diff options
author | Brian Carlstrom <bdc@google.com> | 2012-09-04 22:37:51 -0700 |
---|---|---|
committer | Brian Carlstrom <bdc@google.com> | 2012-09-10 17:12:56 -0700 |
commit | 4c111300c39cb2e27f07fc2ae3b00e23ed4443b2 (patch) | |
tree | 09f7bc25efefbfb90b4af3334f4c691eab0ea727 | |
parent | d74998611292b4682daa644b5eefc3b61c0898a6 (diff) | |
download | android_external_bouncycastle-4c111300c39cb2e27f07fc2ae3b00e23ed4443b2.tar.gz android_external_bouncycastle-4c111300c39cb2e27f07fc2ae3b00e23ed4443b2.tar.bz2 android_external_bouncycastle-4c111300c39cb2e27f07fc2ae3b00e23ed4443b2.zip |
bouncycastle 1.47 upgrade
Change-Id: I601cc0dd434897d48c79abb67e9f833159135cce
379 files changed, 24507 insertions, 18145 deletions
@@ -1,4 +1,4 @@ -Copyright (c) 2000-2010 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) +Copyright (c) 2000-2011 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, diff --git a/README.android b/README.android index fe40d40..7da2e79 100644 --- a/README.android +++ b/README.android @@ -45,7 +45,91 @@ The following steps are recommended for porting new Bouncy Castle versions. 7) Run tests to make sure things are working: - See external/openssl/README.android for test instructions + Some suggested tests by area: + - java.security.Provider + libcore/luni/src/test/java/libcore/java/security/ProviderTest.java + libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java + - java.security.AlgorithmParameterGenerator + libcore/luni/src/test/java/libcore/java/security/OldAlgorithmParameterGeneratorTest.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParameterGeneratorTestDH.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParameterGeneratorTestDSA.java + - java.security.AlgorithmParameters + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDSA.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestAES.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDH.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDESede.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDES.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestOAEP.java + libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersTest.java + - java.security.cert.CertPathBuilder + libcore/luni/src/test/java/tests/targets/security/cert/CertPathBuilderTestPKIX.java + - java.security.cert.CertPathValidator + libcore/luni/src/test/java/tests/targets/security/cert/CertPathValidatorTestPKIX.java + - java.security.cert.CertStore + libcore/luni/src/test/java/tests/security/cert/CertStoreSpiTest.java + libcore/luni/src/test/java/tests/security/cert/CertStore2Test.java + libcore/luni/src/test/java/tests/security/cert/CertStore1Test.java + libcore/luni/src/test/java/tests/security/cert/CertStoreExceptionTest.java + - java.security.cert.CertificateFactory + libcore/luni/src/test/java/libcore/java/security/cert/CertificateFactoryTest.java + libcore/luni/src/test/java/tests/targets/security/cert/CertificateFactoryTestX509.java + - javax.crypto.Cipher + libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/CipherTest.java + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/NullCipherTest.java + - javax.crypto.KeyAgreement + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/KeyAgreementTest.java + - java.security.KeyFactory + libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestDH.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestDSA.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestRSA.java + libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactoryTest.java + - javax.crypto.KeyGenerator + libcore/luni/src/test/java/libcore/javax/crypto/KeyGeneratorTest.java + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/KeyGeneratorTest.java + - javax.net.ssl.KeyManagerFactory + libcore/luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java + - java.security.KeyPairGenerator + libcore/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java + libcore/luni/src/test/java/libcore/java/security/OldKeyPairGeneratorTestDH.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestRSA.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestDSA.java + libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestDH.java + libcore/luni/src/test/java/tests/security/interfaces/DSAKeyPairGeneratorTest.java + - java.security.KeyStore + libcore/luni/src/test/java/libcore/java/security/KeyStoreTest.java + libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreTest.java + libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore2Test.java + - javax.crypto.Mac + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/MacTest.java + - java.security.MessageDigest + libcore/luni/src/test/java/libcore/java/security/MessageDigestTest.java + libcore/luni/src/test/java/tests/targets/security/MessageDigestTestMD2.java + libcore/luni/src/test/java/tests/targets/security/MessageDigestTestMD5.java + libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA256.java + libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA1.java + libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA512.java + libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA384.java + - javax.net.ssl.SSLContext + libcore/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java + - javax.crypto.SecretKeyFactory + libcore/luni/src/test/java/libcore/javax/crypto/SecretKeyFactoryTest.java + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/SecretKeyFactoryTest.java + - java.security.SecureRandom + libcore/luni/src/test/java/libcore/java/security/SecureRandomTest.java + libcore/luni/src/test/java/tests/java/security/SecureRandomTest.java + libcore/luni/src/test/java/tests/targets/security/SecureRandomTestSHA1PRNG.java + - java.security.Signature + libcore/luni/src/test/java/libcore/java/security/SignatureTest.java + libcore/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignatureTest.java + libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureTest.java + libcore/luni/src/test/java/tests/targets/security/SignatureTestMD2withRSA.java + - javax.net.ssl.TrustManagerFactory + libcore/luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java + - javax.net.ssl.SSLSocket and javax.net.ssl.SSLEngine (which touch on Cipher, MessageDigest, Signature) + libcore/luni/src/test/java/libcore/javax/net/ssl/ + - Test Android additions to bouncycastle such as org.bouncycastle.crypto.digests.OpenSSLDigest and org.bouncycastle.jce.provider.CertBlacklist + libcore/luni/src/test/java/com/android/org/bouncycastle/ 8) Do a full build before checking in: diff --git a/bouncycastle.config b/bouncycastle.config index 4132420..aa3c96d 100644 --- a/bouncycastle.config +++ b/bouncycastle.config @@ -14,43 +14,31 @@ org/bouncycastle/asn1/mozilla \ org/bouncycastle/asn1/ntt \ org/bouncycastle/asn1/ocsp \ org/bouncycastle/asn1/smime \ -org/bouncycastle/asn1/test \ org/bouncycastle/asn1/tsp \ org/bouncycastle/asn1/x509/qualified \ org/bouncycastle/asn1/x509/sigi \ -org/bouncycastle/bcpg \ -org/bouncycastle/cert \ -org/bouncycastle/cms \ org/bouncycastle/crypto/agreement/kdf \ org/bouncycastle/crypto/agreement/srp \ org/bouncycastle/crypto/examples \ org/bouncycastle/crypto/prng \ -org/bouncycastle/crypto/test \ org/bouncycastle/crypto/tls/ \ org/bouncycastle/i18n/ \ +org/bouncycastle/jcajce/provider/asymmetric/ecgost \ +org/bouncycastle/jcajce/provider/asymmetric/elgamal \ +org/bouncycastle/jcajce/provider/asymmetric/gost \ org/bouncycastle/jce/examples \ org/bouncycastle/jce/provider/test \ -org/bouncycastle/mail \ -org/bouncycastle/mozilla \ +org/bouncycastle/math/ntru \ org/bouncycastle/ocsp \ -org/bouncycastle/openpgp \ -org/bouncycastle/openssl/test \ -org/bouncycastle/operator \ -org/bouncycastle/pkcs \ -org/bouncycastle/tsp \ -org/bouncycastle/util/encoders/test \ org/bouncycastle/util/test \ -org/bouncycastle/voms \ org/bouncycastle/x509/examples \ " # files UNNEEDED_SOURCES+=" \ org/bouncycastle/LICENSE.java \ -org/bouncycastle/asn1/ASN1Boolean.java \ org/bouncycastle/asn1/ASN1Generator.java \ org/bouncycastle/asn1/BERGenerator.java \ -org/bouncycastle/asn1/BERNull.java \ org/bouncycastle/asn1/BEROctetStringGenerator.java \ org/bouncycastle/asn1/BERSequenceGenerator.java \ org/bouncycastle/asn1/DERGenerator.java \ @@ -155,7 +143,7 @@ org/bouncycastle/asn1/x509/Targets.java \ org/bouncycastle/asn1/x509/UserNotice.java \ org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java \ org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java \ -org/bouncycastle/asn1/x509/X509Attributes.java \ +org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java \ org/bouncycastle/asn1/x509/package.html \ org/bouncycastle/asn1/x9/KeySpecificInfo.java \ org/bouncycastle/asn1/x9/OtherInfo.java \ @@ -178,6 +166,7 @@ org/bouncycastle/crypto/digests/ShortenedDigest.java \ org/bouncycastle/crypto/digests/TigerDigest.java \ org/bouncycastle/crypto/digests/WhirlpoolDigest.java \ org/bouncycastle/crypto/digests/package.html \ +org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java \ org/bouncycastle/crypto/encodings/package.html \ org/bouncycastle/crypto/engines/AESLightEngine.java \ org/bouncycastle/crypto/engines/CAST5Engine.java \ @@ -194,6 +183,8 @@ org/bouncycastle/crypto/engines/HC256Engine.java \ org/bouncycastle/crypto/engines/IDEAEngine.java \ org/bouncycastle/crypto/engines/IESEngine.java \ org/bouncycastle/crypto/engines/ISAACEngine.java \ +org/bouncycastle/crypto/engines/IndexGenerator.java \ +org/bouncycastle/crypto/engines/NTRUEngine.java \ org/bouncycastle/crypto/engines/NaccacheSternEngine.java \ org/bouncycastle/crypto/engines/NoekeonEngine.java \ org/bouncycastle/crypto/engines/NullEngine.java \ @@ -224,8 +215,11 @@ org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java \ org/bouncycastle/crypto/generators/KDF1BytesGenerator.java \ org/bouncycastle/crypto/generators/KDF2BytesGenerator.java \ org/bouncycastle/crypto/generators/MGF1BytesGenerator.java \ +org/bouncycastle/crypto/generators/NTRUEncryptionKeyPairGenerator.java \ +org/bouncycastle/crypto/generators/NTRUSigningKeyPairGenerator.java \ org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java \ org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java \ +org/bouncycastle/crypto/generators/SCrypt.java \ org/bouncycastle/crypto/generators/package.html \ org/bouncycastle/crypto/io/SignerInputStream.java \ org/bouncycastle/crypto/io/SignerOutputStream.java \ @@ -239,6 +233,7 @@ org/bouncycastle/crypto/macs/OldHMac.java \ org/bouncycastle/crypto/macs/VMPCMac.java \ org/bouncycastle/crypto/macs/package.html \ org/bouncycastle/crypto/modes/EAXBlockCipher.java \ +org/bouncycastle/crypto/modes/GOFBBlockCipher.java \ org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \ org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \ org/bouncycastle/crypto/modes/PaddedBlockCipher.java \ @@ -269,6 +264,16 @@ org/bouncycastle/crypto/params/KDFParameters.java \ org/bouncycastle/crypto/params/MGFParameters.java \ org/bouncycastle/crypto/params/MQVPrivateParameters.java \ org/bouncycastle/crypto/params/MQVPublicParameters.java \ +org/bouncycastle/crypto/params/NTRUEncryptionKeyGenerationParameters.java \ +org/bouncycastle/crypto/params/NTRUEncryptionKeyParameters.java \ +org/bouncycastle/crypto/params/NTRUEncryptionParameters.java \ +org/bouncycastle/crypto/params/NTRUEncryptionPrivateKeyParameters.java \ +org/bouncycastle/crypto/params/NTRUEncryptionPublicKeyParameters.java \ +org/bouncycastle/crypto/params/NTRUParameters.java \ +org/bouncycastle/crypto/params/NTRUSigningKeyGenerationParameters.java \ +org/bouncycastle/crypto/params/NTRUSigningParameters.java \ +org/bouncycastle/crypto/params/NTRUSigningPrivateKeyParameters.java \ +org/bouncycastle/crypto/params/NTRUSigningPublicKeyParameters.java \ org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java \ org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java \ org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java \ @@ -284,9 +289,49 @@ org/bouncycastle/crypto/signers/GOST3410Signer.java \ org/bouncycastle/crypto/signers/GenericSigner.java \ org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java \ org/bouncycastle/crypto/signers/ISO9796d2Signer.java \ +org/bouncycastle/crypto/signers/NTRUSigner.java \ +org/bouncycastle/crypto/signers/NTRUSignerPrng.java \ org/bouncycastle/crypto/signers/PSSSigner.java \ org/bouncycastle/crypto/signers/package.html \ org/bouncycastle/crypto/util/package.html \ +org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java \ +org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java \ +org/bouncycastle/jcajce/provider/asymmetric/GOST.java \ +org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java \ +org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java \ +org/bouncycastle/jcajce/provider/digest/GOST3411.java \ +org/bouncycastle/jcajce/provider/digest/MD2.java \ +org/bouncycastle/jcajce/provider/digest/MD4.java \ +org/bouncycastle/jcajce/provider/digest/RIPEMD128.java \ +org/bouncycastle/jcajce/provider/digest/RIPEMD160.java \ +org/bouncycastle/jcajce/provider/digest/RIPEMD256.java \ +org/bouncycastle/jcajce/provider/digest/RIPEMD320.java \ +org/bouncycastle/jcajce/provider/digest/SHA224.java \ +org/bouncycastle/jcajce/provider/digest/Tiger.java \ +org/bouncycastle/jcajce/provider/digest/Whirlpool.java \ +org/bouncycastle/jcajce/provider/symmetric/CAST5.java \ +org/bouncycastle/jcajce/provider/symmetric/CAST6.java \ +org/bouncycastle/jcajce/provider/symmetric/Camellia.java \ +org/bouncycastle/jcajce/provider/symmetric/GOST28147.java \ +org/bouncycastle/jcajce/provider/symmetric/Grain128.java \ +org/bouncycastle/jcajce/provider/symmetric/Grainv1.java \ +org/bouncycastle/jcajce/provider/symmetric/HC128.java \ +org/bouncycastle/jcajce/provider/symmetric/HC256.java \ +org/bouncycastle/jcajce/provider/symmetric/IDEA.java \ +org/bouncycastle/jcajce/provider/symmetric/Noekeon.java \ +org/bouncycastle/jcajce/provider/symmetric/RC2.java \ +org/bouncycastle/jcajce/provider/symmetric/RC5.java \ +org/bouncycastle/jcajce/provider/symmetric/RC6.java \ +org/bouncycastle/jcajce/provider/symmetric/Rijndael.java \ +org/bouncycastle/jcajce/provider/symmetric/SEED.java \ +org/bouncycastle/jcajce/provider/symmetric/Salsa20.java \ +org/bouncycastle/jcajce/provider/symmetric/Serpent.java \ +org/bouncycastle/jcajce/provider/symmetric/Skipjack.java \ +org/bouncycastle/jcajce/provider/symmetric/TEA.java \ +org/bouncycastle/jcajce/provider/symmetric/Twofish.java \ +org/bouncycastle/jcajce/provider/symmetric/VMPC.java \ +org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java \ +org/bouncycastle/jcajce/provider/symmetric/XTEA.java \ org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \ org/bouncycastle/jce/ECKeyUtil.java \ org/bouncycastle/jce/ECPointUtil.java \ @@ -313,16 +358,9 @@ org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java \ org/bouncycastle/jce/provider/BrokenPBE.java \ org/bouncycastle/jce/provider/ElGamalUtil.java \ org/bouncycastle/jce/provider/GOST3410Util.java \ -org/bouncycastle/jce/provider/JCEElGamalCipher.java \ org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \ org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \ org/bouncycastle/jce/provider/JCEIESCipher.java \ -org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java \ -org/bouncycastle/jce/provider/JDKGOST3410PrivateKey.java \ -org/bouncycastle/jce/provider/JDKGOST3410PublicKey.java \ -org/bouncycastle/jce/provider/JDKGOST3410Signer.java \ -org/bouncycastle/jce/provider/JDKISOSignature.java \ -org/bouncycastle/jce/provider/JDKPSSSigner.java \ org/bouncycastle/jce/provider/MultiCertStoreSpi.java \ org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java \ org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java \ @@ -340,27 +378,6 @@ org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java \ org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java \ org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java \ org/bouncycastle/jce/provider/X509StoreLDAPCerts.java \ -org/bouncycastle/jce/provider/symmetric/CAST5.java \ -org/bouncycastle/jce/provider/symmetric/CAST6.java \ -org/bouncycastle/jce/provider/symmetric/Camellia.java \ -org/bouncycastle/jce/provider/symmetric/Grain128.java \ -org/bouncycastle/jce/provider/symmetric/Grainv1.java \ -org/bouncycastle/jce/provider/symmetric/HC128.java \ -org/bouncycastle/jce/provider/symmetric/HC256.java \ -org/bouncycastle/jce/provider/symmetric/IDEA.java \ -org/bouncycastle/jce/provider/symmetric/Noekeon.java \ -org/bouncycastle/jce/provider/symmetric/RC5.java \ -org/bouncycastle/jce/provider/symmetric/RC6.java \ -org/bouncycastle/jce/provider/symmetric/Rijndael.java \ -org/bouncycastle/jce/provider/symmetric/SEED.java \ -org/bouncycastle/jce/provider/symmetric/Salsa20.java \ -org/bouncycastle/jce/provider/symmetric/Serpent.java \ -org/bouncycastle/jce/provider/symmetric/Skipjack.java \ -org/bouncycastle/jce/provider/symmetric/TEA.java \ -org/bouncycastle/jce/provider/symmetric/Twofish.java \ -org/bouncycastle/jce/provider/symmetric/VMPC.java \ -org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java \ -org/bouncycastle/jce/provider/symmetric/XTEA.java \ org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java \ org/bouncycastle/jce/spec/ElGamalKeySpec.java \ org/bouncycastle/jce/spec/ElGamalParameterSpec.java \ @@ -378,12 +395,7 @@ org/bouncycastle/jce/spec/MQVPublicKeySpec.java \ org/bouncycastle/jce/spec/package.html \ org/bouncycastle/math/ec/ReferenceMultiplier.java \ org/bouncycastle/math/ec/package.html \ -org/bouncycastle/math/ec/test \ -org/bouncycastle/openssl/PKCS8Generator.java \ -org/bouncycastle/openssl/package.html \ -org/bouncycastle/util/AllTests.java \ org/bouncycastle/util/CollectionStore.java \ -org/bouncycastle/util/IPTest.java \ org/bouncycastle/util/StreamParser.java \ org/bouncycastle/util/StreamParsingException.java \ org/bouncycastle/util/encoders/BufferedDecoder.java \ @@ -394,8 +406,6 @@ org/bouncycastle/util/encoders/UrlBase64.java \ org/bouncycastle/util/encoders/UrlBase64Encoder.java \ org/bouncycastle/util/encoders/package.html \ org/bouncycastle/util/io/TeeInputStream.java \ -org/bouncycastle/util/io/TeeOutputStream.java \ -org/bouncycastle/util/io/pem/AllTests.java \ org/bouncycastle/x509/CertPathReviewerException.java \ org/bouncycastle/x509/CertPathReviewerMessages_de.properties \ org/bouncycastle/x509/NoSuchParserException.java \ diff --git a/bouncycastle.version b/bouncycastle.version index 281f7f5..a9eb1be 100644 --- a/bouncycastle.version +++ b/bouncycastle.version @@ -1,2 +1,2 @@ -BOUNCYCASTLE_JDK=16 -BOUNCYCASTLE_VERSION=146 +BOUNCYCASTLE_JDK=15on +BOUNCYCASTLE_VERSION=147 diff --git a/patches/README b/patches/README index c0f5697..fa4c751 100644 --- a/patches/README +++ b/patches/README @@ -16,7 +16,6 @@ Other performance (both speed and memory) and correctness changes: - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure) - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE} - removed use of Boolean constructor -- DERPrintableString interns its internal String values - DERObjectIdentifier interns its internal String indentifer value - changed uses of 'new Integer' to 'Integer.valueOf' - X509CertificateObject.getEncoded caches its result @@ -29,7 +28,6 @@ Other performance (both speed and memory) and correctness changes: - Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo - Make BouncyCastleProvider.PROVIDER_NAME final - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1 -- Added DSA support to JDKKeyManager.engineGetKeySpec - Fixed CertBlacklist to do a by-value comparison of public keys Other security changes: diff --git a/patches/android.patch b/patches/android.patch index 40a24f8..33df91a 100644 --- a/patches/android.patch +++ b/patches/android.patch @@ -1,23 +1,9 @@ -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java 2012-07-27 18:48:00.011478563 +0000 -@@ -363,7 +363,9 @@ - case BMP_STRING: - return new DERBMPString(bytes); - case BOOLEAN: -- return new ASN1Boolean(bytes); -+ // BEGIN android-changed -+ return DERBoolean.getInstance(bytes); -+ // END android-changed - case ENUMERATED: - return new ASN1Enumerated(bytes); - case GENERALIZED_TIME: -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java 2012-07-27 18:47:59.981477999 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-147/org/bouncycastle/asn1/ASN1Null.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/ASN1Null.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/ASN1Null.java 2012-09-11 00:12:44.000000000 +0000 @@ -8,9 +8,11 @@ public abstract class ASN1Null - extends ASN1Object + extends ASN1Primitive { - public ASN1Null() + // BEGIN android-changed @@ -26,23 +12,23 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk1 } + // END android-changed - public int hashCode() + public static ASN1Null getInstance(Object o) { -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java 2012-07-27 18:47:59.981477999 +0000 -@@ -5,7 +5,9 @@ - public class DERBoolean - extends ASN1Object - { -- byte value; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERBoolean.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERBoolean.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERBoolean.java 2012-09-11 00:12:44.000000000 +0000 +@@ -10,7 +10,9 @@ + private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; + private static final byte[] FALSE_VALUE = new byte[] { 0 }; + +- private byte[] value; + // BEGIN android-changed -+ private final byte value; ++ final private byte[] value; + // END android-changed - public static final DERBoolean FALSE = new DERBoolean(false); - public static final DERBoolean TRUE = new DERBoolean(true); -@@ -35,6 +37,17 @@ + public static final ASN1Boolean FALSE = new ASN1Boolean(false); + public static final ASN1Boolean TRUE = new ASN1Boolean(true); +@@ -46,6 +48,17 @@ return (value ? TRUE : FALSE); } @@ -55,44 +41,25 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jd + { + return (octets[0] != 0) ? TRUE : FALSE; + } -+ // END android-added + ++ // END android-added /** * return a Boolean from a tagged object. * -@@ -56,23 +69,29 @@ - } - else - { -- return new DERBoolean(((ASN1OctetString)o).getOctets()); -+ // BEGIN android-changed -+ return getInstance(((ASN1OctetString)o).getOctets()); -+ // END android-changed +@@ -71,7 +84,9 @@ } } -- public DERBoolean( -- byte[] value) -- { -- if (value.length != 1) -- { -- throw new IllegalArgumentException("byte value should have 1 byte in it"); -- } -- -- this.value = value[0]; -- } -+ // BEGIN android-removed -+ // public DERBoolean( -+ // byte[] value) -+ // { -+ // if (value.length != 1) -+ // { -+ // throw new IllegalArgumentException("byte value should have 1 byte in it"); -+ // } -+ // -+ // this.value = value[0]; -+ // } -+ // END android-removed +- DERBoolean( ++ // BEGIN android-changed ++ protected DERBoolean( ++ // END android-changed + byte[] value) + { + if (value.length != 1) +@@ -93,8 +108,10 @@ + } + } - public DERBoolean( + // BEGIN android-changed @@ -100,19 +67,14 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jd boolean value) + // END android-changed { - this.value = (value) ? (byte)0xff : (byte)0; + this.value = (value) ? TRUE_VALUE : FALSE_VALUE; } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java 2012-07-27 18:47:59.981477999 +0000 -@@ -10,9 +10,13 @@ - { - public static final DERNull INSTANCE = new DERNull(); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERNull.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERNull.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERNull.java 2012-09-11 00:12:44.000000000 +0000 +@@ -12,7 +12,9 @@ -- byte[] zeroBytes = new byte[0]; -+ // BEGIN android-changed -+ private static final byte[] zeroBytes = new byte[0]; -+ // END android-changed + private static final byte[] zeroBytes = new byte[0]; - public DERNull() + // BEGIN android-changed @@ -121,10 +83,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16 { } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-07-27 18:48:00.011478563 +0000 -@@ -110,7 +110,13 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERObjectIdentifier.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-09-11 00:12:44.000000000 +0000 +@@ -117,7 +117,13 @@ } } @@ -139,7 +101,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java } public DERObjectIdentifier( -@@ -121,7 +127,13 @@ +@@ -128,7 +134,13 @@ throw new IllegalArgumentException("string " + identifier + " not an OID"); } @@ -154,59 +116,37 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java } public String getId() -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java 2012-07-27 18:48:00.011478563 +0000 -@@ -9,7 +9,9 @@ - extends ASN1Object - implements DERString +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERPrintableString.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERPrintableString.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERPrintableString.java 2012-09-11 00:12:44.000000000 +0000 +@@ -12,7 +12,9 @@ + extends ASN1Primitive + implements ASN1String { -- String string; +- private byte[] string; + // BEGIN android-changed -+ private final String string; ++ private final byte[] string; + // END android-changed /** * return a printable string from the passed in object. -@@ -65,7 +67,9 @@ - cs[i] = (char)(string[i] & 0xff); - } - -- this.string = new String(cs); -+ // BEGIN android-changed -+ this.string = new String(cs).intern(); -+ // END android-changed - } - - /** -@@ -94,7 +98,9 @@ - throw new IllegalArgumentException("string contains illegal characters"); - } - -- this.string = string; -+ // BEGIN android-changed -+ this.string = string.intern(); -+ // END android-changed - } - - public String getString() -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java 2012-07-27 18:48:00.011478563 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-147/org/bouncycastle/asn1/cms/ContentInfo.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/cms/ContentInfo.java 2012-09-11 00:12:44.000000000 +0000 @@ -12,7 +12,9 @@ public class ContentInfo - extends ASN1Encodable + extends ASN1Object - implements CMSObjectIdentifiers + // BEGIN android-removed + // implements CMSObjectIdentifiers + // END android-removed { private ASN1ObjectIdentifier contentType; - private DEREncodable content; -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2012-07-27 18:48:00.011478563 +0000 + private ASN1Encodable content; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2012-09-11 00:12:44.000000000 +0000 @@ -37,10 +37,13 @@ public static EncryptedPrivateKeyInfo getInstance( Object obj) @@ -219,12 +159,12 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyI return (EncryptedPrivateKeyInfo)obj; } + // END android-changed - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new EncryptedPrivateKeyInfo((ASN1Sequence)obj); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-07-27 18:47:59.981477999 +0000 + return new EncryptedPrivateKeyInfo(ASN1Sequence.getInstance(obj)); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-09-11 00:12:44.000000000 +0000 @@ -10,8 +10,10 @@ // static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); @@ -280,9 +220,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifier static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9"); static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10"); static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11"); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2012-07-27 18:47:59.981477999 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2012-09-11 00:12:44.000000000 +0000 @@ -19,7 +19,9 @@ private AlgorithmIdentifier maskGenAlgorithm; private AlgorithmIdentifier pSourceAlgorithm; @@ -294,24 +234,24 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0])); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2012-07-27 18:47:59.981477999 +0000 -@@ -20,7 +20,9 @@ - private DERInteger saltLength; - private DERInteger trailerField; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2012-09-11 00:12:44.000000000 +0000 +@@ -22,7 +22,9 @@ + private ASN1Integer saltLength; + private ASN1Integer trailerField; - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); + // BEGIN android-changed + public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); + // END android-changed public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); - public final static DERInteger DEFAULT_SALT_LENGTH = new DERInteger(20); - public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java 2012-07-27 18:48:00.011478563 +0000 -@@ -79,7 +79,9 @@ + public final static ASN1Integer DEFAULT_SALT_LENGTH = new ASN1Integer(20); + public final static ASN1Integer DEFAULT_TRAILER_FIELD = new ASN1Integer(1); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk15on-147/org/bouncycastle/asn1/util/ASN1Dump.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/util/ASN1Dump.java 2012-09-11 00:12:44.000000000 +0000 +@@ -78,7 +78,9 @@ { Object o = e.nextElement(); @@ -322,10 +262,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov { buf.append(tab); buf.append("NULL"); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java 2012-07-27 18:48:00.011478563 +0000 -@@ -45,7 +45,7 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AttCertIssuer.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AttCertIssuer.java 2012-09-11 00:12:44.000000000 +0000 +@@ -46,7 +46,7 @@ ASN1TaggedObject obj, boolean explicit) { @@ -334,32 +274,57 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java b } /** -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java 2012-07-27 18:48:00.011478563 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2012-09-11 00:12:44.000000000 +0000 +@@ -14,7 +14,9 @@ + import org.bouncycastle.asn1.DERSequence; + import org.bouncycastle.asn1.DERTaggedObject; + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + + /** + * The AuthorityKeyIdentifier object. +@@ -101,7 +103,9 @@ + public AuthorityKeyIdentifier( + SubjectPublicKeyInfo spki) + { +- Digest digest = new SHA1Digest(); ++ // BEGIN android-changed ++ Digest digest = new OpenSSLDigest.SHA1(); ++ // END android-changed + byte[] resBuf = new byte[digest.getDigestSize()]; + + byte[] bytes = spki.getPublicKeyData().getBytes(); +@@ -119,7 +123,9 @@ + GeneralNames name, + BigInteger serialNumber) + { +- Digest digest = new SHA1Digest(); ++ // BEGIN android-changed ++ Digest digest = new OpenSSLDigest.SHA1(); ++ // END android-changed + byte[] resBuf = new byte[digest.getDigestSize()]; + + byte[] bytes = spki.getPublicKeyData().getBytes(); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/BasicConstraints.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/BasicConstraints.java 2012-09-11 00:12:44.000000000 +0000 @@ -14,7 +14,9 @@ public class BasicConstraints - extends ASN1Encodable + extends ASN1Object { - DERBoolean cA = new DERBoolean(false); + // BEGIN android-changed + DERBoolean cA = DERBoolean.FALSE; + // END android-changed - DERInteger pathLenConstraint = null; + ASN1Integer pathLenConstraint = null; public static BasicConstraints getInstance( -@@ -89,7 +91,9 @@ - { - if (cA) - { -- this.cA = new DERBoolean(cA); -+ // BEGIN android-changed -+ this.cA = DERBoolean.getInstance(cA); -+ // END android-changed - this.pathLenConstraint = new DERInteger(pathLenConstraint); - } - else -@@ -104,7 +108,9 @@ +@@ -81,7 +83,9 @@ { if (cA) { @@ -370,7 +335,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.jav } else { -@@ -121,7 +127,9 @@ +@@ -98,7 +102,9 @@ public BasicConstraints( int pathLenConstraint) { @@ -378,12 +343,26 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.jav + // BEGIN android-changed + this.cA = DERBoolean.TRUE; + // END android-changed - this.pathLenConstraint = new DERInteger(pathLenConstraint); + this.pathLenConstraint = new ASN1Integer(pathLenConstraint); } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2012-07-27 18:48:00.011478563 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/CRLReason.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/CRLReason.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/CRLReason.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/CRLReason.java 2012-09-11 00:12:44.000000000 +0000 +@@ -138,7 +138,9 @@ + + public static CRLReason lookup(int value) + { +- Integer idx = new Integer(value); ++ // BEGIN android-changed ++ Integer idx = Integer.valueOf(value); ++ // END android-changed + + if (!table.containsKey(idx)) + { +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2012-09-11 00:12:44.000000000 +0000 @@ -96,11 +96,15 @@ } if (onlyContainsUserCerts) @@ -420,10 +399,35 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionP } seq = new DERSequence(vec); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java 2012-07-27 18:48:00.011478563 +0000 -@@ -400,7 +400,9 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2012-09-11 00:12:44.000000000 +0000 +@@ -6,7 +6,9 @@ + import org.bouncycastle.asn1.ASN1TaggedObject; + import org.bouncycastle.asn1.DEROctetString; + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + + /** + * The SubjectKeyIdentifier object. +@@ -119,7 +121,9 @@ + + private static byte[] getDigest(SubjectPublicKeyInfo spki) + { +- Digest digest = new SHA1Digest(); ++ // BEGIN android-changed ++ Digest digest = new OpenSSLDigest.SHA1(); ++ // END android-changed + byte[] resBuf = new byte[digest.getDigestSize()]; + + byte[] bytes = spki.getPublicKeyData().getBytes(); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Extensions.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Extensions.java 2012-09-11 00:12:44.000000000 +0000 +@@ -408,7 +408,9 @@ if (ext.isCritical()) { @@ -434,10 +438,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java } v.add(ext.getValue()); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java 2012-07-27 18:48:00.011478563 +0000 -@@ -249,8 +249,10 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Name.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Name.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Name.java 2012-09-11 00:12:44.000000000 +0000 +@@ -255,8 +255,10 @@ */ public static final Hashtable SymbolLookUp = DefaultLookUp; @@ -450,9 +454,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov static { -@@ -432,7 +434,9 @@ - { - values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); +@@ -445,7 +447,9 @@ + throw new IllegalArgumentException("cannot encode value"); + } } - added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility + // BEGIN android-changed @@ -461,7 +465,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov } } } -@@ -689,7 +693,9 @@ +@@ -702,7 +706,9 @@ if (index == -1) { @@ -472,9 +476,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov } String name = token.substring(0, index); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java ---- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-07-27 18:48:00.011478563 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509NameTokenizer.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-09-11 00:12:44.000000000 +0000 @@ -58,6 +58,17 @@ } else @@ -493,16 +497,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.ja buf.append(c); } escaped = false; -@@ -96,4 +107,4 @@ - index = end; - return buf.toString().trim(); - } --} -+} -\ No newline at end of file -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java 2012-07-27 18:48:00.021478751 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/PBEParametersGenerator.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/PBEParametersGenerator.java 2012-09-11 00:12:44.000000000 +0000 @@ -136,7 +136,8 @@ public static byte[] PKCS12PasswordToBytes( char[] password) @@ -520,9 +517,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator. + // END android-changed } } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2012-07-27 18:48:00.021478751 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/OpenSSLDigest.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2012-09-11 00:12:44.000000000 +0000 @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2008 The Android Open Source Project @@ -683,19 +680,75 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.j + public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); } + } +} -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java 2012-07-27 18:48:00.011478563 +0000 -@@ -313,4 +313,4 @@ - out[outOff + 6] = (byte)x76; - out[outOff + 7] = (byte)(x76 >> 8); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/OAEPEncoding.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2012-09-11 00:12:44.000000000 +0000 +@@ -4,7 +4,9 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.InvalidCipherTextException; +-import org.bouncycastle.crypto.digests.SHA1Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + import org.bouncycastle.crypto.params.ParametersWithRandom; + + import java.security.SecureRandom; +@@ -26,7 +28,9 @@ + public OAEPEncoding( + AsymmetricBlockCipher cipher) + { +- this(cipher, new SHA1Digest(), null); ++ // BEGIN android-changed ++ this(cipher, new OpenSSLDigest.SHA1(), null); ++ // END android-changed } --} -+} -\ No newline at end of file -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-07-27 18:48:00.021478751 +0000 + + public OAEPEncoding( +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/PKCS1Encoding.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2012-09-11 00:12:44.000000000 +0000 +@@ -206,6 +206,12 @@ + { + throw new InvalidCipherTextException("unknown block type"); + } ++ // BEGIN android-added ++ if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey)) ++ { ++ throw new InvalidCipherTextException("invalid block type " + type); ++ } ++ // END android-added + + if (useStrictLength && block.length != engine.getOutputBlockSize()) + { +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-147/org/bouncycastle/crypto/engines/DESedeWrapEngine.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-09-11 00:12:44.000000000 +0000 +@@ -6,7 +6,9 @@ + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.InvalidCipherTextException; + import org.bouncycastle.crypto.Wrapper; +-import org.bouncycastle.crypto.digests.SHA1Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; +@@ -52,7 +54,9 @@ + // + // checksum digest + // +- Digest sha1 = new SHA1Digest(); ++ // BEGIN android-changed ++ Digest sha1 = new OpenSSLDigest.SHA1(); ++ // END android-changed + byte[] digest = new byte[20]; + + /** +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DHParametersHelper.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-09-11 00:12:44.000000000 +0000 @@ -3,10 +3,17 @@ import java.math.BigInteger; import java.security.SecureRandom; @@ -746,16 +799,102 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParameters return new BigInteger[] { p, q }; } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java 2012-07-27 18:48:00.021478751 +0000 -@@ -32,23 +32,23 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2012-09-11 00:12:44.000000000 +0000 +@@ -1,8 +1,9 @@ + package org.bouncycastle.crypto.generators; + + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + import org.bouncycastle.crypto.params.DSAParameters; + import org.bouncycastle.crypto.params.DSAValidationParameters; + import org.bouncycastle.util.Arrays; +@@ -75,7 +76,9 @@ + byte[] part1 = new byte[20]; + byte[] part2 = new byte[20]; + byte[] u = new byte[20]; +- SHA1Digest sha1 = new SHA1Digest(); ++ // BEGIN android-changed ++ Digest sha1 = new OpenSSLDigest.SHA1(); ++ // END android-changed + int n = (L - 1) / 160; + byte[] w = new byte[L / 8]; + +@@ -166,7 +169,9 @@ + { + // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function + // FIXME This should be configurable (digest size in bits must be >= N) +- Digest d = new SHA256Digest(); ++ // BEGIN android-changed ++ Digest d = new OpenSSLDigest.SHA256(); ++ // END android-changed + int outlen = d.getDigestSize() * 8; + + // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-09-11 00:12:44.000000000 +0000 +@@ -3,7 +3,9 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.PBEParametersGenerator; +-import org.bouncycastle.crypto.digests.MD5Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; + +@@ -17,7 +19,9 @@ + public class OpenSSLPBEParametersGenerator + extends PBEParametersGenerator + { +- private Digest digest = new MD5Digest(); ++ // BEGIN android-changed ++ private Digest digest = new OpenSSLDigest.MD5(); ++ // END android-changed + + /** + * Construct a OpenSSL Parameters generator. +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2012-09-11 00:12:44.000000000 +0000 +@@ -4,7 +4,9 @@ + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.Mac; + import org.bouncycastle.crypto.PBEParametersGenerator; +-import org.bouncycastle.crypto.digests.SHA1Digest; ++// BEGIN android-changed ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-changed + import org.bouncycastle.crypto.macs.HMac; + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; +@@ -27,7 +29,9 @@ + */ + public PKCS5S2ParametersGenerator() + { +- this(new SHA1Digest()); ++ // BEGIN android-changed ++ this(new OpenSSLDigest.SHA1()); ++ // END android-changed + } + + public PKCS5S2ParametersGenerator(Digest digest) +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-147/org/bouncycastle/crypto/macs/HMac.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/macs/HMac.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/macs/HMac.java 2012-09-11 00:12:44.000000000 +0000 +@@ -32,23 +32,31 @@ { blockLengths = new Hashtable(); - blockLengths.put("GOST3411", new Integer(32)); -+ blockLengths.put("GOST3411", Integer.valueOf(32)); - +- - blockLengths.put("MD2", new Integer(16)); - blockLengths.put("MD4", new Integer(64)); - blockLengths.put("MD5", new Integer(64)); @@ -768,30 +907,59 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-j - blockLengths.put("SHA-256", new Integer(64)); - blockLengths.put("SHA-384", new Integer(128)); - blockLengths.put("SHA-512", new Integer(128)); -+ blockLengths.put("MD2", Integer.valueOf(16)); -+ blockLengths.put("MD4", Integer.valueOf(64)); +- +- blockLengths.put("Tiger", new Integer(64)); +- blockLengths.put("Whirlpool", new Integer(64)); ++ // BEGIN android-removed ++ // blockLengths.put("GOST3411", Integer.valueOf(32)); ++ // ++ // blockLengths.put("MD2", Integer.valueOf(16)); ++ // blockLengths.put("MD4", Integer.valueOf(64)); ++ // END android-removed + blockLengths.put("MD5", Integer.valueOf(64)); + -+ blockLengths.put("RIPEMD128", Integer.valueOf(64)); -+ blockLengths.put("RIPEMD160", Integer.valueOf(64)); ++ // BEGIN android-removed ++ // blockLengths.put("RIPEMD128", Integer.valueOf(64)); ++ // blockLengths.put("RIPEMD160", Integer.valueOf(64)); ++ // END android-removed + + blockLengths.put("SHA-1", Integer.valueOf(64)); -+ blockLengths.put("SHA-224", Integer.valueOf(64)); ++ // BEGIN android-removed ++ // blockLengths.put("SHA-224", Integer.valueOf(64)); ++ // END android-removed + blockLengths.put("SHA-256", Integer.valueOf(64)); + blockLengths.put("SHA-384", Integer.valueOf(128)); + blockLengths.put("SHA-512", Integer.valueOf(128)); - -- blockLengths.put("Tiger", new Integer(64)); -- blockLengths.put("Whirlpool", new Integer(64)); -+ blockLengths.put("Tiger", Integer.valueOf(64)); -+ blockLengths.put("Whirlpool", Integer.valueOf(64)); ++ ++ // BEGIN android-removed ++ // blockLengths.put("Tiger", Integer.valueOf(64)); ++ // blockLengths.put("Whirlpool", Integer.valueOf(64)); ++ // END android-removed } private static int getByteLength( -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-07-27 18:48:00.021478751 +0000 -@@ -46,8 +46,10 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-147/org/bouncycastle/crypto/signers/RSADigestSigner.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-09-11 00:12:44.000000000 +0000 +@@ -39,18 +39,24 @@ + */ + static + { +- oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); +- oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); +- oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); ++ // BEGIN android-removed ++ // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); ++ // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); ++ // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); ++ // END android-removed + + oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1); +- oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); ++ // BEGIN android-removed ++ // oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); ++ // END android-removed + oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256); oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384); oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512); @@ -804,12 +972,12 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner oidMap.put("MD5", PKCSObjectIdentifiers.md5); } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-07-27 18:48:00.031478939 +0000 -@@ -12,7 +12,9 @@ - import org.bouncycastle.asn1.DERObject; - import org.bouncycastle.asn1.DERObjectIdentifier; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/util/PrivateKeyFactory.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-09-11 00:12:44.000000000 +0000 +@@ -11,7 +11,9 @@ + import org.bouncycastle.asn1.ASN1Sequence; + import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.oiw.ElGamalParameter; +// BEGIN android-removed @@ -818,9 +986,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory. import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.DHParameter; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -@@ -20,7 +22,9 @@ - import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; - import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; +@@ -19,7 +21,9 @@ + import org.bouncycastle.asn1.pkcs.RSAPrivateKey; + import org.bouncycastle.asn1.sec.ECPrivateKey; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed @@ -829,7 +997,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory. import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DSAParameter; import org.bouncycastle.asn1.x9.X962NamedCurves; -@@ -34,8 +38,10 @@ +@@ -33,8 +37,10 @@ import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; @@ -842,55 +1010,53 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory. import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; /** -@@ -103,15 +109,17 @@ +@@ -100,14 +106,16 @@ return new DHPrivateKeyParameters(derX.getValue(), dhParams); } -- else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) +- else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) - { -- ElGamalParameter params = new ElGamalParameter( -- (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); -- DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); +- ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); +- DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); - - return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( - params.getP(), params.getG())); - } + // BEGIN android-removed -+ // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) ++ // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) + // { -+ // ElGamalParameter params = new ElGamalParameter( -+ // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); -+ // DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); ++ // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); ++ // DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); + // + // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( + // params.getP(), params.getG())); + // } + // END android-removed - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)) { - DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); -@@ -145,10 +153,12 @@ + DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); +@@ -140,10 +148,12 @@ { - ecP = NISTNamedCurves.getByOID(oid); + x9 = NISTNamedCurves.getByOID(oid); -- if (ecP == null) +- if (x9 == null) - { -- ecP = TeleTrusTNamedCurves.getByOID(oid); +- x9 = TeleTrusTNamedCurves.getByOID(oid); - } + // BEGIN android-removed -+ // if (ecP == null) ++ // if (x9 == null) + // { -+ // ecP = TeleTrusTNamedCurves.getByOID(oid); ++ // x9 = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed } } - -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java ---- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-07-27 18:48:00.031478939 +0000 -@@ -15,12 +15,16 @@ - import org.bouncycastle.asn1.DERObjectIdentifier; + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/util/PublicKeyFactory.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-09-11 00:12:44.000000000 +0000 +@@ -13,13 +13,17 @@ + import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.oiw.ElGamalParameter; @@ -900,6 +1066,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.j import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.DHParameter; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.RSAPublicKey; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed @@ -907,8 +1074,8 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.j +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DSAParameter; - import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; -@@ -42,8 +46,10 @@ + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +@@ -40,8 +44,10 @@ import org.bouncycastle.crypto.params.DSAPublicKeyParameters; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; @@ -921,55 +1088,4665 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.j import org.bouncycastle.crypto.params.RSAKeyParameters; /** -@@ -139,15 +145,17 @@ +@@ -135,14 +141,16 @@ return new DHPublicKeyParameters(derY.getValue(), dhParams); } -- else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) +- else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) - { -- ElGamalParameter params = new ElGamalParameter( -- (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); -- DERInteger derY = (DERInteger)keyInfo.getPublicKey(); +- ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); +- DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); - - return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( - params.getP(), params.getG())); - } + // BEGIN android-removed -+ // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) ++ // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) + // { -+ // ElGamalParameter params = new ElGamalParameter( -+ // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); -+ // DERInteger derY = (DERInteger)keyInfo.getPublicKey(); ++ // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); ++ // DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); + // + // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( + // params.getP(), params.getG())); + // } + // END android-removed - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa) - || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa) + || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1)) { -@@ -182,10 +190,12 @@ +@@ -177,10 +185,12 @@ { - ecP = NISTNamedCurves.getByOID(oid); + x9 = NISTNamedCurves.getByOID(oid); -- if (ecP == null) +- if (x9 == null) - { -- ecP = TeleTrusTNamedCurves.getByOID(oid); +- x9 = TeleTrusTNamedCurves.getByOID(oid); - } + // BEGIN android-removed -+ // if (ecP == null) ++ // if (x9 == null) + // { -+ // ecP = TeleTrusTNamedCurves.getByOID(oid); ++ // x9 = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed } } + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2012-09-11 00:12:44.000000000 +0000 +@@ -27,26 +27,34 @@ + provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); + provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); + +- provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA"); ++ // BEGIN android-changed ++ provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA"); ++ // END android-changed + provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA"); + + provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); + +- addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); +- addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); +- addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); +- addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); +- +- provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); ++ // BEGIN android-removed ++ // addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); ++ // addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); ++ // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); ++ // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); ++ // END android-removed ++ ++ // BEGIN android-added ++ provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA"); ++ // END android-added ++ // BEGIN android-changed ++ provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); ++ provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); ++ // END android-changed + + AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); + +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/EC.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2012-09-11 00:12:44.000000000 +0000 +@@ -1,7 +1,9 @@ + package org.bouncycastle.jcajce.provider.asymmetric; + +-import org.bouncycastle.asn1.eac.EACObjectIdentifiers; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +@@ -21,33 +23,43 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH"); +- provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); +- provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); +- provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); +- provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); ++ // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); ++ // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); ++ // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); ++ // END android-removed + + registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC()); + // TODO Should this be an alias for ECDH? + registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC()); +- registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); +- +- registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); +- // TODO Should this be an alias for ECDH? +- registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); +- registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); ++ // BEGIN android-removed ++ // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); ++ // END android-removed ++ ++ // BEGIN android-removed ++ // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); ++ // // TODO Should this be an alias for ECDH? ++ // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); ++ // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); ++ // END android-removed -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java 2012-07-27 18:48:00.031478939 +0000 + provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC"); +- provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); +- provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); +- provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); +- provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); ++ // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); ++ // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); ++ // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); ++ // END android-removed + + provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC"); +- provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); +- provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); +- provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); +- provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); +- provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); ++ // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); ++ // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); ++ // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); ++ // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); ++ // END android-removed + + provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); + provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); +@@ -59,23 +71,29 @@ + provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); +- provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); +- +- addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); ++ // END android-removed ++ ++ // BEGIN android-removed ++ // addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // END android-removed + addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); + addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); + addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); +- addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); +- +- provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); +- provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); +- provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); +- provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); +- provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); +- +- addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); +- addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); +- addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); ++ // BEGIN android-removed ++ // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); ++ // ++ // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); ++ // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); ++ // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); ++ // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); ++ // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); ++ // ++ // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); ++ // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); ++ // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); ++ // END android-removed + } + } + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/RSA.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2012-09-11 00:12:44.000000000 +0000 @@ -3,7 +3,9 @@ + import org.bouncycastle.asn1.ASN1ObjectIdentifier; + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; + import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +@@ -24,41 +26,49 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP"); +- provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); +- +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); +- +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); +- +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); ++ // ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); ++ // ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); ++ // ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); ++ // END android-removed + + provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); +- provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding"); +- provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); +- provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); +- provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); +- provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); +- provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); +- provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); +- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); +- provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); ++ // BEGIN android-changed ++ provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA"); ++ // END android-changed ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); ++ // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); ++ // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); ++ // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); ++ // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); ++ // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); ++ // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); ++ // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA"); + provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); +- provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); +- provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); +- provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); ++ // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); ++ // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); ++ // END android-removed + + provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi"); + provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi"); +@@ -68,101 +78,111 @@ + registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact); + registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact); + registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact); +- registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); +- +- registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); +- registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); +- registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); +- registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); +- +- +- provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); +- provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); +- provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); +- +- provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); +- provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); +- provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); +- provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); +- +- provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); +- provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); +- +- provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); +- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); +- provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); +- +- +- provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS"); +- +- if (provider.hasAlgorithm("MessageDigest", "MD2")) +- { +- addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); +- } +- +- if (provider.hasAlgorithm("MessageDigest", "MD2")) +- { +- addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); +- } +- +- if (provider.hasAlgorithm("MessageDigest", "MD2")) +- { +- addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); +- provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); +- provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); +- } ++ // BEGIN android-removed ++ // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); ++ // ++ // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); ++ // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); ++ // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); ++ // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); ++ // ++ // ++ // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); ++ // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); ++ // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); ++ // ++ // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); ++ // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); ++ // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); ++ // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); ++ // ++ // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); ++ // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); ++ // ++ // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); ++ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); ++ // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); ++ // ++ // ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS"); ++ // ++ // if (provider.hasAlgorithm("MessageDigest", "MD2")) ++ // { ++ // addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); ++ // } ++ // ++ // if (provider.hasAlgorithm("MessageDigest", "MD2")) ++ // { ++ // addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); ++ // } ++ // ++ // if (provider.hasAlgorithm("MessageDigest", "MD2")) ++ // { ++ // addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); ++ // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); ++ // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); ++ // } ++ // END android-removed + + if (provider.hasAlgorithm("MessageDigest", "SHA1")) + { +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); +- provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); ++ // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); ++ // END android-removed + + addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption); + +- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); +- provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); ++ // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); + provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); + } + +- addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); ++ // BEGIN android-removed ++ // addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); ++ // END android-removed + addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption); + addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption); + addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption); + +- if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) +- { +- addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); +- addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); +- } +- +- if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) +- { +- addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); +- addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); +- provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); +- provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); +- } +- +- if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) +- { +- addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); +- addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); +- } ++ // BEGIN android-removed ++ // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) ++ // { ++ // addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); ++ // addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); ++ // } ++ // ++ // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) ++ // { ++ // addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); ++ // addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); ++ // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); ++ // provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); ++ // } ++ // ++ // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) ++ // { ++ // addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); ++ // addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); ++ // } ++ // END android-removed + } + + private void addDigestSignature( +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/X509.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-09-11 00:12:44.000000000 +0000 +@@ -18,8 +18,10 @@ + + public void configure(ConfigurableProvider provider) + { +- provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); +- provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); ++ // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); ++ // END android-removed + + // + // certificate factories. +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -35,10 +35,12 @@ + + static + { +- Integer i64 = new Integer(64); +- Integer i192 = new Integer(192); +- Integer i128 = new Integer(128); +- Integer i256 = new Integer(256); ++ // BEGIN android-changed ++ Integer i64 = Integer.valueOf(64); ++ Integer i192 = Integer.valueOf(192); ++ Integer i128 = Integer.valueOf(128); ++ Integer i256 = Integer.valueOf(256); ++ // END android-changed + + algorithms.put("DES", i64); + algorithms.put("DESEDE", i192); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -63,7 +63,9 @@ + { + if (!initialised) + { +- Integer paramStrength = new Integer(strength); ++ // BEGIN android-changed ++ Integer paramStrength = Integer.valueOf(strength); ++ // END android-changed + + if (params.containsKey(paramStrength)) + { +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2012-09-11 00:12:44.000000000 +0000 +@@ -23,11 +23,16 @@ + import org.bouncycastle.crypto.DSA; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.digests.NullDigest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA224Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; ++// END android-removed + import org.bouncycastle.crypto.params.ParametersWithRandom; + + public class DSASigner +@@ -228,45 +233,49 @@ + { + public stdDSA() + { +- super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner()); ++ // BEGIN android-changed ++ super(new OpenSSLDigest.SHA1(), new org.bouncycastle.crypto.signers.DSASigner()); ++ // END android-changed + } + } + +- static public class dsa224 +- extends DSASigner +- { +- public dsa224() +- { +- super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); +- } +- } +- +- static public class dsa256 +- extends DSASigner +- { +- public dsa256() +- { +- super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); +- } +- } +- +- static public class dsa384 +- extends DSASigner +- { +- public dsa384() +- { +- super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); +- } +- } +- +- static public class dsa512 +- extends DSASigner +- { +- public dsa512() +- { +- super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); +- } +- } ++ // BEGIN android-removed ++ // static public class dsa224 ++ // extends DSASigner ++ // { ++ // public dsa224() ++ // { ++ // super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); ++ // } ++ // } ++ // ++ // static public class dsa256 ++ // extends DSASigner ++ // { ++ // public dsa256() ++ // { ++ // super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); ++ // } ++ // } ++ // ++ // static public class dsa384 ++ // extends DSASigner ++ // { ++ // public dsa384() ++ // { ++ // super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); ++ // } ++ // } ++ // ++ // static public class dsa512 ++ // extends DSASigner ++ // { ++ // public dsa512() ++ // { ++ // super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); ++ // } ++ // } ++ // END android-removed + + static public class noneDSA + extends DSASigner +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -20,7 +20,9 @@ + import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; + import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// END android-removed + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +@@ -222,21 +224,23 @@ + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); + X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); + +- if (ecP == null) // GOST Curve +- { +- ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); +- EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); +- +- ecSpec = new ECNamedCurveSpec( +- ECGOST3410NamedCurves.getName(oid), +- ellipticCurve, +- new ECPoint( +- gParam.getG().getX().toBigInteger(), +- gParam.getG().getY().toBigInteger()), +- gParam.getN(), +- gParam.getH()); +- } +- else ++ // BEGIN android-removed ++ // if (ecP == null) // GOST Curve ++ // { ++ // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); ++ // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); ++ // ++ // ecSpec = new ECNamedCurveSpec( ++ // ECGOST3410NamedCurves.getName(oid), ++ // ellipticCurve, ++ // new ECPoint( ++ // gParam.getG().getX().toBigInteger(), ++ // gParam.getG().getY().toBigInteger()), ++ // gParam.getN(), ++ // gParam.getH()); ++ // } ++ // else ++ // END android-removed + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2012-09-11 00:12:44.000000000 +0000 +@@ -5,10 +5,14 @@ + import java.security.PublicKey; + + import org.bouncycastle.asn1.ASN1ObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// END android-removed + import org.bouncycastle.asn1.nist.NISTNamedCurves; + import org.bouncycastle.asn1.sec.SECNamedCurves; +-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// END android-removed + import org.bouncycastle.asn1.x9.X962NamedCurves; + import org.bouncycastle.asn1.x9.X9ECParameters; + import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +@@ -166,14 +170,16 @@ + { + oid = NISTNamedCurves.getOID(name); + } +- if (oid == null) +- { +- oid = TeleTrusTNamedCurves.getOID(name); +- } +- if (oid == null) +- { +- oid = ECGOST3410NamedCurves.getOID(name); +- } ++ // BEGIN android-removed ++ // if (oid == null) ++ // { ++ // oid = TeleTrusTNamedCurves.getOID(name); ++ // } ++ // if (oid == null) ++ // { ++ // oid = ECGOST3410NamedCurves.getOID(name); ++ // } ++ // END android-removed + } + + return oid; +@@ -191,10 +197,12 @@ + { + params = NISTNamedCurves.getByOID(oid); + } +- if (params == null) +- { +- params = TeleTrusTNamedCurves.getByOID(oid); +- } ++ // BEGIN android-removed ++ // if (params == null) ++ // { ++ // params = TeleTrusTNamedCurves.getByOID(oid); ++ // } ++ // END android-removed + } + + return params; +@@ -212,14 +220,16 @@ + { + name = NISTNamedCurves.getName(oid); + } +- if (name == null) +- { +- name = TeleTrusTNamedCurves.getName(oid); +- } +- if (name == null) +- { +- name = ECGOST3410NamedCurves.getName(oid); +- } ++ // BEGIN android-removed ++ // if (name == null) ++ // { ++ // name = TeleTrusTNamedCurves.getName(oid); ++ // } ++ // if (name == null) ++ // { ++ // name = ECGOST3410NamedCurves.getName(oid); ++ // } ++ // END android-removed + } + + return name; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -23,20 +23,26 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.DerivationFunction; + import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; +-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; +-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; +-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; +-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; ++// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; ++// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; ++// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.params.ECDomainParameters; + import org.bouncycastle.crypto.params.ECPrivateKeyParameters; + import org.bouncycastle.crypto.params.ECPublicKeyParameters; +-import org.bouncycastle.crypto.params.MQVPrivateParameters; +-import org.bouncycastle.crypto.params.MQVPublicParameters; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.MQVPrivateParameters; ++// import org.bouncycastle.crypto.params.MQVPublicParameters; ++// END android-removed + import org.bouncycastle.jce.interfaces.ECPrivateKey; + import org.bouncycastle.jce.interfaces.ECPublicKey; +-import org.bouncycastle.jce.interfaces.MQVPrivateKey; +-import org.bouncycastle.jce.interfaces.MQVPublicKey; ++// BEGIN android-removed ++// import org.bouncycastle.jce.interfaces.MQVPrivateKey; ++// import org.bouncycastle.jce.interfaces.MQVPublicKey; ++// END android-removed + + /** + * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363 +@@ -52,9 +58,11 @@ + + static + { +- Integer i128 = new Integer(128); +- Integer i192 = new Integer(192); +- Integer i256 = new Integer(256); ++ // BEGIN android-changed ++ Integer i128 = Integer.valueOf(128); ++ Integer i192 = Integer.valueOf(192); ++ Integer i256 = Integer.valueOf(256); ++ // END android-changed + + algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128); + algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192); +@@ -69,7 +77,9 @@ + private BigInteger result; + private ECDomainParameters parameters; + private BasicAgreement agreement; +- private DerivationFunction kdf; ++ // BEGIN android-removed ++ // private DerivationFunction kdf; ++ // END android-removed + + private byte[] bigIntToBytes( + BigInteger r) +@@ -84,7 +94,9 @@ + { + this.kaAlgorithm = kaAlgorithm; + this.agreement = agreement; +- this.kdf = kdf; ++ // BEGIN android-removed ++ // this.kdf = kdf; ++ // END android-removed + } + + protected Key engineDoPhase( +@@ -103,25 +115,27 @@ + } + + CipherParameters pubKey; +- if (agreement instanceof ECMQVBasicAgreement) +- { +- if (!(key instanceof MQVPublicKey)) +- { +- throw new InvalidKeyException(kaAlgorithm + " key agreement requires " +- + getSimpleName(MQVPublicKey.class) + " for doPhase"); +- } +- +- MQVPublicKey mqvPubKey = (MQVPublicKey)key; +- ECPublicKeyParameters staticKey = (ECPublicKeyParameters) +- ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); +- ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) +- ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); +- +- pubKey = new MQVPublicParameters(staticKey, ephemKey); +- +- // TODO Validate that all the keys are using the same parameters? +- } +- else ++ // BEGIN android-removed ++ // if (agreement instanceof ECMQVBasicAgreement) ++ // { ++ // if (!(key instanceof MQVPublicKey)) ++ // { ++ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " ++ // + getSimpleName(MQVPublicKey.class) + " for doPhase"); ++ // } ++ // ++ // MQVPublicKey mqvPubKey = (MQVPublicKey)key; ++ // ECPublicKeyParameters staticKey = (ECPublicKeyParameters) ++ // ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); ++ // ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) ++ // ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); ++ // ++ // pubKey = new MQVPublicParameters(staticKey, ephemKey); ++ // ++ // // TODO Validate that all the keys are using the same parameters? ++ // } ++ // else ++ // END android-removed + { + if (!(key instanceof ECPublicKey)) + { +@@ -142,11 +156,13 @@ + protected byte[] engineGenerateSecret() + throws IllegalStateException + { +- if (kdf != null) +- { +- throw new UnsupportedOperationException( +- "KDF can only be used when algorithm is known"); +- } ++ // BEGIN android-removed ++ // if (kdf != null) ++ // { ++ // throw new UnsupportedOperationException( ++ // "KDF can only be used when algorithm is known"); ++ // } ++ // END android-removed + + return bigIntToBytes(result); + } +@@ -174,23 +190,25 @@ + { + byte[] secret = bigIntToBytes(result); + +- if (kdf != null) +- { +- if (!algorithms.containsKey(algorithm)) +- { +- throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); +- } +- +- int keySize = ((Integer)algorithms.get(algorithm)).intValue(); +- +- DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); +- +- byte[] keyBytes = new byte[keySize / 8]; +- kdf.init(params); +- kdf.generateBytes(keyBytes, 0, keyBytes.length); +- secret = keyBytes; +- } +- else ++ // BEGIN android-removed ++ // if (kdf != null) ++ // { ++ // if (!algorithms.containsKey(algorithm)) ++ // { ++ // throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); ++ // } ++ // ++ // int keySize = ((Integer)algorithms.get(algorithm)).intValue(); ++ // ++ // DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); ++ // ++ // byte[] keyBytes = new byte[keySize / 8]; ++ // kdf.init(params); ++ // kdf.generateBytes(keyBytes, 0, keyBytes.length); ++ // secret = keyBytes; ++ // } ++ // else ++ // END android-removed + { + // TODO Should we be ensuring the key is the right length? + } +@@ -218,35 +236,37 @@ + private void initFromKey(Key key) + throws InvalidKeyException + { +- if (agreement instanceof ECMQVBasicAgreement) +- { +- if (!(key instanceof MQVPrivateKey)) +- { +- throw new InvalidKeyException(kaAlgorithm + " key agreement requires " +- + getSimpleName(MQVPrivateKey.class) + " for initialisation"); +- } +- +- MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; +- ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) +- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); +- ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) +- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); +- +- ECPublicKeyParameters ephemPubKey = null; +- if (mqvPrivKey.getEphemeralPublicKey() != null) +- { +- ephemPubKey = (ECPublicKeyParameters) +- ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); +- } +- +- MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); +- this.parameters = staticPrivKey.getParameters(); +- +- // TODO Validate that all the keys are using the same parameters? +- +- agreement.init(localParams); +- } +- else ++ // BEGIN android-removed ++ // if (agreement instanceof ECMQVBasicAgreement) ++ // { ++ // if (!(key instanceof MQVPrivateKey)) ++ // { ++ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " ++ // + getSimpleName(MQVPrivateKey.class) + " for initialisation"); ++ // } ++ // ++ // MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; ++ // ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) ++ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); ++ // ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) ++ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); ++ // ++ // ECPublicKeyParameters ephemPubKey = null; ++ // if (mqvPrivKey.getEphemeralPublicKey() != null) ++ // { ++ // ephemPubKey = (ECPublicKeyParameters) ++ // ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); ++ // } ++ // ++ // MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); ++ // this.parameters = staticPrivKey.getParameters(); ++ // ++ // // TODO Validate that all the keys are using the same parameters? ++ // ++ // agreement.init(localParams); ++ // } ++ // else ++ // END android-removed + { + if (!(key instanceof ECPrivateKey)) + { +@@ -277,39 +297,41 @@ + } + } + +- public static class DHC +- extends KeyAgreementSpi +- { +- public DHC() +- { +- super("ECDHC", new ECDHCBasicAgreement(), null); +- } +- } +- +- public static class MQV +- extends KeyAgreementSpi +- { +- public MQV() +- { +- super("ECMQV", new ECMQVBasicAgreement(), null); +- } +- } +- +- public static class DHwithSHA1KDF +- extends KeyAgreementSpi +- { +- public DHwithSHA1KDF() +- { +- super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); +- } +- } +- +- public static class MQVwithSHA1KDF +- extends KeyAgreementSpi +- { +- public MQVwithSHA1KDF() +- { +- super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class DHC ++ // extends KeyAgreementSpi ++ // { ++ // public DHC() ++ // { ++ // super("ECDHC", new ECDHCBasicAgreement(), null); ++ // } ++ // } ++ // ++ // public static class MQV ++ // extends KeyAgreementSpi ++ // { ++ // public MQV() ++ // { ++ // super("ECMQV", new ECMQVBasicAgreement(), null); ++ // } ++ // } ++ // ++ // public static class DHwithSHA1KDF ++ // extends KeyAgreementSpi ++ // { ++ // public DHwithSHA1KDF() ++ // { ++ // super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); ++ // } ++ // } ++ // ++ // public static class MQVwithSHA1KDF ++ // extends KeyAgreementSpi ++ // { ++ // public MQVwithSHA1KDF() ++ // { ++ // super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); ++ // } ++ // } ++ // END android-removed + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -200,14 +200,16 @@ + } + } + +- public static class ECGOST3410 +- extends KeyFactorySpi +- { +- public ECGOST3410() +- { +- super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); +- } +- } ++ // BEGIN android-removed ++ // public static class ECGOST3410 ++ // extends KeyFactorySpi ++ // { ++ // public ECGOST3410() ++ // { ++ // super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); ++ // } ++ // } ++ // END android-removed + + public static class ECDH + extends KeyFactorySpi +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -12,7 +12,9 @@ + import org.bouncycastle.asn1.ASN1ObjectIdentifier; + import org.bouncycastle.asn1.nist.NISTNamedCurves; + import org.bouncycastle.asn1.sec.SECNamedCurves; +-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// END android-removed + import org.bouncycastle.asn1.x9.X962NamedCurves; + import org.bouncycastle.asn1.x9.X9ECParameters; + import org.bouncycastle.crypto.AsymmetricCipherKeyPair; +@@ -55,13 +57,15 @@ + static { + ecParameters = new Hashtable(); + +- ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 +- ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1")); +- ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 +- +- ecParameters.put(new Integer(224), new ECGenParameterSpec("P-224")); +- ecParameters.put(new Integer(384), new ECGenParameterSpec("P-384")); +- ecParameters.put(new Integer(521), new ECGenParameterSpec("P-521")); ++ // BEGIN android-changed ++ ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 ++ ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1")); ++ ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 ++ ++ ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224")); ++ ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384")); ++ ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521")); ++ // END android-changed + } + + public EC() +@@ -85,8 +89,16 @@ + SecureRandom random) + { + this.strength = strength; ++ // BEGIN android-added ++ if (random != null) { ++ // END android-added + this.random = random; +- ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(new Integer(strength)); ++ // BEGIN android-added ++ } ++ // END android-added ++ // BEGIN android-changed ++ ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integer.valueOf(strength)); ++ // END android-changed + + if (ecParams != null) + { +@@ -110,6 +122,11 @@ + SecureRandom random) + throws InvalidAlgorithmParameterException + { ++ // BEGIN android-added ++ if (random == null) { ++ random = this.random; ++ } ++ // END android-added + if (params instanceof ECParameterSpec) + { + ECParameterSpec p = (ECParameterSpec)params; +@@ -154,10 +171,12 @@ + { + ecP = NISTNamedCurves.getByName(curveName); + } +- if (ecP == null) +- { +- ecP = TeleTrusTNamedCurves.getByName(curveName); +- } ++ // BEGIN android-removed ++ // if (ecP == null) ++ // { ++ // ecP = TeleTrusTNamedCurves.getByName(curveName); ++ // } ++ // END android-removed + if (ecP == null) + { + // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) +@@ -173,10 +192,12 @@ + { + ecP = NISTNamedCurves.getByOID(oid); + } +- if (ecP == null) +- { +- ecP = TeleTrusTNamedCurves.getByOID(oid); +- } ++ // BEGIN android-removed ++ // if (ecP == null) ++ // { ++ // ecP = TeleTrusTNamedCurves.getByOID(oid); ++ // } ++ // END android-removed + if (ecP == null) + { + throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); +@@ -231,7 +252,15 @@ + { + if (!initialised) + { +- throw new IllegalStateException("EC Key Pair Generator not initialised"); ++ // BEGIN android-removed ++ // throw new IllegalStateException("EC Key Pair Generator not initialised"); ++ // END android-removed ++ // BEGIN android-added ++ /* ++ * KeyPairGenerator documentation says that a default initialization must be provided ++ */ ++ initialize(192, random); ++ // END android-added + } + + AsymmetricCipherKeyPair pair = engine.generateKeyPair(); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -18,15 +18,22 @@ + import org.bouncycastle.crypto.DSA; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.digests.NullDigest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA224Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; ++// END android-removed + import org.bouncycastle.crypto.params.ParametersWithRandom; + import org.bouncycastle.crypto.signers.ECDSASigner; +-import org.bouncycastle.crypto.signers.ECNRSigner; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.signers.ECNRSigner; ++// END android-removed + import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; + import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; + import org.bouncycastle.jce.interfaces.ECKey; +@@ -108,7 +115,9 @@ + { + public ecDSA() + { +- super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder()); ++ // BEGIN android-changed ++ super(new OpenSSLDigest.SHA1(), new ECDSASigner(), new StdDSAEncoder()); ++ // END android-changed + } + } + +@@ -121,21 +130,25 @@ + } + } + +- static public class ecDSA224 +- extends SignatureSpi +- { +- public ecDSA224() +- { +- super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); +- } +- } ++ // BEGIN android-removed ++ // static public class ecDSA224 ++ // extends SignatureSpi ++ // { ++ // public ecDSA224() ++ // { ++ // super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // END android-removed + + static public class ecDSA256 + extends SignatureSpi + { + public ecDSA256() + { +- super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder()); ++ // BEGIN android-changed ++ super(new OpenSSLDigest.SHA256(), new ECDSASigner(), new StdDSAEncoder()); ++ // END android-changed + } + } + +@@ -144,7 +157,9 @@ + { + public ecDSA384() + { +- super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder()); ++ // BEGIN android-changed ++ super(new OpenSSLDigest.SHA384(), new ECDSASigner(), new StdDSAEncoder()); ++ // END android-changed + } + } + +@@ -153,90 +168,94 @@ + { + public ecDSA512() + { +- super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecDSARipeMD160 +- extends SignatureSpi +- { +- public ecDSARipeMD160() +- { +- super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecNR +- extends SignatureSpi +- { +- public ecNR() +- { +- super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecNR224 +- extends SignatureSpi +- { +- public ecNR224() +- { +- super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecNR256 +- extends SignatureSpi +- { +- public ecNR256() +- { +- super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecNR384 +- extends SignatureSpi +- { +- public ecNR384() +- { +- super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecNR512 +- extends SignatureSpi +- { +- public ecNR512() +- { +- super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); +- } +- } +- +- static public class ecCVCDSA +- extends SignatureSpi +- { +- public ecCVCDSA() +- { +- super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } +- +- static public class ecCVCDSA224 +- extends SignatureSpi +- { +- public ecCVCDSA224() +- { +- super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } +- +- static public class ecCVCDSA256 +- extends SignatureSpi +- { +- public ecCVCDSA256() +- { +- super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } ++ // BEGIN android-changed ++ super(new OpenSSLDigest.SHA512(), new ECDSASigner(), new StdDSAEncoder()); ++ // END android-changed ++ } ++ } ++ ++ // BEGIN android-removed ++ // static public class ecDSARipeMD160 ++ // extends SignatureSpi ++ // { ++ // public ecDSARipeMD160() ++ // { ++ // super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecNR ++ // extends SignatureSpi ++ // { ++ // public ecNR() ++ // { ++ // super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecNR224 ++ // extends SignatureSpi ++ // { ++ // public ecNR224() ++ // { ++ // super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecNR256 ++ // extends SignatureSpi ++ // { ++ // public ecNR256() ++ // { ++ // super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecNR384 ++ // extends SignatureSpi ++ // { ++ // public ecNR384() ++ // { ++ // super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecNR512 ++ // extends SignatureSpi ++ // { ++ // public ecNR512() ++ // { ++ // super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecCVCDSA ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA() ++ // { ++ // super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecCVCDSA224 ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA224() ++ // { ++ // super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecCVCDSA256 ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA256() ++ // { ++ // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } ++ // END android-removed + + private static class StdDSAEncoder + implements DSAEncoder +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -55,11 +55,15 @@ + { + AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( + DigestFactory.getOID(currentSpec.getDigestAlgorithm()), +- new DERNull()); ++ // BEGIN android-changed ++ DERNull.INSTANCE); ++ // END android-changed + MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); + AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_mgf1, +- new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); ++ // BEGIN android-changed ++ new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); ++ // END android-changed + PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); + AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); +@@ -170,11 +174,15 @@ + PSSParameterSpec pssSpec = currentSpec; + AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( + DigestFactory.getOID(pssSpec.getDigestAlgorithm()), +- new DERNull()); ++ // BEGIN android-changed ++ DERNull.INSTANCE); ++ // END android-changed + MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); + AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_mgf1, +- new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); ++ // BEGIN android-changed ++ new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); ++ // END android-changed + RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new ASN1Integer(pssSpec.getSaltLength()), new ASN1Integer(pssSpec.getTrailerField())); + + return pssP.getEncoded("DER"); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -127,7 +127,9 @@ + */ + public byte[] getEncoded() + { +- return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); ++ // BEGIN android-changed ++ return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); ++ // END android-changed + } + + /** +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -78,7 +78,9 @@ + + public byte[] getEncoded() + { +- return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); ++ // BEGIN android-changed ++ return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); ++ // END android-changed + } + + public boolean equals(Object o) +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -89,7 +89,9 @@ + + public byte[] getEncoded() + { +- return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); ++ // BEGIN android-changed ++ return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); ++ // END android-changed + } + + public int hashCode() +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -26,7 +26,9 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.InvalidCipherTextException; +-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; ++// END android-removed + import org.bouncycastle.crypto.encodings.OAEPEncoding; + import org.bouncycastle.crypto.encodings.PKCS1Encoding; + import org.bouncycastle.crypto.engines.RSABlindedEngine; +@@ -197,10 +199,12 @@ + { + cipher = new PKCS1Encoding(new RSABlindedEngine()); + } +- else if (pad.equals("ISO9796-1PADDING")) +- { +- cipher = new ISO9796d1Encoding(new RSABlindedEngine()); +- } ++ // BEGIN android-removed ++ // else if (pad.equals("ISO9796-1PADDING")) ++ // { ++ // cipher = new ISO9796d1Encoding(new RSABlindedEngine()); ++ // } ++ // END android-removed + else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) + { + initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); +@@ -213,10 +217,12 @@ + { + initFromSpec(OAEPParameterSpec.DEFAULT); + } +- else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) +- { +- initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); +- } ++ // BEGIN android-removed ++ // else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) ++ // { ++ // initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); ++ // } ++ // END android-removed + else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-256ANDMGF1PADDING")) + { + initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); +@@ -534,48 +540,50 @@ + } + } + +- static public class PKCS1v1_5Padding +- extends CipherSpi +- { +- public PKCS1v1_5Padding() +- { +- super(new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class PKCS1v1_5Padding_PrivateOnly +- extends CipherSpi +- { +- public PKCS1v1_5Padding_PrivateOnly() +- { +- super(false, true, new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class PKCS1v1_5Padding_PublicOnly +- extends CipherSpi +- { +- public PKCS1v1_5Padding_PublicOnly() +- { +- super(true, false, new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class OAEPPadding +- extends CipherSpi +- { +- public OAEPPadding() +- { +- super(OAEPParameterSpec.DEFAULT); +- } +- } +- +- static public class ISO9796d1Padding +- extends CipherSpi +- { +- public ISO9796d1Padding() +- { +- super(new ISO9796d1Encoding(new RSABlindedEngine())); +- } +- } ++ // BEGIN android-removed ++ // static public class PKCS1v1_5Padding ++ // extends CipherSpi ++ // { ++ // public PKCS1v1_5Padding() ++ // { ++ // super(new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class PKCS1v1_5Padding_PrivateOnly ++ // extends CipherSpi ++ // { ++ // public PKCS1v1_5Padding_PrivateOnly() ++ // { ++ // super(false, true, new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class PKCS1v1_5Padding_PublicOnly ++ // extends CipherSpi ++ // { ++ // public PKCS1v1_5Padding_PublicOnly() ++ // { ++ // super(true, false, new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class OAEPPadding ++ // extends CipherSpi ++ // { ++ // public OAEPPadding() ++ // { ++ // super(OAEPParameterSpec.DEFAULT); ++ // } ++ // } ++ // ++ // static public class ISO9796d1Padding ++ // extends CipherSpi ++ // { ++ // public ISO9796d1Padding() ++ // { ++ // super(new ISO9796d1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // END android-removed + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -17,24 +17,31 @@ + import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.DigestInfo; + import org.bouncycastle.crypto.AsymmetricBlockCipher; + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.MD2Digest; +-import org.bouncycastle.crypto.digests.MD4Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.NullDigest; +-import org.bouncycastle.crypto.digests.RIPEMD128Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.RIPEMD256Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.MD2Digest; ++// import org.bouncycastle.crypto.digests.MD4Digest; ++// import org.bouncycastle.crypto.digests.MD5Digest; ++// import org.bouncycastle.crypto.digests.NullDigest; ++// import org.bouncycastle.crypto.digests.RIPEMD128Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD256Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA224Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; ++// END android-removed ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added + import org.bouncycastle.crypto.encodings.PKCS1Encoding; + import org.bouncycastle.crypto.engines.RSABlindedEngine; + +@@ -261,25 +268,31 @@ + { + public SHA1() + { +- super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // BEGIN android-changed ++ super(OIWObjectIdentifiers.idSHA1, new OpenSSLDigest.SHA1(), new PKCS1Encoding(new RSABlindedEngine())); ++ // END android-changed + } + } + +- static public class SHA224 +- extends DigestSignatureSpi +- { +- public SHA224() +- { +- super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } ++ // BEGIN android-removed ++ // static public class SHA224 ++ // extends DigestSignatureSpi ++ // { ++ // public SHA224() ++ // { ++ // super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // END android-removed + + static public class SHA256 + extends DigestSignatureSpi + { + public SHA256() + { +- super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // BEGIN android-changed ++ super(NISTObjectIdentifiers.id_sha256, new OpenSSLDigest.SHA256(), new PKCS1Encoding(new RSABlindedEngine())); ++ // END android-changed + } + } + +@@ -288,7 +301,9 @@ + { + public SHA384() + { +- super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // BEGIN android-changed ++ super(NISTObjectIdentifiers.id_sha384, new OpenSSLDigest.SHA384(), new PKCS1Encoding(new RSABlindedEngine())); ++ // END android-changed + } + } + +@@ -297,70 +312,78 @@ + { + public SHA512() + { +- super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class MD2 +- extends DigestSignatureSpi +- { +- public MD2() +- { +- super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // BEGIN android-changed ++ super(NISTObjectIdentifiers.id_sha512, new OpenSSLDigest.SHA512(), new PKCS1Encoding(new RSABlindedEngine())); ++ // END android-changed + } + } + +- static public class MD4 +- extends DigestSignatureSpi +- { +- public MD4() +- { +- super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } ++ // BEGIN android-removed ++ // static public class MD2 ++ // extends DigestSignatureSpi ++ // { ++ // public MD2() ++ // { ++ // super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class MD4 ++ // extends DigestSignatureSpi ++ // { ++ // public MD4() ++ // { ++ // super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // END android-removed + + static public class MD5 + extends DigestSignatureSpi + { + public MD5() + { +- super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // BEGIN android-changed ++ super(PKCSObjectIdentifiers.md5, new OpenSSLDigest.MD5(), new PKCS1Encoding(new RSABlindedEngine())); ++ // END android-changed + } + } + +- static public class RIPEMD160 +- extends DigestSignatureSpi +- { +- public RIPEMD160() +- { +- super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class RIPEMD128 +- extends DigestSignatureSpi +- { +- public RIPEMD128() +- { +- super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class RIPEMD256 +- extends DigestSignatureSpi +- { +- public RIPEMD256() +- { +- super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } +- +- static public class noneRSA +- extends DigestSignatureSpi +- { +- public noneRSA() +- { +- super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); +- } +- } ++ // BEGIN android-removed ++ // static public class RIPEMD160 ++ // extends DigestSignatureSpi ++ // { ++ // public RIPEMD160() ++ // { ++ // super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class RIPEMD128 ++ // extends DigestSignatureSpi ++ // { ++ // public RIPEMD128() ++ // { ++ // super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class RIPEMD256 ++ // extends DigestSignatureSpi ++ // { ++ // public RIPEMD256() ++ // { ++ // super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // ++ // static public class noneRSA ++ // extends DigestSignatureSpi ++ // { ++ // public noneRSA() ++ // { ++ // super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); ++ // } ++ // } ++ // END android-removed + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-09-11 00:12:44.000000000 +0000 +@@ -18,8 +18,10 @@ + import javax.crypto.NoSuchPaddingException; + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; +-import javax.crypto.spec.RC5ParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.RC2ParameterSpec; ++// import javax.crypto.spec.RC5ParameterSpec; ++// END android-removed + import javax.crypto.spec.SecretKeySpec; + + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +@@ -37,8 +39,10 @@ + { + IvParameterSpec.class, + PBEParameterSpec.class, +- RC2ParameterSpec.class, +- RC5ParameterSpec.class ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class ++ // END android-removed + }; + + +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2012-09-11 00:12:44.000000000 +0000 +@@ -36,7 +36,9 @@ + import org.bouncycastle.asn1.pkcs.SignedData; + import org.bouncycastle.jce.provider.BouncyCastleProvider; + import org.bouncycastle.util.io.pem.PemObject; +-import org.bouncycastle.util.io.pem.PemWriter; ++// BEGIN android-removed ++// import org.bouncycastle.util.io.pem.PemWriter; ++// END android-removed + + /** + * CertPath implementation for X.509 certificates. +@@ -298,27 +300,29 @@ + return toDEREncoded(new ContentInfo( + PKCSObjectIdentifiers.signedData, sd)); + } +- else if (encoding.equalsIgnoreCase("PEM")) +- { +- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); +- PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); +- +- try +- { +- for (int i = 0; i != certificates.size(); i++) +- { +- pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); +- } +- +- pWrt.close(); +- } +- catch (Exception e) +- { +- throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); +- } +- +- return bOut.toByteArray(); +- } ++ // BEGIN android-removed ++ // else if (encoding.equalsIgnoreCase("PEM")) ++ // { ++ // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++ // PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); ++ // ++ // try ++ // { ++ // for (int i = 0; i != certificates.size(); i++) ++ // { ++ // pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); ++ // } ++ // ++ // pWrt.close(); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); ++ // } ++ // ++ // return bOut.toByteArray(); ++ // } ++ // END android-removed + else + { + throw new CertificateEncodingException("unsupported encoding: " + encoding); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/AES.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/AES.java 2012-09-11 00:12:44.000000000 +0000 +@@ -1,31 +1,43 @@ + package org.bouncycastle.jcajce.provider.symmetric; + +-import java.security.AlgorithmParameters; +-import java.security.InvalidAlgorithmParameterException; ++// BEGIN android-removed ++// import java.security.AlgorithmParameters; ++// import java.security.InvalidAlgorithmParameterException; ++// END android-removed + import java.security.SecureRandom; +-import java.security.spec.AlgorithmParameterSpec; +- +-import javax.crypto.spec.IvParameterSpec; ++// BEGIN android-removed ++// import java.security.spec.AlgorithmParameterSpec; ++// ++// import javax.crypto.spec.IvParameterSpec; ++// END android-removed + + import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; + import org.bouncycastle.crypto.BufferedBlockCipher; + import org.bouncycastle.crypto.CipherKeyGenerator; + import org.bouncycastle.crypto.engines.AESFastEngine; + import org.bouncycastle.crypto.engines.AESWrapEngine; +-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +-import org.bouncycastle.crypto.macs.CMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// import org.bouncycastle.crypto.macs.CMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.OFBBlockCipher; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; + import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +-import org.bouncycastle.jce.provider.BouncyCastleProvider; ++// BEGIN android-removed ++// import org.bouncycastle.jce.provider.BouncyCastleProvider; ++// END android-removed + + public final class AES + { +@@ -69,15 +81,17 @@ + } + } + +- public static class AESCMAC +- extends BaseMac +- { +- public AESCMAC() +- { +- super(new CMac(new AESFastEngine())); +- } +- } +- ++ // BEGIN android-removed ++ // public static class AESCMAC ++ // extends BaseMac ++ // { ++ // public AESCMAC() ++ // { ++ // super(new CMac(new AESFastEngine())); ++ // } ++ // } ++ // END android-removed ++ + static public class Wrap + extends BaseWrapCipher + { +@@ -86,15 +100,17 @@ + super(new AESWrapEngine()); + } + } +- +- public static class RFC3211Wrap +- extends BaseWrapCipher +- { +- public RFC3211Wrap() +- { +- super(new RFC3211WrapEngine(new AESFastEngine()), 16); +- } +- } ++ ++ // BEGIN android-removed ++ // public static class RFC3211Wrap ++ // extends BaseWrapCipher ++ // { ++ // public RFC3211Wrap() ++ // { ++ // super(new RFC3211WrapEngine(new AESFastEngine()), 16); ++ // } ++ // } ++ // END android-removed + + public static class KeyGen + extends BaseKeyGenerator +@@ -110,70 +126,72 @@ + } + } + +- public static class KeyGen128 +- extends KeyGen +- { +- public KeyGen128() +- { +- super(128); +- } +- } +- +- public static class KeyGen192 +- extends KeyGen +- { +- public KeyGen192() +- { +- super(192); +- } +- } +- +- public static class KeyGen256 +- extends KeyGen +- { +- public KeyGen256() +- { +- super(256); +- } +- } +- +- public static class AlgParamGen +- extends BaseAlgorithmParameterGenerator +- { +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); +- } +- +- protected AlgorithmParameters engineGenerateParameters() +- { +- byte[] iv = new byte[16]; +- +- if (random == null) +- { +- random = new SecureRandom(); +- } +- +- random.nextBytes(iv); +- +- AlgorithmParameters params; +- +- try +- { +- params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); +- params.init(new IvParameterSpec(iv)); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- +- return params; +- } +- } ++ // BEGIN android-removed ++ // public static class KeyGen128 ++ // extends KeyGen ++ // { ++ // public KeyGen128() ++ // { ++ // super(128); ++ // } ++ // } ++ // ++ // public static class KeyGen192 ++ // extends KeyGen ++ // { ++ // public KeyGen192() ++ // { ++ // super(192); ++ // } ++ // } ++ // ++ // public static class KeyGen256 ++ // extends KeyGen ++ // { ++ // public KeyGen256() ++ // { ++ // super(256); ++ // } ++ // } ++ // ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator ++ // { ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException ++ // { ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); ++ // } ++ // ++ // protected AlgorithmParameters engineGenerateParameters() ++ // { ++ // byte[] iv = new byte[16]; ++ // ++ // if (random == null) ++ // { ++ // random = new SecureRandom(); ++ // } ++ // ++ // random.nextBytes(iv); ++ // ++ // AlgorithmParameters params; ++ // ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(new IvParameterSpec(iv)); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // ++ // return params; ++ // } ++ // } ++ // END android-removed + + public static class AlgParams + extends IvAlgorithmParameters +@@ -212,58 +230,66 @@ + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + +- provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); ++ // END android-removed + + provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); ++ // END android-removed + provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); +- provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); ++ // END android-removed + + provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); +- provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); +- +- provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); ++ // ++ // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); ++ // END android-removed + } + } + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2012-09-11 00:12:44.000000000 +0000 +@@ -27,7 +27,9 @@ + { + public KeyGen() + { +- super("RC4", 128, new CipherKeyGenerator()); ++ // BEGIN android-changed ++ super("ARC4", 128, new CipherKeyGenerator()); ++ // END android-changed + } + } + +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-09-11 00:12:44.000000000 +0000 +@@ -64,7 +64,9 @@ + { + + provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); ++ // END android-removed + provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); + provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DES.