summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-01-28 18:57:30 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-01-28 18:57:30 +0700
commit558aef70537b3882e5616e9d0e7b40d971e2dd42 (patch)
tree1ac43c975f414e69a268dca315a10a87fa406ea8
parentAdd Xoodyak to the master branch (diff)
downloadBouncyCastle.NET-ed25519-558aef70537b3882e5616e9d0e7b40d971e2dd42.tar.xz
Misc. cleanup after bc-fips-csharp updates
-rw-r--r--crypto/src/asn1/cmp/PKIFreeText.cs10
-rw-r--r--crypto/src/asn1/x509/CertificateList.cs23
-rw-r--r--crypto/src/asn1/x509/X509CertificateStructure.cs11
-rw-r--r--crypto/src/bcpg/ArmoredInputStream.cs6
-rw-r--r--crypto/src/cmp/ProtectedPkiMessage.cs9
-rw-r--r--crypto/src/cmp/ProtectedPkiMessageBuilder.cs11
-rw-r--r--crypto/src/cms/CMSSignedHelper.cs54
-rw-r--r--crypto/src/cms/SignerInformationStore.cs19
-rw-r--r--crypto/src/pkix/CertStatus.cs2
-rw-r--r--crypto/src/pkix/PkixCertPathBuilderResult.cs24
-rw-r--r--crypto/src/pkix/PkixCertPathValidatorResult.cs17
-rw-r--r--crypto/src/pkix/PkixNameConstraintValidator.cs5
-rw-r--r--crypto/src/pkix/PkixParameters.cs9
-rw-r--r--crypto/src/tls/TlsClientProtocol.cs3
-rw-r--r--crypto/src/tls/TlsExtensionsUtilities.cs5
-rw-r--r--crypto/src/tls/TlsUtilities.cs4
-rw-r--r--crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs10
-rw-r--r--crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedAgreement.cs2
-rw-r--r--crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.cs2
-rw-r--r--crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.cs2
-rw-r--r--crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs12
-rw-r--r--crypto/src/x509/AttributeCertificateHolder.cs36
-rw-r--r--crypto/src/x509/AttributeCertificateIssuer.cs15
-rw-r--r--crypto/src/x509/X509Certificate.cs7
-rw-r--r--crypto/src/x509/X509Crl.cs6
-rw-r--r--crypto/src/x509/X509CrlEntry.cs2
-rw-r--r--crypto/src/x509/X509V2CRLGenerator.cs1
27 files changed, 137 insertions, 170 deletions
diff --git a/crypto/src/asn1/cmp/PKIFreeText.cs b/crypto/src/asn1/cmp/PKIFreeText.cs
index f3a4b8a81..f4d7e0967 100644
--- a/crypto/src/asn1/cmp/PKIFreeText.cs
+++ b/crypto/src/asn1/cmp/PKIFreeText.cs
@@ -7,13 +7,11 @@ namespace Org.BouncyCastle.Asn1.Cmp
 	{
 		public static PkiFreeText GetInstance(object obj)
 		{
+			if (obj == null)
+				return null;
 			if (obj is PkiFreeText pkiFreeText)
 				return pkiFreeText;
-
-			if (obj != null)
-                return new PkiFreeText(Asn1Sequence.GetInstance(obj));
-
-            return null;
+            return new PkiFreeText(Asn1Sequence.GetInstance(obj));
 		}
 
         public static PkiFreeText GetInstance(Asn1TaggedObject taggedObject, bool declaredExplicit)
@@ -21,7 +19,7 @@ namespace Org.BouncyCastle.Asn1.Cmp
             return GetInstance(Asn1Sequence.GetInstance(taggedObject, declaredExplicit));
         }
 
-        internal Asn1Sequence m_strings;
+        private readonly Asn1Sequence m_strings;
 
         internal PkiFreeText(Asn1Sequence seq)
 		{
diff --git a/crypto/src/asn1/x509/CertificateList.cs b/crypto/src/asn1/x509/CertificateList.cs
index 3d5d2e557..5d73cf411 100644
--- a/crypto/src/asn1/x509/CertificateList.cs
+++ b/crypto/src/asn1/x509/CertificateList.cs
@@ -23,26 +23,21 @@ namespace Org.BouncyCastle.Asn1.X509
         private readonly AlgorithmIdentifier sigAlgID;
         private readonly DerBitString sig;
 
-		public static CertificateList GetInstance(
-            Asn1TaggedObject	obj,
-            bool				explicitly)
+        public static CertificateList GetInstance(Asn1TaggedObject obj, bool explicitly)
         {
             return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
         }
 
