MOZILLA JSS ASN.1 parsing

Wed, 10 May 2006 03:35:06 -0700 

Can anyone tell me how ASN.1 CHOICE structures should be parsed:

openssl parsing ...
  185:d=1  hl=2 l=  45 cons: SEQUENCE
  187:d=2  hl=2 l=  43 cons: cont [ 0 ]
  189:d=3  hl=2 l=  41 cons: cont [ 0 ]
  191:d=4  hl=2 l=  39 prim: cont [ 6 ]     -> this is actually IA5STRING

from http://www.faqs.org/rfcs/rfc3280.html

     DistributionPoint ::= SEQUENCE {
          distributionPoint       [0]     DistributionPointName OPTIONAL,
          reasons                    [1]     ReasonFlags OPTIONAL,
          cRLIssuer                [2]     GeneralNames OPTIONAL }

     DistributionPointName ::= CHOICE {
       fullName                            [0]     GeneralNames,
       nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

    GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

      GeneralName ::= CHOICE {
            otherName                        [0]     OtherName,
            rfc822Name                      [1]     IA5String,
            dNSName                         [2]     IA5String,
            x400Address                     [3]     ORAddress,
            directoryName                   [4]     Name,
            ediPartyName                    [5]     EDIPartyName,
            uniformResourceIdentifier   [6]     IA5String,
            iPAddress                          [7]     OCTET STRING,
            registeredID                       [8]     OBJECT IDENTIFIER }


How should this be parsed according to specifications?
ASN.1 specification says that CHOICE is not encoded as separate entity (it 
is encoded solely as their choosen element).

value1 CHOICE {flag BOOLEAN, value INTEGER} ::= flag:TRUE
value2 CHOICE {flag BOOLEAN, value INTEGER} ::= value:72

we get the encodings:

value1 01 01 FF (it is encoded as BOOLEAN with TAG 1)

value2 02 01 48 (it is encoded as BOOLEAN with TAG 2)

But what if there are nested CHOICE elements ? CHOICE { a CHOICE { c 
BOOLEAN, d INTEGER} , b CHOICE { c BOOLEAN, d INTEGER} } ?

Now how org.mozilla.jss.asn1.* parses it, it takes 0 and use it for fullName 
and another 0 for otherName.
But I fail to see, how to distinguiss between [0] [0] (fullName)  and [0] 
[1] (nameRelativeToCRLIssuer ). I would always took fullName if it starts 
with [0]. BUG?

There are two options:
- each construct and their children should have unique TAG (both second 
CHOICEs should have different TAGs).
- or choice should parse TAG and not forward it to its children ... CHOICE 
should handle CHOICE.encode (Tag tg, InputStream is) and read next TAG 
instead of using current one, before calling encode(InputStream is).

Partial (hack) solution is to add a sequence before each second CHOICE.

Comments???

Matej Spiller-Muys





_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to