Implemented ExtractCRLDistributionPointURIFromX509Cert() Helper Function (#26913)

* Implemented ExtractCRLDistributionPointURIFromX509Cert() Helper Function

  - Extracts the CRL Distribution Point (CDP) extension from an X509 ASN.1 Encoded Certificate
  - The returned value only covers the URI of the CDP
  - Only a single URI distribution point GeneralName is supported
  - The valid URL should start with "http://" or "https://"
  - Added OpenSSL, mbedTLS, and TinyCrypt implementations
  - Added CDP extension support to the chip-cert tool
  - Added new test vectors

* Update OpenSSL Impelementation to Address Review Comments.

Added documentation to clarify each step of the implementation.

* Added documentation to the mbedTLS-based implementations

* Restyled by clang-format

---------

Co-authored-by: Restyled.io <commits@restyled.io>

Author: 2 people

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.der

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUDCCAfagAwIBAgIISW372zteskMwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFQx
+JjAkBgNVBAMMHU1hdHRlciBUZXN0IERBQyAwMDAwIFR3byBDRFBzMRQwEgYKKwYB
+BAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAARKrV70IfqHoglq9IBcx7bK3w/30LA1NNMRJ5LYnAHfE7cV
+AfLEBWiSm/ibuygPsGeTDUwoQvlzUhJXOY+2MpLco4G9MIG6MAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBRF3Pw1yhkocaPuFrIVi2gb4+mK
+jDAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDAsBgNVHR8EJTAjMCGg
+H6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW0wLAYDVR0fBCUwIzAhoB+g
+HYYbaHR0cDovL2V4YW1wbGUuY29tL2NybDIucGVtMAoGCCqGSM49BAMCA0gAMEUC
+ICo4AL07AB1JwKlxGLhw/UsJVGsGYQev7ZWa7wxbASuPAiEA4YlR6OPubKM9Z7Jg
+jBq99l+UvHneNRsmIWpB3JKzESI=
+-----END CERTIFICATE-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJj6QtgPRpxFxnBqp0m+IYABttjI2ijEbkXYSlxoqN9+oAoGCCqGSM49
+AwEHoUQDQgAESq1e9CH6h6IJavSAXMe2yt8P99CwNTTTESeS2JwB3xO3FQHyxAVo
+kpv4m7soD7Bnkw1MKEL5c1ISVzmPtjKS3A==
+-----END EC PRIVATE KEY-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.der

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICSjCCAfCgAwIBAgIIXzwUpXaaVS0wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFox
+LDAqBgNVBAMMI01hdHRlciBUZXN0IERBQyAwMDAwIENEUCAoVHdvIFVSSXMpMRQw
+EgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTATBgcq
+hkjOPQIBBggqhkjOPQMBBwNCAATaRkJ2yopbD59Iy6YH/+2S9qgTFGdh+Hu5AO9s
+Q2voAeanxcjpYgnLEQRq76+OKwOZtin1IANCtIw0epGZh+NXo4GxMIGuMAwGA1Ud
+EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTMrHgJmsR/rXoOuQEs
+yPQiiAmrYTAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDBOBgNVHR8E
+RzBFMCCgHqAchhpodHRwOi8vZXhhbXBsZS5jb20vY3JsLnBlbTAhoB+gHYYbaHR0
+cDovL2V4YW1wbGUuY29tL2NybDIucGVtMAoGCCqGSM49BAMCA0gAMEUCIGoUNMNM
+07VMHKebxQhC593V7bd4xaKF6a5UYf8ddjl/AiEA7U3iA9Ja1dNx+7NNXJz3vqkS
+1ohFXkrf4C9/CWQ/iLw=
+-----END CERTIFICATE-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIL3FzD2bhQ0UC24d6vXSt8tj/HH2TmyomvM0uZhDfm3HoAoGCCqGSM49
+AwEHoUQDQgAE2kZCdsqKWw+fSMumB//tkvaoExRnYfh7uQDvbENr6AHmp8XI6WIJ
+yxEEau+vjisDmbYp9SADQrSMNHqRmYfjVw==
+-----END EC PRIVATE KEY-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.der

