From efd591386634050c57bc333e57fef517a667520a Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sat, 2 Mar 2024 22:52:10 +0100
Subject: [PATCH 01/18] remove encode trait impl for IdCsr and IdCsrInner

---
 src/certs/idcsr.rs | 45 ---------------------------------------------
 1 file changed, 45 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index 795e3dc..6ecb53f 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -152,49 +152,4 @@ impl<S: Signature> IdCsrInner<S> {
     }
 }
 
-impl<S: Signature> Encode for IdCsrInner<S> {
-    // TODO: Test this
-    fn encoded_len(&self) -> der::Result<Length> {
-        let len_version = Uint::new(&[self.version as u8])?.encoded_len()?;
-        let len_subject = self.subject.encoded_len()?;
-        let spki_converted: SubjectPublicKeyInfoOwned = self.subject_public_key_info.clone().into();
-        let len_spki = spki_converted.encoded_len()?;
-        let len_ssid = self.subject_session_id.as_attribute().encoded_len()?;
-        len_spki + len_subject + len_ssid + len_version
-    }
-
-    // TODO: Test this
-    fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> {
-        let uint_version = Uint::new(&[self.version as u8])?;
-        let spki_converted: SubjectPublicKeyInfoOwned = self.subject_public_key_info.clone().into();
-        uint_version.encode(encoder)?;
-        self.subject.encode(encoder)?;
-        spki_converted.encode(encoder)?;
-        self.subject_session_id.as_attribute().encode(encoder)?;
-        Ok(())
-    }
-}
-
-impl<S: Signature> Encode for IdCsr<S> {
-    // TODO: Test this
-    fn encoded_len(&self) -> der::Result<Length> {
-        let len_inner = self.inner_csr.encoded_len()?;
-        let len_signature_algorithm = AlgorithmIdentifierOwned {
-            oid: self.signature_algorithm.oid,
-            parameters: self.signature_algorithm.parameters.clone(),
-        }
-        .encoded_len()?;
-        let len_signature = self.signature.to_bitstring()?.encoded_len()?;
-        len_inner + len_signature_algorithm + len_signature
-    }
-
-    // TODO: Test this
-    fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> {
-        self.inner_csr.encode(encoder)?;
-        self.signature_algorithm.clone().encode(encoder)?;
-        self.signature.to_bitstring()?.encode(encoder)?;
-        Ok(())
-    }
-}
-
 //TODO: Implement decode trait

From 61167d44feed2f243b188ecf332dc0bca6c4e34c Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sat, 2 Mar 2024 22:52:26 +0100
Subject: [PATCH 02/18] add openssl error, remove partialeq from error type

---
 src/lib.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lib.rs b/src/lib.rs
index 7a48f01..1f1a561 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -57,9 +57,10 @@ pub(crate) mod value_constraints;
 
 use std::fmt::Debug;
 
+use openssl::error::ErrorStack;
 use thiserror::Error;
 
-#[derive(Error, Debug, PartialEq, Clone)]
+#[derive(Error, Debug, Clone)]
 pub enum Error {
     #[error("Conversion from TbsCertificate to IdCertTbs failed")]
     TbsCertToIdCert(#[from] TbsCertToIdCert),
@@ -69,6 +70,8 @@ pub enum Error {
     InvalidInput(#[from] InvalidInput),
     #[error("Value failed to meet constraints")]
     ConstraintError(#[from] ConstraintError),
+    #[error("OpenSSL error")]
+    OpenSSL(#[from] ErrorStack),
 }
 
 /// Error type covering possible failures when converting a [x509_cert::TbsCertificate]

From d37153727fb24a4c3be44b88aea01d7befb7fc8d Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 00:11:56 +0100
Subject: [PATCH 03/18] actually realize that i don't need the openssl crate
 :))))

---
 Cargo.toml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 8f995ba..10d0ac9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,8 +13,7 @@ crate-type = ["rlib", "cdylib", "staticlib"]
 der = { version = "0.7.8", features = ["pem"] }
 spki = "0.7.3"
 thiserror = "1.0.57"
-x509-cert = { version = "0.2.5", default-features = false, features = ["pem"] }
-openssl = "0.10.64"
+x509-cert = { version = "0.2.5", default-features = false }
 
 [dev-dependencies]
 ed25519-dalek = { version = "2.1.1", features = ["rand_core", "signature"] }

