If the date is before 1950-01-01, use a four-digit year
If the self-delimiting object identifer exceeds the enclosing object's
size, fail.
If a nested object exceeds its enclosing object's size, fail.
We don't have API support for all of them, but we shouldn't crash when an
unsupported name is encountered.
Also encode attributes using UTF-8, not PrintableString. Both are permitted,
but UTF-8 supports more data.
* Add limits to what length values DerReader supports
With this change DerReader doesn't support reading values with a length
greater than Long.MAX_VALUE. That shouldn't be a problem in practice.
* Make DerReader check length is encoded in shortest form possible
* Spotless and IntelliJ disagree on import order
Co-authored-by: Jesse Wilson <jesse@swank.ca>
We don't implement the full feature set that Bouncycastle has, but
we also don't need it.
In follow up changes I intend to remove the Bouncycastle dependency
for everything but some test cases.
This gets us to the point where the byte-for-byte encoding is equiavalent
to what bouncycastle was producing.
This shook out some bugs:
- We weren't boxing the version
- We weren't clearing the constructed bit on boxed extensions
- We weren't encoding null when we needed to be
Previously the caller was responsible for decoding the tag on the
adapter it called. This was easy for basic tags, but proved problematic
for tags like CHOICE and ANY and typehint-dependent tags, because the
caller didn't have enough information.
This moves the tag reading and writing into the DerAdapter itself. If
it encounters a tag it can't understand, it assumes it's own value has
been skipped and returns a default.
This turns out to be a bit easier to reason about, and hopefully will
make it easier to implement AlgorithmIdentifier.parameters, which has
values that are optional or not depending on what the type hint is.
* Early implementation of an ASN.1 DER decoder
My goal is to finish the implementation to support an ASN.1 DER encoder
and then to change okhttp-tls to no longer depend on BouncyCastle.
* Update okhttp-tls/src/main/kotlin/okhttp3/tls/internal/der/DerReader.kt
Co-authored-by: Benoît Quenaudon <bquenaudon@squareup.com>
Co-authored-by: Benoît Quenaudon <bquenaudon@squareup.com>
Recent refactorings have made it clear that there's three things
we need to be done before we can release the connection:
- the request body
- the response body
- the series of exchanges
This changes the code to invert these booleans. In a follow-up I'd
like to add some defensive code around duplex calls where the request
and response body could race when they close.
Previously we were locking the RealConnectionPool for all
connection-related state, including cancelation.
This changes the locks to be per-Connection, leaning heavily
on thread-confined fields in RealCall, Exchange, and
ExchangeFinder.
