summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-09-20 18:26:22 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-09-20 18:26:22 +0700
commitf63eb403a0ad2fc869225ee1cce60e225c11c66c (patch)
treef17125b27ac3803f168d16f95fb3b6a78e190bdc /crypto/src
parentPort of Asn1.Cmp tests from bc-java (diff)
downloadBouncyCastle.NET-ed25519-f63eb403a0ad2fc869225ee1cce60e225c11c66c.tar.xz
Cmp updates
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/cmp/CertificateConfirmationContent.cs16
-rw-r--r--crypto/src/cmp/CertificateConfirmationContentBuilder.cs37
-rw-r--r--crypto/src/cmp/CertificateStatus.cs12
-rw-r--r--crypto/src/cmp/GeneralPkiMessage.cs28
-rw-r--r--crypto/src/cmp/ProtectedPkiMessage.cs91
-rw-r--r--crypto/src/cmp/ProtectedPkiMessageBuilder.cs52
-rw-r--r--crypto/src/cmp/RevocationDetails.cs30
-rw-r--r--crypto/src/cmp/RevocationDetailsBuilder.cs18
8 files changed, 118 insertions, 166 deletions
diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs
index ad46ca039..ceb34e2c8 100644
--- a/crypto/src/cmp/CertificateConfirmationContent.cs
+++ b/crypto/src/cmp/CertificateConfirmationContent.cs
@@ -7,33 +7,33 @@ namespace Org.BouncyCastle.Cmp
 {
     public class CertificateConfirmationContent
     {
-        private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
-        private readonly CertConfirmContent content;
+        private readonly DefaultDigestAlgorithmIdentifierFinder m_digestAlgFinder;
+        private readonly CertConfirmContent m_content;
 
         public CertificateConfirmationContent(CertConfirmContent content)
         {
-            this.content = content;
+            this.m_content = content;
         }
 
         public CertificateConfirmationContent(CertConfirmContent content,
             DefaultDigestAlgorithmIdentifierFinder digestAlgFinder)
         {
-            this.content = content;
-            this.digestAlgFinder = digestAlgFinder;
+            this.m_content = content;
+            this.m_digestAlgFinder = digestAlgFinder;
         }
 
         public CertConfirmContent ToAsn1Structure()
         {
-            return content;
+            return m_content;
         }
 
         public CertificateStatus[] GetStatusMessages()
         {
-            CertStatus[] statusArray = content.ToCertStatusArray();
+            CertStatus[] statusArray = m_content.ToCertStatusArray();
             CertificateStatus[] ret = new CertificateStatus[statusArray.Length];
             for (int i = 0; i != ret.Length; i++)
             {
-                ret[i] = new CertificateStatus(digestAlgFinder, statusArray[i]);
+                ret[i] = new CertificateStatus(m_digestAlgFinder, statusArray[i]);
             }
 
             return ret;
diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
index b0647f9a5..fa7e5a897 100644
--- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
+++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
@@ -11,13 +10,14 @@ using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cmp
 {
-    public class CertificateConfirmationContentBuilder
+    public sealed class CertificateConfirmationContentBuilder
     {
-        private static readonly DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
+        private static readonly DefaultSignatureAlgorithmIdentifierFinder SigAlgFinder =
+            new DefaultSignatureAlgorithmIdentifierFinder();
 
-        private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
-        private readonly IList<X509Certificate> acceptedCerts = new List<X509Certificate>();
-        private readonly IList<BigInteger> acceptedReqIds = new List<BigInteger>();
+        private readonly DefaultDigestAlgorithmIdentifierFinder m_digestAlgFinder;
+        private readonly IList<X509Certificate> m_acceptedCerts = new List<X509Certificate>();
+        private readonly IList<BigInteger> m_acceptedReqIDs = new List<BigInteger>();
 
         public CertificateConfirmationContentBuilder()
             : this(new DefaultDigestAlgorithmIdentifierFinder())
@@ -26,39 +26,40 @@ namespace Org.BouncyCastle.Cmp
 
         public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder)
         {
-            this.digestAlgFinder = digestAlgFinder;
+            this.m_digestAlgFinder = digestAlgFinder;
         }
 
