Updates in asn1.cmp

peterdettman · peterdettman · commit 73d30e836ea3 · 2023-07-20T23:46:36.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/core/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
@@ -211,6 +211,11 @@ public int getTagNo()
         return tagNo;
     }
 
+    public boolean hasContextTag()
+    {
+        return this.tagClass == BERTags.CONTEXT_SPECIFIC;
+    }
+
     public boolean hasContextTag(int tagNo)
     {
         return this.tagClass == BERTags.CONTEXT_SPECIFIC && this.tagNo == tagNo;
@@ -221,6 +226,11 @@ public boolean hasTag(int tagClass, int tagNo)
         return this.tagClass == tagClass && this.tagNo == tagNo;
     }
 
+    public boolean hasTagClass(int tagClass)
+    {
+        return this.tagClass == tagClass;
+    }
+
     /**
      * return whether or not the object may be explicitly tagged. 
      * <p>
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/CRLSource.java b/util/src/main/java/org/bouncycastle/asn1/cmp/CRLSource.java
@@ -4,6 +4,7 @@
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1Util;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x509.DistributionPointName;
 import org.bouncycastle.asn1.x509.GeneralNames;
@@ -28,18 +29,19 @@ public class CRLSource
 
     private CRLSource(ASN1TaggedObject ato)
     {
-        switch (ato.getTagNo())
+        if (ato.hasContextTag(0))
         {
-        case 0:
             dpn = DistributionPointName.getInstance(ato, true);
             issuer = null;
-            break;
-        case 1:
+        }
+        else if (ato.hasContextTag(1))
+        {
             dpn = null;
             issuer = GeneralNames.getInstance(ato, true);
-            break;
-        default:
-            throw new IllegalArgumentException("unknown tag " + ato.getTagNo());
+        }
+        else
+        {
+            throw new IllegalArgumentException("unknown tag " + ASN1Util.getTagText(ato));
         }
     }
 
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/CertOrEncCert.java b/util/src/main/java/org/bouncycastle/asn1/cmp/CertOrEncCert.java
@@ -4,6 +4,7 @@
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1Util;
 import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.crmf.EncryptedKey;
@@ -24,17 +25,17 @@ public class CertOrEncCert
 
     private CertOrEncCert(ASN1TaggedObject tagged)
     {
-        if (tagged.getTagNo() == 0)
+        if (tagged.hasContextTag(0))
         {
             certificate = CMPCertificate.getInstance(tagged.getExplicitBaseObject());
         }
-        else if (tagged.getTagNo() == 1)
+        else if (tagged.hasContextTag(1))
         {
             encryptedCert = EncryptedKey.getInstance(tagged.getExplicitBaseObject());
         }
         else
         {
-            throw new IllegalArgumentException("unknown tag: " + tagged.getTagNo());
+            throw new IllegalArgumentException("unknown tag: " + ASN1Util.getTagText(tagged));
         }
     }
 
@@ -48,24 +49,24 @@ public CertOrEncCert(CMPCertificate certificate)
         this.certificate = certificate;
     }
 
-    public CertOrEncCert(EncryptedValue encryptedCert)
+    public CertOrEncCert(EncryptedValue encryptedValue)
     {
-        if (encryptedCert == null)
+        if (encryptedValue == null)
         {
             throw new IllegalArgumentException("'encryptedCert' cannot be null");
         }
 
-        this.encryptedCert = new EncryptedKey(encryptedCert);
+        this.encryptedCert = new EncryptedKey(encryptedValue);
     }
 
-    public CertOrEncCert(EncryptedKey encryptedCert)
+    public CertOrEncCert(EncryptedKey encryptedKey)
     {
-        if (encryptedCert == null)
+        if (encryptedKey == null)
         {
             throw new IllegalArgumentException("'encryptedCert' cannot be null");
         }
 
