DER Encoding of Policy Constraints - v1.56 - Java

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

DER Encoding of Policy Constraints - v1.56 - Java

Evangelos Karatsiolis

  --------------------------------------------------------------
        From: Vangelis Karatsiolis <[hidden email]>
          To: [hidden email]
     Subject: DER Encoding of Policy Constraints - v1.56 - Java

Dear all,

while trying to create a certificate containing the Policy Constraints
extensions an issue with the encoding of the requireExplicitPolicy and
inhibitPolicyMapping occurred. They are tagged explicitly while they
should be tagged implicitly, since they belong to the implicitly tagged
module of RFC 5280 (Appendix A.2).

The issue is located at the class PolicyConstraints:

     public ASN1Primitive toASN1Primitive()
     {
         ASN1EncodableVector v = new ASN1EncodableVector();

         if (requireExplicitPolicyMapping != null)
         {
             v.add(new DERTaggedObject(0, new
ASN1Integer(requireExplicitPolicyMapping)));
         }

         if (inhibitPolicyMapping != null)
         {
             v.add(new DERTaggedObject(1, new
ASN1Integer(inhibitPolicyMapping)));
         }

         return new DERSequence(v);
     }

This DERTaggedObject Constructor specifies an explicit tagging by
default. These constructors should be used instead:

new DERTaggedObject(false, 0, new ASN1Integer(requireExplicitPolicyMapping))

new DERTaggedObject(false, 1, new ASN1Integer(inhibitPolicyMapping)).

The version is 1.56 (Java). Thank you very much.

Best Regards

Vangelis Karatsiolis
  --------------------------------------------------------------


===============================================================
===============================================================

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DER Encoding of Policy Constraints - v1.56 - Java

David Hook-3

Oh dear. Thanks for the report - the fix for this should appear on
github shortly. It's also in the latest beta on:

https://www.bouncycastle.org/betas

Regards,

David

On 04/04/17 16:27, Evangelos Karatsiolis wrote:

>
>  --------------------------------------------------------------
>        From: Vangelis Karatsiolis <[hidden email]>
>          To: [hidden email]
>     Subject: DER Encoding of Policy Constraints - v1.56 - Java
>
> Dear all,
>
> while trying to create a certificate containing the Policy Constraints
> extensions an issue with the encoding of the requireExplicitPolicy and
> inhibitPolicyMapping occurred. They are tagged explicitly while they
> should be tagged implicitly, since they belong to the implicitly
> tagged module of RFC 5280 (Appendix A.2).
>
> The issue is located at the class PolicyConstraints:
>
>     public ASN1Primitive toASN1Primitive()
>     {
>         ASN1EncodableVector v = new ASN1EncodableVector();
>
>         if (requireExplicitPolicyMapping != null)
>         {
>             v.add(new DERTaggedObject(0, new
> ASN1Integer(requireExplicitPolicyMapping)));
>         }
>
>         if (inhibitPolicyMapping != null)
>         {
>             v.add(new DERTaggedObject(1, new
> ASN1Integer(inhibitPolicyMapping)));
>         }
>
>         return new DERSequence(v);
>     }
>
> This DERTaggedObject Constructor specifies an explicit tagging by
> default. These constructors should be used instead:
>
> new DERTaggedObject(false, 0, new
> ASN1Integer(requireExplicitPolicyMapping))
>
> new DERTaggedObject(false, 1, new ASN1Integer(inhibitPolicyMapping)).
>
> The version is 1.56 (Java). Thank you very much.
>
> Best Regards
>
> Vangelis Karatsiolis
>  --------------------------------------------------------------
>
>
> ===============================================================
> ===============================================================
>
>


Loading...