         public CertificateConfirmationContentBuilder AddAcceptedCertificate(X509Certificate certHolder,
             BigInteger certReqId)
         {
-            acceptedCerts.Add(certHolder);
-            acceptedReqIds.Add(certReqId);
+            m_acceptedCerts.Add(certHolder);
+            m_acceptedReqIDs.Add(certReqId);
             return this;
         }
 
         public CertificateConfirmationContent Build()
         {
             Asn1EncodableVector v = new Asn1EncodableVector();
-            for (int i = 0; i != acceptedCerts.Count; i++)
+            for (int i = 0; i != m_acceptedCerts.Count; i++)
             {
-                X509Certificate cert = acceptedCerts[i];
-                BigInteger reqId = acceptedReqIds[i];
+                X509Certificate cert = m_acceptedCerts[i];
+                BigInteger reqID = m_acceptedReqIDs[i];
 
+                AlgorithmIdentifier algorithmIdentifier = SigAlgFinder.Find(cert.SigAlgName);
+                if (null == algorithmIdentifier)
+                    throw new CmpException("cannot find algorithm identifier for signature name");
 
-                AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName);
-
-                AlgorithmIdentifier digAlg = digestAlgFinder.Find(algorithmIdentifier);
+                AlgorithmIdentifier digAlg = m_digestAlgFinder.Find(algorithmIdentifier);
                 if (null == digAlg)
                     throw new CmpException("cannot find algorithm for digest from signature");
 
                 byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded());
 
-                v.Add(new CertStatus(digest, reqId));
+                v.Add(new CertStatus(digest, reqID));
             }
 
             return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)),
-                digestAlgFinder);
+                m_digestAlgFinder);
         }
     }
 }
diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs
index 2e3afe3b6..e697f73bc 100644
--- a/crypto/src/cmp/CertificateStatus.cs
+++ b/crypto/src/cmp/CertificateStatus.cs
@@ -24,17 +24,11 @@ namespace Org.BouncyCastle.Cmp
             this.certStatus = certStatus;
         }
 
-        public PkiStatusInfo PkiStatusInfo
-        {
-            get { return certStatus.StatusInfo; }
-        }
+        public virtual PkiStatusInfo StatusInfo => certStatus.StatusInfo;
 
-        public BigInteger CertRequestId
-        {
-            get { return certStatus.CertReqID.Value; }
-        }
+        public virtual BigInteger CertRequestID => certStatus.CertReqID.Value;
 
-        public bool IsVerified(X509Certificate cert)
+        public virtual bool IsVerified(X509Certificate cert)
         {
             AlgorithmIdentifier digAlg = digestAlgFinder.Find(sigAlgFinder.Find(cert.SigAlgName));
             if (null == digAlg)
diff --git a/crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/cmp/GeneralPkiMessage.cs
index 9b12ee77b..d52161f6c 100644
--- a/crypto/src/cmp/GeneralPkiMessage.cs
+++ b/crypto/src/cmp/GeneralPkiMessage.cs
@@ -1,13 +1,11 @@
-using System;
-
-using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 
 namespace Org.BouncyCastle.Cmp
 {
     public class GeneralPkiMessage
     {
-        private readonly PkiMessage pkiMessage;
+        private readonly PkiMessage m_pkiMessage;
 
         private static PkiMessage ParseBytes(byte[] encoding)
         {
@@ -20,7 +18,7 @@ namespace Org.BouncyCastle.Cmp
         /// <param name="pkiMessage">PKI message.</param>
         public GeneralPkiMessage(PkiMessage pkiMessage)
         {
-            this.pkiMessage = pkiMessage;
+            this.m_pkiMessage = pkiMessage;
         }
 
         /// <summary>
@@ -32,28 +30,16 @@ namespace Org.BouncyCastle.Cmp
         {
         }
 
-        public PkiHeader Header
-        {
-            get { return pkiMessage.Header; }
-        }
+        public virtual PkiHeader Header => m_pkiMessage.Header;
 
-        public PkiBody Body
-        {
-            get { return pkiMessage.Body; }
-        }
+        public virtual PkiBody Body => m_pkiMessage.Body;
 
