Refactoring in TSP

Author: peterdettman

pkix/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java

@@ -13,57 +13,70 @@
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.ExtensionsGenerator;
 import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
 
 /**
  * Generator for RFC 3161 Time Stamp Request objects.
  */
 public class TimeStampRequestGenerator
 {
-    private static final DefaultDigestAlgorithmIdentifierFinder dgstAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
+    private static final DefaultDigestAlgorithmIdentifierFinder DEFAULT_DIGEST_ALG_FINDER =
+        new DefaultDigestAlgorithmIdentifierFinder();
 
-    private ASN1ObjectIdentifier reqPolicy;
+    private final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
+
+    private final DigestAlgorithmIdentifierFinder digestAlgFinder;
 
+    private ASN1ObjectIdentifier reqPolicy;
     private ASN1Boolean certReq;
-    private ExtensionsGenerator extGenerator = new ExtensionsGenerator();
 
     public TimeStampRequestGenerator()
     {
+        this(DEFAULT_DIGEST_ALG_FINDER);
+    }
+
+    public TimeStampRequestGenerator(DigestAlgorithmIdentifierFinder digestAlgFinder)
+    {
+        if (digestAlgFinder == null)
+        {
+            throw new NullPointerException("'digestAlgFinder' cannot be null");
+        }
+
+        this.digestAlgFinder = digestAlgFinder;
     }
 
+    public void setReqPolicy(ASN1ObjectIdentifier reqPolicy)
+    {
+        this.reqPolicy = reqPolicy;
+    }
+    
     /**
      * @deprecated use method taking ASN1ObjectIdentifier
      * @param reqPolicy
      */
-    public void setReqPolicy(
-        String reqPolicy)
+    public void setReqPolicy(String reqPolicy)
     {
-        this.reqPolicy= new ASN1ObjectIdentifier(reqPolicy);
+        setReqPolicy(new ASN1ObjectIdentifier(reqPolicy));
     }
 
-    public void setReqPolicy(
-        ASN1ObjectIdentifier reqPolicy)
+    public void setCertReq(ASN1Boolean certReq)
     {
-        this.reqPolicy= reqPolicy;
+        this.certReq = certReq;
     }
 
-    public void setCertReq(
-        boolean certReq)
+    public void setCertReq(boolean certReq)
     {
-        this.certReq = ASN1Boolean.getInstance(certReq);
+        setCertReq(ASN1Boolean.getInstance(certReq));
     }
 
     /**
      * add a given extension field for the standard extensions tag (tag 3)
      * @throws IOException
      * @deprecated use method taking ASN1ObjectIdentifier
      */
-    public void addExtension(
-        String          OID,
-        boolean         critical,
-        ASN1Encodable   value)
-        throws IOException
+    public void addExtension(String OID, boolean critical, ASN1Encodable value) throws IOException
     {
-        this.addExtension(OID, critical, value.toASN1Primitive().getEncoded());
+        addExtension(new ASN1ObjectIdentifier(OID), critical, value);
     }
 
     /**
@@ -72,23 +85,16 @@ public void addExtension(
      * with the extension.
      * @deprecated use method taking ASN1ObjectIdentifier
      */
-    public void addExtension(
-        String          OID,
-        boolean         critical,
-        byte[]          value)
+    public void addExtension(String OID, boolean critical, byte[] value)
     {
-        extGenerator.addExtension(new ASN1ObjectIdentifier(OID), critical, value);
+        addExtension(new ASN1ObjectIdentifier(OID), critical, value);
     }
 
     /**
      * add a given extension field for the standard extensions tag (tag 3)
      * @throws TSPIOException
      */
-    public void addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean              isCritical,
-        ASN1Encodable        value)
-        throws TSPIOException
+    public void addExtension(ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value) throws TSPIOException
     {
         TSPUtil.addExtension(extGenerator, oid, isCritical, value);
     }
@@ -98,106 +104,58 @@ public void addExtension(
      * The value parameter becomes the contents of the octet string associated
      * with the extension.
      */
-    public void addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean              isCritical,
-        byte[]               value)
+    public void addExtension(ASN1ObjectIdentifier oid, boolean isCritical, byte[] value)
     {
         extGenerator.addExtension(oid, isCritical, value);
     }
 
