summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--crypto/src/pkix/PkixNameConstraintValidator.cs22
-rw-r--r--crypto/src/pkix/Rfc3280CertPathUtilities.cs51
-rw-r--r--crypto/test/src/test/PkixNameConstraintsTest.cs22
3 files changed, 54 insertions, 41 deletions
diff --git a/crypto/src/pkix/PkixNameConstraintValidator.cs b/crypto/src/pkix/PkixNameConstraintValidator.cs
index ad59702c5..840755060 100644
--- a/crypto/src/pkix/PkixNameConstraintValidator.cs
+++ b/crypto/src/pkix/PkixNameConstraintValidator.cs
@@ -1365,6 +1365,13 @@ namespace Org.BouncyCastle.Pkix
             return sub;
         }
 
+        /// <exception cref="PkixNameConstraintValidatorException"/>
+        [Obsolete("Use 'CheckPermitted' instead")]
+        public void checkPermitted(GeneralName name)
+        {
+            CheckPermitted(name);
+        }
+
         /**
          * Checks if the given GeneralName is in the permitted ISet.
          *
@@ -1372,8 +1379,8 @@ namespace Org.BouncyCastle.Pkix
          * @throws PkixNameConstraintValidatorException
          *          If the <code>name</code>
          */
-        public void checkPermitted(GeneralName name)
-        //throws PkixNameConstraintValidatorException
+        /// <exception cref="PkixNameConstraintValidatorException"/>
+        public void CheckPermitted(GeneralName name)
         {
             switch (name.TagNo)
             {
@@ -1398,6 +1405,13 @@ namespace Org.BouncyCastle.Pkix
             }
         }
 
+        /// <exception cref="PkixNameConstraintValidatorException"/>
+        [Obsolete("Use 'CheckExcluded' instead")]
+        public void checkExcluded(GeneralName name)
+        {
+            CheckExcluded(name);
+        }
+
         /**
          * Check if the given GeneralName is contained in the excluded ISet.
          *
@@ -1406,8 +1420,8 @@ namespace Org.BouncyCastle.Pkix
          *          If the <code>name</code> is
          *          excluded.
          */
-        public void checkExcluded(GeneralName name)
-        //throws PkixNameConstraintValidatorException
+        /// <exception cref="PkixNameConstraintValidatorException"/>
+        public void CheckExcluded(GeneralName name)
         {
             switch (name.TagNo)
             {
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index a61d83679..3383bf09f 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -186,7 +186,7 @@ namespace Org.BouncyCastle.Pkix
 						}
 					}
 				}
-				BasicConstraints bc = null;
+				BasicConstraints bc;
 				try
 				{
 					bc = BasicConstraints.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(
@@ -237,8 +237,8 @@ namespace Org.BouncyCastle.Pkix
 			if (!(PkixCertPathValidatorUtilities.IsSelfIssued(cert) && (i < n)))
 			{
 				X509Name principal = cert.SubjectDN;
-				Asn1Sequence dns;
 
+				Asn1Sequence dns;
 				try
 				{
 					dns = Asn1Sequence.GetInstance(principal.GetEncoded());
@@ -260,7 +260,7 @@ namespace Org.BouncyCastle.Pkix
 						"Subtree check for certificate subject failed.", e, index);
 				}
 
-				GeneralNames altName = null;
+				GeneralNames altName;
 				try
 				{
 					altName = GeneralNames.GetInstance(
@@ -278,8 +278,8 @@ namespace Org.BouncyCastle.Pkix
 					GeneralName emailAsGeneralName = new GeneralName(GeneralName.Rfc822Name, email);
 					try
 					{
-						nameConstraintValidator.checkPermitted(emailAsGeneralName);
-						nameConstraintValidator.checkExcluded(emailAsGeneralName);
+						nameConstraintValidator.CheckPermitted(emailAsGeneralName);
+						nameConstraintValidator.CheckExcluded(emailAsGeneralName);
 					}
 					catch (PkixNameConstraintValidatorException ex)
 					{
@@ -289,7 +289,7 @@ namespace Org.BouncyCastle.Pkix
 				}
 				if (altName != null)
 				{
-					GeneralName[] genNames = null;
+					GeneralName[] genNames;
 					try
 					{
 						genNames = altName.GetNames();
@@ -303,8 +303,8 @@ namespace Org.BouncyCastle.Pkix
 					{
 						try
 						{
-							nameConstraintValidator.checkPermitted(genName);
-							nameConstraintValidator.checkExcluded(genName);
+							nameConstraintValidator.CheckPermitted(genName);
+							nameConstraintValidator.CheckExcluded(genName);
 						}
 						catch (PkixNameConstraintValidatorException e)
 						{
@@ -772,7 +772,7 @@ namespace Org.BouncyCastle.Pkix
 			Exception lastException = null;
 			for (int i = 0; i < validCerts.Count; i++)
 			{
-				X509Certificate signCert = (X509Certificate)validCerts[i];
+				X509Certificate signCert = validCerts[i];
 				bool[] keyusage = signCert.GetKeyUsage();
 
