Access certificate with generic signed object parser

RIPE-NCC · Oct 31, 2023 · d73c7cf · d73c7cf
1 parent ea842ac
commit d73c7cf
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -62,6 +62,9 @@ next (snapshot) release, e.g. `1.1-SNAPSHOT` after releasing `1.0`.
 
 ## Changelog
 
+## 2023-10-31 1.36
+  * Access the certificate for the generic signed object parser.
+
 ## 2023-10-03 1.35
   * Build targets JDK 11
   * Prefixes in ROAs are sorted by (prefix, maxlength - missing first)

diff --git a/src/main/java/net/ripe/rpki/commons/crypto/cms/GenericRpkiSignedObjectParser.java b/src/main/java/net/ripe/rpki/commons/crypto/cms/GenericRpkiSignedObjectParser.java
@@ -4,10 +4,12 @@
 import net.ripe.rpki.commons.crypto.cms.ghostbuster.GhostbustersCms;
 import net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms;
 import net.ripe.rpki.commons.crypto.cms.roa.RoaCms;
+import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate;
 import net.ripe.rpki.commons.util.RepositoryObjectType;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.joda.time.DateTime;
 
+import java.security.cert.Certificate;
 import java.util.Optional;
 
 import static net.ripe.rpki.commons.util.RepositoryObjectType.*;
@@ -17,6 +19,10 @@ public DateTime getSigningTime() {
         return super.getSigningTime();
     }
 
+    public X509ResourceCertificate getCertificate() {
+        return super.getCertificate();
+    }
+
     public Optional<RepositoryObjectType> getRepositoryObjectType() {
         final ASN1ObjectIdentifier contentType = getContentType();
         if (AspaCms.CONTENT_TYPE.equals(contentType)) {

diff --git a/src/test/java/net/ripe/rpki/commons/crypto/cms/GenericRpkiSignedObjectParserTest.java b/src/test/java/net/ripe/rpki/commons/crypto/cms/GenericRpkiSignedObjectParserTest.java
@@ -45,6 +45,18 @@ void should_parse_roa() throws IOException {
         assertThat(parser.getSigningTime()).isEqualTo(DateTime.parse("2011-11-11T01:55:18+00:00"));
     }
 
+    /**
+     * Parse an invalid object, but still extract validity period and signing time.
+     */
+    @Test
+    void should_parse_generic() throws IOException {
+        GenericRpkiSignedObjectParser parser = parse("interop/aspa/BAD-profile-13-AS211321-profile-13.asa");
+
+        assertThat(parser.getSigningTime()).isEqualTo(DateTime.parse("2021-11-11T11:19:00Z"));
+
+        assertThat(parser.getCertificate().getValidityPeriod().getNotValidBefore()).isEqualTo(DateTime.parse("2021-11-11T11:14:00Z"));
+    }
+
 
     private GenericRpkiSignedObjectParser parse(String path) throws IOException {
         byte[] bytes = Resources.toByteArray(Resources.getResource(path));