Un-namespace the extensions.

We've received API review feedback that is critical of us having the
extensions inside a namespace. This patch extracts them from that
namespace.

Author: Lukasa

Sources/X509/CryptographicMessageSyntax/CMSSignerIdentifier.swift

@@ -25,7 +25,7 @@ enum CMSSignerIdentifier: DERParseable, DERSerializable, Hashable {
     private static let skiIdentifier = ASN1Identifier(tagWithNumber: 0, tagClass: .contextSpecific)
 
     case issuerAndSerialNumber(CMSIssuerAndSerialNumber)
-    case subjectKeyIdentifier(Certificate.Extensions.SubjectKeyIdentifier)
+    case subjectKeyIdentifier(SubjectKeyIdentifier)
 
     init(derEncoded node: ASN1Node) throws {
         switch node.identifier {

Sources/X509/Docs.docc/Creating Certificates.md

@@ -94,12 +94,12 @@ We can use the helpful builder syntax for this:
 ```swift
 let extensions = try Certificate.Extensions {
     Critical(
-        Certificate.Extensions.BasicConstraints.isCertificateAuthority(maxPathLength: nil)
+        BasicConstraints.isCertificateAuthority(maxPathLength: nil)
     )
     Critical(
-        Certificate.Extensions.KeyUsage(digitalSignature: true, keyCertSign: true)
+        KeyUsage(digitalSignature: true, keyCertSign: true)
     )
-    Certificate.Extensions.SubjectAlternativeNames([.dNSName("localhost")])
+    SubjectAlternativeNames([.dNSName("localhost")])
 }
 ```
 
@@ -152,12 +152,12 @@ let now = Date()
 
 let extensions = try Certificate.Extensions {
     Critical(
-        Certificate.Extensions.BasicConstraints.isCertificateAuthority(maxPathLength: nil)
+        BasicConstraints.isCertificateAuthority(maxPathLength: nil)
     )
     Critical(
-        Certificate.Extensions.KeyUsage(keyCertSign: true)
+        KeyUsage(keyCertSign: true)
     )
-    Certificate.Extensions.SubjectAlternativeNames([.dNSName("localhost")])
+    SubjectAlternativeNames([.dNSName("localhost")])
 }
 
 let certificate = try Certificate(

Sources/X509/Docs.docc/Examining Certificates.md

@@ -114,7 +114,7 @@ for the ``Certificate/Extensions-swift.struct/SubjectAlternativeNames-swift.stru
 ```swift
 let opaqueSANExtension = certificate.extensions.first(where: { $0.oid == .X509ExtensionID.subjectAlternativeName })
 if let opaqueSanExtension {
-    let unwrappedSanExtension = try Certificate.Extensions.SubjectAlternativeName(opaqueSanExtension)
+    let unwrappedSanExtension = try SubjectAlternativeName(opaqueSanExtension)
 }
 ```
 
@@ -123,7 +123,7 @@ to search for a specific extension. The above code could be replaced by:
 
 ```swift
 if let opaqueSanExtension = certificate.extensions[oid: .X509ExtensionID.subjectAlternativeName] {
-    let unwrappedSanExtension = try Certificate.Extensions.SubjectAlternativeName(opaqueSanExtension)
+    let unwrappedSanExtension = try SubjectAlternativeName(opaqueSanExtension)
 }
 ```
 

