Feature/awesome

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "awesn1"]
+	path = awesn1
+	url = ../awesn1

CHANGELOG.md

@@ -1,7 +1,64 @@
 # Changelog
 
 ## NEXT
-* fix build setup on non-macos
+* **Major ASN.1 refactor:**
+    * Externalize the ASN.1 implementation into [`awesn1`](https://github.com/a-sit-plus/awesn1)
+    * `indispensable` now re-exports `awesn1` core, crypto, io, and oids modules
+    * `indispensable-asn1` is now primarily a compatibility layer over `awesn1`
+    * ASN.1 imports and encode/decode helpers should migrate from `at.asitplus.signum.indispensable.asn1` to `at.asitplus.awesn1`
+    * Signum-side ASN.1 compatibility wrappers remain for migration, but are deprecated
+* **Extensibility overhaul:**
+    * Signum algorithm families are no longer treated as closed built-in sets
+    * `SignatureAlgorithm`, `MessageAuthenticationCode`, `SymmetricEncryptionAlgorithm`, `AsymmetricEncryptionAlgorithm`, `JwsAlgorithm`, `CoseAlgorithm`, and related families now support third-party extension
+    * Add central `AlgorithmRegistry` plus semantic mapping keys in `AlgorithmTraits`
+    * `entries` collections are now registry-backed and may include custom algorithms registered by consumers
+    * Add registration APIs for custom algorithms and mappings:
+        * `registerSignatureAlgorithm`
+        * `registerMessageAuthenticationCode`
+        * `registerSymmetricEncryptionAlgorithm`
+        * `registerAsymmetricEncryptionAlgorithm`
+        * `registerSignatureMapping`
+        * `registerMacMapping`
+        * `registerSymmetricMapping`
+        * `registerAsymmetricMapping`
+        * `registerX509SignatureMapping`
+* **JOSE and COSE made extensible:**
+    * Open up `JwsAlgorithm` and nested signature / MAC families for registration of custom values
+    * Open up `CoseAlgorithm` and nested signature / MAC / symmetric families for registration of custom values
+    * JOSE and COSE conversions now resolve through `AlgorithmRegistry` mappings instead of assuming a fixed built-in universe
+    * Custom algorithms without explicit JOSE / COSE mappings now fail conversion explicitly with `UnsupportedCryptoException`
+* **X.509 signature model cleanup:**
+    * Move the raw X.509 signature algorithm representation to `at.asitplus.awesn1.crypto.SignatureAlgorithmIdentifier`
+    * `X509SignatureAlgorithmDescription` now remains only as a deprecated compatibility alias
+    * Refactor `X509SignatureAlgorithm` mapping logic to use the new registry-backed raw-to-semantic resolution model
+    * Remove the temporary CURSED RSA PKCS#1 X.509 signature algorithm variants introduced in `3.19.2`
+* **Core crypto API cleanup:**
+    * Replace more legacy namespace-style construction APIs with concrete extensible classes such as `EcdsaSignatureAlgorithm`, `RsaSignatureAlgorithm`, `HmacAlgorithm`, and `RsaEncryptionAlgorithm`
+    * Continue deprecating old compatibility aliases such as the older `RSAPadding` naming where the new split between signature and encryption padding applies
+    * Refine crypto data types, PKI models, signature handling, and key abstractions to align with the new raw-model and extensibility design
+* **Platform and provider mapping cleanup:**
+    * Move and consolidate JCA initialization and mapping logic behind the new registry-based approach
+    * Update Apple / CommonCrypto and JCA mapping code to register algorithm support through the new extension points
+* **Supreme updates:**
+    * Adapt signer / verifier / asymmetric / MAC / KDF integrations to the new extensible algorithm model
+    * Add regression coverage around unsupported custom algorithms in Supreme
+* **Build and project setup:**
+    * Fix project setup on non-macOS build hosts
+    * Continue improving Apple target and cinterop setup
+    * Dependency updates:
+        * ASP conventions `20260310`
+        * `awesn1` `0.1.0-SNAPSHOT`
+* **Package hierarchy cleanup in `indispensable`:**
+    * Move core crypto types into focused subpackages:
+        * `PublicKey`, `PrivateKey` -> `at.asitplus.signum.indispensable.key`
+        * `Signature` -> `at.asitplus.signum.indispensable.signature`
+        * `ECCurve`, `ECPoint` -> `at.asitplus.signum.indispensable.ec`
+        * attestation types -> `at.asitplus.signum.indispensable.attestation`
+    * Move JOSE algorithm types into `at.asitplus.signum.indispensable.josef.algorithm`
+    * Move COSE algorithm types into `at.asitplus.signum.indispensable.cosef.algorithm`
+    * Keep deprecated outer typealiases in the old packages where Kotlin allows it
+    * Document and accept that nested old names such as `PublicKey.EC`, `Signature.EC`, `JwsAlgorithm.Signature`, `JweAlgorithm.Symmetric`, and `CoseAlgorithm.Signature` cannot be preserved fully through typealias compatibility
+    * No restructure of the `supreme` module package hierarchy in this change
 
 ## 3.19.3 / Supreme 0.11.3
 * Support CURSED X.509 Certificate extensions that encode critical=false instead of omitting it

docs/docs/features.md

@@ -85,10 +85,9 @@ Different block cipher modes of operation can be added on request.
 
