[+] Missing x509 members

[*] Added POSIX-like rng fd close on deinit
[*] Added verbose arg checks for unix env vars

Include/Aurora/Crypto/X509/GenerateCertificate.hpp

@@ -22,8 +22,9 @@ namespace Aurora::Crypto::X509
         // metadata --
         Hashing::EHashType digest;
         AuUInt8 uVersion { 3 };
-        bool bIsCA {};
+        bool bIsCA { };
-        bool bSubjectKeyId {};
+        AuInt8 iMaxPathLength { -1 };
+        bool bSubjectKeyId { };
         AuList<EExtendedUsage> usage;
         AuUInt8 uSerialRadix { 10 };
         AuString sSerial { "69420" };

Include/Aurora/Crypto/X509/X509.hpp

@@ -7,62 +7,68 @@
 ***/
 #pragma once
 
-#include "ESignatureAlgorithm.hpp"
 #include "EExtendedUsage.hpp"
 
 namespace Aurora::Crypto::X509
 {
-    // yes, these structure completely disregards the principles of the x509 structure and the rationales behind certain extensions
-    // however, this is not intended to be a grandiose TLS stack
-    // 
-    // PKSC#1 and #8, and x509 extensions (ie: rfc5280 key-ids, v3 exts) are not supported in our deps
-    // we had to reimplement them ourselves >:(
-    // lets worry about the more important issues
-
     struct CertName
     {
         AU_COPY_MOVE_DEF(CertName);
-        AuString commonName;   // Tbs
+        AuString commonName;
 
-        AuString department;   // Tbs
+        AuString department;
-        AuString organization; // Tbs
+        AuString organization;
-        AuString state;        // Tbs
+        AuString address;
-        AuString countryCode;  // Tbs
+        AuString locality;
+        AuString state;
+        AuString countryCode;
+        AuString postcode;
 
-        AuString name;         // Tbs
+        AuString name;
-        AuString email;        // Tbs
+        AuString email;
-        AuString title;        // Tbs
+        AuString title;
     };
 
     struct DecodedCertificate
     {
         AU_COPY_MOVE_DEF(DecodedCertificate);
-        // TODO:
+        int version {};
-        //SignatureAlgorithm signature;
+
         struct Issuer : CertName
         {
             AU_COPY_MOVE_DEF(Issuer);
             Memory::ByteBuffer id;
         } issuer;
+
         struct Subject : CertName
         {
             AU_COPY_MOVE_DEF(Subject);
             Memory::ByteBuffer id;
         } subject;
-        struct Vaildity            // Tbs
+
-        {                          // Tbs
+        struct Vaildity
+        {
             AU_COPY_MOVE_DEF(Vaildity);
-            AuUInt issued;         // Tbs
+            AuUInt issued;
-            AuUInt expire;         // Tbs
+            AuUInt expire;
-        } validity;                // Tbs
+        } validity;
-        AuList<AuUInt8> serialNumber; // Tbs
+
-        AuList<AuUInt8> algorithmOid; // Tbs
+        AuList<AuUInt8> serialNumber;
-        // TODO: usage             // extension
+        AuList<AuUInt8> algorithmOid;
+
         AuList<AuString> AIAs;
         // TODO: AuString CRL;
+        
         // TODO: AuList<String> subjectNames;
+
         Hashing::EHashType digest;
+
         AuList<EExtendedUsage> usage;
+
+        int  iMaxPath {};
+        bool bIsCA {};
+
+        // TODO: ...
     };
 
     AUKN_SYM bool Decode(const Certificate &der, DecodedCertificate &out);

Source/Crypto/X509/GenerateCertificate.cpp

@@ -156,6 +156,9 @@ namespace Aurora::Crypto::X509
         _WRITE_ISSUER(MBEDTLS_OID_PKCS9_EMAIL, request.name.email);
         _WRITE_ISSUER(MBEDTLS_OID_AT_TITLE, request.name.title);
         _WRITE_ISSUER(MBEDTLS_OID_AT_GIVEN_NAME, request.name.name);
+        _WRITE_ISSUER(MBEDTLS_OID_AT_POSTAL_CODE, request.name.postcode);
+        _WRITE_ISSUER(MBEDTLS_OID_AT_POSTAL_ADDRESS, request.name.address);
+        _WRITE_ISSUER(MBEDTLS_OID_AT_LOCALITY, request.name.locality);
     #undef _WRITE_ISSUER
 
         if (request.pSigningChain)
@@ -223,6 +226,15 @@ namespace Aurora::Crypto::X509
             }
         }
 
