[PEM] Implement new PemDocument API

Fix tests because of different line endings: Base64.Pem uses CRLF and not just `\n`

Author: whyoleg

cryptography-providers/base/src/commonMain/kotlin/materials/keys.kt

@@ -8,15 +8,21 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.serialization.asn1.*
 import dev.whyoleg.cryptography.serialization.asn1.modules.*
 import dev.whyoleg.cryptography.serialization.pem.*
+import kotlinx.io.bytestring.unsafe.*
 
+@OptIn(UnsafeByteStringApi::class)
 @CryptographyProviderApi
 public fun unwrapPem(label: PemLabel, key: ByteArray): ByteArray {
-    return Pem.decode(key).ensurePemLabel(label).bytes
+    val document = PemDocument.decode(key)
+    check(document.label == label) { "Wrong PEM label, expected $label, actual ${document.label}" }
+    UnsafeByteStringOperations.withByteArrayUnsafe(document.content) { return it }
 }
 
+@OptIn(UnsafeByteStringApi::class)
 @CryptographyProviderApi
 public fun wrapPem(label: PemLabel, key: ByteArray): ByteArray {
-    return Pem.encodeToByteArray(PemContent(label, key))
+    val document = PemDocument(label, UnsafeByteStringOperations.wrapUnsafe(key))
+    return document.encodeToByteArray()
 }
 
 @CryptographyProviderApi

cryptography-providers/tests/src/commonMain/kotlin/compatibility/EcCompatibilityTest.kt

@@ -42,7 +42,8 @@ abstract class EcCompatibilityTest<PublicK : EC.PublicKey, PrivateK : EC.Private
     }
 
     protected inline fun generateCurves(block: (curve: EC.Curve) -> Unit) {
-        generate(block,
+        generate(
+            block,
             EC.Curve.P256, EC.Curve.P384, EC.Curve.P521,
             EC.Curve.secp256k1,
             EC.Curve.brainpoolP256r1, EC.Curve.brainpoolP384r1, EC.Curve.brainpoolP512r1,
@@ -91,10 +92,17 @@ abstract class EcCompatibilityTest<PublicK : EC.PublicKey, PrivateK : EC.Private
                         EC.PublicKey.Format.RAW,
                         EC.PublicKey.Format.RAW.Compressed,
                         EC.PublicKey.Format.DER,
-                        EC.PublicKey.Format.PEM,
                                                 -> {
                             assertContentEquals(bytes, key.encodeToByteString(format), "Public Key $format encoding")
                         }
+                        EC.PublicKey.Format.PEM -> {
+                            val expected = PemDocument.decode(bytes)
+                            val actual = PemDocument.decode(key.encodeToByteString(format))
+
+                            assertEquals(expected.label, actual.label)
+                            assertEquals(PemLabel.PublicKey, actual.label)
+                            assertContentEquals(expected.content, actual.content, "Public Key $format content encoding")
+                        }
                     }
                 }
                 val privateKeys = privateKeyDecoder.decodeFrom(
@@ -112,23 +120,25 @@ abstract class EcCompatibilityTest<PublicK : EC.PublicKey, PrivateK : EC.Private
                             assertEcPrivateKeyEquals(byteString.toByteArray(), key.encodeToByteArray(format))
                         }
                         EC.PrivateKey.Format.PEM.SEC1 -> {
-                            val expected = Pem.decode(byteString)
-                            val actual = Pem.decode(key.encodeToByteString(format))
+                            val expected = PemDocument.decode(byteString)
+                            val actual = PemDocument.decode(key.encodeToByteString(format))
 
+                            assertEquals(PemLabel.EcPrivateKey, actual.label)
                             assertEquals(expected.label, actual.label)
 
-                            assertEcPrivateKeyEquals(expected.bytes, actual.bytes)
+                            assertEcPrivateKeyEquals(expected.content.toByteArray(), actual.content.toByteArray())
                         }
                         EC.PrivateKey.Format.DER -> {
                             assertPkcs8EcPrivateKeyEquals(byteString.toByteArray(), key.encodeToByteArray(format))
                         }
                         EC.PrivateKey.Format.PEM -> {
-                            val expected = Pem.decode(byteString)
-                            val actual = Pem.decode(key.encodeToByteString(format))
+                            val expected = PemDocument.decode(byteString)
+                            val actual = PemDocument.decode(key.encodeToByteString(format))
 
