New ASN.1 parser/generator and migrate X509Cert and TrustManager. #826
Conversation
This adds a new ASN1 package for parsing/encoding ASN.1 using DER encoding. Also port X509Cert, X509CertChain for both parsing and generation. Also migrate TrustManager to use this and since it's now Kotlin Multiplatform make use of TrustManager in samples/testapp for both reader and issuer authentication. With X509Cert now being multiplatform, move all certificate generation code to MdocUtils.kt in identity-mdoc library so it's available to apps. Similarly, make SignedVical.create() multi-platform. Also remove the drag handle on ConsentModalBottomSheet since the user is never expected to use it. Add JVM-unit tests to check that all public accessors on X509Cert agree with X509Certificate. Test: New unit tests and all unit tests pass. Test: Manually tested in samples/testapp on both Android and iOS. Test: Manually tested appholder, appverifier, wallet. Signed-off-by: David Zeuthen <[email protected]>
|
|
||
| constructor(booleanValues: BooleanArray): | ||
| this( | ||
| if (booleanValues.size == 0) 0 else (8 - (booleanValues.size % 8)), |
There was a problem hiding this comment.
The number of unused bits should always be in the range 0-7. If the number of bits is a multiple of 8, this will set the number of unused bits to 8, and we may end up skipping a byte when decoding (or, at the very least, it's inconsistent with the standard).
Maybe: ((8 - (booleanValues.size % 8)) & 0x07)
Or, equivalently: ((8 - (booleanValues.size % 8)) % 8)
?
| override fun encode(builder: ByteStringBuilder) { | ||
| ASN1.appendUniversalTagEncodingLength(builder, tag, enc, value.size + 1) | ||
| builder.append(numUnusedBits.toByte()) | ||
| builder.append(value) |
There was a problem hiding this comment.
The standard requires unused bits to be set to 0, so there's only one possible encoding. I don't see anything here that guarantees that, if the caller used the ByteArray constructor directly. Either add a check()/require() or force those values to 0 before appending?
|
|
||
| import kotlinx.io.bytestring.ByteStringBuilder | ||
|
|
||
| class ASN1BitString( |
There was a problem hiding this comment.
Could we add a couple unit tests to cover the two comments below?
This adds a new ASN1 package for parsing/encoding ASN.1 using DER encoding. Also port X509Cert, X509CertChain for both parsing and generation.
Also migrate TrustManager to use this and since it's now Kotlin Multiplatform make use of TrustManager in samples/testapp for both reader and issuer authentication.
With X509Cert now being multiplatform, move all certificate generation code to MdocUtils.kt in identity-mdoc library so it's available to apps. Similarly, make SignedVical.create() multi-platform.
Also remove the drag handle on ConsentModalBottomSheet since the user is never expected to use it.
Add JVM-unit tests to check that all public accessors on X509Cert agree with X509Certificate.
Test: New unit tests and all unit tests pass.
Test: Manually tested in samples/testapp on both Android and iOS.
Test: Manually tested appholder, appverifier, wallet.