-		public static CertificateList GetInstance(
-            object obj)
+        public static CertificateList GetInstance(object obj)
         {
-            if (obj is CertificateList)
-                return (CertificateList) obj;
-
-			if (obj != null)
-				return new CertificateList(Asn1Sequence.GetInstance(obj));
-
-			return null;
-		}
+            if (obj == null)
+                return null;
+            if (obj is CertificateList certificateList)
+                return certificateList;
+            return new CertificateList(Asn1Sequence.GetInstance(obj));
+        }
 
-		private CertificateList(
+        private CertificateList(
             Asn1Sequence seq)
         {
 			if (seq.Count != 3)
diff --git a/crypto/src/asn1/x509/X509CertificateStructure.cs b/crypto/src/asn1/x509/X509CertificateStructure.cs
index 6e7c85de6..5394b2be3 100644
--- a/crypto/src/asn1/x509/X509CertificateStructure.cs
+++ b/crypto/src/asn1/x509/X509CertificateStructure.cs
@@ -21,20 +21,17 @@ namespace Org.BouncyCastle.Asn1.X509
         private readonly AlgorithmIdentifier		sigAlgID;
         private readonly DerBitString				sig;
 
-        public static X509CertificateStructure GetInstance(
-            Asn1TaggedObject	obj,
-            bool				explicitly)
+        public static X509CertificateStructure GetInstance(Asn1TaggedObject obj, bool explicitly)
         {
             return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
         }
 
-        public static X509CertificateStructure GetInstance(
-            object obj)
+        public static X509CertificateStructure GetInstance(object obj)
         {
-            if (obj is X509CertificateStructure)
-                return (X509CertificateStructure)obj;
             if (obj == null)
                 return null;
+            if (obj is X509CertificateStructure x509CertificateStructure)
+                return x509CertificateStructure;
             return new X509CertificateStructure(Asn1Sequence.GetInstance(obj));
         }
 
diff --git a/crypto/src/bcpg/ArmoredInputStream.cs b/crypto/src/bcpg/ArmoredInputStream.cs
index 7bd7b5c04..348f0bc32 100644
--- a/crypto/src/bcpg/ArmoredInputStream.cs
+++ b/crypto/src/bcpg/ArmoredInputStream.cs
@@ -243,7 +243,7 @@ namespace Org.BouncyCastle.Bcpg
 
 			if (headerList.Count > 0)
             {
-                header = (string)headerList[0];
+                header = headerList[0];
             }
 
 			clearText = "-----BEGIN PGP SIGNED MESSAGE-----".Equals(header);
@@ -290,7 +290,7 @@ namespace Org.BouncyCastle.Bcpg
 			string[] hdrs = new string[headerList.Count - 1];
             for (int i = 0; i != hdrs.Length; i++)
             {
-                hdrs[i] = (string)headerList[i + 1];
+                hdrs[i] = headerList[i + 1];
             }
 
 			return hdrs;
@@ -303,7 +303,7 @@ namespace Org.BouncyCastle.Bcpg
             {
                 c = input.ReadByte();
             }
-            while (c == ' ' || c == '\t' || c == '\f' || c == '\u000B') ; // \u000B ~ \v
+            while (c == ' ' || c == '\t' || c == '\f' || c == '\u000B'); // \u000B ~ \v
 
             if (c >= 128)
                 throw new IOException("invalid armor");
diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs
index df4c45143..8bc9e4f4d 100644
--- a/crypto/src/cmp/ProtectedPkiMessage.cs
+++ b/crypto/src/cmp/ProtectedPkiMessage.cs
@@ -137,14 +137,9 @@ namespace Org.BouncyCastle.Cmp
 
         private TResult Process<TResult>(IStreamCalculator<TResult> streamCalculator)
         {
-            Asn1EncodableVector avec = new Asn1EncodableVector();
-            avec.Add(m_pkiMessage.Header);
-            avec.Add(m_pkiMessage.Body);
-            byte[] enc = new DerSequence(avec).GetDerEncoded();
-
-            using (var stream = streamCalculator.Stream)
+            using (var s = streamCalculator.Stream)
             {
-                stream.Write(enc, 0, enc.Length);
+                new DerSequence(m_pkiMessage.Header, m_pkiMessage.Body).EncodeTo(s, Asn1Encodable.Der);
             }
 
             return streamCalculator.GetResult();
diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
index 505747960..508b00ff5 100644
--- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
+++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
-using Org.BouncyCastle.Asn1.Cms;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.X509;
@@ -98,7 +97,7 @@ namespace Org.BouncyCastle.Cmp
             if (null == body)
                 throw new InvalidOperationException("body must be set before building");
 
