summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-06-27 02:19:14 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-06-27 02:19:14 +0700
commit4ea1816cffd5c8663bc9ae1234df0a70ef23fcd6 (patch)
treeeb4fe294ef230435928a573fadef3047b4466e9b /crypto/src
parentImplement generic IEnumerable in ASN.1 classes (diff)
downloadBouncyCastle.NET-ed25519-4ea1816cffd5c8663bc9ae1234df0a70ef23fcd6.tar.xz
Generics migration work
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/asn1/anssi/ANSSINamedCurves.cs6
-rw-r--r--crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs6
-rw-r--r--crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs4
-rw-r--r--crypto/src/asn1/gm/GMNamedCurves.cs6
-rw-r--r--crypto/src/asn1/nist/NISTNamedCurves.cs4
-rw-r--r--crypto/src/asn1/sec/SECNamedCurves.cs6
-rw-r--r--crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs6
-rw-r--r--crypto/src/asn1/x509/V2TBSCertListGenerator.cs23
-rw-r--r--crypto/src/asn1/x509/X509Extensions.cs118
-rw-r--r--crypto/src/asn1/x509/X509ExtensionsGenerator.cs68
-rw-r--r--crypto/src/asn1/x9/X962NamedCurves.cs6
-rw-r--r--crypto/src/cms/CMSSignedDataParser.cs9
-rw-r--r--crypto/src/cms/CMSSignedDataStreamGenerator.cs12
-rw-r--r--crypto/src/cms/CMSSignedGenerator.cs118
-rw-r--r--crypto/src/cms/CMSSignedHelper.cs2
-rw-r--r--crypto/src/crypto/ec/CustomNamedCurves.cs6
-rw-r--r--crypto/src/crypto/generators/OpenBsdBCrypt.cs4
-rw-r--r--crypto/src/crypto/operators/Asn1Signature.cs11
-rw-r--r--crypto/src/ocsp/OCSPUtil.cs3
-rw-r--r--crypto/src/pkcs/Pkcs10CertificationRequest.cs5
-rw-r--r--crypto/src/pkix/PkixAttrCertChecker.cs8
-rw-r--r--crypto/src/pkix/PkixAttrCertPathBuilder.cs8
-rw-r--r--crypto/src/pkix/PkixBuilderParameters.cs26
-rw-r--r--crypto/src/pkix/PkixCertPathBuilder.cs19
-rw-r--r--crypto/src/pkix/PkixCertPathChecker.cs7
-rw-r--r--crypto/src/pkix/PkixCertPathValidator.cs26
-rw-r--r--crypto/src/pkix/PkixCertPathValidatorUtilities.cs188
-rw-r--r--crypto/src/pkix/PkixCrlUtilities.cs8
-rw-r--r--crypto/src/pkix/PkixParameters.cs35
-rw-r--r--crypto/src/pkix/PkixPolicyNode.cs23
-rw-r--r--crypto/src/pkix/Rfc3280CertPathUtilities.cs260
-rw-r--r--crypto/src/pkix/Rfc3281CertPathUtilities.cs37
-rw-r--r--crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs11
-rw-r--r--crypto/src/tsp/TimeStampRequestGenerator.cs50
-rw-r--r--crypto/src/util/collections/CollectionUtilities.cs5
-rw-r--r--crypto/src/util/collections/LinkedDictionary.cs178
-rw-r--r--crypto/src/x509/IX509Extension.cs6
-rw-r--r--crypto/src/x509/X509ExtensionBase.cs42
-rw-r--r--crypto/src/x509/X509Utilities.cs3
39 files changed, 507 insertions, 856 deletions
diff --git a/crypto/src/asn1/anssi/ANSSINamedCurves.cs b/crypto/src/asn1/anssi/ANSSINamedCurves.cs
index ed1faa75c..2e164989a 100644
--- a/crypto/src/asn1/anssi/ANSSINamedCurves.cs
+++ b/crypto/src/asn1/anssi/ANSSINamedCurves.cs
@@ -116,21 +116,21 @@ namespace Org.BouncyCastle.Asn1.Anssi
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs b/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs
index ec297f7a1..8e0f55001 100644
--- a/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs
+++ b/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs
@@ -369,21 +369,21 @@ namespace Org.BouncyCastle.Asn1.CryptoPro
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs b/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs
index 2d183a4f9..cd0ab1a80 100644
--- a/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs
+++ b/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs
@@ -88,7 +88,7 @@ namespace Org.BouncyCastle.Asn1.CryptoPro
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the parameter set.</param>
         public static Gost3410ParamSetParameters GetByOid(DerObjectIdentifier oid)
         {
-            return parameters.TryGetValue(oid, out var parameterSet) ? parameterSet : null;
+            return CollectionUtilities.GetValueOrNull(parameters, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the parameter set with the given name.
@@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Asn1.CryptoPro
         /// <param name="name">The name of the parameter set.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available parameter set names in this registry.</summary>
diff --git a/crypto/src/asn1/gm/GMNamedCurves.cs b/crypto/src/asn1/gm/GMNamedCurves.cs
index fec0c1401..764b031ed 100644
--- a/crypto/src/asn1/gm/GMNamedCurves.cs
+++ b/crypto/src/asn1/gm/GMNamedCurves.cs
@@ -147,21 +147,21 @@ namespace Org.BouncyCastle.Asn1.GM
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/asn1/nist/NISTNamedCurves.cs b/crypto/src/asn1/nist/NISTNamedCurves.cs
index a8bc56549..b9307c879 100644
--- a/crypto/src/asn1/nist/NISTNamedCurves.cs
+++ b/crypto/src/asn1/nist/NISTNamedCurves.cs
@@ -89,14 +89,14 @@ namespace Org.BouncyCastle.Asn1.Nist
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/asn1/sec/SECNamedCurves.cs b/crypto/src/asn1/sec/SECNamedCurves.cs
index c0a783ec6..8a97af388 100644
--- a/crypto/src/asn1/sec/SECNamedCurves.cs
+++ b/crypto/src/asn1/sec/SECNamedCurves.cs
@@ -1248,21 +1248,21 @@ namespace Org.BouncyCastle.Asn1.Sec
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs b/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs
index b863babce..5edb24045 100644
--- a/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs
+++ b/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs
@@ -527,21 +527,21 @@ namespace Org.BouncyCastle.Asn1.TeleTrust
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs
index 2c929188f..1d58751fd 100644
--- a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs
+++ b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs
@@ -1,5 +1,5 @@
 using System;
-using System.Collections;
+using System.Collections.Generic;
 using System.IO;
 
 using Org.BouncyCastle.Utilities;
@@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Asn1.X509
         private X509Name			issuer;
         private Time				thisUpdate, nextUpdate;
         private X509Extensions		extensions;
-        private IList			    crlEntries;
+        private List<Asn1Sequence>  crlEntries;
 
 		public V2TbsCertListGenerator()
         {
@@ -80,12 +80,11 @@ namespace Org.BouncyCastle.Asn1.X509
             this.nextUpdate = nextUpdate;
         }
 
-		public void AddCrlEntry(
-			Asn1Sequence crlEntry)
+		public void AddCrlEntry(Asn1Sequence crlEntry)
 		{
 			if (crlEntries == null)
 			{
-				crlEntries = Platform.CreateArrayList();
+                crlEntries = new List<Asn1Sequence>();
 			}
 
 			crlEntries.Add(crlEntry);
@@ -104,8 +103,8 @@ namespace Org.BouncyCastle.Asn1.X509
 		public void AddCrlEntry(DerInteger userCertificate, Time revocationDate, int reason,
 			DerGeneralizedTime invalidityDate)
 		{
-            IList extOids = Platform.CreateArrayList();
-            IList extValues = Platform.CreateArrayList();
+            var extOids = new List<DerObjectIdentifier>();
+            var extValues = new List<X509Extension>();
 
 			if (reason != 0)
 			{
@@ -147,8 +146,7 @@ namespace Org.BouncyCastle.Asn1.X509
 
 		public void AddCrlEntry(DerInteger userCertificate, Time revocationDate, X509Extensions extensions)
 		{
-			Asn1EncodableVector v = new Asn1EncodableVector(
-				userCertificate, revocationDate);
+			Asn1EncodableVector v = new Asn1EncodableVector(userCertificate, revocationDate);
 
 			if (extensions != null)
 			{
@@ -182,12 +180,7 @@ namespace Org.BouncyCastle.Asn1.X509
 			// Add CRLEntries if they exist
             if (crlEntries != null)
             {
-                Asn1Sequence[] certs = new Asn1Sequence[crlEntries.Count];
-                for (int i = 0; i < crlEntries.Count; ++i)
-                {
-                    certs[i] = (Asn1Sequence)crlEntries[i];
-                }
-				v.Add(new DerSequence(certs));
+				v.Add(new DerSequence(crlEntries.ToArray()));
             }
 
 			if (extensions != null)
diff --git a/crypto/src/asn1/x509/X509Extensions.cs b/crypto/src/asn1/x509/X509Extensions.cs
index b01db1fb5..a399058c2 100644
--- a/crypto/src/asn1/x509/X509Extensions.cs
+++ b/crypto/src/asn1/x509/X509Extensions.cs
@@ -1,5 +1,5 @@
 using System;
-using System.Collections;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Collections;
@@ -169,8 +169,9 @@ namespace Org.BouncyCastle.Asn1.X509
          */
         public static readonly DerObjectIdentifier ExpiredCertsOnCrl = new DerObjectIdentifier("2.5.29.60");
 
-        private readonly IDictionary extensions = Platform.CreateHashtable();
-        private readonly IList ordering;
+        private readonly Dictionary<DerObjectIdentifier, X509Extension> m_extensions =
+            new Dictionary<DerObjectIdentifier, X509Extension>();
+        private readonly List<DerObjectIdentifier> m_ordering;
 
         public static X509Extension GetExtension(X509Extensions extensions, DerObjectIdentifier oid)
         {
@@ -182,11 +183,9 @@ namespace Org.BouncyCastle.Asn1.X509
             return null == extensions ? null : extensions.GetExtensionParsedValue(oid);
         }
 
-		public static X509Extensions GetInstance(
-            Asn1TaggedObject	obj,
-            bool				explicitly)
+		public static X509Extensions GetInstance(Asn1TaggedObject taggedObject, bool declaredExplicit)
         {
-            return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
+            return GetInstance(Asn1Sequence.GetInstance(taggedObject, declaredExplicit));
         }
 
 		public static X509Extensions GetInstance(
@@ -215,10 +214,9 @@ namespace Org.BouncyCastle.Asn1.X509
          *
          * the extensions are a list of constructed sequences, either with (Oid, OctetString) or (Oid, Boolean, OctetString)
          */
-        private X509Extensions(
-            Asn1Sequence seq)
+        private X509Extensions(Asn1Sequence seq)
         {
-            this.ordering = Platform.CreateArrayList();
+            m_ordering = new List<DerObjectIdentifier>();
 
 			foreach (Asn1Encodable ae in seq)
 			{
@@ -234,11 +232,11 @@ namespace Org.BouncyCastle.Asn1.X509
 
 				Asn1OctetString octets = Asn1OctetString.GetInstance(s[s.Count - 1].ToAsn1Object());
 
-                if (extensions.Contains(oid))
+                if (m_extensions.ContainsKey(oid))
                     throw new ArgumentException("repeated extension found: " + oid);
 
-                extensions.Add(oid, new X509Extension(isCritical, octets));
-				ordering.Add(oid);
+                m_extensions.Add(oid, new X509Extension(isCritical, octets));
+				m_ordering.Add(oid);
 			}
         }
 
@@ -247,8 +245,7 @@ namespace Org.BouncyCastle.Asn1.X509
          * <p>
          * it's is assumed the table contains Oid/string pairs.</p>
          */
-        public X509Extensions(
-            IDictionary extensions)
+        public X509Extensions(IDictionary<DerObjectIdentifier, X509Extension> extensions)
             : this(null, extensions)
         {
         }
@@ -258,22 +255,21 @@ namespace Org.BouncyCastle.Asn1.X509
          * <p>
          * It's is assumed the table contains Oid/string pairs.</p>
          */
-        public X509Extensions(
-            IList       ordering,
-            IDictionary extensions)
+        public X509Extensions(IList<DerObjectIdentifier> ordering,
+            IDictionary<DerObjectIdentifier, X509Extension> extensions)
         {
             if (ordering == null)
             {
-                this.ordering = Platform.CreateArrayList(extensions.Keys);
+                m_ordering = new List<DerObjectIdentifier>(extensions.Keys);
             }
             else
             {
-                this.ordering = Platform.CreateArrayList(ordering);
+                m_ordering = new List<DerObjectIdentifier>(ordering);
             }
 
-            foreach (DerObjectIdentifier oid in this.ordering)
+            foreach (DerObjectIdentifier oid in m_ordering)
             {
-                this.extensions.Add(oid, (X509Extension)extensions[oid]);
+                m_extensions.Add(oid, extensions[oid]);
             }
         }
 
@@ -283,25 +279,23 @@ namespace Org.BouncyCastle.Asn1.X509
          * @param objectIDs an ArrayList of the object identifiers.
          * @param values an ArrayList of the extension values.
          */
-        public X509Extensions(
-            IList oids,
-            IList values)
+        public X509Extensions(IList<DerObjectIdentifier> oids, IList<X509Extension> values)
         {
-            this.ordering = Platform.CreateArrayList(oids);
+            m_ordering = new List<DerObjectIdentifier>(oids);
 
             int count = 0;
-            foreach (DerObjectIdentifier oid in this.ordering)
+            foreach (DerObjectIdentifier oid in m_ordering)
             {
-                this.extensions.Add(oid, (X509Extension)values[count++]);
+                m_extensions.Add(oid, values[count++]);
             }
         }
 
 		/**
 		 * return an Enumeration of the extension field's object ids.
 		 */
-		public IEnumerable ExtensionOids
+		public IEnumerable<DerObjectIdentifier> ExtensionOids
         {
-			get { return new EnumerableProxy(ordering); }
+			get { return CollectionUtilities.Proxy(m_ordering); }
         }
 