                             assertEquals(expected.label, actual.label)
+                            assertEquals(PemLabel.PrivateKey, actual.label)
 
-                            assertPkcs8EcPrivateKeyEquals(expected.bytes, actual.bytes)
+                            assertPkcs8EcPrivateKeyEquals(expected.content.toByteArray(), actual.content.toByteArray())
                         }
                     }
                 }

cryptography-providers/tests/src/commonMain/kotlin/compatibility/RsaBasedCompatibilityTest.kt

@@ -8,7 +8,9 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.*
 import dev.whyoleg.cryptography.providers.tests.compatibility.api.*
+import dev.whyoleg.cryptography.serialization.pem.*
 import kotlinx.serialization.*
+import kotlin.test.*
 
 private val publicKeyFormats = listOf(
     RSA.PublicKey.Format.JWK,
@@ -89,13 +91,25 @@ abstract class RsaBasedCompatibilityTest<PublicK : RSA.PublicKey, PrivateK : RSA
                     supports = ::supportsKeyFormat
                 ) { key, format, bytes ->
                     when (format) {
-                        RSA.PublicKey.Format.DER,
-                        RSA.PublicKey.Format.PEM,
-                        RSA.PublicKey.Format.DER.PKCS1,
-                        RSA.PublicKey.Format.PEM.PKCS1,
-                                                 ->
+                        RSA.PublicKey.Format.DER, RSA.PublicKey.Format.DER.PKCS1 -> {
                             assertContentEquals(bytes, key.encodeToByteString(format), "Public Key $format encoding")
-                        RSA.PublicKey.Format.JWK -> {}
+                        }
+                        RSA.PublicKey.Format.PEM, RSA.PublicKey.Format.PEM.PKCS1 -> {
+                            val expected = PemDocument.decode(bytes)
+                            val actual = PemDocument.decode(key.encodeToByteString(format))
+
+                            val expectedLabel = when (format) {
+                                RSA.PublicKey.Format.PEM       -> PemLabel.PublicKey
+                                RSA.PublicKey.Format.PEM.PKCS1 -> PemLabel.RsaPublicKey
+                                else                           -> {}
+                            }
+
+                            assertEquals(expected.label, actual.label)
+                            assertEquals(expectedLabel, actual.label)
+
+                            assertContentEquals(expected.content, actual.content, "Public Key $format content encoding")
+                        }
+                        RSA.PublicKey.Format.JWK                                 -> {}
 
                     }
                 }
@@ -105,13 +119,26 @@ abstract class RsaBasedCompatibilityTest<PublicK : RSA.PublicKey, PrivateK : RSA
                     supports = ::supportsKeyFormat
                 ) { key, format, bytes ->
                     when (format) {
-                        RSA.PrivateKey.Format.DER,
-                        RSA.PrivateKey.Format.PEM,
-                        RSA.PrivateKey.Format.DER.PKCS1,
-                        RSA.PrivateKey.Format.PEM.PKCS1,
-                                                  ->
+                        RSA.PrivateKey.Format.DER, RSA.PrivateKey.Format.DER.PKCS1 -> {
                             assertContentEquals(bytes, key.encodeToByteString(format), "Private Key $format encoding")
-                        RSA.PrivateKey.Format.JWK -> {}
+                        }
+                        RSA.PrivateKey.Format.PEM, RSA.PrivateKey.Format.PEM.PKCS1 -> {
+                            val expected = PemDocument.decode(bytes)
+                            val actual = PemDocument.decode(key.encodeToByteString(format))
+
+                            val expectedLabel = when (format) {
+                                RSA.PrivateKey.Format.PEM       -> PemLabel.PrivateKey
+                                RSA.PrivateKey.Format.PEM.PKCS1 -> PemLabel.RsaPrivateKey
+                                else                            -> {}
+                            }
+
+                            assertEquals(expected.label, actual.label)
+                            assertEquals(expectedLabel, actual.label)
+
+                            assertContentEquals(expected.content, actual.content, "Private Key $format content encoding")
+                        }
+
+                        RSA.PrivateKey.Format.JWK                                  -> {}
                     }
                 }
                 put(keyReference, publicKeys to privateKeys)

