diff options
Diffstat (limited to 'crypto/src')
45 files changed, 759 insertions, 1634 deletions
diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs index d43cdc4f3..fdf1206a4 100644 --- a/crypto/src/cms/CMSSignedData.cs +++ b/crypto/src/cms/CMSSignedData.cs @@ -1,14 +1,13 @@ using System; using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { @@ -43,9 +42,6 @@ namespace Org.BouncyCastle.Cms private SignedData signedData; private ContentInfo contentInfo; private SignerInformationStore signerInfoStore; - private IX509Store attrCertStore; - private IX509Store certificateStore; - private IX509Store crlStore; private IDictionary hashes; private CmsSignedData( @@ -150,11 +146,6 @@ namespace Org.BouncyCastle.Cms get { return signedData.Version.IntValueExact; } } - internal IX509Store GetCertificates() - { - return Helper.GetCertificates(signedData.Certificates); - } - /** * return the collection of signers that are associated with the * signatures for the message. @@ -198,55 +189,33 @@ namespace Org.BouncyCastle.Cms * @exception NoSuchStoreException if the store type isn't available. * @exception CmsException if a general exception prevents creation of the X509Store */ - public IX509Store GetAttributeCertificates( - string type) + public IStore<X509V2AttributeCertificate> GetAttributeCertificates() { - if (attrCertStore == null) - { - attrCertStore = Helper.CreateAttributeStore(type, signedData.Certificates); - } - - return attrCertStore; + return Helper.GetAttributeCertificates(signedData.Certificates); } /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. + * return a X509Store containing the public key certificates, if any, contained in this message. * - * @param type type of store to create * @return a store of public key certificates * @exception NoSuchStoreException if the store type isn't available. * @exception CmsException if a general exception prevents creation of the X509Store */ - public IX509Store GetCertificates( - string type) + public IStore<X509Certificate> GetCertificates() { - if (certificateStore == null) - { - certificateStore = Helper.CreateCertificateStore(type, signedData.Certificates); - } - - return certificateStore; + return Helper.GetCertificates(signedData.Certificates); } /** - * return a X509Store containing CRLs, if any, contained - * in this message. + * return a X509Store containing CRLs, if any, contained in this message. * - * @param type type of store to create * @return a store of CRLs * @exception NoSuchStoreException if the store type isn't available. * @exception CmsException if a general exception prevents creation of the X509Store */ - public IX509Store GetCrls( - string type) + public IStore<X509Crl> GetCrls() { - if (crlStore == null) - { - crlStore = Helper.CreateCrlStore(type, signedData.CRLs); - } - - return crlStore; + return Helper.GetCrls(signedData.CRLs); } /// <summary> @@ -363,15 +332,9 @@ namespace Org.BouncyCastle.Cms * @return a new signed data object. * @exception CmsException if there is an error processing the stores */ - public static CmsSignedData ReplaceCertificatesAndCrls( - CmsSignedData signedData, - IX509Store x509Certs, - IX509Store x509Crls, - IX509Store x509AttrCerts) + public static CmsSignedData ReplaceCertificatesAndCrls(CmsSignedData signedData, IStore<X509Certificate> x509Certs, + IStore<X509Crl> x509Crls, IStore<X509V2AttributeCertificate> x509AttrCerts) { - if (x509AttrCerts != null) - throw Platform.CreateNotImplementedException("Currently can't replace attribute certificates"); - // // copy // @@ -380,37 +343,39 @@ namespace Org.BouncyCastle.Cms // // replace the certs and crls in the SignedData object // - Asn1Set certs = null; - try + Asn1Set certSet = null; + Asn1Set crlSet = null; + + if (x509Certs != null || x509AttrCerts != null) { - Asn1Set asn1Set = CmsUtilities.CreateBerSetFromList( - CmsUtilities.GetCertificatesFromStore(x509Certs)); + var certs = new List<Asn1Encodable>(); - if (asn1Set.Count != 0) + if (x509Certs != null) { - certs = asn1Set; + certs.AddRange(CmsUtilities.GetCertificatesFromStore(x509Certs)); + } + if (x509AttrCerts != null) + { + certs.AddRange(CmsUtilities.GetAttributeCertificatesFromStore(x509AttrCerts)); + } + + Asn1Set berSet = CmsUtilities.CreateBerSetFromList(certs); + if (berSet.Count > 0) + { + certSet = berSet; } - } - catch (X509StoreException e) - { - throw new CmsException("error getting certificates from store", e); } - Asn1Set crls = null; - try + if (x509Crls != null) { - Asn1Set asn1Set = CmsUtilities.CreateBerSetFromList( - CmsUtilities.GetCrlsFromStore(x509Crls)); + var crls = CmsUtilities.GetCrlsFromStore(x509Crls); - if (asn1Set.Count != 0) + Asn1Set berSet = CmsUtilities.CreateBerSetFromList(crls); + if (berSet.Count > 0) { - crls = asn1Set; + crlSet = berSet; } } - catch (X509StoreException e) - { - throw new CmsException("error getting CRLs from store", e); - } // // replace the CMS structure. @@ -419,8 +384,8 @@ namespace Org.BouncyCastle.Cms cms.signedData = new SignedData( old.DigestAlgorithms, old.EncapContentInfo, - certs, - crls, + certSet, + crlSet, old.SignerInfos); // diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs index c25f0aad0..5dffd0d26 100644 --- a/crypto/src/cms/CMSSignedDataParser.cs +++ b/crypto/src/cms/CMSSignedDataParser.cs @@ -8,12 +8,10 @@ using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.IO; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.IO; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { @@ -69,9 +67,6 @@ namespace Org.BouncyCastle.Cms private SignerInformationStore _signerInfoStore; private Asn1Set _certSet, _crlSet; private bool _isCertCrlParsed; - private IX509Store _attributeStore; - private IX509Store _certificateStore; - private IX509Store _crlStore; public CmsSignedDataParser( byte[] sigBlock) @@ -243,17 +238,11 @@ namespace Org.BouncyCastle.Cms * @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. * @exception CmsException if a general exception prevents creation of the X509Store */ - public IX509Store GetAttributeCertificates( - string type) + public IStore<X509V2AttributeCertificate> GetAttributeCertificates() { - if (_attributeStore == null) - { - PopulateCertCrlSets(); - - _attributeStore = Helper.CreateAttributeStore(type, _certSet); - } + PopulateCertCrlSets(); - return _attributeStore; + return Helper.GetAttributeCertificates(_certSet); } /** @@ -265,17 +254,11 @@ namespace Org.BouncyCastle.Cms * @exception NoSuchStoreException if the store type isn't available. * @exception CmsException if a general exception prevents creation of the X509Store */ - public IX509Store GetCertificates( - string type) + public IStore<X509Certificate> GetCertificates() { - if (_certificateStore == null) - { - PopulateCertCrlSets(); - - _certificateStore = Helper.CreateCertificateStore(type, _certSet); - } + PopulateCertCrlSets(); - return _certificateStore; + return Helper.GetCertificates(_certSet); } /** @@ -287,17 +270,11 @@ namespace Org.BouncyCastle.Cms * @exception NoSuchStoreException if the store type isn't available. * @exception CmsException if a general exception prevents creation of the X509Store */ - public IX509Store GetCrls( - string type) + public IStore<X509Crl> GetCrls() { - if (_crlStore == null) - { - PopulateCertCrlSets(); - - _crlStore = Helper.CreateCrlStore(type, _crlSet); - } + PopulateCertCrlSets(); - return _crlStore; + return Helper.GetCrls(_crlSet); } private void PopulateCertCrlSets() @@ -378,9 +355,9 @@ namespace Org.BouncyCastle.Cms Streams.PipeAll(signedContent.ContentStream, contentOut); } - gen.AddAttributeCertificates(parser.GetAttributeCertificates("Collection")); - gen.AddCertificates(parser.GetCertificates("Collection")); - gen.AddCrls(parser.GetCrls("Collection")); + gen.AddAttributeCertificates(parser.GetAttributeCertificates()); + gen.AddCertificates(parser.GetCertificates()); + gen.AddCrls(parser.GetCrls()); // gen.AddSigners(parser.GetSignerInfos()); @@ -401,12 +378,8 @@ namespace Org.BouncyCastle.Cms * @return out. * @exception CmsException if there is an error processing the CertStore */ - public static Stream ReplaceCertificatesAndCrls( - Stream original, - IX509Store x509Certs, - IX509Store x509Crls, - IX509Store x509AttrCerts, - Stream outStr) + public static Stream ReplaceCertificatesAndCrls(Stream original, IStore<X509Certificate> x509Certs, + IStore<X509Crl> x509Crls, IStore<X509V2AttributeCertificate> x509AttrCerts, Stream outStr) { // NB: SecureRandom would be ignored since using existing signatures only CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); @@ -422,15 +395,18 @@ namespace Org.BouncyCastle.Cms Streams.PipeAll(signedContent.ContentStream, contentOut); } -// gen.AddAttributeCertificates(parser.GetAttributeCertificates("Collection")); -// gen.AddCertificates(parser.GetCertificates("Collection")); -// gen.AddCrls(parser.GetCrls("Collection")); if (x509AttrCerts != null) + { gen.AddAttributeCertificates(x509AttrCerts); + } if (x509Certs != null) + { gen.AddCertificates(x509Certs); + } if (x509Crls != null) + { gen.AddCrls(x509Crls); + } gen.AddSigners(parser.GetSignerInfos()); diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs index 8e8b996f4..c19852884 100644 --- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs @@ -566,14 +566,10 @@ namespace Org.BouncyCastle.Cms foreach (string digestOid in _messageDigestOids) { - digestAlgs.Add( - new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); + digestAlgs.Add(new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); } - { - byte[] tmp = new DerSet(digestAlgs).GetEncoded(); - sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); - } + new DerSet(digestAlgs).EncodeTo(sigGen.GetRawOutputStream()); BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(contentTypeOid); @@ -917,12 +913,9 @@ namespace Org.BouncyCastle.Cms _sGen.Close(); } - private static void WriteToGenerator( - Asn1Generator ag, - Asn1Encodable ae) + private static void WriteToGenerator(Asn1Generator ag, Asn1Encodable ae) { - byte[] encoded = ae.GetEncoded(); - ag.GetRawOutputStream().Write(encoded, 0, encoded.Length); + ae.EncodeTo(ag.GetRawOutputStream()); } } } diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs index 95d5ba65b..c1d4e0a46 100644 --- a/crypto/src/cms/CMSSignedGenerator.cs +++ b/crypto/src/cms/CMSSignedGenerator.cs @@ -1,6 +1,6 @@ using System; using System.Collections; -using System.IO; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.BC; @@ -16,13 +16,10 @@ using Org.BouncyCastle.Asn1.Rosstandart; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { @@ -514,8 +511,8 @@ namespace Org.BouncyCastle.Cms public static readonly string EncryptionGost3410 = CryptoProObjectIdentifiers.GostR3410x94.Id; public static readonly string EncryptionECGost3410 = CryptoProObjectIdentifiers.GostR3410x2001.Id; - internal IList _certs = Platform.CreateArrayList(); - internal IList _crls = Platform.CreateArrayList(); + internal List<Asn1Encodable> _certs = new List<Asn1Encodable>(); + internal List<Asn1Encodable> _crls = new List<Asn1Encodable>(); internal IList _signers = Platform.CreateArrayList(); internal IDictionary _digests = Platform.CreateHashtable(); internal bool _useDerForCerts = false; @@ -562,40 +559,34 @@ namespace Org.BouncyCastle.Cms : new DerSet(attr.ToAsn1EncodableVector()); } - public void AddCertificates( - IX509Store certStore) + public void AddAttributeCertificate(X509V2AttributeCertificate attrCert) { - CollectionUtilities.AddRange(_certs, CmsUtilities.GetCertificatesFromStore(certStore)); + _certs.Add(new DerTaggedObject(false, 2, attrCert.AttributeCertificate)); } - public void AddCrls( - IX509Store crlStore) + public void AddAttributeCertificates(IStore<X509V2AttributeCertificate> attrCertStore) { - CollectionUtilities.AddRange(_crls, CmsUtilities.GetCrlsFromStore(crlStore)); + _certs.AddRange(CmsUtilities.GetAttributeCertificatesFromStore(attrCertStore)); } - /** - * Add the attribute certificates contained in the passed in store to the - * generator. - * - * @param store a store of Version 2 attribute certificates - * @throws CmsException if an error occurse processing the store. - */ - public void AddAttributeCertificates( - IX509Store store) + public void AddCertificate(X509Certificate cert) { - try - { - foreach (IX509AttributeCertificate attrCert in store.GetMatches(null)) - { - _certs.Add(new DerTaggedObject(false, 2, - AttributeCertificate.GetInstance(Asn1Object.FromByteArray(attrCert.GetEncoded())))); - } - } - catch (Exception e) - { - throw new CmsException("error processing attribute certs", e); - } + _certs.Add(cert.CertificateStructure); + } + + public void AddCertificates(IStore<X509Certificate> certStore) + { + _certs.AddRange(CmsUtilities.GetCertificatesFromStore(certStore)); + } + + public void AddCrl(X509Crl crl) + { + _crls.Add(crl.CertificateList); + } + + public void AddCrls(IStore<X509Crl> crlStore) + { + _crls.AddRange(CmsUtilities.GetCrlsFromStore(crlStore)); } /** @@ -603,8 +594,7 @@ namespace Org.BouncyCastle.Cms * * @param signerStore store of signers */ - public void AddSigners( - SignerInformationStore signerStore) + public void AddSigners(SignerInformationStore signerStore) { foreach (SignerInformation o in signerStore.GetSigners()) { diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs index 07a3a92d1..7c7d42ef8 100644 --- a/crypto/src/cms/CMSSignedHelper.cs +++ b/crypto/src/cms/CMSSignedHelper.