Add comprehensive CREATE CERTIFICATE parsing

Support source types (FROM ASSEMBLY, FROM FILE, FROM EXECUTABLE FILE),
AUTHORIZATION, WITH PRIVATE KEY options (FILE, DECRYPTION BY PASSWORD,
ENCRYPTION BY PASSWORD), certificate options (SUBJECT, START_DATE,
EXPIRY_DATE), and ACTIVE FOR BEGIN_DIALOG.

Author: claude

ast/create_simple_statements.go

@@ -122,12 +122,44 @@ func (s *CreateAssemblyStatement) statement() {}
 
 // CreateCertificateStatement represents a CREATE CERTIFICATE statement.
 type CreateCertificateStatement struct {
-	Name *Identifier `json:"Name,omitempty"`
+	Name               *Identifier         `json:"Name,omitempty"`
+	Owner              *Identifier         `json:"Owner,omitempty"`
+	CertificateSource  EncryptionSource    `json:"CertificateSource,omitempty"`
+	ActiveForBeginDialog string            `json:"ActiveForBeginDialog,omitempty"` // "On", "Off", "NotSet"
+	PrivateKeyPath     *StringLiteral      `json:"PrivateKeyPath,omitempty"`
+	EncryptionPassword *StringLiteral      `json:"EncryptionPassword,omitempty"`
+	DecryptionPassword *StringLiteral      `json:"DecryptionPassword,omitempty"`
+	CertificateOptions []*CertificateOption `json:"CertificateOptions,omitempty"`
 }
 
 func (s *CreateCertificateStatement) node()      {}
 func (s *CreateCertificateStatement) statement() {}
 
+// CertificateOption represents an option in a CREATE CERTIFICATE statement.
+type CertificateOption struct {
+	Kind  string         `json:"Kind,omitempty"` // "Subject", "StartDate", "ExpiryDate"
+	Value *StringLiteral `json:"Value,omitempty"`
+}
+
+func (o *CertificateOption) node() {}
+
+// AssemblyEncryptionSource represents a certificate source from an assembly.
+type AssemblyEncryptionSource struct {
+	Assembly *Identifier `json:"Assembly,omitempty"`
+}
+
+func (s *AssemblyEncryptionSource) node()             {}
+func (s *AssemblyEncryptionSource) encryptionSource() {}
+
+// FileEncryptionSource represents a certificate source from a file.
+type FileEncryptionSource struct {
+	IsExecutable bool           `json:"IsExecutable,omitempty"`
+	File         *StringLiteral `json:"File,omitempty"`
+}
+
+func (s *FileEncryptionSource) node()             {}
+func (s *FileEncryptionSource) encryptionSource() {}
+
 // CreateAsymmetricKeyStatement represents a CREATE ASYMMETRIC KEY statement.
 type CreateAsymmetricKeyStatement struct {
 	Name                *Identifier            `json:"Name,omitempty"`

parser/marshal.go

@@ -11876,6 +11876,23 @@ func encryptionSourceToJSON(source ast.EncryptionSource) interface{} {
 	switch s := source.(type) {
 	case *ast.ProviderEncryptionSource:
 		return providerEncryptionSourceToJSON(s)
+	case *ast.AssemblyEncryptionSource:
+		node := jsonNode{
+			"$type": "AssemblyEncryptionSource",
+		}
+		if s.Assembly != nil {
+			node["Assembly"] = identifierToJSON(s.Assembly)
+		}
+		return node
+	case *ast.FileEncryptionSource:
+		node := jsonNode{
+			"$type":        "FileEncryptionSource",
+			"IsExecutable": s.IsExecutable,
+		}
+		if s.File != nil {
+			node["File"] = stringLiteralToJSON(s.File)
+		}
+		return node
 	default:
 		return nil
 	}
@@ -11992,9 +12009,38 @@ func createCertificateStatementToJSON(s *ast.CreateCertificateStatement) jsonNod
 	node := jsonNode{
 		"$type": "CreateCertificateStatement",
 	}
+	if s.CertificateSource != nil {
+		node["CertificateSource"] = encryptionSourceToJSON(s.CertificateSource)
+	}
+	if len(s.CertificateOptions) > 0 {
+		options := make([]jsonNode, len(s.CertificateOptions))
+		for i, opt := range s.CertificateOptions {
+			options[i] = jsonNode{
+				"$type": "CertificateOption",
+				"Kind":  opt.Kind,
+				"Value": stringLiteralToJSON(opt.Value),
+			}
+		}
+		node["CertificateOptions"] = options
+	}
+	if s.Owner != nil {
+		node["Owner"] = identifierToJSON(s.Owner)
+	}
 	if s.Name != nil {
 		node["Name"] = identifierToJSON(s.Name)
 	}
+	if s.ActiveForBeginDialog != "" {
+		node["ActiveForBeginDialog"] = s.ActiveForBeginDialog
+	}
+	if s.PrivateKeyPath != nil {
+		node["PrivateKeyPath"] = stringLiteralToJSON(s.PrivateKeyPath)
+	}
+	if s.EncryptionPassword != nil {
+		node["EncryptionPassword"] = stringLiteralToJSON(s.EncryptionPassword)
+	}
+	if s.DecryptionPassword != nil {
+		node["DecryptionPassword"] = stringLiteralToJSON(s.DecryptionPassword)
+	}
 	return node
 }
 

