Refactor extensions code in X.509 types

Author: peterdettman

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java

@@ -15,6 +15,7 @@
 import org.bouncycastle.asn1.ASN1Enumerated;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.util.ASN1Dump;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.CRLReason;
@@ -78,9 +79,9 @@ protected X509CRLEntryObject(
      */
     public boolean hasUnsupportedCriticalExtension()
     {
-        Set extns = getCriticalExtensionOIDs();
+        Extensions extensions = c.getExtensions();
 
-        return extns != null && !extns.isEmpty();
+        return extensions != null && extensions.hasAnyCriticalExtensions();
     }
 
     private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer)
@@ -90,15 +91,15 @@ private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCert
             return null;
         }
 
-        Extension ext = getExtension(Extension.certificateIssuer);
-        if (ext == null)
+        ASN1OctetString extValue = Extensions.getExtensionValue(c.getExtensions(), Extension.certificateIssuer);
+        if (extValue == null)
         {
             return previousCertificateIssuer;
         }
 
         try
         {
-            GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames();
+            GeneralName[] names = GeneralNames.getInstance(extValue.getOctets()).getNames();
             for (int i = 0; i < names.length; i++)
             {
                 if (names[i].getTagNo() == GeneralName.directoryName)
@@ -166,35 +167,9 @@ public Set getNonCriticalExtensionOIDs()
         return getExtensionOIDs(false);
     }
 
-    private Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        Extensions exts = c.getExtensions();
-
-        if (exts != null)
-        {
-            return exts.getExtension(oid);
-        }
-
-        return null;
-    }
-
     public byte[] getExtensionValue(String oid)
     {
-        Extension ext = getExtension(new ASN1ObjectIdentifier(oid));
-
-        if (ext != null)
-        {
-            try
-            {
-                return ext.getExtnValue().getEncoded();
-            }
-            catch (Exception e)
-            {
-                throw new IllegalStateException("Exception encoding: " + e.toString());
-            }
-        }
-
-        return null;
+        return X509SignatureUtil.getExtensionValue(c.getExtensions(), oid);
     }
 
     /**

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLImpl.java

@@ -54,7 +54,6 @@
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Exceptions;
 import org.bouncycastle.util.Strings;
 
 /**
@@ -84,30 +83,41 @@ abstract class X509CRLImpl
         this.isIndirect = isIndirect;
     }
 
-    /**
-     * Will return true if any extensions are present and marked
-     * as critical as we currently dont handle any extensions!
-     */
     public boolean hasUnsupportedCriticalExtension()
     {
-        Set extns = getCriticalExtensionOIDs();
-
-        if (extns == null)
+        if (getVersion() == 2)
         {
-            return false;
-        }
+            Extensions extensions = c.getExtensions();
+            if (extensions != null)
+            {
+                Enumeration e = extensions.oids();
+                while (e.hasMoreElements())
+                {
+                    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
 
-        extns.remove(Extension.issuingDistributionPoint.getId());
-        extns.remove(Extension.deltaCRLIndicator.getId());
+                    if (Extension.issuingDistributionPoint.equals(oid) ||
+                        Extension.deltaCRLIndicator.equals(oid))
+                    {
+                        continue;
+                    }
+
+                    Extension ext = extensions.getExtension(oid);
+                    if (ext.isCritical())
+                    {
+                        return true;
+                    }
+                }
+            }
+        }
 
-        return !extns.isEmpty();
+        return false;
     }
 
     private Set getExtensionOIDs(boolean critical)
     {
         if (this.getVersion() == 2)
         {
-            Extensions extensions = c.getTBSCertList().getExtensions();
+            Extensions extensions = c.getExtensions();
 
             if (extensions != null)
             {
@@ -144,26 +154,7 @@ public Set getNonCriticalExtensionOIDs()
 
     public byte[] getExtensionValue(String oid)
     {
-        if (oid != null)
-        {
-            ASN1ObjectIdentifier asn1Oid = ASN1ObjectIdentifier.tryFromID(oid);
-            if (asn1Oid != null)
-            {
-                ASN1OctetString extValue = getExtensionValue(c, asn1Oid);
-                if (null != extValue)
-                {
-                    try
-                    {
-                        return extValue.getEncoded();
-                    }
-                    catch (Exception e)
-                    {
-                        throw Exceptions.illegalStateException("error parsing " + e.getMessage(), e);
-                    }
-                }
-            }
-        }
-        return null;
+        return X509SignatureUtil.getExtensionValue(c.getExtensions(), oid);
     }
 
     public void verify(PublicKey key)
@@ -548,7 +539,7 @@ public String toString()
 
