summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2020-02-21 18:06:14 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2020-02-21 18:06:14 +0700
commit9f562ae2423c550b95b3e00e6bcbeb6616b2a034 (patch)
tree2ae4742e2d0793d7e94c2bd299651857c7c6d862
parentFix handling of reason codes (diff)
downloadBouncyCastle.NET-ed25519-9f562ae2423c550b95b3e00e6bcbeb6616b2a034.tar.xz
Refactoring
-rw-r--r--crypto/src/pkix/Rfc3280CertPathUtilities.cs21
-rw-r--r--crypto/src/pkix/Rfc3281CertPathUtilities.cs267
-rw-r--r--crypto/src/x509/X509Certificate.cs6
-rw-r--r--crypto/src/x509/X509CrlEntry.cs2
4 files changed, 148 insertions, 148 deletions
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index c703194a4..d6594f4ad 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -245,12 +245,11 @@ namespace Org.BouncyCastle.Pkix
 			if (!(PkixCertPathValidatorUtilities.IsSelfIssued(cert) && (i < n)))
 			{
 				X509Name principal = cert.SubjectDN;
-				Asn1InputStream aIn = new Asn1InputStream(principal.GetEncoded());
 				Asn1Sequence dns;
 
 				try
 				{
-					dns = DerSequence.GetInstance(aIn.ReadObject());
+					dns = Asn1Sequence.GetInstance(principal.GetEncoded());
 				}
 				catch (Exception e)
 				{
@@ -357,7 +356,7 @@ namespace Org.BouncyCastle.Pkix
 					DerObjectIdentifier subjectDomainPolicy = null;
 					try
 					{
-						Asn1Sequence mapping = DerSequence.GetInstance(mappings[j]);
+                        Asn1Sequence mapping = Asn1Sequence.GetInstance(mappings[j]);
 
 						issuerDomainPolicy = DerObjectIdentifier.GetInstance(mapping[0]);
 						subjectDomainPolicy = DerObjectIdentifier.GetInstance(mapping[1]);
@@ -400,7 +399,7 @@ namespace Org.BouncyCastle.Pkix
 			Asn1Sequence certPolicies = null;
 			try
 			{
-				certPolicies = DerSequence.GetInstance(
+				certPolicies = Asn1Sequence.GetInstance(
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
 			}
 			catch (Exception e)
@@ -1167,10 +1166,10 @@ namespace Org.BouncyCastle.Pkix
 					 * omitted and a distribution point name of the certificate
 					 * issuer.
 					 */
-					Asn1Object issuer = null;
+					X509Name issuer;
 					try
 					{
-						issuer = new Asn1InputStream(cert.IssuerDN.GetEncoded()).ReadObject();
+						issuer = X509Name.GetInstance(cert.IssuerDN.GetEncoded());
 					}
 					catch (Exception e)
 					{
@@ -1598,7 +1597,7 @@ namespace Org.BouncyCastle.Pkix
 			Asn1Sequence pc = null;
 			try
 			{
-				pc = DerSequence.GetInstance(
+                pc = Asn1Sequence.GetInstance(
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints));
 			}
 			catch (Exception e)
@@ -1653,7 +1652,7 @@ namespace Org.BouncyCastle.Pkix
 			Asn1Sequence pc = null;
 			try
 			{
-				pc = DerSequence.GetInstance(
+                pc = Asn1Sequence.GetInstance(
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints));
 			}
 			catch (Exception e)
@@ -1708,7 +1707,7 @@ namespace Org.BouncyCastle.Pkix
 			NameConstraints nc = null;
 			try
 			{
-				Asn1Sequence ncSeq = DerSequence.GetInstance(
+                Asn1Sequence ncSeq = Asn1Sequence.GetInstance(
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.NameConstraints));
 				if (ncSeq != null)
 				{
@@ -2042,7 +2041,7 @@ namespace Org.BouncyCastle.Pkix
 			Asn1Sequence pc = null;
 			try
 			{
-				pc = DerSequence.GetInstance(
+                pc = Asn1Sequence.GetInstance(
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints));
 			}
 			catch (Exception e)
@@ -2415,7 +2414,7 @@ namespace Org.BouncyCastle.Pkix
 			Asn1Sequence certPolicies = null;
 			try
 			{
-				certPolicies = DerSequence.GetInstance(