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; @@ -16,7 +17,6 @@ using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { @@ -219,142 +219,6 @@ namespace Org.BouncyCastle.Cms return SignerUtilities.GetSigner(algorithm); } - internal IX509Store CreateAttributeStore( - string type, - Asn1Set certSet) - { - IList certs = Platform.CreateArrayList(); - - if (certSet != null) - { - foreach (Asn1Encodable ae in certSet) - { - try - { - Asn1Object obj = ae.ToAsn1Object(); - - if (obj is Asn1TaggedObject) - { - Asn1TaggedObject tagged = (Asn1TaggedObject)obj; - - if (tagged.TagNo == 2) - { - certs.Add( - new X509V2AttributeCertificate( - Asn1Sequence.GetInstance(tagged, false).GetEncoded())); - } - } - } - catch (Exception ex) - { - throw new CmsException("can't re-encode attribute certificate!", ex); - } - } - } - - try - { - return X509StoreFactory.Create( - "AttributeCertificate/" + type, - new X509CollectionStoreParameters(certs)); - } - catch (ArgumentException e) - { - throw new CmsException("can't setup the X509Store", e); - } - } - - internal IX509Store CreateCertificateStore( - string type, - Asn1Set certSet) - { - IList certs = Platform.CreateArrayList(); - - if (certSet != null) - { - AddCertsFromSet(certs, certSet); - } - - try - { - return X509StoreFactory.Create( - "Certificate/" + type, - new X509CollectionStoreParameters(certs)); - } - catch (ArgumentException e) - { - throw new CmsException("can't setup the X509Store", e); - } - } - - internal IX509Store CreateCrlStore( - string type, - Asn1Set crlSet) - { - IList crls = Platform.CreateArrayList(); - - if (crlSet != null) - { - AddCrlsFromSet(crls, crlSet); - } - - try - { - return X509StoreFactory.Create( - "CRL/" + type, - new X509CollectionStoreParameters(crls)); - } - catch (ArgumentException e) - { - throw new CmsException("can't setup the X509Store", e); - } - } - - private void AddCertsFromSet( - IList certs, - Asn1Set certSet) - { - X509CertificateParser cf = new X509CertificateParser(); - - foreach (Asn1Encodable ae in certSet) - { - try - { - Asn1Object obj = ae.ToAsn1Object(); - - if (obj is Asn1Sequence) - { - // TODO Build certificate directly from sequence? - certs.Add(cf.ReadCertificate(obj.GetEncoded())); - } - } - catch (Exception ex) - { - throw new CmsException("can't re-encode certificate!", ex); - } - } - } - - private void AddCrlsFromSet( - IList crls, - Asn1Set crlSet) - { - X509CrlParser cf = new X509CrlParser(); - - foreach (Asn1Encodable ae in crlSet) - { - try - { - // TODO Build CRL directly from ae.ToAsn1Object()? - crls.Add(cf.ReadCrl(ae.GetEncoded())); - } - catch (Exception ex) - { - throw new CmsException("can't re-encode CRL!", ex); - } - } - } - internal AlgorithmIdentifier FixAlgID( AlgorithmIdentifier algId) { @@ -434,17 +298,57 @@ namespace Org.BouncyCastle.Cms return encOID; } - public IX509Store GetCertificates(Asn1Set certificates) + internal IStore<X509V2AttributeCertificate> GetAttributeCertificates(Asn1Set attrCertSet) { - IList certList = Platform.CreateArrayList(); - if (certificates != null) - { - foreach (Asn1Encodable enc in certificates) - { - certList.Add(X509CertificateStructure.GetInstance(enc)); - } + var contents = new List<X509V2AttributeCertificate>(); + if (attrCertSet != null) + { + foreach (Asn1Encodable ae in attrCertSet) + { + if (ae != null && ae.ToAsn1Object() is Asn1TaggedObject t) + { + if (t.HasContextTag(2)) + { + Asn1Sequence s = Asn1Sequence.GetInstance(t, false); + + contents.Add(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(s))); + } + } + } } - return new X509CollectionStore(certList); + return CollectionUtilities.CreateStore(contents); } - } + + internal IStore<X509Certificate> GetCertificates(Asn1Set certSet) + { + var contents = new List<X509Certificate>(); + if (certSet != null) + { + foreach (Asn1Encodable ae in certSet) + { + if (ae != null && ae.ToAsn1Object() is Asn1Sequence s) + { + contents.Add(new X509Certificate(X509CertificateStructure.GetInstance(s))); + } + } + } + return CollectionUtilities.CreateStore(contents); + } + + internal IStore<X509Crl> GetCrls(Asn1Set crlSet) + { + var contents = new List<X509Crl>(); + if (crlSet != null) + { + foreach (Asn1Encodable ae in crlSet) + { + if (ae != null && ae.ToAsn1Object() is Asn1Sequence s) + { + contents.Add(new X509Crl(CertificateList.GetInstance(s))); + } + } + } + return CollectionUtilities.CreateStore(contents); + } + } } diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs index 95d710607..e30ac0491 100644 --- a/crypto/src/cms/CMSUtils.cs +++ b/crypto/src/cms/CMSUtils.cs @@ -1,15 +1,14 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.IO; +using System.Linq; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Security.Certificates; -using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.IO; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { @@ -69,98 +68,72 @@ namespace Org.BouncyCastle.Cms } } - public static byte[] StreamToByteArray( - Stream inStream) + internal static byte[] StreamToByteArray(Stream inStream) { return Streams.ReadAll(inStream); } - public static byte[] StreamToByteArray( - Stream inStream, - int limit) + internal static byte[] StreamToByteArray(Stream inStream, int limit) { return Streams.ReadAllLimited(inStream, limit); } - public static IList GetCertificatesFromStore( - IX509Store certStore) + internal static List<Asn1TaggedObject> GetAttributeCertificatesFromStore( + IStore<X509V2AttributeCertificate> attrCertStore) { - try - { - IList certs = Platform.CreateArrayList(); - - if (certStore != null) - { - foreach (X509Certificate c in certStore.GetMatches(null)) - { - certs.Add( - X509CertificateStructure.GetInstance( - Asn1Object.FromByteArray(c.GetEncoded()))); - } - } + var result = new List<Asn1TaggedObject>(); + if (attrCertStore != null) + { + result.AddRange( + attrCertStore.EnumerateMatches(null) + .Select(c => new DerTaggedObject(false, 2, c.AttributeCertificate))); + } + return result; + } - return certs; - } - catch (CertificateEncodingException e) - { - throw new CmsException("error encoding certs", e); - } - catch (Exception e) - { - throw new CmsException("error processing certs", e); + internal static List<X509CertificateStructure> GetCertificatesFromStore(IStore<X509Certificate> certStore) + { + var result = new List<X509CertificateStructure>(); + if (certStore != null) + { + result.AddRange( + certStore.EnumerateMatches(null) + .Select(c => c.CertificateStructure)); } + return result; } - public static IList GetCrlsFromStore( - IX509Store crlStore) + internal static List<CertificateList> GetCrlsFromStore(IStore<X509Crl> crlStore) { - try - { - IList crls = Platform.CreateArrayList(); - - if (crlStore != null) - { - foreach (X509Crl c in crlStore.GetMatches(null)) - { - crls.Add( - CertificateList.GetInstance( - Asn1Object.FromByteArray(c.GetEncoded()))); - } - } - - return crls; - } - catch (CrlException e) - { - throw new CmsException("error encoding crls", e); - } - catch (Exception e) + var result = new List<CertificateList>(); + if (crlStore != null) { - throw new CmsException("error processing crls", e); + result.AddRange( + crlStore.EnumerateMatches(null) + .Select(c => c.CertificateList)); } + return result; } - public static Asn1Set CreateBerSetFromList( - IList berObjects) + internal static Asn1Set CreateBerSetFromList(IEnumerable<Asn1Encodable> elements) { Asn1EncodableVector v = new Asn1EncodableVector(); - foreach (Asn1Encodable ae in berObjects) + foreach (Asn1Encodable element in elements) { - v.Add(ae); + v.Add(element); } return new BerSet(v); } - public static Asn1Set CreateDerSetFromList( - IList derObjects) + internal static Asn1Set CreateDerSetFromList(IEnumerable<Asn1Encodable> elements) { Asn1EncodableVector v = new Asn1EncodableVector(); - foreach (Asn1Encodable ae in derObjects) + foreach (Asn1Encodable element in elements) { - v.Add(ae); + v.Add(element); } return new DerSet(v); diff --git a/crypto/src/cms/OriginatorInfoGenerator.cs b/crypto/src/cms/OriginatorInfoGenerator.cs index 6bf108799..d7d24dcc4 100644 --- a/crypto/src/cms/OriginatorInfoGenerator.cs +++ b/crypto/src/cms/OriginatorInfoGenerator.cs @@ -1,37 +1,37 @@ using System; -using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; -using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { public class OriginatorInfoGenerator { - private readonly IList origCerts; - private readonly IList origCrls; + private readonly List<X509CertificateStructure> origCerts; + private readonly List<CertificateList> origCrls; public OriginatorInfoGenerator(X509Certificate origCert) { - this.origCerts = Platform.CreateArrayList(1); + this.origCerts = new List<X509CertificateStructure>(); this.origCrls = null; origCerts.Add(origCert.CertificateStructure); } - public OriginatorInfoGenerator(IX509Store origCerts) + public OriginatorInfoGenerator(IStore<X509Certificate> origCerts) : this(origCerts, null) { } - public OriginatorInfoGenerator(IX509Store origCerts, IX509Store origCrls) + public OriginatorInfoGenerator(IStore<X509Certificate> origCerts, IStore<X509Crl> origCrls) { this.origCerts = CmsUtilities.GetCertificatesFromStore(origCerts); this.origCrls = origCrls == null ? null : CmsUtilities.GetCrlsFromStore(origCrls); } - + public virtual OriginatorInfo Generate() { Asn1Set certSet = CmsUtilities.CreateDerSetFromList(origCerts); diff --git a/crypto/src/cms/OriginatorInformation.cs b/crypto/src/cms/OriginatorInformation.cs index 618add6e0..7186fafc3 100644 --- a/crypto/src/cms/OriginatorInformation.cs +++ b/crypto/src/cms/OriginatorInformation.cs @@ -1,12 +1,8 @@ using System; -using System.Collections; -using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Cms { @@ -24,31 +20,9 @@ namespace Org.BouncyCastle.Cms * * @return a Store of X509CertificateHolder objects. */ - public virtual IX509Store GetCertificates() + public virtual IStore<X509Certificate> GetCertificates() { - Asn1Set certSet = originatorInfo.Certificates; - - if (certSet != null) - { - IList certList = Platform.CreateArrayList(certSet.Count); - - foreach (Asn1Encodable enc in certSet) - { - Asn1Object obj = enc.ToAsn1Object(); - if (obj is Asn1Sequence) - { - certList.Add(new X509Certificate(X509CertificateStructure.GetInstance(obj))); - } - } - - return X509StoreFactory.Create( - "Certificate/Collection", - new X509CollectionStoreParameters(certList)); - } - - return X509StoreFactory.Create( - "Certificate/Collection", - new X509CollectionStoreParameters(Platform.CreateArrayList())); + return CmsSignedHelper.Instance.GetCertificates(originatorInfo.Certificates); } /** @@ -56,31 +30,9 @@ namespace Org.BouncyCastle.Cms * * @return a Store of X509CRLHolder objects. */ - public virtual IX509Store GetCrls() + public virtual IStore<X509Crl> GetCrls() { - Asn1Set crlSet = originatorInfo.Certificates; - - if (crlSet != null) - { - IList crlList = Platform.CreateArrayList(crlSet.Count); - - foreach (Asn1Encodable enc in crlSet) - { - Asn1Object obj = enc.ToAsn1Object(); - if (obj is Asn1Sequence) - { - crlList.Add(new X509Crl(CertificateList.GetInstance(obj))); - } - } - - return X509StoreFactory.Create( - "CRL/Collection", - new X509CollectionStoreParameters(crlList)); - } - - return X509StoreFactory.Create( - "CRL/Collection", - new X509CollectionStoreParameters(Platform.CreateArrayList())); + return CmsSignedHelper.Instance.GetCrls(originatorInfo.Crls); } /** diff --git a/crypto/src/ocsp/BasicOCSPResp.cs b/crypto/src/ocsp/BasicOCSPResp.cs index 2f6d68b48..6c8ad9eee 100644 --- a/crypto/src/ocsp/BasicOCSPResp.cs +++ b/crypto/src/ocsp/BasicOCSPResp.cs @@ -1,5 +1,5 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; @@ -7,10 +7,8 @@ using Org.BouncyCastle.Asn1.Ocsp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Security.Certificates; -using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Ocsp { @@ -108,61 +106,37 @@ namespace Org.BouncyCastle.Ocsp return resp.GetSignatureOctets(); } - private IList GetCertList() + private List<X509Certificate> GetCertList() { - // load the certificates and revocation lists if we have any + // load the certificates if we have any - IList certs = Platform.CreateArrayList(); - Asn1Sequence s = resp.Certs; + var result = new List<X509Certificate>(); - if (s != null) + Asn1Sequence certs = resp.Certs; + if (certs != null) { - foreach (Asn1Encodable ae in s) + foreach (Asn1Encodable ae in certs) { - try + if (ae != null && ae.ToAsn1Object() is Asn1Sequence s) { - certs.Add(new X509CertificateParser().ReadCertificate(ae.GetEncoded())); - } - catch (IOException ex) - { - throw new OcspException("can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new OcspException("can't re-encode certificate!", ex); + result.Add(new X509Certificate(X509CertificateStructure.GetInstance(s))); } } } - return certs; + return result; } public X509Certificate[] GetCerts() { - IList certs = GetCertList(); - X509Certificate[] result = new X509Certificate[certs.Count]; - for (int i = 0; i < certs.Count; ++i) - { - result[i] = (X509Certificate)certs[i]; - } - return result; + return GetCertList().ToArray(); } /// <returns>The certificates, if any, associated with the response.</returns> /// <exception cref="OcspException">In the event of an encoding error.</exception> - public IX509Store GetCertificates( - string type) + public IStore<X509Certificate> GetCertificates() { - try - { - return X509StoreFactory.Create( - "Certificate/" + type, - new X509CollectionStoreParameters(this.GetCertList())); - } - catch (Exception e) - { - throw new OcspException("can't setup the CertStore", e); - } + return CollectionUtilities.CreateStore(this.GetCertList()); } /// <summary> diff --git a/crypto/src/ocsp/OCSPReq.cs b/crypto/src/ocsp/OCSPReq.cs index 5408f068f..b1718c0c0 100644 --- a/crypto/src/ocsp/OCSPReq.cs +++ b/crypto/src/ocsp/OCSPReq.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; @@ -7,10 +8,8 @@ using Org.BouncyCastle.Asn1.Ocsp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Security.Certificates; -using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Ocsp { @@ -156,29 +155,25 @@ namespace Org.BouncyCastle.Ocsp return req.OptionalSignature.GetSignatureOctets(); } - private IList GetCertList() + private List<X509Certificate> GetCertList() { // load the certificates if we have any - IList certs = Platform.CreateArrayList(); - Asn1Sequence s = req.OptionalSignature.Certs; + var result = new List<X509Certificate>(); - if (s != null) + Asn1Sequence certs = req.OptionalSignature.Certs; + if (certs != null) { - foreach (Asn1Encodable ae in s) + foreach (Asn1Encodable ae in certs) { - try - { - certs.Add(new X509CertificateParser().ReadCertificate(ae.GetEncoded())); - } - catch (Exception e) - { - throw new OcspException("can't re-encode certificate!", e); - } - } + if (ae != null && ae.ToAsn1Object() is Asn1Sequence s) + { + result.Add(new X509Certificate(X509CertificateStructure.GetInstance(s))); + } + } } - return certs; + return result; } public X509Certificate[] GetCerts() @@ -186,13 +181,7 @@ namespace Org.BouncyCastle.Ocsp if (!this.IsSigned) return null; - IList certs = this.GetCertList(); - X509Certificate[] result = new X509Certificate[certs.Count]; - for (int i = 0; i < certs.Count; ++i) - { - result[i] = (X509Certificate)certs[i]; - } - return result; + return this.GetCertList().ToArray(); } /** @@ -202,22 +191,12 @@ namespace Org.BouncyCastle.Ocsp * @return null if not signed, a CertStore otherwise * @throws OcspException */ - public IX509Store GetCertificates( - string type) + public IStore<X509Certificate> GetCertificates() { if (!this.IsSigned) return null; - try - { - return X509StoreFactory.Create( - "Certificate/" + type, - new X509CollectionStoreParameters(this.GetCertList())); - } - catch (Exception e) - { - throw new OcspException("can't setup the CertStore", e); - } + return CollectionUtilities.CreateStore(this.GetCertList()); } /** diff --git a/crypto/src/openssl/MiscPemGenerator.cs b/crypto/src/openssl/MiscPemGenerator.cs index d875f49c1..3db299569 100644 --- a/crypto/src/openssl/MiscPemGenerator.cs +++ b/crypto/src/openssl/MiscPemGenerator.cs @@ -26,10 +26,10 @@ namespace Org.BouncyCastle.OpenSsl public class MiscPemGenerator : PemObjectGenerator { - private object obj; - private string algorithm; - private char[] password; - private SecureRandom random; + private readonly object obj; + private readonly string algorithm; + private readonly char[] password; + private readonly SecureRandom random; public MiscPemGenerator(object obj) { @@ -53,48 +53,47 @@ namespace Org.BouncyCastle.OpenSsl if (obj == null) throw new ArgumentNullException("obj"); - if (obj is AsymmetricCipherKeyPair) + if (obj is AsymmetricCipherKeyPair keyPair) { - return CreatePemObject(((AsymmetricCipherKeyPair)obj).Private); + return CreatePemObject(keyPair.Private); } string type; byte[] encoding; - if (obj is PemObject) - return (PemObject)obj; + if (obj is PemObject pemObject) + return pemObject; - if (obj is PemObjectGenerator) - return ((PemObjectGenerator)obj).Generate(); + if (obj is PemObjectGenerator pemObjectGenerator) + return pemObjectGenerator.Generate(); - if (obj is X509Certificate) + if (obj is X509Certificate certificate) { // TODO Should we prefer "X509 CERTIFICATE" here? type = "CERTIFICATE"; try { - encoding = ((X509Certificate)obj).GetEncoded(); + encoding = certificate.GetEncoded(); } catch (CertificateEncodingException e) { throw new IOException("Cannot Encode object: " + e.ToString()); } } - else if (obj is X509Crl) + else if (obj is X509Crl crl) { type = "X509 CRL"; try { - encoding = ((X509Crl)obj).GetEncoded(); + encoding = crl.GetEncoded(); } catch (CrlException e) { throw new IOException("Cannot Encode object: " + e.ToString()); } } - else if (obj is AsymmetricKeyParameter) + else if (obj is AsymmetricKeyParameter akp) { - AsymmetricKeyParameter akp = (AsymmetricKeyParameter) obj; if (akp.IsPrivate) { encoding = EncodePrivateKey(akp, out type); @@ -106,20 +105,20 @@ namespace Org.BouncyCastle.OpenSsl encoding = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(akp).GetDerEncoded(); } } - else if (obj is IX509AttributeCertificate) + else if (obj is X509V2AttributeCertificate attrCert) { type = "ATTRIBUTE CERTIFICATE"; - encoding = ((X509V2AttributeCertificate)obj).GetEncoded(); + encoding = attrCert.GetEncoded(); } - else if (obj is Pkcs10CertificationRequest) + else if (obj is Pkcs10CertificationRequest certReq) { type = "CERTIFICATE REQUEST"; - encoding = ((Pkcs10CertificationRequest)obj).GetEncoded(); + encoding = certReq.GetEncoded(); } - else if (obj is Asn1.Cms.ContentInfo) + else if (obj is Asn1.Cms.ContentInfo contentInfo) { type = "PKCS7"; - encoding = ((Asn1.Cms.ContentInfo)obj).GetEncoded(); + encoding = contentInfo.GetEncoded(); } else { @@ -158,17 +157,16 @@ namespace Org.BouncyCastle.OpenSsl if (random == null) throw new ArgumentNullException("random"); - if (obj is AsymmetricCipherKeyPair) + if (obj is AsymmetricCipherKeyPair keyPair) { - return CreatePemObject(((AsymmetricCipherKeyPair)obj).Private, algorithm, password, random); + return CreatePemObject(keyPair.Private, algorithm, password, random); } string type = null; byte[] keyData = null; - if (obj is AsymmetricKeyParameter) + if (obj is AsymmetricKeyParameter akp) { - AsymmetricKeyParameter akp = (AsymmetricKeyParameter) obj; if (akp.IsPrivate) { keyData = EncodePrivateKey(akp, out type); diff --git a/crypto/src/openssl/PEMReader.cs b/crypto/src/openssl/PEMReader.cs index 65d3f5ad6..5b4e37035 100644 --- a/crypto/src/openssl/PEMReader.cs +++ b/crypto/src/openssl/PEMReader.cs @@ -199,7 +199,7 @@ namespace Org.BouncyCastle.OpenSsl * @return the X509 Attribute Certificate * @throws IOException if an I/O error occured */ - private IX509AttributeCertificate ReadAttributeCertificate(PemObject pemObject) + private X509V2AttributeCertificate ReadAttributeCertificate(PemObject pemObject) { return new X509V2AttributeCertificate(pemObject.Content); } diff --git a/crypto/src/pkix/PkixAttrCertChecker.cs b/crypto/src/pkix/PkixAttrCertChecker.cs index a6eab8480..ca49bbd12 100644 --- a/crypto/src/pkix/PkixAttrCertChecker.cs +++ b/crypto/src/pkix/PkixAttrCertChecker.cs @@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Pkix * @throws CertPathValidatorException if the specified attribute certificate * does not pass the check. */ - public abstract void Check(IX509AttributeCertificate attrCert, PkixCertPath certPath, + public abstract void Check(X509V2AttributeCertificate attrCert, PkixCertPath certPath, PkixCertPath holderCertPath, ICollection unresolvedCritExts); /** diff --git a/crypto/src/pkix/PkixAttrCertPathBuilder.cs b/crypto/src/pkix/PkixAttrCertPathBuilder.cs index a45f30bc9..1120003a8 100644 --- a/crypto/src/pkix/PkixAttrCertPathBuilder.cs +++ b/crypto/src/pkix/PkixAttrCertPathBuilder.cs @@ -1,5 +1,7 @@ using System; using System.Collections; +using System.Collections.Generic + ; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Security.Certificates; @@ -18,13 +20,11 @@ namespace Org.BouncyCastle.Pkix * @param params PKIXBuilderParameters object containing all information to * build the CertPath */ - public virtual PkixCertPathBuilderResult Build( - PkixBuilderParameters pkixParams) + public virtual PkixCertPathBuilderResult Build(PkixBuilderParameters pkixParams) { // search target certificates - IX509Selector certSelect = pkixParams.GetTargetConstraints(); - if (!(certSelect is X509AttrCertStoreSelector)) + if (!(pkixParams.GetTargetConstraintsAttrCert() is X509AttrCertStoreSelector attrCertSelector)) { throw new PkixCertPathBuilderException( "TargetConstraints must be an instance of " @@ -33,11 +33,10 @@ namespace Org.BouncyCastle.Pkix + typeof(PkixAttrCertPathBuilder).FullName + " class."); } - ICollection targets; + HashSet<X509V2AttributeCertificate> targets; try { - targets = PkixCertPathValidatorUtilities.FindCertificates( - (X509AttrCertStoreSelector)certSelect, pkixParams.GetStores()); + targets = FindAttributeCertificates(attrCertSelector, pkixParams.GetStoresAttrCert()); } catch (Exception e) { @@ -53,18 +52,19 @@ namespace Org.BouncyCastle.Pkix PkixCertPathBuilderResult result = null; // check all potential target certificates - foreach (IX509AttributeCertificate cert in targets) + foreach (var target in targets) { - X509CertStoreSelector selector = new X509CertStoreSelector(); - X509Name[] principals = cert.Issuer.GetPrincipals(); + X509CertStoreSelector certSelector = new X509CertStoreSelector(); + X509Name[] principals = target.Issuer.GetPrincipals(); ISet issuers = new HashSet(); for (int i = 0; i < principals.Length; i++) { try { - selector.Subject = principals[i]; + certSelector.Subject = principals[i]; - issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStores())); + issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelector, + pkixParams.GetStoresCert())); } catch (Exception e) { @@ -81,7 +81,7 @@ namespace Org.BouncyCastle.Pkix foreach (X509Certificate issuer in issuers) { - result = Build(cert, issuer, pkixParams, certPathList); + result = Build(target, issuer, pkixParams, certPathList); if (result != null) break; @@ -110,7 +110,7 @@ namespace Org.BouncyCastle.Pkix private Exception certPathException; private PkixCertPathBuilderResult Build( - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath) @@ -211,5 +211,26 @@ namespace Org.BouncyCastle.Pkix return builderResult; } + + internal static HashSet<X509V2AttributeCertificate> FindAttributeCertificates( + ISelector<X509V2AttributeCertificate> attrCertSelector, + IList<IStore<X509V2AttributeCertificate>> attrCertStores) + { + var attrCerts = new HashSet<X509V2AttributeCertificate>(); + + foreach (var attrCertStore in attrCertStores) + { + try + { + attrCerts.UnionWith(attrCertStore.EnumerateMatches(attrCertSelector)); + } + catch (Exception e) + { + throw new Exception("Problem while picking certificates from X.509 store.", e); + } + } + + return attrCerts; + } } } diff --git a/crypto/src/pkix/PkixAttrCertPathValidator.cs b/crypto/src/pkix/PkixAttrCertPathValidator.cs index 5f53bcde6..0ce3e959d 100644 --- a/crypto/src/pkix/PkixAttrCertPathValidator.cs +++ b/crypto/src/pkix/PkixAttrCertPathValidator.cs @@ -37,19 +37,16 @@ namespace Org.BouncyCastle.Pkix * inappropriate for this validator. * @throws CertPathValidatorException if the verification fails. */ - public virtual PkixCertPathValidatorResult Validate( - PkixCertPath certPath, - PkixParameters pkixParams) + public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters pkixParams) { - IX509Selector certSelect = pkixParams.GetTargetConstraints(); - if (!(certSelect is X509AttrCertStoreSelector)) + if (!(pkixParams.GetTargetConstraintsAttrCert() is X509AttrCertStoreSelector attrCertSelector)) { throw new ArgumentException( "TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName, - "pkixParams"); + nameof(pkixParams)); } - IX509AttributeCertificate attrCert = ((X509AttrCertStoreSelector) certSelect).AttributeCert; + var attrCert = attrCertSelector.AttributeCert; PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attrCert, pkixParams); PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams); X509Certificate issuerCert = (X509Certificate)certPath.Certificates[0]; diff --git a/crypto/src/pkix/PkixBuilderParameters.cs b/crypto/src/pkix/PkixBuilderParameters.cs index 9b8fb3dc3..1dcccb2f8 100644 --- a/crypto/src/pkix/PkixBuilderParameters.cs +++ b/crypto/src/pkix/PkixBuilderParameters.cs @@ -2,7 +2,7 @@ using System; using System.Text; using Org.BouncyCastle.Security; -using Org.BouncyCastle.X509.Store; +using Org.BouncyCastle.X509; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; @@ -34,17 +34,23 @@ namespace Org.BouncyCastle.Pkix { PkixBuilderParameters parameters = new PkixBuilderParameters( pkixParams.GetTrustAnchors(), - new X509CertStoreSelector(pkixParams.GetTargetCertConstraints())); + pkixParams.GetTargetConstraintsCert(), + pkixParams.GetTargetConstraintsAttrCert()); parameters.SetParams(pkixParams); return parameters; } - public PkixBuilderParameters( - ISet trustAnchors, - IX509Selector targetConstraints) + public PkixBuilderParameters(ISet trustAnchors, ISelector<X509Certificate> targetConstraintsCert) + : this(trustAnchors, targetConstraintsCert, null) + { + } + + public PkixBuilderParameters(ISet trustAnchors, ISelector<X509Certificate> targetConstraintsCert, + ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert) : base(trustAnchors) { - SetTargetCertConstraints(targetConstraints); + SetTargetConstraintsCert(targetConstraintsCert); + SetTargetConstraintsAttrCert(targetConstraintsAttrCert); } public virtual int MaxPathLength @@ -120,7 +126,9 @@ namespace Org.BouncyCastle.Pkix public override object Clone() { PkixBuilderParameters parameters = new PkixBuilderParameters( - GetTrustAnchors(), GetTargetCertConstraints()); + GetTrustAnchors(), + GetTargetConstraintsCert(), + GetTargetConstraintsAttrCert()); parameters.SetParams(this); return parameters; } diff --git a/crypto/src/pkix/PkixCertPath.cs b/crypto/src/pkix/PkixCertPath.cs index 459c1612f..213b12eb4 100644 --- a/crypto/src/pkix/PkixCertPath.cs +++ b/crypto/src/pkix/PkixCertPath.cs @@ -94,11 +94,7 @@ namespace Org.BouncyCastle.Pkix private readonly IList certificates; - /** - * @param certs - */ - private static IList SortCerts( - IList certs) + private static IList SortCerts(IList certs) { if (certs.Count < 2) return certs; diff --git a/crypto/src/pkix/PkixCertPathBuilder.cs b/crypto/src/pkix/PkixCertPathBuilder.cs index 1bc7b8c9e..3ef66b1b9 100644 --- a/crypto/src/pkix/PkixCertPathBuilder.cs +++ b/crypto/src/pkix/PkixCertPathBuilder.cs @@ -36,20 +36,13 @@ namespace Org.BouncyCastle.Pkix { // search target certificates - IX509Selector certSelect = pkixParams.GetTargetCertConstraints(); - if (!(certSelect is X509CertStoreSelector)) - { - throw new PkixCertPathBuilderException( - "TargetConstraints must be an instance of " - + typeof(X509CertStoreSelector).FullName + " for " - + Platform.GetTypeName(this) + " class."); - } + var certSelector = pkixParams.GetTargetConstraintsCert(); ISet targets = new HashSet(); try { - targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetStores())); - // TODO Should this include an entry for pkixParams.GetAdditionalStores() too? + targets.AddAll( + PkixCertPathValidatorUtilities.FindCertificates(certSelector, pkixParams.GetStoresCert())); } catch (Exception e) { @@ -122,23 +115,20 @@ namespace Org.BouncyCastle.Pkix { // exception message from possibly later tried certification // chains - PkixCertPath certPath = null; + PkixCertPath certPath; try { certPath = new PkixCertPath(tbvPath); } catch (Exception e) { - throw new Exception( - "Certification path could not be constructed from certificate list.", - e); + throw new Exception("Certification path could not be constructed from certificate list.", e); } - PkixCertPathValidatorResult result = null; + PkixCertPathValidatorResult result; try { - result = (PkixCertPathValidatorResult)validator.Validate( - certPath, pkixParams); + result = validator.Validate(certPath, pkixParams); } catch (Exception e) { diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs index a45102894..95939e0bd 100644 --- a/crypto/src/pkix/PkixCertPathValidator.cs +++ b/crypto/src/pkix/PkixCertPathValidator.cs @@ -1,13 +1,13 @@ using System; using System.Collections; -using Org.BouncyCastle.Asn1; +using System.Collections.Generic; + using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix { @@ -96,7 +96,6 @@ namespace Org.BouncyCastle.Pkix // // (e), (f), (g) are part of the paramsPkix object. // - IEnumerator certIter; int index = 0; int i; // Certificate for each interation of the validation loop @@ -108,18 +107,18 @@ namespace Org.BouncyCastle.Pkix // // (a) // - IList[] policyNodes = new IList[n + 1]; + var policyNodes = new List<PkixPolicyNode>[n + 1]; for (int j = 0; j < policyNodes.Length; j++) { - policyNodes[j] = Platform.CreateArrayList(); + policyNodes[j] = new List<PkixPolicyNode>(); } ISet policySet = new HashSet(); policySet.Add(Rfc3280CertPathUtilities.ANY_POLICY); - PkixPolicyNode validPolicyTree = new PkixPolicyNode(Platform.CreateArrayList(), 0, policySet, null, new HashSet(), - Rfc3280CertPathUtilities.ANY_POLICY, false); + var validPolicyTree = new PkixPolicyNode(new List<PkixPolicyNode>(), 0, policySet, null, new HashSet(), + Rfc3280CertPathUtilities.ANY_POLICY, false); policyNodes[0].Add(validPolicyTree); @@ -218,8 +217,8 @@ namespace Org.BouncyCastle.Pkix // 6.1.3 // - X509CertStoreSelector certConstraints = paramsPkix.GetTargetCertConstraints(); - if (certConstraints != null && !certConstraints.Match((X509Certificate)certs[0])) + var targetConstraints = paramsPkix.GetTargetConstraintsCert(); + if (targetConstraints != null && !targetConstraints.Match((X509Certificate)certs[0])) { throw new PkixCertPathValidatorException( "Target certificate in certification path does not match targetConstraints.", null, 0); @@ -228,12 +227,10 @@ namespace Org.BouncyCastle.Pkix // // initialize CertPathChecker's // - IList pathCheckers = paramsPkix.GetCertPathCheckers(); - certIter = pathCheckers.GetEnumerator(); - - while (certIter.MoveNext()) + IList certPathCheckers = paramsPkix.GetCertPathCheckers(); + foreach (PkixCertPathChecker certPathChecker in certPathCheckers) { - ((PkixCertPathChecker)certIter.Current).Init(false); + certPathChecker.Init(false); } X509Certificate cert = null; @@ -353,7 +350,7 @@ namespace Org.BouncyCastle.Pkix } // (o) - Rfc3280CertPathUtilities.PrepareNextCertO(certPath, index, criticalExtensions1, pathCheckers); + Rfc3280CertPathUtilities.PrepareNextCertO(certPath, index, criticalExtensions1, certPathCheckers); // set signing certificate for next round sign = cert; @@ -419,7 +416,7 @@ namespace Org.BouncyCastle.Pkix criticalExtensions = new HashSet(); } - Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions); + Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, certPathCheckers, criticalExtensions); PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, userInitialPolicySet, index + 1, policyNodes, validPolicyTree, acceptablePolicies); diff --git a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs index 86f9f4beb..731f8dfe0 100644 --- a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs +++ b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs @@ -1,7 +1,7 @@ using System; using System.Collections; +using System.Collections.Generic; using System.IO; -using System.Text; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.IsisMtt; @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Pkix /// <summary> /// Summary description for PkixCertPathValidatorUtilities. /// </summary> - public class PkixCertPathValidatorUtilities + internal static class PkixCertPathValidatorUtilities { private static readonly PkixCrlUtilities CrlUtilities = new PkixCrlUtilities(); @@ -36,20 +36,20 @@ namespace Org.BouncyCastle.Pkix internal static readonly int KEY_CERT_SIGN = 5; internal static readonly int CRL_SIGN = 6; - internal static readonly string[] crlReasons = new string[] - { - "unspecified", - "keyCompromise", - "cACompromise", - "affiliationChanged", - "superseded", - "cessationOfOperation", - "certificateHold", - "unknown", - "removeFromCRL", - "privilegeWithdrawn", - "aACompromise" - }; + //internal static readonly string[] crlReasons = new string[] + //{ + // "unspecified", + // "keyCompromise", + // "cACompromise", + // "affiliationChanged", + // "superseded", + // "cessationOfOperation", + // "certificateHold", + // "unknown", + // "removeFromCRL", + // "privilegeWithdrawn", + // "aACompromise" + //}; /// <summary> /// Search the given Set of TrustAnchor's for one that is the @@ -175,7 +175,7 @@ namespace Org.BouncyCastle.Pkix { // found string temp = (string)list[1]; - PkixCertPathValidatorUtilities.AddAdditionalStoreFromLocation(temp, pkixParams); + AddAdditionalStoreFromLocation(temp, pkixParams); } } } @@ -194,19 +194,25 @@ namespace Org.BouncyCastle.Pkix /// <summary> /// Returns the issuer of an attribute certificate or certificate. /// </summary> - /// <param name="cert">The attribute certificate or certificate.