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DES.java 2012-09-11 00:12:44.000000000 +0000 +@@ -16,11 +16,15 @@ + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.crypto.KeyGenerationParameters; + import org.bouncycastle.crypto.engines.DESEngine; +-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// END android-removed + import org.bouncycastle.crypto.generators.DESKeyGenerator; + import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +-import org.bouncycastle.crypto.macs.CMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// import org.bouncycastle.crypto.macs.CMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.paddings.ISO7816d4Padding; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +@@ -48,115 +52,117 @@ + } + } + +- static public class CBC +- extends BaseBlockCipher +- { +- public CBC() +- { +- super(new CBCBlockCipher(new DESEngine()), 64); +- } +- } +- +- /** +- * DES CFB8 +- */ +- public static class DESCFB8 +- extends BaseMac +- { +- public DESCFB8() +- { +- super(new CFBBlockCipherMac(new DESEngine())); +- } +- } +- +- /** +- * DES64 +- */ +- public static class DES64 +- extends BaseMac +- { +- public DES64() +- { +- super(new CBCBlockCipherMac(new DESEngine(), 64)); +- } +- } +- +- /** +- * DES64with7816-4Padding +- */ +- public static class DES64with7816d4 +- extends BaseMac +- { +- public DES64with7816d4() +- { +- super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); +- } +- } +- +- public static class CBCMAC +- extends BaseMac +- { +- public CBCMAC() +- { +- super(new CBCBlockCipherMac(new DESEngine())); +- } +- } +- +- static public class CMAC +- extends BaseMac +- { +- public CMAC() +- { +- super(new CMac(new DESEngine())); +- } +- } +- +- public static class RFC3211 +- extends BaseWrapCipher +- { +- public RFC3211() +- { +- super(new RFC3211WrapEngine(new DESEngine()), 8); +- } +- } +- +- public static class AlgParamGen +- extends BaseAlgorithmParameterGenerator +- { +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); +- } +- +- protected AlgorithmParameters engineGenerateParameters() +- { +- byte[] iv = new byte[8]; +- +- if (random == null) +- { +- random = new SecureRandom(); +- } +- +- random.nextBytes(iv); +- +- AlgorithmParameters params; +- +- try +- { +- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); +- params.init(new IvParameterSpec(iv)); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- +- return params; +- } +- } ++ // BEGIN android-removed ++ // static public class CBC ++ // extends BaseBlockCipher ++ // { ++ // public CBC() ++ // { ++ // super(new CBCBlockCipher(new DESEngine()), 64); ++ // } ++ // } ++ // ++ // /** ++ // * DES CFB8 ++ // */ ++ // public static class DESCFB8 ++ // extends BaseMac ++ // { ++ // public DESCFB8() ++ // { ++ // super(new CFBBlockCipherMac(new DESEngine())); ++ // } ++ // } ++ // ++ // /** ++ // * DES64 ++ // */ ++ // public static class DES64 ++ // extends BaseMac ++ // { ++ // public DES64() ++ // { ++ // super(new CBCBlockCipherMac(new DESEngine(), 64)); ++ // } ++ // } ++ // ++ // /** ++ // * DES64with7816-4Padding ++ // */ ++ // public static class DES64with7816d4 ++ // extends BaseMac ++ // { ++ // public DES64with7816d4() ++ // { ++ // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); ++ // } ++ // } ++ // ++ // public static class CBCMAC ++ // extends BaseMac ++ // { ++ // public CBCMAC() ++ // { ++ // super(new CBCBlockCipherMac(new DESEngine())); ++ // } ++ // } ++ // ++ // static public class CMAC ++ // extends BaseMac ++ // { ++ // public CMAC() ++ // { ++ // super(new CMac(new DESEngine())); ++ // } ++ // } ++ // ++ // public static class RFC3211 ++ // extends BaseWrapCipher ++ // { ++ // public RFC3211() ++ // { ++ // super(new RFC3211WrapEngine(new DESEngine()), 8); ++ // } ++ // } ++ // ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator ++ // { ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException ++ // { ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); ++ // } ++ // ++ // protected AlgorithmParameters engineGenerateParameters() ++ // { ++ // byte[] iv = new byte[8]; ++ // ++ // if (random == null) ++ // { ++ // random = new SecureRandom(); ++ // } ++ // ++ // random.nextBytes(iv); ++ // ++ // AlgorithmParameters params; ++ // ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(new IvParameterSpec(iv)); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // ++ // return params; ++ // } ++ // } ++ // END android-removed + + /** + * DES - the default for this is to generate a key in +@@ -263,36 +269,42 @@ + { + + provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); +- +- addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); +- +- provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); ++ // ++ // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); ++ // ++ // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); ++ // END android-removed + + provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); + + provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); + +- provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); +- provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); +- provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); +- +- provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); +- provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); +- +- provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); +- provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); +- +- provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); +- provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); ++ // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); ++ // ++ // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); ++ // ++ // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); ++ // ++ // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // END android-removed + + provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); + +- provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); ++ // END android-removed + } + + private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DESede.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2012-09-11 00:12:44.000000000 +0000 +@@ -1,30 +1,42 @@ + package org.bouncycastle.jcajce.provider.symmetric; + +-import java.security.AlgorithmParameters; +-import java.security.InvalidAlgorithmParameterException; ++// BEGIN android-removed ++// import java.security.AlgorithmParameters; ++// import java.security.InvalidAlgorithmParameterException; ++// END android-removed + import java.security.SecureRandom; +-import java.security.spec.AlgorithmParameterSpec; ++// BEGIN android-removed ++// import java.security.spec.AlgorithmParameterSpec; ++// END android-removed + import java.security.spec.InvalidKeySpecException; + import java.security.spec.KeySpec; + + import javax.crypto.SecretKey; + import javax.crypto.spec.DESedeKeySpec; +-import javax.crypto.spec.IvParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.IvParameterSpec; ++// END android-removed + import javax.crypto.spec.SecretKeySpec; + + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.crypto.KeyGenerationParameters; + import org.bouncycastle.crypto.engines.DESedeEngine; + import org.bouncycastle.crypto.engines.DESedeWrapEngine; +-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// END android-removed + import org.bouncycastle.crypto.generators.DESedeKeyGenerator; + import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +-import org.bouncycastle.crypto.macs.CMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// import org.bouncycastle.crypto.macs.CMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.paddings.ISO7816d4Padding; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +@@ -57,17 +69,19 @@ + } + } + +- /** +- * DESede CFB8 +- */ +- public static class DESedeCFB8 +- extends BaseMac +- { +- public DESedeCFB8() +- { +- super(new CFBBlockCipherMac(new DESedeEngine())); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * DESede CFB8 ++ // */ ++ // public static class DESedeCFB8 ++ // extends BaseMac ++ // { ++ // public DESedeCFB8() ++ // { ++ // super(new CFBBlockCipherMac(new DESedeEngine())); ++ // } ++ // } ++ // END android-removed + + /** + * DESede64 +@@ -102,15 +116,17 @@ + } + } + +- static public class CMAC +- extends BaseMac +- { +- public CMAC() +- { +- super(new CMac(new DESedeEngine())); +- } +- } +- ++ // BEGIN android-removed ++ // static public class CMAC ++ // extends BaseMac ++ // { ++ // public CMAC() ++ // { ++ // super(new CMac(new DESedeEngine())); ++ // } ++ // } ++ // END android-removed ++ + public static class Wrap + extends BaseWrapCipher + { +@@ -119,15 +135,17 @@ + super(new DESedeWrapEngine()); + } + } +- +- public static class RFC3211 +- extends BaseWrapCipher +- { +- public RFC3211() +- { +- super(new RFC3211WrapEngine(new DESedeEngine()), 8); +- } +- } ++ ++ // BEGIN android-removed ++ // public static class RFC3211 ++ // extends BaseWrapCipher ++ // { ++ // public RFC3211() ++ // { ++ // super(new RFC3211WrapEngine(new DESedeEngine()), 8); ++ // } ++ // } ++ // END android-removed + + /** + * DESede - the default for this is to generate a key in +@@ -217,43 +235,45 @@ + } + } + +- public static class AlgParamGen +- extends BaseAlgorithmParameterGenerator +- { +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); +- } +- +- protected AlgorithmParameters engineGenerateParameters() +- { +- byte[] iv = new byte[8]; +- +- if (random == null) +- { +- random = new SecureRandom(); +- } +- +- random.nextBytes(iv); +- +- AlgorithmParameters params; +- +- try +- { +- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); +- params.init(new IvParameterSpec(iv)); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- +- return params; +- } +- } ++ // BEGIN android-removed ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator ++ // { ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException ++ // { ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); ++ // } ++ // ++ // protected AlgorithmParameters engineGenerateParameters() ++ // { ++ // byte[] iv = new byte[8]; ++ // ++ // if (random == null) ++ // { ++ // random = new SecureRandom(); ++ // } ++ // ++ // random.nextBytes(iv); ++ // ++ // AlgorithmParameters params; ++ // ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(new IvParameterSpec(iv)); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // ++ // return params; ++ // } ++ // } ++ // END android-removed + + static public class KeyFactory + extends BaseSecretKeyFactory +@@ -337,18 +357,28 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); ++ // END android-removed + provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); +- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap"); +- provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); ++ // BEGIN android-changed ++ provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); ++ // END android-changed ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); ++ // END android-removed + + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) + { + provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); +- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); +- provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); ++ // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); ++ // END android-removed + provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); +- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); +@@ -357,31 +387,37 @@ + } + + provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); +- provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); +- provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); ++ // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); ++ // END android-removed + + provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); + +- provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); +- provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); +- +- provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); +- +- provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); +- +- provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); ++ // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); ++ // ++ // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); ++ // ++ // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); ++ // ++ // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // END android-removed + + provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + +- provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); ++ // END android-removed + } + } + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-09-11 00:12:44.000000000 +0000 +@@ -7,13 +7,17 @@ + + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.RC2ParameterSpec; ++// END android-removed + + import org.bouncycastle.asn1.ASN1Encoding; + import org.bouncycastle.asn1.ASN1Primitive; + import org.bouncycastle.asn1.pkcs.PBKDF2Params; + import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; +-import org.bouncycastle.asn1.pkcs.RC2CBCParameter; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; ++// END android-removed + import org.bouncycastle.util.Arrays; + + public abstract class BaseAlgorithmParameters +@@ -39,177 +43,179 @@ + protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException; + +- public static class RC2AlgorithmParameters +- extends BaseAlgorithmParameters +- { +- private static final short[] table = { +- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, +- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, +- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, +- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, +- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, +- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, +- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, +- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, +- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, +- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, +- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, +- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, +- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, +- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, +- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, +- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab +- }; +- +- private static final short[] ekb = { +- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, +- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, +- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, +- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, +- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, +- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, +- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, +- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, +- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, +- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, +- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, +- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, +- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, +- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, +- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, +- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd +- }; +- +- private byte[] iv; +- private int parameterVersion = 58; +- +- protected byte[] engineGetEncoded() +- { +- return Arrays.clone(iv); +- } +- +- protected byte[] engineGetEncoded( +- String format) +- throws IOException +- { +- if (this.isASN1FormatString(format)) +- { +- if (parameterVersion == -1) +- { +- return new RC2CBCParameter(engineGetEncoded()).getEncoded(); +- } +- else +- { +- return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); +- } +- } +- +- if (format.equals("RAW")) +- { +- return engineGetEncoded(); +- } +- +- return null; +- } +- +- protected AlgorithmParameterSpec localEngineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec == RC2ParameterSpec.class) +- { +- if (parameterVersion != -1) +- { +- if (parameterVersion < 256) +- { +- return new RC2ParameterSpec(ekb[parameterVersion], iv); +- } +- else +- { +- return new RC2ParameterSpec(parameterVersion, iv); +- } +- } +- } +- +- if (paramSpec == IvParameterSpec.class) +- { +- return new IvParameterSpec(iv); +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); +- } +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec instanceof IvParameterSpec) +- { +- this.iv = ((IvParameterSpec)paramSpec).getIV(); +- } +- else if (paramSpec instanceof RC2ParameterSpec) +- { +- int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); +- if (effKeyBits != -1) +- { +- if (effKeyBits < 256) +- { +- parameterVersion = table[effKeyBits]; +- } +- else +- { +- parameterVersion = effKeyBits; +- } +- } +- +- this.iv = ((RC2ParameterSpec)paramSpec).getIV(); +- } +- else +- { +- throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); +- } +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- this.iv = Arrays.clone(params); +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (this.isASN1FormatString(format)) +- { +- RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); +- +- if (p.getRC2ParameterVersion() != null) +- { +- parameterVersion = p.getRC2ParameterVersion().intValue(); +- } +- +- iv = p.getIV(); +- +- return; +- } +- +- if (format.equals("RAW")) +- { +- engineInit(params); +- return; +- } +- +- throw new IOException("Unknown parameters format in IV parameters object"); +- } +- +- protected String engineToString() +- { +- return "RC2 Parameters"; +- } +- } ++ // BEGIN android-removed ++ // public static class RC2AlgorithmParameters ++ // extends BaseAlgorithmParameters ++ // { ++ // private static final short[] table = { ++ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, ++ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, ++ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, ++ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, ++ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, ++ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, ++ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, ++ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, ++ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, ++ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, ++ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, ++ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, ++ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, ++ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, ++ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, ++ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab ++ // }; ++ // ++ // private static final short[] ekb = { ++ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, ++ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, ++ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, ++ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, ++ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, ++ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, ++ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, ++ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, ++ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, ++ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, ++ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, ++ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, ++ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, ++ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, ++ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, ++ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd ++ // }; ++ // ++ // private byte[] iv; ++ // private int parameterVersion = 58; ++ // ++ // protected byte[] engineGetEncoded() ++ // { ++ // return Arrays.clone(iv); ++ // } ++ // ++ // protected byte[] engineGetEncoded( ++ // String format) ++ // throws IOException ++ // { ++ // if (this.isASN1FormatString(format)) ++ // { ++ // if (parameterVersion == -1) ++ // { ++ // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); ++ // } ++ // else ++ // { ++ // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); ++ // } ++ // } ++ // ++ // if (format.equals("RAW")) ++ // { ++ // return engineGetEncoded(); ++ // } ++ // ++ // return null; ++ // } ++ // ++ // protected AlgorithmParameterSpec localEngineGetParameterSpec( ++ // Class paramSpec) ++ // throws InvalidParameterSpecException ++ // { ++ // if (paramSpec == RC2ParameterSpec.class) ++ // { ++ // if (parameterVersion != -1) ++ // { ++ // if (parameterVersion < 256) ++ // { ++ // return new RC2ParameterSpec(ekb[parameterVersion], iv); ++ // } ++ // else ++ // { ++ // return new RC2ParameterSpec(parameterVersion, iv); ++ // } ++ // } ++ // } ++ // ++ // if (paramSpec == IvParameterSpec.class) ++ // { ++ // return new IvParameterSpec(iv); ++ // } ++ // ++ // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); ++ // } ++ // ++ // protected void engineInit( ++ // AlgorithmParameterSpec paramSpec) ++ // throws InvalidParameterSpecException ++ // { ++ // if (paramSpec instanceof IvParameterSpec) ++ // { ++ // this.iv = ((IvParameterSpec)paramSpec).getIV(); ++ // } ++ // else if (paramSpec instanceof RC2ParameterSpec) ++ // { ++ // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); ++ // if (effKeyBits != -1) ++ // { ++ // if (effKeyBits < 256) ++ // { ++ // parameterVersion = table[effKeyBits]; ++ // } ++ // else ++ // { ++ // parameterVersion = effKeyBits; ++ // } ++ // } ++ // ++ // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); ++ // } ++ // else ++ // { ++ // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); ++ // } ++ // } ++ // ++ // protected void engineInit( ++ // byte[] params) ++ // throws IOException ++ // { ++ // this.iv = Arrays.clone(params); ++ // } ++ // ++ // protected void engineInit( ++ // byte[] params, ++ // String format) ++ // throws IOException ++ // { ++ // if (this.isASN1FormatString(format)) ++ // { ++ // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); ++ // ++ // if (p.getRC2ParameterVersion() != null) ++ // { ++ // parameterVersion = p.getRC2ParameterVersion().intValue(); ++ // } ++ // ++ // iv = p.getIV(); ++ // ++ // return; ++ // } ++ // ++ // if (format.equals("RAW")) ++ // { ++ // engineInit(params); ++ // return; ++ // } ++ // ++ // throw new IOException("Unknown parameters format in IV parameters object"); ++ // } ++ // ++ // protected String engineToString() ++ // { ++ // return "RC2 Parameters"; ++ // } ++ // } ++ // END android-removed + + public static class PBKDF2 + extends BaseAlgorithmParameters +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2012-09-11 00:12:44.000000000 +0000 +@@ -17,8 +17,10 @@ + import javax.crypto.ShortBufferException; + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; +-import javax.crypto.spec.RC5ParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.RC2ParameterSpec; ++// import javax.crypto.spec.RC5ParameterSpec; ++// END android-removed + + import org.bouncycastle.crypto.BufferedBlockCipher; + import org.bouncycastle.crypto.CipherParameters; +@@ -29,12 +31,18 @@ + import org.bouncycastle.crypto.modes.CCMBlockCipher; + import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.CTSBlockCipher; +-import org.bouncycastle.crypto.modes.EAXBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.EAXBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.GCMBlockCipher; +-import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.OFBBlockCipher; +-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; +-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; ++// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.SICBlockCipher; + import org.bouncycastle.crypto.paddings.BlockCipherPadding; + import org.bouncycastle.crypto.paddings.ISO10126d2Padding; +@@ -46,11 +54,17 @@ + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; + import org.bouncycastle.crypto.params.ParametersWithRandom; +-import org.bouncycastle.crypto.params.ParametersWithSBox; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.ParametersWithSBox; ++// END android-removed + import org.bouncycastle.crypto.params.RC2Parameters; +-import org.bouncycastle.crypto.params.RC5Parameters; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.RC5Parameters; ++// END android-removed + import org.bouncycastle.jce.provider.BouncyCastleProvider; +-import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// BEGIN android-removed ++// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// END android-removed + import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; + import org.bouncycastle.util.Strings; + +@@ -63,11 +77,15 @@ + // + private Class[] availableSpecs = + { +- RC2ParameterSpec.class, +- RC5ParameterSpec.class, ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class, ++ // END android-removed + IvParameterSpec.class, + PBEParameterSpec.class, +- GOST28147ParameterSpec.class ++ // BEGIN android-removed ++ // GOST28147ParameterSpec.class ++ // END android-removed + }; + + private org.bouncycastle.crypto.BlockCipher baseEngine; +@@ -222,20 +240,22 @@ + new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); + } + } +- else if (modeName.startsWith("PGP")) +- { +- boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); +- +- ivLength = baseEngine.getBlockSize(); +- cipher = new BufferedGenericBlockCipher( +- new PGPCFBBlockCipher(baseEngine, inlineIV)); +- } +- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) +- { +- ivLength = 0; +- cipher = new BufferedGenericBlockCipher( +- new OpenPGPCFBBlockCipher(baseEngine)); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("PGP")) ++ // { ++ // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); ++ ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new BufferedGenericBlockCipher( ++ // new PGPCFBBlockCipher(baseEngine, inlineIV)); ++ // } ++ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) ++ // { ++ // ivLength = 0; ++ // cipher = new BufferedGenericBlockCipher( ++ // new OpenPGPCFBBlockCipher(baseEngine)); ++ // } ++ // END android-removed + else if (modeName.startsWith("SIC")) + { + ivLength = baseEngine.getBlockSize(); +@@ -252,12 +272,14 @@ + cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + new SICBlockCipher(baseEngine))); + } +- else if (modeName.startsWith("GOFB")) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( +- new GOFBBlockCipher(baseEngine))); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("GOFB")) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( ++ // new GOFBBlockCipher(baseEngine))); ++ // } ++ // END android-removed + else if (modeName.startsWith("CTS")) + { + ivLength = baseEngine.getBlockSize(); +@@ -268,11 +290,13 @@ + ivLength = baseEngine.getBlockSize(); + cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); + } +- else if (modeName.startsWith("EAX")) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("EAX")) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); ++ // } ++ // END android-removed + else if (modeName.startsWith("GCM")) + { + ivLength = baseEngine.getBlockSize(); +@@ -441,63 +465,65 @@ + param = new KeyParameter(key.getEncoded()); + } + } +- else if (params instanceof GOST28147ParameterSpec) +- { +- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; +- +- param = new ParametersWithSBox( +- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); +- +- if (gost28147Param.getIV() != null && ivLength != 0) +- { +- param = new ParametersWithIV(param, gost28147Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } +- } +- else if (params instanceof RC2ParameterSpec) +- { +- RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; +- +- param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); +- +- if (rc2Param.getIV() != null && ivLength != 0) +- { +- param = new ParametersWithIV(param, rc2Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } +- } +- else if (params instanceof RC5ParameterSpec) +- { +- RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; +- +- param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); +- if (baseEngine.getAlgorithmName().startsWith("RC5")) +- { +- if (baseEngine.getAlgorithmName().equals("RC5-32")) +- { +- if (rc5Param.getWordSize() != 32) +- { +- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); +- } +- } +- else if (baseEngine.getAlgorithmName().equals("RC5-64")) +- { +- if (rc5Param.getWordSize() != 64) +- { +- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); +- } +- } +- } +- else +- { +- throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); +- } +- if ((rc5Param.getIV() != null) && (ivLength != 0)) +- { +- param = new ParametersWithIV(param, rc5Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } +- } ++ // BEGIN android-removed ++ // else if (params instanceof GOST28147ParameterSpec) ++ // { ++ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; ++ // ++ // param = new ParametersWithSBox( ++ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); ++ // ++ // if (gost28147Param.getIV() != null && ivLength != 0) ++ // { ++ // param = new ParametersWithIV(param, gost28147Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // else if (params instanceof RC2ParameterSpec) ++ // { ++ // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; ++ // ++ // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); ++ // ++ // if (rc2Param.getIV() != null && ivLength != 0) ++ // { ++ // param = new ParametersWithIV(param, rc2Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // else if (params instanceof RC5ParameterSpec) ++ // { ++ // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; ++ // ++ // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); ++ // if (baseEngine.getAlgorithmName().startsWith("RC5")) ++ // { ++ // if (baseEngine.getAlgorithmName().equals("RC5-32")) ++ // { ++ // if (rc5Param.getWordSize() != 32) ++ // { ++ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); ++ // } ++ // } ++ // else if (baseEngine.getAlgorithmName().equals("RC5-64")) ++ // { ++ // if (rc5Param.getWordSize() != 64) ++ // { ++ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); ++ // } ++ // } ++ // } ++ // else ++ // { ++ // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); ++ // } ++ // if ((rc5Param.getIV() != null) && (ivLength != 0)) ++ // { ++ // param = new ParametersWithIV(param, rc5Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // END android-removed + else + { + throw new InvalidAlgorithmParameterException("unknown parameter type."); +@@ -701,10 +727,20 @@ + int inputLen, + byte[] output, + int outputOffset) +- throws IllegalBlockSizeException, BadPaddingException ++ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException + { ++ // BEGIN android-note ++ // added ShortBufferException to the throws statement ++ // END android-note + int len = 0; + ++ // BEGIN android-added ++ int outputLen = cipher.getOutputSize(inputLen); ++ ++ if (outputLen + outputOffset > output.length) { ++ throw new ShortBufferException("need at least " + outputLen + " bytes"); ++ } ++ // BEGIN android-added + if (inputLen != 0) + { + len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java 2012-09-11 00:12:44.000000000 +0000 +@@ -56,6 +56,11 @@ + { + try + { ++ // BEGIN android-added ++ if (random == null) { ++ random = new SecureRandom(); ++ } ++ // END android-added + engine.init(new KeyGenerationParameters(random, keySize)); + uninitialised = false; + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2012-09-11 00:12:44.000000000 +0000 +@@ -11,25 +11,34 @@ + + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Mac; +-import org.bouncycastle.crypto.digests.MD2Digest; +-import org.bouncycastle.crypto.digests.MD4Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD128Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; +-import org.bouncycastle.crypto.digests.TigerDigest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.MD2Digest; ++// import org.bouncycastle.crypto.digests.MD4Digest; ++// import org.bouncycastle.crypto.digests.MD5Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD128Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA224Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; ++// import org.bouncycastle.crypto.digests.TigerDigest; ++// END android-removed ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added + import org.bouncycastle.crypto.engines.DESEngine; + import org.bouncycastle.crypto.engines.RC2Engine; + import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +-import org.bouncycastle.crypto.macs.GOST28147Mac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// import org.bouncycastle.crypto.macs.GOST28147Mac; ++// END android-removed + import org.bouncycastle.crypto.macs.HMac; +-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +-import org.bouncycastle.crypto.macs.OldHMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; ++// import org.bouncycastle.crypto.macs.OldHMac; ++// END android-removed + import org.bouncycastle.crypto.paddings.ISO7816d4Padding; + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; +@@ -179,91 +188,93 @@ + } + } + +- /** +- * GOST28147 +- */ +- public static class GOST28147 +- extends BaseMac +- { +- public GOST28147() +- { +- super(new GOST28147Mac()); +- } +- } +- +- +- +- /** +- * DES +- */ +- public static class DESCFB8 +- extends BaseMac +- { +- public DESCFB8() +- { +- super(new CFBBlockCipherMac(new DESEngine())); +- } +- } +- +- /** +- * RC2CFB8 +- */ +- public static class RC2CFB8 +- extends BaseMac +- { +- public RC2CFB8() +- { +- super(new CFBBlockCipherMac(new RC2Engine())); +- } +- } +- +- /** +- * DES9797Alg3with7816-4Padding +- */ +- public static class DES9797Alg3with7816d4 +- extends BaseMac +- { +- public DES9797Alg3with7816d4() +- { +- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); +- } +- } +- +- /** +- * DES9797Alg3 +- */ +- public static class DES9797Alg3 +- extends BaseMac +- { +- public DES9797Alg3() +- { +- super(new ISO9797Alg3Mac(new DESEngine())); +- } +- } +- +- /** +- * MD2 HMac +- */ +- public static class MD2 +- extends BaseMac +- { +- public MD2() +- { +- super(new HMac(new MD2Digest())); +- } +- } +- +- /** +- * MD4 HMac +- */ +- public static class MD4 +- extends BaseMac +- { +- public MD4() +- { +- super(new HMac(new MD4Digest())); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * GOST28147 ++ // */ ++ // public static class GOST28147 ++ // extends BaseMac ++ // { ++ // public GOST28147() ++ // { ++ // super(new GOST28147Mac()); ++ // } ++ // } ++ // ++ // ++ // ++ // /** ++ // * DES ++ // */ ++ // public static class DESCFB8 ++ // extends BaseMac ++ // { ++ // public DESCFB8() ++ // { ++ // super(new CFBBlockCipherMac(new DESEngine())); ++ // } ++ // } ++ // ++ // /** ++ // * RC2CFB8 ++ // */ ++ // public static class RC2CFB8 ++ // extends BaseMac ++ // { ++ // public RC2CFB8() ++ // { ++ // super(new CFBBlockCipherMac(new RC2Engine())); ++ // } ++ // } ++ // ++ // /** ++ // * DES9797Alg3with7816-4Padding ++ // */ ++ // public static class DES9797Alg3with7816d4 ++ // extends BaseMac ++ // { ++ // public DES9797Alg3with7816d4() ++ // { ++ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); ++ // } ++ // } ++ // ++ // /** ++ // * DES9797Alg3 ++ // */ ++ // public static class DES9797Alg3 ++ // extends BaseMac ++ // { ++ // public DES9797Alg3() ++ // { ++ // super(new ISO9797Alg3Mac(new DESEngine())); ++ // } ++ // } ++ // ++ // /** ++ // * MD2 HMac ++ // */ ++ // public static class MD2 ++ // extends BaseMac ++ // { ++ // public MD2() ++ // { ++ // super(new HMac(new MD2Digest())); ++ // } ++ // } ++ // ++ // /** ++ // * MD4 HMac ++ // */ ++ // public static class MD4 ++ // extends BaseMac ++ // { ++ // public MD4() ++ // { ++ // super(new HMac(new MD4Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * MD5 HMac +@@ -273,7 +284,9 @@ + { + public MD5() + { +- super(new HMac(new MD5Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.MD5())); ++ // END android-changed + } + } + +@@ -285,21 +298,25 @@ + { + public SHA1() + { +- super(new HMac(new SHA1Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA1())); ++ // END android-changed + } + } + +- /** +- * SHA-224 HMac +- */ +- public static class SHA224 +- extends BaseMac +- { +- public SHA224() +- { +- super(new HMac(new SHA224Digest())); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * SHA-224 HMac ++ // */ ++ // public static class SHA224 ++ // extends BaseMac ++ // { ++ // public SHA224() ++ // { ++ // super(new HMac(new SHA224Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * SHA-256 HMac +@@ -309,7 +326,7 @@ + { + public SHA256() + { +- super(new HMac(new SHA256Digest())); ++ super(new HMac(new OpenSSLDigest.SHA256())); + } + } + +@@ -321,18 +338,20 @@ + { + public SHA384() + { +- super(new HMac(new SHA384Digest())); ++ super(new HMac(new OpenSSLDigest.SHA384())); + } + } + +- public static class OldSHA384 +- extends BaseMac +- { +- public OldSHA384() +- { +- super(new OldHMac(new SHA384Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class OldSHA384 ++ // extends BaseMac ++ // { ++ // public OldSHA384() ++ // { ++ // super(new OldHMac(new SHA384Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * SHA-512 HMac +@@ -342,75 +361,77 @@ + { + public SHA512() + { +- super(new HMac(new SHA512Digest())); +- } +- } +- +- /** +- * SHA-512 HMac +- */ +- public static class OldSHA512 +- extends BaseMac +- { +- public OldSHA512() +- { +- super(new OldHMac(new SHA512Digest())); +- } +- } +- +- /** +- * RIPEMD128 HMac +- */ +- public static class RIPEMD128 +- extends BaseMac +- { +- public RIPEMD128() +- { +- super(new HMac(new RIPEMD128Digest())); +- } +- } +- +- /** +- * RIPEMD160 HMac +- */ +- public static class RIPEMD160 +- extends BaseMac +- { +- public RIPEMD160() +- { +- super(new HMac(new RIPEMD160Digest())); +- } +- } +- +- /** +- * Tiger HMac +- */ +- public static class Tiger +- extends BaseMac +- { +- public Tiger() +- { +- super(new HMac(new TigerDigest())); ++ super(new HMac(new OpenSSLDigest.SHA512())); + } + } + ++ // BEGIN android-removed ++ // /** ++ // * SHA-512 HMac ++ // */ ++ // public static class OldSHA512 ++ // extends BaseMac ++ // { ++ // public OldSHA512() ++ // { ++ // super(new OldHMac(new SHA512Digest())); ++ // } ++ // } ++ // ++ // /** ++ // * RIPEMD128 HMac ++ // */ ++ // public static class RIPEMD128 ++ // extends BaseMac ++ // { ++ // public RIPEMD128() ++ // { ++ // super(new HMac(new RIPEMD128Digest())); ++ // } ++ // } + // +- // PKCS12 states that the same algorithm should be used +- // for the key generation as is used in the HMAC, so that +- // is what we do here. ++ // /** ++ // * RIPEMD160 HMac ++ // */ ++ // public static class RIPEMD160 ++ // extends BaseMac ++ // { ++ // public RIPEMD160() ++ // { ++ // super(new HMac(new RIPEMD160Digest())); ++ // } ++ // } + // +- +- /** +- * PBEWithHmacRIPEMD160 +- */ +- public static class PBEWithRIPEMD160 +- extends BaseMac +- { +- public PBEWithRIPEMD160() +- { +- super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); +- } +- } ++ // /** ++ // * Tiger HMac ++ // */ ++ // public static class Tiger ++ // extends BaseMac ++ // { ++ // public Tiger() ++ // { ++ // super(new HMac(new TigerDigest())); ++ // } ++ // } ++ // ++ // // ++ // // PKCS12 states that the same algorithm should be used ++ // // for the key generation as is used in the HMAC, so that ++ // // is what we do here. ++ // // ++ // ++ // /** ++ // * PBEWithHmacRIPEMD160 ++ // */ ++ // public static class PBEWithRIPEMD160 ++ // extends BaseMac ++ // { ++ // public PBEWithRIPEMD160() ++ // { ++ // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); ++ // } ++ // } ++ // END android-removed + + /** + * PBEWithHmacSHA +@@ -420,19 +441,23 @@ + { + public PBEWithSHA() + { +- super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA1()), PKCS12, SHA1, 160); ++ // END android-changed + } + } + +- /** +- * PBEWithHmacTiger +- */ +- public static class PBEWithTiger +- extends BaseMac +- { +- public PBEWithTiger() +- { +- super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * PBEWithHmacTiger ++ // */ ++ // public static class PBEWithTiger ++ // extends BaseMac ++ // { ++ // public PBEWithTiger() ++ // { ++ // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); ++ // } ++ // } ++ // END android-removed + } +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-09-11 00:12:44.000000000 +0000 +@@ -13,8 +13,10 @@ + import javax.crypto.ShortBufferException; + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; +-import javax.crypto.spec.RC5ParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.RC2ParameterSpec; ++// import javax.crypto.spec.RC5ParameterSpec; ++// END android-removed + + import org.bouncycastle.crypto.BlockCipher; + import org.bouncycastle.crypto.CipherParameters; +@@ -34,8 +36,10 @@ + // + private Class[] availableSpecs = + { +- RC2ParameterSpec.class, +- RC5ParameterSpec.class, ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class, ++ // END android-removed + IvParameterSpec.class, + PBEParameterSpec.class + }; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2012-09-11 00:12:44.000000000 +0000 +@@ -22,8 +22,10 @@ + import javax.crypto.ShortBufferException; + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; +-import javax.crypto.spec.RC5ParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.RC2ParameterSpec; ++// import javax.crypto.spec.RC5ParameterSpec; ++// END android-removed + import javax.crypto.spec.SecretKeySpec; + + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +@@ -45,8 +47,10 @@ + { + IvParameterSpec.class, + PBEParameterSpec.class, +- RC2ParameterSpec.class, +- RC5ParameterSpec.class ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class ++ // END android-removed + }; + + protected int pbeType = PKCS12; +@@ -258,16 +262,19 @@ + return null; + } + ++ // BEGIN android-changed ++ // added ShortBufferException to throws statement + protected int engineDoFinal( + byte[] input, + int inputOffset, + int inputLen, + byte[] output, + int outputOffset) +- throws IllegalBlockSizeException, BadPaddingException ++ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException + { + return 0; + } ++ // END android-changed + + protected byte[] engineWrap( + Key key) +@@ -300,7 +307,12 @@ + byte[] wrappedKey, + String wrappedKeyAlgorithm, + int wrappedKeyType) +- throws InvalidKeyException ++ // BEGIN android-removed ++ // throws InvalidKeyException ++ // END android-removed ++ // BEGIN android-added ++ throws InvalidKeyException, NoSuchAlgorithmException ++ // END android-added + { + byte[] encoded; + try +@@ -376,10 +388,12 @@ + { + throw new InvalidKeyException("Unknown key type " + e.getMessage()); + } +- catch (NoSuchAlgorithmException e) +- { +- throw new InvalidKeyException("Unknown key type " + e.getMessage()); +- } ++ // BEGIN android-removed ++ // catch (NoSuchAlgorithmException e) ++ // { ++ // throw new InvalidKeyException("Unknown key type " + e.getMessage()); ++ // } ++ // END android-removed + catch (InvalidKeySpecException e2) + { + throw new InvalidKeyException("Unknown key type " + e2.getMessage()); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2012-09-11 00:12:44.000000000 +0000 +@@ -7,12 +7,17 @@ + + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.PBEParametersGenerator; +-import org.bouncycastle.crypto.digests.MD2Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.TigerDigest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.MD2Digest; ++// import org.bouncycastle.crypto.digests.MD5Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.TigerDigest; ++// END android-removed ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added + import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; +@@ -28,10 +33,14 @@ + // + static final int MD5 = 0; + static final int SHA1 = 1; +- static final int RIPEMD160 = 2; +- static final int TIGER = 3; ++ // BEGIN android-removed ++ // static final int RIPEMD160 = 2; ++ // static final int TIGER = 3; ++ // END android-removed + static final int SHA256 = 4; +- static final int MD2 = 5; ++ // BEGIN android-removed ++ // static final int MD2 = 5; ++ // END android-removed + + static final int PKCS5S1 = 0; + static final int PKCS5S2 = 1; +@@ -53,14 +62,20 @@ + { + switch (hash) + { +- case MD2: +- generator = new PKCS5S1ParametersGenerator(new MD2Digest()); +- break; ++ // BEGIN android-removed ++ // case MD2: ++ // generator = new PKCS5S1ParametersGenerator(new MD2Digest()); ++ // break; ++ // END android-removed + case MD5: +- generator = new PKCS5S1ParametersGenerator(new MD5Digest()); ++ // BEGIN android-changed ++ generator = new PKCS5S1ParametersGenerator(new OpenSSLDigest.MD5()); ++ // END android-changed + break; + case SHA1: +- generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); ++ // BEGIN android-changed ++ generator = new PKCS5S1ParametersGenerator(new OpenSSLDigest.SHA1()); ++ // END android-changed + break; + default: + throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); +@@ -74,23 +89,33 @@ + { + switch (hash) + { +- case MD2: +- generator = new PKCS12ParametersGenerator(new MD2Digest()); +- break; ++ // BEGIN android-removed ++ // case MD2: ++ // generator = new PKCS12ParametersGenerator(new MD2Digest()); ++ // break; ++ // END android-removed + case MD5: +- generator = new PKCS12ParametersGenerator(new MD5Digest()); ++ // BEGIN android-changed ++ generator = new PKCS12ParametersGenerator(new OpenSSLDigest.MD5()); ++ // END android-changed + break; + case SHA1: +- generator = new PKCS12ParametersGenerator(new SHA1Digest()); +- break; +- case RIPEMD160: +- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); +- break; +- case TIGER: +- generator = new PKCS12ParametersGenerator(new TigerDigest()); ++ // BEGIN android-changed ++ generator = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1()); ++ // END android-changed + break; ++ // BEGIN android-removed ++ // case RIPEMD160: ++ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); ++ // break; ++ // case TIGER: ++ // generator = new PKCS12ParametersGenerator(new TigerDigest()); ++ // break; ++ // END android-removed + case SHA256: +- generator = new PKCS12ParametersGenerator(new SHA256Digest()); ++ // BEGIN android-changed ++ generator = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA256()); ++ // END android-changed + break; + default: + throw new IllegalStateException("unknown digest scheme for PBE encryption."); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/util/DigestFactory.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-11 00:12:44.000000000 +0000 +@@ -10,19 +10,26 @@ + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.MD5Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA224Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; ++// END android-removed ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added + import org.bouncycastle.util.Strings; + + public class DigestFactory + { + private static Set md5 = new HashSet(); + private static Set sha1 = new HashSet(); +- private static Set sha224 = new HashSet(); ++ // BEGIN android-removed ++ // private static Set sha224 = new HashSet(); ++ // END android-removed + private static Set sha256 = new HashSet(); + private static Set sha384 = new HashSet(); + private static Set sha512 = new HashSet(); +@@ -38,9 +45,11 @@ + sha1.add("SHA-1"); + sha1.add(OIWObjectIdentifiers.idSHA1.getId()); + +- sha224.add("SHA224"); +- sha224.add("SHA-224"); +- sha224.add(NISTObjectIdentifiers.id_sha224.getId()); ++ // BEGIN android-removed ++ // sha224.add("SHA224"); ++ // sha224.add("SHA-224"); ++ // sha224.add(NISTObjectIdentifiers.id_sha224.getId()); ++ // END android-removed + + sha256.add("SHA256"); + sha256.add("SHA-256"); +@@ -61,9 +70,11 @@ + oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); + oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); + +- oids.put("SHA224", NISTObjectIdentifiers.id_sha224); +- oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); +- oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); ++ // BEGIN android-removed ++ // oids.put("SHA224", NISTObjectIdentifiers.id_sha224); ++ // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); ++ // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); ++ // END android-removed + + oids.put("SHA256", NISTObjectIdentifiers.id_sha256); + oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); +@@ -85,27 +96,39 @@ + + if (sha1.contains(digestName)) + { +- return new SHA1Digest(); ++ // BEGIN android-changed ++ return new OpenSSLDigest.SHA1(); ++ // END android-changed + } + if (md5.contains(digestName)) + { +- return new MD5Digest(); +- } +- if (sha224.contains(digestName)) +- { +- return new SHA224Digest(); +- } ++ // BEGIN android-changed ++ return new OpenSSLDigest.MD5(); ++ // END android-changed ++ } ++ // BEGIN android-removed ++ // if (sha224.contains(digestName)) ++ // { ++ // return new SHA224Digest(); ++ // } ++ // END android-removed + if (sha256.contains(digestName)) + { +- return new SHA256Digest(); ++ // BEGIN android-changed ++ return new OpenSSLDigest.SHA256(); ++ // END android-changed + } + if (sha384.contains(digestName)) + { +- return new SHA384Digest(); ++ // BEGIN android-changed ++ return new OpenSSLDigest.SHA384(); ++ // END android-changed + } + if (sha512.contains(digestName)) + { +- return new SHA512Digest(); ++ // BEGIN android-changed ++ return new OpenSSLDigest.SHA512(); ++ // END android-changed + } + + return null; +@@ -116,7 +139,9 @@ + String digest2) + { + return (sha1.contains(digest1) && sha1.contains(digest2)) +- || (sha224.contains(digest1) && sha224.contains(digest2)) ++ // BEGIN android-removed ++ // || (sha224.contains(digest1) && sha224.contains(digest2)) ++ // END android-removed + || (sha256.contains(digest1) && sha256.contains(digest2)) + || (sha384.contains(digest1) && sha384.contains(digest2)) + || (sha512.contains(digest1) && sha512.contains(digest2)) +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk15on-147/org/bouncycastle/jce/ECNamedCurveTable.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/ECNamedCurveTable.java 2012-09-11 00:12:44.000000000 +0000 +@@ -6,7 +6,9 @@ + import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; @@ -990,7 +5767,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcp - { - try - { -- ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name)); +- ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { @@ -1006,7 +5783,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcp + // { + // try + // { -+ // ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name)); ++ // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); + // } + // catch (IllegalArgumentException e) + // { @@ -1029,10 +5806,21 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcp return v.elements(); } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-07-27 18:48:00.041479127 +0000 -@@ -80,15 +80,20 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-147/org/bouncycastle/jce/PKCS10CertificationRequest.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-09-11 00:12:44.000000000 +0000 +@@ -37,7 +37,9 @@ + import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x509.X509Name; +@@ -81,15 +83,20 @@ static { @@ -1057,7 +5845,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); -@@ -96,57 +101,78 @@ +@@ -97,57 +104,78 @@ algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); @@ -1156,7 +5944,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); // -@@ -160,35 +186,53 @@ +@@ -161,35 +189,53 @@ // The parameters field SHALL be NULL for RSA based signature algorithms. // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); @@ -1221,7 +6009,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); } -@@ -594,10 +638,12 @@ +@@ -595,10 +641,12 @@ { return "SHA1"; } @@ -1238,7 +6026,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) { return "SHA256"; -@@ -610,22 +656,24 @@ +@@ -611,22 +659,24 @@ { return "SHA512"; } @@ -1279,12 +6067,12 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest else { return digestAlgOID.getId(); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-07-27 18:48:00.031478939 +0000 -@@ -45,7 +45,10 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/BouncyCastleProvider.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-09-11 00:12:44.000000000 +0000 +@@ -48,7 +48,10 @@ { - private static String info = "BouncyCastle Security Provider v1.46"; + private static String info = "BouncyCastle Security Provider v1.47"; - public static String PROVIDER_NAME = "BC"; + // BEGIN android-changed @@ -1292,27 +6080,54 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi + public static final String PROVIDER_NAME = "BC"; + // END android-changed - /* - * Configurable symmetric ciphers -@@ -53,8 +56,14 @@ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.symmetric."; + public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); + +@@ -61,8 +64,13 @@ + private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; private static final String[] SYMMETRIC_CIPHERS = { -- "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", -- "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" +- "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", +- "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // BEGIN android-removed -+ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", -+ // "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" ++ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", ++ // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // END android-removed + // BEGIN android-added -+ "AES", "ARC4", "Blowfish", "DESede", ++ "AES", "ARC4", "Blowfish", "DES", "DESede", ++ // END android-added + }; + + /* +@@ -79,7 +87,12 @@ + + private static final String[] ASYMMETRIC_CIPHERS = + { +- "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal" ++ // BEGIN android-removed ++ // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal" ++ // END android-removed ++ // BEGIN android-added ++ "DSA", "DH", "EC", "RSA", + // END android-added -+ }; /* -@@ -90,26 +99,28 @@ - loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS); +@@ -88,7 +101,12 @@ + private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; + private static final String[] DIGESTS = + { +- "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool" ++ // BEGIN android-removed ++ // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool" ++ // END android-removed ++ // BEGIN android-added ++ "MD5", "SHA1", "SHA256", "SHA384", "SHA512", ++ // END android-added + }; + + /** +@@ -120,26 +138,28 @@ + loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); - // @@ -1360,7 +6175,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi // -@@ -118,14 +129,24 @@ +@@ -148,14 +168,24 @@ put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); @@ -1393,67 +6208,22 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); -@@ -142,44 +163,63 @@ - // - put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH"); - put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA"); -- put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410"); -- put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal"); -- put("AlgorithmParameterGenerator.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -- put("AlgorithmParameterGenerator.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -- put("AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -- put("AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -- put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); -- put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); -+ // BEGIN android-removed -+ // put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410"); -+ // put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal"); -+ // put("AlgorithmParameterGenerator.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -+ // put("AlgorithmParameterGenerator.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -+ // put("AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -+ // put("AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); -+ // put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); -+ // put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); -+ // END android-removed - - put("Alg.Alias.AlgorithmParameterGenerator.DIFFIEHELLMAN", "DH"); -- put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); -+ // END android-removed +@@ -164,29 +194,41 @@ // // algorithm parameters // - put("AlgorithmParameters.OAEP", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$OAEP"); -- put("AlgorithmParameters.PSS", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PSS"); -+ // BEGIN android-removed -+ // put("AlgorithmParameters.PSS", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PSS"); -+ // END android-removed - put("AlgorithmParameters.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DH"); - put("Alg.Alias.AlgorithmParameters.DIFFIEHELLMAN", "DH"); - put("AlgorithmParameters.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DSA"); -- put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal"); - put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); + // BEGIN android-removed -+ // put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal"); + // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); + // END android-removed put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); -- put("AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); + - put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); -- -- put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410"); -- put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); -+ // BEGIN android-changed -+ // redundant with below -+ // put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESede"); -+ // END android-changed + // BEGIN android-removed + // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); -+ // -+ // put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410"); -+ // put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); + // END android-removed + + put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); @@ -1481,57 +6251,16 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); -@@ -193,7 +233,7 @@ - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); -- -+ - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); -@@ -203,22 +243,24 @@ - - put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); - -- put("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); -- put("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); -- put("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); -- put("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); + put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); + put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); +- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); -+ // put("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); ++ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + // END android-removed - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); -@@ -235,12 +277,14 @@ + put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); + put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); + put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); +@@ -217,12 +259,14 @@ put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); @@ -1552,95 +6281,19 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi // // key agreement -@@ -252,71 +296,91 @@ - // cipher engines - // - put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES"); -- put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC"); -- -- put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2"); -- put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); -- put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); -- -- put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC"); -+ // BEGIN android-removed -+ // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC"); -+ // -+ // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2"); -+ // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); -+ // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); -+ // -+ // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC"); -+ // END android-removed - +@@ -235,16 +279,22 @@ put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); -- put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147"); -- put("Alg.Alias.Cipher.GOST", "GOST28147"); -- put("Alg.Alias.Cipher.GOST-28147", "GOST28147"); -- put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc"); -+ // BEGIN android-removed -+ // put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147"); -+ // put("Alg.Alias.Cipher.GOST", "GOST28147"); -+ // put("Alg.Alias.Cipher.GOST-28147", "GOST28147"); -+ // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc"); -+ // END android-removed - put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); -- put("Cipher.RSA/RAW", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); -- put("Cipher.RSA/PKCS1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); -- put("Cipher.1.2.840.113549.1.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); -- put("Cipher.2.5.8.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); -- put("Cipher.RSA/1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PrivateOnly"); -- put("Cipher.RSA/2", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PublicOnly"); -- put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); -- put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); -- put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding"); -- - put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); - put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); - put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); - put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); -- put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding"); -- put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding"); -+ // BEGIN android-changed -+ put("Alg.Alias.Cipher.RSA/RAW", "RSA"); -+ // END android-changed + // BEGIN android-removed -+ // put("Cipher.RSA/PKCS1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); -+ // put("Cipher.1.2.840.113549.1.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); -+ // put("Cipher.2.5.8.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); -+ // put("Cipher.RSA/1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PrivateOnly"); -+ // put("Cipher.RSA/2", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PublicOnly"); -+ // put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); -+ // put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); -+ // put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding"); -+ // + // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); + // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); + // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); + // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); -+ // put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding"); -+ // put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding"); -+ // END android-removed - - put("Alg.Alias.Cipher.RSA//RAW", "RSA"); - put("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); -- put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); -- put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); -- put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); -- -- put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); -- put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); -- put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); -+ // put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); -+ // put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); -+ // -+ // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); -+ // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); -+ // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); + // END android-removed put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); @@ -1655,50 +6308,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi + // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + // END android-removed put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - put("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES3Key"); -- put("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key"); -- put("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key"); -+ // BEGIN android-removed -+ // put("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key"); -+ // put("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key"); -+ // END android-removed - put("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES2Key"); -- put("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key"); -+ // BEGIN android-removed -+ // put("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key"); -+ // END android-removed - put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); - put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); - put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); - put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); - -- put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); -- put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); -- put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "Cipher.PBEWITHSHAAND128BITRC2-CBC"); -- put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "Cipher.PBEWITHSHAAND40BITRC2-CBC"); -- put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4"); -- put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4"); -+ // BEGIN android-changed -+ put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); -+ put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); -+ put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); -+ put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); -+ put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); -+ put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); -+ // END android-changed - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); -@@ -324,7 +388,7 @@ - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); -- -+ - put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); -@@ -346,10 +410,12 @@ + put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); +@@ -286,10 +336,12 @@ put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); @@ -1715,113 +6327,17 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -368,13 +434,15 @@ - put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES"); - put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES"); - -- put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); -- put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); -- -- put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147"); -- put("Alg.Alias.KeyGenerator.GOST", "GOST28147"); -- put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); -- put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147"); -+ // BEGIN android-removed -+ // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); -+ // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); -+ // -+ // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147"); -+ // put("Alg.Alias.KeyGenerator.GOST", "GOST28147"); -+ // put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); -+ // put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147"); -+ // END android-removed - - // - // key pair generators. -@@ -382,14 +450,18 @@ - put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA"); - put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH"); - put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA"); -- put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal"); -+ // BEGIN android-removed -+ // put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal"); -+ // END android-removed - - put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); - put("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH"); - -- put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410"); -- put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); -- put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); -+ // BEGIN android-removed -+ // put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410"); -+ // put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); -+ // put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); -+ // END android-removed - - // - // key factories -@@ -397,20 +469,24 @@ - put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA"); - put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH"); - put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA"); -- put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); -- put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); -- -- put("KeyFactory.X.509", "org.bouncycastle.jce.provider.JDKKeyFactory$X509"); -+ // BEGIN android-removed -+ // put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); -+ // put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); -+ // -+ // put("KeyFactory.X.509", "org.bouncycastle.jce.provider.JDKKeyFactory$X509"); -+ // END android-removed - - put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); - put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); - - put("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH"); - -- put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410"); -- put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); -- put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); -- put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); -+ // BEGIN android-removed -+ // put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410"); -+ // put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); -+ // put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); -+ // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); -+ // END android-removed - - // - // Algorithm parameters -@@ -418,24 +494,34 @@ - put("AlgorithmParameters.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - put("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); - put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); -- put("AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); -- put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); -- put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); -+ // BEGIN android-changed -+ put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); -+ // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); -+ // END android-removed - +@@ -326,16 +378,20 @@ // // secret key factories. // - put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES"); - put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); - - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // BEGIN android-removed + // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); -+ // END android-removed -+ -+ // BEGIN android-removed ++ // + // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed @@ -1837,7 +6353,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); -@@ -447,31 +533,41 @@ +@@ -347,31 +403,39 @@ put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); @@ -1875,9 +6391,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi + // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); -+ // END android-removed -+ -+ // BEGIN android-removed ++ // + // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); + // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); + // END android-removed @@ -1894,7 +6408,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -508,6 +604,10 @@ +@@ -408,20 +472,31 @@ put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); @@ -1905,9 +6419,6 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi addMacAlgorithms(); -@@ -516,16 +616,23 @@ - addSignatureAlgorithms(); - // Certification Path API - put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); - put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); @@ -1936,15 +6447,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi } private void loadAlgorithms(String packageName, String[] names) -@@ -586,42 +693,46 @@ - // +@@ -469,21 +544,25 @@ private void addMacAlgorithms() { -- put("Mac.DESMAC", "org.bouncycastle.jce.provider.JCEMac$DES"); -- put("Alg.Alias.Mac.DES", "DESMAC"); -- put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8"); -- put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); -- + - put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - @@ -1953,27 +6459,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi - put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); - put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); - -- put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2"); -- put("Alg.Alias.Mac.RC2", "RC2MAC"); -- put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8"); -- put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); -- -- -- put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147"); -- put("Alg.Alias.Mac.GOST28147", "GOST28147MAC"); -- - put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); - - put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); -- -- addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC"); -- addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC"); + // BEGIN android-removed -+ // put("Mac.DESMAC", "org.bouncycastle.jce.provider.JCEMac$DES"); -+ // put("Alg.Alias.Mac.DES", "DESMAC"); -+ // put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8"); -+ // put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); -+ // + // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); + // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); + // @@ -1982,54 +6471,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi + // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); + // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); + // -+ // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2"); -+ // put("Alg.Alias.Mac.RC2", "RC2MAC"); -+ // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8"); -+ // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); -+ // -+ // -+ // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147"); -+ // put("Alg.Alias.Mac.GOST28147", "GOST28147MAC"); -+ // + // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); + // + // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); -+ // -+ // addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC"); -+ // addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC"); -+ // END android-removed - addHMACAlgorithm("MD5", "org.bouncycastle.jce.provider.JCEMac$MD5", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD5HMAC"); - addHMACAlias("MD5", IANAObjectIdentifiers.hmacMD5); - - addHMACAlgorithm("SHA1", "org.bouncycastle.jce.provider.JCEMac$SHA1", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA1"); - addHMACAlias("SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); - addHMACAlias("SHA1", IANAObjectIdentifiers.hmacSHA1); -- addHMACAlgorithm("SHA224", "org.bouncycastle.jce.provider.JCEMac$SHA224", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA224"); -- addHMACAlias("SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); -+ // BEGIN android-removed -+ // addHMACAlgorithm("SHA224", "org.bouncycastle.jce.provider.JCEMac$SHA224", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA224"); -+ // addHMACAlias("SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); -+ // END android-removed - addHMACAlgorithm("SHA256", "org.bouncycastle.jce.provider.JCEMac$SHA256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA256"); - addHMACAlias("SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); - addHMACAlgorithm("SHA384", "org.bouncycastle.jce.provider.JCEMac$SHA384", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA384"); -@@ -629,16 +740,20 @@ - addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512"); - addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); - -- addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC"); -- addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC"); -- addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); -- -- addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER"); -- addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER); -+ // BEGIN android-removed -+ // addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC"); -+ // addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC"); -+ // addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); -+ // -+ // addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER"); -+ // addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER); + // END android-removed put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); @@ -2041,411 +6485,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvi put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); } -@@ -676,9 +791,11 @@ - put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); - put("Alg.Alias.MessageDigest.SHA", "SHA-1"); - put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); -- put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224"); -- put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); -- put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); -+ // BEGIN android-removed -+ // put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224"); -+ // put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); -+ // put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); -+ // END android-removed - put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256"); - put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); -@@ -689,27 +806,31 @@ - put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); - -- put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2"); -- put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); -- put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4"); -- put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); -+ // BEGIN android-removed -+ // put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2"); -+ // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); -+ // put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4"); -+ // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); -+ // END android-removed - put("MessageDigest.MD5", "org.bouncycastle.jce.provider.JDKMessageDigest$MD5"); - put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); -- put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128"); -- put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); -- put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160"); -- put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); -- put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256"); -- put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); -- put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320"); -- put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger"); -- -- put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool"); -- -- put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411"); -- put("Alg.Alias.MessageDigest.GOST", "GOST3411"); -- put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); -- put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); -+ // BEGIN android-removed -+ // put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128"); -+ // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); -+ // put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160"); -+ // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); -+ // put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256"); -+ // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); -+ // put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320"); -+ // put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger"); -+ -+ // put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool"); -+ -+ // put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411"); -+ // put("Alg.Alias.MessageDigest.GOST", "GOST3411"); -+ // put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); -+ // put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); -+ // END android-removed - } - - // -@@ -717,55 +838,70 @@ - // - private void addSignatureAlgorithms() - { -- put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption"); -- put("Signature.MD4WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption"); -+ // BEGIN android-removed -+ // Dropping MD2 -+ // put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption"); -+ // put("Signature.MD4WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption"); -+ // END android-removed - put("Signature.MD5WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD5WithRSAEncryption"); - put("Signature.SHA1WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption"); -- put("Signature.SHA224WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA224WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Signature.SHA224WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA224WithRSAEncryption"); -+ // END android-removed - put("Signature.SHA256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA256WithRSAEncryption"); - put("Signature.SHA384WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA384WithRSAEncryption"); - put("Signature.SHA512WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA512WithRSAEncryption"); -- put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption"); -- put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption"); -- put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption"); -- put("Signature.DSA", "org.bouncycastle.jce.provider.JDKDSASigner$stdDSA"); -+ // BEGIN android-removed -+ // put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption"); -+ // put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption"); -+ // put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption"); -+ // END android-removed -+ // BEGIN android-changed -+ put("Signature.SHA1withDSA", "org.bouncycastle.jce.provider.JDKDSASigner$stdDSA"); -+ // END android-changed - put("Signature.NONEWITHDSA", "org.bouncycastle.jce.provider.JDKDSASigner$noneDSA"); -- put("Signature.SHA1withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$SHA1WithRSAEncryption"); -- put("Signature.MD5withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$MD5WithRSAEncryption"); -- put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption"); -- -- put("Signature.RSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); -- put("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); -- put("Signature.SHA1withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA1withRSA"); -- put("Signature.SHA224withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA224withRSA"); -- put("Signature.SHA256withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA256withRSA"); -- put("Signature.SHA384withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA384withRSA"); -- put("Signature.SHA512withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA512withRSA"); -- -- put("Signature.RSA", "org.bouncycastle.jce.provider.JDKDigestSignature$noneRSA"); -- put("Signature.RAWRSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$nonePSS"); -+ // BEGIN android-removed -+ // put("Signature.SHA1withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$SHA1WithRSAEncryption"); -+ // put("Signature.MD5withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$MD5WithRSAEncryption"); -+ // put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption"); -+ // -+ // put("Signature.RSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); -+ // put("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); -+ // put("Signature.SHA1withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA1withRSA"); -+ // put("Signature.SHA224withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA224withRSA"); -+ // put("Signature.SHA256withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA256withRSA"); -+ // put("Signature.SHA384withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA384withRSA"); -+ // put("Signature.SHA512withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA512withRSA"); -+ // -+ // put("Signature.RSA", "org.bouncycastle.jce.provider.JDKDigestSignature$noneRSA"); -+ // put("Signature.RAWRSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$nonePSS"); -+ // END android-removed - - put("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); - -- put("Alg.Alias.Signature.RAWRSA", "RSA"); -- put("Alg.Alias.Signature.NONEWITHRSA", "RSA"); -- put("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); -- put("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); -- put("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); -- -- put("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); -- -- put("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); -- put("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); -- put("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); -- put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); -- put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); -- -- put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption"); -- put("Alg.Alias.Signature.MD4withRSAEncryption", "MD4WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.RAWRSA", "RSA"); -+ // put("Alg.Alias.Signature.NONEWITHRSA", "RSA"); -+ // put("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); -+ // put("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); -+ // put("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); -+ // -+ // put("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); -+ // -+ // put("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); -+ // put("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); -+ // put("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); -+ // put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); -+ // put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); -+ // -+ // put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption"); -+ // put("Alg.Alias.Signature.MD4withRSAEncryption", "MD4WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature.MD5withRSAEncryption", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1withRSAEncryption", "SHA1WithRSAEncryption"); -- put("Alg.Alias.Signature.SHA224withRSAEncryption", "SHA224WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.SHA224withRSAEncryption", "SHA224WithRSAEncryption"); -+ // END android-removed - - put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384WithRSAEncryption"); -@@ -779,24 +915,30 @@ - put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption"); - -- put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption"); -- -- put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption"); -- put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption"); -- put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption"); -- put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption"); -+ // BEGIN android-removed -+ // Dropping MD2 -+ // put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption"); -+ // put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption"); -+ // put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption"); -+ // put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature.MD5WithRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD5withRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WithRSAEncryption"); -- put("Alg.Alias.Signature.MD4WithRSA", "MD4WithRSAEncryption"); -- put("Alg.Alias.Signature.MD4withRSA", "MD4WithRSAEncryption"); -- put("Alg.Alias.Signature.MD4/RSA", "MD4WithRSAEncryption"); -- put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.MD4WithRSA", "MD4WithRSAEncryption"); -+ // put("Alg.Alias.Signature.MD4withRSA", "MD4WithRSAEncryption"); -+ // put("Alg.Alias.Signature.MD4/RSA", "MD4WithRSAEncryption"); -+ // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature.SHA1WithRSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1withRSA", "SHA1WithRSAEncryption"); -- put("Alg.Alias.Signature.SHA224WithRSA", "SHA224WithRSAEncryption"); -- put("Alg.Alias.Signature.SHA224withRSA", "SHA224WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.SHA224WithRSA", "SHA224WithRSAEncryption"); -+ // put("Alg.Alias.Signature.SHA224withRSA", "SHA224WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature.SHA256WithRSA", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA256withRSA", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WithRSA", "SHA384WithRSAEncryption"); -@@ -806,92 +948,110 @@ - put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WithRSAEncryption"); -- put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption"); -- put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption"); -+ // put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WithRSAEncryption"); - -- put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption"); -+ // END android-removed - put("Alg.Alias.Signature.MD5WITHRSAENCRYPTION", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WITHRSAENCRYPTION", "SHA1WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption"); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption"); -+ // END android-removed - - put("Alg.Alias.Signature.MD5WITHRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WITHRSA", "SHA1WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption"); -- put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); -- -- addSignatureAlgorithm("SHA224", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); -- addSignatureAlgorithm("SHA256", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); -- addSignatureAlgorithm("SHA384", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); -- addSignatureAlgorithm("SHA512", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); -- -- put("Alg.Alias.Signature.SHA/DSA", "DSA"); -- put("Alg.Alias.Signature.SHA1withDSA", "DSA"); -- put("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); -- put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); -- put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); -- put("Alg.Alias.Signature.DSAwithSHA1", "DSA"); -- put("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); -- put("Alg.Alias.Signature.SHA1WithDSA", "DSA"); -- put("Alg.Alias.Signature.DSAWithSHA1", "DSA"); -- put("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); -- put("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); -- put("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); -- put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); -- -- put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410"); -- put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); -- put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); -- put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410"); -- put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410"); -- put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410"); -- put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); -- -- put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410"); -- put("Alg.Alias.Signature.GOST-3410", "GOST3410"); -- put("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); -- put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); -- put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); -- put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); -- put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); -- } -- -- private void addSignatureAlgorithm( -- String digest, -- String algorithm, -- String className, -- DERObjectIdentifier oid) -- { -- String mainName = digest + "WITH" + algorithm; -- String jdk11Variation1 = digest + "with" + algorithm; -- String jdk11Variation2 = digest + "With" + algorithm; -- String alias = digest + "/" + algorithm; -- -- put("Signature." + mainName, className); -- put("Alg.Alias.Signature." + jdk11Variation1, mainName); -- put("Alg.Alias.Signature." + jdk11Variation2, mainName); -- put("Alg.Alias.Signature." + alias, mainName); -- put("Alg.Alias.Signature." + oid, mainName); -- put("Alg.Alias.Signature.OID." + oid, mainName); -- } -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption"); -+ // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); -+ // END android-removed -+ -+ // BEGIN android-removed -+ // addSignatureAlgorithm("SHA224", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); -+ // addSignatureAlgorithm("SHA256", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); -+ // addSignatureAlgorithm("SHA384", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); -+ // addSignatureAlgorithm("SHA512", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); -+ // END android-removed -+ -+ // BEGIN android-changed -+ put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); -+ put("Alg.Alias.Signature.DSA", "SHA1withDSA"); -+ put("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA"); -+ put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); -+ put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); -+ put("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA"); -+ put("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); -+ put("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); -+ put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); -+ put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); -+ // put("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); -+ // put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); -+ // -+ // put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410"); -+ // put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); -+ // put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); -+ // put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410"); -+ // put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410"); -+ // put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410"); -+ // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); -+ // -+ // put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410"); -+ // put("Alg.Alias.Signature.GOST-3410", "GOST3410"); -+ // put("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); -+ // put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); -+ // put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); -+ // put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); -+ // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); -+ // END android-removed -+ } -+ -+ // BEGIN android-removed -+ // private void addSignatureAlgorithm( -+ // String digest, -+ // String algorithm, -+ // String className, -+ // DERObjectIdentifier oid) -+ // { -+ // String mainName = digest + "WITH" + algorithm; -+ // String jdk11Variation1 = digest + "with" + algorithm; -+ // String jdk11Variation2 = digest + "With" + algorithm; -+ // String alias = digest + "/" + algorithm; -+ // -+ // put("Signature." + mainName, className); -+ // put("Alg.Alias.Signature." + jdk11Variation1, mainName); -+ // put("Alg.Alias.Signature." + jdk11Variation2, mainName); -+ // put("Alg.Alias.Signature." + alias, mainName); -+ // put("Alg.Alias.Signature." + oid, mainName); -+ // put("Alg.Alias.Signature.OID." + oid, mainName); -+ // } -+ // END android-removed - - public void setParameter(String parameterName, Object parameter) - { -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java 2012-07-27 18:48:00.031478939 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertBlacklist.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertBlacklist.java 2012-09-11 00:12:44.000000000 +0000 @@ -0,0 +1,177 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -2624,20 +6666,12 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.jav + } + +} -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-07-27 18:48:00.031478939 +0000 -@@ -24,6 +24,7 @@ - import java.security.spec.DSAPublicKeySpec; - import java.text.ParseException; - import java.util.ArrayList; -+import java.util.Arrays; - import java.util.Collection; - import java.util.Date; - import java.util.Enumeration; -@@ -59,13 +60,17 @@ - import org.bouncycastle.asn1.x509.PolicyInformation; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-09-11 00:12:44.000000000 +0000 +@@ -61,13 +61,17 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.X509LDAPCertStoreParameters; +// BEGIN android-removed @@ -2655,18 +6689,18 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidator import org.bouncycastle.x509.X509AttributeCertificate; import org.bouncycastle.x509.X509CRLStoreSelector; import org.bouncycastle.x509.X509CertStoreSelector; -@@ -250,7 +255,9 @@ +@@ -247,7 +251,9 @@ { // look for URI - List list = (List) it.next(); + List list = (List)it.next(); - if (list.get(0).equals(new Integer(GeneralName.uniformResourceIdentifier))) + // BEGIN android-changed + if (list.get(0).equals(Integer.valueOf(GeneralName.uniformResourceIdentifier))) + // END android-changed { // found - String temp = (String) list.get(1); -@@ -660,38 +667,40 @@ + String temp = (String)list.get(1); +@@ -655,38 +661,40 @@ { try { @@ -2739,13 +6773,13 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidator } catch (Exception e) { -@@ -758,35 +767,37 @@ +@@ -751,33 +759,35 @@ return certs; } - protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, - List certStores) -- throws AnnotatedException +- throws AnnotatedException - { - Set certs = new HashSet(); - Iterator iter = certStores.iterator(); @@ -2763,9 +6797,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidator - } - catch (StoreException e) - { -- throw -- -- new AnnotatedException( +- throw new AnnotatedException( - "Problem while picking certificates from X.509 store.", e); - } - } @@ -2775,7 +6807,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidator + // BEGIN android-removed + // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, + // List certStores) -+ // throws AnnotatedException ++ // throws AnnotatedException + // { + // Set certs = new HashSet(); + // Iterator iter = certStores.iterator(); @@ -2793,9 +6825,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidator + // } + // catch (StoreException e) + // { -+ // throw -+ // -+ // new AnnotatedException( ++ // throw new AnnotatedException( + // "Problem while picking certificates from X.509 store.", e); + // } + // } @@ -2806,10 +6836,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidator protected static void addAdditionalStoresFromCRLDistributionPoint( CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java 2012-07-27 18:48:00.031478939 +0000 -@@ -17,8 +17,10 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEBlockCipher.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEBlockCipher.java 2012-09-11 00:12:44.000000000 +0000 +@@ -18,8 +18,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; @@ -2823,9 +6853,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; @@ -28,7 +30,9 @@ + import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.engines.AESFastEngine; import org.bouncycastle.crypto.engines.DESEngine; - import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.GOST28147Engine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.GOST28147Engine; @@ -2833,7 +6863,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja import org.bouncycastle.crypto.engines.RC2Engine; import org.bouncycastle.crypto.engines.TwofishEngine; import org.bouncycastle.crypto.modes.AEADBlockCipher; -@@ -36,12 +40,16 @@ +@@ -36,12 +40,18 @@ import org.bouncycastle.crypto.modes.CCMBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.CTSBlockCipher; @@ -2842,7 +6872,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja +// import org.bouncycastle.crypto.modes.EAXBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.GCMBlockCipher; - import org.bouncycastle.crypto.modes.GOFBBlockCipher; +-import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; @@ -2853,24 +6886,28 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja import org.bouncycastle.crypto.modes.SICBlockCipher; import org.bouncycastle.crypto.paddings.BlockCipherPadding; import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -@@ -53,10 +61,12 @@ +@@ -53,12 +63,16 @@ import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.ParametersWithSBox; -import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; --import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.ParametersWithSBox; +// import org.bouncycastle.crypto.params.RC2Parameters; +// import org.bouncycastle.crypto.params.RC5Parameters; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; + import org.bouncycastle.jcajce.provider.symmetric.util.PBE; +-import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// BEGIN android-removed +// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// END android-removed + import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; import org.bouncycastle.util.Strings; - public class JCEBlockCipher extends WrapCipherSpi -@@ -67,11 +77,15 @@ +@@ -71,11 +85,15 @@ // private Class[] availableSpecs = { @@ -2889,7 +6926,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja }; private BlockCipher baseEngine; -@@ -226,20 +240,22 @@ +@@ -232,20 +250,22 @@ new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); } } @@ -2926,7 +6963,28 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja else if (modeName.startsWith("SIC")) { ivLength = baseEngine.getBlockSize(); -@@ -272,11 +288,13 @@ +@@ -262,12 +282,14 @@ + cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + new SICBlockCipher(baseEngine))); + } +- else if (modeName.startsWith("GOFB")) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( +- new GOFBBlockCipher(baseEngine))); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("GOFB")) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( ++ // new GOFBBlockCipher(baseEngine))); ++ // } ++ // END android-removed + else if (modeName.startsWith("CTS")) + { + ivLength = baseEngine.getBlockSize(); +@@ -278,11 +300,13 @@ ivLength = baseEngine.getBlockSize(); cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } @@ -2945,7 +7003,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja else if (modeName.startsWith("GCM")) { ivLength = baseEngine.getBlockSize(); -@@ -365,13 +383,15 @@ +@@ -371,13 +395,15 @@ throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); } @@ -2968,7 +7026,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja // // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). -@@ -437,63 +457,65 @@ +@@ -451,63 +477,65 @@ param = new KeyParameter(key.getEncoded()); } } @@ -3091,7 +7149,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja else { throw new InvalidAlgorithmParameterException("unknown parameter type."); -@@ -697,10 +719,21 @@ +@@ -711,10 +739,21 @@ int inputLen, byte[] output, int outputOffset) @@ -3114,7 +7172,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja if (inputLen != 0) { len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); -@@ -742,62 +775,64 @@ +@@ -756,62 +795,64 @@ } } @@ -3235,150 +7293,11 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja /** * PBEWithMD5AndDES -@@ -822,7 +857,7 @@ - super(new CBCBlockCipher(new RC2Engine())); - } - } -- -+ - /** - * PBEWithSHA1AndDES - */ -@@ -870,7 +905,7 @@ - super(new CBCBlockCipher(new DESedeEngine())); - } - } -- -+ - /** - * PBEWithSHAAnd128BitRC2-CBC - */ -@@ -894,7 +929,7 @@ - super(new CBCBlockCipher(new RC2Engine())); - } - } -- -+ - /** - * PBEWithSHAAndTwofish-CBC - */ -@@ -906,7 +941,7 @@ - super(new CBCBlockCipher(new TwofishEngine())); - } - } -- -+ - /** - * PBEWithAES-CBC - */ -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2012-07-27 18:48:00.031478939 +0000 -@@ -36,10 +36,12 @@ - - static - { -- Integer i64 = new Integer(64); -- Integer i192 = new Integer(192); -- Integer i128 = new Integer(128); -- Integer i256 = new Integer(256); -+ // BEGIN android-changed -+ Integer i64 = Integer.valueOf(64); -+ Integer i192 = Integer.valueOf(192); -+ Integer i128 = Integer.valueOf(128); -+ Integer i256 = Integer.valueOf(256); -+ // END android-changed - - algorithms.put("DES", i64); - algorithms.put("DESEDE", i192); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java 2012-07-27 18:48:00.031478939 +0000 -@@ -12,7 +12,9 @@ - import org.bouncycastle.crypto.Digest; - import org.bouncycastle.crypto.digests.MD5Digest; - import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA256Digest; - import org.bouncycastle.crypto.digests.SHA384Digest; - import org.bouncycastle.crypto.digests.SHA512Digest; -@@ -22,7 +24,9 @@ - { - private static Set md5 = new HashSet(); - private static Set sha1 = new HashSet(); -- private static Set sha224 = new HashSet(); -+ // BEGIN android-removed -+ // private static Set sha224 = new HashSet(); -+ // END android-removed - private static Set sha256 = new HashSet(); - private static Set sha384 = new HashSet(); - private static Set sha512 = new HashSet(); -@@ -38,9 +42,11 @@ - sha1.add("SHA-1"); - sha1.add(OIWObjectIdentifiers.idSHA1.getId()); - -- sha224.add("SHA224"); -- sha224.add("SHA-224"); -- sha224.add(NISTObjectIdentifiers.id_sha224.getId()); -+ // BEGIN android-removed -+ // sha224.add("SHA224"); -+ // sha224.add("SHA-224"); -+ // sha224.add(NISTObjectIdentifiers.id_sha224.getId()); -+ // END android-removed - - sha256.add("SHA256"); - sha256.add("SHA-256"); -@@ -61,9 +67,11 @@ - oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); - oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); - -- oids.put("SHA224", NISTObjectIdentifiers.id_sha224); -- oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); -- oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); -+ // BEGIN android-removed -+ // oids.put("SHA224", NISTObjectIdentifiers.id_sha224); -+ // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); -+ // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); -+ // END android-removed - - oids.put("SHA256", NISTObjectIdentifiers.id_sha256); - oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); -@@ -91,10 +99,12 @@ - { - return new MD5Digest(); - } -- if (sha224.contains(digestName)) -- { -- return new SHA224Digest(); -- } -+ // BEGIN android-removed -+ // if (sha224.contains(digestName)) -+ // { -+ // return new SHA224Digest(); -+ // } -+ // END android-removed - if (sha256.contains(digestName)) - { - return new SHA256Digest(); -@@ -116,7 +126,9 @@ - String digest2) - { - return (sha1.contains(digest1) && sha1.contains(digest2)) -- || (sha224.contains(digest1) && sha224.contains(digest2)) -+ // BEGIN android-removed -+ // || (sha224.contains(digest1) && sha224.contains(digest2)) -+ // END android-removed - || (sha256.contains(digest1) && sha256.contains(digest2)) - || (sha384.contains(digest1) && sha384.contains(digest2)) - || (sha512.contains(digest1) && sha512.contains(digest2)) -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-07-27 18:48:00.031478939 +0000 -@@ -20,7 +20,9 @@ - import org.bouncycastle.asn1.DERObject; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPrivateKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -21,7 +21,9 @@ + import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; @@ -3388,8 +7307,8 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.j import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -@@ -199,21 +201,23 @@ - DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); +@@ -203,21 +205,23 @@ + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - if (ecP == null) // GOST Curve @@ -3427,30 +7346,30 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.j { EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); -@@ -324,11 +328,13 @@ - keyStructure = new ECPrivateKeyStructure(this.getS(), params); - } +@@ -331,11 +335,13 @@ -- if (algorithm.equals("ECGOST3410")) -- { -- info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject()); -- } -- else -+ // BEGIN android-removed -+ // if (algorithm.equals("ECGOST3410")) -+ // { -+ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject()); -+ // } -+ // else -+ // END android-removed + try { +- if (algorithm.equals("ECGOST3410")) +- { +- info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); +- } +- else ++ // BEGIN android-removed ++ // if (algorithm.equals("ECGOST3410")) ++ // { ++ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); ++ // } ++ // else ++ // END android-removed + { - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject()); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-07-27 18:48:00.031478939 +0000 -@@ -20,8 +20,10 @@ - import org.bouncycastle.asn1.DERObjectIdentifier; + info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPublicKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -19,8 +19,10 @@ + import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; @@ -3462,17 +7381,15 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.ja import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; -@@ -31,11 +33,15 @@ - import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - import org.bouncycastle.crypto.params.ECDomainParameters; - import org.bouncycastle.crypto.params.ECPublicKeyParameters; +@@ -33,9 +35,13 @@ + import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; + import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; + import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.ECGOST3410NamedCurveTable; +// BEGIN android-removed +// import org.bouncycastle.jce.ECGOST3410NamedCurveTable; +// END android-removed import org.bouncycastle.jce.interfaces.ECPointEncoder; - import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util; - import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; +// BEGIN android-removed +// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; @@ -3514,7 +7431,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.ja - - try - { -- key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes()); +- key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { @@ -3563,7 +7480,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.ja + // + // try + // { -+ // key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes()); ++ // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); + // } + // catch (IOException ex) + // { @@ -3605,7 +7522,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.ja + // else + // END android-removed { - X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters()); + X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); ECCurve curve; @@ -315,45 +327,47 @@ ASN1Encodable params; @@ -3647,7 +7564,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.ja - extractBytes(encKey, 0, bX); - extractBytes(encKey, 32, bY); - -- info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey)); +- info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); - } - else + // BEGIN android-removed @@ -3687,281 +7604,47 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.ja + // extractBytes(encKey, 0, bX); + // extractBytes(encKey, 32, bY); + // -+ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey)); ++ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); + // } + // else + // END android-removed { if (ecSpec instanceof ECNamedCurveSpec) { -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2012-07-27 18:48:00.031478939 +0000 -@@ -57,6 +57,11 @@ - { - try - { -+ // BEGIN android-added -+ if (random == null) { -+ random = new SecureRandom(); -+ } -+ // END android-added - engine.init(new KeyGenerationParameters(random, keySize)); - uninitialised = false; - } -@@ -93,56 +98,60 @@ - } - } - -- /** -- * RC2 -- */ -- public static class RC2 -- extends JCEKeyGenerator -- { -- public RC2() -- { -- super("RC2", 128, new CipherKeyGenerator()); -- } -- } -- -- /** -- * GOST28147 -- */ -- public static class GOST28147 -- extends JCEKeyGenerator -- { -- public GOST28147() -- { -- super("GOST28147", 256, new CipherKeyGenerator()); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * RC2 -+ // */ -+ // public static class RC2 -+ // extends JCEKeyGenerator -+ // { -+ // public RC2() -+ // { -+ // super("RC2", 128, new CipherKeyGenerator()); -+ // } -+ // } -+ // -+ // /** -+ // * GOST28147 -+ // */ -+ // public static class GOST28147 -+ // extends JCEKeyGenerator -+ // { -+ // public GOST28147() -+ // { -+ // super("GOST28147", 256, new CipherKeyGenerator()); -+ // } -+ // } -+ // END android-removed - - // HMAC Related secret keys.. - -- /** -- * MD2HMAC -- */ -- public static class MD2HMAC -- extends JCEKeyGenerator -- { -- public MD2HMAC() -- { -- super("HMACMD2", 128, new CipherKeyGenerator()); -- } -- } -- -- -- /** -- * MD4HMAC -- */ -- public static class MD4HMAC -- extends JCEKeyGenerator -- { -- public MD4HMAC() -- { -- super("HMACMD4", 128, new CipherKeyGenerator()); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * MD2HMAC -+ // */ -+ // public static class MD2HMAC -+ // extends JCEKeyGenerator -+ // { -+ // public MD2HMAC() -+ // { -+ // super("HMACMD2", 128, new CipherKeyGenerator()); -+ // } -+ // } -+ // -+ // -+ // /** -+ // * MD4HMAC -+ // */ -+ // public static class MD4HMAC -+ // extends JCEKeyGenerator -+ // { -+ // public MD4HMAC() -+ // { -+ // super("HMACMD4", 128, new CipherKeyGenerator()); -+ // } -+ // } -+ // END android-removed - - /** - * MD5HMAC -@@ -157,29 +166,29 @@ - } - - -- /** -- * RIPE128HMAC -- */ -- public static class RIPEMD128HMAC -- extends JCEKeyGenerator -- { -- public RIPEMD128HMAC() -- { -- super("HMACRIPEMD128", 128, new CipherKeyGenerator()); -- } -- } -- -- /** -- * RIPE160HMAC -- */ -- public static class RIPEMD160HMAC -- extends JCEKeyGenerator -- { -- public RIPEMD160HMAC() -- { -- super("HMACRIPEMD160", 160, new CipherKeyGenerator()); -- } -- } -+ // /** -+ // * RIPE128HMAC -+ // */ -+ // public static class RIPEMD128HMAC -+ // extends JCEKeyGenerator -+ // { -+ // public RIPEMD128HMAC() -+ // { -+ // super("HMACRIPEMD128", 128, new CipherKeyGenerator()); -+ // } -+ // } -+ -+ // /** -+ // * RIPE160HMAC -+ // */ -+ // public static class RIPEMD160HMAC -+ // extends JCEKeyGenerator -+ // { -+ // public RIPEMD160HMAC() -+ // { -+ // super("HMACRIPEMD160", 160, new CipherKeyGenerator()); -+ // } -+ // } - - - /** -@@ -194,17 +203,19 @@ - } - } - -- /** -- * HMACSHA224 -- */ -- public static class HMACSHA224 -- extends JCEKeyGenerator -- { -- public HMACSHA224() -- { -- super("HMACSHA224", 224, new CipherKeyGenerator()); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * HMACSHA224 -+ // */ -+ // public static class HMACSHA224 -+ // extends JCEKeyGenerator -+ // { -+ // public HMACSHA224() -+ // { -+ // super("HMACSHA224", 224, new CipherKeyGenerator()); -+ // } -+ // } -+ // END android-removed - - /** - * HMACSHA256 -@@ -242,15 +253,17 @@ - } - } - -- /** -- * HMACTIGER -- */ -- public static class HMACTIGER -- extends JCEKeyGenerator -- { -- public HMACTIGER() -- { -- super("HMACTIGER", 192, new CipherKeyGenerator()); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * HMACTIGER -+ // */ -+ // public static class HMACTIGER -+ // extends JCEKeyGenerator -+ // { -+ // public HMACTIGER() -+ // { -+ // super("HMACTIGER", 192, new CipherKeyGenerator()); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java 2012-07-27 18:48:00.031478939 +0000 -@@ -11,25 +11,39 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEMac.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEMac.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEMac.java 2012-09-11 00:12:44.000000000 +0000 +@@ -11,24 +11,35 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD4Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD128Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; +-import org.bouncycastle.crypto.digests.TigerDigest; +// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.MD2Digest; ++// import org.bouncycastle.crypto.digests.MD4Digest; ++// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; -+// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA256Digest; - import org.bouncycastle.crypto.digests.SHA384Digest; - import org.bouncycastle.crypto.digests.SHA512Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; +// import org.bouncycastle.crypto.digests.TigerDigest; +// END android-removed ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.OpenSSLDigest; ++// END android-added import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; +// BEGIN android-removed @@ -3969,10 +7652,8 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro +// END android-removed import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; --import org.bouncycastle.crypto.macs.GOST28147Mac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// import org.bouncycastle.crypto.macs.GOST28147Mac; +// END android-removed import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; @@ -3984,7 +7665,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -143,115 +157,117 @@ +@@ -144,109 +155,111 @@ * the classes that extend directly off us. */ @@ -4001,29 +7682,30 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro - } - - /** -- * RC2 +- * DES 64 bit MAC - */ -- public static class RC2 +- public static class DES64 - extends JCEMac - { -- public RC2() +- public DES64() - { -- super(new CBCBlockCipherMac(new RC2Engine())); +- super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** -- * GOST28147 +- * RC2 - */ -- public static class GOST28147 +- public static class RC2 - extends JCEMac - { -- public GOST28147() +- public RC2() - { -- super(new GOST28147Mac()); +- super(new CBCBlockCipherMac(new RC2Engine())); - } - } - +- - - - /** @@ -4041,14 +7723,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro - /** - * RC2CFB8 - */ -- public static class RC2CFB8 -- extends JCEMac -- { -- public RC2CFB8() -- { -- super(new CFBBlockCipherMac(new RC2Engine())); -- } -- } +- - - /** - * DES9797Alg3with7816-4Padding @@ -4111,31 +7786,32 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro + // } + // + // /** -+ // * RC2 ++ // * DES 64 bit MAC + // */ -+ // public static class RC2 ++ // public static class DES64 + // extends JCEMac + // { -+ // public RC2() ++ // public DES64() + // { -+ // super(new CBCBlockCipherMac(new RC2Engine())); ++ // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // } + // } + // + // /** -+ // * GOST28147 ++ // * RC2 + // */ -+ // public static class GOST28147 ++ // public static class RC2 + // extends JCEMac + // { -+ // public GOST28147() ++ // public RC2() + // { -+ // super(new GOST28147Mac()); ++ // super(new CBCBlockCipherMac(new RC2Engine())); + // } + // } + // + // + // ++ // + // /** + // * DES + // */ @@ -4151,14 +7827,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro + // /** + // * RC2CFB8 + // */ -+ // public static class RC2CFB8 -+ // extends JCEMac -+ // { -+ // public RC2CFB8() -+ // { -+ // super(new CFBBlockCipherMac(new RC2Engine())); -+ // } -+ // } ++ // + // + // /** + // * DES9797Alg3with7816-4Padding @@ -4211,20 +7880,28 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro /** * MD5 HMac -@@ -264,7 +280,7 @@ - super(new HMac(new MD5Digest())); +@@ -256,7 +269,9 @@ + { + public MD5() + { +- super(new HMac(new MD5Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.MD5())); ++ // END android-changed } } -- -+ - /** - * SHA1 HMac - */ -@@ -276,18 +292,20 @@ - super(new HMac(new SHA1Digest())); + +@@ -268,21 +283,25 @@ + { + public SHA1() + { +- super(new HMac(new SHA1Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA1())); ++ // END android-changed } } -- + - /** - * SHA-224 HMac - */ @@ -4236,7 +7913,6 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro - super(new HMac(new SHA224Digest())); - } - } -+ + // BEGIN android-removed + // /** + // * SHA-224 HMac @@ -4253,20 +7929,28 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro /** * SHA-256 HMac -@@ -300,7 +318,7 @@ - super(new HMac(new SHA256Digest())); +@@ -292,7 +311,9 @@ + { + public SHA256() + { +- super(new HMac(new SHA256Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA256())); ++ // END android-changed } } -- -+ - /** - * SHA-384 HMac - */ -@@ -312,15 +330,17 @@ - super(new HMac(new SHA384Digest())); + +@@ -304,18 +325,22 @@ + { + public SHA384() + { +- super(new HMac(new SHA384Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA384())); ++ // END android-changed } } -- + - public static class OldSHA384 - extends JCEMac - { @@ -4275,7 +7959,6 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro - super(new OldHMac(new SHA384Digest())); - } - } -+ + // BEGIN android-removed + // public static class OldSHA384 + // extends JCEMac @@ -4289,11 +7972,17 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro /** * SHA-512 HMac -@@ -333,73 +353,75 @@ - super(new HMac(new SHA512Digest())); +@@ -325,75 +350,80 @@ + { + public SHA512() + { +- super(new HMac(new SHA512Digest())); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA512())); ++ // END android-changed } } -- + - /** - * SHA-512 HMac - */ @@ -4382,7 +8071,6 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro - super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - } - } -- + // /** + // * RIPEMD160 HMac + // */ @@ -4425,15 +8113,20 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro + // } + // } + // END android-removed -+ + /** * PBEWithHmacSHA - */ -@@ -411,16 +433,18 @@ - super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); +@@ -403,19 +433,23 @@ + { + public PBEWithSHA() + { +- super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); ++ // BEGIN android-changed ++ super(new HMac(new OpenSSLDigest.SHA1()), PKCS12, SHA1, 160); ++ // END android-changed } } -- + - /** - * PBEWithHmacTiger - */ @@ -4445,7 +8138,6 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro - super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - } - } -+ + // BEGIN android-removed + // /** + // * PBEWithHmacTiger @@ -4460,150 +8152,52 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro + // } + // END android-removed } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java 2012-07-27 18:48:00.031478939 +0000 -@@ -535,48 +535,50 @@ - } - } - -- static public class PKCS1v1_5Padding -- extends JCERSACipher -- { -- public PKCS1v1_5Padding() -- { -- super(new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class PKCS1v1_5Padding_PrivateOnly -- extends JCERSACipher -- { -- public PKCS1v1_5Padding_PrivateOnly() -- { -- super(false, true, new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class PKCS1v1_5Padding_PublicOnly -- extends JCERSACipher -- { -- public PKCS1v1_5Padding_PublicOnly() -- { -- super(true, false, new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class OAEPPadding -- extends JCERSACipher -- { -- public OAEPPadding() -- { -- super(OAEPParameterSpec.DEFAULT); -- } -- } -- -- static public class ISO9796d1Padding -- extends JCERSACipher -- { -- public ISO9796d1Padding() -- { -- super(new ISO9796d1Encoding(new RSABlindedEngine())); -- } -- } -+ // BEGIN android-removed -+ // static public class PKCS1v1_5Padding -+ // extends JCERSACipher -+ // { -+ // public PKCS1v1_5Padding() -+ // { -+ // super(new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class PKCS1v1_5Padding_PrivateOnly -+ // extends JCERSACipher -+ // { -+ // public PKCS1v1_5Padding_PrivateOnly() -+ // { -+ // super(false, true, new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class PKCS1v1_5Padding_PublicOnly -+ // extends JCERSACipher -+ // { -+ // public PKCS1v1_5Padding_PublicOnly() -+ // { -+ // super(true, false, new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class OAEPPadding -+ // extends JCERSACipher -+ // { -+ // public OAEPPadding() -+ // { -+ // super(OAEPParameterSpec.DEFAULT); -+ // } -+ // } -+ // -+ // static public class ISO9796d1Padding -+ // extends JCERSACipher -+ // { -+ // public ISO9796d1Padding() -+ // { -+ // super(new ISO9796d1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2012-07-27 18:48:00.031478939 +0000 -@@ -125,7 +125,9 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -127,7 +127,9 @@ */ public byte[] getEncoded() { -- PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject()); +- return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // BEGIN android-changed -+ PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject()); ++ return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // END android-changed - - return info.getDEREncoded(); } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2012-07-27 18:48:00.031478939 +0000 -@@ -77,7 +77,9 @@ + + /** +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -78,7 +78,9 @@ public byte[] getEncoded() { -- PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKeyStructure(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO).getDERObject()); +- return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // BEGIN android-changed -+ PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKeyStructure(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO).getDERObject()); ++ return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // END android-changed - - return info.getDEREncoded(); } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2012-07-27 18:48:00.031478939 +0000 -@@ -90,7 +90,9 @@ + + public boolean equals(Object o) +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPublicKey.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2012-09-11 00:12:44.000000000 +0000 +@@ -91,7 +91,9 @@ public byte[] getEncoded() { -- SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject()); +- return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); + // BEGIN android-changed -+ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject()); ++ return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); + // END android-changed - - return info.getDEREncoded(); } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-07-27 18:48:00.031478939 +0000 -@@ -250,29 +250,31 @@ + + public int hashCode() +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-09-11 00:12:44.000000000 +0000 +@@ -252,29 +252,31 @@ } } @@ -4658,7 +8252,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto /** * PBEWithMD5AndDES -@@ -406,17 +408,19 @@ +@@ -408,17 +410,19 @@ } } @@ -4689,7 +8283,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto /** * PBEWithHmacSHA -@@ -430,17 +434,19 @@ +@@ -432,17 +436,19 @@ } } @@ -4720,7 +8314,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto /** * PBEWithSHA1And128BitAES-BC -@@ -549,4 +555,56 @@ +@@ -551,4 +557,56 @@ super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); } } @@ -4769,7 +8363,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto + int ivSize = -1; + CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + -+ return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); ++ return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); @@ -4777,10 +8371,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto + } + // END android-added } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java 2012-07-27 18:48:00.041479127 +0000 -@@ -13,20 +13,26 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEStreamCipher.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEStreamCipher.java 2012-09-11 00:12:44.000000000 +0000 +@@ -14,20 +14,26 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; @@ -4814,7 +8408,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.j import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.crypto.params.KeyParameter; -@@ -40,8 +46,10 @@ +@@ -44,8 +50,10 @@ // private Class[] availableSpecs = { @@ -4827,7 +8421,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.j IvParameterSpec.class, PBEParameterSpec.class }; -@@ -370,125 +378,127 @@ +@@ -376,125 +384,127 @@ * The ciphers that inherit from us. */ @@ -5074,1262 +8668,24 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.j /** * PBEWithSHAAnd128BitRC4 -@@ -501,7 +511,7 @@ - super(new RC4Engine(), 0); - } - } -- -+ - /** - * PBEWithSHAAnd40BitRC4 - */ -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2012-07-27 18:48:00.031478939 +0000 -@@ -11,18 +11,24 @@ - import javax.crypto.spec.DHGenParameterSpec; - import javax.crypto.spec.DHParameterSpec; - import javax.crypto.spec.IvParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// END android-removed - - import org.bouncycastle.crypto.generators.DHParametersGenerator; - import org.bouncycastle.crypto.generators.DSAParametersGenerator; --import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; --import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -+// import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; -+// END android-removed - import org.bouncycastle.crypto.params.DHParameters; - import org.bouncycastle.crypto.params.DSAParameters; --import org.bouncycastle.crypto.params.ElGamalParameters; --import org.bouncycastle.crypto.params.GOST3410Parameters; --import org.bouncycastle.jce.spec.GOST3410ParameterSpec; --import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.params.ElGamalParameters; -+// import org.bouncycastle.crypto.params.GOST3410Parameters; -+// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -+// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -+// END android-removed - - public abstract class JDKAlgorithmParameterGenerator - extends AlgorithmParameterGeneratorSpi -@@ -145,196 +151,198 @@ - } - } - -- public static class GOST3410 -- extends JDKAlgorithmParameterGenerator -- { -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() -- { -- GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); -- -- if (random != null) -- { -- pGen.init(strength, 2, random); -- } -- else -- { -- pGen.init(strength, 2, new SecureRandom()); -- } -- -- GOST3410Parameters p = pGen.generateParameters(); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; -- } -- } -- -- public static class ElGamal -- extends JDKAlgorithmParameterGenerator -- { -- private int l = 0; -- -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- if (!(genParamSpec instanceof DHGenParameterSpec)) -- { -- throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); -- } -- DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; -- -- this.strength = spec.getPrimeSize(); -- this.l = spec.getExponentSize(); -- this.random = random; -- } -- -- protected AlgorithmParameters engineGenerateParameters() -- { -- ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); -- -- if (random != null) -- { -- pGen.init(strength, 20, random); -- } -- else -- { -- pGen.init(strength, 20, new SecureRandom()); -- } -- -- ElGamalParameters p = pGen.generateParameters(); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new DHParameterSpec(p.getP(), p.getG(), l)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; -- } -- } -- -- public static class DES -- extends JDKAlgorithmParameterGenerator -- { -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() -- { -- byte[] iv = new byte[8]; -- -- if (random == null) -- { -- random = new SecureRandom(); -- } -- -- random.nextBytes(iv); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new IvParameterSpec(iv)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; -- } -- } -- -- public static class RC2 -- extends JDKAlgorithmParameterGenerator -- { -- RC2ParameterSpec spec = null; -- -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- if (genParamSpec instanceof RC2ParameterSpec) -- { -- spec = (RC2ParameterSpec)genParamSpec; -- return; -- } -- -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() -- { -- AlgorithmParameters params; -- -- if (spec == null) -- { -- byte[] iv = new byte[8]; -- -- if (random == null) -- { -- random = new SecureRandom(); -- } -- -- random.nextBytes(iv); -- -- try -- { -- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new IvParameterSpec(iv)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- } -- else -- { -- try -- { -- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); -- params.init(spec); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- } -- -- return params; -- } -- } -+ // BEGIN android-removed -+ // public static class GOST3410 -+ // extends JDKAlgorithmParameterGenerator -+ // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() -+ // { -+ // GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); -+ // -+ // if (random != null) -+ // { -+ // pGen.init(strength, 2, random); -+ // } -+ // else -+ // { -+ // pGen.init(strength, 2, new SecureRandom()); -+ // } -+ // -+ // GOST3410Parameters p = pGen.generateParameters(); -+ // -+ // AlgorithmParameters params; -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // -+ // return params; -+ // } -+ // } -+ // -+ // public static class ElGamal -+ // extends JDKAlgorithmParameterGenerator -+ // { -+ // private int l = 0; -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // if (!(genParamSpec instanceof DHGenParameterSpec)) -+ // { -+ // throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); -+ // } -+ // DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; -+ // -+ // this.strength = spec.getPrimeSize(); -+ // this.l = spec.getExponentSize(); -+ // this.random = random; -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() -+ // { -+ // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); -+ // -+ // if (random != null) -+ // { -+ // pGen.init(strength, 20, random); -+ // } -+ // else -+ // { -+ // pGen.init(strength, 20, new SecureRandom()); -+ // } -+ // -+ // ElGamalParameters p = pGen.generateParameters(); -+ // -+ // AlgorithmParameters params; -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new DHParameterSpec(p.getP(), p.getG(), l)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // -+ // return params; -+ // } -+ // } -+ // -+ // public static class DES -+ // extends JDKAlgorithmParameterGenerator -+ // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() -+ // { -+ // byte[] iv = new byte[8]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } -+ // -+ // random.nextBytes(iv); -+ // -+ // AlgorithmParameters params; -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new IvParameterSpec(iv)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // -+ // return params; -+ // } -+ // } -+ // -+ // public static class RC2 -+ // extends JDKAlgorithmParameterGenerator -+ // { -+ // RC2ParameterSpec spec = null; -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // if (genParamSpec instanceof RC2ParameterSpec) -+ // { -+ // spec = (RC2ParameterSpec)genParamSpec; -+ // return; -+ // } -+ // -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() -+ // { -+ // AlgorithmParameters params; -+ // -+ // if (spec == null) -+ // { -+ // byte[] iv = new byte[8]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } -+ // -+ // random.nextBytes(iv); -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new IvParameterSpec(iv)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // } -+ // else -+ // { -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(spec); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // } -+ // -+ // return params; -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-07-27 18:48:00.031478939 +0000 -@@ -10,21 +10,27 @@ - import org.bouncycastle.asn1.DERObjectIdentifier; - import org.bouncycastle.asn1.DEROctetString; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-09-11 00:12:44.000000000 +0000 +@@ -17,7 +17,9 @@ import org.bouncycastle.asn1.DERSequence; --import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; --import org.bouncycastle.asn1.oiw.ElGamalParameter; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -+// import org.bouncycastle.asn1.oiw.ElGamalParameter; -+// END android-removed - import org.bouncycastle.asn1.pkcs.DHParameter; - import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; --import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -+// END android-removed - import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; - import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; import org.bouncycastle.asn1.pkcs.PBKDF2Params; - import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.asn1.x509.DSAParameter; --import org.bouncycastle.jce.spec.ElGamalParameterSpec; --import org.bouncycastle.jce.spec.GOST3410ParameterSpec; --import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; + import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.jce.spec.IESParameterSpec; +// BEGIN android-removed -+// import org.bouncycastle.jce.spec.ElGamalParameterSpec; -+// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -+// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; +// import org.bouncycastle.jce.spec.IESParameterSpec; +// END android-removed - import org.bouncycastle.util.Arrays; - import javax.crypto.spec.DHParameterSpec; -@@ -32,7 +38,9 @@ - import javax.crypto.spec.OAEPParameterSpec; - import javax.crypto.spec.PBEParameterSpec; - import javax.crypto.spec.PSource; --import javax.crypto.spec.RC2ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// END android-removed - import java.io.IOException; - import java.security.AlgorithmParametersSpi; - import java.security.spec.AlgorithmParameterSpec; -@@ -68,13 +76,13 @@ - extends JDKAlgorithmParameters - { - private byte[] iv; -- -+ - protected byte[] engineGetEncoded() - throws IOException - { - return engineGetEncoded("ASN.1"); - } -- -+ - protected byte[] engineGetEncoded( - String format) - throws IOException -@@ -83,15 +91,15 @@ - { - return new DEROctetString(engineGetEncoded("RAW")).getEncoded(); - } -- -+ - if (format.equals("RAW")) - { - return Arrays.clone(iv); - } -- -+ - return null; - } -- -+ - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException -@@ -100,10 +108,10 @@ - { - return new IvParameterSpec(iv); - } -- -+ - throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); - } -- -+ - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException -@@ -112,10 +120,10 @@ - { - throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); - } -- -+ - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } -- -+ - protected void engineInit( - byte[] params) - throws IOException -@@ -127,13 +135,13 @@ - && params[0] == 0x04 && params[1] == params.length - 2) - { - ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(params); -- -+ - params = oct.getOctets(); - } -- -+ - this.iv = Arrays.clone(params); - } -- -+ - protected void engineInit( - byte[] params, - String format) -@@ -144,204 +152,206 @@ - try - { - ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(params); -- -+ - engineInit(oct.getOctets()); - } - catch (Exception e) - { - throw new IOException("Exception decoding: " + e); - } -- -+ - return; - } -- -+ - if (format.equals("RAW")) - { - engineInit(params); - return; - } -- -+ - throw new IOException("Unknown parameters format in IV parameters object"); - } -- -+ - protected String engineToString() - { - return "IV Parameters"; + public abstract class JDKAlgorithmParameters + extends AlgorithmParametersSpi +@@ -208,109 +210,111 @@ } } -- -- public static class RC2AlgorithmParameters -- extends JDKAlgorithmParameters -- { -- private static final short[] table = { -- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab -- }; -- -- private static final short[] ekb = { -- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd -- }; -- -- private byte[] iv; -- private int parameterVersion = 58; -- -- protected byte[] engineGetEncoded() -- { -- return Arrays.clone(iv); -- } -- -- protected byte[] engineGetEncoded( -- String format) -- throws IOException -- { -- if (isASN1FormatString(format)) -- { -- if (parameterVersion == -1) -- { -- return new RC2CBCParameter(engineGetEncoded()).getEncoded(); -- } -- else -- { -- return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); -- } -- } -- -- if (format.equals("RAW")) -- { -- return engineGetEncoded(); -- } -- -- return null; -- } -- -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == RC2ParameterSpec.class) -- { -- if (parameterVersion != -1) -- { -- if (parameterVersion < 256) -- { -- return new RC2ParameterSpec(ekb[parameterVersion], iv); -- } -- else -- { -- return new RC2ParameterSpec(parameterVersion, iv); -- } -- } -- } -- -- if (paramSpec == IvParameterSpec.class) -- { -- return new IvParameterSpec(iv); -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec instanceof IvParameterSpec) -- { -- this.iv = ((IvParameterSpec)paramSpec).getIV(); -- } -- else if (paramSpec instanceof RC2ParameterSpec) -- { -- int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); -- if (effKeyBits != -1) -- { -- if (effKeyBits < 256) -- { -- parameterVersion = table[effKeyBits]; -- } -- else -- { -- parameterVersion = effKeyBits; -- } -- } -- -- this.iv = ((RC2ParameterSpec)paramSpec).getIV(); -- } -- else -- { -- throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); -- } -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- this.iv = Arrays.clone(params); -- } -- -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (isASN1FormatString(format)) -- { -- RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Object.fromByteArray(params)); -- -- if (p.getRC2ParameterVersion() != null) -- { -- parameterVersion = p.getRC2ParameterVersion().intValue(); -- } -- -- iv = p.getIV(); -- -- return; -- } -- -- if (format.equals("RAW")) -- { -- engineInit(params); -- return; -- } -- -- throw new IOException("Unknown parameters format in IV parameters object"); -- } -- -- protected String engineToString() -- { -- return "RC2 Parameters"; -- } -- } -- -+ -+ // BEGIN android-removed -+ // public static class RC2AlgorithmParameters -+ // extends JDKAlgorithmParameters -+ // { -+ // private static final short[] table = { -+ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -+ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -+ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -+ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -+ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -+ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -+ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -+ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -+ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -+ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -+ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -+ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -+ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -+ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -+ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -+ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab -+ // }; -+ // -+ // private static final short[] ekb = { -+ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -+ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -+ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -+ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -+ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -+ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -+ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -+ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -+ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -+ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -+ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -+ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -+ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -+ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -+ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -+ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd -+ // }; -+ // -+ // private byte[] iv; -+ // private int parameterVersion = 58; -+ // -+ // protected byte[] engineGetEncoded() -+ // { -+ // return Arrays.clone(iv); -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format)) -+ // { -+ // if (parameterVersion == -1) -+ // { -+ // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); -+ // } -+ // else -+ // { -+ // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); -+ // } -+ // } -+ // -+ // if (format.equals("RAW")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; -+ // } -+ // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec == RC2ParameterSpec.class) -+ // { -+ // if (parameterVersion != -1) -+ // { -+ // if (parameterVersion < 256) -+ // { -+ // return new RC2ParameterSpec(ekb[parameterVersion], iv); -+ // } -+ // else -+ // { -+ // return new RC2ParameterSpec(parameterVersion, iv); -+ // } -+ // } -+ // } -+ // -+ // if (paramSpec == IvParameterSpec.class) -+ // { -+ // return new IvParameterSpec(iv); -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); -+ // } -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec instanceof IvParameterSpec) -+ // { -+ // this.iv = ((IvParameterSpec)paramSpec).getIV(); -+ // } -+ // else if (paramSpec instanceof RC2ParameterSpec) -+ // { -+ // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); -+ // if (effKeyBits != -1) -+ // { -+ // if (effKeyBits < 256) -+ // { -+ // parameterVersion = table[effKeyBits]; -+ // } -+ // else -+ // { -+ // parameterVersion = effKeyBits; -+ // } -+ // } -+ // -+ // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); -+ // } -+ // else -+ // { -+ // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // this.iv = Arrays.clone(params); -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format)) -+ // { -+ // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Object.fromByteArray(params)); -+ // -+ // if (p.getRC2ParameterVersion() != null) -+ // { -+ // parameterVersion = p.getRC2ParameterVersion().intValue(); -+ // } -+ // -+ // iv = p.getIV(); -+ // -+ // return; -+ // } -+ // -+ // if (format.equals("RAW")) -+ // { -+ // engineInit(params); -+ // return; -+ // } -+ // -+ // throw new IOException("Unknown parameters format in IV parameters object"); -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "RC2 Parameters"; -+ // } -+ // } -+ // END android-removed -+ - public static class PBKDF2 - extends JDKAlgorithmParameters - { -@@ -429,7 +439,7 @@ - extends JDKAlgorithmParameters - { - PKCS12PBEParams params; -- -+ - protected byte[] engineGetEncoded() - { - try -@@ -441,7 +451,7 @@ - throw new RuntimeException("Oooops! " + e.toString()); - } - } -- -+ - protected byte[] engineGetEncoded( - String format) - { -@@ -449,10 +459,10 @@ - { - return engineGetEncoded(); - } -- -+ - return null; - } -- -+ - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException -@@ -462,10 +472,10 @@ - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } -- -+ - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } -- -+ - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException -@@ -474,20 +484,20 @@ - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } -- -+ - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; -- -+ - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } -- -+ - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Object.fromByteArray(params)); - } -- -+ - protected void engineInit( - byte[] params, - String format) -@@ -498,10 +508,10 @@ - engineInit(params); - return; - } -- -+ - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } -- -+ - protected String engineToString() - { - return "PKCS12 PBE Parameters"; -@@ -725,334 +735,336 @@ - } - } - -- public static class GOST3410 -- extends JDKAlgorithmParameters -- { -- GOST3410ParameterSpec currentSpec; -- -- /** -- * Return the X.509 ASN.1 structure GOST3410Parameter. -- * <p> -- * <pre> -- * GOST3410Parameter ::= SEQUENCE { -- * prime INTEGER, -- p -- * subprime INTEGER, -- q -- * base INTEGER, -- a} -- * </pre> -- */ -- protected byte[] engineGetEncoded() -- { -- GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID())); -- -- try -- { -- return gost3410P.getEncoded(ASN1Encodable.DER); -- } -- catch (IOException e) -- { -- throw new RuntimeException("Error encoding GOST3410Parameters"); -- } -- } -- -- protected byte[] engineGetEncoded( -- String format) -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- return engineGetEncoded(); -- } -- -- return null; -- } -- -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) -- { -- return currentSpec; -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (!(paramSpec instanceof GOST3410ParameterSpec)) -- { -- throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); -- } -- -- this.currentSpec = (GOST3410ParameterSpec)paramSpec; -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- try -- { -- ASN1Sequence seq = (ASN1Sequence) ASN1Object.fromByteArray(params); -- -- this.currentSpec = GOST3410ParameterSpec.fromPublicKeyAlg( -- new GOST3410PublicKeyAlgParameters(seq)); -- } -- catch (ClassCastException e) -- { -- throw new IOException("Not a valid GOST3410 Parameter encoding."); -- } -- catch (ArrayIndexOutOfBoundsException e) -- { -- throw new IOException("Not a valid GOST3410 Parameter encoding."); -- } -- } -- -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- engineInit(params); -- } -- else -- { -- throw new IOException("Unknown parameter format " + format); -- } -- } -- -- protected String engineToString() -- { -- return "GOST3410 Parameters"; -- } -- } -- -- public static class ElGamal -- extends JDKAlgorithmParameters -- { -- ElGamalParameterSpec currentSpec; -- -- /** -- * Return the X.509 ASN.1 structure ElGamalParameter. -- * <p> -- * <pre> -- * ElGamalParameter ::= SEQUENCE { -- * prime INTEGER, -- p -- * base INTEGER, -- g} -- * </pre> -- */ -- protected byte[] engineGetEncoded() -- { -- ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); -- -- try -- { -- return elP.getEncoded(ASN1Encodable.DER); -- } -- catch (IOException e) -- { -- throw new RuntimeException("Error encoding ElGamalParameters"); -- } -- } -- -- protected byte[] engineGetEncoded( -- String format) -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- return engineGetEncoded(); -- } -- -- return null; -- } -- -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == ElGamalParameterSpec.class) -- { -- return currentSpec; -- } -- else if (paramSpec == DHParameterSpec.class) -- { -- return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) -- { -- throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); -- } -- -- if (paramSpec instanceof ElGamalParameterSpec) -- { -- this.currentSpec = (ElGamalParameterSpec)paramSpec; -- } -- else -- { -- DHParameterSpec s = (DHParameterSpec)paramSpec; -- -- this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); -- } -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- try -- { -- ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)ASN1Object.fromByteArray(params)); -- -- currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); -- } -- catch (ClassCastException e) -- { -- throw new IOException("Not a valid ElGamal Parameter encoding."); -- } -- catch (ArrayIndexOutOfBoundsException e) -- { -- throw new IOException("Not a valid ElGamal Parameter encoding."); -- } -- } -- -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- engineInit(params); -- } -- else -- { -- throw new IOException("Unknown parameter format " + format); -- } -- } -- -- protected String engineToString() -- { -- return "ElGamal Parameters"; -- } -- } -- + - public static class IES - extends JDKAlgorithmParameters - { @@ -6349,7 +8705,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam - v.add(new DEROctetString(currentSpec.getEncodingV())); - v.add(new DERInteger(currentSpec.getMacKeySize())); - -- return new DERSequence(v).getEncoded(ASN1Encodable.DER); +- return new DERSequence(v).getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { @@ -6398,7 +8754,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam - { - try - { -- ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(params); +- ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - - this.currentSpec = new IESParameterSpec( - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), @@ -6436,229 +8792,6 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam - } - } + // BEGIN android-removed -+ // public static class GOST3410 -+ // extends JDKAlgorithmParameters -+ // { -+ // GOST3410ParameterSpec currentSpec; -+ // -+ // /** -+ // * Return the X.509 ASN.1 structure GOST3410Parameter. -+ // * <p> -+ // * <pre> -+ // * GOST3410Parameter ::= SEQUENCE { -+ // * prime INTEGER, -- p -+ // * subprime INTEGER, -- q -+ // * base INTEGER, -- a} -+ // * </pre> -+ // */ -+ // protected byte[] engineGetEncoded() -+ // { -+ // GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID())); -+ // -+ // try -+ // { -+ // return gost3410P.getEncoded(ASN1Encodable.DER); -+ // } -+ // catch (IOException e) -+ // { -+ // throw new RuntimeException("Error encoding GOST3410Parameters"); -+ // } -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; -+ // } -+ // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) -+ // { -+ // return currentSpec; -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); -+ // } -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (!(paramSpec instanceof GOST3410ParameterSpec)) -+ // { -+ // throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); -+ // } -+ // -+ // this.currentSpec = (GOST3410ParameterSpec)paramSpec; -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // try -+ // { -+ // ASN1Sequence seq = (ASN1Sequence) ASN1Object.fromByteArray(params); -+ // -+ // this.currentSpec = GOST3410ParameterSpec.fromPublicKeyAlg( -+ // new GOST3410PublicKeyAlgParameters(seq)); -+ // } -+ // catch (ClassCastException e) -+ // { -+ // throw new IOException("Not a valid GOST3410 Parameter encoding."); -+ // } -+ // catch (ArrayIndexOutOfBoundsException e) -+ // { -+ // throw new IOException("Not a valid GOST3410 Parameter encoding."); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // engineInit(params); -+ // } -+ // else -+ // { -+ // throw new IOException("Unknown parameter format " + format); -+ // } -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "GOST3410 Parameters"; -+ // } -+ // } -+ -+ // public static class ElGamal -+ // extends JDKAlgorithmParameters -+ // { -+ // ElGamalParameterSpec currentSpec; -+ // -+ // /** -+ // * Return the X.509 ASN.1 structure ElGamalParameter. -+ // * <p> -+ // * <pre> -+ // * ElGamalParameter ::= SEQUENCE { -+ // * prime INTEGER, -- p -+ // * base INTEGER, -- g} -+ // * </pre> -+ // */ -+ // protected byte[] engineGetEncoded() -+ // { -+ // ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); -+ // -+ // try -+ // { -+ // return elP.getEncoded(ASN1Encodable.DER); -+ // } -+ // catch (IOException e) -+ // { -+ // throw new RuntimeException("Error encoding ElGamalParameters"); -+ // } -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; -+ // } -+ // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec == ElGamalParameterSpec.class) -+ // { -+ // return currentSpec; -+ // } -+ // else if (paramSpec == DHParameterSpec.class) -+ // { -+ // return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -+ // } -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) -+ // { -+ // throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); -+ // } -+ // -+ // if (paramSpec instanceof ElGamalParameterSpec) -+ // { -+ // this.currentSpec = (ElGamalParameterSpec)paramSpec; -+ // } -+ // else -+ // { -+ // DHParameterSpec s = (DHParameterSpec)paramSpec; -+ // -+ // this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // try -+ // { -+ // ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)ASN1Object.fromByteArray(params)); -+ // -+ // currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); -+ // } -+ // catch (ClassCastException e) -+ // { -+ // throw new IOException("Not a valid ElGamal Parameter encoding."); -+ // } -+ // catch (ArrayIndexOutOfBoundsException e) -+ // { -+ // throw new IOException("Not a valid ElGamal Parameter encoding."); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // engineInit(params); -+ // } -+ // else -+ // { -+ // throw new IOException("Unknown parameter format " + format); -+ // } -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "ElGamal Parameters"; -+ // } -+ // } -+ // + // public static class IES + // extends JDKAlgorithmParameters + // { @@ -6678,7 +8811,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam + // v.add(new DEROctetString(currentSpec.getEncodingV())); + // v.add(new DERInteger(currentSpec.getMacKeySize())); + // -+ // return new DERSequence(v).getEncoded(ASN1Encodable.DER); ++ // return new DERSequence(v).getEncoded(ASN1Encoding.DER); + // } + // catch (IOException e) + // { @@ -6727,7 +8860,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam + // { + // try + // { -+ // ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(params); ++ // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); + // + // this.currentSpec = new IESParameterSpec( + // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), @@ -6765,1310 +8898,10 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam + // } + // } + // END android-removed - - public static class OAEP - extends JDKAlgorithmParameters -@@ -1066,11 +1078,15 @@ - { - AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - JCEDigestUtil.getOID(currentSpec.getDigestAlgorithm()), -- new DERNull()); -+ // BEGIN android-changed -+ DERNull.INSTANCE); -+ // END android-changed - MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); - AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_mgf1, -- new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); -+ // BEGIN android-changed -+ new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); -+ // END android-changed - PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); - AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); -@@ -1167,110 +1183,116 @@ - } - } - -- public static class PSS -- extends JDKAlgorithmParameters -- { -- PSSParameterSpec currentSpec; -- -- /** -- * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params. -- */ -- protected byte[] engineGetEncoded() -- throws IOException -- { -- PSSParameterSpec pssSpec = currentSpec; -- AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( -- JCEDigestUtil.getOID(pssSpec.getDigestAlgorithm()), -- new DERNull()); -- MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); -- AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( -- PKCSObjectIdentifiers.id_mgf1, -- new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); -- RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new DERInteger(pssSpec.getSaltLength()), new DERInteger(pssSpec.getTrailerField())); -- -- return pssP.getEncoded("DER"); -- } -- -- protected byte[] engineGetEncoded( -- String format) -- throws IOException -- { -- if (format.equalsIgnoreCase("X.509") -- || format.equalsIgnoreCase("ASN.1")) -- { -- return engineGetEncoded(); -- } -- -- return null; -- } -- -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == PSSParameterSpec.class && currentSpec != null) -- { -- return currentSpec; -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (!(paramSpec instanceof PSSParameterSpec)) -- { -- throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object"); -- } -- -- this.currentSpec = (PSSParameterSpec)paramSpec; -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- try -- { -- RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)ASN1Object.fromByteArray(params)); -- -- currentSpec = new PSSParameterSpec( -- pssP.getHashAlgorithm().getObjectId().getId(), -- pssP.getMaskGenAlgorithm().getObjectId().getId(), -- new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()), -- pssP.getSaltLength().getValue().intValue(), -- pssP.getTrailerField().getValue().intValue()); -- } -- catch (ClassCastException e) -- { -- throw new IOException("Not a valid PSS Parameter encoding."); -- } -- catch (ArrayIndexOutOfBoundsException e) -- { -- throw new IOException("Not a valid PSS Parameter encoding."); -- } -- } -- -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- engineInit(params); -- } -- else -- { -- throw new IOException("Unknown parameter format " + format); -- } -- } -- -- protected String engineToString() -- { -- return "PSS Parameters"; -- } -- } -+ // BEGIN android-removed -+ // public static class PSS -+ // extends JDKAlgorithmParameters -+ // { -+ // PSSParameterSpec currentSpec; -+ // -+ // /** -+ // * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params. -+ // */ -+ // protected byte[] engineGetEncoded() -+ // throws IOException -+ // { -+ // PSSParameterSpec pssSpec = currentSpec; -+ // AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( -+ // JCEDigestUtil.getOID(pssSpec.getDigestAlgorithm()), -+ // // BEGIN android-changed -+ // DERNull.INSTANCE); -+ // // END android-changed -+ // MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); -+ // AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( -+ // PKCSObjectIdentifiers.id_mgf1, -+ // // BEGIN android-changed -+ // new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); -+ // // END android-changed -+ // RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new DERInteger(pssSpec.getSaltLength()), new DERInteger(pssSpec.getTrailerField())); -+ // -+ // return pssP.getEncoded("DER"); -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // throws IOException -+ // { -+ // if (format.equalsIgnoreCase("X.509") -+ // || format.equalsIgnoreCase("ASN.1")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; -+ // } -+ // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec == PSSParameterSpec.class && currentSpec != null) -+ // { -+ // return currentSpec; -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object."); -+ // } -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (!(paramSpec instanceof PSSParameterSpec)) -+ // { -+ // throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object"); -+ // } -+ // -+ // this.currentSpec = (PSSParameterSpec)paramSpec; -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // try -+ // { -+ // RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)ASN1Object.fromByteArray(params)); -+ // -+ // currentSpec = new PSSParameterSpec( -+ // pssP.getHashAlgorithm().getObjectId().getId(), -+ // pssP.getMaskGenAlgorithm().getObjectId().getId(), -+ // new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()), -+ // pssP.getSaltLength().getValue().intValue(), -+ // pssP.getTrailerField().getValue().intValue()); -+ // } -+ // catch (ClassCastException e) -+ // { -+ // throw new IOException("Not a valid PSS Parameter encoding."); -+ // } -+ // catch (ArrayIndexOutOfBoundsException e) -+ // { -+ // throw new IOException("Not a valid PSS Parameter encoding."); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // engineInit(params); -+ // } -+ // else -+ // { -+ // throw new IOException("Unknown parameter format " + format); -+ // } -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "PSS Parameters"; -+ // } -+ // } -+ // END android-removed } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java 2012-07-27 18:48:00.031478939 +0000 -@@ -23,13 +23,17 @@ - import org.bouncycastle.crypto.Digest; - import org.bouncycastle.crypto.digests.NullDigest; - import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA256Digest; - import org.bouncycastle.crypto.digests.SHA384Digest; - import org.bouncycastle.crypto.digests.SHA512Digest; - import org.bouncycastle.crypto.params.ParametersWithRandom; - import org.bouncycastle.crypto.signers.DSASigner; --import org.bouncycastle.jce.interfaces.GOST3410Key; -+// BEGIN android-removed -+// import org.bouncycastle.jce.interfaces.GOST3410Key; -+// END android-removed - - public class JDKDSASigner - extends SignatureSpi -@@ -53,11 +57,16 @@ - { - CipherParameters param; - -- if (publicKey instanceof GOST3410Key) -- { -- param = GOST3410Util.generatePublicKeyParameter(publicKey); -- } -- else if (publicKey instanceof DSAKey) -+ // BEGIN android-removed -+ // if (publicKey instanceof GOST3410Key) -+ // { -+ // param = GOST3410Util.generatePublicKeyParameter(publicKey); -+ // } -+ // else if (publicKey instanceof DSAKey) -+ // END android-removed -+ // BEGIN android-added -+ if (publicKey instanceof DSAKey) -+ // END android-added - { - param = DSAUtil.generatePublicKeyParameter(publicKey); - } -@@ -103,14 +112,18 @@ - { - CipherParameters param; - -- if (privateKey instanceof GOST3410Key) -- { -- param = GOST3410Util.generatePrivateKeyParameter(privateKey); -- } -- else -- { -+ // BEGIN android-removed -+ // if (privateKey instanceof GOST3410Key) -+ // { -+ // param = GOST3410Util.generatePrivateKeyParameter(privateKey); -+ // } -+ // else -+ // { -+ // END android-removed - param = DSAUtil.generatePrivateKeyParameter(privateKey); -- } -+ // BEGIN android-removed -+ // } -+ // END android-removed - - if (random != null) - { -@@ -231,42 +244,44 @@ - super(new SHA1Digest(), new DSASigner()); - } - } -- -- static public class dsa224 -- extends JDKDSASigner -- { -- public dsa224() -- { -- super(new SHA224Digest(), new DSASigner()); -- } -- } -- -- static public class dsa256 -- extends JDKDSASigner -- { -- public dsa256() -- { -- super(new SHA256Digest(), new DSASigner()); -- } -- } - -- static public class dsa384 -- extends JDKDSASigner -- { -- public dsa384() -- { -- super(new SHA384Digest(), new DSASigner()); -- } -- } -- -- static public class dsa512 -- extends JDKDSASigner -- { -- public dsa512() -- { -- super(new SHA512Digest(), new DSASigner()); -- } -- } -+ // BEGIN android-removed -+ // static public class dsa224 -+ // extends JDKDSASigner -+ // { -+ // public dsa224() -+ // { -+ // super(new SHA224Digest(), new DSASigner()); -+ // } -+ // } -+ // -+ // static public class dsa256 -+ // extends JDKDSASigner -+ // { -+ // public dsa256() -+ // { -+ // super(new SHA256Digest(), new DSASigner()); -+ // } -+ // } -+ // -+ // static public class dsa384 -+ // extends JDKDSASigner -+ // { -+ // public dsa384() -+ // { -+ // super(new SHA384Digest(), new DSASigner()); -+ // } -+ // } -+ // -+ // static public class dsa512 -+ // extends JDKDSASigner -+ // { -+ // public dsa512() -+ // { -+ // super(new SHA512Digest(), new DSASigner()); -+ // } -+ // } -+ // END android-removed - - static public class noneDSA - extends JDKDSASigner -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java 2012-07-27 18:48:00.031478939 +0000 -@@ -23,15 +23,21 @@ - import org.bouncycastle.crypto.AsymmetricBlockCipher; - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Digest; --import org.bouncycastle.crypto.digests.MD2Digest; --import org.bouncycastle.crypto.digests.MD4Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD4Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.MD5Digest; - import org.bouncycastle.crypto.digests.NullDigest; --import org.bouncycastle.crypto.digests.RIPEMD128Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; --import org.bouncycastle.crypto.digests.RIPEMD256Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD256Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA256Digest; - import org.bouncycastle.crypto.digests.SHA384Digest; - import org.bouncycastle.crypto.digests.SHA512Digest; -@@ -265,14 +271,16 @@ - } - } - -- static public class SHA224WithRSAEncryption -- extends JDKDigestSignature -- { -- public SHA224WithRSAEncryption() -- { -- super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -+ // BEGIN android-removed -+ // static public class SHA224WithRSAEncryption -+ // extends JDKDigestSignature -+ // { -+ // public SHA224WithRSAEncryption() -+ // { -+ // super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // END android-removed - - static public class SHA256WithRSAEncryption - extends JDKDigestSignature -@@ -301,23 +309,25 @@ - } - } - -- static public class MD2WithRSAEncryption -- extends JDKDigestSignature -- { -- public MD2WithRSAEncryption() -- { -- super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class MD4WithRSAEncryption -- extends JDKDigestSignature -- { -- public MD4WithRSAEncryption() -- { -- super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -+ // BEGIN android-removed -+ // static public class MD2WithRSAEncryption -+ // extends JDKDigestSignature -+ // { -+ // public MD2WithRSAEncryption() -+ // { -+ // super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class MD4WithRSAEncryption -+ // extends JDKDigestSignature -+ // { -+ // public MD4WithRSAEncryption() -+ // { -+ // super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // END android-removed - - static public class MD5WithRSAEncryption - extends JDKDigestSignature -@@ -328,39 +338,41 @@ - } - } - -- static public class RIPEMD160WithRSAEncryption -- extends JDKDigestSignature -- { -- public RIPEMD160WithRSAEncryption() -- { -- super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class RIPEMD128WithRSAEncryption -- extends JDKDigestSignature -- { -- public RIPEMD128WithRSAEncryption() -- { -- super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class RIPEMD256WithRSAEncryption -- extends JDKDigestSignature -- { -- public RIPEMD256WithRSAEncryption() -- { -- super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -- -- static public class noneRSA -- extends JDKDigestSignature -- { -- public noneRSA() -- { -- super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); -- } -- } -+ // BEGIN android-removed -+ // static public class RIPEMD160WithRSAEncryption -+ // extends JDKDigestSignature -+ // { -+ // public RIPEMD160WithRSAEncryption() -+ // { -+ // super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class RIPEMD128WithRSAEncryption -+ // extends JDKDigestSignature -+ // { -+ // public RIPEMD128WithRSAEncryption() -+ // { -+ // super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class RIPEMD256WithRSAEncryption -+ // extends JDKDigestSignature -+ // { -+ // public RIPEMD256WithRSAEncryption() -+ // { -+ // super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // -+ // static public class noneRSA -+ // extends JDKDigestSignature -+ // { -+ // public noneRSA() -+ // { -+ // super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java 2012-07-27 18:48:00.031478939 +0000 -@@ -36,17 +36,21 @@ - import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; --import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; --import org.bouncycastle.jce.interfaces.ElGamalPublicKey; --import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; --import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; --import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; --import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; -+// BEGIN android-removed -+// import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -+// import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -+// import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; -+// import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; -+// import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; -+// import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; -+// END android-removed - - public abstract class JDKKeyFactory - extends KeyFactorySpi - { -- protected boolean elGamalFactory = false; -+ // BEGIN android-removed -+ // protected boolean elGamalFactory = false; -+ // END android-removed - - public JDKKeyFactory() - { -@@ -140,6 +144,20 @@ - - return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); - } -+ // BEGIN android-added -+ else if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey) -+ { -+ DSAPublicKey k = (DSAPublicKey)key; -+ -+ return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); -+ } -+ else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof DSAPrivateKey) -+ { -+ DSAPrivateKey k = (DSAPrivateKey)key; -+ -+ return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); -+ } -+ // END android-added - - throw new RuntimeException("not implemented yet " + key + " " + spec); - } -@@ -162,25 +180,33 @@ - } - else if (key instanceof DHPublicKey) - { -- if (elGamalFactory) -- { -- return new JCEElGamalPublicKey((DHPublicKey)key); -- } -- else -- { -+ // BEGIN android-removed -+ // if (elGamalFactory) -+ // { -+ // return new JCEElGamalPublicKey((DHPublicKey)key); -+ // } -+ // else -+ // { -+ // END android-removed - return new JCEDHPublicKey((DHPublicKey)key); -- } -+ // BEGIN android-removed -+ // } -+ // END android-removed - } - else if (key instanceof DHPrivateKey) - { -- if (elGamalFactory) -- { -- return new JCEElGamalPrivateKey((DHPrivateKey)key); -- } -- else -- { -+ // BEGIN android-removed -+ // if (elGamalFactory) -+ // { -+ // return new JCEElGamalPrivateKey((DHPrivateKey)key); -+ // } -+ // else -+ // { -+ // END android-removed - return new JCEDHPrivateKey((DHPrivateKey)key); -- } -+ // BEGIN android-removed -+ // } -+ // END android-removed - } - else if (key instanceof DSAPublicKey) - { -@@ -190,14 +216,16 @@ - { - return new JDKDSAPrivateKey((DSAPrivateKey)key); - } -- else if (key instanceof ElGamalPublicKey) -- { -- return new JCEElGamalPublicKey((ElGamalPublicKey)key); -- } -- else if (key instanceof ElGamalPrivateKey) -- { -- return new JCEElGamalPrivateKey((ElGamalPrivateKey)key); -- } -+ // BEGIN android-removed -+ // else if (key instanceof ElGamalPublicKey) -+ // { -+ // return new JCEElGamalPublicKey((ElGamalPublicKey)key); -+ // } -+ // else if (key instanceof ElGamalPrivateKey) -+ // { -+ // return new JCEElGamalPrivateKey((ElGamalPrivateKey)key); -+ // } -+ // END android-removed - - throw new InvalidKeyException("key type unknown"); - } -@@ -233,10 +261,12 @@ - { - return new JCEDHPublicKey(info); - } -- else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) -- { -- return new JCEElGamalPublicKey(info); -- } -+ // BEGIN android-removed -+ // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) -+ // { -+ // return new JCEElGamalPublicKey(info); -+ // } -+ // END android-removed - else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) - { - return new JDKDSAPublicKey(info); -@@ -249,14 +279,15 @@ - { - return new JCEECPublicKey(info); - } -- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) -- { -- return new JDKGOST3410PublicKey(info); -- } -- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) -- { -- return new JCEECPublicKey(info); -- } -+ // BEGIN android-removed -+ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) -+ // { -+ // return new JDKGOST3410PublicKey(info); -+ // } -+ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) -+ // { -+ // return new JCEECPublicKey(info); -+ // } - else - { - throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); -@@ -294,10 +325,12 @@ - { - return new JCEDHPrivateKey(info); - } -- else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) -- { -- return new JCEElGamalPrivateKey(info); -- } -+ // BEGIN android-removed -+ // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) -+ // { -+ // return new JCEElGamalPrivateKey(info); -+ // } -+ // END android-removed - else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) - { - return new JDKDSAPrivateKey(info); -@@ -306,14 +339,16 @@ - { - return new JCEECPrivateKey(info); - } -- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) -- { -- return new JDKGOST3410PrivateKey(info); -- } -- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) -- { -- return new JCEECPrivateKey(info); -- } -+ // BEGIN android-removed -+ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) -+ // { -+ // return new JDKGOST3410PrivateKey(info); -+ // } -+ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) -+ // { -+ // return new JCEECPrivateKey(info); -+ // } -+ // END android-removed - else - { - throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); -@@ -444,89 +479,92 @@ - } - } - -- public static class GOST3410 -- extends JDKKeyFactory -- { -- public GOST3410() -- { -- } -- -- protected PrivateKey engineGeneratePrivate( -- KeySpec keySpec) -- throws InvalidKeySpecException -- { -- if (keySpec instanceof GOST3410PrivateKeySpec) -- { -- return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); -- } -- -- return super.engineGeneratePrivate(keySpec); -- } -- -- protected PublicKey engineGeneratePublic( -- KeySpec keySpec) -- throws InvalidKeySpecException -- { -- if (keySpec instanceof GOST3410PublicKeySpec) -- { -- return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); -- } -- -- return super.engineGeneratePublic(keySpec); -- } -- } -- -- public static class ElGamal -- extends JDKKeyFactory -- { -- public ElGamal() -- { -- elGamalFactory = true; -- } -- -- protected PrivateKey engineGeneratePrivate( -- KeySpec keySpec) -- throws InvalidKeySpecException -- { -- if (keySpec instanceof ElGamalPrivateKeySpec) -- { -- return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); -- } -- else if (keySpec instanceof DHPrivateKeySpec) -- { -- return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec); -- } -- -- return super.engineGeneratePrivate(keySpec); -- } -+ // BEGIN android-removed -+ // public static class GOST3410 -+ // extends JDKKeyFactory -+ // { -+ // public GOST3410() -+ // { -+ // } -+ // -+ // protected PrivateKey engineGeneratePrivate( -+ // KeySpec keySpec) -+ // throws InvalidKeySpecException -+ // { -+ // if (keySpec instanceof GOST3410PrivateKeySpec) -+ // { -+ // return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); -+ // } -+ // -+ // return super.engineGeneratePrivate(keySpec); -+ // } -+ // -+ // protected PublicKey engineGeneratePublic( -+ // KeySpec keySpec) -+ // throws InvalidKeySpecException -+ // { -+ // if (keySpec instanceof GOST3410PublicKeySpec) -+ // { -+ // return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); -+ // } -+ // -+ // return super.engineGeneratePublic(keySpec); -+ // } -+ // } - -- protected PublicKey engineGeneratePublic( -- KeySpec keySpec) -- throws InvalidKeySpecException -- { -- if (keySpec instanceof ElGamalPublicKeySpec) -- { -- return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec); -- } -- else if (keySpec instanceof DHPublicKeySpec) -- { -- return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec); -- } -- -- return super.engineGeneratePublic(keySpec); -- } -- } -- -- -- /** -- * This isn't really correct, however the class path project API seems to think such -- * a key factory will exist. -- */ -- public static class X509 -- extends JDKKeyFactory -- { -- public X509() -- { -- } -- } -+ // public static class ElGamal -+ // extends JDKKeyFactory -+ // { -+ // public ElGamal() -+ // { -+ // elGamalFactory = true; -+ // } -+ // -+ // protected PrivateKey engineGeneratePrivate( -+ // KeySpec keySpec) -+ // throws InvalidKeySpecException -+ // { -+ // if (keySpec instanceof ElGamalPrivateKeySpec) -+ // { -+ // return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); -+ // } -+ // else if (keySpec instanceof DHPrivateKeySpec) -+ // { -+ // return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec); -+ // } -+ // -+ // return super.engineGeneratePrivate(keySpec); -+ // } -+ // -+ // protected PublicKey engineGeneratePublic( -+ // KeySpec keySpec) -+ // throws InvalidKeySpecException -+ // { -+ // if (keySpec instanceof ElGamalPublicKeySpec) -+ // { -+ // return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec); -+ // } -+ // else if (keySpec instanceof DHPublicKeySpec) -+ // { -+ // return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec); -+ // } -+ // -+ // return super.engineGeneratePublic(keySpec); -+ // } -+ // } -+ // -+ // -+ // -+ // /** -+ // * This isn't really correct, however the class path project API seems to think such -+ // * a key factory will exist. -+ // */ -+ // public static class X509 -+ // extends JDKKeyFactory -+ // { -+ // public X509() -+ // { -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2012-07-27 18:48:00.031478939 +0000 -@@ -6,9 +6,11 @@ - import org.bouncycastle.crypto.generators.DHParametersGenerator; - import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; - import org.bouncycastle.crypto.generators.DSAParametersGenerator; --import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; --import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; --import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; -+// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -+// import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; -+// END android-removed - import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; - import org.bouncycastle.crypto.params.DHKeyGenerationParameters; - import org.bouncycastle.crypto.params.DHParameters; -@@ -18,20 +20,24 @@ - import org.bouncycastle.crypto.params.DSAParameters; - import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; - import org.bouncycastle.crypto.params.DSAPublicKeyParameters; --import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters; --import org.bouncycastle.crypto.params.ElGamalParameters; --import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; --import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; --import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters; --import org.bouncycastle.crypto.params.GOST3410Parameters; --import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters; --import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters; -+// import org.bouncycastle.crypto.params.ElGamalParameters; -+// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -+// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -+// import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters; -+// import org.bouncycastle.crypto.params.GOST3410Parameters; -+// import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters; -+// import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters; -+// END android-removed - import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; - import org.bouncycastle.crypto.params.RSAKeyParameters; - import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; --import org.bouncycastle.jce.spec.ElGamalParameterSpec; --import org.bouncycastle.jce.spec.GOST3410ParameterSpec; --import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -+// BEGIN android-removed -+// import org.bouncycastle.jce.spec.ElGamalParameterSpec; -+// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -+// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -+// END android-removed - - import java.math.BigInteger; - import java.security.InvalidAlgorithmParameterException; -@@ -163,7 +169,9 @@ - { - if (!initialised) - { -- Integer paramStrength = new Integer(strength); -+ // BEGIN android-changed -+ Integer paramStrength = Integer.valueOf(strength); -+ // END android-changed - - if (params.containsKey(paramStrength)) - { -@@ -260,139 +268,143 @@ - } - } - -- public static class ElGamal -- extends JDKKeyPairGenerator -- { -- ElGamalKeyGenerationParameters param; -- ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); -- int strength = 1024; -- int certainty = 20; -- SecureRandom random = new SecureRandom(); -- boolean initialised = false; -- -- public ElGamal() -- { -- super("ElGamal"); -- } -- -- public void initialize( -- int strength, -- SecureRandom random) -- { -- this.strength = strength; -- this.random = random; -- } -- -- public void initialize( -- AlgorithmParameterSpec params, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) -- { -- throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); -- } -- -- if (params instanceof ElGamalParameterSpec) -- { -- ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; -- -- param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); -- } -- else -- { -- DHParameterSpec dhParams = (DHParameterSpec)params; -- -- param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG(), dhParams.getL())); -- } -- -- engine.init(param); -- initialised = true; -- } -- -- public KeyPair generateKeyPair() -- { -- if (!initialised) -- { -- ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); -- -- pGen.init(strength, certainty, random); -- param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); -- engine.init(param); -- initialised = true; -- } -- -- AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -- ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); -- ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); -- -- return new KeyPair(new JCEElGamalPublicKey(pub), -- new JCEElGamalPrivateKey(priv)); -- } -- } -- -- public static class GOST3410 -- extends JDKKeyPairGenerator -- { -- GOST3410KeyGenerationParameters param; -- GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); -- GOST3410ParameterSpec gost3410Params; -- int strength = 1024; -- SecureRandom random = null; -- boolean initialised = false; -- -- public GOST3410() -- { -- super("GOST3410"); -- } -- -- public void initialize( -- int strength, -- SecureRandom random) -- { -- this.strength = strength; -- this.random = random; -- } -- -- private void init( -- GOST3410ParameterSpec gParams, -- SecureRandom random) -- { -- GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); -- -- param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); -- -- engine.init(param); -- -- initialised = true; -- gost3410Params = gParams; -- } -- -- public void initialize( -- AlgorithmParameterSpec params, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- if (!(params instanceof GOST3410ParameterSpec)) -- { -- throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); -- } -- -- init((GOST3410ParameterSpec)params, random); -- } -- -- public KeyPair generateKeyPair() -- { -- if (!initialised) -- { -- init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); -- } -- -- AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -- GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); -- GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); -- -- return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params)); -- } -- } -+ // BEGIN android-removed -+ // public static class ElGamal -+ // extends JDKKeyPairGenerator -+ // { -+ // ElGamalKeyGenerationParameters param; -+ // ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); -+ // int strength = 1024; -+ // int certainty = 20; -+ // SecureRandom random = new SecureRandom(); -+ // boolean initialised = false; -+ // -+ // public ElGamal() -+ // { -+ // super("ElGamal"); -+ // } -+ // -+ // public void initialize( -+ // int strength, -+ // SecureRandom random) -+ // { -+ // this.strength = strength; -+ // this.random = random; -+ // } -+ // -+ // public void initialize( -+ // AlgorithmParameterSpec params, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) -+ // { -+ // throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); -+ // } -+ // -+ // if (params instanceof ElGamalParameterSpec) -+ // { -+ // ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; -+ -+ // param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); -+ // } -+ // else -+ // { -+ // DHParameterSpec dhParams = (DHParameterSpec)params; -+ // -+ // param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG(), dhParams.getL())); -+ // } -+ // -+ // engine.init(param); -+ // initialised = true; -+ // } -+ // -+ // public KeyPair generateKeyPair() -+ // { -+ // if (!initialised) -+ // { -+ // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); -+ // -+ // pGen.init(strength, certainty, random); -+ // param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); -+ // engine.init(param); -+ // initialised = true; -+ // } -+ // -+ // AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -+ // ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); -+ // ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); -+ // -+ // return new KeyPair(new JCEElGamalPublicKey(pub), -+ // new JCEElGamalPrivateKey(priv)); -+ // } -+ // } -+ // END android-removed -+ -+ // BEGIN android-removed -+ // public static class GOST3410 -+ // extends JDKKeyPairGenerator -+ // { -+ // GOST3410KeyGenerationParameters param; -+ // GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); -+ // GOST3410ParameterSpec gost3410Params; -+ // int strength = 1024; -+ // SecureRandom random = null; -+ // boolean initialised = false; -+ // -+ // public GOST3410() -+ // { -+ // super("GOST3410"); -+ // } -+ // -+ // public void initialize( -+ // int strength, -+ // SecureRandom random) -+ // { -+ // this.strength = strength; -+ // this.random = random; -+ // } -+ // -+ // private void init( -+ // GOST3410ParameterSpec gParams, -+ // SecureRandom random) -+ // { -+ // GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); -+ // -+ // param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); -+ // -+ // engine.init(param); -+ // -+ // initialised = true; -+ // gost3410Params = gParams; -+ // } -+ // -+ // public void initialize( -+ // AlgorithmParameterSpec params, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // if (!(params instanceof GOST3410ParameterSpec)) -+ // { -+ // throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); -+ // } -+ // -+ // init((GOST3410ParameterSpec)params, random); -+ // } -+ // -+ // public KeyPair generateKeyPair() -+ // { -+ // if (!initialised) -+ // { -+ // init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); -+ // } -+ // -+ // AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -+ // GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); -+ // GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); -+ // -+ // return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params)); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-07-27 18:48:00.031478939 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKKeyStore.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-09-11 00:12:44.000000000 +0000 @@ -39,7 +39,12 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -8083,15 +8916,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.io.DigestInputStream; import org.bouncycastle.crypto.io.DigestOutputStream; -@@ -442,6 +447,7 @@ - } - catch (Exception e) - { -+ - throw new IOException("Exception creating key: " + e.toString()); - } - } -@@ -497,7 +503,13 @@ +@@ -498,7 +503,13 @@ if (entry == null) { @@ -8106,7 +8931,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java } table.remove(alias); -@@ -810,12 +822,16 @@ +@@ -817,12 +828,16 @@ // // we only do an integrity check if the password is provided. // @@ -8123,23 +8948,23 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1()); + // END android-changed pbeGen.init(passKey, salt, iterationCount); - CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize()); - Arrays.fill(passKey, (byte)0); -@@ -866,9 +882,11 @@ + + CipherParameters macParams; +@@ -884,9 +899,11 @@ dOut.write(salt); dOut.writeInt(iterationCount); - HMac hMac = new HMac(new SHA1Digest()); + // BEGIN android-changed + HMac hMac = new HMac(new OpenSSLDigest.SHA1()); - MacOutputStream mOut = new MacOutputStream(dOut, hMac); + MacOutputStream mOut = new MacOutputStream(hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1()); + // END android-changed byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); -@@ -956,7 +974,9 @@ +@@ -974,7 +991,9 @@ Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); CipherInputStream cIn = new CipherInputStream(dIn, cipher); @@ -8150,476 +8975,21 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java DigestInputStream dgIn = new DigestInputStream(cIn, dig); this.loadStore(dgIn); -@@ -996,8 +1016,9 @@ +@@ -1013,7 +1032,9 @@ cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); -- DigestOutputStream dgOut = new DigestOutputStream(cOut, new SHA1Digest()); -- +- DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); + // BEGIN android-changed -+ DigestOutputStream dgOut = new DigestOutputStream(cOut, new OpenSSLDigest.SHA1()); ++ DigestOutputStream dgOut = new DigestOutputStream(new OpenSSLDigest.SHA1()); + // END android-changed - this.saveStore(dgOut); - Digest dig = dgOut.getDigest(); -@@ -1009,5 +1030,5 @@ + this.saveStore(new TeeOutputStream(cOut, dgOut)); - cOut.close(); - } -- } -+ } - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java 2012-07-27 18:48:00.031478939 +0000 -@@ -57,36 +57,38 @@ - { - super(new SHA1Digest()); - } -- -+ - public Object clone() - throws CloneNotSupportedException - { - SHA1 d = (SHA1)super.clone(); - d.digest = new SHA1Digest((SHA1Digest)digest); -- -- return d; -- } -- } -- -- static public class SHA224 -- extends JDKMessageDigest -- implements Cloneable -- { -- public SHA224() -- { -- super(new SHA224Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- SHA224 d = (SHA224)super.clone(); -- d.digest = new SHA224Digest((SHA224Digest)digest); -- -+ - return d; - } - } -- -+ -+ // BEGIN android-removed -+ // static public class SHA224 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public SHA224() -+ // { -+ // super(new SHA224Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // SHA224 d = (SHA224)super.clone(); -+ // d.digest = new SHA224Digest((SHA224Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // END android-removed -+ - static public class SHA256 - extends JDKMessageDigest - implements Cloneable -@@ -95,13 +97,13 @@ - { - super(new SHA256Digest()); - } -- -+ - public Object clone() - throws CloneNotSupportedException - { - SHA256 d = (SHA256)super.clone(); - d.digest = new SHA256Digest((SHA256Digest)digest); -- -+ - return d; - } - } -@@ -144,43 +146,45 @@ - } - } - -- static public class MD2 -- extends JDKMessageDigest -- implements Cloneable -- { -- public MD2() -- { -- super(new MD2Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- MD2 d = (MD2)super.clone(); -- d.digest = new MD2Digest((MD2Digest)digest); -- -- return d; -- } -- } -- -- static public class MD4 -- extends JDKMessageDigest -- implements Cloneable -- { -- public MD4() -- { -- super(new MD4Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- MD4 d = (MD4)super.clone(); -- d.digest = new MD4Digest((MD4Digest)digest); -- -- return d; -- } -- } -+ // BEGIN android-removed -+ // static public class MD2 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public MD2() -+ // { -+ // super(new MD2Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // MD2 d = (MD2)super.clone(); -+ // d.digest = new MD2Digest((MD2Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class MD4 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public MD4() -+ // { -+ // super(new MD4Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // MD4 d = (MD4)super.clone(); -+ // d.digest = new MD4Digest((MD4Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // END android-removed - - static public class MD5 - extends JDKMessageDigest -@@ -190,147 +194,149 @@ - { - super(new MD5Digest()); - } -- -+ - public Object clone() - throws CloneNotSupportedException - { - MD5 d = (MD5)super.clone(); - d.digest = new MD5Digest((MD5Digest)digest); -- -- return d; -- } -- } -- -- static public class RIPEMD128 -- extends JDKMessageDigest -- implements Cloneable -- { -- public RIPEMD128() -- { -- super(new RIPEMD128Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- RIPEMD128 d = (RIPEMD128)super.clone(); -- d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); -- -+ - return d; - } - } - -- static public class RIPEMD160 -- extends JDKMessageDigest -- implements Cloneable -- { -- public RIPEMD160() -- { -- super(new RIPEMD160Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- RIPEMD160 d = (RIPEMD160)super.clone(); -- d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); -- -- return d; -- } -- } -- -- static public class RIPEMD256 -- extends JDKMessageDigest -- implements Cloneable -- { -- public RIPEMD256() -- { -- super(new RIPEMD256Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- RIPEMD256 d = (RIPEMD256)super.clone(); -- d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); -- -- return d; -- } -- } -- -- static public class RIPEMD320 -- extends JDKMessageDigest -- implements Cloneable -- { -- public RIPEMD320() -- { -- super(new RIPEMD320Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- RIPEMD320 d = (RIPEMD320)super.clone(); -- d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); -- -- return d; -- } -- } -- -- static public class Tiger -- extends JDKMessageDigest -- implements Cloneable -- { -- public Tiger() -- { -- super(new TigerDigest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- Tiger d = (Tiger)super.clone(); -- d.digest = new TigerDigest((TigerDigest)digest); -- -- return d; -- } -- } -- -- static public class GOST3411 -- extends JDKMessageDigest -- implements Cloneable -- { -- public GOST3411() -- { -- super(new GOST3411Digest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- GOST3411 d = (GOST3411)super.clone(); -- d.digest = new GOST3411Digest((GOST3411Digest)digest); -- -- return d; -- } -- } -- -- static public class Whirlpool -- extends JDKMessageDigest -- implements Cloneable -- { -- public Whirlpool() -- { -- super(new WhirlpoolDigest()); -- } -- -- public Object clone() -- throws CloneNotSupportedException -- { -- Whirlpool d = (Whirlpool)super.clone(); -- d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); -- -- return d; -- } -- } -+ // BEGIN android-removed -+ // static public class RIPEMD128 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public RIPEMD128() -+ // { -+ // super(new RIPEMD128Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // RIPEMD128 d = (RIPEMD128)super.clone(); -+ // d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class RIPEMD160 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public RIPEMD160() -+ // { -+ // super(new RIPEMD160Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // RIPEMD160 d = (RIPEMD160)super.clone(); -+ // d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class RIPEMD256 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public RIPEMD256() -+ // { -+ // super(new RIPEMD256Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // RIPEMD256 d = (RIPEMD256)super.clone(); -+ // d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class RIPEMD320 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public RIPEMD320() -+ // { -+ // super(new RIPEMD320Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // RIPEMD320 d = (RIPEMD320)super.clone(); -+ // d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class Tiger -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public Tiger() -+ // { -+ // super(new TigerDigest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // Tiger d = (Tiger)super.clone(); -+ // d.digest = new TigerDigest((TigerDigest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class GOST3411 -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public GOST3411() -+ // { -+ // super(new GOST3411Digest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // GOST3411 d = (GOST3411)super.clone(); -+ // d.digest = new GOST3411Digest((GOST3411Digest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // -+ // static public class Whirlpool -+ // extends JDKMessageDigest -+ // implements Cloneable -+ // { -+ // public Whirlpool() -+ // { -+ // super(new WhirlpoolDigest()); -+ // } -+ // -+ // public Object clone() -+ // throws CloneNotSupportedException -+ // { -+ // Whirlpool d = (Whirlpool)super.clone(); -+ // d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); -+ // -+ // return d; -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-07-27 18:48:00.031478939 +0000 -@@ -260,10 +260,13 @@ +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-09-11 00:12:44.000000000 +0000 +@@ -261,10 +261,13 @@ } } @@ -8637,7 +9007,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore } /** -@@ -438,6 +441,14 @@ +@@ -439,6 +442,14 @@ public Date engineGetCreationDate(String alias) { @@ -8652,7 +9022,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore return new Date(); } -@@ -496,6 +507,11 @@ +@@ -497,6 +508,11 @@ Certificate[] chain) throws KeyStoreException { @@ -8664,7 +9034,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore if ((key instanceof PrivateKey) && (chain == null)) { throw new KeyStoreException("no certificate chain for private key"); -@@ -507,12 +523,18 @@ +@@ -508,12 +524,18 @@ } keys.put(alias, key); @@ -8683,7 +9053,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore } public int engineSize() -@@ -1488,7 +1510,9 @@ +@@ -1489,7 +1511,9 @@ { byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); @@ -8694,7 +9064,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mSalt, itCount); -@@ -1545,32 +1569,34 @@ +@@ -1546,32 +1570,34 @@ } } @@ -8712,7 +9082,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore - { - public DefPKCS12KeyStore() - { -- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC); +- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - } - } - @@ -8739,7 +9109,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore + // { + // public DefPKCS12KeyStore() + // { -+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC); ++ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); + // } + // } + // @@ -8755,16 +9125,18 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore private static class IgnoresCaseHashtable { -@@ -1579,7 +1605,7 @@ +@@ -1580,7 +1606,9 @@ public void put(String key, Object value) { - String lower = Strings.toLowerCase(key); ++ // BEGIN android-changed + String lower = (key == null) ? null : Strings.toLowerCase(key); ++ // END android-changed String k = (String)keys.get(lower); if (k != null) { -@@ -1597,7 +1623,9 @@ +@@ -1598,7 +1626,9 @@ public Object remove(String alias) { @@ -8775,7 +9147,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore if (k == null) { return null; -@@ -1608,7 +1636,9 @@ +@@ -1609,7 +1639,9 @@ public Object get(String alias) { @@ -8786,149 +9158,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore if (k == null) { return null; -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java 2012-07-27 18:48:00.031478939 +0000 -@@ -7,12 +7,18 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.PBEParametersGenerator; --import org.bouncycastle.crypto.digests.MD2Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA1Digest; - import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.TigerDigest; -+// END android-removed - import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; - import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; - import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -@@ -53,9 +59,11 @@ - { - switch (hash) - { -- case MD2: -- generator = new PKCS5S1ParametersGenerator(new MD2Digest()); -- break; -+ // BEGIN android-removed -+ // case MD2: -+ // generator = new PKCS5S1ParametersGenerator(new MD2Digest()); -+ // break; -+ // END android-removed - case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); - break; -@@ -74,21 +82,25 @@ - { - switch (hash) - { -- case MD2: -- generator = new PKCS12ParametersGenerator(new MD2Digest()); -- break; -+ // BEGIN android-removed -+ // case MD2: -+ // generator = new PKCS12ParametersGenerator(new MD2Digest()); -+ // break; -+ // END android-removed - case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); - break; -- case RIPEMD160: -- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); -- break; -- case TIGER: -- generator = new PKCS12ParametersGenerator(new TigerDigest()); -- break; -+ // BEGIN android-removed -+ // case RIPEMD160: -+ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); -+ // break; -+ // case TIGER: -+ // generator = new PKCS12ParametersGenerator(new TigerDigest()); -+ // break; -+ // END android-removed - case SHA256: - generator = new PKCS12ParametersGenerator(new SHA256Digest()); - break; -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java 2012-07-27 18:48:00.041479127 +0000 -@@ -33,7 +33,9 @@ - import org.bouncycastle.asn1.pkcs.ContentInfo; - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - import org.bouncycastle.asn1.pkcs.SignedData; --import org.bouncycastle.openssl.PEMWriter; -+// BEGIN android-removed -+// import org.bouncycastle.openssl.PEMWriter; -+// END android-removed - - /** - * CertPath implementation for X.509 certificates. -@@ -295,27 +297,29 @@ - return toDEREncoded(new ContentInfo( - PKCSObjectIdentifiers.signedData, sd)); - } -- else if (encoding.equalsIgnoreCase("PEM")) -- { -- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); -- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); -- -- try -- { -- for (int i = 0; i != certificates.size(); i++) -- { -- pWrt.writeObject(certificates.get(i)); -- } -- -- pWrt.close(); -- } -- catch (Exception e) -- { -- throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); -- } -- -- return bOut.toByteArray(); -- } -+ // BEGIN android-removed -+ // else if (encoding.equalsIgnoreCase("PEM")) -+ // { -+ // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); -+ // PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); -+ // -+ // try -+ // { -+ // for (int i = 0; i != certificates.size(); i++) -+ // { -+ // pWrt.writeObject(certificates.get(i)); -+ // } -+ // -+ // pWrt.close(); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); -+ // } -+ // -+ // return bOut.toByteArray(); -+ // } -+ // END android-removed - else - { - throw new CertificateEncodingException("unsupported encoding: " + encoding); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-07-27 18:48:00.031478939 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-09-11 00:12:44.000000000 +0000 @@ -1,5 +1,8 @@ package org.bouncycastle.jce.provider; @@ -8938,15 +9170,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValid import java.security.InvalidAlgorithmParameterException; import java.security.PublicKey; import java.security.cert.CertPath; -@@ -13,6 +16,7 @@ - import java.security.cert.TrustAnchor; - import java.security.cert.X509Certificate; - import java.util.ArrayList; -+import java.util.Arrays; - import java.util.HashSet; - import java.util.Iterator; - import java.util.List; -@@ -33,6 +37,9 @@ +@@ -33,6 +36,9 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi { @@ -8956,7 +9180,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValid public CertPathValidatorResult engineValidate( CertPath certPath, -@@ -75,6 +82,22 @@ +@@ -75,6 +81,22 @@ { throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0); } @@ -8979,7 +9203,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValid // // (b) -@@ -251,6 +274,15 @@ +@@ -251,6 +273,15 @@ for (index = certs.size() - 1; index >= 0; index--) { @@ -8995,9 +9219,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValid // try // { // -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2012-07-27 18:48:00.031478939 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2012-09-11 00:12:44.000000000 +0000 @@ -1533,7 +1533,9 @@ for (Enumeration e = permitted.getObjects(); e.hasMoreElements();) { @@ -9009,143 +9233,11 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstrain if (subtreesMap.get(tagNo) == null) { subtreesMap.put(tagNo, new HashSet()); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java 2012-07-27 18:48:00.031478939 +0000 -@@ -22,8 +22,10 @@ - import javax.crypto.ShortBufferException; - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; --import javax.crypto.spec.RC5ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// import javax.crypto.spec.RC5ParameterSpec; -+// END android-removed - import javax.crypto.spec.SecretKeySpec; - - import org.bouncycastle.asn1.ASN1InputStream; -@@ -36,7 +38,9 @@ - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.InvalidCipherTextException; - import org.bouncycastle.crypto.Wrapper; --import org.bouncycastle.crypto.engines.RC2WrapEngine; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RC2WrapEngine; -+// END android-removed - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; - -@@ -50,8 +54,10 @@ - { - IvParameterSpec.class, - PBEParameterSpec.class, -- RC2ParameterSpec.class, -- RC5ParameterSpec.class -+ // BEGIN android-removed -+ // RC2ParameterSpec.class, -+ // RC5ParameterSpec.class -+ // END android-removed - }; - - protected int pbeType = PKCS12; -@@ -263,16 +269,19 @@ - return null; - } - -+ // BEGIN android-changed -+ // added ShortBufferException to throws statement - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) -- throws IllegalBlockSizeException, BadPaddingException -+ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - return 0; - } -+ // END android-changed - - protected byte[] engineWrap( - Key key) -@@ -305,7 +314,12 @@ - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) -- throws InvalidKeyException -+ // BEGIN android-removed -+ // throws InvalidKeyException -+ // END android-removed -+ // BEGIN android-added -+ throws InvalidKeyException, NoSuchAlgorithmException -+ // END android-added - { - byte[] encoded; - try -@@ -356,10 +370,12 @@ - { - privKey = new JCEECPrivateKey(in); - } -- else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94)) -- { -- privKey = new JDKGOST3410PrivateKey(in); -- } -+ // BEGIN android-removed -+ // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94)) -+ // { -+ // privKey = new JDKGOST3410PrivateKey(in); -+ // } -+ // END android-removed - else if (oid.equals(X9ObjectIdentifiers.id_dsa)) - { - privKey = new JDKDSAPrivateKey(in); -@@ -403,10 +419,12 @@ - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } -- catch (NoSuchAlgorithmException e) -- { -- throw new InvalidKeyException("Unknown key type " + e.getMessage()); -- } -+ // BEGIN android-removed -+ // catch (NoSuchAlgorithmException e) -+ // { -+ // throw new InvalidKeyException("Unknown key type " + e.getMessage()); -+ // } -+ // END android-removed - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); -@@ -420,12 +438,14 @@ - // classes that inherit directly from us - // - -- public static class RC2Wrap -- extends WrapCipherSpi -- { -- public RC2Wrap() -- { -- super(new RC2WrapEngine()); -- } -- } -+ // BEGIN android-removed -+ // public static class RC2Wrap -+ // extends WrapCipherSpi -+ // { -+ // public RC2Wrap() -+ // { -+ // super(new RC2WrapEngine()); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java 2012-07-27 18:48:00.031478939 +0000 -@@ -520,12 +520,20 @@ - return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo()); +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509CertificateObject.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509CertificateObject.java 2012-09-11 00:12:44.000000000 +0000 +@@ -544,12 +544,20 @@ + } } + // BEGIN android-changed @@ -9156,28 +9248,19 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateOb { try { -- return c.getEncoded(ASN1Encodable.DER); +- return c.getEncoded(ASN1Encoding.DER); + // BEGIN android-changed + if (encoded == null) { -+ encoded = c.getEncoded(ASN1Encodable.DER); ++ encoded = c.getEncoded(ASN1Encoding.DER); + } + return encoded; + // END android-changed } catch (IOException e) { -@@ -711,7 +719,7 @@ - { - Signature signature; - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); -- -+ - try - { - signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-07-27 18:48:00.031478939 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509SignatureUtil.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-09-11 00:12:44.000000000 +0000 @@ -25,7 +25,9 @@ class X509SignatureUtil @@ -9268,1564 +9351,21 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil else { return digestAlgOID.getId(); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java 2012-07-27 18:48:00.031478939 +0000 -@@ -4,8 +4,10 @@ - - import org.bouncycastle.asn1.DERObjectIdentifier; - import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; --import org.bouncycastle.asn1.eac.EACObjectIdentifiers; +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-147/org/bouncycastle/x509/X509Util.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/x509/X509Util.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/x509/X509Util.java 2012-09-11 00:12:44.000000000 +0000 +@@ -30,7 +30,9 @@ + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed -+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - - public class EC -@@ -16,39 +18,49 @@ - public Mappings() - { - put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH"); -- put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC"); -- put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV"); -- put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF"); -- put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF"); -+ // BEGIN android-removed -+ // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC"); -+ // put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV"); -+ // put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF"); -+ // put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF"); -+ // END android-removed - - put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC"); -- put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA"); -- put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH"); -- put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC"); -- put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV"); -+ // BEGIN android-removed -+ // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA"); -+ // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH"); -+ // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC"); -+ // put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV"); -+ // END android-removed - put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC"); - // TODO Should this be an alias for ECDH? - put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); -- put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV"); -- -- put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410"); -- put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); -- put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); -- put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); -+ // BEGIN android-removed -+ // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV"); -+ // -+ // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410"); -+ // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); -+ // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); -+ // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); -+ // END android-removed - - put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC"); -- put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA"); -- put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH"); -- put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC"); -- put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH"); -- put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV"); -+ // BEGIN android-removed -+ // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA"); -+ // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH"); -+ // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC"); -+ // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH"); -+ // put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV"); -+ // END android-removed - // TODO Should this be an alias for ECDH? - put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); -- put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV"); -- -- put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410"); -- put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); -- put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); -+ // BEGIN android-removed -+ // put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV"); -+ // -+ // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410"); -+ // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); -+ // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); -+ // END android-removed - - put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA"); - put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone"); -@@ -60,23 +72,27 @@ - put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); - put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); - put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); -- put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); -- -- addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); -+ // BEGIN android-removed -+ // put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); -+ // -+ // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); -+ // END android-removed - addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); - addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); - addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); -- addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); -- -- put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR"); -- put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224"); -- put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256"); -- put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384"); -- put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512"); -- -- addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); -- addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); -- addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); -+ // BEGIN android-removed -+ // addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); -+ // -+ // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR"); -+ // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224"); -+ // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256"); -+ // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384"); -+ // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512"); -+ // -+ // addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); -+ // addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); -+ // addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); -+ // END android-removed - } - - private void addSignatureAlgorithm( -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2012-07-27 18:48:00.031478939 +0000 -@@ -1,10 +1,14 @@ - package org.bouncycastle.jce.provider.asymmetric.ec; - - import org.bouncycastle.asn1.DERObjectIdentifier; --import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// END android-removed - import org.bouncycastle.asn1.nist.NISTNamedCurves; - import org.bouncycastle.asn1.sec.SECNamedCurves; --import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// END android-removed - import org.bouncycastle.asn1.x9.X962NamedCurves; - import org.bouncycastle.asn1.x9.X9ECParameters; - import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -@@ -167,14 +171,16 @@ - { - oid = NISTNamedCurves.getOID(name); - } -- if (oid == null) -- { -- oid = TeleTrusTNamedCurves.getOID(name); -- } -- if (oid == null) -- { -- oid = ECGOST3410NamedCurves.getOID(name); -- } -+ // BEGIN android-removed -+ // if (oid == null) -+ // { -+ // oid = TeleTrusTNamedCurves.getOID(name); -+ // } -+ // if (oid == null) -+ // { -+ // oid = ECGOST3410NamedCurves.getOID(name); -+ // } -+ // END android-removed - } - - return oid; -@@ -192,10 +198,12 @@ - { - params = NISTNamedCurves.getByOID(oid); - } -- if (params == null) -- { -- params = TeleTrusTNamedCurves.getByOID(oid); -- } -+ // BEGIN android-removed -+ // if (params == null) -+ // { -+ // params = TeleTrusTNamedCurves.getByOID(oid); -+ // } -+ // END android-removed - } - - return params; -@@ -213,14 +221,16 @@ - { - name = NISTNamedCurves.getName(oid); - } -- if (name == null) -- { -- name = TeleTrusTNamedCurves.getName(oid); -- } -- if (name == null) -- { -- name = ECGOST3410NamedCurves.getName(oid); -- } -+ // BEGIN android-removed -+ // if (name == null) -+ // { -+ // name = TeleTrusTNamedCurves.getName(oid); -+ // } -+ // if (name == null) -+ // { -+ // name = ECGOST3410NamedCurves.getName(oid); -+ // } -+ // END android-removed - } - - return name; -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2012-07-27 18:48:00.031478939 +0000 -@@ -24,20 +24,26 @@ - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.DerivationFunction; - import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; --import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; --import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; --import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; --import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; -+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; -+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; -+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA1Digest; - import org.bouncycastle.crypto.params.ECDomainParameters; - import org.bouncycastle.crypto.params.ECPrivateKeyParameters; - import org.bouncycastle.crypto.params.ECPublicKeyParameters; --import org.bouncycastle.crypto.params.MQVPrivateParameters; --import org.bouncycastle.crypto.params.MQVPublicParameters; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.params.MQVPrivateParameters; -+// import org.bouncycastle.crypto.params.MQVPublicParameters; -+// END android-removed - import org.bouncycastle.jce.interfaces.ECPrivateKey; - import org.bouncycastle.jce.interfaces.ECPublicKey; --import org.bouncycastle.jce.interfaces.MQVPrivateKey; --import org.bouncycastle.jce.interfaces.MQVPublicKey; -+// BEGIN android-removed -+// import org.bouncycastle.jce.interfaces.MQVPrivateKey; -+// import org.bouncycastle.jce.interfaces.MQVPublicKey; -+// END android-removed - - /** - * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363 -@@ -53,9 +59,11 @@ - - static - { -- Integer i128 = new Integer(128); -- Integer i192 = new Integer(192); -- Integer i256 = new Integer(256); -+ // BEGIN android-changed -+ Integer i128 = Integer.valueOf(128); -+ Integer i192 = Integer.valueOf(192); -+ Integer i256 = Integer.valueOf(256); -+ // END android-changed - - algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128); - algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192); -@@ -70,7 +78,9 @@ - private BigInteger result; - private ECDomainParameters parameters; - private BasicAgreement agreement; -- private DerivationFunction kdf; -+ // BEGIN android-removed -+ // private DerivationFunction kdf; -+ // END android-removed - - private byte[] bigIntToBytes( - BigInteger r) -@@ -85,7 +95,9 @@ - { - this.kaAlgorithm = kaAlgorithm; - this.agreement = agreement; -- this.kdf = kdf; -+ // BEGIN android-removed -+ // this.kdf = kdf; -+ // END android-removed - } - - protected Key engineDoPhase( -@@ -104,25 +116,27 @@ - } - - CipherParameters pubKey; -- if (agreement instanceof ECMQVBasicAgreement) -- { -- if (!(key instanceof MQVPublicKey)) -- { -- throw new InvalidKeyException(kaAlgorithm + " key agreement requires " -- + getSimpleName(MQVPublicKey.class) + " for doPhase"); -- } -- -- MQVPublicKey mqvPubKey = (MQVPublicKey)key; -- ECPublicKeyParameters staticKey = (ECPublicKeyParameters) -- ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); -- ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) -- ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); -- -- pubKey = new MQVPublicParameters(staticKey, ephemKey); -- -- // TODO Validate that all the keys are using the same parameters? -- } -- else -+ // BEGIN android-removed -+ // if (agreement instanceof ECMQVBasicAgreement) -+ // { -+ // if (!(key instanceof MQVPublicKey)) -+ // { -+ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " -+ // + getSimpleName(MQVPublicKey.class) + " for doPhase"); -+ // } -+ // -+ // MQVPublicKey mqvPubKey = (MQVPublicKey)key; -+ // ECPublicKeyParameters staticKey = (ECPublicKeyParameters) -+ // ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); -+ // ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) -+ // ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); -+ // -+ // pubKey = new MQVPublicParameters(staticKey, ephemKey); -+ // -+ // // TODO Validate that all the keys are using the same parameters? -+ // } -+ // else -+ // END android-removed - { - if (!(key instanceof ECPublicKey)) - { -@@ -143,11 +157,13 @@ - protected byte[] engineGenerateSecret() - throws IllegalStateException - { -- if (kdf != null) -- { -- throw new UnsupportedOperationException( -- "KDF can only be used when algorithm is known"); -- } -+ // BEGIN android-removed -+ // if (kdf != null) -+ // { -+ // throw new UnsupportedOperationException( -+ // "KDF can only be used when algorithm is known"); -+ // } -+ // END android-removed - - return bigIntToBytes(result); - } -@@ -175,23 +191,25 @@ - { - byte[] secret = bigIntToBytes(result); - -- if (kdf != null) -- { -- if (!algorithms.containsKey(algorithm)) -- { -- throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); -- } -- -- int keySize = ((Integer)algorithms.get(algorithm)).intValue(); -- -- DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); -- -- byte[] keyBytes = new byte[keySize / 8]; -- kdf.init(params); -- kdf.generateBytes(keyBytes, 0, keyBytes.length); -- secret = keyBytes; -- } -- else -+ // BEGIN android-removed -+ // if (kdf != null) -+ // { -+ // if (!algorithms.containsKey(algorithm)) -+ // { -+ // throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); -+ // } -+ // -+ // int keySize = ((Integer)algorithms.get(algorithm)).intValue(); -+ // -+ // DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); -+ // -+ // byte[] keyBytes = new byte[keySize / 8]; -+ // kdf.init(params); -+ // kdf.generateBytes(keyBytes, 0, keyBytes.length); -+ // secret = keyBytes; -+ // } -+ // else -+ // END android-removed - { - // TODO Should we be ensuring the key is the right length? - } -@@ -219,35 +237,37 @@ - private void initFromKey(Key key) - throws InvalidKeyException - { -- if (agreement instanceof ECMQVBasicAgreement) -- { -- if (!