x509 Extension missing constructors

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

x509 Extension missing constructors

cryptearth
Hi there, Matt here.

As I'm building a helper class for set up and use my own PKI CA I
noticed that the class org.bouncycastle.asn1.x509.Extension is missing
constructors:

Extension(ASN1ObjectIdentifier, ASN1Boolean, ASN1Encodable)
Extension(ASN1ObjectIdentifier, boolean, ASN1Encodable)

Why I think one or both of this constructors missing:
org.bouncycastle.cert.X509v3CertificateBuilder has the method
addExtension(ASN1ObjectIdentifier, boolean, ASN1Encodable) so it's easy
to do some like this:

.addExtension(Extension.basicConstraints, true, new BasicConstraints(true))

For a helper it's better to have an array of type Extension to rapid add
them in a loop with the method addExtension(Extension). The major
inconvenience here is that to set up the array one has to write a line
like this:

new Extension(Extension.basicConstraints, true, (new
BasicConstraints(true)).getEncoded())

This involves error prone double conversion from object to byte array
and back to an object just because there is now constructor taking an
ASN1Encodable directly. As side note: Aside from possible error prone it
looks like code smell and interrupts the code flow when reading it
without knowing the lib or figure it out with doc.

Thanks in advance and maybe consider adding one or both constructors in
next release.

Matt

Reply | Threaded
Open this post in threaded view
|

Re: x509 Extension missing constructors

David Hook-3

I've added a static create() method. There would be a type clash with
the constructor with ASN1OctetString otherwise.

Regards,

David

On 11/7/19 7:55 pm, cryptearth wrote:

> Hi there, Matt here.
>
> As I'm building a helper class for set up and use my own PKI CA I
> noticed that the class org.bouncycastle.asn1.x509.Extension is missing
> constructors:
>
> Extension(ASN1ObjectIdentifier, ASN1Boolean, ASN1Encodable)
> Extension(ASN1ObjectIdentifier, boolean, ASN1Encodable)
>
> Why I think one or both of this constructors missing:
> org.bouncycastle.cert.X509v3CertificateBuilder has the method
> addExtension(ASN1ObjectIdentifier, boolean, ASN1Encodable) so it's
> easy to do some like this:
>
> .addExtension(Extension.basicConstraints, true, new
> BasicConstraints(true))
>
> For a helper it's better to have an array of type Extension to rapid
> add them in a loop with the method addExtension(Extension). The major
> inconvenience here is that to set up the array one has to write a line
> like this:
>
> new Extension(Extension.basicConstraints, true, (new
> BasicConstraints(true)).getEncoded())
>
> This involves error prone double conversion from object to byte array
> and back to an object just because there is now constructor taking an
> ASN1Encodable directly. As side note: Aside from possible error prone
> it looks like code smell and interrupts the code flow when reading it
> without knowing the lib or figure it out with doc.
>
> Thanks in advance and maybe consider adding one or both constructors
> in next release.
>
> Matt
>
>



Reply | Threaded
Open this post in threaded view
|

Re: x509 Extension missing constructors

cryptearth
Hey David,

thanks for the reply. I've just checked - ASN1OctetString is a subtype
of ASN1Encodable - didn't seen that before. Wouldn't it be smarter to
just change the type from ASN1OctetString to its interface ASN1Encodable
or would it break other boundaries with supertype ASN1Primitive?
Also: I don't think "create" is a good name for such a method,
getInstance maybe better. But nvm, thanks for the addition anyway.

