Replace IX509Store API with new store/selector API

- overhaul Cms, Pkix, X509 APIs

18 files changed, 51 insertions, 415 deletions

diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs
index 7cd869b4b..b3cea1cfe 100644
--- a/crypto/src/x509/AttributeCertificateHolder.cs
+++ b/crypto/src/x509/AttributeCertificateHolder.cs
@@ -7,7 +7,7 @@ using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Security.Certificates;
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.X509.Store;
+using Org.BouncyCastle.Utilities.Collections;
 
 namespace Org.BouncyCastle.X509
 {
@@ -28,7 +28,7 @@ namespace Org.BouncyCastle.X509
 	/// </remarks>
 	public class AttributeCertificateHolder
 		//: CertSelector, Selector
-		: IX509Selector
+		: ISelector<X509Certificate>
 	{
 		internal readonly Holder holder;
 
@@ -325,9 +325,11 @@ namespace Org.BouncyCastle.X509
 			return new AttributeCertificateHolder((Asn1Sequence)holder.ToAsn1Object());
 		}
 
-		public bool Match(
-			X509Certificate x509Cert)
+		public bool Match(X509Certificate x509Cert)
 		{
+			if (x509Cert == null)
+				return false;
+
 			try
 			{
 				if (holder.BaseCertificateID != null)
@@ -417,17 +419,5 @@ namespace Org.BouncyCastle.X509
 		{
 			return this.holder.GetHashCode();
 		}
-
-		public bool Match(
-			object obj)
-		{
-			if (!(obj is X509Certificate))
-			{
-				return false;
-			}
-
-//			return Match((Certificate)obj);
-			return Match((X509Certificate)obj);
-		}
 	}
 }
diff --git a/crypto/src/x509/AttributeCertificateIssuer.cs b/crypto/src/x509/AttributeCertificateIssuer.cs
index 32f16c23e..799a48877 100644
--- a/crypto/src/x509/AttributeCertificateIssuer.cs
+++ b/crypto/src/x509/AttributeCertificateIssuer.cs
@@ -2,7 +2,7 @@ using System;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.X509.Store;
+using Org.BouncyCastle.Utilities.Collections;
 
 namespace Org.BouncyCastle.X509
 {
@@ -11,7 +11,7 @@ namespace Org.BouncyCastle.X509
 	 */
 	public class AttributeCertificateIssuer
 		//: CertSelector, Selector
-		: IX509Selector
+		: ISelector<X509Certificate>
 	{
 		internal readonly Asn1Encodable form;
 
@@ -132,9 +132,11 @@ namespace Org.BouncyCastle.X509
 			return new AttributeCertificateIssuer(AttCertIssuer.GetInstance(form));
 		}
 