From 420e0c0d19105f064c0bfc960558396aa7fb05dd Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 00:12:04 +0100
Subject: [PATCH 04/18] remove openssl errors

---
 src/lib.rs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 1f1a561..af7ada7 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -57,7 +57,6 @@ pub(crate) mod value_constraints;
 
 use std::fmt::Debug;
 
-use openssl::error::ErrorStack;
 use thiserror::Error;
 
 #[derive(Error, Debug, Clone)]
@@ -70,8 +69,6 @@ pub enum Error {
     InvalidInput(#[from] InvalidInput),
     #[error("Value failed to meet constraints")]
     ConstraintError(#[from] ConstraintError),
-    #[error("OpenSSL error")]
-    OpenSSL(#[from] ErrorStack),
 }
 
 /// Error type covering possible failures when converting a [x509_cert::TbsCertificate]

From 1bdb1575b0fe41aacbcb760397f6a542a18624f9 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 00:12:14 +0100
Subject: [PATCH 05/18] add from_bitstring() for signature

---
 src/signature.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/signature.rs b/src/signature.rs
index c8431f7..53c86c1 100644
--- a/src/signature.rs
+++ b/src/signature.rs
@@ -11,4 +11,6 @@ pub trait Signature: PartialEq + Eq + SignatureBitStringEncoding {
     fn as_signature(&self) -> &Self::Signature;
     /// The [AlgorithmIdentifierOwned] associated with this signature
     fn algorithm_identifier() -> AlgorithmIdentifierOwned;
+    /// From a bit string signature value, create a new [Self]
+    fn from_bitstring(signature: &[u8]) -> Self;
 }

From fb505fae3cd26d7d9d0fd2e51af1c292509663b2 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 00:12:46 +0100
Subject: [PATCH 06/18] add skeleton code for idcsr conversion

---
 src/certs/idcsr.rs | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index 6ecb53f..9766070 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -5,9 +5,10 @@
 use std::marker::PhantomData;
 
 use der::asn1::{BitString, Uint};
-use der::{Decode, Encode, Length};
+use der::{Decode, Encode};
 use spki::{AlgorithmIdentifierOwned, SubjectPublicKeyInfoOwned};
 use x509_cert::name::Name;
+use x509_cert::request::{CertReq, CertReqInfo};
 
 use crate::key::{PrivateKey, PublicKey};
 use crate::signature::Signature;
@@ -152,4 +153,33 @@ impl<S: Signature> IdCsrInner<S> {
     }
 }
 
-//TODO: Implement decode trait
+impl<S: Signature> From<CertReq> for IdCsr<S> {
+    fn from(value: CertReq) -> Self {
+        IdCsr {
+            inner_csr: IdCsrInner::from(value.info),
+            signature_algorithm: value.algorithm,
+            // TODO: raw_bytes() or as_bytes()?
+            signature: S::from_bitstring(value.signature.raw_bytes()),
+        }
+    }
+}
+
+// TODO Perhaps we should implement TryFrom instead of From, because the conversion can fail.
+impl<S: Signature> From<CertReqInfo> for IdCsrInner<S> {
+    fn from(value: CertReqInfo) -> Self {
+        todo!()
+    }
+}
+
+impl<S: Signature> From<IdCsr<S>> for CertReq {
+    fn from(value: IdCsr<S>) -> Self {
+        todo!()
+    }
+}
+
+// TODO Perhaps we should implement TryFrom instead of From, because the conversion can fail.
+impl<S: Signature> From<IdCsrInner<S>> for CertReqInfo {
+    fn from(value: IdCsrInner<S>) -> Self {
+        todo!()
+    }
+}

From 31cff0afc54e037f3144c3a7d42f5642a2363ccb Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 00:14:54 +0100
Subject: [PATCH 07/18] TryFrom over From where necessary

---
 src/certs/idcsr.rs | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index 9766070..dc2591e 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -153,20 +153,23 @@ impl<S: Signature> IdCsrInner<S> {
     }
 }
 
