From b204309029cd6bd92d8a20e5778e6cf328bf7745 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 21 Feb 2020 18:04:07 +0700 Subject: [PATCH 1/5] Update ASN.1 GetInstance methods --- crypto/src/asn1/Asn1Sequence.cs | 4 ++-- crypto/src/asn1/tsp/Accuracy.cs | 26 +++++++------------- crypto/src/asn1/tsp/MessageImprint.cs | 32 ++++++++----------------- crypto/src/asn1/tsp/TSTInfo.cs | 34 +++++---------------------- crypto/src/asn1/tsp/TimeStampReq.cs | 26 +++++++------------- crypto/src/asn1/tsp/TimeStampResp.cs | 26 +++++++------------- crypto/src/asn1/x509/X509Name.cs | 10 ++++---- 7 files changed, 49 insertions(+), 109 deletions(-) diff --git a/crypto/src/asn1/Asn1Sequence.cs b/crypto/src/asn1/Asn1Sequence.cs index 854c815906..286b731f53 100644 --- a/crypto/src/asn1/Asn1Sequence.cs +++ b/crypto/src/asn1/Asn1Sequence.cs @@ -28,13 +28,13 @@ public static Asn1Sequence GetInstance( } else if (obj is Asn1SequenceParser) { - return Asn1Sequence.GetInstance(((Asn1SequenceParser)obj).ToAsn1Object()); + return GetInstance(((Asn1SequenceParser)obj).ToAsn1Object()); } else if (obj is byte[]) { try { - return Asn1Sequence.GetInstance(FromByteArray((byte[])obj)); + return GetInstance(FromByteArray((byte[])obj)); } catch (IOException e) { diff --git a/crypto/src/asn1/tsp/Accuracy.cs b/crypto/src/asn1/tsp/Accuracy.cs index 31289db99d..0cbc731ac4 100644 --- a/crypto/src/asn1/tsp/Accuracy.cs +++ b/crypto/src/asn1/tsp/Accuracy.cs @@ -75,24 +75,16 @@ private Accuracy( } } - public static Accuracy GetInstance( - object o) - { - if (o == null || o is Accuracy) - { - return (Accuracy) o; - } - - if (o is Asn1Sequence) - { - return new Accuracy((Asn1Sequence) o); - } - - throw new ArgumentException( - "Unknown object in 'Accuracy' factory: " + Platform.GetTypeName(o)); - } + public static Accuracy GetInstance(object obj) + { + if (obj is Accuracy) + return (Accuracy)obj; + if (obj == null) + return null; + return new Accuracy(Asn1Sequence.GetInstance(obj)); + } - public DerInteger Seconds + public DerInteger Seconds { get { return seconds; } } diff --git a/crypto/src/asn1/tsp/MessageImprint.cs b/crypto/src/asn1/tsp/MessageImprint.cs index 44ef7d1775..cb728629cb 100644 --- a/crypto/src/asn1/tsp/MessageImprint.cs +++ b/crypto/src/asn1/tsp/MessageImprint.cs @@ -11,28 +11,16 @@ public class MessageImprint private readonly AlgorithmIdentifier hashAlgorithm; private readonly byte[] hashedMessage; - /** - * @param o - * @return a MessageImprint object. - */ - public static MessageImprint GetInstance( - object o) - { - if (o == null || o is MessageImprint) - { - return (MessageImprint) o; - } - - if (o is Asn1Sequence) - { - return new MessageImprint((Asn1Sequence) o); - } - - throw new ArgumentException( - "Unknown object in 'MessageImprint' factory: " + Platform.GetTypeName(o)); - } - - private MessageImprint( + public static MessageImprint GetInstance(object obj) + { + if (obj is MessageImprint) + return (MessageImprint)obj; + if (obj == null) + return null; + return new MessageImprint(Asn1Sequence.GetInstance(obj)); + } + + private MessageImprint( Asn1Sequence seq) { if (seq.Count != 2) diff --git a/crypto/src/asn1/tsp/TSTInfo.cs b/crypto/src/asn1/tsp/TSTInfo.cs index ee4dd67f1a..3f5ab28bbf 100644 --- a/crypto/src/asn1/tsp/TSTInfo.cs +++ b/crypto/src/asn1/tsp/TSTInfo.cs @@ -21,35 +21,13 @@ public class TstInfo private readonly GeneralName tsa; private readonly X509Extensions extensions; - public static TstInfo GetInstance( - object o) + public static TstInfo GetInstance(object obj) { - if (o == null || o is TstInfo) - { - return (TstInfo) o; - } - - if (o is Asn1Sequence) - { - return new TstInfo((Asn1Sequence) o); - } - - if (o is Asn1OctetString) - { - try - { - byte[] octets = ((Asn1OctetString)o).GetOctets(); - return GetInstance(Asn1Object.FromByteArray(octets)); - } - catch (IOException) - { - throw new ArgumentException( - "Bad object format in 'TstInfo' factory."); - } - } - - throw new ArgumentException( - "Unknown object in 'TstInfo' factory: " + Platform.GetTypeName(o)); + if (obj is TstInfo) + return (TstInfo)obj; + if (obj == null) + return null; + return new TstInfo(Asn1Sequence.GetInstance(obj)); } private TstInfo( diff --git a/crypto/src/asn1/tsp/TimeStampReq.cs b/crypto/src/asn1/tsp/TimeStampReq.cs index b71fe83ab3..7173172c48 100644 --- a/crypto/src/asn1/tsp/TimeStampReq.cs +++ b/crypto/src/asn1/tsp/TimeStampReq.cs @@ -15,24 +15,16 @@ public class TimeStampReq private readonly DerBoolean certReq; private readonly X509Extensions extensions; - public static TimeStampReq GetInstance( - object o) - { - if (o == null || o is TimeStampReq) - { - return (TimeStampReq) o; - } - - if (o is Asn1Sequence) - { - return new TimeStampReq((Asn1Sequence) o); - } - - throw new ArgumentException( - "Unknown object in 'TimeStampReq' factory: " + Platform.GetTypeName(o)); - } + public static TimeStampReq GetInstance(object obj) + { + if (obj is TimeStampReq) + return (TimeStampReq)obj; + if (obj == null) + return null; + return new TimeStampReq(Asn1Sequence.GetInstance(obj)); + } - private TimeStampReq( + private TimeStampReq( Asn1Sequence seq) { int nbObjects = seq.Count; diff --git a/crypto/src/asn1/tsp/TimeStampResp.cs b/crypto/src/asn1/tsp/TimeStampResp.cs index f5186ca4fa..3dde0dfced 100644 --- a/crypto/src/asn1/tsp/TimeStampResp.cs +++ b/crypto/src/asn1/tsp/TimeStampResp.cs @@ -12,24 +12,16 @@ public class TimeStampResp private readonly PkiStatusInfo pkiStatusInfo; private readonly ContentInfo timeStampToken; - public static TimeStampResp GetInstance( - object o) - { - if (o == null || o is TimeStampResp) - { - return (TimeStampResp) o; - } - - if (o is Asn1Sequence) - { - return new TimeStampResp((Asn1Sequence) o); - } - - throw new ArgumentException( - "Unknown object in 'TimeStampResp' factory: " + Platform.GetTypeName(o)); - } + public static TimeStampResp GetInstance(object obj) + { + if (obj is TimeStampResp) + return (TimeStampResp)obj; + if (obj == null) + return null; + return new TimeStampResp(Asn1Sequence.GetInstance(obj)); + } - private TimeStampResp( + private TimeStampResp( Asn1Sequence seq) { this.pkiStatusInfo = PkiStatusInfo.GetInstance(seq[0]); diff --git a/crypto/src/asn1/x509/X509Name.cs b/crypto/src/asn1/x509/X509Name.cs index c3c3cc6c9b..bd8f9fb3ec 100644 --- a/crypto/src/asn1/x509/X509Name.cs +++ b/crypto/src/asn1/x509/X509Name.cs @@ -364,13 +364,11 @@ public static X509Name GetInstance( public static X509Name GetInstance( object obj) { - if (obj == null || obj is X509Name) + if (obj is X509Name) return (X509Name)obj; - - if (obj != null) - return new X509Name(Asn1Sequence.GetInstance(obj)); - - throw new ArgumentException("null object in factory", "obj"); + if (obj == null) + return null; + return new X509Name(Asn1Sequence.GetInstance(obj)); } protected X509Name() From 949c5f658b9558c5f163a3c523d1efaf73ea1319 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 21 Feb 2020 18:05:27 +0700 Subject: [PATCH 2/5] Fix handling of reason codes --- .../pkix/PkixCertPathValidatorUtilities.cs | 82 ++++++++++--------- 1 file changed, 43 insertions(+), 39 deletions(-) diff --git a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs index 55f4afb196..57dfcd6ed8 100644 --- a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs +++ b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs @@ -529,46 +529,50 @@ internal static void GetCertStatus( X509Name issuer = GetIssuerPrincipal(cert); - if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) - || issuer.Equivalent(crl.IssuerDN, true)) - { - DerEnumerated reasonCode = null; - if (crl_entry.HasExtensions) - { - try - { - reasonCode = DerEnumerated.GetInstance( - GetExtensionValue(crl_entry, X509Extensions.ReasonCode)); - } - catch (Exception e) - { - throw new Exception( - "Reason code CRL entry extension could not be decoded.", - e); - } - } + if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) + && !issuer.Equivalent(crl.IssuerDN, true)) + { + return; + } - // for reason keyCompromise, caCompromise, aACompromise or - // unspecified - if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) - || reasonCode == null - || reasonCode.Value.TestBit(0) - || reasonCode.Value.TestBit(1) - || reasonCode.Value.TestBit(2) - || reasonCode.Value.TestBit(8)) - { - if (reasonCode != null) // (i) or (j) (1) - { - certStatus.Status = reasonCode.Value.SignValue; - } - else // (i) or (j) (2) - { - certStatus.Status = CrlReason.Unspecified; - } - certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate); - } - } - } + int reasonCodeValue = CrlReason.Unspecified; + + if (crl_entry.HasExtensions) + { + try + { + Asn1Object extValue = GetExtensionValue(crl_entry, X509Extensions.ReasonCode); + DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue); + if (null != reasonCode) + { + reasonCodeValue = reasonCode.IntValueExact; + } + } + catch (Exception e) + { + throw new Exception("Reason code CRL entry extension could not be decoded.", e); + } + } + + DateTime revocationDate = crl_entry.RevocationDate; + if (validDate.Ticks < revocationDate.Ticks) + { + switch (reasonCodeValue) + { + case CrlReason.Unspecified: + case CrlReason.KeyCompromise: + case CrlReason.CACompromise: + case CrlReason.AACompromise: + break; + default: + return; + } + } + + // (i) or (j) + certStatus.Status = reasonCodeValue; + certStatus.RevocationDate = new DateTimeObject(revocationDate); + } /** * Return the next working key inheriting DSA parameters if necessary. From 9f562ae2423c550b95b3e00e6bcbeb6616b2a034 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 21 Feb 2020 18:06:14 +0700 Subject: [PATCH 3/5] Refactoring --- crypto/src/pkix/Rfc3280CertPathUtilities.cs | 21 +- crypto/src/pkix/Rfc3281CertPathUtilities.cs | 267 ++++++++++---------- crypto/src/x509/X509Certificate.cs | 6 +- crypto/src/x509/X509CrlEntry.cs | 2 +- 4 files changed, 148 insertions(+), 148 deletions(-) diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs index c703194a4a..d6594f4adf 100644 --- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs @@ -245,12 +245,11 @@ internal static void ProcessCertBC( if (!(PkixCertPathValidatorUtilities.IsSelfIssued(cert) && (i < n))) { X509Name principal = cert.SubjectDN; - Asn1InputStream aIn = new Asn1InputStream(principal.GetEncoded()); Asn1Sequence dns; try { - dns = DerSequence.GetInstance(aIn.ReadObject()); + dns = Asn1Sequence.GetInstance(principal.GetEncoded()); } catch (Exception e) { @@ -357,7 +356,7 @@ internal static void PrepareNextCertA( DerObjectIdentifier subjectDomainPolicy = null; try { - Asn1Sequence mapping = DerSequence.GetInstance(mappings[j]); + Asn1Sequence mapping = Asn1Sequence.GetInstance(mappings[j]); issuerDomainPolicy = DerObjectIdentifier.GetInstance(mapping[0]); subjectDomainPolicy = DerObjectIdentifier.GetInstance(mapping[1]); @@ -400,7 +399,7 @@ internal static PkixPolicyNode ProcessCertD( Asn1Sequence certPolicies = null; try { - certPolicies = DerSequence.GetInstance( + certPolicies = Asn1Sequence.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies)); } catch (Exception e) @@ -1167,10 +1166,10 @@ protected static void CheckCrls( * omitted and a distribution point name of the certificate * issuer. */ - Asn1Object issuer = null; + X509Name issuer; try { - issuer = new Asn1InputStream(cert.IssuerDN.GetEncoded()).ReadObject(); + issuer = X509Name.GetInstance(cert.IssuerDN.GetEncoded()); } catch (Exception e) { @@ -1598,7 +1597,7 @@ internal static int PrepareNextCertI1( Asn1Sequence pc = null; try { - pc = DerSequence.GetInstance( + pc = Asn1Sequence.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints)); } catch (Exception e) @@ -1653,7 +1652,7 @@ internal static int PrepareNextCertI2( Asn1Sequence pc = null; try { - pc = DerSequence.GetInstance( + pc = Asn1Sequence.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints)); } catch (Exception e) @@ -1708,7 +1707,7 @@ internal static void PrepareNextCertG( NameConstraints nc = null; try { - Asn1Sequence ncSeq = DerSequence.GetInstance( + Asn1Sequence ncSeq = Asn1Sequence.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.NameConstraints)); if (ncSeq != null) { @@ -2042,7 +2041,7 @@ internal static int WrapupCertB( Asn1Sequence pc = null; try { - pc = DerSequence.GetInstance( + pc = Asn1Sequence.