         /// <summary>
         /// Return true if this message has protection bits on it. A return value of true
         /// indicates the message can be used to construct a ProtectedPKIMessage.
         /// </summary>
-        public bool HasProtection
-        {
-            get { return pkiMessage.Protection != null; }
-        }
+        public virtual bool HasProtection => m_pkiMessage.Protection != null;
 
-        public PkiMessage ToAsn1Structure()
-        {
-            return pkiMessage;
-        }
+        public virtual PkiMessage ToAsn1Structure() => m_pkiMessage;
     }
 }
diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs
index 738fd8ab3..f99672cc7 100644
--- a/crypto/src/cmp/ProtectedPkiMessage.cs
+++ b/crypto/src/cmp/ProtectedPkiMessage.cs
@@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Cmp
     /// </summary>
     public class ProtectedPkiMessage
     {
-        private readonly PkiMessage pkiMessage;
+        private readonly PkiMessage m_pkiMessage;
 
         /// <summary>
         /// Wrap a general message.
@@ -25,11 +25,12 @@ namespace Org.BouncyCastle.Cmp
         public ProtectedPkiMessage(GeneralPkiMessage pkiMessage)
         {
             if (!pkiMessage.HasProtection)
-                throw new ArgumentException("pki message not protected");
+                throw new ArgumentException("GeneralPkiMessage not protected");
 
-            this.pkiMessage = pkiMessage.ToAsn1Structure();
+            this.m_pkiMessage = pkiMessage.ToAsn1Structure();
         }
 
+        // TODO[cmp] Make internal? (Has test that uses it)
         /// <summary>
         /// Wrap a PKI message.
         /// </summary>
@@ -38,63 +39,49 @@ namespace Org.BouncyCastle.Cmp
         public ProtectedPkiMessage(PkiMessage pkiMessage)
         {
             if (null == pkiMessage.Header.ProtectionAlg)
-                throw new ArgumentException("pki message not protected");
+                throw new ArgumentException("PkiMessage not protected");
 
-            this.pkiMessage = pkiMessage;
+            this.m_pkiMessage = pkiMessage;
         }
 
-        /// <summary>
-        /// Message header
-        /// </summary>
-        public PkiHeader Header
-        {
-            get { return pkiMessage.Header; }
-        }
+        /// <summary>Message header</summary>
+        public virtual PkiHeader Header => m_pkiMessage.Header;
 
-        /// <summary>
-        /// Message Body
-        /// </summary>
-        public PkiBody Body
-        {
-            get { return pkiMessage.Body; }
-        }
+        /// <summary>Message body</summary>
+        public virtual PkiBody Body => m_pkiMessage.Body;
 
         /// <summary>
         /// Return the underlying ASN.1 structure contained in this object.
         /// </summary>
-        /// <returns>PKI Message structure</returns>
-        public PkiMessage ToAsn1Message()
-        {
-            return pkiMessage;
-        }
+        /// <returns>PkiMessage structure</returns>
+        public virtual PkiMessage ToAsn1Message() => m_pkiMessage;
 
         /// <summary>
         /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[])
         /// to verify the message if this method returns true.
         /// </summary>
         /// <returns>true if protection MAC PBE based, false otherwise.</returns>
-        public bool HasPasswordBasedMacProtected
+        public virtual bool HasPasswordBasedMacProtected
         {
-            get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); }
+            get { return CmpObjectIdentifiers.passwordBasedMac.Equals(Header.ProtectionAlg.Algorithm); }
         }
 
         /// <summary>
         /// Return the extra certificates associated with this message.
         /// </summary>
         /// <returns>an array of extra certificates, zero length if none present.</returns>
-        public X509Certificate[] GetCertificates()
+        public virtual X509Certificate[] GetCertificates()
         {
-            CmpCertificate[] certs = pkiMessage.GetExtraCerts();
+            CmpCertificate[] certs = m_pkiMessage.GetExtraCerts();
             if (null == certs)
                 return new X509Certificate[0];
 
-            X509Certificate[] res = new X509Certificate[certs.Length];
+            X509Certificate[] result = new X509Certificate[certs.Length];
             for (int t = 0; t < certs.Length; t++)
             {
-                res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded()));
+                result[t] = new X509Certificate(certs[t].X509v3PKCert);
             }
-
-            return res;
+            return result;
         }
 