(key instanceof MQVPrivateKey)) -- { -- throw new InvalidKeyException(kaAlgorithm + " key agreement requires " -- + getSimpleName(MQVPrivateKey.class) + " for initialisation"); -- } -- -- MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; -- ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) -- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); -- ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) -- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); -- -- ECPublicKeyParameters ephemPubKey = null; -- if (mqvPrivKey.getEphemeralPublicKey() != null) -- { -- ephemPubKey = (ECPublicKeyParameters) -- ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); -- } -- -- MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); -- this.parameters = staticPrivKey.getParameters(); -- -- // TODO Validate that all the keys are using the same parameters? -- -- agreement.init(localParams); -- } -- else -+ // BEGIN android-removed -+ // if (agreement instanceof ECMQVBasicAgreement) -+ // { -+ // if (!(key instanceof MQVPrivateKey)) -+ // { -+ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " -+ // + getSimpleName(MQVPrivateKey.class) + " for initialisation"); -+ // } -+ // -+ // MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; -+ // ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) -+ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); -+ // ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) -+ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); -+ // -+ // ECPublicKeyParameters ephemPubKey = null; -+ // if (mqvPrivKey.getEphemeralPublicKey() != null) -+ // { -+ // ephemPubKey = (ECPublicKeyParameters) -+ // ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); -+ // } -+ // -+ // MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); -+ // this.parameters = staticPrivKey.getParameters(); -+ // -+ // // TODO Validate that all the keys are using the same parameters? -+ // -+ // agreement.init(localParams); -+ // } -+ // else -+ // END android-removed - { - if (!(key instanceof ECPrivateKey)) - { -@@ -278,39 +298,41 @@ - } - } - -- public static class DHC -- extends KeyAgreement -- { -- public DHC() -- { -- super("ECDHC", new ECDHCBasicAgreement(), null); -- } -- } -- -- public static class MQV -- extends KeyAgreement -- { -- public MQV() -- { -- super("ECMQV", new ECMQVBasicAgreement(), null); -- } -- } -- -- public static class DHwithSHA1KDF -- extends KeyAgreement -- { -- public DHwithSHA1KDF() -- { -- super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); -- } -- } -- -- public static class MQVwithSHA1KDF -- extends KeyAgreement -- { -- public MQVwithSHA1KDF() -- { -- super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); -- } -- } -+ // BEGIN android-removed -+ // public static class DHC -+ // extends KeyAgreement -+ // { -+ // public DHC() -+ // { -+ // super("ECDHC", new ECDHCBasicAgreement(), null); -+ // } -+ // } -+ // -+ // public static class MQV -+ // extends KeyAgreement -+ // { -+ // public MQV() -+ // { -+ // super("ECMQV", new ECMQVBasicAgreement(), null); -+ // } -+ // } -+ // -+ // public static class DHwithSHA1KDF -+ // extends KeyAgreement -+ // { -+ // public DHwithSHA1KDF() -+ // { -+ // super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); -+ // } -+ // } -+ // -+ // public static class MQVwithSHA1KDF -+ // extends KeyAgreement -+ // { -+ // public MQVwithSHA1KDF() -+ // { -+ // super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2012-07-27 18:48:00.031478939 +0000 -@@ -10,10 +10,14 @@ - import java.util.Hashtable; - - import org.bouncycastle.asn1.DERObjectIdentifier; --import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// END android-removed - import org.bouncycastle.asn1.nist.NISTNamedCurves; - import org.bouncycastle.asn1.sec.SECNamedCurves; --import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// END android-removed - import org.bouncycastle.asn1.x9.X962NamedCurves; - import org.bouncycastle.asn1.x9.X9ECParameters; - import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -@@ -56,13 +60,15 @@ - static { - ecParameters = new Hashtable(); - -- ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 -- ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1")); -- ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 -- -- ecParameters.put(new Integer(224), new ECGenParameterSpec("P-224")); -- ecParameters.put(new Integer(384), new ECGenParameterSpec("P-384")); -- ecParameters.put(new Integer(521), new ECGenParameterSpec("P-521")); -+ // BEGIN android-changed -+ ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 -+ ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1")); -+ ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 -+ -+ ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224")); -+ ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384")); -+ ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521")); -+ // END android-changed - } - - public EC() -@@ -83,8 +89,16 @@ - SecureRandom random) - { - this.strength = strength; -+ // BEGIN android-added -+ if (random != null) { -+ // END android-added - this.random = random; -- this.ecParams = ecParameters.get(new Integer(strength)); -+ // BEGIN android-added -+ } -+ // END android-added -+ // BEGIN android-changed -+ this.ecParams = ecParameters.get(Integer.valueOf(strength)); -+ // END android-changed - - if (ecParams != null) - { -@@ -108,6 +122,11 @@ - SecureRandom random) - throws InvalidAlgorithmParameterException - { -+ // BEGIN android-added -+ if (random == null) { -+ random = this.random; -+ } -+ // END android-added - if (params instanceof ECParameterSpec) - { - ECParameterSpec p = (ECParameterSpec)params; -@@ -135,23 +154,25 @@ - { - final String curveName = ((ECGenParameterSpec)params).getName(); - -- if (this.algorithm.equals("ECGOST3410")) -- { -- ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName); -- if (ecP == null) -- { -- throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); -- } -- -- this.ecParams = new ECNamedCurveSpec( -- curveName, -- ecP.getCurve(), -- ecP.getG(), -- ecP.getN(), -- ecP.getH(), -- ecP.getSeed()); -- } -- else -+ // BEGIN android-removed -+ // if (this.algorithm.equals("ECGOST3410")) -+ // { -+ // ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName); -+ // if (ecP == null) -+ // { -+ // throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); -+ // } -+ // -+ // this.ecParams = new ECNamedCurveSpec( -+ // curveName, -+ // ecP.getCurve(), -+ // ecP.getG(), -+ // ecP.getN(), -+ // ecP.getH(), -+ // ecP.getSeed()); -+ // } -+ // else -+ // END android-removed - { - X9ECParameters ecP = X962NamedCurves.getByName(curveName); - if (ecP == null) -@@ -161,10 +182,12 @@ - { - ecP = NISTNamedCurves.getByName(curveName); - } -- if (ecP == null) -- { -- ecP = TeleTrusTNamedCurves.getByName(curveName); -- } -+ // BEGIN android-removed -+ // if (ecP == null) -+ // { -+ // ecP = TeleTrusTNamedCurves.getByName(curveName); -+ // } -+ // END android-removed - if (ecP == null) - { - // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) -@@ -180,10 +203,12 @@ - { - ecP = NISTNamedCurves.getByOID(oid); - } -- if (ecP == null) -- { -- ecP = TeleTrusTNamedCurves.getByOID(oid); -- } -+ // BEGIN android-removed -+ // if (ecP == null) -+ // { -+ // ecP = TeleTrusTNamedCurves.getByOID(oid); -+ // } -+ // END android-removed - if (ecP == null) - { - throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); -@@ -239,7 +264,15 @@ - { - if (!initialised) - { -- throw new IllegalStateException("EC Key Pair Generator not initialised"); -+ // BEGIN android-removed -+ // throw new IllegalStateException("EC Key Pair Generator not initialised"); -+ // END android-removed -+ // BEGIN android-added -+ /* -+ * KeyPairGenerator documentation says that a default initialization must be provided -+ */ -+ initialize(192, random); -+ // END android-added - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -@@ -279,14 +312,16 @@ - } - } - -- public static class ECGOST3410 -- extends EC -- { -- public ECGOST3410() -- { -- super("ECGOST3410"); -- } -- } -+ // BEGIN android-removed -+ // public static class ECGOST3410 -+ // extends EC -+ // { -+ // public ECGOST3410() -+ // { -+ // super("ECGOST3410"); -+ // } -+ // } -+ // END android-removed - - public static class ECDH - extends EC -@@ -314,4 +349,4 @@ - super("ECMQV"); - } - } --} -\ No newline at end of file -+} -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2012-07-27 18:48:00.031478939 +0000 -@@ -18,15 +18,21 @@ - import org.bouncycastle.crypto.DSA; - import org.bouncycastle.crypto.Digest; - import org.bouncycastle.crypto.digests.NullDigest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// END android-removed - import org.bouncycastle.crypto.digests.SHA256Digest; - import org.bouncycastle.crypto.digests.SHA384Digest; - import org.bouncycastle.crypto.digests.SHA512Digest; - import org.bouncycastle.crypto.params.ParametersWithRandom; - import org.bouncycastle.crypto.signers.ECDSASigner; --import org.bouncycastle.crypto.signers.ECNRSigner; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.signers.ECNRSigner; -+// END android-removed - import org.bouncycastle.jce.interfaces.ECKey; - import org.bouncycastle.jce.provider.DSABase; - import org.bouncycastle.jce.provider.DSAEncoder; -@@ -122,14 +128,16 @@ - } - } - -- static public class ecDSA224 -- extends Signature -- { -- public ecDSA224() -- { -- super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); -- } -- } -+ // BEGIN android-removed -+ // static public class ecDSA224 -+ // extends Signature -+ // { -+ // public ecDSA224() -+ // { -+ // super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // END android-removed - - static public class ecDSA256 - extends Signature -@@ -158,86 +166,88 @@ - } - } - -- static public class ecDSARipeMD160 -- extends Signature -- { -- public ecDSARipeMD160() -- { -- super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); -- } -- } -- -- static public class ecNR -- extends Signature -- { -- public ecNR() -- { -- super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); -- } -- } -- -- static public class ecNR224 -- extends Signature -- { -- public ecNR224() -- { -- super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); -- } -- } -- -- static public class ecNR256 -- extends Signature -- { -- public ecNR256() -- { -- super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); -- } -- } -- -- static public class ecNR384 -- extends Signature -- { -- public ecNR384() -- { -- super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); -- } -- } -- -- static public class ecNR512 -- extends Signature -- { -- public ecNR512() -- { -- super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); -- } -- } -- -- static public class ecCVCDSA -- extends Signature -- { -- public ecCVCDSA() -- { -- super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder()); -- } -- } -- -- static public class ecCVCDSA224 -- extends Signature -- { -- public ecCVCDSA224() -- { -- super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder()); -- } -- } -- -- static public class ecCVCDSA256 -- extends Signature -- { -- public ecCVCDSA256() -- { -- super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); -- } -- } -+ // BEGIN android-removed -+ // static public class ecDSARipeMD160 -+ // extends Signature -+ // { -+ // public ecDSARipeMD160() -+ // { -+ // super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecNR -+ // extends Signature -+ // { -+ // public ecNR() -+ // { -+ // super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecNR224 -+ // extends Signature -+ // { -+ // public ecNR224() -+ // { -+ // super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecNR256 -+ // extends Signature -+ // { -+ // public ecNR256() -+ // { -+ // super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecNR384 -+ // extends Signature -+ // { -+ // public ecNR384() -+ // { -+ // super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecNR512 -+ // extends Signature -+ // { -+ // public ecNR512() -+ // { -+ // super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecCVCDSA -+ // extends Signature -+ // { -+ // public ecCVCDSA() -+ // { -+ // super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecCVCDSA224 -+ // extends Signature -+ // { -+ // public ecCVCDSA224() -+ // { -+ // super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder()); -+ // } -+ // } -+ // -+ // static public class ecCVCDSA256 -+ // extends Signature -+ // { -+ // public ecCVCDSA256() -+ // { -+ // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); -+ // } -+ // } -+ // END android-removed - - private static class StdDSAEncoder - implements DSAEncoder -@@ -331,4 +341,4 @@ - return sig; - } - } --} -\ No newline at end of file -+} -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java 2012-07-27 18:48:00.031478939 +0000 -@@ -13,8 +13,10 @@ - import org.bouncycastle.crypto.CipherKeyGenerator; - import org.bouncycastle.crypto.engines.AESFastEngine; - import org.bouncycastle.crypto.engines.AESWrapEngine; --import org.bouncycastle.crypto.engines.RFC3211WrapEngine; --import org.bouncycastle.crypto.macs.CMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -+// import org.bouncycastle.crypto.macs.CMac; -+// END android-removed - import org.bouncycastle.crypto.modes.CBCBlockCipher; - import org.bouncycastle.crypto.modes.CFBBlockCipher; - import org.bouncycastle.crypto.modes.OFBBlockCipher; -@@ -41,41 +43,43 @@ - } - } - -- public static class CBC -- extends JCEBlockCipher -- { -- public CBC() -- { -- super(new CBCBlockCipher(new AESFastEngine()), 128); -- } -- } -- -- static public class CFB -- extends JCEBlockCipher -- { -- public CFB() -- { -- super(new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 128)), 128); -- } -- } -- -- static public class OFB -- extends JCEBlockCipher -- { -- public OFB() -- { -- super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128); -- } -- } -- -- public static class AESCMAC -- extends JCEMac -- { -- public AESCMAC() -- { -- super(new CMac(new AESFastEngine())); -- } -- } -+ // BEGIN android-removed -+ // public static class CBC -+ // extends JCEBlockCipher -+ // { -+ // public CBC() -+ // { -+ // super(new CBCBlockCipher(new AESFastEngine()), 128); -+ // } -+ // } -+ // -+ // static public class CFB -+ // extends JCEBlockCipher -+ // { -+ // public CFB() -+ // { -+ // super(new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 128)), 128); -+ // } -+ // } -+ // -+ // static public class OFB -+ // extends JCEBlockCipher -+ // { -+ // public OFB() -+ // { -+ // super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128); -+ // } -+ // } -+ // -+ // public static class AESCMAC -+ // extends JCEMac -+ // { -+ // public AESCMAC() -+ // { -+ // super(new CMac(new AESFastEngine())); -+ // } -+ // } -+ // END android-removed - - static public class Wrap - extends WrapCipherSpi -@@ -86,14 +90,16 @@ - } - } - -- public static class RFC3211Wrap -- extends WrapCipherSpi -- { -- public RFC3211Wrap() -- { -- super(new RFC3211WrapEngine(new AESFastEngine()), 16); -- } -- } -+ // BEGIN android-removed -+ // public static class RFC3211Wrap -+ // extends WrapCipherSpi -+ // { -+ // public RFC3211Wrap() -+ // { -+ // super(new RFC3211WrapEngine(new AESFastEngine()), 16); -+ // } -+ // } -+ // END android-removed - - public static class KeyGen - extends JCEKeyGenerator -@@ -109,70 +115,72 @@ - } - } - -- public static class KeyGen128 -- extends KeyGen -- { -- public KeyGen128() -- { -- super(128); -- } -- } -- -- public static class KeyGen192 -- extends KeyGen -- { -- public KeyGen192() -- { -- super(192); -- } -- } -- -- public static class KeyGen256 -- extends KeyGen -- { -- public KeyGen256() -- { -- super(256); -- } -- } -- -- public static class AlgParamGen -- extends JDKAlgorithmParameterGenerator -- { -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() -- { -- byte[] iv = new byte[16]; -- -- if (random == null) -- { -- random = new SecureRandom(); -- } -- -- random.nextBytes(iv); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new IvParameterSpec(iv)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; -- } -- } -+ // BEGIN android-removed -+ // public static class KeyGen128 -+ // extends KeyGen -+ // { -+ // public KeyGen128() -+ // { -+ // super(128); -+ // } -+ // } -+ // -+ // public static class KeyGen192 -+ // extends KeyGen -+ // { -+ // public KeyGen192() -+ // { -+ // super(192); -+ // } -+ // } -+ // -+ // public static class KeyGen256 -+ // extends KeyGen -+ // { -+ // public KeyGen256() -+ // { -+ // super(256); -+ // } -+ // } -+ // -+ // public static class AlgParamGen -+ // extends JDKAlgorithmParameterGenerator -+ // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() -+ // { -+ // byte[] iv = new byte[16]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } -+ // -+ // random.nextBytes(iv); -+ // -+ // AlgorithmParameters params; -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new IvParameterSpec(iv)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // -+ // return params; -+ // } -+ // } -+ // END android-removed - - public static class AlgParams - extends JDKAlgorithmParameters.IVAlgorithmParameters -@@ -205,58 +213,66 @@ - put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - -- put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen"); -- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); -- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); -- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); -- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); -- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); -- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); -+ // BEGIN android-removed -+ // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen"); -+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); -+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); -+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); -+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); -+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); -+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); -+ // END android-removed - - put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB"); - put("Alg.Alias.Cipher." + wrongAES128, "AES"); - put("Alg.Alias.Cipher." + wrongAES192, "AES"); - put("Alg.Alias.Cipher." + wrongAES256, "AES"); -- put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); -- put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); -- put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); -- put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); -- put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); -+ // BEGIN android-removed -+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); -+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); -+ // END android-removed - put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); -- put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap"); -+ // BEGIN android-removed -+ // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap"); -+ // END android-removed - - put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen"); -- put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -- put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -- put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -- put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -- -- put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC"); -+ // BEGIN android-removed -+ // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -+ // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -+ // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -+ // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); -+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); -+ // -+ // put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC"); -+ // END android-removed - } - } - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java 2012-07-27 18:48:00.031478939 +0000 -@@ -27,7 +27,9 @@ - { - public KeyGen() - { -- super("RC4", 128, new CipherKeyGenerator()); -+ // BEGIN android-changed -+ super("ARC4", 128, new CipherKeyGenerator()); -+ // END android-changed - } - } - -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2012-07-27 18:48:00.031478939 +0000 -@@ -57,7 +57,9 @@ - public Mappings() - { - put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB"); -- put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC"); -+ // BEGIN android-removed -+ // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC"); -+ // END android-removed - put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen"); - put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); - put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams"); -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java ---- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java 2012-07-27 18:48:00.031478939 +0000 -@@ -14,11 +14,15 @@ - import org.bouncycastle.crypto.KeyGenerationParameters; - import org.bouncycastle.crypto.engines.DESedeEngine; - import org.bouncycastle.crypto.engines.DESedeWrapEngine; --import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -+// END android-removed - import org.bouncycastle.crypto.generators.DESedeKeyGenerator; - import org.bouncycastle.crypto.macs.CBCBlockCipherMac; --import org.bouncycastle.crypto.macs.CFBBlockCipherMac; --import org.bouncycastle.crypto.macs.CMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// import org.bouncycastle.crypto.macs.CMac; -+// END android-removed - import org.bouncycastle.crypto.modes.CBCBlockCipher; - import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.jce.provider.JCEBlockCipher; -@@ -51,17 +55,19 @@ - } - } - -- /** -- * DESede CFB8 -- */ -- public static class DESedeCFB8 -- extends JCEMac -- { -- public DESedeCFB8() -- { -- super(new CFBBlockCipherMac(new DESedeEngine())); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * DESede CFB8 -+ // */ -+ // public static class DESedeCFB8 -+ // extends JCEMac -+ // { -+ // public DESedeCFB8() -+ // { -+ // super(new CFBBlockCipherMac(new DESedeEngine())); -+ // } -+ // } -+ // END android-removed - - /** - * DESede64 -@@ -96,14 +102,16 @@ - } - } - -- static public class CMAC -- extends JCEMac -- { -- public CMAC() -- { -- super(new CMac(new DESedeEngine())); -- } -- } -+ // BEGIN android-removed -+ // static public class CMAC -+ // extends JCEMac -+ // { -+ // public CMAC() -+ // { -+ // super(new CMac(new DESedeEngine())); -+ // } -+ // } -+ // END android-removed - - public static class Wrap - extends WrapCipherSpi -@@ -114,14 +122,16 @@ - } - } - -- public static class RFC3211 -- extends WrapCipherSpi -- { -- public RFC3211() -- { -- super(new RFC3211WrapEngine(new DESedeEngine()), 8); -- } -- } -+ // BEGIN android-removed -+ // public static class RFC3211 -+ // extends WrapCipherSpi -+ // { -+ // public RFC3211() -+ // { -+ // super(new RFC3211WrapEngine(new DESedeEngine()), 8); -+ // } -+ // } -+ // END android-removed - - /** - * DESede - the default for this is to generate a key in -@@ -262,32 +272,42 @@ - public Mappings() - { - put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB"); -- put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC"); -- put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC"); -+ // BEGIN android-removed -+ // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC"); -+ // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC"); -+ // END android-removed - put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap"); -- put("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "org.bouncycastle.jce.provider.symmetric.DESede$Wrap"); -- put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211"); -+ // BEGIN android-changed -+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211"); -+ // END android-removed - - put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator"); -- put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3"); -- put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator"); -+ // BEGIN android-removed -+ // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3"); -+ // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator"); -+ // END android-removed - - put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory"); - -- put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC"); -- put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC"); -- put("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); -- -- put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8"); -- put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); -- -- put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64"); -- put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); -- -- put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4"); -- put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -- put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -- put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -+ // BEGIN android-removed -+ // put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC"); -+ // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC"); -+ // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); -+ // -+ // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8"); -+ // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); -+ // -+ // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64"); -+ // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); -+ // -+ // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4"); -+ // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -+ // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -+ // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -+ // END android-removed - } - } - } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java ---- bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java 2012-07-27 18:48:00.031478939 +0000 -@@ -45,10 +45,12 @@ - PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC); - PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC); - -- KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), new Integer(192)); -- KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), new Integer(128)); -- KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), new Integer(192)); -- KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), new Integer(256)); -+ // BEGIN android-changed -+ KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integer.valueOf(192)); -+ KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), Integer.valueOf(128)); -+ KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), Integer.valueOf(192)); -+ KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), Integer.valueOf(256)); -+ // END android-changed - } - - static int getKeySize(String algorithm) -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java ---- bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java 2012-07-27 18:48:00.011478563 +0000 -@@ -44,14 +44,18 @@ + import org.bouncycastle.jce.X509Principal; +@@ -44,14 +46,18 @@ static { @@ -10848,7 +9388,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk1 algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); -@@ -59,45 +63,59 @@ +@@ -59,45 +65,59 @@ algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); @@ -10924,7 +9464,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk1 noParams.add(NISTObjectIdentifiers.dsa_with_sha256); noParams.add(NISTObjectIdentifiers.dsa_with_sha384); noParams.add(NISTObjectIdentifiers.dsa_with_sha512); -@@ -105,25 +123,39 @@ +@@ -105,25 +125,39 @@ // // RFC 4491 // @@ -10973,7 +9513,7 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk1 params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); } -@@ -166,7 +198,9 @@ +@@ -166,7 +200,9 @@ } else { @@ -10984,9 +9524,9 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk1 } } -diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java ---- bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2011-02-23 20:08:56.000000000 +0000 -+++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2012-07-27 18:48:00.011478563 +0000 +diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk15on-147/org/bouncycastle/x509/extension/X509ExtensionUtil.java +--- bcprov-jdk15on-147.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2012-03-22 15:11:48.000000000 +0000 ++++ bcprov-jdk15on-147/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2012-09-11 00:12:44.000000000 +0000 @@ -62,7 +62,9 @@ { GeneralName genName = GeneralName.getInstance(it.nextElement()); @@ -10998,34 +9538,3 @@ diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUt switch (genName.getTagNo()) { case GeneralName.ediPartyName: -diff -Naur bcprov-jdk16-146.orig/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej bcprov-jdk16-146/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej ---- bcprov-jdk16-146.orig/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-146/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej 2012-07-27 18:47:59.931477059 +0000 -@@ -0,0 +1,27 @@ -+--- src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java -++++ src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java -+@@ -144,8 +144,9 @@ -+ String pubkeyBlacklist = readBlacklist(path); -+ if (!pubkeyBlacklist.equals("")) { -+ for (String value : pubkeyBlacklist.split(",")) { -++ value = value.trim(); -+ if (isPubkeyHash(value)) { -+- bl.add(Hex.decode(value)); -++ bl.add(value.getBytes()); -+ } else { -+ System.logW("Tried to blacklist invalid pubkey " + value); -+ } -+@@ -161,7 +162,12 @@ -+ digest.update(encoded, 0, encoded.length); -+ byte[] out = new byte[digest.getDigestSize()]; -+ digest.doFinal(out, 0); -+- return pubkeyBlacklist.contains(out); -++ for (byte[] blacklisted : pubkeyBlacklist) { -++ if (Arrays.equals(blacklisted, Hex.encode(out))) { -++ return true; -++ } -++ } -++ return false; -+ } -+ -+ public boolean isSerialNumberBlackListed(BigInteger serial) { diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java b/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java index f87064f..d7216a6 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java @@ -3,8 +3,8 @@ package org.bouncycastle.asn1; import java.io.IOException; public interface ASN1ApplicationSpecificParser - extends DEREncodable, InMemoryRepresentable + extends ASN1Encodable, InMemoryRepresentable { - DEREncodable readObject() + ASN1Encodable readObject() throws IOException; } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java new file mode 100644 index 0000000..1360e8b --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java @@ -0,0 +1,15 @@ +package org.bouncycastle.asn1; + +public class ASN1Boolean + extends DERBoolean +{ + public ASN1Boolean(boolean value) + { + super(value); + } + + ASN1Boolean(byte[] value) + { + super(value); + } +} diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java b/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java index 77573a2..f5738bf 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java @@ -1,102 +1,6 @@ package org.bouncycastle.asn1; -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * Base class for objects which can be written directly to ASN.1 output streams. - */ -public abstract class ASN1Encodable - implements DEREncodable +public interface ASN1Encodable { - public static final String DER = "DER"; - public static final String BER = "BER"; - - /** - * Return the default BER or DER encoding for this object. - * - * @return BER/DER byte encoded object. - * @throws IOException on encoding error. - */ - public byte[] getEncoded() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(this); - - return bOut.toByteArray(); - } - - /** - * Return either the default for "BER" or a DER encoding if "DER" is specified. - * - * @param encoding name of encoding to use. - * @return byte encoded object. - * @throws IOException on encoding error. - */ - public byte[] getEncoded( - String encoding) - throws IOException - { - if (encoding.equals(DER)) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(this); - - return bOut.toByteArray(); - } - - return this.getEncoded(); - } - - /** - * Return the DER encoding of the object, null if the DER encoding can not be made. - * - * @return a DER byte array, null otherwise. - */ - public byte[] getDEREncoded() - { - try - { - return this.getEncoded(DER); - } - catch (IOException e) - { - return null; - } - } - - public int hashCode() - { - return this.toASN1Object().hashCode(); - } - - public boolean equals( - Object o) - { - if (this == o) - { - return true; - } - - if (!(o instanceof DEREncodable)) - { - return false; - } - - DEREncodable other = (DEREncodable)o; - - return this.toASN1Object().equals(other.getDERObject()); - } - - public DERObject getDERObject() - { - return this.toASN1Object(); - } - - public abstract DERObject toASN1Object(); + ASN1Primitive toASN1Primitive(); } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java index 3f736e4..2aa68b3 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java @@ -2,27 +2,22 @@ package org.bouncycastle.asn1; import java.util.Vector; -/** - * the parent class for this will eventually disappear. Use this one! - */ public class ASN1EncodableVector - extends DEREncodableVector { Vector v = new Vector(); public ASN1EncodableVector() { - } - public void add(DEREncodable obj) + public void add(ASN1Encodable obj) { v.addElement(obj); } - public DEREncodable get(int i) + public ASN1Encodable get(int i) { - return (DEREncodable)v.elementAt(i); + return (ASN1Encodable)v.elementAt(i); } public int size() diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java b/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java new file mode 100644 index 0000000..821d3b9 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java @@ -0,0 +1,8 @@ +package org.bouncycastle.asn1; + +public interface ASN1Encoding +{ + static final String DER = "DER"; + static final String DL = "DL"; + static final String BER = "BER"; +} diff --git a/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java b/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java index fb27edd..4471433 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java @@ -16,29 +16,17 @@ import org.bouncycastle.util.io.Streams; */ public class ASN1InputStream extends FilterInputStream - implements DERTags + implements BERTags { private final int limit; private final boolean lazyEvaluate; - static int findLimit(InputStream in) - { - if (in instanceof LimitedInputStream) - { - return ((LimitedInputStream)in).getRemaining(); - } - else if (in instanceof ByteArrayInputStream) - { - return ((ByteArrayInputStream)in).available(); - } - - return Integer.MAX_VALUE; - } + private final byte[][] tmpBuffers; public ASN1InputStream( InputStream is) { - this(is, findLimit(is)); + this(is, StreamUtil.findLimit(is)); } /** @@ -85,6 +73,20 @@ public class ASN1InputStream * objects such as sequences will be parsed lazily. * * @param input stream containing ASN.1 encoded data. + * @param lazyEvaluate true if parsing inside constructed objects can be delayed. + */ + public ASN1InputStream( + InputStream input, + boolean lazyEvaluate) + { + this(input, StreamUtil.findLimit(input), lazyEvaluate); + } + + /** + * Create an ASN1InputStream where no DER object will be longer than limit, and constructed + * objects such as sequences will be parsed lazily. + * + * @param input stream containing ASN.1 encoded data. * @param limit maximum size of a DER encoded object. * @param lazyEvaluate true if parsing inside constructed objects can be delayed. */ @@ -96,6 +98,12 @@ public class ASN1InputStream super(input); this.limit = limit; this.lazyEvaluate = lazyEvaluate; + this.tmpBuffers = new byte[11][]; + } + + int getLimit() + { + return limit; } protected int readLength() @@ -117,7 +125,7 @@ public class ASN1InputStream /** * build an object given its tag and the number of bytes to construct it from. */ - protected DERObject buildObject( + protected ASN1Primitive buildObject( int tag, int tagNo, int length) @@ -146,33 +154,41 @@ public class ASN1InputStream // // yes, people actually do this... // - return new BERConstructedOctetString(buildDEREncodableVector(defIn).v); + ASN1EncodableVector v = buildDEREncodableVector(defIn); + ASN1OctetString[] strings = new ASN1OctetString[v.size()]; + + for (int i = 0; i != strings.length; i++) + { + strings[i] = (ASN1OctetString)v.get(i); + } + + return new BEROctetString(strings); case SEQUENCE: if (lazyEvaluate) { - return new LazyDERSequence(defIn.toByteArray()); + return new LazyEncodedSequence(defIn.toByteArray()); } else { return DERFactory.createSequence(buildDEREncodableVector(defIn)); } case SET: - return DERFactory.createSet(buildDEREncodableVector(defIn), false); + return DERFactory.createSet(buildDEREncodableVector(defIn)); case EXTERNAL: return new DERExternal(buildDEREncodableVector(defIn)); default: - return new DERUnknownTag(true, tagNo, defIn.toByteArray()); + throw new IOException("unknown tag " + tagNo + " encountered"); } } - return createPrimitiveDERObject(tagNo, defIn.toByteArray()); + return createPrimitiveDERObject(tagNo, defIn, tmpBuffers); } ASN1EncodableVector buildEncodableVector() throws IOException { ASN1EncodableVector v = new ASN1EncodableVector(); - DERObject o; + ASN1Primitive o; while ((o = readObject()) != null) { @@ -188,7 +204,7 @@ public class ASN1InputStream return new ASN1InputStream(dIn).buildEncodableVector(); } - public DERObject readObject() + public ASN1Primitive readObject() throws IOException { int tag = read(); @@ -352,52 +368,99 @@ public class ASN1InputStream return length; } - static DERObject createPrimitiveDERObject( + private static byte[] getBuffer(DefiniteLengthInputStream defIn, byte[][] tmpBuffers) + throws IOException + { + int len = defIn.getRemaining(); + if (defIn.getRemaining() < tmpBuffers.length) + { + byte[] buf = tmpBuffers[len]; + + if (buf == null) + { + buf = tmpBuffers[len] = new byte[len]; + } + + Streams.readFully(defIn, buf); + + return buf; + } + else + { + return defIn.toByteArray(); + } + } + + private static char[] getBMPCharBuffer(DefiniteLengthInputStream defIn) + throws IOException + { + int len = defIn.getRemaining() / 2; + char[] buf = new char[len]; + int totalRead = 0; + while (totalRead < len) + { + int ch1 = defIn.read(); + if (ch1 < 0) + { + break; + } + int ch2 = defIn.read(); + if (ch2 < 0) + { + break; + } + buf[totalRead++] = (char)((ch1 << 8) | (ch2 & 0xff)); + } + + return buf; + } + + static ASN1Primitive createPrimitiveDERObject( int tagNo, - byte[] bytes) + DefiniteLengthInputStream defIn, + byte[][] tmpBuffers) + throws IOException { switch (tagNo) { case BIT_STRING: - return DERBitString.fromOctetString(bytes); + return DERBitString.fromInputStream(defIn.getRemaining(), defIn); case BMP_STRING: - return new DERBMPString(bytes); + return new DERBMPString(getBMPCharBuffer(defIn)); case BOOLEAN: - // BEGIN android-changed - return DERBoolean.getInstance(bytes); - // END android-changed + return ASN1Boolean.fromOctetString(getBuffer(defIn, tmpBuffers)); case ENUMERATED: - return new ASN1Enumerated(bytes); + return ASN1Enumerated.fromOctetString(getBuffer(defIn, tmpBuffers)); case GENERALIZED_TIME: - return new ASN1GeneralizedTime(bytes); + return new ASN1GeneralizedTime(defIn.toByteArray()); case GENERAL_STRING: - return new DERGeneralString(bytes); + return new DERGeneralString(defIn.toByteArray()); case IA5_STRING: - return new DERIA5String(bytes); + return new DERIA5String(defIn.toByteArray()); case INTEGER: - return new ASN1Integer(bytes); + return new ASN1Integer(defIn.toByteArray()); case NULL: return DERNull.INSTANCE; // actual content is ignored (enforce 0 length?) case NUMERIC_STRING: - return new DERNumericString(bytes); + return new DERNumericString(defIn.toByteArray()); case OBJECT_IDENTIFIER: - return new ASN1ObjectIdentifier(bytes); + return ASN1ObjectIdentifier.fromOctetString(getBuffer(defIn, tmpBuffers)); case OCTET_STRING: - return new DEROctetString(bytes); + return new DEROctetString(defIn.toByteArray()); case PRINTABLE_STRING: - return new DERPrintableString(bytes); + return new DERPrintableString(defIn.toByteArray()); case T61_STRING: - return new DERT61String(bytes); + return new DERT61String(defIn.toByteArray()); case UNIVERSAL_STRING: - return new DERUniversalString(bytes); + return new DERUniversalString(defIn.toByteArray()); case UTC_TIME: - return new ASN1UTCTime(bytes); + return new ASN1UTCTime(defIn.toByteArray()); case UTF8_STRING: - return new DERUTF8String(bytes); + return new DERUTF8String(defIn.toByteArray()); case VISIBLE_STRING: - return new DERVisibleString(bytes); + return new DERVisibleString(defIn.toByteArray()); default: - return new DERUnknownTag(false, tagNo, bytes); + throw new IOException("unknown tag " + tagNo + " encountered"); } } } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Null.java b/src/main/java/org/bouncycastle/asn1/ASN1Null.java index 539e7db..5b52da8 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1Null.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1Null.java @@ -6,7 +6,7 @@ import java.io.IOException; * A NULL object. */ public abstract class ASN1Null - extends ASN1Object + extends ASN1Primitive { // BEGIN android-changed /*package*/ ASN1Null() @@ -14,13 +14,39 @@ public abstract class ASN1Null } // END android-changed + public static ASN1Null getInstance(Object o) + { + if (o instanceof ASN1Null) + { + return (ASN1Null)o; + } + + if (o != null) + { + try + { + return ASN1Null.getInstance(ASN1Primitive.fromByteArray((byte[])o)); + } + catch (IOException e) + { + throw new IllegalArgumentException("failed to construct NULL from byte[]: " + e.getMessage()); + } + catch (ClassCastException e) + { + throw new IllegalArgumentException("unknown object in getInstance(): " + o.getClass().getName()); + } + } + + return null; + } + public int hashCode() { return -1; } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof ASN1Null)) { @@ -30,7 +56,7 @@ public abstract class ASN1Null return true; } - abstract void encode(DEROutputStream out) + abstract void encode(ASN1OutputStream out) throws IOException; public String toString() diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Object.java b/src/main/java/org/bouncycastle/asn1/ASN1Object.java index 7e9860a..956fb7d 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1Object.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1Object.java @@ -1,45 +1,97 @@ package org.bouncycastle.asn1; +import java.io.ByteArrayOutputStream; import java.io.IOException; -public abstract class ASN1Object - extends DERObject +public abstract class ASN1Object + implements ASN1Encodable { /** - * Create a base ASN.1 object from a byte stream. + * Return the default BER or DER encoding for this object. * - * @param data the byte stream to parse. - * @return the base ASN.1 object represented by the byte stream. - * @exception IOException if there is a problem parsing the data. + * @return BER/DER byte encoded object. + * @throws java.io.IOException on encoding error. */ - public static ASN1Object fromByteArray(byte[] data) + public byte[] getEncoded() throws IOException { - ASN1InputStream aIn = new ASN1InputStream(data); + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); - try + aOut.writeObject(this); + + return bOut.toByteArray(); + } + + /** + * Return either the default for "BER" or a DER encoding if "DER" is specified. + * + * @param encoding name of encoding to use. + * @return byte encoded object. + * @throws IOException on encoding error. + */ + public byte[] getEncoded( + String encoding) + throws IOException + { + if (encoding.equals(ASN1Encoding.DER)) { - return (ASN1Object)aIn.readObject(); + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + dOut.writeObject(this); + + return bOut.toByteArray(); } - catch (ClassCastException e) + else if (encoding.equals(ASN1Encoding.DL)) { - throw new IOException("cannot recognise object in stream"); + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DLOutputStream dOut = new DLOutputStream(bOut); + + dOut.writeObject(this); + + return bOut.toByteArray(); } + + return this.getEncoded(); } - public final boolean equals(Object o) + public int hashCode() + { + return this.toASN1Primitive().hashCode(); + } + + public boolean equals( + Object o) { if (this == o) { return true; } - - return (o instanceof DEREncodable) && asn1Equals(((DEREncodable)o).getDERObject()); + + if (!(o instanceof ASN1Encodable)) + { + return false; + } + + ASN1Encodable other = (ASN1Encodable)o; + + return this.toASN1Primitive().equals(other.toASN1Primitive()); } - public abstract int hashCode(); + /** + * @deprecated use toASN1Primitive() + * @return the underlying primitive type. + */ + public ASN1Primitive toASN1Object() + { + return this.toASN1Primitive(); + } - abstract void encode(DEROutputStream out) throws IOException; + protected static boolean hasEncodedTagValue(Object obj, int tagValue) + { + return (obj instanceof byte[]) && ((byte[])obj)[0] == tagValue; + } - abstract boolean asn1Equals(DERObject o); + public abstract ASN1Primitive toASN1Primitive(); } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java index 83b7c86..eb29838 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java @@ -17,10 +17,21 @@ public class ASN1ObjectIdentifier * Return an OID that creates a branch under the current one. * * @param branchID node numbers for the new branch. - * @return + * @return the OID for the new created branch. */ public ASN1ObjectIdentifier branch(String branchID) { return new ASN1ObjectIdentifier(getId() + "." + branchID); } + + /** + * Return true if this oid is an extension of the passed in branch, stem. + * @param stem the arc or branch that is a possible parent. + * @return true if the branch is on the passed in stem, false otherwise. + */ + public boolean on(ASN1ObjectIdentifier stem) + { + String id = getId(), stemId = stem.getId(); + return id.length() > stemId.length() && id.charAt(stemId.length()) == '.' && id.startsWith(stemId); + } } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java index 7d334d7..703b858 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java @@ -8,7 +8,7 @@ import org.bouncycastle.util.Arrays; import org.bouncycastle.util.encoders.Hex; public abstract class ASN1OctetString - extends ASN1Object + extends ASN1Primitive implements ASN1OctetStringParser { byte[] string; @@ -26,7 +26,7 @@ public abstract class ASN1OctetString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof ASN1OctetString) { @@ -34,7 +34,7 @@ public abstract class ASN1OctetString } else { - return BERConstructedOctetString.fromSequence(ASN1Sequence.getInstance(o)); + return BEROctetString.fromSequence(ASN1Sequence.getInstance(o)); } } @@ -51,11 +51,25 @@ public abstract class ASN1OctetString { return (ASN1OctetString)obj; } - - // TODO: this needs to be deleted in V2 - if (obj instanceof ASN1TaggedObject) + else if (obj instanceof byte[]) { - return getInstance(((ASN1TaggedObject)obj).getObject()); + try + { + return ASN1OctetString.getInstance(ASN1Primitive.fromByteArray((byte[])obj)); + } + catch (IOException e) + { + throw new IllegalArgumentException("failed to construct OCTET STRING from byte[]: " + e.getMessage()); + } + } + else if (obj instanceof ASN1Encodable) + { + ASN1Primitive primitive = ((ASN1Encodable)obj).toASN1Primitive(); + + if (primitive instanceof ASN1OctetString) + { + return (ASN1OctetString)primitive; + } } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -74,19 +88,6 @@ public abstract class ASN1OctetString this.string = string; } - public ASN1OctetString( - DEREncodable obj) - { - try - { - this.string = obj.getDERObject().getEncoded(ASN1Encodable.DER); - } - catch (IOException e) - { - throw new IllegalArgumentException("Error processing object : " + e.toString()); - } - } - public InputStream getOctetStream() { return new ByteArrayInputStream(string); @@ -108,7 +109,7 @@ public abstract class ASN1OctetString } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof ASN1OctetString)) { @@ -120,12 +121,22 @@ public abstract class ASN1OctetString return Arrays.areEqual(string, other.string); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() + { + return this.toASN1Primitive(); + } + + ASN1Primitive toDERObject() + { + return new DEROctetString(string); + } + + ASN1Primitive toDLObject() { - return this.getDERObject(); + return new DEROctetString(string); } - abstract void encode(DEROutputStream out) + abstract void encode(ASN1OutputStream out) throws IOException; public String toString() diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java b/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java index 21a3941..0042317 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java @@ -3,7 +3,7 @@ package org.bouncycastle.asn1; import java.io.InputStream; public interface ASN1OctetStringParser - extends DEREncodable, InMemoryRepresentable + extends ASN1Encodable, InMemoryRepresentable { public InputStream getOctetStream(); } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java b/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java index 5897d09..9a46a78 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java @@ -3,34 +3,192 @@ package org.bouncycastle.asn1; import java.io.IOException; import java.io.OutputStream; +/** + * Stream that produces output based on the default encoding for the passed in objects. + */ public class ASN1OutputStream - extends DEROutputStream { + private OutputStream os; + public ASN1OutputStream( OutputStream os) { - super(os); + this.os = os; + } + + void writeLength( + int length) + throws IOException + { + if (length > 127) + { + int size = 1; + int val = length; + + while ((val >>>= 8) != 0) + { + size++; + } + + write((byte)(size | 0x80)); + + for (int i = (size - 1) * 8; i >= 0; i -= 8) + { + write((byte)(length >> i)); + } + } + else + { + write((byte)length); + } + } + + void write(int b) + throws IOException + { + os.write(b); + } + + void write(byte[] bytes) + throws IOException + { + os.write(bytes); + } + + void write(byte[] bytes, int off, int len) + throws IOException + { + os.write(bytes, off, len); + } + + void writeEncoded( + int tag, + byte[] bytes) + throws IOException + { + write(tag); + writeLength(bytes.length); + write(bytes); + } + + void writeTag(int flags, int tagNo) + throws IOException + { + if (tagNo < 31) + { + write(flags | tagNo); + } + else + { + write(flags | 0x1f); + if (tagNo < 128) + { + write(tagNo); + } + else + { + byte[] stack = new byte[5]; + int pos = stack.length; + + stack[--pos] = (byte)(tagNo & 0x7F); + + do + { + tagNo >>= 7; + stack[--pos] = (byte)(tagNo & 0x7F | 0x80); + } + while (tagNo > 127); + + write(stack, pos, stack.length - pos); + } + } + } + + void writeEncoded(int flags, int tagNo, byte[] bytes) + throws IOException + { + writeTag(flags, tagNo); + writeLength(bytes.length); + write(bytes); + } + + protected void writeNull() + throws IOException + { + os.write(BERTags.NULL); + os.write(0x00); } public void writeObject( - Object obj) + ASN1Encodable obj) throws IOException { - if (obj == null) + if (obj != null) { - writeNull(); + obj.toASN1Primitive().encode(this); } - else if (obj instanceof DERObject) + else { - ((DERObject)obj).encode(this); + throw new IOException("null object detected"); } - else if (obj instanceof DEREncodable) + } + + void writeImplicitObject(ASN1Primitive obj) + throws IOException + { + if (obj != null) { - ((DEREncodable)obj).getDERObject().encode(this); + obj.encode(new ImplicitOutputStream(os)); } else { - throw new IOException("object not ASN1Encodable"); + throw new IOException("null object detected"); + } + } + + public void close() + throws IOException + { + os.close(); + } + + public void flush() + throws IOException + { + os.flush(); + } + + ASN1OutputStream getDERSubStream() + { + return new DEROutputStream(os); + } + + ASN1OutputStream getDLSubStream() + { + return new DLOutputStream(os); + } + + private class ImplicitOutputStream + extends ASN1OutputStream + { + private boolean first = true; + + public ImplicitOutputStream(OutputStream os) + { + super(os); + } + + public void write(int b) + throws IOException + { + if (first) + { + first = false; + } + else + { + super.write(b); + } } } } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java b/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java index 2abdb18..995b5e9 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java @@ -5,12 +5,12 @@ public class ASN1ParsingException { private Throwable cause; - ASN1ParsingException(String message) + public ASN1ParsingException(String message) { super(message); } - ASN1ParsingException(String message, Throwable cause) + public ASN1ParsingException(String message, Throwable cause) { super(message); this.cause = cause; diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java b/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java new file mode 100644 index 0000000..e6fe137 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java @@ -0,0 +1,69 @@ +package org.bouncycastle.asn1; + +import java.io.IOException; + +public abstract class ASN1Primitive + extends ASN1Object +{ + ASN1Primitive() + { + + } + + /** + * Create a base ASN.1 object from a byte stream. + * + * @param data the byte stream to parse. + * @return the base ASN.1 object represented by the byte stream. + * @exception IOException if there is a problem parsing the data. + */ + public static ASN1Primitive fromByteArray(byte[] data) + throws IOException + { + ASN1InputStream aIn = new ASN1InputStream(data); + + try + { + return aIn.readObject(); + } + catch (ClassCastException e) + { + throw new IOException("cannot recognise object in stream"); + } + } + + public final boolean equals(Object o) + { + if (this == o) + { + return true; + } + + return (o instanceof ASN1Encodable) && asn1Equals(((ASN1Encodable)o).toASN1Primitive()); + } + + public ASN1Primitive toASN1Primitive() + { + return this; + } + + ASN1Primitive toDERObject() + { + return this; + } + + ASN1Primitive toDLObject() + { + return this; + } + + public abstract int hashCode(); + + abstract boolean isConstructed(); + + abstract int encodedLength() throws IOException; + + abstract void encode(ASN1OutputStream out) throws IOException; + + abstract boolean asn1Equals(ASN1Primitive o); +}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java b/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java index b4a8072..0507a2b 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java @@ -5,9 +5,9 @@ import java.util.Enumeration; import java.util.Vector; public abstract class ASN1Sequence - extends ASN1Object + extends ASN1Primitive { - private Vector seq = new Vector(); + protected Vector seq = new Vector(); /** * return an ASN1Sequence from the given object. @@ -22,17 +22,30 @@ public abstract class ASN1Sequence { return (ASN1Sequence)obj; } + else if (obj instanceof ASN1SequenceParser) + { + return ASN1Sequence.getInstance(((ASN1SequenceParser)obj).toASN1Primitive()); + } else if (obj instanceof byte[]) { try { - return ASN1Sequence.getInstance(ASN1Object.fromByteArray((byte[])obj)); + return ASN1Sequence.getInstance(fromByteArray((byte[])obj)); } catch (IOException e) { throw new IllegalArgumentException("failed to construct sequence from byte[]: " + e.getMessage()); } } + else if (obj instanceof ASN1Encodable) + { + ASN1Primitive primitive = ((ASN1Encodable)obj).toASN1Primitive(); + + if (primitive instanceof ASN1Sequence) + { + return (ASN1Sequence)primitive; + } + } throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); } @@ -64,7 +77,7 @@ public abstract class ASN1Sequence throw new IllegalArgumentException("object implicit - explicit expected."); } - return (ASN1Sequence)obj.getObject(); + return ASN1Sequence.getInstance(obj.getObject().toASN1Primitive()); } else { @@ -81,7 +94,7 @@ public abstract class ASN1Sequence } else { - return new DERSequence(obj.getObject()); + return new DLSequence(obj.getObject()); } } else @@ -96,6 +109,58 @@ public abstract class ASN1Sequence throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); } + /** + * create an empty sequence + */ + protected ASN1Sequence() + { + } + + /** + * create a sequence containing one object + */ + protected ASN1Sequence( + ASN1Encodable obj) + { + seq.addElement(obj); + } + + /** + * create a sequence containing a vector of objects. + */ + protected ASN1Sequence( + ASN1EncodableVector v) + { + for (int i = 0; i != v.size(); i++) + { + seq.addElement(v.get(i)); + } + } + + /** + * create a sequence containing a vector of objects. + */ + protected ASN1Sequence( + ASN1Encodable[] array) + { + for (int i = 0; i != array.length; i++) + { + seq.addElement(array[i]); + } + } + + public ASN1Encodable[] toArray() + { + ASN1Encodable[] values = new ASN1Encodable[this.size()]; + + for (int i = 0; i != this.size(); i++) + { + values[i] = this.getObjectAt(i); + } + + return values; + } + public Enumeration getObjects() { return seq.elements(); @@ -111,14 +176,14 @@ public abstract class ASN1Sequence private int index; - public DEREncodable readObject() throws IOException + public ASN1Encodable readObject() throws IOException { if (index == max) { return null; } - DEREncodable obj = getObjectAt(index++); + ASN1Encodable obj = getObjectAt(index++); if (obj instanceof ASN1Sequence) { return ((ASN1Sequence)obj).parser(); @@ -131,12 +196,12 @@ public abstract class ASN1Sequence return obj; } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() { return outer; } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { return outer; } @@ -149,10 +214,10 @@ public abstract class ASN1Sequence * @param index the sequence number (starting at zero) of the object * @return the object at the sequence position indicated by index. */ - public DEREncodable getObjectAt( + public ASN1Encodable getObjectAt( int index) { - return (DEREncodable)seq.elementAt(index); + return (ASN1Encodable)seq.elementAt(index); } /** @@ -182,7 +247,7 @@ public abstract class ASN1Sequence } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof ASN1Sequence)) { @@ -201,11 +266,11 @@ public abstract class ASN1Sequence while (s1.hasMoreElements()) { - DEREncodable obj1 = getNext(s1); - DEREncodable obj2 = getNext(s2); + ASN1Encodable obj1 = getNext(s1); + ASN1Encodable obj2 = getNext(s2); - DERObject o1 = obj1.getDERObject(); - DERObject o2 = obj2.getDERObject(); + ASN1Primitive o1 = obj1.toASN1Primitive(); + ASN1Primitive o2 = obj2.toASN1Primitive(); if (o1 == o2 || o1.equals(o2)) { @@ -218,30 +283,41 @@ public abstract class ASN1Sequence return true; } - private DEREncodable getNext(Enumeration e) + private ASN1Encodable getNext(Enumeration e) { - DEREncodable encObj = (DEREncodable)e.nextElement(); - - // unfortunately null was allowed as a substitute for DER null - if (encObj == null) - { - return DERNull.INSTANCE; - } + ASN1Encodable encObj = (ASN1Encodable)e.nextElement(); return encObj; } - protected void addObject( - DEREncodable obj) + ASN1Primitive toDERObject() { - seq.addElement(obj); + ASN1Sequence derSeq = new DERSequence(); + + derSeq.seq = this.seq; + + return derSeq; + } + + ASN1Primitive toDLObject() + { + ASN1Sequence dlSeq = new DLSequence(); + + dlSeq.seq = this.seq; + + return dlSeq; + } + + boolean isConstructed() + { + return true; } - abstract void encode(DEROutputStream out) + abstract void encode(ASN1OutputStream out) throws IOException; public String toString() { - return seq.toString(); + return seq.toString(); } } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java b/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java index 49dde79..441f150 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java @@ -3,8 +3,8 @@ package org.bouncycastle.asn1; import java.io.IOException; public interface ASN1SequenceParser - extends DEREncodable, InMemoryRepresentable + extends ASN1Encodable, InMemoryRepresentable { - DEREncodable readObject() + ASN1Encodable readObject() throws IOException; } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Set.java b/src/main/java/org/bouncycastle/asn1/ASN1Set.java index c395b8b..8f785b8 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1Set.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1Set.java @@ -6,9 +6,10 @@ import java.util.Enumeration; import java.util.Vector; abstract public class ASN1Set - extends ASN1Object + extends ASN1Primitive { - protected Vector set = new Vector(); + private Vector set = new Vector(); + private boolean isSorted = false; /** * return an ASN1Set from the given object. @@ -23,6 +24,30 @@ abstract public class ASN1Set { return (ASN1Set)obj; } + else if (obj instanceof ASN1SetParser) + { + return ASN1Set.getInstance(((ASN1SetParser)obj).toASN1Primitive()); + } + else if (obj instanceof byte[]) + { + try + { + return ASN1Set.getInstance(ASN1Primitive.fromByteArray((byte[])obj)); + } + catch (IOException e) + { + throw new IllegalArgumentException("failed to construct set from byte[]: " + e.getMessage()); + } + } + else if (obj instanceof ASN1Encodable) + { + ASN1Primitive primitive = ((ASN1Encodable)obj).toASN1Primitive(); + + if (primitive instanceof ASN1Set) + { + return (ASN1Set)primitive; + } + } throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); } @@ -61,13 +86,18 @@ abstract public class ASN1Set // // constructed object which appears to be explicitly tagged // and it's really implicit means we have to add the - // surrounding sequence. + // surrounding set. // if (obj.isExplicit()) { - ASN1Set set = new DERSet(obj.getObject()); - - return set; + if (obj instanceof BERTaggedObject) + { + return new BERSet(obj.getObject()); + } + else + { + return new DLSet(obj.getObject()); + } } else { @@ -80,19 +110,22 @@ abstract public class ASN1Set // in this case the parser returns a sequence, convert it // into a set. // - ASN1EncodableVector v = new ASN1EncodableVector(); + + + ASN1EncodableVector v = new ASN1EncodableVector(); if (obj.getObject() instanceof ASN1Sequence) { ASN1Sequence s = (ASN1Sequence)obj.getObject(); - Enumeration e = s.getObjects(); - while (e.hasMoreElements()) + if (obj instanceof BERTaggedObject) { - v.add((DEREncodable)e.nextElement()); + return new BERSet(s.toArray()); + } + else + { + return new DLSet(s.toArray()); } - - return new DERSet(v, false); } } } @@ -100,8 +133,53 @@ abstract public class ASN1Set throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); } - public ASN1Set() + protected ASN1Set() + { + } + + /** + * create a sequence containing one object + */ + protected ASN1Set( + ASN1Encodable obj) + { + set.addElement(obj); + } + + /** + * create a sequence containing a vector of objects. + */ + protected ASN1Set( + ASN1EncodableVector v, + boolean doSort) + { + for (int i = 0; i != v.size(); i++) + { + set.addElement(v.get(i)); + } + + if (doSort) + { + this.sort(); + } + } + + /** + * create a sequence containing a vector of objects. + */ + protected ASN1Set( + ASN1Encodable[] array, + boolean doSort) { + for (int i = 0; i != array.length; i++) + { + set.addElement(array[i]); + } + + if (doSort) + { + this.sort(); + } } public Enumeration getObjects() @@ -115,10 +193,10 @@ abstract public class ASN1Set * @param index the set number (starting at zero) of the object * @return the object at the set position indicated by index. */ - public DEREncodable getObjectAt( + public ASN1Encodable getObjectAt( int index) { - return (DEREncodable)set.elementAt(index); + return (ASN1Encodable)set.elementAt(index); } /** @@ -137,7 +215,7 @@ abstract public class ASN1Set for (int i = 0; i != this.size(); i++) { - values[i] = (ASN1Encodable)this.getObjectAt(i); + values[i] = this.getObjectAt(i); } return values; @@ -153,14 +231,14 @@ abstract public class ASN1Set private int index; - public DEREncodable readObject() throws IOException + public ASN1Encodable readObject() throws IOException { if (index == max) { return null; } - DEREncodable obj = getObjectAt(index++); + ASN1Encodable obj = getObjectAt(index++); if (obj instanceof ASN1Sequence) { return ((ASN1Sequence)obj).parser(); @@ -173,12 +251,12 @@ abstract public class ASN1Set return obj; } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() { return outer; } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { return outer; } @@ -201,8 +279,46 @@ abstract public class ASN1Set return hashCode; } + ASN1Primitive toDERObject() + { + if (isSorted) + { + ASN1Set derSet = new DERSet(); + + derSet.set = this.set; + + return derSet; + } + else + { + Vector v = new Vector(); + + for (int i = 0; i != set.size(); i++) + { + v.addElement(set.elementAt(i)); + } + + ASN1Set derSet = new DERSet(); + + derSet.set = v; + + derSet.sort(); + + return derSet; + } + } + + ASN1Primitive toDLObject() + { + ASN1Set derSet = new DLSet(); + + derSet.set = this.set; + + return derSet; + } + boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof ASN1Set)) { @@ -221,11 +337,11 @@ abstract public class ASN1Set while (s1.hasMoreElements()) { - DEREncodable obj1 = getNext(s1); - DEREncodable obj2 = getNext(s2); + ASN1Encodable obj1 = getNext(s1); + ASN1Encodable obj2 = getNext(s2); - DERObject o1 = obj1.getDERObject(); - DERObject o2 = obj2.getDERObject(); + ASN1Primitive o1 = obj1.toASN1Primitive(); + ASN1Primitive o2 = obj2.toASN1Primitive(); if (o1 == o2 || o1.equals(o2)) { @@ -238,9 +354,9 @@ abstract public class ASN1Set return true; } - private DEREncodable getNext(Enumeration e) + private ASN1Encodable getNext(Enumeration e) { - DEREncodable encObj = (DEREncodable)e.nextElement(); + ASN1Encodable encObj = (ASN1Encodable)e.nextElement(); // unfortunately null was allowed as a substitute for DER null if (encObj == null) @@ -270,7 +386,7 @@ abstract public class ASN1Set } private byte[] getEncoded( - DEREncodable obj) + ASN1Encodable obj) { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); @@ -289,57 +405,60 @@ abstract public class ASN1Set protected void sort() { - if (set.size() > 1) + if (!isSorted) { - boolean swapped = true; - int lastSwap = set.size() - 1; - - while (swapped) + isSorted = true; + if (set.size() > 1) { - int index = 0; - int swapIndex = 0; - byte[] a = getEncoded((DEREncodable)set.elementAt(0)); - - swapped = false; + boolean swapped = true; + int lastSwap = set.size() - 1; - while (index != lastSwap) + while (swapped) { - byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1)); + int index = 0; + int swapIndex = 0; + byte[] a = getEncoded((ASN1Encodable)set.elementAt(0)); - if (lessThanOrEqual(a, b)) - { - a = b; - } - else + swapped = false; + + while (index != lastSwap) { - Object o = set.elementAt(index); + byte[] b = getEncoded((ASN1Encodable)set.elementAt(index + 1)); - set.setElementAt(set.elementAt(index + 1), index); - set.setElementAt(o, index + 1); + if (lessThanOrEqual(a, b)) + { + a = b; + } + else + { + Object o = set.elementAt(index); - swapped = true; - swapIndex = index; + set.setElementAt(set.elementAt(index + 1), index); + set.setElementAt(o, index + 1); + + swapped = true; + swapIndex = index; + } + + index++; } - index++; + lastSwap = swapIndex; } - - lastSwap = swapIndex; } } } - protected void addObject( - DEREncodable obj) + boolean isConstructed() { - set.addElement(obj); + return true; } - abstract void encode(DEROutputStream out) + abstract void encode(ASN1OutputStream out) throws IOException; public String toString() { - return set.toString(); + return set.toString(); } } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java b/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java index 9dc99b5..e025535 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java @@ -3,8 +3,8 @@ package org.bouncycastle.asn1; import java.io.IOException; public interface ASN1SetParser - extends DEREncodable, InMemoryRepresentable + extends ASN1Encodable, InMemoryRepresentable { - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException; } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java b/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java index fbcb787..420fa34 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java @@ -8,11 +8,12 @@ public class ASN1StreamParser { private final InputStream _in; private final int _limit; + private final byte[][] tmpBuffers; public ASN1StreamParser( InputStream in) { - this(in, ASN1InputStream.findLimit(in)); + this(in, StreamUtil.findLimit(in)); } public ASN1StreamParser( @@ -21,6 +22,8 @@ public class ASN1StreamParser { this._in = in; this._limit = limit; + + this.tmpBuffers = new byte[11][]; } public ASN1StreamParser( @@ -29,27 +32,27 @@ public class ASN1StreamParser this(new ByteArrayInputStream(encoding), encoding.length); } - DEREncodable readIndef(int tagValue) throws IOException + ASN1Encodable readIndef(int tagValue) throws IOException { // Note: INDEF => CONSTRUCTED // TODO There are other tags that may be constructed (e.g. BIT_STRING) switch (tagValue) { - case DERTags.EXTERNAL: + case BERTags.EXTERNAL: return new DERExternalParser(this); - case DERTags.OCTET_STRING: + case BERTags.OCTET_STRING: return new BEROctetStringParser(this); - case DERTags.SEQUENCE: + case BERTags.SEQUENCE: return new BERSequenceParser(this); - case DERTags.SET: + case BERTags.SET: return new BERSetParser(this); default: throw new ASN1Exception("unknown BER object encountered: 0x" + Integer.toHexString(tagValue)); } } - DEREncodable readImplicit(boolean constructed, int tag) throws IOException + ASN1Encodable readImplicit(boolean constructed, int tag) throws IOException { if (_in instanceof IndefiniteLengthInputStream) { @@ -65,11 +68,11 @@ public class ASN1StreamParser { switch (tag) { - case DERTags.SET: + case BERTags.SET: return new DERSetParser(this); - case DERTags.SEQUENCE: + case BERTags.SEQUENCE: return new DERSequenceParser(this); - case DERTags.OCTET_STRING: + case BERTags.OCTET_STRING: return new BEROctetStringParser(this); } } @@ -77,11 +80,11 @@ public class ASN1StreamParser { switch (tag) { - case DERTags.SET: + case BERTags.SET: throw new ASN1Exception("sequences must use constructed encoding (see X.690 8.9.1/8.10.1)"); - case DERTags.SEQUENCE: + case BERTags.SEQUENCE: throw new ASN1Exception("sets must use constructed encoding (see X.690 8.11.1/8.12.1)"); - case DERTags.OCTET_STRING: + case BERTags.OCTET_STRING: return new DEROctetStringParser((DefiniteLengthInputStream)_in); } } @@ -90,7 +93,7 @@ public class ASN1StreamParser throw new RuntimeException("implicit tagging not implemented"); } - DERObject readTaggedObject(boolean constructed, int tag) throws IOException + ASN1Primitive readTaggedObject(boolean constructed, int tag) throws IOException { if (!constructed) { @@ -113,7 +116,7 @@ public class ASN1StreamParser : new DERTaggedObject(false, tag, DERFactory.createSequence(v)); } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { int tag = _in.read(); @@ -132,7 +135,7 @@ public class ASN1StreamParser // int tagNo = ASN1InputStream.readTagNumber(_in, tag); - boolean isConstructed = (tag & DERTags.CONSTRUCTED) != 0; + boolean isConstructed = (tag & BERTags.CONSTRUCTED) != 0; // // calculate length @@ -149,12 +152,12 @@ public class ASN1StreamParser IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in, _limit); ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit); - if ((tag & DERTags.APPLICATION) != 0) + if ((tag & BERTags.APPLICATION) != 0) { return new BERApplicationSpecificParser(tagNo, sp); } - if ((tag & DERTags.TAGGED) != 0) + if ((tag & BERTags.TAGGED) != 0) { return new BERTaggedObjectParser(true, tagNo, sp); } @@ -165,12 +168,12 @@ public class ASN1StreamParser { DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length); - if ((tag & DERTags.APPLICATION) != 0) + if ((tag & BERTags.APPLICATION) != 0) { return new DERApplicationSpecific(isConstructed, tagNo, defIn.toByteArray()); } - if ((tag & DERTags.TAGGED) != 0) + if ((tag & BERTags.TAGGED) != 0) { return new BERTaggedObjectParser(isConstructed, tagNo, new ASN1StreamParser(defIn)); } @@ -180,33 +183,32 @@ public class ASN1StreamParser // TODO There are other tags that may be constructed (e.g. BIT_STRING) switch (tagNo) { - case DERTags.OCTET_STRING: + case BERTags.OCTET_STRING: // // yes, people actually do this... // return new BEROctetStringParser(new ASN1StreamParser(defIn)); - case DERTags.SEQUENCE: + case BERTags.SEQUENCE: return new DERSequenceParser(new ASN1StreamParser(defIn)); - case DERTags.SET: + case BERTags.SET: return new DERSetParser(new ASN1StreamParser(defIn)); - case DERTags.EXTERNAL: + case BERTags.EXTERNAL: return new DERExternalParser(new ASN1StreamParser(defIn)); default: - // TODO Add DERUnknownTagParser class? - return new DERUnknownTag(true, tagNo, defIn.toByteArray()); + throw new IOException("unknown tag " + tagNo + " encountered"); } } // Some primitive encodings can be handled by parsers too... switch (tagNo) { - case DERTags.OCTET_STRING: + case BERTags.OCTET_STRING: return new DEROctetStringParser(defIn); } try { - return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn.toByteArray()); + return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn, tmpBuffers); } catch (IllegalArgumentException e) { @@ -227,7 +229,7 @@ public class ASN1StreamParser { ASN1EncodableVector v = new ASN1EncodableVector(); - DEREncodable obj; + ASN1Encodable obj; while ((obj = readObject()) != null) { if (obj instanceof InMemoryRepresentable) @@ -236,7 +238,7 @@ public class ASN1StreamParser } else { - v.add(obj.getDERObject()); + v.add(obj.toASN1Primitive()); } } diff --git a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java index 8ee7960..fb1e244 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java @@ -8,13 +8,13 @@ import java.io.IOException; * rules (as with sequences). */ public abstract class ASN1TaggedObject - extends ASN1Object + extends ASN1Primitive implements ASN1TaggedObjectParser { int tagNo; boolean empty = false; boolean explicit = true; - DEREncodable obj = null; + ASN1Encodable obj = null; static public ASN1TaggedObject getInstance( ASN1TaggedObject obj, @@ -35,26 +35,22 @@ public abstract class ASN1TaggedObject { return (ASN1TaggedObject)obj; } + else if (obj instanceof byte[]) + { + try + { + return ASN1TaggedObject.getInstance(fromByteArray((byte[])obj)); + } + catch (IOException e) + { + throw new IllegalArgumentException("failed to construct tagged object from byte[]: " + e.getMessage()); + } + } throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); } /** - * Create a tagged object in the explicit style. - * - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public ASN1TaggedObject( - int tagNo, - DEREncodable obj) - { - this.explicit = true; - this.tagNo = tagNo; - this.obj = obj; - } - - /** * Create a tagged object with the style given by the value of explicit. * <p> * If the object implements ASN1Choice the tag style will always be changed @@ -67,7 +63,7 @@ public abstract class ASN1TaggedObject public ASN1TaggedObject( boolean explicit, int tagNo, - DEREncodable obj) + ASN1Encodable obj) { if (obj instanceof ASN1Choice) { @@ -79,11 +75,26 @@ public abstract class ASN1TaggedObject } this.tagNo = tagNo; - this.obj = obj; + + if (this.explicit) + { + this.obj = obj; + } + else + { + ASN1Primitive prim = obj.toASN1Primitive(); + + if (prim instanceof ASN1Set) + { + ASN1Set s = null; + } + + this.obj = obj; + } } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof ASN1TaggedObject)) { @@ -106,7 +117,7 @@ public abstract class ASN1TaggedObject } else { - if (!(obj.getDERObject().equals(other.obj.getDERObject()))) + if (!(obj.toASN1Primitive().equals(other.obj.toASN1Primitive()))) { return false; } @@ -163,11 +174,11 @@ public abstract class ASN1TaggedObject * trying to extract a tagged object you should be going via the * appropriate getInstance method. */ - public DERObject getObject() + public ASN1Primitive getObject() { if (obj != null) { - return obj.getDERObject(); + return obj.toASN1Primitive(); } return null; @@ -178,17 +189,17 @@ public abstract class ASN1TaggedObject * the type of the passed in tag. If the object doesn't have a parser * associated with it, the base object is returned. */ - public DEREncodable getObjectParser( + public ASN1Encodable getObjectParser( int tag, boolean isExplicit) { switch (tag) { - case DERTags.SET: + case BERTags.SET: return ASN1Set.getInstance(this, isExplicit).parser(); - case DERTags.SEQUENCE: + case BERTags.SEQUENCE: return ASN1Sequence.getInstance(this, isExplicit).parser(); - case DERTags.OCTET_STRING: + case BERTags.OCTET_STRING: return ASN1OctetString.getInstance(this, isExplicit).parser(); } @@ -200,12 +211,22 @@ public abstract class ASN1TaggedObject throw new RuntimeException("implicit tagging not implemented for tag: " + tag); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() { - return this.getDERObject(); + return this.toASN1Primitive(); } - - abstract void encode(DEROutputStream out) + + ASN1Primitive toDERObject() + { + return new DERTaggedObject(explicit, tagNo, obj); + } + + ASN1Primitive toDLObject() + { + return new DLTaggedObject(explicit, tagNo, obj); + } + + abstract void encode(ASN1OutputStream out) throws IOException; public String toString() diff --git a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java index 52f6087..a681dc9 100644 --- a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java +++ b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java @@ -3,10 +3,10 @@ package org.bouncycastle.asn1; import java.io.IOException; public interface ASN1TaggedObjectParser - extends DEREncodable, InMemoryRepresentable + extends ASN1Encodable, InMemoryRepresentable { public int getTagNo(); - public DEREncodable getObjectParser(int tag, boolean isExplicit) + public ASN1Encodable getObjectParser(int tag, boolean isExplicit) throws IOException; } diff --git a/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java b/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java index 7b6aaaf..63bd9f3 100644 --- a/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java +++ b/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java @@ -14,19 +14,19 @@ public class BERApplicationSpecificParser this.parser = parser; } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { return parser.readObject(); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { return new BERApplicationSpecific(tag, parser.readVector()); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java b/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java index cceb241..cad6e42 100644 --- a/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java +++ b/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java @@ -5,8 +5,11 @@ import java.io.IOException; import java.util.Enumeration; import java.util.Vector; +/** + * @deprecated use BEROctetString + */ public class BERConstructedOctetString - extends DEROctetString + extends BEROctetString { private static final int MAX_LENGTH = 1000; @@ -59,15 +62,27 @@ public class BERConstructedOctetString } public BERConstructedOctetString( - DERObject obj) + ASN1Primitive obj) { - super(obj); + super(toByteArray(obj)); + } + + private static byte[] toByteArray(ASN1Primitive obj) + { + try + { + return obj.getEncoded(); + } + catch (IOException e) + { + throw new IllegalArgumentException("Unable to encode object"); + } } public BERConstructedOctetString( - DEREncodable obj) + ASN1Encodable obj) { - super(obj.getDERObject()); + this(obj.toASN1Primitive()); } public byte[] getOctets() @@ -114,35 +129,7 @@ public class BERConstructedOctetString return vec; } - public void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(CONSTRUCTED | OCTET_STRING); - - out.write(0x80); - - // - // write out the octet array - // - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } - - public static BERConstructedOctetString fromSequence(ASN1Sequence seq) + public static BEROctetString fromSequence(ASN1Sequence seq) { Vector v = new Vector(); Enumeration e = seq.getObjects(); diff --git a/src/main/java/org/bouncycastle/asn1/BERFactory.java b/src/main/java/org/bouncycastle/asn1/BERFactory.java index 82f101c..023be0b 100644 --- a/src/main/java/org/bouncycastle/asn1/BERFactory.java +++ b/src/main/java/org/bouncycastle/asn1/BERFactory.java @@ -14,9 +14,4 @@ class BERFactory { return v.size() < 1 ? EMPTY_SET : new BERSet(v); } - - static BERSet createSet(ASN1EncodableVector v, boolean needsSorting) - { - return v.size() < 1 ? EMPTY_SET : new BERSet(v, needsSorting); - } } diff --git a/src/main/java/org/bouncycastle/asn1/BEROctetString.java b/src/main/java/org/bouncycastle/asn1/BEROctetString.java new file mode 100644 index 0000000..bc1ed44 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/BEROctetString.java @@ -0,0 +1,168 @@ +package org.bouncycastle.asn1; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.Enumeration; +import java.util.Vector; + +public class BEROctetString + extends ASN1OctetString +{ + private static final int MAX_LENGTH = 1000; + + private ASN1OctetString[] octs; + + /** + * convert a vector of octet strings into a single byte string + */ + static private byte[] toBytes( + ASN1OctetString[] octs) + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + for (int i = 0; i != octs.length; i++) + { + try + { + DEROctetString o = (DEROctetString)octs[i]; + + bOut.write(o.getOctets()); + } + catch (ClassCastException e) + { + throw new IllegalArgumentException(octs[i].getClass().getName() + " found in input should only contain DEROctetString"); + } + catch (IOException e) + { + throw new IllegalArgumentException("exception converting octets " + e.toString()); + } + } + + return bOut.toByteArray(); + } + + /** + * @param string the octets making up the octet string. + */ + public BEROctetString( + byte[] string) + { + super(string); + } + + public BEROctetString( + ASN1OctetString[] octs) + { + super(toBytes(octs)); + + this.octs = octs; + } + + public byte[] getOctets() + { + return string; + } + + /** + * return the DER octets that make up this string. + */ + public Enumeration getObjects() + { + if (octs == null) + { + return generateOcts().elements(); + } + + return new Enumeration() + { + int counter = 0; + + public boolean hasMoreElements() + { + return counter < octs.length; + } + + public Object nextElement() + { + return octs[counter++]; + } + }; + } + + private Vector generateOcts() + { + Vector vec = new Vector(); + for (int i = 0; i < string.length; i += MAX_LENGTH) + { + int end; + + if (i + MAX_LENGTH > string.length) + { + end = string.length; + } + else + { + end = i + MAX_LENGTH; + } + + byte[] nStr = new byte[end - i]; + + System.arraycopy(string, i, nStr, 0, nStr.length); + + vec.addElement(new DEROctetString(nStr)); + } + + return vec; + } + + boolean isConstructed() + { + return true; + } + + int encodedLength() + throws IOException + { + int length = 0; + for (Enumeration e = getObjects(); e.hasMoreElements();) + { + length += ((ASN1Encodable)e.nextElement()).toASN1Primitive().encodedLength(); + } + + return 2 + length + 2; + } + + public void encode( + ASN1OutputStream out) + throws IOException + { + out.write(BERTags.CONSTRUCTED | BERTags.OCTET_STRING); + + out.write(0x80); + + // + // write out the octet array + // + for (Enumeration e = getObjects(); e.hasMoreElements();) + { + out.writeObject((ASN1Encodable)e.nextElement()); + } + + out.write(0x00); + out.write(0x00); + } + + static BEROctetString fromSequence(ASN1Sequence seq) + { + ASN1OctetString[] v = new ASN1OctetString[seq.size()]; + Enumeration e = seq.getObjects(); + int index = 0; + + while (e.hasMoreElements()) + { + v[index++] = (ASN1OctetString)e.nextElement(); + } + + return new BEROctetString(v); + } +} diff --git a/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java b/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java index 1118a56..1c7132e 100644 --- a/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java +++ b/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java @@ -21,13 +21,13 @@ public class BEROctetStringParser return new ConstructedOctetStream(_parser); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { - return new BERConstructedOctetString(Streams.readAll(getOctetStream())); + return new BEROctetString(Streams.readAll(getOctetStream())); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/BEROutputStream.java b/src/main/java/org/bouncycastle/asn1/BEROutputStream.java index c2e8da4..7117d4f 100644 --- a/src/main/java/org/bouncycastle/asn1/BEROutputStream.java +++ b/src/main/java/org/bouncycastle/asn1/BEROutputStream.java @@ -20,13 +20,13 @@ public class BEROutputStream { writeNull(); } - else if (obj instanceof DERObject) + else if (obj instanceof ASN1Primitive) { - ((DERObject)obj).encode(this); + ((ASN1Primitive)obj).encode(this); } - else if (obj instanceof DEREncodable) + else if (obj instanceof ASN1Encodable) { - ((DEREncodable)obj).getDERObject().encode(this); + ((ASN1Encodable)obj).toASN1Primitive().encode(this); } else { diff --git a/src/main/java/org/bouncycastle/asn1/BERSequence.java b/src/main/java/org/bouncycastle/asn1/BERSequence.java index aec6fd6..aa44950 100644 --- a/src/main/java/org/bouncycastle/asn1/BERSequence.java +++ b/src/main/java/org/bouncycastle/asn1/BERSequence.java @@ -4,7 +4,7 @@ import java.io.IOException; import java.util.Enumeration; public class BERSequence - extends DERSequence + extends ASN1Sequence { /** * create an empty sequence @@ -17,7 +17,7 @@ public class BERSequence * create a sequence containing one object */ public BERSequence( - DEREncodable obj) + ASN1Encodable obj) { super(obj); } @@ -26,34 +26,48 @@ public class BERSequence * create a sequence containing a vector of objects. */ public BERSequence( - ASN1EncodableVector v) + ASN1EncodableVector v) { super(v); } - /* + /** + * create a sequence containing an array of objects. */ - void encode( - DEROutputStream out) + public BERSequence( + ASN1Encodable[] array) + { + super(array); + } + + int encodedLength() throws IOException { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) + int length = 0; + for (Enumeration e = getObjects(); e.hasMoreElements();) { - out.write(SEQUENCE | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); + length += ((ASN1Encodable)e.nextElement()).toASN1Primitive().encodedLength(); } - else + + return 2 + length + 2; + } + + /* + */ + void encode( + ASN1OutputStream out) + throws IOException + { + out.write(BERTags.SEQUENCE | BERTags.CONSTRUCTED); + out.write(0x80); + + Enumeration e = getObjects(); + while (e.hasMoreElements()) { - super.encode(out); + out.writeObject((ASN1Encodable)e.nextElement()); } + + out.write(0x00); + out.write(0x00); } } diff --git a/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java b/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java index 4f3b7ec..d5d4395 100644 --- a/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java +++ b/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java @@ -12,19 +12,19 @@ public class BERSequenceParser this._parser = parser; } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { return new BERSequence(_parser.readVector()); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/BERSet.java b/src/main/java/org/bouncycastle/asn1/BERSet.java index a5a2633..064d778 100644 --- a/src/main/java/org/bouncycastle/asn1/BERSet.java +++ b/src/main/java/org/bouncycastle/asn1/BERSet.java @@ -4,7 +4,7 @@ import java.io.IOException; import java.util.Enumeration; public class BERSet - extends DERSet + extends ASN1Set { /** * create an empty sequence @@ -14,10 +14,10 @@ public class BERSet } /** - * create a set containing one object + * @param obj - a single object that makes up the set. */ public BERSet( - DEREncodable obj) + ASN1Encodable obj) { super(obj); } @@ -26,44 +26,48 @@ public class BERSet * @param v - a vector of objects making up the set. */ public BERSet( - ASN1EncodableVector v) + ASN1EncodableVector v) { super(v, false); } /** - * @param v - a vector of objects making up the set. + * create a set from an array of objects. */ - BERSet( - ASN1EncodableVector v, - boolean needsSorting) + public BERSet( + ASN1Encodable[] a) { - super(v, needsSorting); + super(a, false); + } + + int encodedLength() + throws IOException + { + int length = 0; + for (Enumeration e = getObjects(); e.hasMoreElements();) + { + length += ((ASN1Encodable)e.nextElement()).toASN1Primitive().encodedLength(); + } + + return 2 + length + 2; } /* */ void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(SET | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else + out.write(BERTags.SET | BERTags.CONSTRUCTED); + out.write(0x80); + + Enumeration e = getObjects(); + while (e.hasMoreElements()) { - super.encode(out); + out.writeObject((ASN1Encodable)e.nextElement()); } + + out.write(0x00); + out.write(0x00); } } diff --git a/src/main/java/org/bouncycastle/asn1/BERSetParser.java b/src/main/java/org/bouncycastle/asn1/BERSetParser.java index e345f3f..5a30f3c 100644 --- a/src/main/java/org/bouncycastle/asn1/BERSetParser.java +++ b/src/main/java/org/bouncycastle/asn1/BERSetParser.java @@ -12,19 +12,19 @@ public class BERSetParser this._parser = parser; } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { - return new BERSet(_parser.readVector(), false); + return new BERSet(_parser.readVector()); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java b/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java index e09c910..1af0a43 100644 --- a/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java +++ b/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java @@ -9,7 +9,7 @@ import java.util.Enumeration; * rules (as with sequences). */ public class BERTaggedObject - extends DERTaggedObject + extends ASN1TaggedObject { /** * @param tagNo the tag number for this object. @@ -17,9 +17,9 @@ public class BERTaggedObject */ public BERTaggedObject( int tagNo, - DEREncodable obj) + ASN1Encodable obj) { - super(tagNo, obj); + super(true, tagNo, obj); } /** @@ -30,7 +30,7 @@ public class BERTaggedObject public BERTaggedObject( boolean explicit, int tagNo, - DEREncodable obj) + ASN1Encodable obj) { super(explicit, tagNo, obj); } @@ -45,63 +45,103 @@ public class BERTaggedObject super(false, tagNo, new BERSequence()); } - void encode( - DEROutputStream out) + boolean isConstructed() + { + if (!empty) + { + if (explicit) + { + return true; + } + else + { + ASN1Primitive primitive = obj.toASN1Primitive().toDERObject(); + + return primitive.isConstructed(); + } + } + else + { + return true; + } + } + + int encodedLength() throws IOException { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) + if (!empty) { - out.writeTag(CONSTRUCTED | TAGGED, tagNo); - out.write(0x80); + ASN1Primitive primitive = obj.toASN1Primitive(); + int length = primitive.encodedLength(); - if (!empty) + if (explicit) + { + return StreamUtil.calculateTagLength(tagNo) + StreamUtil.calculateBodyLength(length) + length; + } + else { - if (!explicit) + // header length already in calculation + length = length - 1; + + return StreamUtil.calculateTagLength(tagNo) + length; + } + } + else + { + return StreamUtil.calculateTagLength(tagNo) + 1; + } + } + + void encode( + ASN1OutputStream out) + throws IOException + { + out.writeTag(BERTags.CONSTRUCTED | BERTags.TAGGED, tagNo); + out.write(0x80); + + if (!empty) + { + if (!explicit) + { + Enumeration e; + if (obj instanceof ASN1OctetString) { - Enumeration e; - if (obj instanceof ASN1OctetString) + if (obj instanceof BEROctetString) { - if (obj instanceof BERConstructedOctetString) - { - e = ((BERConstructedOctetString)obj).getObjects(); - } - else - { - ASN1OctetString octs = (ASN1OctetString)obj; - BERConstructedOctetString berO = new BERConstructedOctetString(octs.getOctets()); - e = berO.getObjects(); - } - } - else if (obj instanceof ASN1Sequence) - { - e = ((ASN1Sequence)obj).getObjects(); - } - else if (obj instanceof ASN1Set) - { - e = ((ASN1Set)obj).getObjects(); + e = ((BEROctetString)obj).getObjects(); } else { - throw new RuntimeException("not implemented: " + obj.getClass().getName()); - } - - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); + ASN1OctetString octs = (ASN1OctetString)obj; + BEROctetString berO = new BEROctetString(octs.getOctets()); + e = berO.getObjects(); } } + else if (obj instanceof ASN1Sequence) + { + e = ((ASN1Sequence)obj).getObjects(); + } + else if (obj instanceof ASN1Set) + { + e = ((ASN1Set)obj).getObjects(); + } else { - out.writeObject(obj); + throw new RuntimeException("not implemented: " + obj.getClass().getName()); } - } - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); + while (e.hasMoreElements()) + { + out.writeObject((ASN1Encodable)e.nextElement()); + } + } + else + { + out.writeObject(obj); + } } + + out.write(0x00); + out.write(0x00); } } diff --git a/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java b/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java index 40333fb..7cd334a 100644 --- a/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java +++ b/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java @@ -1,7 +1,6 @@ package org.bouncycastle.asn1; import java.io.IOException; -import java.io.InputStream; public class BERTaggedObjectParser implements ASN1TaggedObjectParser @@ -10,17 +9,6 @@ public class BERTaggedObjectParser private int _tagNumber; private ASN1StreamParser _parser; - /** - * @deprecated - */ - protected BERTaggedObjectParser( - int baseTag, - int tagNumber, - InputStream contentStream) - { - this((baseTag & DERTags.CONSTRUCTED) != 0, tagNumber, new ASN1StreamParser(contentStream)); - } - BERTaggedObjectParser( boolean constructed, int tagNumber, @@ -41,7 +29,7 @@ public class BERTaggedObjectParser return _tagNumber; } - public DEREncodable getObjectParser( + public ASN1Encodable getObjectParser( int tag, boolean isExplicit) throws IOException @@ -58,13 +46,13 @@ public class BERTaggedObjectParser return _parser.readImplicit(_constructed, tag); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { return _parser.readTaggedObject(_constructed, _tagNumber); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/BERTags.java b/src/main/java/org/bouncycastle/asn1/BERTags.java new file mode 100644 index 0000000..7281a6a --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/BERTags.java @@ -0,0 +1,36 @@ +package org.bouncycastle.asn1; + +public interface BERTags +{ + public static final int BOOLEAN = 0x01; + public static final int INTEGER = 0x02; + public static final int BIT_STRING = 0x03; + public static final int OCTET_STRING = 0x04; + public static final int NULL = 0x05; + public static final int OBJECT_IDENTIFIER = 0x06; + public static final int EXTERNAL = 0x08; + public static final int ENUMERATED = 0x0a; + public static final int SEQUENCE = 0x10; + public static final int SEQUENCE_OF = 0x10; // for completeness + public static final int SET = 0x11; + public static final int SET_OF = 0x11; // for completeness + + + public static final int NUMERIC_STRING = 0x12; + public static final int PRINTABLE_STRING = 0x13; + public static final int T61_STRING = 0x14; + public static final int VIDEOTEX_STRING = 0x15; + public static final int IA5_STRING = 0x16; + public static final int UTC_TIME = 0x17; + public static final int GENERALIZED_TIME = 0x18; + public static final int GRAPHIC_STRING = 0x19; + public static final int VISIBLE_STRING = 0x1a; + public static final int GENERAL_STRING = 0x1b; + public static final int UNIVERSAL_STRING = 0x1c; + public static final int BMP_STRING = 0x1e; + public static final int UTF8_STRING = 0x0c; + + public static final int CONSTRUCTED = 0x20; + public static final int APPLICATION = 0x40; + public static final int TAGGED = 0x80; +} diff --git a/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java b/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java index 045cffd..f247b11 100644 --- a/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java +++ b/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java @@ -1,7 +1,7 @@ package org.bouncycastle.asn1; -import java.io.InputStream; import java.io.IOException; +import java.io.InputStream; class ConstructedOctetStream extends InputStream diff --git a/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java b/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java index 7ca06d6..5b59288 100644 --- a/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java +++ b/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java @@ -9,7 +9,7 @@ import org.bouncycastle.util.Arrays; * Base class for an application specific object */ public class DERApplicationSpecific - extends ASN1Object + extends ASN1Primitive { private final boolean isConstructed; private final int tag; @@ -34,7 +34,7 @@ public class DERApplicationSpecific public DERApplicationSpecific( int tag, - DEREncodable object) + ASN1Encodable object) throws IOException { this(true, tag, object); @@ -43,12 +43,14 @@ public class DERApplicationSpecific public DERApplicationSpecific( boolean explicit, int tag, - DEREncodable object) + ASN1Encodable object) throws IOException { - byte[] data = object.getDERObject().getDEREncoded(); + ASN1Primitive primitive = object.toASN1Primitive(); - this.isConstructed = explicit; + byte[] data = primitive.getEncoded(ASN1Encoding.DER); + + this.isConstructed = explicit || (primitive instanceof ASN1Set || primitive instanceof ASN1Sequence); this.tag = tag; if (explicit) @@ -57,7 +59,7 @@ public class DERApplicationSpecific } else { - int lenBytes = getLengthOfLength(data); + int lenBytes = getLengthOfHeader(data); byte[] tmp = new byte[data.length - lenBytes]; System.arraycopy(data, lenBytes, tmp, 0, tmp.length); this.octets = tmp; @@ -74,7 +76,7 @@ public class DERApplicationSpecific { try { - bOut.write(((ASN1Encodable)vec.get(i)).getEncoded()); + bOut.write(((ASN1Object)vec.get(i)).getEncoded(ASN1Encoding.DER)); } catch (IOException e) { @@ -84,16 +86,59 @@ public class DERApplicationSpecific this.octets = bOut.toByteArray(); } - private int getLengthOfLength(byte[] data) + public static DERApplicationSpecific getInstance(Object obj) { - int count = 2; // TODO: assumes only a 1 byte tag number + if (obj == null || obj instanceof DERApplicationSpecific) + { + return (DERApplicationSpecific)obj; + } + else if (obj instanceof byte[]) + { + try + { + return DERApplicationSpecific.getInstance(ASN1Primitive.fromByteArray((byte[])obj)); + } + catch (IOException e) + { + throw new IllegalArgumentException("failed to construct object from byte[]: " + e.getMessage()); + } + } + else if (obj instanceof ASN1Encodable) + { + ASN1Primitive primitive = ((ASN1Encodable)obj).toASN1Primitive(); + + if (primitive instanceof ASN1Sequence) + { + return (DERApplicationSpecific)primitive; + } + } - while((data[count - 1] & 0x80) != 0) + throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); + } + + private int getLengthOfHeader(byte[] data) + { + int length = data[1] & 0xff; // TODO: assumes 1 byte tag + + if (length == 0x80) + { + return 2; // indefinite-length encoding + } + + if (length > 127) { - count++; + int size = length & 0x7f; + + // Note: The invalid long form "0xff" (see X.690 8.1.3.5c) will be caught here + if (size > 4) + { + throw new IllegalStateException("DER length more than 4 bytes: " + size); + } + + return size + 2; } - return count; + return 2; } public boolean isConstructed() @@ -117,7 +162,7 @@ public class DERApplicationSpecific * @return the resulting object * @throws IOException if reconstruction fails. */ - public DERObject getObject() + public ASN1Primitive getObject() throws IOException { return new ASN1InputStream(getContents()).readObject(); @@ -130,7 +175,7 @@ public class DERApplicationSpecific * @return the resulting object * @throws IOException if reconstruction fails. */ - public DERObject getObject(int derTagNo) + public ASN1Primitive getObject(int derTagNo) throws IOException { if (derTagNo >= 0x1f) @@ -141,30 +186,36 @@ public class DERApplicationSpecific byte[] orig = this.getEncoded(); byte[] tmp = replaceTagNumber(derTagNo, orig); - if ((orig[0] & DERTags.CONSTRUCTED) != 0) + if ((orig[0] & BERTags.CONSTRUCTED) != 0) { - tmp[0] |= DERTags.CONSTRUCTED; + tmp[0] |= BERTags.CONSTRUCTED; } return new ASN1InputStream(tmp).readObject(); } - + + int encodedLength() + throws IOException + { + return StreamUtil.calculateTagLength(tag) + StreamUtil.calculateBodyLength(octets.length) + octets.length; + } + /* (non-Javadoc) - * @see org.bouncycastle.asn1.DERObject#encode(org.bouncycastle.asn1.DEROutputStream) + * @see org.bouncycastle.asn1.ASN1Primitive#encode(org.bouncycastle.asn1.DEROutputStream) */ - void encode(DEROutputStream out) throws IOException + void encode(ASN1OutputStream out) throws IOException { - int classBits = DERTags.APPLICATION; + int classBits = BERTags.APPLICATION; if (isConstructed) { - classBits |= DERTags.CONSTRUCTED; + classBits |= BERTags.CONSTRUCTED; } out.writeEncoded(classBits, tag, octets); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERApplicationSpecific)) { diff --git a/src/main/java/org/bouncycastle/asn1/DERBMPString.java b/src/main/java/org/bouncycastle/asn1/DERBMPString.java index 1ff72de..33a09f8 100644 --- a/src/main/java/org/bouncycastle/asn1/DERBMPString.java +++ b/src/main/java/org/bouncycastle/asn1/DERBMPString.java @@ -2,14 +2,16 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; + /** * DER BMPString object. */ public class DERBMPString - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { - String string; + private char[] string; /** * return a BMP String from the given object. @@ -41,7 +43,7 @@ public class DERBMPString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERBMPString) { @@ -52,12 +54,11 @@ public class DERBMPString return new DERBMPString(ASN1OctetString.getInstance(o).getOctets()); } } - /** * basic constructor - byte encoded string. */ - public DERBMPString( + DERBMPString( byte[] string) { char[] cs = new char[string.length / 2]; @@ -67,7 +68,12 @@ public class DERBMPString cs[i] = (char)((string[2 * i] << 8) | (string[2 * i + 1] & 0xff)); } - this.string = new String(cs); + this.string = cs; + } + + DERBMPString(char[] string) + { + this.string = string; } /** @@ -76,26 +82,26 @@ public class DERBMPString public DERBMPString( String string) { - this.string = string; + this.string = string.toCharArray(); } public String getString() { - return string; + return new String(string); } public String toString() { - return string; + return getString(); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } protected boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERBMPString)) { @@ -104,22 +110,32 @@ public class DERBMPString DERBMPString s = (DERBMPString)o; - return this.getString().equals(s.getString()); + return Arrays.areEqual(string, s.string); + } + + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length * 2) + (string.length * 2); } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - char[] c = string.toCharArray(); - byte[] b = new byte[c.length * 2]; + out.write(BERTags.BMP_STRING); + out.writeLength(string.length * 2); - for (int i = 0; i != c.length; i++) + for (int i = 0; i != string.length; i++) { - b[2 * i] = (byte)(c[i] >> 8); - b[2 * i + 1] = (byte)c[i]; - } + char c = string[i]; - out.writeEncoded(BMP_STRING, b); + out.write((byte)(c >> 8)); + out.write((byte)c); + } } } diff --git a/src/main/java/org/bouncycastle/asn1/DERBitString.java b/src/main/java/org/bouncycastle/asn1/DERBitString.java index efca7d3..f7f2462 100644 --- a/src/main/java/org/bouncycastle/asn1/DERBitString.java +++ b/src/main/java/org/bouncycastle/asn1/DERBitString.java @@ -1,13 +1,16 @@ package org.bouncycastle.asn1; import java.io.ByteArrayOutputStream; +import java.io.EOFException; import java.io.IOException; +import java.io.InputStream; import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.io.Streams; public class DERBitString - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { private static final char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; @@ -116,7 +119,7 @@ public class DERBitString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERBitString) { @@ -156,11 +159,11 @@ public class DERBitString } public DERBitString( - DEREncodable obj) + ASN1Encodable obj) { try { - this.data = obj.getDERObject().getEncoded(ASN1Encodable.DER); + this.data = obj.toASN1Primitive().getEncoded(ASN1Encoding.DER); this.padBits = 0; } catch (IOException e) @@ -194,9 +197,19 @@ public class DERBitString return value; } - + + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(data.length + 1) + data.length + 1; + } + void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { byte[] bytes = new byte[getBytes().length + 1]; @@ -204,7 +217,7 @@ public class DERBitString bytes[0] = (byte)getPadBits(); System.arraycopy(getBytes(), 0, bytes, 1, bytes.length - 1); - out.writeEncoded(BIT_STRING, bytes); + out.writeEncoded(BERTags.BIT_STRING, bytes); } public int hashCode() @@ -213,7 +226,7 @@ public class DERBitString } protected boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERBitString)) { @@ -274,4 +287,26 @@ public class DERBitString return new DERBitString(data, padBits); } + + static DERBitString fromInputStream(int length, InputStream stream) + throws IOException + { + if (length < 1) + { + throw new IllegalArgumentException("truncated BIT STRING detected"); + } + + int padBits = stream.read(); + byte[] data = new byte[length - 1]; + + if (data.length != 0) + { + if (Streams.readFully(stream, data) != data.length) + { + throw new EOFException("EOF encountered in middle of BIT STRING"); + } + } + + return new DERBitString(data, padBits); + } } diff --git a/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/src/main/java/org/bouncycastle/asn1/DERBoolean.java index 5cba346..a519fa2 100644 --- a/src/main/java/org/bouncycastle/asn1/DERBoolean.java +++ b/src/main/java/org/bouncycastle/asn1/DERBoolean.java @@ -2,27 +2,38 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; + public class DERBoolean - extends ASN1Object + extends ASN1Primitive { + private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; + private static final byte[] FALSE_VALUE = new byte[] { 0 }; + // BEGIN android-changed - private final byte value; + final private byte[] value; // END android-changed - public static final DERBoolean FALSE = new DERBoolean(false); - public static final DERBoolean TRUE = new DERBoolean(true); + public static final ASN1Boolean FALSE = new ASN1Boolean(false); + public static final ASN1Boolean TRUE = new ASN1Boolean(true); + /** * return a boolean from the passed in object. * * @exception IllegalArgumentException if the object cannot be converted. */ - public static DERBoolean getInstance( + public static ASN1Boolean getInstance( Object obj) { - if (obj == null || obj instanceof DERBoolean) + if (obj == null || obj instanceof ASN1Boolean) + { + return (ASN1Boolean)obj; + } + + if (obj instanceof DERBoolean) { - return (DERBoolean)obj; + return ((DERBoolean)obj).isTrue() ? DERBoolean.TRUE : DERBoolean.FALSE; } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -31,7 +42,7 @@ public class DERBoolean /** * return a DERBoolean from the passed in boolean. */ - public static DERBoolean getInstance( + public static ASN1Boolean getInstance( boolean value) { return (value ? TRUE : FALSE); @@ -46,8 +57,8 @@ public class DERBoolean { return (octets[0] != 0) ? TRUE : FALSE; } - // END android-added + // END android-added /** * return a Boolean from a tagged object. * @@ -61,7 +72,7 @@ public class DERBoolean ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERBoolean) { @@ -69,68 +80,104 @@ public class DERBoolean } else { - // BEGIN android-changed - return getInstance(((ASN1OctetString)o).getOctets()); - // END android-changed + return ASN1Boolean.fromOctetString(((ASN1OctetString)o).getOctets()); } } - // BEGIN android-removed - // public DERBoolean( - // byte[] value) - // { - // if (value.length != 1) - // { - // throw new IllegalArgumentException("byte value should have 1 byte in it"); - // } - // - // this.value = value[0]; - // } - // END android-removed + // BEGIN android-changed + protected DERBoolean( + // END android-changed + byte[] value) + { + if (value.length != 1) + { + throw new IllegalArgumentException("byte value should have 1 byte in it"); + } + + if (value[0] == 0) + { + this.value = FALSE_VALUE; + } + else if (value[0] == 0xff) + { + this.value = TRUE_VALUE; + } + else + { + this.value = Arrays.clone(value); + } + } // BEGIN android-changed protected DERBoolean( boolean value) // END android-changed { - this.value = (value) ? (byte)0xff : (byte)0; + this.value = (value) ? TRUE_VALUE : FALSE_VALUE; } public boolean isTrue() { - return (value != 0); + return (value[0] != 0); } - void encode( - DEROutputStream out) - throws IOException + boolean isConstructed() { - byte[] bytes = new byte[1]; + return false; + } - bytes[0] = value; + int encodedLength() + { + return 3; + } - out.writeEncoded(BOOLEAN, bytes); + void encode( + ASN1OutputStream out) + throws IOException + { + out.writeEncoded(BERTags.BOOLEAN, value); } protected boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if ((o == null) || !