This commit is mostly cosmetic but results in configs that are significantly more readable. We currently require configs to specify their collection of certificate policies as OID strings:
certificate-policies {
oid "2.23.133.5.4.100.6"
oid "2.23.133.5.4.100.8"
oid "2.23.133.5.4.100.12"
oid "1.3.6.1.4.1.57551.1.3"
}
This is sufficient to create a certificate with the right policy extension, but it's a bit cryptic. This commit maps known / relevant OIDs to an enum with variants named as closely as possible to the names used in their respective specifications. This change allows us to replace the above kdl node with:
NOTE: The node names used for cert policies e.g.
tcg-dice-kp-identity-init is the closest the knuffelDecode macro will allow us to supporting the mixed kebab and camel-case convention common to RFCs and the TCG specs e.g. tcg-dice-kp-identityInit This limitation is documented here:
https://docs.rs/knuffel/latest/knuffel/derive.Decode.html#enums
This commit is mostly cosmetic but results in configs that are significantly more readable. We currently require configs to specify their collection of certificate policies as OID strings:
This is sufficient to create a certificate with the right policy extension, but it's a bit cryptic. This commit maps known / relevant OIDs to an enum with variants named as closely as possible to the names used in their respective specifications. This change allows us to replace the above kdl node with:
The existing raw OID form remains unchanged.
NOTE: The node names used for cert policies e.g.
tcg-dice-kp-identity-init
is the closest theknuffel
Decode
macro will allow us to supporting the mixed kebab and camel-case convention common to RFCs and the TCG specs e.g.tcg-dice-kp-identityInit
This limitation is documented here: https://docs.rs/knuffel/latest/knuffel/derive.Decode.html#enums