Refactoring around digest calculation

3 files changed, 24 insertions, 19 deletions

diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
index faf0cf998..873b58b2e 100644
--- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
+++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
@@ -6,7 +6,6 @@ using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Operators.Utilities;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cmp
@@ -62,17 +61,11 @@ namespace Org.BouncyCastle.Cmp
             Asn1EncodableVector v = new Asn1EncodableVector(m_acceptedCerts.Count);
             for (int i = 0; i != m_acceptedCerts.Count; i++)
             {
-                CmpCertificate cmpCertificate = m_acceptedCerts[i];
-                AlgorithmIdentifier signatureAlgorithm = m_acceptedSignatureAlgorithms[i];
-                DerInteger reqID = m_acceptedReqIDs[i];
+                var certHash = CmpUtilities.CalculateCertHash(m_acceptedCerts[i], m_acceptedSignatureAlgorithms[i],
+                    m_digestAlgorithmFinder);
+                var reqID = m_acceptedReqIDs[i];
 
-                var digestAlgorithm = m_digestAlgorithmFinder.Find(signatureAlgorithm)
-                    ?? throw new CmpException("cannot find algorithm for digest from signature");
-
-                byte[] digest = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm,
-                    cmpCertificate.GetEncoded(Asn1Encodable.Der));
-
-                v.Add(new CertStatus(digest, reqID));
+                v.Add(new CertStatus(certHash, reqID));
             }
 
             var content = CertConfirmContent.GetInstance(new DerSequence(v));
diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs
index 482e9f7f3..4c45a3cb8 100644
--- a/crypto/src/cmp/CertificateStatus.cs
+++ b/crypto/src/cmp/CertificateStatus.cs
@@ -1,11 +1,9 @@
 using System;
 
-using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Operators.Utilities;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.X509;
 
@@ -38,13 +36,9 @@ namespace Org.BouncyCastle.Cmp
 
         public virtual bool IsVerified(CmpCertificate cmpCertificate, AlgorithmIdentifier signatureAlgorithm)
         {
-            AlgorithmIdentifier digestAlgorithm = m_digestAlgorithmFinder.Find(signatureAlgorithm)
-                ?? throw new CmpException("cannot find algorithm for digest from signature");
+            var certHash = CmpUtilities.CalculateCertHash(cmpCertificate, signatureAlgorithm, m_digestAlgorithmFinder);
 
-            byte[] digest = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm,
-                cmpCertificate.GetEncoded(Asn1Encodable.Der));
-
-            return Arrays.FixedTimeEquals(m_certStatus.CertHash.GetOctets(), digest);
+            return Arrays.FixedTimeEquals(m_certStatus.CertHash.GetOctets(), certHash);
         }
     }
 }
diff --git a/crypto/src/cmp/CmpUtilities.cs b/crypto/src/cmp/CmpUtilities.cs
new file mode 100644
index 000000000..d4e2c89bf
--- /dev/null
+++ b/crypto/src/cmp/CmpUtilities.cs
@@ -0,0 +1,18 @@
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Operators.Utilities;
+
+namespace Org.BouncyCastle.Cmp
+{
+    internal static class CmpUtilities
+    {
+        internal static byte[] CalculateCertHash(Asn1Encodable asn1Encodable, AlgorithmIdentifier signatureAlgorithm,
+            IDigestAlgorithmFinder digestAlgorithmFinder)
+        {
+            var digestAlgorithm = digestAlgorithmFinder.Find(signatureAlgorithm)
+                ?? throw new CmpException("cannot find digest algorithm from signature algorithm");
+
+            return X509.X509Utilities.CalculateDigest(digestAlgorithm.Algorithm, asn1Encodable);
+        }
+    }
+}