From d80d39b6bb395671b89e40c7af8a836337dd2636 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sat, 15 Apr 2023 19:16:58 +0700
Subject: Refactor NameConstraints

---
 crypto/src/asn1/x509/NameConstraints.cs     | 78 +++++++++++++----------------
 crypto/src/pkix/Rfc3280CertPathUtilities.cs |  2 +-
 2 files changed, 37 insertions(+), 43 deletions(-)

diff --git a/crypto/src/asn1/x509/NameConstraints.cs b/crypto/src/asn1/x509/NameConstraints.cs
index 590b14aa0..031b71ceb 100644
--- a/crypto/src/asn1/x509/NameConstraints.cs
+++ b/crypto/src/asn1/x509/NameConstraints.cs
@@ -1,45 +1,42 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
-
-using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Asn1.X509
 {
-	public class NameConstraints
+    public class NameConstraints
 		: Asn1Encodable
 	{
-		private Asn1Sequence permitted, excluded;
+		private Asn1Sequence m_permitted, m_excluded;
 
-		public static NameConstraints GetInstance(
-			object obj)
+		public static NameConstraints GetInstance(object obj)
 		{
-			if (obj == null || obj is NameConstraints)
-			{
-				return (NameConstraints) obj;
-			}
-
-			if (obj is Asn1Sequence)
-			{
-				return new NameConstraints((Asn1Sequence) obj);
-			}
+			if (obj == null)
+				return null;
+			if (obj is NameConstraints nameConstraints)
+				return nameConstraints;
+#pragma warning disable CS0618 // Type or member is obsolete
+            return new NameConstraints(Asn1Sequence.GetInstance(obj));
+#pragma warning restore CS0618 // Type or member is obsolete
+        }
 
-            throw new ArgumentException("unknown object in factory: " + Platform.GetTypeName(obj), "obj");
-		}
+        public static NameConstraints GetInstance(Asn1TaggedObject taggedObject, bool declaredExplicit)
+        {
+            return GetInstance(Asn1Sequence.GetInstance(taggedObject, declaredExplicit));
+        }
 
-		public NameConstraints(
-			Asn1Sequence seq)
+        [Obsolete("Use 'GetInstance' instead")]
+        public NameConstraints(Asn1Sequence seq)
 		{
 			foreach (Asn1TaggedObject o in seq)
 			{
 				switch (o.TagNo)
 				{
-					case 0:
-						permitted = Asn1Sequence.GetInstance(o, false);
-						break;
-					case 1:
-						excluded = Asn1Sequence.GetInstance(o, false);
-						break;
+				case 0:
+					m_permitted = Asn1Sequence.GetInstance(o, false);
+					break;
+				case 1:
+					m_excluded = Asn1Sequence.GetInstance(o, false);
+					break;
 				}
 			}
 		}
@@ -52,35 +49,32 @@ namespace Org.BouncyCastle.Asn1.X509
 		 * @param permitted Permitted subtrees
 		 * @param excluded Excluded subtrees
 		 */
-		public NameConstraints(
-			IList<GeneralSubtree> permitted,
-			IList<GeneralSubtree> excluded)
+		public NameConstraints(IList<GeneralSubtree> permitted, IList<GeneralSubtree> excluded)
 		{
 			if (permitted != null)
 			{
-				this.permitted = CreateSequence(permitted);
+				this.m_permitted = CreateSequence(permitted);
 			}
 
 			if (excluded != null)
 			{
-				this.excluded = CreateSequence(excluded);
+				this.m_excluded = CreateSequence(excluded);
 			}
 		}
 
 		private DerSequence CreateSequence(IList<GeneralSubtree> subtrees)
 		{
-            return new DerSequence(subtrees.ToArray());
+			Asn1EncodableVector v = new Asn1EncodableVector(subtrees.Count);
+			foreach (var subtree in subtrees)
+			{
+				v.Add(subtree);
+			}
+            return new DerSequence(v);
 		}
 
-		public Asn1Sequence PermittedSubtrees
-		{
-			get { return permitted; }
-		}
+		public Asn1Sequence PermittedSubtrees => m_permitted;
 
-		public Asn1Sequence ExcludedSubtrees
-		{
-			get { return excluded; }
-		}
+		public Asn1Sequence ExcludedSubtrees => m_excluded;
 
 		/*
 		 * NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees
@@ -89,8 +83,8 @@ namespace Org.BouncyCastle.Asn1.X509
         public override Asn1Object ToAsn1Object()
         {
             Asn1EncodableVector v = new Asn1EncodableVector(2);
-            v.AddOptionalTagged(false, 0, permitted);
-            v.AddOptionalTagged(false, 1, excluded);
+            v.AddOptionalTagged(false, 0, m_permitted);
+            v.AddOptionalTagged(false, 1, m_excluded);
             return new DerSequence(v);
         }
 	}
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index 1d912264e..1a2346d9e 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -1619,7 +1619,7 @@ namespace Org.BouncyCastle.Pkix
 					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.NameConstraints));
 				if (ncSeq != null)
 				{
-					nc = new NameConstraints(ncSeq);
+					nc = NameConstraints.GetInstance(ncSeq);
 				}
 			}
 			catch (Exception e)
-- 
cgit 1.4.1