diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-06-27 02:19:14 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-06-27 02:19:14 +0700 |
| commit | 4ea1816cffd5c8663bc9ae1234df0a70ef23fcd6 (patch) | |
| tree | eb4fe294ef230435928a573fadef3047b4466e9b /crypto/src | |
| parent | Implement generic IEnumerable in ASN.1 classes (diff) | |
| download | BouncyCastle.NET-ed25519-4ea1816cffd5c8663bc9ae1234df0a70ef23fcd6.tar.xz | |
Generics migration work
Diffstat (limited to 'crypto/src')
39 files changed, 507 insertions, 856 deletions
diff --git a/crypto/src/asn1/anssi/ANSSINamedCurves.cs b/crypto/src/asn1/anssi/ANSSINamedCurves.cs index ed1faa75c..2e164989a 100644 --- a/crypto/src/asn1/anssi/ANSSINamedCurves.cs +++ b/crypto/src/asn1/anssi/ANSSINamedCurves.cs @@ -116,21 +116,21 @@ namespace Org.BouncyCastle.Asn1.Anssi /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs b/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs index ec297f7a1..8e0f55001 100644 --- a/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs +++ b/crypto/src/asn1/cryptopro/ECGOST3410NamedCurves.cs @@ -369,21 +369,21 @@ namespace Org.BouncyCastle.Asn1.CryptoPro /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs b/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs index 2d183a4f9..cd0ab1a80 100644 --- a/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs +++ b/crypto/src/asn1/cryptopro/GOST3410NamedParameters.cs @@ -88,7 +88,7 @@ namespace Org.BouncyCastle.Asn1.CryptoPro /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the parameter set.</param> public static Gost3410ParamSetParameters GetByOid(DerObjectIdentifier oid) { - return parameters.TryGetValue(oid, out var parameterSet) ? parameterSet : null; + return CollectionUtilities.GetValueOrNull(parameters, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the parameter set with the given name. @@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Asn1.CryptoPro /// <param name="name">The name of the parameter set.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available parameter set names in this registry.</summary> diff --git a/crypto/src/asn1/gm/GMNamedCurves.cs b/crypto/src/asn1/gm/GMNamedCurves.cs index fec0c1401..764b031ed 100644 --- a/crypto/src/asn1/gm/GMNamedCurves.cs +++ b/crypto/src/asn1/gm/GMNamedCurves.cs @@ -147,21 +147,21 @@ namespace Org.BouncyCastle.Asn1.GM /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/asn1/nist/NISTNamedCurves.cs b/crypto/src/asn1/nist/NISTNamedCurves.cs index a8bc56549..b9307c879 100644 --- a/crypto/src/asn1/nist/NISTNamedCurves.cs +++ b/crypto/src/asn1/nist/NISTNamedCurves.cs @@ -89,14 +89,14 @@ namespace Org.BouncyCastle.Asn1.Nist /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/asn1/sec/SECNamedCurves.cs b/crypto/src/asn1/sec/SECNamedCurves.cs index c0a783ec6..8a97af388 100644 --- a/crypto/src/asn1/sec/SECNamedCurves.cs +++ b/crypto/src/asn1/sec/SECNamedCurves.cs @@ -1248,21 +1248,21 @@ namespace Org.BouncyCastle.Asn1.Sec /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs b/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs index b863babce..5edb24045 100644 --- a/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs +++ b/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs @@ -527,21 +527,21 @@ namespace Org.BouncyCastle.Asn1.TeleTrust /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs index 2c929188f..1d58751fd 100644 --- a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs +++ b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs @@ -1,5 +1,5 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Utilities; @@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Asn1.X509 private X509Name issuer; private Time thisUpdate, nextUpdate; private X509Extensions extensions; - private IList crlEntries; + private List<Asn1Sequence> crlEntries; public V2TbsCertListGenerator() { @@ -80,12 +80,11 @@ namespace Org.BouncyCastle.Asn1.X509 this.nextUpdate = nextUpdate; } - public void AddCrlEntry( - Asn1Sequence crlEntry) + public void AddCrlEntry(Asn1Sequence crlEntry) { if (crlEntries == null) { - crlEntries = Platform.CreateArrayList(); + crlEntries = new List<Asn1Sequence>(); } crlEntries.Add(crlEntry); @@ -104,8 +103,8 @@ namespace Org.BouncyCastle.Asn1.X509 public void AddCrlEntry(DerInteger userCertificate, Time revocationDate, int reason, DerGeneralizedTime invalidityDate) { - IList extOids = Platform.CreateArrayList(); - IList extValues = Platform.CreateArrayList(); + var extOids = new List<DerObjectIdentifier>(); + var extValues = new List<X509Extension>(); if (reason != 0) { @@ -147,8 +146,7 @@ namespace Org.BouncyCastle.Asn1.X509 public void AddCrlEntry(DerInteger userCertificate, Time revocationDate, X509Extensions extensions) { - Asn1EncodableVector v = new Asn1EncodableVector( - userCertificate, revocationDate); + Asn1EncodableVector v = new Asn1EncodableVector(userCertificate, revocationDate); if (extensions != null) { @@ -182,12 +180,7 @@ namespace Org.BouncyCastle.Asn1.X509 // Add CRLEntries if they exist if (crlEntries != null) { - Asn1Sequence[] certs = new Asn1Sequence[crlEntries.Count]; - for (int i = 0; i < crlEntries.Count; ++i) - { - certs[i] = (Asn1Sequence)crlEntries[i]; - } - v.Add(new DerSequence(certs)); + v.Add(new DerSequence(crlEntries.ToArray())); } if (extensions != null) diff --git a/crypto/src/asn1/x509/X509Extensions.cs b/crypto/src/asn1/x509/X509Extensions.cs index b01db1fb5..a399058c2 100644 --- a/crypto/src/asn1/x509/X509Extensions.cs +++ b/crypto/src/asn1/x509/X509Extensions.cs @@ -1,5 +1,5 @@ using System; -using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; @@ -169,8 +169,9 @@ namespace Org.BouncyCastle.Asn1.X509 */ public static readonly DerObjectIdentifier ExpiredCertsOnCrl = new DerObjectIdentifier("2.5.29.60"); - private readonly IDictionary extensions = Platform.CreateHashtable(); - private readonly IList ordering; + private readonly Dictionary<DerObjectIdentifier, X509Extension> m_extensions = + new Dictionary<DerObjectIdentifier, X509Extension>(); + private readonly List<DerObjectIdentifier> m_ordering; public static X509Extension GetExtension(X509Extensions extensions, DerObjectIdentifier oid) { @@ -182,11 +183,9 @@ namespace Org.BouncyCastle.Asn1.X509 return null == extensions ? null : extensions.GetExtensionParsedValue(oid); } - public static X509Extensions GetInstance( - Asn1TaggedObject obj, - bool explicitly) + public static X509Extensions GetInstance(Asn1TaggedObject taggedObject, bool declaredExplicit) { - return GetInstance(Asn1Sequence.GetInstance(obj, explicitly)); + return GetInstance(Asn1Sequence.GetInstance(taggedObject, declaredExplicit)); } public static X509Extensions GetInstance( @@ -215,10 +214,9 @@ namespace Org.BouncyCastle.Asn1.X509 * * the extensions are a list of constructed sequences, either with (Oid, OctetString) or (Oid, Boolean, OctetString) */ - private X509Extensions( - Asn1Sequence seq) + private X509Extensions(Asn1Sequence seq) { - this.ordering = Platform.CreateArrayList(); + m_ordering = new List<DerObjectIdentifier>(); foreach (Asn1Encodable ae in seq) { @@ -234,11 +232,11 @@ namespace Org.BouncyCastle.Asn1.X509 Asn1OctetString octets = Asn1OctetString.GetInstance(s[s.Count - 1].ToAsn1Object()); - if (extensions.Contains(oid)) + if (m_extensions.ContainsKey(oid)) throw new ArgumentException("repeated extension found: " + oid); - extensions.Add(oid, new X509Extension(isCritical, octets)); - ordering.Add(oid); + m_extensions.Add(oid, new X509Extension(isCritical, octets)); + m_ordering.Add(oid); } } @@ -247,8 +245,7 @@ namespace Org.BouncyCastle.Asn1.X509 * <p> * it's is assumed the table contains Oid/string pairs.</p> */ - public X509Extensions( - IDictionary extensions) + public X509Extensions(IDictionary<DerObjectIdentifier, X509Extension> extensions) : this(null, extensions) { } @@ -258,22 +255,21 @@ namespace Org.BouncyCastle.Asn1.X509 * <p> * It's is assumed the table contains Oid/string pairs.</p> */ - public X509Extensions( - IList ordering, - IDictionary extensions) + public X509Extensions(IList<DerObjectIdentifier> ordering, + IDictionary<DerObjectIdentifier, X509Extension> extensions) { if (ordering == null) { - this.ordering = Platform.CreateArrayList(extensions.Keys); + m_ordering = new List<DerObjectIdentifier>(extensions.Keys); } else { - this.ordering = Platform.CreateArrayList(ordering); + m_ordering = new List<DerObjectIdentifier>(ordering); } - foreach (DerObjectIdentifier oid in this.ordering) + foreach (DerObjectIdentifier oid in m_ordering) { - this.extensions.Add(oid, (X509Extension)extensions[oid]); + m_extensions.Add(oid, extensions[oid]); } } @@ -283,25 +279,23 @@ namespace Org.BouncyCastle.Asn1.X509 * @param objectIDs an ArrayList of the object identifiers. * @param values an ArrayList of the extension values. */ - public X509Extensions( - IList oids, - IList values) + public X509Extensions(IList<DerObjectIdentifier> oids, IList<X509Extension> values) { - this.ordering = Platform.CreateArrayList(oids); + m_ordering = new List<DerObjectIdentifier>(oids); int count = 0; - foreach (DerObjectIdentifier oid in this.ordering) + foreach (DerObjectIdentifier oid in m_ordering) { - this.extensions.Add(oid, (X509Extension)values[count++]); + m_extensions.Add(oid, values[count++]); } } /** * return an Enumeration of the extension field's object ids. */ - public IEnumerable ExtensionOids + public IEnumerable<DerObjectIdentifier> ExtensionOids { - get { return new EnumerableProxy(ordering); } + get { return CollectionUtilities.Proxy(m_ordering); } } /** @@ -310,10 +304,9 @@ namespace Org.BouncyCastle.Asn1.X509 * * @return the extension if it's present, null otherwise. */ - public X509Extension GetExtension( - DerObjectIdentifier oid) + public X509Extension GetExtension(DerObjectIdentifier oid) { - return (X509Extension)extensions[oid]; + return CollectionUtilities.GetValueOrNull(m_extensions, oid); } /** @@ -324,9 +317,7 @@ namespace Org.BouncyCastle.Asn1.X509 */ public Asn1Encodable GetExtensionParsedValue(DerObjectIdentifier oid) { - X509Extension ext = GetExtension(oid); - - return ext == null ? null : ext.GetParsedValue(); + return GetExtension(oid)?.GetParsedValue(); } /** @@ -341,44 +332,41 @@ namespace Org.BouncyCastle.Asn1.X509 */ public override Asn1Object ToAsn1Object() { - Asn1EncodableVector vec = new Asn1EncodableVector(); + Asn1EncodableVector v = new Asn1EncodableVector(m_ordering.Count); - foreach (DerObjectIdentifier oid in ordering) + foreach (DerObjectIdentifier oid in m_ordering) { - X509Extension ext = (X509Extension) extensions[oid]; - Asn1EncodableVector v = new Asn1EncodableVector(oid); - - if (ext.IsCritical) + X509Extension ext = m_extensions[oid]; + if (ext.IsCritical) { - v.Add(DerBoolean.True); + v.Add(new DerSequence(oid, DerBoolean.True, ext.Value)); + } + else + { + v.Add(new DerSequence(oid, ext.Value)); } - - v.Add(ext.Value); - - vec.Add(new DerSequence(v)); } - return new DerSequence(vec); + return new DerSequence(v); } - public bool Equivalent( - X509Extensions other) + public bool Equivalent(X509Extensions other) { - if (extensions.Count != other.extensions.Count) + if (m_extensions.Count != other.m_extensions.Count) return false; - foreach (DerObjectIdentifier oid in extensions.Keys) - { - if (!extensions[oid].Equals(other.extensions[oid])) - return false; - } + foreach (var entry in m_extensions) + { + if (!entry.Value.Equals(other.GetExtension(entry.Key))) + return false; + } return true; } public DerObjectIdentifier[] GetExtensionOids() { - return ToOidArray(ordering); + return m_ordering.ToArray(); } public DerObjectIdentifier[] GetNonCriticalExtensionOids() @@ -393,25 +381,17 @@ namespace Org.BouncyCastle.Asn1.X509 private DerObjectIdentifier[] GetExtensionOids(bool isCritical) { - IList oids = Platform.CreateArrayList(); + var oids = new List<DerObjectIdentifier>(); - foreach (DerObjectIdentifier oid in this.ordering) + foreach (DerObjectIdentifier oid in m_ordering) { - X509Extension ext = (X509Extension)extensions[oid]; - if (ext.IsCritical == isCritical) + if (m_extensions[oid].IsCritical == isCritical) { oids.Add(oid); } } - return ToOidArray(oids); - } - - private static DerObjectIdentifier[] ToOidArray(IList oids) - { - DerObjectIdentifier[] oidArray = new DerObjectIdentifier[oids.Count]; - oids.CopyTo(oidArray, 0); - return oidArray; + return oids.ToArray(); } } } diff --git a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs index 3b952fffa..438c507aa 100644 --- a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs +++ b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Utilities; @@ -8,8 +9,9 @@ namespace Org.BouncyCastle.Asn1.X509 /// <remarks>Generator for X.509 extensions</remarks> public class X509ExtensionsGenerator { - private IDictionary extensions = Platform.CreateHashtable(); - private IList extOrdering = Platform.CreateArrayList(); + private Dictionary<DerObjectIdentifier, X509Extension> m_extensions = + new Dictionary<DerObjectIdentifier, X509Extension>(); + private List<DerObjectIdentifier> m_ordering = new List<DerObjectIdentifier>(); private static readonly IDictionary dupsAllowed = Platform.CreateHashtable(); @@ -19,16 +21,13 @@ namespace Org.BouncyCastle.Asn1.X509 dupsAllowed.Add(X509Extensions.IssuerAlternativeName, true); dupsAllowed.Add(X509Extensions.SubjectDirectoryAttributes, true); dupsAllowed.Add(X509Extensions.CertificateIssuer, true); - } - - /// <summary>Reset the generator</summary> public void Reset() { - extensions = Platform.CreateHashtable(); - extOrdering = Platform.CreateArrayList(); + m_extensions = new Dictionary<DerObjectIdentifier, X509Extension>(); + m_ordering = new List<DerObjectIdentifier>(); } /// <summary> @@ -38,10 +37,7 @@ namespace Org.BouncyCastle.Asn1.X509 /// <param name="oid">OID for the extension.</param> /// <param name="critical">True if critical, false otherwise.</param> /// <param name="extValue">The ASN.1 object to be included in the extension.</param> - public void AddExtension( - DerObjectIdentifier oid, - bool critical, - Asn1Encodable extValue) + public void AddExtension(DerObjectIdentifier oid, bool critical, Asn1Encodable extValue) { byte[] encoded; try @@ -63,38 +59,30 @@ namespace Org.BouncyCastle.Asn1.X509 /// <param name="oid">OID for the extension.</param> /// <param name="critical">True if critical, false otherwise.</param> /// <param name="extValue">The byte array to be wrapped.</param> - public void AddExtension( - DerObjectIdentifier oid, - bool critical, - byte[] extValue) + public void AddExtension(DerObjectIdentifier oid, bool critical, byte[] extValue) { - if (extensions.Contains(oid)) + if (m_extensions.TryGetValue(oid, out X509Extension existingExtension)) { - if (dupsAllowed.Contains(oid)) - { - X509Extension existingExtension = (X509Extension)extensions[oid]; - - Asn1Sequence seq1 = Asn1Sequence.GetInstance(DerOctetString.GetInstance(existingExtension.Value).GetOctets()); - Asn1EncodableVector items = Asn1EncodableVector.FromEnumerable(seq1); - Asn1Sequence seq2 = Asn1Sequence.GetInstance(extValue); - - foreach (Asn1Encodable enc in seq2) - { - items.Add(enc); - } + if (!dupsAllowed.Contains(oid)) + throw new ArgumentException("extension " + oid + " already added"); - extensions[oid] = new X509Extension(existingExtension.IsCritical, new DerOctetString(new DerSequence(items).GetEncoded())); + Asn1Sequence seq1 = Asn1Sequence.GetInstance( + Asn1OctetString.GetInstance(existingExtension.Value).GetOctets()); + Asn1EncodableVector items = Asn1EncodableVector.FromEnumerable(seq1); + Asn1Sequence seq2 = Asn1Sequence.GetInstance(extValue); - } - else + foreach (Asn1Encodable enc in seq2) { - throw new ArgumentException("extension " + oid + " already added"); + items.Add(enc); } + + m_extensions[oid] = new X509Extension(existingExtension.IsCritical, + new DerOctetString(new DerSequence(items).GetEncoded())); } else { - extOrdering.Add(oid); - extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue))); + m_ordering.Add(oid); + m_extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue))); } } @@ -113,25 +101,23 @@ namespace Org.BouncyCastle.Asn1.X509 /// <returns>True if empty, false otherwise</returns> public bool IsEmpty { - get { return extOrdering.Count < 1; } + get { return m_ordering.Count < 1; } } /// <summary>Generate an X509Extensions object based on the current state of the generator.</summary> /// <returns>An <c>X509Extensions</c> object</returns> public X509Extensions Generate() { - return new X509Extensions(extOrdering, extensions); + return new X509Extensions(m_ordering, m_extensions); } internal void AddExtension(DerObjectIdentifier oid, X509Extension x509Extension) { - if (extensions.Contains(oid)) - { + if (m_extensions.ContainsKey(oid)) throw new ArgumentException("extension " + oid + " already added"); - } - extOrdering.Add(oid); - extensions.Add(oid, x509Extension); + m_ordering.Add(oid); + m_extensions.Add(oid, x509Extension); } } } diff --git a/crypto/src/asn1/x9/X962NamedCurves.cs b/crypto/src/asn1/x9/X962NamedCurves.cs index e0fb625f9..893371fd4 100644 --- a/crypto/src/asn1/x9/X962NamedCurves.cs +++ b/crypto/src/asn1/x9/X962NamedCurves.cs @@ -836,21 +836,21 @@ namespace Org.BouncyCastle.Asn1.X9 /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs index 5dffd0d26..fd65576ac 100644 --- a/crypto/src/cms/CMSSignedDataParser.cs +++ b/crypto/src/cms/CMSSignedDataParser.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; @@ -62,7 +63,7 @@ namespace Org.BouncyCastle.Cms private DerObjectIdentifier _signedContentType; private CmsTypedStream _signedContent; private IDictionary _digests; - private ISet _digestOids; + private HashSet<string> _digestOids; private SignerInformationStore _signerInfoStore; private Asn1Set _certSet, _crlSet; @@ -106,7 +107,7 @@ namespace Org.BouncyCastle.Cms this._signedContent = signedContent; this._signedData = SignedDataParser.GetInstance(this.contentInfo.GetContent(Asn1Tags.Sequence)); this._digests = Platform.CreateHashtable(); - this._digestOids = new HashSet(); + this._digestOids = new HashSet<string>(); Asn1SetParser digAlgs = _signedData.GetDigestAlgorithms(); IAsn1Convertible o; @@ -177,9 +178,9 @@ namespace Org.BouncyCastle.Cms get { return _signedData.Version.IntValueExact; } } - public ISet DigestOids + public ISet<string> DigestOids { - get { return new HashSet(_digestOids); } + get { return new HashSet<string>(_digestOids); } } /** diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs index c19852884..e247beea0 100644 --- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs @@ -1,6 +1,6 @@ using System; using System.Collections; -using System.Diagnostics; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; @@ -10,9 +10,7 @@ using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.IO; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.IO; using Org.BouncyCastle.X509; @@ -43,12 +41,12 @@ namespace Org.BouncyCastle.Cms { private static readonly CmsSignedHelper Helper = CmsSignedHelper.Instance; - private readonly IList _signerInfs = Platform.CreateArrayList(); - private readonly ISet _messageDigestOids = new HashSet(); + private readonly IList _signerInfs = Platform.CreateArrayList(); + private readonly HashSet<string> _messageDigestOids = new HashSet<string>(); private readonly IDictionary _messageDigests = Platform.CreateHashtable(); private readonly IDictionary _messageHashes = Platform.CreateHashtable(); - private bool _messageDigestsLocked; - private int _bufferSize; + private bool _messageDigestsLocked; + private int _bufferSize; private class DigestAndSignerInfoGeneratorHolder { diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs index c1d4e0a46..acd353969 100644 --- a/crypto/src/cms/CMSSignedGenerator.cs +++ b/crypto/src/cms/CMSSignedGenerator.cs @@ -26,21 +26,19 @@ namespace Org.BouncyCastle.Cms public class DefaultSignatureAlgorithmIdentifierFinder { private static readonly IDictionary algorithms = Platform.CreateHashtable(); - private static readonly ISet noParams = new HashSet(); + private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>(); private static readonly IDictionary _params = Platform.CreateHashtable(); - private static readonly ISet pkcs15RsaEncryption = new HashSet(); + private static readonly HashSet<DerObjectIdentifier> pkcs15RsaEncryption = new HashSet<DerObjectIdentifier>(); private static readonly IDictionary digestOids = Platform.CreateHashtable(); - private static readonly IDictionary digestBuilders = Platform.CreateHashtable(); - - private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption; - private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1; - private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1; - private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss; - private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94; - private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001; - private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256; - private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512; + //private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption; + //private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1; + //private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1; + //private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss; + //private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94; + //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001; + //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256; + //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512; static DefaultSignatureAlgorithmIdentifierFinder() { @@ -167,75 +165,75 @@ namespace Org.BouncyCastle.Cms // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. // The parameters field SHALL be NULL for RSA based signature