-        this.encryptedCert = encryptedCert;
+        this.encryptedCert = encryptedKey;
     }
 
     public static CertOrEncCert getInstance(Object o)
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/CertRepMessage.java b/util/src/main/java/org/bouncycastle/asn1/cmp/CertRepMessage.java
@@ -18,7 +18,7 @@
 public class CertRepMessage
     extends ASN1Object
 {
-    private ASN1Sequence caPubs;
+    private final ASN1Sequence caPubs;
     private final ASN1Sequence response;
 
     private CertRepMessage(ASN1Sequence seq)
@@ -29,6 +29,10 @@ private CertRepMessage(ASN1Sequence seq)
         {
             caPubs = ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(index++), true);
         }
+        else
+        {
+            caPubs = null;
+        }
 
         response = ASN1Sequence.getInstance(seq.getObjectAt(index));
     }
@@ -44,6 +48,10 @@ public CertRepMessage(CMPCertificate[] caPubs, CertResponse[] response)
         {
             this.caPubs = new DERSequence(caPubs);
         }
+        else
+        {
+            this.caPubs = null;
+        }
 
         this.response = new DERSequence(response);
     }
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/CertResponse.java b/util/src/main/java/org/bouncycastle/asn1/cmp/CertResponse.java
@@ -111,6 +111,11 @@ public CertifiedKeyPair getCertifiedKeyPair()
         return certifiedKeyPair;
     }
 
+    public ASN1OctetString getRspInfo()
+    {
+        return rspInfo;
+    }
+
     /**
      * <pre>
      * CertResponse ::= SEQUENCE {
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/CertStatus.java b/util/src/main/java/org/bouncycastle/asn1/cmp/CertStatus.java
@@ -10,6 +10,7 @@
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1Util;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -29,13 +30,16 @@ public class CertStatus
 {
     private final ASN1OctetString certHash;
     private final ASN1Integer certReqId;
-    private PKIStatusInfo statusInfo;
-    private AlgorithmIdentifier hashAlg;
+    private final PKIStatusInfo statusInfo;
+    private final AlgorithmIdentifier hashAlg;
 
     private CertStatus(ASN1Sequence seq)
     {
-        certHash = ASN1OctetString.getInstance(seq.getObjectAt(0));
-        certReqId = ASN1Integer.getInstance(seq.getObjectAt(1));
+        this.certHash = ASN1OctetString.getInstance(seq.getObjectAt(0));
+        this.certReqId = ASN1Integer.getInstance(seq.getObjectAt(1));
+
+        PKIStatusInfo statusInfo = null;
+        AlgorithmIdentifier hashAlg = null;
 
         if (seq.size() > 2)
         {
@@ -49,14 +53,17 @@ private CertStatus(ASN1Sequence seq)
                 if (p instanceof ASN1TaggedObject)
                 {
                     ASN1TaggedObject dto = (ASN1TaggedObject)p;
-                    if (dto.getTagNo() != 0)
+                    if (!dto.hasContextTag(0))
                     {
-                        throw new IllegalArgumentException("unknown tag " + dto.getTagNo());
+                        throw new IllegalArgumentException("unknown tag " + ASN1Util.getTagText(dto));
                     }
                     hashAlg = AlgorithmIdentifier.getInstance(dto, true);
                 }
             }
         }
+
+        this.statusInfo = statusInfo;
+        this.hashAlg = hashAlg;
     }
 
     public CertStatus(byte[] certHash, BigInteger certReqId)
@@ -68,13 +75,16 @@ public CertStatus(byte[] certHash, ASN1Integer certReqId)
     {
         this.certHash = new DEROctetString(certHash);
         this.certReqId = certReqId;
+        this.statusInfo = null;
+        this.hashAlg = null;
     }
 
     public CertStatus(byte[] certHash, BigInteger certReqId, PKIStatusInfo statusInfo)
     {
         this.certHash = new DEROctetString(certHash);
         this.certReqId = new ASN1Integer(certReqId);
         this.statusInfo = statusInfo;
+        this.hashAlg = null;
     }
 
     public CertStatus(byte[] certHash, BigInteger certReqId, PKIStatusInfo statusInfo, AlgorithmIdentifier hashAlg)
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/Challenge.java b/util/src/main/java/org/bouncycastle/asn1/cmp/Challenge.java
@@ -41,7 +41,7 @@
 public class Challenge
     extends ASN1Object
 {
-    private AlgorithmIdentifier owf;
+    private final AlgorithmIdentifier owf;
     private final ASN1OctetString witness;
     private final ASN1OctetString challenge;
 