Sources/X509/Extension Types/AuthorityInformationAccess.swift

@@ -14,55 +14,53 @@
 
 import SwiftASN1
 
-extension Certificate.Extensions {
-    /// Provides details on how to access information about the certificate issuer.
-    ///
-    /// This extension behaves as a collection of ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct/AccessDescription`` objects.
+/// Provides details on how to access information about the certificate issuer.
+///
+/// This extension behaves as a collection of ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct/AccessDescription`` objects.
+///
+/// In practice this most commonly contains OCSP servers and links to the issuing CA certificate.
+public struct AuthorityInformationAccess {
+    @usableFromInline
+    var descriptions: [AccessDescription]
+
+    /// Create a new ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct/`` object
+    /// containing specific access descriptions.
     ///
-    /// In practice this most commonly contains OCSP servers and links to the issuing CA certificate.
-    public struct AuthorityInformationAccess {
-        @usableFromInline
-        var descriptions: [AccessDescription]
+    /// - Parameter descriptions: The descriptions to include in the AIA extension.
+    @inlinable
+    public init<Descriptions: Sequence>(_ descriptions: Descriptions) where Descriptions.Element == AccessDescription {
+        self.descriptions = Array(descriptions)
+    }
 
-        /// Create a new ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct/`` object
-        /// containing specific access descriptions.
-        ///
-        /// - Parameter descriptions: The descriptions to include in the AIA extension.
-        @inlinable
-        public init<Descriptions: Sequence>(_ descriptions: Descriptions) where Descriptions.Element == AccessDescription {
-            self.descriptions = Array(descriptions)
+    /// Create a new ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct`` object
+    /// by unwrapping a ``Certificate/Extension``.
+    ///
+    /// - Parameter ext: The ``Certificate/Extension`` to unwrap
+    /// - Throws: if the ``Certificate/Extension/oid`` is not equal to
+    ///     `ASN1ObjectIdentifier.X509ExtensionID.authorityInformationAccess`.
+    @inlinable
+    public init(_ ext: Certificate.Extension) throws {
+        guard ext.oid == .X509ExtensionID.authorityInformationAccess else {
+            throw CertificateError.incorrectOIDForExtension(reason: "Expected \(ASN1ObjectIdentifier.X509ExtensionID.authorityInformationAccess), got \(ext.oid)")
         }
 
-        /// Create a new ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct`` object
-        /// by unwrapping a ``Certificate/Extension``.
-        ///
-        /// - Parameter ext: The ``Certificate/Extension`` to unwrap
-        /// - Throws: if the ``Certificate/Extension/oid`` is not equal to
-        ///     `ASN1ObjectIdentifier.X509ExtensionID.authorityInformationAccess`.
-        @inlinable
-        public init(_ ext: Certificate.Extension) throws {
-            guard ext.oid == .X509ExtensionID.authorityInformationAccess else {
-                throw CertificateError.incorrectOIDForExtension(reason: "Expected \(ASN1ObjectIdentifier.X509ExtensionID.authorityInformationAccess), got \(ext.oid)")
-            }
-
-            let aiaSyntax = try AuthorityInfoAccessSyntax(derEncoded: ext.value)
-            self.descriptions = aiaSyntax.descriptions.map { AccessDescription($0) }
-        }
+        let aiaSyntax = try AuthorityInfoAccessSyntax(derEncoded: ext.value)
+        self.descriptions = aiaSyntax.descriptions.map { AccessDescription($0) }
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess: Hashable { }
+extension AuthorityInformationAccess: Hashable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess: Sendable { }
+extension AuthorityInformationAccess: Sendable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess: CustomStringConvertible {
+extension AuthorityInformationAccess: CustomStringConvertible {
     public var description: String {
         return self.map { String(describing: $0) }.joined(separator: ", ")
     }
 }
 
