Smalltalk › Squeak › Other › Squeak - Cryptography

new version of X509 with full CertificateExtension decoding

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Rob Withers

new version of X509 with full CertificateExtension decoding

hi all,

I just published a new version of X509. This version decodes all
CertificateExtensions, using the new ASN.1 Type stream. I defined
the ASN.1 in both the X509Certificate and X509CertificateExtension
classes. Note that if you are loading the newer version of X509 on
top of an older version, you should run the initialize methods of
both of those classes by hand, since Monticello doesn't do it for us.

Notice below the new #assign:from: method, which allows us to assign
one user defined type spec to another, as in:

(ASN1Module name: #x509) assign: #CertificateIssuer from:
#GeneralNames.

Rob

And here is the Type Specification for X509, for your pleasure!

"-- Certificate --"

((ASN1Module name: #x509) sequence: #Certificate mapping:
X509Certificate)
add: #tbsCertificate type: #TBSCertificate;
add: #signatureAlgorithm type: #AlgorithmIdentifier;
add: #signature type: #ASN1BitStringType;
yourself.
(ASN1Module name: #x509) find: #Certificate.

((ASN1Module name: #x509) sequence: #TBSCertificate mapping:
X509TBSCertificate)
add: #version type: #Version explicitTag: 0 default: 0;
add: #serialNumber type: #CertificateSerialNumber;
add: #signature type: #AlgorithmIdentifier;
add: #issuer type: #Name;
add: #validity type: #Validity;
add: #subject type: #Name;
add: #subjectPublicKeyInfo type: #SubjectPublicKeyInfo;
addOptional: #issuerUniqueID type: #UniqueIdentifier implicitTag: 1;
addOptional: #subjectUniqueID type: #UniqueIdentifier implicitTag: 2;
addOptional: #extensions type: #Extensions explicitTag: 3;
yourself.

((ASN1Module name: #x509) sequence: #AlgorithmIdentifier mapping:
X509AlgorithmIdentifier)
add: #oid type: #ASN1ObjectIdentifierType;
addOptional: #parameters type: #ASN1AnyType;
yourself.

(ASN1Module name: #x509) integer: #Version.
(ASN1Module name: #x509) integer: #CertificateSerialNumber.
(ASN1Module name: #x509) bitString: #UniqueIdentifier.
(ASN1Module name: #x509) sequence: #Extensions of: #Extension.

((ASN1Module name: #x509) sequence: #SubjectPublicKeyInfo mapping:
X509SubjectPublicKeyInfo)
add: #algorithm type: #AlgorithmIdentifier;
add: #subjectPublicKey type: #ASN1BitStringType;
yourself.

((ASN1Module name: #x509) sequence: #Validity mapping: X509Validity)
add: #notBefore type: #Time;
add: #notAfter type: #Time;
yourself.
(ASN1Module name: #x509) utcTime: #Time.

((ASN1Module name: #x509) choice: #Name)
add: #names type: #RDNSequence.
(ASN1Module name: #x509) sequence: #RDNSequence of:
#RelativeDistinguishedName.
(ASN1Module name: #x509) set: #RelativeDistinguishedName of:
#AttributeTypeAndValue.

((ASN1Module name: #x509) sequence: #Extension mapping:
X509CertificateExtension)
add: #extnId type: #ASN1ObjectIdentifierType;
addOptional: #extnCritical type: #ASN1BooleanType default: false;
add: #extnValue type: #ASN1ByteArrayType;
yourself.