-impl<S: Signature> From<CertReq> for IdCsr<S> {
-    fn from(value: CertReq) -> Self {
-        IdCsr {
-            inner_csr: IdCsrInner::from(value.info),
+impl<S: Signature> TryFrom<CertReq> for IdCsr<S> {
+    type Error = Error;
+
+    fn try_from(value: CertReq) -> Result<Self, Error> {
+        Ok(IdCsr {
+            inner_csr: IdCsrInner::try_from(value.info)?,
             signature_algorithm: value.algorithm,
             // TODO: raw_bytes() or as_bytes()?
             signature: S::from_bitstring(value.signature.raw_bytes()),
-        }
+        })
     }
 }
 
-// TODO Perhaps we should implement TryFrom instead of From, because the conversion can fail.
-impl<S: Signature> From<CertReqInfo> for IdCsrInner<S> {
-    fn from(value: CertReqInfo) -> Self {
+impl<S: Signature> TryFrom<CertReqInfo> for IdCsrInner<S> {
+    type Error = Error;
+
+    fn try_from(value: CertReqInfo) -> Result<Self, Self::Error> {
         todo!()
     }
 }
@@ -177,9 +180,10 @@ impl<S: Signature> From<IdCsr<S>> for CertReq {
     }
 }
 
-// TODO Perhaps we should implement TryFrom instead of From, because the conversion can fail.
-impl<S: Signature> From<IdCsrInner<S>> for CertReqInfo {
-    fn from(value: IdCsrInner<S>) -> Self {
+impl<S: Signature> TryFrom<IdCsrInner<S>> for CertReqInfo {
+    type Error = Error;
+
+    fn try_from(value: IdCsrInner<S>) -> Result<Self, Error> {
         todo!()
     }
 }

From d501055bdc6c9f99fed833e8b788da611ac171a5 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 21:09:47 +0100
Subject: [PATCH 08/18] Impl TryFrom, From for x509_cert CertReq types to/from
 polyproto types

---
 src/certs/idcsr.rs | 55 +++++++++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 22 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index 7bba65f..b580b28 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -4,7 +4,7 @@
 
 use std::marker::PhantomData;
 
-use der::asn1::{BitString, Uint};
+use der::asn1::{BitString, SetOfVec, Uint};
 use der::{Decode, Encode};
 use spki::{AlgorithmIdentifierOwned, SubjectPublicKeyInfoOwned};
 use x509_cert::name::Name;
@@ -60,8 +60,7 @@ impl<S: Signature> IdCsr<S> {
     ) -> Result<IdCsr<S>, Error> {
         subject.validate()?;
         subject_session_id.validate()?;
-        let inner_csr =
-            IdCsrInner::<S>::new(subject, signing_key.pubkey(), subject_session_id.clone())?;
+        let inner_csr = IdCsrInner::<S>::new(subject, signing_key.pubkey())?;
 
         let version_bytes = Uint::new(&[inner_csr.version as u8])?.to_der()?;
         let subject_bytes = inner_csr.subject.to_der()?;
@@ -87,13 +86,11 @@ impl<S: Signature> IdCsr<S> {
 
     pub fn valid_actor_csr(&self) -> Result<(), Error> {
         self.inner_csr.subject.validate()?;
-        self.inner_csr.subject_session_id.validate()?;
         todo!()
     }
 
     pub fn valid_home_server_csr(&self) -> Result<(), Error> {
         self.inner_csr.subject.validate()?;
-        self.inner_csr.subject_session_id.validate()?;
         todo!()
     }
 }
@@ -116,8 +113,6 @@ pub struct IdCsrInner<S: Signature> {
     pub subject: Name,
     /// The subjects' public key and related metadata.
     pub subject_public_key_info: PublicKeyInfo,
-    /// The session ID of the client. No two valid certificates may exist for one session ID.
-    pub subject_session_id: SessionId,
     phantom_data: PhantomData<S>,
 }
 
@@ -129,11 +124,7 @@ impl<S: Signature> IdCsrInner<S> {
     /// Creates a new [IdCsrInner].
     ///
     /// The length of `subject_session_id` MUST NOT exceed 32.
-    pub fn new(
-        subject: Name,
-        public_key: &impl PublicKey<S>,
-        subject_session_id: SessionId,
-    ) -> Result<IdCsrInner<S>, Error> {
+    pub fn new(subject: Name, public_key: &impl PublicKey<S>) -> Result<IdCsrInner<S>, Error> {
         subject.validate()?;
 