</param> + /// <param name="obj">The attribute certificate or certificate.</param> /// <returns>The issuer as <code>X500Principal</code>.</returns> - internal static X509Name GetIssuerPrincipal( - object cert) + internal static X509Name GetIssuerPrincipal(object obj) { - if (cert is X509Certificate) - { - return ((X509Certificate)cert).IssuerDN; - } - else - { - return ((IX509AttributeCertificate)cert).Issuer.GetPrincipals()[0]; - } + if (obj is X509Certificate cert) + return cert.IssuerDN; + if (obj is X509V2AttributeCertificate attrCert) + return attrCert.Issuer.GetPrincipals()[0]; + throw new InvalidOperationException(); + } + + internal static X509Name GetIssuerPrincipal(X509V2AttributeCertificate attrCert) + { + return attrCert.Issuer.GetPrincipals()[0]; + } + + internal static X509Name GetIssuerPrincipal(X509Certificate cert) + { + return cert.IssuerDN; } internal static bool IsSelfIssued( @@ -309,16 +315,14 @@ namespace Org.BouncyCastle.Pkix ISet pq = new HashSet(); if (qualifiers == null) - { return pq; - } foreach (Asn1Encodable ae in qualifiers) { try { -// pq.Add(PolicyQualifierInfo.GetInstance(Asn1Object.FromByteArray(ae.GetEncoded()))); - pq.Add(PolicyQualifierInfo.GetInstance(ae.ToAsn1Object())); + pq.Add(PolicyQualifierInfo.GetInstance(Asn1Object.FromByteArray(ae.GetEncoded()))); + //pq.Add(PolicyQualifierInfo.GetInstance(ae.ToAsn1Object())); } catch (IOException ex) { @@ -329,12 +333,10 @@ namespace Org.BouncyCastle.Pkix return pq; } - internal static PkixPolicyNode RemovePolicyNode( - PkixPolicyNode validPolicyTree, - IList[] policyNodes, - PkixPolicyNode _node) + internal static PkixPolicyNode RemovePolicyNode(PkixPolicyNode validPolicyTree, + IList<PkixPolicyNode>[] policyNodes, PkixPolicyNode _node) { - PkixPolicyNode _parent = (PkixPolicyNode)_node.Parent; + PkixPolicyNode _parent = _node.Parent; if (validPolicyTree == null) { @@ -345,7 +347,7 @@ namespace Org.BouncyCastle.Pkix { for (int j = 0; j < policyNodes.Length; j++) { - policyNodes[j] = Platform.CreateArrayList(); + policyNodes[j] = new List<PkixPolicyNode>(); } return null; @@ -359,7 +361,7 @@ namespace Org.BouncyCastle.Pkix } } - private static void RemovePolicyNodeRecurse(IList[] policyNodes, PkixPolicyNode _node) + private static void RemovePolicyNodeRecurse(IList<PkixPolicyNode>[] policyNodes, PkixPolicyNode _node) { policyNodes[_node.Depth].Remove(_node); @@ -446,12 +448,10 @@ namespace Org.BouncyCastle.Pkix ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id); } - PkixPolicyNode p_node = (PkixPolicyNode)node.Parent; + PkixPolicyNode p_node = node.Parent; if (ANY_POLICY.Equals(p_node.ValidPolicy)) { - PkixPolicyNode c_node = new PkixPolicyNode( - Platform.CreateArrayList(), i, - (ISet)m_idp[id_p], + PkixPolicyNode c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i, (ISet)m_idp[id_p], p_node, pq, id_p, ci); p_node.AddChild(c_node); policyNodes[i].Add(c_node); @@ -462,45 +462,39 @@ namespace Org.BouncyCastle.Pkix } } - internal static PkixPolicyNode PrepareNextCertB2( - int i, - IList[] policyNodes, - string id_p, - PkixPolicyNode validPolicyTree) + internal static PkixPolicyNode PrepareNextCertB2(int i, IList<PkixPolicyNode>[] policyNodes, string id_p, + PkixPolicyNode validPolicyTree) { int pos = 0; // Copy to avoid RemoveAt calls interfering with enumeration - foreach (PkixPolicyNode node in Platform.CreateArrayList(policyNodes[i])) + foreach (var node in new List<PkixPolicyNode>(policyNodes[i])) { - if (node.ValidPolicy.Equals(id_p)) - { - PkixPolicyNode p_node = (PkixPolicyNode)node.Parent; - p_node.RemoveChild(node); + if (!node.ValidPolicy.Equals(id_p)) + { + ++pos; + continue; + } + + node.Parent.RemoveChild(node); - // Removal of element at current iterator position not supported in C# - //nodes_i.remove(); - policyNodes[i].RemoveAt(pos); + policyNodes[i].RemoveAt(pos); - for (int k = (i - 1); k >= 0; k--) + for (int k = i - 1; k >= 0; k--) + { + var nodes = policyNodes[k]; + + for (int l = 0; l < nodes.Count; l++) { - IList nodes = policyNodes[k]; - for (int l = 0; l < nodes.Count; l++) + var node2 = nodes[l]; + if (!node2.HasChildren) { - PkixPolicyNode node2 = (PkixPolicyNode)nodes[l]; - if (!node2.HasChildren) - { - validPolicyTree = RemovePolicyNode(validPolicyTree, policyNodes, node2); - if (validPolicyTree == null) - break; - } + validPolicyTree = RemovePolicyNode(validPolicyTree, policyNodes, node2); + if (validPolicyTree == null) + break; } } } - else - { - ++pos; - } } return validPolicyTree; } @@ -511,7 +505,7 @@ namespace Org.BouncyCastle.Pkix object cert, CertStatus certStatus) { - X509Crl bcCRL = null; + X509Crl bcCRL; try { @@ -519,7 +513,7 @@ namespace Org.BouncyCastle.Pkix } catch (Exception exception) { - throw new Exception("Bouncy Castle X509Crl could not be created.", exception); + throw new Exception("X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); @@ -656,7 +650,7 @@ namespace Org.BouncyCastle.Pkix // if end cert use given signing/encryption/... time if (index <= 0) { - return PkixCertPathValidatorUtilities.GetValidDate(paramsPkix); + return GetValidDate(paramsPkix); // else use time when previous cert was created } @@ -694,40 +688,22 @@ namespace Org.BouncyCastle.Pkix } /// <summary> - /// Return a Collection of all certificates or attribute certificates found - /// in the X509Store's that are matching the certSelect criteriums. + /// Return a Collection of all certificates found + /// in the stores that are matching the certSelector criteria. /// </summary> - /// <param name="certSelect">a {@link Selector} object that will be used to select - /// the certificates</param> - /// <param name="certStores">a List containing only X509Store objects. These + /// <param name="certSelector">an <see cref="ISelector{T}"/> object that will be used to select + /// the certificates.</param> + /// <param name="certStores">a List containing only IStore objects. These /// are used to search for certificates.</param> - /// <returns>a Collection of all found <see cref="X509Certificate"/> or - /// <see cref="Org.BouncyCastle.X509.IX509AttributeCertificate"/> objects. + /// <returns>a Collection of all found <see cref="X509Certificate"/> objects. /// May be empty but never <code>null</code>.</returns> /// <exception cref="Exception"></exception> - internal static ICollection FindCertificates( - X509CertStoreSelector certSelect, - IList certStores) + internal static List<X509Certificate> FindCertificates(ISelector<X509Certificate> certSelector, + IList<IStore<X509Certificate>> certStores) { - ISet certs = new HashSet(); - - foreach (IX509Store certStore in certStores) - { - try - { -// certs.AddAll(certStore.GetMatches(certSelect)); - foreach (X509Certificate c in certStore.GetMatches(certSelect)) - { - certs.Add(c); - } - } - catch (Exception e) - { - throw new Exception("Problem while picking certificates from X.509 store.", e); - } - } - - return certs; + var result = new List<X509Certificate>(); + CollectionUtilities.CollectMatches(result, certSelector, certStores); + return result; } /** @@ -859,60 +835,41 @@ namespace Org.BouncyCastle.Pkix * @throws Exception if an exception occurs while picking the CRLs * or no CRLs are found. */ - internal static ISet GetCompleteCrls( - DistributionPoint dp, - object cert, - DateTime currentDate, - PkixParameters paramsPKIX) + internal static ISet<X509Crl> GetCompleteCrls(DistributionPoint dp, object certObj, DateTime currentDate, + PkixParameters paramsPKIX) { + var certObjIssuer = GetIssuerPrincipal(certObj); + X509CrlStoreSelector crlselect = new X509CrlStoreSelector(); try { ISet issuers = new HashSet(); - if (cert is X509V2AttributeCertificate) - { - issuers.Add(((X509V2AttributeCertificate)cert) - .Issuer.GetPrincipals()[0]); - } - else - { - issuers.Add(GetIssuerPrincipal(cert)); - } - PkixCertPathValidatorUtilities.GetCrlIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX); + issuers.Add(certObjIssuer); + + GetCrlIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX); } catch (Exception e) { throw new Exception("Could not get issuer information from distribution point.", e); } - if (cert is X509Certificate) - { - crlselect.CertificateChecking = (X509Certificate)cert; - } - else if (cert is X509V2AttributeCertificate) - { - crlselect.AttrCertChecking = (IX509AttributeCertificate)cert; - } - - crlselect.CompleteCrlEnabled = true; - ISet crls = CrlUtilities.FindCrls(crlselect, paramsPKIX, currentDate); - - if (crls.IsEmpty) - { - if (cert is IX509AttributeCertificate) + { + if (certObj is X509Certificate cert) { - IX509AttributeCertificate aCert = (IX509AttributeCertificate)cert; - - throw new Exception("No CRLs found for issuer \"" + aCert.Issuer.GetPrincipals()[0] + "\""); + crlselect.CertificateChecking = cert; } - else + else if (certObj is X509V2AttributeCertificate attrCert) { - X509Certificate xCert = (X509Certificate)cert; - - throw new Exception("No CRLs found for issuer \"" + xCert.IssuerDN + "\""); + crlselect.AttrCertChecking = attrCert; } } + crlselect.CompleteCrlEnabled = true; + + ISet<X509Crl> crls = CrlUtilities.FindCrls(crlselect, paramsPKIX, currentDate); + if (crls.Count < 1) + throw new Exception("No CRLs found for issuer \"" + certObjIssuer + "\""); + return crls; } @@ -926,7 +883,7 @@ namespace Org.BouncyCastle.Pkix * @throws Exception if an exception occurs while picking the delta * CRLs. */ - internal static ISet GetDeltaCrls( + internal static ISet<X509Crl> GetDeltaCrls( DateTime currentDate, PkixParameters paramsPKIX, X509Crl completeCRL) @@ -991,9 +948,9 @@ namespace Org.BouncyCastle.Pkix deltaSelect.MaxBaseCrlNumber = completeCRLNumber; // find delta CRLs - ISet temp = CrlUtilities.FindCrls(deltaSelect, paramsPKIX, currentDate); + ISet<X509Crl> temp = CrlUtilities.FindCrls(deltaSelect, paramsPKIX, currentDate); - ISet result = new HashSet(); + var result = new HashSet<X509Crl>(); foreach (X509Crl crl in temp) { @@ -1014,32 +971,6 @@ namespace Org.BouncyCastle.Pkix return critical.Contains(X509Extensions.DeltaCrlIndicator.Id); } - internal static ICollection FindCertificates( - X509AttrCertStoreSelector certSelect, - IList certStores) - { - ISet certs = new HashSet(); - - foreach (IX509Store certStore in certStores) - { - try - { -// certs.AddAll(certStore.GetMatches(certSelect)); - foreach (X509V2AttributeCertificate ac in certStore.GetMatches(certSelect)) - { - certs.Add(ac); - } - } - catch (Exception e) - { - throw new Exception( - "Problem while picking certificates from X.509 store.", e); - } - } - - return certs; - } - internal static void AddAdditionalStoresFromCrlDistributionPoint( CrlDistPoint crldp, PkixParameters pkixParams) @@ -1071,10 +1002,8 @@ namespace Org.BouncyCastle.Pkix { if (genNames[j].TagNo == GeneralName.UniformResourceIdentifier) { - string location = DerIA5String.GetInstance( - genNames[j].Name).GetString(); - PkixCertPathValidatorUtilities.AddAdditionalStoreFromLocation( - location, pkixParams); + string location = DerIA5String.GetInstance(genNames[j].Name).GetString(); + AddAdditionalStoreFromLocation(location, pkixParams); } } } @@ -1083,31 +1012,18 @@ namespace Org.BouncyCastle.Pkix } } - internal static bool ProcessCertD1i( - int index, - IList[] policyNodes, - DerObjectIdentifier pOid, - ISet pq) + internal static bool ProcessCertD1i(int index, IList<PkixPolicyNode>[] policyNodes, DerObjectIdentifier pOid, + ISet pq) { - IList policyNodeVec = policyNodes[index - 1]; - - for (int j = 0; j < policyNodeVec.Count; j++) + foreach (var node in policyNodes[index - 1]) { - PkixPolicyNode node = (PkixPolicyNode)policyNodeVec[j]; - ISet expectedPolicies = node.ExpectedPolicies; - - if (expectedPolicies.Contains(pOid.Id)) + if (node.ExpectedPolicies.Contains(pOid.Id)) { - ISet childExpectedPolicies = new HashSet(); + var childExpectedPolicies = new HashSet(); childExpectedPolicies.Add(pOid.Id); - PkixPolicyNode child = new PkixPolicyNode(Platform.CreateArrayList(), - index, - childExpectedPolicies, - node, - pq, - pOid.Id, - false); + var child = new PkixPolicyNode(new List<PkixPolicyNode>(), index, childExpectedPolicies, node, pq, + pOid.Id, false); node.AddChild(child); policyNodes[index].Add(child); @@ -1118,32 +1034,21 @@ namespace Org.BouncyCastle.Pkix return false; } - internal static void ProcessCertD1ii( - int index, - IList[] policyNodes, - DerObjectIdentifier _poid, - ISet _pq) + internal static void ProcessCertD1ii(int index, IList<PkixPolicyNode>[] policyNodes, + DerObjectIdentifier _poid, ISet _pq) { - IList policyNodeVec = policyNodes[index - 1]; - - for (int j = 0; j < policyNodeVec.Count; j++) + foreach (var _node in policyNodes[index - 1]) { - PkixPolicyNode _node = (PkixPolicyNode)policyNodeVec[j]; - if (ANY_POLICY.Equals(_node.ValidPolicy)) { ISet _childExpectedPolicies = new HashSet(); _childExpectedPolicies.Add(_poid.Id); - PkixPolicyNode _child = new PkixPolicyNode(Platform.CreateArrayList(), - index, - _childExpectedPolicies, - _node, - _pq, - _poid.Id, - false); + var _child = new PkixPolicyNode(new List<PkixPolicyNode>(), index, _childExpectedPolicies, _node, + _pq, _poid.Id, false); _node.AddChild(_child); policyNodes[index].Add(_child); + return; } } @@ -1161,15 +1066,14 @@ namespace Org.BouncyCastle.Pkix * @exception Exception * if an error occurs. */ - internal static ICollection FindIssuerCerts( + internal static HashSet<X509Certificate> FindIssuerCerts( X509Certificate cert, PkixBuilderParameters pkixParams) { - X509CertStoreSelector certSelect = new X509CertStoreSelector(); - ISet certs = new HashSet(); + X509CertStoreSelector certSelector = new X509CertStoreSelector(); try { - certSelect.Subject = cert.IssuerDN; + certSelector.Subject = cert.IssuerDN; } catch (IOException ex) { @@ -1177,10 +1081,10 @@ namespace Org.BouncyCastle.Pkix "Subject criteria for certificate selector to find issuer certificate could not be set.", ex); } + var certs = new HashSet<X509Certificate>(); try { - certs.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetStores())); - certs.