Misc. cleanup after bc-fips-csharp updates

6 files changed, 56 insertions, 81 deletions

diff --git a/crypto/src/pkix/PkixCertPath.cs b/crypto/src/pkix/PkixCertPath.cs
index 7f04b1b63..a2ea3074d 100644
--- a/crypto/src/pkix/PkixCertPath.cs
+++ b/crypto/src/pkix/PkixCertPath.cs
@@ -3,13 +3,13 @@ using System.Collections.Generic;
 using System.IO;
 
 using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.Pkcs;
-using Org.BouncyCastle.X509;
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.OpenSsl;
 using Org.BouncyCastle.Security.Certificates;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Collections;
+using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Pkix
 {
@@ -78,7 +78,7 @@ namespace Org.BouncyCastle.Pkix
 	public class PkixCertPath
 //		: CertPath
 	{
-		internal static readonly List<string> m_encodings = new List<string>{ "PkiPath", "PEM", "PKCS7" };
+		private static readonly List<string> EncodingNames = new List<string>{ "PkiPath", "PEM", "PKCS7" };
 
         private readonly IList<X509Certificate> m_certificates;
 
@@ -186,31 +186,24 @@ namespace Org.BouncyCastle.Pkix
 		 **/
 		public PkixCertPath(Stream inStream, string encoding)
 		{
-            //string upper = Platform.ToUpperInvariant(encoding);
-
             IList<X509Certificate> certs;
 			try
 			{
 				if (Platform.EqualsIgnoreCase("PkiPath", encoding))
 				{
 					Asn1InputStream derInStream = new Asn1InputStream(inStream);
-					Asn1Object derObject = derInStream.ReadObject();
-					if (!(derObject is Asn1Sequence))
-					{
-						throw new CertificateException(
+                    if (!(derInStream.ReadObject() is Asn1Sequence asn1Sequence))
+                    {
+                        throw new CertificateException(
 							"input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath");
 					}
 
-					certs = new List<X509Certificate>();
+					var certArray = asn1Sequence.MapElements(
+						element => new X509Certificate(X509CertificateStructure.GetInstance(element.ToAsn1Object())));
 
-                    foreach (Asn1Encodable ae in (Asn1Sequence)derObject)
-                    {
-                        byte[] derBytes = ae.GetEncoded(Asn1Encodable.Der);
-                        Stream certInStream = new MemoryStream(derBytes, false);
+					Array.Reverse(certArray);
 
-                        // TODO Is inserting at the front important (list will be sorted later anyway)?
-                        certs.Insert(0, new X509CertificateParser().ReadCertificate(certInStream));
-					}
+					certs = new List<X509Certificate>(certArray);
 				}
 				else if (Platform.EqualsIgnoreCase("PEM", encoding) ||
 					     Platform.EqualsIgnoreCase("PKCS7", encoding))
@@ -242,7 +235,7 @@ namespace Org.BouncyCastle.Pkix
 		 **/
 		public virtual IEnumerable<string> Encodings
 		{
-            get { return CollectionUtilities.Proxy(m_encodings); }
+            get { return CollectionUtilities.Proxy(EncodingNames); }
 		}
 
 		/**
@@ -304,7 +297,7 @@ namespace Org.BouncyCastle.Pkix
 		 **/
 		public virtual byte[] GetEncoded()
 		{
-			return GetEncoded(m_encodings[0]);
+			return GetEncoded(EncodingNames[0]);
 		}
 
 		/**
diff --git a/crypto/src/pkix/PkixCertPathChecker.cs b/crypto/src/pkix/PkixCertPathChecker.cs
index 08b7e3d41..856053d11 100644
--- a/crypto/src/pkix/PkixCertPathChecker.cs
+++ b/crypto/src/pkix/PkixCertPathChecker.cs
@@ -32,7 +32,6 @@ namespace Org.BouncyCastle.Pkix
          *                checking must be supported
          */
         public abstract void Init(bool forward);
-        //throws CertPathValidatorException;
 
         /**
          * Indicates if forward checking is supported. Forward checking refers to
@@ -82,7 +81,6 @@ namespace Org.BouncyCastle.Pkix
          *                if the specified certificate does not pass the check
          */
         public abstract void Check(X509Certificate cert, ISet<string> unresolvedCritExts);
-        //throws CertPathValidatorException;
 