 		/**
@@ -310,10 +304,9 @@ namespace Org.BouncyCastle.Asn1.X509
          *
          * @return the extension if it's present, null otherwise.
          */
-        public X509Extension GetExtension(
-            DerObjectIdentifier oid)
+        public X509Extension GetExtension(DerObjectIdentifier oid)
         {
-             return (X509Extension)extensions[oid];
+            return CollectionUtilities.GetValueOrNull(m_extensions, oid);
         }
 
         /**
@@ -324,9 +317,7 @@ namespace Org.BouncyCastle.Asn1.X509
          */
         public Asn1Encodable GetExtensionParsedValue(DerObjectIdentifier oid)
         {
-            X509Extension ext = GetExtension(oid);
-
-            return ext == null ? null : ext.GetParsedValue();
+            return GetExtension(oid)?.GetParsedValue();
         }
 
 		/**
@@ -341,44 +332,41 @@ namespace Org.BouncyCastle.Asn1.X509
 		 */
 		public override Asn1Object ToAsn1Object()
         {
-            Asn1EncodableVector	vec = new Asn1EncodableVector();
+            Asn1EncodableVector	v = new Asn1EncodableVector(m_ordering.Count);
 
-			foreach (DerObjectIdentifier oid in ordering)
+			foreach (DerObjectIdentifier oid in m_ordering)
 			{
-                X509Extension ext = (X509Extension) extensions[oid];
-                Asn1EncodableVector	v = new Asn1EncodableVector(oid);
-
-				if (ext.IsCritical)
+                X509Extension ext = m_extensions[oid];
+                if (ext.IsCritical)
                 {
-                    v.Add(DerBoolean.True);
+                    v.Add(new DerSequence(oid, DerBoolean.True, ext.Value));
+                }
+                else
+                {
+                    v.Add(new DerSequence(oid, ext.Value));
                 }
-
-				v.Add(ext.Value);
-
-				vec.Add(new DerSequence(v));
             }
 
-			return new DerSequence(vec);
+			return new DerSequence(v);
         }
 
-		public bool Equivalent(
-			X509Extensions other)
+		public bool Equivalent(X509Extensions other)
 		{
-			if (extensions.Count != other.extensions.Count)
+			if (m_extensions.Count != other.m_extensions.Count)
 				return false;
 
-			foreach (DerObjectIdentifier oid in extensions.Keys)
-			{
-				if (!extensions[oid].Equals(other.extensions[oid]))
-					return false;
-			}
+            foreach (var entry in m_extensions)
+            {
+                if (!entry.Value.Equals(other.GetExtension(entry.Key)))
+                    return false;
+            }
 
 			return true;
 		}
 
 		public DerObjectIdentifier[] GetExtensionOids()
 		{
-			return ToOidArray(ordering);
+            return m_ordering.ToArray();
 		}
 
 		public DerObjectIdentifier[] GetNonCriticalExtensionOids()
@@ -393,25 +381,17 @@ namespace Org.BouncyCastle.Asn1.X509
 
 		private DerObjectIdentifier[] GetExtensionOids(bool isCritical)
 		{
-			IList oids = Platform.CreateArrayList();
+			var oids = new List<DerObjectIdentifier>();
 
-			foreach (DerObjectIdentifier oid in this.ordering)
+			foreach (DerObjectIdentifier oid in m_ordering)
             {
-				X509Extension ext = (X509Extension)extensions[oid];
-				if (ext.IsCritical == isCritical)
+				if (m_extensions[oid].IsCritical == isCritical)
 				{
 					oids.Add(oid);
 				}
             }
 
-			return ToOidArray(oids);
-		}
-
-		private static DerObjectIdentifier[] ToOidArray(IList oids)
-		{
-			DerObjectIdentifier[] oidArray = new DerObjectIdentifier[oids.Count];
-			oids.CopyTo(oidArray, 0);
-			return oidArray;
+            return oids.ToArray();
 		}
 	}
 }
diff --git a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
index 3b952fffa..438c507aa 100644
--- a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
+++ b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Utilities;
 
@@ -8,8 +9,9 @@ namespace Org.BouncyCastle.Asn1.X509
     /// <remarks>Generator for X.509 extensions</remarks>
     public class X509ExtensionsGenerator
     {
-        private IDictionary extensions = Platform.CreateHashtable();
-        private IList extOrdering = Platform.CreateArrayList();
+        private Dictionary<DerObjectIdentifier, X509Extension> m_extensions =
+            new Dictionary<DerObjectIdentifier, X509Extension>();
+        private List<DerObjectIdentifier> m_ordering = new List<DerObjectIdentifier>();
 
         private static readonly IDictionary dupsAllowed = Platform.CreateHashtable();
 
@@ -19,16 +21,13 @@ namespace Org.BouncyCastle.Asn1.X509
             dupsAllowed.Add(X509Extensions.IssuerAlternativeName, true);
             dupsAllowed.Add(X509Extensions.SubjectDirectoryAttributes, true);
             dupsAllowed.Add(X509Extensions.CertificateIssuer, true);
-
         }
 
-
-
         /// <summary>Reset the generator</summary>
         public void Reset()
         {
-            extensions = Platform.CreateHashtable();
-            extOrdering = Platform.CreateArrayList();
+            m_extensions = new Dictionary<DerObjectIdentifier, X509Extension>();
+            m_ordering = new List<DerObjectIdentifier>();
         }
 
         /// <summary>
@@ -38,10 +37,7 @@ namespace Org.BouncyCastle.Asn1.X509
         /// <param name="oid">OID for the extension.</param>
         /// <param name="critical">True if critical, false otherwise.</param>
         /// <param name="extValue">The ASN.1 object to be included in the extension.</param>
-        public void AddExtension(
-            DerObjectIdentifier oid,
-            bool critical,
-            Asn1Encodable extValue)
+        public void AddExtension(DerObjectIdentifier oid, bool critical, Asn1Encodable extValue)
         {
             byte[] encoded;
             try
@@ -63,38 +59,30 @@ namespace Org.BouncyCastle.Asn1.X509
         /// <param name="oid">OID for the extension.</param>
         /// <param name="critical">True if critical, false otherwise.</param>
         /// <param name="extValue">The byte array to be wrapped.</param>
-        public void AddExtension(
-            DerObjectIdentifier oid,
-            bool critical,
-            byte[] extValue)
+        public void AddExtension(DerObjectIdentifier oid, bool critical, byte[] extValue)
         {
-            if (extensions.Contains(oid))
+            if (m_extensions.TryGetValue(oid, out X509Extension existingExtension))
             {
-                if (dupsAllowed.Contains(oid))
-                {
-                    X509Extension existingExtension = (X509Extension)extensions[oid];
-
-                    Asn1Sequence seq1 = Asn1Sequence.GetInstance(DerOctetString.GetInstance(existingExtension.Value).GetOctets());
-                    Asn1EncodableVector items = Asn1EncodableVector.FromEnumerable(seq1);
-                    Asn1Sequence seq2 = Asn1Sequence.GetInstance(extValue);
-
-                    foreach (Asn1Encodable enc in seq2)
-                    {
-                        items.Add(enc);
-                    }
+                if (!dupsAllowed.Contains(oid))
+                    throw new ArgumentException("extension " + oid + " already added");
 
-                    extensions[oid] = new X509Extension(existingExtension.IsCritical, new DerOctetString(new DerSequence(items).GetEncoded()));
+                Asn1Sequence seq1 = Asn1Sequence.GetInstance(
+                    Asn1OctetString.GetInstance(existingExtension.Value).GetOctets());
+                Asn1EncodableVector items = Asn1EncodableVector.FromEnumerable(seq1);
+                Asn1Sequence seq2 = Asn1Sequence.GetInstance(extValue);
 
-                }
-                else
+                foreach (Asn1Encodable enc in seq2)
                 {
-                    throw new ArgumentException("extension " + oid + " already added");
+                    items.Add(enc);
                 }
+
+                m_extensions[oid] = new X509Extension(existingExtension.IsCritical,
+                    new DerOctetString(new DerSequence(items).GetEncoded()));
             }
             else
             {
-                extOrdering.Add(oid);
-                extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue)));
+                m_ordering.Add(oid);
+                m_extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue)));
             }
         }
 
@@ -113,25 +101,23 @@ namespace Org.BouncyCastle.Asn1.X509
         /// <returns>True if empty, false otherwise</returns>
         public bool IsEmpty
         {
-            get { return extOrdering.Count < 1; }
+            get { return m_ordering.Count < 1; }
         }
 
         /// <summary>Generate an X509Extensions object based on the current state of the generator.</summary>
         /// <returns>An <c>X509Extensions</c> object</returns>
         public X509Extensions Generate()
         {
-            return new X509Extensions(extOrdering, extensions);
+            return new X509Extensions(m_ordering, m_extensions);
         }
 
         internal void AddExtension(DerObjectIdentifier oid, X509Extension x509Extension)
         {
-            if (extensions.Contains(oid))
-            {
+            if (m_extensions.ContainsKey(oid))
                 throw new ArgumentException("extension " + oid + " already added");
-            }
 
-            extOrdering.Add(oid);
-            extensions.Add(oid, x509Extension);
+            m_ordering.Add(oid);
+            m_extensions.Add(oid, x509Extension);
         }
     }
 }
diff --git a/crypto/src/asn1/x9/X962NamedCurves.cs b/crypto/src/asn1/x9/X962NamedCurves.cs
index e0fb625f9..893371fd4 100644
--- a/crypto/src/asn1/x9/X962NamedCurves.cs
+++ b/crypto/src/asn1/x9/X962NamedCurves.cs
@@ -836,21 +836,21 @@ namespace Org.BouncyCastle.Asn1.X9
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs
index 5dffd0d26..fd65576ac 100644
--- a/crypto/src/cms/CMSSignedDataParser.cs
+++ b/crypto/src/cms/CMSSignedDataParser.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections;
+using System.Collections.Generic;
 using System.IO;
 
 using Org.BouncyCastle.Asn1;
@@ -62,7 +63,7 @@ namespace Org.BouncyCastle.Cms
 		private DerObjectIdentifier		_signedContentType;
 		private CmsTypedStream          _signedContent;
 		private IDictionary				_digests;
-		private ISet					_digestOids;
+		private HashSet<string>			_digestOids;
 
 		private SignerInformationStore  _signerInfoStore;
 		private Asn1Set                 _certSet, _crlSet;
@@ -106,7 +107,7 @@ namespace Org.BouncyCastle.Cms
 				this._signedContent = signedContent;
 				this._signedData = SignedDataParser.GetInstance(this.contentInfo.GetContent(Asn1Tags.Sequence));
 				this._digests = Platform.CreateHashtable();
-				this._digestOids = new HashSet();
+				this._digestOids = new HashSet<string>();
 
 				Asn1SetParser digAlgs = _signedData.GetDigestAlgorithms();
 				IAsn1Convertible o;
@@ -177,9 +178,9 @@ namespace Org.BouncyCastle.Cms
 			get { return _signedData.Version.IntValueExact; }
 		}
 
-		public ISet DigestOids
+		public ISet<string> DigestOids
 		{
-			get { return new HashSet(_digestOids); }
+			get { return new HashSet<string>(_digestOids); }
 		}
 
 		/**
diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs
index c19852884..e247beea0 100644
--- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs
@@ -1,6 +1,6 @@
 using System;
 using System.Collections;
-using System.Diagnostics;
+using System.Collections.Generic;
 using System.IO;
 
 using Org.BouncyCastle.Asn1;
@@ -10,9 +10,7 @@ using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.IO;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Security.Certificates;
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.Utilities.IO;
 using Org.BouncyCastle.X509;
 
@@ -43,12 +41,12 @@ namespace Org.BouncyCastle.Cms
     {
 		private static readonly CmsSignedHelper Helper = CmsSignedHelper.Instance;
 
-		private readonly IList      _signerInfs = Platform.CreateArrayList();
-		private readonly ISet		_messageDigestOids = new HashSet();
+		private readonly IList _signerInfs = Platform.CreateArrayList();
+		private readonly HashSet<string> _messageDigestOids = new HashSet<string>();
         private readonly IDictionary _messageDigests = Platform.CreateHashtable();
         private readonly IDictionary _messageHashes = Platform.CreateHashtable();
-		private bool				_messageDigestsLocked;
-        private int					_bufferSize;
+		private bool _messageDigestsLocked;
+        private int _bufferSize;
 
 		private class DigestAndSignerInfoGeneratorHolder
 		{
diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs
index c1d4e0a46..acd353969 100644
--- a/crypto/src/cms/CMSSignedGenerator.cs
+++ b/crypto/src/cms/CMSSignedGenerator.cs
@@ -26,21 +26,19 @@ namespace Org.BouncyCastle.Cms
     public class DefaultSignatureAlgorithmIdentifierFinder
     {
         private static readonly IDictionary algorithms = Platform.CreateHashtable();
-        private static readonly ISet noParams = new HashSet();
+        private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>();
         private static readonly IDictionary _params = Platform.CreateHashtable();
-        private static readonly ISet pkcs15RsaEncryption = new HashSet();
+        private static readonly HashSet<DerObjectIdentifier> pkcs15RsaEncryption = new HashSet<DerObjectIdentifier>();
         private static readonly IDictionary digestOids = Platform.CreateHashtable();
 