     /**
-     * @deprecated use method taking ANS1ObjectIdentifier
+     * @deprecated use method taking ANS1ObjectIdentifier or AlgorithmIdentifier
      */
-    public TimeStampRequest generate(
-        String digestAlgorithm,
-        byte[] digest)
+    public TimeStampRequest generate(String digestAlgorithm, byte[] digest)
     {
-        return this.generate(digestAlgorithm, digest, null);
+        return generate(digestAlgorithm, digest, null);
     }
 
     /**
-     * @deprecated use method taking ANS1ObjectIdentifier
+     * @deprecated use method taking ANS1ObjectIdentifier or AlgorithmIdentifier
      */
-    public TimeStampRequest generate(
-        String      digestAlgorithmOID,
-        byte[]      digest,
-        BigInteger  nonce)
+    public TimeStampRequest generate(String digestAlgorithmOID, byte[] digest, BigInteger nonce)
     {
         if (digestAlgorithmOID == null)
         {
-            throw new IllegalArgumentException("No digest algorithm specified");
+            throw new NullPointerException("'digestAlgorithmOID' cannot be null");
         }
 
-        ASN1ObjectIdentifier digestAlgOID = new ASN1ObjectIdentifier(digestAlgorithmOID);
-
-        AlgorithmIdentifier algID = dgstAlgFinder.find(digestAlgOID);
-        MessageImprint messageImprint = new MessageImprint(algID, digest);
-
-        Extensions  ext = null;
-        
-        if (!extGenerator.isEmpty())
-        {
-            ext = extGenerator.generate();
-        }
-        
-        if (nonce != null)
-        {
-            return new TimeStampRequest(new TimeStampReq(messageImprint,
-                    reqPolicy, new ASN1Integer(nonce), certReq, ext));
-        }
-        else
-        {
-            return new TimeStampRequest(new TimeStampReq(messageImprint,
-                    reqPolicy, null, certReq, ext));
-        }
+        return generate(new ASN1ObjectIdentifier(digestAlgorithmOID), digest, nonce);
     }
 
     public TimeStampRequest generate(ASN1ObjectIdentifier digestAlgorithm, byte[] digest)
     {
-        return generate(dgstAlgFinder.find(digestAlgorithm), digest);
+        return generate(digestAlgorithm, digest, null);
     }
 
     public TimeStampRequest generate(ASN1ObjectIdentifier digestAlgorithm, byte[] digest, BigInteger nonce)
     {
-        return generate(dgstAlgFinder.find(digestAlgorithm), digest, nonce);
+        return generate(digestAlgFinder.find(digestAlgorithm), digest, nonce);
     }
 
-    public TimeStampRequest generate(
-        AlgorithmIdentifier     digestAlgorithmID,
-        byte[]                  digest)
+    public TimeStampRequest generate(AlgorithmIdentifier digestAlgorithmID, byte[] digest)
     {
         return generate(digestAlgorithmID, digest, null);
     }
 
-    public TimeStampRequest generate(
-        AlgorithmIdentifier     digestAlgorithmID,
-        byte[]                  digest,
-        BigInteger              nonce)
+    public TimeStampRequest generate(AlgorithmIdentifier digestAlgorithmID, byte[] digest, BigInteger nonce)
     {
         if (digestAlgorithmID == null)
         {
-            throw new IllegalArgumentException("digest algorithm not specified");
+            throw new NullPointerException("'digestAlgorithmID' cannot be null");
         }
 
         MessageImprint messageImprint = new MessageImprint(digestAlgorithmID, digest);
+        ASN1Integer reqNonce = nonce == null ? null : new ASN1Integer(nonce);
+        Extensions ext = extGenerator.isEmpty() ? null : extGenerator.generate();
 
-        Extensions  ext = null;
-
-        if (!extGenerator.isEmpty())
-        {
-            ext = extGenerator.generate();
-        }
-
-        if (nonce != null)
-        {
-            return new TimeStampRequest(new TimeStampReq(messageImprint,
-                    reqPolicy, new ASN1Integer(nonce), certReq, ext));
-        }
-        else
-        {
-            return new TimeStampRequest(new TimeStampReq(messageImprint,
-                    reqPolicy, null, certReq, ext));
-        }
+        return new TimeStampRequest(new TimeStampReq(messageImprint, reqPolicy, reqNonce, certReq, ext));
     }
 }

pkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java

@@ -6,20 +6,17 @@
 import java.util.Collection;
 