((ASN1Module name: #x509) sequence: #AttributeTypeAndValue mapping:
X520Attribute)
add: #attrOid type: #AttributeType;
add: #attrValue type: #AttributeValue;
yourself.
((ASN1Module name: #x509) sequence: #Attribute mapping: X520Attribute)
add: #attrOid type: #AttributeType;
add: #attrValue type: #AttributeValues;
yourself.
(ASN1Module name: #x509) set: #AttributeValues of: #AttributeValue.
(ASN1Module name: #x509) objectIdentifier: #AttributeType.
((ASN1Module name: #x509) any: #AttributeValue definedBy: #attrOid)
at: (ASN1ObjectId fromString: '2.5.4.41') put: #X520Name;
at: (ASN1ObjectId fromString: '2.5.4.4') put: #X520Name;
at: (ASN1ObjectId fromString: '2.5.4.42') put: #X520Name;
at: (ASN1ObjectId fromString: '2.5.4.43') put: #X520Name;
at: (ASN1ObjectId fromString: '2.5.4.44') put: #X520Name;
at: (ASN1ObjectId fromString: '2.5.4.3') put: #X520CommonName;
at: (ASN1ObjectId fromString: '2.5.4.7') put: #X520LocalityName;
at: (ASN1ObjectId fromString: '2.5.4.8') put:
#X520StateOrProvinceName;
at: (ASN1ObjectId fromString: '2.5.4.10') put: #X520OrganizationName;
at: (ASN1ObjectId fromString: '2.5.4.11') put:
#X520OrganizationalUnitName;
at: (ASN1ObjectId fromString: '2.5.4.6') put: #X520CountryName;
at: (ASN1ObjectId fromString: '1.2.840.113549.1.9.1') put:
#X520Pkcs9EmailAddress;
defaultType: #ASN1StringType;
yourself.
((ASN1Module name: #x509) choice: #X509StringChoice)
add: #teletexString type: #ASN1TeletexStringType;
add: #printableString type: #ASN1PrintableStringType;
add: #universalString type: #ASN1UniversalStringType;
add: #utf8String type: #ASN1StringType;
add: #bmpString type: #ASN1BMPStringType;
yourself.
((ASN1Module name: #x509) mapped: #X520Name)
mapping: X520Name mappingSymbol: #string type: #X509StringChoice.
((ASN1Module name: #x509) mapped: #X520CommonName)
mapping: X520CommonName mappingSymbol: #string type:
#X509StringChoice.
((ASN1Module name: #x509) mapped: #X520LocalityName)
mapping: X520LocalityName mappingSymbol: #string type:
#X509StringChoice.
((ASN1Module name: #x509) mapped: #X520StateOrProvinceName)
mapping: X520StateOrProvinceName mappingSymbol: #string type:
#X509StringChoice.
((ASN1Module name: #x509) mapped: #X520OrganizationName)
mapping: X520OrganizationName mappingSymbol: #string type:
#X509StringChoice.
((ASN1Module name: #x509) mapped: #X520OrganizationalUnitName)
mapping: X520OrganizationalUnitName mappingSymbol: #string type:
#X509StringChoice.
((ASN1Module name: #x509) mapped: #X520CountryName)
mapping: X520CountryName mappingSymbol: #string type:
#ASN1PrintableStringType.
((ASN1Module name: #x509) mapped: #X520Pkcs9EmailAddress)
mapping: X520Pkcs9EmailAddress mappingSymbol: #string type:
#ASN1IA5StringType.

"-- CertificateExtension --"

((ASN1Module name: #x509) sequence: #AuthorityKeyIdentifier mapping:
X509AuthorityKeyIdentifier)
addOptional: #keyIdentifier type: #KeyIdentifier implicitTag: 0;
addOptional: #certIssuer type: #GeneralNames implicitTag: 1;
addOptional: #certSerialNumber type: #CertificateSerialNumber
implicitTag: 2;
yourself.
(ASN1Module name: #x509) byteArray: #KeyIdentifier.

(ASN1Module name: #x509) sequence: #GeneralNames of: #GeneralName.
((ASN1Module name: #x509) choice: #GeneralName)
add: #otherName type: #AnotherName implicitTag: 0;
add: #rfc822Name type: #ASN1IA5StringType implicitTag: 1;
add: #dNSName type: #ASN1IA5StringType implicitTag: 2;
" add: #x400Address type: #ORAddress implicitTag: 3;"
add: #directoryName type: #Name explicitTag: 4;
add: #ediPartyName type: #EDIPartyName implicitTag: 5;
add: #uniformResourceIdenifier type: #ASN1IA5StringType
implicitTag: 6;
add: #iPAddress type: #ASN1ByteArrayType implicitTag: 7;
add: #registeredID type: #ASN1ObjectIdentifierType implicitTag: 8;
yourself.
((ASN1Module name: #x509) sequence: #AnotherName mapping:
X509AnotherName)
add: #typeId type: #ASN1ObjectIdentifierType;
add: #value type: #ASN1AnyType explicitTag: 0;
yourself.
((ASN1Module name: #x509) sequence: #EDIPartyName mapping:
X509EDIPartyName)
addOptional: #nameAssigner type: #X509StringChoice implicitTag: 0;
add: #partyName type: #X509StringChoice implicitTag: 1;
yourself.

(ASN1Module name: #x509) bitString: #KeyUsage.

((ASN1Module name: #x509) sequence: #PrivateKeyUsagePeriod mapping:
X509Validity)
addOptional: #notBefore type: #ASN1UTCTimeType implicitTag: 0;
addOptional: #notAfter type: #ASN1UTCTimeType implicitTag: 1;
yourself.

(ASN1Module name: #x509) sequence: #CertificatePolicies of:
#PolicyInformation.
((ASN1Module name: #x509) sequence: #PolicyInformation mapping:
X509PolicyInformation)
add: #id type: #CertPolicyId;
addOptional: #qualifiers type: #PolicyQualifierInfos;
yourself.
(ASN1Module name: #x509) objectIdentifier: #CertPolicyId.
(ASN1Module name: #x509) sequence: #PolicyQualifierInfos of:
#PolicyQualifierInfo.
((ASN1Module name: #x509) sequence: #PolicyQualifierInfo mapping:
X509PolicyQualifierInfo)
add: #id type: #ASN1ObjectIdentifierType;
add: #qualifier type: #ANS1AnyType;
yourself.

