Define DerSequenceReader.ContextSpecificTagFlag, and use it instead of magic 0x80/0x81.

Also added comments for the sourcing of the context specific tag relevance for the Policy Constraints extension.

Author: bartonjs

src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/CertificatePolicy.cs

@@ -299,12 +299,14 @@ private static void ReadCertPolicyConstraintsExtension(X509Extension extension,
 
             while (reader.HasData)
             {
+                // Policy Constraints context specific tag values are defined in RFC 3280 4.2.1.12,
+                // and restated (unchanged) in RFC 5280 4.2.1.11.
                 switch (reader.PeekTag())
                 {
-                    case 0x80:
+                    case DerSequenceReader.ContextSpecificTagFlag | 0:
                         policy.RequireExplicitPolicyDepth = reader.ReadInteger();
                         break;
-                    case 0x81:
+                    case DerSequenceReader.ContextSpecificTagFlag | 1:
                         policy.InhibitMappingDepth = reader.ReadInteger();
                         break;
                     default:

src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/DerSequenceReader.cs

@@ -12,6 +12,8 @@ namespace Internal.Cryptography.Pal
     /// </summary>
     internal class DerSequenceReader
     {
+        internal const byte ContextSpecificTagFlag = 0x80;
+
         private readonly byte[] _data;
         private readonly int _end;
         private int _position;
@@ -206,7 +208,7 @@ private static void CheckTag(DerTag expected, byte[] data, int position)
             byte actual = data[position];
 
             // Context-specific datatypes cannot be tag-verified
-            if (actual >= 0x80)
+            if ((actual & ContextSpecificTagFlag) != 0)
             {
                 return;
             }