@matter/protocol 0.16.0-alpha.0-20251106-4e10fd77b → 0.16.0-alpha.0-20251107-6bcb5baf4

package/src/certificate/kinds/X509Base.ts

@@ -12,6 +12,7 @@ import {
     DerBitString,
     DerCodec,
     DerKey,
+    DerNode,
     DerType,
     Key,
     PublicKey,
@@ -26,6 +27,8 @@ import {
     FabricId_Matter,
     FirmwareSigningId_Matter,
     IcacId_Matter,
+    MATTER_EPOCH_OFFSET_S,
+    MATTER_OID_TO_FIELD_MAP,
     matterToJsDate,
     NocCat_Matter,
     NodeId_Matter,
@@ -114,8 +117,8 @@ export abstract class X509Base<CT extends X509Certificate> {
                 case "commonName":
                     asn.commonName = X520.CommonName(value as string);
                     break;
-                case "sureName":
-                    asn.sureName = X520.SurName(value as string);
+                case "surName":
+                    asn.surName = X520.SurName(value as string);
                     break;
                 case "serialNum":
                     asn.serialNum = X520.SerialNumber(value as string);
@@ -206,8 +209,8 @@ export abstract class X509Base<CT extends X509Certificate> {
                 case "commonNamePs":
                     asn.commonNamePs = X520.CommonName(value as string, true);
                     break;
-                case "sureNamePs":
-                    asn.sureNamePs = X520.SurName(value as string, true);
+                case "surNamePs":
+                    asn.surNamePs = X520.SurName(value as string, true);
                     break;
                 case "serialNumPs":
                     asn.serialNumPs = X520.SerialNumber(value as string, true);
@@ -293,7 +296,7 @@ export abstract class X509Base<CT extends X509Certificate> {
     /**
      * Build the ASN.1 DER structure for the certificate.
      */
-    protected genericBuildAsn1Structure({
+    genericBuildAsn1Structure({
         serialNumber,
         notBefore,
         notAfter,
@@ -322,11 +325,13 @@ export abstract class X509Base<CT extends X509Certificate> {
             extensions: ContextTagged(3, this.#extensionsToAsn1(extensions)),
         };
     }
+}
 
+export namespace X509Base {
     /**
      * Create a Certificate Signing Request (CSR) in ASN.1 DER format.
      */
-    static async createCertificateSigningRequest(crypto: Crypto, key: Key) {
+    export async function createCertificateSigningRequest(crypto: Crypto, key: Key) {
         const request = {
             version: 0,
             subject: { organization: X520.OrganisationName("CSR") },
@@ -341,10 +346,420 @@ export abstract class X509Base<CT extends X509Certificate> {
         });
     }
 