-		public bool Match(
-			X509Certificate x509Cert)
+		public bool Match(X509Certificate x509Cert)
 		{
+			if (x509Cert == null)
+				return false;
+
 			if (form is V2Form)
 			{
 				V2Form issuer = (V2Form) form;
@@ -172,17 +174,5 @@ namespace Org.BouncyCastle.X509
 		{
 			return this.form.GetHashCode();
 		}
-
-		public bool Match(
-			object obj)
-		{
-			if (!(obj is X509Certificate))
-			{
-				return false;
-			}
-
-			//return Match((Certificate)obj);
-			return Match((X509Certificate)obj);
-		}
 	}
 }
diff --git a/crypto/src/x509/IX509AttributeCertificate.cs b/crypto/src/x509/IX509AttributeCertificate.cs
deleted file mode 100644
index 9a3004e01..000000000
--- a/crypto/src/x509/IX509AttributeCertificate.cs
+++ /dev/null
@@ -1,57 +0,0 @@
-using System;
-using System.IO;
-
-using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Math;
-
-namespace Org.BouncyCastle.X509
-{
-	/// <remarks>Interface for an X.509 Attribute Certificate.</remarks>
-	public interface IX509AttributeCertificate
-		: IX509Extension
-	{
-		/// <summary>The version number for the certificate.</summary>
-		int Version { get; }
-
-		/// <summary>The serial number for the certificate.</summary>
-		BigInteger SerialNumber { get; }
-
-		/// <summary>The UTC DateTime before which the certificate is not valid.</summary>
-		DateTime NotBefore { get; }
-
-		/// <summary>The UTC DateTime after which the certificate is not valid.</summary>
-		DateTime NotAfter { get; }
-
-		/// <summary>The holder of the certificate.</summary>
-		AttributeCertificateHolder Holder { get; }
-
-		/// <summary>The issuer details for the certificate.</summary>
-		AttributeCertificateIssuer Issuer { get; }
-
-		/// <summary>Return the attributes contained in the attribute block in the certificate.</summary>
-		/// <returns>An array of attributes.</returns>
-		X509Attribute[] GetAttributes();
-
-		/// <summary>Return the attributes with the same type as the passed in oid.</summary>
-		/// <param name="oid">The object identifier we wish to match.</param>
-		/// <returns>An array of matched attributes, null if there is no match.</returns>
-		X509Attribute[] GetAttributes(string oid);
-
-		bool[] GetIssuerUniqueID();
-
-		bool IsValidNow { get; }
-		bool IsValid(DateTime date);
-
-		void CheckValidity();
-		void CheckValidity(DateTime date);
-
-		byte[] GetSignature();
-
-		void Verify(AsymmetricKeyParameter publicKey);
-
-		/// <summary>Return an ASN.1 encoded byte array representing the attribute certificate.</summary>
-		/// <returns>An ASN.1 encoded byte array.</returns>
-		/// <exception cref="IOException">If the certificate cannot be encoded.</exception>
-		byte[] GetEncoded();
-	}
-}
diff --git a/crypto/src/x509/X509AttrCertParser.cs b/crypto/src/x509/X509AttrCertParser.cs
index ce708ed8d..f1dc09543 100644
--- a/crypto/src/x509/X509AttrCertParser.cs
+++ b/crypto/src/x509/X509AttrCertParser.cs
@@ -1,12 +1,11 @@
 using System;
-using System.Collections;
+using System.Collections.Generic;
 using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Security.Certificates;
-using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.IO;
 
 namespace Org.BouncyCastle.X509
@@ -19,7 +18,7 @@ namespace Org.BouncyCastle.X509
 		private int		sDataObjectCount;
 		private Stream	currentStream;
 
-		private IX509AttributeCertificate ReadDerCertificate(
+		private X509V2AttributeCertificate ReadDerCertificate(
 			Asn1InputStream dIn)
 		{
 			Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
@@ -35,25 +34,21 @@ namespace Org.BouncyCastle.X509
 				}
 			}
 
-//			return new X509V2AttributeCertificate(seq.getEncoded());
 			return new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq));
 		}
 
-		private IX509AttributeCertificate GetCertificate()
+		private X509V2AttributeCertificate GetCertificate()
 		{
 			if (sData != null)
 			{
 				while (sDataObjectCount < sData.Count)
 				{
-					object obj = sData[sDataObjectCount++];
+					Asn1Encodable ae = sData[sDataObjectCount++];
 
-					if (obj is Asn1TaggedObject && ((Asn1TaggedObject)obj).TagNo == 2)
+					if (ae.ToAsn1Object() is Asn1TaggedObject t && t.TagNo == 2)
 					{
-						//return new X509V2AttributeCertificate(
-						//	Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false).GetEncoded());
 						return new X509V2AttributeCertificate(
-							AttributeCertificate.GetInstance(
-								Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false)));
+							AttributeCertificate.GetInstance(Asn1Sequence.GetInstance(t, false)));
 					}
 				}
 			}
@@ -61,14 +56,13 @@ namespace Org.BouncyCastle.X509
 			return null;
 		}
 