(o instanceof DERBoolean)) { return false; } - return (value == ((DERBoolean)o).value); + return (value[0] == ((DERBoolean)o).value[0]); } public int hashCode() { - return value; + return value[0]; } public String toString() { - return (value != 0) ? "TRUE" : "FALSE"; + return (value[0] != 0) ? "TRUE" : "FALSE"; + } + + static ASN1Boolean fromOctetString(byte[] value) + { + if (value.length != 1) + { + throw new IllegalArgumentException("byte value should have 1 byte in it"); + } + + if (value[0] == 0) + { + return FALSE; + } + else if (value[0] == 0xff) + { + return TRUE; + } + else + { + return new ASN1Boolean(value); + } } } diff --git a/src/main/java/org/bouncycastle/asn1/DEREncodable.java b/src/main/java/org/bouncycastle/asn1/DEREncodable.java deleted file mode 100644 index d89305a..0000000 --- a/src/main/java/org/bouncycastle/asn1/DEREncodable.java +++ /dev/null @@ -1,6 +0,0 @@ -package org.bouncycastle.asn1; - -public interface DEREncodable -{ - public DERObject getDERObject(); -} diff --git a/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java b/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java index 68d63eb..919ff72 100644 --- a/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java +++ b/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java @@ -1,16 +1,13 @@ package org.bouncycastle.asn1; -import java.util.Vector; - /** * a general class for building up a vector of DER encodable objects - * this will eventually be superceded by ASN1EncodableVector so you should * use that class in preference. */ public class DEREncodableVector + extends ASN1EncodableVector { - Vector v = new Vector(); - /** * @deprecated use ASN1EncodableVector instead. */ @@ -18,21 +15,4 @@ public class DEREncodableVector { } - - public void add( - DEREncodable obj) - { - v.addElement(obj); - } - - public DEREncodable get( - int i) - { - return (DEREncodable)v.elementAt(i); - } - - public int size() - { - return v.size(); - } } diff --git a/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/src/main/java/org/bouncycastle/asn1/DEREnumerated.java index 440744e..2cf17f1 100644 --- a/src/main/java/org/bouncycastle/asn1/DEREnumerated.java +++ b/src/main/java/org/bouncycastle/asn1/DEREnumerated.java @@ -6,7 +6,7 @@ import java.math.BigInteger; import org.bouncycastle.util.Arrays; public class DEREnumerated - extends ASN1Object + extends ASN1Primitive { byte[] bytes; @@ -15,12 +15,17 @@ public class DEREnumerated * * @exception IllegalArgumentException if the object cannot be converted. */ - public static DEREnumerated getInstance( + public static ASN1Enumerated getInstance( Object obj) { - if (obj == null || obj instanceof DEREnumerated) + if (obj == null || obj instanceof ASN1Enumerated) + { + return (ASN1Enumerated)obj; + } + + if (obj instanceof DEREnumerated) { - return (DEREnumerated)obj; + return new ASN1Enumerated(((DEREnumerated)obj).getValue()); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -39,7 +44,7 @@ public class DEREnumerated ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DEREnumerated) { @@ -47,7 +52,7 @@ public class DEREnumerated } else { - return new DEREnumerated(((ASN1OctetString)o).getOctets()); + return fromOctetString(((ASN1OctetString)o).getOctets()); } } @@ -74,15 +79,25 @@ public class DEREnumerated return new BigInteger(bytes); } + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length; + } + void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(ENUMERATED, bytes); + out.writeEncoded(BERTags.ENUMERATED, bytes); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DEREnumerated)) { @@ -98,4 +113,34 @@ public class DEREnumerated { return Arrays.hashCode(bytes); } + + private static ASN1Enumerated[] cache = new ASN1Enumerated[12]; + + static ASN1Enumerated fromOctetString(byte[] enc) + { + if (enc.length > 1) + { + return new ASN1Enumerated(Arrays.clone(enc)); + } + + if (enc.length == 0) + { + throw new IllegalArgumentException("ENUMERATED has zero length"); + } + int value = enc[0] & 0xff; + + if (value >= cache.length) + { + return new ASN1Enumerated(Arrays.clone(enc)); + } + + ASN1Enumerated possibleMatch = cache[value]; + + if (possibleMatch == null) + { + possibleMatch = cache[value] = new ASN1Enumerated(Arrays.clone(enc)); + } + + return possibleMatch; + } } diff --git a/src/main/java/org/bouncycastle/asn1/DERExternal.java b/src/main/java/org/bouncycastle/asn1/DERExternal.java index 769c945..aed1d27 100644 --- a/src/main/java/org/bouncycastle/asn1/DERExternal.java +++ b/src/main/java/org/bouncycastle/asn1/DERExternal.java @@ -7,34 +7,34 @@ import java.io.IOException; * Class representing the DER-type External */ public class DERExternal - extends ASN1Object + extends ASN1Primitive { - private DERObjectIdentifier directReference; - private DERInteger indirectReference; - private ASN1Object dataValueDescriptor; + private ASN1ObjectIdentifier directReference; + private ASN1Integer indirectReference; + private ASN1Primitive dataValueDescriptor; private int encoding; - private DERObject externalContent; + private ASN1Primitive externalContent; public DERExternal(ASN1EncodableVector vector) { int offset = 0; - DERObject enc = getObjFromVector(vector, offset); - if (enc instanceof DERObjectIdentifier) + ASN1Primitive enc = getObjFromVector(vector, offset); + if (enc instanceof ASN1ObjectIdentifier) { - directReference = (DERObjectIdentifier)enc; + directReference = (ASN1ObjectIdentifier)enc; offset++; enc = getObjFromVector(vector, offset); } - if (enc instanceof DERInteger) + if (enc instanceof ASN1Integer) { - indirectReference = (DERInteger) enc; + indirectReference = (ASN1Integer) enc; offset++; enc = getObjFromVector(vector, offset); } if (!(enc instanceof DERTaggedObject)) { - dataValueDescriptor = (ASN1Object) enc; + dataValueDescriptor = (ASN1Primitive) enc; offset++; enc = getObjFromVector(vector, offset); } @@ -53,14 +53,14 @@ public class DERExternal externalContent = obj.getObject(); } - private DERObject getObjFromVector(ASN1EncodableVector v, int index) + private ASN1Primitive getObjFromVector(ASN1EncodableVector v, int index) { if (v.size() <= index) { throw new IllegalArgumentException("too few objects in input vector"); } - return v.get(index).getDERObject(); + return v.get(index).toASN1Primitive(); } /** * Creates a new instance of DERExternal @@ -70,9 +70,9 @@ public class DERExternal * @param dataValueDescriptor The data value descriptor or <code>null</code> if not set. * @param externalData The external data in its encoded form. */ - public DERExternal(DERObjectIdentifier directReference, DERInteger indirectReference, ASN1Object dataValueDescriptor, DERTaggedObject externalData) + public DERExternal(ASN1ObjectIdentifier directReference, ASN1Integer indirectReference, ASN1Primitive dataValueDescriptor, DERTaggedObject externalData) { - this(directReference, indirectReference, dataValueDescriptor, externalData.getTagNo(), externalData.getDERObject()); + this(directReference, indirectReference, dataValueDescriptor, externalData.getTagNo(), externalData.toASN1Primitive()); } /** @@ -84,13 +84,13 @@ public class DERExternal * @param encoding The encoding to be used for the external data * @param externalData The external data */ - public DERExternal(DERObjectIdentifier directReference, DERInteger indirectReference, ASN1Object dataValueDescriptor, int encoding, DERObject externalData) + public DERExternal(ASN1ObjectIdentifier directReference, ASN1Integer indirectReference, ASN1Primitive dataValueDescriptor, int encoding, ASN1Primitive externalData) { setDirectReference(directReference); setIndirectReference(indirectReference); setDataValueDescriptor(dataValueDescriptor); setEncoding(encoding); - setExternalContent(externalData.getDERObject()); + setExternalContent(externalData.toASN1Primitive()); } /* (non-Javadoc) @@ -115,34 +115,45 @@ public class DERExternal return ret; } + boolean isConstructed() + { + return true; + } + + int encodedLength() + throws IOException + { + return this.getEncoded().length; + } + /* (non-Javadoc) - * @see org.bouncycastle.asn1.DERObject#encode(org.bouncycastle.asn1.DEROutputStream) + * @see org.bouncycastle.asn1.ASN1Primitive#encode(org.bouncycastle.asn1.DEROutputStream) */ - void encode(DEROutputStream out) + void encode(ASN1OutputStream out) throws IOException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); if (directReference != null) { - baos.write(directReference.getDEREncoded()); + baos.write(directReference.getEncoded(ASN1Encoding.DER)); } if (indirectReference != null) { - baos.write(indirectReference.getDEREncoded()); + baos.write(indirectReference.getEncoded(ASN1Encoding.DER)); } if (dataValueDescriptor != null) { - baos.write(dataValueDescriptor.getDEREncoded()); + baos.write(dataValueDescriptor.getEncoded(ASN1Encoding.DER)); } - DERTaggedObject obj = new DERTaggedObject(encoding, externalContent); - baos.write(obj.getDEREncoded()); - out.writeEncoded(DERTags.CONSTRUCTED, DERTags.EXTERNAL, baos.toByteArray()); + DERTaggedObject obj = new DERTaggedObject(true, encoding, externalContent); + baos.write(obj.getEncoded(ASN1Encoding.DER)); + out.writeEncoded(BERTags.CONSTRUCTED, BERTags.EXTERNAL, baos.toByteArray()); } /* (non-Javadoc) - * @see org.bouncycastle.asn1.ASN1Object#asn1Equals(org.bouncycastle.asn1.DERObject) + * @see org.bouncycastle.asn1.ASN1Primitive#asn1Equals(org.bouncycastle.asn1.ASN1Primitive) */ - boolean asn1Equals(DERObject o) + boolean asn1Equals(ASN1Primitive o) { if (!(o instanceof DERExternal)) { @@ -181,7 +192,7 @@ public class DERExternal * Returns the data value descriptor * @return The descriptor */ - public ASN1Object getDataValueDescriptor() + public ASN1Primitive getDataValueDescriptor() { return dataValueDescriptor; } @@ -190,7 +201,7 @@ public class DERExternal * Returns the direct reference of the external element * @return The reference */ - public DERObjectIdentifier getDirectReference() + public ASN1ObjectIdentifier getDirectReference() { return directReference; } @@ -213,7 +224,7 @@ public class DERExternal * Returns the content of this element * @return The content */ - public DERObject getExternalContent() + public ASN1Primitive getExternalContent() { return externalContent; } @@ -222,7 +233,7 @@ public class DERExternal * Returns the indirect reference of this element * @return The reference */ - public DERInteger getIndirectReference() + public ASN1Integer getIndirectReference() { return indirectReference; } @@ -231,7 +242,7 @@ public class DERExternal * Sets the data value descriptor * @param dataValueDescriptor The descriptor */ - private void setDataValueDescriptor(ASN1Object dataValueDescriptor) + private void setDataValueDescriptor(ASN1Primitive dataValueDescriptor) { this.dataValueDescriptor = dataValueDescriptor; } @@ -240,7 +251,7 @@ public class DERExternal * Sets the direct reference of the external element * @param directReferemce The reference */ - private void setDirectReference(DERObjectIdentifier directReferemce) + private void setDirectReference(ASN1ObjectIdentifier directReferemce) { this.directReference = directReferemce; } @@ -267,7 +278,7 @@ public class DERExternal * Sets the content of this element * @param externalContent The content */ - private void setExternalContent(DERObject externalContent) + private void setExternalContent(ASN1Primitive externalContent) { this.externalContent = externalContent; } @@ -276,7 +287,7 @@ public class DERExternal * Sets the indirect reference of this element * @param indirectReference The reference */ - private void setIndirectReference(DERInteger indirectReference) + private void setIndirectReference(ASN1Integer indirectReference) { this.indirectReference = indirectReference; } diff --git a/src/main/java/org/bouncycastle/asn1/DERExternalParser.java b/src/main/java/org/bouncycastle/asn1/DERExternalParser.java index 059908f..b19c84d 100644 --- a/src/main/java/org/bouncycastle/asn1/DERExternalParser.java +++ b/src/main/java/org/bouncycastle/asn1/DERExternalParser.java @@ -3,7 +3,7 @@ package org.bouncycastle.asn1; import java.io.IOException; public class DERExternalParser - implements DEREncodable, InMemoryRepresentable + implements ASN1Encodable, InMemoryRepresentable { private ASN1StreamParser _parser; @@ -15,13 +15,13 @@ public class DERExternalParser this._parser = parser; } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { try @@ -34,7 +34,7 @@ public class DERExternalParser } } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/DERFactory.java b/src/main/java/org/bouncycastle/asn1/DERFactory.java index 7364282..b829e3b 100644 --- a/src/main/java/org/bouncycastle/asn1/DERFactory.java +++ b/src/main/java/org/bouncycastle/asn1/DERFactory.java @@ -2,21 +2,16 @@ package org.bouncycastle.asn1; class DERFactory { - static final DERSequence EMPTY_SEQUENCE = new DERSequence(); - static final DERSet EMPTY_SET = new DERSet(); + static final ASN1Sequence EMPTY_SEQUENCE = new DERSequence(); + static final ASN1Set EMPTY_SET = new DERSet(); - static DERSequence createSequence(ASN1EncodableVector v) + static ASN1Sequence createSequence(ASN1EncodableVector v) { - return v.size() < 1 ? EMPTY_SEQUENCE : new DERSequence(v); + return v.size() < 1 ? EMPTY_SEQUENCE : new DLSequence(v); } - static DERSet createSet(ASN1EncodableVector v) + static ASN1Set createSet(ASN1EncodableVector v) { - return v.size() < 1 ? EMPTY_SET : new DERSet(v); - } - - static DERSet createSet(ASN1EncodableVector v, boolean needsSorting) - { - return v.size() < 1 ? EMPTY_SET : new DERSet(v, needsSorting); + return v.size() < 1 ? EMPTY_SET : new DLSet(v); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERGeneralString.java b/src/main/java/org/bouncycastle/asn1/DERGeneralString.java index 51d4658..d7cd594 100644 --- a/src/main/java/org/bouncycastle/asn1/DERGeneralString.java +++ b/src/main/java/org/bouncycastle/asn1/DERGeneralString.java @@ -2,10 +2,14 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + public class DERGeneralString - extends ASN1Object implements DERString + extends ASN1Primitive + implements ASN1String { - private String string; + private byte[] string; public static DERGeneralString getInstance( Object obj) @@ -23,7 +27,7 @@ public class DERGeneralString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERGeneralString) { @@ -35,60 +39,60 @@ public class DERGeneralString } } - public DERGeneralString(byte[] string) + DERGeneralString(byte[] string) { - char[] cs = new char[string.length]; - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - this.string = new String(cs); + this.string = string; } public DERGeneralString(String string) { - this.string = string; + this.string = Strings.toByteArray(string); } public String getString() { - return string; + return Strings.fromByteArray(string); } public String toString() { - return string; + return getString(); } public byte[] getOctets() { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte) cs[i]; - } - return bs; + return Arrays.clone(string); } - - void encode(DEROutputStream out) + + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; + } + + void encode(ASN1OutputStream out) throws IOException { - out.writeEncoded(GENERAL_STRING, this.getOctets()); + out.writeEncoded(BERTags.GENERAL_STRING, string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } - boolean asn1Equals(DERObject o) + boolean asn1Equals(ASN1Primitive o) { if (!(o instanceof DERGeneralString)) { return false; } - DERGeneralString s = (DERGeneralString) o; - return this.getString().equals(s.getString()); + DERGeneralString s = (DERGeneralString)o; + + return Arrays.areEqual(string, s.string); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java b/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java index 728cb22..bb3b575 100644 --- a/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java +++ b/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java @@ -7,25 +7,33 @@ import java.util.Date; import java.util.SimpleTimeZone; import java.util.TimeZone; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * Generalized time object. */ public class DERGeneralizedTime - extends ASN1Object + extends ASN1Primitive { - String time; + private byte[] time; /** * return a generalized time from the passed in object * * @exception IllegalArgumentException if the object cannot be converted. */ - public static DERGeneralizedTime getInstance( + public static ASN1GeneralizedTime getInstance( Object obj) { - if (obj == null || obj instanceof DERGeneralizedTime) + if (obj == null || obj instanceof ASN1GeneralizedTime) + { + return (ASN1GeneralizedTime)obj; + } + + if (obj instanceof DERGeneralizedTime) { - return (DERGeneralizedTime)obj; + return new ASN1GeneralizedTime(((DERGeneralizedTime)obj).time); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -40,11 +48,11 @@ public class DERGeneralizedTime * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERGeneralizedTime getInstance( + public static ASN1GeneralizedTime getInstance( ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERGeneralizedTime) { @@ -52,7 +60,7 @@ public class DERGeneralizedTime } else { - return new DERGeneralizedTime(((ASN1OctetString)o).getOctets()); + return new ASN1GeneralizedTime(((ASN1OctetString)o).getOctets()); } } @@ -68,7 +76,7 @@ public class DERGeneralizedTime public DERGeneralizedTime( String time) { - this.time = time; + this.time = Strings.toByteArray(time); try { this.getDate(); @@ -80,7 +88,7 @@ public class DERGeneralizedTime } /** - * base constructer from a java.util.date object + * base constructor from a java.util.date object */ public DERGeneralizedTime( Date time) @@ -89,23 +97,13 @@ public class DERGeneralizedTime dateF.setTimeZone(new SimpleTimeZone(0,"Z")); - this.time = dateF.format(time); + this.time = Strings.toByteArray(dateF.format(time)); } DERGeneralizedTime( byte[] bytes) { - // - // explicitly convert to characters - // - char[] dateC = new char[bytes.length]; - - for (int i = 0; i != dateC.length; i++) - { - dateC[i] = (char)(bytes[i] & 0xff); - } - - this.time = new String(dateC); + this.time = bytes; } /** @@ -114,7 +112,7 @@ public class DERGeneralizedTime */ public String getTimeString() { - return time; + return Strings.fromByteArray(time); } /** @@ -131,39 +129,41 @@ public class DERGeneralizedTime */ public String getTime() { + String stime = Strings.fromByteArray(time); + // // standardise the format. // - if (time.charAt(time.length() - 1) == 'Z') + if (stime.charAt(stime.length() - 1) == 'Z') { - return time.substring(0, time.length() - 1) + "GMT+00:00"; + return stime.substring(0, stime.length() - 1) + "GMT+00:00"; } else { - int signPos = time.length() - 5; - char sign = time.charAt(signPos); + int signPos = stime.length() - 5; + char sign = stime.charAt(signPos); if (sign == '-' || sign == '+') { - return time.substring(0, signPos) + return stime.substring(0, signPos) + "GMT" - + time.substring(signPos, signPos + 3) + + stime.substring(signPos, signPos + 3) + ":" - + time.substring(signPos + 3); + + stime.substring(signPos + 3); } else { - signPos = time.length() - 3; - sign = time.charAt(signPos); + signPos = stime.length() - 3; + sign = stime.charAt(signPos); if (sign == '-' || sign == '+') { - return time.substring(0, signPos) + return stime.substring(0, signPos) + "GMT" - + time.substring(signPos) + + stime.substring(signPos) + ":00"; } } } - return time + calculateGMTOffset(); + return stime + calculateGMTOffset(); } private String calculateGMTOffset() @@ -208,9 +208,10 @@ public class DERGeneralizedTime throws ParseException { SimpleDateFormat dateF; - String d = time; + String stime = Strings.fromByteArray(time); + String d = stime; - if (time.endsWith("Z")) + if (stime.endsWith("Z")) { if (hasFractionalSeconds()) { @@ -223,7 +224,7 @@ public class DERGeneralizedTime dateF.setTimeZone(new SimpleTimeZone(0, "Z")); } - else if (time.indexOf('-') > 0 || time.indexOf('+') > 0) + else if (stime.indexOf('-') > 0 || stime.indexOf('+') > 0) { d = this.getTime(); if (hasFractionalSeconds()) @@ -287,43 +288,51 @@ public class DERGeneralizedTime private boolean hasFractionalSeconds() { - return time.indexOf('.') == 14; + for (int i = 0; i != time.length; i++) + { + if (time[i] == '.') + { + if (i == 14) + { + return true; + } + } + } + return false; } - private byte[] getOctets() + boolean isConstructed() { - char[] cs = time.toCharArray(); - byte[] bs = new byte[cs.length]; + return false; + } - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } + int encodedLength() + { + int length = time.length; - return bs; + return 1 + StreamUtil.calculateBodyLength(length) + length; } - void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(GENERALIZED_TIME, this.getOctets()); + out.writeEncoded(BERTags.GENERALIZED_TIME, time); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERGeneralizedTime)) { return false; } - return time.equals(((DERGeneralizedTime)o).time); + return Arrays.areEqual(time, ((DERGeneralizedTime)o).time); } public int hashCode() { - return time.hashCode(); + return Arrays.hashCode(time); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERIA5String.java b/src/main/java/org/bouncycastle/asn1/DERIA5String.java index e94c62b..abb2811 100644 --- a/src/main/java/org/bouncycastle/asn1/DERIA5String.java +++ b/src/main/java/org/bouncycastle/asn1/DERIA5String.java @@ -2,14 +2,17 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * DER IA5String object - this is an ascii string. */ public class DERIA5String - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { - String string; + private byte[] string; /** * return a IA5 string from the passed in object @@ -40,7 +43,7 @@ public class DERIA5String ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERIA5String) { @@ -55,17 +58,10 @@ public class DERIA5String /** * basic constructor - with bytes. */ - public DERIA5String( + DERIA5String( byte[] string) { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); + this.string = string; } /** @@ -98,46 +94,48 @@ public class DERIA5String throw new IllegalArgumentException("string contains illegal characters"); } - this.string = string; + this.string = Strings.toByteArray(string); } public String getString() { - return string; + return Strings.fromByteArray(string); } public String toString() { - return string; + return getString(); } public byte[] getOctets() { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; + return Arrays.clone(string); + } - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } + boolean isConstructed() + { + return false; + } - return bs; + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(IA5_STRING, this.getOctets()); + out.writeEncoded(BERTags.IA5_STRING, string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERIA5String)) { @@ -146,7 +144,7 @@ public class DERIA5String DERIA5String s = (DERIA5String)o; - return this.getString().equals(s.getString()); + return Arrays.areEqual(string, s.string); } /** diff --git a/src/main/java/org/bouncycastle/asn1/DERInteger.java b/src/main/java/org/bouncycastle/asn1/DERInteger.java index c72a6cb..d5e826d 100644 --- a/src/main/java/org/bouncycastle/asn1/DERInteger.java +++ b/src/main/java/org/bouncycastle/asn1/DERInteger.java @@ -6,7 +6,7 @@ import java.math.BigInteger; import org.bouncycastle.util.Arrays; public class DERInteger - extends ASN1Object + extends ASN1Primitive { byte[] bytes; @@ -15,12 +15,16 @@ public class DERInteger * * @exception IllegalArgumentException if the object cannot be converted. */ - public static DERInteger getInstance( + public static ASN1Integer getInstance( Object obj) { - if (obj == null || obj instanceof DERInteger) + if (obj == null || obj instanceof ASN1Integer) { - return (DERInteger)obj; + return (ASN1Integer)obj; + } + if (obj instanceof DERInteger) + { + return new ASN1Integer((((DERInteger)obj).getValue())); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -35,11 +39,11 @@ public class DERInteger * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERInteger getInstance( + public static ASN1Integer getInstance( ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERInteger) { @@ -83,11 +87,21 @@ public class DERInteger return new BigInteger(1, bytes); } + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length; + } + void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(INTEGER, bytes); + out.writeEncoded(BERTags.INTEGER, bytes); } public int hashCode() @@ -103,7 +117,7 @@ public class DERInteger } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERInteger)) { diff --git a/src/main/java/org/bouncycastle/asn1/DERNull.java b/src/main/java/org/bouncycastle/asn1/DERNull.java index c945f5c..9bbc826 100644 --- a/src/main/java/org/bouncycastle/asn1/DERNull.java +++ b/src/main/java/org/bouncycastle/asn1/DERNull.java @@ -10,9 +10,7 @@ public class DERNull { public static final DERNull INSTANCE = new DERNull(); - // BEGIN android-changed private static final byte[] zeroBytes = new byte[0]; - // END android-changed // BEGIN android-changed protected DERNull() @@ -20,10 +18,20 @@ public class DERNull { } + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 2; + } + void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(NULL, zeroBytes); + out.writeEncoded(BERTags.NULL, zeroBytes); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERNumericString.java b/src/main/java/org/bouncycastle/asn1/DERNumericString.java index 23314a6..fae4063 100644 --- a/src/main/java/org/bouncycastle/asn1/DERNumericString.java +++ b/src/main/java/org/bouncycastle/asn1/DERNumericString.java @@ -2,14 +2,17 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * DER NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }. */ public class DERNumericString - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { - String string; + private byte[] string; /** * return a Numeric string from the passed in object @@ -40,7 +43,7 @@ public class DERNumericString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERNumericString) { @@ -55,17 +58,10 @@ public class DERNumericString /** * basic constructor - with bytes. */ - public DERNumericString( + DERNumericString( byte[] string) { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); + this.string = string; } /** @@ -94,46 +90,48 @@ public class DERNumericString throw new IllegalArgumentException("string contains illegal characters"); } - this.string = string; + this.string = Strings.toByteArray(string); } public String getString() { - return string; + return Strings.fromByteArray(string); } public String toString() { - return string; + return getString(); } public byte[] getOctets() { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; + return Arrays.clone(string); + } - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } + boolean isConstructed() + { + return false; + } - return bs; + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(NUMERIC_STRING, this.getOctets()); + out.writeEncoded(BERTags.NUMERIC_STRING, string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERNumericString)) { @@ -142,7 +140,7 @@ public class DERNumericString DERNumericString s = (DERNumericString)o; - return this.getString().equals(s.getString()); + return Arrays.areEqual(string, s.string); } /** diff --git a/src/main/java/org/bouncycastle/asn1/DERObject.java b/src/main/java/org/bouncycastle/asn1/DERObject.java deleted file mode 100644 index 42e2487..0000000 --- a/src/main/java/org/bouncycastle/asn1/DERObject.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public abstract class DERObject - extends ASN1Encodable - implements DERTags -{ - public DERObject toASN1Object() - { - return this; - } - - public abstract int hashCode(); - - public abstract boolean equals(Object o); - - abstract void encode(DEROutputStream out) - throws IOException; -} diff --git a/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java index 8e579f7..02a0945 100644 --- a/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java +++ b/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java @@ -2,25 +2,33 @@ package org.bouncycastle.asn1; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.math.BigInteger; +import org.bouncycastle.util.Arrays; + public class DERObjectIdentifier - extends ASN1Object + extends ASN1Primitive { String identifier; + private byte[] body; + /** * return an OID from the passed in object * * @exception IllegalArgumentException if the object cannot be converted. */ - public static DERObjectIdentifier getInstance( + public static ASN1ObjectIdentifier getInstance( Object obj) { - if (obj == null || obj instanceof DERObjectIdentifier) + if (obj == null || obj instanceof ASN1ObjectIdentifier) + { + return (ASN1ObjectIdentifier)obj; + } + + if (obj instanceof DERObjectIdentifier) { - return (DERObjectIdentifier)obj; + return new ASN1ObjectIdentifier(((DERObjectIdentifier)obj).getId()); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -35,11 +43,11 @@ public class DERObjectIdentifier * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERObjectIdentifier getInstance( + public static ASN1ObjectIdentifier getInstance( ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERObjectIdentifier) { @@ -47,10 +55,9 @@ public class DERObjectIdentifier } else { - return new ASN1ObjectIdentifier(ASN1OctetString.getInstance(obj.getObject()).getOctets()); + return ASN1ObjectIdentifier.fromOctetString(ASN1OctetString.getInstance(obj.getObject()).getOctets()); } } - DERObjectIdentifier( byte[] bytes) @@ -142,9 +149,8 @@ public class DERObjectIdentifier } private void writeField( - OutputStream out, - long fieldValue) - throws IOException + ByteArrayOutputStream out, + long fieldValue) { byte[] result = new byte[9]; int pos = 8; @@ -158,9 +164,8 @@ public class DERObjectIdentifier } private void writeField( - OutputStream out, - BigInteger fieldValue) - throws IOException + ByteArrayOutputStream out, + BigInteger fieldValue) { int byteCount = (fieldValue.bitLength()+6)/7; if (byteCount == 0) @@ -177,41 +182,68 @@ public class DERObjectIdentifier tmpValue = tmpValue.shiftRight(7); } tmp[byteCount-1] &= 0x7f; - out.write(tmp); + out.write(tmp, 0, tmp.length); } - } - void encode( - DEROutputStream out) - throws IOException + private void doOutput(ByteArrayOutputStream aOut) { OIDTokenizer tok = new OIDTokenizer(identifier); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - writeField(bOut, + writeField(aOut, Integer.parseInt(tok.nextToken()) * 40 + Integer.parseInt(tok.nextToken())); while (tok.hasMoreTokens()) { String token = tok.nextToken(); - if (token.length() < 18) + if (token.length() < 18) { - writeField(bOut, Long.parseLong(token)); + writeField(aOut, Long.parseLong(token)); } else { - writeField(bOut, new BigInteger(token)); + writeField(aOut, new BigInteger(token)); } } + } + + protected byte[] getBody() + { + if (body == null) + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + doOutput(bOut); + + body = bOut.toByteArray(); + } - dOut.close(); + return body; + } - byte[] bytes = bOut.toByteArray(); + boolean isConstructed() + { + return false; + } - out.writeEncoded(OBJECT_IDENTIFIER, bytes); + int encodedLength() + throws IOException + { + int length = getBody().length; + + return 1 + StreamUtil.calculateBodyLength(length) + length; + } + + void encode( + ASN1OutputStream out) + throws IOException + { + byte[] enc = getBody(); + + out.write(BERTags.OBJECT_IDENTIFIER); + out.writeLength(enc.length); + out.write(enc); } public int hashCode() @@ -220,7 +252,7 @@ public class DERObjectIdentifier } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERObjectIdentifier)) { @@ -277,4 +309,75 @@ public class DERObjectIdentifier return periodAllowed; } + + private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[255][]; + + static ASN1ObjectIdentifier fromOctetString(byte[] enc) + { + if (enc.length < 3) + { + return new ASN1ObjectIdentifier(enc); + } + + int idx1 = enc[enc.length - 2] & 0xff; + ASN1ObjectIdentifier[] first = cache[idx1]; + + if (first == null) + { + first = cache[idx1] = new ASN1ObjectIdentifier[255]; + } + + int idx2 = enc[enc.length - 1] & 0xff; + + ASN1ObjectIdentifier possibleMatch = first[idx2]; + + if (possibleMatch == null) + { + possibleMatch = first[idx2] = new ASN1ObjectIdentifier(enc); + return possibleMatch; + } + + if (Arrays.areEqual(enc, possibleMatch.getBody())) + { + return possibleMatch; + } + else + { + idx1 = (idx1 + 1) % 256; + first = cache[idx1]; + if (first == null) + { + first = cache[idx1] = new ASN1ObjectIdentifier[255]; + } + + possibleMatch = first[idx2]; + + if (possibleMatch == null) + { + possibleMatch = first[idx2] = new ASN1ObjectIdentifier(enc); + return possibleMatch; + } + + if (Arrays.areEqual(enc, possibleMatch.getBody())) + { + return possibleMatch; + } + + idx2 = (idx2 + 1) % 256; + possibleMatch = first[idx2]; + + if (possibleMatch == null) + { + possibleMatch = first[idx2] = new ASN1ObjectIdentifier(enc); + return possibleMatch; + } + + if (Arrays.areEqual(enc, possibleMatch.getBody())) + { + return possibleMatch; + } + } + + return new ASN1ObjectIdentifier(enc); + } } diff --git a/src/main/java/org/bouncycastle/asn1/DEROctetString.java b/src/main/java/org/bouncycastle/asn1/DEROctetString.java index cadd60c..988186f 100644 --- a/src/main/java/org/bouncycastle/asn1/DEROctetString.java +++ b/src/main/java/org/bouncycastle/asn1/DEROctetString.java @@ -15,16 +15,27 @@ public class DEROctetString } public DEROctetString( - DEREncodable obj) + ASN1Encodable obj) + throws IOException + { + super(obj.toASN1Primitive().getEncoded(ASN1Encoding.DER)); + } + + boolean isConstructed() + { + return false; + } + + int encodedLength() { - super(obj); + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(OCTET_STRING, string); + out.writeEncoded(BERTags.OCTET_STRING, string); } static void encode( @@ -32,6 +43,6 @@ public class DEROctetString byte[] bytes) throws IOException { - derOut.writeEncoded(DERTags.OCTET_STRING, bytes); + derOut.writeEncoded(BERTags.OCTET_STRING, bytes); } } diff --git a/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java b/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java index 2318f5c..e6e2068 100644 --- a/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java +++ b/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java @@ -19,13 +19,13 @@ public class DEROctetStringParser return stream; } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { return new DEROctetString(stream.toByteArray()); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/DEROutputStream.java b/src/main/java/org/bouncycastle/asn1/DEROutputStream.java index b78f7ca..8b18c3d 100644 --- a/src/main/java/org/bouncycastle/asn1/DEROutputStream.java +++ b/src/main/java/org/bouncycastle/asn1/DEROutputStream.java @@ -1,11 +1,13 @@ package org.bouncycastle.asn1; -import java.io.FilterOutputStream; import java.io.IOException; import java.io.OutputStream; +/** + * Stream that outputs encoding based on distinguished encoding rules. + */ public class DEROutputStream - extends FilterOutputStream implements DERTags + extends ASN1OutputStream { public DEROutputStream( OutputStream os) @@ -13,122 +15,27 @@ public class DEROutputStream super(os); } - private void writeLength( - int length) - throws IOException - { - if (length > 127) - { - int size = 1; - int val = length; - - while ((val >>>= 8) != 0) - { - size++; - } - - write((byte)(size | 0x80)); - - for (int i = (size - 1) * 8; i >= 0; i -= 8) - { - write((byte)(length >> i)); - } - } - else - { - write((byte)length); - } - } - - void writeEncoded( - int tag, - byte[] bytes) - throws IOException - { - write(tag); - writeLength(bytes.length); - write(bytes); - } - - void writeTag(int flags, int tagNo) + public void writeObject( + ASN1Encodable obj) throws IOException { - if (tagNo < 31) + if (obj != null) { - write(flags | tagNo); + obj.toASN1Primitive().toDERObject().encode(this); } else { - write(flags | 0x1f); - if (tagNo < 128) - { - write(tagNo); - } - else - { - byte[] stack = new byte[5]; - int pos = stack.length; - - stack[--pos] = (byte)(tagNo & 0x7F); - - do - { - tagNo >>= 7; - stack[--pos] = (byte)(tagNo & 0x7F | 0x80); - } - while (tagNo > 127); - - write(stack, pos, stack.length - pos); - } + throw new IOException("null object detected"); } } - void writeEncoded(int flags, int tagNo, byte[] bytes) - throws IOException + ASN1OutputStream getDERSubStream() { - writeTag(flags, tagNo); - writeLength(bytes.length); - write(bytes); + return this; } - protected void writeNull() - throws IOException + ASN1OutputStream getDLSubStream() { - write(NULL); - write(0x00); - } - - public void write(byte[] buf) - throws IOException - { - out.write(buf, 0, buf.length); - } - - public void write(byte[] buf, int offSet, int len) - throws IOException - { - out.write(buf, offSet, len); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not DEREncodable"); - } + return this; } } diff --git a/src/main/java/org/bouncycastle/asn1/DERPrintableString.java b/src/main/java/org/bouncycastle/asn1/DERPrintableString.java index 2f84c1c..6c56e83 100644 --- a/src/main/java/org/bouncycastle/asn1/DERPrintableString.java +++ b/src/main/java/org/bouncycastle/asn1/DERPrintableString.java @@ -2,15 +2,18 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * DER PrintableString object. */ public class DERPrintableString - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { // BEGIN android-changed - private final String string; + private final byte[] string; // END android-changed /** @@ -42,7 +45,7 @@ public class DERPrintableString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERPrintableString) { @@ -57,19 +60,10 @@ public class DERPrintableString /** * basic constructor - byte encoded string. */ - public DERPrintableString( + DERPrintableString( byte[] string) { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - // BEGIN android-changed - this.string = new String(cs).intern(); - // END android-changed + this.string = string; } /** @@ -98,43 +92,43 @@ public class DERPrintableString throw new IllegalArgumentException("string contains illegal characters"); } - // BEGIN android-changed - this.string = string.intern(); - // END android-changed + this.string = Strings.toByteArray(string); } public String getString() { - return string; + return Strings.fromByteArray(string); } public byte[] getOctets() { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; + return Arrays.clone(string); + } - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } + boolean isConstructed() + { + return false; + } - return bs; + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(PRINTABLE_STRING, this.getOctets()); + out.writeEncoded(BERTags.PRINTABLE_STRING, string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERPrintableString)) { @@ -143,12 +137,12 @@ public class DERPrintableString DERPrintableString s = (DERPrintableString)o; - return this.getString().equals(s.getString()); + return Arrays.areEqual(string, s.string); } public String toString() { - return string; + return getString(); } /** diff --git a/src/main/java/org/bouncycastle/asn1/DERSequence.java b/src/main/java/org/bouncycastle/asn1/DERSequence.java index bb7f7fb..ad48a83 100644 --- a/src/main/java/org/bouncycastle/asn1/DERSequence.java +++ b/src/main/java/org/bouncycastle/asn1/DERSequence.java @@ -1,12 +1,13 @@ package org.bouncycastle.asn1; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Enumeration; public class DERSequence extends ASN1Sequence { + private int bodyLength = -1; + /** * create an empty sequence */ @@ -18,63 +19,80 @@ public class DERSequence * create a sequence containing one object */ public DERSequence( - DEREncodable obj) + ASN1Encodable obj) { - this.addObject(obj); + super(obj); } /** * create a sequence containing a vector of objects. */ public DERSequence( - ASN1EncodableVector v) + ASN1EncodableVector v) { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } + super(v); } /** * create a sequence containing an array of objects. */ public DERSequence( - ASN1Encodable[] a) + ASN1Encodable[] array) { - for (int i = 0; i != a.length; i++) + super(array); + } + + private int getBodyLength() + throws IOException + { + if (bodyLength < 0) { - this.addObject(a[i]); + int length = 0; + + for (Enumeration e = this.getObjects(); e.hasMoreElements();) + { + Object obj = e.nextElement(); + + length += ((ASN1Encodable)obj).toASN1Primitive().toDERObject().encodedLength(); + } + + bodyLength = length; } + + return bodyLength; } - + + int encodedLength() + throws IOException + { + int length = getBodyLength(); + + return 1 + StreamUtil.calculateBodyLength(length) + length; + } + /* * A note on the implementation: * <p> * As DER requires the constructed, definite-length model to * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SEQUENCE, + * ASN.1 descriptions given. Rather than just outputting SEQUENCE, * we also have to specify CONSTRUCTED, and the objects length. */ void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - // TODO Intermediate buffer could be avoided if we could calculate expected length - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); + ASN1OutputStream dOut = out.getDERSubStream(); + int length = getBodyLength(); + + out.write(BERTags.SEQUENCE | BERTags.CONSTRUCTED); + out.writeLength(length); - while (e.hasMoreElements()) + for (Enumeration e = this.getObjects(); e.hasMoreElements();) { Object obj = e.nextElement(); - dOut.writeObject(obj); + dOut.writeObject((ASN1Encodable)obj); } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java b/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java index b91dfa0..376c1fd 100644 --- a/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java +++ b/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java @@ -12,19 +12,19 @@ public class DERSequenceParser this._parser = parser; } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { return new DERSequence(_parser.readVector()); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/DERSet.java b/src/main/java/org/bouncycastle/asn1/DERSet.java index c4acc82..c1faf84 100644 --- a/src/main/java/org/bouncycastle/asn1/DERSet.java +++ b/src/main/java/org/bouncycastle/asn1/DERSet.java @@ -1,6 +1,5 @@ package org.bouncycastle.asn1; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Enumeration; @@ -10,6 +9,8 @@ import java.util.Enumeration; public class DERSet extends ASN1Set { + private int bodyLength = -1; + /** * create an empty set */ @@ -21,18 +22,18 @@ public class DERSet * @param obj - a single object that makes up the set. */ public DERSet( - DEREncodable obj) + ASN1Encodable obj) { - this.addObject(obj); + super(obj); } /** * @param v - a vector of objects making up the set. */ public DERSet( - ASN1EncodableVector v) + ASN1EncodableVector v) { - this(v, true); + super(v, true); } /** @@ -41,30 +42,42 @@ public class DERSet public DERSet( ASN1Encodable[] a) { - for (int i = 0; i != a.length; i++) - { - this.addObject(a[i]); - } - - this.sort(); + super(a, true); } - - /** - * @param v - a vector of objects making up the set. - */ + DERSet( - ASN1EncodableVector v, - boolean needsSorting) + ASN1EncodableVector v, + boolean doSort) { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } + super(v, doSort); + } - if (needsSorting) + private int getBodyLength() + throws IOException + { + if (bodyLength < 0) { - this.sort(); + int length = 0; + + for (Enumeration e = this.getObjects(); e.hasMoreElements();) + { + Object obj = e.nextElement(); + + length += ((ASN1Encodable)obj).toASN1Primitive().toDERObject().encodedLength(); + } + + bodyLength = length; } + + return bodyLength; + } + + int encodedLength() + throws IOException + { + int length = getBodyLength(); + + return 1 + StreamUtil.calculateBodyLength(length) + length; } /* @@ -72,29 +85,24 @@ public class DERSet * <p> * As DER requires the constructed, definite-length model to * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SET, + * ASN.1 descriptions given. Rather than just outputting SET, * we also have to specify CONSTRUCTED, and the objects length. */ void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - // TODO Intermediate buffer could be avoided if we could calculate expected length - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); + ASN1OutputStream dOut = out.getDERSubStream(); + int length = getBodyLength(); + + out.write(BERTags.SET | BERTags.CONSTRUCTED); + out.writeLength(length); - while (e.hasMoreElements()) + for (Enumeration e = this.getObjects(); e.hasMoreElements();) { Object obj = e.nextElement(); - dOut.writeObject(obj); + dOut.writeObject((ASN1Encodable)obj); } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SET | CONSTRUCTED, bytes); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERSetParser.java b/src/main/java/org/bouncycastle/asn1/DERSetParser.java index 44ddb80..17702fa 100644 --- a/src/main/java/org/bouncycastle/asn1/DERSetParser.java +++ b/src/main/java/org/bouncycastle/asn1/DERSetParser.java @@ -12,19 +12,19 @@ public class DERSetParser this._parser = parser; } - public DEREncodable readObject() + public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } - public DERObject getLoadedObject() + public ASN1Primitive getLoadedObject() throws IOException { return new DERSet(_parser.readVector(), false); } - public DERObject getDERObject() + public ASN1Primitive toASN1Primitive() { try { diff --git a/src/main/java/org/bouncycastle/asn1/DERString.java b/src/main/java/org/bouncycastle/asn1/DERString.java deleted file mode 100644 index 37dc905..0000000 --- a/src/main/java/org/bouncycastle/asn1/DERString.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * basic interface for DER string objects. - */ -public interface DERString - extends ASN1String -{ - -} diff --git a/src/main/java/org/bouncycastle/asn1/DERT61String.java b/src/main/java/org/bouncycastle/asn1/DERT61String.java index 519a950..ee2979b 100644 --- a/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ b/src/main/java/org/bouncycastle/asn1/DERT61String.java @@ -2,14 +2,17 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * DER T61String (also the teletex string) */ public class DERT61String - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { - String string; + private byte[] string; /** * return a T61 string from the passed in object. @@ -40,9 +43,9 @@ public class DERT61String ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); - if (explicit) + if (explicit || o instanceof DERT61String) { return getInstance(o); } @@ -55,17 +58,10 @@ public class DERT61String /** * basic constructor - with bytes. */ - public DERT61String( + DERT61String( byte[] string) { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); + this.string = string; } /** @@ -74,52 +70,54 @@ public class DERT61String public DERT61String( String string) { - this.string = string; + this.string = Strings.toByteArray(string); } public String getString() { - return string; + return Strings.fromByteArray(string); } public String toString() { - return string; + return getString(); + } + + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(T61_STRING, this.getOctets()); + out.writeEncoded(BERTags.T61_STRING, string); } public byte[] getOctets() { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; + return Arrays.clone(string); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERT61String)) { return false; } - return this.getString().equals(((DERT61String)o).getString()); + return Arrays.areEqual(string, ((DERT61String)o).string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java b/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java index a1d3687..a87a0dc 100644 --- a/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java +++ b/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java @@ -13,50 +13,83 @@ public class DERTaggedObject private static final byte[] ZERO_BYTES = new byte[0]; /** + * @param explicit true if an explicitly tagged object. * @param tagNo the tag number for this object. * @param obj the tagged object. */ public DERTaggedObject( - int tagNo, - DEREncodable obj) + boolean explicit, + int tagNo, + ASN1Encodable obj) { - super(tagNo, obj); + super(explicit, tagNo, obj); } - /** - * @param explicit true if an explicitly tagged object. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public DERTaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) + public DERTaggedObject(int tagNo, ASN1Encodable encodable) { - super(explicit, tagNo, obj); + super(true, tagNo, encodable); } - /** - * create an implicitly tagged object that contains a zero - * length sequence. - */ - public DERTaggedObject( - int tagNo) + boolean isConstructed() { - super(false, tagNo, new DERSequence()); + if (!empty) + { + if (explicit) + { + return true; + } + else + { + ASN1Primitive primitive = obj.toASN1Primitive().toDERObject(); + + return primitive.isConstructed(); + } + } + else + { + return true; + } + } + + int encodedLength() + throws IOException + { + if (!empty) + { + ASN1Primitive primitive = obj.toASN1Primitive().toDERObject(); + int length = primitive.encodedLength(); + + if (explicit) + { + return StreamUtil.calculateTagLength(tagNo) + StreamUtil.calculateBodyLength(length) + length; + } + else + { + // header length already in calculation + length = length - 1; + + return StreamUtil.calculateTagLength(tagNo) + length; + } + } + else + { + return StreamUtil.calculateTagLength(tagNo) + 1; + } } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { if (!empty) { - byte[] bytes = obj.getDERObject().getEncoded(DER); + ASN1Primitive primitive = obj.toASN1Primitive().toDERObject(); if (explicit) { - out.writeEncoded(CONSTRUCTED | TAGGED, tagNo, bytes); + out.writeTag(BERTags.CONSTRUCTED | BERTags.TAGGED, tagNo); + out.writeLength(primitive.encodedLength()); + out.writeObject(primitive); } else { @@ -64,22 +97,22 @@ public class DERTaggedObject // need to mark constructed types... // int flags; - if ((bytes[0] & CONSTRUCTED) != 0) + if (primitive.isConstructed()) { - flags = CONSTRUCTED | TAGGED; + flags = BERTags.CONSTRUCTED | BERTags.TAGGED; } else { - flags = TAGGED; + flags = BERTags.TAGGED; } out.writeTag(flags, tagNo); - out.write(bytes, 1, bytes.length - 1); + out.writeImplicitObject(primitive); } } else { - out.writeEncoded(CONSTRUCTED | TAGGED, tagNo, ZERO_BYTES); + out.writeEncoded(BERTags.CONSTRUCTED | BERTags.TAGGED, tagNo, ZERO_BYTES); } } } diff --git a/src/main/java/org/bouncycastle/asn1/DERTags.java b/src/main/java/org/bouncycastle/asn1/DERTags.java index ef441ef..83fd7fd 100644 --- a/src/main/java/org/bouncycastle/asn1/DERTags.java +++ b/src/main/java/org/bouncycastle/asn1/DERTags.java @@ -1,36 +1,9 @@ package org.bouncycastle.asn1; +/** + * @deprecated use BERTags + */ public interface DERTags + extends BERTags { - public static final int BOOLEAN = 0x01; - public static final int INTEGER = 0x02; - public static final int BIT_STRING = 0x03; - public static final int OCTET_STRING = 0x04; - public static final int NULL = 0x05; - public static final int OBJECT_IDENTIFIER = 0x06; - public static final int EXTERNAL = 0x08; - public static final int ENUMERATED = 0x0a; - public static final int SEQUENCE = 0x10; - public static final int SEQUENCE_OF = 0x10; // for completeness - public static final int SET = 0x11; - public static final int SET_OF = 0x11; // for completeness - - - public static final int NUMERIC_STRING = 0x12; - public static final int PRINTABLE_STRING = 0x13; - public static final int T61_STRING = 0x14; - public static final int VIDEOTEX_STRING = 0x15; - public static final int IA5_STRING = 0x16; - public static final int UTC_TIME = 0x17; - public static final int GENERALIZED_TIME = 0x18; - public static final int GRAPHIC_STRING = 0x19; - public static final int VISIBLE_STRING = 0x1a; - public static final int GENERAL_STRING = 0x1b; - public static final int UNIVERSAL_STRING = 0x1c; - public static final int BMP_STRING = 0x1e; - public static final int UTF8_STRING = 0x0c; - - public static final int CONSTRUCTED = 0x20; - public static final int APPLICATION = 0x40; - public static final int TAGGED = 0x80; } diff --git a/src/main/java/org/bouncycastle/asn1/DERUTCTime.java b/src/main/java/org/bouncycastle/asn1/DERUTCTime.java index f183d72..a5bdef1 100644 --- a/src/main/java/org/bouncycastle/asn1/DERUTCTime.java +++ b/src/main/java/org/bouncycastle/asn1/DERUTCTime.java @@ -6,25 +6,33 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.SimpleTimeZone; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * UTC time object. */ public class DERUTCTime - extends ASN1Object + extends ASN1Primitive { - String time; + private byte[] time; /** * return an UTC Time from the passed in object. * * @exception IllegalArgumentException if the object cannot be converted. */ - public static DERUTCTime getInstance( + public static ASN1UTCTime getInstance( Object obj) { - if (obj == null || obj instanceof DERUTCTime) + if (obj == null || obj instanceof ASN1UTCTime) + { + return (ASN1UTCTime)obj; + } + + if (obj instanceof DERUTCTime) { - return (DERUTCTime)obj; + return new ASN1UTCTime(((DERUTCTime)obj).time); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); @@ -39,19 +47,19 @@ public class DERUTCTime * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERUTCTime getInstance( + public static ASN1UTCTime getInstance( ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Object o = obj.getObject(); - if (explicit || o instanceof DERUTCTime) + if (explicit || o instanceof ASN1UTCTime) { return getInstance(o); } else { - return new DERUTCTime(((ASN1OctetString)o).getOctets()); + return new ASN1UTCTime(((ASN1OctetString)o).getOctets()); } } @@ -68,7 +76,7 @@ public class DERUTCTime public DERUTCTime( String time) { - this.time = time; + this.time = Strings.toByteArray(time); try { this.getDate(); @@ -89,23 +97,13 @@ public class DERUTCTime dateF.setTimeZone(new SimpleTimeZone(0,"Z")); - this.time = dateF.format(time); + this.time = Strings.toByteArray(dateF.format(time)); } DERUTCTime( - byte[] bytes) + byte[] time) { - // - // explicitly convert to characters - // - char[] dateC = new char[bytes.length]; - - for (int i = 0; i != dateC.length; i++) - { - dateC[i] = (char)(bytes[i] & 0xff); - } - - this.time = new String(dateC); + this.time = time; } /** @@ -158,30 +156,32 @@ public class DERUTCTime */ public String getTime() { + String stime = Strings.fromByteArray(time); + // // standardise the format. // - if (time.indexOf('-') < 0 && time.indexOf('+') < 0) + if (stime.indexOf('-') < 0 && stime.indexOf('+') < 0) { - if (time.length() == 11) + if (stime.length() == 11) { - return time.substring(0, 10) + "00GMT+00:00"; + return stime.substring(0, 10) + "00GMT+00:00"; } else { - return time.substring(0, 12) + "GMT+00:00"; + return stime.substring(0, 12) + "GMT+00:00"; } } else { - int index = time.indexOf('-'); + int index = stime.indexOf('-'); if (index < 0) { - index = time.indexOf('+'); + index = stime.indexOf('+'); } - String d = time; + String d = stime; - if (index == time.length() - 3) + if (index == stime.length() - 3) { d += "00"; } @@ -215,44 +215,52 @@ public class DERUTCTime } } - private byte[] getOctets() + boolean isConstructed() { - char[] cs = time.toCharArray(); - byte[] bs = new byte[cs.length]; + return false; + } - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } + int encodedLength() + { + int length = time.length; - return bs; + return 1 + StreamUtil.calculateBodyLength(length) + length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(UTC_TIME, this.getOctets()); + out.write(BERTags.UTC_TIME); + + int length = time.length; + + out.writeLength(length); + + for (int i = 0; i != length; i++) + { + out.write((byte)time[i]); + } } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERUTCTime)) { return false; } - return time.equals(((DERUTCTime)o).time); + return Arrays.areEqual(time, ((DERUTCTime)o).time); } public int hashCode() { - return time.hashCode(); + return Arrays.hashCode(time); } public String toString() { - return time; + return Strings.fromByteArray(time); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERUTF8String.java b/src/main/java/org/bouncycastle/asn1/DERUTF8String.java index 06d6fe9..f46f558 100644 --- a/src/main/java/org/bouncycastle/asn1/DERUTF8String.java +++ b/src/main/java/org/bouncycastle/asn1/DERUTF8String.java @@ -2,16 +2,17 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Strings; /** * DER UTF8String object. */ public class DERUTF8String - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { - String string; + private byte[] string; /** * return an UTF8 string from the passed in object. @@ -45,7 +46,7 @@ public class DERUTF8String ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERUTF8String) { @@ -60,16 +61,9 @@ public class DERUTF8String /** * basic constructor - byte encoded string. */ - public DERUTF8String(byte[] string) + DERUTF8String(byte[] string) { - try - { - this.string = Strings.fromUTF8ByteArray(string); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IllegalArgumentException("UTF8 encoding invalid"); - } + this.string = string; } /** @@ -77,25 +71,25 @@ public class DERUTF8String */ public DERUTF8String(String string) { - this.string = string; + this.string = Strings.toUTF8ByteArray(string); } public String getString() { - return string; + return Strings.fromUTF8ByteArray(string); } public String toString() { - return string; + return getString(); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } - boolean asn1Equals(DERObject o) + boolean asn1Equals(ASN1Primitive o) { if (!(o instanceof DERUTF8String)) { @@ -104,12 +98,23 @@ public class DERUTF8String DERUTF8String s = (DERUTF8String)o; - return this.getString().equals(s.getString()); + return Arrays.areEqual(string, s.string); + } + + boolean isConstructed() + { + return false; + } + + int encodedLength() + throws IOException + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } - void encode(DEROutputStream out) + void encode(ASN1OutputStream out) throws IOException { - out.writeEncoded(UTF8_STRING, Strings.toUTF8ByteArray(string)); + out.writeEncoded(BERTags.UTF8_STRING, string); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/src/main/java/org/bouncycastle/asn1/DERUniversalString.java index 6e54934..4fe82f0 100644 --- a/src/main/java/org/bouncycastle/asn1/DERUniversalString.java +++ b/src/main/java/org/bouncycastle/asn1/DERUniversalString.java @@ -3,12 +3,14 @@ package org.bouncycastle.asn1; import java.io.ByteArrayOutputStream; import java.io.IOException; +import org.bouncycastle.util.Arrays; + /** * DER UniversalString object. */ public class DERUniversalString - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { private static final char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; private byte[] string; @@ -42,7 +44,7 @@ public class DERUniversalString ASN1TaggedObject obj, boolean explicit) { - DERObject o = obj.getObject(); + ASN1Primitive o = obj.getObject(); if (explicit || o instanceof DERUniversalString) { @@ -99,26 +101,36 @@ public class DERUniversalString return string; } + boolean isConstructed() + { + return false; + } + + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; + } + void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(UNIVERSAL_STRING, this.getOctets()); + out.writeEncoded(BERTags.UNIVERSAL_STRING, this.getOctets()); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERUniversalString)) { return false; } - return this.getString().equals(((DERUniversalString)o).getString()); + return Arrays.areEqual(string, ((DERUniversalString)o).string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } } diff --git a/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java b/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java deleted file mode 100644 index 1feed40..0000000 --- a/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -import org.bouncycastle.util.Arrays; - -/** - * We insert one of these when we find a tag we don't recognise. - */ -public class DERUnknownTag - extends DERObject -{ - private boolean isConstructed; - private int tag; - private byte[] data; - - /** - * @param tag the tag value. - * @param data the contents octets. - */ - public DERUnknownTag( - int tag, - byte[] data) - { - this(false, tag, data); - } - - public DERUnknownTag( - boolean isConstructed, - int tag, - byte[] data) - { - this.isConstructed = isConstructed; - this.tag = tag; - this.data = data; - } - - public boolean isConstructed() - { - return isConstructed; - } - - public int getTag() - { - return tag; - } - - public byte[] getData() - { - return data; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(isConstructed ? DERTags.CONSTRUCTED : 0, tag, data); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERUnknownTag)) - { - return false; - } - - DERUnknownTag other = (DERUnknownTag)o; - - return isConstructed == other.isConstructed - && tag == other.tag - && Arrays.areEqual(data, other.data); - } - - public int hashCode() - { - return (isConstructed ? ~0 : 0) ^ tag ^ Arrays.hashCode(data); - } -} diff --git a/src/main/java/org/bouncycastle/asn1/DERVisibleString.java b/src/main/java/org/bouncycastle/asn1/DERVisibleString.java index 9d0c991..1c385b7 100644 --- a/src/main/java/org/bouncycastle/asn1/DERVisibleString.java +++ b/src/main/java/org/bouncycastle/asn1/DERVisibleString.java @@ -2,14 +2,17 @@ package org.bouncycastle.asn1; import java.io.IOException; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + /** * DER VisibleString object. */ public class DERVisibleString - extends ASN1Object - implements DERString + extends ASN1Primitive + implements ASN1String { - String string; + private byte[] string; /** * return a Visible String from the passed in object. @@ -24,16 +27,6 @@ public class DERVisibleString return (DERVisibleString)obj; } - if (obj instanceof ASN1OctetString) - { - return new DERVisibleString(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } @@ -50,23 +43,25 @@ public class DERVisibleString ASN1TaggedObject obj, boolean explicit) { - return getInstance(obj.getObject()); + ASN1Primitive o = obj.getObject(); + + if (explicit || o instanceof DERVisibleString) + { + return getInstance(o); + } + else + { + return new DERVisibleString(ASN1OctetString.getInstance(o).getOctets()); + } } /** * basic constructor - byte encoded string. */ - public DERVisibleString( + DERVisibleString( byte[] string) { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); + this.string = string; } /** @@ -75,52 +70,54 @@ public class DERVisibleString public DERVisibleString( String string) { - this.string = string; + this.string = Strings.toByteArray(string); } public String getString() { - return string; + return Strings.fromByteArray(string); } public String toString() { - return string; + return getString(); } public byte[] getOctets() { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; + return Arrays.clone(string); + } - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } + boolean isConstructed() + { + return false; + } - return bs; + int encodedLength() + { + return 1 + StreamUtil.calculateBodyLength(string.length) + string.length; } void encode( - DEROutputStream out) + ASN1OutputStream out) throws IOException { - out.writeEncoded(VISIBLE_STRING, this.getOctets()); + out.writeEncoded(BERTags.VISIBLE_STRING, this.string); } boolean asn1Equals( - DERObject o) + ASN1Primitive o) { if (!(o instanceof DERVisibleString)) { return false; } - return this.getString().equals(((DERVisibleString)o).getString()); + return Arrays.areEqual(string, ((DERVisibleString)o).string); } public int hashCode() { - return this.getString().hashCode(); + return Arrays.hashCode(string); } } diff --git a/src/main/java/org/bouncycastle/asn1/DLOutputStream.java b/src/main/java/org/bouncycastle/asn1/DLOutputStream.java new file mode 100644 index 0000000..68c0ed6 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/DLOutputStream.java @@ -0,0 +1,31 @@ +package org.bouncycastle.asn1; + +import java.io.IOException; +import java.io.OutputStream; + +/** + * Stream that outputs encoding based on definite length. + */ +public class DLOutputStream + extends ASN1OutputStream +{ + public DLOutputStream( + OutputStream os) + { + super(os); + } + + public void writeObject( + ASN1Encodable obj) + throws IOException + { + if (obj != null) + { + obj.toASN1Primitive().toDLObject().encode(this); + } + else + { + throw new IOException("null object detected"); + } + } +} diff --git a/src/main/java/org/bouncycastle/asn1/DLSequence.java b/src/main/java/org/bouncycastle/asn1/DLSequence.java new file mode 100644 index 0000000..bb8ec4e --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/DLSequence.java @@ -0,0 +1,98 @@ +package org.bouncycastle.asn1; + +import java.io.IOException; +import java.util.Enumeration; + +public class DLSequence + extends ASN1Sequence +{ + private int bodyLength = -1; + + /** + * create an empty sequence + */ + public DLSequence() + { + } + + /** + * create a sequence containing one object + */ + public DLSequence( + ASN1Encodable obj) + { + super(obj); + } + + /** + * create a sequence containing a vector of objects. + */ + public DLSequence( + ASN1EncodableVector v) + { + super(v); + } + + /** + * create a sequence containing an array of objects. + */ + public DLSequence( + ASN1Encodable[] array) + { + super(array); + } + + private int getBodyLength() + throws IOException + { + if (bodyLength < 0) + { + int length = 0; + + for (Enumeration e = this.getObjects(); e.hasMoreElements();) + { + Object obj = e.nextElement(); + + length += ((ASN1Encodable)obj).toASN1Primitive().toDLObject().encodedLength(); + } + + bodyLength = length; + } + + return bodyLength; + } + + int encodedLength() + throws IOException + { + int length = getBodyLength(); + + return 1 + StreamUtil.calculateBodyLength(length) + length; + } + + /* + * A note on the implementation: + * <p> + * As DL requires the constructed, definite-length model to + * be used for structured types, this varies slightly from the + * ASN.1 descriptions given. Rather than just outputting SEQUENCE, + * we also have to specify CONSTRUCTED, and the objects length. + */ + void encode( + ASN1OutputStream out) + throws IOException + { + ASN1OutputStream dOut = out.getDLSubStream(); + int length = getBodyLength(); + + out.write(BERTags.SEQUENCE | BERTags.CONSTRUCTED); + out.writeLength(length); + + for (Enumeration e = this.getObjects(); e.hasMoreElements();) + { + Object obj = e.nextElement(); + + dOut.writeObject((ASN1Encodable)obj); + } + } +} diff --git a/src/main/java/org/bouncycastle/asn1/DLSet.java b/src/main/java/org/bouncycastle/asn1/DLSet.java new file mode 100644 index 0000000..755754b --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/DLSet.java @@ -0,0 +1,101 @@ +package org.bouncycastle.asn1; + +import java.io.IOException; +import java.util.Enumeration; + +/** + * A DER encoded set object + */ +public class DLSet + extends ASN1Set +{ + private int bodyLength = -1; + + /** + * create an empty set + */ + public DLSet() + { + } + + /** + * @param obj - a single object that makes up the set. + */ + public DLSet( + ASN1Encodable obj) + { + super(obj); + } + + /** + * @param v - a vector of objects making up the set. + */ + public DLSet( + ASN1EncodableVector v) + { + super(v, false); + } + + /** + * create a set from an array of objects. + */ + public DLSet( + ASN1Encodable[] a) + { + super(a, false); + } + + private int getBodyLength() + throws IOException + { + if (bodyLength < 0) + { + int length = 0; + + for (Enumeration e = this.getObjects(); e.hasMoreElements();) + { + Object obj = e.nextElement(); + + length += ((ASN1Encodable)obj).toASN1Primitive().toDLObject().encodedLength(); + } + + bodyLength = length; + } + + return bodyLength; + } + + int encodedLength() + throws IOException + { + int length = getBodyLength(); + + return 1 + StreamUtil.calculateBodyLength(length) + length; + } + + /* + * A note on the implementation: + * <p> + * As DL requires the constructed, definite-length model to + * be used for structured types, this varies slightly from the + * ASN.1 descriptions given. Rather than just outputting SET, + * we also have to specify CONSTRUCTED, and the objects length. + */ + void encode( + ASN1OutputStream out) + throws IOException + { + ASN1OutputStream dOut = out.getDLSubStream(); + int length = getBodyLength(); + + out.write(BERTags.SET | BERTags.CONSTRUCTED); + out.writeLength(length); + + for (Enumeration e = this.getObjects(); e.hasMoreElements();) + { + Object obj = e.nextElement(); + + dOut.writeObject((ASN1Encodable)obj); + } + } +} diff --git a/src/main/java/org/bouncycastle/asn1/DLTaggedObject.java b/src/main/java/org/bouncycastle/asn1/DLTaggedObject.java new file mode 100644 index 0000000..4a245df --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/DLTaggedObject.java @@ -0,0 +1,112 @@ +package org.bouncycastle.asn1; + +import java.io.IOException; + +/** + * Definite Length TaggedObject - in ASN.1 notation this is any object preceded by + * a [n] where n is some number - these are assumed to follow the construction + * rules (as with sequences). + */ +public class DLTaggedObject + extends ASN1TaggedObject +{ + private static final byte[] ZERO_BYTES = new byte[0]; + + /** + * @param explicit true if an explicitly tagged object. + * @param tagNo the tag number for this object. + * @param obj the tagged object. + */ + public DLTaggedObject( + boolean explicit, + int tagNo, + ASN1Encodable obj) + { + super(explicit, tagNo, obj); + } + + boolean isConstructed() + { + if (!empty) + { + if (explicit) + { + return true; + } + else + { + ASN1Primitive primitive = obj.toASN1Primitive().toDLObject(); + + return primitive.isConstructed(); + } + } + else + { + return true; + } + } + + int encodedLength() + throws IOException + { + if (!empty) + { + int length = obj.toASN1Primitive().toDLObject().encodedLength(); + + if (explicit) + { + return StreamUtil.calculateTagLength(tagNo) + StreamUtil.calculateBodyLength(length) + length; + } + else + { + // header length already in calculation + length = length - 1; + + return StreamUtil.calculateTagLength(tagNo) + length; + } + } + else + { + return StreamUtil.calculateTagLength(tagNo) + 1; + } + } + + void encode( + ASN1OutputStream out) + throws IOException + { + if (!empty) + { + ASN1Primitive primitive = obj.toASN1Primitive().toDLObject(); + + if (explicit) + { + out.writeTag(BERTags.CONSTRUCTED | BERTags.TAGGED, tagNo); + out.writeLength(primitive.encodedLength()); + out.writeObject(primitive); + } + else + { + // + // need to mark constructed types... + // + int flags; + if (primitive.isConstructed()) + { + flags = BERTags.CONSTRUCTED | BERTags.TAGGED; + } + else + { + flags = BERTags.TAGGED; + } + + out.writeTag(flags, tagNo); + out.writeImplicitObject(primitive); + } + } + else + { + out.writeEncoded(BERTags.CONSTRUCTED | BERTags.TAGGED, tagNo, ZERO_BYTES); + } + } +} diff --git a/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java b/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java index 3785174..3f6ce22 100644 --- a/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java +++ b/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java @@ -17,6 +17,7 @@ class DefiniteLengthInputStream DefiniteLengthInputStream( InputStream in, int length) + throws IOException { super(in, length); diff --git a/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java b/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java index 981ee1b..a4b1492 100644 --- a/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java +++ b/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java @@ -4,6 +4,6 @@ import java.io.IOException; public interface InMemoryRepresentable { - DERObject getLoadedObject() + ASN1Primitive getLoadedObject() throws IOException; } diff --git a/src/main/java/org/bouncycastle/asn1/LazyDERConstructionEnumeration.java b/src/main/java/org/bouncycastle/asn1/LazyConstructionEnumeration.java index c5dfbc1..31d988d 100644 --- a/src/main/java/org/bouncycastle/asn1/LazyDERConstructionEnumeration.java +++ b/src/main/java/org/bouncycastle/asn1/LazyConstructionEnumeration.java @@ -1,15 +1,15 @@ package org.bouncycastle.asn1; -import java.util.Enumeration; import java.io.IOException; +import java.util.Enumeration; -class LazyDERConstructionEnumeration +class LazyConstructionEnumeration implements Enumeration { private ASN1InputStream aIn; private Object nextObj; - public LazyDERConstructionEnumeration(byte[] encoded) + public LazyConstructionEnumeration(byte[] encoded) { aIn = new ASN1InputStream(encoded, true); nextObj = readObject(); diff --git a/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java b/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java deleted file mode 100644 index 91074a6..0000000 --- a/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -public class LazyDERSequence - extends DERSequence -{ - private byte[] encoded; - private boolean parsed = false; - private int size = -1; - - LazyDERSequence( - byte[] encoded) - throws IOException - { - this.encoded = encoded; - } - - private void parse() - { - Enumeration en = new LazyDERConstructionEnumeration(encoded); - - while (en.hasMoreElements()) - { - addObject((DEREncodable)en.nextElement()); - } - - parsed = true; - } - - public synchronized DEREncodable getObjectAt(int index) - { - if (!parsed) - { - parse(); - } - - return super.getObjectAt(index); - } - - public synchronized Enumeration getObjects() - { - if (parsed) - { - return super.getObjects(); - } - - return new LazyDERConstructionEnumeration(encoded); - } - - public int size() - { - if (size < 0) - { - Enumeration en = new LazyDERConstructionEnumeration(encoded); - - size = 0; - while (en.hasMoreElements()) - { - en.nextElement(); - size++; - } - } - - return size; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(SEQUENCE | CONSTRUCTED, encoded); - } -} diff --git a/src/main/java/org/bouncycastle/asn1/LazyEncodedSequence.java b/src/main/java/org/bouncycastle/asn1/LazyEncodedSequence.java new file mode 100644 index 0000000..c7342ad --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/LazyEncodedSequence.java @@ -0,0 +1,109 @@ +package org.bouncycastle.asn1; + +import java.io.IOException; +import java.util.Enumeration; + +/** + * Note: this class is for processing DER/DL encoded sequences only. + */ +class LazyEncodedSequence + extends ASN1Sequence +{ + private byte[] encoded; + + LazyEncodedSequence( + byte[] encoded) + throws IOException + { + this.encoded = encoded; + } + + private void parse() + { + Enumeration en = new LazyConstructionEnumeration(encoded); + + while (en.hasMoreElements()) + { + seq.addElement(en.nextElement()); + } + + encoded = null; + } + + public synchronized ASN1Encodable getObjectAt(int index) + { + if (encoded != null) + { + parse(); + } + + return super.getObjectAt(index); + } + + public synchronized Enumeration getObjects() + { + if (encoded == null) + { + return super.getObjects(); + } + + return new LazyConstructionEnumeration(encoded); + } + + public synchronized int size() + { + if (encoded != null) + { + parse(); + } + + return super.size(); + } + + ASN1Primitive toDERObject() + { + if (encoded != null) + { + parse(); + } + + return super.toDERObject(); + } + + ASN1Primitive toDLObject() + { + if (encoded != null) + { + parse(); + } + + return super.toDLObject(); + } + + int encodedLength() + throws IOException + { + if (encoded != null) + { + return 1 + StreamUtil.calculateBodyLength(encoded.length) + encoded.length; + } + else + { + return super.toDLObject().encodedLength(); + } + } + + void encode( + ASN1OutputStream out) + throws IOException + { + if (encoded != null) + { + out.writeEncoded(BERTags.SEQUENCE | BERTags.CONSTRUCTED, encoded); + } + else + { + super.toDLObject().encode(out); + } + } +} diff --git a/src/main/java/org/bouncycastle/asn1/StreamUtil.java b/src/main/java/org/bouncycastle/asn1/StreamUtil.java new file mode 100644 index 0000000..0a3c4aa --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/StreamUtil.java @@ -0,0 +1,112 @@ +package org.bouncycastle.asn1; + +import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; + +class StreamUtil +{ + private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory(); + + /** + * Find out possible longest length... + * + * @param in input stream of interest + * @return length calculation or MAX_VALUE. + */ + static int findLimit(InputStream in) + { + if (in instanceof LimitedInputStream) + { + return ((LimitedInputStream)in).getRemaining(); + } + else if (in instanceof ASN1InputStream) + { + return ((ASN1InputStream)in).getLimit(); + } + else if (in instanceof ByteArrayInputStream) + { + return ((ByteArrayInputStream)in).available(); + } + else if (in instanceof FileInputStream) + { + try + { + long size = ((FileInputStream)in).getChannel().size(); + + if (size < Integer.MAX_VALUE) + { + return (int)size; + } + } + catch (IOException e) + { + // ignore - they'll find out soon enough! + } + } + + if (MAX_MEMORY > Integer.MAX_VALUE) + { + return Integer.MAX_VALUE; + } + + return (int)MAX_MEMORY; + } + + static int calculateBodyLength( + int length) + { + int count = 1; + + if (length > 127) + { + int size = 1; + int val = length; + + while ((val >>>= 8) != 0) + { + size++; + } + + for (int i = (size - 1) * 8; i >= 0; i -= 8) + { + count++; + } + } + + return count; + } + + static int calculateTagLength(int tagNo) + throws IOException + { + int length = 1; + + if (tagNo >= 31) + { + if (tagNo < 128) + { + length++; + } + else + { + byte[] stack = new byte[5]; + int pos = stack.length; + + stack[--pos] = (byte)(tagNo & 0x7F); + + do + { + tagNo >>= 7; + stack[--pos] = (byte)(tagNo & 0x7F | 0x80); + } + while (tagNo > 127); + + length += stack.length - pos; + } + } + + return length; + } +} diff --git a/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java index 38a91fe..18fc66c 100644 --- a/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java +++ b/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java @@ -1,6 +1,6 @@ package org.bouncycastle.asn1.bc; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; public interface BCObjectIdentifiers { @@ -9,43 +9,43 @@ public interface BCObjectIdentifiers * * 1.3.6.1.4.1.22554 */ - public static final DERObjectIdentifier bc = new DERObjectIdentifier("1.3.6.1.4.1.22554"); + public static final ASN1ObjectIdentifier bc = new ASN1ObjectIdentifier("1.3.6.1.4.1.22554"); /** * pbe(1) algorithms */ - public static final DERObjectIdentifier bc_pbe = new DERObjectIdentifier(bc.getId() + ".1"); + public static final ASN1ObjectIdentifier bc_pbe = new ASN1ObjectIdentifier(bc.getId() + ".1"); /** * SHA-1(1) */ - public static final DERObjectIdentifier bc_pbe_sha1 = new DERObjectIdentifier(bc_pbe.getId() + ".1"); + public static final ASN1ObjectIdentifier bc_pbe_sha1 = new ASN1ObjectIdentifier(bc_pbe.getId() + ".1"); /** * SHA-2(2) . (SHA-256(1)|SHA-384(2)|SHA-512(3)|SHA-224(4)) */ - public static final DERObjectIdentifier bc_pbe_sha256 = new DERObjectIdentifier(bc_pbe.getId() + ".2.1"); - public static final DERObjectIdentifier bc_pbe_sha384 = new DERObjectIdentifier(bc_pbe.getId() + ".2.2"); - public static final DERObjectIdentifier bc_pbe_sha512 = new DERObjectIdentifier(bc_pbe.getId() + ".2.3"); - public static final DERObjectIdentifier bc_pbe_sha224 = new DERObjectIdentifier(bc_pbe.getId() + ".2.4"); + public static final ASN1ObjectIdentifier bc_pbe_sha256 = new ASN1ObjectIdentifier(bc_pbe.getId() + ".2.1"); + public static final ASN1ObjectIdentifier bc_pbe_sha384 = new ASN1ObjectIdentifier(bc_pbe.getId() + ".2.2"); + public static final ASN1ObjectIdentifier bc_pbe_sha512 = new ASN1ObjectIdentifier(bc_pbe.getId() + ".2.3"); + public static final ASN1ObjectIdentifier bc_pbe_sha224 = new ASN1ObjectIdentifier(bc_pbe.getId() + ".2.4"); /** * PKCS-5(1)|PKCS-12(2) */ - public static final DERObjectIdentifier bc_pbe_sha1_pkcs5 = new DERObjectIdentifier(bc_pbe_sha1.getId() + ".1"); - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12 = new DERObjectIdentifier(bc_pbe_sha1.getId() + ".2"); + public static final ASN1ObjectIdentifier bc_pbe_sha1_pkcs5 = new ASN1ObjectIdentifier(bc_pbe_sha1.getId() + ".1"); + public static final ASN1ObjectIdentifier bc_pbe_sha1_pkcs12 = new ASN1ObjectIdentifier(bc_pbe_sha1.getId() + ".2"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs5 = new DERObjectIdentifier(bc_pbe_sha256.getId() + ".1"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12 = new DERObjectIdentifier(bc_pbe_sha256.getId() + ".2"); + public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs5 = new ASN1ObjectIdentifier(bc_pbe_sha256.getId() + ".1"); + public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs12 = new ASN1ObjectIdentifier(bc_pbe_sha256.getId() + ".2"); /** * AES(1) . (CBC-128(2)|CBC-192(22)|CBC-256(42)) */ - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12_aes128_cbc = new DERObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.2"); - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12_aes192_cbc = new DERObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.22"); - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12_aes256_cbc = new DERObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.42"); + public static final ASN1ObjectIdentifier bc_pbe_sha1_pkcs12_aes128_cbc = new ASN1ObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.2"); + public static final ASN1ObjectIdentifier bc_pbe_sha1_pkcs12_aes192_cbc = new ASN1ObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.22"); + public static final ASN1ObjectIdentifier bc_pbe_sha1_pkcs12_aes256_cbc = new ASN1ObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.42"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12_aes128_cbc = new DERObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.2"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12_aes192_cbc = new DERObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.22"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12_aes256_cbc = new DERObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.42"); + public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs12_aes128_cbc = new ASN1ObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.2"); + public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs12_aes192_cbc = new ASN1ObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.22"); + public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs12_aes256_cbc = new ASN1ObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.42"); } diff --git a/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java index f222d9e..a66c4a1 100644 --- a/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java +++ b/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java @@ -2,36 +2,36 @@ package org.bouncycastle.asn1.cms; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; public class ContentInfo - extends ASN1Encodable + extends ASN1Object // BEGIN android-removed // implements CMSObjectIdentifiers // END android-removed { private ASN1ObjectIdentifier contentType; - private DEREncodable content; + private ASN1Encodable content; public static ContentInfo getInstance( Object obj) { - if (obj == null || obj instanceof ContentInfo) + if (obj instanceof ContentInfo) { return (ContentInfo)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new ContentInfo((ASN1Sequence)obj); + return new ContentInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public ContentInfo( @@ -58,7 +58,7 @@ public class ContentInfo public ContentInfo( ASN1ObjectIdentifier contentType, - DEREncodable content) + ASN1Encodable content) { this.contentType = contentType; this.content = content; @@ -69,7 +69,7 @@ public class ContentInfo return contentType; } - public DEREncodable getContent() + public ASN1Encodable getContent() { return content; } @@ -83,7 +83,7 @@ public class ContentInfo * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java index b5d6c1f..dba5f6d 100644 --- a/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java +++ b/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java @@ -1,6 +1,6 @@ package org.bouncycastle.asn1.cryptopro; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; public interface CryptoProObjectIdentifiers { @@ -8,38 +8,38 @@ public interface CryptoProObjectIdentifiers // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)} static final String GOST_id = "1.2.643.2.2"; - static final DERObjectIdentifier gostR3411 = new DERObjectIdentifier(GOST_id+".9"); + static final ASN1ObjectIdentifier gostR3411 = new ASN1ObjectIdentifier(GOST_id+".9"); - static final DERObjectIdentifier gostR28147_cbc = new DERObjectIdentifier(GOST_id+".21"); + static final ASN1ObjectIdentifier gostR28147_cbc = new ASN1ObjectIdentifier(GOST_id+".21"); - static final DERObjectIdentifier gostR3410_94 = new DERObjectIdentifier(GOST_id+".20"); - static final DERObjectIdentifier gostR3410_2001 = new DERObjectIdentifier(GOST_id+".19"); - static final DERObjectIdentifier gostR3411_94_with_gostR3410_94 = new DERObjectIdentifier(GOST_id+".4"); - static final DERObjectIdentifier gostR3411_94_with_gostR3410_2001 = new DERObjectIdentifier(GOST_id+".3"); + static final ASN1ObjectIdentifier gostR3410_94 = new ASN1ObjectIdentifier(GOST_id+".20"); + static final ASN1ObjectIdentifier gostR3410_2001 = new ASN1ObjectIdentifier(GOST_id+".19"); + static final ASN1ObjectIdentifier gostR3411_94_with_gostR3410_94 = new ASN1ObjectIdentifier(GOST_id+".4"); + static final ASN1ObjectIdentifier gostR3411_94_with_gostR3410_2001 = new ASN1ObjectIdentifier(GOST_id+".3"); // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) hashes(30) } - static final DERObjectIdentifier gostR3411_94_CryptoProParamSet = new DERObjectIdentifier(GOST_id+".30.1"); + static final ASN1ObjectIdentifier gostR3411_94_CryptoProParamSet = new ASN1ObjectIdentifier(GOST_id+".30.1"); // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) signs(32) } - static final DERObjectIdentifier gostR3410_94_CryptoPro_A = new DERObjectIdentifier(GOST_id+".32.2"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_B = new DERObjectIdentifier(GOST_id+".32.3"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_C = new DERObjectIdentifier(GOST_id+".32.4"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_D = new DERObjectIdentifier(GOST_id+".32.5"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_A = new ASN1ObjectIdentifier(GOST_id+".32.2"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_B = new ASN1ObjectIdentifier(GOST_id+".32.3"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_C = new ASN1ObjectIdentifier(GOST_id+".32.4"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_D = new ASN1ObjectIdentifier(GOST_id+".32.5"); // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) exchanges(33) } - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchA = new DERObjectIdentifier(GOST_id+".33.1"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchB = new DERObjectIdentifier(GOST_id+".33.2"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchC = new DERObjectIdentifier(GOST_id+".33.3"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_XchA = new ASN1ObjectIdentifier(GOST_id+".33.1"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_XchB = new ASN1ObjectIdentifier(GOST_id+".33.2"); + static final ASN1ObjectIdentifier gostR3410_94_CryptoPro_XchC = new ASN1ObjectIdentifier(GOST_id+".33.3"); //{ iso(1) member-body(2)ru(643) rans(2) cryptopro(2) ecc-signs(35) } - static final DERObjectIdentifier gostR3410_2001_CryptoPro_A = new DERObjectIdentifier(GOST_id+".35.1"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_B = new DERObjectIdentifier(GOST_id+".35.2"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_C = new DERObjectIdentifier(GOST_id+".35.3"); + static final ASN1ObjectIdentifier gostR3410_2001_CryptoPro_A = new ASN1ObjectIdentifier(GOST_id+".35.1"); + static final ASN1ObjectIdentifier gostR3410_2001_CryptoPro_B = new ASN1ObjectIdentifier(GOST_id+".35.2"); + static final ASN1ObjectIdentifier gostR3410_2001_CryptoPro_C = new ASN1ObjectIdentifier(GOST_id+".35.3"); // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) ecc-exchanges(36) } - static final DERObjectIdentifier gostR3410_2001_CryptoPro_XchA = new DERObjectIdentifier(GOST_id+".36.0"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_XchB = new DERObjectIdentifier(GOST_id+".36.1"); + static final ASN1ObjectIdentifier gostR3410_2001_CryptoPro_XchA = new ASN1ObjectIdentifier(GOST_id+".36.0"); + static final ASN1ObjectIdentifier gostR3410_2001_CryptoPro_XchB = new ASN1ObjectIdentifier(GOST_id+".36.1"); - static final DERObjectIdentifier gost_ElSgDH3410_default = new DERObjectIdentifier(GOST_id+".36.0"); - static final DERObjectIdentifier gost_ElSgDH3410_1 = new DERObjectIdentifier(GOST_id+".36.1"); + static final ASN1ObjectIdentifier gost_ElSgDH3410_default = new ASN1ObjectIdentifier(GOST_id+".36.0"); + static final ASN1ObjectIdentifier gost_ElSgDH3410_1 = new ASN1ObjectIdentifier(GOST_id+".36.1"); } diff --git a/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java b/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java index 61a851a..846a205 100644 --- a/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java +++ b/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java @@ -1,6 +1,6 @@ package org.bouncycastle.asn1.misc; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.DERBitString; /** * The NetscapeCertType object. diff --git a/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java b/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java index ba35d08..c0347da 100644 --- a/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java +++ b/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java @@ -1,6 +1,6 @@ package org.bouncycastle.asn1.misc; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.DERIA5String; public class NetscapeRevocationURL extends DERIA5String diff --git a/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java b/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java index 5066ec5..f09880a 100644 --- a/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java +++ b/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java @@ -1,6 +1,6 @@ package org.bouncycastle.asn1.misc; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.DERIA5String; public class VerisignCzagExtension extends DERIA5String diff --git a/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java index 821e0d1..97712b5 100644 --- a/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java +++ b/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java @@ -1,14 +1,14 @@ package org.bouncycastle.asn1.nist; -import org.bouncycastle.asn1.DERObjectIdentifier; +import java.util.Enumeration; +import java.util.Hashtable; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.sec.SECNamedCurves; import org.bouncycastle.asn1.sec.SECObjectIdentifiers; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.util.Strings; -import java.util.Enumeration; -import java.util.Hashtable; - /** * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2 */ @@ -17,7 +17,7 @@ public class NISTNamedCurves static final Hashtable objIds = new Hashtable(); static final Hashtable names = new Hashtable(); - static void defineCurve(String name, DERObjectIdentifier oid) + static void defineCurve(String name, ASN1ObjectIdentifier oid) { objIds.put(name, oid); names.put(oid, name); @@ -42,7 +42,7 @@ public class NISTNamedCurves public static X9ECParameters getByName( String name) { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name)); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)objIds.get(Strings.toUpperCase(name)); if (oid != null) { @@ -59,7 +59,7 @@ public class NISTNamedCurves * @param oid an object identifier representing a named curve, if present. */ public static X9ECParameters getByOID( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { return SECNamedCurves.getByOID(oid); } @@ -70,17 +70,17 @@ public class NISTNamedCurves * * @return the object identifier associated with name, if present. */ - public static DERObjectIdentifier getOID( + public static ASN1ObjectIdentifier getOID( String name) { - return (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name)); + return (ASN1ObjectIdentifier)objIds.get(Strings.toUpperCase(name)); } /** * return the named curve name represented by the given object identifier. */ public static String getName( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { return (String)names.get(oid); } diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java b/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java index fe04a5c..ea4779b 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java @@ -1,17 +1,19 @@ package org.bouncycastle.asn1.pkcs; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERObject; +import org.bouncycastle.asn1.DLSequence; public class AuthenticatedSafe - extends ASN1Encodable + extends ASN1Object { - ContentInfo[] info; + private ContentInfo[] info; + private boolean isBer = true; - public AuthenticatedSafe( + private AuthenticatedSafe( ASN1Sequence seq) { info = new ContentInfo[seq.size()]; @@ -20,6 +22,24 @@ public class AuthenticatedSafe { info[i] = ContentInfo.getInstance(seq.getObjectAt(i)); } + + isBer = seq instanceof BERSequence; + } + + public static AuthenticatedSafe getInstance( + Object o) + { + if (o instanceof AuthenticatedSafe) + { + return (AuthenticatedSafe)o; + } + + if (o != null) + { + return new AuthenticatedSafe(ASN1Sequence.getInstance(o)); + } + + return null; } public AuthenticatedSafe( @@ -33,15 +53,22 @@ public class AuthenticatedSafe return info; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - ASN1EncodableVector v = new ASN1EncodableVector(); + ASN1EncodableVector v = new ASN1EncodableVector(); for (int i = 0; i != info.length; i++) { v.add(info[i]); } - return new BERSequence(v); + if (isBer) + { + return new BERSequence(v); + } + else + { + return new DLSequence(v); + } } } diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java b/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java new file mode 100644 index 0000000..b91c1a5 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java @@ -0,0 +1,82 @@ +package org.bouncycastle.asn1.pkcs; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; + +public class CRLBag + extends ASN1Object +{ + private ASN1ObjectIdentifier crlId; + private ASN1Encodable crlValue; + + private CRLBag( + ASN1Sequence seq) + { + this.crlId = (ASN1ObjectIdentifier)seq.getObjectAt(0); + this.crlValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); + } + + public static CRLBag getInstance(Object o) + { + if (o instanceof CRLBag) + { + return (CRLBag)o; + } + else if (o != null) + { + return new CRLBag(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public CRLBag( + ASN1ObjectIdentifier crlId, + ASN1Encodable crlValue) + { + this.crlId = crlId; + this.crlValue = crlValue; + } + + public ASN1ObjectIdentifier getcrlId() + { + return crlId; + } + + public ASN1Encodable getCRLValue() + { + return crlValue; + } + + /** + * <pre> + CRLBag ::= SEQUENCE { + crlId BAG-TYPE.&id ({CRLTypes}), + crlValue [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId}) + } + + x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1} + -- DER-encoded X.509 CRL stored in OCTET STRING + + CRLTypes BAG-TYPE ::= { + x509CRL, + ... -- For future extensions + } + </pre> + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(crlId); + v.add(new DERTaggedObject(0, crlValue)); + + return new DERSequence(v); + } +} diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java index c781b4c..4a73028 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java @@ -2,46 +2,59 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; public class CertBag - extends ASN1Encodable + extends ASN1Object { - ASN1Sequence seq; - DERObjectIdentifier certId; - DERObject certValue; + private ASN1ObjectIdentifier certId; + private ASN1Encodable certValue; - public CertBag( + private CertBag( ASN1Sequence seq) { - this.seq = seq; - this.certId = (DERObjectIdentifier)seq.getObjectAt(0); + this.certId = (ASN1ObjectIdentifier)seq.getObjectAt(0); this.certValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); } + public static CertBag getInstance(Object o) + { + if (o instanceof CertBag) + { + return (CertBag)o; + } + else if (o != null) + { + return new CertBag(ASN1Sequence.getInstance(o)); + } + + return null; + } + public CertBag( - DERObjectIdentifier certId, - DERObject certValue) + ASN1ObjectIdentifier certId, + ASN1Encodable certValue) { this.certId = certId; this.certValue = certValue; } - public DERObjectIdentifier getCertId() + public ASN1ObjectIdentifier getCertId() { return certId; } - public DERObject getCertValue() + public ASN1Encodable getCertValue() { return certValue; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java index 73c2e94..987d4eb 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java @@ -1,10 +1,10 @@ package org.bouncycastle.asn1.pkcs; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -19,7 +19,7 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; * </pre> */ public class CertificationRequest - extends ASN1Encodable + extends ASN1Object { protected CertificationRequestInfo reqInfo = null; protected AlgorithmIdentifier sigAlgId = null; @@ -77,7 +77,7 @@ public class CertificationRequest return sigBits; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { // Construct the CertificateRequest ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java index bf3b0a8..aac2bb7 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java @@ -1,11 +1,11 @@ package org.bouncycastle.asn1.pkcs; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x500.X500Name; @@ -31,10 +31,10 @@ import org.bouncycastle.asn1.x509.X509Name; * </pre> */ public class CertificationRequestInfo - extends ASN1Encodable + extends ASN1Object { - DERInteger version = new DERInteger(0); - X509Name subject; + ASN1Integer version = new ASN1Integer(0); + X500Name subject; SubjectPublicKeyInfo subjectPKInfo; ASN1Set attributes = null; @@ -45,12 +45,12 @@ public class CertificationRequestInfo { return (CertificationRequestInfo)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new CertificationRequestInfo((ASN1Sequence)obj); + return new CertificationRequestInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public CertificationRequestInfo( @@ -58,7 +58,7 @@ public class CertificationRequestInfo SubjectPublicKeyInfo pkInfo, ASN1Set attributes) { - this.subject = X509Name.getInstance(subject.getDERObject()); + this.subject = subject; this.subjectPKInfo = pkInfo; this.attributes = attributes; @@ -68,12 +68,15 @@ public class CertificationRequestInfo } } + /** + * @deprecated use X500Name method. + */ public CertificationRequestInfo( X509Name subject, SubjectPublicKeyInfo pkInfo, ASN1Set attributes) { - this.subject = subject; + this.subject = X500Name.getInstance(subject.toASN1Primitive()); this.subjectPKInfo = pkInfo; this.attributes = attributes; @@ -86,9 +89,9 @@ public class CertificationRequestInfo public CertificationRequestInfo( ASN1Sequence seq) { - version = (DERInteger)seq.getObjectAt(0); + version = (ASN1Integer)seq.getObjectAt(0); - subject = X509Name.getInstance(seq.getObjectAt(1)); + subject = X500Name.getInstance(seq.getObjectAt(1)); subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2)); // @@ -107,12 +110,12 @@ public class CertificationRequestInfo } } - public DERInteger getVersion() + public ASN1Integer getVersion() { return version; } - public X509Name getSubject() + public X500Name getSubject() { return subject; } @@ -127,7 +130,7 @@ public class CertificationRequestInfo return attributes; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java index 6b56c1a..1ee920f 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java @@ -4,20 +4,22 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.DLSequence; public class ContentInfo - extends ASN1Encodable + extends ASN1Object implements PKCSObjectIdentifiers { - private DERObjectIdentifier contentType; - private DEREncodable content; + private ASN1ObjectIdentifier contentType; + private ASN1Encodable content; + private boolean isBer = true; public static ContentInfo getInstance( Object obj) @@ -26,41 +28,44 @@ public class ContentInfo { return (ContentInfo)obj; } - else if (obj instanceof ASN1Sequence) + + if (obj != null) { - return new ContentInfo((ASN1Sequence)obj); + return new ContentInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public ContentInfo( + private ContentInfo( ASN1Sequence seq) { Enumeration e = seq.getObjects(); - contentType = (DERObjectIdentifier)e.nextElement(); + contentType = (ASN1ObjectIdentifier)e.nextElement(); if (e.hasMoreElements()) { - content = ((DERTaggedObject)e.nextElement()).getObject(); + content = ((ASN1TaggedObject)e.nextElement()).getObject(); } + + isBer = seq instanceof BERSequence; } public ContentInfo( - DERObjectIdentifier contentType, - DEREncodable content) + ASN1ObjectIdentifier contentType, + ASN1Encodable content) { this.contentType = contentType; this.content = content; } - public DERObjectIdentifier getContentType() + public ASN1ObjectIdentifier getContentType() { return contentType; } - public DEREncodable getContent() + public ASN1Encodable getContent() { return content; } @@ -74,17 +79,24 @@ public class ContentInfo * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - ASN1EncodableVector v = new ASN1EncodableVector(); + ASN1EncodableVector v = new ASN1EncodableVector(); v.add(contentType); if (content != null) { - v.add(new BERTaggedObject(0, content)); + v.add(new BERTaggedObject(true, 0, content)); } - return new BERSequence(v); + if (isBer) + { + return new BERSequence(v); + } + else + { + return new DLSequence(v); + } } } diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java b/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java index 34537fa..fa22f79 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java @@ -3,29 +3,29 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class DHParameter - extends ASN1Encodable + extends ASN1Object { - DERInteger p, g, l; + ASN1Integer p, g, l; public DHParameter( BigInteger p, BigInteger g, int l) { - this.p = new DERInteger(p); - this.g = new DERInteger(g); + this.p = new ASN1Integer(p); + this.g = new ASN1Integer(g); if (l != 0) { - this.l = new DERInteger(l); + this.l = new ASN1Integer(l); } else { @@ -33,17 +33,33 @@ public class DHParameter } } - public DHParameter( + public static DHParameter getInstance( + Object obj) + { + if (obj instanceof DHParameter) + { + return (DHParameter)obj; + } + + if (obj != null) + { + return new DHParameter(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + private DHParameter( ASN1Sequence seq) { Enumeration e = seq.getObjects(); - p = (DERInteger)e.nextElement(); - g = (DERInteger)e.nextElement(); + p = ASN1Integer.getInstance(e.nextElement()); + g = ASN1Integer.getInstance(e.nextElement()); if (e.hasMoreElements()) { - l = (DERInteger)e.nextElement(); + l = (ASN1Integer)e.nextElement(); } else { @@ -71,7 +87,7 @@ public class DHParameter return l.getPositiveValue(); } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java index 7fa8e08..e0f5efd 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java @@ -2,15 +2,15 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; /** @@ -32,11 +32,11 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; * </pre> */ public class EncryptedData - extends ASN1Encodable + extends ASN1Object { ASN1Sequence data; - DERObjectIdentifier bagId; - DERObject bagValue; + ASN1ObjectIdentifier bagId; + ASN1Primitive bagValue; public static EncryptedData getInstance( Object obj) @@ -45,44 +45,45 @@ public class EncryptedData { return (EncryptedData)obj; } - else if (obj instanceof ASN1Sequence) + + if (obj != null) { - return new EncryptedData((ASN1Sequence)obj); + return new EncryptedData(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public EncryptedData( + private EncryptedData( ASN1Sequence seq) { - int version = ((DERInteger)seq.getObjectAt(0)).getValue().intValue(); + int version = ((ASN1Integer)seq.getObjectAt(0)).getValue().intValue(); if (version != 0) { throw new IllegalArgumentException("sequence not version 0"); } - this.data = (ASN1Sequence)seq.getObjectAt(1); + this.data = ASN1Sequence.getInstance(seq.getObjectAt(1)); } public EncryptedData( - DERObjectIdentifier contentType, + ASN1ObjectIdentifier contentType, AlgorithmIdentifier encryptionAlgorithm, - DEREncodable content) + ASN1Encodable content) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(contentType); - v.add(encryptionAlgorithm.getDERObject()); + v.add(encryptionAlgorithm.toASN1Primitive()); v.add(new BERTaggedObject(false, 0, content)); data = new BERSequence(v); } - public DERObjectIdentifier getContentType() + public ASN1ObjectIdentifier getContentType() { - return (DERObjectIdentifier)data.getObjectAt(0); + return ASN1ObjectIdentifier.getInstance(data.getObjectAt(0)); } public AlgorithmIdentifier getEncryptionAlgorithm() @@ -94,7 +95,7 @@ public class EncryptedData { if (data.size() == 3) { - DERTaggedObject o = (DERTaggedObject)data.getObjectAt(2); + ASN1TaggedObject o = ASN1TaggedObject.getInstance(data.getObjectAt(2)); return ASN1OctetString.getInstance(o, false); } @@ -102,11 +103,11 @@ public class EncryptedData return null; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - ASN1EncodableVector v = new ASN1EncodableVector(); + ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(0)); + v.add(new ASN1Integer(0)); v.add(data); return new BERSequence(v); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java index 0ca629a..2aa2fae 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java @@ -2,28 +2,28 @@ package org.bouncycastle.asn1.pkcs; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class EncryptedPrivateKeyInfo - extends ASN1Encodable + extends ASN1Object { private AlgorithmIdentifier algId; private ASN1OctetString data; - public EncryptedPrivateKeyInfo( + private EncryptedPrivateKeyInfo( ASN1Sequence seq) { Enumeration e = seq.getObjects(); algId = AlgorithmIdentifier.getInstance(e.nextElement()); - data = (ASN1OctetString)e.nextElement(); + data = ASN1OctetString.getInstance(e.nextElement()); } public EncryptedPrivateKeyInfo( @@ -44,12 +44,12 @@ public class EncryptedPrivateKeyInfo return (EncryptedPrivateKeyInfo)obj; } // END android-changed - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new EncryptedPrivateKeyInfo((ASN1Sequence)obj); + return new EncryptedPrivateKeyInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public AlgorithmIdentifier getEncryptionAlgorithm() @@ -77,7 +77,7 @@ public class EncryptedPrivateKeyInfo * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java index 8f06c23..613c3f4 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java @@ -1,10 +1,10 @@ package org.bouncycastle.asn1.pkcs; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -12,8 +12,8 @@ public class EncryptionScheme extends AlgorithmIdentifier { public EncryptionScheme( - DERObjectIdentifier objectId, - DEREncodable parameters) + ASN1ObjectIdentifier objectId, + ASN1Encodable parameters) { super(objectId, parameters); } @@ -21,7 +21,7 @@ public class EncryptionScheme EncryptionScheme( ASN1Sequence seq) { - this((DERObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1)); + this((ASN1ObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1)); } public static final AlgorithmIdentifier getInstance(Object obj) @@ -38,12 +38,12 @@ public class EncryptionScheme throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); } - public DERObject getObject() + public ASN1Primitive getObject() { - return (DERObject)getParameters(); + return (ASN1Primitive)getParameters(); } - public DERObject getDERObject() + public ASN1Primitive getASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java b/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java index 699e467..bb94440 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java @@ -2,19 +2,20 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.X509Name; public class IssuerAndSerialNumber - extends ASN1Encodable + extends ASN1Object { - X509Name name; - DERInteger certSerialNumber; + X500Name name; + ASN1Integer certSerialNumber; public static IssuerAndSerialNumber getInstance( Object obj) @@ -34,37 +35,45 @@ public class IssuerAndSerialNumber public IssuerAndSerialNumber( ASN1Sequence seq) { - this.name = X509Name.getInstance(seq.getObjectAt(0)); - this.certSerialNumber = (DERInteger)seq.getObjectAt(1); + this.name = X500Name.getInstance(seq.getObjectAt(0)); + this.certSerialNumber = (ASN1Integer)seq.getObjectAt(1); } public IssuerAndSerialNumber( X509Name name, BigInteger certSerialNumber) { - this.name = name; - this.certSerialNumber = new DERInteger(certSerialNumber); + this.name = X500Name.getInstance(name.toASN1Primitive()); + this.certSerialNumber = new ASN1Integer(certSerialNumber); } public IssuerAndSerialNumber( X509Name name, - DERInteger certSerialNumber) + ASN1Integer certSerialNumber) { - this.name = name; + this.name = X500Name.getInstance(name.toASN1Primitive()); this.certSerialNumber = certSerialNumber; } - public X509Name getName() + public IssuerAndSerialNumber( + X500Name name, + BigInteger certSerialNumber) + { + this.name = name; + this.certSerialNumber = new ASN1Integer(certSerialNumber); + } + + public X500Name getName() { return name; } - public DERInteger getCertificateSerialNumber() + public ASN1Integer getCertificateSerialNumber() { return certSerialNumber; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java index 08dd94f..fef4f07 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java @@ -1,8 +1,8 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class KeyDerivationFunc @@ -15,7 +15,7 @@ public class KeyDerivationFunc } public KeyDerivationFunc( - DERObjectIdentifier id, + ASN1ObjectIdentifier id, ASN1Encodable params) { super(id, params); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java b/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java index e85cf4a..1d8f582 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java @@ -2,18 +2,18 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.DigestInfo; public class MacData - extends ASN1Encodable + extends ASN1Object { private static final BigInteger ONE = BigInteger.valueOf(1); @@ -28,15 +28,15 @@ public class MacData { return (MacData)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new MacData((ASN1Sequence)obj); + return new MacData(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public MacData( + private MacData( ASN1Sequence seq) { this.digInfo = DigestInfo.getInstance(seq.getObjectAt(0)); @@ -45,7 +45,7 @@ public class MacData if (seq.size() == 3) { - this.iterationCount = ((DERInteger)seq.getObjectAt(2)).getValue(); + this.iterationCount = ((ASN1Integer)seq.getObjectAt(2)).getValue(); } else { @@ -87,9 +87,9 @@ public class MacData * -- Note: The default is for historic reasons and its use is deprecated. A * -- higher value, like 1024 is recommended. * </pre> - * @return the basic DERObject construction. + * @return the basic ASN1Primitive construction. */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); @@ -98,7 +98,7 @@ public class MacData if (!iterationCount.equals(ONE)) { - v.add(new DERInteger(iterationCount)); + v.add(new ASN1Integer(iterationCount)); } return new DERSequence(v); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java index f24cd9a..06180df 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java @@ -2,19 +2,19 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; public class PBEParameter - extends ASN1Encodable + extends ASN1Object { - DERInteger iterations; + ASN1Integer iterations; ASN1OctetString salt; public PBEParameter( @@ -26,14 +26,14 @@ public class PBEParameter throw new IllegalArgumentException("salt length must be 8"); } this.salt = new DEROctetString(salt); - this.iterations = new DERInteger(iterations); + this.iterations = new ASN1Integer(iterations); } - public PBEParameter( + private PBEParameter( ASN1Sequence seq) { salt = (ASN1OctetString)seq.getObjectAt(0); - iterations = (DERInteger)seq.getObjectAt(1); + iterations = (ASN1Integer)seq.getObjectAt(1); } public static PBEParameter getInstance( @@ -43,12 +43,12 @@ public class PBEParameter { return (PBEParameter)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new PBEParameter((ASN1Sequence)obj); + return new PBEParameter(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public BigInteger getIterationCount() @@ -61,7 +61,7 @@ public class PBEParameter return salt.getOctets(); } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); @@ -70,4 +70,4 @@ public class PBEParameter return new DERSequence(v); } -}