algorithms. // - noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha1); - noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha224); - noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha256); - noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha384); - noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha512); - noParams.Add((object)X9ObjectIdentifiers.IdDsaWithSha1); - noParams.Add((object)NistObjectIdentifiers.DsaWithSha224); - noParams.Add((object)NistObjectIdentifiers.DsaWithSha256); - noParams.Add((object)NistObjectIdentifiers.DsaWithSha384); - noParams.Add((object)NistObjectIdentifiers.DsaWithSha512); - noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_224); - noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_256); - noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_384); - noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_512); - noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_224); - noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_256); - noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_384); - noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_512); + noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1); + noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224); + noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256); + noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384); + noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512); + noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1); + noParams.Add(NistObjectIdentifiers.DsaWithSha224); + noParams.Add(NistObjectIdentifiers.DsaWithSha256); + noParams.Add(NistObjectIdentifiers.DsaWithSha384); + noParams.Add(NistObjectIdentifiers.DsaWithSha512); + noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_224); + noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_256); + noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_384); + noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_512); + noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224); + noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256); + noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384); + noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512); // // RFC 4491 // - noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); - noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); - noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256); - noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512); + noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); + noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); + noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256); + noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512); // // SPHINCS-256 // - noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA512); - noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA3_512); + noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA512); + noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512); // // XMSS // - noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA256); - noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA512); - noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE128); - noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE256); - noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA256); - noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA512); - noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE128); - noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE256); + noParams.Add(BCObjectIdentifiers.xmss_with_SHA256); + noParams.Add(BCObjectIdentifiers.xmss_with_SHA512); + noParams.Add(BCObjectIdentifiers.xmss_with_SHAKE128); + noParams.Add(BCObjectIdentifiers.xmss_with_SHAKE256); + noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHA256); + noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHA512); + noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHAKE128); + noParams.Add(BCObjectIdentifiers.xmss_mt_with_SHAKE256); // // SM2 // - noParams.Add((object)GMObjectIdentifiers.sm2sign_with_sha256); - noParams.Add((object)GMObjectIdentifiers.sm2sign_with_sm3); + noParams.Add(GMObjectIdentifiers.sm2sign_with_sha256); + noParams.Add(GMObjectIdentifiers.sm2sign_with_sm3); // // PKCS 1.5 encrypted algorithms // - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha1WithRsaEncryption); - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha224WithRsaEncryption); - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha256WithRsaEncryption); - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha384WithRsaEncryption); - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512WithRsaEncryption); - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); - pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); - pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); - pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); - pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); - pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224); - pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256); - pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384); - pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); + pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); + pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); + pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); + pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); + pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224); + pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256); + pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384); + pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512); // // explicit params diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs index 7c7d42ef8..e48041a50 100644 --- a/crypto/src/cms/CMSSignedHelper.cs +++ b/crypto/src/cms/CMSSignedHelper.cs @@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Cms private static readonly IDictionary digestAlgs = Platform.CreateHashtable(); private static readonly IDictionary digestAliases = Platform.CreateHashtable(); - private static readonly ISet noParams = new HashSet(); + private static readonly HashSet<string> noParams = new HashSet<string>(); private static readonly IDictionary ecAlgorithms = Platform.CreateHashtable(); private static void AddEntries(DerObjectIdentifier oid, string digest, string encryption) diff --git a/crypto/src/crypto/ec/CustomNamedCurves.cs b/crypto/src/crypto/ec/CustomNamedCurves.cs index b1b97551c..d256dba73 100644 --- a/crypto/src/crypto/ec/CustomNamedCurves.cs +++ b/crypto/src/crypto/ec/CustomNamedCurves.cs @@ -895,21 +895,21 @@ namespace Org.BouncyCastle.Crypto.EC /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static X9ECParametersHolder GetByOidLazy(DerObjectIdentifier oid) { - return curves.TryGetValue(oid, out var holder) ? holder : null; + return CollectionUtilities.GetValueOrNull(curves, oid); } /// <summary>Look up the name of the curve with the given <see cref="DerObjectIdentifier">OID</see>.</summary> /// <param name="oid">The <see cref="DerObjectIdentifier">OID</see> for the curve.</param> public static string GetName(DerObjectIdentifier oid) { - return names.TryGetValue(oid, out var name) ? name : null; + return CollectionUtilities.GetValueOrNull(names, oid); } /// <summary>Look up the <see cref="DerObjectIdentifier">OID</see> of the curve with the given name.</summary> /// <param name="name">The name of the curve.</param> public static DerObjectIdentifier GetOid(string name) { - return objIds.TryGetValue(name, out var oid) ? oid : null; + return CollectionUtilities.GetValueOrNull(objIds, name); } /// <summary>Enumerate the available curve names in this registry.</summary> diff --git a/crypto/src/crypto/generators/OpenBsdBCrypt.cs b/crypto/src/crypto/generators/OpenBsdBCrypt.cs index d019731d6..40211a51d 100644 --- a/crypto/src/crypto/generators/OpenBsdBCrypt.cs +++ b/crypto/src/crypto/generators/OpenBsdBCrypt.cs @@ -1,9 +1,9 @@ using System; +using System.Collections.Generic; using System.IO; using System.Text; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.Crypto.Generators { @@ -35,7 +35,7 @@ namespace Org.BouncyCastle.Crypto.Generators */ private static readonly byte[] DecodingTable = new byte[128]; private static readonly string DefaultVersion = "2y"; - private static readonly ISet AllowedVersions = new HashSet(); + private static readonly HashSet<string> AllowedVersions = new HashSet<string>(); static OpenBsdBCrypt() { diff --git a/crypto/src/crypto/operators/Asn1Signature.cs b/crypto/src/crypto/operators/Asn1Signature.cs index a61b6793d..e079bf8ef 100644 --- a/crypto/src/crypto/operators/Asn1Signature.cs +++ b/crypto/src/crypto/operators/Asn1Signature.cs @@ -1,6 +1,6 @@ using System; using System.Collections; -using System.IO; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; @@ -10,9 +10,6 @@ using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; -using Org.BouncyCastle.Crypto.IO; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; @@ -21,11 +18,9 @@ namespace Org.BouncyCastle.Crypto.Operators { internal class X509Utilities { - private static readonly Asn1Null derNull = DerNull.Instance; - private static readonly IDictionary algorithms = Platform.CreateHashtable(); private static readonly IDictionary exParams = Platform.CreateHashtable(); - private static readonly ISet noParams = new HashSet(); + private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>(); static X509Utilities() { @@ -204,7 +199,7 @@ namespace Org.BouncyCastle.Crypto.Operators { Asn1Encodable parameters = sigAlgId.Parameters; - if (parameters != null && !derNull.Equals(parameters)) + if (parameters != null && !DerNull.Instance.Equals(parameters)) { if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { diff --git a/crypto/src/ocsp/OCSPUtil.cs b/crypto/src/ocsp/OCSPUtil.cs index e45b31b0a..e990d1755 100644 --- a/crypto/src/ocsp/OCSPUtil.cs +++ b/crypto/src/ocsp/OCSPUtil.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; @@ -18,7 +19,7 @@ namespace Org.BouncyCastle.Ocsp { private static readonly IDictionary algorithms = Platform.CreateHashtable(); private static readonly IDictionary oids = Platform.CreateHashtable(); - private static readonly ISet noParams = new HashSet(); + private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>(); static OcspUtilities() { diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs index 7f409bcf8..be956c6cd 100644 --- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs +++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; @@ -13,10 +14,8 @@ using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Asn1.Utilities; namespace Org.BouncyCastle.Pkcs { @@ -52,7 +51,7 @@ namespace Org.BouncyCastle.Pkcs protected static readonly IDictionary exParams = Platform.CreateHashtable(); protected static readonly IDictionary keyAlgorithms = Platform.CreateHashtable(); protected static readonly IDictionary oids = Platform.CreateHashtable(); - protected static readonly ISet noParams = new HashSet(); + protected static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>(); static Pkcs10CertificationRequest() { diff --git a/crypto/src/pkix/PkixAttrCertChecker.cs b/crypto/src/pkix/PkixAttrCertChecker.cs index ca49bbd12..3d50bfbbc 100644 --- a/crypto/src/pkix/PkixAttrCertChecker.cs +++ b/crypto/src/pkix/PkixAttrCertChecker.cs @@ -1,7 +1,7 @@ using System; -using System.Collections; +using System.Collections.Generic; -using Org.BouncyCastle.Utilities.Collections; +using Org.BouncyCastle.Asn1; using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Pkix @@ -27,7 +27,7 @@ namespace Org.BouncyCastle.Pkix * <code>PkixAttrCertChecker</code>, or <code>null</code> if no * extensions are supported */ - public abstract ISet GetSupportedExtensions(); + public abstract ISet<DerObjectIdentifier> GetSupportedExtensions(); /** * Performs checks on the specified attribute certificate. Every handled @@ -45,7 +45,7 @@ namespace Org.BouncyCastle.Pkix * does not pass the check. */ public abstract void Check(X509V2AttributeCertificate attrCert, PkixCertPath certPath, - PkixCertPath holderCertPath, ICollection unresolvedCritExts); + PkixCertPath holderCertPath, ICollection<string> unresolvedCritExts); /** * Returns a clone of this object. diff --git a/crypto/src/pkix/PkixAttrCertPathBuilder.cs