@@ -53,6 +53,10 @@ private Challenge(ASN1Sequence seq)
         {
             owf = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++));
         }
+        else
+        {
+            owf = null;
+        }
 
         witness = ASN1OctetString.getInstance(seq.getObjectAt(index++));
         challenge = ASN1OctetString.getInstance(seq.getObjectAt(index));
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/OOBCertHash.java b/util/src/main/java/org/bouncycastle/asn1/cmp/OOBCertHash.java
@@ -7,6 +7,7 @@
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1Util;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -27,30 +28,39 @@
 public class OOBCertHash
     extends ASN1Object
 {
-    private AlgorithmIdentifier hashAlg;
-    private CertId certId;
+    private final AlgorithmIdentifier hashAlg;
+    private final CertId certId;
     private final ASN1BitString hashVal;
 
     private OOBCertHash(ASN1Sequence seq)
     {
         int index = seq.size() - 1;
 
-        hashVal = ASN1BitString.getInstance(seq.getObjectAt(index--));
+        this.hashVal = ASN1BitString.getInstance(seq.getObjectAt(index--));
+
+        AlgorithmIdentifier hashAlg = null;
+        CertId certId = null;
 
         for (int i = index; i >= 0; i--)
         {
             ASN1TaggedObject tObj = (ASN1TaggedObject)seq.getObjectAt(i);
 
-            if (tObj.getTagNo() == 0)
+            if (tObj.hasContextTag(0))
             {
                 hashAlg = AlgorithmIdentifier.getInstance(tObj, true);
             }
-            else
+            else if (tObj.hasContextTag(1))
             {
                 certId = CertId.getInstance(tObj, true);
             }
+            else
+            {
+                throw new IllegalArgumentException("unknown tag " + ASN1Util.getTagText(tObj));
+            }
         }
 
+        this.hashAlg = hashAlg;
+        this.certId = certId;
     }
 
     public OOBCertHash(AlgorithmIdentifier hashAlg, CertId certId, byte[] hashVal)
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java b/util/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java
@@ -11,6 +11,7 @@
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1Util;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x500.X500Name;
@@ -89,6 +90,10 @@ private PKIHeader(ASN1Sequence seq)
         while (en.hasMoreElements())
         {
             ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement();
+            if (!tObj.hasContextTag())
+            {
+                throw new IllegalArgumentException("unknown tag: " + ASN1Util.getTagText(tObj));
+            }
 
             switch (tObj.getTagNo())
             {
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/PKIMessage.java b/util/src/main/java/org/bouncycastle/asn1/cmp/PKIMessage.java
@@ -26,8 +26,8 @@ public class PKIMessage
 {
     private final PKIHeader header;
     private final PKIBody body;
-    private ASN1BitString protection;
-    private ASN1Sequence extraCerts;
+    private final ASN1BitString protection;
+    private final ASN1Sequence extraCerts;
 
     private PKIMessage(ASN1Sequence seq)
     {
@@ -36,6 +36,9 @@ private PKIMessage(ASN1Sequence seq)
         header = PKIHeader.getInstance(en.nextElement());
         body = PKIBody.getInstance(en.nextElement());
 
+        ASN1BitString protection = null;
+        ASN1Sequence extraCerts = null;
+
         while (en.hasMoreElements())
         {
             ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement();
@@ -49,6 +52,9 @@ private PKIMessage(ASN1Sequence seq)
                 extraCerts = ASN1Sequence.getInstance(tObj, true);
             }
         }
+
+        this.protection = protection;
+        this.extraCerts = extraCerts;
     }
 
     /**
@@ -72,6 +78,10 @@ public PKIMessage(
         {
             this.extraCerts = new DERSequence(extraCerts);
         }
+        else
+        {
+            this.extraCerts = null;
+        }
     }
 
     public PKIMessage(
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/RevRepContent.java b/util/src/main/java/org/bouncycastle/asn1/cmp/RevRepContent.java
@@ -43,11 +43,11 @@ private RevRepContent(ASN1Sequence seq)
         {
             ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(en.nextElement());
 