         let subject_public_key_info = PublicKeyInfo {
@@ -147,7 +138,6 @@ impl<S: Signature> IdCsrInner<S> {
             version: PkcsVersion::V1,
             subject,
             subject_public_key_info,
-            subject_session_id,
             phantom_data: PhantomData,
         })
     }
@@ -170,20 +160,41 @@ impl<S: Signature> TryFrom<CertReqInfo> for IdCsrInner<S> {
     type Error = Error;
 
     fn try_from(value: CertReqInfo) -> Result<Self, Self::Error> {
-        todo!()
-    }
-}
+        let rdn_sequence = value.subject;
+        rdn_sequence.validate()?;
+        let public_key = PublicKeyInfo {
+            algorithm: value.public_key.algorithm,
+            public_key_bitstring: value.public_key.subject_public_key,
+        };
 
-impl<S: Signature> From<IdCsr<S>> for CertReq {
-    fn from(value: IdCsr<S>) -> Self {
-        todo!()
+        Ok(IdCsrInner {
+            version: PkcsVersion::V1,
+            subject: rdn_sequence,
+            subject_public_key_info: public_key,
+            phantom_data: PhantomData,
+        })
     }
 }
 
-impl<S: Signature> TryFrom<IdCsrInner<S>> for CertReqInfo {
+impl<S: Signature> TryFrom<IdCsr<S>> for CertReq {
     type Error = Error;
 
-    fn try_from(value: IdCsrInner<S>) -> Result<Self, Error> {
-        todo!()
+    fn try_from(value: IdCsr<S>) -> Result<Self, Self::Error> {
+        Ok(CertReq {
+            info: value.inner_csr.into(),
+            algorithm: value.signature_algorithm,
+            signature: value.signature.to_bitstring()?,
+        })
+    }
+}
+
+impl<S: Signature> From<IdCsrInner<S>> for CertReqInfo {
+    fn from(value: IdCsrInner<S>) -> Self {
+        CertReqInfo {
+            version: x509_cert::request::Version::V1,
+            subject: value.subject,
+            public_key: value.subject_public_key_info.into(),
+            attributes: SetOfVec::new(),
+        }
     }
 }

From 811886ccd7fe48380eb9eb22c1fb053d80499f5e Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 22:14:21 +0100
Subject: [PATCH 09/18] Generate .CSR from IdCsr

---
 examples/ed25519_csr.rs | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index 519145c..b8085bd 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -14,6 +14,7 @@ use rand::rngs::OsRng;
 use spki::{AlgorithmIdentifierOwned, ObjectIdentifier, SignatureBitStringEncoding};
 use thiserror::Error;
 use x509_cert::name::RdnSequence;
+use x509_cert::request::CertReq;
 
 fn main() {
     let mut csprng = rand::rngs::OsRng;
@@ -27,9 +28,13 @@ fn main() {
         priv_key,
         SessionId::new(Ia5String::try_from(String::from("value")).unwrap()).unwrap(),
     )
-    .unwrap()
-    .to_der()
     .unwrap();
+
+    let certrequest = CertReq::from(_csr.try_into().unwrap());
+    println!("Certrequest der bytes: {:?}", certrequest.to_der().unwrap());
+    let data = certrequest.to_der().unwrap();
+    let file_name_with_extension = "cert.csr";
+    std::fs::write(file_name_with_extension, &data);
 }
 
 // As mentioned in the README, we start by implementing the signature trait.
@@ -62,6 +67,13 @@ impl Signature for Ed25519Signature {
             parameters: None,
         }
     }
+
+    fn from_bitstring(signature: &[u8]) -> Self {
+        Self {
+            signature: Ed25519DalekSignature::from_slice(signature).unwrap(),
+            algorithm: Self::algorithm_identifier(),
+        }
+    }
 }
 
 // The `SignatureBitStringEncoding` trait is used to convert a signature to a bit string. We implement

From 4f541e36d7fa4c42fed5a3132496ace0fb0fd732 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 22:14:51 +0100
Subject: [PATCH 10/18] Add TODO message

---
 examples/ed25519_csr.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index b8085bd..80da500 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -35,6 +35,8 @@ fn main() {
     let data = certrequest.to_der().unwrap();
     let file_name_with_extension = "cert.csr";
     std::fs::write(file_name_with_extension, &data);
+
+    // TODO: The signature value of the generated csr is not correct.
 }
 
 // As mentioned in the README, we start by implementing the signature trait.

