshn

docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl

@@ -1,5 +1,5 @@
 ; This c509 Certificate format is based upon:
-; https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/
+; https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/
 ; And is restricted/customized to better enable compatibility with Plutus scripts
 ; that would consume them, without loosing necessary features of x509
 ; Not all x509 features are supported and some fields have different semantics to improve
@@ -11,42 +11,32 @@ C509CertificatePlutusRestrictedSubset = [ TBSCertificate, issuerSignatureValue:
 
 ; The elements of the following group are used in a CBOR Sequence:
 TBSCertificate = (
-	c509CertificateType: &c509CertificateTypeValues, ; Always 0
+	c509CertificateType: int, ; Always 2 as natively signed C509 certificate following X.509 v3
 	certificateSerialNumber: CertificateSerialNumber, ; Can be ignored/set to 0 or used as intended.
-	issuer: Name, ; This could be an on-chain reference to the issuer cert, what would be the best way?  Transaction hash/cert hash?
-	validityNotBefore: Time, ; c509 uses UTC
-	validityNotAfter: Time, ; c509 uses UTC
+	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
+	issuer: Name / null, ; If set to null, use the `subject`. This could be an on-chain reference to
+						   the issuer cert, what would be the best way?  Transaction hash/cert hash?
+	validityNotBefore: ~time, ; UTC
+	validityNotAfter: ~time / null, ; UTC
 	subject: Name, ; Reference to on-chain keys related to this certificate
 	subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
-	subjectPublicKey: subjectPublicKey, ; Ed25519 public key
-	extensions: Extensions, ; No extensions are currently supported must be set to []
-	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
-)
-
-; 0 = Native CBOR Certificate type
-; 1 = reencoded-der-cert -  Not supported in this restricted version of the format.
-c509CertificateTypeValues = ( native-cbor: 0,
-	; reencoded-der: 1 ; Not supported in this restricted encoding format
+	subjectPublicKey: any, ; Ed25519 public key
+	extensions: Extensions, ; Currently support extensions with basic CBOR types and Alternative Name
 )
 
-CertificateSerialNumber = biguint
-
-Name = [ * RelativeDistinguishedName ]
-	/ text
-	/ bytes
+CertificateSerialNumber = ~biguint
 
-RelativeDistinguishedName = Attribute / [ 2* Attribute ]
+Name = [ * Attribute ] / text / bytes
 
 Attribute = (
 	( attributeType: int, attributeValue: text )
 	// ( attributeType: oid, attributeValue: bytes )
-	// ( attributeType: pen, attributeValue: bytes )
 	// CardanoPublicKey
 )
 
 subjectPublicKey = bytes .size (32..32); Ed25519 public key stored in bytes, adjust size of this if other key types are supported.  
 
-; This is a completely custom Attribute for the RelativeDistinguishedName which is only for use with Plutus scripts.
+; This is a completely custom Attribute,  which is only for use with Plutus scripts.
 ; attributeType = The type of Cardano key we associate with this certificate.
 ; proof = Does the transaction require proof that the key is owned by the transaction signer?
 ; attributeValue = The Cardano public key hash of the attribute type
@@ -61,14 +51,12 @@ cardanoKeyTypes = (
 	ccHotVerificationKeyHash: 4,
 )
 
-; Plutus will need to convert the Unix epoch timestamp to the nearest slot number
+; For `~time` Plutus will need to convert the Unix epoch timestamp to the nearest slot number
 ; validityNotBefore rounds up to the next Slot after that time.
 ; validityNotAfter rounds down to the next Slot before that time.
-Time = ( ~time / null )
 
 ed25519Signature = bstr .size 64; Ed25519 signature must be tagged to identify their type.
 