(ASN1Module name: #x509) sequence: #PolicyMappings of: #PolicyMapping.
((ASN1Module name: #x509) sequence: #PolicyMapping mapping:
X509PolicyMapping)
add: #issuerDomainPolicy type: #CertPolicyId;
add: #subjectDomainPolicy type: #CertPolicyId;
yourself.

(ASN1Module name: #x509) assign: #SubjectAltName from: #GeneralNames.
(ASN1Module name: #x509) assign: #IssuerAltName from: #GeneralNames.

(ASN1Module name: #x509) sequence: #SubjectDirectoryAttributes of:
#Attribute.

((ASN1Module name: #x509) sequence: #BasicConstraints mapping:
X509BasicConstraints)
add: #ca type: #ASN1BooleanType default: false;
addOptional: #pathLengthConstraint type: #ASN1IntegerType;
yourself.

((ASN1Module name: #x509) sequence: #NameConstraints mapping:
X509NameConstraints)
addOptional: #permittedSubtrees type: #GeneralSubtrees implicitTag: 0;
addOptional: #excludedSubtrees type: #GeneralSubtrees implicitTag: 1;
yourself.
(ASN1Module name: #x509) sequence: #GeneralSubtrees of:
#GeneralSubtree.
((ASN1Module name: #x509) sequence: #GeneralSubtree mapping:
X509GeneralSubtree)
add: #base type: #GeneralName;
add: #minimum type: #BaseDistance implicitTag: 0 default: 0;
addOptional: #maximum type: #BaseDistance implicitTag: 1;
yourself.
(ASN1Module name: #x509) integer: #BaseDistance.

((ASN1Module name: #x509) sequence: #PolicyConstraints mapping:
X509PolicyConstraints)
addOptional: #requireExplicitPolicy type: #SkipCerts implicitTag: 0;
addOptional: #inhibitPolicyMapping type: #SkipCerts implicitTag: 1;
yourself.
(ASN1Module name: #x509) integer: #SkipCerts.

(ASN1Module name: #x509) sequence: #CRLDistributionPoints of:
#DistributionPoint.
((ASN1Module name: #x509) sequence: #DistributionPoint mapping:
X509DistributionPoint)
addOptional: #distributionPoint type: #DistributionPointName
explicitTag: 0;
addOptional: #reasons type: #ReasonFlags implicitTag: 1;
addOptional: #cRLIssuer type: #GeneralNames implicitTag: 2;
yourself.
((ASN1Module name: #x509) choice: #DistributionPointName)
add: #fullName type: #GeneralNames implicitTag: 0;
add: #nameRelativeToCRLIssuer type: #RelativeDistinguishedName
implicitTag: 1;
yourself.
(ASN1Module name: #x509) bitString: #ReasonFlags.

(ASN1Module name: #x509) sequence: #ExtKeyUsageSyntax of:
#KeyPurposeId.
(ASN1Module name: #x509) objectIdentifier: #KeyPurposeId.

(ASN1Module name: #x509) assign: #InhibitAnyPolicy from: #SkipCerts.

(ASN1Module name: #x509) assign: #FreshestCRL from:
#CRLDistributionPoints.

(ASN1Module name: #x509) sequence: #AuthorityInfoAccessSyntax of:
#AccessDescription.
((ASN1Module name: #x509) sequence: #AccessDescription mapping:
X509AccessDescription)
add: #accessMethod type: #ASN1ObjectIdentifierType;
add: #accessLocation type: #GeneralName;
yourself.

(ASN1Module name: #x509) sequence: #SubjectInfoAccessSyntax of:
#AccessDescription.

(ASN1Module name: #x509) integer: #CRLNumber.

((ASN1Module name: #x509) sequence: #IssuingDistributionPoint
mapping: X509IssuingDistributionPoint)
addOptional: #distributionPoint type: #DistributionPointName
explicitTag: 0;
add: #onlyContainsUserCerts type: #ASN1BooleanType implicitTag: 1
default: false;
add: #onlyContainsCACerts type: #ASN1BooleanType implicitTag: 2
default: false;
addOptional: #onlySomeReasons type: #ReasonFlags implicitTag: 3;
add: #indirectCRL type: #ASN1BooleanType implicitTag: 4 default:
false;
add: #onlyContainsAttributeCerts type: #ASN1BooleanType
implicitTag: 5 default: false;
yourself.

(ASN1Module name: #x509) assign: #BaseCRLNumber from: #CRLNumber.

" (ASN1Module name: #x509) enumerated: #CRLReason."

(ASN1Module name: #x509) assign: #CertificateIssuer from:
#GeneralNames.

(ASN1Module name: #x509) objectIdentifier: #HoldInstructionCode.

(ASN1Module name: #x509) utcTime: #InvalidityDate.

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography