diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-05-03 00:36:52 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-05-03 00:36:52 +0700 |
| commit | e02d4897d265119b7047338be79acf7677ce6772 (patch) | |
| tree | a3cf1c04bafbe504e3f1bdd7cef58c5d359032a6 | |
| parent | Refactor SphincsPlusParameters (diff) | |
| download | BouncyCastle.NET-ed25519-e02d4897d265119b7047338be79acf7677ce6772.tar.xz | |
Add ICertificateChecking and use
| -rw-r--r-- | crypto/src/pkix/PkixCrlUtilities.cs | 29 | ||||
| -rw-r--r-- | crypto/src/x509/store/X509CrlStoreSelector.cs | 7 |
2 files changed, 28 insertions, 8 deletions
diff --git a/crypto/src/pkix/PkixCrlUtilities.cs b/crypto/src/pkix/PkixCrlUtilities.cs index 3451b8ac0..ed347f841 100644 --- a/crypto/src/pkix/PkixCrlUtilities.cs +++ b/crypto/src/pkix/PkixCrlUtilities.cs @@ -7,10 +7,15 @@ using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix { - public class PkixCrlUtilities + public class PkixCrlUtilities { - // TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate - public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix) + // TODO[api] Redundant + public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix) + { + return FindCrls((ISelector<X509Crl>)crlSelector, paramsPkix); + } + + public virtual ISet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, PkixParameters paramsPkix) { // get complete CRL(s) try @@ -23,10 +28,16 @@ namespace Org.BouncyCastle.Pkix } } - // TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate + // TODO[api] Redundant public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix, DateTime currentDate) { + return FindCrls((ISelector<X509Crl>)crlSelector, paramsPkix, currentDate); + } + + public virtual ISet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, PkixParameters paramsPkix, + DateTime currentDate) + { var initialSet = FindCrls(crlSelector, paramsPkix); var finalSet = new HashSet<X509Crl>(); @@ -37,7 +48,11 @@ namespace Org.BouncyCastle.Pkix validityDate = paramsPkix.Date.Value; } - X509Certificate cert = crlSelector.CertificateChecking; + X509Certificate cert = null; + if (crlSelector is ICheckingCertificate checkingCertificate) + { + cert = checkingCertificate.CertificateChecking; + } // based on RFC 5280 6.3.3 foreach (X509Crl crl in initialSet) @@ -84,12 +99,12 @@ namespace Org.BouncyCastle.Pkix } catch (Exception e) { - lastException = new Exception("Exception searching in X.509 CRL store.", e); + lastException = e; } } if (!foundValidStore && lastException != null) - throw lastException; + throw new Exception("Exception searching in X.509 CRL store.", lastException); return crls; } diff --git a/crypto/src/x509/store/X509CrlStoreSelector.cs b/crypto/src/x509/store/X509CrlStoreSelector.cs index 9e84b82ae..f3b574d27 100644 --- a/crypto/src/x509/store/X509CrlStoreSelector.cs +++ b/crypto/src/x509/store/X509CrlStoreSelector.cs @@ -11,7 +11,7 @@ using Org.BouncyCastle.X509.Extension; namespace Org.BouncyCastle.X509.Store { public class X509CrlStoreSelector - : ISelector<X509Crl> + : ISelector<X509Crl>, ICheckingCertificate { // TODO Missing criteria? @@ -276,4 +276,9 @@ namespace Org.BouncyCastle.X509.Store return true; } } + + public interface ICheckingCertificate + { + X509Certificate CertificateChecking { get; } + } } |