         /**
          * Returns a clone of this object. Calls the <code>Object.clone()</code>
diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs
index 6fe3fd903..0c585f520 100644
--- a/crypto/src/pkix/PkixCertPathValidator.cs
+++ b/crypto/src/pkix/PkixCertPathValidator.cs
@@ -212,7 +212,7 @@ namespace Org.BouncyCastle.Pkix
             //
 
 			var targetConstraints = paramsPkix.GetTargetConstraintsCert();
-            if (targetConstraints != null && !targetConstraints.Match((X509Certificate)certs[0]))
+            if (targetConstraints != null && !targetConstraints.Match(certs[0]))
             {
                 throw new PkixCertPathValidatorException(
 					"Target certificate in certification path does not match targetConstraints.", null, 0);
@@ -222,7 +222,7 @@ namespace Org.BouncyCastle.Pkix
             // initialize CertPathChecker's
             //
             var certPathCheckers = paramsPkix.GetCertPathCheckers();
-            foreach (PkixCertPathChecker certPathChecker in certPathCheckers)
+            foreach (var certPathChecker in certPathCheckers)
             {
                 certPathChecker.Init(false);
             }
diff --git a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
index e8105c485..efbf855ff 100644
--- a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
+++ b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
@@ -677,7 +677,7 @@ namespace Org.BouncyCastle.Pkix
 			DistributionPoint		dp,
 			ICollection<X509Name>	issuerPrincipals,
 			X509CrlStoreSelector	selector,
-			PkixParameters			pkixParams)
+			PkixParameters			pkixParameters)
 		{
             var issuers = new List<X509Name>();
 			// indirect CRL
@@ -778,7 +778,7 @@ namespace Org.BouncyCastle.Pkix
 		 *             or no CRLs are found.
 		 */
 		internal static ISet<X509Crl> GetCompleteCrls(DistributionPoint dp, object certObj, DateTime currentDate,
-			PkixParameters paramsPKIX)
+			PkixParameters pkixParameters)
 		{
 			var certObjIssuer = GetIssuerPrincipal(certObj);
 
@@ -788,7 +788,7 @@ namespace Org.BouncyCastle.Pkix
 				var issuers = new HashSet<X509Name>();
 				issuers.Add(certObjIssuer);
 
-				GetCrlIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
+				GetCrlIssuersFromDistributionPoint(dp, issuers, crlselect, pkixParameters);
 			}
 			catch (Exception e)
 			{
@@ -808,7 +808,7 @@ namespace Org.BouncyCastle.Pkix
 
 			crlselect.CompleteCrlEnabled = true;
 
-			ISet<X509Crl> crls = CrlUtilities.FindCrls(crlselect, paramsPKIX, currentDate);
+			ISet<X509Crl> crls = CrlUtilities.FindCrls(crlselect, pkixParameters, currentDate);
 			if (crls.Count < 1)
 				throw new Exception("No CRLs found for issuer \"" + certObjIssuer + "\"");
 
@@ -825,10 +825,8 @@ namespace Org.BouncyCastle.Pkix
 		 * @throws Exception if an exception occurs while picking the delta
 		 *             CRLs.
 		 */
-		internal static ISet<X509Crl> GetDeltaCrls(
-			DateTime		currentDate,
-			PkixParameters	paramsPKIX,
-			X509Crl			completeCRL)
+		internal static ISet<X509Crl> GetDeltaCrls(DateTime currentDate, PkixParameters pkixParameters,
+			X509Crl completeCRL)
 		{
 			X509CrlStoreSelector deltaSelect = new X509CrlStoreSelector();
 
@@ -890,7 +888,7 @@ namespace Org.BouncyCastle.Pkix
 			deltaSelect.MaxBaseCrlNumber = completeCRLNumber;
 
 			// find delta CRLs
-			ISet<X509Crl> temp = CrlUtilities.FindCrls(deltaSelect, paramsPKIX, currentDate);
+			ISet<X509Crl> temp = CrlUtilities.FindCrls(deltaSelect, pkixParameters, currentDate);
 
 			var result = new HashSet<X509Crl>();
 