\ No newline at end of file +} diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java index 2817903..06c9455 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java @@ -3,9 +3,9 @@ package org.bouncycastle.asn1.pkcs; import java.util.Enumeration; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -15,7 +15,7 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class PBES2Algorithms extends AlgorithmIdentifier implements PKCSObjectIdentifiers { - private DERObjectIdentifier objectId; + private ASN1ObjectIdentifier objectId; private KeyDerivationFunc func; private EncryptionScheme scheme; @@ -26,7 +26,7 @@ public class PBES2Algorithms Enumeration e = obj.getObjects(); - objectId = (DERObjectIdentifier)e.nextElement(); + objectId = (ASN1ObjectIdentifier)e.nextElement(); ASN1Sequence seq = (ASN1Sequence)e.nextElement(); @@ -46,7 +46,7 @@ public class PBES2Algorithms scheme = new EncryptionScheme((ASN1Sequence)e.nextElement()); } - public DERObjectIdentifier getObjectId() + public ASN1ObjectIdentifier getObjectId() { return objectId; } @@ -61,7 +61,7 @@ public class PBES2Algorithms return scheme; } - public DERObject getDERObject() + public ASN1Primitive getASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); ASN1EncodableVector subV = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java index c96d169..5ada493 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java @@ -4,13 +4,13 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class PBES2Parameters - extends ASN1Encodable + extends ASN1Object implements PKCSObjectIdentifiers { private KeyDerivationFunc func; @@ -36,7 +36,7 @@ public class PBES2Parameters ASN1Sequence obj) { Enumeration e = obj.getObjects(); - ASN1Sequence funcSeq = ASN1Sequence.getInstance(((DEREncodable)e.nextElement()).getDERObject()); + ASN1Sequence funcSeq = ASN1Sequence.getInstance(((ASN1Encodable)e.nextElement()).toASN1Primitive()); if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) { @@ -60,7 +60,7 @@ public class PBES2Parameters return scheme; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java index 02b1543..f46c294 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java @@ -3,21 +3,21 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; public class PBKDF2Params - extends ASN1Encodable + extends ASN1Object { - ASN1OctetString octStr; - DERInteger iterationCount; - DERInteger keyLength; + private ASN1OctetString octStr; + private ASN1Integer iterationCount; + private ASN1Integer keyLength; public static PBKDF2Params getInstance( Object obj) @@ -27,12 +27,12 @@ public class PBKDF2Params return (PBKDF2Params)obj; } - if (obj instanceof ASN1Sequence) + if (obj != null) { - return new PBKDF2Params((ASN1Sequence)obj); + return new PBKDF2Params(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public PBKDF2Params( @@ -40,20 +40,30 @@ public class PBKDF2Params int iterationCount) { this.octStr = new DEROctetString(salt); - this.iterationCount = new DERInteger(iterationCount); + this.iterationCount = new ASN1Integer(iterationCount); } - + public PBKDF2Params( + byte[] salt, + int iterationCount, + int keyLength) + { + this(salt, iterationCount); + + this.keyLength = new ASN1Integer(keyLength); + } + + private PBKDF2Params( ASN1Sequence seq) { Enumeration e = seq.getObjects(); octStr = (ASN1OctetString)e.nextElement(); - iterationCount = (DERInteger)e.nextElement(); + iterationCount = (ASN1Integer)e.nextElement(); if (e.hasMoreElements()) { - keyLength = (DERInteger)e.nextElement(); + keyLength = (ASN1Integer)e.nextElement(); } else { @@ -81,7 +91,7 @@ public class PBKDF2Params return null; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java b/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java index 8817b35..0ddf5c3 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java @@ -2,19 +2,19 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; public class PKCS12PBEParams - extends ASN1Encodable + extends ASN1Object { - DERInteger iterations; + ASN1Integer iterations; ASN1OctetString iv; public PKCS12PBEParams( @@ -22,14 +22,14 @@ public class PKCS12PBEParams int iterations) { this.iv = new DEROctetString(salt); - this.iterations = new DERInteger(iterations); + this.iterations = new ASN1Integer(iterations); } - public PKCS12PBEParams( + private PKCS12PBEParams( ASN1Sequence seq) { iv = (ASN1OctetString)seq.getObjectAt(0); - iterations = (DERInteger)seq.getObjectAt(1); + iterations = ASN1Integer.getInstance(seq.getObjectAt(1)); } public static PKCS12PBEParams getInstance( @@ -39,12 +39,12 @@ public class PKCS12PBEParams { return (PKCS12PBEParams)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new PKCS12PBEParams((ASN1Sequence)obj); + return new PKCS12PBEParams(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public BigInteger getIterations() @@ -57,7 +57,7 @@ public class PKCS12PBEParams return iv.getOctets(); } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java index 7bec34b..fa4c20e 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java @@ -254,6 +254,11 @@ public interface PKCSObjectIdentifiers static final ASN1ObjectIdentifier pbeWithSHAAnd3_KeyTripleDES_CBC = pkcs_12PbeIds.branch("3"); static final ASN1ObjectIdentifier pbeWithSHAAnd2_KeyTripleDES_CBC = pkcs_12PbeIds.branch("4"); static final ASN1ObjectIdentifier pbeWithSHAAnd128BitRC2_CBC = pkcs_12PbeIds.branch("5"); + static final ASN1ObjectIdentifier pbeWithSHAAnd40BitRC2_CBC = pkcs_12PbeIds.branch("6"); + + /** + * @deprecated use pbeWithSHAAnd40BitRC2_CBC + */ static final ASN1ObjectIdentifier pbewithSHAAnd40BitRC2_CBC = pkcs_12PbeIds.branch("6"); static final ASN1ObjectIdentifier id_alg_CMS3DESwrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java b/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java index ba5292c..7885a79 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java @@ -2,27 +2,27 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; /** * the infamous Pfx from PKCS12 */ public class Pfx - extends ASN1Encodable + extends ASN1Object implements PKCSObjectIdentifiers { private ContentInfo contentInfo; private MacData macData = null; - public Pfx( + private Pfx( ASN1Sequence seq) { - BigInteger version = ((DERInteger)seq.getObjectAt(0)).getValue(); + BigInteger version = ((ASN1Integer)seq.getObjectAt(0)).getValue(); if (version.intValue() != 3) { throw new IllegalArgumentException("wrong version for PFX PDU"); @@ -36,6 +36,22 @@ public class Pfx } } + public static Pfx getInstance( + Object obj) + { + if (obj instanceof Pfx) + { + return (Pfx)obj; + } + + if (obj != null) + { + return new Pfx(ASN1Sequence.getInstance(obj)); + } + + return null; + } + public Pfx( ContentInfo contentInfo, MacData macData) @@ -54,11 +70,11 @@ public class Pfx return macData; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(3)); + v.add(new ASN1Integer(3)); v.add(contentInfo); if (macData != null) diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java index 9e84499..6b42763 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java @@ -6,22 +6,23 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class PrivateKeyInfo - extends ASN1Encodable + extends ASN1Object { - private DERObject privKey; + private ASN1OctetString privKey; private AlgorithmIdentifier algId; private ASN1Set attributes; @@ -49,17 +50,19 @@ public class PrivateKeyInfo public PrivateKeyInfo( AlgorithmIdentifier algId, - DERObject privateKey) + ASN1Encodable privateKey) + throws IOException { this(algId, privateKey, null); } public PrivateKeyInfo( AlgorithmIdentifier algId, - DERObject privateKey, + ASN1Encodable privateKey, ASN1Set attributes) + throws IOException { - this.privKey = privateKey; + this.privKey = new DEROctetString(privateKey.toASN1Primitive().getEncoded(ASN1Encoding.DER)); this.algId = algId; this.attributes = attributes; } @@ -69,24 +72,14 @@ public class PrivateKeyInfo { Enumeration e = seq.getObjects(); - BigInteger version = ((DERInteger)e.nextElement()).getValue(); + BigInteger version = ((ASN1Integer)e.nextElement()).getValue(); if (version.intValue() != 0) { throw new IllegalArgumentException("wrong version for private key info"); } - algId = new AlgorithmIdentifier((ASN1Sequence)e.nextElement()); - - try - { - ASN1InputStream aIn = new ASN1InputStream(((ASN1OctetString)e.nextElement()).getOctets()); - - privKey = aIn.readObject(); - } - catch (IOException ex) - { - throw new IllegalArgumentException("Error recoverying private key from sequence"); - } + algId = AlgorithmIdentifier.getInstance(e.nextElement()); + privKey = ASN1OctetString.getInstance(e.nextElement()); if (e.hasMoreElements()) { @@ -94,14 +87,37 @@ public class PrivateKeyInfo } } + public AlgorithmIdentifier getPrivateKeyAlgorithm() + { + return algId; + } + /** + * @deprecated use getPrivateKeyAlgorithm() + */ public AlgorithmIdentifier getAlgorithmId() { return algId; } - public DERObject getPrivateKey() + public ASN1Encodable parsePrivateKey() + throws IOException { - return privKey; + return ASN1Primitive.fromByteArray(privKey.getOctets()); + } + + /** + * @deprecated use parsePrivateKey() + */ + public ASN1Primitive getPrivateKey() + { + try + { + return parsePrivateKey().toASN1Primitive(); + } + catch (IOException e) + { + throw new IllegalStateException("unable to parse private key"); + } } public ASN1Set getAttributes() @@ -126,13 +142,13 @@ public class PrivateKeyInfo * Attributes ::= SET OF Attribute * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(0)); + v.add(new ASN1Integer(0)); v.add(algId); - v.add(new DEROctetString(privKey)); + v.add(privKey); if (attributes != null) { diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java b/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java index 1ded6e9..25ff98d 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java @@ -1,11 +1,11 @@ package org.bouncycastle.asn1.pkcs; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -13,7 +13,7 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class RSAESOAEPparams - extends ASN1Encodable + extends ASN1Object { private AlgorithmIdentifier hashAlgorithm; private AlgorithmIdentifier maskGenAlgorithm; @@ -32,12 +32,12 @@ public class RSAESOAEPparams { return (RSAESOAEPparams)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new RSAESOAEPparams((ASN1Sequence)obj); + return new RSAESOAEPparams(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } /** @@ -129,7 +129,7 @@ public class RSAESOAEPparams * </pre> * @return the asn1 primitive representing the parameters. */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKey.java b/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKey.java new file mode 100644 index 0000000..36992cf --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKey.java @@ -0,0 +1,187 @@ +package org.bouncycastle.asn1.pkcs; + +import java.math.BigInteger; +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; + +public class RSAPrivateKey + extends ASN1Object +{ + private BigInteger version; + private BigInteger modulus; + private BigInteger publicExponent; + private BigInteger privateExponent; + private BigInteger prime1; + private BigInteger prime2; + private BigInteger exponent1; + private BigInteger exponent2; + private BigInteger coefficient; + private ASN1Sequence otherPrimeInfos = null; + + public static RSAPrivateKey getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + public static RSAPrivateKey getInstance( + Object obj) + { + if (obj instanceof RSAPrivateKey) + { + return (RSAPrivateKey)obj; + } + + if (obj != null) + { + return new RSAPrivateKey(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + public RSAPrivateKey( + BigInteger modulus, + BigInteger publicExponent, + BigInteger privateExponent, + BigInteger prime1, + BigInteger prime2, + BigInteger exponent1, + BigInteger exponent2, + BigInteger coefficient) + { + this.version = BigInteger.valueOf(0); + this.modulus = modulus; + this.publicExponent = publicExponent; + this.privateExponent = privateExponent; + this.prime1 = prime1; + this.prime2 = prime2; + this.exponent1 = exponent1; + this.exponent2 = exponent2; + this.coefficient = coefficient; + } + + private RSAPrivateKey( + ASN1Sequence seq) + { + Enumeration e = seq.getObjects(); + + BigInteger v = ((ASN1Integer)e.nextElement()).getValue(); + if (v.intValue() != 0 && v.intValue() != 1) + { + throw new IllegalArgumentException("wrong version for RSA private key"); + } + + version = v; + modulus = ((ASN1Integer)e.nextElement()).getValue(); + publicExponent = ((ASN1Integer)e.nextElement()).getValue(); + privateExponent = ((ASN1Integer)e.nextElement()).getValue(); + prime1 = ((ASN1Integer)e.nextElement()).getValue(); + prime2 = ((ASN1Integer)e.nextElement()).getValue(); + exponent1 = ((ASN1Integer)e.nextElement()).getValue(); + exponent2 = ((ASN1Integer)e.nextElement()).getValue(); + coefficient = ((ASN1Integer)e.nextElement()).getValue(); + + if (e.hasMoreElements()) + { + otherPrimeInfos = (ASN1Sequence)e.nextElement(); + } + } + + public BigInteger getVersion() + { + return version; + } + + public BigInteger getModulus() + { + return modulus; + } + + public BigInteger getPublicExponent() + { + return publicExponent; + } + + public BigInteger getPrivateExponent() + { + return privateExponent; + } + + public BigInteger getPrime1() + { + return prime1; + } + + public BigInteger getPrime2() + { + return prime2; + } + + public BigInteger getExponent1() + { + return exponent1; + } + + public BigInteger getExponent2() + { + return exponent2; + } + + public BigInteger getCoefficient() + { + return coefficient; + } + + /** + * This outputs the key in PKCS1v2 format. + * <pre> + * RSAPrivateKey ::= SEQUENCE { + * version Version, + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + * + * Version ::= INTEGER { two-prime(0), multi(1) } + * (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --}) + * </pre> + * <p> + * This routine is written to output PKCS1 version 2.1, private keys. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(new ASN1Integer(version)); // version + v.add(new ASN1Integer(getModulus())); + v.add(new ASN1Integer(getPublicExponent())); + v.add(new ASN1Integer(getPrivateExponent())); + v.add(new ASN1Integer(getPrime1())); + v.add(new ASN1Integer(getPrime2())); + v.add(new ASN1Integer(getExponent1())); + v.add(new ASN1Integer(getExponent2())); + v.add(new ASN1Integer(getCoefficient())); + + if (otherPrimeInfos != null) + { + v.add(otherPrimeInfos); + } + + return new DERSequence(v); + } +} diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java b/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java index e2f0072..5912d5e 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java @@ -3,16 +3,19 @@ package org.bouncycastle.asn1.pkcs; import java.math.BigInteger; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; +/** + * @deprecated use RSAPrivateKey + */ public class RSAPrivateKeyStructure - extends ASN1Encodable + extends ASN1Object { private int version; private BigInteger modulus; @@ -73,21 +76,21 @@ public class RSAPrivateKeyStructure { Enumeration e = seq.getObjects(); - BigInteger v = ((DERInteger)e.nextElement()).getValue(); + BigInteger v = ((ASN1Integer)e.nextElement()).getValue(); if (v.intValue() != 0 && v.intValue() != 1) { throw new IllegalArgumentException("wrong version for RSA private key"); } version = v.intValue(); - modulus = ((DERInteger)e.nextElement()).getValue(); - publicExponent = ((DERInteger)e.nextElement()).getValue(); - privateExponent = ((DERInteger)e.nextElement()).getValue(); - prime1 = ((DERInteger)e.nextElement()).getValue(); - prime2 = ((DERInteger)e.nextElement()).getValue(); - exponent1 = ((DERInteger)e.nextElement()).getValue(); - exponent2 = ((DERInteger)e.nextElement()).getValue(); - coefficient = ((DERInteger)e.nextElement()).getValue(); + modulus = ((ASN1Integer)e.nextElement()).getValue(); + publicExponent = ((ASN1Integer)e.nextElement()).getValue(); + privateExponent = ((ASN1Integer)e.nextElement()).getValue(); + prime1 = ((ASN1Integer)e.nextElement()).getValue(); + prime2 = ((ASN1Integer)e.nextElement()).getValue(); + exponent1 = ((ASN1Integer)e.nextElement()).getValue(); + exponent2 = ((ASN1Integer)e.nextElement()).getValue(); + coefficient = ((ASN1Integer)e.nextElement()).getValue(); if (e.hasMoreElements()) { @@ -162,19 +165,19 @@ public class RSAPrivateKeyStructure * <p> * This routine is written to output PKCS1 version 2.1, private keys. */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(version)); // version - v.add(new DERInteger(getModulus())); - v.add(new DERInteger(getPublicExponent())); - v.add(new DERInteger(getPrivateExponent())); - v.add(new DERInteger(getPrime1())); - v.add(new DERInteger(getPrime2())); - v.add(new DERInteger(getExponent1())); - v.add(new DERInteger(getExponent2())); - v.add(new DERInteger(getCoefficient())); + v.add(new ASN1Integer(version)); // version + v.add(new ASN1Integer(getModulus())); + v.add(new ASN1Integer(getPublicExponent())); + v.add(new ASN1Integer(getPrivateExponent())); + v.add(new ASN1Integer(getPrime1())); + v.add(new ASN1Integer(getPrime2())); + v.add(new ASN1Integer(getExponent1())); + v.add(new ASN1Integer(getExponent2())); + v.add(new ASN1Integer(getCoefficient())); if (otherPrimeInfos != null) { diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/RSAPublicKey.java b/src/main/java/org/bouncycastle/asn1/pkcs/RSAPublicKey.java new file mode 100644 index 0000000..6c43298 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/pkcs/RSAPublicKey.java @@ -0,0 +1,95 @@ +package org.bouncycastle.asn1.pkcs; + +import java.math.BigInteger; +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; + +public class RSAPublicKey + extends ASN1Object +{ + private BigInteger modulus; + private BigInteger publicExponent; + + public static RSAPublicKey getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + public static RSAPublicKey getInstance( + Object obj) + { + if (obj instanceof RSAPublicKey) + { + return (RSAPublicKey)obj; + } + + if (obj != null) + { + return new RSAPublicKey(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + public RSAPublicKey( + BigInteger modulus, + BigInteger publicExponent) + { + this.modulus = modulus; + this.publicExponent = publicExponent; + } + + private RSAPublicKey( + ASN1Sequence seq) + { + if (seq.size() != 2) + { + throw new IllegalArgumentException("Bad sequence size: " + + seq.size()); + } + + Enumeration e = seq.getObjects(); + + modulus = ASN1Integer.getInstance(e.nextElement()).getPositiveValue(); + publicExponent = ASN1Integer.getInstance(e.nextElement()).getPositiveValue(); + } + + public BigInteger getModulus() + { + return modulus; + } + + public BigInteger getPublicExponent() + { + return publicExponent; + } + + /** + * This outputs the key in PKCS1v2 format. + * <pre> + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * } + * </pre> + * <p> + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(new ASN1Integer(getModulus())); + v.add(new ASN1Integer(getPublicExponent())); + + return new DERSequence(v); + } +} diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java b/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java index bfa3ed6..73cfcdc 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java @@ -1,45 +1,47 @@ package org.bouncycastle.asn1.pkcs; -import org.bouncycastle.asn1.ASN1Encodable; +import java.math.BigInteger; + import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class RSASSAPSSparams - extends ASN1Encodable + extends ASN1Object { private AlgorithmIdentifier hashAlgorithm; private AlgorithmIdentifier maskGenAlgorithm; - private DERInteger saltLength; - private DERInteger trailerField; + private ASN1Integer saltLength; + private ASN1Integer trailerField; // BEGIN android-changed public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); // END android-changed public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); - public final static DERInteger DEFAULT_SALT_LENGTH = new DERInteger(20); - public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1); + public final static ASN1Integer DEFAULT_SALT_LENGTH = new ASN1Integer(20); + public final static ASN1Integer DEFAULT_TRAILER_FIELD = new ASN1Integer(1); public static RSASSAPSSparams getInstance( Object obj) { - if (obj == null || obj instanceof RSASSAPSSparams) + if (obj instanceof RSASSAPSSparams) { return (RSASSAPSSparams)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new RSASSAPSSparams((ASN1Sequence)obj); + return new RSASSAPSSparams(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } /** @@ -56,8 +58,8 @@ public class RSASSAPSSparams public RSASSAPSSparams( AlgorithmIdentifier hashAlgorithm, AlgorithmIdentifier maskGenAlgorithm, - DERInteger saltLength, - DERInteger trailerField) + ASN1Integer saltLength, + ASN1Integer trailerField) { this.hashAlgorithm = hashAlgorithm; this.maskGenAlgorithm = maskGenAlgorithm; @@ -65,7 +67,7 @@ public class RSASSAPSSparams this.trailerField = trailerField; } - public RSASSAPSSparams( + private RSASSAPSSparams( ASN1Sequence seq) { hashAlgorithm = DEFAULT_HASH_ALGORITHM; @@ -86,10 +88,10 @@ public class RSASSAPSSparams maskGenAlgorithm = AlgorithmIdentifier.getInstance(o, true); break; case 2: - saltLength = DERInteger.getInstance(o, true); + saltLength = ASN1Integer.getInstance(o, true); break; case 3: - trailerField = DERInteger.getInstance(o, true); + trailerField = ASN1Integer.getInstance(o, true); break; default: throw new IllegalArgumentException("unknown tag"); @@ -107,14 +109,14 @@ public class RSASSAPSSparams return maskGenAlgorithm; } - public DERInteger getSaltLength() + public BigInteger getSaltLength() { - return saltLength; + return saltLength.getValue(); } - public DERInteger getTrailerField() + public BigInteger getTrailerField() { - return trailerField; + return trailerField.getValue(); } /** @@ -143,7 +145,7 @@ public class RSASSAPSSparams * </pre> * @return the asn1 primitive representing the parameters. */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java b/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java index 2808d92..00ca0a2 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java @@ -2,23 +2,25 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DLSequence; +import org.bouncycastle.asn1.DLTaggedObject; public class SafeBag - extends ASN1Encodable + extends ASN1Object { - DERObjectIdentifier bagId; - DERObject bagValue; - ASN1Set bagAttributes; + private ASN1ObjectIdentifier bagId; + private ASN1Encodable bagValue; + private ASN1Set bagAttributes; public SafeBag( - DERObjectIdentifier oid, - DERObject obj) + ASN1ObjectIdentifier oid, + ASN1Encodable obj) { this.bagId = oid; this.bagValue = obj; @@ -26,8 +28,8 @@ public class SafeBag } public SafeBag( - DERObjectIdentifier oid, - DERObject obj, + ASN1ObjectIdentifier oid, + ASN1Encodable obj, ASN1Set bagAttributes) { this.bagId = oid; @@ -35,23 +37,39 @@ public class SafeBag this.bagAttributes = bagAttributes; } - public SafeBag( + public static SafeBag getInstance( + Object obj) + { + if (obj instanceof SafeBag) + { + return (SafeBag)obj; + } + + if (obj != null) + { + return new SafeBag(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + private SafeBag( ASN1Sequence seq) { - this.bagId = (DERObjectIdentifier)seq.getObjectAt(0); - this.bagValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); + this.bagId = (ASN1ObjectIdentifier)seq.getObjectAt(0); + this.bagValue = ((ASN1TaggedObject)seq.getObjectAt(1)).getObject(); if (seq.size() == 3) { this.bagAttributes = (ASN1Set)seq.getObjectAt(2); } } - public DERObjectIdentifier getBagId() + public ASN1ObjectIdentifier getBagId() { return bagId; } - public DERObject getBagValue() + public ASN1Encodable getBagValue() { return bagValue; } @@ -61,18 +79,18 @@ public class SafeBag return bagAttributes; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(bagId); - v.add(new DERTaggedObject(0, bagValue)); + v.add(new DLTaggedObject(true, 0, bagValue)); if (bagAttributes != null) { v.add(bagAttributes); } - return new DERSequence(v); + return new DLSequence(v); } } diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java b/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java index 136ad11..234eb2e 100644 --- a/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java +++ b/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java @@ -2,23 +2,23 @@ package org.bouncycastle.asn1.pkcs; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERTaggedObject; /** * a PKCS#7 signed data object. */ public class SignedData - extends ASN1Encodable + extends ASN1Object implements PKCSObjectIdentifiers { - private DERInteger version; + private ASN1Integer version; private ASN1Set digestAlgorithms; private ContentInfo contentInfo; private ASN1Set certificates; @@ -32,16 +32,16 @@ public class SignedData { return (SignedData)o; } - else if (o instanceof ASN1Sequence) + else if (o != null) { - return new SignedData((ASN1Sequence)o); + return new SignedData(ASN1Sequence.getInstance(o)); } - throw new IllegalArgumentException("unknown object in factory: " + o); + return null; } public SignedData( - DERInteger _version, + ASN1Integer _version, ASN1Set _digestAlgorithms, ContentInfo _contentInfo, ASN1Set _certificates, @@ -61,13 +61,13 @@ public class SignedData { Enumeration e = seq.getObjects(); - version = (DERInteger)e.nextElement(); + version = (ASN1Integer)e.nextElement(); digestAlgorithms = ((ASN1Set)e.nextElement()); contentInfo = ContentInfo.getInstance(e.nextElement()); while (e.hasMoreElements()) { - DERObject o = (DERObject)e.nextElement(); + ASN1Primitive o = (ASN1Primitive)e.nextElement(); // // an interesting feature of SignedData is that there appear to be varying implementations... @@ -96,7 +96,7 @@ public class SignedData } } - public DERInteger getVersion() + public ASN1Integer getVersion() { return version; } @@ -141,7 +141,7 @@ public class SignedData * signerInfos SignerInfos } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java new file mode 100644 index 0000000..4bf6b2b --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java @@ -0,0 +1,143 @@ +package org.bouncycastle.asn1.sec; + +import java.math.BigInteger; +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.util.BigIntegers; + +/** + * the elliptic curve private key object from SEC 1 + */ +public class ECPrivateKey + extends ASN1Object +{ + private ASN1Sequence seq; + + private ECPrivateKey( + ASN1Sequence seq) + { + this.seq = seq; + } + + public static ECPrivateKey getInstance( + Object obj) + { + if (obj instanceof ECPrivateKey) + { + return (ECPrivateKey)obj; + } + + if (obj != null) + { + return new ECPrivateKey(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + public ECPrivateKey( + BigInteger key) + { + byte[] bytes = BigIntegers.asUnsignedByteArray(key); + + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(new ASN1Integer(1)); + v.add(new DEROctetString(bytes)); + + seq = new DERSequence(v); + } + + public ECPrivateKey( + BigInteger key, + ASN1Object parameters) + { + this(key, null, parameters); + } + + public ECPrivateKey( + BigInteger key, + DERBitString publicKey, + ASN1Object parameters) + { + byte[] bytes = BigIntegers.asUnsignedByteArray(key); + + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(new ASN1Integer(1)); + v.add(new DEROctetString(bytes)); + + if (parameters != null) + { + v.add(new DERTaggedObject(true, 0, parameters)); + } + + if (publicKey != null) + { + v.add(new DERTaggedObject(true, 1, publicKey)); + } + + seq = new DERSequence(v); + } + + public BigInteger getKey() + { + ASN1OctetString octs = (ASN1OctetString)seq.getObjectAt(1); + + return new BigInteger(1, octs.getOctets()); + } + + public DERBitString getPublicKey() + { + return (DERBitString)getObjectInTag(1); + } + + public ASN1Primitive getParameters() + { + return getObjectInTag(0); + } + + private ASN1Primitive getObjectInTag(int tagNo) + { + Enumeration e = seq.getObjects(); + + while (e.hasMoreElements()) + { + ASN1Encodable obj = (ASN1Encodable)e.nextElement(); + + if (obj instanceof ASN1TaggedObject) + { + ASN1TaggedObject tag = (ASN1TaggedObject)obj; + if (tag.getTagNo() == tagNo) + { + return tag.getObject().toASN1Primitive(); + } + } + } + return null; + } + + /** + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] Parameters OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL } + */ + public ASN1Primitive toASN1Primitive() + { + return seq; + } +} diff --git a/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java index b9a0407..3b1bcc3 100644 --- a/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java +++ b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java @@ -5,14 +5,13 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -20,9 +19,10 @@ import org.bouncycastle.util.BigIntegers; /** * the elliptic curve private key object from SEC 1 + * @deprecated use ECPrivateKey */ public class ECPrivateKeyStructure - extends ASN1Encodable + extends ASN1Object { private ASN1Sequence seq; @@ -39,7 +39,7 @@ public class ECPrivateKeyStructure ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(1)); + v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); seq = new DERSequence(v); @@ -61,7 +61,7 @@ public class ECPrivateKeyStructure ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(1)); + v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); if (parameters != null) @@ -89,25 +89,25 @@ public class ECPrivateKeyStructure return (DERBitString)getObjectInTag(1); } - public ASN1Object getParameters() + public ASN1Primitive getParameters() { return getObjectInTag(0); } - private ASN1Object getObjectInTag(int tagNo) + private ASN1Primitive getObjectInTag(int tagNo) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { - DEREncodable obj = (DEREncodable)e.nextElement(); + ASN1Encodable obj = (ASN1Encodable)e.nextElement(); if (obj instanceof ASN1TaggedObject) { ASN1TaggedObject tag = (ASN1TaggedObject)obj; if (tag.getTagNo() == tagNo) { - return (ASN1Object)((DEREncodable)tag.getObject()).getDERObject(); + return (ASN1Primitive)((ASN1Encodable)tag.getObject()).toASN1Primitive(); } } } @@ -121,7 +121,7 @@ public class ECPrivateKeyStructure * parameters [0] Parameters OPTIONAL, * publicKey [1] BIT STRING OPTIONAL } */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } diff --git a/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java index 67ead06..44c811b 100644 --- a/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java +++ b/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java @@ -1,18 +1,18 @@ package org.bouncycastle.asn1.sec; -import org.bouncycastle.asn1.DERObjectIdentifier; +import java.math.BigInteger; +import java.util.Enumeration; +import java.util.Hashtable; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ECParametersHolder; +import org.bouncycastle.math.ec.ECConstants; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECConstants; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; - public class SECNamedCurves { private static BigInteger fromHex( @@ -920,7 +920,7 @@ public class SECNamedCurves static final Hashtable curves = new Hashtable(); static final Hashtable names = new Hashtable(); - static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder) + static void defineCurve(String name, ASN1ObjectIdentifier oid, X9ECParametersHolder holder) { objIds.put(name, oid); names.put(oid, name); @@ -968,7 +968,7 @@ public class SECNamedCurves public static X9ECParameters getByName( String name) { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)objIds.get(Strings.toLowerCase(name)); if (oid != null) { @@ -985,7 +985,7 @@ public class SECNamedCurves * @param oid an object identifier representing a named curve, if present. */ public static X9ECParameters getByOID( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid); @@ -1003,17 +1003,17 @@ public class SECNamedCurves * * @return the object identifier associated with name, if present. */ - public static DERObjectIdentifier getOID( + public static ASN1ObjectIdentifier getOID( String name) { - return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); + return (ASN1ObjectIdentifier)objIds.get(Strings.toLowerCase(name)); } /** * return the named curve name represented by the given object identifier. */ public static String getName( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { return (String)names.get(oid); } diff --git a/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java index 272f374..976f556 100644 --- a/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java +++ b/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java @@ -3,7 +3,11 @@ package org.bouncycastle.asn1.util; import java.io.IOException; import java.util.Enumeration; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BERApplicationSpecific; @@ -11,29 +15,24 @@ import org.bouncycastle.asn1.BERConstructedOctetString; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.BERSet; import org.bouncycastle.asn1.BERTaggedObject; +import org.bouncycastle.asn1.BERTags; import org.bouncycastle.asn1.DERApplicationSpecific; import org.bouncycastle.asn1.DERBMPString; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DEREnumerated; import org.bouncycastle.asn1.DERExternal; import org.bouncycastle.asn1.DERGeneralizedTime; import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERT61String; import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERTags; import org.bouncycastle.asn1.DERUTCTime; import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.DERUnknownTag; import org.bouncycastle.asn1.DERVisibleString; import org.bouncycastle.util.encoders.Hex; @@ -45,12 +44,12 @@ public class ASN1Dump /** * dump a DER object as a formatted string with indentation * - * @param obj the DERObject to be dumped out. + * @param obj the ASN1Primitive to be dumped out. */ static void _dumpAsString( String indent, boolean verbose, - DERObject obj, + ASN1Primitive obj, StringBuffer buf) { String nl = System.getProperty("line.separator"); @@ -87,13 +86,13 @@ public class ASN1Dump buf.append("NULL"); buf.append(nl); } - else if (o instanceof DERObject) + else if (o instanceof ASN1Primitive) { - _dumpAsString(tab, verbose, (DERObject)o, buf); + _dumpAsString(tab, verbose, (ASN1Primitive)o, buf); } else { - _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf); + _dumpAsString(tab, verbose, ((ASN1Encodable)o).toASN1Primitive(), buf); } } } @@ -153,13 +152,13 @@ public class ASN1Dump buf.append("NULL"); buf.append(nl); } - else if (o instanceof DERObject) + else if (o instanceof ASN1Primitive) { - _dumpAsString(tab, verbose, (DERObject)o, buf); + _dumpAsString(tab, verbose, (ASN1Primitive)o, buf); } else { - _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf); + _dumpAsString(tab, verbose, ((ASN1Encodable)o).toASN1Primitive(), buf); } } } @@ -182,27 +181,27 @@ public class ASN1Dump buf.append("NULL"); buf.append(nl); } - else if (o instanceof DERObject) + else if (o instanceof ASN1Primitive) { - _dumpAsString(tab, verbose, (DERObject)o, buf); + _dumpAsString(tab, verbose, (ASN1Primitive)o, buf); } else { - _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf); + _dumpAsString(tab, verbose, ((ASN1Encodable)o).toASN1Primitive(), buf); } } } - else if (obj instanceof DERObjectIdentifier) + else if (obj instanceof ASN1ObjectIdentifier) { - buf.append(indent + "ObjectIdentifier(" + ((DERObjectIdentifier)obj).getId() + ")" + nl); + buf.append(indent + "ObjectIdentifier(" + ((ASN1ObjectIdentifier)obj).getId() + ")" + nl); } else if (obj instanceof DERBoolean) { buf.append(indent + "Boolean(" + ((DERBoolean)obj).isTrue() + ")" + nl); } - else if (obj instanceof DERInteger) + else if (obj instanceof ASN1Integer) { - buf.append(indent + "Integer(" + ((DERInteger)obj).getValue() + ")" + nl); + buf.append(indent + "Integer(" + ((ASN1Integer)obj).getValue() + ")" + nl); } else if (obj instanceof BERConstructedOctetString) { @@ -272,10 +271,6 @@ public class ASN1Dump { buf.append(indent + "GeneralizedTime(" + ((DERGeneralizedTime)obj).getTime() + ") " + nl); } - else if (obj instanceof DERUnknownTag) - { - buf.append(indent + "Unknown " + Integer.toString(((DERUnknownTag)obj).getTag(), 16) + " " + new String(Hex.encode(((DERUnknownTag)obj).getData())) + nl); - } else if (obj instanceof BERApplicationSpecific) { buf.append(outputApplicationSpecific("BER", indent, verbose, obj, nl)); @@ -315,7 +310,7 @@ public class ASN1Dump } } - private static String outputApplicationSpecific(String type, String indent, boolean verbose, DERObject obj, String nl) + private static String outputApplicationSpecific(String type, String indent, boolean verbose, ASN1Primitive obj, String nl) { DERApplicationSpecific app = (DERApplicationSpecific)obj; StringBuffer buf = new StringBuffer(); @@ -324,11 +319,11 @@ public class ASN1Dump { try { - ASN1Sequence s = ASN1Sequence.getInstance(app.getObject(DERTags.SEQUENCE)); + ASN1Sequence s = ASN1Sequence.getInstance(app.getObject(BERTags.SEQUENCE)); buf.append(indent + type + " ApplicationSpecific[" + app.getApplicationTag() + "]" + nl); for (Enumeration e = s.getObjects(); e.hasMoreElements();) { - _dumpAsString(indent + TAB, verbose, (DERObject)e.nextElement(), buf); + _dumpAsString(indent + TAB, verbose, (ASN1Primitive)e.nextElement(), buf); } } catch (IOException e) @@ -344,7 +339,7 @@ public class ASN1Dump /** * dump out a DER object as a formatted string, in non-verbose mode. * - * @param obj the DERObject to be dumped out. + * @param obj the ASN1Primitive to be dumped out. * @return the resulting string. */ public static String dumpAsString( @@ -366,13 +361,13 @@ public class ASN1Dump { StringBuffer buf = new StringBuffer(); - if (obj instanceof DERObject) + if (obj instanceof ASN1Primitive) { - _dumpAsString("", verbose, (DERObject)obj, buf); + _dumpAsString("", verbose, (ASN1Primitive)obj, buf); } - else if (obj instanceof DEREncodable) + else if (obj instanceof ASN1Encodable) { - _dumpAsString("", verbose, ((DEREncodable)obj).getDERObject(), buf); + _dumpAsString("", verbose, ((ASN1Encodable)obj).toASN1Primitive(), buf); } else { diff --git a/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java b/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java index bbe2171..7f283f9 100644 --- a/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java +++ b/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java @@ -2,13 +2,14 @@ package org.bouncycastle.asn1.x500; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class AttributeTypeAndValue - extends ASN1Encodable + extends ASN1Object { private ASN1ObjectIdentifier type; private ASN1Encodable value; @@ -59,7 +60,7 @@ public class AttributeTypeAndValue * </pre> * @return a basic ASN.1 object representation. */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java b/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java index b76155c..cf7563e 100644 --- a/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java +++ b/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java @@ -2,25 +2,25 @@ package org.bouncycastle.asn1.x500; import org.bouncycastle.asn1.ASN1Choice; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1String; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.asn1.DERT61String; import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.DERUniversalString; public class DirectoryString - extends ASN1Encodable + extends ASN1Object implements ASN1Choice, ASN1String { private ASN1String string; public static DirectoryString getInstance(Object o) { - if (o instanceof DirectoryString) + if (o == null || o instanceof DirectoryString) { return (DirectoryString)o; } @@ -118,8 +118,8 @@ public class DirectoryString * bmpString BMPString (SIZE (1..MAX)) } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - return ((DEREncodable)string).getDERObject(); + return ((ASN1Encodable)string).toASN1Primitive(); } } diff --git a/src/main/java/org/bouncycastle/asn1/x500/RDN.java b/src/main/java/org/bouncycastle/asn1/x500/RDN.java index 700a918..f51c261 100644 --- a/src/main/java/org/bouncycastle/asn1/x500/RDN.java +++ b/src/main/java/org/bouncycastle/asn1/x500/RDN.java @@ -2,14 +2,15 @@ package org.bouncycastle.asn1.x500; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; public class RDN - extends ASN1Encodable + extends ASN1Object { private ASN1Set values; @@ -35,8 +36,8 @@ public class RDN /** * Create a single valued RDN. * - * @param oid - * @param value + * @param oid RDN type. + * @param value RDN value. */ public RDN(ASN1ObjectIdentifier oid, ASN1Encodable value) { @@ -55,6 +56,8 @@ public class RDN /** * Create a multi-valued RDN. + * + * @param aAndVs attribute type/value pairs making up the RDN */ public RDN(AttributeTypeAndValue[] aAndVs) { @@ -66,6 +69,16 @@ public class RDN return this.values.size() > 1; } + /** + * Return the number of AttributeTypeAndValue objects in this RDN, + * + * @return size of RDN, greater than 1 if multi-valued. + */ + public int size() + { + return this.values.size(); + } + public AttributeTypeAndValue getFirst() { if (this.values.size() == 0) @@ -97,9 +110,9 @@ public class RDN * type AttributeType, * value AttributeValue } * </pre> - * @return + * @return this object as an ASN1Primitive type */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return values; } diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500Name.java b/src/main/java/org/bouncycastle/asn1/x500/X500Name.java index 3166463..50e57c5 100644 --- a/src/main/java/org/bouncycastle/asn1/x500/X500Name.java +++ b/src/main/java/org/bouncycastle/asn1/x500/X500Name.java @@ -4,14 +4,13 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Choice; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x500.style.BCStyle; -import org.bouncycastle.asn1.x509.X509Name; /** * <pre> @@ -28,7 +27,7 @@ import org.bouncycastle.asn1.x509.X509Name; * </pre> */ public class X500Name - extends ASN1Encodable + extends ASN1Object implements ASN1Choice { private static X500NameStyle defaultStyle = BCStyle.INSTANCE; @@ -46,11 +45,11 @@ public class X500Name } /** - * Return a X509Name based on the passed in tagged object. + * Return a X500Name based on the passed in tagged object. * * @param obj tag object holding name. * @param explicit true if explicitly tagged false otherwise. - * @return the X509Name + * @return the X500Name */ public static X500Name getInstance( ASN1TaggedObject obj, @@ -67,13 +66,25 @@ public class X500Name { return (X500Name)obj; } - else if (obj instanceof X509Name) + else if (obj != null) + { + return new X500Name(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + public static X500Name getInstance( + X500NameStyle style, + Object obj) + { + if (obj instanceof X500Name) { - return new X500Name(ASN1Sequence.getInstance(((X509Name)obj).getDERObject())); + return getInstance(style, ((X500Name)obj).toASN1Primitive()); } else if (obj != null) { - return new X500Name(ASN1Sequence.getInstance(obj)); + return new X500Name(style, ASN1Sequence.getInstance(obj)); } return null; @@ -149,12 +160,53 @@ public class X500Name } /** + * return an array of OIDs contained in the attribute type of each RDN in structure order. + * + * @return an array, possibly zero length, of ASN1ObjectIdentifiers objects. + */ + public ASN1ObjectIdentifier[] getAttributeTypes() + { + int count = 0; + + for (int i = 0; i != rdns.length; i++) + { + RDN rdn = rdns[i]; + + count += rdn.size(); + } + + ASN1ObjectIdentifier[] res = new ASN1ObjectIdentifier[count]; + + count = 0; + + for (int i = 0; i != rdns.length; i++) + { + RDN rdn = rdns[i]; + + if (rdn.isMultiValued()) + { + AttributeTypeAndValue[] attr = rdn.getTypesAndValues(); + for (int j = 0; j != attr.length; j++) + { + res[count++] = attr[j].getType(); + } + } + else if (rdn.size() != 0) + { + res[count++] = rdn.getFirst().getType(); + } + } + + return res; + } + + /** * return an array of RDNs containing the attribute type given by OID in structure order. * - * @param oid the type OID we are looking for. + * @param attributeType the type OID we are looking for. * @return an array, possibly zero length, of RDN objects. */ - public RDN[] getRDNs(ASN1ObjectIdentifier oid) + public RDN[] getRDNs(ASN1ObjectIdentifier attributeType) { RDN[] res = new RDN[rdns.length]; int count = 0; @@ -168,7 +220,7 @@ public class X500Name AttributeTypeAndValue[] attr = rdn.getTypesAndValues(); for (int j = 0; j != attr.length; j++) { - if (attr[j].getType().equals(oid)) + if (attr[j].getType().equals(attributeType)) { res[count++] = rdn; break; @@ -177,7 +229,7 @@ public class X500Name } else { - if (rdn.getFirst().getType().equals(oid)) + if (rdn.getFirst().getType().equals(attributeType)) { res[count++] = rdn; } @@ -191,7 +243,7 @@ public class X500Name return tmp; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return new DERSequence(rdns); } @@ -225,16 +277,16 @@ public class X500Name return false; } - DERObject derO = ((DEREncodable)obj).getDERObject(); + ASN1Primitive derO = ((ASN1Encodable)obj).toASN1Primitive(); - if (this.getDERObject().equals(derO)) + if (this.toASN1Primitive().equals(derO)) { return true; } try { - return style.areEqual(this, new X500Name(ASN1Sequence.getInstance(((DEREncodable)obj).getDERObject()))); + return style.areEqual(this, new X500Name(ASN1Sequence.getInstance(((ASN1Encodable)obj).toASN1Primitive()))); } catch (Exception e) { diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java index 5803042..5c60c89 100644 --- a/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java +++ b/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java @@ -5,10 +5,10 @@ import java.util.Hashtable; import java.util.Vector; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERUniversalString; import org.bouncycastle.asn1.x500.AttributeTypeAndValue; import org.bouncycastle.asn1.x500.RDN; @@ -148,7 +148,7 @@ public class IETFUtils } } - return ASN1Object.fromByteArray(data); + return ASN1Primitive.fromByteArray(data); } public static void appendTypeAndValue( @@ -190,7 +190,14 @@ public class IETFUtils } else { - vBuf.append("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); + try + { + vBuf.append("#" + bytesToString(Hex.encode(value.toASN1Primitive().getEncoded(ASN1Encoding.DER)))); + } + catch (IOException e) + { + throw new IllegalArgumentException("Other value has no encoded form"); + } } int end = vBuf.length(); @@ -242,7 +249,7 @@ public class IETFUtils if (value.length() > 0 && value.charAt(0) == '#') { - DERObject obj = decodeObject(value); + ASN1Primitive obj = decodeObject(value); if (obj instanceof ASN1String) { @@ -255,11 +262,11 @@ public class IETFUtils return value; } - private static ASN1Object decodeObject(String oValue) + private static ASN1Primitive decodeObject(String oValue) { try { - return ASN1Object.fromByteArray(Hex.decode(oValue.substring(1))); + return ASN1Primitive.fromByteArray(Hex.decode(oValue.substring(1))); } catch (IOException e) { diff --git a/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java index 7288d38..6f7c3be 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java +++ b/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java @@ -2,20 +2,21 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1SequenceParser; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; public class AlgorithmIdentifier - extends ASN1Encodable + extends ASN1Object { - private DERObjectIdentifier objectId; - private DEREncodable parameters; + private ASN1ObjectIdentifier objectId; + private ASN1Encodable parameters; private boolean parametersDefined = false; public static AlgorithmIdentifier getInstance( @@ -33,9 +34,9 @@ public class AlgorithmIdentifier return (AlgorithmIdentifier)obj; } - if (obj instanceof DERObjectIdentifier) + if (obj instanceof ASN1ObjectIdentifier) { - return new AlgorithmIdentifier((DERObjectIdentifier)obj); + return new AlgorithmIdentifier((ASN1ObjectIdentifier)obj); } if (obj instanceof String) @@ -43,29 +44,57 @@ public class AlgorithmIdentifier return new AlgorithmIdentifier((String)obj); } - if (obj instanceof ASN1Sequence) + if (obj instanceof ASN1Sequence || obj instanceof ASN1SequenceParser) { - return new AlgorithmIdentifier((ASN1Sequence)obj); + return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj)); } throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); } public AlgorithmIdentifier( - DERObjectIdentifier objectId) + ASN1ObjectIdentifier objectId) { this.objectId = objectId; } + /** + * @deprecated use ASN1ObjectIdentifier + * @param objectId + */ public AlgorithmIdentifier( String objectId) { - this.objectId = new DERObjectIdentifier(objectId); + this.objectId = new ASN1ObjectIdentifier(objectId); + } + + /** + * @deprecated use ASN1ObjectIdentifier + * @param objectId + */ + public AlgorithmIdentifier( + DERObjectIdentifier objectId) + { + this.objectId = new ASN1ObjectIdentifier(objectId.getId()); + } + + /** + * @deprecated use ASN1ObjectIdentifier + * @param objectId + * @param parameters + */ + public AlgorithmIdentifier( + DERObjectIdentifier objectId, + ASN1Encodable parameters) + { + parametersDefined = true; + this.objectId = new ASN1ObjectIdentifier(objectId.getId()); + this.parameters = parameters; } public AlgorithmIdentifier( - DERObjectIdentifier objectId, - DEREncodable parameters) + ASN1ObjectIdentifier objectId, + ASN1Encodable parameters) { parametersDefined = true; this.objectId = objectId; @@ -81,7 +110,7 @@ public class AlgorithmIdentifier + seq.size()); } - objectId = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); + objectId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (seq.size() == 2) { @@ -103,12 +132,12 @@ public class AlgorithmIdentifier * @deprecated use getAlgorithm * @return */ - public DERObjectIdentifier getObjectId() + public ASN1ObjectIdentifier getObjectId() { return objectId; } - public DEREncodable getParameters() + public ASN1Encodable getParameters() { return parameters; } @@ -121,7 +150,7 @@ public class AlgorithmIdentifier * parameters ANY DEFINED BY algorithm OPTIONAL } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java b/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java index 2d67a51..21907c6 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java +++ b/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java @@ -2,22 +2,23 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1Choice; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERTaggedObject; public class AttCertIssuer - extends ASN1Encodable + extends ASN1Object implements ASN1Choice { ASN1Encodable obj; - DERObject choiceObj; + ASN1Primitive choiceObj; public static AttCertIssuer getInstance( Object obj) { - if (obj instanceof AttCertIssuer) + if (obj == null || obj instanceof AttCertIssuer) { return (AttCertIssuer)obj; } @@ -58,7 +59,7 @@ public class AttCertIssuer GeneralNames names) { obj = names; - choiceObj = obj.getDERObject(); + choiceObj = obj.toASN1Primitive(); } public AttCertIssuer( @@ -83,7 +84,7 @@ public class AttCertIssuer * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return choiceObj; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java b/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java index a4ab4cd..e157b66 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java +++ b/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java @@ -1,14 +1,14 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class AttCertValidityPeriod - extends ASN1Encodable + extends ASN1Object { DERGeneralizedTime notBeforeTime; DERGeneralizedTime notAfterTime; @@ -20,15 +20,15 @@ public class AttCertValidityPeriod { return (AttCertValidityPeriod)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new AttCertValidityPeriod((ASN1Sequence)obj); + return new AttCertValidityPeriod(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public AttCertValidityPeriod( + private AttCertValidityPeriod( ASN1Sequence seq) { if (seq.size() != 2) @@ -72,7 +72,7 @@ public class AttCertValidityPeriod * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/Attribute.java b/src/main/java/org/bouncycastle/asn1/x509/Attribute.java index 56df178..b8d4bde 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/Attribute.java +++ b/src/main/java/org/bouncycastle/asn1/x509/Attribute.java @@ -2,17 +2,17 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; public class Attribute - extends ASN1Encodable + extends ASN1Object { - private DERObjectIdentifier attrType; + private ASN1ObjectIdentifier attrType; private ASN1Set attrValues; /** @@ -24,20 +24,20 @@ public class Attribute public static Attribute getInstance( Object o) { - if (o == null || o instanceof Attribute) + if (o instanceof Attribute) { return (Attribute)o; } - if (o instanceof ASN1Sequence) + if (o != null) { - return new Attribute((ASN1Sequence)o); + return new Attribute(ASN1Sequence.getInstance(o)); } - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); + return null; } - public Attribute( + private Attribute( ASN1Sequence seq) { if (seq.size() != 2) @@ -45,12 +45,12 @@ public class Attribute throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } - attrType = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); + attrType = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); attrValues = ASN1Set.getInstance(seq.getObjectAt(1)); } public Attribute( - DERObjectIdentifier attrType, + ASN1ObjectIdentifier attrType, ASN1Set attrValues) { this.attrType = attrType; @@ -81,7 +81,7 @@ public class Attribute * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java index 9e79e89..92aa0f7 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java +++ b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java @@ -1,14 +1,14 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class AttributeCertificate - extends ASN1Encodable + extends ASN1Object { AttributeCertificateInfo acinfo; AlgorithmIdentifier signatureAlgorithm; @@ -81,7 +81,7 @@ public class AttributeCertificate * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java index 59ff27a..7b9d450 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java +++ b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java @@ -2,25 +2,26 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class AttributeCertificateInfo - extends ASN1Encodable + extends ASN1Object { - private DERInteger version; + private ASN1Integer version; private Holder holder; private AttCertIssuer issuer; private AlgorithmIdentifier signature; - private DERInteger serialNumber; + private ASN1Integer serialNumber; private AttCertValidityPeriod attrCertValidityPeriod; private ASN1Sequence attributes; private DERBitString issuerUniqueID; - private X509Extensions extensions; + private Extensions extensions; public static AttributeCertificateInfo getInstance( ASN1TaggedObject obj, @@ -36,15 +37,15 @@ public class AttributeCertificateInfo { return (AttributeCertificateInfo)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new AttributeCertificateInfo((ASN1Sequence)obj); + return new AttributeCertificateInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public AttributeCertificateInfo( + private AttributeCertificateInfo( ASN1Sequence seq) { if (seq.size() < 7 || seq.size() > 9) @@ -52,11 +53,11 @@ public class AttributeCertificateInfo throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } - this.version = DERInteger.getInstance(seq.getObjectAt(0)); + this.version = ASN1Integer.getInstance(seq.getObjectAt(0)); this.holder = Holder.getInstance(seq.getObjectAt(1)); this.issuer = AttCertIssuer.getInstance(seq.getObjectAt(2)); this.signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(3)); - this.serialNumber = DERInteger.getInstance(seq.getObjectAt(4)); + this.serialNumber = ASN1Integer.getInstance(seq.getObjectAt(4)); this.attrCertValidityPeriod = AttCertValidityPeriod.getInstance(seq.getObjectAt(5)); this.attributes = ASN1Sequence.getInstance(seq.getObjectAt(6)); @@ -68,14 +69,14 @@ public class AttributeCertificateInfo { this.issuerUniqueID = DERBitString.getInstance(seq.getObjectAt(i)); } - else if (obj instanceof ASN1Sequence || obj instanceof X509Extensions) + else if (obj instanceof ASN1Sequence || obj instanceof Extensions) { - this.extensions = X509Extensions.getInstance(seq.getObjectAt(i)); + this.extensions = Extensions.getInstance(seq.getObjectAt(i)); } } } - public DERInteger getVersion() + public ASN1Integer getVersion() { return version; } @@ -95,7 +96,7 @@ public class AttributeCertificateInfo return signature; } - public DERInteger getSerialNumber() + public ASN1Integer getSerialNumber() { return serialNumber; } @@ -115,7 +116,7 @@ public class AttributeCertificateInfo return issuerUniqueID; } - public X509Extensions getExtensions() + public Extensions getExtensions() { return extensions; } @@ -138,7 +139,7 @@ public class AttributeCertificateInfo * AttCertVersion ::= INTEGER { v2(1) } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java index a3e5a54..9a73dd6 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +++ b/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java @@ -1,20 +1,22 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import java.math.BigInteger; +import java.util.Enumeration; + import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; - -import java.math.BigInteger; -import java.util.Enumeration; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed /** * The AuthorityKeyIdentifier object. @@ -31,11 +33,11 @@ import java.util.Enumeration; * */ public class AuthorityKeyIdentifier - extends ASN1Encodable + extends ASN1Object { ASN1OctetString keyidentifier=null; GeneralNames certissuer=null; - DERInteger certserno=null; + ASN1Integer certserno=null; public static AuthorityKeyIdentifier getInstance( ASN1TaggedObject obj, @@ -51,19 +53,15 @@ public class AuthorityKeyIdentifier { return (AuthorityKeyIdentifier)obj; } - if (obj instanceof ASN1Sequence) - { - return new AuthorityKeyIdentifier((ASN1Sequence)obj); - } - if (obj instanceof X509Extension) + if (obj != null) { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); + return new AuthorityKeyIdentifier(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public AuthorityKeyIdentifier( + protected AuthorityKeyIdentifier( ASN1Sequence seq) { Enumeration e = seq.getObjects(); @@ -81,7 +79,7 @@ public class AuthorityKeyIdentifier this.certissuer = GeneralNames.getInstance(o, false); break; case 2: - this.certserno = DERInteger.getInstance(o, false); + this.certserno = ASN1Integer.getInstance(o, false); break; default: throw new IllegalArgumentException("illegal tag"); @@ -105,7 +103,9 @@ public class AuthorityKeyIdentifier public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki) { - Digest digest = new SHA1Digest(); + // BEGIN android-changed + Digest digest = new OpenSSLDigest.SHA1(); + // END android-changed byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); @@ -123,7 +123,9 @@ public class AuthorityKeyIdentifier GeneralNames name, BigInteger serialNumber) { - Digest digest = new SHA1Digest(); + // BEGIN android-changed + Digest digest = new OpenSSLDigest.SHA1(); + // END android-changed byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); @@ -131,8 +133,8 @@ public class AuthorityKeyIdentifier digest.doFinal(resBuf, 0); this.keyidentifier = new DEROctetString(resBuf); - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); + this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); + this.certserno = new ASN1Integer(serialNumber); } /** @@ -144,8 +146,8 @@ public class AuthorityKeyIdentifier BigInteger serialNumber) { this.keyidentifier = null; - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); + this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); + this.certserno = new ASN1Integer(serialNumber); } /** @@ -169,8 +171,8 @@ public class AuthorityKeyIdentifier BigInteger serialNumber) { this.keyidentifier = new DEROctetString(keyIdentifier); - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); + this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); + this.certserno = new ASN1Integer(serialNumber); } public byte[] getKeyIdentifier() @@ -201,7 +203,7 @@ public class AuthorityKeyIdentifier /** * Produce an object suitable for an ASN1OutputStream. */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java b/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java index 08a0c04..19fa762 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java +++ b/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java @@ -1,23 +1,23 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import java.math.BigInteger; + import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; -import java.math.BigInteger; - public class BasicConstraints - extends ASN1Encodable + extends ASN1Object { // BEGIN android-changed DERBoolean cA = DERBoolean.FALSE; // END android-changed - DERInteger pathLenConstraint = null; + ASN1Integer pathLenConstraint = null; public static BasicConstraints getInstance( ASN1TaggedObject obj, @@ -29,25 +29,23 @@ public class BasicConstraints public static BasicConstraints getInstance( Object obj) { - if (obj == null || obj instanceof BasicConstraints) + if (obj instanceof BasicConstraints) { return (BasicConstraints)obj; } - - if (obj instanceof ASN1Sequence) - { - return new BasicConstraints((ASN1Sequence)obj); - } - if (obj instanceof X509Extension) { return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); } + if (obj != null) + { + return new BasicConstraints(ASN1Sequence.getInstance(obj)); + } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public BasicConstraints( + private BasicConstraints( ASN1Sequence seq) { if (seq.size() == 0) @@ -64,13 +62,13 @@ public class BasicConstraints else { this.cA = null; - this.pathLenConstraint = DERInteger.getInstance(seq.getObjectAt(0)); + this.pathLenConstraint = ASN1Integer.getInstance(seq.getObjectAt(0)); } if (seq.size() > 1) { if (this.cA != null) { - this.pathLenConstraint = DERInteger.getInstance(seq.getObjectAt(1)); + this.pathLenConstraint = ASN1Integer.getInstance(seq.getObjectAt(1)); } else { @@ -80,29 +78,6 @@ public class BasicConstraints } } - /** - * @deprecated use one of the other two unambigous constructors. - * @param cA - * @param pathLenConstraint - */ - public BasicConstraints( - boolean cA, - int pathLenConstraint) - { - if (cA) - { - // BEGIN android-changed - this.cA = DERBoolean.getInstance(cA); - // END android-changed - this.pathLenConstraint = new DERInteger(pathLenConstraint); - } - else - { - this.cA = null; - this.pathLenConstraint = null; - } - } - public BasicConstraints( boolean cA) { @@ -130,7 +105,7 @@ public class BasicConstraints // BEGIN android-changed this.cA = DERBoolean.TRUE; // END android-changed - this.pathLenConstraint = new DERInteger(pathLenConstraint); + this.pathLenConstraint = new ASN1Integer(pathLenConstraint); } public boolean isCA() @@ -157,7 +132,7 @@ public class BasicConstraints * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java b/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java index 67244b1..1ee6aa5 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java +++ b/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java @@ -1,14 +1,14 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class CRLDistPoint - extends ASN1Encodable + extends ASN1Object { ASN1Sequence seq = null; @@ -22,19 +22,19 @@ public class CRLDistPoint public static CRLDistPoint getInstance( Object obj) { - if (obj instanceof CRLDistPoint || obj == null) + if (obj instanceof CRLDistPoint) { return (CRLDistPoint)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new CRLDistPoint((ASN1Sequence)obj); + return new CRLDistPoint(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public CRLDistPoint( + private CRLDistPoint( ASN1Sequence seq) { this.seq = seq; @@ -76,7 +76,7 @@ public class CRLDistPoint * CRLDistPoint ::= SEQUENCE SIZE {1..MAX} OF DistributionPoint * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java b/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java index 5c74abf..95425ba 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java +++ b/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java @@ -1,9 +1,11 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.DERInteger; - import java.math.BigInteger; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; + /** * The CRLNumber object. * <pre> @@ -11,22 +13,42 @@ import java.math.BigInteger; * </pre> */ public class CRLNumber - extends DERInteger + extends ASN1Object { + private BigInteger number; public CRLNumber( BigInteger number) { - super(number); + this.number = number; } public BigInteger getCRLNumber() { - return getPositiveValue(); + return number; } public String toString() { return "CRLNumber: " + getCRLNumber(); } + + public ASN1Primitive toASN1Primitive() + { + return new ASN1Integer(number); + } + + public static CRLNumber getInstance(Object o) + { + if (o instanceof CRLNumber) + { + return (CRLNumber)o; + } + else if (o != null) + { + return new CRLNumber(ASN1Integer.getInstance(o).getValue()); + } + + return null; + } } diff --git a/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java b/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java index dfbccda..621b5c8 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java +++ b/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java @@ -1,6 +1,11 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.DEREnumerated; +import java.math.BigInteger; +import java.util.Hashtable; + +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; /** * The CRLReason enumeration. @@ -20,7 +25,7 @@ import org.bouncycastle.asn1.DEREnumerated; * </pre> */ public class CRLReason - extends DEREnumerated + extends ASN1Object { /** * @deprecated use lower case version @@ -82,16 +87,28 @@ public class CRLReason "removeFromCRL", "privilegeWithdrawn", "aACompromise" }; - public CRLReason( - int reason) + private static final Hashtable table = new Hashtable(); + + private ASN1Enumerated value; + + public static CRLReason getInstance(Object o) { - super(reason); + if (o instanceof CRLReason) + { + return (CRLReason)o; + } + else if (o != null) + { + return lookup(ASN1Enumerated.getInstance(o).getValue().intValue()); + } + + return null; } - public CRLReason( - DEREnumerated reason) + private CRLReason( + int reason) { - super(reason.getValue().intValue()); + value = new ASN1Enumerated(reason); } public String toString() @@ -107,5 +124,29 @@ public class CRLReason str = reasonString[reason]; } return "CRLReason: " + str; - } + } + + public BigInteger getValue() + { + return value.getValue(); + } + + public ASN1Primitive toASN1Primitive() + { + return value; + } + + public static CRLReason lookup(int value) + { + // BEGIN android-changed + Integer idx = Integer.valueOf(value); + // END android-changed + + if (!table.containsKey(idx)) + { + table.put(idx, new CRLReason(value)); + } + + return (CRLReason)table.get(idx); + } } diff --git a/src/main/java/org/bouncycastle/asn1/x509/Certificate.java b/src/main/java/org/bouncycastle/asn1/x509/Certificate.java new file mode 100644 index 0000000..4ca14d4 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/x509/Certificate.java @@ -0,0 +1,131 @@ +package org.bouncycastle.asn1.x509; + +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.x500.X500Name; + +/** + * an X509Certificate structure. + * <pre> + * Certificate ::= SEQUENCE { + * tbsCertificate TBSCertificate, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING + * } + * </pre> + */ +public class Certificate + extends ASN1Object +{ + ASN1Sequence seq; + TBSCertificate tbsCert; + AlgorithmIdentifier sigAlgId; + DERBitString sig; + + public static Certificate getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + public static Certificate getInstance( + Object obj) + { + if (obj instanceof Certificate) + { + return (Certificate)obj; + } + else if (obj != null) + { + return new Certificate(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + private Certificate( + ASN1Sequence seq) + { + this.seq = seq; + + // + // correct x509 certficate + // + if (seq.size() == 3) + { + tbsCert = TBSCertificate.getInstance(seq.getObjectAt(0)); + sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); + + sig = DERBitString.getInstance(seq.getObjectAt(2)); + } + else + { + throw new IllegalArgumentException("sequence wrong size for a certificate"); + } + } + + public TBSCertificate getTBSCertificate() + { + return tbsCert; + } + + public ASN1Integer getVersion() + { + return tbsCert.getVersion(); + } + + public int getVersionNumber() + { + return tbsCert.getVersionNumber(); + } + + public ASN1Integer getSerialNumber() + { + return tbsCert.getSerialNumber(); + } + + public X500Name getIssuer() + { + return tbsCert.getIssuer(); + } + + public Time getStartDate() + { + return tbsCert.getStartDate(); + } + + public Time getEndDate() + { + return tbsCert.getEndDate(); + } + + public X500Name getSubject() + { + return tbsCert.getSubject(); + } + + public SubjectPublicKeyInfo getSubjectPublicKeyInfo() + { + return tbsCert.getSubjectPublicKeyInfo(); + } + + public AlgorithmIdentifier getSignatureAlgorithm() + { + return sigAlgId; + } + + public DERBitString getSignature() + { + return sig; + } + + public ASN1Primitive toASN1Primitive() + { + return seq; + } +} diff --git a/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java b/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java index 40c49c6..91a37ad 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java +++ b/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java @@ -3,13 +3,14 @@ package org.bouncycastle.asn1.x509; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x500.X500Name; /** * PKIX RFC-2459 @@ -25,7 +26,7 @@ import org.bouncycastle.asn1.DERSequence; * </pre> */ public class CertificateList - extends ASN1Encodable + extends ASN1Object { TBSCertList tbsCertList; AlgorithmIdentifier sigAlgId; @@ -93,12 +94,12 @@ public class CertificateList return sig; } - public int getVersion() + public int getVersionNumber() { - return tbsCertList.getVersion(); + return tbsCertList.getVersionNumber(); } - public X509Name getIssuer() + public X500Name getIssuer() { return tbsCertList.getIssuer(); } @@ -113,7 +114,7 @@ public class CertificateList return tbsCertList.getNextUpdate(); } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java b/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java index 50822d6..853bd35 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java +++ b/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java @@ -3,18 +3,18 @@ package org.bouncycastle.asn1.x509; import java.math.BigInteger; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class DSAParameter - extends ASN1Encodable + extends ASN1Object { - DERInteger p, q, g; + ASN1Integer p, q, g; public static DSAParameter getInstance( ASN1TaggedObject obj, @@ -44,9 +44,9 @@ public class DSAParameter BigInteger q, BigInteger g) { - this.p = new DERInteger(p); - this.q = new DERInteger(q); - this.g = new DERInteger(g); + this.p = new ASN1Integer(p); + this.q = new ASN1Integer(q); + this.g = new ASN1Integer(g); } public DSAParameter( @@ -59,9 +59,9 @@ public class DSAParameter Enumeration e = seq.getObjects(); - p = DERInteger.getInstance(e.nextElement()); - q = DERInteger.getInstance(e.nextElement()); - g = DERInteger.getInstance(e.nextElement()); + p = ASN1Integer.getInstance(e.nextElement()); + q = ASN1Integer.getInstance(e.nextElement()); + g = ASN1Integer.getInstance(e.nextElement()); } public BigInteger getP() @@ -79,7 +79,7 @@ public class DSAParameter return g.getPositiveValue(); } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java b/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java index baf93e1..fd17f1b 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java +++ b/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java @@ -2,12 +2,12 @@ package org.bouncycastle.asn1.x509; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; @@ -20,7 +20,7 @@ import org.bouncycastle.asn1.DERSequence; * </pre> */ public class DigestInfo - extends ASN1Encodable + extends ASN1Object { private byte[] digest; private AlgorithmIdentifier algId; @@ -39,12 +39,12 @@ public class DigestInfo { return (DigestInfo)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new DigestInfo((ASN1Sequence)obj); + return new DigestInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public DigestInfo( @@ -74,7 +74,7 @@ public class DigestInfo return digest; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java b/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java index e57c408..ab73dfb 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java +++ b/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java @@ -1,11 +1,11 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -20,7 +20,7 @@ import org.bouncycastle.asn1.DERTaggedObject; * </pre> */ public class DistributionPoint - extends ASN1Encodable + extends ASN1Object { DistributionPointName distributionPoint; ReasonFlags reasons; @@ -94,7 +94,7 @@ public class DistributionPoint return cRLIssuer; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java b/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java index b6a294e..ee06efd 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java +++ b/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java @@ -2,10 +2,10 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1Choice; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERTaggedObject; /** @@ -18,10 +18,10 @@ import org.bouncycastle.asn1.DERTaggedObject; * </pre> */ public class DistributionPointName - extends ASN1Encodable + extends ASN1Object implements ASN1Choice { - DEREncodable name; + ASN1Encodable name; int type; public static final int FULL_NAME = 0; @@ -49,17 +49,6 @@ public class DistributionPointName throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); } - /* - * @deprecated use ASN1Encodable - */ - public DistributionPointName( - int type, - DEREncodable name) - { - this.type = type; - this.name = name; - } - public DistributionPointName( int type, ASN1Encodable name) @@ -109,7 +98,7 @@ public class DistributionPointName } } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return new DERTaggedObject(false, type, name); } diff --git a/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java b/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java index 0811df5..97f1c54 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java +++ b/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java @@ -1,17 +1,17 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - /** * The extendedKeyUsage object. * <pre> @@ -19,7 +19,7 @@ import java.util.Vector; * </pre> */ public class ExtendedKeyUsage - extends ASN1Encodable + extends ASN1Object { Hashtable usageTable = new Hashtable(); ASN1Sequence seq; @@ -39,17 +39,12 @@ public class ExtendedKeyUsage return (ExtendedKeyUsage)obj; } - if(obj instanceof ASN1Sequence) - { - return new ExtendedKeyUsage((ASN1Sequence)obj); - } - - if (obj instanceof X509Extension) + if (obj != null) { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); + return new ExtendedKeyUsage(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("Invalid ExtendedKeyUsage: " + obj.getClass().getName()); + return null; } public ExtendedKeyUsage( @@ -70,9 +65,9 @@ public class ExtendedKeyUsage while (e.hasMoreElements()) { Object o = e.nextElement(); - if (!(o instanceof DERObjectIdentifier)) + if (!(o instanceof ASN1ObjectIdentifier)) { - throw new IllegalArgumentException("Only DERObjectIdentifiers allowed in ExtendedKeyUsage."); + throw new IllegalArgumentException("Only ASN1ObjectIdentifiers allowed in ExtendedKeyUsage."); } this.usageTable.put(o, o); } @@ -86,7 +81,7 @@ public class ExtendedKeyUsage while (e.hasMoreElements()) { - DERObject o = (DERObject)e.nextElement(); + ASN1Primitive o = (ASN1Primitive)e.nextElement(); v.add(o); this.usageTable.put(o, o); @@ -103,7 +98,7 @@ public class ExtendedKeyUsage /** * Returns all extended key usages. - * The returned vector contains DERObjectIdentifiers. + * The returned vector contains ASN1ObjectIdentifiers. * @return A vector with all key purposes. */ public Vector getUsages() @@ -121,7 +116,7 @@ public class ExtendedKeyUsage return usageTable.size(); } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/Extension.java b/src/main/java/org/bouncycastle/asn1/x509/Extension.java new file mode 100644 index 0000000..e6a06d8 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/x509/Extension.java @@ -0,0 +1,266 @@ +package org.bouncycastle.asn1.x509; + +import java.io.IOException; + +import org.bouncycastle.asn1.ASN1Boolean; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DEROctetString; + +/** + * an object for the elements in the X.509 V3 extension block. + */ +public class Extension +{ + /** + * Subject Directory Attributes + */ + public static final ASN1ObjectIdentifier subjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9"); + + /** + * Subject Key Identifier + */ + public static final ASN1ObjectIdentifier subjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14"); + + /** + * Key Usage + */ + public static final ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier("2.5.29.15"); + + /** + * Private Key Usage Period + */ + public static final ASN1ObjectIdentifier privateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16"); + + /** + * Subject Alternative Name + */ + public static final ASN1ObjectIdentifier subjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17"); + + /** + * Issuer Alternative Name + */ + public static final ASN1ObjectIdentifier issuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18"); + + /** + * Basic Constraints + */ + public static final ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19"); + + /** + * CRL Number + */ + public static final ASN1ObjectIdentifier cRLNumber = new ASN1ObjectIdentifier("2.5.29.20"); + + /** + * Reason code + */ + public static final ASN1ObjectIdentifier reasonCode = new ASN1ObjectIdentifier("2.5.29.21"); + + /** + * Hold Instruction Code + */ + public static final ASN1ObjectIdentifier instructionCode = new ASN1ObjectIdentifier("2.5.29.23"); + + /** + * Invalidity Date + */ + public static final ASN1ObjectIdentifier invalidityDate = new ASN1ObjectIdentifier("2.5.29.24"); + + /** + * Delta CRL indicator + */ + public static final ASN1ObjectIdentifier deltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27"); + + /** + * Issuing Distribution Point + */ + public static final ASN1ObjectIdentifier issuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28"); + + /** + * Certificate Issuer + */ + public static final ASN1ObjectIdentifier certificateIssuer = new ASN1ObjectIdentifier("2.5.29.29"); + + /** + * Name Constraints + */ + public static final ASN1ObjectIdentifier nameConstraints = new ASN1ObjectIdentifier("2.5.29.30"); + + /** + * CRL Distribution Points + */ + public static final ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31"); + + /** + * Certificate Policies + */ + public static final ASN1ObjectIdentifier certificatePolicies = new ASN1ObjectIdentifier("2.5.29.32"); + + /** + * Policy Mappings + */ + public static final ASN1ObjectIdentifier policyMappings = new ASN1ObjectIdentifier("2.5.29.33"); + + /** + * Authority Key Identifier + */ + public static final ASN1ObjectIdentifier authorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35"); + + /** + * Policy Constraints + */ + public static final ASN1ObjectIdentifier policyConstraints = new ASN1ObjectIdentifier("2.5.29.36"); + + /** + * Extended Key Usage + */ + public static final ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37"); + + /** + * Freshest CRL + */ + public static final ASN1ObjectIdentifier freshestCRL = new ASN1ObjectIdentifier("2.5.29.46"); + + /** + * Inhibit Any Policy + */ + public static final ASN1ObjectIdentifier inhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54"); + + /** + * Authority Info Access + */ + public static final ASN1ObjectIdentifier authorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1"); + + /** + * Subject Info Access + */ + public static final ASN1ObjectIdentifier subjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11"); + + /** + * Logo Type + */ + public static final ASN1ObjectIdentifier logoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12"); + + /** + * BiometricInfo + */ + public static final ASN1ObjectIdentifier biometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2"); + + /** + * QCStatements + */ + public static final ASN1ObjectIdentifier qCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3"); + + /** + * Audit identity extension in attribute certificates. + */ + public static final ASN1ObjectIdentifier auditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4"); + + /** + * NoRevAvail extension in attribute certificates. + */ + public static final ASN1ObjectIdentifier noRevAvail = new ASN1ObjectIdentifier("2.5.29.56"); + + /** + * TargetInformation extension in attribute certificates. + */ + public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55"); + + private ASN1ObjectIdentifier extnId; + + boolean critical; + ASN1OctetString value; + + public Extension( + ASN1ObjectIdentifier extnId, + ASN1Boolean critical, + ASN1OctetString value) + { + this(extnId, critical.isTrue(), value); + } + + public Extension( + ASN1ObjectIdentifier extnId, + boolean critical, + byte[] value) + { + this(extnId, critical, new DEROctetString(value)); + } + + public Extension( + ASN1ObjectIdentifier extnId, + boolean critical, + ASN1OctetString value) + { + this.extnId = extnId; + this.critical = critical; + this.value = value; + } + + public ASN1ObjectIdentifier getExtnId() + { + return extnId; + } + + public boolean isCritical() + { + return critical; + } + + public ASN1OctetString getExtnValue() + { + return value; + } + + public ASN1Encodable getParsedValue() + { + return convertValueToObject(this); + } + + public int hashCode() + { + if (this.isCritical()) + { + return this.getExtnValue().hashCode(); + } + + return ~this.getExtnValue().hashCode(); + } + + public boolean equals( + Object o) + { + if (!(o instanceof Extension)) + { + return false; + } + + Extension other = (Extension)o; + + return other.getExtnValue().equals(this.getExtnValue()) + && (other.isCritical() == this.isCritical()); + } + + /** + * Convert the value of the passed in extension to an object + * @param ext the extension to parse + * @return the object the value string contains + * @exception IllegalArgumentException if conversion is not possible + */ + private static ASN1Primitive convertValueToObject( + Extension ext) + throws IllegalArgumentException + { + try + { + return ASN1Primitive.fromByteArray(ext.getExtnValue().getOctets()); + } + catch (IOException e) + { + throw new IllegalArgumentException("can't convert extension: " + e); + } + } +} diff --git a/src/main/java/org/bouncycastle/asn1/x509/Extensions.java b/src/main/java/org/bouncycastle/asn1/x509/Extensions.java new file mode 100644 index 0000000..1b93305 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/x509/Extensions.java @@ -0,0 +1,214 @@ +package org.bouncycastle.asn1.x509; + +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import org.bouncycastle.asn1.ASN1Boolean; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; + +public class Extensions + extends ASN1Object +{ + private Hashtable extensions = new Hashtable(); + private Vector ordering = new Vector(); + + public static Extensions getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + public static Extensions getInstance( + Object obj) + { + if (obj instanceof Extensions) + { + return (Extensions)obj; + } + else if (obj != null) + { + return new Extensions(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + /** + * Constructor from ASN1Sequence. + * + * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) + */ + private Extensions( + ASN1Sequence seq) + { + Enumeration e = seq.getObjects(); + + while (e.hasMoreElements()) + { + ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); + + if (s.size() == 3) + { + extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)))); + } + else if (s.size() == 2) + { + extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), false, ASN1OctetString.getInstance(s.getObjectAt(1)))); + } + else + { + throw new IllegalArgumentException("Bad sequence size: " + s.size()); + } + + ordering.addElement(s.getObjectAt(0)); + } + } + + /** + * Base Constructor + * + * @param extensions an array of extensions. + */ + public Extensions( + Extension[] extensions) + { + for (int i = 0; i != extensions.length; i++) + { + Extension ext = extensions[i]; + + this.ordering.addElement(ext.getExtnId()); + this.extensions.put(ext.getExtnId(), ext); + } + } + + /** + * return an Enumeration of the extension field's object ids. + */ + public Enumeration oids() + { + return ordering.elements(); + } + + /** + * return the extension represented by the object identifier + * passed in. + * + * @return the extension if it's present, null otherwise. + */ + public Extension getExtension( + ASN1ObjectIdentifier oid) + { + return (Extension)extensions.get(oid); + } + + /** + * <pre> + * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + * + * Extension ::= SEQUENCE { + * extnId EXTENSION.&id ({ExtensionSet}), + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING } + * </pre> + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector vec = new ASN1EncodableVector(); + Enumeration e = ordering.elements(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = (Extension)extensions.get(oid); + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(oid); + + if (ext.isCritical()) + { + v.add(ASN1Boolean.getInstance(true)); + } + + v.add(ext.getExtnValue()); + + vec.add(new DERSequence(v)); + } + + return new DERSequence(vec); + } + + public boolean equivalent( + Extensions other) + { + if (extensions.size() != other.extensions.size()) + { + return false; + } + + Enumeration e1 = extensions.keys(); + + while (e1.hasMoreElements()) + { + Object key = e1.nextElement(); + + if (!extensions.get(key).equals(other.extensions.get(key))) + { + return false; + } + } + + return true; + } + + public ASN1ObjectIdentifier[] getExtensionOIDs() + { + return toOidArray(ordering); + } + + public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + public ASN1ObjectIdentifier[] getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + private ASN1ObjectIdentifier[] getExtensionOIDs(boolean isCritical) + { + Vector oidVec = new Vector(); + + for (int i = 0; i != ordering.size(); i++) + { + Object oid = ordering.elementAt(i); + + if (((Extension)extensions.get(oid)).isCritical() == isCritical) + { + oidVec.addElement(oid); + } + } + + return toOidArray(oidVec); + } + + private ASN1ObjectIdentifier[] toOidArray(Vector oidVec) + { + ASN1ObjectIdentifier[] oids = new ASN1ObjectIdentifier[oidVec.size()]; + + for (int i = 0; i != oids.length; i++) + { + oids[i] = (ASN1ObjectIdentifier)oidVec.elementAt(i); + } + return oids; + } +} diff --git a/src/main/java/org/bouncycastle/asn1/x509/ExtensionsGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/ExtensionsGenerator.java new file mode 100644 index 0000000..270ef1c --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/x509/ExtensionsGenerator.java @@ -0,0 +1,94 @@ +package org.bouncycastle.asn1.x509; + +import java.io.IOException; +import java.util.Hashtable; +import java.util.Vector; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DEROctetString; + +/** + * Generator for X.509 extensions + */ +public class ExtensionsGenerator +{ + private Hashtable extensions = new Hashtable(); + private Vector extOrdering = new Vector(); + + /** + * Reset the generator + */ + public void reset() + { + extensions = new Hashtable(); + extOrdering = new Vector(); + } + + /** + * Add an extension with the given oid and the passed in value to be included + * in the OCTET STRING associated with the extension. + * + * @param oid OID for the extension. + * @param critical true if critical, false otherwise. + * @param value the ASN.1 object to be included in the extension. + */ + public void addExtension( + ASN1ObjectIdentifier oid, + boolean critical, + ASN1Encodable value) + throws IOException + { + this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); + } + + /** + * Add an extension with the given oid and the passed in byte array to be wrapped in the + * OCTET STRING associated with the extension. + * + * @param oid OID for the extension. + * @param critical true if critical, false otherwise. + * @param value the byte array to be wrapped. + */ + public void addExtension( + ASN1ObjectIdentifier oid, + boolean critical, + byte[] value) + { + if (extensions.containsKey(oid)) + { + throw new IllegalArgumentException("extension " + oid + " already added"); + } + + extOrdering.addElement(oid); + extensions.put(oid, new Extension(oid, critical, new DEROctetString(value))); + } + + /** + * Return true if there are no extension present in this generator. + * + * @return true if empty, false otherwise + */ + public boolean isEmpty() + { + return extOrdering.isEmpty(); + } + + /** + * Generate an Extensions object based on the current state of the generator. + * + * @return an X09Extensions object. + */ + public Extensions generate() + { + Extension[] exts = new Extension[extOrdering.size()]; + + for (int i = 0; i != extOrdering.size(); i++) + { + exts[i] = (Extension)extensions.get(extOrdering.elementAt(i)); + } + + return new Extensions(exts); + } +} diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java index 29fdd72..1829ecd 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java +++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java @@ -6,13 +6,12 @@ import java.util.StringTokenizer; import org.bouncycastle.asn1.ASN1Choice; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x500.X500Name; @@ -44,7 +43,7 @@ import org.bouncycastle.util.IPAddress; * </pre> */ public class GeneralName - extends ASN1Encodable + extends ASN1Object implements ASN1Choice { public static final int otherName = 0; @@ -57,34 +56,28 @@ public class GeneralName public static final int iPAddress = 7; public static final int registeredID = 8; - DEREncodable obj; - int tag; - - public GeneralName( + private ASN1Encodable obj; + private int tag; + + /** + * @deprecated use X500Name constructor. + * @param dirName + */ + public GeneralName( X509Name dirName) { - this.obj = dirName; + this.obj = X500Name.getInstance(dirName); this.tag = 4; } public GeneralName( - X500Name dirName) + X500Name dirName) { this.obj = dirName; this.tag = 4; } /** - * @deprecated this constructor seems the wrong way round! Use GeneralName(tag, name). - */ - public GeneralName( - DERObject name, int tag) - { - this.obj = name; - this.tag = tag; - } - - /** * When the subjectAltName extension contains an Internet mail address, * the address MUST be included as an rfc822Name. The format of an * rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. @@ -154,11 +147,11 @@ public class GeneralName } else if (tag == registeredID) { - this.obj = new DERObjectIdentifier(name); + this.obj = new ASN1ObjectIdentifier(name); } else if (tag == directoryName) { - this.obj = new X509Name(name); + this.obj = new X500Name(name); } else if (tag == iPAddress) { @@ -202,7 +195,7 @@ public class GeneralName case x400Address: throw new IllegalArgumentException("unknown tag: " + tag); case directoryName: - return new GeneralName(tag, X509Name.getInstance(tagObj, true)); + return new GeneralName(tag, X500Name.getInstance(tagObj, true)); case ediPartyName: return new GeneralName(tag, ASN1Sequence.getInstance(tagObj, false)); case uniformResourceIdentifier: @@ -210,7 +203,7 @@ public class GeneralName case iPAddress: return new GeneralName(tag, ASN1OctetString.getInstance(tagObj, false)); case registeredID: - return new GeneralName(tag, DERObjectIdentifier.getInstance(tagObj, false)); + return new GeneralName(tag, ASN1ObjectIdentifier.getInstance(tagObj, false)); } } @@ -218,7 +211,7 @@ public class GeneralName { try { - return getInstance(ASN1Object.fromByteArray((byte[])obj)); + return getInstance(ASN1Primitive.fromByteArray((byte[])obj)); } catch (IOException e) { @@ -241,7 +234,7 @@ public class GeneralName return tag; } - public DEREncodable getName() + public ASN1Encodable getName() { return obj; } @@ -260,7 +253,7 @@ public class GeneralName buf.append(DERIA5String.getInstance(obj).getString()); break; case directoryName: - buf.append(X509Name.getInstance(obj).toString()); + buf.append(X500Name.getInstance(obj).toString()); break; default: buf.append(obj.toString()); @@ -342,7 +335,7 @@ public class GeneralName for (int i = 0; i != maskVal; i++) { - addr[(i / 8) + offset] |= 1 << (i % 8); + addr[(i / 8) + offset] |= 1 << (7 - (i % 8)); } } @@ -364,7 +357,7 @@ public class GeneralName for (int i = 0; i != maskVal; i++) { - res[i / 16] |= 1 << (i % 16); + res[i / 16] |= 1 << (15 - (i % 16)); } return res; } @@ -432,7 +425,7 @@ public class GeneralName return val; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { if (tag == directoryName) // directoryName is explicitly tagged as it is a CHOICE { diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java index f35e10d..bd45407 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java +++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java @@ -1,30 +1,30 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class GeneralNames - extends ASN1Encodable + extends ASN1Object { private final GeneralName[] names; public static GeneralNames getInstance( Object obj) { - if (obj == null || obj instanceof GeneralNames) + if (obj instanceof GeneralNames) { return (GeneralNames)obj; } - if (obj instanceof ASN1Sequence) + if (obj != null) { - return new GeneralNames((ASN1Sequence)obj); + return new GeneralNames(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); + return null; } public static GeneralNames getInstance( @@ -44,8 +44,15 @@ public class GeneralNames { this.names = new GeneralName[] { name }; } - + + public GeneralNames( + GeneralName[] names) + { + this.names = names; + } + + private GeneralNames( ASN1Sequence seq) { this.names = new GeneralName[seq.size()]; @@ -71,7 +78,7 @@ public class GeneralNames * GeneralNames ::= SEQUENCE SIZE {1..MAX} OF GeneralName * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return new DERSequence(names); } diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java index 2a4b1f1..bf72ce6 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java +++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java @@ -2,12 +2,12 @@ package org.bouncycastle.asn1.x509; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -29,17 +29,17 @@ import org.bouncycastle.asn1.DERTaggedObject; * */ public class GeneralSubtree - extends ASN1Encodable + extends ASN1Object { private static final BigInteger ZERO = BigInteger.valueOf(0); private GeneralName base; - private DERInteger minimum; + private ASN1Integer minimum; - private DERInteger maximum; + private ASN1Integer maximum; - public GeneralSubtree( + private GeneralSubtree( ASN1Sequence seq) { base = GeneralName.getInstance(seq.getObjectAt(0)); @@ -53,10 +53,10 @@ public class GeneralSubtree switch (o.getTagNo()) { case 0: - minimum = DERInteger.getInstance(o, false); + minimum = ASN1Integer.getInstance(o, false); break; case 1: - maximum = DERInteger.getInstance(o, false); + maximum = ASN1Integer.getInstance(o, false); break; default: throw new IllegalArgumentException("Bad tag number: " @@ -71,7 +71,7 @@ public class GeneralSubtree { throw new IllegalArgumentException("Bad tag number for 'minimum': " + oMin.getTagNo()); } - minimum = DERInteger.getInstance(oMin, false); + minimum = ASN1Integer.getInstance(oMin, false); } { @@ -80,7 +80,7 @@ public class GeneralSubtree { throw new IllegalArgumentException("Bad tag number for 'maximum': " + oMax.getTagNo()); } - maximum = DERInteger.getInstance(oMax, false); + maximum = ASN1Integer.getInstance(oMax, false); } break; @@ -116,7 +116,7 @@ public class GeneralSubtree this.base = base; if (maximum != null) { - this.maximum = new DERInteger(maximum); + this.maximum = new ASN1Integer(maximum); } if (minimum == null) { @@ -124,7 +124,7 @@ public class GeneralSubtree } else { - this.minimum = new DERInteger(minimum); + this.minimum = new ASN1Integer(minimum); } } @@ -195,9 +195,9 @@ public class GeneralSubtree * } * </pre> * - * @return a DERObject + * @return a ASN1Primitive */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/Holder.java b/src/main/java/org/bouncycastle/asn1/x509/Holder.java index 2425847..6ae6e35 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/Holder.java +++ b/src/main/java/org/bouncycastle/asn1/x509/Holder.java @@ -1,10 +1,10 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -38,15 +38,18 @@ import org.bouncycastle.asn1.DERTaggedObject; * </pre> */ public class Holder - extends ASN1Encodable + extends ASN1Object { + public static final int V1_CERTIFICATE_HOLDER = 0; + public static final int V2_CERTIFICATE_HOLDER = 1; + IssuerSerial baseCertificateID; GeneralNames entityName; ObjectDigestInfo objectDigestInfo; - private int version = 1; + private int version = V2_CERTIFICATE_HOLDER; public static Holder getInstance(Object obj) { @@ -54,24 +57,24 @@ public class Holder { return (Holder)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj instanceof ASN1TaggedObject) { - return new Holder((ASN1Sequence)obj); + return new Holder(ASN1TaggedObject.getInstance(obj)); } - else if (obj instanceof ASN1TaggedObject) + else if (obj != null) { - return new Holder((ASN1TaggedObject)obj); + return new Holder(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } /** - * Constructor for a holder for an v1 attribute certificate. + * Constructor for a holder for an V1 attribute certificate. * * @param tagObj The ASN.1 tagged holder object. */ - public Holder(ASN1TaggedObject tagObj) + private Holder(ASN1TaggedObject tagObj) { switch (tagObj.getTagNo()) { @@ -88,11 +91,11 @@ public class Holder } /** - * Constructor for a holder for an v2 attribute certificate. * + * Constructor for a holder for an V2 attribute certificate. * * @param seq The ASN.1 sequence. */ - public Holder(ASN1Sequence seq) + private Holder(ASN1Sequence seq) { if (seq.size() > 3) { @@ -125,11 +128,12 @@ public class Holder public Holder(IssuerSerial baseCertificateID) { - this.baseCertificateID = baseCertificateID; + this(baseCertificateID, V2_CERTIFICATE_HOLDER); } /** - * Constructs a holder from a IssuerSerial. + * Constructs a holder from a IssuerSerial for a V1 or V2 certificate. + * . * @param baseCertificateID The IssuerSerial. * @param version The version of the attribute certificate. */ @@ -140,7 +144,7 @@ public class Holder } /** - * Returns 1 for v2 attribute certificates or 0 for v1 attribute + * Returns 1 for V2 attribute certificates or 0 for V1 attribute * certificates. * @return The version of the attribute certificate. */ @@ -150,19 +154,18 @@ public class Holder } /** - * Constructs a holder with an entityName for v2 attribute certificates or - * with a subjectName for v1 attribute certificates. + * Constructs a holder with an entityName for V2 attribute certificates. * * @param entityName The entity or subject name. */ public Holder(GeneralNames entityName) { - this.entityName = entityName; + this(entityName, V2_CERTIFICATE_HOLDER); } /** - * Constructs a holder with an entityName for v2 attribute certificates or - * with a subjectName for v1 attribute certificates. + * Constructs a holder with an entityName for V2 attribute certificates or + * with a subjectName for V1 attribute certificates. * * @param entityName The entity or subject name. * @param version The version of the attribute certificate. @@ -189,8 +192,8 @@ public class Holder } /** - * Returns the entityName for an v2 attribute certificate or the subjectName - * for an v1 attribute certificate. + * Returns the entityName for an V2 attribute certificate or the subjectName + * for an V1 attribute certificate. * * @return The entityname or subjectname. */ @@ -204,7 +207,7 @@ public class Holder return objectDigestInfo; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { if (version == 1) { diff --git a/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java b/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java index ceb639f..d082a9d 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java +++ b/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java @@ -1,19 +1,19 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class IssuerSerial - extends ASN1Encodable + extends ASN1Object { GeneralNames issuer; - DERInteger serial; + ASN1Integer serial; DERBitString issuerUID; public static IssuerSerial getInstance( @@ -48,7 +48,7 @@ public class IssuerSerial } issuer = GeneralNames.getInstance(seq.getObjectAt(0)); - serial = DERInteger.getInstance(seq.getObjectAt(1)); + serial = ASN1Integer.getInstance(seq.getObjectAt(1)); if (seq.size() == 3) { @@ -58,7 +58,7 @@ public class IssuerSerial public IssuerSerial( GeneralNames issuer, - DERInteger serial) + ASN1Integer serial) { this.issuer = issuer; this.serial = serial; @@ -69,7 +69,7 @@ public class IssuerSerial return issuer; } - public DERInteger getSerial() + public ASN1Integer getSerial() { return serial; } @@ -89,7 +89,7 @@ public class IssuerSerial * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java b/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java index 8900531..e31471c 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java +++ b/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java @@ -1,11 +1,11 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -21,7 +21,7 @@ import org.bouncycastle.asn1.DERTaggedObject; * </pre> */ public class IssuingDistributionPoint - extends ASN1Encodable + extends ASN1Object { private DistributionPointName distributionPoint; @@ -47,16 +47,16 @@ public class IssuingDistributionPoint public static IssuingDistributionPoint getInstance( Object obj) { - if (obj == null || obj instanceof IssuingDistributionPoint) + if (obj instanceof IssuingDistributionPoint) { return (IssuingDistributionPoint)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new IssuingDistributionPoint((ASN1Sequence)obj); + return new IssuingDistributionPoint(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } /** @@ -127,9 +127,27 @@ public class IssuingDistributionPoint } /** - * Constructor from ASN1Sequence + * Shorthand Constructor from given details. + * + * @param distributionPoint + * May contain an URI as pointer to most current CRL. + * @param indirectCRL + * If <code>true</code> then the CRL contains revocation + * information about certificates ssued by other CAs. + * @param onlyContainsAttributeCerts Covers revocation information for attribute certificates. */ public IssuingDistributionPoint( + DistributionPointName distributionPoint, + boolean indirectCRL, + boolean onlyContainsAttributeCerts) + { + this(distributionPoint, false, false, null, indirectCRL, onlyContainsAttributeCerts); + } + + /** + * Constructor from ASN1Sequence + */ + private IssuingDistributionPoint( ASN1Sequence seq) { this.seq = seq; @@ -202,7 +220,7 @@ public class IssuingDistributionPoint return onlySomeReasons; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java index 425e043..542a26b 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java +++ b/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java @@ -1,6 +1,6 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; /** * The KeyPurposeId object. @@ -13,7 +13,7 @@ import org.bouncycastle.asn1.DERObjectIdentifier; * </pre> */ public class KeyPurposeId - extends DERObjectIdentifier + extends ASN1ObjectIdentifier { private static final String id_kp = "1.3.6.1.5.5.7.3"; diff --git a/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java b/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java index 1383d39..02096f2 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java +++ b/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java @@ -3,20 +3,34 @@ package org.bouncycastle.asn1.x509; import java.util.Enumeration; import java.util.Vector; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; public class NameConstraints - extends ASN1Encodable + extends ASN1Object { private ASN1Sequence permitted, excluded; - public NameConstraints(ASN1Sequence seq) + public static NameConstraints getInstance(Object obj) + { + if (obj instanceof NameConstraints) + { + return (NameConstraints)obj; + } + if (obj != null) + { + return new NameConstraints(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + private NameConstraints(ASN1Sequence seq) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) @@ -85,7 +99,7 @@ public class NameConstraints * NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees * OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java b/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java index b881509..7a2d77e 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java +++ b/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java @@ -1,13 +1,14 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; /** @@ -31,7 +32,7 @@ import org.bouncycastle.asn1.DERSequence; * */ public class ObjectDigestInfo - extends ASN1Encodable + extends ASN1Object { /** * The public key is hashed. @@ -48,9 +49,9 @@ public class ObjectDigestInfo */ public final static int otherObjectDigest = 2; - DEREnumerated digestedObjectType; + ASN1Enumerated digestedObjectType; - DERObjectIdentifier otherObjectTypeID; + ASN1ObjectIdentifier otherObjectTypeID; AlgorithmIdentifier digestAlgorithm; @@ -59,18 +60,17 @@ public class ObjectDigestInfo public static ObjectDigestInfo getInstance( Object obj) { - if (obj == null || obj instanceof ObjectDigestInfo) + if (obj instanceof ObjectDigestInfo) { return (ObjectDigestInfo)obj; } - if (obj instanceof ASN1Sequence) + if (obj != null) { - return new ObjectDigestInfo((ASN1Sequence)obj); + return new ObjectDigestInfo(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); + return null; } public static ObjectDigestInfo getInstance( @@ -95,18 +95,17 @@ public class ObjectDigestInfo */ public ObjectDigestInfo( int digestedObjectType, - String otherObjectTypeID, + ASN1ObjectIdentifier otherObjectTypeID, AlgorithmIdentifier digestAlgorithm, byte[] objectDigest) { - this.digestedObjectType = new DEREnumerated(digestedObjectType); + this.digestedObjectType = new ASN1Enumerated(digestedObjectType); if (digestedObjectType == otherObjectDigest) { - this.otherObjectTypeID = new DERObjectIdentifier(otherObjectTypeID); + this.otherObjectTypeID = otherObjectTypeID; } - this.digestAlgorithm = digestAlgorithm; - + this.digestAlgorithm = digestAlgorithm; this.objectDigest = new DERBitString(objectDigest); } @@ -125,7 +124,7 @@ public class ObjectDigestInfo if (seq.size() == 4) { - otherObjectTypeID = DERObjectIdentifier.getInstance(seq.getObjectAt(1)); + otherObjectTypeID = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(1)); offset++; } @@ -139,7 +138,7 @@ public class ObjectDigestInfo return digestedObjectType; } - public DERObjectIdentifier getOtherObjectTypeID() + public ASN1ObjectIdentifier getOtherObjectTypeID() { return otherObjectTypeID; } @@ -173,7 +172,7 @@ public class ObjectDigestInfo * * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java b/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java index b4373b0..d1de26f 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java +++ b/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java @@ -1,19 +1,19 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; public class PolicyInformation - extends ASN1Encodable + extends ASN1Object { - private DERObjectIdentifier policyIdentifier; + private ASN1ObjectIdentifier policyIdentifier; private ASN1Sequence policyQualifiers; - public PolicyInformation( + private PolicyInformation( ASN1Sequence seq) { if (seq.size() < 1 || seq.size() > 2) @@ -22,7 +22,7 @@ public class PolicyInformation + seq.size()); } - policyIdentifier = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); + policyIdentifier = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { @@ -31,13 +31,13 @@ public class PolicyInformation } public PolicyInformation( - DERObjectIdentifier policyIdentifier) + ASN1ObjectIdentifier policyIdentifier) { this.policyIdentifier = policyIdentifier; } public PolicyInformation( - DERObjectIdentifier policyIdentifier, + ASN1ObjectIdentifier policyIdentifier, ASN1Sequence policyQualifiers) { this.policyIdentifier = policyIdentifier; @@ -55,7 +55,7 @@ public class PolicyInformation return new PolicyInformation(ASN1Sequence.getInstance(obj)); } - public DERObjectIdentifier getPolicyIdentifier() + public ASN1ObjectIdentifier getPolicyIdentifier() { return policyIdentifier; } @@ -71,7 +71,7 @@ public class PolicyInformation * policyQualifiers SEQUENCE SIZE (1..MAX) OF * PolicyQualifierInfo OPTIONAL } */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java b/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java index 0047f6a..91c8725 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java +++ b/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java @@ -3,16 +3,19 @@ package org.bouncycastle.asn1.x509; import java.math.BigInteger; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; +/** + * @deprecated use org.bouncycastle.asn1.pkcs.RSAPublicKey + */ public class RSAPublicKeyStructure - extends ASN1Encodable + extends ASN1Object { private BigInteger modulus; private BigInteger publicExponent; @@ -59,8 +62,8 @@ public class RSAPublicKeyStructure Enumeration e = seq.getObjects(); - modulus = DERInteger.getInstance(e.nextElement()).getPositiveValue(); - publicExponent = DERInteger.getInstance(e.nextElement()).getPositiveValue(); + modulus = ASN1Integer.getInstance(e.nextElement()).getPositiveValue(); + publicExponent = ASN1Integer.getInstance(e.nextElement()).getPositiveValue(); } public BigInteger getModulus() @@ -83,12 +86,12 @@ public class RSAPublicKeyStructure * </pre> * <p> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(getModulus())); - v.add(new DERInteger(getPublicExponent())); + v.add(new ASN1Integer(getModulus())); + v.add(new ASN1Integer(getPublicExponent())); return new DERSequence(v); } diff --git a/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java b/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java index 8701b1e..29af48f 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +++ b/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java @@ -1,12 +1,14 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed /** * The SubjectKeyIdentifier object. @@ -15,7 +17,7 @@ import org.bouncycastle.crypto.digests.SHA1Digest; * </pre> */ public class SubjectKeyIdentifier - extends ASN1Encodable + extends ASN1Object { private byte[] keyidentifier; @@ -33,42 +35,43 @@ public class SubjectKeyIdentifier { return (SubjectKeyIdentifier)obj; } - - if (obj instanceof SubjectPublicKeyInfo) - { - return new SubjectKeyIdentifier((SubjectPublicKeyInfo)obj); - } - - if (obj instanceof ASN1OctetString) - { - return new SubjectKeyIdentifier((ASN1OctetString)obj); - } - - if (obj instanceof X509Extension) + else if (obj != null) { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); + return new SubjectKeyIdentifier(ASN1OctetString.getInstance(obj)); } - throw new IllegalArgumentException("Invalid SubjectKeyIdentifier: " + obj.getClass().getName()); + return null; } - + public SubjectKeyIdentifier( byte[] keyid) { - this.keyidentifier=keyid; + this.keyidentifier = keyid; } - public SubjectKeyIdentifier( - ASN1OctetString keyid) + protected SubjectKeyIdentifier( + ASN1OctetString keyid) + { + this.keyidentifier = keyid.getOctets(); + } + + public byte[] getKeyIdentifier() + { + return keyidentifier; + } + + public ASN1Primitive toASN1Primitive() { - this.keyidentifier=keyid.getOctets(); + return new DEROctetString(keyidentifier); } + /** * Calculates the keyidentifier using a SHA1 hash over the BIT STRING * from SubjectPublicKeyInfo as defined in RFC3280. * * @param spki the subject public key info. + * @deprecated */ public SubjectKeyIdentifier( SubjectPublicKeyInfo spki) @@ -76,16 +79,6 @@ public class SubjectKeyIdentifier this.keyidentifier = getDigest(spki); } - public byte[] getKeyIdentifier() - { - return keyidentifier; - } - - public DERObject toASN1Object() - { - return new DEROctetString(keyidentifier); - } - /** * Return a RFC 3280 type 1 key identifier. As in: * <pre> @@ -95,6 +88,7 @@ public class SubjectKeyIdentifier * </pre> * @param keyInfo the key info object containing the subjectPublicKey field. * @return the key identifier. + * @deprecated use org.bouncycastle.cert.X509ExtensionUtils.createSubjectKeyIdentifier */ public static SubjectKeyIdentifier createSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo) { @@ -110,6 +104,7 @@ public class SubjectKeyIdentifier * </pre> * @param keyInfo the key info object containing the subjectPublicKey field. * @return the key identifier. + * @deprecated use org.bouncycastle.cert.X509ExtensionUtils.createTruncatedSubjectKeyIdentifier */ public static SubjectKeyIdentifier createTruncatedSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo) { @@ -126,7 +121,9 @@ public class SubjectKeyIdentifier private static byte[] getDigest(SubjectPublicKeyInfo spki) { - Digest digest = new SHA1Digest(); + // BEGIN android-changed + Digest digest = new OpenSSLDigest.SHA1(); + // END android-changed byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java b/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java index 9af439d..660ca05 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java +++ b/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java @@ -6,11 +6,11 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; /** @@ -20,7 +20,7 @@ import org.bouncycastle.asn1.DERSequence; * encoded one of these. */ public class SubjectPublicKeyInfo - extends ASN1Encodable + extends ASN1Object { private AlgorithmIdentifier algId; private DERBitString keyData; @@ -49,7 +49,7 @@ public class SubjectPublicKeyInfo public SubjectPublicKeyInfo( AlgorithmIdentifier algId, - DEREncodable publicKey) + ASN1Encodable publicKey) { this.keyData = new DERBitString(publicKey); this.algId = algId; @@ -78,6 +78,15 @@ public class SubjectPublicKeyInfo this.keyData = DERBitString.getInstance(e.nextElement()); } + public AlgorithmIdentifier getAlgorithm() + { + return algId; + } + + /** + * @deprecated use getAlgorithm() + * @return alg ID. + */ public AlgorithmIdentifier getAlgorithmId() { return algId; @@ -89,8 +98,9 @@ public class SubjectPublicKeyInfo * * @exception IOException - if the bit string doesn't represent a DER * encoded object. + * @return the public key as an ASN.1 primitive. */ - public DERObject getPublicKey() + public ASN1Primitive parsePublicKey() throws IOException { ASN1InputStream aIn = new ASN1InputStream(keyData.getBytes()); @@ -99,7 +109,26 @@ public class SubjectPublicKeyInfo } /** - * for when the public key is raw bits... + * for when the public key is an encoded object - if the bitstring + * can't be decoded this routine throws an IOException. + * + * @exception IOException - if the bit string doesn't represent a DER + * encoded object. + * @deprecated use parsePublicKey + * @return the public key as an ASN.1 primitive. + */ + public ASN1Primitive getPublicKey() + throws IOException + { + ASN1InputStream aIn = new ASN1InputStream(keyData.getBytes()); + + return aIn.readObject(); + } + + /** + * for when the public key is raw bits. + * + * @return the public key as the raw bit string... */ public DERBitString getPublicKeyData() { @@ -114,7 +143,7 @@ public class SubjectPublicKeyInfo * publicKey BIT STRING } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java index 128a1a1..ce657a7 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java +++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java @@ -2,14 +2,17 @@ package org.bouncycastle.asn1.x509; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; +import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTCTime; +import org.bouncycastle.asn1.x500.X500Name; /** * PKIX RFC-2459 - TBSCertList object. @@ -33,18 +36,16 @@ import org.bouncycastle.asn1.DERUTCTime; * </pre> */ public class TBSCertList - extends ASN1Encodable + extends ASN1Object { public static class CRLEntry - extends ASN1Encodable + extends ASN1Object { ASN1Sequence seq; - DERInteger userCertificate; - Time revocationDate; - X509Extensions crlEntryExtensions; + Extensions crlEntryExtensions; - public CRLEntry( + private CRLEntry( ASN1Sequence seq) { if (seq.size() < 2 || seq.size() > 3) @@ -53,35 +54,51 @@ public class TBSCertList } this.seq = seq; + } + + public static CRLEntry getInstance(Object o) + { + if (o instanceof CRLEntry) + { + return ((CRLEntry)o); + } + else if (o != null) + { + return new CRLEntry(ASN1Sequence.getInstance(o)); + } - userCertificate = DERInteger.getInstance(seq.getObjectAt(0)); - revocationDate = Time.getInstance(seq.getObjectAt(1)); + return null; } - public DERInteger getUserCertificate() + public ASN1Integer getUserCertificate() { - return userCertificate; + return ASN1Integer.getInstance(seq.getObjectAt(0)); } public Time getRevocationDate() { - return revocationDate; + return Time.getInstance(seq.getObjectAt(1)); } - public X509Extensions getExtensions() + public Extensions getExtensions() { if (crlEntryExtensions == null && seq.size() == 3) { - crlEntryExtensions = X509Extensions.getInstance(seq.getObjectAt(2)); + crlEntryExtensions = Extensions.getInstance(seq.getObjectAt(2)); } return crlEntryExtensions; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } + + public boolean hasExtensions() + { + return seq.size() == 3; + } } private class RevokedCertificatesEnumeration @@ -101,7 +118,7 @@ public class TBSCertList public Object nextElement() { - return new CRLEntry(ASN1Sequence.getInstance(en.nextElement())); + return CRLEntry.getInstance(en.nextElement()); } } @@ -119,15 +136,13 @@ public class TBSCertList } } - ASN1Sequence seq; - - DERInteger version; + ASN1Integer version; AlgorithmIdentifier signature; - X509Name issuer; + X500Name issuer; Time thisUpdate; Time nextUpdate; ASN1Sequence revokedCertificates; - X509Extensions crlExtensions; + Extensions crlExtensions; public static TBSCertList getInstance( ASN1TaggedObject obj, @@ -143,12 +158,12 @@ public class TBSCertList { return (TBSCertList)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new TBSCertList((ASN1Sequence)obj); + return new TBSCertList(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public TBSCertList( @@ -161,19 +176,17 @@ public class TBSCertList int seqPos = 0; - this.seq = seq; - - if (seq.getObjectAt(seqPos) instanceof DERInteger) + if (seq.getObjectAt(seqPos) instanceof ASN1Integer) { - version = DERInteger.getInstance(seq.getObjectAt(seqPos++)); + version = ASN1Integer.getInstance(seq.getObjectAt(seqPos++)); } else { - version = new DERInteger(0); + version = null; // version is optional } signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++)); - issuer = X509Name.getInstance(seq.getObjectAt(seqPos++)); + issuer = X500Name.getInstance(seq.getObjectAt(seqPos++)); thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); if (seqPos < seq.size() @@ -193,16 +206,20 @@ public class TBSCertList if (seqPos < seq.size() && seq.getObjectAt(seqPos) instanceof DERTaggedObject) { - crlExtensions = X509Extensions.getInstance(seq.getObjectAt(seqPos)); + crlExtensions = Extensions.getInstance(ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(seqPos), true)); } } - public int getVersion() + public int getVersionNumber() { + if (version == null) + { + return 1; + } return version.getValue().intValue() + 1; } - public DERInteger getVersionNumber() + public ASN1Integer getVersion() { return version; } @@ -212,7 +229,7 @@ public class TBSCertList return signature; } - public X509Name getIssuer() + public X500Name getIssuer() { return issuer; } @@ -238,7 +255,7 @@ public class TBSCertList for (int i = 0; i < entries.length; i++) { - entries[i] = new CRLEntry(ASN1Sequence.getInstance(revokedCertificates.getObjectAt(i))); + entries[i] = CRLEntry.getInstance(revokedCertificates.getObjectAt(i)); } return entries; @@ -254,13 +271,39 @@ public class TBSCertList return new RevokedCertificatesEnumeration(revokedCertificates.getObjects()); } - public X509Extensions getExtensions() + public Extensions getExtensions() { return crlExtensions; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - return seq; + ASN1EncodableVector v = new ASN1EncodableVector(); + + if (version != null) + { + v.add(version); + } + v.add(signature); + v.add(issuer); + + v.add(thisUpdate); + if (nextUpdate != null) + { + v.add(nextUpdate); + } + + // Add CRLEntries if they exist + if (revokedCertificates != null) + { + v.add(revokedCertificates); + } + + if (crlExtensions != null) + { + v.add(new DERTaggedObject(0, crlExtensions)); + } + + return new DERSequence(v); } } diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java new file mode 100644 index 0000000..dc41964 --- /dev/null +++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java @@ -0,0 +1,192 @@ +package org.bouncycastle.asn1.x509; + +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.x500.X500Name; + +/** + * The TBSCertificate object. + * <pre> + * TBSCertificate ::= SEQUENCE { + * version [ 0 ] Version DEFAULT v1(0), + * serialNumber CertificateSerialNumber, + * signature AlgorithmIdentifier, + * issuer Name, + * validity Validity, + * subject Name, + * subjectPublicKeyInfo SubjectPublicKeyInfo, + * issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, + * subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, + * extensions [ 3 ] Extensions OPTIONAL + * } + * </pre> + * <p> + * Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class + * will parse them, but you really shouldn't be creating new ones. + */ +public class TBSCertificate + extends ASN1Object +{ + ASN1Sequence seq; + + ASN1Integer version; + ASN1Integer serialNumber; + AlgorithmIdentifier signature; + X500Name issuer; + Time startDate, endDate; + X500Name subject; + SubjectPublicKeyInfo subjectPublicKeyInfo; + DERBitString issuerUniqueId; + DERBitString subjectUniqueId; + Extensions extensions; + + public static TBSCertificate getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + public static TBSCertificate getInstance( + Object obj) + { + if (obj instanceof TBSCertificate) + { + return (TBSCertificate)obj; + } + else if (obj != null) + { + return new TBSCertificate(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + private TBSCertificate( + ASN1Sequence seq) + { + int seqStart = 0; + + this.seq = seq; + + // + // some certficates don't include a version number - we assume v1 + // + if (seq.getObjectAt(0) instanceof DERTaggedObject) + { + version = ASN1Integer.