cryptography-providers/tests/src/commonMain/kotlin/support.kt

@@ -122,8 +122,8 @@ fun AlgorithmTestScope<out EC<*, *, *>>.supportsPrivateKeyDecoding(
                 EC.PrivateKey.Format.RAW      -> return false
                 EC.PrivateKey.Format.DER      -> decodePki(key)
                 EC.PrivateKey.Format.DER.SEC1 -> key
-                EC.PrivateKey.Format.PEM      -> decodePki(Pem.decode(key).byteString)
-                EC.PrivateKey.Format.PEM.SEC1 -> Pem.decode(key).byteString
+                EC.PrivateKey.Format.PEM      -> decodePki(PemDocument.decode(key).content)
+                EC.PrivateKey.Format.PEM.SEC1 -> PemDocument.decode(key).content
             }
         )
     }

cryptography-serialization/pem/api/cryptography-serialization-pem.api

@@ -20,14 +20,40 @@ public final class dev/whyoleg/cryptography/serialization/pem/PemContentKt {
 	public static final fun ensurePemLabel-fi-TaOo (Ldev/whyoleg/cryptography/serialization/pem/PemContent;Ljava/lang/String;)Ldev/whyoleg/cryptography/serialization/pem/PemContent;
 }
 
+public final class dev/whyoleg/cryptography/serialization/pem/PemDocument {
+	public static final field Companion Ldev/whyoleg/cryptography/serialization/pem/PemDocument$Companion;
+	public synthetic fun <init> (Ljava/lang/String;Lkotlinx/io/bytestring/ByteString;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public synthetic fun <init> (Ljava/lang/String;[BLkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public final fun encodeToByteArray ()[B
+	public final fun encodeToByteString ()Lkotlinx/io/bytestring/ByteString;
+	public final fun encodeToSink (Lkotlinx/io/Sink;)V
+	public final fun encodeToString ()Ljava/lang/String;
+	public fun equals (Ljava/lang/Object;)Z
+	public final fun getContent ()Lkotlinx/io/bytestring/ByteString;
+	public final fun getLabel-2EFq_Wg ()Ljava/lang/String;
+	public fun hashCode ()I
+	public fun toString ()Ljava/lang/String;
+}
+
+public final class dev/whyoleg/cryptography/serialization/pem/PemDocument$Companion {
+	public final fun decode (Ljava/lang/String;)Ldev/whyoleg/cryptography/serialization/pem/PemDocument;
+	public final fun decode (Lkotlinx/io/Source;)Ldev/whyoleg/cryptography/serialization/pem/PemDocument;
+	public final fun decode (Lkotlinx/io/bytestring/ByteString;)Ldev/whyoleg/cryptography/serialization/pem/PemDocument;
+	public final fun decode ([B)Ldev/whyoleg/cryptography/serialization/pem/PemDocument;
+	public final fun decodeToSequence (Ljava/lang/String;)Lkotlin/sequences/Sequence;
+	public final fun decodeToSequence (Lkotlinx/io/Source;)Lkotlin/sequences/Sequence;
+	public final fun decodeToSequence (Lkotlinx/io/bytestring/ByteString;)Lkotlin/sequences/Sequence;
+	public final fun decodeToSequence ([B)Lkotlin/sequences/Sequence;
+}
+
 public final class dev/whyoleg/cryptography/serialization/pem/PemLabel {
 	public static final field Companion Ldev/whyoleg/cryptography/serialization/pem/PemLabel$Companion;
 	public static final synthetic fun box-impl (Ljava/lang/String;)Ldev/whyoleg/cryptography/serialization/pem/PemLabel;
 	public static fun constructor-impl (Ljava/lang/String;)Ljava/lang/String;
 	public fun equals (Ljava/lang/Object;)Z
 	public static fun equals-impl (Ljava/lang/String;Ljava/lang/Object;)Z
 	public static final fun equals-impl0 (Ljava/lang/String;Ljava/lang/String;)Z
-	public final fun getRepresentation ()Ljava/lang/String;
+	public final fun getValue ()Ljava/lang/String;
 	public fun hashCode ()I
 	public static fun hashCode-impl (Ljava/lang/String;)I
 	public fun toString ()Ljava/lang/String;

cryptography-serialization/pem/api/cryptography-serialization-pem.klib.api

@@ -18,11 +18,40 @@ final class dev.whyoleg.cryptography.serialization.pem/PemContent { // dev.whyol
         final fun <get-label>(): dev.whyoleg.cryptography.serialization.pem/PemLabel // dev.whyoleg.cryptography.serialization.pem/PemContent.label.<get-label>|<get-label>(){}[0]
 }
 