         /// <summary>
@@ -102,27 +89,13 @@ namespace Org.BouncyCastle.Cmp
         /// </summary>
         /// <param name="verifierFactory">a factory of signature verifiers.</param>
         /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns>      
-        public bool Verify(IVerifierFactory verifierFactory)
+        public virtual bool Verify(IVerifierFactory verifierFactory)
         {
             IStreamCalculator<IVerifier> streamCalculator = verifierFactory.CreateCalculator();
 
             IVerifier result = Process(streamCalculator);
 
-            return result.IsVerified(pkiMessage.Protection.GetBytes());
-        }
-
-        private TResult Process<TResult>(IStreamCalculator<TResult> streamCalculator)
-        {
-            Asn1EncodableVector avec = new Asn1EncodableVector();
-            avec.Add(pkiMessage.Header);
-            avec.Add(pkiMessage.Body);
-            byte[] enc = new DerSequence(avec).GetDerEncoded();
-
-            streamCalculator.Stream.Write(enc, 0, enc.Length);
-            streamCalculator.Stream.Flush();
-            Platform.Dispose(streamCalculator.Stream);
-
-            return streamCalculator.GetResult();
+            return result.IsVerified(m_pkiMessage.Protection.GetBytes());
         }
 
         /// <summary>
@@ -132,18 +105,32 @@ namespace Org.BouncyCastle.Cmp
         /// <param name="password">the MAC password</param>
         /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns>
         /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception>
-        public bool Verify(PKMacBuilder pkMacBuilder, char[] password)
+        public virtual bool Verify(PKMacBuilder pkMacBuilder, char[] password)
         {
-            if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
+            if (!CmpObjectIdentifiers.passwordBasedMac.Equals(m_pkiMessage.Header.ProtectionAlg.Algorithm))
                 throw new InvalidOperationException("protection algorithm is not mac based");
 
-            PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters);
+            PbmParameter parameter = PbmParameter.GetInstance(m_pkiMessage.Header.ProtectionAlg.Parameters);
 
             pkMacBuilder.SetParameters(parameter);
 
             IBlockResult result = Process(pkMacBuilder.Build(password).CreateCalculator());
 
-            return Arrays.ConstantTimeAreEqual(result.Collect(), this.pkiMessage.Protection.GetBytes());
+            return Arrays.ConstantTimeAreEqual(result.Collect(), m_pkiMessage.Protection.GetBytes());
+        }
+
+        private TResult Process<TResult>(IStreamCalculator<TResult> streamCalculator)
+        {
+            Asn1EncodableVector avec = new Asn1EncodableVector();
+            avec.Add(m_pkiMessage.Header);
+            avec.Add(m_pkiMessage.Body);
+            byte[] enc = new DerSequence(avec).GetDerEncoded();
+
+            streamCalculator.Stream.Write(enc, 0, enc.Length);
+            streamCalculator.Stream.Flush();
+            Platform.Dispose(streamCalculator.Stream);
+
+            return streamCalculator.GetResult();
         }
     }
 }
diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
index 8573d1fc8..837eb177f 100644
--- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
+++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -5,17 +5,16 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cmp
 {
-    public class ProtectedPkiMessageBuilder
+    public sealed class ProtectedPkiMessageBuilder
     {
-        private PkiHeaderBuilder hdrBuilBuilder;
+        private readonly PkiHeaderBuilder m_hdrBuilder;
         private PkiBody body;
-        private List<InfoTypeAndValue> generalInfos = new List<InfoTypeAndValue>();
-        private List<X509Certificate> extraCerts = new List<X509Certificate>();
+        private readonly List<InfoTypeAndValue> generalInfos = new List<InfoTypeAndValue>();
+        private readonly List<X509Certificate> extraCerts = new List<X509Certificate>();
 
         public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient)
             : this(PkiHeader.CMP_2000, sender, recipient)
@@ -24,18 +23,18 @@ namespace Org.BouncyCastle.Cmp
 