         X509SignatureUtil.prettyPrintSignature(this.getSignature(), buf, nl);
 
-        Extensions extensions = c.getTBSCertList().getExtensions();
+        Extensions extensions = c.getExtensions();
 
         if (extensions != null)
         {
@@ -708,25 +699,8 @@ public boolean isRevoked(Certificate cert)
 
     static byte[] getExtensionOctets(CertificateList c, ASN1ObjectIdentifier oid)
     {
-        ASN1OctetString extValue = getExtensionValue(c, oid);
-        if (null != extValue)
-        {
-            return extValue.getOctets();
-        }
-        return null;
-    }
+        ASN1OctetString extValue = Extensions.getExtensionValue(c.getExtensions(), oid);
 
-    static ASN1OctetString getExtensionValue(CertificateList c, ASN1ObjectIdentifier oid)
-    {
-        Extensions exts = c.getTBSCertList().getExtensions();
-        if (null != exts)
-        {
-            Extension ext = exts.getExtension(oid);
-            if (null != ext)
-            {
-                return ext.getExtnValue();
-            }
-        }
-        return null;
+        return extValue == null ? null : extValue.getOctets();
     }
 }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateImpl.java

@@ -271,7 +271,7 @@ public boolean[] getKeyUsage()
         return Arrays.clone(keyUsage);
     }
 
-    public List getExtendedKeyUsage() 
+    public List getExtendedKeyUsage()
         throws CertificateParsingException
     {
         byte[] extOctets = getExtensionOctets(c, Extension.extendedKeyUsage);
@@ -330,7 +330,7 @@ public Set getCriticalExtensionOIDs()
         if (this.getVersion() == 3)
         {
             Set             set = new HashSet();
-            Extensions  extensions = c.getTBSCertificate().getExtensions();
+            Extensions  extensions = c.getExtensions();
 
             if (extensions != null)
             {
@@ -356,34 +356,15 @@ public Set getCriticalExtensionOIDs()
 
     public byte[] getExtensionValue(String oid) 
     {
-        if (oid != null)
-        {
-            ASN1ObjectIdentifier asn1Oid = ASN1ObjectIdentifier.tryFromID(oid);
-            if (asn1Oid != null)
-            {
-                ASN1OctetString extValue = getExtensionValue(c, asn1Oid);
-                if (null != extValue)
-                {
-                    try
-                    {
-                        return extValue.getEncoded();
-                    }
-                    catch (Exception e)
-                    {
-                        throw Exceptions.illegalStateException("error parsing " + e.getMessage(), e);
-                    }
-                }
-            }
-        }
-        return null;
+        return X509SignatureUtil.getExtensionValue(c.getExtensions(), oid);
     }
 
     public Set getNonCriticalExtensionOIDs() 
     {
         if (this.getVersion() == 3)
         {
             Set             set = new HashSet();
-            Extensions  extensions = c.getTBSCertificate().getExtensions();
+            Extensions  extensions = c.getExtensions();
 
             if (extensions != null)
             {
@@ -409,35 +390,32 @@ public Set getNonCriticalExtensionOIDs()
 
     public boolean hasUnsupportedCriticalExtension()
     {
-        if (this.getVersion() == 3)
+        if (getVersion() == 3)
         {
-            Extensions  extensions = c.getTBSCertificate().getExtensions();
-
+            Extensions extensions = c.getExtensions();
             if (extensions != null)
             {
-                Enumeration     e = extensions.oids();
-
+                Enumeration e = extensions.oids();
                 while (e.hasMoreElements())
                 {
                     ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
 
