diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 316eaad99..572acb2c7 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -717,7 +717,7 @@ namespace Org.BouncyCastle.X509
{
var tbsCertificate = c.TbsCertificate;
- if (!IsAlgIDEqual(c.SignatureAlgorithm, tbsCertificate.Signature))
+ if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertificate.Signature))
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
return X509Utilities.VerifySignature(verifier, tbsCertificate, c.Signature);
@@ -748,22 +748,5 @@ namespace Org.BouncyCastle.X509
{
return PublicKeyFactory.CreateKey(c.SubjectPublicKeyInfo);
}
-
- private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
- {
- if (!id1.Algorithm.Equals(id2.Algorithm))
- return false;
-
- Asn1Encodable p1 = id1.Parameters;
- Asn1Encodable p2 = id2.Parameters;
-
- if ((p1 == null) == (p2 == null))
- return Objects.Equals(p1, p2);
-
- // Exactly one of p1, p2 is null at this point
- return p1 == null
- ? p2.ToAsn1Object() is Asn1Null
- : p1.ToAsn1Object() is Asn1Null;
- }
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
index 9c3e0fd03..fec33f09c 100644
--- a/crypto/src/x509/X509Crl.cs
+++ b/crypto/src/x509/X509Crl.cs
@@ -181,8 +181,7 @@ namespace Org.BouncyCastle.X509
{
var tbsCertList = c.TbsCertList;
- // TODO Compare IsAlgIDEqual in X509Certificate.CheckSignature
- if (!c.SignatureAlgorithm.Equals(tbsCertList.Signature))
+ if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertList.Signature))
throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
return X509Utilities.VerifySignature(verifier, tbsCertList, c.Signature);
diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs
index 307d5a527..635e7d70b 100644
--- a/crypto/src/x509/X509SignatureUtil.cs
+++ b/crypto/src/x509/X509SignatureUtil.cs
@@ -12,7 +12,25 @@ namespace Org.BouncyCastle.X509
{
internal class X509SignatureUtilities
{
- internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)
+ internal static bool AreEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
+ {
+ if (!id1.Algorithm.Equals(id2.Algorithm))
+ return false;
+
+ Asn1Encodable p1 = id1.Parameters;
+ Asn1Encodable p2 = id2.Parameters;
+
+ if (p1 == p2)
+ return true;
+ if (p1 == null)
+ return p2.ToAsn1Object() is Asn1Null;
+ if (p2 == null)
+ return p1.ToAsn1Object() is Asn1Null;
+
+ return p1.Equals(p2);
+ }
+
+ internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)
{
DerObjectIdentifier sigAlgOid = sigAlgID.Algorithm;
Asn1Encodable parameters = sigAlgID.Parameters;
@@ -87,5 +105,5 @@ namespace Org.BouncyCastle.X509
return digestAlgOID.GetID();
}
}
- }
+ }
}
|