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetAdditionalStores())); + CollectionUtilities.CollectMatches(certs, certSelector, pkixParams.GetStoresCert()); } catch (Exception e) { diff --git a/crypto/src/pkix/PkixCrlUtilities.cs b/crypto/src/pkix/PkixCrlUtilities.cs index 06a7caa2a..341c9a514 100644 --- a/crypto/src/pkix/PkixCrlUtilities.cs +++ b/crypto/src/pkix/PkixCrlUtilities.cs @@ -1,5 +1,5 @@ using System; -using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.Date; @@ -10,22 +10,22 @@ namespace Org.BouncyCastle.Pkix { public class PkixCrlUtilities { - public virtual ISet FindCrls(X509CrlStoreSelector crlselect, PkixParameters paramsPkix, DateTime currentDate) + public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix, + DateTime currentDate) { - ISet initialSet = new HashSet(); + HashSet<X509Crl> initialSet; // get complete CRL(s) try { - initialSet.AddAll(FindCrls(crlselect, paramsPkix.GetAdditionalStores())); - initialSet.AddAll(FindCrls(crlselect, paramsPkix.GetStores())); + initialSet = FindCrls(crlSelector, paramsPkix.GetStoresCrl()); } catch (Exception e) { throw new Exception("Exception obtaining complete CRLs.", e); } - ISet finalSet = new HashSet(); + var finalSet = new HashSet<X509Crl>(); DateTime validityDate = currentDate; if (paramsPkix.Date != null) @@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Pkix if (null == nextUpdate || nextUpdate.Value.CompareTo(validityDate) > 0) { - X509Certificate cert = crlselect.CertificateChecking; + X509Certificate cert = crlSelector.CertificateChecking; if (null == cert || crl.ThisUpdate.CompareTo(cert.NotAfter) < 0) { @@ -52,14 +52,14 @@ namespace Org.BouncyCastle.Pkix return finalSet; } - public virtual ISet FindCrls(X509CrlStoreSelector crlselect, PkixParameters paramsPkix) + public virtual ISet FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix) { ISet completeSet = new HashSet(); // get complete CRL(s) try { - completeSet.AddAll(FindCrls(crlselect, paramsPkix.GetStores())); + completeSet.AddAll(FindCrls(crlSelector, paramsPkix.GetStoresCrl())); } catch (Exception e) { @@ -74,28 +74,28 @@ namespace Org.BouncyCastle.Pkix /// Return a Collection of all CRLs found in the X509Store's that are /// matching the crlSelect criteriums. /// </summary> - /// <param name="crlSelect">a {@link X509CRLStoreSelector} object that will be used + /// <param name="crlSelector">a {@link X509CRLStoreSelector} object that will be used /// to select the CRLs</param> /// <param name="crlStores">a List containing only {@link org.bouncycastle.x509.X509Store /// X509Store} objects. These are used to search for CRLs</param> /// <returns>a Collection of all found {@link X509CRL X509CRL} objects. May be /// empty but never <code>null</code>. /// </returns> - private ICollection FindCrls(X509CrlStoreSelector crlSelect, IList crlStores) + private HashSet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, IList<IStore<X509Crl>> crlStores) { - ISet crls = new HashSet(); + var crls = new HashSet<X509Crl>(); Exception lastException = null; bool foundValidStore = false; - foreach (IX509Store store in crlStores) + foreach (var crlStore in crlStores) { try { - crls.AddAll(store.GetMatches(crlSelect)); + crls.UnionWith(crlStore.EnumerateMatches(crlSelector)); foundValidStore = true; } - catch (X509StoreException e) + catch (Exception e) { lastException = new Exception("Exception searching in X.509 CRL store.", e); } diff --git a/crypto/src/pkix/PkixParameters.cs b/crypto/src/pkix/PkixParameters.cs index 54b077f29..32189acfb 100644 --- a/crypto/src/pkix/PkixParameters.cs +++ b/crypto/src/pkix/PkixParameters.cs @@ -1,9 +1,11 @@ using System; using System.Collections; +using System.Collections.Generic; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.Date; +using Org.BouncyCastle.X509; using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix @@ -49,11 +51,15 @@ namespace Org.BouncyCastle.Pkix private bool anyPolicyInhibited = false; private bool policyMappingInhibited = false; private bool policyQualifiersRejected = true; - private IX509Selector certSelector; - private IList stores; - private IX509Selector selector; + + private List<IStore<X509V2AttributeCertificate>> m_storesAttrCert; + private List<IStore<X509Certificate>> m_storesCert; + private List<IStore<X509Crl>> m_storesCrl; + + private ISelector<X509V2AttributeCertificate> m_targetConstraintsAttrCert; + private ISelector<X509Certificate> m_targetConstraintsCert; + private bool additionalLocationsEnabled; - private IList additionalStores; private ISet trustedACIssuers; private ISet necessaryACAttributes; private ISet prohibitedACAttributes; @@ -86,8 +92,9 @@ namespace Org.BouncyCastle.Pkix this.initialPolicies = new HashSet(); this.certPathCheckers = Platform.CreateArrayList(); - this.stores = Platform.CreateArrayList(); - this.additionalStores = Platform.CreateArrayList(); + this.m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(); + this.m_storesCert = new List<IStore<X509Certificate>>(); + this.m_storesCrl = new List<IStore<X509Crl>>(); this.trustedACIssuers = new HashSet(); this.necessaryACAttributes = new HashSet(); this.prohibitedACAttributes = new HashSet(); @@ -206,6 +213,55 @@ namespace Org.BouncyCastle.Pkix } /** + * Returns the required constraints on the target certificate or attribute + * certificate. The constraints are returned as an instance of + * <code>IX509Selector</code>. If <code>null</code>, no constraints are + * defined. + * + * <p> + * The target certificate in a PKIX path may be a certificate or an + * attribute certificate. + * </p><p> + * Note that the <code>IX509Selector</code> returned is cloned to protect + * against subsequent modifications. + * </p> + * @return a <code>IX509Selector</code> specifying the constraints on the + * target certificate or attribute certificate (or <code>null</code>) + * @see #setTargetConstraints + * @see X509CertStoreSelector + * @see X509AttributeCertStoreSelector + */ + public virtual ISelector<X509V2AttributeCertificate> GetTargetConstraintsAttrCert() + { + return (ISelector<X509V2AttributeCertificate>)m_targetConstraintsAttrCert?.Clone(); + } + + /** + * Sets the required constraints on the target certificate or attribute + * certificate. The constraints are specified as an instance of + * <code>IX509Selector</code>. If <code>null</code>, no constraints are + * defined. + * <p> + * The target certificate in a PKIX path may be a certificate or an + * attribute certificate. + * </p><p> + * Note that the <code>IX509Selector</code> specified is cloned to protect + * against subsequent modifications. + * </p> + * + * @param selector a <code>IX509Selector</code> specifying the constraints on + * the target certificate or attribute certificate (or + * <code>null</code>) + * @see #getTargetConstraints + * @see X509CertStoreSelector + * @see X509AttributeCertStoreSelector + */ + public virtual void SetTargetConstraintsAttrCert(ISelector<X509V2AttributeCertificate> targetConstraintsAttrCert) + { + this.m_targetConstraintsAttrCert = (ISelector<X509V2AttributeCertificate>)targetConstraintsAttrCert?.Clone(); + } + + /** * Returns the required constraints on the target certificate. The * constraints are returned as an instance of CertSelector. If * <code>null</code>, no constraints are defined.<br /> @@ -218,14 +274,9 @@ namespace Org.BouncyCastle.Pkix * * @see #setTargetCertConstraints(CertSelector) */ - public virtual X509CertStoreSelector GetTargetCertConstraints() + public virtual ISelector<X509Certificate> GetTargetConstraintsCert() { - if (certSelector == null) - { - return null; - } - - return (X509CertStoreSelector)certSelector.Clone(); + return (ISelector<X509Certificate>)m_targetConstraintsCert?.Clone(); } /** @@ -242,17 +293,9 @@ namespace Org.BouncyCastle.Pkix * * @see #getTargetCertConstraints() */ - public virtual void SetTargetCertConstraints( - IX509Selector selector) + public virtual void SetTargetConstraintsCert(ISelector<X509Certificate> targetConstraintsCert) { - if (selector == null) - { - certSelector = null; - } - else - { - certSelector = (IX509Selector)selector.Clone(); - } + m_targetConstraintsCert = (ISelector<X509Certificate>)targetConstraintsCert?.Clone(); } /** @@ -447,8 +490,7 @@ namespace Org.BouncyCastle.Pkix * @param params Parameters to set. If this are * <code>ExtendedPkixParameters</code> they are copied to. */ - protected virtual void SetParams( - PkixParameters parameters) + protected virtual void SetParams(PkixParameters parameters) { Date = parameters.Date; SetCertPathCheckers(parameters.GetCertPathCheckers()); @@ -458,16 +500,18 @@ namespace Org.BouncyCastle.Pkix IsRevocationEnabled = parameters.IsRevocationEnabled; SetInitialPolicies(parameters.GetInitialPolicies()); IsPolicyQualifiersRejected = parameters.IsPolicyQualifiersRejected; - SetTargetCertConstraints(parameters.GetTargetCertConstraints()); SetTrustAnchors(parameters.GetTrustAnchors()); + m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(parameters.m_storesAttrCert); + m_storesCert = new List<IStore<X509Certificate>>(parameters.m_storesCert); + m_storesCrl = new List<IStore<X509Crl>>(parameters.m_storesCrl); + + SetTargetConstraintsAttrCert(parameters.GetTargetConstraintsAttrCert()); + SetTargetConstraintsCert(parameters.GetTargetConstraintsCert()); + validityModel = parameters.validityModel; useDeltas = parameters.useDeltas; additionalLocationsEnabled = parameters.additionalLocationsEnabled; - selector = parameters.selector == null ? null - : (IX509Selector) parameters.selector.Clone(); - stores = Platform.CreateArrayList(parameters.stores); - additionalStores = Platform.CreateArrayList(parameters.additionalStores); trustedACIssuers = new HashSet(parameters.trustedACIssuers); prohibitedACAttributes = new HashSet(parameters.prohibitedACAttributes); necessaryACAttributes = new HashSet(parameters.necessaryACAttributes); @@ -495,115 +539,79 @@ namespace Org.BouncyCastle.Pkix set { validityModel = value; } } - /** - * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * The <code>IList</code> is cloned. - * </p> - * - * @param stores A list of stores to use. - * @see #getStores - * @throws ClassCastException if an element of <code>stores</code> is not - * a {@link Store}. - */ - public virtual void SetStores( - IList stores) + public virtual IList<IStore<X509V2AttributeCertificate>> GetStoresAttrCert() + { + return new List<IStore<X509V2AttributeCertificate>>(m_storesAttrCert); + } + + public virtual IList<IStore<X509Certificate>> GetStoresCert() { - if (stores == null) + return new List<IStore<X509Certificate>>(m_storesCert); + } + + public virtual IList<IStore<X509Crl>> GetStoresCrl() + { + return new List<IStore<X509Crl>>(m_storesCrl); + } + + public virtual void SetAttrStoresCert(IList<IStore<X509V2AttributeCertificate>> storesAttrCert) + { + if (storesAttrCert == null) { - this.stores = Platform.CreateArrayList(); + m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(); } else { - foreach (object obj in stores) - { - if (!(obj is IX509Store)) - { - throw new InvalidCastException( - "All elements of list must be of type " + typeof(IX509Store).FullName); - } - } - this.stores = Platform.CreateArrayList(stores); + m_storesAttrCert = new List<IStore<X509V2AttributeCertificate>>(storesAttrCert); } } - /** - * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * This method should be used to add local stores, like collection based - * X.509 stores, if available. Local stores should be considered first, - * before trying to use additional (remote) locations, because they do not - * need possible additional network traffic. - * </p><p> - * If <code>store</code> is <code>null</code> it is ignored. - * </p> - * - * @param store The store to add. - * @see #getStores - */ - public virtual void AddStore( - IX509Store store) + public virtual void SetStoresCert(IList<IStore<X509Certificate>> storesCert) { - if (store != null) + if (storesCert == null) { - stores.Add(store); + m_storesCert = new List<IStore<X509Certificate>>(); + } + else + { + m_storesCert = new List<IStore<X509Certificate>>(storesCert); } } - /** - * Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, - * attribute certificates or cross certificates. - * <p> - * You should not use this method. This method is used for adding additional - * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found - * during X.509 object processing, e.g. in certificates or CRLs. This method - * is used in PKIX certification path processing. - * </p><p> - * If <code>store</code> is <code>null</code> it is ignored. - * </p> - * - * @param store The store to add. - * @see #getStores() - */ - public virtual void AddAdditionalStore( - IX509Store store) + public virtual void SetStoresCrl(IList<IStore<X509Crl>> storesCrl) { - if (store != null) + if (storesCrl == null) + { + m_storesCrl = new List<IStore<X509Crl>>(); + } + else { - additionalStores.Add(store); + m_storesCrl = new List<IStore<X509Crl>>(storesCrl); } } - /** - * Returns an <code>IList</code> of additional Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>IList</code> of additional Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #addAddionalStore(Store) - */ - public virtual IList GetAdditionalStores() + public virtual void AddStoreAttrCert(IStore<X509V2AttributeCertificate> storeAttrCert) { - return Platform.CreateArrayList(additionalStores); + if (storeAttrCert != null) + { + m_storesAttrCert.Add(storeAttrCert); + } } - /** - * Returns an <code>IList</code> of Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>IList</code> of Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #setStores(IList) - */ - public virtual IList GetStores() + public virtual void AddStoreCert(IStore<X509Certificate> storeCert) { - return Platform.CreateArrayList(stores); + if (storeCert != null) + { + m_storesCert.Add(storeCert); + } + } + + public virtual void AddStoreCrl(IStore<X509Crl> storeCrl) + { + if (storeCrl != null) + { + m_storesCrl.Add(storeCrl); + } } /** @@ -630,69 +638,6 @@ namespace Org.BouncyCastle.Pkix } /** - * Returns the required constraints on the target certificate or attribute - * certificate. The constraints are returned as an instance of - * <code>IX509Selector</code>. If <code>null</code>, no constraints are - * defined. - * - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * </p><p> - * Note that the <code>IX509Selector</code> returned is cloned to protect - * against subsequent modifications. - * </p> - * @return a <code>IX509Selector</code> specifying the constraints on the - * target certificate or attribute certificate (or <code>null</code>) - * @see #setTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public virtual IX509Selector GetTargetConstraints() - { - if (selector != null) - { - return (IX509Selector) selector.Clone(); - } - else - { - return null; - } - } - - /** - * Sets the required constraints on the target certificate or attribute - * certificate. The constraints are specified as an instance of - * <code>IX509Selector</code>. If <code>null</code>, no constraints are - * defined. - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * </p><p> - * Note that the <code>IX509Selector</code> specified is cloned to protect - * against subsequent modifications. - * </p> - * - * @param selector a <code>IX509Selector</code> specifying the constraints on - * the target certificate or attribute certificate (or - * <code>null</code>) - * @see #getTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public virtual void SetTargetConstraints(IX509Selector selector) - { - if (selector != null) - { - this.selector = (IX509Selector) selector.Clone(); - } - else - { - this.selector = null; - } - } - - /** * Returns the trusted attribute certificate issuers. If attribute * certificates is verified the trusted AC issuers must be set. * <p> diff --git a/crypto/src/pkix/PkixPolicyNode.cs b/crypto/src/pkix/PkixPolicyNode.cs index fc5b82f6f..2e2e39caf 100644 --- a/crypto/src/pkix/PkixPolicyNode.cs +++ b/crypto/src/pkix/PkixPolicyNode.cs @@ -1,5 +1,5 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.Text; using Org.BouncyCastle.Utilities; @@ -13,7 +13,7 @@ namespace Org.BouncyCastle.Pkix public class PkixPolicyNode // : IPolicyNode { - protected IList mChildren; + protected IList<PkixPolicyNode> mChildren; protected int mDepth; protected ISet mExpectedPolicies; protected PkixPolicyNode mParent; @@ -26,9 +26,9 @@ namespace Org.BouncyCastle.Pkix get { return this.mDepth; } } - public virtual IEnumerable Children + public virtual IEnumerable<PkixPolicyNode> Children { - get { return new EnumerableProxy(mChildren); } + get { return CollectionUtilities.Proxy(mChildren); } } public virtual bool IsCritical @@ -66,7 +66,7 @@ namespace Org.BouncyCastle.Pkix /// Constructors public PkixPolicyNode( - IList children, + IEnumerable<PkixPolicyNode> children, int depth, ISet expectedPolicies, PkixPolicyNode parent, @@ -76,11 +76,11 @@ namespace Org.BouncyCastle.Pkix { if (children == null) { - this.mChildren = Platform.CreateArrayList(); + this.mChildren = new List<PkixPolicyNode>(); } else { - this.mChildren = Platform.CreateArrayList(children); + this.mChildren = new List<PkixPolicyNode>(children); } this.mDepth = depth; @@ -137,7 +137,7 @@ namespace Org.BouncyCastle.Pkix public virtual PkixPolicyNode Copy() { PkixPolicyNode node = new PkixPolicyNode( - Platform.CreateArrayList(), + new List<PkixPolicyNode>(), mDepth, new HashSet(mExpectedPolicies), null, diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs index 9001ba1d1..7359d2568 100644 --- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs @@ -1,6 +1,6 @@ using System; using System.Collections; -using System.Globalization; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; @@ -11,13 +11,12 @@ using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; -using Org.BouncyCastle.Utilities.Date; using Org.BouncyCastle.X509; using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix { - public class Rfc3280CertPathUtilities + internal static class Rfc3280CertPathUtilities { private static readonly PkixCrlUtilities CrlUtilities = new PkixCrlUtilities(); @@ -367,25 +366,20 @@ namespace Org.BouncyCastle.Pkix "Policy mappings extension contents could not be decoded.", e, index); } - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(issuerDomainPolicy.Id)) + if (ANY_POLICY.Equals(issuerDomainPolicy.Id)) throw new PkixCertPathValidatorException( "IssuerDomainPolicy is anyPolicy", null, index); - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(subjectDomainPolicy.Id)) + if (ANY_POLICY.Equals(subjectDomainPolicy.Id)) throw new PkixCertPathValidatorException( "SubjectDomainPolicy is anyPolicy,", null, index); } } } - internal static PkixPolicyNode ProcessCertD( - PkixCertPath certPath, - int index, - ISet acceptablePolicies, - PkixPolicyNode validPolicyTree, - IList[] policyNodes, - int inhibitAnyPolicy) - //throws CertPathValidatorException + /// <exception cref="PkixCertPathValidatorException"/> + internal static PkixPolicyNode ProcessCertD(PkixCertPath certPath, int index, ISet acceptablePolicies, + PkixPolicyNode validPolicyTree, IList<PkixPolicyNode>[] policyNodes, int inhibitAnyPolicy) { IList certs = certPath.Certificates; X509Certificate cert = (X509Certificate)certs[index]; @@ -396,7 +390,7 @@ namespace Org.BouncyCastle.Pkix // (d) policy Information checking against initial policy and // policy mapping // - Asn1Sequence certPolicies = null; + Asn1Sequence certPolicies; try { certPolicies = Asn1Sequence.GetInstance( @@ -421,7 +415,7 @@ namespace Org.BouncyCastle.Pkix pols.Add(pOid.Id); - if (!Rfc3280CertPathUtilities.ANY_POLICY.Equals(pOid.Id)) + if (!ANY_POLICY.Equals(pOid.Id)) { ISet pq = null; try @@ -443,7 +437,7 @@ namespace Org.BouncyCastle.Pkix } } - if (acceptablePolicies.IsEmpty || acceptablePolicies.Contains(Rfc3280CertPathUtilities.ANY_POLICY)) + if (acceptablePolicies.IsEmpty || acceptablePolicies.Contains(ANY_POLICY)) { acceptablePolicies.Clear(); acceptablePolicies.AddAll(pols); @@ -471,20 +465,14 @@ namespace Org.BouncyCastle.Pkix foreach (Asn1Encodable ae in certPolicies) { PolicyInformation pInfo = PolicyInformation.GetInstance(ae.ToAsn1Object()); - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(pInfo.PolicyIdentifier.Id)) + if (ANY_POLICY.Equals(pInfo.PolicyIdentifier.Id)) { ISet _apq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers); - IList _nodes = policyNodes[i - 1]; - for (int k = 0; k < _nodes.Count; k++) + foreach (var _node in policyNodes[i - 1]) { - PkixPolicyNode _node = (PkixPolicyNode)_nodes[k]; - - IEnumerator _policySetIter = _node.ExpectedPolicies.GetEnumerator(); - while (_policySetIter.MoveNext()) + foreach (var _tmp in _node.ExpectedPolicies) { - object _tmp = _policySetIter.Current; - string _policy; if (_tmp is string) { @@ -511,10 +499,10 @@ namespace Org.BouncyCastle.Pkix if (!_found) { - ISet _newChildExpectedPolicies = new HashSet(); + var _newChildExpectedPolicies = new HashSet(); _newChildExpectedPolicies.Add(_policy); - PkixPolicyNode _newChild = new PkixPolicyNode(Platform.CreateArrayList(), i, + var _newChild = new PkixPolicyNode(new List<PkixPolicyNode>(), i, _newChildExpectedPolicies, _node, _apq, _policy, false); _node.AddChild(_newChild); policyNodes[i].Add(_newChild); @@ -530,21 +518,19 @@ namespace Org.BouncyCastle.Pkix // // (d) (3) // - for (int j = (i - 1); j >= 0; j--) + for (int j = i - 1; j >= 0; j--) { - IList nodes = policyNodes[j]; + var nodes = policyNodes[j]; for (int k = 0; k < nodes.Count; k++) { - PkixPolicyNode node = (PkixPolicyNode)nodes[k]; + var node = nodes[k]; if (!node.HasChildren) { - _validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(_validPolicyTree, policyNodes, - node); + _validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(_validPolicyTree, + policyNodes, node); if (_validPolicyTree == null) - { break; - } } } } @@ -558,10 +544,8 @@ namespace Org.BouncyCastle.Pkix { bool critical = criticalExtensionOids.Contains(X509Extensions.CertificatePolicies.Id); - IList nodes = policyNodes[i]; - for (int j = 0; j < nodes.Count; j++) + foreach (var node in policyNodes[i]) { - PkixPolicyNode node = (PkixPolicyNode)nodes[j]; node.IsCritical = critical; } } @@ -730,10 +714,10 @@ namespace Org.BouncyCastle.Pkix // (f) // get issuer from CRL - X509CertStoreSelector selector = new X509CertStoreSelector(); + X509CertStoreSelector certSelector = new X509CertStoreSelector(); try { - selector.Subject = crl.IssuerDN; + certSelector.Subject = crl.IssuerDN; } catch (IOException e) { @@ -742,29 +726,25 @@ namespace Org.BouncyCastle.Pkix } // get CRL signing certs - IList coll = Platform.CreateArrayList(); + var signingCerts = new HashSet<X509Certificate>(); try { - CollectionUtilities.AddRange(coll, PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetStores())); - CollectionUtilities.AddRange(coll, PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetAdditionalStores())); + CollectionUtilities.CollectMatches(signingCerts, certSelector, paramsPKIX.GetStoresCert()); } catch (Exception e) { throw new Exception("Issuer certificate for CRL cannot be searched.", e); } - coll.Add(defaultCRLSignCert); + signingCerts.Add(defaultCRLSignCert); - IEnumerator cert_it = coll.GetEnumerator(); IList validCerts = Platform.CreateArrayList(); IList validKeys = Platform.CreateArrayList(); - while (cert_it.MoveNext()) + foreach (X509Certificate signingCert in signingCerts) { - X509Certificate signingCert = (X509Certificate)cert_it.Current; - /* * CA of the certificate, for which this CRL is checked, has also * signed CRL, so skip the path validation, because is already done @@ -777,16 +757,13 @@ namespace Org.BouncyCastle.Pkix } try { -// CertPathBuilder builder = CertPathBuilder.GetInstance("PKIX"); PkixCertPathBuilder builder = new PkixCertPathBuilder(); - selector = new X509CertStoreSelector(); - selector.Certificate = signingCert; - PkixParameters temp = (PkixParameters)paramsPKIX.Clone(); - temp.SetTargetCertConstraints(selector); + certSelector = new X509CertStoreSelector(); + certSelector.Certificate = signingCert; - PkixBuilderParameters parameters = (PkixBuilderParameters) - PkixBuilderParameters.GetInstance(temp); + PkixBuilderParameters parameters = PkixBuilderParameters.GetInstance(paramsPKIX); + parameters.SetTargetConstraintsCert(certSelector); /* * if signingCert is placed not higher on the cert path a @@ -817,10 +794,6 @@ namespace Org.BouncyCastle.Pkix { throw new Exception("Public key of issuer certificate of CRL could not be retrieved.", e); } - //catch (Exception e) - //{ - // throw new Exception(e.Message); - //} } ISet checkKeys = new HashSet(); @@ -874,9 +847,7 @@ namespace Org.BouncyCastle.Pkix throw new Exception("Cannot verify CRL.", lastException); } - internal static X509Crl ProcessCrlH( - ISet deltaCrls, - AsymmetricKeyParameter key) + internal static X509Crl ProcessCrlH(ISet<X509Crl> deltaCrls, AsymmetricKeyParameter key) { Exception lastException = null; foreach (X509Crl crl in deltaCrls) @@ -943,7 +914,7 @@ namespace Org.BouncyCastle.Pkix * getAdditionalStore() */ - ISet crls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, cert, currentDate, paramsPKIX); + ISet<X509Crl> crls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, cert, currentDate, paramsPKIX); bool validCrlFound = false; Exception lastException = null; @@ -980,7 +951,7 @@ namespace Org.BouncyCastle.Pkix if (paramsPKIX.IsUseDeltasEnabled) { // get delta CRLs - ISet deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl); + ISet<X509Crl> deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl); // we only want one valid delta CRL // (h) deltaCRL = Rfc3280CertPathUtilities.ProcessCrlH(deltaCRLs, key); @@ -1087,7 +1058,7 @@ namespace Org.BouncyCastle.Pkix * @throws AnnotatedException if the certificate is revoked or the status cannot be checked * or some error occurs. */ - protected static void CheckCrls( + internal static void CheckCrls( PkixParameters paramsPKIX, X509Certificate cert, DateTime validDate, @@ -1096,7 +1067,7 @@ namespace Org.BouncyCastle.Pkix IList certPathCerts) { Exception lastException = null; - CrlDistPoint crldp = null; + CrlDistPoint crldp; try { @@ -1215,13 +1186,9 @@ namespace Org.BouncyCastle.Pkix } } - internal static PkixPolicyNode PrepareCertB( - PkixCertPath certPath, - int index, - IList[] policyNodes, - PkixPolicyNode validPolicyTree, - int policyMapping) - //throws CertPathValidatorException + /// <exception cref="PkixCertPathValidatorException"/> + internal static PkixPolicyNode PrepareCertB(PkixCertPath certPath, int index, + IList<PkixPolicyNode>[] policyNodes, PkixPolicyNode validPolicyTree, int policyMapping) { IList certs = certPath.Certificates; X509Certificate cert = (X509Certificate)certs[index]; @@ -1233,7 +1200,8 @@ namespace Org.BouncyCastle.Pkix Asn1Sequence pm = null; try { - pm = (Asn1Sequence)Asn1Sequence.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyMappings)); + pm = Asn1Sequence.GetInstance( + PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyMappings)); } catch (Exception ex) { @@ -1279,11 +1247,9 @@ namespace Org.BouncyCastle.Pkix if (policyMapping > 0) { bool idp_found = false; - IEnumerator nodes_i = policyNodes[i].GetEnumerator(); - while (nodes_i.MoveNext()) + foreach (PkixPolicyNode node in policyNodes[i]) { - PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current; if (node.ValidPolicy.Equals(id_p)) { idp_found = true; @@ -1294,11 +1260,9 @@ namespace Org.BouncyCastle.Pkix if (!idp_found) { - nodes_i = policyNodes[i].GetEnumerator(); - while (nodes_i.MoveNext()) + foreach (PkixPolicyNode node in policyNodes[i]) { - PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current; - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(node.ValidPolicy)) + if (ANY_POLICY.Equals(node.ValidPolicy)) { ISet pq = null; Asn1Sequence policies = null; @@ -1325,7 +1289,7 @@ namespace Org.BouncyCastle.Pkix throw new PkixCertPathValidatorException( "Policy information could not be decoded.", ex, index); } - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id)) + if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id)) { try { @@ -1347,10 +1311,10 @@ namespace Org.BouncyCastle.Pkix ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id); } - PkixPolicyNode p_node = (PkixPolicyNode)node.Parent; - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(p_node.ValidPolicy)) + PkixPolicyNode p_node = node.Parent; + if (ANY_POLICY.Equals(p_node.ValidPolicy)) { - PkixPolicyNode c_node = new PkixPolicyNode(Platform.CreateArrayList(), i, + var c_node = new PkixPolicyNode(new List<PkixPolicyNode>(), i, (ISet)m_idp[id_p], p_node, pq, id_p, ci); p_node.AddChild(c_node); policyNodes[i].Add(c_node); @@ -1366,7 +1330,7 @@ namespace Org.BouncyCastle.Pkix } else if (policyMapping <= 0) { - foreach (PkixPolicyNode node in Platform.CreateArrayList(policyNodes[i])) + foreach (var node in new List<PkixPolicyNode>(policyNodes[i])) { if (node.ValidPolicy.Equals(id_p)) { @@ -1374,7 +1338,7 @@ namespace Org.BouncyCastle.Pkix for (int k = i - 1; k >= 0; k--) { - foreach (PkixPolicyNode node2 in Platform.CreateArrayList(policyNodes[k])) + foreach (var node2 in new List<PkixPolicyNode>(policyNodes[k])) { if (!node2.HasChildren) { @@ -1394,13 +1358,12 @@ namespace Org.BouncyCastle.Pkix return _validPolicyTree; } - internal static ISet[] ProcessCrlA1ii( + internal static ISet<X509Crl>[] ProcessCrlA1ii( DateTime currentDate, PkixParameters paramsPKIX, X509Certificate cert, X509Crl crl) { - ISet deltaSet = new HashSet(); X509CrlStoreSelector crlselect = new X509CrlStoreSelector(); crlselect.CertificateChecking = cert; @@ -1416,14 +1379,15 @@ namespace Org.BouncyCastle.Pkix } crlselect.CompleteCrlEnabled = true; - ISet completeSet = CrlUtilities.FindCrls(crlselect, paramsPKIX, currentDate); + ISet<X509Crl> completeSet = CrlUtilities.FindCrls(crlselect, paramsPKIX, currentDate); + var deltaSet = new HashSet<X509Crl>(); if (paramsPKIX.IsUseDeltasEnabled) { // get delta CRL(s) try { - deltaSet.AddAll(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl)); + deltaSet.UnionWith(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl)); } catch (Exception e) { @@ -1431,7 +1395,7 @@ namespace Org.BouncyCastle.Pkix } } - return new ISet[]{ completeSet, deltaSet }; + return new []{ completeSet, deltaSet }; } internal static ISet ProcessCrlA1i( @@ -2101,14 +2065,9 @@ namespace Org.BouncyCastle.Pkix } } - internal static PkixPolicyNode WrapupCertG( - PkixCertPath certPath, - PkixParameters paramsPKIX, - ISet userInitialPolicySet, - int index, - IList[] policyNodes, - PkixPolicyNode validPolicyTree, - ISet acceptablePolicies) + internal static PkixPolicyNode WrapupCertG(PkixCertPath certPath, PkixParameters paramsPKIX, + ISet userInitialPolicySet, int index, IList<PkixPolicyNode>[] policyNodes, PkixPolicyNode validPolicyTree, + ISet acceptablePolicies) { int n = certPath.Certificates.Count; @@ -2140,19 +2099,15 @@ namespace Org.BouncyCastle.Pkix } else { - ISet _validPolicyNodeSet = new HashSet(); + var _validPolicyNodeSet = new HashSet<PkixPolicyNode>(); - for (int j = 0; j < policyNodes.Length; j++) + foreach (var _nodeDepth in policyNodes) { - IList _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.Count; k++) - { - PkixPolicyNode _node = (PkixPolicyNode)_nodeDepth[k]; - - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(_node.ValidPolicy)) + foreach (var _node in _nodeDepth) + { + if (ANY_POLICY.Equals(_node.ValidPolicy)) { - foreach (object o in _node.Children) + foreach (var o in _node.Children) { _validPolicyNodeSet.Add(o); } @@ -2160,11 +2115,9 @@ namespace Org.BouncyCastle.Pkix } } - foreach (PkixPolicyNode _node in _validPolicyNodeSet) + foreach (var _node in _validPolicyNodeSet) { - string _validPolicy = _node.ValidPolicy; - - if (!acceptablePolicies.Contains(_validPolicy)) + if (!acceptablePolicies.Contains(_node.ValidPolicy)) { // TODO? // validPolicyTree = @@ -2174,17 +2127,17 @@ namespace Org.BouncyCastle.Pkix } if (validPolicyTree != null) { - for (int j = (n - 1); j >= 0; j--) + for (int j = n - 1; j >= 0; j--) { - IList nodes = policyNodes[j]; + var nodes = policyNodes[j]; for (int k = 0; k < nodes.Count; k++) { - PkixPolicyNode node = (PkixPolicyNode)nodes[k]; + var node = nodes[k]; if (!node.HasChildren) { - validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, - policyNodes, node); + validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode( + validPolicyTree, policyNodes, node); } } } @@ -2209,21 +2162,17 @@ namespace Org.BouncyCastle.Pkix // // (g) (iii) 1 // - ISet _validPolicyNodeSet = new HashSet(); + var _validPolicyNodeSet = new HashSet<PkixPolicyNode>(); - for (int j = 0; j < policyNodes.Length; j++) + foreach (var _nodeDepth in policyNodes) { - IList _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.Count; k++) + foreach (var _node in _nodeDepth) { - PkixPolicyNode _node = (PkixPolicyNode)_nodeDepth[k]; - - if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(_node.ValidPolicy)) + if (ANY_POLICY.Equals(_node.ValidPolicy)) { foreach (PkixPolicyNode _c_node in _node.Children) { - if (!Rfc3280CertPathUtilities.ANY_POLICY.Equals(_c_node.ValidPolicy)) + if (!ANY_POLICY.Equals(_c_node.ValidPolicy)) { _validPolicyNodeSet.Add(_c_node); } @@ -2235,15 +2184,12 @@ namespace Org.BouncyCastle.Pkix // // (g) (iii) 2 // - IEnumerator _vpnsIter = _validPolicyNodeSet.GetEnumerator(); - while (_vpnsIter.MoveNext()) + foreach (var _node in _validPolicyNodeSet) { - PkixPolicyNode _node = (PkixPolicyNode)_vpnsIter.Current; - string _validPolicy = _node.ValidPolicy; - - if (!userInitialPolicySet.Contains(_validPolicy)) + if (!userInitialPolicySet.Contains(_node.ValidPolicy)) { - validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, policyNodes, _node); + validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, policyNodes, + _node); } } @@ -2252,17 +2198,17 @@ namespace Org.BouncyCastle.Pkix // if (validPolicyTree != null) { - for (int j = (n - 1); j >= 0; j--) + for (int j = n - 1; j >= 0; j--) { - IList nodes = policyNodes[j]; + var nodes = policyNodes[j]; for (int k = 0; k < nodes.Count; k++) { - PkixPolicyNode node = (PkixPolicyNode)nodes[k]; + var node = nodes[k]; if (!node.HasChildren) { - validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, policyNodes, - node); + validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, + policyNodes, node); } } } diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs index 66025f0fc..2e1ee3898 100644 --- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs @@ -1,9 +1,7 @@ using System; using System.Collections; -using System.Globalization; -using System.IO; +using System.Collections.Generic; -using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security.Certificates; @@ -13,10 +11,10 @@ using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Pkix { - internal class Rfc3281CertPathUtilities + internal static class Rfc3281CertPathUtilities { internal static void ProcessAttrCert7( - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, PkixCertPath certPath, PkixCertPath holderCertPath, PkixParameters pkixParams) @@ -73,7 +71,7 @@ namespace Org.BouncyCastle.Pkix * status cannot be checked or some error occurs. */ internal static void CheckCrls( - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, @@ -230,7 +228,7 @@ namespace Org.BouncyCastle.Pkix } internal static void AdditionalChecks( - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, PkixParameters pkixParams) { // 1 @@ -255,7 +253,7 @@ namespace Org.BouncyCastle.Pkix } internal static void ProcessAttrCert5( - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, PkixParameters pkixParams) { try @@ -349,7 +347,7 @@ namespace Org.BouncyCastle.Pkix * </ul> */ internal static PkixCertPath ProcessAttrCert1( - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, PkixParameters pkixParams) { PkixCertPathBuilderResult result = null; @@ -368,8 +366,8 @@ namespace Org.BouncyCastle.Pkix { selector.Issuer = principals[i]; } - holderPKCs.AddAll(PkixCertPathValidatorUtilities - .FindCertificates(selector, pkixParams.GetStores())); + holderPKCs.AddAll( + PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStoresCert())); } catch (Exception e) { @@ -396,8 +394,8 @@ namespace Org.BouncyCastle.Pkix { selector.Issuer = principals[i]; } - holderPKCs.AddAll(PkixCertPathValidatorUtilities - .FindCertificates(selector, pkixParams.GetStores())); + holderPKCs.AddAll( + PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStoresCert())); } catch (Exception e) { @@ -414,21 +412,21 @@ namespace Org.BouncyCastle.Pkix } // verify cert paths for PKCs - PkixBuilderParameters parameters = (PkixBuilderParameters) - PkixBuilderParameters.GetInstance(pkixParams); + PkixBuilderParameters parameters = PkixBuilderParameters.GetInstance(pkixParams); PkixCertPathValidatorException lastException = null; foreach (X509Certificate cert in holderPKCs) { - X509CertStoreSelector selector = new X509CertStoreSelector(); - selector.Certificate = cert; - parameters.SetTargetConstraints(selector); + X509CertStoreSelector certSelector = new X509CertStoreSelector(); + certSelector.Certificate = cert; + + parameters.SetTargetConstraintsCert(certSelector); PkixCertPathBuilder builder = new PkixCertPathBuilder(); try { - result = builder.Build(PkixBuilderParameters.GetInstance(parameters)); + result = builder.Build(parameters); } catch (PkixCertPathBuilderException e) { @@ -463,7 +461,7 @@ namespace Org.BouncyCastle.Pkix */ private static void CheckCrl( DistributionPoint dp, - IX509AttributeCertificate attrCert, + X509V2AttributeCertificate attrCert, PkixParameters paramsPKIX, DateTime validDate, X509Certificate issuerCert, @@ -496,8 +494,7 @@ namespace Org.BouncyCastle.Pkix * CRLs must be enabled in the ExtendedPkixParameters and are in * getAdditionalStore() */ - ISet crls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, attrCert, - currentDate, paramsPKIX); + ISet<X509Crl> crls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, attrCert, currentDate, paramsPKIX); bool validCrlFound = false; Exception lastException = null; @@ -536,7 +533,7 @@ namespace Org.BouncyCastle.Pkix if (paramsPKIX.IsUseDeltasEnabled) { // get delta CRLs - ISet deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls( + ISet<X509Crl> deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls( currentDate, paramsPKIX, crl); // we only want one valid delta CRL // (h) diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs index 9b2a7a40b..258f14dfb 100644 --- a/crypto/src/tsp/TimeStampToken.cs +++ b/crypto/src/tsp/TimeStampToken.cs @@ -13,8 +13,8 @@ using Org.BouncyCastle.Cms; using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Tsp { @@ -134,28 +134,11 @@ namespace Org.BouncyCastle.Tsp get { return tsaSignerInfo.UnsignedAttributes; } } - public IX509Store GetCertificates( - string type) - { - return tsToken.GetCertificates(type); - } + public IStore<X509V2AttributeCertificate> GetAttributeCertificates() => tsToken.GetAttributeCertificates(); - public IX509Store GetCrls( - string type) - { - return tsToken.GetCrls(type); - } - - public IX509Store GetCertificates() - { - return tsToken.GetCertificates(); - } + public IStore<X509Certificate> GetCertificates() => tsToken.GetCertificates(); - public IX509Store GetAttributeCertificates( - string type) - { - return tsToken.GetAttributeCertificates(type); - } + public IStore<X509Crl> GetCrls() => tsToken.GetCrls(); /** * Validate the time stamp token. diff --git a/crypto/src/tsp/TimeStampTokenGenerator.cs b/crypto/src/tsp/TimeStampTokenGenerator.cs index ff85fe46e..afa1ef2e0 100644 --- a/crypto/src/tsp/TimeStampTokenGenerator.cs +++ b/crypto/src/tsp/TimeStampTokenGenerator.cs @@ -4,7 +4,6 @@ using System.IO; using System.Text; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.Ess; using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; @@ -15,8 +14,8 @@ using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Math; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; -using Org.BouncyCastle.X509.Store; namespace Org.BouncyCastle.Tsp { @@ -34,8 +33,11 @@ namespace Org.BouncyCastle.Tsp private GeneralName tsa = null; private DerObjectIdentifier tsaPolicyOID; - private IX509Store x509Certs; - private IX509Store x509Crls; + private IStore<X509Certificate> x509Certs; + private IStore<X509Crl> x509Crls; + private IStore<X509V2AttributeCertificate> x509AttrCerts; + // TODO Port changes from bc-java + //private IDictionary otherRevoc = Platform.CreateHashtable(); private SignerInfoGenerator signerInfoGenerator; IDigestFactory digestCalculator; @@ -204,15 +206,17 @@ namespace Org.BouncyCastle.Tsp .Build(sigfact, cert); } + public void SetAttributeCertificates(IStore<X509V2AttributeCertificate> attributeCertificates) + { + this.x509AttrCerts = attributeCertificates; + } - public void SetCertificates( - IX509Store certificates) + public void SetCertificates(IStore<X509Certificate> certificates) { this.x509Certs = certificates; } - public void SetCrls( - IX509Store crls) + public void SetCrls(IStore<X509Crl> crls) { this.x509Crls = crls; } @@ -365,6 +369,7 @@ namespace Org.BouncyCastle.Tsp if (request.CertReq) { signedDataGenerator.AddCertificates(x509Certs); + signedDataGenerator.AddAttributeCertificates(x509AttrCerts); } signedDataGenerator.AddCrls(x509Crls); @@ -386,10 +391,6 @@ namespace Org.BouncyCastle.Tsp { throw new TspException("Exception encoding info", e); } - catch (X509StoreException e) - { - throw new TspException("Exception handling CertStore", e); - } // catch (InvalidAlgorithmParameterException e) // { // throw new TspException("Exception handling CertStore CRLs", e); diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs index 7cd869b4b..b3cea1cfe 100644 --- a/crypto/src/x509/AttributeCertificateHolder.cs +++ b/crypto/src/x509/AttributeCertificateHolder.cs @@ -7,7 +7,7 @@ using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.X509.Store; +using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.X509 { @@ -28,7 +28,7 @@ namespace Org.BouncyCastle.X509 /// </remarks> public class AttributeCertificateHolder //: CertSelector, Selector - : IX509Selector + : ISelector<X509Certificate> { internal readonly Holder holder; @@ -325,9 +325,11 @@ namespace Org.BouncyCastle.X509 return new AttributeCertificateHolder((Asn1Sequence)holder.ToAsn1Object()); } - public bool Match( - X509Certificate x509Cert) + public bool Match(X509Certificate x509Cert) { + if (x509Cert == null) + return false; + try { if (holder.BaseCertificateID != null) @@ -417,17 +419,5 @@ namespace Org.BouncyCastle.X509 { return this.holder.GetHashCode(); } - - public bool Match( - object obj) - { - if (!(obj is X509Certificate)) - { - return false; - } - -// return Match((Certificate)obj); - return Match((X509Certificate)obj); - } } } diff --git a/crypto/src/x509/AttributeCertificateIssuer.cs b/crypto/src/x509/AttributeCertificateIssuer.cs index 32f16c23e..799a48877 100644 --- a/crypto/src/x509/AttributeCertificateIssuer.cs +++ b/crypto/src/x509/AttributeCertificateIssuer.cs @@ -2,7 +2,7 @@ using System; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.X509.Store; +using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.X509 { @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.X509 */ public class AttributeCertificateIssuer //: CertSelector, Selector - : IX509Selector + : ISelector<X509Certificate> { internal readonly Asn1Encodable form; @@ -132,9 +132,11 @@ namespace Org.BouncyCastle.X509 return new AttributeCertificateIssuer(AttCertIssuer.GetInstance(form)); } - public bool Match( - X509Certificate x509Cert) + public bool Match(X509Certificate x509Cert) { + if (x509Cert == null) + return false; + if (form is V2Form) { V2Form issuer = (V2Form) form; @@ -172,17 +174,5 @@ namespace Org.BouncyCastle.X509 { return this.form.GetHashCode(); } - - public bool Match( - object obj) - { - if (!(obj is X509Certificate)) - { - return false; - } - - //return Match((Certificate)obj); - return Match((X509Certificate)obj); - } } } diff --git a/crypto/src/x509/IX509AttributeCertificate.cs b/crypto/src/x509/IX509AttributeCertificate.cs deleted file mode 100644 index 9a3004e01..000000000 --- a/crypto/src/x509/IX509AttributeCertificate.cs +++ /dev/null @@ -1,57 +0,0 @@ -using System; -using System.IO; - -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Math; - -namespace Org.BouncyCastle.X509 -{ - /// <remarks>Interface for an X.509 Attribute Certificate.</remarks> - public interface IX509AttributeCertificate - : IX509Extension - { - /// <summary>The version number for the certificate.</summary> - int Version { get; } - - /// <summary>The serial number for the certificate.</summary> - BigInteger SerialNumber { get; } - - /// <summary>The UTC DateTime before which the certificate is not valid.</summary> - DateTime NotBefore { get; } - - /// <summary>The UTC DateTime after which the certificate is not valid.</summary> - DateTime NotAfter { get; } - - /// <summary>The holder of the certificate.</summary> - AttributeCertificateHolder Holder { get; } - - /// <summary>The issuer details for the certificate.</summary> - AttributeCertificateIssuer Issuer { get; } - - /// <summary>Return the attributes contained in the attribute block in the certificate.</summary> - /// <returns>An array of attributes.</returns> - X509Attribute[] GetAttributes(); - - /// <summary>Return the attributes with the same type as the passed in oid.</summary> - /// <param name="oid">The object identifier we wish to match.</param> - /// <returns>An array of matched attributes, null if there is no match.</returns> - X509Attribute[] GetAttributes(string oid); - - bool[] GetIssuerUniqueID(); - - bool IsValidNow { get; } - bool IsValid(DateTime date); - - void CheckValidity(); - void CheckValidity(DateTime date); - - byte[] GetSignature(); - - void Verify(AsymmetricKeyParameter publicKey); - - /// <summary>Return an ASN.1 encoded byte array representing the attribute certificate.</summary> - /// <returns>An ASN.1 encoded byte array.</returns> - /// <exception cref="IOException">If the certificate cannot be encoded.</exception> - byte[] GetEncoded(); - } -} diff --git a/crypto/src/x509/X509AttrCertParser.cs b/crypto/src/x509/X509AttrCertParser.cs index ce708ed8d..f1dc09543 100644 --- a/crypto/src/x509/X509AttrCertParser.cs +++ b/crypto/src/x509/X509AttrCertParser.cs @@ -1,12 +1,11 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Security.Certificates; -using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.X509 @@ -19,7 +18,7 @@ namespace Org.BouncyCastle.X509 private int sDataObjectCount; private Stream currentStream; - private IX509AttributeCertificate ReadDerCertificate( + private X509V2AttributeCertificate ReadDerCertificate( Asn1InputStream dIn) { Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject(); @@ -35,25 +34,21 @@ namespace Org.BouncyCastle.X509 } } -// return new X509V2AttributeCertificate(seq.getEncoded()); return new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq)); } - private IX509AttributeCertificate GetCertificate() + private X509V2AttributeCertificate GetCertificate() { if (sData != null) { while (sDataObjectCount < sData.Count) { - object obj = sData[sDataObjectCount++]; + Asn1Encodable ae = sData[sDataObjectCount++]; - if (obj is Asn1TaggedObject && ((Asn1TaggedObject)obj).TagNo == 2) + if (ae.ToAsn1Object() is Asn1TaggedObject t && t.TagNo == 2) { - //return new X509V2AttributeCertificate( - // Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false).GetEncoded()); return new X509V2AttributeCertificate( - AttributeCertificate.GetInstance( - Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false))); + AttributeCertificate.GetInstance(Asn1Sequence.GetInstance(t, false))); } } } @@ -61,14 +56,13 @@ namespace Org.BouncyCastle.X509 return null; } - private IX509AttributeCertificate ReadPemCertificate( + private X509V2AttributeCertificate ReadPemCertificate( Stream inStream) { Asn1Sequence seq = PemAttrCertParser.ReadPemObject(inStream); return seq == null ? null - //: new X509V2AttributeCertificate(seq.getEncoded()); : new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq)); } @@ -76,8 +70,7 @@ namespace Org.BouncyCastle.X509 /// Create loading data from byte array. /// </summary> /// <param name="input"></param> - public IX509AttributeCertificate ReadAttrCert( - byte[] input) + public X509V2AttributeCertificate ReadAttrCert(byte[] input) { return ReadAttrCert(new MemoryStream(input, false)); } @@ -86,8 +79,7 @@ namespace Org.BouncyCastle.X509 /// Create loading data from byte array. /// </summary> /// <param name="input"></param> - public ICollection ReadAttrCerts( - byte[] input) + public IList<X509V2AttributeCertificate> ReadAttrCerts(byte[] input) { return ReadAttrCerts(new MemoryStream(input, false)); } @@ -96,7 +88,7 @@ namespace Org.BouncyCastle.X509 * Generates a certificate object and initializes it with the data * read from the input stream inStream. */ - public IX509AttributeCertificate ReadAttrCert( + public X509V2AttributeCertificate ReadAttrCert( Stream inStream) { if (inStream == null) @@ -163,12 +155,11 @@ namespace Org.BouncyCastle.X509 * Returns a (possibly empty) collection view of the certificates * read from the given input stream inStream. */ - public ICollection ReadAttrCerts( - Stream inStream) + public IList<X509V2AttributeCertificate> ReadAttrCerts(Stream inStream) { - IX509AttributeCertificate attrCert; - IList attrCerts = Platform.CreateArrayList(); + var attrCerts = new List<X509V2AttributeCertificate>(); + X509V2AttributeCertificate attrCert; while ((attrCert = ReadAttrCert(inStream)) != null) { attrCerts.Add(attrCert); @@ -177,4 +168,4 @@ namespace Org.BouncyCastle.X509 return attrCerts; } } -} \ No newline at end of file +} diff --git a/crypto/src/x509/X509V2AttributeCertificate.cs b/crypto/src/x509/X509V2AttributeCertificate.cs index 1ceba101e..61bb8c879 100644 --- a/crypto/src/x509/X509V2AttributeCertificate.cs +++ b/crypto/src/x509/X509V2AttributeCertificate.cs @@ -15,7 +15,7 @@ namespace Org.BouncyCastle.X509 { /// <summary>An implementation of a version 2 X.509 Attribute Certificate.