-        private static readonly IDictionary digestBuilders = Platform.CreateHashtable();
-
-        private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption;
-        private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1;
-        private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1;
-        private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss;
-        private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94;
-        private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001;
-        private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
-        private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512;
+        //private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption;
+        //private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1;
+        //private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1;
+        //private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss;
+        //private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94;
+        //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001;
+        //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
+        //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512;
 
         static DefaultSignatureAlgorithmIdentifierFinder()
         {
@@ -167,75 +165,75 @@ namespace Org.BouncyCastle.Cms
             // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
             // The parameters field SHALL be NULL for RSA based signature algorithms.
             //
-            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha1);
-            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha224);
-            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha256);
-            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha384);
-            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha512);
-            noParams.Add((object)X9ObjectIdentifiers.IdDsaWithSha1);
-            noParams.Add((object)NistObjectIdentifiers.DsaWithSha224);
-            noParams.Add((object)NistObjectIdentifiers.DsaWithSha256);
-            noParams.Add((object)NistObjectIdentifiers.DsaWithSha384);
-            noParams.Add((object)NistObjectIdentifiers.DsaWithSha512);
-            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_224);
-            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_256);
-            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_384);
-            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_512);
-            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_224);
-            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_256);
-            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_384);
-            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_512);
+            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
+            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
+            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
+            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
+            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
+            noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
+            noParams.Add(NistObjectIdentifiers.DsaWithSha224);
+            noParams.Add(NistObjectIdentifiers.DsaWithSha256);
+            noParams.Add(NistObjectIdentifiers.DsaWithSha384);
+            noParams.Add(NistObjectIdentifiers.DsaWithSha512);
+            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_224);
+            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_256);
+            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_384);
+            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_512);
+            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224);
+            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256);
+            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384);
+            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512);
 
 
             //
             // RFC 4491
             //
-            noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
-            noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
-            noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256);
-            noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512);
+            noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
+            noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+            noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256);
+            noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512);
 
             //
             // SPHINCS-256
             //
-            noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA512);
-            noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA3_512);
+            noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA512);
+            noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
 
             //
             // XMSS
             //
-            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA256);
-            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA512);
-            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE128);
-            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE256);
-            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA256);
-            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA512);
-            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE128);
-            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE256);
+            noParams.Add(BCObjectIdentifiers.xmss_with_SHA256);
+            noParams.Add(BCObjectIdentifiers.xmss_with_SHA512);
+            noParams.Add(BCObjectIdentifiers.xmss_with_SHAKE128);
+            noParams.Add(BCObjectIdentifiers.xmss_with_SHAKE256);
+            noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHA256);
+            noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHA512);
+            noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHAKE128);
+            noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHAKE256);
 
             //
             // SM2
             //
-            noParams.Add((object)GMObjectIdentifiers.sm2sign_with_sha256);
-            noParams.Add((object)GMObjectIdentifiers.sm2sign_with_sm3);
+            noParams.Add(GMObjectIdentifiers.sm2sign_with_sha256);
+            noParams.Add(GMObjectIdentifiers.sm2sign_with_sm3);
 
             //
             // PKCS 1.5 encrypted  algorithms
             //
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha1WithRsaEncryption);
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha224WithRsaEncryption);
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha256WithRsaEncryption);
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha384WithRsaEncryption);
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512WithRsaEncryption);
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
-            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
-            pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
-            pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
-            pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
-            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
-            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
-            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
-            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
+            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
+            pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
+            pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
+            pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
+            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
+            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
+            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
+            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
 
             //
             // explicit params
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 7c7d42ef8..e48041a50 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Cms
         private static readonly IDictionary digestAlgs = Platform.CreateHashtable();
         private static readonly IDictionary digestAliases = Platform.CreateHashtable();
 
-        private static readonly ISet noParams = new HashSet();
+        private static readonly HashSet<string> noParams = new HashSet<string>();
         private static readonly IDictionary ecAlgorithms = Platform.CreateHashtable();
 
         private static void AddEntries(DerObjectIdentifier oid, string digest, string encryption)
diff --git a/crypto/src/crypto/ec/CustomNamedCurves.cs b/crypto/src/crypto/ec/CustomNamedCurves.cs
index b1b97551c..d256dba73 100644
--- a/crypto/src/crypto/ec/CustomNamedCurves.cs
+++ b/crypto/src/crypto/ec/CustomNamedCurves.cs
@@ -895,21 +895,21 @@ namespace Org.BouncyCastle.Crypto.EC
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid)
         {
-            return curves.TryGetValue(oid, out var holder) ? holder : null;
+            return CollectionUtilities.GetValueOrNull(curves, oid);
         }
 
         /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary>
         /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param>
         public static string GetName(DerObjectIdentifier oid)
         {
-            return names.TryGetValue(oid, out var name) ? name : null;
+            return CollectionUtilities.GetValueOrNull(names, oid);
         }
 
         /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary>
         /// <param name="name">The name of the curve.</param>
         public static DerObjectIdentifier GetOid(string name)
         {
-            return objIds.TryGetValue(name, out var oid) ? oid : null;
+            return CollectionUtilities.GetValueOrNull(objIds, name);
         }
 
         /// <summary>Enumerate the available curve names in this registry.</summary>
diff --git a/crypto/src/crypto/generators/OpenBsdBCrypt.cs b/crypto/src/crypto/generators/OpenBsdBCrypt.cs
index d019731d6..40211a51d 100644
--- a/crypto/src/crypto/generators/OpenBsdBCrypt.cs
+++ b/crypto/src/crypto/generators/OpenBsdBCrypt.cs
@@ -1,9 +1,9 @@
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.Text;
 
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Collections;
 
 namespace Org.BouncyCastle.Crypto.Generators
 {
@@ -35,7 +35,7 @@ namespace Org.BouncyCastle.Crypto.Generators
          */
         private static readonly byte[] DecodingTable = new byte[128];
         private static readonly string DefaultVersion = "2y";
-        private static readonly ISet AllowedVersions = new HashSet();
+        private static readonly HashSet<string> AllowedVersions = new HashSet<string>();
 
         static OpenBsdBCrypt()
         {
diff --git a/crypto/src/crypto/operators/Asn1Signature.cs b/crypto/src/crypto/operators/Asn1Signature.cs
index a61b6793d..e079bf8ef 100644
--- a/crypto/src/crypto/operators/Asn1Signature.cs
+++ b/crypto/src/crypto/operators/Asn1Signature.cs
@@ -1,6 +1,6 @@
 using System;
 using System.Collections;
-using System.IO;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.CryptoPro;
@@ -10,9 +10,6 @@ using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.TeleTrust;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
-using Org.BouncyCastle.Crypto.IO;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Collections;
@@ -21,11 +18,9 @@ namespace Org.BouncyCastle.Crypto.Operators
 {
 	internal class X509Utilities
 	{
-        private static readonly Asn1Null derNull = DerNull.Instance;
-
         private static readonly IDictionary algorithms = Platform.CreateHashtable();
 		private static readonly IDictionary exParams = Platform.CreateHashtable();
-		private static readonly ISet        noParams = new HashSet();
+		private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>();
 
 		static X509Utilities()
 		{
@@ -204,7 +199,7 @@ namespace Org.BouncyCastle.Crypto.Operators
         {
             Asn1Encodable parameters = sigAlgId.Parameters;
 
-            if (parameters != null && !derNull.Equals(parameters))
+            if (parameters != null && !DerNull.Instance.Equals(parameters))
             {
                 if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
                 {
diff --git a/crypto/src/ocsp/OCSPUtil.cs b/crypto/src/ocsp/OCSPUtil.cs
index e45b31b0a..e990d1755 100644
--- a/crypto/src/ocsp/OCSPUtil.cs
+++ b/crypto/src/ocsp/OCSPUtil.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.CryptoPro;
@@ -18,7 +19,7 @@ namespace Org.BouncyCastle.Ocsp
 	{
 		private static readonly IDictionary algorithms = Platform.CreateHashtable();
         private static readonly IDictionary oids = Platform.CreateHashtable();
-		private static readonly ISet noParams = new HashSet();
+		private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>();
 
 		static OcspUtilities()
 		{
diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
index 7f409bcf8..be956c6cd 100644
--- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs
+++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections;
+using System.Collections.Generic;
 using System.IO;
 
 using Org.BouncyCastle.Asn1;
@@ -13,10 +14,8 @@ using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.X509;
 using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Asn1.Utilities;
 
 namespace Org.BouncyCastle.Pkcs
 {
@@ -52,7 +51,7 @@ namespace Org.BouncyCastle.Pkcs
         protected static readonly IDictionary exParams = Platform.CreateHashtable();
         protected static readonly IDictionary keyAlgorithms = Platform.CreateHashtable();
         protected static readonly IDictionary oids = Platform.CreateHashtable();
-        protected static readonly ISet noParams = new HashSet();
+        protected static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>();
 
         static Pkcs10CertificationRequest()
         {
diff --git a/crypto/src/pkix/PkixAttrCertChecker.cs b/crypto/src/pkix/PkixAttrCertChecker.cs
index ca49bbd12..3d50bfbbc 100644
--- a/crypto/src/pkix/PkixAttrCertChecker.cs
+++ b/crypto/src/pkix/PkixAttrCertChecker.cs
@@ -1,7 +1,7 @@
 using System;
-using System.Collections;
+using System.Collections.Generic;
 
-using Org.BouncyCastle.Utilities.Collections;
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Pkix
@@ -27,7 +27,7 @@ namespace Org.BouncyCastle.Pkix
 		 *         <code>PkixAttrCertChecker</code>, or <code>null</code> if no
 		 *         extensions are supported
 		 */
-		public abstract ISet GetSupportedExtensions();
+		public abstract ISet<DerObjectIdentifier> GetSupportedExtensions();
 
 		/**
 		* Performs checks on the specified attribute certificate. Every handled
@@ -45,7 +45,7 @@ namespace Org.BouncyCastle.Pkix
 		*             does not pass the check.
 		*/
 		public abstract void Check(X509V2AttributeCertificate attrCert, PkixCertPath certPath,
-			PkixCertPath holderCertPath, ICollection unresolvedCritExts);
+			PkixCertPath holderCertPath, ICollection<string> unresolvedCritExts);
 
 		/**
 		* Returns a clone of this object.
diff --git a/crypto/src/pkix/PkixAttrCertPathBuilder.cs b/crypto/src/pkix/PkixAttrCertPathBuilder.cs
index 1120003a8..6902d76d6 100644
--- a/crypto/src/pkix/PkixAttrCertPathBuilder.cs
+++ b/crypto/src/pkix/PkixAttrCertPathBuilder.cs
@@ -56,15 +56,15 @@ namespace Org.BouncyCastle.Pkix
 			{
 				X509CertStoreSelector certSelector = new X509CertStoreSelector();
 				X509Name[] principals = target.Issuer.GetPrincipals();
-				ISet issuers = new HashSet();
+				var issuers = new HashSet<X509Certificate>();
 				for (int i = 0; i < principals.Length; i++)
 				{
+					// TODO Replace loop with a single multiprincipal selector (or don't even use selector)
 					try
 					{
 						certSelector.Subject = principals[i];
 
-						issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelector,
-							pkixParams.GetStoresCert()));
+						CollectionUtilities.CollectMatches(issuers, certSelector, pkixParams.GetStoresCert());
 					}
 					catch (Exception e)
 					{
@@ -74,7 +74,7 @@ namespace Org.BouncyCastle.Pkix
 					}
 				}
 
-				if (issuers.IsEmpty)
+				if (issuers.Count < 1)
 					throw new PkixCertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
 
                 IList certPathList = Platform.CreateArrayList();
diff --git a/crypto/src/pkix/PkixBuilderParameters.cs b/crypto/src/pkix/PkixBuilderParameters.cs
index 1dcccb2f8..b76c97874 100644
--- a/crypto/src/pkix/PkixBuilderParameters.cs
+++ b/crypto/src/pkix/PkixBuilderParameters.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Text;
 
 using Org.BouncyCastle.Security;
@@ -16,7 +17,7 @@ namespace Org.BouncyCastle.Pkix
 	{
 		private int maxPathLength = 5;
 
-		private ISet excludedCerts = new HashSet();
+		private ISet<X509Certificate> excludedCerts = new HashSet<X509Certificate>();
 
 		/**
 		* Returns an instance of <code>PkixBuilderParameters</code>.
@@ -40,12 +41,12 @@ namespace Org.BouncyCastle.Pkix
 			return parameters;
 		}
 
-		public PkixBuilderParameters(ISet trustAnchors, ISelector<X509Certificate> targetConstraintsCert)
+		public PkixBuilderParameters(ISet<TrustAnchor> trustAnchors, ISelector<X509Certificate> targetConstraintsCert)
 			: this(trustAnchors, targetConstraintsCert, null)
 		{
 		}
 
-		public PkixBuilderParameters(ISet trustAnchors, ISelector<X509Certificate> targetConstraintsCert,
+		public PkixBuilderParameters(ISet<TrustAnchor> trustAnchors, ISelector<X509Certificate> targetConstraintsCert,
 			ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert)
 			: base(trustAnchors)
 		{
@@ -71,9 +72,9 @@ namespace Org.BouncyCastle.Pkix
 		/// Excluded certificates are not used for building a certification path.
 		/// </summary>
 		/// <returns>the excluded certificates.</returns>
-		public virtual ISet GetExcludedCerts()
+		public virtual ISet<X509Certificate> GetExcludedCerts()
 		{
-			return new HashSet(excludedCerts);
+			return new HashSet<X509Certificate>(excludedCerts);
 		}
 
 		/// <summary>
@@ -85,16 +86,15 @@ namespace Org.BouncyCastle.Pkix
 		/// The given set is cloned to protect it against subsequent modifications.
 		/// </remarks>
 		/// <param name="excludedCerts">The excluded certificates to set.</param>
-		public virtual void SetExcludedCerts(
-			ISet excludedCerts)
+		public virtual void SetExcludedCerts(ISet<X509Certificate> excludedCerts)
 		{
 			if (excludedCerts == null)
 			{
-				this.excludedCerts = new HashSet();
+				this.excludedCerts = new HashSet<X509Certificate>();
 			}
 			else
 			{
-				this.excludedCerts = new HashSet(excludedCerts);
+				this.excludedCerts = new HashSet<X509Certificate>(excludedCerts);
 			}
 		}
 
