Refactoring in tsp

Author: peterdettman

pkix/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java

@@ -1,6 +1,5 @@
 package org.bouncycastle.tsp;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
@@ -15,6 +14,7 @@
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.cmp.PKIFailureInfo;
+import org.bouncycastle.asn1.tsp.MessageImprint;
 import org.bouncycastle.asn1.tsp.TimeStampReq;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.Extension;
@@ -27,6 +27,40 @@ public class TimeStampRequest
 {
     private static Set EMPTY_SET = Collections.unmodifiableSet(new HashSet());
 
+    private static TimeStampReq parseTimeStampReq(byte[] encoding)
+        throws IOException
+    {
+        try
+        {
+            return TimeStampReq.getInstance(encoding);
+        }
+        catch (ClassCastException e)
+        {
+            throw new IOException("malformed request: " + e);
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new IOException("malformed request: " + e);
+        }
+    }
+
+    private static TimeStampReq parseTimeStampReq(InputStream in)
+        throws IOException
+    {
+        try
+        {
+            return TimeStampReq.getInstance(new ASN1InputStream(in).readObject());
+        }
+        catch (ClassCastException e)
+        {
+            throw new IOException("malformed request: " + e);
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new IOException("malformed request: " + e);
+        }
+    }
+    
     private TimeStampReq req;
     private Extensions extensions;
 
@@ -45,7 +79,7 @@ public TimeStampRequest(TimeStampReq req)
     public TimeStampRequest(byte[] req) 
         throws IOException
     {
-        this(new ByteArrayInputStream(req));
+        this(parseTimeStampReq(req));
     }
 
     /**
@@ -57,31 +91,24 @@ public TimeStampRequest(byte[] req)
     public TimeStampRequest(InputStream in) 
         throws IOException
     {
-        this(loadRequest(in));
+        this(parseTimeStampReq(in));
     }
 
-    private static TimeStampReq loadRequest(InputStream in)
-        throws IOException
+    public TimeStampReq toASN1Structure()
     {
-        try
-        {
-            return TimeStampReq.getInstance(new ASN1InputStream(in).readObject());
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("malformed request: " + e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("malformed request: " + e);
-        }
+        return req;
     }
 
     public int getVersion()
     {
         return req.getVersion().intValueExact();
     }
 
+    public MessageImprint getMessageImprint()
+    {
+        return req.getMessageImprint();
+    }
+
     public ASN1ObjectIdentifier getMessageImprintAlgOID()
     {
         return req.getMessageImprint().getHashAlgorithm().getAlgorithm();
@@ -172,7 +199,7 @@ public void validate(
             Enumeration en = this.getExtensions().oids();
             while(en.hasMoreElements())
             {
-                ASN1ObjectIdentifier  oid = (ASN1ObjectIdentifier)en.nextElement();
+                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)en.nextElement();
                 if (!extensions.contains(oid))
                 {
                     throw new TSPValidationException("request contains unknown extension", PKIFailureInfo.unacceptedExtension);
@@ -182,7 +209,7 @@ public void validate(
 
         int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID().getId());
 
-        if (digestLength != this.getMessageImprintDigest().length)
+        if (digestLength != this.getMessageImprint().getHashedMessageLength())
         {
             throw new TSPValidationException("imprint digest the wrong length", PKIFailureInfo.badDataFormat);
         }

pkix/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java

@@ -1,12 +1,11 @@
 package org.bouncycastle.tsp;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 
-import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.DLSequence;
 import org.bouncycastle.asn1.cmp.PKIFailureInfo;
 import org.bouncycastle.asn1.cmp.PKIFreeText;
@@ -22,18 +21,50 @@
  */
 public class TimeStampResponse
 {
-    TimeStampResp   resp;
-    TimeStampToken  timeStampToken;
+    private static TimeStampResp parseTimeStampResp(byte[] encoding) 
+        throws IOException, TSPException
+    {
+        try
+        {
+            return TimeStampResp.getInstance(encoding);
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new TSPException("malformed timestamp response: " + e, e);
+        }
+        catch (ClassCastException e)
+        {
+            throw new TSPException("malformed timestamp response: " + e, e);
+        }
+    }
+
+    private static TimeStampResp parseTimeStampResp(InputStream in) 
+        throws IOException, TSPException
+    {
+        try
+        {
+            return TimeStampResp.getInstance(new ASN1InputStream(in).readObject());
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new TSPException("malformed timestamp response: " + e, e);
+        }
+        catch (ClassCastException e)
+        {
+            throw new TSPException("malformed timestamp response: " + e, e);
+        }
+    }
+
+    private final TimeStampResp resp;
+    private final TimeStampToken timeStampToken;
 
     public TimeStampResponse(TimeStampResp resp)
         throws TSPException, IOException
     {
         this.resp = resp;
-        
-        if (resp.getTimeStampToken() != null)
-        {
-            timeStampToken = new TimeStampToken(resp.getTimeStampToken());
-        }
+
+        ContentInfo timeStampToken = resp.getTimeStampToken();
+        this.timeStampToken = timeStampToken == null ? null : new TimeStampToken(timeStampToken);
     }
 
     /**
@@ -46,7 +77,7 @@ public TimeStampResponse(TimeStampResp resp)
     public TimeStampResponse(byte[] resp)
         throws TSPException, IOException
     {
-        this(new ByteArrayInputStream(resp));
+        this(parseTimeStampResp(resp));
     }
 
     /**
@@ -59,7 +90,7 @@ public TimeStampResponse(byte[] resp)
     public TimeStampResponse(InputStream in)
         throws TSPException, IOException
     {
-        this(readTimeStampResp(in));
+        this(parseTimeStampResp(in));
     }
 