-            IStreamCalculator<IBlockResult> calculator = signatureFactory.CreateCalculator();
+            var calculator = signatureFactory.CreateCalculator();
 
             if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier algorithmDetails))
                 throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier");
@@ -114,7 +113,7 @@ namespace Org.BouncyCastle.Cmp
             if (null == body)
                 throw new InvalidOperationException("body must be set before building");
 
-            IStreamCalculator<IBlockResult> calculator = macFactory.CreateCalculator();
+            var calculator = macFactory.CreateCalculator();
 
             if (!(macFactory.AlgorithmDetails is AlgorithmIdentifier algorithmDetails))
                 throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier");
@@ -150,7 +149,11 @@ namespace Org.BouncyCastle.Cmp
 
         private byte[] CalculateSignature(IStreamCalculator<IBlockResult> signer, PkiHeader header, PkiBody body)
         {
-            new DerSequence(header, body).EncodeTo(signer.Stream);
+            using (var s = signer.Stream)
+            {
+                new DerSequence(header, body).EncodeTo(s);
+            }
+
             return signer.GetResult().Collect();
         }
     }
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 9db39549b..37fefe140 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -35,7 +35,7 @@ namespace Org.BouncyCastle.Cms
 		private static readonly IDictionary<string, string> m_digestAlgs = new Dictionary<string, string>();
 		private static readonly IDictionary<string, string[]> m_digestAliases = new Dictionary<string, string[]>();
 
-        private static readonly HashSet<string> noParams = new HashSet<string>();
+        private static readonly HashSet<string> m_noParams = new HashSet<string>();
 		private static readonly IDictionary<string, string> m_ecAlgorithms = new Dictionary<string, string>();
 
 		private static void AddEntries(DerObjectIdentifier oid, string digest, string encryption)
@@ -130,13 +130,13 @@ namespace Org.BouncyCastle.Cms
 			m_digestAliases.Add("SHA384", new string[]{ "SHA-384" });
 			m_digestAliases.Add("SHA512", new string[]{ "SHA-512" });
 
-            noParams.Add(CmsSignedGenerator.EncryptionDsa);
-            //noParams.Add(EncryptionECDsa);
-            noParams.Add(EncryptionECDsaWithSha1);
-            noParams.Add(EncryptionECDsaWithSha224);
-            noParams.Add(EncryptionECDsaWithSha256);
-            noParams.Add(EncryptionECDsaWithSha384);
-            noParams.Add(EncryptionECDsaWithSha512);
+            m_noParams.Add(CmsSignedGenerator.EncryptionDsa);
+            //m_noParams.Add(EncryptionECDsa);
+            m_noParams.Add(EncryptionECDsaWithSha1);
+            m_noParams.Add(EncryptionECDsaWithSha224);
+            m_noParams.Add(EncryptionECDsaWithSha256);
+            m_noParams.Add(EncryptionECDsaWithSha384);
+            m_noParams.Add(EncryptionECDsaWithSha512);
 
 			m_ecAlgorithms.Add(CmsSignedGenerator.DigestSha1, EncryptionECDsaWithSha1);
 			m_ecAlgorithms.Add(CmsSignedGenerator.DigestSha224, EncryptionECDsaWithSha224);
@@ -151,13 +151,13 @@ namespace Org.BouncyCastle.Cms
         */
 		internal string GetDigestAlgName(string digestAlgOid)
         {
-			return m_digestAlgs.TryGetValue(digestAlgOid, out var algName) ? algName : digestAlgOid;
+            return CollectionUtilities.GetValueOrKey(m_digestAlgs, digestAlgOid);
         }
 
-		internal AlgorithmIdentifier GetEncAlgorithmIdentifier(DerObjectIdentifier encOid,
+        internal AlgorithmIdentifier GetEncAlgorithmIdentifier(DerObjectIdentifier encOid,
 			Asn1Encodable sigX509Parameters)
 		{
-			if (noParams.Contains(encOid.Id))
+			if (m_noParams.Contains(encOid.Id))
 			{
 				return new AlgorithmIdentifier(encOid);
 			}
@@ -177,10 +177,10 @@ namespace Org.BouncyCastle.Cms
         */
         internal string GetEncryptionAlgName(string encryptionAlgOid)
         {
-			return m_encryptionAlgs.TryGetValue(encryptionAlgOid, out var algName) ? algName : encryptionAlgOid;
+            return CollectionUtilities.GetValueOrKey(m_encryptionAlgs, encryptionAlgOid);
         }
 