b/crypto/src/pkix/PkixAttrCertPathBuilder.cs index 1120003a8..6902d76d6 100644 --- a/crypto/src/pkix/PkixAttrCertPathBuilder.cs +++ b/crypto/src/pkix/PkixAttrCertPathBuilder.cs @@ -56,15 +56,15 @@ namespace Org.BouncyCastle.Pkix { X509CertStoreSelector certSelector = new X509CertStoreSelector(); X509Name[] principals = target.Issuer.GetPrincipals(); - ISet issuers = new HashSet(); + var issuers = new HashSet<X509Certificate>(); for (int i = 0; i < principals.Length; i++) { + // TODO Replace loop with a single multiprincipal selector (or don't even use selector) try { certSelector.Subject = principals[i]; - issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelector, - pkixParams.GetStoresCert())); + CollectionUtilities.CollectMatches(issuers, certSelector, pkixParams.GetStoresCert()); } catch (Exception e) { @@ -74,7 +74,7 @@ namespace Org.BouncyCastle.Pkix } } - if (issuers.IsEmpty) + if (issuers.Count < 1) throw new PkixCertPathBuilderException("Public key certificate for attribute certificate cannot be found."); IList certPathList = Platform.CreateArrayList(); diff --git a/crypto/src/pkix/PkixBuilderParameters.cs b/crypto/src/pkix/PkixBuilderParameters.cs index 1dcccb2f8..b76c97874 100644 --- a/crypto/src/pkix/PkixBuilderParameters.cs +++ b/crypto/src/pkix/PkixBuilderParameters.cs @@ -1,4 +1,5 @@ using System; +using System.Collections.Generic; using System.Text; using Org.BouncyCastle.Security; @@ -16,7 +17,7 @@ namespace Org.BouncyCastle.Pkix { private int maxPathLength = 5; - private ISet excludedCerts = new HashSet(); + private ISet<X509Certificate> excludedCerts = new HashSet<X509Certificate>(); /** * Returns an instance of <code>PkixBuilderParameters</code>. @@ -40,12 +41,12 @@ namespace Org.BouncyCastle.Pkix return parameters; } - public PkixBuilderParameters(ISet trustAnchors, ISelector<X509Certificate> targetConstraintsCert) + public PkixBuilderParameters(ISet<TrustAnchor> trustAnchors, ISelector<X509Certificate> targetConstraintsCert) : this(trustAnchors, targetConstraintsCert, null) { } - public PkixBuilderParameters(ISet trustAnchors, ISelector<X509Certificate> targetConstraintsCert, + public PkixBuilderParameters(ISet<TrustAnchor> trustAnchors, ISelector<X509Certificate> targetConstraintsCert, ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert) : base(trustAnchors) { @@ -71,9 +72,9 @@ namespace Org.BouncyCastle.Pkix /// Excluded certificates are not used for building a certification path. /// </summary> /// <returns>the excluded certificates.</returns> - public virtual ISet GetExcludedCerts() + public virtual ISet<X509Certificate> GetExcludedCerts() { - return new HashSet(excludedCerts); + return new HashSet<X509Certificate>(excludedCerts); } /// <summary> @@ -85,16 +86,15 @@ namespace Org.BouncyCastle.Pkix /// The given set is cloned to protect it against subsequent modifications. /// </remarks> /// <param name="excludedCerts">The excluded certificates to set.</param> - public virtual void SetExcludedCerts( - ISet excludedCerts) + public virtual void SetExcludedCerts(ISet<X509Certificate> excludedCerts) { if (excludedCerts == null) { - this.excludedCerts = new HashSet(); + this.excludedCerts = new HashSet<X509Certificate>(); } else { - this.excludedCerts = new HashSet(excludedCerts); + this.excludedCerts = new HashSet<X509Certificate>(excludedCerts); } } @@ -105,15 +105,13 @@ namespace Org.BouncyCastle.Pkix * @param params Parameters to set. * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) */ - protected override void SetParams( - PkixParameters parameters) + protected override void SetParams(PkixParameters parameters) { base.SetParams(parameters); - if (parameters is PkixBuilderParameters) + if (parameters is PkixBuilderParameters _params) { - PkixBuilderParameters _params = (PkixBuilderParameters) parameters; maxPathLength = _params.maxPathLength; - excludedCerts = new HashSet(_params.excludedCerts); + excludedCerts = new HashSet<X509Certificate>(_params.excludedCerts); } } diff --git a/crypto/src/pkix/PkixCertPathBuilder.cs b/crypto/src/pkix/PkixCertPathBuilder.cs index 3ef66b1b9..970fceb99 100644 --- a/crypto/src/pkix/PkixCertPathBuilder.cs +++ b/crypto/src/pkix/PkixCertPathBuilder.cs @@ -1,19 +1,11 @@ using System; using System.Collections; -using System.Text; - -using Org.BouncyCastle.Asn1.IsisMtt; -using Org.BouncyCastle.Asn1; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Asn1.X500; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Math; +using System.Collections.Generic; + using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix { @@ -38,11 +30,10 @@ namespace Org.BouncyCastle.Pkix var certSelector = pkixParams.GetTargetConstraintsCert(); - ISet targets = new HashSet(); + var targets = new HashSet<X509Certificate>(); try { - targets.AddAll( - PkixCertPathValidatorUtilities.FindCertificates(certSelector, pkixParams.GetStoresCert())); + CollectionUtilities.CollectMatches(targets, certSelector, pkixParams.GetStoresCert()); } catch (Exception e) { @@ -50,7 +41,7 @@ namespace Org.BouncyCastle.Pkix "Error finding target certificate.", e); } - if (targets.IsEmpty) + if (targets.Count < 1) throw new PkixCertPathBuilderException("No certificate found matching targetConstraints."); PkixCertPathBuilderResult result = null; diff --git a/crypto/src/pkix/PkixCertPathChecker.cs b/crypto/src/pkix/PkixCertPathChecker.cs index da7e82b46..08b7e3d41 100644 --- a/crypto/src/pkix/PkixCertPathChecker.cs +++ b/crypto/src/pkix/PkixCertPathChecker.cs @@ -1,4 +1,5 @@ -using Org.BouncyCastle.Utilities.Collections; +using System.Collections.Generic; + using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Pkix @@ -63,7 +64,7 @@ namespace Org.BouncyCastle.Pkix * <code>PKIXCertPathChecker</code>, or <code>null</code> if no * extensions are supported */ - public abstract ISet GetSupportedExtensions(); + public abstract ISet<string> GetSupportedExtensions(); /** * Performs the check(s) on the specified certificate using its internal @@ -80,7 +81,7 @@ namespace Org.BouncyCastle.Pkix * @exception CertPathValidatorException * if the specified certificate does not pass the check */ - public abstract void Check(X509Certificate cert, ISet unresolvedCritExts); + public abstract void Check(X509Certificate cert, ISet<string> unresolvedCritExts); //throws CertPathValidatorException; /** diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs index 95939e0bd..cebeed46f 100644 --- a/crypto/src/pkix/PkixCertPathValidator.cs +++ b/crypto/src/pkix/PkixCertPathValidator.cs @@ -71,7 +71,7 @@ namespace Org.BouncyCastle.Pkix // // (c) // - ISet userInitialPolicySet = paramsPkix.GetInitialPolicies(); + var userInitialPolicySet = paramsPkix.GetInitialPolicies(); // // (d) @@ -113,12 +113,12 @@ namespace Org.BouncyCastle.Pkix policyNodes[j] = new List<PkixPolicyNode>(); } - ISet policySet = new HashSet(); + var policySet = new HashSet<string>(); policySet.Add(Rfc3280CertPathUtilities.ANY_POLICY); - var validPolicyTree = new PkixPolicyNode(new List<PkixPolicyNode>(), 0, policySet, null, new HashSet(), - Rfc3280CertPathUtilities.ANY_POLICY, false); + var validPolicyTree = new PkixPolicyNode(new List<PkixPolicyNode>(), 0, policySet, null, + new HashSet<PolicyQualifierInfo>(), Rfc3280CertPathUtilities.ANY_POLICY, false); policyNodes[0].Add(validPolicyTree); @@ -130,7 +130,7 @@ namespace Org.BouncyCastle.Pkix // (d) // int explicitPolicy; - ISet acceptablePolicies = new HashSet(); + var acceptablePolicies = new HashSet<string>(); if (paramsPkix.IsExplicitPolicyRequired) { @@ -326,11 +326,11 @@ namespace Org.BouncyCastle.Pkix // (n) Rfc3280CertPathUtilities.PrepareNextCertN(certPath, index); - ISet criticalExtensions1 = cert.GetCriticalExtensionOids(); + var criticalExtensions1 = cert.GetCriticalExtensionOids(); if (criticalExtensions1 != null) { - criticalExtensions1 = new HashSet(criticalExtensions1); + criticalExtensions1 = new HashSet<string>(criticalExtensions1); // these extensions are handled by the algorithm criticalExtensions1.Remove(X509Extensions.KeyUsage.Id); @@ -346,7 +346,7 @@ namespace Org.BouncyCastle.Pkix } else { - criticalExtensions1 = new HashSet(); + criticalExtensions1 = new HashSet<string>(); } // (o) @@ -391,11 +391,11 @@ namespace Org.BouncyCastle.Pkix // // (f) // - ISet criticalExtensions = cert.GetCriticalExtensionOids(); + var criticalExtensions = cert.GetCriticalExtensionOids(); if (criticalExtensions != null) { - criticalExtensions = new HashSet(criticalExtensions); + criticalExtensions = new HashSet<string>(criticalExtensions); // Requires .Id // these extensions are handled by the algorithm @@ -413,13 +413,13 @@ namespace Org.BouncyCastle.Pkix } else { - criticalExtensions = new HashSet(); + criticalExtensions = new HashSet<string>(); } Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, certPathCheckers, criticalExtensions); - PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, userInitialPolicySet, - index + 1, policyNodes, validPolicyTree, acceptablePolicies); + PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, + userInitialPolicySet, index + 1, policyNodes, validPolicyTree, acceptablePolicies); if ((explicitPolicy > 0) || (intersection != null)) { diff --git a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs index 731f8dfe0..fc65b2535 100644 --- a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs +++ b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs @@ -61,11 +61,9 @@ namespace Org.BouncyCastle.Pkix /// <code>null</code> if not. /// </returns> /// @exception - internal static TrustAnchor FindTrustAnchor( - X509Certificate cert, - ISet trustAnchors) + internal static TrustAnchor FindTrustAnchor(X509Certificate cert, ISet<TrustAnchor> trustAnchors) { - IEnumerator iter = trustAnchors.GetEnumerator(); + var iter = trustAnchors.GetEnumerator(); TrustAnchor trust = null; AsymmetricKeyParameter trustPublicKey = null; Exception invalidKeyEx = null; @@ -83,7 +81,7 @@ namespace Org.BouncyCastle.Pkix while (iter.MoveNext() && trust == null) { - trust = (TrustAnchor) iter.Current; + trust = iter.Current; if (trust.TrustedCert != null) { if (certSelectX509.Match(trust.TrustedCert)) @@ -143,9 +141,7 @@ namespace Org.BouncyCastle.Pkix return trust; } - internal static bool IsIssuerTrustAnchor( - X509Certificate cert, - ISet trustAnchors) + internal static bool IsIssuerTrustAnchor(X509Certificate cert, ISet<TrustAnchor> trustAnchors) { try { @@ -236,10 +232,9 @@ namespace Org.BouncyCastle.Pkix } } - internal static bool IsAnyPolicy( - ISet policySet) + internal static bool IsAnyPolicy(ISet<string> policySet) { - return policySet == null || policySet.Contains(ANY_POLICY) || policySet.Count == 0; + return policySet == null || policySet.Count < 1 || policySet.Contains(ANY_POLICY); } internal static void AddAdditionalStoreFromLocation( @@ -310,23 +305,22 @@ namespace Org.BouncyCastle.Pkix // policy checking // - internal static ISet GetQualifierSet(Asn1Sequence qualifiers) + internal static ISet<PolicyQualifierInfo> GetQualifierSet(Asn1Sequence qualifiers) { - ISet pq = new HashSet(); - - if (qualifiers == null) - return pq; + var pq = new HashSet<PolicyQualifierInfo>(); - foreach (Asn1Encodable ae in qualifiers) - { - try - { - pq.Add(PolicyQualifierInfo.GetInstance(Asn1Object.FromByteArray(ae.GetEncoded()))); - //pq.Add(PolicyQualifierInfo.GetInstance(ae.ToAsn1Object())); - } - catch (IOException ex) + if (qualifiers != null) + { + foreach (Asn1Encodable