Further updates to CMC simplification, relates to github #1452.

dghgit · dghgit · commit 3f7700734ffe · 2026-05-11T21:28:08.000+10:00
diff --git a/docs/releasenotes.html b/docs/releasenotes.html
@@ -62,7 +62,7 @@ <h3>2.2.3 Additional Features and Functionality</h3>
 <li>X509v3CertificateBuilder now exposes setters for the constructor arguments (setIssuer, setSerialNumber, setNotBefore, setNotAfter, setSubject, setSubjectPublicKeyInfo) to support equivalence-comparison use cases (issue #1545).</li>
 <li>CMS EnvelopedData now supports RFC 8418 ECDH key agreement using X25519 or X448 with HKDF (SHA-256/384/512). Three CMSAlgorithm constants (ECDH_HKDF_SHA256, ECDH_HKDF_SHA384, ECDH_HKDF_SHA512) and the corresponding KeyAgreement registrations (XDHwithSHA256HKDF / XDHwithSHA384HKDF / XDHwithSHA512HKDF) have been added (issue #1845).</li>
 <li>The SM2 JCE Cipher now accepts a ciphertext-format mode in the transformation string. Cipher.getInstance("SM2/C1C3C2/NoPadding", "BC") and Cipher.getInstance("SM2/C1C2C3/NoPadding", "BC") select between the two SM2Engine modes; the previous "SM2"/"SM2/NONE/NoPadding" forms continue to default to C1C2C3 (issue #1302).</li>
-<li>SimplePKIResponse now also accepts the unsigned Full PKI Response variant used for EST server-generated errors (RFC 7030 4.2.3 / 4.4.2): a CMS SignedData with no SignerInfos whose encapsulated content is an id-cct-PKIResponse PKIResponse SEQUENCE. New accessors getPKIResponse(), getControlAttributes(), getCmsContents() and getStatusInfoV2() expose the embedded PKIResponse content as structured TaggedAttribute / TaggedContentInfo / CMCStatusInfoV2 objects so callers no longer need to walk the raw ASN.1. A new PKIResponseBuilder produces SimplePKIResponse instances directly, with addControlAttribute / addStatusInfoV2 / addCmsContent / addOtherMsg helpers so EST error responses can be assembled without manually composing the SignedData and PKIResponse SEQUENCE. CMSSignedData has a new getSignedContentType() returning the encapsulated content type as an ASN1ObjectIdentifier alongside the existing getSignedContentTypeOID() (issue #1452).</li>
+<li>SimplePKIResponse now also accepts the unsigned Full PKI Response variant used for EST server-generated errors (RFC 7030 4.2.3 / 4.4.2): a CMS SignedData carrying an id-cct-PKIResponse PKIResponse SEQUENCE. New accessors getPKIResponse(), getControlAttributes(), getCmsContents() and getStatusInfoV2() return the embedded content as structured TaggedAttribute / TaggedContentInfo / CMCStatusInfoV2 objects. A new PKIResponseBuilder assembles SimplePKIResponse instances for both shapes — the Full PKI Response error case (addControlAttribute / addStatusInfoV2 / addCmsContent / addOtherMsg) and the cert-delivery success case used by EST /simpleenroll (addCertificate). CMSSignedData has a new getSignedContentType() returning the encapsulated content type as an ASN1ObjectIdentifier (issue #1452).</li>
 <li>org.bouncycastle.gpg.KeyGripCalculator computes the GnuPG-style 20-byte SHA-1 keygrip for a BCPGKey. The calculator is constructed with a caller-supplied SHA-1 PGPDigestCalculator. RSA public keys are supported initially (matching libgcrypt's _gcry_rsa_compute_keygrip: SHA-1 of the canonical unsigned big-endian modulus); other key types throw on calculateKeygrip() until support is added (issue #676).</li>
 <li>CMS key transport now supports the SM2 cipher: JceKeyTransRecipientInfoGenerator wraps the CEK and JceKeyTransRecipient unwraps it when the keyEncryptionAlgorithm is GMObjectIdentifiers.sm2encrypt_with_sm3. The ciphertext format defaults to C1C3C2 (GB/T 35276 envelope encoding) and the SM4-CBC content encryption is exposed as the new CMSAlgorithm.SM4_CBC constant.</li>
 <li>org.bouncycastle.asn1.pkcs.SecretBag — RFC 7292 ASN.1 holder for the PKCS#12 secretBag bag type, complementing the existing CertBag / CRLBag classes. PKCS12SecretBag and PKCS12SecretBagBuilder in org.bouncycastle.pkcs sit alongside the SafeBag / SafeBagBuilder pair: PKCS12SafeBagBuilder takes a PKCS12SecretBag in a new constructor, and PKCS12SafeBag.getBagValue() returns a PKCS12SecretBag for safe bags of type secretBag.</li>
diff --git a/pkix/src/main/java/org/bouncycastle/cmc/PKIResponseBuilder.java b/pkix/src/main/java/org/bouncycastle/cmc/PKIResponseBuilder.java
@@ -4,6 +4,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.cmc.BodyPartID;
@@ -16,19 +17,30 @@
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
 import org.bouncycastle.asn1.cms.SignedData;
+import org.bouncycastle.cert.X509CertificateHolder;
 
 /**
- * Builder for an unsigned Full PKI Response (RFC 5272 / RFC 7030 4.2.3 / 4.4.2):
- * a CMS SignedData with no SignerInfos and no certificates whose encapsulated
- * content is an id-cct-PKIResponse PKIResponse SEQUENCE. The product is
- * delivered as a {@link SimplePKIResponse}, whose structured accessors expose
- * the embedded PKIResponse content.
+ * Builder for a Simple PKI Response (RFC 5272 / RFC 7030 4.2.3 / 4.4.2),
+ * delivered as a {@link SimplePKIResponse}.
+ * <p>
+ * Two shapes are supported, selected automatically at {@link #build()} time:
+ * <ul>
+ *   <li><b>Full PKI Response</b> (the error case used by EST server-generated
+ *       errors): a CMS SignedData with no SignerInfos whose encapsulated
+ *       content is an id-cct-PKIResponse PKIResponse SEQUENCE. Selected when
+ *       any control attribute, CMS content or other message has been added.</li>
+ *   <li><b>Simple PKI Response</b> (the cert-delivery case used by
+ *       /simpleenroll): a degenerate CMS SignedData with no SignerInfos, no
+ *       encapsulated content, and the issued certificates in the certificates
+ *       field. Selected when only certificates have been added.</li>
+ * </ul>
  */
 public class PKIResponseBuilder
 {
     private final List<TaggedAttribute> controlAttributes = new ArrayList<TaggedAttribute>();
     private final List<TaggedContentInfo> cmsContents = new ArrayList<TaggedContentInfo>();
     private final List<OtherMsg> otherMsgs = new ArrayList<OtherMsg>();
+    private final List<X509CertificateHolder> certificates = new ArrayList<X509CertificateHolder>();
 
     public PKIResponseBuilder addControlAttribute(TaggedAttribute attr)
     {
@@ -39,7 +51,11 @@ public PKIResponseBuilder addControlAttribute(TaggedAttribute attr)
     /**
      * Convenience for the EST server-generated error case: wrap the supplied
      * CMCStatusInfoV2 in a TaggedAttribute keyed by id-cmc-statusInfoV2 and
-     * append it to the controlSequence.
+     * append it to the controlSequence. The supplied {@code bodyPartID}
+     * identifies the {@link TaggedAttribute} itself within the controlSequence
+     * (per RFC 5272 sec. 3.2.1); it is structurally distinct from the
+     * {@code bodyList} entries inside {@code CMCStatusInfoV2}, which identify
+     * which request body parts the status pertains to.
      */
     public PKIResponseBuilder addStatusInfoV2(BodyPartID bodyPartID, CMCStatusInfoV2 statusInfo)
     {
@@ -48,6 +64,26 @@ public PKIResponseBuilder addStatusInfoV2(BodyPartID bodyPartID, CMCStatusInfoV2
         return this;
     }
 