 				if (keyusage != null && (keyusage.Length < 7 || !keyusage[CRL_SIGN]))
@@ -1228,11 +1228,11 @@ namespace Org.BouncyCastle.Pkix
 							{
 								if (ANY_POLICY.Equals(node.ValidPolicy))
 								{
-									Asn1Sequence policies = null;
+									Asn1Sequence policies;
 									try
 									{
-										policies = (Asn1Sequence)PkixCertPathValidatorUtilities.GetExtensionValue(cert,
-											X509Extensions.CertificatePolicies);
+                                        policies = Asn1Sequence.GetInstance(
+                                            PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
 									}
 									catch (Exception e)
 									{
@@ -1360,7 +1360,7 @@ namespace Org.BouncyCastle.Pkix
 				}
 			}
 
-			return new []{ completeSet, deltaSet };
+			return new ISet<X509Crl>[]{ completeSet, deltaSet };
 		}
 
 		internal static ISet<X509Crl> ProcessCrlA1i(
@@ -1570,7 +1570,7 @@ namespace Org.BouncyCastle.Pkix
 			//
 			// (i)
 			//
-			Asn1Sequence pc = null;
+			Asn1Sequence pc;
 			try
 			{
                 pc = Asn1Sequence.GetInstance(
@@ -1688,7 +1688,7 @@ namespace Org.BouncyCastle.Pkix
 			//
 			// (j)
 			//
-			DerInteger iap = null;
+			DerInteger iap;
 			try
 			{
 				iap = DerInteger.GetInstance(
@@ -1822,7 +1822,7 @@ namespace Org.BouncyCastle.Pkix
 
 		/// <exception cref="PkixCertPathValidatorException"/>
 		internal static void PrepareNextCertO(PkixCertPath certPath, int index, ISet<string> criticalExtensions,
-			IList<PkixCertPathChecker> checkers)
+			IEnumerable<PkixCertPathChecker> checkers)
 		{
 			var certs = certPath.Certificates;
 			X509Certificate cert = certs[index];
@@ -1891,7 +1891,6 @@ namespace Org.BouncyCastle.Pkix
 			return policyMapping;
 		}
 
-
 		internal static int PrepareNextCertH3(
 			PkixCertPath	certPath,
 			int				index,
@@ -1979,7 +1978,7 @@ namespace Org.BouncyCastle.Pkix
 		}
 
 		/// <exception cref="PkixCertPathValidatorException"/>
-		internal static void WrapupCertF(PkixCertPath certPath, int index, IList<PkixCertPathChecker> checkers,
+		internal static void WrapupCertF(PkixCertPath certPath, int index, IEnumerable<PkixCertPathChecker> checkers,
 			ISet<string> criticalExtensions)
 		{
 			var certs = certPath.Certificates;
@@ -2074,8 +2073,8 @@ namespace Org.BouncyCastle.Pkix
 								var node = nodes[k];
 								if (!node.HasChildren)
 								{
-									validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(
-										validPolicyTree, policyNodes, node);
+									validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree,
+										policyNodes, node);
 								}
 							}
 						}
@@ -2172,7 +2171,7 @@ namespace Org.BouncyCastle.Pkix
 			if (deltaCRL == null)
 				return;
 
-			IssuingDistributionPoint completeidp = null;
+			IssuingDistributionPoint completeidp;
 			try
 			{
 				completeidp = IssuingDistributionPoint.GetInstance(
@@ -2190,7 +2189,7 @@ namespace Org.BouncyCastle.Pkix
 					throw new Exception("Complete CRL issuer does not match delta CRL issuer.");
 
 				// (c) (2)
-				IssuingDistributionPoint deltaidp = null;
+				IssuingDistributionPoint deltaidp;
 				try
 				{
 					deltaidp = IssuingDistributionPoint.GetInstance(
@@ -2202,14 +2201,14 @@ namespace Org.BouncyCastle.Pkix
 						"Issuing distribution point extension from delta CRL could not be decoded.", e);
 				}
 
-				if (!Platform.Equals(completeidp, deltaidp))
+				if (!Objects.Equals(completeidp, deltaidp))
 				{
 					throw new Exception(
 						"Issuing distribution point extension from delta CRL and complete CRL does not match.");
 				}
 
 				// (c) (3)
-				Asn1Object completeKeyIdentifier = null;
+				Asn1Object completeKeyIdentifier;
 				try
 				{
 					completeKeyIdentifier = PkixCertPathValidatorUtilities.GetExtensionValue(
@@ -2221,7 +2220,7 @@ namespace Org.BouncyCastle.Pkix
 						"Authority key identifier extension could not be extracted from complete CRL.", e);
 				}
 
