From a443719f81481e83760aeb7b9a64589f62ef140d Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Tue, 14 Feb 2023 19:10:46 +0700
Subject: Avoid unnecessary recoding

---
 crypto/src/cms/CMSUtils.cs                       |  2 +-
 crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs | 16 +-----
 crypto/src/pkix/PkixCertPathValidator.cs         |  1 +
 crypto/src/x509/PrincipalUtil.cs                 | 62 ++++++------------------
 4 files changed, 19 insertions(+), 62 deletions(-)

diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs
index 99258c995..aa25870e6 100644
--- a/crypto/src/cms/CMSUtils.cs
+++ b/crypto/src/cms/CMSUtils.cs
@@ -178,7 +178,7 @@ namespace Org.BouncyCastle.Cms
 
 		internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert)
 		{
-			return TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetTbsCertificate()));
+			return cert.CertificateStructure.TbsCertificate;
 		}
 
 		internal static IssuerAndSerialNumber GetIssuerAndSerialNumber(X509Certificate cert)
diff --git a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
index 7686ee422..c7c7f563f 100644
--- a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
@@ -109,21 +109,9 @@ namespace Org.BouncyCastle.Cms
 			Asn1EncodableVector recipientEncryptedKeys = new Asn1EncodableVector();
 			foreach (X509Certificate recipientCert in recipientCerts)
 			{
-				TbsCertificateStructure tbsCert;
-				try
-				{
-					tbsCert = TbsCertificateStructure.GetInstance(
-						Asn1Object.FromByteArray(recipientCert.GetTbsCertificate()));
-				}
-				catch (Exception)
-				{
-					throw new ArgumentException("can't extract TBS structure from certificate");
-				}
-
 				// TODO Should there be a SubjectKeyIdentifier-based alternative?
-				IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(
-					tbsCert.Issuer, tbsCert.SerialNumber.Value);
-				KeyAgreeRecipientIdentifier karid = new KeyAgreeRecipientIdentifier(issuerSerial);
+                KeyAgreeRecipientIdentifier karid = new KeyAgreeRecipientIdentifier(
+					CmsUtilities.GetIssuerAndSerialNumber(recipientCert));
 
 				ICipherParameters recipientPublicParams = recipientCert.GetPublicKey();
 				if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs
index 0c585f520..431ed8c6d 100644
--- a/crypto/src/pkix/PkixCertPathValidator.cs
+++ b/crypto/src/pkix/PkixCertPathValidator.cs
@@ -425,6 +425,7 @@ namespace Org.BouncyCastle.Pkix
 
         internal static void CheckCertificate(X509Certificate cert)
         {
+            // TODO What check is this method trying to achieve?
             try
             {
                 TbsCertificateStructure.GetInstance(cert.CertificateStructure.TbsCertificate);
diff --git a/crypto/src/x509/PrincipalUtil.cs b/crypto/src/x509/PrincipalUtil.cs
index 0edc4a395..733da1dca 100644
--- a/crypto/src/x509/PrincipalUtil.cs
+++ b/crypto/src/x509/PrincipalUtil.cs
@@ -7,64 +7,32 @@ using Org.BouncyCastle.Security.Certificates;
 
 namespace Org.BouncyCastle.X509
 {
-	/// <remarks>
-	/// A utility class that will extract X509Principal objects from X.509 certificates.
-	/// <p>
-	/// Use this in preference to trying to recreate a principal from a string, not all
-	/// DNs are what they should be, so it's best to leave them encoded where they
-	/// can be.</p>
-	/// </remarks>
-	public class PrincipalUtilities
+    /// <remarks>
+    /// A utility class that will extract X509Principal objects from X.509 certificates.
+    /// <p>
+    /// Use this in preference to trying to recreate a principal from a string, not all
+    /// DNs are what they should be, so it's best to leave them encoded where they
+    /// can be.</p>
+    /// </remarks>
+    // TODO[api] Make static
+    public class PrincipalUtilities
 	{
 		/// <summary>Return the issuer of the given cert as an X509Principal.</summary>
-		public static X509Name GetIssuerX509Principal(
-			X509Certificate cert)
+		public static X509Name GetIssuerX509Principal(X509Certificate cert)
 		{
-			try
-			{
-				TbsCertificateStructure tbsCert = TbsCertificateStructure.GetInstance(
-					Asn1Object.FromByteArray(cert.GetTbsCertificate()));
-
-				return tbsCert.Issuer;
-			}
-			catch (Exception e)
-			{
-				throw new CertificateEncodingException("Could not extract issuer", e);
-			}
+            return cert.CertificateStructure.TbsCertificate.Issuer;
 		}
 
 		/// <summary>Return the subject of the given cert as an X509Principal.</summary>
-		public static X509Name GetSubjectX509Principal(
-			X509Certificate cert)
+		public static X509Name GetSubjectX509Principal(X509Certificate cert)
 		{
-			try
-			{
-				TbsCertificateStructure tbsCert = TbsCertificateStructure.GetInstance(
-					Asn1Object.FromByteArray(cert.GetTbsCertificate()));
-
-				return tbsCert.Subject;
-			}
-			catch (Exception e)
-			{
-				throw new CertificateEncodingException("Could not extract subject", e);
-			}
+            return cert.CertificateStructure.TbsCertificate.Subject;
 		}
 
 		/// <summary>Return the issuer of the given CRL as an X509Principal.</summary>
-		public static X509Name GetIssuerX509Principal(
-			X509Crl crl)
+		public static X509Name GetIssuerX509Principal(X509Crl crl)
 		{
-			try
-			{
-				TbsCertificateList tbsCertList = TbsCertificateList.GetInstance(
-					Asn1Object.FromByteArray(crl.GetTbsCertList()));
-
-				return tbsCertList.Issuer;
-			}
-			catch (Exception e)
-			{
-				throw new CrlException("Could not extract issuer", e);
-			}
+			return crl.CertificateList.TbsCertList.Issuer;
 		}
 	}
 }
-- 
cgit 1.4.1