-
 ; Currently ONLY AlgorithmIdentifier int(12) - Ed25519 is supported.
 ; oid and [ algorithm: oid, parameters: bytes ] are not supported by Plutus.
 AlgorithmIdentifier = (int
@@ -82,5 +70,4 @@ Extensions = [ * Extension ] / int
 Extension = (
 	( extensionID: int, extensionValue: any )
 	// ( extensionID: ~oid, ? critical: true, extensionValue: bytes )
-	// ( extensionID: pen, ? critical: true, extensionValue: bytes )
 )

rust/c509-certificate/examples/cli/main.rs

@@ -115,7 +115,7 @@ struct C509Json {
     /// Optional validity not after date,
     /// if not provided, set to no expire date 9999-12-31T23:59:59+00:00.
     validity_not_after: Option<String>,
-    /// Relative distinguished name of the subject.
+    /// Attributes of the subject.
     subject: Attributes,
     /// Optional subject public key algorithm of the certificate,
     /// if not provided, set to Ed25519.
@@ -304,10 +304,10 @@ fn decode(file: &PathBuf, output: Option<PathBuf>) -> anyhow::Result<()> {
         certificate_type: Some(tbs_cert.get_c509_certificate_type()),
         serial_number: Some(tbs_cert.get_certificate_serial_number().clone()),
         issuer_signature_algorithm: Some(tbs_cert.get_issuer_signature_algorithm().clone()),
-        issuer: Some(extract_relative_distinguished_name(tbs_cert.get_issuer())?),
+        issuer: Some(extract_attributes(tbs_cert.get_issuer())?),
         validity_not_before: Some(time_to_string(tbs_cert.get_validity_not_before().to_u64())?),
         validity_not_after: Some(time_to_string(tbs_cert.get_validity_not_after().to_u64())?),
-        subject: extract_relative_distinguished_name(tbs_cert.get_subject())?,
+        subject: extract_attributes(tbs_cert.get_subject())?,
         subject_public_key_algorithm: Some(tbs_cert.get_subject_public_key_algorithm().clone()),
         // Return a hex formation of the public key
         subject_public_key: tbs_cert.get_subject_public_key().encode_hex(),
@@ -326,7 +326,7 @@ fn decode(file: &PathBuf, output: Option<PathBuf>) -> anyhow::Result<()> {
 }
 
 /// Extract a `Attributes` from a `Name`.
-fn extract_relative_distinguished_name(name: &Name) -> anyhow::Result<Attributes> {
+fn extract_attributes(name: &Name) -> anyhow::Result<Attributes> {
     match name.get_value() {
         NameValue::Attributes(attrs) => Ok(attrs.clone()),
         _ => Err(anyhow::anyhow!("Expected Attributes")),

rust/c509-certificate/examples/web/index.js

@@ -1,11 +1,11 @@
 // Testing the wasm binding JS functions.
 
 import init, {
-	generate,
-	verify,
 	decode,
-	PublicKey,
+	generate,
 	PrivateKey,
+	PublicKey,
+	verify,
 } from "../../pkg/c509_certificate.js";
 
 const pem_sk = `
@@ -24,7 +24,7 @@ const tbs = {
 	c509_certificate_type: 0,
 	certificate_serial_number: 1000000n,
 	issuer: {
-		relative_distinguished_name: [
+		attributes: [
 			{
 				oid: "2.5.4.3",
 				value: [{ text: "RFC test CA" }],

rust/c509-certificate/src/algorithm_identifier.rs

@@ -11,7 +11,7 @@
 //! not implemented yet.
 //!
 //! For more information about `AlgorithmIdentifier`,
-//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/)
+//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/)
 
 use asn1_rs::Oid;
 use minicbor::{encode::Write, Decode, Decoder, Encode, Encoder};

rust/c509-certificate/src/attributes/attribute.rs

@@ -2,12 +2,11 @@
 //!
 //! ```cddl
 //! Attribute = ( attributeType: int, attributeValue: text ) //
-//! ( attributeType: ~oid, attributeValue: bytes ) //
-//! ( attributeType: pen, attributeValue: bytes )
+//!             ( attributeType: ~oid, attributeValue: bytes ) //
 //! ```
 //!
 //! For more information about Attribute,
-//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/)
+//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/)
 
 use std::str::FromStr;
 

rust/c509-certificate/src/attributes/data.rs

@@ -1,5 +1,5 @@
 //! Attribute data provides a necessary information for encoding and decoding of C509
-//! Attribute. See [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/)
+//! Attribute. See [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/)
 //! Section 9.3 C509 Attributes Registry for more information.
 
