diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-06-26 20:47:24 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-06-26 20:47:24 +0700 |
commit | eed964522f8e198a33267387942b1764018dfe1e (patch) | |
tree | c6bcead7e5e54c88845287d10bca6a1235e655e8 /crypto/src/pkix/PkixParameters.cs | |
parent | Cleanup in PQC code (diff) | |
download | BouncyCastle.NET-ed25519-eed964522f8e198a33267387942b1764018dfe1e.tar.xz |
Replace IX509Store API with new store/selector API
- overhaul Cms, Pkix, X509 APIs
Diffstat (limited to 'crypto/src/pkix/PkixParameters.cs')
-rw-r--r-- | crypto/src/pkix/PkixParameters.cs | 305 |
1 files changed, 125 insertions, 180 deletions
diff --git a/crypto/src/pkix/PkixParameters.cs b/crypto/src/pkix/PkixParameters.cs index 54b077f29..32189acfb 100644 --- a/crypto/src/pkix/PkixParameters.cs +++ b/crypto/src/pkix/PkixParameters.cs @@ -1,9 +1,11 @@ using System; using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.Date; +using Org.BouncyCastle.X509; using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix @@ -49,11 +51,15 @@ namespace Org.BouncyCastle.Pkix private bool anyPolicyInhibited = false; private bool policyMappingInhibited = false; private bool policyQualifiersRejected = true; - private IX509Selector certSelector; - private IList stores; - private IX509Selector selector; + + private List<IStore<X509V2AttributeCertificate>> m_storesAttrCert; + private List<IStore<X509Certificate>> m_storesCert; + private List<IStore<X509Crl>> m_storesCrl; + + private ISelector<X509V2AttributeCertificate> m_targetConstraintsAttrCert; + private ISelector<X509Certificate> m_targetConstraintsCert; + private bool additionalLocationsEnabled; - private IList additionalStores; private ISet trustedACIssuers; private ISet necessaryACAttributes; private ISet prohibitedACAttributes; @@ -86,8 +92,9 @@ namespace Org.BouncyCastle.Pkix this.initialPolicies = new HashSet(); this.certPathCheckers = Platform.CreateArrayList(); - this.stores = Platform.CreateArrayList(); - this.additionalStores = Platform.CreateArrayList(); + this.m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(); + this.m_storesCert = new List<IStore<X509Certificate>>(); + this.m_storesCrl = new List<IStore<X509Crl>>(); this.trustedACIssuers = new HashSet(); this.necessaryACAttributes = new HashSet(); this.prohibitedACAttributes = new HashSet(); @@ -206,6 +213,55 @@ namespace Org.BouncyCastle.Pkix } /** + * Returns the required constraints on the target certificate or attribute + * certificate. The constraints are returned as an instance of + * <code>IX509Selector</code>. If <code>null</code>, no constraints are + * defined. + * + * <p> + * The target certificate in a PKIX path may be a certificate or an + * attribute certificate. + * </p><p> + * Note that the <code>IX509Selector</code> returned is cloned to protect + * against subsequent modifications. + * </p> + * @return a <code>IX509Selector</code> specifying the constraints on the + * target certificate or attribute certificate (or <code>null</code>) + * @see #setTargetConstraints + * @see X509CertStoreSelector + * @see X509AttributeCertStoreSelector + */ + public virtual ISelector<X509V2AttributeCertificate> GetTargetConstraintsAttrCert() + { + return (ISelector<X509V2AttributeCertificate>)m_targetConstraintsAttrCert?.Clone(); + } + + /** + * Sets the required constraints on the target certificate or attribute + * certificate. The constraints are specified as an instance of + * <code>IX509Selector</code>. If <code>null</code>, no constraints are + * defined. + * <p> + * The target certificate in a PKIX path may be a certificate or an + * attribute certificate. + * </p><p> + * Note that the <code>IX509Selector</code> specified is cloned to protect + * against subsequent modifications. + * </p> + * + * @param selector a <code>IX509Selector</code> specifying the constraints on + * the target certificate or attribute certificate (or + * <code>null</code>) + * @see #getTargetConstraints + * @see X509CertStoreSelector + * @see X509AttributeCertStoreSelector + */ + public virtual void SetTargetConstraintsAttrCert(ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert) + { + this.m_targetConstraintsAttrCert = (ISelector<X509V2AttributeCertificate>)targetConstraintsAttrCert?.Clone(); + } + + /** * Returns the required constraints on the target certificate. The * constraints are returned as an instance of CertSelector. If * <code>null</code>, no constraints are defined.