fixed typo in ASN1TaggedObject exception message

moved DeltaCertificate support to use explicit tags.

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java

@@ -358,7 +358,7 @@ ASN1Primitive getBaseUniversal(boolean declaredExplicit, ASN1UniversalType unive
         {
             if (!isExplicit())
             {
-                throw new IllegalStateException("object explicit - implicit expected.");
+                throw new IllegalStateException("object implicit - explicit expected.");
             }
 
             return universalType.checkedCast(obj.toASN1Primitive());

core/src/main/java/org/bouncycastle/asn1/x509/DeltaCertificateDescriptor.java

@@ -83,13 +83,13 @@ private DeltaCertificateDescriptor(ASN1Sequence seq)
             switch (tagged.getTagNo())
             {
             case 0:
-                signature = AlgorithmIdentifier.getInstance(tagged, false);
+                signature = AlgorithmIdentifier.getInstance(tagged, true);
                 break;
             case 1:
                 issuer = X500Name.getInstance(tagged, true);   // issuer
                 break;
             case 2:
-                validity = ASN1Sequence.getInstance(tagged, false);
+                validity = ASN1Sequence.getInstance(tagged, true);
                 break;
             case 3:
                 subject = X500Name.getInstance(tagged, true);   // subject
@@ -107,7 +107,7 @@ private DeltaCertificateDescriptor(ASN1Sequence seq)
             switch (tagged.getTagNo())
             {
             case 4:
-                extensions = Extensions.getInstance(tagged, false); 
+                extensions = Extensions.getInstance(tagged, true);
                 break;
             }
             next = seq.getObjectAt(idx++);
@@ -178,7 +178,7 @@ public DeltaCertificateDescriptor trimTo(TBSCertificate baseTbsCertificate, Exte
             switch (tagged.getTagNo())
             {
             case 0:
-                AlgorithmIdentifier sig = AlgorithmIdentifier.getInstance(tagged, false);
+                AlgorithmIdentifier sig = AlgorithmIdentifier.getInstance(tagged, true);
                 if (!sig.equals(signature))
                 {
                     v.add(next);
@@ -192,7 +192,7 @@ public DeltaCertificateDescriptor trimTo(TBSCertificate baseTbsCertificate, Exte
                 }
                 break;
             case 2:
-                ASN1Sequence val = ASN1Sequence.getInstance(tagged, false);
+                ASN1Sequence val = ASN1Sequence.getInstance(tagged, true);
                 if (!val.equals(validity))
                 {
                     v.add(next);
@@ -218,7 +218,7 @@ public DeltaCertificateDescriptor trimTo(TBSCertificate baseTbsCertificate, Exte
             switch (tagged.getTagNo())
             {
             case 4:
-                Extensions deltaExts = Extensions.getInstance(tagged, false);
+                Extensions deltaExts = Extensions.getInstance(tagged, true);
                 ExtensionsGenerator deltaExtGen = new ExtensionsGenerator();
                 for (Enumeration extEn = deltaExts.oids(); extEn.hasMoreElements(); )
                 {
@@ -237,7 +237,7 @@ public DeltaCertificateDescriptor trimTo(TBSCertificate baseTbsCertificate, Exte
                 DeltaCertificateDescriptor trimmedDeltaCertDesc;
                 if (!deltaExtGen.isEmpty())
                 {
-                    v.add(new DERTaggedObject(false, 4, deltaExtGen.generate()));
+                    v.add(new DERTaggedObject(true, 4, deltaExtGen.generate()));
                 }
             }
             next = (ASN1Encodable)en.nextElement();
@@ -261,12 +261,12 @@ public ASN1Primitive toASN1Primitive()
         ASN1EncodableVector v = new ASN1EncodableVector(7);
 
         v.add(serialNumber);
-        addOptional(v, 0, false, signature);
+        addOptional(v, 0, true, signature);
         addOptional(v, 1, true, issuer); // CHOICE
-        addOptional(v, 2, false, validity);
+        addOptional(v, 2, true, validity);
         addOptional(v, 3, true, subject);  // CHOICE
         v.add(subjectPublicKeyInfo);
-        addOptional(v, 4, false, extensions);
+        addOptional(v, 4, true, extensions);
         v.add(signatureValue);
 
         return new DERSequence(v);

pkix/src/main/java/org/bouncycastle/cert/DeltaCertificateTool.java

@@ -28,19 +28,19 @@ public static Extension makeDeltaCertificateExtension(boolean isCritical, X509Ce
         ASN1EncodableVector deltaV = new ASN1EncodableVector();
 
         deltaV.add(new ASN1Integer(deltaCert.getSerialNumber()));
-        deltaV.add(new DERTaggedObject(false, 0, deltaCert.getSignatureAlgorithm()));
-        deltaV.add(new DERTaggedObject(false, 1, deltaCert.getIssuer()));
+        deltaV.add(new DERTaggedObject(true, 0, deltaCert.getSignatureAlgorithm()));
+        deltaV.add(new DERTaggedObject(true, 1, deltaCert.getIssuer()));
 