+                certPolicies = Asn1Sequence.GetInstance(
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
 			}
 			catch (Exception e)
diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
index 101ef5e11..66025f0fc 100644
--- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
@@ -79,153 +79,154 @@ namespace Org.BouncyCastle.Pkix
 			DateTime					validDate,
 			IList						certPathCerts)
 		{
-			if (paramsPKIX.IsRevocationEnabled)
+			if (!paramsPKIX.IsRevocationEnabled)
+            {
+                return;
+            }
+
+            // check if revocation is available
+            if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) != null)
+            {
+                if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null
+                    || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
+                {
+                    throw new PkixCertPathValidatorException(
+                        "No rev avail extension is set, but also an AC revocation pointer.");
+                }
+
+                return;
+            }
+
+            CrlDistPoint crldp = null;
+			try
+			{
+				crldp = CrlDistPoint.GetInstance(
+					PkixCertPathValidatorUtilities.GetExtensionValue(
+						attrCert, X509Extensions.CrlDistributionPoints));
+			}
+			catch (Exception e)
+			{
+				throw new PkixCertPathValidatorException(
+					"CRL distribution point extension could not be read.", e);
+			}
+			try
+			{
+				PkixCertPathValidatorUtilities
+					.AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX);
+			}
+			catch (Exception e)
 			{
-				// check if revocation is available
-				if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
+				throw new PkixCertPathValidatorException(
+					"No additional CRL locations could be decoded from CRL distribution point extension.", e);
+			}
+
+			CertStatus certStatus = new CertStatus();
+			ReasonsMask reasonsMask = new ReasonsMask();
+
+			Exception lastException = null;
+			bool validCrlFound = false;
+			// for each distribution point
+			if (crldp != null)
+			{
+				DistributionPoint[] dps = null;
+				try
 				{
-					CrlDistPoint crldp = null;
-					try
-					{
-						crldp = CrlDistPoint.GetInstance(
-							PkixCertPathValidatorUtilities.GetExtensionValue(
-								attrCert, X509Extensions.CrlDistributionPoints));
-					}
-					catch (Exception e)
-					{
-						throw new PkixCertPathValidatorException(
-							"CRL distribution point extension could not be read.", e);
-					}
-					try
+					dps = crldp.GetDistributionPoints();
+				}
+				catch (Exception e)
+				{
+					throw new PkixCertPathValidatorException(
+						"Distribution points could not be read.", e);
+				}
+				try
+				{
+					for (int i = 0; i < dps.Length
+						&& certStatus.Status == CertStatus.Unrevoked
+						&& !reasonsMask.IsAllReasons; i++)
 					{
-						PkixCertPathValidatorUtilities
-							.AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX);
+						PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX
+							.Clone();
+						CheckCrl(dps[i], attrCert, paramsPKIXClone,
+							validDate, issuerCert, certStatus, reasonsMask,
+							certPathCerts);
+						validCrlFound = true;
 					}
-					catch (Exception e)
-					{
-						throw new PkixCertPathValidatorException(
-							"No additional CRL locations could be decoded from CRL distribution point extension.", e);
-					}
-					CertStatus certStatus = new CertStatus();
-					ReasonsMask reasonsMask = new ReasonsMask();
+				}
+				catch (Exception e)
+				{
+					lastException = new Exception(
+						"No valid CRL for distribution point found.", e);
+				}
+			}
 