-		internal IDigest GetDigestInstance(
+        internal IDigest GetDigestInstance(
 			string algorithm)
 		{
 			try
@@ -326,10 +326,17 @@ namespace Org.BouncyCastle.Cms
             {
 				foreach (Asn1Encodable ae in certSet)
 				{
-					if (ae != null && ae.ToAsn1Object() is Asn1Sequence s)
+					if (ae == null)
+						continue;
+
+					if (ae is X509CertificateStructure c)
 					{
-						contents.Add(new X509Certificate(X509CertificateStructure.GetInstance(s)));
-					}
+                        contents.Add(new X509Certificate(c));
+                    }
+					else if (ae.ToAsn1Object() is Asn1Sequence s)
+					{
+                        contents.Add(new X509Certificate(X509CertificateStructure.GetInstance(s)));
+                    }
 				}
 			}
 			return CollectionUtilities.CreateStore(contents);
@@ -342,10 +349,17 @@ namespace Org.BouncyCastle.Cms
 			{
 				foreach (Asn1Encodable ae in crlSet)
 				{
-					if (ae != null && ae.ToAsn1Object() is Asn1Sequence s)
-					{
-						contents.Add(new X509Crl(CertificateList.GetInstance(s)));
-					}
+                    if (ae == null)
+                        continue;
+
+                    if (ae is CertificateList c)
+                    {
+                        contents.Add(new X509Crl(c));
+                    }
+                    else if (ae.ToAsn1Object() is Asn1Sequence s)
+                    {
+                        contents.Add(new X509Crl(CertificateList.GetInstance(s)));
+                    }
 				}
 			}
 			return CollectionUtilities.CreateStore(contents);
diff --git a/crypto/src/cms/SignerInformationStore.cs b/crypto/src/cms/SignerInformationStore.cs
index 7fa3ef678..bc21f9d39 100644
--- a/crypto/src/cms/SignerInformationStore.cs
+++ b/crypto/src/cms/SignerInformationStore.cs
@@ -5,7 +5,7 @@ namespace Org.BouncyCastle.Cms
 {
     public class SignerInformationStore
     {
-        private readonly IList<SignerInformation> all;
+        private readonly IList<SignerInformation> m_all;
         private readonly IDictionary<SignerID, IList<SignerInformation>> m_table =
             new Dictionary<SignerID, IList<SignerInformation>>();
 
@@ -16,12 +16,12 @@ namespace Org.BouncyCastle.Cms
          */
         public SignerInformationStore(SignerInformation signerInfo)
         {
-            this.all = new List<SignerInformation>(1);
-            this.all.Add(signerInfo);
+            m_all = new List<SignerInformation>(1);
+            m_all.Add(signerInfo);
 
             SignerID sid = signerInfo.SignerID;
 
-            m_table[sid] = all;
+            m_table[sid] = m_all;
         }
 
         /**
@@ -31,19 +31,20 @@ namespace Org.BouncyCastle.Cms
          */
         public SignerInformationStore(IEnumerable<SignerInformation> signerInfos)
         {
+            m_all = new List<SignerInformation>(signerInfos);
+
             foreach (SignerInformation signer in signerInfos)
             {
                 SignerID sid = signer.SignerID;
 
                 if (!m_table.TryGetValue(sid, out var list))
                 {
-                    m_table[sid] = list = new List<SignerInformation>(1);
+                    list = new List<SignerInformation>(1);
+                    m_table[sid] = list;
                 }
 
                 list.Add(signer);
             }
-
-            this.all = new List<SignerInformation>(signerInfos);
         }
 
         /**
@@ -64,13 +65,13 @@ namespace Org.BouncyCastle.Cms
         /// <summary>The number of signers in the collection.</summary>
         public int Count
         {
-            get { return all.Count; }
+            get { return m_all.Count; }
         }
 
         /// <returns>An ICollection of all signers in the collection</returns>
         public IList<SignerInformation> GetSigners()
         {
-            return new List<SignerInformation>(all);
+            return new List<SignerInformation>(m_all);
         }
 
         /**
diff --git a/crypto/src/pkix/CertStatus.cs b/crypto/src/pkix/CertStatus.cs
index aff1b1857..4fe98998c 100644
--- a/crypto/src/pkix/CertStatus.cs
+++ b/crypto/src/pkix/CertStatus.cs
@@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Pkix
         /// <summary>
         /// Returns the revocationDate.
         /// </summary>
-         public DateTime? RevocationDate
+        public DateTime? RevocationDate
         {
             get { return revocationDate; }
             set { this.revocationDate = value; }
diff --git a/crypto/src/pkix/PkixCertPathBuilderResult.cs b/crypto/src/pkix/PkixCertPathBuilderResult.cs
index a9dfc6722..6494f9b7b 100644
--- a/crypto/src/pkix/PkixCertPathBuilderResult.cs
+++ b/crypto/src/pkix/PkixCertPathBuilderResult.cs
@@ -2,32 +2,22 @@ using System;
 using System.Text;
 
