github bcgit#631 fixed class misalignment on OtherName in name constraints.

dghgit · dghgit · commit dfe9052acd9b · 2020-03-12T15:13:31.000+11:00
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/PKIXNameConstraintValidator.java b/core/src/main/java/org/bouncycastle/asn1/x509/PKIXNameConstraintValidator.java
@@ -487,7 +487,7 @@ private Set unionDN(Set excluded, ASN1Sequence dn)
             Iterator it = excluded.iterator();
             while (it.hasNext())
             {
-                ASN1Sequence subtree = (ASN1Sequence)it.next();
+                ASN1Sequence subtree = ASN1Sequence.getInstance(it.next());
 
                 if (withinDNSubtree(dn, subtree))
                 {
@@ -513,7 +513,7 @@ private Set intersectOtherName(Set permitted, Set otherNames)
         Set intersect = new HashSet();
         for (Iterator it = otherNames.iterator(); it.hasNext();)
         {
-            Object otName = it.next();
+            Object otName = OtherName.getInstance(((GeneralSubtree)it.next()).getBase().getName());
 
             if (permitted == null)
             {
@@ -865,7 +865,7 @@ private void checkPermittedOtherName(Set permitted, OtherName name)
 
         while (it.hasNext())
         {
-            OtherName str = ((OtherName)it.next());
+            OtherName str = OtherName.getInstance(it.next());
 
             if (otherNameIsConstrained(name, str))
             {
@@ -2169,4 +2169,8 @@ public String toString()
         }
         return temp.toString();
     }
+
+    public static void main(final String[] args) {
+
+    }
 }
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/PKIXNameConstraintsTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/PKIXNameConstraintsTest.java
@@ -234,6 +234,31 @@ public void performTest() throws Exception
 
         PKIXNameConstraintValidator validator = new PKIXNameConstraintValidator();
         validator.intersectPermittedSubtree(subtree);
+
+        name = new GeneralName(GeneralName.otherName, new OtherName(new ASN1ObjectIdentifier("1.1"), DERNull.INSTANCE));
+        subtree = new GeneralSubtree(name);
+
+        validator = new PKIXNameConstraintValidator();
+        validator.intersectPermittedSubtree(subtree);
+        validator.addExcludedSubtree(subtree);
+
+        try
+        {
+            validator.checkExcluded(name);
+        }
+        catch (PKIXNameConstraintValidatorException e)
+        {
+            isEquals("OtherName is from an excluded subtree.", e.getMessage());
+        }
+
+        try
+        {
+            validator.checkPermitted(name);
+        }
+        catch (PKIXNameConstraintValidatorException e)
+        {
+            fail(e.getMessage());
+        }
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -487,7 +487,7 @@ private Set unionDN(Set excluded, ASN1Sequence dn)`
`487`	`487`	`Iterator it = excluded.iterator();`
`488`	`488`	`while (it.hasNext())`
`489`	`489`	`{`
`490`		`- ASN1Sequence subtree = (ASN1Sequence)it.next();`
	`490`	`+ ASN1Sequence subtree = ASN1Sequence.getInstance(it.next());`
`491`	`491`
`492`	`492`	`if (withinDNSubtree(dn, subtree))`
`493`	`493`	`{`
`@@ -513,7 +513,7 @@ private Set intersectOtherName(Set permitted, Set otherNames)`
`513`	`513`	`Set intersect = new HashSet();`
`514`	`514`	`for (Iterator it = otherNames.iterator(); it.hasNext();)`
`515`	`515`	`{`
`516`		`- Object otName = it.next();`
	`516`	`+ Object otName = OtherName.getInstance(((GeneralSubtree)it.next()).getBase().getName());`
`517`	`517`
`518`	`518`	`if (permitted == null)`
`519`	`519`	`{`
`@@ -865,7 +865,7 @@ private void checkPermittedOtherName(Set permitted, OtherName name)`
`865`	`865`
`866`	`866`	`while (it.hasNext())`
`867`	`867`	`{`
`868`		`- OtherName str = ((OtherName)it.next());`
	`868`	`+ OtherName str = OtherName.getInstance(it.next());`
`869`	`869`
`870`	`870`	`if (otherNameIsConstrained(name, str))`
`871`	`871`	`{`
`@@ -2169,4 +2169,8 @@ public String toString()`
`2169`	`2169`	`}`
`2170`	`2170`	`return temp.toString();`
`2171`	`2171`	`}`
	`2172`	`+`
	`2173`	`+ public static void main(final String[] args) {`
	`2174`	`+`
	`2175`	`+ }`
`2172`	`2176`	`}`