1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344

//! C509 Extension use to construct an Extensions message field for C509 Certificate.

mod data;
use std::{fmt::Debug, str::FromStr};

use asn1_rs::Oid;
use data::{get_extension_type_from_int, get_oid_from_int, EXTENSIONS_LOOKUP};
use minicbor::{encode::Write, Decode, Decoder, Encode, Encoder};
use serde::{Deserialize, Deserializer, Serialize};
use strum_macros::EnumDiscriminants;

use super::alt_name::AlternativeName;
use crate::oid::{C509oid, C509oidRegistered};

/// A struct of C509 `Extension`
#[derive(Debug, Clone, PartialEq)]
pub struct Extension {
    /// The registered OID of the `Extension`.
    registered_oid: C509oidRegistered,
    /// The critical flag of the `Extension` negative if critical is true, otherwise
    /// positive.
    critical: bool,
    /// The value of the `Extension` in `ExtensionValue`.
    value: ExtensionValue,
}

impl Extension {
    /// Create a new instance of `Extension` using `OID` and value.
    #[must_use]
    pub fn new(oid: Oid<'static>, value: ExtensionValue, critical: bool) -> Self {
        Self {
            registered_oid: C509oidRegistered::new(oid, EXTENSIONS_LOOKUP.get_int_to_oid_table())
                .pen_encoded(),
            critical,
            value,
        }
    }

    /// Get the value of the `Extension` in `ExtensionValue`.
    #[must_use]
    pub fn get_value(&self) -> &ExtensionValue {
        &self.value
    }

    /// Get the critical flag of the `Extension`.
    #[must_use]
    pub fn get_critical(&self) -> bool {
        self.critical
    }

    /// Get the registered OID of the `Extension`.
    #[must_use]
    pub fn get_registered_oid(&self) -> &C509oidRegistered {
        &self.registered_oid
    }
}

/// A helper struct to deserialize and serialize `Extension`.
#[derive(Debug, Deserialize, Serialize)]
struct Helper {
    /// OID string value
    oid: String,
    /// Extension value
    value: ExtensionValue,
    /// Flag to indicate whether the extension is critical
    critical: bool,
}

impl<'de> Deserialize<'de> for Extension {
    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
    where D: Deserializer<'de> {
        let helper = Helper::deserialize(deserializer)?;
        let oid =
            Oid::from_str(&helper.oid).map_err(|e| serde::de::Error::custom(format!("{e:?}")))?;

        Ok(Extension::new(oid, helper.value, helper.critical))
    }
}

impl Serialize for Extension {
    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
    where S: serde::Serializer {
        let helper = Helper {
            oid: self.registered_oid.get_c509_oid().get_oid().to_string(),
            value: self.value.clone(),
            critical: self.critical,
        };
        helper.serialize(serializer)
    }
}

impl Encode<()> for Extension {
    // Extension can be encoded as:
    // - (extensionID: int, extensionValue: any)
    // - (extensionID: ~oid, ? critical: true, extensionValue: bytes)
    // - (extensionID: pen, ? critical: true, extensionValue: bytes)
    fn encode<W: Write>(
        &self, e: &mut Encoder<W>, ctx: &mut (),
    ) -> Result<(), minicbor::encode::Error<W::Error>> {
        // Handle CBOR int based on OID mapping
        if let Some(&mapped_oid) = self
            .registered_oid
            .get_table()
            .get_map()
            .get_by_right(&self.registered_oid.get_c509_oid().get_oid())
        {
            // Determine encoded OID value based on critical flag
            let encoded_oid = if self.critical {
                -mapped_oid
            } else {
                mapped_oid
            };
            e.i16(encoded_oid)?;
        } else {
            // Handle unwrapped CBOR OID or CBOR PEN
            self.registered_oid.get_c509_oid().encode(e, ctx)?;
            if self.critical {
                e.bool(self.critical)?;
            }
        }
        // Encode the extension value
        self.value.encode(e, ctx)?;
        Ok(())
    }
}

impl Decode<'_, ()> for Extension {
    fn decode(d: &mut Decoder<'_>, ctx: &mut ()) -> Result<Self, minicbor::decode::Error> {
        match d.datatype()? {
            // Check whether OID is an int
            // Even the encoding is i16, the minicbor decoder doesn't know what type we encoded,
            // so need to check every possible type.
            minicbor::data::Type::U8
            | minicbor::data::Type::U16
            | minicbor::data::Type::I8
            | minicbor::data::Type::I16 => {
                let int_value = d.i16()?;
                // OID can be negative due to critical flag, so need absolute the value
                let abs_int_value = int_value.abs();
                let oid =
                    get_oid_from_int(abs_int_value).map_err(minicbor::decode::Error::message)?;
                let value_type = get_extension_type_from_int(abs_int_value)
                    .map_err(minicbor::decode::Error::message)?;

                // Decode extension value
                let extension_value = ExtensionValue::decode(d, &mut value_type.get_type())?;
                Ok(Extension::new(
                    oid.to_owned(),
                    extension_value,
                    int_value.is_negative(),
                ))
            },
            _ => {
                // Handle unwrapped CBOR OID or CBOR PEN
                let c509_oid = C509oid::decode(d, ctx)?;
                // Critical flag is optional, so if exist, this mean we have to decode it
                let critical = if d.datatype()? == minicbor::data::Type::Bool {
                    d.bool()?
                } else {
                    false
                };

                // Decode bytes for extension value
                let extension_value = ExtensionValue::Bytes(d.bytes()?.to_vec());

                Ok(Extension::new(
                    c509_oid.get_oid(),
                    extension_value,
                    critical,
                ))
            },
        }
    }
}

