summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-07-30 13:48:59 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-07-30 13:48:59 +0700
commit3e5ab53725678c662b5d351fb4a9bc2d3c5d8822 (patch)
tree8e492cfabb5965847e46b2a4aeb0430e4a202640
parentRefactoring around digest calculation (diff)
downloadBouncyCastle.NET-ed25519-3e5ab53725678c662b5d351fb4a9bc2d3c5d8822.tar.xz
Add extra properties on X509Certificate
-rw-r--r--crypto/src/cms/CMSEnvelopedGenerator.cs7
-rw-r--r--crypto/src/cms/CMSUtils.cs5
-rw-r--r--crypto/src/ocsp/CertificateID.cs2
-rw-r--r--crypto/src/pkix/PkixCertPathValidator.cs11
-rw-r--r--crypto/src/x509/AttributeCertificateHolder.cs22
-rw-r--r--crypto/src/x509/PrincipalUtil.cs9
-rw-r--r--crypto/src/x509/X509Certificate.cs7
-rw-r--r--crypto/src/x509/store/X509CertStoreSelector.cs2
8 files changed, 25 insertions, 40 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs
index 3a7ef8f3f..89a7f4576 100644
--- a/crypto/src/cms/CMSEnvelopedGenerator.cs
+++ b/crypto/src/cms/CMSEnvelopedGenerator.cs
@@ -154,10 +154,9 @@ namespace Org.BouncyCastle.Cms
 		 */
 		public void AddKeyTransRecipient(X509Certificate cert)
 		{
-			TbsCertificateStructure recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(cert);
-			SubjectPublicKeyInfo info = recipientTbsCert.SubjectPublicKeyInfo;
-			AddRecipientInfoGenerator(
-				new KeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper(info.Algorithm, cert)));
+			var algorithm = cert.SubjectPublicKeyInfo.Algorithm;
+			var keyWrapper = new Asn1KeyWrapper(algorithm, cert);
+            AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, keyWrapper));
 		}
 
 		/**
diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs
index 06d191d6e..7cf0d6153 100644
--- a/crypto/src/cms/CMSUtils.cs
+++ b/crypto/src/cms/CMSUtils.cs
@@ -203,12 +203,9 @@ namespace Org.BouncyCastle.Cms
             return DerSet.FromVector(v);
 		}
 
-		internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert) =>
-			cert.CertificateStructure.TbsCertificate;
-
 		internal static IssuerAndSerialNumber GetIssuerAndSerialNumber(X509Certificate cert)
 		{
-			TbsCertificateStructure tbsCert = GetTbsCertificateStructure(cert);
+			TbsCertificateStructure tbsCert = cert.TbsCertificate;
 			return new IssuerAndSerialNumber(tbsCert.Issuer, tbsCert.SerialNumber);
 		}
 
diff --git a/crypto/src/ocsp/CertificateID.cs b/crypto/src/ocsp/CertificateID.cs
index 72588b17f..3b4c78248 100644
--- a/crypto/src/ocsp/CertificateID.cs
+++ b/crypto/src/ocsp/CertificateID.cs
@@ -85,7 +85,7 @@ namespace Org.BouncyCastle.Ocsp
 				X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert);
 				byte[] issuerNameHash = X509Utilities.CalculateDigest(digestAlgorithm, issuerName);
 
-				byte[] issuerKey = issuerCert.CertificateStructure.SubjectPublicKeyInfo.PublicKey.GetBytes();
+				byte[] issuerKey = issuerCert.SubjectPublicKeyInfo.PublicKey.GetBytes();
 				byte[] issuerKeyHash = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm, issuerKey);
 
                 return new CertID(digestAlgorithm, new DerOctetString(issuerNameHash),
diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs
index 82b5aa0e5..89b3a57fe 100644
--- a/crypto/src/pkix/PkixCertPathValidator.cs
+++ b/crypto/src/pkix/PkixCertPathValidator.cs
@@ -426,15 +426,18 @@ namespace Org.BouncyCastle.Pkix
 
         internal static void CheckCertificate(X509Certificate cert)
         {
-            // TODO What check is this method trying to achieve?
+            Exception cause = null;
             try
             {
-                TbsCertificateStructure.GetInstance(cert.CertificateStructure.TbsCertificate);
+                if (cert.TbsCertificate != null)
+                    return;
             }
-            catch (CertificateEncodingException e)
+            catch (Exception e)
             {
-                throw new Exception("unable to process TBSCertificate", e);
+                cause = e;
             }
+
+            throw new Exception("unable to process TBSCertificate", cause);
         }
     }
 }
diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs
index 903886085..9122a809f 100644
--- a/crypto/src/x509/AttributeCertificateHolder.cs
+++ b/crypto/src/x509/AttributeCertificateHolder.cs
@@ -341,37 +341,22 @@ namespace Org.BouncyCastle.X509
 				if (holder.EntityName != null)
 				{
 					if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName))
-					{
 						return true;
-					}
 				}
 