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Pkix;
 
 namespace Org.BouncyCastle.Pkix
 {
-	/// <summary>
-	/// Summary description for PkixCertPathBuilderResult.
-	/// </summary>
 	public class PkixCertPathBuilderResult
 		: PkixCertPathValidatorResult//, ICertPathBuilderResult
 	{
 		private PkixCertPath certPath;
-		
-		public PkixCertPathBuilderResult(
-			PkixCertPath			certPath,
-			TrustAnchor				trustAnchor,
-			PkixPolicyNode			policyTree,
-			AsymmetricKeyParameter	subjectPublicKey)
-			: base(trustAnchor, policyTree, subjectPublicKey)
-		{			
-			if (certPath == null)
-				throw new ArgumentNullException("certPath");
 
-			this.certPath = certPath;
-		}
+        public PkixCertPathBuilderResult(PkixCertPath certPath, TrustAnchor trustAnchor, PkixPolicyNode policyTree,
+            AsymmetricKeyParameter subjectPublicKey)
+            : base(trustAnchor, policyTree, subjectPublicKey)
+		{			
+			this.certPath = certPath ?? throw new ArgumentNullException(nameof(certPath));
+        }
 
-		public PkixCertPath CertPath
+        public PkixCertPath CertPath
 		{
             get { return certPath; }
 		}
diff --git a/crypto/src/pkix/PkixCertPathValidatorResult.cs b/crypto/src/pkix/PkixCertPathValidatorResult.cs
index 07cb350c1..b89ec9d53 100644
--- a/crypto/src/pkix/PkixCertPathValidatorResult.cs
+++ b/crypto/src/pkix/PkixCertPathValidatorResult.cs
@@ -2,13 +2,9 @@ using System;
 using System.Text;
 
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Security;
 
 namespace Org.BouncyCastle.Pkix
 {
-	/// <summary>
-	/// Summary description for PkixCertPathValidatorResult.
-	/// </summary>
 	public class PkixCertPathValidatorResult
 		//: ICertPathValidatorResult
 	{
@@ -34,15 +30,10 @@ namespace Org.BouncyCastle.Pkix
 		public PkixCertPathValidatorResult(TrustAnchor trustAnchor, PkixPolicyNode policyTree,
 			AsymmetricKeyParameter subjectPublicKey)
 		{
-            if (trustAnchor == null)
-                throw new ArgumentNullException(nameof(trustAnchor));
-            if (subjectPublicKey == null)
-				throw new ArgumentNullException(nameof(subjectPublicKey));
-
-			this.trustAnchor = trustAnchor;
-			this.policyTree = policyTree;
-			this.subjectPublicKey = subjectPublicKey;
-		}
+			this.trustAnchor = trustAnchor ?? throw new ArgumentNullException(nameof(trustAnchor));
+            this.policyTree = policyTree;
+			this.subjectPublicKey = subjectPublicKey ?? throw new ArgumentNullException(nameof(subjectPublicKey));
+        }
 
 		public object Clone()
 		{
diff --git a/crypto/src/pkix/PkixNameConstraintValidator.cs b/crypto/src/pkix/PkixNameConstraintValidator.cs
index 840755060..879054c7f 100644
--- a/crypto/src/pkix/PkixNameConstraintValidator.cs
+++ b/crypto/src/pkix/PkixNameConstraintValidator.cs
@@ -1806,7 +1806,8 @@ namespace Org.BouncyCastle.Pkix
 
         public override string ToString()
         {
-            StringBuilder sb = new StringBuilder("permitted:\n");
+            StringBuilder sb = new StringBuilder("permitted:");
+            sb.AppendLine();
             if (permittedSubtreesDN != null)
             {
                 Append(sb, "DN", permittedSubtreesDN);
@@ -1831,7 +1832,7 @@ namespace Org.BouncyCastle.Pkix
             {
                 Append(sb, "OtherName", StringifyOtherNameCollection(permittedSubtreesOtherName));
             }
-            sb.Append("excluded:\n");
+            sb.AppendLine("excluded:");
             if (excludedSubtreesDN.Count > 0)
             {
                 Append(sb, "DN", excludedSubtreesDN);
diff --git a/crypto/src/pkix/PkixParameters.cs b/crypto/src/pkix/PkixParameters.cs
index 0eb43c000..192a78780 100644
--- a/crypto/src/pkix/PkixParameters.cs
+++ b/crypto/src/pkix/PkixParameters.cs
@@ -249,9 +249,11 @@ namespace Org.BouncyCastle.Pkix
 		* @see X509CertStoreSelector
 		* @see X509AttributeCertStoreSelector
 		*/
-		public virtual void SetTargetConstraintsAttrCert(ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert)
+		public virtual void SetTargetConstraintsAttrCert(
+			ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert)
 		{
-			this.m_targetConstraintsAttrCert = (ISelector<X509V2AttributeCertificate>)targetConstraintsAttrCert?.Clone();
+			this.m_targetConstraintsAttrCert = (ISelector<X509V2AttributeCertificate>)
+				targetConstraintsAttrCert?.Clone();
 		}
 