parser/parse_statements.go

@@ -8676,11 +8676,194 @@ func (p *Parser) parseCreateCertificateStatement() (*ast.CreateCertificateStatem
 	p.nextToken() // consume CERTIFICATE
 
 	stmt := &ast.CreateCertificateStatement{
-		Name: p.parseIdentifier(),
+		Name:                 p.parseIdentifier(),
+		ActiveForBeginDialog: "NotSet",
+	}
+
+	// Optional AUTHORIZATION
+	if strings.ToUpper(p.curTok.Literal) == "AUTHORIZATION" {
+		p.nextToken()
+		stmt.Owner = p.parseIdentifier()
+	}
+
+	// Optional ENCRYPTION BY PASSWORD
+	if strings.ToUpper(p.curTok.Literal) == "ENCRYPTION" {
+		p.nextToken() // consume ENCRYPTION
+		if strings.ToUpper(p.curTok.Literal) == "BY" {
+			p.nextToken() // consume BY
+		}
+		if strings.ToUpper(p.curTok.Literal) == "PASSWORD" {
+			p.nextToken() // consume PASSWORD
+			if p.curTok.Type == TokenEquals {
+				p.nextToken()
+			}
+			if p.curTok.Type == TokenString || p.curTok.Type == TokenNationalString {
+				strLit, _ := p.parseStringLiteral()
+				stmt.EncryptionPassword = strLit
+			}
+		}
+	}
+
+	// Optional FROM clause
+	if p.curTok.Type == TokenFrom {
+		p.nextToken() // consume FROM
+		sourceType := strings.ToUpper(p.curTok.Literal)
+
+		if sourceType == "ASSEMBLY" {
+			p.nextToken() // consume ASSEMBLY
+			stmt.CertificateSource = &ast.AssemblyEncryptionSource{
+				Assembly: p.parseIdentifier(),
+			}
+		} else if sourceType == "FILE" || sourceType == "EXECUTABLE" {
+			isExecutable := false
+			if sourceType == "EXECUTABLE" {
+				isExecutable = true
+				p.nextToken() // consume EXECUTABLE
+				// Next should be FILE
+			}
+			if strings.ToUpper(p.curTok.Literal) == "FILE" {
+				p.nextToken() // consume FILE
+				if p.curTok.Type == TokenEquals {
+					p.nextToken()
+				}
+				if p.curTok.Type == TokenString || p.curTok.Type == TokenNationalString {
+					strLit, _ := p.parseStringLiteral()
+					stmt.CertificateSource = &ast.FileEncryptionSource{
+						IsExecutable: isExecutable,
+						File:         strLit,
+					}
+				}
+			}
+		}
+	}
+
+	// Parse WITH clauses (can appear multiple times for different purposes)
+	for p.curTok.Type == TokenWith {
+		p.nextToken() // consume WITH
+
+		// Check if it's PRIVATE KEY or certificate options
+		upperLit := strings.ToUpper(p.curTok.Literal)
+		if upperLit == "PRIVATE" {
+			p.nextToken() // consume PRIVATE
+			if strings.ToUpper(p.curTok.Literal) == "KEY" {
+				p.nextToken() // consume KEY
+			}
+			if p.curTok.Type == TokenLParen {
+				p.nextToken() // consume (
+				for p.curTok.Type != TokenRParen && p.curTok.Type != TokenEOF {
+					optName := strings.ToUpper(p.curTok.Literal)
+					p.nextToken() // consume option name
+
+					switch optName {
+					case "FILE":
+						if p.curTok.Type == TokenEquals {
+							p.nextToken()
+						}
+						if p.curTok.Type == TokenString || p.curTok.Type == TokenNationalString {
+							strLit, _ := p.parseStringLiteral()
+							stmt.PrivateKeyPath = strLit
+						}
+					case "DECRYPTION":
+						// DECRYPTION BY PASSWORD