-		private IX509AttributeCertificate ReadPemCertificate(
+		private X509V2AttributeCertificate ReadPemCertificate(
 			Stream inStream)
 		{
 			Asn1Sequence seq = PemAttrCertParser.ReadPemObject(inStream);
 
 			return seq == null
 				?	null
-				//:	new X509V2AttributeCertificate(seq.getEncoded());
 				:	new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq));
 		}
 
@@ -76,8 +70,7 @@ namespace Org.BouncyCastle.X509
 		/// Create loading data from byte array.
 		/// </summary>
 		/// <param name="input"></param>
-		public IX509AttributeCertificate ReadAttrCert(
-			byte[] input)
+		public X509V2AttributeCertificate ReadAttrCert(byte[] input)
 		{
 			return ReadAttrCert(new MemoryStream(input, false));
 		}
@@ -86,8 +79,7 @@ namespace Org.BouncyCastle.X509
 		/// Create loading data from byte array.
 		/// </summary>
 		/// <param name="input"></param>
-		public ICollection ReadAttrCerts(
-			byte[] input)
+		public IList<X509V2AttributeCertificate> ReadAttrCerts(byte[] input)
 		{
 			return ReadAttrCerts(new MemoryStream(input, false));
 		}
@@ -96,7 +88,7 @@ namespace Org.BouncyCastle.X509
 		 * Generates a certificate object and initializes it with the data
 		 * read from the input stream inStream.
 		 */
-		public IX509AttributeCertificate ReadAttrCert(
+		public X509V2AttributeCertificate ReadAttrCert(
 			Stream inStream)
 		{
 			if (inStream == null)
@@ -163,12 +155,11 @@ namespace Org.BouncyCastle.X509
 		 * Returns a (possibly empty) collection view of the certificates
 		 * read from the given input stream inStream.
 		 */
-		public ICollection ReadAttrCerts(
-			Stream inStream)
+		public IList<X509V2AttributeCertificate> ReadAttrCerts(Stream inStream)
 		{
-			IX509AttributeCertificate attrCert;
-            IList attrCerts = Platform.CreateArrayList();
+			var attrCerts = new List<X509V2AttributeCertificate>();
 
+			X509V2AttributeCertificate attrCert;
 			while ((attrCert = ReadAttrCert(inStream)) != null)
 			{
 				attrCerts.Add(attrCert);
@@ -177,4 +168,4 @@ namespace Org.BouncyCastle.X509
 			return attrCerts;
 		}
 	}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/x509/X509V2AttributeCertificate.cs b/crypto/src/x509/X509V2AttributeCertificate.cs
index 1ceba101e..61bb8c879 100644
--- a/crypto/src/x509/X509V2AttributeCertificate.cs
+++ b/crypto/src/x509/X509V2AttributeCertificate.cs
@@ -15,7 +15,7 @@ namespace Org.BouncyCastle.X509
 {
 	/// <summary>An implementation of a version 2 X.509 Attribute Certificate.</summary>
 	public class X509V2AttributeCertificate
-		: X509ExtensionBase, IX509AttributeCertificate
+		: X509ExtensionBase
 	{
 		private readonly AttributeCertificate cert;
 		private readonly DateTime notBefore;
@@ -49,8 +49,7 @@ namespace Org.BouncyCastle.X509
 		{
 		}
 
-		internal X509V2AttributeCertificate(
-			AttributeCertificate cert)
+		public X509V2AttributeCertificate(AttributeCertificate cert)
 		{
 			this.cert = cert;
 