 		/**
@@ -625,8 +627,7 @@ namespace Org.BouncyCastle.Pkix
 		*
 		* @param enabled <code>true</code> if additional stores are used.
 		*/
-		public virtual void SetAdditionalLocationsEnabled(
-			bool enabled)
+		public virtual void SetAdditionalLocationsEnabled(bool enabled)
 		{
 			additionalLocationsEnabled = enabled;
 		}
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index ec1cd28d5..6aa1acf2f 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1001,8 +1001,7 @@ namespace Org.BouncyCastle.Tls
                         throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                     }
 
-                    TlsAgreement agreement = (TlsAgreement)m_clientAgreements[keyShareEntry.NamedGroup];
-                    if (null == agreement)
+                    if (!m_clientAgreements.TryGetValue(keyShareEntry.NamedGroup, out var agreement))
                         throw new TlsFatalAlert(AlertDescription.illegal_parameter);
 
                     agreement.ReceivePeerValue(keyShareEntry.KeyExchange);
diff --git a/crypto/src/tls/TlsExtensionsUtilities.cs b/crypto/src/tls/TlsExtensionsUtilities.cs
index 46d42417c..836c1b506 100644
--- a/crypto/src/tls/TlsExtensionsUtilities.cs
+++ b/crypto/src/tls/TlsExtensionsUtilities.cs
@@ -592,7 +592,7 @@ namespace Org.BouncyCastle.Tls
             // Placeholder for length
             TlsUtilities.WriteUint16(0, buf);
 
-            foreach (X509Name authority in authorities)
+            foreach (var authority in authorities)
             {
                 byte[] derEncoding = authority.GetEncoded(Asn1Encodable.Der);
                 TlsUtilities.WriteOpaque16(derEncoding, buf);
@@ -736,7 +736,6 @@ namespace Org.BouncyCastle.Tls
 
             if (null != filters)
             {
-                //foreach (DerObjectIdentifier certificateExtensionOid in filters.Keys)
                 foreach (var filter in filters)
                 {
                     var certificateExtensionOid = filter.Key;
@@ -1020,7 +1019,7 @@ namespace Org.BouncyCastle.Tls
             {
                 byte[] derEncoding = TlsUtilities.ReadOpaque16(buf, 1);
                 Asn1Object asn1 = TlsUtilities.ReadAsn1Object(derEncoding);
-                X509Name ca = X509Name.GetInstance(asn1);
+                var ca = X509Name.GetInstance(asn1);
                 TlsUtilities.RequireDerEncoding(ca, derEncoding);
                 authorities.Add(ca);
             }
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index 4a89d6708..e2c3e3094 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -5010,7 +5010,7 @@ namespace Org.BouncyCastle.Tls
         {
             if (null != clientShares && 1 == clientShares.Count)
             {
-                KeyShareEntry clientShare = (KeyShareEntry)clientShares[0];
+                KeyShareEntry clientShare = clientShares[0];
                 if (null != clientShare && clientShare.NamedGroup == keyShareGroup)
                 {
                     return clientShare;
@@ -5602,7 +5602,7 @@ namespace Org.BouncyCastle.Tls
                         int index = offeredPsks.GetIndexOfIdentity(new PskIdentity(psk.Identity, 0L));
                         if (index >= 0)
                         {
-                            byte[] binder = (byte[])offeredPsks.Binders[index];
+                            byte[] binder = offeredPsks.Binders[index];
 
                             TlsCrypto crypto = serverContext.Crypto;
                             TlsSecret earlySecret = GetPskEarlySecret(crypto, psk);
diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs
index a8fb26697..e29993c92 100644
--- a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs
+++ b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs
@@ -64,14 +64,10 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         public virtual TlsSecret AdoptSecret(TlsSecret secret)
         {
             // TODO[tls] Need an alternative that doesn't require AbstractTlsSecret (which holds literal data)
-            if (secret is AbstractTlsSecret)
-            {
-                AbstractTlsSecret sec = (AbstractTlsSecret)secret;
+            if (secret is AbstractTlsSecret abstractTlsSecret)
+                return CreateSecret(abstractTlsSecret.CopyData());
 
