From e049cab36e9e68adff298acc24acdaa2551f72ef Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 29 Jun 2022 20:55:57 +0700
Subject: Refactoring around Stream signers

---
 crypto/src/x509/X509V1CertificateGenerator.cs      | 35 +++++++--------
 .../x509/X509V2AttributeCertificateGenerator.cs    | 50 +++++++++-------------
 crypto/src/x509/X509V2CRLGenerator.cs              | 49 ++++++++-------------
 crypto/src/x509/X509V3CertificateGenerator.cs      | 13 +++---
 4 files changed, 62 insertions(+), 85 deletions(-)

(limited to 'crypto/src/x509')

diff --git a/crypto/src/x509/X509V1CertificateGenerator.cs b/crypto/src/x509/X509V1CertificateGenerator.cs
index aae263450..01c155b5d 100644
--- a/crypto/src/x509/X509V1CertificateGenerator.cs
+++ b/crypto/src/x509/X509V1CertificateGenerator.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
@@ -110,35 +111,29 @@ namespace Org.BouncyCastle.X509
 		}
 
 		/// <summary>
-		/// Generate a new X509Certificate using the passed in SignatureCalculator.
+		/// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>.
 		/// </summary>
-		/// <param name="signatureFactory">A signature calculator factory with the necessary algorithm details.</param>
-		/// <returns>An X509Certificate.</returns>
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509Certificate"/>.</returns>
 		public X509Certificate Generate(ISignatureFactory signatureFactory)
 		{
-			tbsGen.SetSignature((AlgorithmIdentifier)signatureFactory.AlgorithmDetails);
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
 
-			TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
-
-            IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			tbsGen.SetSignature(sigAlgID);
 
-            byte[] encoded = tbsCert.GetDerEncoded();
-
-            streamCalculator.Stream.Write(encoded, 0, encoded.Length);
+			TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
 
-            Platform.Dispose(streamCalculator.Stream);
+			IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			using (Stream sigStream = streamCalculator.Stream)
+			{
+				tbsCert.EncodeTo(sigStream, Asn1Encodable.Der);
+			}
 
-            return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureFactory.AlgorithmDetails,
-				((IBlockResult)streamCalculator.GetResult()).Collect());
-		}
+			var signature = ((IBlockResult)streamCalculator.GetResult()).Collect();
 
-		private X509Certificate GenerateJcaObject(
-			TbsCertificateStructure	tbsCert,
-			AlgorithmIdentifier     sigAlg,
-			byte[]					signature)
-		{
 			return new X509Certificate(
-				new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature)));
+				new X509CertificateStructure(tbsCert, sigAlgID, new DerBitString(signature)));
 		}
 
 		/// <summary>
diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
index 2e5c9c863..3e1a58e49 100644
--- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
+++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
@@ -99,44 +100,35 @@ namespace Org.BouncyCastle.X509
 			extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue);
 		}
 
-        /// <summary>
-        /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator.
-        /// </summary>
-        /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
-        /// <returns>An IX509AttributeCertificate.</returns>
-        public X509V2AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory)
+		/// <summary>
+		/// Generate a new <see cref="X509V2AttributeCertificate"/> using the provided <see cref="ISignatureFactory"/>.
+		/// </summary>
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509V2AttributeCertificate"/>.</returns>
+		public X509V2AttributeCertificate Generate(ISignatureFactory signatureFactory)
         {
-            if (!extGenerator.IsEmpty)
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
+
+			acInfoGen.SetSignature(sigAlgID);
+
+			if (!extGenerator.IsEmpty)
 			{
 				acInfoGen.SetExtensions(extGenerator.Generate());
 			}
 
-            AlgorithmIdentifier sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails;
-
-            acInfoGen.SetSignature(sigAlgID);
-
             AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo();
 