<br /> @@ -218,14 +274,9 @@ namespace Org.BouncyCastle.Pkix * * @see #setTargetCertConstraints(CertSelector) */ - public virtual X509CertStoreSelector GetTargetCertConstraints() + public virtual ISelector<X509Certificate> GetTargetConstraintsCert() { - if (certSelector == null) - { - return null; - } - - return (X509CertStoreSelector)certSelector.Clone(); + return (ISelector<X509Certificate>)m_targetConstraintsCert?.Clone(); } /** @@ -242,17 +293,9 @@ namespace Org.BouncyCastle.Pkix * * @see #getTargetCertConstraints() */ - public virtual void SetTargetCertConstraints( - IX509Selector selector) + public virtual void SetTargetConstraintsCert(ISelector<X509Certificate> targetConstraintsCert) { - if (selector == null) - { - certSelector = null; - } - else - { - certSelector = (IX509Selector)selector.Clone(); - } + m_targetConstraintsCert = (ISelector<X509Certificate>)targetConstraintsCert?.Clone(); } /** @@ -447,8 +490,7 @@ namespace Org.BouncyCastle.Pkix * @param params Parameters to set. If this are * <code>ExtendedPkixParameters</code> they are copied to. */ - protected virtual void SetParams( - PkixParameters parameters) + protected virtual void SetParams(PkixParameters parameters) { Date = parameters.Date; SetCertPathCheckers(parameters.GetCertPathCheckers()); @@ -458,16 +500,18 @@ namespace Org.BouncyCastle.Pkix IsRevocationEnabled = parameters.IsRevocationEnabled; SetInitialPolicies(parameters.GetInitialPolicies()); IsPolicyQualifiersRejected = parameters.IsPolicyQualifiersRejected; - SetTargetCertConstraints(parameters.GetTargetCertConstraints()); SetTrustAnchors(parameters.GetTrustAnchors()); + m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(parameters.m_storesAttrCert); + m_storesCert = new List<IStore<X509Certificate>>(parameters.m_storesCert); + m_storesCrl = new List<IStore<X509Crl>>(parameters.m_storesCrl); + + SetTargetConstraintsAttrCert(parameters.GetTargetConstraintsAttrCert()); + SetTargetConstraintsCert(parameters.GetTargetConstraintsCert()); + validityModel = parameters.validityModel; useDeltas = parameters.useDeltas; additionalLocationsEnabled = parameters.additionalLocationsEnabled; - selector = parameters.selector == null ? null - : (IX509Selector) parameters.selector.Clone(); - stores = Platform.CreateArrayList(parameters.stores); - additionalStores = Platform.CreateArrayList(parameters.additionalStores); trustedACIssuers = new HashSet(parameters.trustedACIssuers); prohibitedACAttributes = new HashSet(parameters.prohibitedACAttributes); necessaryACAttributes = new HashSet(parameters.necessaryACAttributes); @@ -495,115 +539,79 @@ namespace Org.BouncyCastle.Pkix set { validityModel = value; } } - /** - * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * The <code>IList</code> is cloned. - * </p> - * - * @param stores A list of stores to use. - * @see #getStores - * @throws ClassCastException if an element of <code>stores</code> is not - * a {@link Store}. - */ - public virtual void SetStores( - IList stores) + public virtual IList<IStore<X509V2AttributeCertificate>> GetStoresAttrCert() + { + return new List<IStore<X509V2AttributeCertificate>>(m_storesAttrCert); + } + + public virtual IList<IStore<X509Certificate>> GetStoresCert() { - if (stores == null) + return new List<IStore<X509Certificate>>(m_storesCert); + } + + public virtual IList<IStore<X509Crl>> GetStoresCrl() + { + return new List<IStore<X509Crl>>(m_storesCrl); + } + + public virtual void SetAttrStoresCert(IList<IStore<X509V2AttributeCertificate>> storesAttrCert) + { + if (storesAttrCert == null) { - this.stores = Platform.CreateArrayList(); + m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(); } else { - foreach (object obj in stores) - { - if (!