misc: work on importing certificates

DennisDyallo · DennisDyallo · commit e5c0a53b53c3 · 2025-04-14T15:27:55.000+02:00
added comment
removed unnecessary close() calls
early return exit
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.KeyPairs.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.KeyPairs.cs
@@ -489,7 +489,7 @@ public void ImportCertificate(byte slotNumber, X509Certificate2 certificate, boo
             byte[] certDer = certificate.GetRawCertData();
             if (compress)
             {
-                certInfo = 0x01;
+                certInfo = 0x01; // Indicates the certificate is compressed
                 try
                 {
                     certDer = Compress(certDer);
@@ -571,31 +571,32 @@ public X509Certificate2 GetCertificate(byte slotNumber)
             var certData = TlvObjects.DecodeDictionary(responseData.Span);
 
             bool hasCertInfo = certData.TryGetValue(PivCertInfoTag, out var certInfo);
-            if (certData.TryGetValue(PivCertTag, out var certBytes))
+            if (!certData.TryGetValue(PivCertTag, out var certBytes))
             {
-                bool compressed = hasCertInfo && certInfo.Length > 0 &&
-                ((certInfo.Span[0] & 0x01) == 0x01);
-                if (compressed)
-                {
-                    try
-                    {
-                        certBytes = Decompress(certBytes.ToArray());
-                    }
-                    catch (Exception)
-                    {
-                        throw new InvalidOperationException(
-                            string.Format(
-                                CultureInfo.CurrentCulture,
-                                ExceptionMessages.FailedDecompressingCertificate));
-                    }
-                }
-                return new X509Certificate2(certBytes.ToArray());
+                throw new InvalidOperationException(
+                    string.Format(
+                        CultureInfo.CurrentCulture,
+                        ExceptionMessages.FailedParsingCertificate));
             }
 
-            throw new InvalidOperationException(
-                string.Format(
-                    CultureInfo.CurrentCulture,
-                    ExceptionMessages.FailedParsingCertificate));
+            byte[] certBytesCopy = certBytes.ToArray();
+            bool isCompressed = hasCertInfo && certInfo.Span[0] == 0x01;
+            if (!isCompressed)
+            {
+                return new X509Certificate2(certBytesCopy);
+            }
+
+            try
+            {
+                return new X509Certificate2(Decompress(certBytesCopy));
+            }
+            catch (Exception)
+            {
+                throw new InvalidOperationException(
+                    string.Format(
+                        CultureInfo.CurrentCulture,
+                        ExceptionMessages.FailedDecompressingCertificate));
+            }
         }
 
         // There is a DataTag to use when calling PUT DATA. To put a cert onto
@@ -635,9 +636,11 @@ private void RefreshManagementKeyAuthentication()
         static private byte[] Compress(byte[] data)
         {
             using var compressedStream = new MemoryStream();
-            using var compressor = new GZipStream(compressedStream, CompressionLevel.Optimal);
-            compressor.Write(data, 0, data.Length);
-            compressor.Close();
+            using (var compressor = new GZipStream(compressedStream, CompressionLevel.Optimal))
+            {
+                compressor.Write(data, 0, data.Length);
+            }
+
             return compressedStream.ToArray();
         }
 
@@ -647,7 +650,7 @@ static private byte[] Decompress(byte[] data)
             using var decompressor = new GZipStream(dataStream, CompressionMode.Decompress);
             using var decompressedStream = new MemoryStream();
             decompressor.CopyTo(decompressedStream);
-            decompressor.Close();
+            
             return decompressedStream.ToArray();
         }
     }