// -----------------ExtensionValue------------------------

/// Trait for `ExtensionValueType`
trait ExtensionValueTypeTrait {
    /// Get the type of the `ExtensionValueType`.
    fn get_type(&self) -> ExtensionValueType;
}

/// An enum of possible value types for `Extension`.
#[allow(clippy::module_name_repetitions)]
#[derive(Debug, Clone, PartialEq, EnumDiscriminants, Deserialize, Serialize)]
#[strum_discriminants(name(ExtensionValueType))]
#[serde(rename_all = "snake_case")]
pub enum ExtensionValue {
    /// An Integer in the range [-2^64, 2^64-1]
    Int(i64),
    /// A bytes.
    Bytes(Vec<u8>),
    /// An Alternative Name.
    AlternativeName(AlternativeName),
    /// An unsupported value.
    Unsupported,
}

impl ExtensionValueTypeTrait for ExtensionValueType {
    fn get_type(&self) -> ExtensionValueType {
        *self
    }
}

impl Encode<()> for ExtensionValue {
    fn encode<W: Write>(
        &self, e: &mut Encoder<W>, ctx: &mut (),
    ) -> Result<(), minicbor::encode::Error<W::Error>> {
        match self {
            ExtensionValue::Int(value) => {
                e.i64(*value)?;
            },
            ExtensionValue::Bytes(value) => {
                e.bytes(value)?;
            },
            ExtensionValue::AlternativeName(value) => {
                value.encode(e, ctx)?;
            },
            ExtensionValue::Unsupported => {
                return Err(minicbor::encode::Error::message(
                    "Cannot encode unsupported Extension value",
                ));
            },
        }
        Ok(())
    }
}

impl<C> Decode<'_, C> for ExtensionValue
where C: ExtensionValueTypeTrait + Debug
{
    fn decode(d: &mut Decoder<'_>, ctx: &mut C) -> Result<Self, minicbor::decode::Error> {
        match ctx.get_type() {
            ExtensionValueType::Int => {
                let value = d.i64()?;
                Ok(ExtensionValue::Int(value))
            },
            ExtensionValueType::Bytes => {
                let value = d.bytes()?.to_vec();
                Ok(ExtensionValue::Bytes(value))
            },
            ExtensionValueType::AlternativeName => {
                let value = AlternativeName::decode(d, &mut ())?;
                Ok(ExtensionValue::AlternativeName(value))
            },
            ExtensionValueType::Unsupported => {
                Err(minicbor::decode::Error::message(
                    "Cannot decode Unsupported extension value",
                ))
            },
        }
    }
}

// ------------------Test----------------------

#[cfg(test)]
mod test_extension {
    use asn1_rs::oid;

    use super::*;

    #[test]
    fn int_oid_inhibit_anypolicy_value_unsigned_int() {
        let mut buffer = Vec::new();
        let mut encoder = Encoder::new(&mut buffer);

        let ext = Extension::new(oid!(2.5.29 .54), ExtensionValue::Int(2), false);
        ext.encode(&mut encoder, &mut ())
            .expect("Failed to encode Extension");
        // Inhibit anyPolicy : 0x181e
        // 2 : 0x02
        assert_eq!(hex::encode(buffer.clone()), "181e02");

        let mut decoder = Decoder::new(&buffer);
        let decoded_ext =
            Extension::decode(&mut decoder, &mut ()).expect("Failed to decode Extension");
        assert_eq!(decoded_ext, ext);
    }

    #[test]
    fn unwrapped_oid_critical_key_usage_value_int() {
        let mut buffer = Vec::new();
        let mut encoder = Encoder::new(&mut buffer);

        let ext = Extension::new(oid!(2.5.29 .15), ExtensionValue::Int(-1), true);
        ext.encode(&mut encoder, &mut ())
            .expect("Failed to encode Extension");
        // Key Usage with critical true: 0x21
        // -1 : 0x20
        assert_eq!(hex::encode(buffer.clone()), "2120");

        let mut decoder = Decoder::new(&buffer);
        let decoded_ext =
            Extension::decode(&mut decoder, &mut ()).expect("Failed to decode Extension");
        assert_eq!(decoded_ext, ext);
    }

    #[test]
    fn oid_unwrapped_value_bytes_string() {
        let mut buffer = Vec::new();
        let mut encoder = Encoder::new(&mut buffer);

        // Not PEN OID and not in the registry table
        // Value should be bytes
        let ext = Extension::new(
            oid!(2.16.840 .1 .101 .3 .4 .2 .1),
            ExtensionValue::Bytes("test".as_bytes().to_vec()),
            false,
        );
        ext.encode(&mut encoder, &mut ())
            .expect("Failed to encode Extension");
        // OID : 0x49608648016503040201
        // "test".as_bytes() : 0x4474657374
        assert_eq!(
            hex::encode(buffer.clone()),
            "496086480165030402014474657374"
        );

        let mut decoder = Decoder::new(&buffer);
        let decoded_ext =
            Extension::decode(&mut decoder, &mut ()).expect("Failed to decode Extension");
        assert_eq!(decoded_ext, ext);
    }

    #[test]
    fn encode_decode_mismatch_type() {
        let mut buffer = Vec::new();
        let mut encoder = Encoder::new(&mut buffer);

        // Subject Key Identifier should be bytes
        let ext = Extension::new(oid!(2.5.29 .14), ExtensionValue::Int(2), false);
        ext.encode(&mut encoder, &mut ())
            .expect("Failed to encode Extension");
        // SubjectKeyIdentifier : 0x01
        // 2 : 0x02
        assert_eq!(hex::encode(buffer.clone()), "0102");

        let mut decoder = Decoder::new(&buffer);
        // Decode should fail, because rely on the int value
        Extension::decode(&mut decoder, &mut ()).expect_err("Failed to decode Extension");
    }
}