+        if (request.uVersion == 3)
+        {
+            if (::mbedtls_x509write_crt_set_basic_constraints(&crt, request.bIsCA, request.iMaxPathLength) != 0)
+            {
+                SysPushErrorCrypto("Couldn't set basic constraints");
+                goto out;
+            }
+        }
+
         if (request.usage.size())
         {
             mbedtls_asn1_sequence *tail {};

Source/Crypto/X509/x509.cpp

@@ -316,6 +316,9 @@ namespace Aurora::Crypto::X509
         find_oid_value_in_name(&name, MBEDTLS_OID_PKCS9_EMAIL, out.email);
         find_oid_value_in_name(&name, MBEDTLS_OID_AT_TITLE, out.title);
         find_oid_value_in_name(&name, MBEDTLS_OID_AT_GIVEN_NAME, out.name);
+        find_oid_value_in_name(&name, MBEDTLS_OID_AT_POSTAL_CODE, out.postcode);
+        find_oid_value_in_name(&name, MBEDTLS_OID_AT_POSTAL_ADDRESS, out.address);
+        find_oid_value_in_name(&name, MBEDTLS_OID_AT_LOCALITY, out.locality);
     }
 
     static bool ParseCert(const Certificate &der, AuFunction<void(mbedtls_x509_crt &crt)> cb)
@@ -351,11 +354,47 @@ namespace Aurora::Crypto::X509
         return AuTime::FromCivilTime(tm, true);
     }
 
+    static void FindUsage(DecodedCertificate &out,
+                          const mbedtls_x509_sequence *extended_key_usage)
+    {
+        const mbedtls_x509_sequence *pCur = extended_key_usage;
+
+        while (pCur)
+        {
+
+        #define CHECK_CHECK(enum, oid)                          \
+            if (pCur->buf.len == sizeof(oid) - 1)               \
+            {                                                   \
+                if (!AuMemcmp(oid, pCur->buf.p, pCur->buf.len)) \
+                {                                               \
+                    out.usage.push_back(enum);                  \
+                }                                               \
+            }
+
+            CHECK_CHECK(EExtendedUsage::eServerAuth, MBEDTLS_OID_SERVER_AUTH);
+            CHECK_CHECK(EExtendedUsage::eClientAuth, MBEDTLS_OID_CLIENT_AUTH);
+            CHECK_CHECK(EExtendedUsage::eCodeSigning, MBEDTLS_OID_CODE_SIGNING);
+            CHECK_CHECK(EExtendedUsage::eEmailProtection, MBEDTLS_OID_EMAIL_PROTECTION);
+            CHECK_CHECK(EExtendedUsage::eTimeStamping, MBEDTLS_OID_TIME_STAMPING);
+            CHECK_CHECK(EExtendedUsage::eOCSPSigning, MBEDTLS_OID_OCSP_SIGNING);
+
+        #undef CHECK_CHECK
+         
+            pCur = pCur->next;
+        }
+    }
+
     void DecodeInternal(const mbedtls_x509_crt &crt, DecodedCertificate &out)
     {
         auto &issuer = crt.issuer;
         auto &subject = crt.subject;
 
+        out.version  = crt.version;
+        out.iMaxPath = crt.private_max_pathlen;
+        out.bIsCA    = crt.private_ca_istrue;
+
+        FindUsage(out, &crt.ext_key_usage);
+
         FindCommonNames(issuer, out.issuer);
         FindCommonNames(subject, out.subject);
 

Source/Process/AuProcessEnvironment.Unix.cpp

@@ -38,6 +38,7 @@ namespace Aurora::Process
         
         if (key.empty())
         {
+            SysPushErrorArg("Missing key");
             return false;
         }
         
@@ -51,6 +52,13 @@ namespace Aurora::Process
 
         if (key.empty())
         {
+            SysPushErrorArg("Missing key");
+            return false;
+        }
+
+        if (value.empty())
+        {
+            SysPushErrorArg("Missing value");
             return false;
         }
         
@@ -63,6 +71,7 @@ namespace Aurora::Process
         
         if (key.empty())
         {
+            SysPushErrorArg("Missing key");
             return false;
         }
         

Source/RNG/AuRNGEntropy.cpp

@@ -39,7 +39,7 @@
 namespace Aurora::RNG
 {
 #if defined(AURORA_IS_POSIX_DERIVED)
-    static int gDevURand;
+    static int gDevURand { -1 };
 
     void EntropyInit()
     {
@@ -207,6 +207,7 @@ namespace Aurora::RNG
         if (gDevURand > 0)
         {
             ::close(gDevURand);
+            gDevURand = -1;
         }
     #elif defined(AURORA_IS_MODERNNT_DERIVED) && defined(USE_OLD_NTCRYPT)
         if (pBCryptGenRandom)