@@ -105,15 +105,13 @@ namespace Org.BouncyCastle.Pkix
 		* @param params Parameters to set.
 		* @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
 		*/
-		protected override void SetParams(
-			PkixParameters parameters)
+		protected override void SetParams(PkixParameters parameters)
 		{
 			base.SetParams(parameters);
-			if (parameters is PkixBuilderParameters)
+			if (parameters is PkixBuilderParameters _params)
 			{
-				PkixBuilderParameters _params = (PkixBuilderParameters) parameters;
 				maxPathLength = _params.maxPathLength;
-				excludedCerts = new HashSet(_params.excludedCerts);
+				excludedCerts = new HashSet<X509Certificate>(_params.excludedCerts);
 			}
 		}
 
diff --git a/crypto/src/pkix/PkixCertPathBuilder.cs b/crypto/src/pkix/PkixCertPathBuilder.cs
index 3ef66b1b9..970fceb99 100644
--- a/crypto/src/pkix/PkixCertPathBuilder.cs
+++ b/crypto/src/pkix/PkixCertPathBuilder.cs
@@ -1,19 +1,11 @@
 using System;
 using System.Collections;
-using System.Text;
-
-using Org.BouncyCastle.Asn1.IsisMtt;
-using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Asn1.X500;
-using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Math;
+using System.Collections.Generic;
+
 using Org.BouncyCastle.Security.Certificates;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.X509;
-using Org.BouncyCastle.X509.Store;
 
 namespace Org.BouncyCastle.Pkix
 {
@@ -38,11 +30,10 @@ namespace Org.BouncyCastle.Pkix
 
 			var certSelector = pkixParams.GetTargetConstraintsCert();
 
-			ISet targets = new HashSet();
+			var targets = new HashSet<X509Certificate>();
 			try
 			{
-				targets.AddAll(
-					PkixCertPathValidatorUtilities.FindCertificates(certSelector, pkixParams.GetStoresCert()));
+				CollectionUtilities.CollectMatches(targets, certSelector, pkixParams.GetStoresCert());
 			}
 			catch (Exception e)
 			{
@@ -50,7 +41,7 @@ namespace Org.BouncyCastle.Pkix
 					"Error finding target certificate.", e);
 			}
 
-			if (targets.IsEmpty)
+			if (targets.Count < 1)
 				throw new PkixCertPathBuilderException("No certificate found matching targetConstraints.");
 
 			PkixCertPathBuilderResult result = null;
diff --git a/crypto/src/pkix/PkixCertPathChecker.cs b/crypto/src/pkix/PkixCertPathChecker.cs
index da7e82b46..08b7e3d41 100644
--- a/crypto/src/pkix/PkixCertPathChecker.cs
+++ b/crypto/src/pkix/PkixCertPathChecker.cs
@@ -1,4 +1,5 @@
-using Org.BouncyCastle.Utilities.Collections;
+using System.Collections.Generic;
+
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Pkix
@@ -63,7 +64,7 @@ namespace Org.BouncyCastle.Pkix
          *         <code>PKIXCertPathChecker</code>, or <code>null</code> if no
          *         extensions are supported
          */
-        public abstract ISet GetSupportedExtensions();
+        public abstract ISet<string> GetSupportedExtensions();
 
         /**
          * Performs the check(s) on the specified certificate using its internal
@@ -80,7 +81,7 @@ namespace Org.BouncyCastle.Pkix
          * @exception CertPathValidatorException
          *                if the specified certificate does not pass the check
          */
-        public abstract void Check(X509Certificate cert, ISet unresolvedCritExts);
+        public abstract void Check(X509Certificate cert, ISet<string> unresolvedCritExts);
         //throws CertPathValidatorException;
 
         /**
diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs
index 95939e0bd..cebeed46f 100644
--- a/crypto/src/pkix/PkixCertPathValidator.cs
+++ b/crypto/src/pkix/PkixCertPathValidator.cs
@@ -71,7 +71,7 @@ namespace Org.BouncyCastle.Pkix
             //
             // (c)
             //
-            ISet userInitialPolicySet = paramsPkix.GetInitialPolicies();
+            var userInitialPolicySet = paramsPkix.GetInitialPolicies();
 
             //
             // (d)
@@ -113,12 +113,12 @@ namespace Org.BouncyCastle.Pkix
                 policyNodes[j] = new List<PkixPolicyNode>();
             }
 
-            ISet policySet = new HashSet();
+            var policySet = new HashSet<string>();
 
             policySet.Add(Rfc3280CertPathUtilities.ANY_POLICY);
 
-            var validPolicyTree = new PkixPolicyNode(new List<PkixPolicyNode>(), 0, policySet, null, new HashSet(),
-                Rfc3280CertPathUtilities.ANY_POLICY, false);
+            var validPolicyTree = new PkixPolicyNode(new List<PkixPolicyNode>(), 0, policySet, null,
+                new HashSet<PolicyQualifierInfo>(), Rfc3280CertPathUtilities.ANY_POLICY, false);
 
             policyNodes[0].Add(validPolicyTree);
 
@@ -130,7 +130,7 @@ namespace Org.BouncyCastle.Pkix
             // (d)
             //
             int explicitPolicy;
-            ISet acceptablePolicies = new HashSet();
+            var acceptablePolicies = new HashSet<string>();
 
             if (paramsPkix.IsExplicitPolicyRequired)
             {
@@ -326,11 +326,11 @@ namespace Org.BouncyCastle.Pkix
                     // (n)
                     Rfc3280CertPathUtilities.PrepareNextCertN(certPath, index);
 
-					ISet criticalExtensions1 = cert.GetCriticalExtensionOids();
+					var criticalExtensions1 = cert.GetCriticalExtensionOids();
 
 					if (criticalExtensions1 != null)
 					{
-						criticalExtensions1 = new HashSet(criticalExtensions1);
+						criticalExtensions1 = new HashSet<string>(criticalExtensions1);
 
 						// these extensions are handled by the algorithm
 						criticalExtensions1.Remove(X509Extensions.KeyUsage.Id);
@@ -346,7 +346,7 @@ namespace Org.BouncyCastle.Pkix
 					}
 					else
 					{
-						criticalExtensions1 = new HashSet();
+						criticalExtensions1 = new HashSet<string>();
 					}
 
 					// (o)
@@ -391,11 +391,11 @@ namespace Org.BouncyCastle.Pkix
             //
             // (f)
             //
-            ISet criticalExtensions = cert.GetCriticalExtensionOids();
+            var criticalExtensions = cert.GetCriticalExtensionOids();
 
             if (criticalExtensions != null)
             {
-                criticalExtensions = new HashSet(criticalExtensions);
+                criticalExtensions = new HashSet<string>(criticalExtensions);
 
                 // Requires .Id
                 // these extensions are handled by the algorithm
@@ -413,13 +413,13 @@ namespace Org.BouncyCastle.Pkix
             }
             else
             {
-                criticalExtensions = new HashSet();
+                criticalExtensions = new HashSet<string>();
             }
 
             Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, certPathCheckers, criticalExtensions);
 
-            PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, userInitialPolicySet,
-                    index + 1, policyNodes, validPolicyTree, acceptablePolicies);
+            PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix,
+                userInitialPolicySet, index + 1, policyNodes, validPolicyTree, acceptablePolicies);
 
             if ((explicitPolicy > 0) || (intersection != null))
             {
diff --git a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
index 731f8dfe0..fc65b2535 100644
--- a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
+++ b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
@@ -61,11 +61,9 @@ namespace Org.BouncyCastle.Pkix
 		/// <code>null</code> if not.
 		/// </returns>
 		/// @exception
-		internal static TrustAnchor FindTrustAnchor(
-			X509Certificate	cert,
-			ISet			trustAnchors)
+		internal static TrustAnchor FindTrustAnchor(X509Certificate	cert, ISet<TrustAnchor> trustAnchors)
 		{
-			IEnumerator iter = trustAnchors.GetEnumerator();
+			var iter = trustAnchors.GetEnumerator();
 			TrustAnchor trust = null;
 			AsymmetricKeyParameter trustPublicKey = null;
 			Exception invalidKeyEx = null;
@@ -83,7 +81,7 @@ namespace Org.BouncyCastle.Pkix
 
 			while (iter.MoveNext() && trust == null)
 			{
-				trust = (TrustAnchor) iter.Current;
+				trust = iter.Current;
 				if (trust.TrustedCert != null)
 				{
 					if (certSelectX509.Match(trust.TrustedCert))
@@ -143,9 +141,7 @@ namespace Org.BouncyCastle.Pkix
 			return trust;
 		}
 
-        internal static bool IsIssuerTrustAnchor(
-            X509Certificate cert,
-            ISet trustAnchors)
+        internal static bool IsIssuerTrustAnchor(X509Certificate cert, ISet<TrustAnchor> trustAnchors)
         {
             try
             {
@@ -236,10 +232,9 @@ namespace Org.BouncyCastle.Pkix
 			}
 		}
 
-		internal static bool IsAnyPolicy(
-			ISet policySet)
+		internal static bool IsAnyPolicy(ISet<string> policySet)
 		{
-			return policySet == null || policySet.Contains(ANY_POLICY) || policySet.Count == 0;
+			return policySet == null || policySet.Count < 1 || policySet.Contains(ANY_POLICY);
 		}
 
 		internal static void AddAdditionalStoreFromLocation(
@@ -310,23 +305,22 @@ namespace Org.BouncyCastle.Pkix
 		// policy checking
 		//
 
-		internal static ISet GetQualifierSet(Asn1Sequence qualifiers)
+		internal static ISet<PolicyQualifierInfo> GetQualifierSet(Asn1Sequence qualifiers)
 		{
-			ISet pq = new HashSet();
-
-			if (qualifiers == null)
-				return pq;
+			var pq = new HashSet<PolicyQualifierInfo>();
 
-			foreach (Asn1Encodable ae in qualifiers)
-			{
-				try
-				{
-					pq.Add(PolicyQualifierInfo.GetInstance(Asn1Object.FromByteArray(ae.GetEncoded())));
-					//pq.Add(PolicyQualifierInfo.GetInstance(ae.ToAsn1Object()));
-				}
-				catch (IOException ex)
+			if (qualifiers != null)
+            {
+				foreach (Asn1Encodable ae in qualifiers)
 				{
-					throw new PkixCertPathValidatorException("Policy qualifier info cannot be decoded.", ex);
+					try
+					{
+                        pq.Add(PolicyQualifierInfo.GetInstance(ae.ToAsn1Object()));
+                    }
+					catch (IOException ex)
+					{
+						throw new PkixCertPathValidatorException("Policy qualifier info cannot be decoded.", ex);
+					}
 				}
 			}
 
@@ -374,90 +368,78 @@ namespace Org.BouncyCastle.Pkix
 			}
 		}
 
-		internal static void PrepareNextCertB1(
-			int i,
-			IList[] policyNodes,
-			string id_p,
-			IDictionary m_idp,
-			X509Certificate cert)
+		internal static void PrepareNextCertB1(int i, IList<PkixPolicyNode>[] policyNodes, string id_p,
+			IDictionary<string, ISet<string>> m_idp, X509Certificate cert)
 		{
-			bool idp_found = false;
-			IEnumerator nodes_i = policyNodes[i].GetEnumerator();
-			while (nodes_i.MoveNext())
+			foreach (var node in policyNodes[i])
 			{
-				PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
 				if (node.ValidPolicy.Equals(id_p))
 				{
-					idp_found = true;
-					node.ExpectedPolicies = (ISet)m_idp[id_p];
-					break;
+					node.ExpectedPolicies = CollectionUtilities.GetValueOrNull(m_idp, id_p);
+					return;
 				}
 			}
 
-			if (!idp_found)
+			foreach (var node in policyNodes[i])
 			{
-				nodes_i = policyNodes[i].GetEnumerator();
-				while (nodes_i.MoveNext())
+				if (ANY_POLICY.Equals(node.ValidPolicy))
 				{
-					PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
-					if (ANY_POLICY.Equals(node.ValidPolicy))
+					Asn1Sequence policies;
+					try
+					{
+						policies = Asn1Sequence.GetInstance(
+							GetExtensionValue(cert, X509Extensions.CertificatePolicies));
+					}
+					catch (Exception e)
 					{
-						ISet pq = null;
-						Asn1Sequence policies = null;
+						throw new Exception("Certificate policies cannot be decoded.", e);
+					}
+
+					ISet<PolicyQualifierInfo> pq = null;
+
+					foreach (var policy in policies)
+					{
+						PolicyInformation pinfo;
 						try
 						{
-							policies = DerSequence.GetInstance(GetExtensionValue(cert, X509Extensions.CertificatePolicies));
+							pinfo = PolicyInformation.GetInstance(policy);
 						}
-						catch (Exception e)
+						catch (Exception ex)
 						{
-							throw new Exception("Certificate policies cannot be decoded.", e);
+							throw new Exception("Policy information cannot be decoded.", ex);
 						}
 
-						IEnumerator enm = policies.GetEnumerator();
-						while (enm.MoveNext())
+						if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id))
 						{
-							PolicyInformation pinfo = null;
-
 							try
 							{
-								pinfo = PolicyInformation.GetInstance(enm.Current);
+								pq = GetQualifierSet(pinfo.PolicyQualifiers);
 							}
-							catch (Exception ex)
+							catch (PkixCertPathValidatorException ex)
 							{
-								throw new Exception("Policy information cannot be decoded.", ex);
+								throw new PkixCertPathValidatorException(
+									"Policy qualifier info set could not be built.", ex);
 							}
-
-							if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id))
-							{
-								try
-								{
-									pq = GetQualifierSet(pinfo.PolicyQualifiers);
-								}
-								catch (PkixCertPathValidatorException ex)
-								{
-									throw new PkixCertPathValidatorException(
-										"Policy qualifier info set could not be built.", ex);
-								}
-								break;
-							}
-						}
-						bool ci = false;
-						ISet critExtOids = cert.GetCriticalExtensionOids();
-						if (critExtOids != null)
-						{
-							ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
+							break;
 						}
+					}
 
