From e02d4897d265119b7047338be79acf7677ce6772 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 3 May 2023 00:36:52 +0700
Subject: Add ICertificateChecking and use

---
 crypto/src/pkix/PkixCrlUtilities.cs           | 29 ++++++++++++++++++++-------
 crypto/src/x509/store/X509CrlStoreSelector.cs |  7 ++++++-
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/crypto/src/pkix/PkixCrlUtilities.cs b/crypto/src/pkix/PkixCrlUtilities.cs
index 3451b8ac0..ed347f841 100644
--- a/crypto/src/pkix/PkixCrlUtilities.cs
+++ b/crypto/src/pkix/PkixCrlUtilities.cs
@@ -7,10 +7,15 @@ using Org.BouncyCastle.X509.Store;
 
 namespace Org.BouncyCastle.Pkix
 {
-	public class PkixCrlUtilities
+    public class PkixCrlUtilities
 	{
-        // TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate
-        public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
+		// TODO[api] Redundant
+		public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
+		{
+            return FindCrls((ISelector<X509Crl>)crlSelector, paramsPkix);
+        }
+
+        public virtual ISet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, PkixParameters paramsPkix)
         {
             // get complete CRL(s)
             try
@@ -23,10 +28,16 @@ namespace Org.BouncyCastle.Pkix
             }
         }
 
-        // TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate
+        // TODO[api] Redundant
         public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix,
 			DateTime currentDate)
 		{
+            return FindCrls((ISelector<X509Crl>)crlSelector, paramsPkix, currentDate);
+        }
+
+        public virtual ISet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, PkixParameters paramsPkix,
+			DateTime currentDate)
+		{
             var initialSet = FindCrls(crlSelector, paramsPkix);
 
             var finalSet = new HashSet<X509Crl>();
@@ -37,7 +48,11 @@ namespace Org.BouncyCastle.Pkix
 				validityDate = paramsPkix.Date.Value;
 			}
 
-            X509Certificate cert = crlSelector.CertificateChecking;
+            X509Certificate cert = null;
+            if (crlSelector is ICheckingCertificate checkingCertificate)
+            {
+                cert = checkingCertificate.CertificateChecking;
+            }
 
             // based on RFC 5280 6.3.3
             foreach (X509Crl crl in initialSet)
@@ -84,12 +99,12 @@ namespace Org.BouncyCastle.Pkix
 				}
 				catch (Exception e)
 				{
-					lastException = new Exception("Exception searching in X.509 CRL store.", e);
+					lastException = e;
 				}
 			}
 
 	        if (!foundValidStore && lastException != null)
-	            throw lastException;
+                throw new Exception("Exception searching in X.509 CRL store.", lastException);
 
 			return crls;
 		}
diff --git a/crypto/src/x509/store/X509CrlStoreSelector.cs b/crypto/src/x509/store/X509CrlStoreSelector.cs
index 9e84b82ae..f3b574d27 100644
--- a/crypto/src/x509/store/X509CrlStoreSelector.cs
+++ b/crypto/src/x509/store/X509CrlStoreSelector.cs
@@ -11,7 +11,7 @@ using Org.BouncyCastle.X509.Extension;
 namespace Org.BouncyCastle.X509.Store
 {
 	public class X509CrlStoreSelector
-		: ISelector<X509Crl>
+		: ISelector<X509Crl>, ICheckingCertificate
 	{
 		// TODO Missing criteria?
 
@@ -276,4 +276,9 @@ namespace Org.BouncyCastle.X509.Store
 			return true;
 		}
 	}
+
+    public interface ICheckingCertificate
+    {
+        X509Certificate CertificateChecking { get; }
+    }
 }
-- 
cgit 1.4.1