From 3e5ab53725678c662b5d351fb4a9bc2d3c5d8822 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 30 Jul 2023 13:48:59 +0700 Subject: Add extra properties on X509Certificate --- crypto/src/cms/CMSEnvelopedGenerator.cs | 7 +++---- crypto/src/cms/CMSUtils.cs | 5 +---- crypto/src/ocsp/CertificateID.cs | 2 +- crypto/src/pkix/PkixCertPathValidator.cs | 11 +++++++---- crypto/src/x509/AttributeCertificateHolder.cs | 22 +++------------------- crypto/src/x509/PrincipalUtil.cs | 9 ++------- crypto/src/x509/X509Certificate.cs | 7 +++++++ crypto/src/x509/store/X509CertStoreSelector.cs | 2 +- 8 files changed, 25 insertions(+), 40 deletions(-) (limited to 'crypto') diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index 3a7ef8f3f..89a7f4576 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -154,10 +154,9 @@ namespace Org.BouncyCastle.Cms */ public void AddKeyTransRecipient(X509Certificate cert) { - TbsCertificateStructure recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(cert); - SubjectPublicKeyInfo info = recipientTbsCert.SubjectPublicKeyInfo; - AddRecipientInfoGenerator( - new KeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper(info.Algorithm, cert))); + var algorithm = cert.SubjectPublicKeyInfo.Algorithm; + var keyWrapper = new Asn1KeyWrapper(algorithm, cert); + AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, keyWrapper)); } /** diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs index 06d191d6e..7cf0d6153 100644 --- a/crypto/src/cms/CMSUtils.cs +++ b/crypto/src/cms/CMSUtils.cs @@ -203,12 +203,9 @@ namespace Org.BouncyCastle.Cms return DerSet.FromVector(v); } - internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert) => - cert.CertificateStructure.TbsCertificate; - internal static IssuerAndSerialNumber GetIssuerAndSerialNumber(X509Certificate cert) { - TbsCertificateStructure tbsCert = GetTbsCertificateStructure(cert); + TbsCertificateStructure tbsCert = cert.TbsCertificate; return new IssuerAndSerialNumber(tbsCert.Issuer, tbsCert.SerialNumber); } diff --git a/crypto/src/ocsp/CertificateID.cs b/crypto/src/ocsp/CertificateID.cs index 72588b17f..3b4c78248 100644 --- a/crypto/src/ocsp/CertificateID.cs +++ b/crypto/src/ocsp/CertificateID.cs @@ -85,7 +85,7 @@ namespace Org.BouncyCastle.Ocsp X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] issuerNameHash = X509Utilities.CalculateDigest(digestAlgorithm, issuerName); - byte[] issuerKey = issuerCert.CertificateStructure.SubjectPublicKeyInfo.PublicKey.GetBytes(); + byte[] issuerKey = issuerCert.SubjectPublicKeyInfo.PublicKey.GetBytes(); byte[] issuerKeyHash = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm, issuerKey); return new CertID(digestAlgorithm, new DerOctetString(issuerNameHash), diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs index 82b5aa0e5..89b3a57fe 100644 --- a/crypto/src/pkix/PkixCertPathValidator.cs +++ b/crypto/src/pkix/PkixCertPathValidator.cs @@ -426,15 +426,18 @@ namespace Org.BouncyCastle.Pkix internal static void CheckCertificate(X509Certificate cert) { - // TODO What check is this method trying to achieve? + Exception cause = null; try { - TbsCertificateStructure.GetInstance(cert.CertificateStructure.TbsCertificate); + if (cert.TbsCertificate != null) + return; } - catch (CertificateEncodingException e) + catch (Exception e) { - throw new Exception("unable to process TBSCertificate", e); + cause = e; } + + throw new Exception("unable to process TBSCertificate", cause); } } } diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs index 903886085..9122a809f 100644 --- a/crypto/src/x509/AttributeCertificateHolder.cs +++ b/crypto/src/x509/AttributeCertificateHolder.cs @@ -341,37 +341,22 @@ namespace Org.BouncyCastle.X509 if (holder.EntityName != null) { if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName)) - { return true; - } } if (holder.ObjectDigestInfo != null) { - IDigest md = null; - try - { - md = DigestUtilities.GetDigest(DigestAlgorithm); - } - catch (Exception) - { - return false; - } + IDigest md = DigestUtilities.GetDigest(DigestAlgorithm); switch (DigestedObjectType) { case ObjectDigestInfo.PublicKey: { // TODO: DSA Dss-parms - - //byte[] b = x509Cert.GetPublicKey().getEncoded(); - // TODO Is this the right way to encode? - byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo( - x509Cert.GetPublicKey()).GetEncoded(); + byte[] b = x509Cert.SubjectPublicKeyInfo.GetEncoded(); md.BlockUpdate(b, 0, b.Length); break; } - case ObjectDigestInfo.PublicKeyCert: { byte[] b = x509Cert.GetEncoded(); @@ -389,9 +374,8 @@ namespace Org.BouncyCastle.X509 } } } - catch (CertificateEncodingException) + catch (Exception) { - return false; } return false; diff --git a/crypto/src/x509/PrincipalUtil.cs b/crypto/src/x509/PrincipalUtil.cs index 733da1dca..fb1b01b40 100644 --- a/crypto/src/x509/PrincipalUtil.cs +++ b/crypto/src/x509/PrincipalUtil.cs @@ -1,9 +1,4 @@ -using System; -using System.IO; - -using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Security.Certificates; namespace Org.BouncyCastle.X509 { @@ -20,13 +15,13 @@ namespace Org.BouncyCastle.X509 /// Return the issuer of the given cert as an X509Principal. public static X509Name GetIssuerX509Principal(X509Certificate cert) { - return cert.CertificateStructure.TbsCertificate.Issuer; + return cert.TbsCertificate.Issuer; } /// Return the subject of the given cert as an X509Principal. public static X509Name GetSubjectX509Principal(X509Certificate cert) { - return cert.CertificateStructure.TbsCertificate.Subject; + return cert.TbsCertificate.Subject; } /// Return the issuer of the given CRL as an X509Principal. diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index 944b627b0..465899042 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -265,6 +265,8 @@ namespace Org.BouncyCastle.X509 get { return c.EndDate.ToDateTime(); } } + public virtual TbsCertificateStructure TbsCertificate => c.TbsCertificate; + /// /// Return the Der encoded TbsCertificate data. /// This is the certificate component less the signature. @@ -463,6 +465,11 @@ namespace Org.BouncyCastle.X509 : null; } + /// + /// Return the plain SubjectPublicKeyInfo that holds the encoded public key. + /// + public virtual SubjectPublicKeyInfo SubjectPublicKeyInfo => c.SubjectPublicKeyInfo; + /// /// Get the public key of the subject of the certificate. /// diff --git a/crypto/src/x509/store/X509CertStoreSelector.cs b/crypto/src/x509/store/X509CertStoreSelector.cs index c60c8b24b..a153868d4 100644 --- a/crypto/src/x509/store/X509CertStoreSelector.cs +++ b/crypto/src/x509/store/X509CertStoreSelector.cs @@ -276,7 +276,7 @@ namespace Org.BouncyCastle.X509.Store if (!MatchExtension(subjectKeyIdentifier, c, X509Extensions.SubjectKeyIdentifier)) return false; - SubjectPublicKeyInfo subjectPublicKeyInfo = c.CertificateStructure.SubjectPublicKeyInfo; + SubjectPublicKeyInfo subjectPublicKeyInfo = c.SubjectPublicKeyInfo; if (subjectPublicKey != null && !subjectPublicKey.Equals(subjectPublicKeyInfo)) return false; -- cgit 1.4.1