-						PkixPolicyNode p_node = node.Parent;
-						if (ANY_POLICY.Equals(p_node.ValidPolicy))
-						{
-							PkixPolicyNode c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i, (ISet)m_idp[id_p],
-								p_node, pq, id_p, ci);
-							p_node.AddChild(c_node);
-							policyNodes[i].Add(c_node);
-						}
-						break;
+					bool ci = false;
+					var critExtOids = cert.GetCriticalExtensionOids();
+					if (critExtOids != null)
+					{
+						ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
+					}
+
+					PkixPolicyNode p_node = node.Parent;
+					if (ANY_POLICY.Equals(p_node.ValidPolicy))
+					{
+						PkixPolicyNode c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i,
+							CollectionUtilities.GetValueOrNull(m_idp, id_p), p_node, pq, id_p, ci);
+						p_node.AddChild(c_node);
+						policyNodes[i].Add(c_node);
 					}
+					break;
 				}
 			}
 		}
@@ -687,25 +669,6 @@ namespace Org.BouncyCastle.Pkix
 			return ((X509Certificate)certPath.Certificates[index - 1]).NotBefore;
 		}
 
-		/// <summary>
-		/// Return a Collection of all certificates found
-		/// in the stores that are matching the certSelector criteria.
-		/// </summary>
-		/// <param name="certSelector">an <see cref="ISelector{T}"/> object that will be used to select
-		/// the certificates.</param>
-		/// <param name="certStores">a List containing only IStore objects. These
-		/// are used to search for certificates.</param>
-		/// <returns>a Collection of all found <see cref="X509Certificate"/> objects.
-		/// May be empty but never <code>null</code>.</returns>
-		/// <exception cref="Exception"></exception>
-		internal static List<X509Certificate> FindCertificates(ISelector<X509Certificate> certSelector,
-			IList<IStore<X509Certificate>> certStores)
-		{
-			var result = new List<X509Certificate>();
-			CollectionUtilities.CollectMatches(result, certSelector, certStores);
-			return result;
-		}
-
 		/**
 		* Add the CRL issuers from the cRLIssuer field of the distribution point or
 		* from the certificate if not given to the issuer criterion of the
@@ -728,7 +691,7 @@ namespace Org.BouncyCastle.Pkix
 		*/
 		internal static void GetCrlIssuersFromDistributionPoint(
 			DistributionPoint		dp,
-			ICollection				issuerPrincipals,
+			ICollection<X509Name>	issuerPrincipals,
 			X509CrlStoreSelector	selector,
 			PkixParameters			pkixParams)
 		{
@@ -843,7 +806,7 @@ namespace Org.BouncyCastle.Pkix
 			X509CrlStoreSelector crlselect = new X509CrlStoreSelector();
 			try
 			{
-				ISet issuers = new HashSet();
+				var issuers = new HashSet<X509Name>();
 				issuers.Add(certObjIssuer);
 
 				GetCrlIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
@@ -954,7 +917,7 @@ namespace Org.BouncyCastle.Pkix
 
 			foreach (X509Crl crl in temp)
 			{
-				if (isDeltaCrl(crl))
+				if (IsDeltaCrl(crl))
 				{
 					result.Add(crl);
 				}
@@ -963,10 +926,9 @@ namespace Org.BouncyCastle.Pkix
 			return result;
 		}
 
-		private static bool isDeltaCrl(
-			X509Crl crl)
+		private static bool IsDeltaCrl(X509Crl crl)
 		{
-			ISet critical = crl.GetCriticalExtensionOids();
+			var critical = crl.GetCriticalExtensionOids();
 
 			return critical.Contains(X509Extensions.DeltaCrlIndicator.Id);
 		}
@@ -1013,13 +975,13 @@ namespace Org.BouncyCastle.Pkix
 		}
 
 		internal static bool ProcessCertD1i(int index, IList<PkixPolicyNode>[] policyNodes, DerObjectIdentifier	pOid,
-			ISet pq)
+			ISet<PolicyQualifierInfo> pq)
 		{
 			foreach (var node in policyNodes[index - 1])
 			{
 				if (node.ExpectedPolicies.Contains(pOid.Id))
 				{
-					var childExpectedPolicies = new HashSet();
+					var childExpectedPolicies = new HashSet<string>();
 					childExpectedPolicies.Add(pOid.Id);
 
                     var child = new PkixPolicyNode(new List<PkixPolicyNode>(), index, childExpectedPolicies, node, pq,
@@ -1035,13 +997,13 @@ namespace Org.BouncyCastle.Pkix
 		}
 
 		internal static void ProcessCertD1ii(int index, IList<PkixPolicyNode>[] policyNodes,
-			DerObjectIdentifier _poid, ISet _pq)
+			DerObjectIdentifier _poid, ISet<PolicyQualifierInfo> _pq)
 		{
 			foreach (var _node in policyNodes[index - 1])
 			{
 				if (ANY_POLICY.Equals(_node.ValidPolicy))
 				{
-					ISet _childExpectedPolicies = new HashSet();
+					var _childExpectedPolicies = new HashSet<string>();
 					_childExpectedPolicies.Add(_poid.Id);
 
                     var _child = new PkixPolicyNode(new List<PkixPolicyNode>(), index, _childExpectedPolicies, _node,
diff --git a/crypto/src/pkix/PkixCrlUtilities.cs b/crypto/src/pkix/PkixCrlUtilities.cs
index 341c9a514..8740cc780 100644
--- a/crypto/src/pkix/PkixCrlUtilities.cs
+++ b/crypto/src/pkix/PkixCrlUtilities.cs
@@ -52,21 +52,17 @@ namespace Org.BouncyCastle.Pkix
 			return finalSet;
 		}
 
-		public virtual ISet FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
+		public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
 		{
-			ISet completeSet = new HashSet();
-
 			// get complete CRL(s)
 			try
 			{
-				completeSet.AddAll(FindCrls(crlSelector, paramsPkix.GetStoresCrl()));
+				return FindCrls(crlSelector, paramsPkix.GetStoresCrl());
 			}
 			catch (Exception e)
 			{
 				throw new Exception("Exception obtaining complete CRLs.", e);
 			}
-
-			return completeSet;
 		}
 
 		/// <summary>
diff --git a/crypto/src/pkix/PkixParameters.cs b/crypto/src/pkix/PkixParameters.cs
index 32189acfb..eb741fece 100644
--- a/crypto/src/pkix/PkixParameters.cs
+++ b/crypto/src/pkix/PkixParameters.cs
@@ -41,11 +41,11 @@ namespace Org.BouncyCastle.Pkix
 		*/
 		public const int ChainValidityModel = 1;
 
-		private ISet trustAnchors;
+		private HashSet<TrustAnchor> trustAnchors;
 		private DateTimeObject date;
 		private IList certPathCheckers;
 		private bool revocationEnabled = true;
-		private ISet initialPolicies;
+		private HashSet<string> initialPolicies;
 		//private bool checkOnlyEECertificateCrl = false;
 		private bool explicitPolicyRequired = false;
 		private bool anyPolicyInhibited = false;
@@ -85,12 +85,11 @@ namespace Org.BouncyCastle.Pkix
 		 *                if any of the elements in the Set are not of type
 		 *                <code>java.security.cert.TrustAnchor</code>
 		 */
-		public PkixParameters(
-			ISet trustAnchors)
+		public PkixParameters(ISet<TrustAnchor> trustAnchors)
 		{
 			SetTrustAnchors(trustAnchors);
 
-			this.initialPolicies = new HashSet();
+			this.initialPolicies = new HashSet<string>();
 			this.certPathCheckers = Platform.CreateArrayList();
 			this.m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>();
 			this.m_storesCert = new List<IStore<X509Certificate>>();
@@ -186,23 +185,22 @@ namespace Org.BouncyCastle.Pkix
 		}
 
 		// Returns a Set of the most-trusted CAs.
-		public virtual ISet GetTrustAnchors()
+		public virtual ISet<TrustAnchor> GetTrustAnchors()
 		{
-			return new HashSet(this.trustAnchors);
+			return new HashSet<TrustAnchor>(this.trustAnchors);
 		}
 
 		// Sets the set of most-trusted CAs.
 		// Set is copied to protect against subsequent modifications.
-		public virtual void SetTrustAnchors(
-			ISet tas)
+		public virtual void SetTrustAnchors(ISet<TrustAnchor> tas)
 		{
 			if (tas == null)
 				throw new ArgumentNullException("value");
-			if (tas.IsEmpty)
+			if (tas.Count < 1)
 				throw new ArgumentException("non-empty set required", "value");
 
 			// Explicit copy to enforce type-safety
-			this.trustAnchors = new HashSet();
+			this.trustAnchors = new HashSet<TrustAnchor>();
 			foreach (TrustAnchor ta in tas)
 			{
 				if (ta != null)
@@ -311,17 +309,13 @@ namespace Org.BouncyCastle.Pkix
 		*
 		* @see #setInitialPolicies(java.util.Set)
 		*/
-		public virtual ISet GetInitialPolicies()
+		public virtual ISet<string> GetInitialPolicies()
 		{
-			ISet returnSet = initialPolicies;
-
 			// TODO Can it really be null?
 			if (initialPolicies == null)
-			{
-				returnSet = new HashSet();
-			}
+				return new HashSet<string>();
 
-			return new HashSet(returnSet);
+			return new HashSet<string>(initialPolicies);
 		}
 
 		/**
@@ -345,10 +339,9 @@ namespace Org.BouncyCastle.Pkix
 		*
 		* @see #getInitialPolicies()
 		*/
-		public virtual void SetInitialPolicies(
-			ISet initialPolicies)
+		public virtual void SetInitialPolicies(ISet<string> initialPolicies)
 		{
-			this.initialPolicies = new HashSet();
+			this.initialPolicies = new HashSet<string>();
 			if (initialPolicies != null)
 			{
 				foreach (string obj in initialPolicies)
diff --git a/crypto/src/pkix/PkixPolicyNode.cs b/crypto/src/pkix/PkixPolicyNode.cs
index 2e2e39caf..0ea80b258 100644
--- a/crypto/src/pkix/PkixPolicyNode.cs
+++ b/crypto/src/pkix/PkixPolicyNode.cs
@@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.Text;
 
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Collections;
 
@@ -15,9 +16,9 @@ namespace Org.BouncyCastle.Pkix
 	{
 		protected IList<PkixPolicyNode> mChildren;
 		protected int				mDepth;
-		protected ISet				mExpectedPolicies;
+		protected ISet<string>		mExpectedPolicies;
 		protected PkixPolicyNode	mParent;
-		protected ISet				mPolicyQualifiers;
+		protected ISet<PolicyQualifierInfo> mPolicyQualifiers;
 		protected string			mValidPolicy;
 		protected bool				mCritical;
 
@@ -37,9 +38,9 @@ namespace Org.BouncyCastle.Pkix
 			set { this.mCritical = value; }
 		}
 
-		public virtual ISet PolicyQualifiers
+		public virtual ISet<PolicyQualifierInfo> PolicyQualifiers
 		{
-			get { return new HashSet(this.mPolicyQualifiers); }
+			get { return new HashSet<PolicyQualifierInfo>(this.mPolicyQualifiers); }
 		}
 
 		public virtual string ValidPolicy
@@ -52,10 +53,10 @@ namespace Org.BouncyCastle.Pkix
 			get { return mChildren.Count != 0; }
 		}
 
-		public virtual ISet ExpectedPolicies
+		public virtual ISet<string> ExpectedPolicies
 		{
-			get { return new HashSet(this.mExpectedPolicies); }
-			set { this.mExpectedPolicies = new HashSet(value); }
+			get { return new HashSet<string>(this.mExpectedPolicies); }
+			set { this.mExpectedPolicies = new HashSet<string>(value); }
 		}
 
 		public virtual PkixPolicyNode Parent
@@ -68,9 +69,9 @@ namespace Org.BouncyCastle.Pkix
 		public PkixPolicyNode(
 			IEnumerable<PkixPolicyNode> children,
 			int				depth,
-			ISet			expectedPolicies,
+			ISet<string>	expectedPolicies,
 			PkixPolicyNode	parent,
-			ISet			policyQualifiers,
+			ISet<PolicyQualifierInfo> policyQualifiers,
 			string			validPolicy,
 			bool			critical)
 		{
@@ -139,9 +140,9 @@ namespace Org.BouncyCastle.Pkix
 			PkixPolicyNode node = new PkixPolicyNode(
 				new List<PkixPolicyNode>(),
 				mDepth,
-				new HashSet(mExpectedPolicies),
+				new HashSet<string>(mExpectedPolicies),
 				null,
-				new HashSet(mPolicyQualifiers),
+				new HashSet<PolicyQualifierInfo>(mPolicyQualifiers),
 				mValidPolicy,
 				mCritical);
 
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index 7359d2568..07293dfaf 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -378,7 +378,7 @@ namespace Org.BouncyCastle.Pkix
 		}
 
 		/// <exception cref="PkixCertPathValidatorException"/>
-		internal static PkixPolicyNode ProcessCertD(PkixCertPath certPath, int index, ISet acceptablePolicies,
+		internal static PkixPolicyNode ProcessCertD(PkixCertPath certPath, int index, ISet<string> acceptablePolicies,
 			PkixPolicyNode validPolicyTree, IList<PkixPolicyNode>[] policyNodes, int inhibitAnyPolicy)
 		{
 			IList certs = certPath.Certificates;
@@ -406,7 +406,7 @@ namespace Org.BouncyCastle.Pkix
 				//
 				// (d) (1)
 				//
-				ISet pols = new HashSet();
+				var pols = new HashSet<string>();
 
 				foreach (Asn1Encodable ae in certPolicies)
 				{
@@ -417,7 +417,7 @@ namespace Org.BouncyCastle.Pkix
 
 					if (!ANY_POLICY.Equals(pOid.Id))
 					{
-						ISet pq = null;
+						ISet<PolicyQualifierInfo> pq;
 						try
 						{
 							pq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers);
@@ -437,16 +437,16 @@ namespace Org.BouncyCastle.Pkix
 					}
 				}
 