-                    if (oid.equals(Extension.keyUsage)
-                     || oid.equals(Extension.certificatePolicies)
-                     || oid.equals(Extension.policyMappings)
-                     || oid.equals(Extension.inhibitAnyPolicy)
-                     || oid.equals(Extension.cRLDistributionPoints)
-                     || oid.equals(Extension.issuingDistributionPoint)
-                     || oid.equals(Extension.deltaCRLIndicator)
-                     || oid.equals(Extension.policyConstraints)
-                     || oid.equals(Extension.basicConstraints)
-                     || oid.equals(Extension.subjectAlternativeName)
-                     || oid.equals(Extension.nameConstraints))
+                    if (Extension.keyUsage.equals(oid) ||
+                        Extension.certificatePolicies.equals(oid) ||
+                        Extension.policyMappings.equals(oid) ||
+                        Extension.inhibitAnyPolicy.equals(oid) ||
+                        Extension.cRLDistributionPoints.equals(oid) ||
+                        Extension.issuingDistributionPoint.equals(oid) ||
+                        Extension.deltaCRLIndicator.equals(oid) ||
+                        Extension.policyConstraints.equals(oid) ||
+                        Extension.basicConstraints.equals(oid) ||
+                        Extension.subjectAlternativeName.equals(oid) ||
+                        Extension.nameConstraints.equals(oid))
                     {
                         continue;
                     }
 
-                    Extension       ext = extensions.getExtension(oid);
-
+                    Extension ext = extensions.getExtension(oid);
                     if (ext.isCritical())
                     {
                         return true;
@@ -477,7 +455,7 @@ public String toString()
 
         X509SignatureUtil.prettyPrintSignature(this.getSignature(), buf, nl);
 
-        Extensions extensions = c.getTBSCertificate().getExtensions();
+        Extensions extensions = c.getExtensions();
 
         if (extensions != null)
         {
@@ -852,25 +830,8 @@ private static Collection getAlternativeNames(org.bouncycastle.asn1.x509.Certifi
 
     static byte[] getExtensionOctets(org.bouncycastle.asn1.x509.Certificate c, ASN1ObjectIdentifier oid)
     {
-        ASN1OctetString extValue = getExtensionValue(c, oid);
-        if (null != extValue)
-        {
-            return extValue.getOctets();
-        }
-        return null;
-    }
+        ASN1OctetString extValue = Extensions.getExtensionValue(c.getExtensions(), oid);
 
-    static ASN1OctetString getExtensionValue(org.bouncycastle.asn1.x509.Certificate c, ASN1ObjectIdentifier oid)
-    {
-        Extensions exts = c.getTBSCertificate().getExtensions();
-        if (null != exts)
-        {
-            Extension ext = exts.getExtension(oid);
-            if (null != ext)
-            {
-                return ext.getExtnValue();
-            }
-        }
-        return null;
+        return extValue == null ? null : extValue.getOctets();
     }
 }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java

@@ -15,16 +15,19 @@
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.internal.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.jcajce.util.MessageDigestUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.Exceptions;
 import org.bouncycastle.util.Objects;
 import org.bouncycastle.util.Properties;
 import org.bouncycastle.util.encoders.Hex;
@@ -59,6 +62,30 @@ static boolean areEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentif
         return Objects.areEqual(id1.getParameters(), id2.getParameters());
     }
 
+    static byte[] getExtensionValue(Extensions extensions, String oid) 
+    {
+        if (oid != null)
+        {
+            ASN1ObjectIdentifier asn1Oid = ASN1ObjectIdentifier.tryFromID(oid);
+            if (asn1Oid != null)
+            {
+                ASN1OctetString extValue = Extensions.getExtensionValue(extensions, asn1Oid);
+                if (null != extValue)
+                {
+                    try
+                    {
+                        return extValue.getEncoded();
+                    }
+                    catch (Exception e)
+                    {
+                        throw Exceptions.illegalStateException("error parsing " + e.getMessage(), e);
+                    }
+                }
+            }
+        }
+        return null;
+    }
+
     private static boolean isAbsentOrEmptyParameters(ASN1Encodable parameters)
     {
         return parameters == null || DERNull.INSTANCE.equals(parameters);