+    /**
+     * X.509 certificate extension OIDs
+     */
+    namespace ExtensionOid {
+        export const BASIC_CONSTRAINTS = 0x551d13n;
+        export const KEY_USAGE = 0x551d0fn;
+        export const EXTENDED_KEY_USAGE = 0x551d25n;
+        export const SUBJECT_KEY_IDENTIFIER = 0x551d0en;
+        export const AUTHORITY_KEY_IDENTIFIER = 0x551d23n;
+    }
+
+    /**
+     * Extended Key Usage OIDs
+     */
+    namespace ExtendedKeyUsageOid {
+        export const SERVER_AUTH = 0x2b06010505070301n;
+        export const CLIENT_AUTH = 0x2b06010505070302n;
+        export const CODE_SIGNING = 0x2b06010505070303n;
+        export const EMAIL_PROTECTION = 0x2b06010505070304n;
+        export const TIME_STAMPING = 0x2b06010505070308n;
+        export const OCSP_SIGNING = 0x2b06010505070309n;
+    }
+
+    /**
+     * Map an OID to a subject/issuer field name.
+     * Uses auto-generated lookup maps from X520 and Matter OID definitions.
+     * Returns the field name and whether the value is a PrintableString variant.
+     */
+    function oidToSubjectField(oid: Bytes) {
+        const oidHex = Bytes.toHex(oid);
+
+        const field = X520.OID_TO_FIELD_MAP[oidHex] ?? MATTER_OID_TO_FIELD_MAP[oidHex];
+        if (field !== undefined) {
+            return { field, isPrintable: false };
+        }
+    }
+
+    /**
+     * Parse a subject or issuer field from ASN.1 DER format.
+     */
+    function parseSubjectOrIssuer(node: DerNode) {
+        const result: { [field: string]: unknown } = {};
+
+        const { [DerKey.Elements]: rdnSequence } = node;
+        if (!rdnSequence) {
+            throw new CertificateError("Invalid subject/issuer structure");
+        }
+
+        // Iterate through RDN SEQUENCEs
+        for (const rdnSet of rdnSequence) {
+            const { [DerKey.Elements]: attributeSets } = rdnSet;
+            if (!attributeSets) continue;
+
+            for (const attributeSet of attributeSets) {
+                const { [DerKey.Elements]: attrElements } = attributeSet;
+                if (!attrElements || attrElements.length !== 2) continue;
+
+                const [oidNode, valueNode] = attrElements;
+                const oid = oidNode[DerKey.Bytes];
+                const fieldInfo = oidToSubjectField(oid);
+
+                if (fieldInfo === undefined) continue;
+
+                let { field } = fieldInfo;
+                let value;
+
+                // Parse the value based on the field type
+                const valueBytes = Bytes.of(valueNode[DerKey.Bytes]);
+                const valueTag = valueNode[DerKey.TagId];
+
+                // Matter-specific fields are encoded as UTF8 strings containing hex values
+                switch (field) {
+                    case "nodeId":
+                    case "fabricId": {
+                        // 16-byte hex string -> BigInt
+                        const hexString = Bytes.toString(valueBytes);
+                        value = BigInt("0x" + hexString);
+                        break;
+                    }
+                    case "icacId":
+                    case "rcacId":
+                    case "vvsId": {
+                        // 8-byte hex string -> BigInt, but convert to number if it fits
+                        const hexString = Bytes.toString(valueBytes);
+                        const bigIntValue = BigInt("0x" + hexString);
+                        // Convert to number if it fits in Number.MAX_SAFE_INTEGER
+                        value = bigIntValue <= BigInt(Number.MAX_SAFE_INTEGER) ? Number(bigIntValue) : bigIntValue;
+                        break;
+                    }
+                    case "firmwareSigningId":
+                    case "productId":
+                    case "vendorId": {
+                        // 4-byte or 2-byte hex string -> number
+                        const hexString = Bytes.toString(valueBytes);
+                        value = parseInt(hexString, 16);
+                        break;
+                    }
+                    case "caseAuthenticatedTag": {
+                        // CAT tags - 4-byte hex string -> number
+                        const hexString = Bytes.toString(valueBytes);
+                        const catValue = parseInt(hexString, 16);
+                        if (result.caseAuthenticatedTags !== undefined) {
+                            (result.caseAuthenticatedTags as number[]).push(catValue);
+                            continue;
+                        }
+                        field = "caseAuthenticatedTags";
+                        value = [catValue];
+                        break;