-					Exception lastException = null;
-					bool validCrlFound = false;
-					// for each distribution point
-					if (crldp != null)
-					{
-						DistributionPoint[] dps = null;
-						try
-						{
-							dps = crldp.GetDistributionPoints();
-						}
-						catch (Exception e)
-						{
-							throw new PkixCertPathValidatorException(
-								"Distribution points could not be read.", e);
-						}
-						try
-						{
-							for (int i = 0; i < dps.Length
-								&& certStatus.Status == CertStatus.Unrevoked
-								&& !reasonsMask.IsAllReasons; i++)
-							{
-								PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX
-									.Clone();
-								CheckCrl(dps[i], attrCert, paramsPKIXClone,
-									validDate, issuerCert, certStatus, reasonsMask,
-									certPathCerts);
-								validCrlFound = true;
-							}
-						}
-						catch (Exception e)
-						{
-							lastException = new Exception(
-								"No valid CRL for distribution point found.", e);
-						}
-					}
+			/*
+			* If the revocation status has not been determined, repeat the
+			* process above with any available CRLs not specified in a
+			* distribution point but issued by the certificate issuer.
+			*/
 
+			if (certStatus.Status == CertStatus.Unrevoked
+				&& !reasonsMask.IsAllReasons)
+			{
+				try
+				{
 					/*
-					* If the revocation status has not been determined, repeat the
-					* process above with any available CRLs not specified in a
-					* distribution point but issued by the certificate issuer.
+					* assume a DP with both the reasons and the cRLIssuer
+					* fields omitted and a distribution point name of the
+					* certificate issuer.
 					*/
-
-					if (certStatus.Status == CertStatus.Unrevoked
-						&& !reasonsMask.IsAllReasons)
-					{
-						try
-						{
-							/*
-							* assume a DP with both the reasons and the cRLIssuer
-							* fields omitted and a distribution point name of the
-							* certificate issuer.
-							*/
-							Asn1Object issuer = null;
-							try
-							{
-								issuer = new Asn1InputStream(
-									attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
-							}
-							catch (Exception e)
-							{
-								throw new Exception(
-									"Issuer from certificate for CRL could not be reencoded.",
-									e);
-							}
-							DistributionPoint dp = new DistributionPoint(
-								new DistributionPointName(0, new GeneralNames(
-									new GeneralName(GeneralName.DirectoryName, issuer))), null, null);
-							PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX.Clone();
-							CheckCrl(dp, attrCert, paramsPKIXClone, validDate,
-								issuerCert, certStatus, reasonsMask, certPathCerts);
-							validCrlFound = true;
-						}
-						catch (Exception e)
-						{
-							lastException = new Exception(
-								"No valid CRL for distribution point found.", e);
-						}
-					}
-
-					if (!validCrlFound)
-					{
-						throw new PkixCertPathValidatorException(
-							"No valid CRL found.", lastException);
-					}
-					if (certStatus.Status != CertStatus.Unrevoked)
-					{
-                        // This format is enforced by the NistCertPath tests
-                        string formattedDate = certStatus.RevocationDate.Value.ToString(
-                            "ddd MMM dd HH:mm:ss K yyyy");
-                        string message = "Attribute certificate revocation after "
-							+ formattedDate;
-						message += ", reason: "
-							+ Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
-						throw new PkixCertPathValidatorException(message);
-					}
-					if (!reasonsMask.IsAllReasons
-						&& certStatus.Status == CertStatus.Unrevoked)
+                    X509Name issuer;
+                    try
+                    {
+                        issuer = X509Name.GetInstance(attrCert.Issuer.GetPrincipals()[0].GetEncoded());
+                    }
+                    catch (Exception e)
 					{
-						certStatus.Status = CertStatus.Undetermined;
-					}
-					if (certStatus.Status == CertStatus.Undetermined)
-					{
-						throw new PkixCertPathValidatorException(
-							"Attribute certificate status could not be determined.");
+						throw new Exception(
+							"Issuer from certificate for CRL could not be reencoded.",
+							e);
 					}
-
+					DistributionPoint dp = new DistributionPoint(
+						new DistributionPointName(0, new GeneralNames(
+							new GeneralName(GeneralName.DirectoryName, issuer))), null, null);
+					PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX.Clone();
+					CheckCrl(dp, attrCert, paramsPKIXClone, validDate,
+						issuerCert, certStatus, reasonsMask, certPathCerts);
+					validCrlFound = true;
 				}
-				else
+				catch (Exception e)
 				{
-					if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null
-						|| attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
-					{
-						throw new PkixCertPathValidatorException(
-							"No rev avail extension is set, but also an AC revocation pointer.");
-					}
+					lastException = new Exception(
+						"No valid CRL for distribution point found.", e);
 				}
 			}
+
+			if (!validCrlFound)
+			{
+				throw new PkixCertPathValidatorException(
+					"No valid CRL found.", lastException);
+			}
+			if (certStatus.Status != CertStatus.Unrevoked)
+			{
+                // This format is enforced by the NistCertPath tests
+                string formattedDate = certStatus.RevocationDate.Value.ToString(
+                    "ddd MMM dd HH:mm:ss K yyyy");
+                string message = "Attribute certificate revocation after "
+					+ formattedDate;
+				message += ", reason: "
+					+ Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
+				throw new PkixCertPathValidatorException(message);
+			}
+			if (!reasonsMask.IsAllReasons
+				&& certStatus.Status == CertStatus.Unrevoked)
+			{
+				certStatus.Status = CertStatus.Undetermined;
+			}
+			if (certStatus.Status == CertStatus.Undetermined)
+			{
+				throw new PkixCertPathValidatorException(
+					"Attribute certificate status could not be determined.");
+			}
 		}
 
 		internal static void AdditionalChecks(
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index fd156e487..d8d97ec5e 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -515,9 +515,9 @@ namespace Org.BouncyCastle.X509
 
 					if (ext.Value != null)
 					{
-						byte[] octs = ext.Value.GetOctets();
-						Asn1Object obj = Asn1Object.FromByteArray(octs);
-						buf.Append("                       critical(").Append(ext.IsCritical).Append(") ");
+                        Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(ext.Value);
+
+                        buf.Append("                       critical(").Append(ext.IsCritical).Append(") ");
 						try
 						{
 							if (oid.Equals(X509Extensions.BasicConstraints))
diff --git a/crypto/src/x509/X509CrlEntry.cs b/crypto/src/x509/X509CrlEntry.cs
index 9e3608c18..9660a7099 100644
--- a/crypto/src/x509/X509CrlEntry.cs
+++ b/crypto/src/x509/X509CrlEntry.cs
@@ -188,7 +188,7 @@ namespace Org.BouncyCastle.X509
 
 						if (ext.Value != null)
 						{
-							Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets());
+                            Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(ext.Value);
 
 							buf.Append("                       critical(")
 								.Append(ext.IsCritical)