OptionalValidity updates

peterdettman · peterdettman · commit 5fbd878798cc · 2025-07-16T16:04:16.000+07:00
- make it clear Time is a CHOICE type (so explicit tagging)
diff --git a/util/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java b/util/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java
@@ -14,6 +14,31 @@
 public class OptionalValidity
     extends ASN1Object
 {
+    public static OptionalValidity getInstance(Object o)
+    {
+        if (o instanceof OptionalValidity)
+        {
+            return (OptionalValidity)o;
+        }
+
+        if (o != null)
+        {
+            return new OptionalValidity(ASN1Sequence.getInstance(o));
+        }
+
+        return null;
+    }
+
+    public static OptionalValidity getInstance(ASN1TaggedObject taggedObject, boolean declaredExplicit)
+    {
+        return new OptionalValidity(ASN1Sequence.getInstance(taggedObject, declaredExplicit));
+    }
+
+    public static OptionalValidity getTagged(ASN1TaggedObject taggedObject, boolean declaredExplicit)
+    {
+        return new OptionalValidity(ASN1Sequence.getTagged(taggedObject, declaredExplicit));
+    }
+
     private Time notBefore;
     private Time notAfter;
 
@@ -26,35 +51,22 @@ private OptionalValidity(ASN1Sequence seq)
 
             if (tObj.getTagNo() == 0)
             {
-                notBefore = Time.getInstance(tObj, true);
+                notBefore = Time.getInstance(tObj, true); // CHOICE
             }
             else
             {
-                notAfter = Time.getInstance(tObj, true);
+                notAfter = Time.getInstance(tObj, true); // CHOICE
             }
         }
-    }
 
-    public static OptionalValidity getInstance(Object o)
-    {
-        if (o instanceof OptionalValidity)
-        {
-            return (OptionalValidity)o;
-        }
-
-        if (o != null)
-        {
-            return new OptionalValidity(ASN1Sequence.getInstance(o));
-        }
-
-        return null;
+        // TODO[crmf] Validate the "at least one" rule after parsing?
     }
 
     public OptionalValidity(Time notBefore, Time notAfter)
     {
         if (notBefore == null && notAfter == null)
         {
-            throw new IllegalArgumentException("at least one of notBefore/notAfter must not be null.");
+            throw new IllegalArgumentException("at least one of notBefore/notAfter MUST be present.");
         }
 
         this.notBefore = notBefore;
@@ -74,9 +86,12 @@ public Time getNotAfter()
     /**
      * <pre>
      * OptionalValidity ::= SEQUENCE {
-     *                        notBefore  [0] Time OPTIONAL,
-     *                        notAfter   [1] Time OPTIONAL } --at least one MUST be present
+     *     notBefore    [0] Time OPTIONAL,
+     *     notAfter     [1] Time OPTIONAL } --at least one MUST be present
+     *
+     * Time ::= CHOICE { ... }
      * </pre>
+     *
      * @return a basic ASN.1 object representation.
      */
     public ASN1Primitive toASN1Primitive()
@@ -85,12 +100,12 @@ public ASN1Primitive toASN1Primitive()
 
         if (notBefore != null)
         {
-            v.add(new DERTaggedObject(true, 0, notBefore));
+            v.add(new DERTaggedObject(true, 0, notBefore)); // CHOICE
         }
 
         if (notAfter != null)
         {
-            v.add(new DERTaggedObject(true, 1, notAfter));
+            v.add(new DERTaggedObject(true, 1, notAfter)); // CHOICE
         }
 
         return new DERSequence(v);