@@ -65,6 +64,11 @@ namespace Org.BouncyCastle.X509
 			}
 		}
 
+		public virtual AttributeCertificate AttributeCertificate
+		{
+			get { return cert; }
+		}
+
 		public virtual int Version
 		{
             get { return cert.ACInfo.Version.IntValueExact + 1; }
diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
index 643604181..2baf10c63 100644
--- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
+++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
@@ -104,7 +104,7 @@ namespace Org.BouncyCastle.X509
         /// </summary>
         /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
         /// <returns>An IX509AttributeCertificate.</returns>
-        public IX509AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory)
+        public X509V2AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory)
         {
             if (!extGenerator.IsEmpty)
 			{
diff --git a/crypto/src/x509/store/IX509Selector.cs b/crypto/src/x509/store/IX509Selector.cs
deleted file mode 100644
index 4459903e7..000000000
--- a/crypto/src/x509/store/IX509Selector.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-using System;
-
-namespace Org.BouncyCastle.X509.Store
-{
-	public interface IX509Selector
-#if !PORTABLE
-		: ICloneable
-#endif
-	{
-#if PORTABLE
-        object Clone();
-#endif
-        bool Match(object obj);
-	}
-}
diff --git a/crypto/src/x509/store/IX509Store.cs b/crypto/src/x509/store/IX509Store.cs
deleted file mode 100644
index e5c3a462a..000000000
--- a/crypto/src/x509/store/IX509Store.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using System;
-using System.Collections;
-
-namespace Org.BouncyCastle.X509.Store
-{
-	public interface IX509Store
-	{
-//		void Init(IX509StoreParameters parameters);
-		ICollection GetMatches(IX509Selector selector);
-	}
-}
diff --git a/crypto/src/x509/store/IX509StoreParameters.cs b/crypto/src/x509/store/IX509StoreParameters.cs
deleted file mode 100644
index aee3036c2..000000000
--- a/crypto/src/x509/store/IX509StoreParameters.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-using System;
-
-namespace Org.BouncyCastle.X509.Store
-{
-	public interface IX509StoreParameters
-	{
-	}
-}
diff --git a/crypto/src/x509/store/NoSuchStoreException.cs b/crypto/src/x509/store/NoSuchStoreException.cs
deleted file mode 100644
index 3acac536f..000000000
--- a/crypto/src/x509/store/NoSuchStoreException.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-using System;
-using System.Runtime.Serialization;
-
-namespace Org.BouncyCastle.X509.Store
-{
-    [Serializable]
-    public class NoSuchStoreException
-		: X509StoreException
-	{
-		public NoSuchStoreException()
-			: base()
-		{
-		}
-
-		public NoSuchStoreException(string message)
-			: base(message)
-		{
-		}
-
-		public NoSuchStoreException(string message, Exception innerException)
-			: base(message, innerException)
-		{
-		}
-
-		protected NoSuchStoreException(SerializationInfo info, StreamingContext context)
-			: base(info, context)
-		{
-		}
-	}
-}
diff --git a/crypto/src/x509/store/X509AttrCertStoreSelector.cs b/crypto/src/x509/store/X509AttrCertStoreSelector.cs
index d60a5f23c..b25d0de19 100644
--- a/crypto/src/x509/store/X509AttrCertStoreSelector.cs
+++ b/crypto/src/x509/store/X509AttrCertStoreSelector.cs
@@ -18,11 +18,11 @@ namespace Org.BouncyCastle.X509.Store
 	* @see org.bouncycastle.x509.X509Store
 	*/
 	public class X509AttrCertStoreSelector
-		: IX509Selector
+		: ISelector<X509V2AttributeCertificate>
 	{
 		// TODO: name constraints???
 
-		private IX509AttributeCertificate attributeCert;
+		private X509V2AttributeCertificate attributeCert;
 		private DateTimeObject attributeCertificateValid;
 		private AttributeCertificateHolder holder;
 		private AttributeCertificateIssuer issuer;
@@ -49,16 +49,10 @@ namespace Org.BouncyCastle.X509.Store
 		/// <summary>
 		/// Decides if the given attribute certificate should be selected.
 		/// </summary>
-		/// <param name="obj">The attribute certificate to be checked.</param>
+		/// <param name="attrCert">The attribute certificate to be checked.</param>
 		/// <returns><code>true</code> if the object matches this selector.</returns>
-		public bool Match(
-			object obj)
+		public bool Match(X509V2AttributeCertificate attrCert)
 		{
-			if (obj == null)
-				throw new ArgumentNullException("obj");
-
-			IX509AttributeCertificate attrCert = obj as IX509AttributeCertificate;
-
 			if (attrCert == null)
 				return false;
 
