From e4fad8fe422ecf0cb5cd6de1d599ab0de63802d4 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 8 Feb 2021 16:41:10 +0700 Subject: Support V1 attribute certificates and holders --- crypto/src/asn1/x509/AttributeCertificateInfo.cs | 40 +++++++++++++++++------- crypto/src/asn1/x509/Holder.cs | 14 ++++----- 2 files changed, 36 insertions(+), 18 deletions(-) (limited to 'crypto/src/asn1') diff --git a/crypto/src/asn1/x509/AttributeCertificateInfo.cs b/crypto/src/asn1/x509/AttributeCertificateInfo.cs index a62b01981..29abaa6e4 100644 --- a/crypto/src/asn1/x509/AttributeCertificateInfo.cs +++ b/crypto/src/asn1/x509/AttributeCertificateInfo.cs @@ -43,20 +43,31 @@ namespace Org.BouncyCastle.Asn1.X509 private AttributeCertificateInfo( Asn1Sequence seq) { - if (seq.Count < 7 || seq.Count > 9) + if (seq.Count < 6 || seq.Count > 9) { throw new ArgumentException("Bad sequence size: " + seq.Count); } - this.version = DerInteger.GetInstance(seq[0]); - this.holder = Holder.GetInstance(seq[1]); - this.issuer = AttCertIssuer.GetInstance(seq[2]); - this.signature = AlgorithmIdentifier.GetInstance(seq[3]); - this.serialNumber = DerInteger.GetInstance(seq[4]); - this.attrCertValidityPeriod = AttCertValidityPeriod.GetInstance(seq[5]); - this.attributes = Asn1Sequence.GetInstance(seq[6]); + int start; + if (seq[0] is DerInteger) // in version 1 certs version is DEFAULT v1(0) + { + this.version = DerInteger.GetInstance(seq[0]); + start = 1; + } + else + { + this.version = new DerInteger(0); + start = 0; + } + + this.holder = Holder.GetInstance(seq[start]); + this.issuer = AttCertIssuer.GetInstance(seq[start + 1]); + this.signature = AlgorithmIdentifier.GetInstance(seq[start + 2]); + this.serialNumber = DerInteger.GetInstance(seq[start + 3]); + this.attrCertValidityPeriod = AttCertValidityPeriod.GetInstance(seq[start + 4]); + this.attributes = Asn1Sequence.GetInstance(seq[start + 5]); - for (int i = 7; i < seq.Count; i++) + for (int i = start + 6; i < seq.Count; i++) { Asn1Encodable obj = (Asn1Encodable) seq[i]; @@ -136,9 +147,16 @@ namespace Org.BouncyCastle.Asn1.X509 */ public override Asn1Object ToAsn1Object() { - Asn1EncodableVector v = new Asn1EncodableVector(version, holder, issuer, signature, serialNumber, - attrCertValidityPeriod, attributes); + Asn1EncodableVector v = new Asn1EncodableVector(9); + + if (version.IntValueExact != 0) + { + v.Add(version); + } + + v.Add(holder, issuer, signature, serialNumber, attrCertValidityPeriod, attributes); v.AddOptional(issuerUniqueID, extensions); + return new DerSequence(v); } } diff --git a/crypto/src/asn1/x509/Holder.cs b/crypto/src/asn1/x509/Holder.cs index b67c0b6c7..90df75a0f 100644 --- a/crypto/src/asn1/x509/Holder.cs +++ b/crypto/src/asn1/x509/Holder.cs @@ -27,9 +27,9 @@ namespace Org.BouncyCastle.Asn1.X509 * * 
 	 *         subject CHOICE {
-	 *          baseCertificateID [0] IssuerSerial,
+	 *          baseCertificateID [0] EXPLICIT IssuerSerial,
 	 *          -- associated with a Public Key Certificate
-	 *          subjectName [1] GeneralNames },
+	 *          subjectName [1] EXPLICIT GeneralNames },
 	 *          -- associated with a name
 	 *
*

@@ -74,10 +74,10 @@ namespace Org.BouncyCastle.Asn1.X509 switch (tagObj.TagNo) { case 0: - baseCertificateID = IssuerSerial.GetInstance(tagObj, false); + baseCertificateID = IssuerSerial.GetInstance(tagObj, true); break; case 1: - entityName = GeneralNames.GetInstance(tagObj, false); + entityName = GeneralNames.GetInstance(tagObj, true); break; default: throw new ArgumentException("unknown tag in Holder"); @@ -228,7 +228,7 @@ namespace Org.BouncyCastle.Asn1.X509 { if (version == 1) { - Asn1EncodableVector v = new Asn1EncodableVector(); + Asn1EncodableVector v = new Asn1EncodableVector(3); v.AddOptionalTagged(false, 0, baseCertificateID); v.AddOptionalTagged(false, 1, entityName); v.AddOptionalTagged(false, 2, objectDigestInfo); @@ -237,10 +237,10 @@ namespace Org.BouncyCastle.Asn1.X509 if (entityName != null) { - return new DerTaggedObject(false, 1, entityName); + return new DerTaggedObject(true, 1, entityName); } - return new DerTaggedObject(false, 0, baseCertificateID); + return new DerTaggedObject(true, 0, baseCertificateID); } } } -- cgit 1.4.1