     TimeStampResponse(DLSequence dlSequence)
@@ -80,45 +111,25 @@ public TimeStampResponse(InputStream in)
         }
     }
 
-    private static TimeStampResp readTimeStampResp(
-        InputStream in) 
-        throws IOException, TSPException
-    {
-        try
-        {
-            return TimeStampResp.getInstance(new ASN1InputStream(in).readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new TSPException("malformed timestamp response: " + e, e);
-        }
-        catch (ClassCastException e)
-        {
-            throw new TSPException("malformed timestamp response: " + e, e);
-        }
-    }
-    
     public int getStatus()
     {
-        return resp.getStatus().getStatus().intValue();
+        return resp.getStatus().getStatusObject().intValueExact();
     }
 
     public String getStatusString()
     {
-        if (resp.getStatus().getStatusString() != null)
+        if (resp.getStatus().getStatusString() == null)
         {
-            StringBuffer statusStringBuf = new StringBuffer();
-            PKIFreeText text = resp.getStatus().getStatusString();
-            for (int i = 0; i != text.size(); i++)
-            {
-                statusStringBuf.append(text.getStringAtUTF8(i).getString());
-            }
-            return statusStringBuf.toString();
+            return null;
         }
-        else
+
+        StringBuffer statusStringBuf = new StringBuffer();
+        PKIFreeText text = resp.getStatus().getStatusString();
+        for (int i = 0; i != text.size(); i++)
         {
-            return null;
+            statusStringBuf.append(text.getStringAtUTF8(i).getString());
         }
+        return statusStringBuf.toString();
     }
 
     public PKIFailureInfo getFailInfo()
@@ -152,7 +163,7 @@ public void validate(
 
         if (tok != null)
         {
-            TimeStampTokenInfo  tstInfo = tok.getTimeStampInfo();
+            TimeStampTokenInfo tstInfo = tok.getTimeStampInfo();
 
             if (request.getNonce() != null && !request.getNonce().equals(tstInfo.getNonce()))
             {
@@ -163,17 +174,18 @@ public void validate(
             {
                 throw new TSPValidationException("time stamp token found in failed request.");
             }
-            
-            if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest()))
-            {
-                throw new TSPValidationException("response for different message imprint digest.");
-            }
-            
+
+            // TODO Should be (absent-parameters-flexible) equality of the whole AlgorithmIdentifier?
             if (!tstInfo.getMessageImprintAlgOID().equals(request.getMessageImprintAlgOID()))
             {
                 throw new TSPValidationException("response for different message imprint algorithm.");
             }
 
+            if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest()))
+            {
+                throw new TSPValidationException("response for different message imprint digest.");
+            }
+
             Attribute scV1 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
             Attribute scV2 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
 
@@ -216,16 +228,13 @@ public byte[] getEncoded() throws IOException
      */
     public byte[] getEncoded(String encoding) throws IOException
     {
+        ASN1Object asn1Object = resp;
         if (ASN1Encoding.DL.equals(encoding))
         {
-            if (timeStampToken == null)
-            {
-                return new DLSequence(resp.getStatus()).getEncoded(encoding);
-            }
-
-            return new DLSequence(new ASN1Encodable[] { resp.getStatus(),
-                timeStampToken.toCMSSignedData().toASN1Structure() }).getEncoded(encoding);
+            asn1Object = timeStampToken == null
+                ? new DLSequence(resp.getStatus())
+                : new DLSequence(resp.getStatus(), timeStampToken.toCMSSignedData().toASN1Structure());
         }
-        return resp.getEncoded(encoding);
+        return asn1Object.getEncoded(encoding);
     }
 }

pkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java

@@ -195,7 +195,7 @@ public void validate(
             cOut.write(certHolder.getEncoded());
             cOut.close();
 
-            if (!Arrays.constantTimeAreEqual(certID.getCertHash(), calc.getDigest()))
+            if (!Arrays.constantTimeAreEqual(certID.getCertHashObject().getOctets(), calc.getDigest()))
             {
                 throw new TSPValidationException("certificate hash does not match certID hash.");
             }

pkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java

@@ -32,6 +32,7 @@
 import org.bouncycastle.asn1.tsp.Accuracy;
 import org.bouncycastle.asn1.tsp.MessageImprint;
 import org.bouncycastle.asn1.tsp.TSTInfo;
+import org.bouncycastle.asn1.tsp.TimeStampReq;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.ExtensionsGenerator;
@@ -371,8 +372,9 @@ public TimeStampToken generate(
         Extensions          additionalExtensions)
         throws TSPException
     {
-        AlgorithmIdentifier algID = request.getMessageImprintAlgID();
-        MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
+        TimeStampReq timeStampReq = request.toASN1Structure();
+
+        MessageImprint messageImprint = timeStampReq.getMessageImprint();
 
         Accuracy accuracy = null;
         if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
@@ -404,16 +406,12 @@ public TimeStampToken generate(
             derOrdering = ASN1Boolean.getInstance(ordering);
         }
 
-        ASN1Integer nonce = null;
-        if (request.getNonce() != null)
-        {
-            nonce = new ASN1Integer(request.getNonce());
-        }
+        ASN1Integer nonce = timeStampReq.getNonce();
 
-        ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
-        if (request.getReqPolicy() != null)
+        ASN1ObjectIdentifier tsaPolicy = timeStampReq.getReqPolicy();
+        if (tsaPolicy == null)
         {
-            tsaPolicy = request.getReqPolicy();
+            tsaPolicy = this.tsaPolicyOID;
         }
 
         Extensions respExtensions = request.getExtensions();

util/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java

@@ -110,6 +110,11 @@ public BigInteger getStatus()
         return status.getValue();
     }
 
+    public ASN1Integer getStatusObject()
+    {
+        return status;
+    }
+
     public PKIFreeText getStatusString()
     {
         return statusString;