-				if (acceptablePolicies.IsEmpty || acceptablePolicies.Contains(ANY_POLICY))
+				if (acceptablePolicies.Count < 1 || acceptablePolicies.Contains(ANY_POLICY))
 				{
 					acceptablePolicies.Clear();
-					acceptablePolicies.AddAll(pols);
+					acceptablePolicies.UnionWith(pols);
 				}
 				else
 				{
-					ISet t1 = new HashSet();
+					var t1 = new HashSet<string>();
 
-					foreach (object o in acceptablePolicies)
+					foreach (var o in acceptablePolicies)
 					{
 						if (pols.Contains(o))
 						{
@@ -454,7 +454,7 @@ namespace Org.BouncyCastle.Pkix
 						}
 					}
 					acceptablePolicies.Clear();
-					acceptablePolicies.AddAll(t1);
+					acceptablePolicies.UnionWith(t1);
 				}
 
 				//
@@ -467,26 +467,12 @@ namespace Org.BouncyCastle.Pkix
 						PolicyInformation pInfo = PolicyInformation.GetInstance(ae.ToAsn1Object());
 						if (ANY_POLICY.Equals(pInfo.PolicyIdentifier.Id))
 						{
-							ISet _apq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers);
+							var _apq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers);
 
 							foreach (var _node in policyNodes[i - 1])
 							{
-								foreach (var _tmp in _node.ExpectedPolicies)
+								foreach (var _policy in _node.ExpectedPolicies)
 								{
-									string _policy;
-									if (_tmp is string)
-									{
-										_policy = (string)_tmp;
-									}
-									else if (_tmp is DerObjectIdentifier)
-									{
-										_policy = ((DerObjectIdentifier)_tmp).Id;
-									}
-									else
-									{
-										continue;
-									}
-
 									bool _found = false;
 
 									foreach (PkixPolicyNode _child in _node.Children)
@@ -494,12 +480,13 @@ namespace Org.BouncyCastle.Pkix
 										if (_policy.Equals(_child.ValidPolicy))
 										{
 											_found = true;
+											break;
 										}
 									}
 
 									if (!_found)
 									{
-										var _newChildExpectedPolicies = new HashSet();
+										var _newChildExpectedPolicies = new HashSet<string>();
 										_newChildExpectedPolicies.Add(_policy);
 
 										var _newChild = new PkixPolicyNode(new List<PkixPolicyNode>(), i,
@@ -538,7 +525,7 @@ namespace Org.BouncyCastle.Pkix
 				//
 				// d (4)
 				//
-				ISet criticalExtensionOids = cert.GetCriticalExtensionOids();
+				var criticalExtensionOids = cert.GetCriticalExtensionOids();
 
 				if (criticalExtensionOids != null)
 				{
@@ -568,10 +555,7 @@ namespace Org.BouncyCastle.Pkix
 		* @throws AnnotatedException if one of the above conditions does not apply or an error
 		*                            occurs.
 		*/
-		internal static void ProcessCrlB1(
-			DistributionPoint	dp,
-			object				cert,
-			X509Crl				crl)
+		internal static void ProcessCrlB1(DistributionPoint dp, object cert, X509Crl crl)
 		{
 			Asn1Object idp = PkixCertPathValidatorUtilities.GetExtensionValue(
 				crl, X509Extensions.IssuingDistributionPoint);
@@ -584,6 +568,7 @@ namespace Org.BouncyCastle.Pkix
 					isIndirect = true;
 				}
 			}
+
 			byte[] issuerBytes = crl.IssuerDN.GetEncoded();
 
 			bool matchIssuer = false;
@@ -596,7 +581,7 @@ namespace Org.BouncyCastle.Pkix
 					{
 						try
 						{
-							if (Org.BouncyCastle.Utilities.Arrays.AreEqual(genNames[j].Name.ToAsn1Object().GetEncoded(), issuerBytes))
+							if (Arrays.AreEqual(genNames[j].Name.GetEncoded(), issuerBytes))
 							{
 								matchIssuer = true;
 							}
@@ -630,12 +615,10 @@ namespace Org.BouncyCastle.Pkix
 			}
 		}
 
-		internal static ReasonsMask ProcessCrlD(
-			X509Crl				crl,
-			DistributionPoint	dp)
+		internal static ReasonsMask ProcessCrlD(X509Crl crl, DistributionPoint dp)
 			//throws AnnotatedException
 		{
-			IssuingDistributionPoint idp = null;
+			IssuingDistributionPoint idp;
 			try
 			{
 				idp = IssuingDistributionPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, X509Extensions.IssuingDistributionPoint));
@@ -648,8 +631,7 @@ namespace Org.BouncyCastle.Pkix
 			// (d) (1)
 			if (idp != null && idp.OnlySomeReasons != null && dp.Reasons != null)
 			{
-				return new ReasonsMask(dp.Reasons.IntValue).Intersect(new ReasonsMask(idp.OnlySomeReasons
-					.IntValue));
+				return new ReasonsMask(dp.Reasons.IntValue).Intersect(new ReasonsMask(idp.OnlySomeReasons.IntValue));
 			}
 			// (d) (4)
 			if ((idp == null || idp.OnlySomeReasons == null) && dp.Reasons == null)
@@ -659,8 +641,7 @@ namespace Org.BouncyCastle.Pkix
 
 			// (d) (2) and (d)(3)
 
-			ReasonsMask dpReasons = null;
-
+			ReasonsMask dpReasons;
 			if (dp.Reasons == null)
 			{
 				dpReasons = ReasonsMask.AllReasons;
@@ -670,8 +651,7 @@ namespace Org.BouncyCastle.Pkix
 				dpReasons = new ReasonsMask(dp.Reasons.IntValue);
 			}
 
-			ReasonsMask idpReasons = null;
-
+			ReasonsMask idpReasons;
 			if (idp == null)
 			{
 				idpReasons = ReasonsMask.AllReasons;
@@ -703,7 +683,7 @@ namespace Org.BouncyCastle.Pkix
 		* @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
 		*                            some error occurs.
 		*/
-		internal static ISet ProcessCrlF(
+		internal static ISet<AsymmetricKeyParameter> ProcessCrlF(
 			X509Crl					crl,
 			object					cert,
 			X509Certificate			defaultCRLSignCert,
@@ -740,8 +720,8 @@ namespace Org.BouncyCastle.Pkix
 			signingCerts.Add(defaultCRLSignCert);
 
 
-            IList validCerts = Platform.CreateArrayList();
-            IList validKeys = Platform.CreateArrayList();
+            var validCerts = new List<X509Certificate>();
+			var validKeys = new List<AsymmetricKeyParameter>();
 
 			foreach (X509Certificate signingCert in signingCerts)
 			{
@@ -796,7 +776,7 @@ namespace Org.BouncyCastle.Pkix
                 }
 			}
 
-			ISet checkKeys = new HashSet();
+			var checkKeys = new HashSet<AsymmetricKeyParameter>();
 
 			Exception lastException = null;
 			for (int i = 0; i < validCerts.Count; i++)
@@ -827,9 +807,7 @@ namespace Org.BouncyCastle.Pkix
 			return checkKeys;
 		}
 
-		internal static AsymmetricKeyParameter ProcessCrlG(
-			X509Crl	crl,
-			ISet	keys)
+		internal static AsymmetricKeyParameter ProcessCrlG(X509Crl crl, ISet<AsymmetricKeyParameter> keys)
 		{
 			Exception lastException = null;
 			foreach (AsymmetricKeyParameter key in keys)
@@ -918,16 +896,16 @@ namespace Org.BouncyCastle.Pkix
 			bool validCrlFound = false;
 			Exception lastException = null;
 
-			IEnumerator crl_iter = crls.GetEnumerator();
+			var crl_iter = crls.GetEnumerator();
 
 			while (crl_iter.MoveNext() && certStatus.Status == CertStatus.Unrevoked && !reasonMask.IsAllReasons)
 			{
 				try
 				{
-					X509Crl crl = (X509Crl)crl_iter.Current;
+					X509Crl crl = crl_iter.Current;
 
 					// (d)
-					ReasonsMask interimReasonsMask = Rfc3280CertPathUtilities.ProcessCrlD(crl, dp);
+					ReasonsMask interimReasonsMask = ProcessCrlD(crl, dp);
 
 					// (e)
 					/*
@@ -941,10 +919,9 @@ namespace Org.BouncyCastle.Pkix
 					}
 
 					// (f)
-					ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, cert, defaultCRLSignCert, defaultCRLSignKey,
-						paramsPKIX, certPathCerts);
+					var keys = ProcessCrlF(crl, cert, defaultCRLSignCert, defaultCRLSignKey, paramsPKIX, certPathCerts);
 					// (g)
-					AsymmetricKeyParameter key = Rfc3280CertPathUtilities.ProcessCrlG(crl, keys);
+					AsymmetricKeyParameter key = ProcessCrlG(crl, keys);
 
 					X509Crl deltaCRL = null;
 
@@ -954,7 +931,7 @@ namespace Org.BouncyCastle.Pkix
 						ISet<X509Crl> deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl);
 						// we only want one valid delta CRL
 						// (h)
-						deltaCRL = Rfc3280CertPathUtilities.ProcessCrlH(deltaCRLs, key);
+						deltaCRL = ProcessCrlH(deltaCRLs, key);
 					}
 
 					/*
@@ -983,19 +960,19 @@ namespace Org.BouncyCastle.Pkix
 						}
 					}
 
-					Rfc3280CertPathUtilities.ProcessCrlB1(dp, cert, crl);
+					ProcessCrlB1(dp, cert, crl);
 
 					// (b) (2)
-					Rfc3280CertPathUtilities.ProcessCrlB2(dp, cert, crl);
+					ProcessCrlB2(dp, cert, crl);
 
 					// (c)
-					Rfc3280CertPathUtilities.ProcessCrlC(deltaCRL, crl, paramsPKIX);
+					ProcessCrlC(deltaCRL, crl, paramsPKIX);
 
 					// (i)
-					Rfc3280CertPathUtilities.ProcessCrlI(validDate, deltaCRL, cert, certStatus, paramsPKIX);
+					ProcessCrlI(validDate, deltaCRL, cert, certStatus, paramsPKIX);
 
 					// (j)
-					Rfc3280CertPathUtilities.ProcessCrlJ(validDate, crl, cert, certStatus);
+					ProcessCrlJ(validDate, crl, cert, certStatus);
 
 					// (k)
 					if (certStatus.Status == CrlReason.RemoveFromCrl)
@@ -1006,15 +983,15 @@ namespace Org.BouncyCastle.Pkix
 					// update reasons mask
 					reasonMask.AddReasons(interimReasonsMask);
 
-					ISet criticalExtensions = crl.GetCriticalExtensionOids();
+					var criticalExtensions = crl.GetCriticalExtensionOids();
 
 					if (criticalExtensions != null)
 					{
-						criticalExtensions = new HashSet(criticalExtensions);
+						criticalExtensions = new HashSet<string>(criticalExtensions);
 						criticalExtensions.Remove(X509Extensions.IssuingDistributionPoint.Id);
 						criticalExtensions.Remove(X509Extensions.DeltaCrlIndicator.Id);
 
-						if (!criticalExtensions.IsEmpty)
+						if (criticalExtensions.Count > 0)
 							throw new Exception("CRL contains unsupported critical extensions.");
 					}
 
@@ -1023,11 +1000,11 @@ namespace Org.BouncyCastle.Pkix
 						criticalExtensions = deltaCRL.GetCriticalExtensionOids();
 						if (criticalExtensions != null)
 						{
-							criticalExtensions = new HashSet(criticalExtensions);
+							criticalExtensions = new HashSet<string>(criticalExtensions);
 							criticalExtensions.Remove(X509Extensions.IssuingDistributionPoint.Id);
 							criticalExtensions.Remove(X509Extensions.DeltaCrlIndicator.Id);
 
-							if (!criticalExtensions.IsEmpty)
+							if (criticalExtensions.Count > 0)
 								throw new Exception("Delta CRL contains unsupported critical extension.");
 						}
 					}
@@ -1095,7 +1072,7 @@ namespace Org.BouncyCastle.Pkix
 			// for each distribution point
 			if (crldp != null)
 			{
-				DistributionPoint[] dps = null;
+				DistributionPoint[] dps;
 				try
 				{
 					dps = crldp.GetDistributionPoints();
@@ -1111,7 +1088,8 @@ namespace Org.BouncyCastle.Pkix
 						PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX.Clone();
 						try
 						{
-							CheckCrl(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
+							CheckCrl(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus,
+								reasonsMask, certPathCerts);
 							validCrlFound = true;
 						}
 						catch (Exception e)
@@ -1211,36 +1189,32 @@ namespace Org.BouncyCastle.Pkix
 			PkixPolicyNode _validPolicyTree = validPolicyTree;
 			if (pm != null)
 			{
-				Asn1Sequence mappings = (Asn1Sequence)pm;
-				IDictionary m_idp = Platform.CreateHashtable();
-				ISet s_idp = new HashSet();
+				Asn1Sequence mappings = pm;
+				var m_idp = new Dictionary<string, ISet<string>>();
+				var s_idp = new HashSet<string>();
 
 				for (int j = 0; j < mappings.Count; j++)
 				{
-					Asn1Sequence mapping = (Asn1Sequence) mappings[j];
-					string id_p = ((DerObjectIdentifier) mapping[0]).Id;
-					string sd_p = ((DerObjectIdentifier) mapping[1]).Id;
-					ISet tmp;
+					Asn1Sequence mapping = (Asn1Sequence)mappings[j];
+					string id_p = ((DerObjectIdentifier)mapping[0]).Id;
+					string sd_p = ((DerObjectIdentifier)mapping[1]).Id;
 