 ## High-Level ASN.1 Abstractions
 
-The `indispensable-asn1` module comes with a fully-featured ASN.1 engine including a builder DSL.
-In addition to low-level, generic abstractions, it also provides higher-level datatypes with enriched
-semantics. The `indispensable` module builds on top of it, adding cryptography-specific data types.
-Combined these two modules provide the following abstractions:
+The ASN.1 engine has been externalized to [awesn1](https://a-sit-plus.github.io/awesn1/), which now provides the low-level ASN.1 primitives, builders, encoding/decoding helpers, PEM support, and OID infrastructure that older Signum versions exposed through `indispensable-asn1`.
+The `indispensable` module builds on top of that foundation and adds cryptography-specific data types.
+Combined, `awesn1` and Signum provide the following abstractions:
 
 | Abstraction                  |   | Remarks                                                                                                                                                                              |
 |------------------------------|:-:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -134,4 +133,4 @@ The following table provides overview about what is supported by Signum and cryp
 | Fully-Featured ASN.1 Engine | ✔                        | ✗                         |
 | COSE                        | ✔                        | ✗                         |
 | JOSE                        | ✔                        | ✗                         |
-| Provider Targets            | JVM, Android, iOS        | All KMP-supported targets |
+| Provider Targets            | JVM, Android, iOS        | All KMP-supported targets |

docs/docs/index.md

@@ -18,6 +18,9 @@
 
 # Signum – Kotlin Multiplatform Crypto/PKI Library and ASN1 Parser + Encoder
 
+!!! warning "ASN.1 and OIDs moved to awesn1"
+    The low-level ASN.1 and OID functionality that used to live in Signum's `indispensable-asn1` and `indispensable-oids` modules has been externalized to [awesn1](https://a-sit-plus.github.io/awesn1/). Both Signum modules are now deprecated compatibility layers and should not be used as the target API for new code. Use `awesn1` directly for ASN.1 primitives, encoding/decoding helpers, PEM support, and OID datasets, and see the [migration guide](migration.md) for the exact import and API migration steps.
+
 
 This [Kotlin Multiplatform](https://kotlinlang.org/docs/multiplatform.html) library provides platform-independent data
 types and platform-native functionality related to crypto and PKI applications:
@@ -47,6 +50,7 @@ types and platform-native functionality related to crypto and PKI applications:
 * 100% pure Kotlin BitSet
 * Exposes Multibase Encoder/Decoder as an API dependency
   including [Matthew Nelson's smashing Base16, Base32, and Base64 encoders](https://github.com/05nelsonm/encoding)
+* Kotlinx serialization (**ASN.1 / DER!**) support of cryptographic data classes.
 * **ASN.1 Parser and Encoder including a DSL to generate ASN.1 structures**
     * Parse, create, explore certificates, public keys, CSRs, and **arbitrary ASN.1* structures* on all supported platforms
     * Powerful, expressive, type-safe ASN.1 DSL on all KMP targets except `watchosDeviceArm64`!
@@ -62,11 +66,10 @@ crypto hardware.
 This library was built for [Kotlin Multiplatform](https://kotlinlang.org/docs/multiplatform.html). Currently, it targets
 the JVM, Android and iOS.
 
-This library consists of four modules, each of which is published on maven central:
+Signum itself consists of four modules published on Maven Central. The ASN.1 foundation now lives in the separate [awesn1 documentation](https://a-sit-plus.github.io/awesn1/):
 
 |                                                       Name                                                        | Info                                                                                                                                                                                                                                                               |
 |:-----------------------------------------------------------------------------------------------------------------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|   ![indispensable-asn1](assets/asn1-dark.png#only-light) ![indispensable-asn1](assets/asn1-light.png#only-dark)   | **Indispensable ASN.1** module containing the most sophisticated KMP ASN.1 engine in the known universe. kotlinx-* dependencies aside, it only depends only on [KmmResult](https://github.com/a-sit-plus/kmmresult) for extra-smooth iOS interop.                  | 
 |        ![indispensable](assets/core-dark.png#only-light) ![indispensable](assets/core-light.png#only-dark)        | **Indispensable** base module containing the cryptographic data structures, algorithm identifiers, X.509 certificate, …. Depends on the ASN.1 engine.                                                                                                              | 
 | ![indispensable-josef](assets/josef-dark.png#only-light) ![indispensable-josef](assets/josef-light.png#only-dark) | **Indispensable Josef** JOSE add-on module containing JWS/E/T-specific data structures and extensions to convert from/to types contained in the base module. Includes all required kotlinx-serialization magic to allow for spec-compliant de-/serialization.      | 
 | ![indispensable-cosef](assets/cosef-dark.png#only-light) ![indispensable-cosef](assets/cosef-light.png#only-dark) | **Indispensable Cosef** COSE add-on module containing all COSE/CWT-specific data structures and extensions to convert from/to types contained in the base module. Includes all required kotlinx-serialization magic to allow for spec-compliant de-/serialization. |