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIzCCAcmgAwIBAgIIcWVtG3ouFqQwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFYx
+KDAmBgNVBAMMH01hdHRlciBUZXN0IERBQyAwMDAwIENEUCAoSFRUUCkxFDASBgor
+BgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwEODAwMDBZMBMGByqGSM49
+AgEGCCqGSM49AwEHA0IABOMBHt6fUVqz6bqTJf7yO5bNcVw66jjOgR6I/G3nrDAm
+I/unBos+CdP+VJsRzF8OWWxO284+e6InH7jQmvQhnj2jgY4wgYswDAYDVR0TAQH/
+BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFGhDyDOjOZ+YQhU+sazPL5VY
+XxpQMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7PM7gRFSJfMlKIMCsGA1UdHwQkMCIw
+IKAeoByGGmh0dHA6Ly9leGFtcGxlLmNvbS9jcmwucGVtMAoGCCqGSM49BAMCA0gA
+MEUCIGVKTBM7ydpNFHg1q/wk1Szso6CPovTm6sKuYEEfNvWkAiEAqhyhkx+8mv/W
+RzKr8x6o9hPBZx8PIqQxZ+KOnayTHhg=
+-----END CERTIFICATE-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJTCCAcugAwIBAgIINKhBW30/Kx4wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFcx
+KTAnBgNVBAMMIE1hdHRlciBUZXN0IERBQyAwMDAwIENEUCAoSFRUUFMpMRQwEgYK
+KwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAATZKyTeUWuOzT5oYt6H/Dv3fnARcccLWYz/XwJ/Argg
+5/oHutTk2L4mHAj7MZXVqDSCOijMRwO3xRV+FJ5eqngFo4GPMIGMMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBSjAjP4b0DRGsVfgKXAqSpQ
+b+qfMTAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDAsBgNVHR8EJTAj
+MCGgH6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW0wCgYIKoZIzj0EAwID
+SAAwRQIgU+zq2jxdS7dQy+f40QlZEtTI5fsf7zAkH8+VgylA0JoCIQC1V168pxuE
+fnfV1dFBBruHvzedkqSd6o0QoOGLSBAuHw==
+-----END CERTIFICATE-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.der

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIASkFQOGOdFOYpJvRhpiVdejCwvcrGqYzfiLFnAqcp87oAoGCCqGSM49
+AwEHoUQDQgAE2Ssk3lFrjs0+aGLeh/w7935wEXHHC1mM/18CfwK4IOf6B7rU5Ni+
+JhwI+zGV1ag0gjoozEcDt8UVfhSeXqp4BQ==
+-----END EC PRIVATE KEY-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAZZ8hZ3GOkPEiO670Qo8bDOxHK1X7sH6ofXOYmc9zFqoAoGCCqGSM49
+AwEHoUQDQgAE4wEe3p9RWrPpupMl/vI7ls1xXDrqOM6BHoj8beesMCYj+6cGiz4J
+0/5UmxHMXw5ZbE7bzj57oicfuNCa9CGePQ==
+-----END EC PRIVATE KEY-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.der

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUzCCAfmgAwIBAgIIHW5tUEGGAAcwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMDsx
+DTALBgNVBAMMBExvbmcxFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
+onwCAgwEODAwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEMo+7hxQow14iSz
+f56AZANfssxy+PFxGFNGwyDhqIW15AkJXuyFX31Sr5eh0G92cWyHNn4ZiM6hGdbX
+9CUrxy+jgdkwgdYwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O
+BBYEFPZMe/GotuC6EI6960/h9nd8ySwpMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7P
+M7gRFSJfMlKIMHYGA1UdHwRvMG0wa6BpoGeGZWh0dHBzOi8vZXhhbXBsZS5jb20v
+dGhpcy1pcy1hbi1leGFtcGxlLW9mLWNybC1kaXN0cmlidXRpb24tcG9pbnQtZXh0
+ZW5zaW9uLXdoaWNoLWlzLTEwMS1jaGFycy9jcmwucGVtMAoGCCqGSM49BAMCA0gA
+MEUCIENDYnRVRbgQ6zM9WS0/RoI8U/VhGfCGROJ5TLpK2rexAiEAr1GXakRNQ566
+F7ihY3WBUwmT9hjCdBiH0+beR5GkyaQ=
+-----END CERTIFICATE-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINFUmafW3jhThp3mpGxLUtE7c1kW1Kq9UCaqrR5yeWbroAoGCCqGSM49
+AwEHoUQDQgAEQyj7uHFCjDXiJLN/noBkA1+yzHL48XEYU0bDIOGohbXkCQle7IVf
+fVKvl6HQb3ZxbIc2fhmIzqEZ1tf0JSvHLw==
+-----END EC PRIVATE KEY-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.der