-					if (!m_idp.Contains(id_p))
-					{
-						tmp = new HashSet();
-						tmp.Add(sd_p);
-						m_idp[id_p] = tmp;
-						s_idp.Add(id_p);
-					}
+					ISet<string> tmp;
+					if (m_idp.TryGetValue(id_p, out tmp))
+                    {
+                        tmp.Add(sd_p);
+                    }
 					else
-					{
-						tmp = (ISet)m_idp[id_p];
-						tmp.Add(sd_p);
-					}
+                    {
+                        tmp = new HashSet<string>();
+                        tmp.Add(sd_p);
+                        m_idp[id_p] = tmp;
+                        s_idp.Add(id_p);
+                    }
 				}
 
-				IEnumerator it_idp = s_idp.GetEnumerator();
-				while (it_idp.MoveNext())
+				foreach (var id_p in s_idp)
 				{
-					string id_p = (string)it_idp.Current;
-
 					//
 					// (1)
 					//
@@ -1253,7 +1227,7 @@ namespace Org.BouncyCastle.Pkix
 							if (node.ValidPolicy.Equals(id_p))
 							{
 								idp_found = true;
-								node.ExpectedPolicies = (ISet)m_idp[id_p];
+								node.ExpectedPolicies = CollectionUtilities.GetValueOrNull(m_idp, id_p);
 								break;
 							}
 						}
@@ -1264,7 +1238,6 @@ namespace Org.BouncyCastle.Pkix
 							{
 								if (ANY_POLICY.Equals(node.ValidPolicy))
 								{
-									ISet pq = null;
 									Asn1Sequence policies = null;
 									try
 									{
@@ -1277,6 +1250,8 @@ namespace Org.BouncyCastle.Pkix
 											"Certificate policies extension could not be decoded.", e, index);
 									}
 
+									ISet<PolicyQualifierInfo> pq = null;
+
 									foreach (Asn1Encodable ae in policies)
 									{
 										PolicyInformation pinfo = null;
@@ -1305,7 +1280,7 @@ namespace Org.BouncyCastle.Pkix
 										}
 									}
 									bool ci = false;
-									ISet critExtOids = cert.GetCriticalExtensionOids();
+									var critExtOids = cert.GetCriticalExtensionOids();
 									if (critExtOids != null)
 									{
 										ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
@@ -1315,7 +1290,7 @@ namespace Org.BouncyCastle.Pkix
 									if (ANY_POLICY.Equals(p_node.ValidPolicy))
 									{
 										var c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i,
-											(ISet)m_idp[id_p], p_node, pq, id_p, ci);
+											CollectionUtilities.GetValueOrNull(m_idp, id_p), p_node, pq, id_p, ci);
 										p_node.AddChild(c_node);
 										policyNodes[i].Add(c_node);
 									}
@@ -1398,16 +1373,16 @@ namespace Org.BouncyCastle.Pkix
 			return new []{ completeSet, deltaSet };
 		}
 
-		internal static ISet ProcessCrlA1i(
+		internal static ISet<X509Crl> ProcessCrlA1i(
 			DateTime		currentDate,
 			PkixParameters	paramsPKIX,
 			X509Certificate	cert,
 			X509Crl			crl)
 		{
-			ISet deltaSet = new HashSet();
+			var deltaSet = new HashSet<X509Crl>();
 			if (paramsPKIX.IsUseDeltasEnabled)
 			{
-				CrlDistPoint freshestCRL = null;
+				CrlDistPoint freshestCRL;
 				try
 				{
 					freshestCRL = CrlDistPoint.GetInstance(
@@ -1422,7 +1397,8 @@ namespace Org.BouncyCastle.Pkix
 				{
 					try
 					{
-						freshestCRL = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, X509Extensions.FreshestCrl));
+						freshestCRL = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl,
+							X509Extensions.FreshestCrl));
 					}
 					catch (Exception e)
 					{
@@ -1433,7 +1409,8 @@ namespace Org.BouncyCastle.Pkix
 				{
 					try
 					{
-						PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(freshestCRL, paramsPKIX);
+						PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(freshestCRL,
+							paramsPKIX);
 					}
 					catch (Exception e)
 					{
@@ -1443,7 +1420,7 @@ namespace Org.BouncyCastle.Pkix
 					// get delta CRL(s)
 					try
 					{
-						deltaSet.AddAll(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl));
+						deltaSet.UnionWith(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl));
 					}
 					catch (Exception e)
 					{
@@ -1546,17 +1523,14 @@ namespace Org.BouncyCastle.Pkix
 			}
 		}
 
-		internal static int PrepareNextCertI1(
-			PkixCertPath	certPath,
-			int				index,
-			int				explicitPolicy)
+		internal static int PrepareNextCertI1(PkixCertPath certPath, int index, int explicitPolicy)
 		{
 			IList certs = certPath.Certificates;
 			X509Certificate cert = (X509Certificate)certs[index];
 			//
 			// (i)
 			//
-			Asn1Sequence pc = null;
+			Asn1Sequence pc;
 			try
 			{
                 pc = Asn1Sequence.GetInstance(
@@ -1862,7 +1836,7 @@ namespace Org.BouncyCastle.Pkix
 			//
 			bool[] _usage = cert.GetKeyUsage();
 
-			if ((_usage != null) && !_usage[Rfc3280CertPathUtilities.KEY_CERT_SIGN])
+			if ((_usage != null) && !_usage[KEY_CERT_SIGN])
 			{
 				throw new PkixCertPathValidatorException(
 					"Issuer certificate keyusage extension is critical and does not permit key signing.", null, index);
@@ -1872,7 +1846,7 @@ namespace Org.BouncyCastle.Pkix
 		internal static void PrepareNextCertO(
 			PkixCertPath	certPath,
 			int				index,
-			ISet			criticalExtensions,
+			ISet<string>	criticalExtensions,
 			IList			pathCheckers)
 			//throws CertPathValidatorException
 		{
@@ -1894,7 +1868,7 @@ namespace Org.BouncyCastle.Pkix
 					throw new PkixCertPathValidatorException(e.Message, e.InnerException, index);
 				}
 			}
-			if (!criticalExtensions.IsEmpty)
+			if (criticalExtensions.Count > 0)
 			{
 				throw new PkixCertPathValidatorException("Certificate has unsupported critical extension.", null, index);
 			}
@@ -1994,7 +1968,7 @@ namespace Org.BouncyCastle.Pkix
 			// (b)
 			//
 			int tmpInt;
-			Asn1Sequence pc = null;
+			Asn1Sequence pc;
 			try
 			{
                 pc = Asn1Sequence.GetInstance(
@@ -2039,7 +2013,7 @@ namespace Org.BouncyCastle.Pkix
 			PkixCertPath	certPath,
 			int				index,
 			IList			pathCheckers,
-			ISet			criticalExtensions)
+			ISet<string>	criticalExtensions)
 			//throws CertPathValidatorException
 		{
 			IList certs = certPath.Certificates;
@@ -2058,7 +2032,7 @@ namespace Org.BouncyCastle.Pkix
 				}
 			}
 
-			if (!criticalExtensions.IsEmpty)
+			if (criticalExtensions.Count > 0)
 			{
 				throw new PkixCertPathValidatorException("Certificate has unsupported critical extension",
 					null, index);
@@ -2066,8 +2040,8 @@ namespace Org.BouncyCastle.Pkix
 		}
 
 		internal static PkixPolicyNode WrapupCertG(PkixCertPath certPath, PkixParameters paramsPKIX,
-			ISet userInitialPolicySet, int index, IList<PkixPolicyNode>[] policyNodes, PkixPolicyNode validPolicyTree,
-			ISet acceptablePolicies)
+			ISet<string> userInitialPolicySet, int index, IList<PkixPolicyNode>[] policyNodes,
+			PkixPolicyNode validPolicyTree, ISet<string> acceptablePolicies)
 		{
 			int n = certPath.Certificates.Count;
 
@@ -2092,53 +2066,51 @@ namespace Org.BouncyCastle.Pkix
 			{
 				if (paramsPKIX.IsExplicitPolicyRequired)
 				{
-					if (acceptablePolicies.IsEmpty)
+					if (acceptablePolicies.Count < 1)
 					{
 						throw new PkixCertPathValidatorException(
 							"Explicit policy requested but none available.", null, index);
 					}
-					else
-					{
-						var _validPolicyNodeSet = new HashSet<PkixPolicyNode>();
 
-						foreach (var _nodeDepth in policyNodes)
-						{
-                            foreach (var _node in _nodeDepth)
-                            {
-								if (ANY_POLICY.Equals(_node.ValidPolicy))
+					var _validPolicyNodeSet = new HashSet<PkixPolicyNode>();
+
+					foreach (var _nodeDepth in policyNodes)
+					{
+                        foreach (var _node in _nodeDepth)
+                        {
+							if (ANY_POLICY.Equals(_node.ValidPolicy))
+							{
+								foreach (var o in _node.Children)
 								{
-									foreach (var o in _node.Children)
-									{
-										_validPolicyNodeSet.Add(o);
-									}
+									_validPolicyNodeSet.Add(o);
 								}
 							}
 						}
+					}
 
-						foreach (var _node in _validPolicyNodeSet)
+					foreach (var _node in _validPolicyNodeSet)
+					{
+						if (!acceptablePolicies.Contains(_node.ValidPolicy))
 						{
-							if (!acceptablePolicies.Contains(_node.ValidPolicy))
-							{
-								// TODO?
-								// validPolicyTree =
-								// removePolicyNode(validPolicyTree, policyNodes,
-								// _node);
-							}
+							// TODO?
+							// validPolicyTree =
+							// removePolicyNode(validPolicyTree, policyNodes,
+							// _node);
 						}
-						if (validPolicyTree != null)
+					}
+					if (validPolicyTree != null)
+					{
+						for (int j = n - 1; j >= 0; j--)
 						{
-							for (int j = n - 1; j >= 0; j--)
-							{
-								var nodes = policyNodes[j];
+							var nodes = policyNodes[j];
 
-								for (int k = 0; k < nodes.Count; k++)
+							for (int k = 0; k < nodes.Count; k++)
+							{
+								var node = nodes[k];
+								if (!node.HasChildren)
 								{
-									var node = nodes[k];
-									if (!node.HasChildren)
-									{
-										validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(
-											validPolicyTree, policyNodes, node);
-									}
+									validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(
+										validPolicyTree, policyNodes, node);
 								}
 							}
 						}
diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
index 2e1ee3898..39c03146c 100644
--- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
@@ -23,7 +23,7 @@ namespace Org.BouncyCastle.Pkix
 			// AA Controls
 			// Attribute encryption
 			// Proxy
-			ISet critExtOids = attrCert.GetCriticalExtensionOids();
+			var critExtOids = attrCert.GetCriticalExtensionOids();
 
 			// 7.1
 			// process extensions
@@ -47,11 +47,10 @@ namespace Org.BouncyCastle.Pkix
 			{
 				checker.Check(attrCert, certPath, holderCertPath, critExtOids);
 			}
-			if (!critExtOids.IsEmpty)
+			if (critExtOids.Count > 0)
 			{
 				throw new PkixCertPathValidatorException(
-					"Attribute certificate contains unsupported critical extensions: "
-						+ critExtOids);
+					"Attribute certificate contains unsupported critical extensions: " + critExtOids);
 			}
 		}
 
@@ -276,7 +275,7 @@ namespace Org.BouncyCastle.Pkix
 			X509Certificate	acIssuerCert,
 			PkixParameters	pkixParams)
 		{
-			ISet set = pkixParams.GetTrustedACIssuers();
+			var set = pkixParams.GetTrustedACIssuers();
 			bool trusted = false;
 			foreach (TrustAnchor anchor in set)
 			{
@@ -352,7 +351,7 @@ namespace Org.BouncyCastle.Pkix
 		{
 			PkixCertPathBuilderResult result = null;
 			// find holder PKCs
-			ISet holderPKCs = new HashSet();
+			var holderPKCs = new HashSet<X509Certificate>();
 			if (attrCert.Holder.GetIssuer() != null)
 			{
 				X509CertStoreSelector selector = new X509CertStoreSelector();
@@ -360,14 +359,12 @@ namespace Org.BouncyCastle.Pkix
 				X509Name[] principals = attrCert.Holder.GetIssuer();
 				for (int i = 0; i < principals.Length; i++)
 				{
+					// TODO Replace loop with a single multiprincipal selector (or don't even use selector)
 					try
 					{
-//						if (principals[i] is X500Principal)
-						{
-							selector.Issuer = principals[i];
-						}
-						holderPKCs.AddAll(
-							PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStoresCert()));
+						selector.Issuer = principals[i];
+
+						CollectionUtilities.CollectMatches(holderPKCs, selector, pkixParams.GetStoresCert());
 					}
 					catch (Exception e)
 					{
@@ -376,7 +373,7 @@ namespace Org.BouncyCastle.Pkix
 							e);
 					}
 				}
-				if (holderPKCs.IsEmpty)
+				if (holderPKCs.Count < 1)
 				{
 					throw new PkixCertPathValidatorException(
 						"Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
@@ -388,14 +385,12 @@ namespace Org.BouncyCastle.Pkix
 				X509Name[] principals = attrCert.Holder.GetEntityNames();
 				for (int i = 0; i < principals.Length; i++)
 				{
+					// TODO Replace loop with a single multiprincipal selector (or don't even use selector)
 					try
 					{
-//						if (principals[i] is X500Principal)
-						{
-							selector.Issuer = principals[i];
-						}
-						holderPKCs.AddAll(
-							PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStoresCert()));
+						selector.Issuer = principals[i];
+
+						CollectionUtilities.CollectMatches(holderPKCs, selector, pkixParams.GetStoresCert());
 					}
 					catch (Exception e)
 					{
@@ -404,7 +399,7 @@ namespace Org.BouncyCastle.Pkix
 							e);
 					}
 				}
-				if (holderPKCs.IsEmpty)
+				if (holderPKCs.Count < 1)
 				{
 					throw new PkixCertPathValidatorException(
 						"Public key certificate specified in entity name for attribute certificate cannot be found.");
@@ -523,7 +518,7 @@ namespace Org.BouncyCastle.Pkix
 					}
 