 // TODO(cory): Probably also RangeReplaceableCollection, even though it's kinda crap.
-extension Certificate.Extensions.AuthorityInformationAccess: RandomAccessCollection {
+extension AuthorityInformationAccess: RandomAccessCollection {
     @inlinable
     public var startIndex: Int {
         self.descriptions.startIndex
@@ -85,7 +83,7 @@ extension Certificate.Extensions.AuthorityInformationAccess: RandomAccessCollect
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess {
+extension AuthorityInformationAccess {
     /// Describes the location and format of additional information provided
     /// by the issuer of a given certificate.
     public struct AccessDescription {
@@ -110,17 +108,17 @@ extension Certificate.Extensions.AuthorityInformationAccess {
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription: Hashable { }
+extension AuthorityInformationAccess.AccessDescription: Hashable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription: Sendable { }
+extension AuthorityInformationAccess.AccessDescription: Sendable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription: CustomStringConvertible {
+extension AuthorityInformationAccess.AccessDescription: CustomStringConvertible {
     public var description: String {
         return "\(self.method): \(self.location)"
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription {
+extension AuthorityInformationAccess.AccessDescription {
     /// The format and meaning of the information included in a single
     /// ``Certificate/Extensions-swift.struct/AuthorityInformationAccess-swift.struct/AccessDescription``
     /// object.
@@ -160,11 +158,11 @@ extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription {
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription.AccessMethod: Hashable { }
+extension AuthorityInformationAccess.AccessDescription.AccessMethod: Hashable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription.AccessMethod: Sendable { }
+extension AuthorityInformationAccess.AccessDescription.AccessMethod: Sendable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription.AccessMethod: CustomStringConvertible {
+extension AuthorityInformationAccess.AccessDescription.AccessMethod: CustomStringConvertible {
     @inlinable
     public var description: String {
         switch self.backing {
@@ -178,9 +176,9 @@ extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription.Ac
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription.AccessMethod.Backing: Hashable { }
+extension AuthorityInformationAccess.AccessDescription.AccessMethod.Backing: Hashable { }
 
-extension Certificate.Extensions.AuthorityInformationAccess.AccessDescription.AccessMethod.Backing: Sendable { }
+extension AuthorityInformationAccess.AccessDescription.AccessMethod.Backing: Sendable { }
 
 extension Certificate.Extension {
     /// Construct an opaque ``Certificate/Extension`` from this AIA extension.
@@ -189,15 +187,15 @@ extension Certificate.Extension {
     ///   - aia: The extension to wrap
     ///   - critical: Whether this extension should have the critical bit set.
     @inlinable
-    public init(_ aia: Certificate.Extensions.AuthorityInformationAccess, critical: Bool) throws {
+    public init(_ aia: AuthorityInformationAccess, critical: Bool) throws {
         let asn1Representation = AuthorityInfoAccessSyntax(aia)
         var serializer = DER.Serializer()
         try serializer.serialize(asn1Representation)
         self.init(oid: .X509ExtensionID.authorityInformationAccess, critical: critical, value: serializer.serializedBytes[...])
     }
 }
 
-extension Certificate.Extensions.AuthorityInformationAccess: CertificateExtensionConvertible {
+extension AuthorityInformationAccess: CertificateExtensionConvertible {
     public func makeCertificateExtension() throws -> Certificate.Extension {
         return try .init(self, critical: false)
     }
@@ -222,7 +220,7 @@ struct AuthorityInfoAccessSyntax: DERImplicitlyTaggable {
     var descriptions: [AIAAccessDescription]
 
     @inlinable
-    init(_ aia: Certificate.Extensions.AuthorityInformationAccess) {
+    init(_ aia: AuthorityInformationAccess) {
         self.descriptions = aia.descriptions.map { .init($0) }
     }
 
@@ -261,7 +259,7 @@ struct AIAAccessDescription: DERImplicitlyTaggable {
     }
 
     @inlinable
-    init(_ description: Certificate.Extensions.AuthorityInformationAccess.AccessDescription) {
+    init(_ description: AuthorityInformationAccess.AccessDescription) {
         self.accessMethod = ASN1ObjectIdentifier(accessMethod: description.method)
         self.accessLocation = description.location
     }
@@ -295,7 +293,7 @@ extension ASN1ObjectIdentifier {
     }
 
     @inlinable
-    public init(accessMethod: Certificate.Extensions.AuthorityInformationAccess.AccessDescription.AccessMethod) {
+    public init(accessMethod: AuthorityInformationAccess.AccessDescription.AccessMethod) {
         switch accessMethod.backing {
         case .ocspServer:
             self = .AccessMethodIdentifiers.ocspServer