(obj is IX509Store)) - { - throw new InvalidCastException( - "All elements of list must be of type " + typeof(IX509Store).FullName); - } - } - this.stores = Platform.CreateArrayList(stores); + m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(storesAttrCert); } } - /** - * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * This method should be used to add local stores, like collection based - * X.509 stores, if available. Local stores should be considered first, - * before trying to use additional (remote) locations, because they do not - * need possible additional network traffic. - * </p><p> - * If <code>store</code> is <code>null</code> it is ignored. - * </p> - * - * @param store The store to add. - * @see #getStores - */ - public virtual void AddStore( - IX509Store store) + public virtual void SetStoresCert(IList<IStore<X509Certificate>> storesCert) { - if (store != null) + if (storesCert == null) { - stores.Add(store); + m_storesCert = new List<IStore<X509Certificate>>(); + } + else + { + m_storesCert = new List<IStore<X509Certificate>>(storesCert); } } - /** - * Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, - * attribute certificates or cross certificates. - * <p> - * You should not use this method. This method is used for adding additional - * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found - * during X.509 object processing, e.g. in certificates or CRLs. This method - * is used in PKIX certification path processing. - * </p><p> - * If <code>store</code> is <code>null</code> it is ignored. - * </p> - * - * @param store The store to add. - * @see #getStores() - */ - public virtual void AddAdditionalStore( - IX509Store store) + public virtual void SetStoresCrl(IList<IStore<X509Crl>> storesCrl) { - if (store != null) + if (storesCrl == null) + { + m_storesCrl = new List<IStore<X509Crl>>(); + } + else { - additionalStores.Add(store); + m_storesCrl = new List<IStore<X509Crl>>(storesCrl); } } - /** - * Returns an <code>IList</code> of additional Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>IList</code> of additional Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #addAddionalStore(Store) - */ - public virtual IList GetAdditionalStores() + public virtual void AddStoreAttrCert(IStore<X509V2AttributeCertificate> storeAttrCert) { - return Platform.CreateArrayList(additionalStores); + if (storeAttrCert != null) + { + m_storesAttrCert.Add(storeAttrCert); + } } - /** - * Returns an <code>IList</code> of Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>IList</code> of Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #setStores(IList) - */ - public virtual IList GetStores() + public virtual void AddStoreCert(IStore<X509Certificate> storeCert) { - return Platform.CreateArrayList(stores); + if (storeCert != null) + { + m_storesCert.Add(storeCert); + } + } + + public virtual void AddStoreCrl(IStore<X509Crl> storeCrl) + { + if (storeCrl != null) + { + m_storesCrl.Add(storeCrl); + } } /** @@ -630,69 +638,6 @@ namespace Org.BouncyCastle.Pkix } /** - * Returns the required constraints on the target certificate or attribute - * certificate. The constraints are returned as an instance of - * <code>IX509Selector</code>. If <code>null</code>, no constraints are - * defined. - * - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * </p><p> - * Note that the <code>IX509Selector</code> returned is cloned to protect - * against subsequent modifications. - * </p> - * @return a <code>IX509Selector</code> specifying the constraints on the - * target certificate or attribute certificate (or <code>null</code>) - * @see #setTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public virtual IX509Selector GetTargetConstraints() - { - if (selector != null) - { - return (IX509Selector) selector.Clone(); - } - else - { - return null; - } - } - - /** - * Sets the required constraints on the target certificate or attribute - * certificate. The constraints are specified as an instance of - * <code>IX509Selector</code>. If <code>null</code>, no constraints are - * defined. - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * </p><p> - * Note that the <code>IX509Selector</code> specified is cloned to protect - * against subsequent modifications. - * </p> - * - * @param selector a <code>IX509Selector</code> specifying the constraints on - * the target certificate or attribute certificate (or - * <code>null</code>) - * @see #getTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public virtual void SetTargetConstraints(IX509Selector selector) - { - if (selector != null) - { - this.selector = (IX509Selector) selector.Clone(); - } - else - { - this.selector = null; - } - } - - /** * Returns the trusted attribute certificate issuers. If attribute * certificates is verified the trusted AC issuers must be set. * <p> |