using System; using System.IO; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Asn1.IsisMtt.Ocsp { /** * ISIS-MTT-Optional: The certificate requested by the client by inserting the * RetrieveIfAllowed extension in the request, will be returned in this * extension. *

* ISIS-MTT-SigG: The signature act allows publishing certificates only then, * when the certificate owner gives his isExplicit permission. Accordingly, there * may be �nondownloadable� certificates, about which the responder must provide * status information, but MUST NOT include them in the response. Clients may * get therefore the following three kind of answers on a single request * including the RetrieveIfAllowed extension: *

* Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If * any of the OCTET STRING options is used, it MUST contain the DER encoding of * the requested certificate. *

* 

	*            RequestedCertificate ::= CHOICE {
	*              Certificate Certificate,
	*              publicKeyCertificate [0] EXPLICIT OCTET STRING,
	*              attributeCertificate [1] EXPLICIT OCTET STRING
	*            }
	*
*/ public class RequestedCertificate : Asn1Encodable, IAsn1Choice { public enum Choice { Certificate = -1, PublicKeyCertificate = 0, AttributeCertificate = 1 } private readonly X509CertificateStructure cert; private readonly byte[] publicKeyCert; private readonly byte[] attributeCert; public static RequestedCertificate GetInstance(object obj) { if (obj == null) return null; if (obj is RequestedCertificate requestedCertificate) return requestedCertificate; if (obj is Asn1Sequence) return new RequestedCertificate(X509CertificateStructure.GetInstance(obj)); if (obj is Asn1TaggedObject taggedObject) return new RequestedCertificate(taggedObject); throw new ArgumentException("unknown object in factory: " + Platform.GetTypeName(obj), "obj"); } public static RequestedCertificate GetInstance(Asn1TaggedObject obj, bool isExplicit) { return Asn1Utilities.GetInstanceFromChoice(obj, isExplicit, GetInstance); } private RequestedCertificate( Asn1TaggedObject tagged) { switch ((Choice) tagged.TagNo) { case Choice.AttributeCertificate: this.attributeCert = Asn1OctetString.GetInstance(tagged, true).GetOctets(); break; case Choice.PublicKeyCertificate: this.publicKeyCert = Asn1OctetString.GetInstance(tagged, true).GetOctets(); break; default: throw new ArgumentException("unknown tag number: " + tagged.TagNo); } } /** * Constructor from a given details. *

* Only one parameter can be given. All other must be null. * * @param certificate Given as Certificate */ public RequestedCertificate( X509CertificateStructure certificate) { this.cert = certificate; } public RequestedCertificate( Choice type, byte[] certificateOctets) : this(new DerTaggedObject((int) type, new DerOctetString(certificateOctets))) { } public Choice Type { get { if (cert != null) return Choice.Certificate; if (publicKeyCert != null) return Choice.PublicKeyCertificate; return Choice.AttributeCertificate; } } public byte[] GetCertificateBytes() { if (cert != null) { try { return cert.GetEncoded(); } catch (IOException e) { throw new InvalidOperationException("can't decode certificate: " + e); } } if (publicKeyCert != null) return publicKeyCert; return attributeCert; } /** * Produce an object suitable for an Asn1OutputStream. *

* Returns: *

* 

		*            RequestedCertificate ::= CHOICE {
		*              Certificate Certificate,
		*              publicKeyCertificate [0] EXPLICIT OCTET STRING,
		*              attributeCertificate [1] EXPLICIT OCTET STRING
		*            }
		*
* * @return an Asn1Object */ public override Asn1Object ToAsn1Object() { if (publicKeyCert != null) { return new DerTaggedObject(0, new DerOctetString(publicKeyCert)); } if (attributeCert != null) { return new DerTaggedObject(1, new DerOctetString(attributeCert)); } return cert.ToAsn1Object(); } } }