 				if (holder.ObjectDigestInfo != null)
 				{
-					IDigest md = null;
-					try
-					{
-						md = DigestUtilities.GetDigest(DigestAlgorithm);
-					}
-					catch (Exception)
-					{
-						return false;
-					}
+					IDigest md = DigestUtilities.GetDigest(DigestAlgorithm);
 
 					switch (DigestedObjectType)
 					{
 					case ObjectDigestInfo.PublicKey:
 					{
 						// TODO: DSA Dss-parms
-
-						//byte[] b = x509Cert.GetPublicKey().getEncoded();
-						// TODO Is this the right way to encode?
-						byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
-							x509Cert.GetPublicKey()).GetEncoded();
+						byte[] b = x509Cert.SubjectPublicKeyInfo.GetEncoded();
 						md.BlockUpdate(b, 0, b.Length);
 						break;
 					}
-
 					case ObjectDigestInfo.PublicKeyCert:
 					{
 						byte[] b = x509Cert.GetEncoded();
@@ -389,9 +374,8 @@ namespace Org.BouncyCastle.X509
 					}
 				}
 			}
-			catch (CertificateEncodingException)
+			catch (Exception)
 			{
-				return false;
 			}
 
 			return false;
diff --git a/crypto/src/x509/PrincipalUtil.cs b/crypto/src/x509/PrincipalUtil.cs
index 733da1dca..fb1b01b40 100644
--- a/crypto/src/x509/PrincipalUtil.cs
+++ b/crypto/src/x509/PrincipalUtil.cs
@@ -1,9 +1,4 @@
-using System;
-using System.IO;
-
-using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Security.Certificates;
 
 namespace Org.BouncyCastle.X509
 {
@@ -20,13 +15,13 @@ namespace Org.BouncyCastle.X509
 		/// <summary>Return the issuer of the given cert as an X509Principal.</summary>
 		public static X509Name GetIssuerX509Principal(X509Certificate cert)
 		{
-            return cert.CertificateStructure.TbsCertificate.Issuer;
+            return cert.TbsCertificate.Issuer;
 		}
 
 		/// <summary>Return the subject of the given cert as an X509Principal.</summary>
 		public static X509Name GetSubjectX509Principal(X509Certificate cert)
 		{
-            return cert.CertificateStructure.TbsCertificate.Subject;
+            return cert.TbsCertificate.Subject;
 		}
 
 		/// <summary>Return the issuer of the given CRL as an X509Principal.</summary>
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 944b627b0..465899042 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -265,6 +265,8 @@ namespace Org.BouncyCastle.X509
             get { return c.EndDate.ToDateTime(); }
         }
 
+        public virtual TbsCertificateStructure TbsCertificate => c.TbsCertificate;
+
         /// <summary>
         /// Return the Der encoded TbsCertificate data.
         /// This is the certificate component less the signature.
@@ -464,6 +466,11 @@ namespace Org.BouncyCastle.X509
         }
 
         /// <summary>
+        /// Return the plain SubjectPublicKeyInfo that holds the encoded public key.
+        /// </summary>
+        public virtual SubjectPublicKeyInfo SubjectPublicKeyInfo => c.SubjectPublicKeyInfo;
+
+        /// <summary>
         /// Get the public key of the subject of the certificate.
         /// </summary>
         /// <returns>The public key parameters.</returns>
diff --git a/crypto/src/x509/store/X509CertStoreSelector.cs b/crypto/src/x509/store/X509CertStoreSelector.cs
index c60c8b24b..a153868d4 100644
--- a/crypto/src/x509/store/X509CertStoreSelector.cs
+++ b/crypto/src/x509/store/X509CertStoreSelector.cs
@@ -276,7 +276,7 @@ namespace Org.BouncyCastle.X509.Store
 			if (!MatchExtension(subjectKeyIdentifier, c, X509Extensions.SubjectKeyIdentifier))
 				return false;
 
-			SubjectPublicKeyInfo subjectPublicKeyInfo = c.CertificateStructure.SubjectPublicKeyInfo;
+			SubjectPublicKeyInfo subjectPublicKeyInfo = c.SubjectPublicKeyInfo;
 
             if (subjectPublicKey != null && !subjectPublicKey.Equals(subjectPublicKeyInfo))
 				return false;