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints)); } catch (Exception e) @@ -2415,7 +2414,7 @@ internal static PkixPolicyNode ProcessCertE( Asn1Sequence certPolicies = null; try { - certPolicies = DerSequence.GetInstance( + certPolicies = Asn1Sequence.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies)); } catch (Exception e) diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs index 101ef5e118..66025f0fcc 100644 --- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs @@ -79,153 +79,154 @@ internal static void CheckCrls( DateTime validDate, IList certPathCerts) { - if (paramsPKIX.IsRevocationEnabled) + if (!paramsPKIX.IsRevocationEnabled) + { + return; + } + + // check if revocation is available + if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) != null) + { + if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null + || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null) + { + throw new PkixCertPathValidatorException( + "No rev avail extension is set, but also an AC revocation pointer."); + } + + return; + } + + CrlDistPoint crldp = null; + try + { + crldp = CrlDistPoint.GetInstance( + PkixCertPathValidatorUtilities.GetExtensionValue( + attrCert, X509Extensions.CrlDistributionPoints)); + } + catch (Exception e) + { + throw new PkixCertPathValidatorException( + "CRL distribution point extension could not be read.", e); + } + try + { + PkixCertPathValidatorUtilities + .AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX); + } + catch (Exception e) { - // check if revocation is available - if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null) + throw new PkixCertPathValidatorException( + "No additional CRL locations could be decoded from CRL distribution point extension.", e); + } + + CertStatus certStatus = new CertStatus(); + ReasonsMask reasonsMask = new ReasonsMask(); + + Exception lastException = null; + bool validCrlFound = false; + // for each distribution point + if (crldp != null) + { + DistributionPoint[] dps = null; + try { - CrlDistPoint crldp = null; - try - { - crldp = CrlDistPoint.GetInstance( - PkixCertPathValidatorUtilities.GetExtensionValue( - attrCert, X509Extensions.CrlDistributionPoints)); - } - catch (Exception e) - { - throw new PkixCertPathValidatorException( - "CRL distribution point extension could not be read.", e); - } - try + dps = crldp.GetDistributionPoints(); + } + catch (Exception e) + { + throw new PkixCertPathValidatorException( + "Distribution points could not be read.", e); + } + try + { + for (int i = 0; i < dps.Length + && certStatus.Status == CertStatus.Unrevoked + && !reasonsMask.IsAllReasons; i++) { - PkixCertPathValidatorUtilities - .AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX); + PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX + .Clone(); + CheckCrl(dps[i], attrCert, paramsPKIXClone, + validDate, issuerCert, certStatus, reasonsMask, + certPathCerts); + validCrlFound = true; } - catch (Exception e) - { - throw new PkixCertPathValidatorException( - "No additional CRL locations could be decoded from CRL distribution point extension.", e); - } - CertStatus certStatus = new CertStatus(); - ReasonsMask reasonsMask = new ReasonsMask(); + } + catch (Exception e) + { + lastException = new Exception( + "No valid CRL for distribution point found.", e); + } + } - Exception lastException = null; - bool validCrlFound = false; - // for each distribution point - if (crldp != null) - { - DistributionPoint[] dps = null; - try - { - dps = crldp.GetDistributionPoints(); - } - catch (Exception e) - { - throw new PkixCertPathValidatorException( - "Distribution points could not be read.", e); - } - try - { - for (int i = 0; i < dps.Length - && certStatus.Status == CertStatus.Unrevoked - && !reasonsMask.IsAllReasons; i++) - { - PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX - .Clone(); - CheckCrl(dps[i], attrCert, paramsPKIXClone, - validDate, issuerCert, certStatus, reasonsMask, - certPathCerts); - validCrlFound = true; - } - } - catch (Exception e) - { - lastException = new Exception( - "No valid CRL for distribution point found.", e); - } - } + /* + * If the revocation status has not been determined, repeat the + * process above with any available CRLs not specified in a + * distribution point but issued by the certificate issuer. + */ + if (certStatus.Status == CertStatus.Unrevoked + && !reasonsMask.IsAllReasons) + { + try + { /* - * If the revocation status has not been determined, repeat the - * process above with any available CRLs not specified in a - * distribution point but issued by the certificate issuer. + * assume a DP with both the reasons and the cRLIssuer + * fields omitted and a distribution point name of the + * certificate issuer. */ - - if (certStatus.Status == CertStatus.Unrevoked - && !reasonsMask.IsAllReasons) - { - try - { - /* - * assume a DP with both the reasons and the cRLIssuer - * fields omitted and a distribution point name of the - * certificate issuer. - */ - Asn1Object issuer = null; - try - { - issuer = new Asn1InputStream( - attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject(); - } - catch (Exception e) - { - throw new Exception( - "Issuer from certificate for CRL could not be reencoded.", - e); - } - DistributionPoint dp = new DistributionPoint( - new DistributionPointName(0, new GeneralNames( - new GeneralName(GeneralName.DirectoryName, issuer))), null, null); - PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX.Clone(); - CheckCrl(dp, attrCert, paramsPKIXClone, validDate, - issuerCert, certStatus, reasonsMask, certPathCerts); - validCrlFound = true; - } - catch (Exception e) - { - lastException = new Exception( - "No valid CRL for distribution point found.", e); - } - } - - if (!validCrlFound) - { - throw new PkixCertPathValidatorException( - "No valid CRL found.", lastException); - } - if (certStatus.Status != CertStatus.Unrevoked) - { - // This format is enforced by the NistCertPath tests - string formattedDate = certStatus.RevocationDate.Value.ToString( - "ddd MMM dd HH:mm:ss K yyyy"); - string message = "Attribute certificate revocation after " - + formattedDate; - message += ", reason: " - + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status]; - throw new PkixCertPathValidatorException(message); - } - if (!reasonsMask.IsAllReasons - && certStatus.Status == CertStatus.Unrevoked) + X509Name issuer; + try + { + issuer = X509Name.GetInstance(attrCert.Issuer.GetPrincipals()[0].GetEncoded()); + } + catch (Exception e) { - certStatus.Status = CertStatus.Undetermined; - } - if (certStatus.Status == CertStatus.Undetermined) - { - throw new PkixCertPathValidatorException( - "Attribute certificate status could not be determined."); + throw new Exception( + "Issuer from certificate for CRL could not be reencoded.", + e); } - + DistributionPoint dp = new DistributionPoint( + new DistributionPointName(0, new GeneralNames( + new GeneralName(GeneralName.DirectoryName, issuer))), null, null); + PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX.Clone(); + CheckCrl(dp, attrCert, paramsPKIXClone, validDate, + issuerCert, certStatus, reasonsMask, certPathCerts); + validCrlFound = true; } - else + catch (Exception e) { - if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null - || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null) - { - throw new PkixCertPathValidatorException( - "No rev avail extension is set, but also an AC revocation pointer."); - } + lastException = new Exception( + "No valid CRL for distribution point found.", e); } } + + if (!validCrlFound) + { + throw new PkixCertPathValidatorException( + "No valid CRL found.", lastException); + } + if (certStatus.Status != CertStatus.Unrevoked) + { + // This format is enforced by the NistCertPath tests + string formattedDate = certStatus.RevocationDate.Value.ToString( + "ddd MMM dd HH:mm:ss K yyyy"); + string message = "Attribute certificate revocation after " + + formattedDate; + message += ", reason: " + + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status]; + throw new