+final class dev.whyoleg.cryptography.serialization.pem/PemDocument { // dev.whyoleg.cryptography.serialization.pem/PemDocument|null[0]
+    constructor <init>(dev.whyoleg.cryptography.serialization.pem/PemLabel, kotlin/ByteArray) // dev.whyoleg.cryptography.serialization.pem/PemDocument.<init>|<init>(dev.whyoleg.cryptography.serialization.pem.PemLabel;kotlin.ByteArray){}[0]
+    constructor <init>(dev.whyoleg.cryptography.serialization.pem/PemLabel, kotlinx.io.bytestring/ByteString) // dev.whyoleg.cryptography.serialization.pem/PemDocument.<init>|<init>(dev.whyoleg.cryptography.serialization.pem.PemLabel;kotlinx.io.bytestring.ByteString){}[0]
+
+    final val content // dev.whyoleg.cryptography.serialization.pem/PemDocument.content|{}content[0]
+        final fun <get-content>(): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.serialization.pem/PemDocument.content.<get-content>|<get-content>(){}[0]
+    final val label // dev.whyoleg.cryptography.serialization.pem/PemDocument.label|{}label[0]
+        final fun <get-label>(): dev.whyoleg.cryptography.serialization.pem/PemLabel // dev.whyoleg.cryptography.serialization.pem/PemDocument.label.<get-label>|<get-label>(){}[0]
+
+    final fun encodeToByteArray(): kotlin/ByteArray // dev.whyoleg.cryptography.serialization.pem/PemDocument.encodeToByteArray|encodeToByteArray(){}[0]
+    final fun encodeToByteString(): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.serialization.pem/PemDocument.encodeToByteString|encodeToByteString(){}[0]
+    final fun encodeToSink(kotlinx.io/Sink) // dev.whyoleg.cryptography.serialization.pem/PemDocument.encodeToSink|encodeToSink(kotlinx.io.Sink){}[0]
+    final fun encodeToString(): kotlin/String // dev.whyoleg.cryptography.serialization.pem/PemDocument.encodeToString|encodeToString(){}[0]
+    final fun equals(kotlin/Any?): kotlin/Boolean // dev.whyoleg.cryptography.serialization.pem/PemDocument.equals|equals(kotlin.Any?){}[0]
+    final fun hashCode(): kotlin/Int // dev.whyoleg.cryptography.serialization.pem/PemDocument.hashCode|hashCode(){}[0]
+    final fun toString(): kotlin/String // dev.whyoleg.cryptography.serialization.pem/PemDocument.toString|toString(){}[0]
+
+    final object Companion { // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion|null[0]
+        final fun decode(kotlin/ByteArray): dev.whyoleg.cryptography.serialization.pem/PemDocument // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decode|decode(kotlin.ByteArray){}[0]
+        final fun decode(kotlin/String): dev.whyoleg.cryptography.serialization.pem/PemDocument // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decode|decode(kotlin.String){}[0]
+        final fun decode(kotlinx.io.bytestring/ByteString): dev.whyoleg.cryptography.serialization.pem/PemDocument // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decode|decode(kotlinx.io.bytestring.ByteString){}[0]
+        final fun decode(kotlinx.io/Source): dev.whyoleg.cryptography.serialization.pem/PemDocument // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decode|decode(kotlinx.io.Source){}[0]
+        final fun decodeToSequence(kotlin/ByteArray): kotlin.sequences/Sequence<dev.whyoleg.cryptography.serialization.pem/PemDocument> // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decodeToSequence|decodeToSequence(kotlin.ByteArray){}[0]
+        final fun decodeToSequence(kotlin/String): kotlin.sequences/Sequence<dev.whyoleg.cryptography.serialization.pem/PemDocument> // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decodeToSequence|decodeToSequence(kotlin.String){}[0]
+        final fun decodeToSequence(kotlinx.io.bytestring/ByteString): kotlin.sequences/Sequence<dev.whyoleg.cryptography.serialization.pem/PemDocument> // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decodeToSequence|decodeToSequence(kotlinx.io.bytestring.ByteString){}[0]
+        final fun decodeToSequence(kotlinx.io/Source): kotlin.sequences/Sequence<dev.whyoleg.cryptography.serialization.pem/PemDocument> // dev.whyoleg.cryptography.serialization.pem/PemDocument.Companion.decodeToSequence|decodeToSequence(kotlinx.io.Source){}[0]
+    }
+}
+
 final value class dev.whyoleg.cryptography.serialization.pem/PemLabel { // dev.whyoleg.cryptography.serialization.pem/PemLabel|null[0]
     constructor <init>(kotlin/String) // dev.whyoleg.cryptography.serialization.pem/PemLabel.<init>|<init>(kotlin.String){}[0]
 
