3 files changed, 31 insertions, 222 deletions

diff --git a/crypto/src/x509/X509CertificatePair.cs b/crypto/src/x509/X509CertificatePair.cs
index 866bb4539..cc4434f37 100644
--- a/crypto/src/x509/X509CertificatePair.cs
+++ b/crypto/src/x509/X509CertificatePair.cs
@@ -15,65 +15,45 @@ namespace Org.BouncyCastle.X509
 	/// </remarks>
 	public class X509CertificatePair
 	{
-		private readonly X509Certificate forward;
-		private readonly X509Certificate reverse;
+		private readonly X509Certificate m_forward;
+		private readonly X509Certificate m_reverse;
 
 		/// <summary>Constructor</summary>
 		/// <param name="forward">Certificate from the other CA to this CA.</param>
 		/// <param name="reverse">Certificate from this CA to the other CA.</param>
-		public X509CertificatePair(
-			X509Certificate	forward,
-			X509Certificate	reverse)
+		public X509CertificatePair(X509Certificate forward, X509Certificate	reverse)
 		{
-			this.forward = forward;
-			this.reverse = reverse;
+			if (forward == null && reverse == null)
+				throw new ArgumentException("At least one of the pair shall be present");
+
+			m_forward = forward;
+			m_reverse = reverse;
 		}
 
 		/// <summary>Constructor from a ASN.1 CertificatePair structure.</summary>
 		/// <param name="pair">The <c>CertificatePair</c> ASN.1 object.</param>
-		public X509CertificatePair(
-			CertificatePair pair)
+		public X509CertificatePair(CertificatePair pair)
 		{
-			if (pair.Forward != null)
-			{
-				this.forward = new X509Certificate(pair.Forward);
-			}
-			if (pair.Reverse != null)
-			{
-				this.reverse = new X509Certificate(pair.Reverse);
-			}
+			var forward = pair.Forward;
+			var reverse = pair.Reverse;
+
+            m_forward = forward == null ? null : new X509Certificate(forward);
+            m_reverse = reverse == null ? null : new X509Certificate(reverse);
 		}
 
-		public byte[] GetEncoded()
+		public CertificatePair GetCertificatePair()
+		{
+			return new CertificatePair(m_forward?.CertificateStructure, m_reverse?.CertificateStructure);
+        }
+
+        public byte[] GetEncoded()
 		{
 			try
 			{
-				X509CertificateStructure f = null, r = null;
-
-				if (forward != null)
-				{
-					f = X509CertificateStructure.GetInstance(
-						Asn1Object.FromByteArray(forward.GetEncoded()));
-
-					if (f == null)
-						throw new CertificateEncodingException("unable to get encoding for forward");
-				}
-
-				if (reverse != null)
-				{
-					r = X509CertificateStructure.GetInstance(
-						Asn1Object.FromByteArray(reverse.GetEncoded()));
-
-					if (r == null)
-						throw new CertificateEncodingException("unable to get encoding for reverse");
-				}
-
-				return new CertificatePair(f, r).GetDerEncoded();
+				return GetCertificatePair().GetEncoded(Asn1Encodable.Der);
 			}
 			catch (Exception e)
 			{
-				// TODO
-//				throw new ExtCertificateEncodingException(e.toString(), e);
 				throw new CertificateEncodingException(e.Message, e);
 			}
 		}
@@ -81,41 +61,38 @@ namespace Org.BouncyCastle.X509
 		/// <summary>Returns the certificate from the other CA to this CA.</summary>
 		public X509Certificate Forward
 		{
-			get { return forward; }
+			get { return m_forward; }
 		}
 
 		/// <summary>Returns the certificate from this CA to the other CA.</summary>
 		public X509Certificate Reverse
 		{
-			get { return reverse; }
+			get { return m_reverse; }
 		}
 
-		public override bool Equals(
-			object obj)
+		public override bool Equals(object obj)
 		{
 			if (obj == this)
 				return true;
 
-			X509CertificatePair other = obj as X509CertificatePair;
-
-			if (other == null)
+			if (!(obj is X509CertificatePair that))
 				return false;
 
