diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-07-30 13:48:59 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-07-30 13:48:59 +0700 |
commit | 3e5ab53725678c662b5d351fb4a9bc2d3c5d8822 (patch) | |
tree | 8e492cfabb5965847e46b2a4aeb0430e4a202640 | |
parent | Refactoring around digest calculation (diff) | |
download | BouncyCastle.NET-ed25519-3e5ab53725678c662b5d351fb4a9bc2d3c5d8822.tar.xz |
Add extra properties on X509Certificate
-rw-r--r-- | crypto/src/cms/CMSEnvelopedGenerator.cs | 7 | ||||
-rw-r--r-- | crypto/src/cms/CMSUtils.cs | 5 | ||||
-rw-r--r-- | crypto/src/ocsp/CertificateID.cs | 2 | ||||
-rw-r--r-- | crypto/src/pkix/PkixCertPathValidator.cs | 11 | ||||
-rw-r--r-- | crypto/src/x509/AttributeCertificateHolder.cs | 22 | ||||
-rw-r--r-- | crypto/src/x509/PrincipalUtil.cs | 9 | ||||
-rw-r--r-- | crypto/src/x509/X509Certificate.cs | 7 | ||||
-rw-r--r-- | crypto/src/x509/store/X509CertStoreSelector.cs | 2 |
8 files changed, 25 insertions, 40 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index 3a7ef8f3f..89a7f4576 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -154,10 +154,9 @@ namespace Org.BouncyCastle.Cms */ public void AddKeyTransRecipient(X509Certificate cert) { - TbsCertificateStructure recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(cert); - SubjectPublicKeyInfo info = recipientTbsCert.SubjectPublicKeyInfo; - AddRecipientInfoGenerator( - new KeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper(info.Algorithm, cert))); + var algorithm = cert.SubjectPublicKeyInfo.Algorithm; + var keyWrapper = new Asn1KeyWrapper(algorithm, cert); + AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, keyWrapper)); } /** diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs index 06d191d6e..7cf0d6153 100644 --- a/crypto/src/cms/CMSUtils.cs +++ b/crypto/src/cms/CMSUtils.cs @@ -203,12 +203,9 @@ namespace Org.BouncyCastle.Cms return DerSet.FromVector(v); } - internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert) => - cert.CertificateStructure.TbsCertificate; - internal static IssuerAndSerialNumber GetIssuerAndSerialNumber(X509Certificate cert) { - TbsCertificateStructure tbsCert = GetTbsCertificateStructure(cert); + TbsCertificateStructure tbsCert = cert.TbsCertificate; return new IssuerAndSerialNumber(tbsCert.Issuer, tbsCert.SerialNumber); } diff --git a/crypto/src/ocsp/CertificateID.cs b/crypto/src/ocsp/CertificateID.cs index 72588b17f..3b4c78248 100644 --- a/crypto/src/ocsp/CertificateID.cs +++ b/crypto/src/ocsp/CertificateID.cs @@ -85,7 +85,7 @@ namespace Org.BouncyCastle.Ocsp X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] issuerNameHash = X509Utilities.CalculateDigest(digestAlgorithm, issuerName); - byte[] issuerKey = issuerCert.CertificateStructure.SubjectPublicKeyInfo.PublicKey.GetBytes(); + byte[] issuerKey = issuerCert.SubjectPublicKeyInfo.PublicKey.GetBytes(); byte[] issuerKeyHash = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm, issuerKey); return new CertID(digestAlgorithm, new DerOctetString(issuerNameHash), diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs index 82b5aa0e5..89b3a57fe 100644 --- a/crypto/src/pkix/PkixCertPathValidator.cs +++ b/crypto/src/pkix/PkixCertPathValidator.cs @@ -426,15 +426,18 @@ namespace Org.BouncyCastle.Pkix internal static void CheckCertificate(X509Certificate cert) { - // TODO What check is this method trying to achieve? + Exception cause = null; try { - TbsCertificateStructure.GetInstance(cert.CertificateStructure.TbsCertificate); + if (cert.TbsCertificate != null) + return; } - catch (CertificateEncodingException e) + catch (Exception e) { - throw new Exception("unable to process TBSCertificate", e); + cause = e; } + + throw new Exception("unable to process TBSCertificate", cause); } } } diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs index 903886085..9122a809f 100644 --- a/crypto/src/x509/AttributeCertificateHolder.cs +++ b/crypto/src/x509/AttributeCertificateHolder.cs @@ -341,37 +341,22 @@ namespace Org.BouncyCastle.X509 if (holder.EntityName != null) { if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName)) - { return true; - } } if (holder.ObjectDigestInfo != null) { - IDigest md = null; - try - { - md = DigestUtilities.GetDigest(DigestAlgorithm); - } - catch (Exception) - { - return false; - } + IDigest md = DigestUtilities.GetDigest(DigestAlgorithm); switch (DigestedObjectType) { case ObjectDigestInfo.PublicKey: { // TODO: DSA Dss-parms - - //byte[] b = x509Cert.GetPublicKey().getEncoded(); - // TODO Is this the right way to encode? - byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo( - x509Cert.GetPublicKey()).GetEncoded(); + byte[] b = x509Cert.SubjectPublicKeyInfo.GetEncoded(); md.BlockUpdate(b, 0, b.Length); break; } - case ObjectDigestInfo.PublicKeyCert: { byte[] b = x509Cert.GetEncoded(); @@ -389,9 +374,8 @@ namespace Org.BouncyCastle.X509 } } } - catch (CertificateEncodingException) + catch (Exception) { - return false; } return false; diff --git a/crypto/src/x509/PrincipalUtil.cs b/crypto/src/x509/PrincipalUtil.cs index 733da1dca..fb1b01b40 100644 --- a/crypto/src/x509/PrincipalUtil.cs +++ b/crypto/src/x509/PrincipalUtil.cs @@ -1,9 +1,4 @@ -using System; -using System.IO; - -using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Security.Certificates; namespace Org.BouncyCastle.X509 { @@ -20,13 +15,13 @@ namespace Org.BouncyCastle.X509 /// <summary>Return the issuer of the given cert as an X509Principal.</summary> public static X509Name GetIssuerX509Principal(X509Certificate cert) { - return cert.CertificateStructure.TbsCertificate.Issuer; + return cert.TbsCertificate.Issuer; } /// <summary>Return the subject of the given cert as an X509Principal.</summary> public static X509Name GetSubjectX509Principal(X509Certificate cert) { - return cert.CertificateStructure.TbsCertificate.Subject; + return cert.TbsCertificate.Subject; } /// <summary>Return the issuer of the given CRL as an X509Principal.</summary> diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index 944b627b0..465899042 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -265,6 +265,8 @@ namespace Org.BouncyCastle.X509 get { return c.EndDate.ToDateTime(); } } + public virtual TbsCertificateStructure TbsCertificate => c.TbsCertificate; + /// <summary> /// Return the Der encoded TbsCertificate data. /// This is the certificate component less the signature. @@ -464,6 +466,11 @@ namespace Org.BouncyCastle.X509 } /// <summary> + /// Return the plain SubjectPublicKeyInfo that holds the encoded public key. + /// </summary> + public virtual SubjectPublicKeyInfo SubjectPublicKeyInfo => c.SubjectPublicKeyInfo; + + /// <summary> /// Get the public key of the subject of the certificate. /// </summary> /// <returns>The public key parameters.</returns> diff --git a/crypto/src/x509/store/X509CertStoreSelector.cs b/crypto/src/x509/store/X509CertStoreSelector.cs index c60c8b24b..a153868d4 100644 --- a/crypto/src/x509/store/X509CertStoreSelector.cs +++ b/crypto/src/x509/store/X509CertStoreSelector.cs @@ -276,7 +276,7 @@ namespace Org.BouncyCastle.X509.Store if (!MatchExtension(subjectKeyIdentifier, c, X509Extensions.SubjectKeyIdentifier)) return false; - SubjectPublicKeyInfo subjectPublicKeyInfo = c.CertificateStructure.SubjectPublicKeyInfo; + SubjectPublicKeyInfo subjectPublicKeyInfo = c.SubjectPublicKeyInfo; if (subjectPublicKey != null && !subjectPublicKey.Equals(subjectPublicKeyInfo)) return false; |