ae in qualifiers) { - throw new PkixCertPathValidatorException("Policy qualifier info cannot be decoded.", ex); + try + { + pq.Add(PolicyQualifierInfo.GetInstance(ae.ToAsn1Object())); + } + catch (IOException ex) + { + throw new PkixCertPathValidatorException("Policy qualifier info cannot be decoded.", ex); + } } } @@ -374,90 +368,78 @@ namespace Org.BouncyCastle.Pkix } } - internal static void PrepareNextCertB1( - int i, - IList[] policyNodes, - string id_p, - IDictionary m_idp, - X509Certificate cert) + internal static void PrepareNextCertB1(int i, IList<PkixPolicyNode>[] policyNodes, string id_p, + IDictionary<string, ISet<string>> m_idp, X509Certificate cert) { - bool idp_found = false; - IEnumerator nodes_i = policyNodes[i].GetEnumerator(); - while (nodes_i.MoveNext()) + foreach (var node in policyNodes[i]) { - PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current; if (node.ValidPolicy.Equals(id_p)) { - idp_found = true; - node.ExpectedPolicies = (ISet)m_idp[id_p]; - break; + node.ExpectedPolicies = CollectionUtilities.GetValueOrNull(m_idp, id_p); + return; } } - if (!idp_found) + foreach (var node in policyNodes[i]) { - nodes_i = policyNodes[i].GetEnumerator(); - while (nodes_i.MoveNext()) + if (ANY_POLICY.Equals(node.ValidPolicy)) { - PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current; - if (ANY_POLICY.Equals(node.ValidPolicy)) + Asn1Sequence policies; + try + { + policies = Asn1Sequence.GetInstance( + GetExtensionValue(cert, X509Extensions.CertificatePolicies)); + } + catch (Exception e) { - ISet pq = null; - Asn1Sequence policies = null; + throw new Exception("Certificate policies cannot be decoded.", e); + } + + ISet<PolicyQualifierInfo> pq = null; + + foreach (var policy in policies) + { + PolicyInformation pinfo; try { - policies = DerSequence.GetInstance(GetExtensionValue(cert, X509Extensions.CertificatePolicies)); + pinfo = PolicyInformation.GetInstance(policy); } - catch (Exception e) + catch (Exception ex) { - throw new Exception("Certificate policies cannot be decoded.", e); + throw new Exception("Policy information cannot be decoded.", ex); } - IEnumerator enm = policies.GetEnumerator(); - while (enm.MoveNext()) + if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id)) { - PolicyInformation pinfo = null; - try { - pinfo = PolicyInformation.GetInstance(enm.Current); + pq = GetQualifierSet(pinfo.PolicyQualifiers); } - catch (Exception ex) + catch (PkixCertPathValidatorException ex) { - throw new Exception("Policy information cannot be decoded.", ex); + throw new PkixCertPathValidatorException( + "Policy qualifier info set could not be built.", ex); } - - if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id)) - { - try - { - pq = GetQualifierSet(pinfo.PolicyQualifiers); - } - catch (PkixCertPathValidatorException ex) - { - throw new PkixCertPathValidatorException( - "Policy qualifier info set could not be built.", ex); - } - break; - } - } - bool ci = false; - ISet critExtOids = cert.GetCriticalExtensionOids(); - if (critExtOids != null) - { - ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id); + break; } + } - PkixPolicyNode p_node = node.Parent; - if (ANY_POLICY.Equals(p_node.ValidPolicy)) - { - PkixPolicyNode c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i, (ISet)m_idp[id_p], - p_node, pq, id_p, ci); - p_node.AddChild(c_node); - policyNodes[i].Add(c_node); - } - break; + bool ci = false; + var critExtOids = cert.GetCriticalExtensionOids(); + if (critExtOids != null) + { + ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id); + } + + PkixPolicyNode p_node = node.Parent; + if (ANY_POLICY.Equals(p_node.ValidPolicy)) + { + PkixPolicyNode c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i, + CollectionUtilities.GetValueOrNull(m_idp, id_p), p_node, pq, id_p, ci); + p_node.AddChild(c_node); + policyNodes[i].Add(c_node); } + break; } } } @@ -687,25 +669,6 @@ namespace Org.BouncyCastle.Pkix return ((X509Certificate)certPath.Certificates[index - 1]).NotBefore; } - /// <summary> - /// Return a Collection of all certificates found - /// in the stores that are matching the certSelector criteria. - /// </summary> - /// <param name="certSelector">an <see cref="ISelector{T}"/> object that will be used to select - /// the certificates.</param> - /// <param name="certStores">a List containing only IStore objects. These - /// are used to search for certificates.</param> - /// <returns>a Collection of all found <see cref="X509Certificate"/> objects. - /// May be empty but never <code>null</code>.</returns> - /// <exception cref="Exception"></exception> - internal static List<X509Certificate> FindCertificates(ISelector<X509Certificate> certSelector, - IList<IStore<X509Certificate>> certStores) - { - var result = new List<X509Certificate>(); - CollectionUtilities.CollectMatches(result, certSelector, certStores); - return result; - } - /** * Add the CRL issuers from the cRLIssuer field of the distribution point or * from the certificate if not given to the issuer criterion of the @@ -728,7 +691,7 @@ namespace Org.BouncyCastle.Pkix */ internal static void GetCrlIssuersFromDistributionPoint( DistributionPoint dp, - ICollection issuerPrincipals, + ICollection<X509Name> issuerPrincipals, X509CrlStoreSelector selector, PkixParameters pkixParams) { @@ -843,7 +806,7 @@ namespace Org.BouncyCastle.Pkix X509CrlStoreSelector crlselect = new X509CrlStoreSelector(); try { - ISet issuers = new HashSet(); + var issuers = new HashSet<X509Name>(); issuers.Add(certObjIssuer); GetCrlIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX); @@ -954,7 +917,7 @@ namespace Org.BouncyCastle.Pkix foreach (X509Crl crl in temp) { - if (isDeltaCrl(crl)) + if (IsDeltaCrl(crl)) { result.Add(crl); } @@ -963,10 +926,9 @@ namespace Org.BouncyCastle.Pkix return result; } - private static bool isDeltaCrl( - X509Crl crl) + private static bool IsDeltaCrl(X509Crl crl) { - ISet critical = crl.GetCriticalExtensionOids(); + var critical = crl.GetCriticalExtensionOids(); return critical.Contains(X509Extensions.DeltaCrlIndicator.Id); } @@ -1013,13 +975,13 @@ namespace Org.BouncyCastle.Pkix } internal static bool ProcessCertD1i(int index, IList<PkixPolicyNode>[] policyNodes, DerObjectIdentifier pOid, - ISet pq) + ISet<PolicyQualifierInfo> pq) { foreach (var node in policyNodes[index - 1]) { if (node.ExpectedPolicies.Contains(pOid.Id)) { - var childExpectedPolicies = new HashSet(); + var childExpectedPolicies = new HashSet<string>(); childExpectedPolicies.Add(pOid.Id); var child = new PkixPolicyNode(new List<PkixPolicyNode>(), index, childExpectedPolicies, node, pq, @@ -1035,13 +997,13 @@ namespace Org.BouncyCastle.Pkix } internal static void ProcessCertD1ii(int index, IList<PkixPolicyNode>[] policyNodes, - DerObjectIdentifier _poid, ISet _pq) + DerObjectIdentifier _poid, ISet<PolicyQualifierInfo> _pq) { foreach (var _node in policyNodes[index - 1]) { if (ANY_POLICY.Equals(_node.ValidPolicy)) { - ISet _childExpectedPolicies = new HashSet(); + var _childExpectedPolicies = new HashSet<string>(); _childExpectedPolicies.Add(_poid.Id); var _child = new PkixPolicyNode(new List<PkixPolicyNode>(), index, _childExpectedPolicies, _node, diff --git a/crypto/src/pkix/PkixCrlUtilities.cs b/crypto/src/pkix/PkixCrlUtilities.cs index 341c9a514..8740cc780 100644 --- a/crypto/src/pkix/PkixCrlUtilities.cs +++ b/crypto/src/pkix/PkixCrlUtilities.cs @@ -52,21 +52,17 @@ namespace Org.BouncyCastle.Pkix return finalSet; } - public virtual ISet FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix) + public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix) { - ISet completeSet = new HashSet(); - // get complete CRL(s) try { - completeSet.AddAll(FindCrls(crlSelector, paramsPkix.GetStoresCrl())); + return FindCrls(crlSelector, paramsPkix.GetStoresCrl()); } catch (Exception e) { throw new Exception("Exception obtaining complete CRLs.", e); } - - return completeSet; } /// <summary> diff --git a/crypto/src/pkix/PkixParameters.cs b/crypto/src/pkix/PkixParameters.cs index 32189acfb..eb741fece 100644 --- a/crypto/src/pkix/PkixParameters.cs +++ b/crypto/src/pkix/PkixParameters.cs @@ -41,11 +41,11 @@ namespace Org.BouncyCastle.Pkix */ public const int ChainValidityModel = 1; - private ISet trustAnchors; + private HashSet<TrustAnchor> trustAnchors; private DateTimeObject date; private IList certPathCheckers; private bool revocationEnabled = true; - private ISet initialPolicies; + private HashSet<string> initialPolicies; //private bool checkOnlyEECertificateCrl = false; private bool explicitPolicyRequired = false; private bool anyPolicyInhibited = false; @@ -85,12 +85,11 @@ namespace Org.BouncyCastle.Pkix * if any of the elements in the Set are not of type * <code>java.security.cert.TrustAnchor</code> */ - public PkixParameters( - ISet trustAnchors) + public PkixParameters(ISet<TrustAnchor> trustAnchors) { SetTrustAnchors(trustAnchors); - this.initialPolicies = new HashSet(); + this.initialPolicies = new HashSet<string>(); this.certPathCheckers = Platform.CreateArrayList(); this.m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(); this.m_storesCert = new List<IStore<X509Certificate>>(); @@ -186,23 +185,22 @@ namespace Org.BouncyCastle.Pkix } // Returns a Set of the most-trusted CAs. - public virtual ISet GetTrustAnchors() + public virtual ISet<TrustAnchor> GetTrustAnchors() { - return new HashSet(this.trustAnchors); + return new HashSet<TrustAnchor>(this.trustAnchors); } // Sets the set of most-trusted CAs. // Set is copied to protect against subsequent modifications. - public virtual void SetTrustAnchors( - ISet tas) + public virtual void SetTrustAnchors(ISet<TrustAnchor> tas) { if (tas == null) throw new ArgumentNullException("value"); - if (tas.IsEmpty) + if (tas.Count < 1) throw new ArgumentException("non-empty set required", "value"); // Explicit copy to enforce type-safety - this.trustAnchors = new HashSet(); + this.trustAnchors = new HashSet<TrustAnchor>(); foreach (TrustAnchor ta in tas) { if (ta != null) @@ -311,17 +309,13 @@ namespace Org.BouncyCastle.Pkix * * @see #setInitialPolicies(java.util.Set) */ - public virtual ISet GetInitialPolicies() + public virtual ISet<string> GetInitialPolicies() { - ISet returnSet = initialPolicies; - // TODO Can it really be null? if (initialPolicies == null) - { - returnSet = new HashSet(); - } + return new HashSet<string>(); - return new HashSet(returnSet); + return new HashSet<string>(initialPolicies); } /** @@ -345,10 +339,9 @@ namespace Org.BouncyCastle.Pkix * * @see #getInitialPolicies() */ - public virtual void SetInitialPolicies( - ISet initialPolicies) + public virtual void SetInitialPolicies(ISet<string> initialPolicies) { - this.initialPolicies = new HashSet(); + this.initialPolicies = new HashSet<string>(); if (initialPolicies != null) { foreach (string obj in initialPolicies) diff --git a/crypto/src/pkix/PkixPolicyNode.cs b/crypto/src/pkix/PkixPolicyNode.cs index 2e2e39caf..0ea80b258 100644 --- a/crypto/src/pkix/PkixPolicyNode.cs +++ b/crypto/src/pkix/PkixPolicyNode.cs @@ -2,6 +2,7 @@ using System; using System.Collections.Generic; using System.Text; +using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; @@ -15,9 +16,9 @@ namespace Org.BouncyCastle.Pkix { protected IList<PkixPolicyNode> mChildren; protected int mDepth; - protected ISet mExpectedPolicies; + protected ISet<string> mExpectedPolicies; protected PkixPolicyNode mParent; - protected