-                return CreateSecret(sec.CopyData());
-            }
-
-            throw new ArgumentException("unrecognized TlsSecret - cannot copy data: " + Platform.GetTypeName(secret));
+            throw new ArgumentException("unrecognized TlsSecret - cannot copy data: " + secret.GetType().FullName);
         }
 
         public abstract TlsHash CreateHash(int cryptoHashAlgorithm);
diff --git a/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedAgreement.cs b/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedAgreement.cs
index 863b96634..bca415dcf 100644
--- a/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedAgreement.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedAgreement.cs
@@ -39,7 +39,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             }
             else
             {
-                throw new ArgumentException("'privateKey' type not supported: " + Platform.GetTypeName(privateKey));
+                throw new ArgumentException("'privateKey' type not supported: " + privateKey.GetType().FullName);
             }
         }
 
diff --git a/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.cs b/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.cs
index b0e9f125e..bbe9af4e6 100644
--- a/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.cs
@@ -37,7 +37,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             }
             else
             {
-                throw new ArgumentException("'privateKey' type not supported: " + Platform.GetTypeName(privateKey));
+                throw new ArgumentException("'privateKey' type not supported: " + privateKey.GetType().FullName);
             }
 
             this.m_crypto = crypto;
diff --git a/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.cs b/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.cs
index 6db84cdd8..82bc58f96 100644
--- a/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.cs
@@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             }
             else
             {
-                throw new ArgumentException("'privateKey' type not supported: " + Platform.GetTypeName(privateKey));
+                throw new ArgumentException("'privateKey' type not supported: " + privateKey.GetType().FullName);
             }
 
             return signer;
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
index 683806347..fdd67fc71 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
@@ -14,17 +14,13 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
     {
         public static BcTlsSecret Convert(BcTlsCrypto crypto, TlsSecret secret)
         {
-            if (secret is BcTlsSecret)
-                return (BcTlsSecret)secret;
-
-            if (secret is AbstractTlsSecret)
-            {
-                AbstractTlsSecret abstractTlsSecret = (AbstractTlsSecret)secret;
+            if (secret is BcTlsSecret bcTlsSecret)
+                return bcTlsSecret;
 
+            if (secret is AbstractTlsSecret abstractTlsSecret)
                 return crypto.AdoptLocalSecret(CopyData(abstractTlsSecret));
-            }
 
-            throw new ArgumentException("unrecognized TlsSecret - cannot copy data: " + Platform.GetTypeName(secret));
+            throw new ArgumentException("unrecognized TlsSecret - cannot copy data: " + secret.GetType().FullName);
         }
 
         // SSL3 magic mix constants ("A", "BB", "CCC", ...)
diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs
index b3cea1cfe..903886085 100644
--- a/crypto/src/x509/AttributeCertificateHolder.cs
+++ b/crypto/src/x509/AttributeCertificateHolder.cs
@@ -360,26 +360,26 @@ namespace Org.BouncyCastle.X509
 
 					switch (DigestedObjectType)
 					{
-						case ObjectDigestInfo.PublicKey:
-						{
-							// TODO: DSA Dss-parms
-
-							//byte[] b = x509Cert.GetPublicKey().getEncoded();
-							// TODO Is this the right way to encode?
-							byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
-								x509Cert.GetPublicKey()).GetEncoded();
-							md.BlockUpdate(b, 0, b.Length);
-							break;
-						}
+					case ObjectDigestInfo.PublicKey:
+					{
+						// TODO: DSA Dss-parms
+
+						//byte[] b = x509Cert.GetPublicKey().getEncoded();
+						// TODO Is this the right way to encode?
+						byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
+							x509Cert.GetPublicKey()).GetEncoded();
+						md.BlockUpdate(b, 0, b.Length);
+						break;
+					}
 
-						case ObjectDigestInfo.PublicKeyCert:
-						{
-							byte[] b = x509Cert.GetEncoded();
-							md.BlockUpdate(b, 0, b.Length);
-							break;
-						}
+					case ObjectDigestInfo.PublicKeyCert:
+					{
+						byte[] b = x509Cert.GetEncoded();
+						md.BlockUpdate(b, 0, b.Length);
+						break;
+					}
 