@@ -160,7 +154,7 @@ namespace Org.BouncyCastle.X509.Store
 
 		/// <summary>The attribute certificate which must be matched.</summary>
 		/// <remarks>If <c>null</c> is given, any will do.</remarks>
-		public IX509AttributeCertificate AttributeCert
+		public X509V2AttributeCertificate AttributeCert
 		{
 			get { return attributeCert; }
 			set { this.attributeCert = value; }
diff --git a/crypto/src/x509/store/X509CertPairStoreSelector.cs b/crypto/src/x509/store/X509CertPairStoreSelector.cs
index 2796971c7..936da2e48 100644
--- a/crypto/src/x509/store/X509CertPairStoreSelector.cs
+++ b/crypto/src/x509/store/X509CertPairStoreSelector.cs
@@ -1,5 +1,7 @@
 using System;
 
+using Org.BouncyCastle.Utilities.Collections;
+
 namespace Org.BouncyCastle.X509.Store
 {
 	/// <remarks>
@@ -9,7 +11,7 @@ namespace Org.BouncyCastle.X509.Store
 	/// each of which, if present, must match the respective component of a pair.
 	/// </remarks>
 	public class X509CertPairStoreSelector
-		: IX509Selector
+		: ISelector<X509CertificatePair>
 	{
 		private static X509CertStoreSelector CloneSelector(
 			X509CertStoreSelector s)
@@ -59,16 +61,10 @@ namespace Org.BouncyCastle.X509.Store
 		/// <c>obj</c> is not a <code>X509CertificatePair</code>, this method
 		/// returns <code>false</code>.
 		/// </summary>
-		/// <param name="obj">The <code>X509CertificatePair</code> to be tested.</param>
+		/// <param name="pair">The <code>X509CertificatePair</code> to be tested.</param>
 		/// <returns><code>true</code> if the object matches this selector.</returns>
-		public bool Match(
-			object obj)
+		public bool Match(X509CertificatePair pair)
 		{
-			if (obj == null)
-				throw new ArgumentNullException("obj");
-
-			X509CertificatePair pair = obj as X509CertificatePair;
-
 			if (pair == null)
 				return false;
 
diff --git a/crypto/src/x509/store/X509CertStoreSelector.cs b/crypto/src/x509/store/X509CertStoreSelector.cs
index 8e22b862a..b351f1cf3 100644
--- a/crypto/src/x509/store/X509CertStoreSelector.cs
+++ b/crypto/src/x509/store/X509CertStoreSelector.cs
@@ -12,7 +12,7 @@ using Org.BouncyCastle.X509.Extension;
 namespace Org.BouncyCastle.X509.Store
 {
 	public class X509CertStoreSelector
-		: IX509Selector
+		: ISelector<X509Certificate>
 	{
 		// TODO Missing criteria?
 
@@ -160,11 +160,8 @@ namespace Org.BouncyCastle.X509.Store
 			set { subjectPublicKeyAlgID = value; }
 		}
 
-		public virtual bool Match(
-			object obj)
+		public virtual bool Match(X509Certificate c)
 		{
-			X509Certificate c = obj as X509Certificate;
-
 			if (c == null)
 				return false;
 