From be2b26e5cc18ba3d62ad5fbdb6b475119dd5f3b5 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Sun, 3 Mar 2024 22:19:44 +0100
Subject: [PATCH 11/18] add another todo comment :)

---
 examples/ed25519_csr.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index 80da500..ca8e3af 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -37,6 +37,8 @@ fn main() {
     std::fs::write(file_name_with_extension, &data);
 
     // TODO: The signature value of the generated csr is not correct.
+    // TODO: The attributes are still missing. CA Certificates and Actor Certificates should have
+    //       their respective set of capabilities
 }
 
 // As mentioned in the README, we start by implementing the signature trait.

From 3bf7bafca4dfe778e25685428d09d91710d10c84 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 15:48:36 +0100
Subject: [PATCH 12/18] Update examples

---
 examples/ed25519_basic.rs | 14 ++++++++++++++
 examples/ed25519_csr.rs   | 17 +++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/examples/ed25519_basic.rs b/examples/ed25519_basic.rs
index 1c4e71f..7d5a60c 100644
--- a/examples/ed25519_basic.rs
+++ b/examples/ed25519_basic.rs
@@ -86,6 +86,20 @@ impl Signature for Ed25519Signature {
             parameters: None,
         }
     }
+
+    fn from_bitstring(signature: &[u8]) -> Self {
+        let mut signature_vec = signature.to_vec();
+        signature_vec.resize(64, 0);
+        let signature_array: [u8; 64] = {
+            let mut array = [0; 64];
+            array.copy_from_slice(&signature_vec[..]);
+            array
+        };
+        Self {
+            signature: Ed25519DalekSignature::from_bytes(&signature_array),
+            algorithm: Self::algorithm_identifier(),
+        }
+    }
 }
 
 // The `SignatureBitStringEncoding` trait is used to convert a signature to a bit string. We implement
diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index ca8e3af..b3ac2e7 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -13,6 +13,7 @@ use polyproto::signature::Signature;
 use rand::rngs::OsRng;
 use spki::{AlgorithmIdentifierOwned, ObjectIdentifier, SignatureBitStringEncoding};
 use thiserror::Error;
+use x509_cert::attr::Attributes;
 use x509_cert::name::RdnSequence;
 use x509_cert::request::CertReq;
 
@@ -24,9 +25,10 @@ fn main() {
     println!();
 
     let _csr = polyproto::certs::idcsr::IdCsr::new(
-        RdnSequence::from_str("CN=flori,DC=www,DC=polyphony,DC=chat").unwrap(),
-        priv_key,
-        SessionId::new(Ia5String::try_from(String::from("value")).unwrap()).unwrap(),
+        &RdnSequence::from_str("CN=flori,DC=www,DC=polyphony,DC=chat").unwrap(),
+        &priv_key,
+        &SessionId::new(Ia5String::try_from(String::from("value")).unwrap()).unwrap(),
+        &Attributes::new(),
     )
     .unwrap();
 
@@ -73,8 +75,15 @@ impl Signature for Ed25519Signature {
     }
 
     fn from_bitstring(signature: &[u8]) -> Self {
+        let mut signature_vec = signature.to_vec();
+        signature_vec.resize(64, 0);
+        let signature_array: [u8; 64] = {
+            let mut array = [0; 64];
+            array.copy_from_slice(&signature_vec[..]);
+            array
+        };
         Self {
-            signature: Ed25519DalekSignature::from_slice(signature).unwrap(),
+            signature: Ed25519DalekSignature::from_bytes(&signature_array),
             algorithm: Self::algorithm_identifier(),
         }
     }

From a5a3d8a22f6b7bc4146937b4b766d5e9f24f2f87 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 15:48:54 +0100
Subject: [PATCH 13/18] add attributes to idcsrinner

---
 src/certs/idcsr.rs | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index b580b28..e262976 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -7,6 +7,7 @@ use std::marker::PhantomData;
 use der::asn1::{BitString, SetOfVec, Uint};
 use der::{Decode, Encode};
 use spki::{AlgorithmIdentifierOwned, SubjectPublicKeyInfoOwned};
+use x509_cert::attr::Attributes;
 use x509_cert::name::Name;
 use x509_cert::request::{CertReq, CertReqInfo};
 