-						// TODO Default handler?
+					// TODO Default handler?
 					}
 
 					// TODO Shouldn't this be the other way around?
diff --git a/crypto/src/x509/AttributeCertificateIssuer.cs b/crypto/src/x509/AttributeCertificateIssuer.cs
index 799a48877..b0eb65cc8 100644
--- a/crypto/src/x509/AttributeCertificateIssuer.cs
+++ b/crypto/src/x509/AttributeCertificateIssuer.cs
@@ -149,25 +149,18 @@ namespace Org.BouncyCastle.X509
 				return MatchesDN(x509Cert.SubjectDN, issuer.IssuerName);
 			}
 
-			return MatchesDN(x509Cert.SubjectDN, (GeneralNames) form);
+			return MatchesDN(x509Cert.SubjectDN, (GeneralNames)form);
 		}
 
-		public override bool Equals(
-			object obj)
+		public override bool Equals(object obj)
 		{
 			if (obj == this)
-			{
 				return true;
-			}
 
-			if (!(obj is AttributeCertificateIssuer))
-			{
+			if (!(obj is AttributeCertificateIssuer that))
 				return false;
-			}
-
-			AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj;
 
-			return this.form.Equals(other.form);
+			return this.form.Equals(that.form);
 		}
 
 		public override int GetHashCode()
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index db6966a0f..e69aca1ce 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -339,7 +339,6 @@ namespace Org.BouncyCastle.X509
             return Arrays.Clone(keyUsage);
         }
 
-        // TODO Replace with something that returns a list of DerObjectIdentifier
         public virtual IList<DerObjectIdentifier> GetExtendedKeyUsage()
         {
             Asn1OctetString str = GetExtensionValue(X509Extensions.ExtendedKeyUsage);
@@ -576,12 +575,12 @@ namespace Org.BouncyCastle.X509
             buf.Append("  Signature Algorithm: ").Append(this.SigAlgName).AppendLine();
 
             byte[] sig = this.GetSignature();
-            buf.Append("            Signature: ").Append(Hex.ToHexString(sig, 0, 20)).AppendLine();
+            buf.Append("            Signature: ").AppendLine(Hex.ToHexString(sig, 0, 20));
 
             for (int i = 20; i < sig.Length; i += 20)
             {
                 int len = System.Math.Min(20, sig.Length - i);
-                buf.Append("                       ").Append(Hex.ToHexString(sig, i, len)).AppendLine();
+                buf.Append("                       ").AppendLine(Hex.ToHexString(sig, i, len));
             }
 
             X509Extensions extensions = c.TbsCertificate.Extensions;
@@ -592,7 +591,7 @@ namespace Org.BouncyCastle.X509
 
                 if (e.MoveNext())
                 {
-                    buf.Append("       Extensions: \n");
+                    buf.AppendLine("       Extensions:");
                 }
 
                 do
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
index 027813562..a3f08a0ed 100644
--- a/crypto/src/x509/X509Crl.cs
+++ b/crypto/src/x509/X509Crl.cs
@@ -306,13 +306,13 @@ namespace Org.BouncyCastle.X509
 			byte[] sig = this.GetSignature();
 
 			buf.Append("            Signature: ");
-			buf.Append(Hex.ToHexString(sig, 0, 20)).AppendLine();
+			buf.AppendLine(Hex.ToHexString(sig, 0, 20));
 
 			for (int i = 20; i < sig.Length; i += 20)
 			{
 				int count = System.Math.Min(20, sig.Length - i);
 				buf.Append("                       ");
-				buf.Append(Hex.ToHexString(sig, i, count)).AppendLine();
+				buf.AppendLine(Hex.ToHexString(sig, i, count));
 			}
 
 			X509Extensions extensions = c.TbsCertList.Extensions;
@@ -323,7 +323,7 @@ namespace Org.BouncyCastle.X509
 
 				if (e.MoveNext())
 				{
-					buf.Append("           Extensions: ").AppendLine();
+					buf.AppendLine("           Extensions:");
 				}
 
 				do
diff --git a/crypto/src/x509/X509CrlEntry.cs b/crypto/src/x509/X509CrlEntry.cs
index 87fc2e37a..0c45c857d 100644
--- a/crypto/src/x509/X509CrlEntry.cs
+++ b/crypto/src/x509/X509CrlEntry.cs
@@ -177,7 +177,7 @@ namespace Org.BouncyCastle.X509
 				var e = extensions.ExtensionOids.GetEnumerator();
 				if (e.MoveNext())
 				{
-					buf.Append("   crlEntryExtensions:").AppendLine();
+					buf.AppendLine("   crlEntryExtensions:");
 
 					do
 					{
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs
index 3d8b96ad2..01d7aee4a 100644
--- a/crypto/src/x509/X509V2CRLGenerator.cs
+++ b/crypto/src/x509/X509V2CRLGenerator.cs
@@ -7,7 +7,6 @@ using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security.Certificates;
-using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.X509
 {