+                    }
+                    default: {
+                        // String fields
+                        value = Bytes.toString(valueBytes);
+
+                        // Handle PrintableString variants
+                        if (valueTag === DerType.PrintableString) {
+                            field += "Ps";
+                        }
+                    }
+                }
+                result[field] = value;
+            }
+        }
+
+        return result;
+    }
+
+    /**
+     * Parse extensions from ASN.1 DER format.
+     */
+    function parseExtensions(extensionsNode: DerNode): X509Certificate["extensions"] & {
+        [oid: string]: unknown; // For unrecognized extensions
+    } {
+        const result = {
+            basicConstraints: { isCa: false },
+        } as X509Certificate["extensions"] & { [oid: string]: unknown };
+
+        const { [DerKey.Elements]: extensions } = extensionsNode;
+        if (!extensions) {
+            throw new CertificateError("Invalid extensions structure");
+        }
+
+        for (const ext of extensions) {
+            const { [DerKey.Elements]: extElements } = ext;
+            if (!extElements || extElements.length < 2) continue;
+
+            const oid = extElements[0][DerKey.Bytes];
+            const oidValue = Bytes.asBigInt(oid);
+
+            // Find the value - it might be after a critical flag
+            let valueIndex = 1;
+            if (extElements.length > 2 && extElements[1][DerKey.TagId] === DerType.Boolean) {
+                valueIndex = 2; // Skip critical flag
+            }
+
+            const valueOctetString = extElements[valueIndex][DerKey.Bytes];
+            const valueNode = DerCodec.decode(valueOctetString);
+
+            switch (oidValue) {
+                case ExtensionOid.BASIC_CONSTRAINTS:
+                    {
+                        const { [DerKey.Elements]: bcElements } = valueNode;
+                        // Always initialize basicConstraints when extension is present
+                        if (bcElements && bcElements.length > 0) {
+                            // First element is isCa boolean
+                            if (bcElements[0][DerKey.TagId] === DerType.Boolean) {
+                                const bcBytes = Bytes.of(bcElements[0][DerKey.Bytes]);
+                                result.basicConstraints.isCa = bcBytes[0] !== 0;
+                            }
+                            // Second element (if present) is pathLen integer
+                            if (bcElements.length > 1 && bcElements[1][DerKey.TagId] === DerType.Integer) {
+                                const pathLenBytes = Bytes.of(bcElements[1][DerKey.Bytes]);
+                                result.basicConstraints.pathLen = pathLenBytes[0];
+                            }
+                        }
+                    }
+                    break;
+
+                case ExtensionOid.KEY_USAGE:
+                    {
+                        // Note: DerKey.Bytes for BIT STRING returns data without the padding byte
+                        const bitString = Bytes.of(valueNode[DerKey.Bytes]);
+                        if (bitString.length >= 1) {
+                            // The keyUsage flags are in the first byte
+                            const usageByte = bitString[0];
+
+                            // Set all flags based on the bit values
+                            result.keyUsage = {
+                                digitalSignature: (usageByte & 0x80) !== 0,
+                                nonRepudiation: (usageByte & 0x40) !== 0,
+                                keyEncipherment: (usageByte & 0x20) !== 0,
+                                dataEncipherment: (usageByte & 0x10) !== 0,
+                                keyAgreement: (usageByte & 0x08) !== 0,
+                                keyCertSign: (usageByte & 0x04) !== 0,
+                                cRLSign: (usageByte & 0x02) !== 0,
+                                encipherOnly: (usageByte & 0x01) !== 0,
+                                decipherOnly: bitString.length > 1 ? (bitString[1] & 0x80) !== 0 : false,
+                            };
+                        }
+                    }
+                    break;
+
+                case ExtensionOid.EXTENDED_KEY_USAGE:
+                    {
+                        const { [DerKey.Elements]: ekuElements } = valueNode;
+                        if (ekuElements) {
+                            const ekuValues: number[] = [];
+                            for (const eku of ekuElements) {