ISet mPolicyQualifiers; + protected ISet<PolicyQualifierInfo> mPolicyQualifiers; protected string mValidPolicy; protected bool mCritical; @@ -37,9 +38,9 @@ namespace Org.BouncyCastle.Pkix set { this.mCritical = value; } } - public virtual ISet PolicyQualifiers + public virtual ISet<PolicyQualifierInfo> PolicyQualifiers { - get { return new HashSet(this.mPolicyQualifiers); } + get { return new HashSet<PolicyQualifierInfo>(this.mPolicyQualifiers); } } public virtual string ValidPolicy @@ -52,10 +53,10 @@ namespace Org.BouncyCastle.Pkix get { return mChildren.Count != 0; } } - public virtual ISet ExpectedPolicies + public virtual ISet<string> ExpectedPolicies { - get { return new HashSet(this.mExpectedPolicies); } - set { this.mExpectedPolicies = new HashSet(value); } + get { return new HashSet<string>(this.mExpectedPolicies); } + set { this.mExpectedPolicies = new HashSet<string>(value); } } public virtual PkixPolicyNode Parent @@ -68,9 +69,9 @@ namespace Org.BouncyCastle.Pkix public PkixPolicyNode( IEnumerable<PkixPolicyNode> children, int depth, - ISet expectedPolicies, + ISet<string> expectedPolicies, PkixPolicyNode parent, - ISet policyQualifiers, + ISet<PolicyQualifierInfo> policyQualifiers, string validPolicy, bool critical) { @@ -139,9 +140,9 @@ namespace Org.BouncyCastle.Pkix PkixPolicyNode node = new PkixPolicyNode( new List<PkixPolicyNode>(), mDepth, - new HashSet(mExpectedPolicies), + new HashSet<string>(mExpectedPolicies), null, - new HashSet(mPolicyQualifiers), + new HashSet<PolicyQualifierInfo>(mPolicyQualifiers), mValidPolicy, mCritical); diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs index 7359d2568..07293dfaf 100644 --- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs @@ -378,7 +378,7 @@ namespace Org.BouncyCastle.Pkix } /// <exception cref="PkixCertPathValidatorException"/> - internal static PkixPolicyNode ProcessCertD(PkixCertPath certPath, int index, ISet acceptablePolicies, + internal static PkixPolicyNode ProcessCertD(PkixCertPath certPath, int index, ISet<string> acceptablePolicies, PkixPolicyNode validPolicyTree, IList<PkixPolicyNode>[] policyNodes, int inhibitAnyPolicy) { IList certs = certPath.Certificates; @@ -406,7 +406,7 @@ namespace Org.BouncyCastle.Pkix // // (d) (1) // - ISet pols = new HashSet(); + var pols = new HashSet<string>(); foreach (Asn1Encodable ae in certPolicies) { @@ -417,7 +417,7 @@ namespace Org.BouncyCastle.Pkix if (!ANY_POLICY.Equals(pOid.Id)) { - ISet pq = null; + ISet<PolicyQualifierInfo> pq; try { pq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers); @@ -437,16 +437,16 @@ namespace Org.BouncyCastle.Pkix } } - if (acceptablePolicies.IsEmpty || acceptablePolicies.Contains(ANY_POLICY)) + if (acceptablePolicies.Count < 1 || acceptablePolicies.Contains(ANY_POLICY)) { acceptablePolicies.Clear(); - acceptablePolicies.AddAll(pols); + acceptablePolicies.UnionWith(pols); } else { - ISet t1 = new HashSet(); + var t1 = new HashSet<string>(); - foreach (object o in acceptablePolicies) + foreach (var o in acceptablePolicies) { if (pols.Contains(o)) { @@ -454,7 +454,7 @@ namespace Org.BouncyCastle.Pkix } } acceptablePolicies.Clear(); - acceptablePolicies.AddAll(t1); + acceptablePolicies.UnionWith(t1); } // @@ -467,26 +467,12 @@ namespace Org.BouncyCastle.Pkix PolicyInformation pInfo = PolicyInformation.GetInstance(ae.ToAsn1Object()); if (ANY_POLICY.Equals(pInfo.PolicyIdentifier.Id)) { - ISet _apq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers); + var _apq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers); foreach (var _node in policyNodes[i - 1]) { - foreach (var _tmp in _node.ExpectedPolicies) + foreach (var _policy in _node.ExpectedPolicies) { - string _policy; - if (_tmp is string) - { - _policy = (string)_tmp; - } - else if (_tmp is DerObjectIdentifier) - { - _policy = ((DerObjectIdentifier)_tmp).Id; - } - else - { - continue; - } - bool _found = false; foreach (PkixPolicyNode _child in _node.Children) @@ -494,12 +480,13 @@ namespace Org.BouncyCastle.Pkix if (_policy.Equals(_child.ValidPolicy)) { _found = true; + break; } } if (!_found) { - var _newChildExpectedPolicies = new HashSet(); + var _newChildExpectedPolicies = new HashSet<string>(); _newChildExpectedPolicies.Add(_policy); var _newChild = new PkixPolicyNode(new List<PkixPolicyNode>(), i, @@ -538,7 +525,7 @@ namespace Org.BouncyCastle.Pkix // // d (4) // - ISet criticalExtensionOids = cert.GetCriticalExtensionOids(); + var criticalExtensionOids = cert.GetCriticalExtensionOids(); if (criticalExtensionOids != null) { @@ -568,10 +555,7 @@ namespace Org.BouncyCastle.Pkix * @throws AnnotatedException if one of the above conditions does not apply or an error * occurs. */ - internal static void ProcessCrlB1( - DistributionPoint dp, - object cert, - X509Crl crl) + internal static void ProcessCrlB1(DistributionPoint dp, object cert, X509Crl crl) { Asn1Object idp = PkixCertPathValidatorUtilities.GetExtensionValue( crl, X509Extensions.IssuingDistributionPoint); @@ -584,6 +568,7 @@ namespace Org.BouncyCastle.Pkix isIndirect = true; } } + byte[] issuerBytes = crl.IssuerDN.GetEncoded(); bool matchIssuer = false; @@ -596,7 +581,7 @@ namespace Org.BouncyCastle.Pkix { try { - if (Org.BouncyCastle.Utilities.Arrays.AreEqual(genNames[j].Name.ToAsn1Object().GetEncoded(), issuerBytes)) + if (Arrays.AreEqual(genNames[j].Name.GetEncoded(), issuerBytes)) { matchIssuer = true; } @@ -630,12 +615,10 @@ namespace Org.BouncyCastle.Pkix } } - internal static ReasonsMask ProcessCrlD( - X509Crl crl, - DistributionPoint dp) + internal static ReasonsMask ProcessCrlD(X509Crl crl, DistributionPoint dp) //throws AnnotatedException { - IssuingDistributionPoint idp = null; + IssuingDistributionPoint idp; try { idp = IssuingDistributionPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, X509Extensions.IssuingDistributionPoint)); @@ -648,8 +631,7 @@ namespace Org.BouncyCastle.Pkix // (d) (1) if (idp != null && idp.OnlySomeReasons != null && dp.Reasons != null) { - return new ReasonsMask(dp.Reasons.IntValue).Intersect(new ReasonsMask(idp.OnlySomeReasons - .IntValue)); + return new ReasonsMask(dp.Reasons.IntValue).Intersect(new ReasonsMask(idp.OnlySomeReasons.IntValue)); } // (d) (4) if ((idp == null || idp.OnlySomeReasons == null) && dp.Reasons == null) @@ -659,8 +641,7 @@ namespace Org.BouncyCastle.Pkix // (d) (2) and (d)(3) - ReasonsMask dpReasons = null; - + ReasonsMask dpReasons; if (dp.Reasons == null) { dpReasons = ReasonsMask.AllReasons; @@ -670,8 +651,7 @@ namespace Org.BouncyCastle.Pkix dpReasons = new ReasonsMask(dp.Reasons.IntValue); } - ReasonsMask idpReasons = null; - + ReasonsMask idpReasons; if (idp == null) { idpReasons = ReasonsMask.AllReasons; @@ -703,7 +683,7 @@ namespace Org.BouncyCastle.Pkix * @throws AnnotatedException if the CRL is not valid or the status cannot be checked or * some error occurs. */ - internal static ISet ProcessCrlF( + internal static ISet<AsymmetricKeyParameter> ProcessCrlF( X509Crl crl, object cert, X509Certificate defaultCRLSignCert, @@ -740,8 +720,8 @@ namespace Org.BouncyCastle.Pkix signingCerts.Add(defaultCRLSignCert); - IList validCerts = Platform.CreateArrayList(); - IList validKeys = Platform.CreateArrayList(); + var validCerts = new List<X509Certificate>(); + var validKeys = new List<AsymmetricKeyParameter>(); foreach (X509Certificate signingCert in signingCerts) { @@ -796,7 +776,7 @@ namespace Org.BouncyCastle.Pkix } } - ISet checkKeys = new HashSet(); + var checkKeys = new HashSet<AsymmetricKeyParameter>(); Exception lastException = null; for (int i = 0; i < validCerts.Count; i++) @@ -827,9 +807,7 @@ namespace Org.BouncyCastle.Pkix return checkKeys; } - internal static AsymmetricKeyParameter ProcessCrlG( - X509Crl crl, - ISet keys) + internal static AsymmetricKeyParameter ProcessCrlG(X509Crl crl, ISet<AsymmetricKeyParameter> keys) { Exception lastException = null; foreach (AsymmetricKeyParameter key in keys) @@ -918,16 +896,16 @@ namespace Org.BouncyCastle.Pkix bool validCrlFound = false; Exception lastException = null; - IEnumerator crl_iter = crls.GetEnumerator(); + var crl_iter = crls.GetEnumerator(); while (crl_iter.MoveNext() && certStatus.Status == CertStatus.Unrevoked && !reasonMask.IsAllReasons) { try { - X509Crl crl = (X509Crl)crl_iter.Current; + X509Crl crl = crl_iter.Current; // (d) - ReasonsMask interimReasonsMask = Rfc3280CertPathUtilities.ProcessCrlD(crl, dp); + ReasonsMask interimReasonsMask = ProcessCrlD(crl, dp); // (e) /* @@ -941,10 +919,9 @@ namespace Org.BouncyCastle.Pkix } // (f) - ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, cert, defaultCRLSignCert, defaultCRLSignKey, - paramsPKIX, certPathCerts); + var keys = ProcessCrlF(crl, cert, defaultCRLSignCert, defaultCRLSignKey, paramsPKIX, certPathCerts); // (g) - AsymmetricKeyParameter key = Rfc3280CertPathUtilities.ProcessCrlG(crl, keys); + AsymmetricKeyParameter key = ProcessCrlG(crl, keys); X509Crl deltaCRL = null; @@ -954,7 +931,7 @@ namespace Org.BouncyCastle.Pkix ISet<X509Crl> deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl); // we only want one valid delta CRL // (h) - deltaCRL = Rfc3280CertPathUtilities.ProcessCrlH(deltaCRLs, key); + deltaCRL = ProcessCrlH(deltaCRLs, key); } /* @@ -983,19 +960,19 @@ namespace Org.BouncyCastle.Pkix } } - Rfc3280CertPathUtilities.ProcessCrlB1(dp, cert, crl); + ProcessCrlB1(dp, cert, crl); // (b) (2) - Rfc3280CertPathUtilities.ProcessCrlB2(dp, cert, crl); + ProcessCrlB2(dp, cert, crl); // (c) - Rfc3280CertPathUtilities.ProcessCrlC(deltaCRL, crl, paramsPKIX); + ProcessCrlC(deltaCRL, crl, paramsPKIX); // (i) - Rfc3280CertPathUtilities.ProcessCrlI(validDate, deltaCRL, cert, certStatus, paramsPKIX); + ProcessCrlI(validDate, deltaCRL, cert, certStatus, paramsPKIX); // (j) - Rfc3280CertPathUtilities.ProcessCrlJ(validDate, crl, cert, certStatus); + ProcessCrlJ(validDate, crl, cert, certStatus); // (k) if (certStatus.Status == CrlReason.RemoveFromCrl) @@ -1006,15 +983,15 @@ namespace Org.BouncyCastle.Pkix // update reasons mask reasonMask.AddReasons(interimReasonsMask); - ISet criticalExtensions = crl.GetCriticalExtensionOids(); + var criticalExtensions = crl.GetCriticalExtensionOids(); if (criticalExtensions != null) { - criticalExtensions = new HashSet(criticalExtensions); + criticalExtensions = new HashSet<string>(criticalExtensions); criticalExtensions.Remove(X509Extensions.IssuingDistributionPoint.Id); criticalExtensions.Remove(X509Extensions.DeltaCrlIndicator.Id); - if (!criticalExtensions.IsEmpty) + if (criticalExtensions.Count > 0) throw new Exception("CRL contains unsupported critical extensions."); } @@ -1023,11 +1000,11 @@ namespace Org.BouncyCastle.Pkix criticalExtensions = deltaCRL.GetCriticalExtensionOids(); if (criticalExtensions != null) { - criticalExtensions = new HashSet(criticalExtensions); + criticalExtensions = new HashSet<string>(criticalExtensions); criticalExtensions.Remove(X509Extensions.IssuingDistributionPoint.Id); criticalExtensions.Remove(X509Extensions.DeltaCrlIndicator.Id); - if (!criticalExtensions.IsEmpty) + if (criticalExtensions.Count > 0) throw new Exception("Delta CRL contains unsupported critical extension."); } } @@ -1095,7 +1072,7 @@ namespace Org.BouncyCastle.Pkix // for each distribution point if (crldp != null) { - DistributionPoint[] dps = null; + DistributionPoint[] dps; try { dps = crldp.GetDistributionPoints(); @@ -1111,7 +1088,8 @@ namespace Org.BouncyCastle.Pkix PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX.Clone(); try { - CheckCrl(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts); + CheckCrl(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, + reasonsMask, certPathCerts); validCrlFound = true; } catch (Exception e) @@ -1211,36 +1189,32 @@ namespace Org.BouncyCastle.Pkix PkixPolicyNode _validPolicyTree = validPolicyTree; if (pm != null) { - Asn1Sequence mappings = (Asn1Sequence)pm; - IDictionary m_idp = Platform.CreateHashtable(); - ISet s_idp = new HashSet(); + Asn1Sequence mappings = pm; + var m_idp = new Dictionary<string, ISet<string>>(); + var s_idp = new HashSet<string>(); for (int j = 0; j < mappings.Count; j++) { - Asn1Sequence mapping = (Asn1Sequence) mappings[j]; - string id_p = ((DerObjectIdentifier) mapping[0]).Id; - string sd_p = ((DerObjectIdentifier) mapping[1]).Id; - ISet tmp; + Asn1Sequence mapping = (Asn1Sequence)mappings[j]; + string id_p = ((DerObjectIdentifier)mapping[0]).Id; + string sd_p = ((DerObjectIdentifier)mapping[1]).Id; - if (!m_idp.Contains(id_p)) - { - tmp = new HashSet(); - tmp.Add(sd_p); - m_idp[id_p] = tmp; - s_idp.Add(id_p); - } + ISet<string> tmp; + if (m_idp.TryGetValue(id_p, out tmp)) + { + tmp.Add(sd_p); + } else - { - tmp = (ISet)m_idp[id_p]; - tmp.Add(sd_p); - } + { + tmp = new HashSet<string>(); + tmp.Add(sd_p); + m_idp[id_p] = tmp; + s_idp.Add(id_p); + } } - IEnumerator it_idp = s_idp.GetEnumerator(); - while (it_idp.MoveNext()) + foreach (var id_p in s_idp) { - string id_p = (string)it_idp.Current; - // // (1) // @@ -1253,7 +1227,7 @@ namespace Org.BouncyCastle.Pkix if (node.ValidPolicy.Equals(id_p)) { idp_found = true; - node.ExpectedPolicies = (ISet)m_idp[id_p]; + node.ExpectedPolicies = CollectionUtilities.GetValueOrNull(m_idp, id_p); break; } } @@ -1264,7 +1238,6 @@ namespace Org.BouncyCastle.Pkix { if (ANY_POLICY.Equals(node.ValidPolicy)) { - ISet pq = null; Asn1Sequence policies = null; try { @@ -1277,6 +1250,8 @@ namespace Org.BouncyCastle.Pkix "Certificate policies extension could not be decoded.", e, index); } + ISet<PolicyQualifierInfo> pq = null; + foreach (Asn1Encodable ae in policies) { PolicyInformation pinfo = null; @@ -1305,7 +1280,7 @@ namespace Org.BouncyCastle.Pkix } } bool ci = false; - ISet critExtOids = cert.GetCriticalExtensionOids(); + var critExtOids = cert.GetCriticalExtensionOids(); if (critExtOids != null) { ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id); @@ -1315,7 +1290,7 @@ namespace Org.BouncyCastle.Pkix if (ANY_POLICY.Equals(p_node.ValidPolicy)) { var c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i, - (ISet)m_idp[id_p], p_node, pq, id_p, ci); + CollectionUtilities.GetValueOrNull(m_idp, id_p), p_node, pq, id_p, ci); p_node.AddChild(c_node); policyNodes[i].Add(c_node); } @@ -1398,16 +1373,16 @@ namespace Org.BouncyCastle.Pkix return new []{ completeSet, deltaSet }; } - internal static ISet ProcessCrlA1i( + internal static ISet<X509Crl> ProcessCrlA1i( DateTime currentDate, PkixParameters paramsPKIX, X509Certificate cert, X509Crl crl) { - ISet deltaSet = new HashSet(); + var deltaSet = new HashSet<X509Crl>(); if (paramsPKIX.IsUseDeltasEnabled) { - CrlDistPoint freshestCRL = null; + CrlDistPoint freshestCRL; try { freshestCRL = CrlDistPoint.GetInstance( @@ -1422,7 +1397,8 @@ namespace Org.BouncyCastle.Pkix { try { - freshestCRL = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, X509Extensions.FreshestCrl)); + freshestCRL = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, + X509Extensions.FreshestCrl)); } catch (Exception e) { @@ -1433,7 +1409,8 @@ namespace Org.BouncyCastle.Pkix { try { - PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(freshestCRL, paramsPKIX); + PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(freshestCRL, + paramsPKIX); } catch (Exception e) { @@ -1443,7 +1420,7 @@ namespace Org.BouncyCastle.Pkix // get delta CRL(s) try { - deltaSet.AddAll(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl)); + deltaSet.UnionWith(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl)); } catch (Exception e) { @@ -1546,17 +1523,14 @@ namespace Org.BouncyCastle.Pkix } } - internal static int PrepareNextCertI1( - PkixCertPath certPath, - int index, - int explicitPolicy) + internal static int PrepareNextCertI1(PkixCertPath certPath, int index, int explicitPolicy) { IList certs = certPath.Certificates; X509Certificate cert = (X509Certificate)certs[index]; // // (i) // - Asn1Sequence pc = null; + Asn1Sequence pc; try { pc = Asn1Sequence.GetInstance( @@ -1862,7 +1836,7 @@ namespace Org.BouncyCastle.Pkix // bool[] _usage = cert.GetKeyUsage(); - if ((_usage != null) && !_usage[Rfc3280CertPathUtilities.KEY_CERT_SIGN]) + if ((_usage != null) && !_usage[KEY_CERT_SIGN]) { throw new PkixCertPathValidatorException( "Issuer certificate keyusage extension is critical and does not permit key signing.", null, index); @@ -1872,7 +1846,7 @@ namespace Org.BouncyCastle.Pkix internal static void PrepareNextCertO( PkixCertPath certPath, int index, - ISet criticalExtensions, + ISet<string> criticalExtensions, IList pathCheckers) //throws CertPathValidatorException { @@ -1894,7 +1868,7 @@ namespace Org.BouncyCastle.Pkix throw new PkixCertPathValidatorException(e.Message, e.InnerException, index); } } - if (!criticalExtensions.IsEmpty) + if (criticalExtensions.Count > 0) { throw new PkixCertPathValidatorException("Certificate has unsupported critical extension.", null, index); } @@ -1994,7 +1968,7 @@ namespace Org.BouncyCastle.Pkix // (b) // int tmpInt; - Asn1Sequence pc = null; + Asn1Sequence pc; try { pc = Asn1Sequence.GetInstance( @@ -2039,7 +2013,7 @@ namespace Org.BouncyCastle.Pkix PkixCertPath certPath, int index, IList pathCheckers, - ISet criticalExtensions) + ISet<string> criticalExtensions) //throws CertPathValidatorException { IList certs = certPath.Certificates; @@ -2058,7 +2032,7 @@ namespace Org.BouncyCastle.Pkix } } - if (!criticalExtensions.IsEmpty) + if (criticalExtensions.Count > 0) { throw new PkixCertPathValidatorException("Certificate has unsupported critical extension", null, index); @@ -2066,8 +2040,8 @@ namespace Org.BouncyCastle.Pkix } internal static PkixPolicyNode WrapupCertG(PkixCertPath certPath, PkixParameters paramsPKIX, - ISet userInitialPolicySet, int index, IList<PkixPolicyNode>[] policyNodes, PkixPolicyNode validPolicyTree, - ISet acceptablePolicies) + ISet<string> userInitialPolicySet, int index, IList<PkixPolicyNode>[] policyNodes, + PkixPolicyNode validPolicyTree, ISet<string> acceptablePolicies) { int n = certPath.Certificates.Count; @@ -2092,53 +2066,51 @@ namespace Org.BouncyCastle.Pkix { if (paramsPKIX.IsExplicitPolicyRequired) { - if (acceptablePolicies.IsEmpty) + if (acceptablePolicies.Count < 1) { throw new PkixCertPathValidatorException( "Explicit policy requested but none available.", null, index); } - else - { - var _validPolicyNodeSet = new HashSet<PkixPolicyNode>(); - foreach (var _nodeDepth in policyNodes) - { - foreach (var _node in _nodeDepth) - { - if (ANY_POLICY.Equals(_node.ValidPolicy)) + var _validPolicyNodeSet = new HashSet<PkixPolicyNode>(); + + foreach (var _nodeDepth in policyNodes) + { + foreach (var _node in _nodeDepth) + { + if (ANY_POLICY.Equals(_node.ValidPolicy)) + { + foreach (var o in _node.Children) { - foreach (var o in _node.Children) - { - _validPolicyNodeSet.Add(o); - } + _validPolicyNodeSet.Add(o); } } } + } - foreach (var _node in _validPolicyNodeSet) + foreach (var _node in _validPolicyNodeSet) + { + if (!acceptablePolicies.Contains(_node.ValidPolicy)) { - if (!acceptablePolicies.Contains(_node.ValidPolicy)) - { - // TODO? - // validPolicyTree = - // removePolicyNode(validPolicyTree, policyNodes, - // _node); - } + // TODO? + // validPolicyTree = + // removePolicyNode(validPolicyTree, policyNodes, + // _node); } - if (validPolicyTree != null) + } + if (validPolicyTree != null) + { + for (int j = n - 1; j >= 0; j--) { - for (int j = n - 1; j >= 0; j--) - { - var nodes = policyNodes[j]; + var nodes = policyNodes[j]; - for (int k = 0; k < nodes.Count; k++) + for (int k = 0; k < nodes.Count; k++) + { + var node = nodes[k]; + if (!node.HasChildren) { - var node = nodes[k]; - if (!node.HasChildren) - { - validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode( - validPolicyTree, policyNodes, node); - } + validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode( + validPolicyTree, policyNodes, node); } } } diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs index 2e1ee3898..39c03146c 100644 --- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs @@ -23,7 +23,7 @@ namespace Org.BouncyCastle.Pkix // AA Controls // Attribute encryption // Proxy - ISet critExtOids = attrCert.GetCriticalExtensionOids(); + var critExtOids = attrCert.GetCriticalExtensionOids(); // 7.1 // process extensions @@ -47,11 +47,10 @@ namespace Org.BouncyCastle.Pkix { checker.Check(attrCert, certPath, holderCertPath, critExtOids); } - if (!critExtOids.IsEmpty) + if (critExtOids.Count > 0) { throw new PkixCertPathValidatorException( - "Attribute certificate contains unsupported critical extensions: " - + critExtOids); + "Attribute certificate contains unsupported critical extensions: " + critExtOids); } } @@ -276,7 +275,7 @@ namespace Org.BouncyCastle.Pkix X509Certificate acIssuerCert, PkixParameters pkixParams) { - ISet set = pkixParams.GetTrustedACIssuers(); + var set = pkixParams.GetTrustedACIssuers(); bool trusted = false; foreach (TrustAnchor anchor in set) { @@ -352,7 +351,7 @@ namespace Org.BouncyCastle.Pkix { PkixCertPathBuilderResult result = null; // find holder PKCs - ISet holderPKCs = new HashSet(); + var holderPKCs = new HashSet<X509Certificate>(); if (attrCert.Holder.GetIssuer() != null) { X509CertStoreSelector selector = new X509CertStoreSelector(); @@ -360,14 +359,12 @@ namespace Org.BouncyCastle.Pkix X509Name[] principals = attrCert.Holder.GetIssuer(); for (int i = 0; i < principals.Length; i++) { + // TODO Replace loop with a single multiprincipal selector (or don't even use selector) try { -// if (principals[i] is X500Principal) - { - selector.Issuer = principals[i]; - } - holderPKCs.AddAll( - PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStoresCert())); + selector.Issuer = principals[i]; + + CollectionUtilities.CollectMatches(holderPKCs, selector, pkixParams.GetStoresCert()); } catch (Exception e) { @@ -376,7 +373,7 @@ namespace Org.BouncyCastle.Pkix e); } } - if (holderPKCs.IsEmpty) + if (holderPKCs.Count < 1) { throw new PkixCertPathValidatorException( "Public key certificate specified in base certificate ID for attribute certificate cannot be found."); @@ -388,14 +385,12 @@ namespace Org.BouncyCastle.Pkix X509Name[] principals = attrCert.Holder.GetEntityNames(); for (int i = 0; i < principals.Length; i++) { + // TODO Replace loop with a single multiprincipal selector (or don't even use selector) try { -// if (principals[i] is X500Principal) - { - selector.Issuer = principals[i]; - } - holderPKCs.AddAll( - PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStoresCert())); + selector.Issuer = principals[i]; + + CollectionUtilities.CollectMatches(holderPKCs, selector, pkixParams.GetStoresCert()); } catch (Exception e) { @@ -404,7 +399,7 @@ namespace Org.BouncyCastle.Pkix e); } } - if (holderPKCs.IsEmpty) + if (holderPKCs.Count < 1) { throw new PkixCertPathValidatorException( "Public key certificate specified in entity name for attribute