+    /**
+     * Convenience overload for the simple-error case where the outer
+     * {@link TaggedAttribute}'s bodyPartID can be inherited from the first
+     * entry of {@code statusInfo.getBodyList()}. Behaves identically to
+     * {@link #addStatusInfoV2(BodyPartID, CMCStatusInfoV2)} when the caller
+     * doesn't need an independent identifier for the TaggedAttribute.
+     *
+     * @throws IllegalArgumentException if {@code statusInfo}'s bodyList is empty.
+     */
+    public PKIResponseBuilder addStatusInfoV2(CMCStatusInfoV2 statusInfo)
+    {
+        BodyPartID[] bodyList = statusInfo.getBodyList();
+        if (bodyList == null || bodyList.length == 0)
+        {
+            throw new IllegalArgumentException(
+                "CMCStatusInfoV2 bodyList is empty - cannot derive outer bodyPartID");
+        }
+        return addStatusInfoV2(bodyList[0], statusInfo);
+    }
+
     public PKIResponseBuilder addCmsContent(TaggedContentInfo cmsContent)
     {
         cmsContents.add(cmsContent);
@@ -60,31 +96,68 @@ public PKIResponseBuilder addOtherMsg(OtherMsg otherMsg)
         return this;
     }
 
+    /**
+     * Add a certificate to deliver in the response. When the builder contains
+     * only certificates (no control attributes, no CMS contents, no other
+     * messages), {@link #build()} emits a degenerate SignedData with no
+     * encapsulated content and the certificates in the certificates field
+     * (the Simple PKI Response shape used by EST /simpleenroll). When other
+     * payload has also been added, the certificates are carried alongside the
+     * id-cct-PKIResponse encapsulated content.
+     */
+    public PKIResponseBuilder addCertificate(X509CertificateHolder cert)
+    {
+        certificates.add(cert);
+        return this;
+    }
+
     public SimplePKIResponse build()
         throws CMCException
     {
-        PKIResponse pkiResponse = new PKIResponse(
-            controlAttributes.toArray(new TaggedAttribute[0]),
-            cmsContents.toArray(new TaggedContentInfo[0]),
-            otherMsgs.toArray(new OtherMsg[0]));
+        boolean hasPayload = !controlAttributes.isEmpty()
+            || !cmsContents.isEmpty()
+            || !otherMsgs.isEmpty();
+
+        ASN1EncodableVector certVec = null;
+        if (!certificates.isEmpty())
+        {
+            certVec = new ASN1EncodableVector();
+            for (X509CertificateHolder ch : certificates)
+            {
+                certVec.add(ch.toASN1Structure());
+            }
+        }
 
         ContentInfo encap;
-        try
+        if (hasPayload)
         {
-            encap = new ContentInfo(CMCObjectIdentifiers.id_cct_PKIResponse,
-                new DEROctetString(pkiResponse.getEncoded()));
+            PKIResponse pkiResponse = new PKIResponse(
+                controlAttributes.toArray(new TaggedAttribute[0]),
+                cmsContents.toArray(new TaggedContentInfo[0]),
+                otherMsgs.toArray(new OtherMsg[0]));
+
+            try
+            {
+                encap = new ContentInfo(CMCObjectIdentifiers.id_cct_PKIResponse,
+                    new DEROctetString(pkiResponse.getEncoded()));
+            }
+            catch (IOException e)
+            {
+                throw new CMCException("unable to encode PKIResponse: " + e.getMessage(), e);
+            }
         }
-        catch (IOException e)
+        else
         {
-            throw new CMCException("unable to encode PKIResponse: " + e.getMessage(), e);
+            // Simple PKI Response: degenerate SignedData with no encap content.
+            encap = new ContentInfo(CMSObjectIdentifiers.data, null);
         }
 