 use anyhow::Error;

rust/c509-certificate/src/attributes/mod.rs

@@ -2,7 +2,7 @@
 //!
 //! ```cddl
 //! Attributes = ( attributeType: int, attributeValue: [+text] ) //
-//! ( attributeType: ~oid, attributeValue: [+bytes] )
+//!             ( attributeType: ~oid, attributeValue: [+bytes] )
 //! ```
 //!
 //! Use case:
@@ -11,7 +11,7 @@
 //! ```
 //!
 //! For more information about `Attributes`,
-//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/)
+//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/)
 
 use attribute::Attribute;
 use minicbor::{encode::Write, Decode, Decoder, Encode, Encoder};
@@ -59,7 +59,8 @@ impl Encode<()> for Attributes {
                 "Attributes should not be empty",
             ));
         }
-        e.array(self.0.len() as u64)?;
+        // The attribute type should be included in array too
+        e.array(self.0.len() as u64 * 2)?;
         for attribute in &self.0 {
             attribute.encode(e, ctx)?;
         }
@@ -78,7 +79,8 @@ impl Decode<'_, ()> for Attributes {
 
         let mut attributes = Attributes::new();
 
-        for _ in 0..len {
+        // The attribute type is included in an array, so divide by 2
+        for _ in 0..len / 2 {
             let attribute = Attribute::decode(d, &mut ())?;
             attributes.add_attr(attribute);
         }
@@ -108,13 +110,13 @@ mod test_attributes {
         attributes
             .encode(&mut encoder, &mut ())
             .expect("Failed to encode Attributes");
-        // 1 Attribute value (array len 1): 0x81
+        // 1 Attribute (array len 2 (attribute type + value)): 0x82
         // Email Address: 0x00
         // Attribute value (array len 2): 0x82
         // [email protected]: 0x736578616d706c65406578616d706c652e636f6d
         assert_eq!(
             hex::encode(buffer.clone()),
-            "810082736578616d706c65406578616d706c652e636f6d736578616d706c65406578616d706c652e636f6d"
+            "820082736578616d706c65406578616d706c652e636f6d736578616d706c65406578616d706c652e636f6d"
         );
 
         let mut decoder = Decoder::new(&buffer);

rust/c509-certificate/src/big_uint.rs

@@ -54,7 +54,7 @@ mod test_big_uint {
 
     use super::*;
 
-    // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/
+    // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/
     // A.1.  Example RFC 7925 profiled X.509 Certificate
     #[test]
     fn test_encode_decode() {
@@ -74,7 +74,7 @@ mod test_big_uint {
         assert_eq!(decoded_b_uint, b_uint);
     }
 
-    // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/
+    // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/
     // A.2.  Example IEEE 802.1AR profiled X.509 Certificate
     #[test]
     fn test_encode_decode_2() {

rust/c509-certificate/src/extensions/extension/data.rs

@@ -1,5 +1,5 @@
 //! Extension data provides a necessary information for encoding and decoding of C509
-//! Extension. See [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/)
+//! Extension. See [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/)
 //! Section 9.4 C509 Extensions Registry for more information.
 
 // cspell: words Evt

rust/c509-certificate/src/extensions/mod.rs

@@ -1,21 +1,18 @@
 //! C509 Extension as a part of `TBSCertificate` used in C509 Certificate.
 //!
 //! Extension fallback of C509 OID extension
-//! Given OID if not found in the registered OID table, it will be encoded as a PEN OID.
-//! If the OID is not a PEN OID, it will be encoded as an unwrapped OID.
+//! Given OID if not found in the registered OID table, it will be encoded as an unwrapped OID.
 //!
 //! ```cddl
 //! Extensions and Extension can be encoded as the following:
 //! Extensions = [ * Extension ] / int
 //! Extension = ( extensionID: int, extensionValue: any ) //
-//! ( extensionID: ~oid, ? critical: true,
-//!   extensionValue: bytes ) //
-//! ( extensionID: pen, ? critical: true,
-//!   extensionValue: bytes )
+//!             ( extensionID: ~oid, ? critical: true,
+//!             extensionValue: bytes ) //
 //! ```
 //!
 //! For more information about Extensions,
-//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/)
+//! visit [C509 Certificate](https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/11/)
 
 pub mod alt_name;
 pub mod extension;