 					// (f)
-					ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, attrCert,
+					var keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, attrCert,
 						null, null, paramsPKIX, certPathCerts);
 					// (g)
 					AsymmetricKeyParameter pubKey = Rfc3280CertPathUtilities.ProcessCrlG(crl, keys);
diff --git a/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs b/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs
index 0f077b7ef..fe3f9899d 100644
--- a/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs
+++ b/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs
@@ -334,16 +334,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Lms
         {
             lock (tCache)
             {
-                byte[] t = tCache.TryGetValue(key, out t) ? t : null;
-
-                if (t != null)
+                byte[] t;
+                if (!tCache.TryGetValue(key, out t))
                 {
-                    return t;
+                    t = CalcT(key.index);
+                    tCache[key] = t;
                 }
 
-                t = CalcT(key.index);
-                tCache[key] = t;
-
                 return t;
             }
         }
diff --git a/crypto/src/tsp/TimeStampRequestGenerator.cs b/crypto/src/tsp/TimeStampRequestGenerator.cs
index f4462659b..2d629e972 100644
--- a/crypto/src/tsp/TimeStampRequestGenerator.cs
+++ b/crypto/src/tsp/TimeStampRequestGenerator.cs
@@ -1,5 +1,5 @@
 using System;
-using System.Collections;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Tsp;
@@ -19,17 +19,16 @@ namespace Org.BouncyCastle.Tsp
 
 		private DerBoolean certReq;
 
-		private IDictionary extensions = Platform.CreateHashtable();
-        private IList       extOrdering = Platform.CreateArrayList();
+		private Dictionary<DerObjectIdentifier, X509Extension> m_extensions =
+			new Dictionary<DerObjectIdentifier, X509Extension>();
+		private List<DerObjectIdentifier> m_ordering = new List<DerObjectIdentifier>();
 
-		public void SetReqPolicy(
-			string reqPolicy)
+		public void SetReqPolicy(string reqPolicy)
 		{
 			this.reqPolicy = new DerObjectIdentifier(reqPolicy);
 		}
 
-		public void SetCertReq(
-			bool certReq)
+		public void SetCertReq(bool certReq)
 		{
 			this.certReq = DerBoolean.GetInstance(certReq);
 		}
@@ -38,10 +37,7 @@ namespace Org.BouncyCastle.Tsp
 		 * add a given extension field for the standard extensions tag (tag 3)
 		 * @throws IOException
 		 */
-		public virtual void AddExtension(
-			DerObjectIdentifier	oid,
-			bool				critical,
-			Asn1Encodable 		extValue)
+		public virtual void AddExtension(DerObjectIdentifier oid, bool critical, Asn1Encodable extValue)
 		{
 			this.AddExtension(oid, critical, extValue.GetEncoded());
 		}
@@ -51,47 +47,35 @@ namespace Org.BouncyCastle.Tsp
 		 * The value parameter becomes the contents of the octet string associated
 		 * with the extension.
 		 */
-		public virtual void AddExtension(
-			DerObjectIdentifier	oid,
-			bool				critical,
-			byte[]				extValue)
+		public virtual void AddExtension(DerObjectIdentifier oid, bool critical, byte[] extValue)
 		{
-			extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue)));
-			extOrdering.Add(oid);
+			m_extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue)));
+			m_ordering.Add(oid);
 		}
 
-		public TimeStampRequest Generate(
-			string	digestAlgorithm,
-			byte[]	digest)
+		public TimeStampRequest Generate(string digestAlgorithm, byte[] digest)
 		{
-			return this.Generate(digestAlgorithm, digest, null);
+			return Generate(digestAlgorithm, digest, null);
 		}
 
-		public TimeStampRequest Generate(
-			string		digestAlgorithmOid,
-			byte[]		digest,
-			BigInteger	nonce)
+		public TimeStampRequest Generate(string digestAlgorithmOid, byte[] digest, BigInteger nonce)
 		{
 			if (digestAlgorithmOid == null)
-			{
 				throw new ArgumentException("No digest algorithm specified");
-			}
 
 			DerObjectIdentifier digestAlgOid = new DerObjectIdentifier(digestAlgorithmOid);
 
 			AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOid, DerNull.Instance);
 			MessageImprint messageImprint = new MessageImprint(algID, digest);
 
-			X509Extensions  ext = null;
+			X509Extensions ext = null;
 
-			if (extOrdering.Count != 0)
+			if (m_ordering.Count > 0)
 			{
-				ext = new X509Extensions(extOrdering, extensions);
+				ext = new X509Extensions(m_ordering, m_extensions);
 			}
 
-			DerInteger derNonce = nonce == null
-				?	null
-				:	new DerInteger(nonce);
+			DerInteger derNonce = nonce == null ? null : new DerInteger(nonce);
 
 			return new TimeStampRequest(
 				new TimeStampReq(messageImprint, reqPolicy, derNonce, certReq, ext));
diff --git a/crypto/src/util/collections/CollectionUtilities.cs b/crypto/src/util/collections/CollectionUtilities.cs
index 426700903..97bc374e1 100644
--- a/crypto/src/util/collections/CollectionUtilities.cs
+++ b/crypto/src/util/collections/CollectionUtilities.cs
@@ -45,9 +45,10 @@ namespace Org.BouncyCastle.Utilities.Collections
             return new StoreImpl<T>(contents);
         }
 
-        public static IEnumerable Proxy(IEnumerable e)
+        public static V GetValueOrNull<K, V>(IDictionary<K, V> d, K k)
+            where V : class
         {
-            return new EnumerableProxy(e);
+            return d.TryGetValue(k, out var v) ? v : null;
         }
 
         public static IEnumerable<T> Proxy<T>(IEnumerable<T> e)
diff --git a/crypto/src/util/collections/LinkedDictionary.cs b/crypto/src/util/collections/LinkedDictionary.cs
deleted file mode 100644
index 933d38ded..000000000
--- a/crypto/src/util/collections/LinkedDictionary.cs
+++ /dev/null
@@ -1,178 +0,0 @@
-using System;
-using System.Collections;
-
-namespace Org.BouncyCastle.Utilities.Collections
-{
-	public class LinkedDictionary
-		: IDictionary
-	{
-		internal readonly IDictionary hash = Platform.CreateHashtable();
-		internal readonly IList keys = Platform.CreateArrayList();
-
-		public LinkedDictionary()
-		{
-		}
-
-		public virtual void Add(object k, object v)
-		{
-			hash.Add(k, v);
-			keys.Add(k);
-		}
-
-		public virtual void Clear()
-		{
-			hash.Clear();
-			keys.Clear();
-		}
-
-		public virtual bool Contains(object k)
-		{
-			return hash.Contains(k);
-		}
-
-		public virtual void CopyTo(Array array, int index)
-		{
-			foreach (object k in keys)
-			{
-				array.SetValue(hash[k], index++);
-			}
-		}
-
-		public virtual int Count
-		{
-			get { return hash.Count; }
-		}
-
-		IEnumerator IEnumerable.GetEnumerator()
-		{
-			return GetEnumerator();
-		}
-
-		public virtual IDictionaryEnumerator GetEnumerator()
-		{
-			return new LinkedDictionaryEnumerator(this);
-		}
-
-		public virtual void Remove(object k)
-		{
-			hash.Remove(k);
-			keys.Remove(k);
-		}
-
-		public virtual bool IsFixedSize
-		{
-			get { return false; }
-		}
-
-		public virtual bool IsReadOnly
-		{
-			get { return false; }
-		}
-
-		public virtual bool IsSynchronized
-		{
-			get { return false; }
-		}
-
-		public virtual object SyncRoot
-		{
-			get { return false; }
-		}
-
-		public virtual ICollection Keys
-		{
-            get { return Platform.CreateArrayList(keys); }
-		}
-
-		public virtual ICollection Values
-		{
-			// NB: Order has to be the same as for Keys property
-			get
-			{
-                IList values = Platform.CreateArrayList(keys.Count);
-				foreach (object k in keys)
-				{
-					values.Add(hash[k]);
-				}
-				return values;
-			}
-		}
-
-		public virtual object this[object k]
-		{
-			get
-			{
-				return hash[k];
-			}
-			set
-			{
-				if (!hash.Contains(k))
-					keys.Add(k);
-				hash[k] = value;
-			}
-		}
-	}
-
-	internal class LinkedDictionaryEnumerator : IDictionaryEnumerator
-	{
-		private readonly LinkedDictionary parent;
-		private int pos = -1;
-
-		internal LinkedDictionaryEnumerator(LinkedDictionary parent)
-		{
-			this.parent = parent;
-		}
-
-		public virtual object Current
-		{
-			get { return Entry; }
-		}
-
-		public virtual DictionaryEntry Entry
-		{
-			get
-			{
-				object k = CurrentKey;
-				return new DictionaryEntry(k, parent.hash[k]);
-			}
-		}
-
-		public virtual object Key
-		{
-			get
-			{
-				return CurrentKey;
-			}
-		}
-
-		public virtual bool MoveNext()
-		{
-			if (pos >= parent.keys.Count)
-				return false;
-			return ++pos < parent.keys.Count;
-		}
-
-		public virtual void Reset()
-		{
-			this.pos = -1;
-		}
-
-		public virtual object Value
-		{
-			get
-			{
-				return parent.hash[CurrentKey];
-			}
-		}
-
-		private object CurrentKey
-		{
-			get
-			{
-				if (pos < 0 || pos >= parent.keys.Count)
-					throw new InvalidOperationException();
-				return parent.keys[pos];
-			}
-		}
-	}
-}
diff --git a/crypto/src/x509/IX509Extension.cs b/crypto/src/x509/IX509Extension.cs
index a08f5e052..7d7a06c04 100644
--- a/crypto/src/x509/IX509Extension.cs
+++ b/crypto/src/x509/IX509Extension.cs
@@ -1,7 +1,7 @@
 using System;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Utilities.Collections;
 
 namespace Org.BouncyCastle.X509
 {
@@ -11,13 +11,13 @@ namespace Org.BouncyCastle.X509
 		/// Get all critical extension values, by oid
 		/// </summary>
 		/// <returns>IDictionary with string (OID) keys and Asn1OctetString values</returns>
-		ISet GetCriticalExtensionOids();
+		ISet<string> GetCriticalExtensionOids();
 
 		/// <summary>
 		/// Get all non-critical extension values, by oid
 		/// </summary>
 		/// <returns>IDictionary with string (OID) keys and Asn1OctetString values</returns>
-		ISet GetNonCriticalExtensionOids();
+		ISet<string> GetNonCriticalExtensionOids();
 
 		Asn1OctetString GetExtensionValue(DerObjectIdentifier oid);
 	}
diff --git a/crypto/src/x509/X509ExtensionBase.cs b/crypto/src/x509/X509ExtensionBase.cs
index af3907773..d9df364b0 100644
--- a/crypto/src/x509/X509ExtensionBase.cs
+++ b/crypto/src/x509/X509ExtensionBase.cs
@@ -1,8 +1,8 @@
 using System;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Utilities.Collections;
 
 namespace Org.BouncyCastle.X509
 {
@@ -11,33 +11,29 @@ namespace Org.BouncyCastle.X509
 	{
 		protected abstract X509Extensions GetX509Extensions();
 
-		protected virtual ISet GetExtensionOids(
-			bool critical)
+		protected virtual ISet<string> GetExtensionOids(bool critical)
 		{
 			X509Extensions extensions = GetX509Extensions();
-			if (extensions != null)
+			if (extensions == null)
+				return null;
+
+			var set = new HashSet<string>();
+			foreach (DerObjectIdentifier oid in extensions.ExtensionOids)
 			{
-				HashSet set = new HashSet();
-				foreach (DerObjectIdentifier oid in extensions.ExtensionOids)
+				X509Extension ext = extensions.GetExtension(oid);
+				if (ext.IsCritical == critical)
 				{
-					X509Extension ext = extensions.GetExtension(oid);
-					if (ext.IsCritical == critical)
-					{
-						set.Add(oid.Id);
-					}
+					set.Add(oid.Id);
 				}
-
-				return set;
 			}
-
-			return null;
+			return set;
 		}
 
 		/// <summary>
 		/// Get non critical extensions.
 		/// </summary>
 		/// <returns>A set of non critical extension oids.</returns>
-		public virtual ISet GetNonCriticalExtensionOids()
+		public virtual ISet<string> GetNonCriticalExtensionOids()
 		{
 			return GetExtensionOids(false);
 		}
@@ -46,24 +42,14 @@ namespace Org.BouncyCastle.X509
 		/// Get any critical extensions.
 		/// </summary>
 		/// <returns>A sorted list of critical entension.</returns>
-		public virtual ISet GetCriticalExtensionOids()
+		public virtual ISet<string> GetCriticalExtensionOids()
 		{
 			return GetExtensionOids(true);
 		}
 
 		public virtual Asn1OctetString GetExtensionValue(DerObjectIdentifier oid)
 		{
-			X509Extensions exts = GetX509Extensions();
-			if (exts != null)
-			{
-				X509Extension ext = exts.GetExtension(oid);
-				if (ext != null)
-				{
-					return ext.Value;
-				}
-			}
-
-			return null;
+			return GetX509Extensions()?.GetExtension(oid)?.Value;
 		}
 	}
 }
diff --git a/crypto/src/x509/X509Utilities.cs b/crypto/src/x509/X509Utilities.cs
index 461a545f9..85f24f26a 100644
--- a/crypto/src/x509/X509Utilities.cs
+++ b/crypto/src/x509/X509Utilities.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections;
+using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.CryptoPro;
@@ -21,7 +22,7 @@ namespace Org.BouncyCastle.X509
 	{
         private static readonly IDictionary algorithms = Platform.CreateHashtable();
         private static readonly IDictionary exParams = Platform.CreateHashtable();
-		private static readonly ISet        noParams = new HashSet();
+		private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>();
 
 		static X509Utilities()
 		{