diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-07-30 22:39:07 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-07-30 22:39:07 +0700 |
| commit | b9b0bae81c983a9076c4749eace11f4e4c77e075 (patch) | |
| tree | 106753e5e944fb9c3a93bd9c064c8378ec786b2c /crypto/src/tsp | |
| parent | Add API TODOs for factories (diff) | |
| download | BouncyCastle.NET-ed25519-b9b0bae81c983a9076c4749eace11f4e4c77e075.tar.xz | |
Refactoring around X509
Diffstat (limited to 'crypto/src/tsp')
| -rw-r--r-- | crypto/src/tsp/TimeStampToken.cs | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs index 8e9f09723..342787982 100644 --- a/crypto/src/tsp/TimeStampToken.cs +++ b/crypto/src/tsp/TimeStampToken.cs @@ -8,6 +8,7 @@ using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.Tsp; using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cmp; using Org.BouncyCastle.Cms; using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; @@ -153,30 +154,29 @@ namespace Org.BouncyCastle.Tsp * A successful call to validate means all the above are true. * </p> */ - public void Validate( - X509Certificate cert) + public void Validate(X509Certificate cert) { try { - byte[] hash = DigestUtilities.CalculateDigest( - certID.GetHashAlgorithmName(), cert.GetEncoded()); + byte[] hash = DigestUtilities.CalculateDigest(certID.GetHashAlgorithmName(), cert.GetEncoded()); if (!Arrays.FixedTimeEquals(certID.GetCertHash(), hash)) throw new TspValidationException("certificate hash does not match certID hash."); - if (certID.IssuerSerial != null) + var issuerSerial = certID.IssuerSerial; + if (issuerSerial != null) { - if (!certID.IssuerSerial.Serial.HasValue(cert.SerialNumber)) + if (!issuerSerial.Serial.HasValue(cert.SerialNumber)) throw new TspValidationException("certificate serial number does not match certID for signature."); GeneralName[] names = certID.IssuerSerial.Issuer.GetNames(); - X509Name principal = PrincipalUtilities.GetIssuerX509Principal(cert); + X509Name principal = cert.IssuerDN; bool found = false; for (int i = 0; i != names.Length; i++) { - if (names[i].TagNo == 4 - && X509Name.GetInstance(names[i].Name).Equivalent(principal)) + if (names[i].TagNo == GeneralName.DirectoryName && + X509Name.GetInstance(names[i].Name).Equivalent(principal)) { found = true; break; @@ -184,9 +184,7 @@ namespace Org.BouncyCastle.Tsp } if (!found) - { throw new TspValidationException("certificate name does not match certID for signature. "); - } } TspUtil.ValidateCertificate(cert); |