Sources/X509/Extension Types/AuthorityKeyIdentifier.swift

@@ -14,60 +14,58 @@
 
 import SwiftASN1
 
-extension Certificate.Extensions {
-    /// Provides information about the public key corresponding to the private key that was
-    /// used to sign a specific certificate.
-    public struct AuthorityKeyIdentifier {
-        /// An opaque sequence of bytes uniquely derived from the public key of the issuing
-        /// CA.
-        ///
-        /// This is commonly a hash of the subject public key info from the issuing certificate.
-        public var keyIdentifier: ArraySlice<UInt8>?
-
-        /// The name of the issuer of the issuing cert.
-        public var authorityCertIssuer: [GeneralName]?
-
-        /// The serial number of the issuing cert.
-        public var authorityCertSerialNumber: Certificate.SerialNumber?
-
-        /// Create a new ``Certificate/Extensions-swift.struct/AuthorityKeyIdentifier-swift.struct`` extension value.
-        ///
-        /// - Parameters:
-        ///   - keyIdentifier: An opaque sequence of bytes uniquely derived from the public key of the issuing CA.
-        ///   - authorityCertIssuer: The name of the issuer of the issuing cert.
-        ///   - authorityCertSerialNumber: The serial number of the issuing cert.
-        @inlinable
-        public init(keyIdentifier: ArraySlice<UInt8>? = nil, authorityCertIssuer: [GeneralName]? = nil, authorityCertSerialNumber: Certificate.SerialNumber? = nil) {
-            self.keyIdentifier = keyIdentifier
-            self.authorityCertIssuer = authorityCertIssuer
-            self.authorityCertSerialNumber = authorityCertSerialNumber
-        }
+/// Provides information about the public key corresponding to the private key that was
+/// used to sign a specific certificate.
+public struct AuthorityKeyIdentifier {
+    /// An opaque sequence of bytes uniquely derived from the public key of the issuing
+    /// CA.
+    ///
+    /// This is commonly a hash of the subject public key info from the issuing certificate.
+    public var keyIdentifier: ArraySlice<UInt8>?
+
+    /// The name of the issuer of the issuing cert.
+    public var authorityCertIssuer: [GeneralName]?
+
+    /// The serial number of the issuing cert.
+    public var authorityCertSerialNumber: Certificate.SerialNumber?
 