-            byte[] encoded = acInfo.GetDerEncoded();
-
-            IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
-
-            streamCalculator.Stream.Write(encoded, 0, encoded.Length);
-
-            Platform.Dispose(streamCalculator.Stream);
-
-            try
+			IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			using (Stream sigStream = streamCalculator.Stream)
 			{
-                DerBitString signatureValue = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
-
-                return new X509V2AttributeCertificate(new AttributeCertificate(acInfo, sigAlgID, signatureValue));
-			}
-			catch (Exception e)
-			{
-				// TODO
-//				throw new ExtCertificateEncodingException("constructed invalid certificate", e);
-				throw new CertificateEncodingException("constructed invalid certificate", e);
+				acInfo.EncodeTo(sigStream, Asn1Encodable.Der);
 			}
+
+			var signature = ((IBlockResult)streamCalculator.GetResult()).Collect();
+
+			return new X509V2AttributeCertificate(
+				new AttributeCertificate(acInfo, sigAlgID, new DerBitString(signature)));
 		}
 
 		/// <summary>
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs
index cb316f21b..e386ee8f2 100644
--- a/crypto/src/x509/X509V2CRLGenerator.cs
+++ b/crypto/src/x509/X509V2CRLGenerator.cs
@@ -167,46 +167,35 @@ namespace Org.BouncyCastle.X509
 			extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue));
 		}
 
-        /// <summary>
-        /// Generate a new X509Crl using the passed in SignatureCalculator.
-        /// </summary>
-		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
-        /// <returns>An X509Crl.</returns>
-        public X509Crl Generate(ISignatureFactory signatureCalculatorFactory)
+		/// <summary>
+		/// Generate a new <see cref="X509Crl"/> using the provided <see cref="ISignatureFactory"/>.
+		/// </summary>
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509Crl"/>.</returns>
+		public X509Crl Generate(ISignatureFactory signatureFactory)
         {
-            tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
-
-            TbsCertificateList tbsCertList = GenerateCertList();
-
-            IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
-
-            byte[] encoded = tbsCertList.GetDerEncoded();
-
-            streamCalculator.Stream.Write(encoded, 0, encoded.Length);
-
-            Platform.Dispose(streamCalculator.Stream);
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
 
-            return GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect());
-        }
+			tbsGen.SetSignature(sigAlgID);
 
-        private TbsCertificateList GenerateCertList()
-		{
 			if (!extGenerator.IsEmpty)
 			{
 				tbsGen.SetExtensions(extGenerator.Generate());
 			}
 
-			return tbsGen.GenerateTbsCertList();
-		}
+			TbsCertificateList tbsCertList = tbsGen.GenerateTbsCertList();
+
+            IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			using (Stream sigStream = streamCalculator.Stream)
+			{
+				tbsCertList.EncodeTo(sigStream, Asn1Encodable.Der);
+			}
+
+			var signature = ((IBlockResult)streamCalculator.GetResult()).Collect();
 
-		private X509Crl GenerateJcaObject(
-			TbsCertificateList	tbsCrl,
-            AlgorithmIdentifier algId,
-			byte[]				signature)
-		{
 			return new X509Crl(
-				CertificateList.GetInstance(
-					new DerSequence(tbsCrl, algId, new DerBitString(signature))));
+				CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, new DerBitString(signature))));
 		}
 
 		/// <summary>
diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs
index 7930ab23b..50e3fc689 100644
--- a/crypto/src/x509/X509V3CertificateGenerator.cs
+++ b/crypto/src/x509/X509V3CertificateGenerator.cs
@@ -241,13 +241,14 @@ namespace Org.BouncyCastle.X509
 		}
 
 		/// <summary>
-		/// Generate a new X509Certificate using the passed in SignatureCalculator.
+		/// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>.
 		/// </summary>
-		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
-		/// <returns>An X509Certificate.</returns>
-		public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509Certificate"/>.</returns>
+		public X509Certificate Generate(ISignatureFactory signatureFactory)
 		{
-			var sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails;
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
 
 			tbsGen.SetSignature(sigAlgID);
 
@@ -258,7 +259,7 @@ namespace Org.BouncyCastle.X509
 
             TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
 
-			IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
+			IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
 			using (Stream sigStream = streamCalculator.Stream)
             {
 				tbsCert.EncodeTo(sigStream, Asn1Encodable.Der);
-- 
cgit 1.4.1