+                                const ekuOidValue = Bytes.asBigInt(eku[DerKey.Bytes]);
+                                switch (ekuOidValue) {
+                                    case ExtendedKeyUsageOid.SERVER_AUTH:
+                                        ekuValues.push(1);
+                                        break;
+                                    case ExtendedKeyUsageOid.CLIENT_AUTH:
+                                        ekuValues.push(2);
+                                        break;
+                                    case ExtendedKeyUsageOid.CODE_SIGNING:
+                                        ekuValues.push(3);
+                                        break;
+                                    case ExtendedKeyUsageOid.EMAIL_PROTECTION:
+                                        ekuValues.push(4);
+                                        break;
+                                    case ExtendedKeyUsageOid.TIME_STAMPING:
+                                        ekuValues.push(5);
+                                        break;
+                                    case ExtendedKeyUsageOid.OCSP_SIGNING:
+                                        ekuValues.push(6);
+                                        break;
+                                }
+                            }
+                            if (ekuValues.length > 0) {
+                                result.extendedKeyUsage = ekuValues;
+                            }
+                        }
+                    }
+                    break;
+
+                case ExtensionOid.SUBJECT_KEY_IDENTIFIER:
+                    result.subjectKeyIdentifier = valueNode[DerKey.Bytes];
+                    break;
+
+                case ExtensionOid.AUTHORITY_KEY_IDENTIFIER:
+                    {
+                        const { [DerKey.Elements]: akiElements } = valueNode;
+                        if (akiElements && akiElements.length > 0) {
+                            // The keyIdentifier is context-tagged with [0]
+                            result.authorityKeyIdentifier = akiElements[0][DerKey.Bytes];
+                        }
+                    }
+                    break;
+            }
+        }
+
+        if (
+            result.basicConstraints === undefined ||
+            result.keyUsage === undefined ||
+            result.subjectKeyIdentifier === undefined ||
+            result.authorityKeyIdentifier === undefined
+        ) {
+            throw new CertificateError("Missing required extensions in certificate");
+        }
+
+        return result;
+    }
+
+    /**
+     * Parse a date from ASN.1 DER format (UTCTime or GeneralizedTime).
+     */
+    function parseDate(node: DerNode): number {
+        const dateBytes = node[DerKey.Bytes];
+        const dateString = Bytes.toString(dateBytes);
+        const tag = node[DerKey.TagId];
+
+        let year: number, month: number, day: number, hour: number, minute: number, second: number;
+
+        if (tag === DerType.UtcDate) {
+            // UTCTime format: YYMMDDHHMMSSZ
+            year = parseInt(dateString.substring(0, 2));
+            year += year >= 50 ? 1900 : 2000;
+            month = parseInt(dateString.substring(2, 4));
+            day = parseInt(dateString.substring(4, 6));
+            hour = parseInt(dateString.substring(6, 8));
+            minute = parseInt(dateString.substring(8, 10));
+            second = parseInt(dateString.substring(10, 12));
+        } else if (tag === DerType.GeneralizedTime) {
+            // GeneralizedTime format: YYYYMMDDHHMMSSZ
+            year = parseInt(dateString.substring(0, 4));
+            month = parseInt(dateString.substring(4, 6));
+            day = parseInt(dateString.substring(6, 8));
+            hour = parseInt(dateString.substring(8, 10));
+            minute = parseInt(dateString.substring(10, 12));
+            second = parseInt(dateString.substring(12, 14));
+        } else {
+            throw new CertificateError(`Unsupported date type: ${tag}`);
+        }
+
+        const date = new Date(Date.UTC(year, month - 1, day, hour, minute, second));
+
+        // Check if this is the special NON_WELL_DEFINED_DATE (9999-12-31 23:59:59Z)
+        // which should be represented as 0 in Matter epoch
+        if (date.getTime() === X520.NON_WELL_DEFINED_DATE.getTime()) {
+            return 0;
+        }
+
+        // Convert to Matter epoch (seconds since 2000-01-01 00:00:00 UTC)
+        return Math.floor(date.getTime() / 1000) - MATTER_EPOCH_OFFSET_S;
+    }
+
+    /**
+     * Parse an ASN.1/DER encoded certificate into the internal format.
+     * This extracts the certificate data without the signature.