PkixCertPathValidatorException(message); + } + if (!reasonsMask.IsAllReasons + && certStatus.Status == CertStatus.Unrevoked) + { + certStatus.Status = CertStatus.Undetermined; + } + if (certStatus.Status == CertStatus.Undetermined) + { + throw new PkixCertPathValidatorException( + "Attribute certificate status could not be determined."); + } } internal static void AdditionalChecks( diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index fd156e487b..d8d97ec5e5 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -515,9 +515,9 @@ public override string ToString() if (ext.Value != null) { - byte[] octs = ext.Value.GetOctets(); - Asn1Object obj = Asn1Object.FromByteArray(octs); - buf.Append(" critical(").Append(ext.IsCritical).Append(") "); + Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(ext.Value); + + buf.Append(" critical(").Append(ext.IsCritical).Append(") "); try { if (oid.Equals(X509Extensions.BasicConstraints)) diff --git a/crypto/src/x509/X509CrlEntry.cs b/crypto/src/x509/X509CrlEntry.cs index 9e3608c181..9660a7099e 100644 --- a/crypto/src/x509/X509CrlEntry.cs +++ b/crypto/src/x509/X509CrlEntry.cs @@ -188,7 +188,7 @@ public override string ToString() if (ext.Value != null) { - Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets()); + Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(ext.Value); buf.Append(" critical(") .Append(ext.IsCritical) From aa67c1309df1bfd1d9eac195fb82d9c75984901c Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 21 Feb 2020 18:32:24 +0700 Subject: [PATCH 4/5] Add utility method --- crypto/src/openpgp/PgpObjectFactory.cs | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/crypto/src/openpgp/PgpObjectFactory.cs b/crypto/src/openpgp/PgpObjectFactory.cs index c5c6fcb685..c31cd221c8 100644 --- a/crypto/src/openpgp/PgpObjectFactory.cs +++ b/crypto/src/openpgp/PgpObjectFactory.cs @@ -139,5 +139,24 @@ public IList AllPgpObjects() } return result; } - } + + /// + /// Read all available objects, returning only those that are assignable to the specified type. + /// + /// The type of objects to return. All other objects are ignored. + /// An IList containing the filtered objects from this factory, in order. + public IList FilterPgpObjects(Type type) + { + IList result = Platform.CreateArrayList(); + PgpObject pgpObject; + while ((pgpObject = NextPgpObject()) != null) + { + if (type.IsAssignableFrom(pgpObject.GetType())) + { + result.Add(pgpObject); + } + } + return result; + } + } } From 2f8db0669637e2217fd749ed987377f6ae71e192 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 21 Feb 2020 19:20:35 +0700 Subject: [PATCH 5/5] Update versions and release notes for 1.8.6 --- crypto/NBuild.build | 2 +- crypto/Readme.html | 6 +++++- crypto/src/AssemblyInfo.cs | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/NBuild.build b/crypto/NBuild.build index dd57284b5f..823b8a20ff 100644 --- a/crypto/NBuild.build +++ b/crypto/NBuild.build @@ -16,7 +16,7 @@ - + diff --git a/crypto/Readme.html b/crypto/Readme.html index 30f0337e08..e394195c94 100644 --- a/crypto/Readme.html +++ b/crypto/Readme.html @@ -30,6 +30,8 @@

Contents:

  • Notes:
      +
    1. + Release 1.8.7
    2. Release 1.8.6
    3. @@ -300,7 +302,9 @@

      For first time users.

      Notes:

      -

      Release 1.8.6, TBD

      +

      Release 1.8.7, TBD

      + +

      Release 1.8.6, Friday February 21, 2020

      Defects Fixed
        diff --git a/crypto/src/AssemblyInfo.cs b/crypto/src/AssemblyInfo.cs index e0c820b472..884786ca99 100644 --- a/crypto/src/AssemblyInfo.cs +++ b/crypto/src/AssemblyInfo.cs @@ -33,9 +33,9 @@ // You can specify all the values or you can default the Revision and Build Numbers // by using the '*' as shown below: -[assembly: AssemblyVersion("1.8.5.0")] -[assembly: AssemblyFileVersion("1.8.19031.1")] -[assembly: AssemblyInformationalVersion("1.8.5")] +[assembly: AssemblyVersion("1.8.6.0")] +[assembly: AssemblyFileVersion("1.8.20052.1")] +[assembly: AssemblyInformationalVersion("1.8.6")] // // In order to sign your assembly you must specify a key to use. Refer to the