-				Asn1Object deltaKeyIdentifier = null;
+				Asn1Object deltaKeyIdentifier;
 				try
 				{
 					deltaKeyIdentifier = PkixCertPathValidatorUtilities.GetExtensionValue(
@@ -2283,7 +2282,7 @@ namespace Org.BouncyCastle.Pkix
 			//
 			// (e)
 			//
-			Asn1Sequence certPolicies = null;
+			Asn1Sequence certPolicies;
 			try
 			{
                 certPolicies = Asn1Sequence.GetInstance(
diff --git a/crypto/test/src/test/PkixNameConstraintsTest.cs b/crypto/test/src/test/PkixNameConstraintsTest.cs
index 0d229a8cb..5b372d97e 100644
--- a/crypto/test/src/test/PkixNameConstraintsTest.cs
+++ b/crypto/test/src/test/PkixNameConstraintsTest.cs
@@ -194,7 +194,7 @@ namespace Org.BouncyCastle.Tests
             constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
                 new GeneralName(GeneralName.DirectoryName,
                     new X509Name(true, "ou=permittedSubtree1, o=Test Certificates 2011, c=US")))));
-            constraintValidator.checkPermitted(
+            constraintValidator.CheckPermitted(
                 new GeneralName(GeneralName.DirectoryName,
                     new X509Name(true, "cn=Valid DN nameConstraints EE Certificate Test1, ou=permittedSubtree1, o=Test Certificates 2011, c=US")));
 
@@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Tests
 
             try
             {
-                validator.checkExcluded(name);
+                validator.CheckExcluded(name);
             }
             catch (PkixNameConstraintValidatorException e)
             {
@@ -222,7 +222,7 @@ namespace Org.BouncyCastle.Tests
 
             try
             {
-                validator.checkPermitted(name);
+                validator.CheckPermitted(name);
             }
             catch (PkixNameConstraintValidatorException e)
             {
@@ -262,7 +262,7 @@ namespace Org.BouncyCastle.Tests
 				PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
 				constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
 					new GeneralName(nameType, testNameIsConstraint[i]))));
-				constraintValidator.checkPermitted(new GeneralName(nameType, testName));
+				constraintValidator.CheckPermitted(new GeneralName(nameType, testName));
 			}
 			for (int i = 0; i < testNameIsNotConstraint.Length; i++)
 			{
@@ -271,7 +271,7 @@ namespace Org.BouncyCastle.Tests
 					new GeneralName(nameType, testNameIsNotConstraint[i]))));
 				try
 				{
-					constraintValidator.checkPermitted(new GeneralName(nameType, testName));
+					constraintValidator.CheckPermitted(new GeneralName(nameType, testName));
 					Fail("not permitted name allowed: " + nameType);
 				}
 				catch (PkixNameConstraintValidatorException)
@@ -286,7 +286,7 @@ namespace Org.BouncyCastle.Tests
 					nameType, testNameIsConstraint[i])));
 				try
 				{
-					constraintValidator.checkExcluded(new GeneralName(nameType, testName));
+					constraintValidator.CheckExcluded(new GeneralName(nameType, testName));
 					Fail("excluded name missed: " + nameType);
 				}
 				catch (PkixNameConstraintValidatorException)
@@ -299,7 +299,7 @@ namespace Org.BouncyCastle.Tests
 				PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
 				constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName(
 					nameType, testNameIsNotConstraint[i])));
-				constraintValidator.checkExcluded(new GeneralName(nameType, testName));
+				constraintValidator.CheckExcluded(new GeneralName(nameType, testName));
 			}
 			for (int i = 0; i < testNames1.Length; i++)
 			{
@@ -373,7 +373,7 @@ namespace Org.BouncyCastle.Tests
 				constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
 					new GeneralName(nameType, new DerOctetString(
 					testNameIsConstraint[i])))));
-				constraintValidator.checkPermitted(new GeneralName(nameType,
+				constraintValidator.CheckPermitted(new GeneralName(nameType,
 					new DerOctetString(testName)));
 			}
 			for (int i = 0; i < testNameIsNotConstraint.Length; i++)
@@ -384,7 +384,7 @@ namespace Org.BouncyCastle.Tests
 					testNameIsNotConstraint[i])))));
 				try
 				{
-					constraintValidator.checkPermitted(new GeneralName(nameType,
+					constraintValidator.CheckPermitted(new GeneralName(nameType,
 						new DerOctetString(testName)));
 					Fail("not permitted name allowed: " + nameType);
 				}
@@ -400,7 +400,7 @@ namespace Org.BouncyCastle.Tests
 					nameType, new DerOctetString(testNameIsConstraint[i]))));
 				try
 				{
-					constraintValidator.checkExcluded(new GeneralName(nameType,
+					constraintValidator.CheckExcluded(new GeneralName(nameType,
 						new DerOctetString(testName)));
 					Fail("excluded name missed: " + nameType);
 				}
@@ -414,7 +414,7 @@ namespace Org.BouncyCastle.Tests
 				PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
 				constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName(
 					nameType, new DerOctetString(testNameIsNotConstraint[i]))));
-				constraintValidator.checkExcluded(new GeneralName(nameType,
+				constraintValidator.CheckExcluded(new GeneralName(nameType,
 					new DerOctetString(testName)));
 			}
 			for (int i = 0; i < testNames1.Length; i++)