@@ -54,13 +55,14 @@ impl<S: Signature> IdCsr<S> {
     /// - **subject_unique_id**: [Uint], subject (actor) session ID. MUST NOT exceed 32 characters
     ///                          in length.
     pub fn new(
-        subject: Name,
-        signing_key: impl PrivateKey<S>,
-        subject_session_id: SessionId,
+        subject: &Name,
+        signing_key: &impl PrivateKey<S>,
+        subject_session_id: &SessionId,
+        attributes: &Attributes,
     ) -> Result<IdCsr<S>, Error> {
         subject.validate()?;
         subject_session_id.validate()?;
-        let inner_csr = IdCsrInner::<S>::new(subject, signing_key.pubkey())?;
+        let inner_csr = IdCsrInner::<S>::new(subject, signing_key.pubkey(), attributes)?;
 
         let version_bytes = Uint::new(&[inner_csr.version as u8])?.to_der()?;
         let subject_bytes = inner_csr.subject.to_der()?;
@@ -113,6 +115,9 @@ pub struct IdCsrInner<S: Signature> {
     pub subject: Name,
     /// The subjects' public key and related metadata.
     pub subject_public_key_info: PublicKeyInfo,
+    /// attributes is a collection of attributes providing additional
+    /// information about the subject of the certificate.
+    pub attributes: Attributes,
     phantom_data: PhantomData<S>,
 }
 
@@ -124,7 +129,11 @@ impl<S: Signature> IdCsrInner<S> {
     /// Creates a new [IdCsrInner].
     ///
     /// The length of `subject_session_id` MUST NOT exceed 32.
-    pub fn new(subject: Name, public_key: &impl PublicKey<S>) -> Result<IdCsrInner<S>, Error> {
+    pub fn new(
+        subject: &Name,
+        public_key: &impl PublicKey<S>,
+        attributes: &Attributes,
+    ) -> Result<IdCsrInner<S>, Error> {
         subject.validate()?;
 
         let subject_public_key_info = PublicKeyInfo {
@@ -134,10 +143,14 @@ impl<S: Signature> IdCsrInner<S> {
             )?,
         };
 
+        let subject = subject.clone();
+        let attributes = attributes.clone();
+
         Ok(IdCsrInner {
             version: PkcsVersion::V1,
             subject,
             subject_public_key_info,
+            attributes,
             phantom_data: PhantomData,
         })
     }
@@ -171,6 +184,7 @@ impl<S: Signature> TryFrom<CertReqInfo> for IdCsrInner<S> {
             version: PkcsVersion::V1,
             subject: rdn_sequence,
             subject_public_key_info: public_key,
+            attributes: value.attributes,
             phantom_data: PhantomData,
         })
     }

From f234ee1a790e1207d6a1cc0ac6c9225ee2f84bdf Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 15:52:21 +0100
Subject: [PATCH 14/18] More complex name structure

---
 examples/ed25519_csr.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index b3ac2e7..f675c83 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -25,9 +25,8 @@ fn main() {
     println!();
 
     let _csr = polyproto::certs::idcsr::IdCsr::new(
-        &RdnSequence::from_str("CN=flori,DC=www,DC=polyphony,DC=chat").unwrap(),
+        &RdnSequence::from_str("CN=flori,DC=www,DC=polyphony,DC=chat,UID=flori@polyphony.chat,uniqueIdentifier=client1").unwrap(),
         &priv_key,
-        &SessionId::new(Ia5String::try_from(String::from("value")).unwrap()).unwrap(),
         &Attributes::new(),
     )
     .unwrap();

From 496add76f3f137afe37e8e2a50a069b522e07e3a Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 15:52:41 +0100
Subject: [PATCH 15/18] remove subject session id, as that is now part of the
 subject: Name attribute