-            if (tObj.getTagNo() == 0)
+            if (tObj.hasContextTag(0))
             {
                 revCerts = ASN1Sequence.getInstance(tObj, true);
             }
-            else
+            else if (tObj.hasContextTag(1))
             {
                 crls = ASN1Sequence.getInstance(tObj, true);
             }
diff --git a/util/src/main/java/org/bouncycastle/asn1/cmp/RootCaKeyUpdateContent.java b/util/src/main/java/org/bouncycastle/asn1/cmp/RootCaKeyUpdateContent.java
@@ -61,11 +61,11 @@ private RootCaKeyUpdateContent(ASN1Sequence seq)
         while (encodable.hasNext())
         {
             ASN1TaggedObject ato = ASN1TaggedObject.getInstance(encodable.next());
-            if (ato.getTagNo() == 0)
+            if (ato.hasContextTag(0))
             {
                 newWithOld = CMPCertificate.getInstance(ato, true);
             }
-            else if (ato.getTagNo() == 1)
+            else if (ato.hasContextTag(1))
             {
                 oldWithNew = CMPCertificate.getInstance(ato, true);
             }
@@ -74,7 +74,6 @@ else if (ato.getTagNo() == 1)
         this.newWithNew = newWithNew;
         this.newWithOld = newWithOld;
         this.oldWithNew = oldWithNew;
-
     }
 
     public static RootCaKeyUpdateContent getInstance(Object o)