-        /// Create a new ``Certificate/Extensions-swift.struct/AuthorityKeyIdentifier-swift.struct`` object
-        /// by unwrapping a ``Certificate/Extension``.
-        ///
-        /// - Parameter ext: The ``Certificate/Extension`` to unwrap
-        /// - Throws: if the ``Certificate/Extension/oid`` is not equal to
-        ///     `ASN1ObjectIdentifier.X509ExtensionID.authorityKeyIdentifier`.
-        @inlinable
-        public init(_ ext: Certificate.Extension) throws {
-            guard ext.oid == .X509ExtensionID.authorityKeyIdentifier else {
-                throw CertificateError.incorrectOIDForExtension(reason: "Expected \(ASN1ObjectIdentifier.X509ExtensionID.authorityKeyIdentifier), got \(ext.oid)")
-            }
-
-            let asn1KeyIdentifier = try AuthorityKeyIdentifierValue(derEncoded: ext.value)
-            self.keyIdentifier = asn1KeyIdentifier.keyIdentifier.map { $0.bytes }
-            self.authorityCertIssuer = asn1KeyIdentifier.authorityCertIssuer
-            self.authorityCertSerialNumber = asn1KeyIdentifier.authorityCertSerialNumber.map { Certificate.SerialNumber(bytes: $0) }
+    /// Create a new ``Certificate/Extensions-swift.struct/AuthorityKeyIdentifier-swift.struct`` extension value.
+    ///
+    /// - Parameters:
+    ///   - keyIdentifier: An opaque sequence of bytes uniquely derived from the public key of the issuing CA.
+    ///   - authorityCertIssuer: The name of the issuer of the issuing cert.
+    ///   - authorityCertSerialNumber: The serial number of the issuing cert.
+    @inlinable
+    public init(keyIdentifier: ArraySlice<UInt8>? = nil, authorityCertIssuer: [GeneralName]? = nil, authorityCertSerialNumber: Certificate.SerialNumber? = nil) {
+        self.keyIdentifier = keyIdentifier
+        self.authorityCertIssuer = authorityCertIssuer
+        self.authorityCertSerialNumber = authorityCertSerialNumber
+    }
+
+    /// Create a new ``Certificate/Extensions-swift.struct/AuthorityKeyIdentifier-swift.struct`` object
+    /// by unwrapping a ``Certificate/Extension``.
+    ///
+    /// - Parameter ext: The ``Certificate/Extension`` to unwrap
+    /// - Throws: if the ``Certificate/Extension/oid`` is not equal to
+    ///     `ASN1ObjectIdentifier.X509ExtensionID.authorityKeyIdentifier`.
+    @inlinable
+    public init(_ ext: Certificate.Extension) throws {
+        guard ext.oid == .X509ExtensionID.authorityKeyIdentifier else {
+            throw CertificateError.incorrectOIDForExtension(reason: "Expected \(ASN1ObjectIdentifier.X509ExtensionID.authorityKeyIdentifier), got \(ext.oid)")
         }
+
+        let asn1KeyIdentifier = try AuthorityKeyIdentifierValue(derEncoded: ext.value)
+        self.keyIdentifier = asn1KeyIdentifier.keyIdentifier.map { $0.bytes }
+        self.authorityCertIssuer = asn1KeyIdentifier.authorityCertIssuer
+        self.authorityCertSerialNumber = asn1KeyIdentifier.authorityCertSerialNumber.map { Certificate.SerialNumber(bytes: $0) }
     }
 }
 
-extension Certificate.Extensions.AuthorityKeyIdentifier: Hashable { }
+extension AuthorityKeyIdentifier: Hashable { }
 
-extension Certificate.Extensions.AuthorityKeyIdentifier: Sendable { }
+extension AuthorityKeyIdentifier: Sendable { }
 
-extension Certificate.Extensions.AuthorityKeyIdentifier: CustomStringConvertible {
+extension AuthorityKeyIdentifier: CustomStringConvertible {
     public var description: String {
         var elements: [String] = []
 
@@ -94,15 +92,15 @@ extension Certificate.Extension {
     ///   - aki: The extension to wrap
     ///   - critical: Whether this extension should have the critical bit set.
     @inlinable
-    public init(_ aki: Certificate.Extensions.AuthorityKeyIdentifier, critical: Bool) throws {
+    public init(_ aki: AuthorityKeyIdentifier, critical: Bool) throws {
         let asn1Representation = AuthorityKeyIdentifierValue(aki)
         var serializer = DER.Serializer()
         try serializer.serialize(asn1Representation)
         self.init(oid: .X509ExtensionID.authorityKeyIdentifier, critical: critical, value: serializer.serializedBytes[...])
     }
 }
 
-extension Certificate.Extensions.AuthorityKeyIdentifier: CertificateExtensionConvertible {
+extension AuthorityKeyIdentifier: CertificateExtensionConvertible {
     public func makeCertificateExtension() throws -> Certificate.Extension {
         return try .init(self, critical: false)
     }
@@ -133,7 +131,7 @@ struct AuthorityKeyIdentifierValue: DERImplicitlyTaggable {
     }
 
     @inlinable
-    init(_ aki: Certificate.Extensions.AuthorityKeyIdentifier) {
+    init(_ aki: AuthorityKeyIdentifier) {
         self.keyIdentifier = aki.keyIdentifier.map { ASN1OctetString(contentBytes: $0) }
         self.authorityCertIssuer = aki.authorityCertIssuer
         self.authorityCertSerialNumber = aki.authorityCertSerialNumber.map { $0.bytes }