-    final val representation // dev.whyoleg.cryptography.serialization.pem/PemLabel.representation|{}representation[0]
-        final fun <get-representation>(): kotlin/String // dev.whyoleg.cryptography.serialization.pem/PemLabel.representation.<get-representation>|<get-representation>(){}[0]
+    final val value // dev.whyoleg.cryptography.serialization.pem/PemLabel.value|{}value[0]
+        final fun <get-value>(): kotlin/String // dev.whyoleg.cryptography.serialization.pem/PemLabel.value.<get-value>|<get-value>(){}[0]
 
     final fun equals(kotlin/Any?): kotlin/Boolean // dev.whyoleg.cryptography.serialization.pem/PemLabel.equals|equals(kotlin.Any?){}[0]
     final fun hashCode(): kotlin/Int // dev.whyoleg.cryptography.serialization.pem/PemLabel.hashCode|hashCode(){}[0]

cryptography-serialization/pem/src/commonMain/kotlin/Pem.kt

@@ -5,45 +5,19 @@
 package dev.whyoleg.cryptography.serialization.pem
 
 import kotlinx.io.bytestring.*
-import kotlin.io.encoding.*
 
-@Deprecated("Renamed to Pem", ReplaceWith("Pem"), DeprecationLevel.ERROR)
+@Suppress("DEPRECATION_ERROR")
+@Deprecated("Migrate to `PemDocument`", level = DeprecationLevel.ERROR)
 public typealias PEM = Pem
 
+@Suppress("DEPRECATION_ERROR")
+@Deprecated("Migrate to `PemDocument`", level = DeprecationLevel.ERROR)
 public object Pem {
-    private const val BEGIN_PREFIX = "-----BEGIN "
-    private const val END_PREFIX = "-----END "
-    private const val SUFFIX = "-----"
-
     public fun encodeToByteString(content: PemContent): ByteString = encode(content).encodeToByteString()
     public fun encodeToByteArray(content: PemContent): ByteArray = encode(content).encodeToByteArray()
-    public fun encode(content: PemContent): String = buildString {
-        append(BEGIN_PREFIX).append(content.label.representation).appendLine(SUFFIX)
-        Base64.encode(content.bytes).chunked(64).joinTo(this, separator = "\n", postfix = "\n")
-        append(END_PREFIX).append(content.label.representation).appendLine(SUFFIX)
-    }
+    public fun encode(content: PemContent): String = PemDocument(content.label, content.byteString).encodeToString()
 
     public fun decode(byteString: ByteString): PemContent = decode(byteString.decodeToString())
     public fun decode(bytes: ByteArray): PemContent = decode(bytes.decodeToString())
-    public fun decode(string: String): PemContent {
-        val lines = string.split("\n")
-        val beginLine = lines.indexOfFirst { it.startsWith(BEGIN_PREFIX) }
-        check(beginLine != -1) { "Invalid PEM format: missing BEGIN label" }
-        val endLine = lines.indexOfFirst { it.startsWith(END_PREFIX) }
-        check(endLine != -1) { "Invalid PEM format: missing END label" }
-
-        val beginLabel = lines[beginLine].substringAfter(BEGIN_PREFIX).substringBefore(SUFFIX).trim()
-        check(beginLabel.isNotBlank()) { "Invalid PEM format: BEGIN label is empty" }
-        val endLabel = lines[endLine].substringAfter(END_PREFIX).substringBefore(SUFFIX).trim()
-        check(endLabel.isNotBlank()) { "Invalid PEM format: BEGIN label is empty" }
-
-        check(beginLabel == endLabel) { "Invalid PEM format: BEGIN=`$beginLabel`, END=`$endLabel`" }
-
-        val contentText = lines.subList(beginLine + 1, endLine).joinToString("")
-
-        return PemContent(
-            label = PemLabel(beginLabel),
-            bytes = Base64.decode(contentText)
-        )
-    }
+    public fun decode(string: String): PemContent = PemDocument.decode(string).let { PemContent(it.label, it.content) }
 }