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`import org.bouncycastle.asn1.ASN1Object;`
`5`	`5`	`import org.bouncycastle.asn1.ASN1Primitive;`
`6`	`6`	`import org.bouncycastle.asn1.ASN1TaggedObject;`
	`7`	`+import org.bouncycastle.asn1.ASN1Util;`
`7`	`8`	`import org.bouncycastle.asn1.BERTags;`
`8`	`9`	`import org.bouncycastle.asn1.DERTaggedObject;`
`9`	`10`	`import org.bouncycastle.asn1.crmf.EncryptedKey;`
`@@ -24,17 +25,17 @@ public class CertOrEncCert`
`24`	`25`
`25`	`26`	`private CertOrEncCert(ASN1TaggedObject tagged)`
`26`	`27`	`{`
`27`		`- if (tagged.getTagNo() == 0)`
	`28`	`+ if (tagged.hasContextTag(0))`
`28`	`29`	`{`
`29`	`30`	`certificate = CMPCertificate.getInstance(tagged.getExplicitBaseObject());`
`30`	`31`	`}`
`31`		`- else if (tagged.getTagNo() == 1)`
	`32`	`+ else if (tagged.hasContextTag(1))`
`32`	`33`	`{`
`33`	`34`	`encryptedCert = EncryptedKey.getInstance(tagged.getExplicitBaseObject());`
`34`	`35`	`}`
`35`	`36`	`else`
`36`	`37`	`{`
`37`		`- throw new IllegalArgumentException("unknown tag: " + tagged.getTagNo());`
	`38`	`+ throw new IllegalArgumentException("unknown tag: " + ASN1Util.getTagText(tagged));`
`38`	`39`	`}`
`39`	`40`	`}`
`40`	`41`
`@@ -48,24 +49,24 @@ public CertOrEncCert(CMPCertificate certificate)`
`48`	`49`	`this.certificate = certificate;`
`49`	`50`	`}`
`50`	`51`
`51`		`- public CertOrEncCert(EncryptedValue encryptedCert)`
	`52`	`+ public CertOrEncCert(EncryptedValue encryptedValue)`
`52`	`53`	`{`
`53`		`- if (encryptedCert == null)`
	`54`	`+ if (encryptedValue == null)`
`54`	`55`	`{`
`55`	`56`	`throw new IllegalArgumentException("'encryptedCert' cannot be null");`
`56`	`57`	`}`
`57`	`58`
`58`		`- this.encryptedCert = new EncryptedKey(encryptedCert);`
	`59`	`+ this.encryptedCert = new EncryptedKey(encryptedValue);`
`59`	`60`	`}`
`60`	`61`
`61`		`- public CertOrEncCert(EncryptedKey encryptedCert)`
	`62`	`+ public CertOrEncCert(EncryptedKey encryptedKey)`
`62`	`63`	`{`
`63`		`- if (encryptedCert == null)`
	`64`	`+ if (encryptedKey == null)`
`64`	`65`	`{`
`65`	`66`	`throw new IllegalArgumentException("'encryptedCert' cannot be null");`
`66`	`67`	`}`
`67`	`68`
`68`		`- this.encryptedCert = encryptedCert;`
	`69`	`+ this.encryptedCert = encryptedKey;`
`69`	`70`	`}`
`70`	`71`
`71`	`72`	`public static CertOrEncCert getInstance(Object o)`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`public class CertRepMessage`
`19`	`19`	`extends ASN1Object`
`20`	`20`	`{`
`21`		`- private ASN1Sequence caPubs;`
	`21`	`+ private final ASN1Sequence caPubs;`
`22`	`22`	`private final ASN1Sequence response;`
`23`	`23`
`24`	`24`	`private CertRepMessage(ASN1Sequence seq)`
`@@ -29,6 +29,10 @@ private CertRepMessage(ASN1Sequence seq)`
`29`	`29`	`{`
`30`	`30`	`caPubs = ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(index++), true);`
`31`	`31`	`}`
	`32`	`+ else`
	`33`	`+ {`
	`34`	`+ caPubs = null;`
	`35`	`+ }`
`32`	`36`
`33`	`37`	`response = ASN1Sequence.getInstance(seq.getObjectAt(index));`
`34`	`38`	`}`
`@@ -44,6 +48,10 @@ public CertRepMessage(CMPCertificate[] caPubs, CertResponse[] response)`
`44`	`48`	`{`
`45`	`49`	`this.caPubs = new DERSequence(caPubs);`
`46`	`50`	`}`
	`51`	`+ else`
	`52`	`+ {`
	`53`	`+ this.caPubs = null;`
	`54`	`+ }`
`47`	`55`
`48`	`56`	`this.response = new DERSequence(response);`
`49`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@`