         public ProtectedPkiMessageBuilder(int pvno, GeneralName sender, GeneralName recipient)
         {
-            hdrBuilBuilder = new PkiHeaderBuilder(pvno, sender, recipient);
+            m_hdrBuilder = new PkiHeaderBuilder(pvno, sender, recipient);
         }
 
         public ProtectedPkiMessageBuilder SetTransactionId(byte[] tid)
         {
-            hdrBuilBuilder.SetTransactionID(tid);
+            m_hdrBuilder.SetTransactionID(tid);
             return this;
         }
 
         public ProtectedPkiMessageBuilder SetFreeText(PkiFreeText freeText)
         {
-            hdrBuilBuilder.SetFreeText(freeText);
+            m_hdrBuilder.SetFreeText(freeText);
             return this;
         }
 
@@ -47,31 +46,31 @@ namespace Org.BouncyCastle.Cmp
 
         public ProtectedPkiMessageBuilder SetMessageTime(DerGeneralizedTime generalizedTime)
         {
-            hdrBuilBuilder.SetMessageTime(generalizedTime);
+            m_hdrBuilder.SetMessageTime(generalizedTime);
             return this;
         }
 
         public ProtectedPkiMessageBuilder SetRecipKID(byte[] id)
         {
-            hdrBuilBuilder.SetRecipKID(id);
+            m_hdrBuilder.SetRecipKID(id);
             return this;
         }
 
         public ProtectedPkiMessageBuilder SetRecipNonce(byte[] nonce)
         {
-            hdrBuilBuilder.SetRecipNonce(nonce);
+            m_hdrBuilder.SetRecipNonce(nonce);
             return this;
         }
 
         public ProtectedPkiMessageBuilder SetSenderKID(byte[] id)
         {
-            hdrBuilBuilder.SetSenderKID(id);
+            m_hdrBuilder.SetSenderKID(id);
             return this;
         }
 
         public ProtectedPkiMessageBuilder SetSenderNonce(byte[] nonce)
         {
-            hdrBuilBuilder.SetSenderNonce(nonce);
+            m_hdrBuilder.SetSenderNonce(nonce);
             return this;
         }
 
@@ -94,35 +93,37 @@ namespace Org.BouncyCastle.Cmp
 
             IStreamCalculator<IBlockResult> calculator = signatureFactory.CreateCalculator();
 
-            if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier))
-            {
+            if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier algorithmDetails))
                 throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier");
-            }
 
-            FinalizeHeader((AlgorithmIdentifier)signatureFactory.AlgorithmDetails);
-            PkiHeader header = hdrBuilBuilder.Build();
+            FinalizeHeader(algorithmDetails);
+            PkiHeader header = m_hdrBuilder.Build();
             DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
             return FinalizeMessage(header, protection);
         }
 
-        public ProtectedPkiMessage Build(IMacFactory factory)
+        public ProtectedPkiMessage Build(IMacFactory macFactory)
         {
             if (null == body)
                 throw new InvalidOperationException("body must be set before building");
 
-            IStreamCalculator<IBlockResult> calculator = factory.CreateCalculator();
-            FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails);
-            PkiHeader header = hdrBuilBuilder.Build();
+            IStreamCalculator<IBlockResult> calculator = macFactory.CreateCalculator();
+
+            if (!(macFactory.AlgorithmDetails is AlgorithmIdentifier algorithmDetails))
+                throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier");
+
+            FinalizeHeader(algorithmDetails);
+            PkiHeader header = m_hdrBuilder.Build();
             DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
             return FinalizeMessage(header, protection);
         }
 
         private void FinalizeHeader(AlgorithmIdentifier algorithmIdentifier)
         {
-            hdrBuilBuilder.SetProtectionAlg(algorithmIdentifier);
+            m_hdrBuilder.SetProtectionAlg(algorithmIdentifier);
             if (generalInfos.Count > 0)
             {
-                hdrBuilBuilder.SetGeneralInfo(generalInfos.ToArray());
+                m_hdrBuilder.SetGeneralInfo(generalInfos.ToArray());
             }
         }
 
