Incorrect encoding of the DistributionPointName object in IssuingDistributionPointExtension

[Zhang, Ning]

Here is the test program for demonstrating the issue. Thanks.

/*
 * This java program demonstrates the encoding bug related to the
 * DistributionPointName object in
 *
 *   sun/security/x509/IssuingDistributionPointExtension.java
 *
 * The fix would be:
 *
 * ***************
 * *** 395,397 ****
 *     distributionPoint.encode(tmp);
 * !   tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true,
 *         TAG_DISTRIBUTION_POINT), tmp);
 * --- 395,397 ----
 *     distributionPoint.encode(tmp);
 * !   tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true,
 *         TAG_DISTRIBUTION_POINT), tmp);
 *
 * ***************
 *
 * Encoded data sample
 *
 * Correctly encoded IssuingDistributionPointExtension object:
 *
 * 000000 30 1d 06 03 55 1d 1c 01  01 ff 04 13 30 11 a0 0c
 * 000010 a0 0a 86 08 68 74 74 70  3a 2f 2f 63 84 01 ff
 *
 * Incorectly encoded IssuingDistributionPointExtension object:
 *
 * 000000 30 1b 06 03 55 1d 1c 01  01 ff 04 11 30 0f a0 0a
 * 000010 86 08 68 74 74 70 3a 2f  2f 63 84 01 ff
 *
 */
import java.util.Arrays;
import sun.security.x509.IssuingDistributionPointExtension;
import sun.security.util.DerOutputStream;

public class TestIdpExtBug {
  private static byte[] expected = {
    0x30,      0x1d,      0x06, 0x03,      0x55, 0x1d,       0x1c, 0x01,
    0x01,(byte)0xff,      0x04, 0x13,      0x30, 0x11,(byte) 0xa0, 0x0c,
    (byte)0xa0,0x0a,(byte)0x86, 0x08,      0x68, 0x74,       0x74, 0x70,
    0x3a,      0x2f,      0x2f, 0x63,(byte)0x84, 0x01,(byte) 0xff };

  public static void main(String[] args) throws Exception {
    byte[] rawData = Arrays.copyOfRange(expected, 12, expected.length);
    IssuingDistributionPointExtension idp;
    idp = new IssuingDistributionPointExtension(true, rawData);
    System.out.println("IssuingDistributionPointExtension " + idp);
    checkData(idp);
    // trigger re-encoding and demonstrate the bug
    idp.set(IssuingDistributionPointExtension.INDIRECT_CRL, true);
    checkData(idp);
  }

  public static void checkData( IssuingDistributionPointExtension idp )
    throws Exception {
    DerOutputStream out = new DerOutputStream();
    idp.encode(out);
    byte[] encData = out.toByteArray();
    if (encData.length != expected.length) {
      System.out.println("Encoded data length mismatch - "
        + expected.length + " != " + encData.length);
      return;
    }
    for (int i = 0; i < encData.length; i++) {
      if (encData[i] != expected[i]) {
        System.out.println("Encoded data mismatches at index " + i);
        return;
      }
    }
    System.out.println("Encoded data matches as expected");
  }
}