         ASN1EncodableVector validity = new ASN1EncodableVector(2);
         validity.add(deltaCert.toASN1Structure().getStartDate());
         validity.add(deltaCert.toASN1Structure().getEndDate());
 
-        deltaV.add(new DERTaggedObject(false, 2, new DERSequence(validity)));
-        deltaV.add(new DERTaggedObject(false, 3, deltaCert.getSubject()));
+        deltaV.add(new DERTaggedObject(true, 2, new DERSequence(validity)));
+        deltaV.add(new DERTaggedObject(true, 3, deltaCert.getSubject()));
         deltaV.add(deltaCert.getSubjectPublicKeyInfo());
         if (deltaCert.getExtensions() != null)
         {
-            deltaV.add(new DERTaggedObject(false, 4, deltaCert.getExtensions()));
+            deltaV.add(new DERTaggedObject(true, 4, deltaCert.getExtensions()));
         }
         deltaV.add(new DERBitString(deltaCert.getSignature()));
 
@@ -51,6 +51,10 @@ public static X509CertificateHolder extractDeltaCertificate(X509CertificateHolde
     {
         ASN1ObjectIdentifier deltaExtOid = Extension.deltaCertificateDescriptor;
         Extension deltaExt = originCert.getExtension(deltaExtOid);
+        if (deltaExt == null)
+        {
+            throw new IllegalStateException("no deltaCertificateDescriptor present");
+        }
 
         ASN1Sequence seq = ASN1Sequence.getInstance(deltaExt.getParsedValue());
 //        *      version          [ 0 ]  Version DEFAULT v1(0),
@@ -77,13 +81,13 @@ public static X509CertificateHolder extractDeltaCertificate(X509CertificateHolde
             switch (tagged.getTagNo())
             {
             case 0:
-                extracted[2] = ASN1Sequence.getInstance(tagged, false);
+                extracted[2] = ASN1Sequence.getInstance(tagged, true);
                 break;
             case 1:
                 extracted[3] = ASN1Sequence.getInstance(tagged, true);   // issuer
                 break;
             case 2:
-                extracted[4] = ASN1Sequence.getInstance(tagged, false);
+                extracted[4] = ASN1Sequence.getInstance(tagged, true);
                 break;
             case 3:
                 extracted[5] = ASN1Sequence.getInstance((ASN1TaggedObject)next, true);   // subject
@@ -125,7 +129,7 @@ public static X509CertificateHolder extractDeltaCertificate(X509CertificateHolde
                 throw new IllegalArgumentException("malformed delta extension");
             }
 
-            ASN1Sequence deltaExts = ASN1Sequence.getInstance(tagged, false);
+            ASN1Sequence deltaExts = ASN1Sequence.getInstance(tagged, true);
 
             for (int i = 0; i != deltaExts.size(); i++)
             {

pkix/src/main/java/org/bouncycastle/pkcs/DeltaCertificateRequestAttributeValue.java

@@ -7,6 +7,7 @@
 import org.bouncycastle.asn1.pkcs.Attribute;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.DeltaCertificateDescriptor;
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 
@@ -27,6 +28,21 @@ public DeltaCertificateRequestAttributeValue(Attribute attribute)
         this(ASN1Sequence.getInstance(attribute.getAttributeValues()[0]));
     }
 
+    public static DeltaCertificateRequestAttributeValue getInstance(Object o)
+    {
+        if (o instanceof DeltaCertificateDescriptor)
+        {
+            return (DeltaCertificateRequestAttributeValue)o;
+        }
+        
+        if (o != null)
+        {
+            new DeltaCertificateRequestAttributeValue(ASN1Sequence.getInstance(o));
+        }
+
+        return null;
+    }
+
     DeltaCertificateRequestAttributeValue(ASN1Sequence attrSeq)
     {
         this.attrSeq = attrSeq;
@@ -56,11 +72,11 @@ public DeltaCertificateRequestAttributeValue(Attribute attribute)
                 ASN1TaggedObject tagObj = ASN1TaggedObject.getInstance(attrSeq.getObjectAt(idx));
                 if (tagObj.getTagNo() == 1)
                 {
-                    ext = Extensions.getInstance(tagObj, false);
+                    ext = Extensions.getInstance(tagObj, true);
                 }
                 else if (tagObj.getTagNo() == 2)
                 {
-                    sigAlg = AlgorithmIdentifier.getInstance(tagObj, false);
+                    sigAlg = AlgorithmIdentifier.getInstance(tagObj, true);
                 }
                 else
                 {