</summary> public class X509V2AttributeCertificate - : X509ExtensionBase, IX509AttributeCertificate + : X509ExtensionBase { private readonly AttributeCertificate cert; private readonly DateTime notBefore; @@ -49,8 +49,7 @@ namespace Org.BouncyCastle.X509 { } - internal X509V2AttributeCertificate( - AttributeCertificate cert) + public X509V2AttributeCertificate(AttributeCertificate cert) { this.cert = cert; @@ -65,6 +64,11 @@ namespace Org.BouncyCastle.X509 } } + public virtual AttributeCertificate AttributeCertificate + { + get { return cert; } + } + public virtual int Version { get { return cert.ACInfo.Version.IntValueExact + 1; } diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs index 643604181..2baf10c63 100644 --- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs +++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs @@ -104,7 +104,7 @@ namespace Org.BouncyCastle.X509 /// </summary> /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param> /// <returns>An IX509AttributeCertificate.</returns> - public IX509AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory) + public X509V2AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory) { if (!extGenerator.IsEmpty) { diff --git a/crypto/src/x509/store/IX509Selector.cs b/crypto/src/x509/store/IX509Selector.cs deleted file mode 100644 index 4459903e7..000000000 --- a/crypto/src/x509/store/IX509Selector.cs +++ /dev/null @@ -1,15 +0,0 @@ -using System; - -namespace Org.BouncyCastle.X509.Store -{ - public interface IX509Selector -#if !PORTABLE - : ICloneable -#endif - { -#if PORTABLE - object Clone(); -#endif - bool Match(object obj); - } -} diff --git a/crypto/src/x509/store/IX509Store.cs b/crypto/src/x509/store/IX509Store.cs deleted file mode 100644 index e5c3a462a..000000000 --- a/crypto/src/x509/store/IX509Store.cs +++ /dev/null @@ -1,11 +0,0 @@ -using System; -using System.Collections; - -namespace Org.BouncyCastle.X509.Store -{ - public interface IX509Store - { -// void Init(IX509StoreParameters parameters); - ICollection GetMatches(IX509Selector selector); - } -} diff --git a/crypto/src/x509/store/IX509StoreParameters.cs b/crypto/src/x509/store/IX509StoreParameters.cs deleted file mode 100644 index aee3036c2..000000000 --- a/crypto/src/x509/store/IX509StoreParameters.cs +++ /dev/null @@ -1,8 +0,0 @@ -using System; - -namespace Org.BouncyCastle.X509.Store -{ - public interface IX509StoreParameters - { - } -} diff --git a/crypto/src/x509/store/NoSuchStoreException.cs b/crypto/src/x509/store/NoSuchStoreException.cs deleted file mode 100644 index 3acac536f..000000000 --- a/crypto/src/x509/store/NoSuchStoreException.cs +++ /dev/null @@ -1,30 +0,0 @@ -using System; -using System.Runtime.Serialization; - -namespace Org.BouncyCastle.X509.Store -{ - [Serializable] - public class NoSuchStoreException - : X509StoreException - { - public NoSuchStoreException() - : base() - { - } - - public NoSuchStoreException(string message) - : base(message) - { - } - - public NoSuchStoreException(string message, Exception innerException) - : base(message, innerException) - { - } - - protected NoSuchStoreException(SerializationInfo info, StreamingContext context) - : base(info, context) - { - } - } -} diff --git a/crypto/src/x509/store/X509AttrCertStoreSelector.cs b/crypto/src/x509/store/X509AttrCertStoreSelector.cs index d60a5f23c..b25d0de19 100644 --- a/crypto/src/x509/store/X509AttrCertStoreSelector.cs +++ b/crypto/src/x509/store/X509AttrCertStoreSelector.cs @@ -18,11 +18,11 @@ namespace Org.BouncyCastle.X509.Store * @see org.bouncycastle.x509.X509Store */ public class X509AttrCertStoreSelector - : IX509Selector + : ISelector<X509V2AttributeCertificate> { // TODO: name constraints??? - private IX509AttributeCertificate attributeCert; + private X509V2AttributeCertificate attributeCert; private DateTimeObject attributeCertificateValid; private AttributeCertificateHolder holder; private AttributeCertificateIssuer issuer; @@ -49,16 +49,10 @@ namespace Org.BouncyCastle.X509.Store /// <summary> /// Decides if the given attribute certificate should be selected. /// </summary> - /// <param name="obj">The attribute certificate to be checked.</param> + /// <param name="attrCert">The attribute certificate to be checked.</param> /// <returns><code>true</code> if the object matches this selector.</returns> - public bool Match( - object obj) + public bool Match(X509V2AttributeCertificate attrCert) { - if (obj == null) - throw new ArgumentNullException("obj"); - - IX509AttributeCertificate attrCert = obj as IX509AttributeCertificate; - if (attrCert == null) return false; @@ -160,7 +154,7 @@ namespace Org.BouncyCastle.X509.Store /// <summary>The attribute certificate which must be matched.</summary> /// <remarks>If <c>null</c> is given, any will do.</remarks> - public IX509AttributeCertificate AttributeCert + public X509V2AttributeCertificate AttributeCert { get { return attributeCert; } set { this.attributeCert = value; } diff --git a/crypto/src/x509/store/X509CertPairStoreSelector.cs b/crypto/src/x509/store/X509CertPairStoreSelector.cs index 2796971c7..936da2e48 100644 --- a/crypto/src/x509/store/X509CertPairStoreSelector.cs +++ b/crypto/src/x509/store/X509CertPairStoreSelector.cs @@ -1,5 +1,7 @@ using System; +using Org.BouncyCastle.Utilities.Collections; + namespace Org.BouncyCastle.X509.Store { /// <remarks> @@ -9,7 +11,7 @@ namespace Org.BouncyCastle.X509.Store /// each of which, if present, must match the respective component of a pair. /// </remarks> public class X509CertPairStoreSelector - : IX509Selector + : ISelector<X509CertificatePair> { private static X509CertStoreSelector CloneSelector( X509CertStoreSelector s) @@ -59,16 +61,10 @@ namespace Org.BouncyCastle.X509.Store /// <c>obj</c> is not a <code>X509CertificatePair</code>, this method /// returns <code>false</code>. /// </summary> - /// <param name="obj">The <code>X509CertificatePair</code> to be tested.</param> + /// <param name="pair">The <code>X509CertificatePair</code> to be tested.</param> /// <returns><code>true</code> if the object matches this selector.</returns> - public bool Match( - object obj) + public bool Match(X509CertificatePair pair) { - if (obj == null) - throw new ArgumentNullException("obj"); - - X509CertificatePair pair = obj as X509CertificatePair; - if (pair == null) return false; diff --git a/crypto/src/x509/store/X509CertStoreSelector.cs b/crypto/src/x509/store/X509CertStoreSelector.cs index 8e22b862a..b351f1cf3 100644 --- a/crypto/src/x509/store/X509CertStoreSelector.cs +++ b/crypto/src/x509/store/X509CertStoreSelector.cs @@ -12,7 +12,7 @@ using Org.BouncyCastle.X509.Extension; namespace Org.BouncyCastle.X509.Store { public class X509CertStoreSelector - : IX509Selector + : ISelector<X509Certificate> { // TODO Missing criteria? @@ -160,11 +160,8 @@ namespace Org.BouncyCastle.X509.Store set { subjectPublicKeyAlgID = value; } } - public virtual bool Match( - object obj) + public virtual bool Match(X509Certificate c) { - X509Certificate c = obj as X509Certificate; - if (c == null) return false; diff --git a/crypto/src/x509/store/X509CollectionStore.cs b/crypto/src/x509/store/X509CollectionStore.cs deleted file mode 100644 index 92173140b..000000000 --- a/crypto/src/x509/store/X509CollectionStore.cs +++ /dev/null @@ -1,51 +0,0 @@ -using System; -using System.Collections; - -using Org.BouncyCastle.Utilities; - -namespace Org.BouncyCastle.X509.Store -{ - /** - * A simple collection backed store. - */ - internal class X509CollectionStore - : IX509Store - { - private ICollection _local; - - /** - * Basic constructor. - * - * @param collection - initial contents for the store, this is copied. - */ - internal X509CollectionStore( - ICollection collection) - { - _local = Platform.CreateArrayList(collection); - } - - /** - * Return the matches in the collection for the passed in selector. - * - * @param selector the selector to match against. - * @return a possibly empty collection of matching objects. - */ - public ICollection GetMatches( - IX509Selector selector) - { - if (selector == null) - { - return Platform.CreateArrayList(_local); - } - - IList result = Platform.CreateArrayList(); - foreach (object obj in _local) - { - if (selector.Match(obj)) - result.Add(obj); - } - - return result; - } - } -} diff --git a/crypto/src/x509/store/X509CollectionStoreParameters.cs b/crypto/src/x509/store/X509CollectionStoreParameters.cs deleted file mode 100644 index 7fd047a47..000000000 --- a/crypto/src/x509/store/X509CollectionStoreParameters.cs +++ /dev/null @@ -1,60 +0,0 @@ -using System; -using System.Collections; -using System.Text; - -using Org.BouncyCastle.Utilities; - -namespace Org.BouncyCastle.X509.Store -{ - /// <remarks>This class contains a collection for collection based <code>X509Store</code>s.</remarks> - public class X509CollectionStoreParameters - : IX509StoreParameters - { - private readonly IList collection; - - /// <summary> - /// Constructor. - /// <p> - /// The collection is copied. - /// </p> - /// </summary> - /// <param name="collection">The collection containing X.509 object types.</param> - /// <exception cref="ArgumentNullException">If collection is null.</exception> - public X509CollectionStoreParameters( - ICollection collection) - { - if (collection == null) - throw new ArgumentNullException("collection"); - - this.collection = Platform.CreateArrayList(collection); - } - - // TODO Do we need to be able to Clone() these, and should it really be shallow? -// /** -// * Returns a shallow clone. The returned contents are not copied, so adding -// * or removing objects will effect this. -// * -// * @return a shallow clone. -// */ -// public object Clone() -// { -// return new X509CollectionStoreParameters(collection); -// } - - /// <summary>Returns a copy of the <code>ICollection</code>.</summary> - public ICollection GetCollection() - { - return Platform.CreateArrayList(collection); - } - - /// <summary>Returns a formatted string describing the parameters.</summary> - public override string ToString() - { - StringBuilder sb = new StringBuilder(); - sb.Append("X509CollectionStoreParameters: [\n"); - sb.Append(" collection: " + collection + "\n"); - sb.Append("]"); - return sb.ToString(); - } - } -} diff --git a/crypto/src/x509/store/X509CrlStoreSelector.cs b/crypto/src/x509/store/X509CrlStoreSelector.cs index 4be2a1ef0..dcf8f8876 100644 --- a/crypto/src/x509/store/X509CrlStoreSelector.cs +++ b/crypto/src/x509/store/X509CrlStoreSelector.cs @@ -5,13 +5,14 @@ using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Math; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.Date; using Org.BouncyCastle.X509.Extension; namespace Org.BouncyCastle.X509.Store { public class X509CrlStoreSelector - : IX509Selector + : ISelector<X509Crl> { // TODO Missing criteria? @@ -21,7 +22,7 @@ namespace Org.BouncyCastle.X509.Store private BigInteger maxCrlNumber; private BigInteger minCrlNumber; - private IX509AttributeCertificate attrCertChecking; + private X509V2AttributeCertificate attrCertChecking; private bool completeCrlEnabled; private bool deltaCrlIndicatorEnabled; private byte[] issuingDistributionPoint; @@ -98,7 +99,7 @@ namespace Org.BouncyCastle.X509.Store * <code>null</code>) * @see #getAttrCertificateChecking() */ - public IX509AttributeCertificate AttrCertChecking + public X509V2AttributeCertificate AttrCertChecking { get { return attrCertChecking; } set { this.attrCertChecking = value; } @@ -180,11 +181,8 @@ namespace Org.BouncyCastle.X509.Store set { this.maxBaseCrlNumber = value; } } - public virtual bool Match( - object obj) + public virtual bool Match(X509Crl c) { - X509Crl c = obj as X509Crl; - if (c == null) return false; diff --git a/crypto/src/x509/store/X509StoreException.cs b/crypto/src/x509/store/X509StoreException.cs deleted file mode 100644 index 0ad32c2ef..000000000 --- a/crypto/src/x509/store/X509StoreException.cs +++ /dev/null @@ -1,30 +0,0 @@ -using System; -using System.Runtime.Serialization; - -namespace Org.BouncyCastle.X509.Store -{ - [Serializable] - public class X509StoreException - : Exception - { - public X509StoreException() - : base() - { - } - - public X509StoreException(string message) - : base(message) - { - } - - public X509StoreException(string message, Exception innerException) - : base(message, innerException) - { - } - - protected X509StoreException(SerializationInfo info, StreamingContext context) - : base(info, context) - { - } - } -} diff --git a/crypto/src/x509/store/X509StoreFactory.cs b/crypto/src/x509/store/X509StoreFactory.cs deleted file mode 100644 index 96f22be3f..000000000 --- a/crypto/src/x509/store/X509StoreFactory.cs +++ /dev/null @@ -1,62 +0,0 @@ -using System; -using System.Collections; - -using Org.BouncyCastle.Utilities; - -namespace Org.BouncyCastle.X509.Store -{ - public sealed class X509StoreFactory - { - private X509StoreFactory() - { - } - - public static IX509Store Create( - string type, - IX509StoreParameters parameters) - { - if (type == null) - throw new ArgumentNullException("type"); - - string[] parts = Platform.ToUpperInvariant(type).Split('/'); - - if (parts.Length < 2) - throw new ArgumentException("type"); - - if (parts[1] != "COLLECTION") - throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); - - X509CollectionStoreParameters p = (X509CollectionStoreParameters) parameters; - ICollection coll = p.GetCollection(); - - switch (parts[0]) - { - case "ATTRIBUTECERTIFICATE": - checkCorrectType(coll, typeof(IX509AttributeCertificate)); - break; - case "CERTIFICATE": - checkCorrectType(coll, typeof(X509Certificate)); - break; - case "CERTIFICATEPAIR": - checkCorrectType(coll, typeof(X509CertificatePair)); - break; - case "CRL": - checkCorrectType(coll, typeof(X509Crl)); - break; - default: - throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); - } - - return new X509CollectionStore(coll); - } - - private static void checkCorrectType(ICollection coll, Type t) - { - foreach (object o in coll) - { - if (!t.IsInstanceOfType(o)) - throw new InvalidCastException("Can't cast object to type: " + t.FullName); - } - } - } -} |