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); + } + else + { + seqStart = -1; // field 0 is missing! + version = new ASN1Integer(0); + } + + serialNumber = ASN1Integer.getInstance(seq.getObjectAt(seqStart + 1)); + + signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqStart + 2)); + issuer = X500Name.getInstance(seq.getObjectAt(seqStart + 3)); + + // + // before and after dates + // + ASN1Sequence dates = (ASN1Sequence)seq.getObjectAt(seqStart + 4); + + startDate = Time.getInstance(dates.getObjectAt(0)); + endDate = Time.getInstance(dates.getObjectAt(1)); + + subject = X500Name.getInstance(seq.getObjectAt(seqStart + 5)); + + // + // public key info. + // + subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(seqStart + 6)); + + for (int extras = seq.size() - (seqStart + 6) - 1; extras > 0; extras--) + { + DERTaggedObject extra = (DERTaggedObject)seq.getObjectAt(seqStart + 6 + extras); + + switch (extra.getTagNo()) + { + case 1: + issuerUniqueId = DERBitString.getInstance(extra, false); + break; + case 2: + subjectUniqueId = DERBitString.getInstance(extra, false); + break; + case 3: + extensions = Extensions.getInstance(ASN1Sequence.getInstance(extra, true)); + } + } + } + + public int getVersionNumber() + { + return version.getValue().intValue() + 1; + } + + public ASN1Integer getVersion() + { + return version; + } + + public ASN1Integer getSerialNumber() + { + return serialNumber; + } + + public AlgorithmIdentifier getSignature() + { + return signature; + } + + public X500Name getIssuer() + { + return issuer; + } + + public Time getStartDate() + { + return startDate; + } + + public Time getEndDate() + { + return endDate; + } + + public X500Name getSubject() + { + return subject; + } + + public SubjectPublicKeyInfo getSubjectPublicKeyInfo() + { + return subjectPublicKeyInfo; + } + + public DERBitString getIssuerUniqueId() + { + return issuerUniqueId; + } + + public DERBitString getSubjectUniqueId() + { + return subjectUniqueId; + } + + public Extensions getExtensions() + { + return extensions; + } + + public ASN1Primitive toASN1Primitive() + { + return seq; + } +} diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java index 36425d7..2c5d920 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java +++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java @@ -1,13 +1,14 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x500.X500Name; /** * The TBSCertificate object. @@ -30,17 +31,17 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; * will parse them, but you really shouldn't be creating new ones. */ public class TBSCertificateStructure - extends ASN1Encodable + extends ASN1Object implements X509ObjectIdentifiers, PKCSObjectIdentifiers { ASN1Sequence seq; - DERInteger version; - DERInteger serialNumber; + ASN1Integer version; + ASN1Integer serialNumber; AlgorithmIdentifier signature; - X509Name issuer; + X500Name issuer; Time startDate, endDate; - X509Name subject; + X500Name subject; SubjectPublicKeyInfo subjectPublicKeyInfo; DERBitString issuerUniqueId; DERBitString subjectUniqueId; @@ -80,18 +81,18 @@ public class TBSCertificateStructure // if (seq.getObjectAt(0) instanceof DERTaggedObject) { - version = DERInteger.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); + version = ASN1Integer.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); } else { seqStart = -1; // field 0 is missing! - version = new DERInteger(0); + version = new ASN1Integer(0); } - serialNumber = DERInteger.getInstance(seq.getObjectAt(seqStart + 1)); + serialNumber = ASN1Integer.getInstance(seq.getObjectAt(seqStart + 1)); signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqStart + 2)); - issuer = X509Name.getInstance(seq.getObjectAt(seqStart + 3)); + issuer = X500Name.getInstance(seq.getObjectAt(seqStart + 3)); // // before and after dates @@ -101,7 +102,7 @@ public class TBSCertificateStructure startDate = Time.getInstance(dates.getObjectAt(0)); endDate = Time.getInstance(dates.getObjectAt(1)); - subject = X509Name.getInstance(seq.getObjectAt(seqStart + 5)); + subject = X500Name.getInstance(seq.getObjectAt(seqStart + 5)); // // public key info. @@ -131,12 +132,12 @@ public class TBSCertificateStructure return version.getValue().intValue() + 1; } - public DERInteger getVersionNumber() + public ASN1Integer getVersionNumber() { return version; } - public DERInteger getSerialNumber() + public ASN1Integer getSerialNumber() { return serialNumber; } @@ -146,7 +147,7 @@ public class TBSCertificateStructure return signature; } - public X509Name getIssuer() + public X500Name getIssuer() { return issuer; } @@ -161,7 +162,7 @@ public class TBSCertificateStructure return endDate; } - public X509Name getSubject() + public X500Name getSubject() { return subject; } @@ -186,7 +187,7 @@ public class TBSCertificateStructure return extensions; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/Time.java b/src/main/java/org/bouncycastle/asn1/x509/Time.java index d51209d..5bffedc 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/Time.java +++ b/src/main/java/org/bouncycastle/asn1/x509/Time.java @@ -1,22 +1,22 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUTCTime; - import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.SimpleTimeZone; +import org.bouncycastle.asn1.ASN1Choice; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERGeneralizedTime; +import org.bouncycastle.asn1.DERUTCTime; + public class Time - extends ASN1Encodable + extends ASN1Object implements ASN1Choice { - DERObject time; + ASN1Primitive time; public static Time getInstance( ASN1TaggedObject obj, @@ -26,7 +26,7 @@ public class Time } public Time( - DERObject time) + ASN1Primitive time) { if (!(time instanceof DERUTCTime) && !(time instanceof DERGeneralizedTime)) @@ -121,7 +121,7 @@ public class Time * generalTime GeneralizedTime } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return time; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java index 1c3016d..437d6c0 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java +++ b/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java @@ -1,7 +1,7 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTCTime; @@ -24,13 +24,13 @@ import org.bouncycastle.asn1.x500.X500Name; */ public class V1TBSCertificateGenerator { - DERTaggedObject version = new DERTaggedObject(0, new DERInteger(0)); + DERTaggedObject version = new DERTaggedObject(true, 0, new ASN1Integer(0)); - DERInteger serialNumber; + ASN1Integer serialNumber; AlgorithmIdentifier signature; - X509Name issuer; + X500Name issuer; Time startDate, endDate; - X509Name subject; + X500Name subject; SubjectPublicKeyInfo subjectPublicKeyInfo; public V1TBSCertificateGenerator() @@ -38,7 +38,7 @@ public class V1TBSCertificateGenerator } public void setSerialNumber( - DERInteger serialNumber) + ASN1Integer serialNumber) { this.serialNumber = serialNumber; } @@ -49,16 +49,19 @@ public class V1TBSCertificateGenerator this.signature = signature; } + /** + * @deprecated use X500Name method + */ public void setIssuer( X509Name issuer) { - this.issuer = issuer; + this.issuer = X500Name.getInstance(issuer.toASN1Primitive()); } public void setIssuer( X500Name issuer) { - this.issuer = X509Name.getInstance(issuer.getDERObject()); + this.issuer = issuer; } public void setStartDate( @@ -85,16 +88,19 @@ public class V1TBSCertificateGenerator this.endDate = new Time(endDate); } + /** + * @deprecated use X500Name method + */ public void setSubject( X509Name subject) { - this.subject = subject; + this.subject = X500Name.getInstance(subject.toASN1Primitive()); } public void setSubject( X500Name subject) { - this.subject = X509Name.getInstance(subject.getDERObject()); + this.subject = subject; } public void setSubjectPublicKeyInfo( @@ -103,7 +109,7 @@ public class V1TBSCertificateGenerator this.subjectPublicKeyInfo = pubKeyInfo; } - public TBSCertificateStructure generateTBSCertificate() + public TBSCertificate generateTBSCertificate() { if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) @@ -133,6 +139,6 @@ public class V1TBSCertificateGenerator seq.add(subjectPublicKeyInfo); - return new TBSCertificateStructure(new DERSequence(seq)); + return TBSCertificate.getInstance(new DERSequence(seq)); } } diff --git a/src/main/java/org/bouncycastle/asn1/x509/V2Form.java b/src/main/java/org/bouncycastle/asn1/x509/V2Form.java index 1eb77d1..ed5c6ab 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/V2Form.java +++ b/src/main/java/org/bouncycastle/asn1/x509/V2Form.java @@ -1,15 +1,15 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; public class V2Form - extends ASN1Encodable + extends ASN1Object { GeneralNames issuerName; IssuerSerial baseCertificateID; @@ -106,7 +106,7 @@ public class V2Form * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java index 6fccbd0..3d923b6 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java +++ b/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java @@ -1,8 +1,8 @@ package org.bouncycastle.asn1.x509; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTCTime; @@ -28,15 +28,15 @@ import org.bouncycastle.asn1.x500.X500Name; */ public class V3TBSCertificateGenerator { - DERTaggedObject version = new DERTaggedObject(0, new DERInteger(2)); + DERTaggedObject version = new DERTaggedObject(true, 0, new ASN1Integer(2)); - DERInteger serialNumber; + ASN1Integer serialNumber; AlgorithmIdentifier signature; - X509Name issuer; + X500Name issuer; Time startDate, endDate; - X509Name subject; + X500Name subject; SubjectPublicKeyInfo subjectPublicKeyInfo; - X509Extensions extensions; + Extensions extensions; private boolean altNamePresentAndCritical; private DERBitString issuerUniqueID; @@ -47,7 +47,7 @@ public class V3TBSCertificateGenerator } public void setSerialNumber( - DERInteger serialNumber) + ASN1Integer serialNumber) { this.serialNumber = serialNumber; } @@ -58,16 +58,19 @@ public class V3TBSCertificateGenerator this.signature = signature; } + /** + * @deprecated use X500Name method + */ public void setIssuer( X509Name issuer) { - this.issuer = issuer; + this.issuer = X500Name.getInstance(issuer); } public void setIssuer( X500Name issuer) { - this.issuer = X509Name.getInstance(issuer.getDERObject()); + this.issuer = issuer; } public void setStartDate( @@ -94,16 +97,19 @@ public class V3TBSCertificateGenerator this.endDate = endDate; } + /** + * @deprecated use X500Name method + */ public void setSubject( X509Name subject) { - this.subject = subject; + this.subject = X500Name.getInstance(subject.toASN1Primitive()); } public void setSubject( X500Name subject) { - this.subject = X509Name.getInstance(subject.getDERObject()); + this.subject = subject; } public void setIssuerUniqueID( @@ -124,13 +130,23 @@ public class V3TBSCertificateGenerator this.subjectPublicKeyInfo = pubKeyInfo; } + /** + * @deprecated use method taking Extensions + * @param extensions + */ public void setExtensions( X509Extensions extensions) { + setExtensions(Extensions.getInstance(extensions)); + } + + public void setExtensions( + Extensions extensions) + { this.extensions = extensions; if (extensions != null) { - X509Extension altName = extensions.getExtension(X509Extensions.SubjectAlternativeName); + Extension altName = extensions.getExtension(Extension.subjectAlternativeName); if (altName != null && altName.isCritical()) { @@ -139,7 +155,7 @@ public class V3TBSCertificateGenerator } } - public TBSCertificateStructure generateTBSCertificate() + public TBSCertificate generateTBSCertificate() { if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) @@ -188,9 +204,9 @@ public class V3TBSCertificateGenerator if (extensions != null) { - v.add(new DERTaggedObject(3, extensions)); + v.add(new DERTaggedObject(true, 3, extensions)); } - return new TBSCertificateStructure(new DERSequence(v)); + return TBSCertificate.getInstance(new DERSequence(v)); } } diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java b/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java index 8559b69..6830030 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java @@ -1,12 +1,13 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x500.X500Name; /** * an X509Certificate structure. @@ -17,9 +18,10 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; * signature BIT STRING * } * </pre> + * @deprecated use org.bouncycastle.asn1.x509.Certificate */ public class X509CertificateStructure - extends ASN1Encodable + extends ASN1Object implements X509ObjectIdentifiers, PKCSObjectIdentifiers { ASN1Sequence seq; @@ -80,12 +82,12 @@ public class X509CertificateStructure return tbsCert.getVersion(); } - public DERInteger getSerialNumber() + public ASN1Integer getSerialNumber() { return tbsCert.getSerialNumber(); } - public X509Name getIssuer() + public X500Name getIssuer() { return tbsCert.getIssuer(); } @@ -100,7 +102,7 @@ public class X509CertificateStructure return tbsCert.getEndDate(); } - public X509Name getSubject() + public X500Name getSubject() { return tbsCert.getSubject(); } @@ -120,7 +122,7 @@ public class X509CertificateStructure return sig; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return seq; } diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java b/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java index 6098c27..0ae0f80 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java @@ -1,14 +1,14 @@ package org.bouncycastle.asn1.x509; +import java.io.IOException; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DERGeneralizedTime; import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.asn1.DERUTF8String; -import java.io.IOException; - /** * The default converter for X509 DN entries when going from their * string value to ASN.1 strings. @@ -24,8 +24,8 @@ public class X509DefaultEntryConverter * @param value the value associated with it * @return the ASN.1 equivalent for the string value. */ - public DERObject getConvertedValue( - DERObjectIdentifier oid, + public ASN1Primitive getConvertedValue( + ASN1ObjectIdentifier oid, String value) { if (value.length() != 0 && value.charAt(0) == '#') diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java index 8c2cab4..f020bcb 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java @@ -3,9 +3,9 @@ package org.bouncycastle.asn1.x509; import java.io.IOException; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DERBoolean; /** @@ -169,7 +169,7 @@ public class X509Extension public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55"); boolean critical; - ASN1OctetString value; + ASN1OctetString value; public X509Extension( DERBoolean critical, @@ -209,7 +209,6 @@ public class X509Extension return this.getValue().hashCode(); } - return ~this.getValue().hashCode(); } @@ -233,13 +232,13 @@ public class X509Extension * @return the object the value string contains * @exception IllegalArgumentException if conversion is not possible */ - public static ASN1Object convertValueToObject( + public static ASN1Primitive convertValueToObject( X509Extension ext) throws IllegalArgumentException { try { - return ASN1Object.fromByteArray(ext.getValue().getOctets()); + return ASN1Primitive.fromByteArray(ext.getValue().getOctets()); } catch (IOException e) { diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java index a9819f4..5e9bb46 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java @@ -4,19 +4,22 @@ import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; +/** + * @deprecated use Extensions + */ public class X509Extensions - extends ASN1Encodable + extends ASN1Object { /** * Subject Directory Attributes @@ -227,6 +230,11 @@ public class X509Extensions return new X509Extensions((ASN1Sequence)obj); } + if (obj instanceof Extensions) + { + return new X509Extensions((ASN1Sequence)((Extensions)obj).toASN1Primitive()); + } + if (obj instanceof ASN1TaggedObject) { return getInstance(((ASN1TaggedObject)obj).getObject()); @@ -299,14 +307,14 @@ public class X509Extensions while (e.hasMoreElements()) { - this.ordering.addElement(new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId())); + this.ordering.addElement(ASN1ObjectIdentifier.getInstance(e.nextElement())); } e = this.ordering.elements(); while (e.hasMoreElements()) { - ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId()); + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(e.nextElement()); X509Extension ext = (X509Extension)extensions.get(oid); this.extensions.put(oid, ext); @@ -359,7 +367,7 @@ public class X509Extensions * @return the extension if it's present, null otherwise. */ public X509Extension getExtension( - ASN1ObjectIdentifier oid) + DERObjectIdentifier oid) { return (X509Extension)extensions.get(oid); } @@ -370,7 +378,7 @@ public class X509Extensions * @return */ public X509Extension getExtension( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { return (X509Extension)extensions.get(oid); } @@ -385,14 +393,14 @@ public class X509Extensions * extnValue OCTET STRING } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(); Enumeration e = ordering.elements(); while (e.hasMoreElements()) { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); X509Extension ext = (X509Extension)extensions.get(oid); ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java index 0487c8e..468d1b9 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java @@ -1,16 +1,18 @@ package org.bouncycastle.asn1.x509; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; - import java.io.IOException; import java.util.Hashtable; import java.util.Vector; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.DEROctetString; + /** * Generator for X.509 extensions + * @deprecated use org.bouncycastle.asn1.x509.ExtensionsGenerator */ public class X509ExtensionsGenerator { @@ -27,6 +29,28 @@ public class X509ExtensionsGenerator } /** + * @deprecated use ASN1ObjectIdentifier + */ + public void addExtension( + DERObjectIdentifier oid, + boolean critical, + ASN1Encodable value) + { + addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); + } + + /** + * @deprecated use ASN1ObjectIdentifier + */ + public void addExtension( + DERObjectIdentifier oid, + boolean critical, + byte[] value) + { + addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); + } + + /** * Add an extension with the given oid and the passed in value to be included * in the OCTET STRING associated with the extension. * @@ -35,13 +59,13 @@ public class X509ExtensionsGenerator * @param value the ASN.1 object to be included in the extension. */ public void addExtension( - DERObjectIdentifier oid, + ASN1ObjectIdentifier oid, boolean critical, - DEREncodable value) + ASN1Encodable value) { try { - this.addExtension(oid, critical, value.getDERObject().getEncoded(ASN1Encodable.DER)); + this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); } catch (IOException e) { @@ -58,7 +82,7 @@ public class X509ExtensionsGenerator * @param value the byte array to be wrapped. */ public void addExtension( - DERObjectIdentifier oid, + ASN1ObjectIdentifier oid, boolean critical, byte[] value) { diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/src/main/java/org/bouncycastle/asn1/x509/X509Name.java index 89638dd..2dc630f 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509Name.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509Name.java @@ -7,16 +7,16 @@ import java.util.Vector; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.ASN1String; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERString; import org.bouncycastle.asn1.DERUniversalString; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x500.X500Name; @@ -36,177 +36,183 @@ import org.bouncycastle.util.encoders.Hex; * @deprecated use org.bouncycastle.asn1.x500.X500Name. */ public class X509Name - extends ASN1Encodable + extends ASN1Object { /** * country code - StringType(SIZE(2)) + * @deprecated use a X500NameStyle */ - public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6"); + public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6"); /** * organization - StringType(SIZE(1..64)) + * @deprecated use a X500NameStyle */ - public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10"); + public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10"); /** * organizational unit name - StringType(SIZE(1..64)) + * @deprecated use a X500NameStyle */ - public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11"); + public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11"); /** * Title + * @deprecated use a X500NameStyle */ - public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12"); + public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12"); /** * common name - StringType(SIZE(1..64)) + * @deprecated use a X500NameStyle */ - public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3"); + public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3"); /** * device serial number name - StringType(SIZE(1..64)) */ - public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5"); + public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5"); /** * street - StringType(SIZE(1..64)) */ - public static final DERObjectIdentifier STREET = new DERObjectIdentifier("2.5.4.9"); + public static final ASN1ObjectIdentifier STREET = new ASN1ObjectIdentifier("2.5.4.9"); /** * device serial number name - StringType(SIZE(1..64)) */ - public static final DERObjectIdentifier SERIALNUMBER = SN; + public static final ASN1ObjectIdentifier SERIALNUMBER = SN; /** * locality name - StringType(SIZE(1..64)) */ - public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7"); + public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7"); /** * state, or province name - StringType(SIZE(1..64)) */ - public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8"); + public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8"); /** * Naming attributes of type X520name */ - public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4"); - public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42"); - public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43"); - public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44"); - public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45"); + public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4"); + public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42"); + public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43"); + public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44"); + public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45"); /** * businessCategory - DirectoryString(SIZE(1..128) */ - public static final DERObjectIdentifier BUSINESS_CATEGORY = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier BUSINESS_CATEGORY = new ASN1ObjectIdentifier( "2.5.4.15"); /** * postalCode - DirectoryString(SIZE(1..40) */ - public static final DERObjectIdentifier POSTAL_CODE = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier POSTAL_CODE = new ASN1ObjectIdentifier( "2.5.4.17"); /** * dnQualifier - DirectoryString(SIZE(1..64) */ - public static final DERObjectIdentifier DN_QUALIFIER = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier DN_QUALIFIER = new ASN1ObjectIdentifier( "2.5.4.46"); /** * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) */ - public static final DERObjectIdentifier PSEUDONYM = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier PSEUDONYM = new ASN1ObjectIdentifier( "2.5.4.65"); /** * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z */ - public static final DERObjectIdentifier DATE_OF_BIRTH = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier DATE_OF_BIRTH = new ASN1ObjectIdentifier( "1.3.6.1.5.5.7.9.1"); /** * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) */ - public static final DERObjectIdentifier PLACE_OF_BIRTH = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier PLACE_OF_BIRTH = new ASN1ObjectIdentifier( "1.3.6.1.5.5.7.9.2"); /** * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" */ - public static final DERObjectIdentifier GENDER = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier GENDER = new ASN1ObjectIdentifier( "1.3.6.1.5.5.7.9.3"); /** * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 * codes only */ - public static final DERObjectIdentifier COUNTRY_OF_CITIZENSHIP = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier COUNTRY_OF_CITIZENSHIP = new ASN1ObjectIdentifier( "1.3.6.1.5.5.7.9.4"); /** * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166 * codes only */ - public static final DERObjectIdentifier COUNTRY_OF_RESIDENCE = new DERObjectIdentifier( + public static final ASN1ObjectIdentifier COUNTRY_OF_RESIDENCE = new ASN1ObjectIdentifier( "1.3.6.1.5.5.7.9.5"); /** * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64) */ - public static final DERObjectIdentifier NAME_AT_BIRTH = new DERObjectIdentifier("1.3.36.8.3.14"); + public static final ASN1ObjectIdentifier NAME_AT_BIRTH = new ASN1ObjectIdentifier("1.3.36.8.3.14"); /** * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF * DirectoryString(SIZE(1..30)) */ - public static final DERObjectIdentifier POSTAL_ADDRESS = new DERObjectIdentifier("2.5.4.16"); + public static final ASN1ObjectIdentifier POSTAL_ADDRESS = new ASN1ObjectIdentifier("2.5.4.16"); /** * RFC 2256 dmdName */ - public static final DERObjectIdentifier DMD_NAME = new DERObjectIdentifier("2.5.4.54"); + public static final ASN1ObjectIdentifier DMD_NAME = new ASN1ObjectIdentifier("2.5.4.54"); /** * id-at-telephoneNumber */ - public static final DERObjectIdentifier TELEPHONE_NUMBER = X509ObjectIdentifiers.id_at_telephoneNumber; + public static final ASN1ObjectIdentifier TELEPHONE_NUMBER = X509ObjectIdentifiers.id_at_telephoneNumber; /** * id-at-name */ - public static final DERObjectIdentifier NAME = X509ObjectIdentifiers.id_at_name; + public static final ASN1ObjectIdentifier NAME = X509ObjectIdentifiers.id_at_name; /** * Email address (RSA PKCS#9 extension) - IA5String. * <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here. + * @deprecated use a X500NameStyle */ - public static final DERObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress; + public static final ASN1ObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress; /** * more from PKCS#9 */ - public static final DERObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName; - public static final DERObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress; + public static final ASN1ObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName; + public static final ASN1ObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress; /** * email address in Verisign certificates */ - public static final DERObjectIdentifier E = EmailAddress; + public static final ASN1ObjectIdentifier E = EmailAddress; /* * others... */ - public static final DERObjectIdentifier DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25"); + public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25"); /** * LDAP User id. */ - public static final DERObjectIdentifier UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1"); + public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1"); /** * determines whether or not strings should be processed and printed @@ -376,7 +382,7 @@ public class X509Name } else if (obj instanceof X500Name) { - return new X509Name(ASN1Sequence.getInstance(((X500Name)obj).getDERObject())); + return new X509Name(ASN1Sequence.getInstance(((X500Name)obj).toASN1Primitive())); } else if (obj != null) { @@ -404,23 +410,23 @@ public class X509Name while (e.hasMoreElements()) { - ASN1Set set = ASN1Set.getInstance(((DEREncodable)e.nextElement()).getDERObject()); + ASN1Set set = ASN1Set.getInstance(((ASN1Encodable)e.nextElement()).toASN1Primitive()); for (int i = 0; i < set.size(); i++) { - ASN1Sequence s = ASN1Sequence.getInstance(set.getObjectAt(i)); + ASN1Sequence s = ASN1Sequence.getInstance(set.getObjectAt(i).toASN1Primitive()); if (s.size() != 2) { throw new IllegalArgumentException("badly sized pair"); } - ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0))); + ordering.addElement(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0))); - DEREncodable value = s.getObjectAt(1); - if (value instanceof DERString && !(value instanceof DERUniversalString)) + ASN1Encodable value = s.getObjectAt(1); + if (value instanceof ASN1String && !(value instanceof DERUniversalString)) { - String v = ((DERString)value).getString(); + String v = ((ASN1String)value).getString(); if (v.length() > 0 && v.charAt(0) == '#') { values.addElement("\\" + v); @@ -432,7 +438,14 @@ public class X509Name } else { - values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); + try + { + values.addElement("#" + bytesToString(Hex.encode(value.toASN1Primitive().getEncoded(ASN1Encoding.DER)))); + } + catch (IOException e1) + { + throw new IllegalArgumentException("cannot encode value"); + } } // BEGIN android-changed added.addElement(Boolean.valueOf(i != 0)); @@ -513,7 +526,7 @@ public class X509Name for (int i = 0; i != this.ordering.size(); i++) { - DERObjectIdentifier oid = (DERObjectIdentifier)this.ordering.elementAt(i); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)this.ordering.elementAt(i); if (attributes.get(oid) == null) { @@ -625,7 +638,7 @@ public class X509Name * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. lookUp * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids + * yielding a ASN1ObjectIdentifier, other than that OID. and numeric oids * will be processed automatically. * <br> * If reverse is true, create the encoded version of the sequence @@ -642,20 +655,20 @@ public class X509Name this(reverse, lookUp, dirName, new X509DefaultEntryConverter()); } - private DERObjectIdentifier decodeOID( + private ASN1ObjectIdentifier decodeOID( String name, Hashtable lookUp) { if (Strings.toUpperCase(name).startsWith("OID.")) { - return new DERObjectIdentifier(name.substring(4)); + return new ASN1ObjectIdentifier(name.substring(4)); } else if (name.charAt(0) >= '0' && name.charAt(0) <= '9') { - return new DERObjectIdentifier(name); + return new ASN1ObjectIdentifier(name); } - DERObjectIdentifier oid = (DERObjectIdentifier)lookUp.get(Strings.toLowerCase(name)); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)lookUp.get(Strings.toLowerCase(name)); if (oid == null) { throw new IllegalArgumentException("Unknown object id - " + name + " - passed to distinguished name"); @@ -668,7 +681,7 @@ public class X509Name * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. lookUp * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids + * yielding a ASN1ObjectIdentifier, other than that OID. and numeric oids * will be processed automatically. The passed in converter is used to convert the * string values to the right of each equals sign to their ASN.1 counterparts. * <br> @@ -700,7 +713,7 @@ public class X509Name String name = token.substring(0, index); String value = token.substring(index + 1); - DERObjectIdentifier oid = decodeOID(name, lookUp); + ASN1ObjectIdentifier oid = decodeOID(name, lookUp); if (value.indexOf('+') > 0) { @@ -799,7 +812,7 @@ public class X509Name * were found, with the DN label corresponding to passed in oid. */ public Vector getValues( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { Vector v = new Vector(); @@ -823,18 +836,18 @@ public class X509Name return v; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { if (seq == null) { ASN1EncodableVector vec = new ASN1EncodableVector(); ASN1EncodableVector sVec = new ASN1EncodableVector(); - DERObjectIdentifier lstOid = null; + ASN1ObjectIdentifier lstOid = null; for (int i = 0; i != ordering.size(); i++) { ASN1EncodableVector v = new ASN1EncodableVector(); - DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)ordering.elementAt(i); v.add(oid); @@ -887,9 +900,9 @@ public class X509Name return false; } - DERObject derO = ((DEREncodable)obj).getDERObject(); + ASN1Primitive derO = ((ASN1Encodable)obj).toASN1Primitive(); - if (this.getDERObject().equals(derO)) + if (this.toASN1Primitive().equals(derO)) { return true; } @@ -914,8 +927,8 @@ public class X509Name for (int i = 0; i < orderingSize; i++) { - DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); - DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(i); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)ordering.elementAt(i); + ASN1ObjectIdentifier oOid = (ASN1ObjectIdentifier)other.ordering.elementAt(i); if (oid.equals(oOid)) { @@ -975,9 +988,9 @@ public class X509Name return false; } - DERObject derO = ((DEREncodable)obj).getDERObject(); + ASN1Primitive derO = ((ASN1Encodable)obj).toASN1Primitive(); - if (this.getDERObject().equals(derO)) + if (this.toASN1Primitive().equals(derO)) { return true; } @@ -1019,7 +1032,7 @@ public class X509Name for (int i = start; i != end; i += delta) { boolean found = false; - DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)ordering.elementAt(i); String value = (String)values.elementAt(i); for (int j = 0; j < orderingSize; j++) @@ -1029,7 +1042,7 @@ public class X509Name continue; } - DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(j); + ASN1ObjectIdentifier oOid = (ASN1ObjectIdentifier)other.ordering.elementAt(j); if (oid.equals(oOid)) { @@ -1078,22 +1091,22 @@ public class X509Name if (value.length() > 0 && value.charAt(0) == '#') { - DERObject obj = decodeObject(value); + ASN1Primitive obj = decodeObject(value); - if (obj instanceof DERString) + if (obj instanceof ASN1String) { - value = Strings.toLowerCase(((DERString)obj).getString().trim()); + value = Strings.toLowerCase(((ASN1String)obj).getString().trim()); } } return value; } - private ASN1Object decodeObject(String oValue) + private ASN1Primitive decodeObject(String oValue) { try { - return ASN1Object.fromByteArray(Hex.decode(oValue.substring(1))); + return ASN1Primitive.fromByteArray(Hex.decode(oValue.substring(1))); } catch (IOException e) { @@ -1129,7 +1142,7 @@ public class X509Name private void appendValue( StringBuffer buf, Hashtable oidSymbols, - DERObjectIdentifier oid, + ASN1ObjectIdentifier oid, String value) { String sym = (String)oidSymbols.get(oid); @@ -1204,14 +1217,14 @@ public class X509Name { ava.append('+'); appendValue(ava, oidSymbols, - (DERObjectIdentifier)ordering.elementAt(i), + (ASN1ObjectIdentifier)ordering.elementAt(i), (String)values.elementAt(i)); } else { ava = new StringBuffer(); appendValue(ava, oidSymbols, - (DERObjectIdentifier)ordering.elementAt(i), + (ASN1ObjectIdentifier)ordering.elementAt(i), (String)values.elementAt(i)); components.addElement(ava); } diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java b/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java index 5011322..5d919e1 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java @@ -1,13 +1,13 @@ package org.bouncycastle.asn1.x509; +import java.io.IOException; + import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.util.Strings; -import java.io.IOException; - /** * It turns out that the number of standard ways the fields in a DN should be * encoded into their ASN.1 counterparts is rapidly approaching the @@ -19,8 +19,8 @@ import java.io.IOException; * public class X509DirEntryConverter * extends X509NameEntryConverter * { - * public DERObject getConvertedValue( - * DERObjectIdentifier oid, + * public ASN1Primitive getConvertedValue( + * ASN1ObjectIdentifier oid, * String value) * { * if (str.length() != 0 && str.charAt(0) == '#') @@ -56,7 +56,7 @@ public abstract class X509NameEntryConverter * @param off the index at which the encoding starts * @return the decoded object */ - protected DERObject convertHexEncoded( + protected ASN1Primitive convertHexEncoded( String str, int off) throws IOException @@ -109,5 +109,5 @@ public abstract class X509NameEntryConverter * @param value the value of the particular DN component. * @return the ASN.1 equivalent for the value. */ - public abstract DERObject getConvertedValue(DERObjectIdentifier oid, String value); + public abstract ASN1Primitive getConvertedValue(ASN1ObjectIdentifier oid, String value); } diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java index 440e147..32e9346 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java @@ -107,4 +107,4 @@ public class X509NameTokenizer index = end; return buf.toString().trim(); } -}
\ No newline at end of file +} diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java index b1e0ed1..ed4dd32 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java +++ b/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java @@ -47,6 +47,11 @@ public interface X509ObjectIdentifiers static final ASN1ObjectIdentifier id_pe = new ASN1ObjectIdentifier(id_pkix + ".1"); // + // ISO ARC for standard certificate and CRL extensions + // + static final ASN1ObjectIdentifier id_ce = new ASN1ObjectIdentifier("2.5.29"); + + // // authority information access // static final ASN1ObjectIdentifier id_ad = new ASN1ObjectIdentifier(id_pkix + ".48"); diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java b/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java index 7867090..6a97a48 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java +++ b/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java @@ -4,17 +4,17 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class DHDomainParameters - extends ASN1Encodable + extends ASN1Object { - private DERInteger p, g, q, j; + private ASN1Integer p, g, q, j; private DHValidationParms validationParms; public static DHDomainParameters getInstance(ASN1TaggedObject obj, boolean explicit) @@ -38,7 +38,7 @@ public class DHDomainParameters + obj.getClass().getName()); } - public DHDomainParameters(DERInteger p, DERInteger g, DERInteger q, DERInteger j, + public DHDomainParameters(ASN1Integer p, ASN1Integer g, ASN1Integer q, ASN1Integer j, DHValidationParms validationParms) { if (p == null) @@ -69,45 +69,45 @@ public class DHDomainParameters } Enumeration e = seq.getObjects(); - this.p = DERInteger.getInstance(e.nextElement()); - this.g = DERInteger.getInstance(e.nextElement()); - this.q = DERInteger.getInstance(e.nextElement()); + this.p = ASN1Integer.getInstance(e.nextElement()); + this.g = ASN1Integer.getInstance(e.nextElement()); + this.q = ASN1Integer.getInstance(e.nextElement()); - DEREncodable next = getNext(e); + ASN1Encodable next = getNext(e); - if (next != null && next instanceof DERInteger) + if (next != null && next instanceof ASN1Integer) { - this.j = DERInteger.getInstance(next); + this.j = ASN1Integer.getInstance(next); next = getNext(e); } if (next != null) { - this.validationParms = DHValidationParms.getInstance(next.getDERObject()); + this.validationParms = DHValidationParms.getInstance(next.toASN1Primitive()); } } - private static DEREncodable getNext(Enumeration e) + private static ASN1Encodable getNext(Enumeration e) { - return e.hasMoreElements() ? (DEREncodable)e.nextElement() : null; + return e.hasMoreElements() ? (ASN1Encodable)e.nextElement() : null; } - public DERInteger getP() + public ASN1Integer getP() { return this.p; } - public DERInteger getG() + public ASN1Integer getG() { return this.g; } - public DERInteger getQ() + public ASN1Integer getQ() { return this.q; } - public DERInteger getJ() + public ASN1Integer getJ() { return this.j; } @@ -117,7 +117,7 @@ public class DHDomainParameters return this.validationParms; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(this.p); diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java b/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java index daafbeb..7c6d217 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java +++ b/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java @@ -1,18 +1,18 @@ package org.bouncycastle.asn1.x9; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; public class DHPublicKey - extends ASN1Encodable + extends ASN1Object { - private DERInteger y; + private ASN1Integer y; public static DHPublicKey getInstance(ASN1TaggedObject obj, boolean explicit) { - return getInstance(DERInteger.getInstance(obj, explicit)); + return getInstance(ASN1Integer.getInstance(obj, explicit)); } public static DHPublicKey getInstance(Object obj) @@ -22,15 +22,15 @@ public class DHPublicKey return (DHPublicKey)obj; } - if (obj instanceof DERInteger) + if (obj instanceof ASN1Integer) { - return new DHPublicKey((DERInteger)obj); + return new DHPublicKey((ASN1Integer)obj); } throw new IllegalArgumentException("Invalid DHPublicKey: " + obj.getClass().getName()); } - public DHPublicKey(DERInteger y) + public DHPublicKey(ASN1Integer y) { if (y == null) { @@ -40,12 +40,12 @@ public class DHPublicKey this.y = y; } - public DERInteger getY() + public ASN1Integer getY() { return this.y; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return this.y; } diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java b/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java index e801e1c..78b0979 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java +++ b/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java @@ -1,18 +1,18 @@ package org.bouncycastle.asn1.x9; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; -public class DHValidationParms extends ASN1Encodable +public class DHValidationParms extends ASN1Object { private DERBitString seed; - private DERInteger pgenCounter; + private ASN1Integer pgenCounter; public static DHValidationParms getInstance(ASN1TaggedObject obj, boolean explicit) { @@ -34,7 +34,7 @@ public class DHValidationParms extends ASN1Encodable throw new IllegalArgumentException("Invalid DHValidationParms: " + obj.getClass().getName()); } - public DHValidationParms(DERBitString seed, DERInteger pgenCounter) + public DHValidationParms(DERBitString seed, ASN1Integer pgenCounter) { if (seed == null) { @@ -57,7 +57,7 @@ public class DHValidationParms extends ASN1Encodable } this.seed = DERBitString.getInstance(seq.getObjectAt(0)); - this.pgenCounter = DERInteger.getInstance(seq.getObjectAt(1)); + this.pgenCounter = ASN1Integer.getInstance(seq.getObjectAt(1)); } public DERBitString getSeed() @@ -65,12 +65,12 @@ public class DHValidationParms extends ASN1Encodable return this.seed; } - public DERInteger getPgenCounter() + public ASN1Integer getPgenCounter() { return this.pgenCounter; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(this.seed); diff --git a/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java b/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java index bda8dad..06e47b6 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java @@ -1,14 +1,14 @@ package org.bouncycastle.asn1.x9; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - import java.math.BigInteger; import java.util.Enumeration; import java.util.Hashtable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.math.ec.ECCurve; +import org.bouncycastle.util.Strings; +import org.bouncycastle.util.encoders.Hex; + /** * table of the current named curves defined in X.962 EC-DSA. @@ -523,7 +523,7 @@ public class X962NamedCurves static final Hashtable curves = new Hashtable(); static final Hashtable names = new Hashtable(); - static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder) + static void defineCurve(String name, ASN1ObjectIdentifier oid, X9ECParametersHolder holder) { objIds.put(name, oid); names.put(oid, name); @@ -560,7 +560,7 @@ public class X962NamedCurves public static X9ECParameters getByName( String name) { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)objIds.get(Strings.toLowerCase(name)); if (oid != null) { @@ -577,7 +577,7 @@ public class X962NamedCurves * @param oid an object identifier representing a named curve, if present. */ public static X9ECParameters getByOID( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid); @@ -595,17 +595,17 @@ public class X962NamedCurves * * @return the object identifier associated with name, if present. */ - public static DERObjectIdentifier getOID( + public static ASN1ObjectIdentifier getOID( String name) { - return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); + return (ASN1ObjectIdentifier)objIds.get(Strings.toLowerCase(name)); } /** * return the named curve name represented by the given object identifier. */ public static String getName( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { return (String)names.get(oid); } diff --git a/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java index de35186..1c395d2 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java @@ -1,17 +1,17 @@ package org.bouncycastle.asn1.x9; import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Null; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; public class X962Parameters - extends ASN1Encodable + extends ASN1Object implements ASN1Choice { - private DERObject params = null; + private ASN1Primitive params = null; public static X962Parameters getInstance( Object obj) @@ -21,9 +21,9 @@ public class X962Parameters return (X962Parameters)obj; } - if (obj instanceof DERObject) + if (obj instanceof ASN1Primitive) { - return new X962Parameters((DERObject)obj); + return new X962Parameters((ASN1Primitive)obj); } throw new IllegalArgumentException("unknown object in getInstance()"); @@ -39,24 +39,24 @@ public class X962Parameters public X962Parameters( X9ECParameters ecParameters) { - this.params = ecParameters.getDERObject(); + this.params = ecParameters.toASN1Primitive(); } public X962Parameters( - DERObjectIdentifier namedCurve) + ASN1ObjectIdentifier namedCurve) { this.params = namedCurve; } public X962Parameters( - DERObject obj) + ASN1Primitive obj) { this.params = obj; } public boolean isNamedCurve() { - return (params instanceof DERObjectIdentifier); + return (params instanceof ASN1ObjectIdentifier); } public boolean isImplicitlyCA() @@ -64,7 +64,7 @@ public class X962Parameters return (params instanceof ASN1Null); } - public DERObject getParameters() + public ASN1Primitive getParameters() { return params; } @@ -79,8 +79,8 @@ public class X962Parameters * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - return params; + return (ASN1Primitive)params; } } diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java index 8f46c07..5c5afdb 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java @@ -2,14 +2,14 @@ package org.bouncycastle.asn1.x9; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.math.ec.ECCurve; @@ -18,12 +18,12 @@ import org.bouncycastle.math.ec.ECCurve; * X9.62, for further details. */ public class X9Curve - extends ASN1Encodable + extends ASN1Object implements X9ObjectIdentifiers { private ECCurve curve; private byte[] seed; - private DERObjectIdentifier fieldIdentifier = null; + private ASN1ObjectIdentifier fieldIdentifier = null; public X9Curve( ECCurve curve) @@ -49,7 +49,7 @@ public class X9Curve fieldIdentifier = fieldID.getIdentifier(); if (fieldIdentifier.equals(prime_field)) { - BigInteger p = ((DERInteger)fieldID.getParameters()).getValue(); + BigInteger p = ((ASN1Integer)fieldID.getParameters()).getValue(); X9FieldElement x9A = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(0)); X9FieldElement x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1)); curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); @@ -59,11 +59,11 @@ public class X9Curve if (fieldIdentifier.equals(characteristic_two_field)) { // Characteristic two field - DERSequence parameters = (DERSequence)fieldID.getParameters(); - int m = ((DERInteger)parameters.getObjectAt(0)).getValue(). + ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); + int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). intValue(); - DERObjectIdentifier representation - = (DERObjectIdentifier)parameters.getObjectAt(1); + ASN1ObjectIdentifier representation + = (ASN1ObjectIdentifier)parameters.getObjectAt(1); int k1 = 0; int k2 = 0; @@ -71,7 +71,7 @@ public class X9Curve if (representation.equals(tpBasis)) { // Trinomial basis representation - k1 = ((DERInteger)parameters.getObjectAt(2)).getValue(). + k1 = ((ASN1Integer)parameters.getObjectAt(2)).getValue(). intValue(); } else @@ -79,11 +79,11 @@ public class X9Curve // Pentanomial basis representation DERSequence pentanomial = (DERSequence)parameters.getObjectAt(2); - k1 = ((DERInteger)pentanomial.getObjectAt(0)).getValue(). + k1 = ((ASN1Integer)pentanomial.getObjectAt(0)).getValue(). intValue(); - k2 = ((DERInteger)pentanomial.getObjectAt(1)).getValue(). + k2 = ((ASN1Integer)pentanomial.getObjectAt(1)).getValue(). intValue(); - k3 = ((DERInteger)pentanomial.getObjectAt(2)).getValue(). + k3 = ((ASN1Integer)pentanomial.getObjectAt(2)).getValue(). intValue(); } X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); @@ -136,19 +136,19 @@ public class X9Curve * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); if (fieldIdentifier.equals(prime_field)) { - v.add(new X9FieldElement(curve.getA()).getDERObject()); - v.add(new X9FieldElement(curve.getB()).getDERObject()); + v.add(new X9FieldElement(curve.getA()).toASN1Primitive()); + v.add(new X9FieldElement(curve.getB()).toASN1Primitive()); } else if (fieldIdentifier.equals(characteristic_two_field)) { - v.add(new X9FieldElement(curve.getA()).getDERObject()); - v.add(new X9FieldElement(curve.getB()).getDERObject()); + v.add(new X9FieldElement(curve.getA()).toASN1Primitive()); + v.add(new X9FieldElement(curve.getB()).toASN1Primitive()); } if (seed != null) diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java index c3b0d66..e059089 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java @@ -1,23 +1,23 @@ package org.bouncycastle.asn1.x9; -import org.bouncycastle.asn1.ASN1Encodable; +import java.math.BigInteger; + import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; -import java.math.BigInteger; - /** * ASN.1 def for Elliptic-Curve ECParameters structure. See * X9.62, for further details. */ public class X9ECParameters - extends ASN1Encodable + extends ASN1Object implements X9ObjectIdentifiers { private static final BigInteger ONE = BigInteger.valueOf(1); @@ -29,11 +29,11 @@ public class X9ECParameters private BigInteger h; private byte[] seed; - public X9ECParameters( + private X9ECParameters( ASN1Sequence seq) { - if (!(seq.getObjectAt(0) instanceof DERInteger) - || !((DERInteger)seq.getObjectAt(0)).getValue().equals(ONE)) + if (!(seq.getObjectAt(0) instanceof ASN1Integer) + || !((ASN1Integer)seq.getObjectAt(0)).getValue().equals(ONE)) { throw new IllegalArgumentException("bad version in X9ECParameters"); } @@ -44,13 +44,28 @@ public class X9ECParameters this.curve = x9c.getCurve(); this.g = new X9ECPoint(curve, (ASN1OctetString)seq.getObjectAt(3)).getPoint(); - this.n = ((DERInteger)seq.getObjectAt(4)).getValue(); + this.n = ((ASN1Integer)seq.getObjectAt(4)).getValue(); this.seed = x9c.getSeed(); if (seq.size() == 6) { - this.h = ((DERInteger)seq.getObjectAt(5)).getValue(); + this.h = ((ASN1Integer)seq.getObjectAt(5)).getValue(); + } + } + + public static X9ECParameters getInstance(Object obj) + { + if (obj instanceof X9ECParameters) + { + return (X9ECParameters)obj; } + + if (obj != null) + { + return new X9ECParameters(ASN1Sequence.getInstance(obj)); + } + + return null; } public X9ECParameters( @@ -141,19 +156,19 @@ public class X9ECParameters * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(1)); + v.add(new ASN1Integer(1)); v.add(fieldID); v.add(new X9Curve(curve, seed)); v.add(new X9ECPoint(g)); - v.add(new DERInteger(n)); + v.add(new ASN1Integer(n)); if (h != null) { - v.add(new DERInteger(h)); + v.add(new ASN1Integer(h)); } return new DERSequence(v); diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java index 470b3d6..a4acb6e 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java @@ -1,8 +1,8 @@ package org.bouncycastle.asn1.x9; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERObject; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; @@ -11,7 +11,7 @@ import org.bouncycastle.math.ec.ECPoint; * class for describing an ECPoint as a DER object. */ public class X9ECPoint - extends ASN1Encodable + extends ASN1Object { ECPoint p; @@ -41,7 +41,7 @@ public class X9ECPoint * <p> * Octet string produced using ECPoint.getEncoded(). */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { return new DEROctetString(p.getEncoded()); } diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java b/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java index 2173d2a..13fe772 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java @@ -2,9 +2,9 @@ package org.bouncycastle.asn1.x9; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERObject; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.math.ec.ECFieldElement; @@ -12,7 +12,7 @@ import org.bouncycastle.math.ec.ECFieldElement; * class for processing an FieldElement as a DER object. */ public class X9FieldElement - extends ASN1Encodable + extends ASN1Object { protected ECFieldElement f; @@ -54,7 +54,7 @@ public class X9FieldElement * </li> * </ol> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { int byteCount = converter.getByteLength(f); byte[] paddedBigInteger = converter.integerToBytes(f.toBigInteger(), byteCount); diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java b/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java index c2c2ef9..30598e2 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java @@ -2,12 +2,12 @@ package org.bouncycastle.asn1.x9; import java.math.BigInteger; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; /** @@ -15,11 +15,11 @@ import org.bouncycastle.asn1.DERSequence; * X9.62, for further details. */ public class X9FieldID - extends ASN1Encodable + extends ASN1Object implements X9ObjectIdentifiers { - private DERObjectIdentifier id; - private DERObject parameters; + private ASN1ObjectIdentifier id; + private ASN1Primitive parameters; /** * Constructor for elliptic curves over prime fields @@ -29,7 +29,7 @@ public class X9FieldID public X9FieldID(BigInteger primeP) { this.id = prime_field; - this.parameters = new DERInteger(primeP); + this.parameters = new ASN1Integer(primeP); } /** @@ -51,20 +51,20 @@ public class X9FieldID { this.id = characteristic_two_field; ASN1EncodableVector fieldIdParams = new ASN1EncodableVector(); - fieldIdParams.add(new DERInteger(m)); + fieldIdParams.add(new ASN1Integer(m)); if (k2 == 0) { fieldIdParams.add(tpBasis); - fieldIdParams.add(new DERInteger(k1)); + fieldIdParams.add(new ASN1Integer(k1)); } else { fieldIdParams.add(ppBasis); ASN1EncodableVector pentanomialParams = new ASN1EncodableVector(); - pentanomialParams.add(new DERInteger(k1)); - pentanomialParams.add(new DERInteger(k2)); - pentanomialParams.add(new DERInteger(k3)); + pentanomialParams.add(new ASN1Integer(k1)); + pentanomialParams.add(new ASN1Integer(k2)); + pentanomialParams.add(new ASN1Integer(k3)); fieldIdParams.add(new DERSequence(pentanomialParams)); } @@ -74,16 +74,16 @@ public class X9FieldID public X9FieldID( ASN1Sequence seq) { - this.id = (DERObjectIdentifier)seq.getObjectAt(0); - this.parameters = (DERObject)seq.getObjectAt(1); + this.id = (ASN1ObjectIdentifier)seq.getObjectAt(0); + this.parameters = (ASN1Primitive)seq.getObjectAt(1); } - public DERObjectIdentifier getIdentifier() + public ASN1ObjectIdentifier getIdentifier() { return id; } - public DERObject getParameters() + public ASN1Primitive getParameters() { return parameters; } @@ -97,7 +97,7 @@ public class X9FieldID * } * </pre> */ - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java b/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java index ae820ab..16a803c 100644 --- a/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java +++ b/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java @@ -1,10 +1,10 @@ package org.bouncycastle.asn1.x9; +import java.math.BigInteger; + import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECFieldElement; -import java.math.BigInteger; - public class X9IntegerConverter { public int getByteLength( diff --git a/src/main/java/org/bouncycastle/crypto/CryptoException.java b/src/main/java/org/bouncycastle/crypto/CryptoException.java index dc4a8df..352c556 100644 --- a/src/main/java/org/bouncycastle/crypto/CryptoException.java +++ b/src/main/java/org/bouncycastle/crypto/CryptoException.java @@ -6,6 +6,8 @@ package org.bouncycastle.crypto; public class CryptoException extends Exception { + private Throwable cause; + /** * base constructor. */ @@ -23,4 +25,24 @@ public class CryptoException { super(message); } + + /** + * Create a CryptoException with the given message and underlying cause. + * + * @param message message describing exception. + * @param cause the throwable that was the underlying cause. + */ + public CryptoException( + String message, + Throwable cause) + { + super(message); + + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } } diff --git a/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java index ae4ffdc..dbf550d 100644 --- a/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java +++ b/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java @@ -97,7 +97,7 @@ public abstract class PBEParametersGenerator * converts a password to a byte array according to the scheme in * PKCS5 (ascii, no padding) * - * @param password a character array reqpresenting the password. + * @param password a character array representing the password. * @return a byte array representing the password. */ public static byte[] PKCS5PasswordToBytes( @@ -117,7 +117,7 @@ public abstract class PBEParametersGenerator * converts a password to a byte array according to the scheme in * PKCS5 (UTF-8, no padding) * - * @param password a character array reqpresenting the password. + * @param password a character array representing the password. * @return a byte array representing the password. */ public static byte[] PKCS5PasswordToUTF8Bytes( diff --git a/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java b/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java deleted file mode 100644 index ec91e1a..0000000 --- a/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java +++ /dev/null @@ -1,287 +0,0 @@ -package org.bouncycastle.crypto.encodings; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.RSAKeyParameters; - -/** - * ISO 9796-1 padding. Note in the light of recent results you should - * only use this with RSA (rather than the "simpler" Rabin keys) and you - * should never use it with anything other than a hash (ie. even if the - * message is small don't sign the message, sign it's hash) or some "random" - * value. See your favorite search engine for details. - */ -public class ISO9796d1Encoding - implements AsymmetricBlockCipher -{ - private static final BigInteger SIXTEEN = BigInteger.valueOf(16L); - private static final BigInteger SIX = BigInteger.valueOf(6L); - - private static byte[] shadows = { 0xe, 0x3, 0x5, 0x8, 0x9, 0x4, 0x2, 0xf, - 0x0, 0xd, 0xb, 0x6, 0x7, 0xa, 0xc, 0x1 }; - private static byte[] inverse = { 0x8, 0xf, 0x6, 0x1, 0x5, 0x2, 0xb, 0xc, - 0x3, 0x4, 0xd, 0xa, 0xe, 0x9, 0x0, 0x7 }; - - private AsymmetricBlockCipher engine; - private boolean forEncryption; - private int bitSize; - private int padBits = 0; - private BigInteger modulus; - - public ISO9796d1Encoding( - AsymmetricBlockCipher cipher) - { - this.engine = cipher; - } - - public AsymmetricBlockCipher getUnderlyingCipher() - { - return engine; - } - - public void init( - boolean forEncryption, - CipherParameters param) - { - RSAKeyParameters kParam = null; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - kParam = (RSAKeyParameters)rParam.getParameters(); - } - else - { - kParam = (RSAKeyParameters)param; - } - - engine.init(forEncryption, param); - - modulus = kParam.getModulus(); - bitSize = modulus.bitLength(); - - this.forEncryption = forEncryption; - } - - /** - * return the input block size. The largest message we can process - * is (key_size_in_bits + 3)/16, which in our world comes to - * key_size_in_bytes / 2. - */ - public int getInputBlockSize() - { - int baseBlockSize = engine.getInputBlockSize(); - - if (forEncryption) - { - return (baseBlockSize + 1) / 2; - } - else - { - return baseBlockSize; - } - } - - /** - * return the maximum possible size for the output. - */ - public int getOutputBlockSize() - { - int baseBlockSize = engine.getOutputBlockSize(); - - if (forEncryption) - { - return baseBlockSize; - } - else - { - return (baseBlockSize + 1) / 2; - } - } - - /** - * set the number of bits in the next message to be treated as - * pad bits. - */ - public void setPadBits( - int padBits) - { - if (padBits > 7) - { - throw new IllegalArgumentException("padBits > 7"); - } - - this.padBits = padBits; - } - - /** - * retrieve the number of pad bits in the last decoded message. - */ - public int getPadBits() - { - return padBits; - } - - public byte[] processBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - if (forEncryption) - { - return encodeBlock(in, inOff, inLen); - } - else - { - return decodeBlock(in, inOff, inLen); - } - } - - private byte[] encodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = new byte[(bitSize + 7) / 8]; - int r = padBits + 1; - int z = inLen; - int t = (bitSize + 13) / 16; - - for (int i = 0; i < t; i += z) - { - if (i > t - z) - { - System.arraycopy(in, inOff + inLen - (t - i), - block, block.length - t, t - i); - } - else - { - System.arraycopy(in, inOff, block, block.length - (i + z), z); - } - } - - for (int i = block.length - 2 * t; i != block.length; i += 2) - { - byte val = block[block.length - t + i / 2]; - - block[i] = (byte)((shadows[(val & 0xff) >>> 4] << 4) - | shadows[val & 0x0f]); - block[i + 1] = val; - } - - block[block.length - 2 * z] ^= r; - block[block.length - 1] = (byte)((block[block.length - 1] << 4) | 0x06); - - int maxBit = (8 - (bitSize - 1) % 8); - int offSet = 0; - - if (maxBit != 8) - { - block[0] &= 0xff >>> maxBit; - block[0] |= 0x80 >>> maxBit; - } - else - { - block[0] = 0x00; - block[1] |= 0x80; - offSet = 1; - } - - return engine.processBlock(block, offSet, block.length - offSet); - } - - /** - * @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string - */ - private byte[] decodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = engine.processBlock(in, inOff, inLen); - int r = 1; - int t = (bitSize + 13) / 16; - - BigInteger iS = new BigInteger(1, block); - BigInteger iR; - if (iS.mod(SIXTEEN).equals(SIX)) - { - iR = iS; - } - else if ((modulus.subtract(iS)).mod(SIXTEEN).equals(SIX)) - { - iR = modulus.subtract(iS); - } - else - { - throw new InvalidCipherTextException("resulting integer iS or (modulus - iS) is not congruent to 6 mod 16"); - } - - block = convertOutputDecryptOnly(iR); - - if ((block[block.length - 1] & 0x0f) != 0x6 ) - { - throw new InvalidCipherTextException("invalid forcing byte in block"); - } - - block[block.length - 1] = (byte)(((block[block.length - 1] & 0xff) >>> 4) | ((inverse[(block[block.length - 2] & 0xff) >> 4]) << 4)); - block[0] = (byte)((shadows[(block[1] & 0xff) >>> 4] << 4) - | shadows[block[1] & 0x0f]); - - boolean boundaryFound = false; - int boundary = 0; - - for (int i = block.length - 1; i >= block.length - 2 * t; i -= 2) - { - int val = ((shadows[(block[i] & 0xff) >>> 4] << 4) - | shadows[block[i] & 0x0f]); - - if (((block[i - 1] ^ val) & 0xff) != 0) - { - if (!boundaryFound) - { - boundaryFound = true; - r = (block[i - 1] ^ val) & 0xff; - boundary = i - 1; - } - else - { - throw new InvalidCipherTextException("invalid tsums in block"); - } - } - } - - block[boundary] = 0; - - byte[] nblock = new byte[(block.length - boundary) / 2]; - - for (int i = 0; i < nblock.length; i++) - { - nblock[i] = block[2 * i + boundary + 1]; - } - - padBits = r - 1; - - return nblock; - } - - private static byte[] convertOutputDecryptOnly(BigInteger result) - { - byte[] output = result.toByteArray(); - if (output[0] == 0) // have ended up with an extra zero byte, copy down. - { - byte[] tmp = new byte[output.length - 1]; - System.arraycopy(output, 1, tmp, 0, tmp.length); - return tmp; - } - return output; - } -} diff --git a/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java index 9e94d77..fb11fc5 100644 --- a/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java +++ b/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java @@ -4,7 +4,9 @@ import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; import java.security.SecureRandom; @@ -26,7 +28,9 @@ public class OAEPEncoding public OAEPEncoding( AsymmetricBlockCipher cipher) { - this(cipher, new SHA1Digest(), null); + // BEGIN android-changed + this(cipher, new OpenSSLDigest.SHA1(), null); + // END android-changed } public OAEPEncoding( diff --git a/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java b/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java index a6a5986..8bcfe26 100644 --- a/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java +++ b/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java @@ -206,6 +206,12 @@ public class PKCS1Encoding { throw new InvalidCipherTextException("unknown block type"); } + // BEGIN android-added + if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey)) + { + throw new InvalidCipherTextException("invalid block type " + type); + } + // END android-added if (useStrictLength && block.length != engine.getOutputBlockSize()) { diff --git a/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java b/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java index f915434..d1935ec 100644 --- a/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java +++ b/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java @@ -44,9 +44,9 @@ public class DESedeEngine byte[] keyMaster = ((KeyParameter)params).getKey(); - if (keyMaster.length > 24) + if (keyMaster.length != 24 && keyMaster.length != 16) { - throw new IllegalArgumentException("key size greater than 24 bytes"); + throw new IllegalArgumentException("key size must be 16 or 24 bytes."); } this.forEncryption = encrypting; diff --git a/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java index a3c72cc..be2d09b 100644 --- a/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java +++ b/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java @@ -6,7 +6,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -52,7 +54,9 @@ public class DESedeWrapEngine // // checksum digest // - Digest sha1 = new SHA1Digest(); + // BEGIN android-changed + Digest sha1 = new OpenSSLDigest.SHA1(); + // END android-changed byte[] digest = new byte[20]; /** diff --git a/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java b/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java index e5a9bb3..62240ea 100644 --- a/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java +++ b/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java @@ -313,4 +313,4 @@ public class RC2Engine out[outOff + 6] = (byte)x76; out[outOff + 7] = (byte)(x76 >> 8); } -}
\ No newline at end of file +} diff --git a/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java b/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java index adb908e..bf43ff2 100644 --- a/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java +++ b/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java @@ -402,17 +402,19 @@ public final class TwofishEngine gSBox[i*2+0x200] = gMDS2[(P[P_21][b2] & 0xff) ^ b2(k0)]; gSBox[i*2+0x201] = gMDS3[(P[P_31][b3] & 0xff) ^ b3(k0)]; break; - case 0: /* 256 bits of key */ + case 0: // 256 bits of key b0 = (P[P_04][b0] & 0xff) ^ b0(k3); b1 = (P[P_14][b1] & 0xff) ^ b1(k3); b2 = (P[P_24][b2] & 0xff) ^ b2(k3); b3 = (P[P_34][b3] & 0xff) ^ b3(k3); - case 3: + // fall through, having pre-processed b[0]..b[3] with k32[3] + case 3: // 192 bits of key b0 = (P[P_03][b0] & 0xff) ^ b0(k2); b1 = (P[P_13][b1] & 0xff) ^ b1(k2); b2 = (P[P_23][b2] & 0xff) ^ b2(k2); b3 = (P[P_33][b3] & 0xff) ^ b3(k2); - case 2: + // fall through, having pre-processed b[0]..b[3] with k32[2] + case 2: // 128 bits of key gSBox[i*2] = gMDS0[(P[P_01] [(P[P_02][b0] & 0xff) ^ b0(k1)] & 0xff) ^ b0(k0)]; gSBox[i*2+1] = gMDS1[(P[P_11] diff --git a/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java index be977d7..f05f3d7 100644 --- a/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +++ b/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java @@ -1,8 +1,9 @@ package org.bouncycastle.crypto.generators; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; import org.bouncycastle.util.Arrays; @@ -75,7 +76,9 @@ public class DSAParametersGenerator byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; - SHA1Digest sha1 = new SHA1Digest(); + // BEGIN android-changed + Digest sha1 = new OpenSSLDigest.SHA1(); + // END android-changed int n = (L - 1) / 160; byte[] w = new byte[L / 8]; @@ -166,7 +169,9 @@ public class DSAParametersGenerator { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function // FIXME This should be configurable (digest size in bits must be >= N) - Digest d = new SHA256Digest(); + // BEGIN android-changed + Digest d = new OpenSSLDigest.SHA256(); + // END android-changed int outlen = d.getDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If diff --git a/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java index 8a4d28a..6999653 100644 --- a/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java +++ b/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java @@ -3,7 +3,9 @@ package org.bouncycastle.crypto.generators; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -17,7 +19,9 @@ import org.bouncycastle.crypto.params.ParametersWithIV; public class OpenSSLPBEParametersGenerator extends PBEParametersGenerator { - private Digest digest = new MD5Digest(); + // BEGIN android-changed + private Digest digest = new OpenSSLDigest.MD5(); + // END android-changed /** * Construct a OpenSSL Parameters generator. diff --git a/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java index bf2f368..8fb1cc8 100644 --- a/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java +++ b/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java @@ -133,7 +133,7 @@ public class PKCS12ParametersGenerator digest.update(D, 0, D.length); digest.update(I, 0, I.length); digest.doFinal(A, 0); - for (int j = 1; j != iterationCount; j++) + for (int j = 1; j < iterationCount; j++) { digest.update(A, 0, A.length); digest.doFinal(A, 0); diff --git a/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java index 9b4972d..236ae2e 100644 --- a/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +++ b/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java @@ -1,9 +1,12 @@ package org.bouncycastle.crypto.generators; import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-changed import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -19,13 +22,21 @@ import org.bouncycastle.crypto.params.ParametersWithIV; public class PKCS5S2ParametersGenerator extends PBEParametersGenerator { - private Mac hMac = new HMac(new SHA1Digest()); + private Mac hMac; /** * construct a PKCS5 Scheme 2 Parameters generator. */ public PKCS5S2ParametersGenerator() { + // BEGIN android-changed + this(new OpenSSLDigest.SHA1()); + // END android-changed + } + + public PKCS5S2ParametersGenerator(Digest digest) + { + hMac = new HMac(digest); } private void F( diff --git a/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java b/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java new file mode 100644 index 0000000..bb09a76 --- /dev/null +++ b/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java @@ -0,0 +1,244 @@ +package org.bouncycastle.crypto.io; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; + +import org.bouncycastle.crypto.BufferedBlockCipher; +import org.bouncycastle.crypto.StreamCipher; + +/** + * A CipherInputStream is composed of an InputStream and a BufferedBlockCipher so + * that read() methods return data that are read in from the + * underlying InputStream but have been additionally processed by the + * Cipher. The Cipher must be fully initialized before being used by + * a CipherInputStream. + * <p> + * For example, if the Cipher is initialized for decryption, the + * CipherInputStream will attempt to read in data and decrypt them, + * before returning the decrypted data. + */ +public class CipherInputStream + extends FilterInputStream +{ + private BufferedBlockCipher bufferedBlockCipher; + private StreamCipher streamCipher; + + private byte[] buf; + private byte[] inBuf; + + private int bufOff; + private int maxBuf; + private boolean finalized; + + private static final int INPUT_BUF_SIZE = 2048; + + /** + * Constructs a CipherInputStream from an InputStream and a + * BufferedBlockCipher. + */ + public CipherInputStream( + InputStream is, + BufferedBlockCipher cipher) + { + super(is); + + this.bufferedBlockCipher = cipher; + + buf = new byte[cipher.getOutputSize(INPUT_BUF_SIZE)]; + inBuf = new byte[INPUT_BUF_SIZE]; + } + + public CipherInputStream( + InputStream is, + StreamCipher cipher) + { + super(is); + + this.streamCipher = cipher; + + buf = new byte[INPUT_BUF_SIZE]; + inBuf = new byte[INPUT_BUF_SIZE]; + } + + /** + * grab the next chunk of input from the underlying input stream + */ + private int nextChunk() + throws IOException + { + int available = super.available(); + + // must always try to read 1 byte! + // some buggy InputStreams return < 0! + if (available <= 0) + { + available = 1; + } + + if (available > inBuf.length) + { + available = super.read(inBuf, 0, inBuf.length); + } + else + { + available = super.read(inBuf, 0, available); + } + + if (available < 0) + { + if (finalized) + { + return -1; + } + + try + { + if (bufferedBlockCipher != null) + { + maxBuf = bufferedBlockCipher.doFinal(buf, 0); + } + else + { + maxBuf = 0; // a stream cipher + } + } + catch (Exception e) + { + throw new IOException("error processing stream: " + e.toString()); + } + + bufOff = 0; + + finalized = true; + + if (bufOff == maxBuf) + { + return -1; + } + } + else + { + bufOff = 0; + + try + { + if (bufferedBlockCipher != null) + { + maxBuf = bufferedBlockCipher.processBytes(inBuf, 0, available, buf, 0); + } + else + { + streamCipher.processBytes(inBuf, 0, available, buf, 0); + maxBuf = available; + } + } + catch (Exception e) + { + throw new IOException("error processing stream: " + e.toString()); + } + + if (maxBuf == 0) // not enough bytes read for first block... + { + return nextChunk(); + } + } + + return maxBuf; + } + + public int read() + throws IOException + { + if (bufOff == maxBuf) + { + if (nextChunk() < 0) + { + return -1; + } + } + + return buf[bufOff++] & 0xff; + } + + public int read( + byte[] b) + throws IOException + { + return read(b, 0, b.length); + } + + public int read( + byte[] b, + int off, + int len) + throws IOException + { + if (bufOff == maxBuf) + { + if (nextChunk() < 0) + { + return -1; + } + } + + int available = maxBuf - bufOff; + + if (len > available) + { + System.arraycopy(buf, bufOff, b, off, available); + bufOff = maxBuf; + + return available; + } + else + { + System.arraycopy(buf, bufOff, b, off, len); + bufOff += len; + + return len; + } + } + + public long skip( + long n) + throws IOException + { + if (n <= 0) + { + return 0; + } + + int available = maxBuf - bufOff; + + if (n > available) + { + bufOff = maxBuf; + + return available; + } + else + { + bufOff += (int)n; + + return (int)n; + } + } + + public int available() + throws IOException + { + return maxBuf - bufOff; + } + + public void close() + throws IOException + { + super.close(); + } + + public boolean markSupported() + { + return false; + } +} diff --git a/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java b/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java new file mode 100644 index 0000000..17a7b6d --- /dev/null +++ b/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java @@ -0,0 +1,188 @@ +package org.bouncycastle.crypto.io; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; + +import org.bouncycastle.crypto.BufferedBlockCipher; +import org.bouncycastle.crypto.StreamCipher; + +public class CipherOutputStream + extends FilterOutputStream +{ + private BufferedBlockCipher bufferedBlockCipher; + private StreamCipher streamCipher; + + private byte[] oneByte = new byte[1]; + private byte[] buf; + + /** + * Constructs a CipherOutputStream from an OutputStream and a + * BufferedBlockCipher. + */ + public CipherOutputStream( + OutputStream os, + BufferedBlockCipher cipher) + { + super(os); + this.bufferedBlockCipher = cipher; + this.buf = new byte[cipher.getBlockSize()]; + } + + /** + * Constructs a CipherOutputStream from an OutputStream and a + * BufferedBlockCipher. + */ + public CipherOutputStream( + OutputStream os, + StreamCipher cipher) + { + super(os); + this.streamCipher = cipher; + } + + /** + * Writes the specified byte to this output stream. + * + * @param b the <code>byte</code>. + * @exception java.io.IOException if an I/O error occurs. + */ + public void write( + int b) + throws IOException + { + oneByte[0] = (byte)b; + + if (bufferedBlockCipher != null) + { + int len = bufferedBlockCipher.processBytes(oneByte, 0, 1, buf, 0); + + if (len != 0) + { + out.write(buf, 0, len); + } + } + else + { + out.write(streamCipher.returnByte((byte)b)); + } + } + + /** + * Writes <code>b.length</code> bytes from the specified byte array + * to this output stream. + * <p> + * The <code>write</code> method of + * <code>CipherOutputStream</code> calls the <code>write</code> + * method of three arguments with the three arguments + * <code>b</code>, <code>0</code>, and <code>b.length</code>. + * + * @param b the data. + * @exception java.io.IOException if an I/O error occurs. + * @see #write(byte[], int, int) + */ + public void write( + byte[] b) + throws IOException + { + write(b, 0, b.length); + } + + /** + * Writes <code>len</code> bytes from the specified byte array + * starting at offset <code>off</code> to this output stream. + * + * @param b the data. + * @param off the start offset in the data. + * @param len the number of bytes to write. + * @exception java.io.IOException if an I/O error occurs. + */ + public void write( + byte[] b, + int off, + int len) + throws IOException + { + if (bufferedBlockCipher != null) + { + byte[] buf = new byte[bufferedBlockCipher.getOutputSize(len)]; + + int outLen = bufferedBlockCipher.processBytes(b, off, len, buf, 0); + + if (outLen != 0) + { + out.write(buf, 0, outLen); + } + } + else + { + byte[] buf = new byte[len]; + + streamCipher.processBytes(b, off, len, buf, 0); + + out.write(buf, 0, len); + } + } + + /** + * Flushes this output stream by forcing any buffered output bytes + * that have already been processed by the encapsulated cipher object + * to be written out. + * + * <p> + * Any bytes buffered by the encapsulated cipher + * and waiting to be processed by it will not be written out. For example, + * if the encapsulated cipher is a block cipher, and the total number of + * bytes written using one of the <code>write</code> methods is less than + * the cipher's block size, no bytes will be written out. + * + * @exception java.io.IOException if an I/O error occurs. + */ + public void flush() + throws IOException + { + super.flush(); + } + + /** + * Closes this output stream and releases any system resources + * associated with this stream. + * <p> + * This method invokes the <code>doFinal</code> method of the encapsulated + * cipher object, which causes any bytes buffered by the encapsulated + * cipher to be processed. The result is written out by calling the + * <code>flush</code> method of this output stream. + * <p> + * This method resets the encapsulated cipher object to its initial state + * and calls the <code>close</code> method of the underlying output + * stream. + * + * @exception java.io.IOException if an I/O error occurs. + */ + public void close() + throws IOException + { + try + { + if (bufferedBlockCipher != null) + { + byte[] buf = new byte[bufferedBlockCipher.getOutputSize(0)]; + + int outLen = bufferedBlockCipher.doFinal(buf, 0); + + if (outLen != 0) + { + out.write(buf, 0, outLen); + } + } + } + catch (Exception e) + { + throw new IOException("Error closing stream: " + e.toString()); + } + + flush(); + + super.close(); + } +} diff --git a/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java b/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java index 2907954..23c7e53 100644 --- a/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java +++ b/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java @@ -1,29 +1,25 @@ package org.bouncycastle.crypto.io; -import java.io.FilterOutputStream; import java.io.IOException; import java.io.OutputStream; import org.bouncycastle.crypto.Digest; public class DigestOutputStream - extends FilterOutputStream + extends OutputStream { protected Digest digest; public DigestOutputStream( - OutputStream stream, - Digest digest) + Digest Digest) { - super(stream); - this.digest = digest; + this.digest = Digest; } public void write(int b) throws IOException { digest.update((byte)b); - out.write(b); } public void write( @@ -33,11 +29,14 @@ public class DigestOutputStream throws IOException { digest.update(b, off, len); - out.write(b, off, len); } - public Digest getDigest() + public byte[] getDigest() { - return digest; + byte[] res = new byte[digest.getDigestSize()]; + + digest.doFinal(res, 0); + + return res; } } diff --git a/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java b/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java index 2cac1c3..0f0e7db 100644 --- a/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java +++ b/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java @@ -1,21 +1,18 @@ package org.bouncycastle.crypto.io; -import java.io.FilterOutputStream; import java.io.IOException; import java.io.OutputStream; import org.bouncycastle.crypto.Mac; public class MacOutputStream - extends FilterOutputStream + extends OutputStream { protected Mac mac; public MacOutputStream( - OutputStream stream, Mac mac) { - super(stream); this.mac = mac; } @@ -23,7 +20,6 @@ public class MacOutputStream throws IOException { mac.update((byte)b); - out.write(b); } public void write( @@ -33,12 +29,14 @@ public class MacOutputStream throws IOException { mac.update(b, off, len); - out.write(b, off, len); } - public Mac getMac() + public byte[] getMac() { - return mac; + byte[] res = new byte[mac.getMacSize()]; + + mac.doFinal(res, 0); + + return res; } } - diff --git a/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/src/main/java/org/bouncycastle/crypto/macs/HMac.java index 7272f32..c0c8333 100644 --- a/src/main/java/org/bouncycastle/crypto/macs/HMac.java +++ b/src/main/java/org/bouncycastle/crypto/macs/HMac.java @@ -32,23 +32,31 @@ public class HMac { blockLengths = new Hashtable(); - blockLengths.put("GOST3411", Integer.valueOf(32)); - - blockLengths.put("MD2", Integer.valueOf(16)); - blockLengths.put("MD4", Integer.valueOf(64)); + // BEGIN android-removed + // blockLengths.put("GOST3411", Integer.valueOf(32)); + // + // blockLengths.put("MD2", Integer.valueOf(16)); + // blockLengths.put("MD4", Integer.valueOf(64)); + // END android-removed blockLengths.put("MD5", Integer.valueOf(64)); - blockLengths.put("RIPEMD128", Integer.valueOf(64)); - blockLengths.put("RIPEMD160", Integer.valueOf(64)); + // BEGIN android-removed + // blockLengths.put("RIPEMD128", Integer.valueOf(64)); + // blockLengths.put("RIPEMD160", Integer.valueOf(64)); + // END android-removed blockLengths.put("SHA-1", Integer.valueOf(64)); - blockLengths.put("SHA-224", Integer.valueOf(64)); + // BEGIN android-removed + // blockLengths.put("SHA-224", Integer.valueOf(64)); + // END android-removed blockLengths.put("SHA-256", Integer.valueOf(64)); blockLengths.put("SHA-384", Integer.valueOf(128)); blockLengths.put("SHA-512", Integer.valueOf(128)); - blockLengths.put("Tiger", Integer.valueOf(64)); - blockLengths.put("Whirlpool", Integer.valueOf(64)); + // BEGIN android-removed + // blockLengths.put("Tiger", Integer.valueOf(64)); + // blockLengths.put("Whirlpool", Integer.valueOf(64)); + // END android-removed } private static int getByteLength( diff --git a/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java index f75c546..1219f6d 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java +++ b/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java @@ -61,29 +61,47 @@ public class CBCBlockCipher CipherParameters params) throws IllegalArgumentException { + boolean oldEncrypting = this.encrypting; + this.encrypting = encrypting; - + if (params instanceof ParametersWithIV) { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); + ParametersWithIV ivParam = (ParametersWithIV)params; + byte[] iv = ivParam.getIV(); - if (iv.length != blockSize) - { - throw new IllegalArgumentException("initialisation vector must be the same length as block size"); - } + if (iv.length != blockSize) + { + throw new IllegalArgumentException("initialisation vector must be the same length as block size"); + } - System.arraycopy(iv, 0, IV, 0, iv.length); + System.arraycopy(iv, 0, IV, 0, iv.length); - reset(); + reset(); + // if null it's an IV changed only. + if (ivParam.getParameters() != null) + { cipher.init(encrypting, ivParam.getParameters()); + } + else if (oldEncrypting != encrypting) + { + throw new IllegalArgumentException("cannot change encrypting state without providing key."); + } } else { - reset(); + reset(); + // if it;s null key is to be reused. + if (params != null) + { cipher.init(encrypting, params); + } + else if (oldEncrypting != encrypting) + { + throw new IllegalArgumentException("cannot change encrypting state without providing key."); + } } } diff --git a/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java index 0de0450..0af49f4 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java +++ b/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java @@ -87,7 +87,11 @@ public class CFBBlockCipher reset(); - cipher.init(true, ivParam.getParameters()); + // if null it's an IV changed only. + if (ivParam.getParameters() != null) + { + cipher.init(true, ivParam.getParameters()); + } } else { diff --git a/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java index 8e7c315..7c98efa 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java +++ b/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java @@ -31,7 +31,6 @@ public class GCMBlockCipher private int macSize; private byte[] nonce; private byte[] A; - private KeyParameter keyParam; private byte[] H; private byte[] initS; private byte[] J0; @@ -83,6 +82,8 @@ public class GCMBlockCipher this.forEncryption = forEncryption; this.macBlock = null; + KeyParameter keyParam; + if (params instanceof AEADParameters) { AEADParameters param = (AEADParameters)params; @@ -128,7 +129,11 @@ public class GCMBlockCipher } // Cipher always used in forward mode - cipher.init(true, keyParam); + // if keyParam is null we're reusing the last key. + if (keyParam != null) + { + cipher.init(true, keyParam); + } // TODO This should be configurable by init parameters // (but must be 16 if nonce length not 12) (BLOCK_SIZE?) diff --git a/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java deleted file mode 100644 index 3886341..0000000 --- a/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements the GOST 28147 OFB counter mode (GCTR). - */ -public class GOFBBlockCipher - implements BlockCipher -{ - private byte[] IV; - private byte[] ofbV; - private byte[] ofbOutV; - - private final int blockSize; - private final BlockCipher cipher; - - boolean firstStep = true; - int N3; - int N4; - static final int C1 = 16843012; //00000001000000010000000100000100 - static final int C2 = 16843009; //00000001000000010000000100000001 - - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of the - * counter mode (must have a 64 bit block size). - */ - public GOFBBlockCipher( - BlockCipher cipher) - { - this.cipher = cipher; - this.blockSize = cipher.getBlockSize(); - - if (blockSize != 8) - { - throw new IllegalArgumentException("GCTR only for 64 bit block ciphers"); - } - - this.IV = new byte[cipher.getBlockSize()]; - this.ofbV = new byte[cipher.getBlockSize()]; - this.ofbOutV = new byte[cipher.getBlockSize()]; - } - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * An IV which is too short is handled in FIPS compliant fashion. - * - * @param encrypting if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, //ignored by this CTR mode - CipherParameters params) - throws IllegalArgumentException - { - firstStep = true; - N3 = 0; - N4 = 0; - - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length < IV.length) - { - // prepend the supplied IV with zeros (per FIPS PUB 81) - System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); - for (int i = 0; i < IV.length - iv.length; i++) - { - IV[i] = 0; - } - } - else - { - System.arraycopy(iv, 0, IV, 0, IV.length); - } - - reset(); - - cipher.init(true, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(true, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/GCTR" - * and the block size in bits - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/GCTR"; - } - - - /** - * return the block size we are operating at (in bytes). - * - * @return the block size we are operating at (in bytes). - */ - public int getBlockSize() - { - return blockSize; - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (firstStep) - { - firstStep = false; - cipher.processBlock(ofbV, 0, ofbOutV, 0); - N3 = bytesToint(ofbOutV, 0); - N4 = bytesToint(ofbOutV, 4); - } - N3 += C2; - N4 += C1; - intTobytes(N3, ofbV, 0); - intTobytes(N4, ofbV, 4); - - cipher.processBlock(ofbV, 0, ofbOutV, 0); - - // - // XOR the ofbV with the plaintext producing the cipher text (and - // the next input block). - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]); - } - - // - // change over the input block. - // - System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize); - System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize); - - return blockSize; - } - - /** - * reset the feedback vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, ofbV, 0, IV.length); - - cipher.reset(); - } - - //array of bytes to type int - private int bytesToint( - byte[] in, - int inOff) - { - return ((in[inOff + 3] << 24) & 0xff000000) + ((in[inOff + 2] << 16) & 0xff0000) + - ((in[inOff + 1] << 8) & 0xff00) + (in[inOff] & 0xff); - } - - //int to array of bytes - private void intTobytes( - int num, - byte[] out, - int outOff) - { - out[outOff + 3] = (byte)(num >>> 24); - out[outOff + 2] = (byte)(num >>> 16); - out[outOff + 1] = (byte)(num >>> 8); - out[outOff] = (byte)num; - } -} diff --git a/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java index f209b9f..728a2e7 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java +++ b/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java @@ -84,7 +84,11 @@ public class OFBBlockCipher reset(); - cipher.init(true, ivParam.getParameters()); + // if null it's an IV changed only. + if (ivParam.getParameters() != null) + { + cipher.init(true, ivParam.getParameters()); + } } else { diff --git a/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java index a92e5a5..af9f18d 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java +++ b/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java @@ -57,7 +57,12 @@ public class SICBlockCipher implements BlockCipher System.arraycopy(iv, 0, IV, 0, IV.length); reset(); - cipher.init(true, ivParam.getParameters()); + + // if null it's an IV changed only. + if (ivParam.getParameters() != null) + { + cipher.init(true, ivParam.getParameters()); + } } else { diff --git a/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java b/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java index e1949dc..ce02be4 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java +++ b/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java @@ -73,9 +73,19 @@ abstract class GCMUtil static void multiplyP8(int[] x) { - for (int i = 8; i != 0; --i) +// for (int i = 8; i != 0; --i) +// { +// multiplyP(x); +// } + + int lsw = x[3]; + shiftRightN(x, 8); + for (int i = 7; i >= 0; --i) { - multiplyP(x); + if ((lsw & (1 << i)) != 0) + { + x[0] ^= (0xe1000000 >>> (7 - i)); + } } } @@ -111,6 +121,22 @@ abstract class GCMUtil } } + static void shiftRightN(int[] block, int n) + { + int i = 0; + int bits = 0; + for (;;) + { + int b = block[i]; + block[i] = (b >>> n) | bits; + if (++i == 4) + { + break; + } + bits = b << (32 - n); + } + } + static void xor(byte[] block, byte[] val) { for (int i = 15; i >= 0; --i) diff --git a/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java b/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java index 47728b1..9d21cf0 100644 --- a/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java +++ b/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java @@ -94,9 +94,6 @@ public class Tables8kGCMMultiplier implements GCMMultiplier z[3] ^= m[3]; } - Pack.intToBigEndian(z[0], x, 0); - Pack.intToBigEndian(z[1], x, 4); - Pack.intToBigEndian(z[2], x, 8); - Pack.intToBigEndian(z[3], x, 12); + Pack.intToBigEndian(z, x, 0); } } diff --git a/src/main/java/org/bouncycastle/crypto/params/DHParameters.java b/src/main/java/org/bouncycastle/crypto/params/DHParameters.java index 95352ce..b679287 100644 --- a/src/main/java/org/bouncycastle/crypto/params/DHParameters.java +++ b/src/main/java/org/bouncycastle/crypto/params/DHParameters.java @@ -1,9 +1,9 @@ package org.bouncycastle.crypto.params; -import org.bouncycastle.crypto.CipherParameters; - import java.math.BigInteger; +import org.bouncycastle.crypto.CipherParameters; + public class DHParameters implements CipherParameters { @@ -84,9 +84,10 @@ public class DHParameters { if (l != 0) { - if (l >= p.bitLength()) + BigInteger bigL = BigInteger.valueOf(2L ^ (l - 1)); + if (bigL.compareTo(p) == 1) { - throw new IllegalArgumentException("when l value specified, it must be less than bitlength(p)"); + throw new IllegalArgumentException("when l value specified, it must satisfy 2^(l-1) <= p"); } if (l < m) { diff --git a/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java index 99217b0..dac6efe 100644 --- a/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java +++ b/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java @@ -143,20 +143,19 @@ public class ECDSASigner } private BigInteger calculateE(BigInteger n, byte[] message) - { - if (n.bitLength() > message.length * 8) + { + int log2n = n.bitLength(); + int messageBitLength = message.length * 8; + + if (log2n >= messageBitLength) { return new BigInteger(1, message); } else { - int messageBitLength = message.length * 8; BigInteger trunc = new BigInteger(1, message); - if (messageBitLength - n.bitLength() > 0) - { - trunc = trunc.shiftRight(messageBitLength - n.bitLength()); - } + trunc = trunc.shiftRight(messageBitLength - log2n); return trunc; } diff --git a/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java b/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java index 58d1b87..a975d27 100644 --- a/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java +++ b/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java @@ -1,7 +1,11 @@ package org.bouncycastle.crypto.signers; +import java.io.IOException; +import java.util.Hashtable; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; @@ -18,8 +22,7 @@ import org.bouncycastle.crypto.encodings.PKCS1Encoding; import org.bouncycastle.crypto.engines.RSABlindedEngine; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.params.ParametersWithRandom; - -import java.util.Hashtable; +import org.bouncycastle.util.Arrays; public class RSADigestSigner implements Signer @@ -36,12 +39,16 @@ public class RSADigestSigner */ static { - oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); - oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); - oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); + // BEGIN android-removed + // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); + // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); + // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); + // END android-removed oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1); - oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); + // BEGIN android-removed + // oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); + // END android-removed oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256); oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384); oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512); @@ -58,7 +65,7 @@ public class RSADigestSigner { this.digest = digest; - algId = new AlgorithmIdentifier((DERObjectIdentifier)oidMap.get(digest.getAlgorithmName()), DERNull.INSTANCE); + algId = new AlgorithmIdentifier((ASN1ObjectIdentifier)oidMap.get(digest.getAlgorithmName()), DERNull.INSTANCE); } /** @@ -143,8 +150,15 @@ public class RSADigestSigner byte[] hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); - byte[] data = derEncode(hash); - return rsaEngine.processBlock(data, 0, data.length); + try + { + byte[] data = derEncode(hash); + return rsaEngine.processBlock(data, 0, data.length); + } + catch (IOException e) + { + throw new CryptoException("unable to encode signature: " + e.getMessage(), e); + } } /** @@ -160,6 +174,7 @@ public class RSADigestSigner } byte[] hash = new byte[digest.getDigestSize()]; + digest.doFinal(hash, 0); byte[] sig; @@ -177,13 +192,7 @@ public class RSADigestSigner if (sig.length == expected.length) { - for (int i = 0; i < sig.length; i++) - { - if (sig[i] != expected[i]) - { - return false; - } - } + return Arrays.constantTimeAreEqual(sig, expected); } else if (sig.length == expected.length - 2) // NULL left out { @@ -193,28 +202,24 @@ public class RSADigestSigner expected[1] -= 2; // adjust lengths expected[3] -= 2; + int nonEqual = 0; + for (int i = 0; i < hash.length; i++) { - if (sig[sigOffset + i] != expected[expectedOffset + i]) // check hash - { - return false; - } + nonEqual |= (sig[sigOffset + i] ^ expected[expectedOffset + i]); } for (int i = 0; i < sigOffset; i++) { - if (sig[i] != expected[i]) // check header less NULL - { - return false; - } + nonEqual |= (sig[i] ^ expected[i]); // check header less NULL } + + return nonEqual == 0; } else { return false; } - - return true; } public void reset() @@ -224,9 +229,10 @@ public class RSADigestSigner private byte[] derEncode( byte[] hash) + throws IOException { DigestInfo dInfo = new DigestInfo(algId, hash); - return dInfo.getDEREncoded(); + return dInfo.getEncoded(ASN1Encoding.DER); } } diff --git a/src/main/java/org/bouncycastle/crypto/util/Pack.java b/src/main/java/org/bouncycastle/crypto/util/Pack.java index cdea3af..857b765 100644 --- a/src/main/java/org/bouncycastle/crypto/util/Pack.java +++ b/src/main/java/org/bouncycastle/crypto/util/Pack.java @@ -11,6 +11,15 @@ public abstract class Pack return n; } + public static void bigEndianToInt(byte[] bs, int off, int[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = bigEndianToInt(bs, off); + off += 4; + } + } + public static void intToBigEndian(int n, byte[] bs, int off) { bs[ off] = (byte)(n >>> 24); @@ -19,6 +28,15 @@ public abstract class Pack bs[++off] = (byte)(n ); } + public static void intToBigEndian(int[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + intToBigEndian(ns[i], bs, off); + off += 4; + } + } + public static long bigEndianToLong(byte[] bs, int off) { int hi = bigEndianToInt(bs, off); @@ -34,13 +52,22 @@ public abstract class Pack public static int littleEndianToInt(byte[] bs, int off) { - int n = bs[ off]; + int n = bs[ off] & 0xff; n |= (bs[++off] & 0xff) << 8; n |= (bs[++off] & 0xff) << 16; - n |= (bs[++off] & 0xff) << 24; + n |= bs[++off] << 24; return n; } + public static void littleEndianToInt(byte[] bs, int off, int[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToInt(bs, off); + off += 4; + } + } + public static void intToLittleEndian(int n, byte[] bs, int off) { bs[ off] = (byte)(n ); @@ -49,6 +76,15 @@ public abstract class Pack bs[++off] = (byte)(n >>> 24); } + public static void intToLittleEndian(int[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + intToLittleEndian(ns[i], bs, off); + off += 4; + } + } + public static long littleEndianToLong(byte[] bs, int off) { int lo = littleEndianToInt(bs, off); diff --git a/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java index a352884..8ddfac8 100644 --- a/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java +++ b/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java @@ -4,13 +4,12 @@ import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; // BEGIN android-removed // import org.bouncycastle.asn1.oiw.ElGamalParameter; @@ -19,8 +18,8 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.DHParameter; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; +import org.bouncycastle.asn1.pkcs.RSAPrivateKey; +import org.bouncycastle.asn1.sec.ECPrivateKey; import org.bouncycastle.asn1.sec.SECNamedCurves; // BEGIN android-removed // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; @@ -58,7 +57,7 @@ public class PrivateKeyFactory */ public static AsymmetricKeyParameter createKey(byte[] privateKeyInfoData) throws IOException { - return createKey(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(privateKeyInfoData))); + return createKey(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(privateKeyInfoData))); } /** @@ -83,12 +82,11 @@ public class PrivateKeyFactory */ public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException { - AlgorithmIdentifier algId = keyInfo.getAlgorithmId(); + AlgorithmIdentifier algId = keyInfo.getPrivateKeyAlgorithm(); if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) { - RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure( - (ASN1Sequence)keyInfo.getPrivateKey()); + RSAPrivateKey keyStructure = RSAPrivateKey.getInstance(keyInfo.parsePrivateKey()); return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(), keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(), @@ -97,11 +95,10 @@ public class PrivateKeyFactory } // TODO? // else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber)) - else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) + else if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.dhKeyAgreement)) { - DHParameter params = new DHParameter( - (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); + DHParameter params = DHParameter.getInstance(algId.getParameters()); + DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); BigInteger lVal = params.getL(); int l = lVal == null ? 