+     */
+    export function parseAsn1Certificate(encodedCert: Bytes): X509Certificate {
+        const { [DerKey.Elements]: rootElements } = DerCodec.decode(encodedCert);
+
+        if (!rootElements || rootElements.length !== 3) {
+            throw new CertificateError(
+                `Invalid certificate structure - expected 3 root elements, got ${rootElements?.length ?? 0}`,
+            );
+        }
+
+        const [certificateNode, , signatureNode] = rootElements;
+
+        // Parse TBSCertificate
+        const { [DerKey.Elements]: certElements } = certificateNode;
+        if (!certElements || certElements.length < 7) {
+            throw new CertificateError("Invalid TBSCertificate structure");
+        }
+
+        let idx = 0;
+
+        // Version (optional, context-tagged [0])
+        if (certElements[idx][DerKey.TagId] === 0xa0) {
+            // Skip version - we don't need it for the internal representation
+            idx++;
+        }
+
+        // Serial number
+        const serialNumber = certElements[idx++][DerKey.Bytes];
+
+        // Signature algorithm
+        const signatureAlgorithmOid = certElements[idx][DerKey.Elements]?.[0]?.[DerKey.Bytes];
+        if (!signatureAlgorithmOid) {
+            throw new CertificateError("Invalid signature algorithm structure");
+        }
+        const signatureAlgorithm = Bytes.toHex(signatureAlgorithmOid) === "2a8648ce3d040302" ? 1 : 0;
+        idx++;
+
+        // Issuer
+        const issuer = parseSubjectOrIssuer(certElements[idx++]);
+
+        // Validity
+        const { [DerKey.Elements]: validityElements } = certElements[idx++];
+        if (!validityElements || validityElements.length !== 2) {
+            throw new CertificateError("Invalid validity structure");
+        }
+        const notBefore = parseDate(validityElements[0]);
+        const notAfter = parseDate(validityElements[1]);
+
+        // Subject
+        const subject = parseSubjectOrIssuer(certElements[idx++]);
+
+        // Public key
+        const { [DerKey.Elements]: publicKeyElements } = certElements[idx++];
+        if (!publicKeyElements || publicKeyElements.length !== 2) {
+            throw new CertificateError("Invalid public key structure");
+        }
+
+        const { [DerKey.Elements]: algorithmElements } = publicKeyElements[0];
+        if (!algorithmElements || algorithmElements.length !== 2) {
+            throw new CertificateError("Invalid public key algorithm structure");
+        }
+
+        const publicKeyAlgorithmOid = Bytes.toHex(algorithmElements[0][DerKey.Bytes]);
+        const publicKeyAlgorithm = publicKeyAlgorithmOid === "2a8648ce3d0201" ? 1 : 0;
+
+        const ellipticCurveOid = Bytes.toHex(algorithmElements[1][DerKey.Bytes]);
+        const ellipticCurveIdentifier = ellipticCurveOid === "2a8648ce3d030107" ? 1 : 0;
+
+        // Note: DerKey.Bytes for BIT STRING returns data without the padding byte
+        // EC public keys in Matter format include the 0x04 uncompressed point format byte
+        // followed by 64 bytes (32 bytes X + 32 bytes Y), totaling 65 bytes
+        const ellipticCurvePublicKey = Bytes.of(publicKeyElements[1][DerKey.Bytes]);
+
+        // Extensions (required, context-tagged [3])
+        if (idx >= certElements.length || certElements[idx][DerKey.TagId] !== 0xa3) {
+            throw new CertificateError("Missing required extensions in certificate");
+        }
+        const extensionsBytes = certElements[idx][DerKey.Bytes];
+        const extensionsSequence = DerCodec.decode(extensionsBytes);
+        const extensions = parseExtensions(extensionsSequence);
+
+        // Extract signature from BIT STRING
+        // Note: DerKey.Bytes for BIT STRING returns data without the padding byte
+        const signature = Bytes.of(signatureNode[DerKey.Bytes]);
+
+        return {
+            serialNumber,
+            signatureAlgorithm,
+            issuer,
+            notBefore,
+            notAfter,
+            subject,
+            publicKeyAlgorithm,
+            ellipticCurveIdentifier,
+            ellipticCurvePublicKey,
+            extensions,
+            signature,
+        };
+    }
+
     /**
      * Extract the public key from a Certificate Signing Request (CSR) in ASN.1 DER format.
      */
-    static async getPublicKeyFromCsr(crypto: Crypto, encodedCsr: Bytes) {
+    export async function getPublicKeyFromCsr(crypto: Crypto, encodedCsr: Bytes) {
         const { [DerKey.Elements]: rootElements } = DerCodec.decode(encodedCsr);
         if (rootElements?.length !== 3) {
             throw new CertificateError("Invalid CSR data");

