Cosmetics.

Author: vplusplus

src/Org.Security.Cryptography.X509Extensions/X509CertificateCache.cs

@@ -1,19 +1,45 @@
 
 //...................................................................................
-#region About X509CertificateCache
+#region Readme: X509CertificateCache
 //...................................................................................
-// Per-Thread-Cache of X590 Certificates identified by Thumbprint.
-// Certificates are cached based on StoreName and StoreLocation to avoid ambuguity.
-// Supports locating certs ONLY by thumbprint.
-// Certs identified by thumbprint can't change for life-time. 
-// If certificate is NOT found, cache is NOT updated with NULL.
-// As such, you should never encounter a situation where you need to re-start the server after adding/updating certificate.
-// DELETING a certificate might require a restart if the certificate is already cached.
-// IMP:
+// 
+// It takes approx 5 miiliSec to lookup and obtain the certificate from local certificate store,
+// unless the Store itself is handled as singleton and never closed during process lifetime.
+//
+// X509CertificateCache can be used to cache and re-use the certs.
+// This is NOT a secrity issue, as the process has access to the certificate in the store.
+// If given process do not have access to the certificate, it won't reach the cache in the first place.
+//
+// Using the X509 certificate instance:
 // Use the cache ONLY IF you absolutely know how you are using the X509Certificate2 instance.
-// Disposing the certificate, for example, will leave a stale and useless X509Certificate2 instance in the cache.
-// Given caller can use a secret cache-key-prefix, in which case, his/her version of cached instances is NOT shared with otthers. 
+// Disposing the certificate, or disposing the AsymmetricAlgorithm for example, 
+// will leave a STALE and USELESS X509Certificate2 instance in the cache.
+// Your code may not have control over other parts using/abusing the cache.
+// If your use-case needs a private space that is not available to other callers, 
+// use a unique-cache-prfix, that is not shared with others.
+// Example: private static readonly string MyCachePrefix = Guid.NewGuid().ToString();
+// 
+// Is this thread-safe?
+// The X509CertificateCache maintains per-thread-cache.
+// Each thread has its own instance of the cache and the cached versions of the X509 certificate.
+// The cache is as thread-safe as the X509Certificate instance itself.
+// The cache can't prevent you from passing the certificate instances in an async call, crossing thread boundary.
+// If you are concerned about thread safety, do not pass the certifcates across async-call boundaries.
+// For threadsafety of X509Certificate2 related operations, refer Microsoft documentation.
 // 
+// How about server-restart on certificate changes?
+// The ONLY option supported by the cache is lookup by thumbprint.
+// The cache doesn't support lookup by other properties that may change, such as SubjectName.
+// The thumbprint is a digital fingerprint for specific certificate instance.
+// Also, the certificates are cached based on StoreName and StoreLocation to avoid ambuguity.
+// Certs identified by thumbprint can't change for life-time, without change to the thumbprint itself.
+// In general, you should not have to to re-start the server after adding/updating certificate.
+// DELETING a certificate might require a restart if the certificate is already cached.
+// Stop using the old thumbprint to avoid restart.
+// Another case is, if the permission to a certificate was revoked to the process, after it was already cached.
+//
+// As with any other library, read-and-understand the code before using. 
+//
 #endregion
 
 using System;
@@ -99,6 +125,5 @@ public static X509Certificate2 TryGetCertificate(string x509Thumbprint, StoreNam
                 }
             }
         }
-
     }
 }

src/Org.Security.Cryptography.X509Extensions/X509RsaAesStreamEncryptionExtensions.cs

@@ -128,7 +128,7 @@ static void Encrypt(AsymmetricAlgorithm keyEncryption, SymmetricAlgorithm dataEn
             using (var transform = dataEncryption.CreateEncryptor())
             using (var cryptoStream = new CryptoStream(outputStream, transform, CryptoStreamMode.Write))
             {
-                inputStream.CopyTo(cryptoStream, dataEncryption.BlockSize);
+                inputStream.CopyTo(cryptoStream, bufferSize: dataEncryption.BlockSize * 4);
             }
         }
 
@@ -149,7 +149,7 @@ static void Decrypt(AsymmetricAlgorithm keyEncryption, SymmetricAlgorithm dataEn
             using (var transform = dataEncryption.CreateDecryptor())
             using (var cryptoStream = new CryptoStream(inputStream, transform, CryptoStreamMode.Read))
             {
-                cryptoStream.CopyTo(outputStream, dataEncryption.BlockSize);
+                cryptoStream.CopyTo(outputStream, bufferSize: dataEncryption.BlockSize * 4);
             }
         }
 
@@ -181,22 +181,5 @@ static byte[] ReadLengthAndBytes(this Stream inputStream)
 
             return bytes;
         }
-
-        static void CopyTo(this Stream inputStream, Stream outputStream, int bufferSize)
-        {
-            if (null == inputStream) throw new ArgumentNullException(nameof(inputStream));
-            if (null == outputStream) throw new ArgumentNullException(nameof(outputStream));
-            if (bufferSize <= 0) throw new ArgumentException("Invalid buffer size. Must be > 0");
-
-            byte[] buffer = new byte[bufferSize];
-            int bytesRead = 0;
-
-            do {
-                bytesRead = inputStream.Read(buffer, 0, buffer.Length);
-                if (bytesRead > 0) outputStream.Write(buffer, 0, bytesRead);
-            }
-            while (bytesRead > 0);
-        }
-
     }
 }