diff --git a/crypto/src/x509/store/X509CollectionStore.cs b/crypto/src/x509/store/X509CollectionStore.cs
deleted file mode 100644
index 92173140b..000000000
--- a/crypto/src/x509/store/X509CollectionStore.cs
+++ /dev/null
@@ -1,51 +0,0 @@
-using System;
-using System.Collections;
-
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.X509.Store
-{
-	/**
-	 * A simple collection backed store.
-	 */
-	internal class X509CollectionStore
-		: IX509Store
-	{
-		private ICollection _local;
-
-		/**
-		 * Basic constructor.
-		 *
-		 * @param collection - initial contents for the store, this is copied.
-		 */
-		internal X509CollectionStore(
-			ICollection collection)
-		{
-			_local = Platform.CreateArrayList(collection);
-		}
-
-		/**
-		 * Return the matches in the collection for the passed in selector.
-		 *
-		 * @param selector the selector to match against.
-		 * @return a possibly empty collection of matching objects.
-		 */
-		public ICollection GetMatches(
-			IX509Selector selector)
-		{
-			if (selector == null)
-			{
-                return Platform.CreateArrayList(_local);
-			}
-
-            IList result = Platform.CreateArrayList();
-			foreach (object obj in _local)
-			{
-				if (selector.Match(obj))
-					result.Add(obj);
-			}
-
-			return result;
-		}
-	}
-}
diff --git a/crypto/src/x509/store/X509CollectionStoreParameters.cs b/crypto/src/x509/store/X509CollectionStoreParameters.cs
deleted file mode 100644
index 7fd047a47..000000000
--- a/crypto/src/x509/store/X509CollectionStoreParameters.cs
+++ /dev/null
@@ -1,60 +0,0 @@
-using System;
-using System.Collections;
-using System.Text;
-
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.X509.Store
-{
-	/// <remarks>This class contains a collection for collection based <code>X509Store</code>s.</remarks>
-	public class X509CollectionStoreParameters
-		: IX509StoreParameters
-	{
-		private readonly IList collection;
-
-		/// <summary>
-		/// Constructor.
-		/// <p>
-		/// The collection is copied.
-		/// </p>
-		/// </summary>
-		/// <param name="collection">The collection containing X.509 object types.</param>
-		/// <exception cref="ArgumentNullException">If collection is null.</exception>
-		public X509CollectionStoreParameters(
-			ICollection collection)
-		{
-			if (collection == null)
-				throw new ArgumentNullException("collection");
-
-			this.collection = Platform.CreateArrayList(collection);
-		}
-
-		// TODO Do we need to be able to Clone() these, and should it really be shallow?
-//		/**
-//		* Returns a shallow clone. The returned contents are not copied, so adding
-//		* or removing objects will effect this.
-//		*
-//		* @return a shallow clone.
-//		*/
-//		public object Clone()
-//		{
-//			return new X509CollectionStoreParameters(collection);
-//		}
-
-		/// <summary>Returns a copy of the <code>ICollection</code>.</summary>
-		public ICollection GetCollection()
-		{
-			return Platform.CreateArrayList(collection);
-		}
-
-		/// <summary>Returns a formatted string describing the parameters.</summary>
-		public override string ToString()
-		{
-			StringBuilder sb = new StringBuilder();
-			sb.Append("X509CollectionStoreParameters: [\n");
-			sb.Append("  collection: " + collection + "\n");
-			sb.Append("]");
-			return sb.ToString();
-		}
-	}
-}
diff --git a/crypto/src/x509/store/X509CrlStoreSelector.cs b/crypto/src/x509/store/X509CrlStoreSelector.cs
index 4be2a1ef0..dcf8f8876 100644
--- a/crypto/src/x509/store/X509CrlStoreSelector.cs
+++ b/crypto/src/x509/store/X509CrlStoreSelector.cs
@@ -5,13 +5,14 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.Utilities.Date;
 using Org.BouncyCastle.X509.Extension;
 
 namespace Org.BouncyCastle.X509.Store
 {
 	public class X509CrlStoreSelector
-		: IX509Selector
+		: ISelector<X509Crl>
 	{
 		// TODO Missing criteria?
 