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaugAwIBAgIIcAYIqqHXrW0wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMDsx
+DTALBgNVBAMMBExvbmcxFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
+onwCAgwEODAwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPzNyCm6Yjd8xsez
+bqfBr3bNFcMovEtujQd4ull/u/MK5xK2V9L58rkV+CNMh+KjO/XnWXbgTmrQPYUL
+0WQ588+jgYswgYgwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O
+BBYEFAcwHO+LnkQm0uRuxvo607dEHe+9MB8GA1UdIwQYMBaAFK9CtwlN69UV7G7P
+M7gRFSJfMlKIMCgGA1UdHwQhMB8wHaAboBmGF3d3dy5leGFtcGxlLmNvbS9jcmwu
+cGVtMAoGCCqGSM49BAMCA0gAMEUCIQDmuIge7Q6mcILAYH5G9sqEBDGr4JHWF12B
+DDih5PBFdwIgOQZfvvn9pBs3r8ux9t8JDhpEO6xuZSw72sED9NOsTnY=
+-----END CERTIFICATE-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKUdzfzZVduHJDVshxIakL0TGFN4p6mMcfRwRKKm2+vboAoGCCqGSM49
+AwEHoUQDQgAE/M3IKbpiN3zGx7Nup8Gvds0Vwyi8S26NB3i6WX+78wrnErZX0vny
+uRX4I0yH4qM79edZduBOatA9hQvRZDnzzw==
+-----END EC PRIVATE KEY-----

credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.der

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 #
-# Copyright (c) 2021-2022 Project CHIP Authors
+# Copyright (c) 2021-2023 Project CHIP Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -340,6 +340,59 @@ cert_lifetime=4294967295
     "$chip_cert_tool" gen-att-cert --type i --subject-cn "Matter Test PAI" --subject-vid "$vid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --ca-key "$paa_key_file".pem --ca-cert "$paa_cert_file".pem --key "$pai_key_file".pem --out "$pai_cert_file".pem
 }
 
+# Set #8:
+#   - Generate DACs with CRL Distribution Point (CDP) Extensions (Valid and Invalid cases)
+{
+    vid=FFF1
+    pid=8000
+    dac=0000
+
+    pai_key_file="$dest_dir/Chip-Test-PAI-$vid-$pid-Key"
+    pai_cert_file="$dest_dir/Chip-Test-PAI-$vid-$pid-Cert"
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Cert"
+
+    cdp_example="URI:http://example.com/crl.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (HTTP)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-HTTPS-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-HTTPS-Cert"
+
+    cdp_example="URI:https://example.com/crl.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (HTTPS)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Cert"
+
+    cdp_example2="URI:http://example.com/crl2.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac Two CDPs" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --cpd-ext "$cdp_example2" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2URIs-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2URIs-Cert"
+
+    cdp_example2in1="URI:http://example.com/crl.pem,URI:http://example.com/crl2.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (Two URIs)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example2in1" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Long-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Long-Cert"
+
+    cdp_example="URI:https://example.com/this-is-an-example-of-crl-distribution-point-extension-which-is-101-chars/crl.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Long" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Wrong-Prefix-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Wrong-Prefix-Cert"
+
+    cdp_example="URI:www.example.com/crl.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Long" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+}
+
 # In addition to PEM format also create certificates in DER form.
 for cert_file_pem in "$dest_dir"/*Cert.pem; do
     cert_file_der="${cert_file_pem/.pem/.der}"
@@ -357,7 +410,7 @@ if [ ! -z "$output_cstyle_file" ]; then
 
     copyright_note='/*
  *
- *    Copyright (c) 2021-2022 Project CHIP Authors
+ *    Copyright (c) 2021-2023 Project CHIP Authors
  *    All rights reserved.
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
@@ -380,6 +433,8 @@ if [ ! -z "$output_cstyle_file" ]; then
 '
     header_includes='
 #pragma once
+
+#include <lib/support/Span.h>
 '
 
     namespaces_open='