Matt

Am 12.07.2019 um 02:18 schrieb David Hook:

> I've added a static create() method. There would be a type clash with
> the constructor with ASN1OctetString otherwise.
>
> Regards,
>
> David
>
> On 11/7/19 7:55 pm, cryptearth wrote:
>> Hi there, Matt here.
>>
>> As I'm building a helper class for set up and use my own PKI CA I
>> noticed that the class org.bouncycastle.asn1.x509.Extension is missing
>> constructors:
>>
>> Extension(ASN1ObjectIdentifier, ASN1Boolean, ASN1Encodable)
>> Extension(ASN1ObjectIdentifier, boolean, ASN1Encodable)
>>
>> Why I think one or both of this constructors missing:
>> org.bouncycastle.cert.X509v3CertificateBuilder has the method
>> addExtension(ASN1ObjectIdentifier, boolean, ASN1Encodable) so it's
>> easy to do some like this:
>>
>> .addExtension(Extension.basicConstraints, true, new
>> BasicConstraints(true))
>>
>> For a helper it's better to have an array of type Extension to rapid
>> add them in a loop with the method addExtension(Extension). The major
>> inconvenience here is that to set up the array one has to write a line
>> like this:
>>
>> new Extension(Extension.basicConstraints, true, (new
>> BasicConstraints(true)).getEncoded())
>>
>> This involves error prone double conversion from object to byte array
>> and back to an object just because there is now constructor taking an
>> ASN1Encodable directly. As side note: Aside from possible error prone
>> it looks like code smell and interrupts the code flow when reading it
>> without knowing the lib or figure it out with doc.
>>
>> Thanks in advance and maybe consider adding one or both constructors
>> in next release.
>>
>> Matt
>>
>>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: x509 Extension missing constructors

David Hook-3

OCTET STRING is part of the extension structure - so there's a problem
telling if the ASN1OctetString would be part of the extension, or if
it's actually something that needs to be encoded in another OCTET STRING
to build the extension structure.

Regards,

David

On 12/7/19 3:12 pm, cryptearth wrote:

> Hey David,
>
> thanks for the reply. I've just checked - ASN1OctetString is a subtype
> of ASN1Encodable - didn't seen that before. Wouldn't it be smarter to
> just change the type from ASN1OctetString to its interface
> ASN1Encodable or would it break other boundaries with supertype
> ASN1Primitive?
> Also: I don't think "create" is a good name for such a method,
> getInstance maybe better. But nvm, thanks for the addition anyway.
>
> Matt
>
> Am 12.07.2019 um 02:18 schrieb David Hook:
>> I've added a static create() method. There would be a type clash with
>> the constructor with ASN1OctetString otherwise.
>>
>> Regards,
>>
>> David
>>
>> On 11/7/19 7:55 pm, cryptearth wrote:
>>> Hi there, Matt here.
>>>
>>> As I'm building a helper class for set up and use my own PKI CA I
>>> noticed that the class org.bouncycastle.asn1.x509.Extension is missing
>>> constructors:
>>>
>>> Extension(ASN1ObjectIdentifier, ASN1Boolean, ASN1Encodable)
>>> Extension(ASN1ObjectIdentifier, boolean, ASN1Encodable)
>>>
>>> Why I think one or both of this constructors missing:
>>> org.bouncycastle.cert.X509v3CertificateBuilder has the method
>>> addExtension(ASN1ObjectIdentifier, boolean, ASN1Encodable) so it's
>>> easy to do some like this:
>>>
>>> .addExtension(Extension.basicConstraints, true, new
>>> BasicConstraints(true))
>>>
>>> For a helper it's better to have an array of type Extension to rapid
>>> add them in a loop with the method addExtension(Extension). The major
>>> inconvenience here is that to set up the array one has to write a line
>>> like this:
>>>
>>> new Extension(Extension.basicConstraints, true, (new
>>> BasicConstraints(true)).getEncoded())
>>>
>>> This involves error prone double conversion from object to byte array
>>> and back to an object just because there is now constructor taking an
>>> ASN1Encodable directly. As side note: Aside from possible error prone
>>> it looks like code smell and interrupts the code flow when reading it
>>> without knowing the lib or figure it out with doc.
>>>
>>> Thanks in advance and maybe consider adding one or both constructors
>>> in next release.
>>>
>>> Matt
>>>
>>>
>>
>>
>
>
>