@@ -21,7 +22,7 @@ namespace Org.BouncyCastle.X509.Store
 		private BigInteger maxCrlNumber;
 		private BigInteger minCrlNumber;
 
-		private IX509AttributeCertificate attrCertChecking;
+		private X509V2AttributeCertificate attrCertChecking;
 		private bool completeCrlEnabled;
 		private bool deltaCrlIndicatorEnabled;
 		private byte[] issuingDistributionPoint;
@@ -98,7 +99,7 @@ namespace Org.BouncyCastle.X509.Store
 		 *             <code>null</code>)
 		 * @see #getAttrCertificateChecking()
 		 */
-		public IX509AttributeCertificate AttrCertChecking
+		public X509V2AttributeCertificate AttrCertChecking
 		{
 			get { return attrCertChecking; }
 			set { this.attrCertChecking = value; }
@@ -180,11 +181,8 @@ namespace Org.BouncyCastle.X509.Store
 			set { this.maxBaseCrlNumber = value; }
 		}
 
-		public virtual bool Match(
-			object obj)
+		public virtual bool Match(X509Crl c)
 		{
-			X509Crl c = obj as X509Crl;
-
 			if (c == null)
 				return false;
 
diff --git a/crypto/src/x509/store/X509StoreException.cs b/crypto/src/x509/store/X509StoreException.cs
deleted file mode 100644
index 0ad32c2ef..000000000
--- a/crypto/src/x509/store/X509StoreException.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-using System;
-using System.Runtime.Serialization;
-
-namespace Org.BouncyCastle.X509.Store
-{
-    [Serializable]
-    public class X509StoreException
-		: Exception
-	{
-		public X509StoreException()
-			: base()
-		{
-		}
-
-		public X509StoreException(string message)
-			: base(message)
-		{
-		}
-
-		public X509StoreException(string message, Exception innerException)
-			: base(message, innerException)
-		{
-		}
-
-		protected X509StoreException(SerializationInfo info, StreamingContext context)
-			: base(info, context)
-		{
-		}
-	}
-}
diff --git a/crypto/src/x509/store/X509StoreFactory.cs b/crypto/src/x509/store/X509StoreFactory.cs
deleted file mode 100644
index 96f22be3f..000000000
--- a/crypto/src/x509/store/X509StoreFactory.cs
+++ /dev/null
@@ -1,62 +0,0 @@
-using System;
-using System.Collections;
-
-using Org.BouncyCastle.Utilities;
-
-namespace Org.BouncyCastle.X509.Store
-{
-	public sealed class X509StoreFactory
-	{
-		private X509StoreFactory()
-		{
-		}
-
-		public static IX509Store Create(
-			string					type,
-			IX509StoreParameters	parameters)
-		{
-			if (type == null)
-				throw new ArgumentNullException("type");
-
-			string[] parts = Platform.ToUpperInvariant(type).Split('/');
-
-            if (parts.Length < 2)
-				throw new ArgumentException("type");
-
-			if (parts[1] != "COLLECTION")
-				throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
-
-			X509CollectionStoreParameters p = (X509CollectionStoreParameters) parameters;
-			ICollection coll = p.GetCollection();
-
-			switch (parts[0])
-			{
-				case "ATTRIBUTECERTIFICATE":
-					checkCorrectType(coll, typeof(IX509AttributeCertificate));
-					break;
-				case "CERTIFICATE":
-					checkCorrectType(coll, typeof(X509Certificate));
-					break;
-				case "CERTIFICATEPAIR":
-					checkCorrectType(coll, typeof(X509CertificatePair));
-					break;
-				case "CRL":
-					checkCorrectType(coll, typeof(X509Crl));
-					break;
-				default:
-					throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
-			}
-
-			return new X509CollectionStore(coll);
-		}
-
-		private static void checkCorrectType(ICollection coll, Type t)
-		{
-			foreach (object o in coll)
-			{
-				if (!t.IsInstanceOfType(o))
-					throw new InvalidCastException("Can't cast object to type: " + t.FullName);
-			}
-		}
-	}
-}