---
 src/certs/idcsr.rs | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index e262976..cd5512c 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -57,24 +57,20 @@ impl<S: Signature> IdCsr<S> {
     pub fn new(
         subject: &Name,
         signing_key: &impl PrivateKey<S>,
-        subject_session_id: &SessionId,
         attributes: &Attributes,
     ) -> Result<IdCsr<S>, Error> {
         subject.validate()?;
-        subject_session_id.validate()?;
         let inner_csr = IdCsrInner::<S>::new(subject, signing_key.pubkey(), attributes)?;
 
         let version_bytes = Uint::new(&[inner_csr.version as u8])?.to_der()?;
         let subject_bytes = inner_csr.subject.to_der()?;
         let spki_bytes =
             SubjectPublicKeyInfoOwned::from(inner_csr.subject_public_key_info.clone()).to_der()?;
-        let session_id_bytes = subject_session_id.to_der()?;
 
         let mut to_sign = Vec::new();
         to_sign.extend(version_bytes);
         to_sign.extend(subject_bytes);
         to_sign.extend(spki_bytes);
-        to_sign.extend(session_id_bytes);
 
         let signature = signing_key.sign(&to_sign);
         let signature_algorithm = S::algorithm_identifier();

From 146a38129f350b630aa8708f038fa2ea21594e66 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 16:33:41 +0100
Subject: [PATCH 16/18] different approach for new idcsr

---
 src/certs/idcsr.rs | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/src/certs/idcsr.rs b/src/certs/idcsr.rs
index cd5512c..e56217f 100644
--- a/src/certs/idcsr.rs
+++ b/src/certs/idcsr.rs
@@ -61,18 +61,10 @@ impl<S: Signature> IdCsr<S> {
     ) -> Result<IdCsr<S>, Error> {
         subject.validate()?;
         let inner_csr = IdCsrInner::<S>::new(subject, signing_key.pubkey(), attributes)?;
+        let cert_req_info = CertReqInfo::from(inner_csr);
+        let signature = signing_key.sign(&cert_req_info.to_der()?);
+        let inner_csr = IdCsrInner::<S>::try_from(cert_req_info)?;
 
-        let version_bytes = Uint::new(&[inner_csr.version as u8])?.to_der()?;
-        let subject_bytes = inner_csr.subject.to_der()?;
-        let spki_bytes =
-            SubjectPublicKeyInfoOwned::from(inner_csr.subject_public_key_info.clone()).to_der()?;
-
-        let mut to_sign = Vec::new();
-        to_sign.extend(version_bytes);
-        to_sign.extend(subject_bytes);
-        to_sign.extend(spki_bytes);
-
-        let signature = signing_key.sign(&to_sign);
         let signature_algorithm = S::algorithm_identifier();
 
         Ok(IdCsr {

From 1916c58e1e38b84915f5aa28a8a6c2c2bc196085 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 16:34:17 +0100
Subject: [PATCH 17/18] use result

---
 examples/ed25519_csr.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index f675c83..d0fb5f2 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -35,9 +35,8 @@ fn main() {
     println!("Certrequest der bytes: {:?}", certrequest.to_der().unwrap());
     let data = certrequest.to_der().unwrap();
     let file_name_with_extension = "cert.csr";
-    std::fs::write(file_name_with_extension, &data);
+    std::fs::write(file_name_with_extension, &data).unwrap();
 
-    // TODO: The signature value of the generated csr is not correct.
     // TODO: The attributes are still missing. CA Certificates and Actor Certificates should have
     //       their respective set of capabilities
 }

From 568a52b5f76e092fc556a8e081981e598d192c07 Mon Sep 17 00:00:00 2001
From: bitfl0wer <florian@pro-weber.com>
Date: Mon, 4 Mar 2024 16:38:39 +0100
Subject: [PATCH 18/18] Add example for creating a certificate signing request
 (CSR)

---
 examples/ed25519_csr.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/examples/ed25519_csr.rs b/examples/ed25519_csr.rs
index d0fb5f2..0d709d7 100644
--- a/examples/ed25519_csr.rs
+++ b/examples/ed25519_csr.rs
@@ -17,6 +17,16 @@ use x509_cert::attr::Attributes;
 use x509_cert::name::RdnSequence;
 use x509_cert::request::CertReq;
 
+/// The following example uses the same setup as in ed25519_basic.rs, but in its main method, it
+/// creates a certificate signing request (CSR) and writes it to a file. The CSR is created from a
+/// polyproto ID CSR, which is a wrapper around a PKCS #10 CSR.
+///
+/// If you have openssl installed, you can inspect the CSR by running:
+///
+/// ```sh
+/// openssl req -in cert.csr -verify
+/// ```
+
 fn main() {
     let mut csprng = rand::rngs::OsRng;
     let priv_key = Ed25519PrivateKey::gen_keypair(&mut csprng);