package/src/certificate/kinds/definitions/asn.ts

@@ -6,20 +6,22 @@
 
 import { Bytes, DerObject, X520 } from "#general";
 import { FabricId, NodeId, VendorId } from "#types";
+import { InternalError } from "@matter/general";
 
 const YEAR_S = 365 * 24 * 60 * 60;
-const EPOCH_OFFSET_S = 10957 * 24 * 60 * 60;
+/** Seconds from Unix epoch (1970-01-01) to Matter epoch (2000-01-01) */
+export const MATTER_EPOCH_OFFSET_S = 10957 * 24 * 60 * 60;
 
 // TODO replace usage of Date by abstraction
 
 export function matterToJsDate(date: number) {
-    return date === 0 ? X520.NON_WELL_DEFINED_DATE : new Date((date + EPOCH_OFFSET_S) * 1000);
+    return date === 0 ? X520.NON_WELL_DEFINED_DATE : new Date((date + MATTER_EPOCH_OFFSET_S) * 1000);
 }
 
 export function jsToMatterDate(date: Date, addYears = 0) {
     return date.getTime() === X520.NON_WELL_DEFINED_DATE.getTime()
         ? 0
-        : Math.floor(date.getTime() / 1000) - EPOCH_OFFSET_S + addYears * YEAR_S;
+        : Math.floor(date.getTime() / 1000) - MATTER_EPOCH_OFFSET_S + addYears * YEAR_S;
 }
 
 function intTo16Chars(value: bigint | number) {
@@ -49,52 +51,73 @@ function uInt16To4Chars(value: number) {
  */
 
 /**
- * Generator function to create a specific ASN field for a Matter OpCert DN with the OID base 1.3.6.1.4.1.37244.1.*.
- * The returned function takes the value and returns the ASN.1 DER object.
+ * Reverse lookup map from OID hex to field name for all Matter-specific attributes
+ * (both operational and attestation certificates)
  */
-const GenericMatterOpCertObject =
-    <T>(id: number, valueConverter?: (value: T) => string) =>
-    (value: T) => [
-        DerObject(`2b0601040182a27c01${id.toString(16).padStart(2, "0")}`, {
+export const MATTER_OID_TO_FIELD_MAP: { [oidHex: string]: string } = {};
+
+/**
+ * Generic generator function for Matter-specific ASN.1 OID fields.
+ * Registers the OID in the reverse lookup map immediately at function creation time.
+ */
+const GenericMatterObject = <T>(
+    oidBase: string,
+    id: number,
+    fieldName: string,
+    valueConverter?: (value: T) => string,
+) => {
+    const oidHex = `${oidBase}${id.toString(16).padStart(2, "0")}`;
+    // Register in reverse lookup map immediately at function creation time
+    if (MATTER_OID_TO_FIELD_MAP[oidHex] !== undefined && MATTER_OID_TO_FIELD_MAP[oidHex] !== fieldName) {
+        throw new InternalError(
+            `ASN.1 Matter OID mapping for ${oidHex} already exists with a different field name: "${MATTER_OID_TO_FIELD_MAP[oidHex]}" vs "${fieldName}"`,
+        );
+    }
+    MATTER_OID_TO_FIELD_MAP[oidHex] = fieldName;
+    return (value: T) => [
+        DerObject(oidHex, {
             value: (valueConverter ?? intTo16Chars)(value as any),
         }),
     ];
+};
+
+/**
+ * Generator function to create a specific ASN field for a Matter OpCert DN with the OID base 1.3.6.1.4.1.37244.1.*.
+ * The returned function takes the value and returns the ASN.1 DER object.
+ */
+const GenericMatterOpCertObject = <T>(id: number, fieldName: string, valueConverter?: (value: T) => string) =>
+    GenericMatterObject<T>("2b0601040182a27c01", id, fieldName, valueConverter);
 
 /**
  * Generator function to create a specific ASN field for a Matter AttCert DN with the OID base 1.3.6.1.4.1.37244.2.*.
  * The returned function takes the value and returns the ASN.1 DER object.
  */
-const GenericMatterAttCertObject =
-    <T>(id: number, valueConverter?: (value: T) => string) =>
-    (value: T) => [
-        DerObject(`2b0601040182a27c02${id.toString(16).padStart(2, "0")}`, {
-            value: (valueConverter ?? intTo16Chars)(value as any),
-        }),
-    ];
+const GenericMatterAttCertObject = <T>(id: number, fieldName: string, valueConverter?: (value: T) => string) =>
+    GenericMatterObject<T>("2b0601040182a27c02", id, fieldName, valueConverter);
 
 /** matter-node-id = ASN.1 OID 1.3.6.1.4.1.37244.1.1 */
-export const NodeId_Matter = GenericMatterOpCertObject<NodeId>(1);
+export const NodeId_Matter = GenericMatterOpCertObject<NodeId>(1, "nodeId");
 