         SignedData signedData = new SignedData(
-            new DERSet(),    // digestAlgorithms
+            new DERSet(),                                    // digestAlgorithms
             encap,
-            null,            // certificates
-            null,            // crls
-            new DERSet());   // signerInfos
+            certVec == null ? null : new DERSet(certVec),    // certificates
+            null,                                            // crls
+            new DERSet());                                   // signerInfos
 
         return new SimplePKIResponse(new ContentInfo(CMSObjectIdentifiers.signedData, signedData));
     }
diff --git a/pkix/src/test/java/org/bouncycastle/est/test/ESTParsingTest.java b/pkix/src/test/java/org/bouncycastle/est/test/ESTParsingTest.java
@@ -257,4 +257,66 @@ public void testParsingFullPKIErrorResponse()
 
         assertEquals(0, response.getCertificates().getMatches(null).size());
     }
+
+    /**
+     * The 1-arg addStatusInfoV2 overload derives the outer TaggedAttribute
+     * bodyPartID from the first entry of statusInfo.getBodyList(). See the
+     * follow-up comment on github #1452.
+     */
+    public void testPKIResponseBuilderStatusInfoOnlyOverload()
+        throws Exception
+    {
+        BodyPartID bodyPartID = new BodyPartID(42);
+        CMCStatusInfoV2 statusInfo = new CMCStatusInfoV2Builder(CMCStatus.failed, bodyPartID)
+            .setOtherInfo(CMCFailInfo.badIdentity)
+            .setStatusString("bad identity")
+            .build();
+
+        SimplePKIResponse built = new PKIResponseBuilder()
+            .addStatusInfoV2(statusInfo)
+            .build();
+
+        SimplePKIResponse response = new SimplePKIResponse(built.getEncoded());
+
+        TaggedAttribute[] attrs = response.getControlAttributes();
+        assertEquals(1, attrs.length);
+        assertEquals(CMCObjectIdentifiers.id_cmc_statusInfoV2, attrs[0].getAttrType());
+        assertEquals(bodyPartID, attrs[0].getBodyPartID());
+
+        CMCStatusInfoV2 parsed = response.getStatusInfoV2();
+        assertEquals(CMCStatus.failed, parsed.getCMCStatus());
+        assertEquals(bodyPartID, parsed.getBodyList()[0]);
+    }
+
+    /**
+     * The cert-delivery shape: when only certificates are added, build()
+     * emits a degenerate SignedData with no encapsulated content and the
+     * certs in the certificates field (RFC 5272 Simple PKI Response, EST
+     * /simpleenroll). See the follow-up comment on github #1452.
+     */
+    public void testPKIResponseBuilderCertOnly()
+        throws Exception
+    {
+        SimplePKIResponse caResponse = new SimplePKIResponse(cacertsResponse);
+        Store<X509CertificateHolder> caCerts = caResponse.getCertificates();
+        Collection<X509CertificateHolder> caCertList = caCerts.getMatches(null);
+        assertTrue(caCertList.size() >= 1);
+        X509CertificateHolder firstCa = caCertList.iterator().next();
+
+        SimplePKIResponse built = new PKIResponseBuilder()
+            .addCertificate(firstCa)
+            .build();
+
+        SimplePKIResponse response = new SimplePKIResponse(built.getEncoded());
+
+        // No PKIResponse encap content in this shape.
+        assertNull("cert-only response must not carry id-cct-PKIResponse content",
+            response.getPKIResponse());
+        assertEquals(0, response.getControlAttributes().length);
+
+        // The cert went into the cert set.
+        Collection<X509CertificateHolder> roundTrip = response.getCertificates().getMatches(null);
+        assertEquals(1, roundTrip.size());
+        assertEquals(firstCa, roundTrip.iterator().next());
+    }
 }