-			return Objects.Equals(this.forward, other.forward)
-				&& Objects.Equals(this.reverse, other.reverse);
+			return Objects.Equals(this.m_forward, that.m_forward)
+				&& Objects.Equals(this.m_reverse, that.m_reverse);
 		}
 
 		public override int GetHashCode()
 		{
 			int hash = -1;
-			if (forward != null)
+			if (m_forward != null)
 			{
-				hash ^= forward.GetHashCode();
+				hash ^= m_forward.GetHashCode();
 			}
-			if (reverse != null)
+			if (m_reverse != null)
 			{
 				hash *= 17;
-				hash ^= reverse.GetHashCode();
+				hash ^= m_reverse.GetHashCode();
 			}
 			return hash;
 		}
diff --git a/crypto/test/src/test/TestUtilities.cs b/crypto/test/src/test/TestUtilities.cs
index 5835784e9..be983637c 100644
--- a/crypto/test/src/test/TestUtilities.cs
+++ b/crypto/test/src/test/TestUtilities.cs
@@ -109,147 +109,5 @@ namespace Org.BouncyCastle.Tests
 
 			return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
-
-		public static X509Certificate CreateExceptionCertificate(
-			bool exceptionOnEncode)
-		{
-			return new ExceptionCertificate(exceptionOnEncode);
-		}
-
-		private class ExceptionCertificate
-			: X509Certificate
-		{
-			private bool _exceptionOnEncode;
-
-			public ExceptionCertificate(
-				bool exceptionOnEncode)
-			{
-				_exceptionOnEncode = exceptionOnEncode;
-			}
-
-			public override void CheckValidity()
-			{
-				throw new CertificateNotYetValidException();
-			}
-
-			public override void CheckValidity(
-				DateTime date)
-			{
-				throw new CertificateExpiredException();
-			}
-
-			public override int Version
-			{
-				get { return 0; }
-			}
-
-			public override BigInteger SerialNumber
-			{
-				get { return null; }
-			}
-
-			public override X509Name IssuerDN
-			{
-				get { return null; }
-			}
-
-			public override X509Name SubjectDN
-			{
-				get { return null; }
-			}
-
-			public override DateTime NotBefore
-			{
-				get { return DateTime.MaxValue; }
-			}
-
-			public override DateTime NotAfter
-			{
-				get { return DateTime.MinValue; }
-			}
-
-			public override byte[] GetTbsCertificate()
-			{
-				throw new CertificateEncodingException();
-			}
-
-			public override byte[] GetSignature()
-			{
-				return new byte[0];
-			}
-
-			public override string SigAlgName
-			{
-				get { return null; }
-			}
-
-			public override string SigAlgOid
-			{
-				get { return null; }
-			}
-
-			public override byte[] GetSigAlgParams()
-			{
-				return new byte[0];
-			}
-
-			public override DerBitString IssuerUniqueID
-			{
-				get { return null; }
-			}
-
-			public override DerBitString SubjectUniqueID
-			{
-				get { return null; }
-			}
-
-			public override bool[] GetKeyUsage()
-			{
-				return new bool[0];
-			}
-
-			public override int GetBasicConstraints()
-			{
-				return 0;
-			}
-
-			public override byte[] GetEncoded()
-			{
-				if (_exceptionOnEncode)
-					throw new CertificateEncodingException();
-
-				return new byte[0];
-			}
-
-			public override void Verify(AsymmetricKeyParameter key)
-			{
-				throw new CertificateException();
-			}
-
-			public override string ToString()
-			{
-				return null;
-			}
-
-			public override AsymmetricKeyParameter GetPublicKey()
-			{
-				return null;
-			}
-
-			public override ISet<string> GetCriticalExtensionOids()
-			{
-				return null;
-			}
-
-			public override ISet<string> GetNonCriticalExtensionOids()
-			{
-				return null;
-			}
-
-			public override Asn1OctetString GetExtensionValue(DerObjectIdentifier oid)
-			{
-				return null;
-			}
-		}
 	}
 }
diff --git a/crypto/test/src/test/X509CertificatePairTest.cs b/crypto/test/src/test/X509CertificatePairTest.cs
index ac6966150..71a0887f3 100644
--- a/crypto/test/src/test/X509CertificatePairTest.cs
+++ b/crypto/test/src/test/X509CertificatePairTest.cs
@@ -99,32 +99,6 @@ namespace Org.BouncyCastle.Tests
 			{
 				Fail("encoding check");
 			}
-
-			pair4 = new X509CertificatePair(rootCert, TestUtilities.CreateExceptionCertificate(false));
-
-			try
-			{
-				pair4.GetEncoded();
-
-				Fail("no exception on bad GetEncoded()");
-			}
-			catch (CertificateEncodingException)
-			{
-				// expected
-			}
-
-			pair4 = new X509CertificatePair(rootCert, TestUtilities.CreateExceptionCertificate(true));
-
-			try
-			{
-				pair4.GetEncoded();
-
-				Fail("no exception on exception GetEncoded()");
-			}
-			catch (CertificateEncodingException)
-			{
-				// expected
-			}
 		}
 
 		public override string Name