Env. var. to enforce correct X.509 cert encoding

- Org.BouncyCastle.X509.Allow_Non-DER_TBSCert

1 files changed, 40 insertions, 2 deletions

diff --git a/crypto/src/asn1/x509/TBSCertificateStructure.cs b/crypto/src/asn1/x509/TBSCertificateStructure.cs
index 4e3c789e2..e600685f0 100644
--- a/crypto/src/asn1/x509/TBSCertificateStructure.cs
+++ b/crypto/src/asn1/x509/TBSCertificateStructure.cs
@@ -1,7 +1,7 @@
 using System;
 
-using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Asn1.X509
 {
@@ -213,7 +213,45 @@ namespace Org.BouncyCastle.Asn1.X509
 
 		public override Asn1Object ToAsn1Object()
         {
-            return seq;
+            string property = Platform.GetEnvironmentVariable("Org.BouncyCastle.X509.Allow_Non-DER_TBSCert");
+            if (null == property || Platform.EqualsIgnoreCase("true", property))
+                return seq;
+
+            Asn1EncodableVector v = new Asn1EncodableVector();
+
+            // DEFAULT Zero
+            if (!version.HasValue(BigIntegers.Zero))
+            {
+                v.Add(new DerTaggedObject(true, 0, version));
+            }
+
+            v.Add(serialNumber, signature, issuer);
+
+			//
+			// before and after dates
+			//
+			v.Add(new DerSequence(startDate, endDate));
+
+            if (subject != null)
+            {
+                v.Add(subject);
+            }
+            else
+            {
+                v.Add(new DerSequence());
+            }
+
+            v.Add(subjectPublicKeyInfo);
+
+            // Note: implicit tag
+			v.AddOptionalTagged(false, 1, issuerUniqueID);
+
+			// Note: implicit tag
+			v.AddOptionalTagged(false, 2, subjectUniqueID);
+
+			v.AddOptionalTagged(true, 3, extensions);
+
+            return new DerSequence(v);
         }
     }
 }