+						if strings.ToUpper(p.curTok.Literal) == "BY" {
+							p.nextToken()
+						}
+						if strings.ToUpper(p.curTok.Literal) == "PASSWORD" {
+							p.nextToken()
+							if p.curTok.Type == TokenEquals {
+								p.nextToken()
+							}
+							if p.curTok.Type == TokenString || p.curTok.Type == TokenNationalString {
+								strLit, _ := p.parseStringLiteral()
+								stmt.DecryptionPassword = strLit
+							}
+						}
+					case "ENCRYPTION":
+						// ENCRYPTION BY PASSWORD
+						if strings.ToUpper(p.curTok.Literal) == "BY" {
+							p.nextToken()
+						}
+						if strings.ToUpper(p.curTok.Literal) == "PASSWORD" {
+							p.nextToken()
+							if p.curTok.Type == TokenEquals {
+								p.nextToken()
+							}
+							if p.curTok.Type == TokenString || p.curTok.Type == TokenNationalString {
+								strLit, _ := p.parseStringLiteral()
+								stmt.EncryptionPassword = strLit
+							}
+						}
+					}
+					if p.curTok.Type == TokenComma {
+						p.nextToken()
+					}
+				}
+				if p.curTok.Type == TokenRParen {
+					p.nextToken()
+				}
+			}
+		} else {
+			// Certificate options: SUBJECT, START_DATE, EXPIRY_DATE
+			for {
+				optName := strings.ToUpper(p.curTok.Literal)
+				if optName != "SUBJECT" && optName != "START_DATE" && optName != "EXPIRY_DATE" {
+					break
+				}
+				p.nextToken() // consume option name
+				if p.curTok.Type == TokenEquals {
+					p.nextToken()
+				}
+				if p.curTok.Type == TokenString || p.curTok.Type == TokenNationalString {
+					strLit, _ := p.parseStringLiteral()
+					kind := ""
+					switch optName {
+					case "SUBJECT":
+						kind = "Subject"
+					case "START_DATE":
+						kind = "StartDate"
+					case "EXPIRY_DATE":
+						kind = "ExpiryDate"
+					}
+					stmt.CertificateOptions = append(stmt.CertificateOptions, &ast.CertificateOption{
+						Kind:  kind,
+						Value: strLit,
+					})
+				}
+				if p.curTok.Type == TokenComma {
+					p.nextToken()
+				} else {
+					break
+				}
+			}
+		}
+	}
+
+	// Optional ACTIVE FOR BEGIN_DIALOG
+	if strings.ToUpper(p.curTok.Literal) == "ACTIVE" {
+		p.nextToken() // consume ACTIVE
+		if strings.ToUpper(p.curTok.Literal) == "FOR" {
+			p.nextToken() // consume FOR
+		}
+		if strings.ToUpper(p.curTok.Literal) == "BEGIN_DIALOG" {
+			p.nextToken() // consume BEGIN_DIALOG
+			if p.curTok.Type == TokenEquals {
+				p.nextToken()
+			}
+			if strings.ToUpper(p.curTok.Literal) == "ON" {
+				stmt.ActiveForBeginDialog = "On"
+				p.nextToken()
+			} else if strings.ToUpper(p.curTok.Literal) == "OFF" {
+				stmt.ActiveForBeginDialog = "Off"
+				p.nextToken()
+			}
+		}
+	}
+
+	// Skip optional semicolon
+	if p.curTok.Type == TokenSemicolon {
+		p.nextToken()
 	}
 
-	// Skip rest of statement
-	p.skipToEndOfStatement()
 	return stmt, nil
 }
 

parser/testdata/Baselines90_CreateCertificateStatementTests/metadata.json

@@ -1 +1 @@
-{"todo": true}
+{}

parser/testdata/CreateCertificateStatementTests/metadata.json

@@ -1 +1 @@
-{"todo": true}
+{}