Implement certificate checks (#816)
* Add new toHex function and streamline names
* Migrate Fabric to #privates/get/set
* Add all missing cert checks
* Add all missing cert checks in Case
* Add method to verify operational node id
* Add CSRRequest check
* leftover adjustment from fabric refactor
* Correctly encode the certificate serialnumber
... so that not only 255 are allowed ...
* Encode Lists for Objects in Tlv by order of entries in object
... to achieve a bit better matching the specs.
* Update DerCodec
* allow to specify a type override (used for BitString and long Integers provided as ByteArray) to encode as the right type
* add handling for "non well defined date"
* Rename Type Number to Integer to match RFC
* Add encoding of Bitstrings as by RFC
* Allow encoding of Bigint and ByteArray also as Der-Integer type
* Update DerCodec
* allow to specify a type override (used for BitString and long Integers provided as ByteArray) to encode as the right type
* add handling for "non well defined date"
* Rename Type Number to Integer to match RFC
* Add encoding of Bitstrings as by RFC
* Allow encoding of Bigint and ByteArray also as Der-Integer type
* Enhance/Move Certificate DER types
* Move DER tpes for certificates into own file (formally breaking because exports changem but unlikely that someone used it)
* Generalize Encoding for cert Basic Constrains
* Generalize Encoding of Extended Key Usage and support all types as by Matter spec
* Generalize Encoding of key usage
* Add more general types to Der Type File
* Export new Cert types file
* Adjust Der Type for Key
* Add Encoding/Decoding of non well formed data to Tlv
A Date value of 0 in Tlv is encoded as "special non well defined date" in DER and decoded correctly
* Generalize Matter DER type generation
* Generalize Matter cert definitions
* Subject and Issuer encoding to preserve order
We encode the Subject and issuer fields by the order of the object to preserve this order from Tlv into X509.
This also enhances it to allow all Matter spec defined fields.
* Generalize Cert to ASN conversion
* add all subject/issuer fields
* really use all provided values (and not ignore some)
* add Raw bytes for FutureExtensions
* Add certificate validation
... as defined by Matter specs
* Fix imports
* Adjust DAC/RootCert generation
* Log certificate validation errors
* Enhance Date encoding as by spec
all 2050+ is GeneralizedTime, so also special case is included
* Add more String type encoding
And simplify the Typeoverride to handle data encoding in Der class and not outside.
* Add more String type encoding
And simplify the Typeoverride to handle data encoding in Der class and not outside.
* Optimize Certificate typing
* Preserve order for extensions
* laxe checks because Amazon and SmartThings use wrong certs
... formally wrong compared to 1.2 matter specs.
Amazon is also setting DigitalSignature in Root/Icac, SmartThings sets KeyEncipherment in NOC. Chip seems to accept it, so we do also
* Fix typos
* Linter
* Restructure Certificate testing
* move all ByteArray definitons into extra file
* add Cert chains from Apple, Amazon, Google and SmartThings
* enhance tests
* Use real crypto for Integrationtest
* Adjust tests for new checks
* Only log "notbefore" date errors for now
* This should ever have worked before :-)
* Fix imports
* fix check
* trivial typo
* Address review feedback
* Combines changelog
* [execute-chiptests-long] Changelog fix
* finalize
---------
Co-authored-by: lauckhart <greg@lauckhart.com>