Auto-adjust DateTime precision for GeneralizedTime in X.509 (and OCSP)

- see https://github.com/bcgit/bc-csharp/issues/474

5 files changed, 22 insertions, 10 deletions

diff --git a/crypto/src/asn1/cms/Time.cs b/crypto/src/asn1/cms/Time.cs
index f41433ddd..66fa578af 100644
--- a/crypto/src/asn1/cms/Time.cs
+++ b/crypto/src/asn1/cms/Time.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Globalization;
 
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Asn1.Cms
@@ -56,11 +57,11 @@ namespace Org.BouncyCastle.Asn1.Cms
 
 			if (utc.Year < 1950 || utc.Year > 2049)
             {
-                m_timeObject = new DerGeneralizedTime(utc);
+                m_timeObject = Rfc5280Asn1Utilities.CreateGeneralizedTime(utc);
             }
             else
             {
-                m_timeObject = new DerUtcTime(utc, 2049);
+                m_timeObject = Rfc5280Asn1Utilities.CreateUtcTime(utc);
             }
         }
 
diff --git a/crypto/src/asn1/esf/CrlIdentifier.cs b/crypto/src/asn1/esf/CrlIdentifier.cs
index 7d6225c63..9521d6a08 100644
--- a/crypto/src/asn1/esf/CrlIdentifier.cs
+++ b/crypto/src/asn1/esf/CrlIdentifier.cs
@@ -62,7 +62,7 @@ namespace Org.BouncyCastle.Asn1.Esf
 		}
 
 		public CrlIdentifier(X509Name crlIssuer, DateTime crlIssuedTime, BigInteger crlNumber)
-			: this(crlIssuer, new Asn1UtcTime(crlIssuedTime, 2049), crlNumber)
+			: this(crlIssuer, Rfc5280Asn1Utilities.CreateUtcTime(crlIssuedTime), crlNumber)
 		{
 		}
 
diff --git a/crypto/src/asn1/esf/OcspIdentifier.cs b/crypto/src/asn1/esf/OcspIdentifier.cs
index fa7069aed..fa3d60291 100644
--- a/crypto/src/asn1/esf/OcspIdentifier.cs
+++ b/crypto/src/asn1/esf/OcspIdentifier.cs
@@ -1,6 +1,7 @@
 using System;
 
 using Org.BouncyCastle.Asn1.Ocsp;
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Asn1.Esf
@@ -50,12 +51,8 @@ namespace Org.BouncyCastle.Asn1.Esf
 		}
 
 		public OcspIdentifier(ResponderID ocspResponderID, DateTime producedAt)
+			: this(ocspResponderID, Rfc5280Asn1Utilities.CreateGeneralizedTime(producedAt))
 		{
-			if (ocspResponderID == null)
-				throw new ArgumentNullException(nameof(ocspResponderID));
-
-			this.ocspResponderID = ocspResponderID;
-			this.producedAt = new Asn1GeneralizedTime(producedAt);
 		}
 
         public OcspIdentifier(ResponderID ocspResponderID, Asn1GeneralizedTime producedAt)
diff --git a/crypto/src/asn1/x509/Rfc5280Asn1Utilities.cs b/crypto/src/asn1/x509/Rfc5280Asn1Utilities.cs
new file mode 100644
index 000000000..899236609
--- /dev/null
+++ b/crypto/src/asn1/x509/Rfc5280Asn1Utilities.cs
@@ -0,0 +1,14 @@
+using System;
+
+using Org.BouncyCastle.Utilities.Date;
+
+namespace Org.BouncyCastle.Asn1.X509
+{
+    internal class Rfc5280Asn1Utilities
+    {
+        internal static DerGeneralizedTime CreateGeneralizedTime(DateTime dateTime) =>
+            new DerGeneralizedTime(DateTimeUtilities.WithPrecisionSecond(dateTime));
+
+        internal static DerUtcTime CreateUtcTime(DateTime dateTime) => new DerUtcTime(dateTime, 2049);
+    }
+}
diff --git a/crypto/src/asn1/x509/Time.cs b/crypto/src/asn1/x509/Time.cs
index 99d141c43..e504d0573 100644
--- a/crypto/src/asn1/x509/Time.cs
+++ b/crypto/src/asn1/x509/Time.cs
@@ -56,11 +56,11 @@ namespace Org.BouncyCastle.Asn1.X509
 
             if (utc.Year < 1950 || utc.Year > 2049)
             {
-                m_timeObject = new DerGeneralizedTime(utc);
+                m_timeObject = Rfc5280Asn1Utilities.CreateGeneralizedTime(utc);
             }
             else
             {
-                m_timeObject = new DerUtcTime(utc, 2049);
+                m_timeObject = Rfc5280Asn1Utilities.CreateUtcTime(utc);
             }
         }