@@ -975,8 +973,8 @@ namespace Org.BouncyCastle.Pkix
 			return false;
 		}
 
-		internal static void ProcessCertD1ii(int index, IList<PkixPolicyNode>[] policyNodes,
-			DerObjectIdentifier _poid, ISet<PolicyQualifierInfo> _pq)
+		internal static void ProcessCertD1ii(int index, IList<PkixPolicyNode>[] policyNodes, DerObjectIdentifier _poid,
+			ISet<PolicyQualifierInfo> _pq)
 		{
 			foreach (var _node in policyNodes[index - 1])
 			{
@@ -1007,9 +1005,8 @@ namespace Org.BouncyCastle.Pkix
 		* @exception Exception
 		*                if an error occurs.
 		*/
-		internal static HashSet<X509Certificate> FindIssuerCerts(
-			X509Certificate			cert,
-			PkixBuilderParameters	pkixParams)
+		internal static HashSet<X509Certificate> FindIssuerCerts(X509Certificate cert,
+			PkixBuilderParameters pkixBuilderParameters)
 		{
 			X509CertStoreSelector certSelector = new X509CertStoreSelector();
 			try
@@ -1025,7 +1022,7 @@ namespace Org.BouncyCastle.Pkix
 			var certs = new HashSet<X509Certificate>();
 			try
 			{
-				CollectionUtilities.CollectMatches(certs, certSelector, pkixParams.GetStoresCert());
+				CollectionUtilities.CollectMatches(certs, certSelector, pkixBuilderParameters.GetStoresCert());
 			}
 			catch (Exception e)
 			{
diff --git a/crypto/src/pkix/PkixCrlUtilities.cs b/crypto/src/pkix/PkixCrlUtilities.cs
index facbf56c2..3451b8ac0 100644
--- a/crypto/src/pkix/PkixCrlUtilities.cs
+++ b/crypto/src/pkix/PkixCrlUtilities.cs
@@ -9,22 +9,27 @@ namespace Org.BouncyCastle.Pkix
 {
 	public class PkixCrlUtilities
 	{
-		public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix,
+        // TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate
+        public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
+        {
+            // get complete CRL(s)
+            try
+            {
+                return FindCrls(crlSelector, paramsPkix.GetStoresCrl());
+            }
+            catch (Exception e)
+            {
+                throw new Exception("Exception obtaining complete CRLs.", e);
+            }
+        }
+
+        // TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate
+        public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix,
 			DateTime currentDate)
 		{
-			HashSet<X509Crl> initialSet;
-
-			// get complete CRL(s)
-			try
-			{
-				initialSet = FindCrls(crlSelector, paramsPkix.GetStoresCrl());
-			}
-			catch (Exception e)
-			{
-				throw new Exception("Exception obtaining complete CRLs.", e);
-			}
+            var initialSet = FindCrls(crlSelector, paramsPkix);
 
-			var finalSet = new HashSet<X509Crl>();
+            var finalSet = new HashSet<X509Crl>();
 			DateTime validityDate = currentDate;
 
 			if (paramsPkix.Date != null)
@@ -32,15 +37,15 @@ namespace Org.BouncyCastle.Pkix
 				validityDate = paramsPkix.Date.Value;
 			}
 
-			// based on RFC 5280 6.3.3
-			foreach (X509Crl crl in initialSet)
+            X509Certificate cert = crlSelector.CertificateChecking;
+
+            // based on RFC 5280 6.3.3
+            foreach (X509Crl crl in initialSet)
 			{
                 DateTime? nextUpdate = crl.NextUpdate;
 
                 if (null == nextUpdate || nextUpdate.Value.CompareTo(validityDate) > 0)
 				{
-					X509Certificate cert = crlSelector.CertificateChecking;
-
                     if (null == cert || crl.ThisUpdate.CompareTo(cert.NotAfter) < 0)
                     {
                         finalSet.Add(crl);
@@ -51,19 +56,6 @@ namespace Org.BouncyCastle.Pkix
 			return finalSet;
 		}
 
-		public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
-		{
-			// get complete CRL(s)
-			try
-			{
-				return FindCrls(crlSelector, paramsPkix.GetStoresCrl());
-			}
-			catch (Exception e)
-			{
-				throw new Exception("Exception obtaining complete CRLs.", e);
-			}
-		}
-
 		/// <summary>
 		/// crl checking
 		/// Return a Collection of all CRLs found in the X509Store's that are
@@ -76,7 +68,7 @@ namespace Org.BouncyCastle.Pkix
 		/// <returns>a Collection of all found {@link X509CRL X509CRL} objects. May be
 		/// empty but never <code>null</code>.
 		/// </returns>
-		private HashSet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, IList<IStore<X509Crl>> crlStores)
+		private HashSet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, IEnumerable<IStore<X509Crl>> crlStores)
 		{
             var crls = new HashSet<X509Crl>();
 
diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
index 4d12ad0c0..b0746bc83 100644
--- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
@@ -253,26 +253,21 @@ namespace Org.BouncyCastle.Pkix
 			}
 		}
 
-		internal static void ProcessAttrCert4(
-			X509Certificate	acIssuerCert,
-			PkixParameters	pkixParams)
+		internal static void ProcessAttrCert4(X509Certificate acIssuerCert, PkixParameters pkixParams)
 		{
-			var set = pkixParams.GetTrustedACIssuers();
-			bool trusted = false;
-			foreach (TrustAnchor anchor in set)
+			foreach (var anchor in pkixParams.GetTrustedACIssuers())
 			{
                 var symbols = X509Name.RFC2253Symbols;
+
                 if (acIssuerCert.SubjectDN.ToString(false, symbols).Equals(anchor.CAName)
 					|| acIssuerCert.Equals(anchor.TrustedCert))
 				{
-					trusted = true;
+					// Trusted
+					return;
 				}
 			}
-			if (!trusted)
-			{
-				throw new PkixCertPathValidatorException(
-					"Attribute certificate issuer is not directly trusted.");
-			}
+
+			throw new PkixCertPathValidatorException("Attribute certificate issuer is not directly trusted.");
 		}
 
 		internal static void ProcessAttrCert3(