BJB-31 added support for including OtherRevocationInfoFormat in crl additions

2 files changed, 43 insertions, 19 deletions

diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
index 0465b771..a17d7909 100644
--- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
+++ b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
@@ -471,7 +471,7 @@ public class CMSSignedData
      * @param signedData the signed data object to be used as a base.
      * @param certificates the new certificates to be used.
      * @param attrCerts the new attribute certificates to be used.
-     * @param crls the new CRLs to be used.
+     * @param revocations the new CRLs to be used - a collection of X509CRLHolder objects, OtherRevocationInfoFormat, or both.
      * @return a new signed data object.
      * @exception CMSException if there is an error processing the CertStore
      */
@@ -479,7 +479,7 @@ public class CMSSignedData
         CMSSignedData   signedData,
         Store           certificates,
         Store           attrCerts,
-        Store           crls)
+        Store           revocations)
         throws CMSException
     {
         //
@@ -488,7 +488,7 @@ public class CMSSignedData
         CMSSignedData   cms = new CMSSignedData(signedData);
 
         //
-        // replace the certs and crls in the SignedData object
+        // replace the certs and revocations in the SignedData object
         //
         ASN1Set certSet = null;
         ASN1Set crlSet = null;
@@ -514,9 +514,9 @@ public class CMSSignedData
             }
         }
 
-        if (crls != null)
+        if (revocations != null)
         {
-            ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls));
+            ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(revocations));
 
             if (set.size() != 0)
             {
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
index a2914281..41f2c001 100644
--- a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
+++ b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
@@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.BEROctetStringGenerator;
 import org.bouncycastle.asn1.BERSet;
 import org.bouncycastle.asn1.DERSet;
@@ -98,18 +99,35 @@ class CMSUtils
     static List getCRLsFromStore(Store crlStore)
         throws CMSException
     {
-        List certs = new ArrayList();
+        List crls = new ArrayList();
 
         try
         {
             for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext();)
             {
-                X509CRLHolder c = (X509CRLHolder)it.next();
+                Object rev = it.next();
 
-                certs.add(c.toASN1Structure());
+                if (rev instanceof X509CRLHolder)
+                {
+                    X509CRLHolder c = (X509CRLHolder)rev;
+
+                    crls.add(c.toASN1Structure());
+                }
+                else if (rev instanceof OtherRevocationInfoFormat)
+                {
+                    OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev);
+
+                    validateInfoFormat(infoFormat);
+
+                    crls.add(new DERTaggedObject(false, 1, infoFormat));
+                }
+                else if (rev instanceof ASN1TaggedObject)
+                {
+                    crls.add(rev);
+                }
             }
 
-            return certs;
+            return crls;
         }
         catch (ClassCastException e)
         {
@@ -117,6 +135,19 @@ class CMSUtils
         }
     }
 
+    private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
+    {
+        if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
+        {
+            OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
+
+            if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
+            {
+                throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
+            }
+        }
+    }
+
     static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
     {
         List others = new ArrayList();
@@ -124,18 +155,11 @@ class CMSUtils
         for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
         {
             ASN1Encodable info = (ASN1Encodable)it.next();
+            OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
 
-            if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat))
-            {
-                OCSPResponse resp = OCSPResponse.getInstance(info);
-
-                if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
-                {
-                    throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
-                }
-            }
+            validateInfoFormat(infoFormat);
 
-            others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info)));
+            others.add(new DERTaggedObject(false, 1, infoFormat));
         }
 
         return others;