 /** matter-firmware-signing-id = ASN.1 OID 1.3.6.1.4.1.37244.1.2 */
-export const FirmwareSigningId_Matter = GenericMatterOpCertObject<number>(2);
+export const FirmwareSigningId_Matter = GenericMatterOpCertObject<number>(2, "firmwareSigningId");
 
 /** matter-icac-id = ASN.1 OID 1.3.6.1.4.1.37244.1.3 */
-export const IcacId_Matter = GenericMatterOpCertObject<bigint | number>(3);
+export const IcacId_Matter = GenericMatterOpCertObject<bigint | number>(3, "icacId");
 
 /** matter-rcac-id = ASN.1 OID 1.3.6.1.4.1.37244.1.4 */
-export const RcacId_Matter = GenericMatterOpCertObject<bigint | number>(4);
+export const RcacId_Matter = GenericMatterOpCertObject<bigint | number>(4, "rcacId");
 
 /** matter-fabric-id = ASN.1 OID 1.3.6.1.4.1.37244.1.5 */
-export const FabricId_Matter = GenericMatterOpCertObject<FabricId>(5);
+export const FabricId_Matter = GenericMatterOpCertObject<FabricId>(5, "fabricId");
 
 /** matter-noc-cat = ASN.1 OID 1.3.6.1.4.1.37244.1.6 */
-export const NocCat_Matter = GenericMatterOpCertObject<number>(6, uInt16To8Chars);
+export const NocCat_Matter = GenericMatterOpCertObject<number>(6, "caseAuthenticatedTag", uInt16To8Chars);
 
 /** matter-vvs-id = ASN.1 OID 1.3.6.1.4.1.37244.1.7 */
-export const VvsId_Matter = GenericMatterOpCertObject<bigint | number>(7);
+export const VvsId_Matter = GenericMatterOpCertObject<bigint | number>(7, "vvsId");
 
 /** matter-oid-vid = ASN.1 OID 1.3.6.1.4.1.37244.2.1 */
-export const VendorId_Matter = GenericMatterAttCertObject<VendorId>(1, uInt16To4Chars);
+export const VendorId_Matter = GenericMatterAttCertObject<VendorId>(1, "vendorId", uInt16To4Chars);
 
 /** matter-oid-pid = ASN.1 OID 1.3.6.1.4.1.37244.2.2 */
-export const ProductId_Matter = GenericMatterAttCertObject<number>(2, uInt16To4Chars);
+export const ProductId_Matter = GenericMatterAttCertObject<number>(2, "productId", uInt16To4Chars);

package/src/certificate/kinds/definitions/operational.ts

@@ -69,7 +69,7 @@ export namespace OperationalCertificate {
         const fields = {
             // Standard DNs
             commonName: TlvOptionalField(1, TlvString),
-            sureName: TlvOptionalField(2, TlvString),
+            surName: TlvOptionalField(2, TlvString),
             serialNum: TlvOptionalField(3, TlvString),
             countryName: TlvOptionalField(4, TlvString),
             localityName: TlvOptionalField(5, TlvString),
@@ -90,7 +90,7 @@ export namespace OperationalCertificate {
 
             // Standard DNs when encoded as Printable String
             commonNamePs: TlvOptionalField(129, TlvString),
-            sureNamePs: TlvOptionalField(130, TlvString),
+            surNamePs: TlvOptionalField(130, TlvString),
             serialNumPs: TlvOptionalField(131, TlvString),
             countryNamePs: TlvOptionalField(132, TlvString),
             localityNamePs: TlvOptionalField(133, TlvString),

package/src/mdns/MdnsConsts.ts

@@ -23,7 +23,7 @@ export const DEFAULT_PAIRING_HINT = {
 
 export const PAIRING_HINTS_REQUIRING_INSTRUCTION = Array<keyof typeof PairingHintBitmap>(
     "customInstruction",
-    "pressRestButtonForNumberOfSeconds",
+    "pressResetButtonForNumberOfSeconds",
     "pressResetButtonUntilLightBlinks",
     "pressResetButtonForNumberOfSecondsWithApplicationOfPower",
     "pressResetButtonUntilLightBlinksWithApplicationOfPower",