diff options
| -rw-r--r-- | crypto/src/pkix/PkixNameConstraintValidator.cs | 22 | ||||
| -rw-r--r-- | crypto/src/pkix/Rfc3280CertPathUtilities.cs | 51 | ||||
| -rw-r--r-- | crypto/test/src/test/PkixNameConstraintsTest.cs | 22 |
3 files changed, 54 insertions, 41 deletions
diff --git a/crypto/src/pkix/PkixNameConstraintValidator.cs b/crypto/src/pkix/PkixNameConstraintValidator.cs index ad59702c5..840755060 100644 --- a/crypto/src/pkix/PkixNameConstraintValidator.cs +++ b/crypto/src/pkix/PkixNameConstraintValidator.cs @@ -1365,6 +1365,13 @@ namespace Org.BouncyCastle.Pkix return sub; } + /// <exception cref="PkixNameConstraintValidatorException"/> + [Obsolete("Use 'CheckPermitted' instead")] + public void checkPermitted(GeneralName name) + { + CheckPermitted(name); + } + /** * Checks if the given GeneralName is in the permitted ISet. * @@ -1372,8 +1379,8 @@ namespace Org.BouncyCastle.Pkix * @throws PkixNameConstraintValidatorException * If the <code>name</code> */ - public void checkPermitted(GeneralName name) - //throws PkixNameConstraintValidatorException + /// <exception cref="PkixNameConstraintValidatorException"/> + public void CheckPermitted(GeneralName name) { switch (name.TagNo) { @@ -1398,6 +1405,13 @@ namespace Org.BouncyCastle.Pkix } } + /// <exception cref="PkixNameConstraintValidatorException"/> + [Obsolete("Use 'CheckExcluded' instead")] + public void checkExcluded(GeneralName name) + { + CheckExcluded(name); + } + /** * Check if the given GeneralName is contained in the excluded ISet. * @@ -1406,8 +1420,8 @@ namespace Org.BouncyCastle.Pkix * If the <code>name</code> is * excluded. */ - public void checkExcluded(GeneralName name) - //throws PkixNameConstraintValidatorException + /// <exception cref="PkixNameConstraintValidatorException"/> + public void CheckExcluded(GeneralName name) { switch (name.TagNo) { diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs index a61d83679..3383bf09f 100644 --- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs @@ -186,7 +186,7 @@ namespace Org.BouncyCastle.Pkix } } } - BasicConstraints bc = null; + BasicConstraints bc; try { bc = BasicConstraints.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue( @@ -237,8 +237,8 @@ namespace Org.BouncyCastle.Pkix if (!(PkixCertPathValidatorUtilities.IsSelfIssued(cert) && (i < n))) { X509Name principal = cert.SubjectDN; - Asn1Sequence dns; + Asn1Sequence dns; try { dns = Asn1Sequence.GetInstance(principal.GetEncoded()); @@ -260,7 +260,7 @@ namespace Org.BouncyCastle.Pkix "Subtree check for certificate subject failed.", e, index); } - GeneralNames altName = null; + GeneralNames altName; try { altName = GeneralNames.GetInstance( @@ -278,8 +278,8 @@ namespace Org.BouncyCastle.Pkix GeneralName emailAsGeneralName = new GeneralName(GeneralName.Rfc822Name, email); try { - nameConstraintValidator.checkPermitted(emailAsGeneralName); - nameConstraintValidator.checkExcluded(emailAsGeneralName); + nameConstraintValidator.CheckPermitted(emailAsGeneralName); + nameConstraintValidator.CheckExcluded(emailAsGeneralName); } catch (PkixNameConstraintValidatorException ex) { @@ -289,7 +289,7 @@ namespace Org.BouncyCastle.Pkix } if (altName != null) { - GeneralName[] genNames = null; + GeneralName[] genNames; try { genNames = altName.GetNames(); @@ -303,8 +303,8 @@ namespace Org.BouncyCastle.Pkix { try { - nameConstraintValidator.checkPermitted(genName); - nameConstraintValidator.checkExcluded(genName); + nameConstraintValidator.CheckPermitted(genName); + nameConstraintValidator.CheckExcluded(genName); } catch (PkixNameConstraintValidatorException e) { @@ -772,7 +772,7 @@ namespace Org.BouncyCastle.Pkix Exception lastException = null; for (int i = 0; i < validCerts.Count; i++) { - X509Certificate signCert = (X509Certificate)validCerts[i]; + X509Certificate signCert = validCerts[i]; bool[] keyusage = signCert.GetKeyUsage(); if (keyusage != null && (keyusage.Length < 7 || !keyusage[CRL_SIGN])) @@ -1228,11 +1228,11 @@ namespace Org.BouncyCastle.Pkix { if (ANY_POLICY.Equals(node.ValidPolicy)) { - Asn1Sequence policies = null; + Asn1Sequence policies; try { - policies = (Asn1Sequence)PkixCertPathValidatorUtilities.GetExtensionValue(cert, - X509Extensions.CertificatePolicies); + policies = Asn1Sequence.GetInstance( + PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies)); } catch (Exception e) { @@ -1360,7 +1360,7 @@ namespace Org.BouncyCastle.Pkix } } - return new []{ completeSet, deltaSet }; + return new ISet<X509Crl>[]{ completeSet, deltaSet }; } internal static ISet<X509Crl> ProcessCrlA1i( @@ -1570,7 +1570,7 @@ namespace Org.BouncyCastle.Pkix // // (i) // - Asn1Sequence pc = null; + Asn1Sequence pc; try { pc = Asn1Sequence.GetInstance( @@ -1688,7 +1688,7 @@ namespace Org.BouncyCastle.Pkix // // (j) // - DerInteger iap = null; + DerInteger iap; try { iap = DerInteger.GetInstance( @@ -1822,7 +1822,7 @@ namespace Org.BouncyCastle.Pkix /// <exception cref="PkixCertPathValidatorException"/> internal static void PrepareNextCertO(PkixCertPath certPath, int index, ISet<string> criticalExtensions, - IList<PkixCertPathChecker> checkers) + IEnumerable<PkixCertPathChecker> checkers) { var certs = certPath.Certificates; X509Certificate cert = certs[index]; @@ -1891,7 +1891,6 @@ namespace Org.BouncyCastle.Pkix return policyMapping; } - internal static int PrepareNextCertH3( PkixCertPath certPath, int index, @@ -1979,7 +1978,7 @@ namespace Org.BouncyCastle.Pkix } /// <exception cref="PkixCertPathValidatorException"/> - internal static void WrapupCertF(PkixCertPath certPath, int index, IList<PkixCertPathChecker> checkers, + internal static void WrapupCertF(PkixCertPath certPath, int index, IEnumerable<PkixCertPathChecker> checkers, ISet<string> criticalExtensions) { var certs = certPath.Certificates; @@ -2074,8 +2073,8 @@ namespace Org.BouncyCastle.Pkix var node = nodes[k]; if (!node.HasChildren) { - validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode( - validPolicyTree, policyNodes, node); + validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, + policyNodes, node); } } } @@ -2172,7 +2171,7 @@ namespace Org.BouncyCastle.Pkix if (deltaCRL == null) return; - IssuingDistributionPoint completeidp = null; + IssuingDistributionPoint completeidp; try { completeidp = IssuingDistributionPoint.GetInstance( @@ -2190,7 +2189,7 @@ namespace Org.BouncyCastle.Pkix throw new Exception("Complete CRL issuer does not match delta CRL issuer."); // (c) (2) - IssuingDistributionPoint deltaidp = null; + IssuingDistributionPoint deltaidp; try { deltaidp = IssuingDistributionPoint.GetInstance( @@ -2202,14 +2201,14 @@ namespace Org.BouncyCastle.Pkix "Issuing distribution point extension from delta CRL could not be decoded.", e); } - if (!Platform.Equals(completeidp, deltaidp)) + if (!Objects.Equals(completeidp, deltaidp)) { throw new Exception( "Issuing distribution point extension from delta CRL and complete CRL does not match."); } // (c) (3) - Asn1Object completeKeyIdentifier = null; + Asn1Object completeKeyIdentifier; try { completeKeyIdentifier = PkixCertPathValidatorUtilities.GetExtensionValue( @@ -2221,7 +2220,7 @@ namespace Org.BouncyCastle.Pkix "Authority key identifier extension could not be extracted from complete CRL.", e); } - Asn1Object deltaKeyIdentifier = null; + Asn1Object deltaKeyIdentifier; try { deltaKeyIdentifier = PkixCertPathValidatorUtilities.GetExtensionValue( @@ -2283,7 +2282,7 @@ namespace Org.BouncyCastle.Pkix // // (e) // - Asn1Sequence certPolicies = null; + Asn1Sequence certPolicies; try { certPolicies = Asn1Sequence.GetInstance( diff --git a/crypto/test/src/test/PkixNameConstraintsTest.cs b/crypto/test/src/test/PkixNameConstraintsTest.cs index 0d229a8cb..5b372d97e 100644 --- a/crypto/test/src/test/PkixNameConstraintsTest.cs +++ b/crypto/test/src/test/PkixNameConstraintsTest.cs @@ -194,7 +194,7 @@ namespace Org.BouncyCastle.Tests constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree( new GeneralName(GeneralName.DirectoryName, new X509Name(true, "ou=permittedSubtree1, o=Test Certificates 2011, c=US"))))); - constraintValidator.checkPermitted( + constraintValidator.CheckPermitted( new GeneralName(GeneralName.DirectoryName, new X509Name(true, "cn=Valid DN nameConstraints EE Certificate Test1, ou=permittedSubtree1, o=Test Certificates 2011, c=US"))); @@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Tests try { - validator.checkExcluded(name); + validator.CheckExcluded(name); } catch (PkixNameConstraintValidatorException e) { @@ -222,7 +222,7 @@ namespace Org.BouncyCastle.Tests try { - validator.checkPermitted(name); + validator.CheckPermitted(name); } catch (PkixNameConstraintValidatorException e) { @@ -262,7 +262,7 @@ namespace Org.BouncyCastle.Tests PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator(); constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree( new GeneralName(nameType, testNameIsConstraint[i])))); - constraintValidator.checkPermitted(new GeneralName(nameType, testName)); + constraintValidator.CheckPermitted(new GeneralName(nameType, testName)); } for (int i = 0; i < testNameIsNotConstraint.Length; i++) { @@ -271,7 +271,7 @@ namespace Org.BouncyCastle.Tests new GeneralName(nameType, testNameIsNotConstraint[i])))); try { - constraintValidator.checkPermitted(new GeneralName(nameType, testName)); + constraintValidator.CheckPermitted(new GeneralName(nameType, testName)); Fail("not permitted name allowed: " + nameType); } catch (PkixNameConstraintValidatorException) @@ -286,7 +286,7 @@ namespace Org.BouncyCastle.Tests nameType, testNameIsConstraint[i]))); try { - constraintValidator.checkExcluded(new GeneralName(nameType, testName)); + constraintValidator.CheckExcluded(new GeneralName(nameType, testName)); Fail("excluded name missed: " + nameType); } catch (PkixNameConstraintValidatorException) @@ -299,7 +299,7 @@ namespace Org.BouncyCastle.Tests PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator(); constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName( nameType, testNameIsNotConstraint[i]))); - constraintValidator.checkExcluded(new GeneralName(nameType, testName)); + constraintValidator.CheckExcluded(new GeneralName(nameType, testName)); } for (int i = 0; i < testNames1.Length; i++) { @@ -373,7 +373,7 @@ namespace Org.BouncyCastle.Tests constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree( new GeneralName(nameType, new DerOctetString( testNameIsConstraint[i]))))); - constraintValidator.checkPermitted(new GeneralName(nameType, + constraintValidator.CheckPermitted(new GeneralName(nameType, new DerOctetString(testName))); } for (int i = 0; i < testNameIsNotConstraint.Length; i++) @@ -384,7 +384,7 @@ namespace Org.BouncyCastle.Tests testNameIsNotConstraint[i]))))); try { - constraintValidator.checkPermitted(new GeneralName(nameType, + constraintValidator.CheckPermitted(new GeneralName(nameType, new DerOctetString(testName))); Fail("not permitted name allowed: " + nameType); } @@ -400,7 +400,7 @@ namespace Org.BouncyCastle.Tests nameType, new DerOctetString(testNameIsConstraint[i])))); try { - constraintValidator.checkExcluded(new GeneralName(nameType, + constraintValidator.CheckExcluded(new GeneralName(nameType, new DerOctetString(testName))); Fail("excluded name missed: " + nameType); } @@ -414,7 +414,7 @@ namespace Org.BouncyCastle.Tests PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator(); constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName( nameType, new DerOctetString(testNameIsNotConstraint[i])))); - constraintValidator.checkExcluded(new GeneralName(nameType, + constraintValidator.CheckExcluded(new GeneralName(nameType, new DerOctetString(testName))); } for (int i = 0; i < testNames1.Length; i++) |