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.cms.Attribute;
 import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
 import org.bouncycastle.asn1.ess.ESSCertID;
 import org.bouncycastle.asn1.ess.ESSCertIDv2;
 import org.bouncycastle.asn1.ess.SigningCertificate;
 import org.bouncycastle.asn1.ess.SigningCertificateV2;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.tsp.TSTInfo;
 import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.Certificate;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.IssuerSerial;
 import org.bouncycastle.cert.X509AttributeCertificateHolder;
@@ -47,7 +44,7 @@ public class TimeStampToken
 
     TimeStampTokenInfo tstInfo;
 
-    CertID   certID;
+    ESSCertIDv2 certID;
 
     public TimeStampToken(ContentInfo contentInfo)
         throws TSPException, IOException
@@ -96,15 +93,15 @@ public TimeStampToken(CMSSignedData signedData)
 
             content.write(bOut);
 
-            this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(ASN1Primitive.fromByteArray(bOut.toByteArray())));
-            
+            this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(bOut.toByteArray()));
+
             Attribute attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
 
             if (attr != null)
             {
                 SigningCertificate signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0));
 
-                this.certID = new CertID(ESSCertID.getInstance(signCert.getCerts()[0]));
+                this.certID = ESSCertIDv2.from(ESSCertID.getInstance(signCert.getCerts()[0]));
             }
             else
             {
@@ -117,7 +114,7 @@ public TimeStampToken(CMSSignedData signedData)
 
                 SigningCertificateV2 signCertV2 = SigningCertificateV2.getInstance(attr.getAttrValues().getObjectAt(0));
 
-                this.certID = new CertID(ESSCertIDv2.getInstance(signCertV2.getCerts()[0]));
+                this.certID = ESSCertIDv2.getInstance(signCertV2.getCerts()[0]);
             }
         }
         catch (CMSException e)
@@ -195,7 +192,6 @@ public void validate(
             DigestCalculator calc = sigVerifier.getDigestCalculator(certID.getHashAlgorithm());
 
             OutputStream cOut = calc.getOutputStream();
-
             cOut.write(certHolder.getEncoded());
             cOut.close();
 
@@ -204,21 +200,23 @@ public void validate(
                 throw new TSPValidationException("certificate hash does not match certID hash.");
             }
 
-            if (certID.getIssuerSerial() != null)
+            IssuerSerial issuerSerial = certID.getIssuerSerial();
+            if (issuerSerial != null)
             {
-                IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(certHolder.toASN1Structure());
+                Certificate c = certHolder.toASN1Structure();
 
-                if (!certID.getIssuerSerial().getSerial().equals(issuerSerial.getSerialNumber()))
+                if (!issuerSerial.getSerial().equals(c.getSerialNumber()))
                 {
                     throw new TSPValidationException("certificate serial number does not match certID for signature.");
                 }
 
-                GeneralName[]   names = certID.getIssuerSerial().getIssuer().getNames();
-                boolean         found = false;
+                GeneralName[] names = issuerSerial.getIssuer().getNames();
+                boolean found = false;
 
                 for (int i = 0; i != names.length; i++)
                 {
-                    if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerSerial.getName())))
+                    if (names[i].getTagNo() == GeneralName.directoryName &&
+                        X500Name.getInstance(names[i].getName()).equals(c.getIssuer()))
                     {
                         found = true;
                         break;
@@ -326,59 +324,4 @@ public byte[] getEncoded(String encoding)
     {
         return tsToken.getEncoded(encoding);
     }
-
-    // perhaps this should be done using an interface on the ASN.1 classes...
-    private static class CertID
-    {
-        private ESSCertID certID;
-        private ESSCertIDv2 certIDv2;
-
-        CertID(ESSCertID certID)
-        {
-            this.certID = certID;
-            this.certIDv2 = null;
-        }
-
-        CertID(ESSCertIDv2 certID)
-        {
-            this.certIDv2 = certID;
-            this.certID = null;
-        }
-
-        public AlgorithmIdentifier getHashAlgorithm()
-        {
-            if (certID != null)
-            {
-                return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
-            }
-            else
-            {
-                return certIDv2.getHashAlgorithm();
-            }
-        }
-
-        public byte[] getCertHash()
-        {
-            if (certID != null)
-            {
-                return certID.getCertHash();
-            }
-            else
-            {
-                return certIDv2.getCertHash();
-            }
-        }
-
-        public IssuerSerial getIssuerSerial()
-        {
-            if (certID != null)
-            {
-                return certID.getIssuerSerial();
-            }
-            else
-            {
-                return certIDv2.getIssuerSerial();
-            }
-        }
-    }
 }