`10`	`10`	`import org.bouncycastle.asn1.ASN1Primitive;`
`11`	`11`	`import org.bouncycastle.asn1.ASN1Sequence;`
`12`	`12`	`import org.bouncycastle.asn1.ASN1TaggedObject;`
	`13`	`+import org.bouncycastle.asn1.ASN1Util;`
`13`	`14`	`import org.bouncycastle.asn1.DEROctetString;`
`14`	`15`	`import org.bouncycastle.asn1.DERSequence;`
`15`	`16`	`import org.bouncycastle.asn1.DERTaggedObject;`
`@@ -29,13 +30,16 @@ public class CertStatus`
`29`	`30`	`{`
`30`	`31`	`private final ASN1OctetString certHash;`
`31`	`32`	`private final ASN1Integer certReqId;`
`32`		`- private PKIStatusInfo statusInfo;`
`33`		`- private AlgorithmIdentifier hashAlg;`
	`33`	`+ private final PKIStatusInfo statusInfo;`
	`34`	`+ private final AlgorithmIdentifier hashAlg;`
`34`	`35`
`35`	`36`	`private CertStatus(ASN1Sequence seq)`
`36`	`37`	`{`
`37`		`- certHash = ASN1OctetString.getInstance(seq.getObjectAt(0));`
`38`		`- certReqId = ASN1Integer.getInstance(seq.getObjectAt(1));`
	`38`	`+ this.certHash = ASN1OctetString.getInstance(seq.getObjectAt(0));`
	`39`	`+ this.certReqId = ASN1Integer.getInstance(seq.getObjectAt(1));`
	`40`	`+`
	`41`	`+ PKIStatusInfo statusInfo = null;`
	`42`	`+ AlgorithmIdentifier hashAlg = null;`
`39`	`43`
`40`	`44`	`if (seq.size() > 2)`
`41`	`45`	`{`
`@@ -49,14 +53,17 @@ private CertStatus(ASN1Sequence seq)`
`49`	`53`	`if (p instanceof ASN1TaggedObject)`
`50`	`54`	`{`
`51`	`55`	`ASN1TaggedObject dto = (ASN1TaggedObject)p;`
`52`		`- if (dto.getTagNo() != 0)`
	`56`	`+ if (!dto.hasContextTag(0))`
`53`	`57`	`{`
`54`		`- throw new IllegalArgumentException("unknown tag " + dto.getTagNo());`
	`58`	`+ throw new IllegalArgumentException("unknown tag " + ASN1Util.getTagText(dto));`
`55`	`59`	`}`
`56`	`60`	`hashAlg = AlgorithmIdentifier.getInstance(dto, true);`
`57`	`61`	`}`
`58`	`62`	`}`
`59`	`63`	`}`
	`64`	`+`
	`65`	`+ this.statusInfo = statusInfo;`
	`66`	`+ this.hashAlg = hashAlg;`
`60`	`67`	`}`
`61`	`68`
`62`	`69`	`public CertStatus(byte[] certHash, BigInteger certReqId)`
`@@ -68,13 +75,16 @@ public CertStatus(byte[] certHash, ASN1Integer certReqId)`
`68`	`75`	`{`
`69`	`76`	`this.certHash = new DEROctetString(certHash);`
`70`	`77`	`this.certReqId = certReqId;`
	`78`	`+ this.statusInfo = null;`
	`79`	`+ this.hashAlg = null;`
`71`	`80`	`}`
`72`	`81`
`73`	`82`	`public CertStatus(byte[] certHash, BigInteger certReqId, PKIStatusInfo statusInfo)`
`74`	`83`	`{`
`75`	`84`	`this.certHash = new DEROctetString(certHash);`
`76`	`85`	`this.certReqId = new ASN1Integer(certReqId);`
`77`	`86`	`this.statusInfo = statusInfo;`
	`87`	`+ this.hashAlg = null;`
`78`	`88`	`}`
`79`	`89`
`80`	`90`	`public CertStatus(byte[] certHash, BigInteger certReqId, PKIStatusInfo statusInfo, AlgorithmIdentifier hashAlg)`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@`
`41`	`41`	`public class Challenge`
`42`	`42`	`extends ASN1Object`
`43`	`43`	`{`
`44`		`- private AlgorithmIdentifier owf;`
	`44`	`+ private final AlgorithmIdentifier owf;`
`45`	`45`	`private final ASN1OctetString witness;`
`46`	`46`	`private final ASN1OctetString challenge;`
`47`	`47`
`@@ -53,6 +53,10 @@ private Challenge(ASN1Sequence seq)`
`53`	`53`	`{`
`54`	`54`	`owf = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++));`
`55`	`55`	`}`
	`56`	`+ else`
	`57`	`+ {`
	`58`	`+ owf = null;`
	`59`	`+ }`
`56`	`60`
`57`	`61`	`witness = ASN1OctetString.getInstance(seq.getObjectAt(index++));`