certificate cannot be found."); @@ -523,7 +518,7 @@ namespace Org.BouncyCastle.Pkix } // (f) - ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, attrCert, + var keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, attrCert, null, null, paramsPKIX, certPathCerts); // (g) AsymmetricKeyParameter pubKey = Rfc3280CertPathUtilities.ProcessCrlG(crl, keys); diff --git a/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs b/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs index 0f077b7ef..fe3f9899d 100644 --- a/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs +++ b/crypto/src/pqc/crypto/lms/LMSPrivateKeyParameters.cs @@ -334,16 +334,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Lms { lock (tCache) { - byte[] t = tCache.TryGetValue(key, out t) ? t : null; - - if (t != null) + byte[] t; + if (!tCache.TryGetValue(key, out t)) { - return t; + t = CalcT(key.index); + tCache[key] = t; } - t = CalcT(key.index); - tCache[key] = t; - return t; } } diff --git a/crypto/src/tsp/TimeStampRequestGenerator.cs b/crypto/src/tsp/TimeStampRequestGenerator.cs index f4462659b..2d629e972 100644 --- a/crypto/src/tsp/TimeStampRequestGenerator.cs +++ b/crypto/src/tsp/TimeStampRequestGenerator.cs @@ -1,5 +1,5 @@ using System; -using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Tsp; @@ -19,17 +19,16 @@ namespace Org.BouncyCastle.Tsp private DerBoolean certReq; - private IDictionary extensions = Platform.CreateHashtable(); - private IList extOrdering = Platform.CreateArrayList(); + private Dictionary<DerObjectIdentifier, X509Extension> m_extensions = + new Dictionary<DerObjectIdentifier, X509Extension>(); + private List<DerObjectIdentifier> m_ordering = new List<DerObjectIdentifier>(); - public void SetReqPolicy( - string reqPolicy) + public void SetReqPolicy(string reqPolicy) { this.reqPolicy = new DerObjectIdentifier(reqPolicy); } - public void SetCertReq( - bool certReq) + public void SetCertReq(bool certReq) { this.certReq = DerBoolean.GetInstance(certReq); } @@ -38,10 +37,7 @@ namespace Org.BouncyCastle.Tsp * add a given extension field for the standard extensions tag (tag 3) * @throws IOException */ - public virtual void AddExtension( - DerObjectIdentifier oid, - bool critical, - Asn1Encodable extValue) + public virtual void AddExtension(DerObjectIdentifier oid, bool critical, Asn1Encodable extValue) { this.AddExtension(oid, critical, extValue.GetEncoded()); } @@ -51,47 +47,35 @@ namespace Org.BouncyCastle.Tsp * The value parameter becomes the contents of the octet string associated * with the extension. */ - public virtual void AddExtension( - DerObjectIdentifier oid, - bool critical, - byte[] extValue) + public virtual void AddExtension(DerObjectIdentifier oid, bool critical, byte[] extValue) { - extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue))); - extOrdering.Add(oid); + m_extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue))); + m_ordering.Add(oid); } - public TimeStampRequest Generate( - string digestAlgorithm, - byte[] digest) + public TimeStampRequest Generate(string digestAlgorithm, byte[] digest) { - return this.Generate(digestAlgorithm, digest, null); + return Generate(digestAlgorithm, digest, null); } - public TimeStampRequest Generate( - string digestAlgorithmOid, - byte[] digest, - BigInteger nonce) + public TimeStampRequest Generate(string digestAlgorithmOid, byte[] digest, BigInteger nonce) { if (digestAlgorithmOid == null) - { throw new ArgumentException("No digest algorithm specified"); - } DerObjectIdentifier digestAlgOid = new DerObjectIdentifier(digestAlgorithmOid); AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOid, DerNull.Instance); MessageImprint messageImprint = new MessageImprint(algID, digest); - X509Extensions ext = null; + X509Extensions ext = null; - if (extOrdering.Count != 0) + if (m_ordering.Count > 0) { - ext = new X509Extensions(extOrdering, extensions); + ext = new X509Extensions(m_ordering, m_extensions); } - DerInteger derNonce = nonce == null - ? null - : new DerInteger(nonce); + DerInteger derNonce = nonce == null ? null : new DerInteger(nonce); return new TimeStampRequest( new TimeStampReq(messageImprint, reqPolicy, derNonce, certReq, ext)); diff --git a/crypto/src/util/collections/CollectionUtilities.cs b/crypto/src/util/collections/CollectionUtilities.cs index 426700903..97bc374e1 100644 --- a/crypto/src/util/collections/CollectionUtilities.cs +++ b/crypto/src/util/collections/CollectionUtilities.cs @@ -45,9 +45,10 @@ namespace Org.BouncyCastle.Utilities.Collections return new StoreImpl<T>(contents); } - public static IEnumerable Proxy(IEnumerable e) + public static V GetValueOrNull<K, V>(IDictionary<K, V> d, K k) + where V : class { - return new EnumerableProxy(e); + return d.TryGetValue(k, out var v) ? v : null; } public static IEnumerable<T> Proxy<T>(IEnumerable<T> e) diff --git a/crypto/src/util/collections/LinkedDictionary.cs b/crypto/src/util/collections/LinkedDictionary.cs deleted file mode 100644 index 933d38ded..000000000 --- a/crypto/src/util/collections/LinkedDictionary.cs +++ /dev/null @@ -1,178 +0,0 @@ -using System; -using System.Collections; - -namespace Org.BouncyCastle.Utilities.Collections -{ - public class LinkedDictionary - : IDictionary - { - internal readonly IDictionary hash = Platform.CreateHashtable(); - internal readonly IList keys = Platform.CreateArrayList(); - - public LinkedDictionary() - { - } - - public virtual void Add(object k, object v) - { - hash.Add(k, v); - keys.Add(k); - } - - public virtual void Clear() - { - hash.Clear(); - keys.Clear(); - } - - public virtual bool Contains(object k) - { - return hash.Contains(k); - } - - public virtual void CopyTo(Array array, int index) - { - foreach (object k in keys) - { - array.SetValue(hash[k], index++); - } - } - - public virtual int Count - { - get { return hash.Count; } - } - - IEnumerator IEnumerable.GetEnumerator() - { - return GetEnumerator(); - } - - public virtual IDictionaryEnumerator GetEnumerator() - { - return new LinkedDictionaryEnumerator(this); - } - - public virtual void Remove(object k) - { - hash.Remove(k); - keys.Remove(k); - } - - public virtual bool IsFixedSize - { - get { return false; } - } - - public virtual bool IsReadOnly - { - get { return false; } - } - - public virtual bool IsSynchronized - { - get { return false; } - } - - public virtual object SyncRoot - { - get { return false; } - } - - public virtual ICollection Keys - { - get { return Platform.CreateArrayList(keys); } - } - - public virtual ICollection Values - { - // NB: Order has to be the same as for Keys property - get - { - IList values = Platform.CreateArrayList(keys.Count); - foreach (object k in keys) - { - values.Add(hash[k]); - } - return values; - } - } - - public virtual object this[object k] - { - get - { - return hash[k]; - } - set - { - if (!hash.Contains(k)) - keys.Add(k); - hash[k] = value; - } - } - } - - internal class LinkedDictionaryEnumerator : IDictionaryEnumerator - { - private readonly LinkedDictionary parent; - private int pos = -1; - - internal LinkedDictionaryEnumerator(LinkedDictionary parent) - { - this.parent = parent; - } - - public virtual object Current - { - get { return Entry; } - } - - public virtual DictionaryEntry Entry - { - get - { - object k = CurrentKey; - return new DictionaryEntry(k, parent.hash[k]); - } - } - - public virtual object Key - { - get - { - return CurrentKey; - } - } - - public virtual bool MoveNext() - { - if (pos >= parent.keys.Count) - return false; - return ++pos < parent.keys.Count; - } - - public virtual void Reset() - { - this.pos = -1; - } - - public virtual object Value - { - get - { - return parent.hash[CurrentKey]; - } - } - - private object CurrentKey - { - get - { - if (pos < 0 || pos >= parent.keys.Count) - throw new InvalidOperationException(); - return parent.keys[pos]; - } - } - } -} diff --git a/crypto/src/x509/IX509Extension.cs b/crypto/src/x509/IX509Extension.cs index a08f5e052..7d7a06c04 100644 --- a/crypto/src/x509/IX509Extension.cs +++ b/crypto/src/x509/IX509Extension.cs @@ -1,7 +1,7 @@ using System; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; -using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.X509 { @@ -11,13 +11,13 @@ namespace Org.BouncyCastle.X509 /// Get all critical extension values, by oid /// </summary> /// <returns>IDictionary with string (OID) keys and Asn1OctetString values</returns> - ISet GetCriticalExtensionOids(); + ISet<string> GetCriticalExtensionOids(); /// <summary> /// Get all non-critical extension values, by oid /// </summary> /// <returns>IDictionary with string (OID) keys and Asn1OctetString values</returns> - ISet GetNonCriticalExtensionOids(); + ISet<string> GetNonCriticalExtensionOids(); Asn1OctetString GetExtensionValue(DerObjectIdentifier oid); } diff --git a/crypto/src/x509/X509ExtensionBase.cs b/crypto/src/x509/X509ExtensionBase.cs index af3907773..d9df364b0 100644 --- a/crypto/src/x509/X509ExtensionBase.cs +++ b/crypto/src/x509/X509ExtensionBase.cs @@ -1,8 +1,8 @@ using System; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.X509 { @@ -11,33 +11,29 @@ namespace Org.BouncyCastle.X509 { protected abstract X509Extensions GetX509Extensions(); - protected virtual ISet GetExtensionOids( - bool critical) + protected virtual ISet<string> GetExtensionOids(bool critical) { X509Extensions extensions = GetX509Extensions(); - if (extensions != null) + if (extensions == null) + return null; + + var set = new HashSet<string>(); + foreach (DerObjectIdentifier oid in extensions.ExtensionOids) { - HashSet set = new HashSet(); - foreach (DerObjectIdentifier oid in extensions.ExtensionOids) + X509Extension ext = extensions.GetExtension(oid); + if (ext.IsCritical == critical) { - X509Extension ext = extensions.GetExtension(oid); - if (ext.IsCritical == critical) - { - set.Add(oid.Id); - } + set.Add(oid.Id); } - - return set; } - - return null; + return set; } /// <summary> /// Get non critical extensions. /// </summary> /// <returns>A set of non critical extension oids.</returns> - public virtual ISet GetNonCriticalExtensionOids() + public virtual ISet<string> GetNonCriticalExtensionOids() { return GetExtensionOids(false); } @@ -46,24 +42,14 @@ namespace Org.BouncyCastle.X509 /// Get any critical extensions. /// </summary> /// <returns>A sorted list of critical entension.</returns> - public virtual ISet GetCriticalExtensionOids() + public virtual ISet<string> GetCriticalExtensionOids() { return GetExtensionOids(true); } public virtual Asn1OctetString GetExtensionValue(DerObjectIdentifier oid) { - X509Extensions exts = GetX509Extensions(); - if (exts != null) - { - X509Extension ext = exts.GetExtension(oid); - if (ext != null) - { - return ext.Value; - } - } - - return null; + return GetX509Extensions()?.GetExtension(oid)?.Value; } } } diff --git a/crypto/src/x509/X509Utilities.cs b/crypto/src/x509/X509Utilities.cs index 461a545f9..85f24f26a 100644 --- a/crypto/src/x509/X509Utilities.cs +++ b/crypto/src/x509/X509Utilities.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; @@ -21,7 +22,7 @@ namespace Org.BouncyCastle.X509 { private static readonly IDictionary algorithms = Platform.CreateHashtable(); private static readonly IDictionary exParams = Platform.CreateHashtable(); - private static readonly ISet noParams = new HashSet(); + private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>(); static X509Utilities() { |