@@ -134,8 +135,7 @@ namespace Org.BouncyCastle.Cmp
             CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count];
             for (int i = 0; i < cmpCertificates.Length; i++)
             {
-                byte[] cert = extraCerts[i].GetEncoded();
-                cmpCertificates[i] = CmpCertificate.GetInstance(Asn1Object.FromByteArray(cert));
+                cmpCertificates[i] = new CmpCertificate(extraCerts[i].CertificateStructure);
             }
 
             return new ProtectedPkiMessage(new PkiMessage(header, body, protection, cmpCertificates));
diff --git a/crypto/src/cmp/RevocationDetails.cs b/crypto/src/cmp/RevocationDetails.cs
index 2d3f9a5eb..6060c6575 100644
--- a/crypto/src/cmp/RevocationDetails.cs
+++ b/crypto/src/cmp/RevocationDetails.cs
@@ -1,38 +1,24 @@
-using System;
-
-using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 
 namespace Org.BouncyCastle.Cmp
 {
-    public class RevocationDetails
+    public struct RevocationDetails
     {
-        private readonly RevDetails revDetails;
+        private readonly RevDetails m_revDetails;
 
         public RevocationDetails(RevDetails revDetails)
         {
-            this.revDetails = revDetails;
+            m_revDetails = revDetails;
         }
 
-        public X509Name Subject
-        {
-            get { return revDetails.CertDetails.Subject; }
-        }
+        public X509Name Subject => m_revDetails.CertDetails.Subject;
 
-        public X509Name Issuer
-        {
-            get { return revDetails.CertDetails.Issuer; }
-        }
+        public X509Name Issuer => m_revDetails.CertDetails.Issuer;
 
-        public BigInteger SerialNumber
-        {
-            get { return revDetails.CertDetails.SerialNumber.Value; }
-        }
+        public BigInteger SerialNumber => m_revDetails.CertDetails.SerialNumber.Value;
 
-        public RevDetails ToASN1Structure()
-        {
-            return revDetails;
-        }
+        public RevDetails ToASN1Structure() => m_revDetails;
     }
 }
diff --git a/crypto/src/cmp/RevocationDetailsBuilder.cs b/crypto/src/cmp/RevocationDetailsBuilder.cs
index b3be01242..086bf9c11 100644
--- a/crypto/src/cmp/RevocationDetailsBuilder.cs
+++ b/crypto/src/cmp/RevocationDetailsBuilder.cs
@@ -1,6 +1,4 @@
-using System;
-
-using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.X509;
@@ -8,15 +6,15 @@ using Org.BouncyCastle.Math;
 
 namespace Org.BouncyCastle.Cmp
 {
-    public class RevocationDetailsBuilder
+    public sealed class RevocationDetailsBuilder
     {
-        private readonly CertTemplateBuilder _templateBuilder = new CertTemplateBuilder();
+        private readonly CertTemplateBuilder m_templateBuilder = new CertTemplateBuilder();
 
         public RevocationDetailsBuilder SetPublicKey(SubjectPublicKeyInfo publicKey)
         {
             if (publicKey != null)
             {
-                _templateBuilder.SetPublicKey(publicKey);
+                m_templateBuilder.SetPublicKey(publicKey);
             }
 
             return this;
@@ -26,7 +24,7 @@ namespace Org.BouncyCastle.Cmp
         {
             if (issuer != null)
             {
-                _templateBuilder.SetIssuer(issuer);
+                m_templateBuilder.SetIssuer(issuer);
             }
 
             return this;
@@ -36,7 +34,7 @@ namespace Org.BouncyCastle.Cmp
         {
             if (serialNumber != null)
             {
-                _templateBuilder.SetSerialNumber(new DerInteger(serialNumber));
+                m_templateBuilder.SetSerialNumber(new DerInteger(serialNumber));
             }
 
             return this;
@@ -46,7 +44,7 @@ namespace Org.BouncyCastle.Cmp
         {
             if (subject != null)
             {
-                _templateBuilder.SetSubject(subject);
+                m_templateBuilder.SetSubject(subject);
             }
 
             return this;
@@ -54,7 +52,7 @@ namespace Org.BouncyCastle.Cmp
 
         public RevocationDetails Build()
         {
-            return new RevocationDetails(new RevDetails(_templateBuilder.Build()));
+            return new RevocationDetails(new RevDetails(m_templateBuilder.Build()));
         }
     }
 }
\ No newline at end of file