`58`	`62`	`challenge = ASN1OctetString.getInstance(seq.getObjectAt(index));`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`import org.bouncycastle.asn1.ASN1Primitive;`
`8`	`8`	`import org.bouncycastle.asn1.ASN1Sequence;`
`9`	`9`	`import org.bouncycastle.asn1.ASN1TaggedObject;`
	`10`	`+import org.bouncycastle.asn1.ASN1Util;`
`10`	`11`	`import org.bouncycastle.asn1.DERBitString;`
`11`	`12`	`import org.bouncycastle.asn1.DERSequence;`
`12`	`13`	`import org.bouncycastle.asn1.DERTaggedObject;`
`@@ -27,30 +28,39 @@`
`27`	`28`	`public class OOBCertHash`
`28`	`29`	`extends ASN1Object`
`29`	`30`	`{`
`30`		`- private AlgorithmIdentifier hashAlg;`
`31`		`- private CertId certId;`
	`31`	`+ private final AlgorithmIdentifier hashAlg;`
	`32`	`+ private final CertId certId;`
`32`	`33`	`private final ASN1BitString hashVal;`
`33`	`34`
`34`	`35`	`private OOBCertHash(ASN1Sequence seq)`
`35`	`36`	`{`
`36`	`37`	`int index = seq.size() - 1;`
`37`	`38`
`38`		`- hashVal = ASN1BitString.getInstance(seq.getObjectAt(index--));`
	`39`	`+ this.hashVal = ASN1BitString.getInstance(seq.getObjectAt(index--));`
	`40`	`+`
	`41`	`+ AlgorithmIdentifier hashAlg = null;`
	`42`	`+ CertId certId = null;`
`39`	`43`
`40`	`44`	`for (int i = index; i >= 0; i--)`
`41`	`45`	`{`
`42`	`46`	`ASN1TaggedObject tObj = (ASN1TaggedObject)seq.getObjectAt(i);`
`43`	`47`
`44`		`- if (tObj.getTagNo() == 0)`
	`48`	`+ if (tObj.hasContextTag(0))`
`45`	`49`	`{`
`46`	`50`	`hashAlg = AlgorithmIdentifier.getInstance(tObj, true);`
`47`	`51`	`}`
`48`		`- else`
	`52`	`+ else if (tObj.hasContextTag(1))`
`49`	`53`	`{`
`50`	`54`	`certId = CertId.getInstance(tObj, true);`
`51`	`55`	`}`
	`56`	`+ else`
	`57`	`+ {`
	`58`	`+ throw new IllegalArgumentException("unknown tag " + ASN1Util.getTagText(tObj));`
	`59`	`+ }`
`52`	`60`	`}`
`53`	`61`
	`62`	`+ this.hashAlg = hashAlg;`
	`63`	`+ this.certId = certId;`
`54`	`64`	`}`
`55`	`65`
`56`	`66`	`public OOBCertHash(AlgorithmIdentifier hashAlg, CertId certId, byte[] hashVal)`
Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,8 @@ public class PKIMessage`
`26`	`26`	`{`
`27`	`27`	`private final PKIHeader header;`
`28`	`28`	`private final PKIBody body;`
`29`		`- private ASN1BitString protection;`
`30`		`- private ASN1Sequence extraCerts;`
	`29`	`+ private final ASN1BitString protection;`
	`30`	`+ private final ASN1Sequence extraCerts;`
`31`	`31`
`32`	`32`	`private PKIMessage(ASN1Sequence seq)`
`33`	`33`	`{`
`@@ -36,6 +36,9 @@ private PKIMessage(ASN1Sequence seq)`
`36`	`36`	`header = PKIHeader.getInstance(en.nextElement());`
`37`	`37`	`body = PKIBody.getInstance(en.nextElement());`
`38`	`38`
	`39`	`+ ASN1BitString protection = null;`
	`40`	`+ ASN1Sequence extraCerts = null;`
	`41`	`+`
`39`	`42`	`while (en.hasMoreElements())`
`40`	`43`	`{`
`41`	`44`	`ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement();`
`@@ -49,6 +52,9 @@ private PKIMessage(ASN1Sequence seq)`
`49`	`52`	`extraCerts = ASN1Sequence.getInstance(tObj, true);`
`50`	`53`	`}`
`51`	`54`	`}`
	`55`	`+`
	`56`	`+ this.protection = protection;`
	`57`	`+ this.extraCerts = extraCerts;`
`52`	`58`	`}`
`53`	`59`
`54`	`60`	`/**`
`@@ -72,6 +78,10 @@ public PKIMessage(`
`72`	`78`	`{`
`73`	`79`	`this.extraCerts = new DERSequence(extraCerts);`
`74`	`80`	`}`
	`81`	`+ else`
	`82`	`+ {`
	`83`	`+ this.extraCerts = null;`
	`84`	`+ }`
`75`	`85`	`}`
`76`	`86`
`77`	`87`	`public PKIMessage(`