0 : lVal.intValue(); @@ -110,72 +107,70 @@ public class PrivateKeyFactory return new DHPrivateKeyParameters(derX.getValue(), dhParams); } // BEGIN android-removed - // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) + // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) // { - // ElGamalParameter params = new ElGamalParameter( - // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - // DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); + // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); + // DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); // // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( // params.getP(), params.getG())); // } // END android-removed - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)) { - DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); - DEREncodable de = keyInfo.getAlgorithmId().getParameters(); + DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); + ASN1Encodable de = algId.getParameters(); DSAParameters parameters = null; if (de != null) { - DSAParameter params = DSAParameter.getInstance(de.getDERObject()); + DSAParameter params = DSAParameter.getInstance(de.toASN1Primitive()); parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); } return new DSAPrivateKeyParameters(derX.getValue(), parameters); } - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey)) { - X962Parameters params = new X962Parameters( - (DERObject)keyInfo.getAlgorithmId().getParameters()); - ECDomainParameters dParams = null; + X962Parameters params = new X962Parameters((ASN1Primitive)algId.getParameters()); + X9ECParameters x9; if (params.isNamedCurve()) { - DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); - X9ECParameters ecP = X962NamedCurves.getByOID(oid); + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); + x9 = X962NamedCurves.getByOID(oid); - if (ecP == null) + if (x9 == null) { - ecP = SECNamedCurves.getByOID(oid); + x9 = SECNamedCurves.getByOID(oid); - if (ecP == null) + if (x9 == null) { - ecP = NISTNamedCurves.getByOID(oid); + x9 = NISTNamedCurves.getByOID(oid); // BEGIN android-removed - // if (ecP == null) + // if (x9 == null) // { - // ecP = TeleTrusTNamedCurves.getByOID(oid); + // x9 = TeleTrusTNamedCurves.getByOID(oid); // } // END android-removed } } - - dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), - ecP.getH(), ecP.getSeed()); } else { - X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters()); - dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), - ecP.getH(), ecP.getSeed()); + x9 = X9ECParameters.getInstance(params.getParameters()); } - ECPrivateKeyStructure ec = new ECPrivateKeyStructure( - (ASN1Sequence)keyInfo.getPrivateKey()); + ECPrivateKey ec = ECPrivateKey.getInstance(keyInfo.parsePrivateKey()); + BigInteger d = ec.getKey(); + + // TODO We lose any named parameters here + + ECDomainParameters dParams = new ECDomainParameters( + x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed()); - return new ECPrivateKeyParameters(ec.getKey(), dParams); + return new ECPrivateKeyParameters(d, dParams); } else { diff --git a/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java index 5e93a36..05520f0 100644 --- a/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java +++ b/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java @@ -4,15 +4,13 @@ import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.nist.NISTNamedCurves; // BEGIN android-removed @@ -21,13 +19,13 @@ import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.DHParameter; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RSAPublicKey; import org.bouncycastle.asn1.sec.SECNamedCurves; // BEGIN android-removed // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; // END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.asn1.x9.DHDomainParameters; @@ -67,7 +65,7 @@ public class PublicKeyFactory */ public static AsymmetricKeyParameter createKey(byte[] keyInfoData) throws IOException { - return createKey(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(keyInfoData))); + return createKey(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(keyInfoData))); } /** @@ -91,23 +89,22 @@ public class PublicKeyFactory */ public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException { - AlgorithmIdentifier algId = keyInfo.getAlgorithmId(); + AlgorithmIdentifier algId = keyInfo.getAlgorithm(); - if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) - || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa)) + if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption) + || algId.getAlgorithm().equals(X509ObjectIdentifiers.id_ea_rsa)) { - RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure( - (ASN1Sequence)keyInfo.getPublicKey()); + RSAPublicKey pubKey = RSAPublicKey.getInstance(keyInfo.parsePublicKey()); return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent()); } - else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.dhpublicnumber)) { - DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.getPublicKey()); + DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.parsePublicKey()); BigInteger y = dhPublicKey.getY().getValue(); - DHDomainParameters dhParams = DHDomainParameters.getInstance(keyInfo.getAlgorithmId().getParameters()); + DHDomainParameters dhParams = DHDomainParameters.getInstance(algId.getParameters()); BigInteger p = dhParams.getP().getValue(); BigInteger g = dhParams.getG().getValue(); @@ -133,11 +130,10 @@ public class PublicKeyFactory return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation)); } - else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) + else if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.dhKeyAgreement)) { - DHParameter params = new DHParameter( - (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - DERInteger derY = (DERInteger)keyInfo.getPublicKey(); + DHParameter params = DHParameter.getInstance(algId.getParameters()); + DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); BigInteger lVal = params.getL(); int l = lVal == null ? 0 : lVal.intValue(); @@ -146,74 +142,70 @@ public class PublicKeyFactory return new DHPublicKeyParameters(derY.getValue(), dhParams); } // BEGIN android-removed - // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) + // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) // { - // ElGamalParameter params = new ElGamalParameter( - // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - // DERInteger derY = (DERInteger)keyInfo.getPublicKey(); + // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); + // DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); // // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( // params.getP(), params.getG())); // } // END android-removed - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa) - || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa) + || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1)) { - DERInteger derY = (DERInteger)keyInfo.getPublicKey(); - DEREncodable de = keyInfo.getAlgorithmId().getParameters(); + DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); + ASN1Encodable de = algId.getParameters(); DSAParameters parameters = null; if (de != null) { - DSAParameter params = DSAParameter.getInstance(de.getDERObject()); + DSAParameter params = DSAParameter.getInstance(de.toASN1Primitive()); parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); } return new DSAPublicKeyParameters(derY.getValue(), parameters); } - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) + else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey)) { X962Parameters params = new X962Parameters( - (DERObject)keyInfo.getAlgorithmId().getParameters()); - ECDomainParameters dParams = null; + (ASN1Primitive)algId.getParameters()); + X9ECParameters x9; if (params.isNamedCurve()) { - DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); - X9ECParameters ecP = X962NamedCurves.getByOID(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); + x9 = X962NamedCurves.getByOID(oid); - if (ecP == null) + if (x9 == null) { - ecP = SECNamedCurves.getByOID(oid); + x9 = SECNamedCurves.getByOID(oid); - if (ecP == null) + if (x9 == null) { - ecP = NISTNamedCurves.getByOID(oid); + x9 = NISTNamedCurves.getByOID(oid); // BEGIN android-removed - // if (ecP == null) + // if (x9 == null) // { - // ecP = TeleTrusTNamedCurves.getByOID(oid); + // x9 = TeleTrusTNamedCurves.getByOID(oid); // } // END android-removed } } - - dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), - ecP.getH(), ecP.getSeed()); } else { - X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters()); - dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), - ecP.getH(), ecP.getSeed()); + x9 = X9ECParameters.getInstance(params.getParameters()); } - DERBitString bits = keyInfo.getPublicKeyData(); - byte[] data = bits.getBytes(); - ASN1OctetString key = new DEROctetString(data); + ASN1OctetString key = new DEROctetString(keyInfo.getPublicKeyData().getBytes()); + X9ECPoint derQ = new X9ECPoint(x9.getCurve(), key); - X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key); + // TODO We lose any named parameters here + + ECDomainParameters dParams = new ECDomainParameters( + x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed()); return new ECPublicKeyParameters(derQ.getPoint(), dParams); } diff --git a/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java b/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java new file mode 100644 index 0000000..807bdfd --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java @@ -0,0 +1,88 @@ +package org.bouncycastle.jcajce; + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Signature; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; + +public class DefaultJcaJceHelper + implements JcaJceHelper +{ + public Cipher createCipher( + String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException + { + return Cipher.getInstance(algorithm); + } + + public Mac createMac(String algorithm) + throws NoSuchAlgorithmException + { + return Mac.getInstance(algorithm); + } + + public KeyAgreement createKeyAgreement(String algorithm) + throws NoSuchAlgorithmException + { + return KeyAgreement.getInstance(algorithm); + } + + public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) + throws NoSuchAlgorithmException + { + return AlgorithmParameterGenerator.getInstance(algorithm); + } + + public AlgorithmParameters createAlgorithmParameters(String algorithm) + throws NoSuchAlgorithmException + { + return AlgorithmParameters.getInstance(algorithm); + } + + public KeyGenerator createKeyGenerator(String algorithm) + throws NoSuchAlgorithmException + { + return KeyGenerator.getInstance(algorithm); + } + + public KeyFactory createKeyFactory(String algorithm) + throws NoSuchAlgorithmException + { + return KeyFactory.getInstance(algorithm); + } + + public KeyPairGenerator createKeyPairGenerator(String algorithm) + throws NoSuchAlgorithmException + { + return KeyPairGenerator.getInstance(algorithm); + } + + public MessageDigest createDigest(String algorithm) + throws NoSuchAlgorithmException + { + return MessageDigest.getInstance(algorithm); + } + + public Signature createSignature(String algorithm) + throws NoSuchAlgorithmException + { + return Signature.getInstance(algorithm); + } + + public CertificateFactory createCertificateFactory(String algorithm) + throws NoSuchAlgorithmException, CertificateException + { + return CertificateFactory.getInstance(algorithm); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java b/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java new file mode 100644 index 0000000..d8a4900 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java @@ -0,0 +1,55 @@ +package org.bouncycastle.jcajce; + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Signature; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; + +public interface JcaJceHelper +{ + Cipher createCipher( + String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; + + Mac createMac(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + KeyAgreement createKeyAgreement(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + AlgorithmParameters createAlgorithmParameters(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + KeyGenerator createKeyGenerator(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + KeyFactory createKeyFactory(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + KeyPairGenerator createKeyPairGenerator(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + MessageDigest createDigest(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + Signature createSignature(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException; + + CertificateFactory createCertificateFactory(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException, CertificateException; +} diff --git a/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java b/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java new file mode 100644 index 0000000..9abf52d --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java @@ -0,0 +1,96 @@ +package org.bouncycastle.jcajce; + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Signature; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; + +public class NamedJcaJceHelper + implements JcaJceHelper +{ + protected final String providerName; + + public NamedJcaJceHelper(String providerName) + { + this.providerName = providerName; + } + + public Cipher createCipher( + String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException + { + return Cipher.getInstance(algorithm, providerName); + } + + public Mac createMac(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return Mac.getInstance(algorithm, providerName); + } + + public KeyAgreement createKeyAgreement(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return KeyAgreement.getInstance(algorithm, providerName); + } + + public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return AlgorithmParameterGenerator.getInstance(algorithm, providerName); + } + + public AlgorithmParameters createAlgorithmParameters(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return AlgorithmParameters.getInstance(algorithm, providerName); + } + + public KeyGenerator createKeyGenerator(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return KeyGenerator.getInstance(algorithm, providerName); + } + + public KeyFactory createKeyFactory(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return KeyFactory.getInstance(algorithm, providerName); + } + + public KeyPairGenerator createKeyPairGenerator(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return KeyPairGenerator.getInstance(algorithm, providerName); + } + + public MessageDigest createDigest(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return MessageDigest.getInstance(algorithm, providerName); + } + + public Signature createSignature(String algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + return Signature.getInstance(algorithm, providerName); + } + + public CertificateFactory createCertificateFactory(String algorithm) + throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException + { + return CertificateFactory.getInstance(algorithm, providerName); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java b/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java new file mode 100644 index 0000000..83ff765 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java @@ -0,0 +1,96 @@ +package org.bouncycastle.jcajce; + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Signature; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; + +public class ProviderJcaJceHelper + implements JcaJceHelper +{ + protected final Provider provider; + + public ProviderJcaJceHelper(Provider provider) + { + this.provider = provider; + } + + public Cipher createCipher( + String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException + { + return Cipher.getInstance(algorithm, provider); + } + + public Mac createMac(String algorithm) + throws NoSuchAlgorithmException + { + return Mac.getInstance(algorithm, provider); + } + + public KeyAgreement createKeyAgreement(String algorithm) + throws NoSuchAlgorithmException + { + return KeyAgreement.getInstance(algorithm, provider); + } + + public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) + throws NoSuchAlgorithmException + { + return AlgorithmParameterGenerator.getInstance(algorithm, provider); + } + + public AlgorithmParameters createAlgorithmParameters(String algorithm) + throws NoSuchAlgorithmException + { + return AlgorithmParameters.getInstance(algorithm, provider); + } + + public KeyGenerator createKeyGenerator(String algorithm) + throws NoSuchAlgorithmException + { + return KeyGenerator.getInstance(algorithm, provider); + } + + public KeyFactory createKeyFactory(String algorithm) + throws NoSuchAlgorithmException + { + return KeyFactory.getInstance(algorithm, provider); + } + + public KeyPairGenerator createKeyPairGenerator(String algorithm) + throws NoSuchAlgorithmException + { + return KeyPairGenerator.getInstance(algorithm, provider); + } + + public MessageDigest createDigest(String algorithm) + throws NoSuchAlgorithmException + { + return MessageDigest.getInstance(algorithm, provider); + } + + public Signature createSignature(String algorithm) + throws NoSuchAlgorithmException + { + return Signature.getInstance(algorithm, provider); + } + + public CertificateFactory createCertificateFactory(String algorithm) + throws NoSuchAlgorithmException, CertificateException + { + return CertificateFactory.getInstance(algorithm, provider); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java b/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java new file mode 100644 index 0000000..235bfe5 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java @@ -0,0 +1,38 @@ +package org.bouncycastle.jcajce.io; + +import java.io.IOException; +import java.io.OutputStream; + +import javax.crypto.Mac; + +public class MacOutputStream + extends OutputStream +{ + protected Mac mac; + + public MacOutputStream( + Mac mac) + { + this.mac = mac; + } + + public void write(int b) + throws IOException + { + mac.update((byte)b); + } + + public void write( + byte[] b, + int off, + int len) + throws IOException + { + mac.update(b, off, len); + } + + public byte[] getMac() + { + return mac.doFinal(); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java new file mode 100644 index 0000000..8055576 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java @@ -0,0 +1,36 @@ +package org.bouncycastle.jcajce.provider.asymmetric; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class DH +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dh."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyPairGenerator.DH", PREFIX + "KeyPairGeneratorSpi"); + provider.addAlgorithm("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH"); + + provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi"); + provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH"); + + provider.addAlgorithm("KeyFactory.DH", PREFIX + "KeyFactorySpi"); + provider.addAlgorithm("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH"); + + provider.addAlgorithm("AlgorithmParameters.DH", PREFIX + "AlgorithmParametersSpi"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.DIFFIEHELLMAN", "DH"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.DIFFIEHELLMAN", "DH"); + + provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi"); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java new file mode 100644 index 0000000..830334b --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java @@ -0,0 +1,68 @@ +package org.bouncycastle.jcajce.provider.asymmetric; + +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil; +import org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyFactorySpi; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; + +public class DSA +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dsa."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.DSA", PREFIX + "AlgorithmParametersSpi"); + + provider.addAlgorithm("AlgorithmParameterGenerator.DSA", PREFIX + "AlgorithmParameterGeneratorSpi"); + + provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); + provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); + + // BEGIN android-changed + provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA"); + // END android-changed + provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA"); + + provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); + + // BEGIN android-removed + // addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); + // addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); + // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); + // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); + // END android-removed + + // BEGIN android-added + provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA"); + // END android-added + // BEGIN android-changed + provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); + // END android-changed + + AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); + + for (int i = 0; i != DSAUtil.dsaOids.length; i++) + { + registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact); + registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); + } + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java new file mode 100644 index 0000000..bacb6d6 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java @@ -0,0 +1,99 @@ +package org.bouncycastle.jcajce.provider.asymmetric; + +// BEGIN android-removed +// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class EC +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ec."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH"); + // BEGIN android-removed + // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); + // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); + // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); + // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); + // END android-removed + + registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC()); + // TODO Should this be an alias for ECDH? + registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC()); + // BEGIN android-removed + // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); + // END android-removed + + // BEGIN android-removed + // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); + // // TODO Should this be an alias for ECDH? + // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); + // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); + // END android-removed + + provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC"); + // BEGIN android-removed + // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); + // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); + // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); + // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); + // END android-removed + + provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC"); + // BEGIN android-removed + // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); + // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); + // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); + // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); + // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); + // END android-removed + + provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); + provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); + + provider.addAlgorithm("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); + // END android-removed + + // BEGIN android-removed + // addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); + // END android-removed + addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); + addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); + addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); + // BEGIN android-removed + // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); + // + // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); + // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); + // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); + // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); + // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); + // + // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); + // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); + // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // END android-removed + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java new file mode 100644 index 0000000..dcf52c8 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java @@ -0,0 +1,217 @@ +package org.bouncycastle.jcajce.provider.asymmetric; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; + +public class RSA +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".rsa."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP"); + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); + // + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); + // + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); + // + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); + // END android-removed + + provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); + // BEGIN android-changed + provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA"); + // END android-changed + // BEGIN android-removed + // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); + // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); + // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); + // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); + // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); + // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); + // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); + // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA"); + provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); + // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); + // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); + // END android-removed + + provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi"); + provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi"); + + AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); + + registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact); + registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact); + registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact); + // BEGIN android-removed + // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); + // + // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); + // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); + // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); + // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); + // + // + // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); + // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); + // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); + // + // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); + // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); + // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); + // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); + // + // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); + // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); + // + // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); + // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); + // + // + // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS"); + // + // if (provider.hasAlgorithm("MessageDigest", "MD2")) + // { + // addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); + // } + // + // if (provider.hasAlgorithm("MessageDigest", "MD2")) + // { + // addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); + // } + // + // if (provider.hasAlgorithm("MessageDigest", "MD2")) + // { + // addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); + // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); + // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); + // } + // END android-removed + + if (provider.hasAlgorithm("MessageDigest", "SHA1")) + { + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); + // END android-removed + + addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); + // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); + // END android-removed + provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); + provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); + } + + // BEGIN android-removed + // addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // END android-removed + addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption); + addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption); + addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption); + + // BEGIN android-removed + // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) + // { + // addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); + // addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); + // } + // + // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) + // { + // addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); + // addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); + // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); + // provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); + // } + // + // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) + // { + // addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); + // } + // END android-removed + } + + private void addDigestSignature( + ConfigurableProvider provider, + String digest, + String className, + ASN1ObjectIdentifier oid) + { + String mainName = digest + "WITHRSA"; + String jdk11Variation1 = digest + "withRSA"; + String jdk11Variation2 = digest + "WithRSA"; + String alias = digest + "/" + "RSA"; + String longName = digest + "WITHRSAENCRYPTION"; + String longJdk11Variation1 = digest + "withRSAEncryption"; + String longJdk11Variation2 = digest + "WithRSAEncryption"; + + provider.addAlgorithm("Signature." + mainName, className); + provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation1, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation2, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + longName, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + longJdk11Variation1, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + longJdk11Variation2, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + alias, mainName); + + if (oid != null) + { + provider.addAlgorithm("Alg.Alias.Signature." + oid, mainName); + provider.addAlgorithm("Alg.Alias.Signature.OID." + oid, mainName); + } + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java new file mode 100644 index 0000000..a9fb6b2 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java @@ -0,0 +1,33 @@ +package org.bouncycastle.jcajce.provider.asymmetric; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +/** + * For some reason the class path project thinks that such a KeyFactory will exist. + */ +public class X509 +{ + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + + } + + public void configure(ConfigurableProvider provider) + { + // BEGIN android-removed + // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); + // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); + // END android-removed + + // + // certificate factories. + // + provider.addAlgorithm("CertificateFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory"); + provider.addAlgorithm("Alg.Alias.CertificateFactory.X509", "X.509"); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java new file mode 100644 index 0000000..8bdcc55 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java @@ -0,0 +1,77 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; + +import javax.crypto.spec.DHGenParameterSpec; +import javax.crypto.spec.DHParameterSpec; + +import org.bouncycastle.crypto.generators.DHParametersGenerator; +import org.bouncycastle.crypto.params.DHParameters; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public class AlgorithmParameterGeneratorSpi + extends java.security.AlgorithmParameterGeneratorSpi +{ + protected SecureRandom random; + protected int strength = 1024; + + private int l = 0; + + protected void engineInit( + int strength, + SecureRandom random) + { + this.strength = strength; + this.random = random; + } + + protected void engineInit( + AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + if (!(genParamSpec instanceof DHGenParameterSpec)) + { + throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); + } + DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; + + this.strength = spec.getPrimeSize(); + this.l = spec.getExponentSize(); + this.random = random; + } + + protected AlgorithmParameters engineGenerateParameters() + { + DHParametersGenerator pGen = new DHParametersGenerator(); + + if (random != null) + { + pGen.init(strength, 20, random); + } + else + { + pGen.init(strength, 20, new SecureRandom()); + } + + DHParameters p = pGen.generateParameters(); + + AlgorithmParameters params; + + try + { + params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME); + params.init(new DHParameterSpec(p.getP(), p.getG(), l)); + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage()); + } + + return params; + } + +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.java new file mode 100644 index 0000000..c771123 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.java @@ -0,0 +1,142 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.DHParameterSpec; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.pkcs.DHParameter; + +public class AlgorithmParametersSpi + extends java.security.AlgorithmParametersSpi +{ + DHParameterSpec currentSpec; + + protected boolean isASN1FormatString(String format) + { + return format == null || format.equals("ASN.1"); + } + + protected AlgorithmParameterSpec engineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == null) + { + throw new NullPointerException("argument to getParameterSpec must not be null"); + } + + return localEngineGetParameterSpec(paramSpec); + } + + + + + /** + * Return the PKCS#3 ASN.1 structure DHParameter. + * <p> + * <pre> + * DHParameter ::= SEQUENCE { + * prime INTEGER, -- p + * base INTEGER, -- g + * privateValueLength INTEGER OPTIONAL} + * </pre> + */ + protected byte[] engineGetEncoded() + { + DHParameter dhP = new DHParameter(currentSpec.getP(), currentSpec.getG(), currentSpec.getL()); + + try + { + return dhP.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Error encoding DHParameters"); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == DHParameterSpec.class) + { + return currentSpec; + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to DH parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof DHParameterSpec)) + { + throw new InvalidParameterSpecException("DHParameterSpec required to initialise a Diffie-Hellman algorithm parameters object"); + } + + this.currentSpec = (DHParameterSpec)paramSpec; + } + + protected void engineInit( + byte[] params) + throws IOException + { + try + { + DHParameter dhP = DHParameter.getInstance(params); + + if (dhP.getL() != null) + { + currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG(), dhP.getL().intValue()); + } + else + { + currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG()); + } + } + catch (ClassCastException e) + { + throw new IOException("Not a valid DH Parameter encoding."); + } + catch (ArrayIndexOutOfBoundsException e) + { + throw new IOException("Not a valid DH Parameter encoding."); + } + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (isASN1FormatString(format)) + { + engineInit(params); + } + else + { + throw new IOException("Unknown parameter format " + format); + } + } + + protected String engineToString() + { + return "Diffie-Hellman Parameters"; + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.java new file mode 100644 index 0000000..332e2eb --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.java @@ -0,0 +1,214 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; +import java.util.Enumeration; + +import javax.crypto.interfaces.DHPrivateKey; +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPrivateKeySpec; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.pkcs.DHParameter; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.DHDomainParameters; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.DHPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; + + +public class BCDHPrivateKey + implements DHPrivateKey, PKCS12BagAttributeCarrier +{ + static final long serialVersionUID = 311058815616901812L; + + private BigInteger x; + + private transient DHParameterSpec dhSpec; + private transient PrivateKeyInfo info; + + private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + protected BCDHPrivateKey() + { + } + + BCDHPrivateKey( + DHPrivateKey key) + { + this.x = key.getX(); + this.dhSpec = key.getParams(); + } + + BCDHPrivateKey( + DHPrivateKeySpec spec) + { + this.x = spec.getX(); + this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); + } + + public BCDHPrivateKey( + PrivateKeyInfo info) + throws IOException + { + ASN1Sequence seq = ASN1Sequence.getInstance(info.getPrivateKeyAlgorithm().getParameters()); + ASN1Integer derX = (ASN1Integer)info.parsePrivateKey(); + ASN1ObjectIdentifier id = info.getPrivateKeyAlgorithm().getAlgorithm(); + + this.info = info; + this.x = derX.getValue(); + + if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement)) + { + DHParameter params = DHParameter.getInstance(seq); + + if (params.getL() != null) + { + this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); + } + else + { + this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); + } + } + else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) + { + DHDomainParameters params = DHDomainParameters.getInstance(seq); + + this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue()); + } + else + { + throw new IllegalArgumentException("unknown algorithm type: " + id); + } + } + + BCDHPrivateKey( + DHPrivateKeyParameters params) + { + this.x = params.getX(); + this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); + } + + public String getAlgorithm() + { + return "DH"; + } + + /** + * return the encoding format we produce in getEncoded(). + * + * @return the string "PKCS#8" + */ + public String getFormat() + { + return "PKCS#8"; + } + + /** + * Return a PKCS8 representation of the key. The sequence returned + * represents a full PrivateKeyInfo object. + * + * @return a PKCS8 representation of the key. + */ + public byte[] getEncoded() + { + try + { + if (info != null) + { + return info.getEncoded(ASN1Encoding.DER); + } + + PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).toASN1Primitive()), new ASN1Integer(getX())); + + return info.getEncoded(ASN1Encoding.DER); + } + catch (Exception e) + { + return null; + } + } + + public DHParameterSpec getParams() + { + return dhSpec; + } + + public BigInteger getX() + { + return x; + } + + public boolean equals( + Object o) + { + if (!(o instanceof DHPrivateKey)) + { + return false; + } + + DHPrivateKey other = (DHPrivateKey)o; + + return this.getX().equals(other.getX()) + && this.getParams().getG().equals(other.getParams().getG()) + && this.getParams().getP().equals(other.getParams().getP()) + && this.getParams().getL() == other.getParams().getL(); + } + + public int hashCode() + { + return this.getX().hashCode() ^ this.getParams().getG().hashCode() + ^ this.getParams().getP().hashCode() ^ this.getParams().getL(); + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + DERObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); + this.info = null; + this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + out.writeObject(dhSpec.getP()); + out.writeObject(dhSpec.getG()); + out.writeInt(dhSpec.getL()); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java new file mode 100644 index 0000000..0697f75 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java @@ -0,0 +1,204 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; + +import javax.crypto.interfaces.DHPublicKey; +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; + +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.pkcs.DHParameter; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.DHDomainParameters; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.DHPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; + +public class BCDHPublicKey + implements DHPublicKey +{ + static final long serialVersionUID = -216691575254424324L; + + private BigInteger y; + + private transient DHParameterSpec dhSpec; + private transient SubjectPublicKeyInfo info; + + BCDHPublicKey( + DHPublicKeySpec spec) + { + this.y = spec.getY(); + this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); + } + + BCDHPublicKey( + DHPublicKey key) + { + this.y = key.getY(); + this.dhSpec = key.getParams(); + } + + BCDHPublicKey( + DHPublicKeyParameters params) + { + this.y = params.getY(); + this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); + } + + BCDHPublicKey( + BigInteger y, + DHParameterSpec dhSpec) + { + this.y = y; + this.dhSpec = dhSpec; + } + + public BCDHPublicKey( + SubjectPublicKeyInfo info) + { + this.info = info; + + ASN1Integer derY; + try + { + derY = (ASN1Integer)info.parsePublicKey(); + } + catch (IOException e) + { + throw new IllegalArgumentException("invalid info structure in DH public key"); + } + + this.y = derY.getValue(); + + ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithm().getParameters()); + ASN1ObjectIdentifier id = info.getAlgorithm().getAlgorithm(); + + // we need the PKCS check to handle older keys marked with the X9 oid. + if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq)) + { + DHParameter params = DHParameter.getInstance(seq); + + if (params.getL() != null) + { + this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); + } + else + { + this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); + } + } + else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) + { + DHDomainParameters params = DHDomainParameters.getInstance(seq); + + this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue()); + } + else + { + throw new IllegalArgumentException("unknown algorithm type: " + id); + } + } + + public String getAlgorithm() + { + return "DH"; + } + + public String getFormat() + { + return "X.509"; + } + + public byte[] getEncoded() + { + if (info != null) + { + return KeyUtil.getEncodedSubjectPublicKeyInfo(info); + } + + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).toASN1Primitive()), new ASN1Integer(y)); + } + + public DHParameterSpec getParams() + { + return dhSpec; + } + + public BigInteger getY() + { + return y; + } + + private boolean isPKCSParam(ASN1Sequence seq) + { + if (seq.size() == 2) + { + return true; + } + + if (seq.size() > 3) + { + return false; + } + + ASN1Integer l = ASN1Integer.getInstance(seq.getObjectAt(2)); + ASN1Integer p = ASN1Integer.getInstance(seq.getObjectAt(0)); + + if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0) + { + return false; + } + + return true; + } + + public int hashCode() + { + return this.getY().hashCode() ^ this.getParams().getG().hashCode() + ^ this.getParams().getP().hashCode() ^ this.getParams().getL(); + } + + public boolean equals( + Object o) + { + if (!(o instanceof DHPublicKey)) + { + return false; + } + + DHPublicKey other = (DHPublicKey)o; + + return this.getY().equals(other.getY()) + && this.getParams().getG().equals(other.getParams().getG()) + && this.getParams().getP().equals(other.getParams().getP()) + && this.getParams().getL() == other.getParams().getL(); + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); + this.info = null; + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + out.writeObject(dhSpec.getP()); + out.writeObject(dhSpec.getG()); + out.writeInt(dhSpec.getL()); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java new file mode 100644 index 0000000..4bd7805 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java @@ -0,0 +1,50 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.security.InvalidKeyException; +import java.security.PrivateKey; +import java.security.PublicKey; + +import javax.crypto.interfaces.DHPrivateKey; +import javax.crypto.interfaces.DHPublicKey; + +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.DHParameters; +import org.bouncycastle.crypto.params.DHPrivateKeyParameters; +import org.bouncycastle.crypto.params.DHPublicKeyParameters; + +/** + * utility class for converting jce/jca DH objects + * objects into their org.bouncycastle.crypto counterparts. + */ +public class DHUtil +{ + static public AsymmetricKeyParameter generatePublicKeyParameter( + PublicKey key) + throws InvalidKeyException + { + if (key instanceof DHPublicKey) + { + DHPublicKey k = (DHPublicKey)key; + + return new DHPublicKeyParameters(k.getY(), + new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); + } + + throw new InvalidKeyException("can't identify DH public key."); + } + + static public AsymmetricKeyParameter generatePrivateKeyParameter( + PrivateKey key) + throws InvalidKeyException + { + if (key instanceof DHPrivateKey) + { + DHPrivateKey k = (DHPrivateKey)key; + + return new DHPrivateKeyParameters(k.getX(), + new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); + } + + throw new InvalidKeyException("can't identify DH private key."); + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java index ef8f76a..5a66ffb 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.dh; import java.math.BigInteger; import java.security.InvalidAlgorithmParameterException; @@ -8,7 +8,6 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.util.Hashtable; -import javax.crypto.KeyAgreementSpi; import javax.crypto.SecretKey; import javax.crypto.ShortBufferException; import javax.crypto.interfaces.DHPrivateKey; @@ -24,8 +23,8 @@ import org.bouncycastle.util.Strings; * if you are using long term public keys, see the light-weight version for * details. */ -public class JCEDHKeyAgreement - extends KeyAgreementSpi +public class KeyAgreementSpi + extends javax.crypto.KeyAgreementSpi { private BigInteger x; private BigInteger p; @@ -96,7 +95,7 @@ public class JCEDHKeyAgreement result = ((DHPublicKey)key).getY().modPow(x, p); } - return new JCEDHPublicKey(result, pubKey.getParams()); + return new BCDHPublicKey(result, pubKey.getParams()); } protected byte[] engineGenerateSecret() diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java new file mode 100644 index 0000000..9565bd2 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java @@ -0,0 +1,128 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.interfaces.DHPrivateKey; +import javax.crypto.interfaces.DHPublicKey; +import javax.crypto.spec.DHPrivateKeySpec; +import javax.crypto.spec.DHPublicKeySpec; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; + +public class KeyFactorySpi + extends BaseKeyFactorySpi +{ + public KeyFactorySpi() + { + } + + protected KeySpec engineGetKeySpec( + Key key, + Class spec) + throws InvalidKeySpecException + { + if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) + { + DHPrivateKey k = (DHPrivateKey)key; + + return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG()); + } + else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) + { + DHPublicKey k = (DHPublicKey)key; + + return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); + } + + return super.engineGetKeySpec(key, spec); + } + + protected Key engineTranslateKey( + Key key) + throws InvalidKeyException + { + if (key instanceof DHPublicKey) + { + return new BCDHPublicKey((DHPublicKey)key); + } + else if (key instanceof DHPrivateKey) + { + return new BCDHPrivateKey((DHPrivateKey)key); + } + + throw new InvalidKeyException("key type unknown"); + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DHPrivateKeySpec) + { + return new BCDHPrivateKey((DHPrivateKeySpec)keySpec); + } + + return super.engineGeneratePrivate(keySpec); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DHPublicKeySpec) + { + return new BCDHPublicKey((DHPublicKeySpec)keySpec); + } + + return super.engineGeneratePublic(keySpec); + } + + public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); + + if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) + { + return new BCDHPrivateKey(keyInfo); + } + else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) + { + return new BCDHPrivateKey(keyInfo); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } + + public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); + + if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) + { + return new BCDHPublicKey(keyInfo); + } + else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) + { + return new BCDHPublicKey(keyInfo); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java new file mode 100644 index 0000000..69d5703 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java @@ -0,0 +1,106 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dh; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPair; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.util.Hashtable; + +import javax.crypto.spec.DHParameterSpec; + +import org.bouncycastle.crypto.AsymmetricCipherKeyPair; +import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator; +import org.bouncycastle.crypto.generators.DHParametersGenerator; +import org.bouncycastle.crypto.params.DHKeyGenerationParameters; +import org.bouncycastle.crypto.params.DHParameters; +import org.bouncycastle.crypto.params.DHPrivateKeyParameters; +import org.bouncycastle.crypto.params.DHPublicKeyParameters; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public class KeyPairGeneratorSpi + extends java.security.KeyPairGenerator +{ + private static Hashtable params = new Hashtable(); + + DHKeyGenerationParameters param; + DHBasicKeyPairGenerator engine = new DHBasicKeyPairGenerator(); + int strength = 1024; + int certainty = 20; + SecureRandom random = new SecureRandom(); + boolean initialised = false; + + public KeyPairGeneratorSpi() + { + super("DH"); + } + + public void initialize( + int strength, + SecureRandom random) + { + this.strength = strength; + this.random = random; + } + + public void initialize( + AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + if (!(params instanceof DHParameterSpec)) + { + throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec"); + } + DHParameterSpec dhParams = (DHParameterSpec)params; + + param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL())); + + engine.init(param); + initialised = true; + } + + public KeyPair generateKeyPair() + { + if (!initialised) + { + // BEGIN android-changed + Integer paramStrength = Integer.valueOf(strength); + // END android-changed + + if (params.containsKey(paramStrength)) + { + param = (DHKeyGenerationParameters)params.get(paramStrength); + } + else + { + DHParameterSpec dhParams = BouncyCastleProvider.CONFIGURATION.getDHDefaultParameters(); + + if (dhParams != null && dhParams.getP().bitLength() == strength) + { + param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL())); + } + else + { + DHParametersGenerator pGen = new DHParametersGenerator(); + + pGen.init(strength, certainty, random); + + param = new DHKeyGenerationParameters(random, pGen.generateParameters()); + + params.put(paramStrength, param); + } + } + + engine.init(param); + + initialised = true; + } + + AsymmetricCipherKeyPair pair = engine.generateKeyPair(); + DHPublicKeyParameters pub = (DHPublicKeyParameters)pair.getPublic(); + DHPrivateKeyParameters priv = (DHPrivateKeyParameters)pair.getPrivate(); + + return new KeyPair(new BCDHPublicKey(pub), + new BCDHPrivateKey(priv)); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java new file mode 100644 index 0000000..2e5ee56 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java @@ -0,0 +1,72 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dsa; + +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; + +import org.bouncycastle.crypto.generators.DSAParametersGenerator; +import org.bouncycastle.crypto.params.DSAParameters; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +//import org.bouncycastle.jce.spec.GOST3410ParameterSpec; +//import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; + +public class AlgorithmParameterGeneratorSpi + extends java.security.AlgorithmParameterGeneratorSpi +{ + protected SecureRandom random; + protected int strength = 1024; + + protected void engineInit( + int strength, + SecureRandom random) + { + if (strength < 512 || strength > 1024 || strength % 64 != 0) + { + throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); + } + + this.strength = strength; + this.random = random; + } + + protected void engineInit( + AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DSA parameter generation."); + } + + protected AlgorithmParameters engineGenerateParameters() + { + DSAParametersGenerator pGen = new DSAParametersGenerator(); + + if (random != null) + { + pGen.init(strength, 20, random); + } + else + { + pGen.init(strength, 20, new SecureRandom()); + } + + DSAParameters p = pGen.generateParameters(); + + AlgorithmParameters params; + + try + { + params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME); + params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG())); + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage()); + } + + return params; + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java new file mode 100644 index 0000000..6dfb8fb --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java @@ -0,0 +1,133 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dsa; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x509.DSAParameter; + +public class AlgorithmParametersSpi + extends java.security.AlgorithmParametersSpi +{ + DSAParameterSpec currentSpec; + + protected boolean isASN1FormatString(String format) + { + return format == null || format.equals("ASN.1"); + } + + protected AlgorithmParameterSpec engineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == null) + { + throw new NullPointerException("argument to getParameterSpec must not be null"); + } + + return localEngineGetParameterSpec(paramSpec); + } + + /** + * Return the X.509 ASN.1 structure DSAParameter. + * <p/> + * <pre> + * DSAParameter ::= SEQUENCE { + * prime INTEGER, -- p + * subprime INTEGER, -- q + * base INTEGER, -- g} + * </pre> + */ + protected byte[] engineGetEncoded() + { + DSAParameter dsaP = new DSAParameter(currentSpec.getP(), currentSpec.getQ(), currentSpec.getG()); + + try + { + return dsaP.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Error encoding DSAParameters"); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == DSAParameterSpec.class) + { + return currentSpec; + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to DSA parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof DSAParameterSpec)) + { + throw new InvalidParameterSpecException("DSAParameterSpec required to initialise a DSA algorithm parameters object"); + } + + this.currentSpec = (DSAParameterSpec)paramSpec; + } + + protected void engineInit( + byte[] params) + throws IOException + { + try + { + DSAParameter dsaP = new DSAParameter((ASN1Sequence)ASN1Primitive.fromByteArray(params)); + + currentSpec = new DSAParameterSpec(dsaP.getP(), dsaP.getQ(), dsaP.getG()); + } + catch (ClassCastException e) + { + throw new IOException("Not a valid DSA Parameter encoding."); + } + catch (ArrayIndexOutOfBoundsException e) + { + throw new IOException("Not a valid DSA Parameter encoding."); + } + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) + { + engineInit(params); + } + else + { + throw new IOException("Unknown parameter format " + format); + } + } + + protected String engineToString() + { + return "DSA Parameters"; + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.java new file mode 100644 index 0000000..f67d12d --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.java @@ -0,0 +1,168 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dsa; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPrivateKey; +import java.security.spec.DSAParameterSpec; +import java.security.spec.DSAPrivateKeySpec; +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.DSAParameter; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; + +public class BCDSAPrivateKey + implements DSAPrivateKey, PKCS12BagAttributeCarrier +{ + private static final long serialVersionUID = -4677259546958385734L; + + private BigInteger x; + private transient DSAParams dsaSpec; + + private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + protected BCDSAPrivateKey() + { + } + + BCDSAPrivateKey( + DSAPrivateKey key) + { + this.x = key.getX(); + this.dsaSpec = key.getParams(); + } + + BCDSAPrivateKey( + DSAPrivateKeySpec spec) + { + this.x = spec.getX(); + this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); + } + + public BCDSAPrivateKey( + PrivateKeyInfo info) + throws IOException + { + DSAParameter params = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters()); + ASN1Integer derX = (ASN1Integer)info.parsePrivateKey(); + + this.x = derX.getValue(); + this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); + } + + BCDSAPrivateKey( + DSAPrivateKeyParameters params) + { + this.x = params.getX(); + this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); + } + + public String getAlgorithm() + { + return "DSA"; + } + + /** + * return the encoding format we produce in getEncoded(). + * + * @return the string "PKCS#8" + */ + public String getFormat() + { + return "PKCS#8"; + } + + /** + * Return a PKCS8 representation of the key. The sequence returned + * represents a full PrivateKeyInfo object. + * + * @return a PKCS8 representation of the key. + */ + public byte[] getEncoded() + { + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).toASN1Primitive()), new ASN1Integer(getX())); + } + + public DSAParams getParams() + { + return dsaSpec; + } + + public BigInteger getX() + { + return x; + } + + public boolean equals( + Object o) + { + if (!(o instanceof DSAPrivateKey)) + { + return false; + } + + DSAPrivateKey other = (DSAPrivateKey)o; + + return this.getX().equals(other.getX()) + && this.getParams().getG().equals(other.getParams().getG()) + && this.getParams().getP().equals(other.getParams().getP()) + && this.getParams().getQ().equals(other.getParams().getQ()); + } + + public int hashCode() + { + return this.getX().hashCode() ^ this.getParams().getG().hashCode() + ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode(); + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + DERObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject()); + this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + out.writeObject(dsaSpec.getP()); + out.writeObject(dsaSpec.getQ()); + out.writeObject(dsaSpec.getG()); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.java new file mode 100644 index 0000000..e66330b --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.java @@ -0,0 +1,171 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dsa; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAParameterSpec; +import java.security.spec.DSAPublicKeySpec; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.DSAParameter; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.DSAPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; + +public class BCDSAPublicKey + implements DSAPublicKey +{ + private static final long serialVersionUID = 1752452449903495175L; + + private BigInteger y; + private transient DSAParams dsaSpec; + + BCDSAPublicKey( + DSAPublicKeySpec spec) + { + this.y = spec.getY(); + this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); + } + + BCDSAPublicKey( + DSAPublicKey key) + { + this.y = key.getY(); + this.dsaSpec = key.getParams(); + } + + BCDSAPublicKey( + DSAPublicKeyParameters params) + { + this.y = params.getY(); + this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); + } + + BCDSAPublicKey( + BigInteger y, + DSAParameterSpec dsaSpec) + { + this.y = y; + this.dsaSpec = dsaSpec; + } + + public BCDSAPublicKey( + SubjectPublicKeyInfo info) + { + + ASN1Integer derY; + + try + { + derY = (ASN1Integer)info.parsePublicKey(); + } + catch (IOException e) + { + throw new IllegalArgumentException("invalid info structure in DSA public key"); + } + + this.y = derY.getValue(); + + if (isNotNull(info.getAlgorithm().getParameters())) + { + DSAParameter params = DSAParameter.getInstance(info.getAlgorithm().getParameters()); + + this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); + } + } + + private boolean isNotNull(ASN1Encodable parameters) + { + return parameters != null && !DERNull.INSTANCE.equals(parameters.toASN1Primitive()); + } + + public String getAlgorithm() + { + return "DSA"; + } + + public String getFormat() + { + return "X.509"; + } + + public byte[] getEncoded() + { + if (dsaSpec == null) + { + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new ASN1Integer(y)); + } + + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).toASN1Primitive()), new ASN1Integer(y)); + } + + public DSAParams getParams() + { + return dsaSpec; + } + + public BigInteger getY() + { + return y; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append("DSA Public Key").append(nl); + buf.append(" y: ").append(this.getY().toString(16)).append(nl); + + return buf.toString(); + } + + public int hashCode() + { + return this.getY().hashCode() ^ this.getParams().getG().hashCode() + ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode(); + } + + public boolean equals( + Object o) + { + if (!(o instanceof DSAPublicKey)) + { + return false; + } + + DSAPublicKey other = (DSAPublicKey)o; + + return this.getY().equals(other.getY()) + && this.getParams().getG().equals(other.getParams().getG()) + && this.getParams().getP().equals(other.getParams().getP()) + && this.getParams().getQ().equals(other.getParams().getQ()); + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject()); + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + out.writeObject(dsaSpec.getP()); + out.writeObject(dsaSpec.getQ()); + out.writeObject(dsaSpec.getG()); + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index 1c22952..e95b76d 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.dsa; import java.io.IOException; import java.math.BigInteger; @@ -11,31 +11,31 @@ import java.security.SignatureSpi; import java.security.interfaces.DSAKey; import java.security.spec.AlgorithmParameterSpec; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added // BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; // import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; // END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.DSASigner; -// BEGIN android-removed -// import org.bouncycastle.jce.interfaces.GOST3410Key; -// END android-removed -public class JDKDSASigner +public class DSASigner extends SignatureSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers { @@ -43,9 +43,9 @@ public class JDKDSASigner private DSA signer; private SecureRandom random; - protected JDKDSASigner( - Digest digest, - DSA signer) + protected DSASigner( + Digest digest, + DSA signer) { this.digest = digest; this.signer = signer; @@ -57,16 +57,12 @@ public class JDKDSASigner { CipherParameters param; - // BEGIN android-removed - // if (publicKey instanceof GOST3410Key) - // { - // param = GOST3410Util.generatePublicKeyParameter(publicKey); - // } - // else if (publicKey instanceof DSAKey) - // END android-removed - // BEGIN android-added +// if (publicKey instanceof GOST3410Key) +// { +// param = GOST3410Util.generatePublicKeyParameter(publicKey); +// } +// else if (publicKey instanceof DSAKey) if (publicKey instanceof DSAKey) - // END android-added { param = DSAUtil.generatePublicKeyParameter(publicKey); } @@ -76,7 +72,7 @@ public class JDKDSASigner { byte[] bytes = publicKey.getEncoded(); - publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes); + publicKey = new BCDSAPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); if (publicKey instanceof DSAKey) { @@ -112,18 +108,14 @@ public class JDKDSASigner { CipherParameters param; - // BEGIN android-removed - // if (privateKey instanceof GOST3410Key) - // { - // param = GOST3410Util.generatePrivateKeyParameter(privateKey); - // } - // else - // { - // END android-removed +// if (privateKey instanceof GOST3410Key) +// { +// param = GOST3410Util.generatePrivateKeyParameter(privateKey); +// } +// else +// { param = DSAUtil.generatePrivateKeyParameter(privateKey); - // BEGIN android-removed - // } - // END android-removed +// } if (random != null) { @@ -221,74 +213,76 @@ public class JDKDSASigner BigInteger s) throws IOException { - DERInteger[] rs = new DERInteger[]{ new DERInteger(r), new DERInteger(s) }; - return new DERSequence(rs).getEncoded(ASN1Encodable.DER); + ASN1Integer[] rs = new ASN1Integer[]{ new ASN1Integer(r), new ASN1Integer(s) }; + return new DERSequence(rs).getEncoded(ASN1Encoding.DER); } private BigInteger[] derDecode( byte[] encoding) throws IOException { - ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(encoding); + ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); return new BigInteger[]{ - ((DERInteger)s.getObjectAt(0)).getValue(), - ((DERInteger)s.getObjectAt(1)).getValue() + ((ASN1Integer)s.getObjectAt(0)).getValue(), + ((ASN1Integer)s.getObjectAt(1)).getValue() }; } static public class stdDSA - extends JDKDSASigner + extends DSASigner { public stdDSA() { - super(new SHA1Digest(), new DSASigner()); + // BEGIN android-changed + super(new OpenSSLDigest.SHA1(), new org.bouncycastle.crypto.signers.DSASigner()); + // END android-changed } } - + // BEGIN android-removed // static public class dsa224 - // extends JDKDSASigner + // extends DSASigner // { // public dsa224() // { - // super(new SHA224Digest(), new DSASigner()); + // super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); // } // } // // static public class dsa256 - // extends JDKDSASigner + // extends DSASigner // { // public dsa256() // { - // super(new SHA256Digest(), new DSASigner()); + // super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); // } // } // // static public class dsa384 - // extends JDKDSASigner + // extends DSASigner // { // public dsa384() // { - // super(new SHA384Digest(), new DSASigner()); + // super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); // } // } // // static public class dsa512 - // extends JDKDSASigner + // extends DSASigner // { // public dsa512() // { - // super(new SHA512Digest(), new DSASigner()); + // super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); // } // } // END android-removed static public class noneDSA - extends JDKDSASigner + extends DSASigner { public noneDSA() { - super(new NullDigest(), new DSASigner()); + super(new NullDigest(), new org.bouncycastle.crypto.signers.DSASigner()); } } } diff --git a/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java index 5cf3c22..5e940ec 100644 --- a/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.dsa; import java.security.InvalidKeyException; import java.security.PrivateKey; @@ -6,6 +6,9 @@ import java.security.PublicKey; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; @@ -17,6 +20,26 @@ import org.bouncycastle.crypto.params.DSAPublicKeyParameters; */ public class DSAUtil { + public static final ASN1ObjectIdentifier[] dsaOids = + { + X9ObjectIdentifiers.id_dsa, + OIWObjectIdentifiers.dsaWithSHA1 + }; + + public static boolean isDsaOid( + ASN1ObjectIdentifier algOid) + { + for (int i = 0; i != dsaOids.length; i++) + { + if (algOid.equals(dsaOids[i])) + { + return true; + } + } + + return false; + } + static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.java new file mode 100644 index 0000000..a36f3dd --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.java @@ -0,0 +1,117 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dsa; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; + +public class KeyFactorySpi + extends BaseKeyFactorySpi +{ + public KeyFactorySpi() + { + } + + protected KeySpec engineGetKeySpec( + Key key, + Class spec) + throws InvalidKeySpecException + { + if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey) + { + DSAPublicKey k = (DSAPublicKey)key; + + return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); + } + else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof java.security.interfaces.DSAPrivateKey) + { + java.security.interfaces.DSAPrivateKey k = (java.security.interfaces.DSAPrivateKey)key; + + return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); + } + + return super.engineGetKeySpec(key, spec); + } + + protected Key engineTranslateKey( + Key key) + throws InvalidKeyException + { + if (key instanceof DSAPublicKey) + { + return new BCDSAPublicKey((DSAPublicKey)key); + } + else if (key instanceof DSAPrivateKey) + { + return new BCDSAPrivateKey((DSAPrivateKey)key); + } + + throw new InvalidKeyException("key type unknown"); + } + + public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); + + if (DSAUtil.isDsaOid(algOid)) + { + return new BCDSAPrivateKey(keyInfo); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } + + public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); + + if (DSAUtil.isDsaOid(algOid)) + { + return new BCDSAPublicKey(keyInfo); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DSAPrivateKeySpec) + { + return new BCDSAPrivateKey((DSAPrivateKeySpec)keySpec); + } + + return super.engineGeneratePrivate(keySpec); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DSAPublicKeySpec) + { + return new BCDSAPublicKey((DSAPublicKeySpec)keySpec); + } + + return super.engineGeneratePublic(keySpec); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java new file mode 100644 index 0000000..c6ddf9b --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java @@ -0,0 +1,82 @@ +package org.bouncycastle.jcajce.provider.asymmetric.dsa; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.KeyPair; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; + +import org.bouncycastle.crypto.AsymmetricCipherKeyPair; +import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; +import org.bouncycastle.crypto.generators.DSAParametersGenerator; +import org.bouncycastle.crypto.params.DSAKeyGenerationParameters; +import org.bouncycastle.crypto.params.DSAParameters; +import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; +import org.bouncycastle.crypto.params.DSAPublicKeyParameters; + +public class KeyPairGeneratorSpi + extends java.security.KeyPairGenerator +{ + DSAKeyGenerationParameters param; + DSAKeyPairGenerator engine = new DSAKeyPairGenerator(); + int strength = 1024; + int certainty = 20; + SecureRandom random = new SecureRandom(); + boolean initialised = false; + + public KeyPairGeneratorSpi() + { + super("DSA"); + } + + public void initialize( + int strength, + SecureRandom random) + { + if (strength < 512 || strength > 1024 || strength % 64 != 0) + { + throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); + } + + this.strength = strength; + this.random = random; + } + + public void initialize( + AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + if (!(params instanceof DSAParameterSpec)) + { + throw new InvalidAlgorithmParameterException("parameter object not a DSAParameterSpec"); + } + DSAParameterSpec dsaParams = (DSAParameterSpec)params; + + param = new DSAKeyGenerationParameters(random, new DSAParameters(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG())); + + engine.init(param); + initialised = true; + } + + public KeyPair generateKeyPair() + { + if (!initialised) + { + DSAParametersGenerator pGen = new DSAParametersGenerator(); + + pGen.init(strength, certainty, random); + param = new DSAKeyGenerationParameters(random, pGen.generateParameters()); + engine.init(param); + initialised = true; + } + + AsymmetricCipherKeyPair pair = engine.generateKeyPair(); + DSAPublicKeyParameters pub = (DSAPublicKeyParameters)pair.getPublic(); + DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)pair.getPrivate(); + + return new KeyPair(new BCDSAPublicKey(pub), + new BCDSAPrivateKey(priv)); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java new file mode 100644 index 0000000..b07912e --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java @@ -0,0 +1,498 @@ +package org.bouncycastle.jcajce.provider.asymmetric.ec; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; +import java.security.interfaces.ECPrivateKey; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.EllipticCurve; +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// END android-removed +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X962Parameters; +import org.bouncycastle.asn1.x9.X9ECParameters; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.ECDomainParameters; +import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; +import org.bouncycastle.jce.interfaces.ECPointEncoder; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECNamedCurveSpec; +import org.bouncycastle.math.ec.ECCurve; + +public class BCECPrivateKey + implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder +{ + static final long serialVersionUID = 994553197664784084L; + + private String algorithm = "EC"; + private boolean withCompression; + + private transient BigInteger d; + private transient ECParameterSpec ecSpec; + private transient ProviderConfiguration configuration; + private transient DERBitString publicKey; + + private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + protected BCECPrivateKey() + { + } + + public BCECPrivateKey( + ECPrivateKey key, + ProviderConfiguration configuration) + { + this.d = key.getS(); + this.algorithm = key.getAlgorithm(); + this.ecSpec = key.getParams(); + this.configuration = configuration; + } + + public BCECPrivateKey( + String algorithm, + org.bouncycastle.jce.spec.ECPrivateKeySpec spec, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.d = spec.getD(); + + if (spec.getParams() != null) // can be null if implicitlyCA + { + ECCurve curve = spec.getParams().getCurve(); + EllipticCurve ellipticCurve; + + ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); + + this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); + } + else + { + this.ecSpec = null; + } + + this.configuration = configuration; + } + + + public BCECPrivateKey( + String algorithm, + ECPrivateKeySpec spec, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.d = spec.getS(); + this.ecSpec = spec.getParams(); + this.configuration = configuration; + } + + public BCECPrivateKey( + String algorithm, + BCECPrivateKey key) + { + this.algorithm = algorithm; + this.d = key.d; + this.ecSpec = key.ecSpec; + this.withCompression = key.withCompression; + this.attrCarrier = key.attrCarrier; + this.publicKey = key.publicKey; + this.configuration = key.configuration; + } + + public BCECPrivateKey( + String algorithm, + ECPrivateKeyParameters params, + BCECPublicKey pubKey, + ECParameterSpec spec, + ProviderConfiguration configuration) + { + ECDomainParameters dp = params.getParameters(); + + this.algorithm = algorithm; + this.d = params.getD(); + this.configuration = configuration; + + if (spec == null) + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); + + this.ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + dp.getG().getX().toBigInteger(), + dp.getG().getY().toBigInteger()), + dp.getN(), + dp.getH().intValue()); + } + else + { + this.ecSpec = spec; + } + + publicKey = getPublicKeyDetails(pubKey); + } + + public BCECPrivateKey( + String algorithm, + ECPrivateKeyParameters params, + BCECPublicKey pubKey, + org.bouncycastle.jce.spec.ECParameterSpec spec, + ProviderConfiguration configuration) + { + ECDomainParameters dp = params.getParameters(); + + this.algorithm = algorithm; + this.d = params.getD(); + this.configuration = configuration; + + if (spec == null) + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); + + this.ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + dp.getG().getX().toBigInteger(), + dp.getG().getY().toBigInteger()), + dp.getN(), + dp.getH().intValue()); + } + else + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); + + this.ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + spec.getG().getX().toBigInteger(), + spec.getG().getY().toBigInteger()), + spec.getN(), + spec.getH().intValue()); + } + + publicKey = getPublicKeyDetails(pubKey); + } + + public BCECPrivateKey( + String algorithm, + ECPrivateKeyParameters params, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.d = params.getD(); + this.ecSpec = null; + this.configuration = configuration; + } + + BCECPrivateKey( + String algorithm, + PrivateKeyInfo info, + ProviderConfiguration configuration) + throws IOException + { + this.algorithm = algorithm; + this.configuration = configuration; + populateFromPrivKeyInfo(info); + } + + private void populateFromPrivKeyInfo(PrivateKeyInfo info) + throws IOException + { + X962Parameters params = X962Parameters.getInstance(info.getPrivateKeyAlgorithm().getParameters()); + + if (params.isNamedCurve()) + { + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); + X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); + + // BEGIN android-removed + // if (ecP == null) // GOST Curve + // { + // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); + // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); + // + // ecSpec = new ECNamedCurveSpec( + // ECGOST3410NamedCurves.getName(oid), + // ellipticCurve, + // new ECPoint( + // gParam.getG().getX().toBigInteger(), + // gParam.getG().getY().toBigInteger()), + // gParam.getN(), + // gParam.getH()); + // } + // else + // END android-removed + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + + ecSpec = new ECNamedCurveSpec( + ECUtil.getCurveName(oid), + ellipticCurve, + new ECPoint( + ecP.getG().getX().toBigInteger(), + ecP.getG().getY().toBigInteger()), + ecP.getN(), + ecP.getH()); + } + } + else if (params.isImplicitlyCA()) + { + ecSpec = null; + } + else + { + X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + + this.ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + ecP.getG().getX().toBigInteger(), + ecP.getG().getY().toBigInteger()), + ecP.getN(), + ecP.getH().intValue()); + } + + ASN1Encodable privKey = info.parsePrivateKey(); + if (privKey instanceof DERInteger) + { + DERInteger derD = DERInteger.getInstance(privKey); + + this.d = derD.getValue(); + } + else + { + org.bouncycastle.asn1.sec.ECPrivateKey ec = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(privKey); + + this.d = ec.getKey(); + this.publicKey = ec.getPublicKey(); + } + } + + public String getAlgorithm() + { + return algorithm; + } + + /** + * return the encoding format we produce in getEncoded(). + * + * @return the string "PKCS#8" + */ + public String getFormat() + { + return "PKCS#8"; + } + + /** + * Return a PKCS8 representation of the key. The sequence returned + * represents a full PrivateKeyInfo object. + * + * @return a PKCS8 representation of the key. + */ + public byte[] getEncoded() + { + X962Parameters params; + + if (ecSpec instanceof ECNamedCurveSpec) + { + DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); + if (curveOid == null) // guess it's the OID + { + curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); + } + params = new X962Parameters(curveOid); + } + else if (ecSpec == null) + { + params = new X962Parameters(DERNull.INSTANCE); + } + else + { + ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); + + X9ECParameters ecP = new X9ECParameters( + curve, + EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), + ecSpec.getOrder(), + BigInteger.valueOf(ecSpec.getCofactor()), + ecSpec.getCurve().getSeed()); + + params = new X962Parameters(ecP); + } + + PrivateKeyInfo info; + org.bouncycastle.asn1.sec.ECPrivateKey keyStructure; + + if (publicKey != null) + { + keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params); + } + else + { + keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params); + } + + try + { + if (algorithm.equals("ECGOST3410")) + { + info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + } + else + { + + info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + } + + return info.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } + } + + public ECParameterSpec getParams() + { + return ecSpec; + } + + public org.bouncycastle.jce.spec.ECParameterSpec getParameters() + { + if (ecSpec == null) + { + return null; + } + + return EC5Util.convertSpec(ecSpec, withCompression); + } + + org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() + { + if (ecSpec != null) + { + return EC5Util.convertSpec(ecSpec, withCompression); + } + + return configuration.getEcImplicitlyCa(); + } + + public BigInteger getS() + { + return d; + } + + public BigInteger getD() + { + return d; + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + DERObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + public void setPointFormat(String style) + { + withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); + } + + public boolean equals(Object o) + { + if (!(o instanceof BCECPrivateKey)) + { + return false; + } + + BCECPrivateKey other = (BCECPrivateKey)o; + + return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec())); + } + + public int hashCode() + { + return getD().hashCode() ^ engineGetSpec().hashCode(); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append("EC Private Key").append(nl); + buf.append(" S: ").append(this.d.toString(16)).append(nl); + + return buf.toString(); + + } + + private DERBitString getPublicKeyDetails(BCECPublicKey pub) + { + try + { + SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); + + return info.getPublicKeyData(); + } + catch (IOException e) + { // should never happen + return null; + } + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + byte[] enc = (byte[])in.readObject(); + + populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); + + this.configuration = BouncyCastleProvider.CONFIGURATION; + this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + out.writeObject(this.getEncoded()); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java new file mode 100644 index 0000000..14cc9dc --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java @@ -0,0 +1,443 @@ +package org.bouncycastle.jcajce.provider.asymmetric.ec; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; +import java.security.interfaces.ECPublicKey; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.EllipticCurve; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X962Parameters; +import org.bouncycastle.asn1.x9.X9ECParameters; +import org.bouncycastle.asn1.x9.X9ECPoint; +import org.bouncycastle.asn1.x9.X9IntegerConverter; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.ECDomainParameters; +import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; +import org.bouncycastle.jce.interfaces.ECPointEncoder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECNamedCurveSpec; +import org.bouncycastle.math.ec.ECCurve; + +public class BCECPublicKey + implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder +{ + static final long serialVersionUID = 2422789860422731812L; + + private String algorithm = "EC"; + private boolean withCompression; + + private transient org.bouncycastle.math.ec.ECPoint q; + private transient ECParameterSpec ecSpec; + private transient ProviderConfiguration configuration; + + public BCECPublicKey( + String algorithm, + BCECPublicKey key) + { + this.algorithm = algorithm; + this.q = key.q; + this.ecSpec = key.ecSpec; + this.withCompression = key.withCompression; + this.configuration = key.configuration; + } + + public BCECPublicKey( + String algorithm, + ECPublicKeySpec spec, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.ecSpec = spec.getParams(); + this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false); + this.configuration = configuration; + } + + public BCECPublicKey( + String algorithm, + org.bouncycastle.jce.spec.ECPublicKeySpec spec, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.q = spec.getQ(); + + if (spec.getParams() != null) // can be null if implictlyCa + { + ECCurve curve = spec.getParams().getCurve(); + EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); + + this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); + } + else + { + if (q.getCurve() == null) + { + org.bouncycastle.jce.spec.ECParameterSpec s = configuration.getEcImplicitlyCa(); + + q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false); + } + this.ecSpec = null; + } + + this.configuration = configuration; + } + + public BCECPublicKey( + String algorithm, + ECPublicKeyParameters params, + ECParameterSpec spec, + ProviderConfiguration configuration) + { + ECDomainParameters dp = params.getParameters(); + + this.algorithm = algorithm; + this.q = params.getQ(); + + if (spec == null) + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); + + this.ecSpec = createSpec(ellipticCurve, dp); + } + else + { + this.ecSpec = spec; + } + + this.configuration = configuration; + } + + public BCECPublicKey( + String algorithm, + ECPublicKeyParameters params, + org.bouncycastle.jce.spec.ECParameterSpec spec, + ProviderConfiguration configuration) + { + ECDomainParameters dp = params.getParameters(); + + this.algorithm = algorithm; + this.q = params.getQ(); + + if (spec == null) + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); + + this.ecSpec = createSpec(ellipticCurve, dp); + } + else + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); + + this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); + } + + this.configuration = configuration; + } + + /* + * called for implicitCA + */ + public BCECPublicKey( + String algorithm, + ECPublicKeyParameters params, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.q = params.getQ(); + this.ecSpec = null; + this.configuration = configuration; + } + + public BCECPublicKey( + ECPublicKey key, + ProviderConfiguration configuration) + { + this.algorithm = key.getAlgorithm(); + this.ecSpec = key.getParams(); + this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false); + } + + BCECPublicKey( + String algorithm, + SubjectPublicKeyInfo info, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.configuration = configuration; + populateFromPubKeyInfo(info); + } + + private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) + { + return new ECParameterSpec( + ellipticCurve, + new ECPoint( + dp.getG().getX().toBigInteger(), + dp.getG().getY().toBigInteger()), + dp.getN(), + dp.getH().intValue()); + } + + private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) + { + X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithm().getParameters()); + ECCurve curve; + EllipticCurve ellipticCurve; + + if (params.isNamedCurve()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); + X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); + + curve = ecP.getCurve(); + ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); + + ecSpec = new ECNamedCurveSpec( + ECUtil.getCurveName(oid), + ellipticCurve, + new ECPoint( + ecP.getG().getX().toBigInteger(), + ecP.getG().getY().toBigInteger()), + ecP.getN(), + ecP.getH()); + } + else if (params.isImplicitlyCA()) + { + ecSpec = null; + curve = configuration.getEcImplicitlyCa().getCurve(); + } + else + { + X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); + + curve = ecP.getCurve(); + ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); + + this.ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + ecP.getG().getX().toBigInteger(), + ecP.getG().getY().toBigInteger()), + ecP.getN(), + ecP.getH().intValue()); + } + + DERBitString bits = info.getPublicKeyData(); + byte[] data = bits.getBytes(); + ASN1OctetString key = new DEROctetString(data); + + // + // extra octet string - one of our old certs... + // + if (data[0] == 0x04 && data[1] == data.length - 2 + && (data[2] == 0x02 || data[2] == 0x03)) + { + int qLength = new X9IntegerConverter().getByteLength(curve); + + if (qLength >= data.length - 3) + { + try + { + key = (ASN1OctetString) ASN1Primitive.fromByteArray(data); + } + catch (IOException ex) + { + throw new IllegalArgumentException("error recovering public key"); + } + } + } + X9ECPoint derQ = new X9ECPoint(curve, key); + + this.q = derQ.getPoint(); + } + + public String getAlgorithm() + { + return algorithm; + } + + public String getFormat() + { + return "X.509"; + } + + public byte[] getEncoded() + { + ASN1Encodable params; + SubjectPublicKeyInfo info; + + if (ecSpec instanceof ECNamedCurveSpec) + { + ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); + if (curveOid == null) + { + curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); + } + params = new X962Parameters(curveOid); + } + else if (ecSpec == null) + { + params = new X962Parameters(DERNull.INSTANCE); + } + else + { + ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); + + X9ECParameters ecP = new X9ECParameters( + curve, + EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), + ecSpec.getOrder(), + BigInteger.valueOf(ecSpec.getCofactor()), + ecSpec.getCurve().getSeed()); + + params = new X962Parameters(ecP); + } + + ECCurve curve = this.engineGetQ().getCurve(); + ASN1OctetString p = (ASN1OctetString) + new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).toASN1Primitive(); + + info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); + + return KeyUtil.getEncodedSubjectPublicKeyInfo(info); + } + + private void extractBytes(byte[] encKey, int offSet, BigInteger bI) + { + byte[] val = bI.toByteArray(); + if (val.length < 32) + { + byte[] tmp = new byte[32]; + System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length); + val = tmp; + } + + for (int i = 0; i != 32; i++) + { + encKey[offSet + i] = val[val.length - 1 - i]; + } + } + + public ECParameterSpec getParams() + { + return ecSpec; + } + + public org.bouncycastle.jce.spec.ECParameterSpec getParameters() + { + if (ecSpec == null) // implictlyCA + { + return null; + } + + return EC5Util.convertSpec(ecSpec, withCompression); + } + + public ECPoint getW() + { + return new ECPoint(q.getX().toBigInteger(), q.getY().toBigInteger()); + } + + public org.bouncycastle.math.ec.ECPoint getQ() + { + if (ecSpec == null) + { + if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp) + { + return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY()); + } + else + { + return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY()); + } + } + + return q; + } + + public org.bouncycastle.math.ec.ECPoint engineGetQ() + { + return q; + } + + org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() + { + if (ecSpec != null) + { + return EC5Util.convertSpec(ecSpec, withCompression); + } + + return configuration.getEcImplicitlyCa(); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append("EC Public Key").append(nl); + buf.append(" X: ").append(this.q.getX().toBigInteger().toString(16)).append(nl); + buf.append(" Y: ").append(this.q.getY().toBigInteger().toString(16)).append(nl); + + return buf.toString(); + + } + + public void setPointFormat(String style) + { + withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); + } + + public boolean equals(Object o) + { + if (!(o instanceof BCECPublicKey)) + { + return false; + } + + BCECPublicKey other = (BCECPublicKey)o; + + return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec())); + } + + public int hashCode() + { + return engineGetQ().hashCode() ^ engineGetSpec().hashCode(); + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + byte[] enc = (byte[])in.readObject(); + + populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); + + this.configuration = BouncyCastleProvider.CONFIGURATION; + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + out.writeObject(this.getEncoded()); + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java index b693613..38025e7 100644 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.ec; import java.math.BigInteger; import java.security.spec.ECField; diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java index 088dfad..80ff2af 100644 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java @@ -1,6 +1,10 @@ -package org.bouncycastle.jce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.ec; -import org.bouncycastle.asn1.DERObjectIdentifier; +import java.security.InvalidKeyException; +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; // BEGIN android-removed // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; // END android-removed @@ -17,13 +21,8 @@ import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.jce.provider.ProviderUtil; -import org.bouncycastle.jce.provider.JCEECPublicKey; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; /** * utility class for converting jce/jca ECDSA, ECDH, and ECDHC @@ -112,10 +111,10 @@ public class ECUtil if (s == null) { - s = ProviderUtil.getEcImplicitlyCa(); + s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); return new ECPublicKeyParameters( - ((JCEECPublicKey)k).engineGetQ(), + ((BCECPublicKey)k).engineGetQ(), new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); } else @@ -148,7 +147,7 @@ public class ECUtil if (s == null) { - s = ProviderUtil.getEcImplicitlyCa(); + s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); } return new ECPrivateKeyParameters( @@ -159,10 +158,10 @@ public class ECUtil throw new InvalidKeyException("can't identify EC private key."); } - public static DERObjectIdentifier getNamedCurveOid( + public static ASN1ObjectIdentifier getNamedCurveOid( String name) { - DERObjectIdentifier oid = X962NamedCurves.getOID(name); + ASN1ObjectIdentifier oid = X962NamedCurves.getOID(name); if (oid == null) { @@ -187,7 +186,7 @@ public class ECUtil } public static X9ECParameters getNamedCurveByOid( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { X9ECParameters params = X962NamedCurves.getByOID(oid); @@ -210,7 +209,7 @@ public class ECUtil } public static String getCurveName( - DERObjectIdentifier oid) + ASN1ObjectIdentifier oid) { String name = X962NamedCurves.getName(oid); diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java index 438928f..38a7143 100644 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.ec; import java.math.BigInteger; import java.security.InvalidAlgorithmParameterException; @@ -11,7 +11,6 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.util.Hashtable; -import javax.crypto.KeyAgreementSpi; import javax.crypto.SecretKey; import javax.crypto.ShortBufferException; import javax.crypto.spec.SecretKeySpec; @@ -51,8 +50,8 @@ import org.bouncycastle.jce.interfaces.ECPublicKey; * * Also, MQV key agreement per SEC-1 */ -public class KeyAgreement - extends KeyAgreementSpi +public class KeyAgreementSpi + extends javax.crypto.KeyAgreementSpi { private static final X9IntegerConverter converter = new X9IntegerConverter(); private static final Hashtable algorithms = new Hashtable(); @@ -88,10 +87,10 @@ public class KeyAgreement return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getX())); } - protected KeyAgreement( - String kaAlgorithm, - BasicAgreement agreement, - DerivationFunction kdf) + protected KeyAgreementSpi( + String kaAlgorithm, + BasicAgreement agreement, + DerivationFunction kdf) { this.kaAlgorithm = kaAlgorithm; this.agreement = agreement; @@ -290,7 +289,7 @@ public class KeyAgreement } public static class DH - extends KeyAgreement + extends KeyAgreementSpi { public DH() { @@ -300,7 +299,7 @@ public class KeyAgreement // BEGIN android-removed // public static class DHC - // extends KeyAgreement + // extends KeyAgreementSpi // { // public DHC() // { @@ -309,7 +308,7 @@ public class KeyAgreement // } // // public static class MQV - // extends KeyAgreement + // extends KeyAgreementSpi // { // public MQV() // { @@ -318,7 +317,7 @@ public class KeyAgreement // } // // public static class DHwithSHA1KDF - // extends KeyAgreement + // extends KeyAgreementSpi // { // public DHwithSHA1KDF() // { @@ -327,7 +326,7 @@ public class KeyAgreement // } // // public static class MQVwithSHA1KDF - // extends KeyAgreement + // extends KeyAgreementSpi // { // public MQVwithSHA1KDF() // { diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java new file mode 100644 index 0000000..156b1d0 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java @@ -0,0 +1,240 @@ +package org.bouncycastle.jcajce.provider.asymmetric.ec; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; +import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; +import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECParameterSpec; +import org.bouncycastle.jce.spec.ECPrivateKeySpec; +import org.bouncycastle.jce.spec.ECPublicKeySpec; + +public class KeyFactorySpi + extends BaseKeyFactorySpi + implements AsymmetricKeyInfoConverter +{ + String algorithm; + ProviderConfiguration configuration; + + KeyFactorySpi( + String algorithm, + ProviderConfiguration configuration) + { + this.algorithm = algorithm; + this.configuration = configuration; + } + + protected Key engineTranslateKey( + Key key) + throws InvalidKeyException + { + if (key instanceof ECPublicKey) + { + return new BCECPublicKey((ECPublicKey)key, configuration); + } + else if (key instanceof ECPrivateKey) + { + return new BCECPrivateKey((ECPrivateKey)key, configuration); + } + + throw new InvalidKeyException("key type unknown"); + } + + protected KeySpec engineGetKeySpec( + Key key, + Class spec) + throws InvalidKeySpecException + { + if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) + { + ECPublicKey k = (ECPublicKey)key; + if (k.getParams() != null) + { + return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams()); + } + else + { + ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); + + return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); + } + } + else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) + { + ECPrivateKey k = (ECPrivateKey)key; + + if (k.getParams() != null) + { + return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams()); + } + else + { + ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); + + return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); + } + } + else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) + { + ECPublicKey k = (ECPublicKey)key; + if (k.getParams() != null) + { + return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), EC5Util.convertSpec(k.getParams(), false)); + } + else + { + ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); + + return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), implicitSpec); + } + } + else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) + { + ECPrivateKey k = (ECPrivateKey)key; + + if (k.getParams() != null) + { + return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(k.getParams(), false)); + } + else + { + ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); + + return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), implicitSpec); + } + } + + return super.engineGetKeySpec(key, spec); + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof ECPrivateKeySpec) + { + return new BCECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec, configuration); + } + else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) + { + return new BCECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec, configuration); + } + + return super.engineGeneratePrivate(keySpec); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof ECPublicKeySpec) + { + return new BCECPublicKey(algorithm, (ECPublicKeySpec)keySpec, configuration); + } + else if (keySpec instanceof java.security.spec.ECPublicKeySpec) + { + return new BCECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec, configuration); + } + + return super.engineGeneratePublic(keySpec); + } + + public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); + + if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) + { + return new BCECPrivateKey(algorithm, keyInfo, configuration); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } + + public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); + + if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) + { + return new BCECPublicKey(algorithm, keyInfo, configuration); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } + + public static class EC + extends KeyFactorySpi + { + public EC() + { + super("EC", BouncyCastleProvider.CONFIGURATION); + } + } + + public static class ECDSA + extends KeyFactorySpi + { + public ECDSA() + { + super("ECDSA", BouncyCastleProvider.CONFIGURATION); + } + } + + // BEGIN android-removed + // public static class ECGOST3410 + // extends KeyFactorySpi + // { + // public ECGOST3410() + // { + // super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); + // } + // } + // END android-removed + + public static class ECDH + extends KeyFactorySpi + { + public ECDH() + { + super("ECDH", BouncyCastleProvider.CONFIGURATION); + } + } + + public static class ECDHC + extends KeyFactorySpi + { + public ECDHC() + { + super("ECDHC", BouncyCastleProvider.CONFIGURATION); + } + } + + public static class ECMQV + extends KeyFactorySpi + { + public ECMQV() + { + super("ECMQV", BouncyCastleProvider.CONFIGURATION); + } + } +}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java index ab104ed..31090ae 100644 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.ec; import java.math.BigInteger; import java.security.InvalidAlgorithmParameterException; @@ -9,10 +9,7 @@ import java.security.spec.AlgorithmParameterSpec; import java.security.spec.ECGenParameterSpec; import java.util.Hashtable; -import org.bouncycastle.asn1.DERObjectIdentifier; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -// END android-removed +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.sec.SECNamedCurves; // BEGIN android-removed @@ -26,25 +23,24 @@ import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECKeyGenerationParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jce.provider.JCEECPrivateKey; -import org.bouncycastle.jce.provider.JCEECPublicKey; -import org.bouncycastle.jce.provider.JDKKeyPairGenerator; -import org.bouncycastle.jce.provider.ProviderUtil; +import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.jce.spec.ECParameterSpec; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; -public abstract class KeyPairGenerator - extends JDKKeyPairGenerator +public abstract class KeyPairGeneratorSpi + extends java.security.KeyPairGenerator { - public KeyPairGenerator(String algorithmName) + public KeyPairGeneratorSpi(String algorithmName) { super(algorithmName); } public static class EC - extends KeyPairGenerator + extends KeyPairGeneratorSpi { ECKeyGenerationParameters param; ECKeyPairGenerator engine = new ECKeyPairGenerator(); @@ -54,6 +50,7 @@ public abstract class KeyPairGenerator SecureRandom random = new SecureRandom(); boolean initialised = false; String algorithm; + ProviderConfiguration configuration; static private Hashtable ecParameters; @@ -75,13 +72,16 @@ public abstract class KeyPairGenerator { super("EC"); this.algorithm = "EC"; + this.configuration = BouncyCastleProvider.CONFIGURATION; } public EC( - String algorithm) + String algorithm, + ProviderConfiguration configuration) { super(algorithm); this.algorithm = algorithm; + this.configuration = configuration; } public void initialize( @@ -97,14 +97,14 @@ public abstract class KeyPairGenerator } // END android-added // BEGIN android-changed - this.ecParams = ecParameters.get(Integer.valueOf(strength)); + ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integer.valueOf(strength)); // END android-changed if (ecParams != null) { try { - initialize((ECGenParameterSpec)ecParams, random); + initialize(ecParams, random); } catch (InvalidAlgorithmParameterException e) { @@ -150,85 +150,73 @@ public abstract class KeyPairGenerator engine.init(param); initialised = true; } - else if (params instanceof ECGenParameterSpec) + else if (params instanceof ECGenParameterSpec || params instanceof ECNamedCurveGenParameterSpec) { - final String curveName = ((ECGenParameterSpec)params).getName(); + String curveName; - // BEGIN android-removed - // if (this.algorithm.equals("ECGOST3410")) - // { - // ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName); - // if (ecP == null) - // { - // throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); - // } - // - // this.ecParams = new ECNamedCurveSpec( - // curveName, - // ecP.getCurve(), - // ecP.getG(), - // ecP.getN(), - // ecP.getH(), - // ecP.getSeed()); - // } - // else - // END android-removed + if (params instanceof ECGenParameterSpec) + { + curveName = ((ECGenParameterSpec)params).getName(); + } + else { - X9ECParameters ecP = X962NamedCurves.getByName(curveName); + curveName = ((ECNamedCurveGenParameterSpec)params).getName(); + } + + X9ECParameters ecP = X962NamedCurves.getByName(curveName); + if (ecP == null) + { + ecP = SECNamedCurves.getByName(curveName); if (ecP == null) { - ecP = SECNamedCurves.getByName(curveName); - if (ecP == null) - { - ecP = NISTNamedCurves.getByName(curveName); - } - // BEGIN android-removed - // if (ecP == null) - // { - // ecP = TeleTrusTNamedCurves.getByName(curveName); - // } - // END android-removed - if (ecP == null) + ecP = NISTNamedCurves.getByName(curveName); + } + // BEGIN android-removed + // if (ecP == null) + // { + // ecP = TeleTrusTNamedCurves.getByName(curveName); + // } + // END android-removed + if (ecP == null) + { + // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) + try { - // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) - try + ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(curveName); + ecP = X962NamedCurves.getByOID(oid); + if (ecP == null) + { + ecP = SECNamedCurves.getByOID(oid); + } + if (ecP == null) { - DERObjectIdentifier oid = new DERObjectIdentifier(curveName); - ecP = X962NamedCurves.getByOID(oid); - if (ecP == null) - { - ecP = SECNamedCurves.getByOID(oid); - } - if (ecP == null) - { - ecP = NISTNamedCurves.getByOID(oid); - } - // BEGIN android-removed - // if (ecP == null) - // { - // ecP = TeleTrusTNamedCurves.getByOID(oid); - // } - // END android-removed - if (ecP == null) - { - throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); - } + ecP = NISTNamedCurves.getByOID(oid); } - catch (IllegalArgumentException ex) + // BEGIN android-removed + // if (ecP == null) + // { + // ecP = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed + if (ecP == null) { - throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); + throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); } } + catch (IllegalArgumentException ex) + { + throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); + } } + } - this.ecParams = new ECNamedCurveSpec( + this.ecParams = new ECNamedCurveSpec( curveName, ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), - null); // ecP.getSeed()); Work-around JDK bug -- it won't look up named curves properly if seed is present - } + null); // ecP.getSeed()); Work-around JDK bug -- it won't look up named curves properly if seed is present java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; @@ -240,9 +228,9 @@ public abstract class KeyPairGenerator engine.init(param); initialised = true; } - else if (params == null && ProviderUtil.getEcImplicitlyCa() != null) + else if (params == null && configuration.getEcImplicitlyCa() != null) { - ECParameterSpec p = ProviderUtil.getEcImplicitlyCa(); + ECParameterSpec p = configuration.getEcImplicitlyCa(); this.ecParams = params; param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); @@ -250,7 +238,7 @@ public abstract class KeyPairGenerator engine.init(param); initialised = true; } - else if (params == null && ProviderUtil.getEcImplicitlyCa() == null) + else if (params == null && configuration.getEcImplicitlyCa() == null) { throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set"); } @@ -283,22 +271,22 @@ public abstract class KeyPairGenerator { ECParameterSpec p = (ECParameterSpec)ecParams; - JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p); + BCECPublicKey pubKey = new BCECPublicKey(algorithm, pub, p, configuration); return new KeyPair(pubKey, - new JCEECPrivateKey(algorithm, priv, pubKey, p)); + new BCECPrivateKey(algorithm, priv, pubKey, p, configuration)); } else if (ecParams == null) { - return new KeyPair(new JCEECPublicKey(algorithm, pub), - new JCEECPrivateKey(algorithm, priv)); + return new KeyPair(new BCECPublicKey(algorithm, pub, configuration), + new BCECPrivateKey(algorithm, priv, configuration)); } else { java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; - JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p); + BCECPublicKey pubKey = new BCECPublicKey(algorithm, pub, p, configuration); - return new KeyPair(pubKey, new JCEECPrivateKey(algorithm, priv, pubKey, p)); + return new KeyPair(pubKey, new BCECPrivateKey(algorithm, priv, pubKey, p, configuration)); } } } @@ -308,27 +296,16 @@ public abstract class KeyPairGenerator { public ECDSA() { - super("ECDSA"); + super("ECDSA", BouncyCastleProvider.CONFIGURATION); } } - // BEGIN android-removed - // public static class ECGOST3410 - // extends EC - // { - // public ECGOST3410() - // { - // super("ECGOST3410"); - // } - // } - // END android-removed - public static class ECDH extends EC { public ECDH() { - super("ECDH"); + super("ECDH", BouncyCastleProvider.CONFIGURATION); } } @@ -337,7 +314,7 @@ public abstract class KeyPairGenerator { public ECDHC() { - super("ECDHC"); + super("ECDHC", BouncyCastleProvider.CONFIGURATION); } } @@ -346,7 +323,7 @@ public abstract class KeyPairGenerator { public ECMQV() { - super("ECMQV"); + super("ECMQV", BouncyCastleProvider.CONFIGURATION); } } -} +}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java index 0bb21f8..61cd513 100644 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java @@ -1,47 +1,48 @@ -package org.bouncycastle.jce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.ec; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SecureRandom; import java.security.interfaces.ECPublicKey; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.NullDigest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added // BEGIN android-removed // import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; // import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; // END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.crypto.signers.ECDSASigner; // BEGIN android-removed // import org.bouncycastle.crypto.signers.ECNRSigner; // END android-removed +import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; +import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; import org.bouncycastle.jce.interfaces.ECKey; -import org.bouncycastle.jce.provider.DSABase; -import org.bouncycastle.jce.provider.DSAEncoder; -import org.bouncycastle.jce.provider.JDKKeyFactory; +import org.bouncycastle.jce.provider.BouncyCastleProvider; -public class Signature +public class SignatureSpi extends DSABase { - Signature(Digest digest, DSA signer, DSAEncoder encoder) + SignatureSpi(Digest digest, DSA signer, DSAEncoder encoder) { super(digest, signer, encoder); } @@ -61,7 +62,7 @@ public class Signature { byte[] bytes = publicKey.getEncoded(); - publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes); + publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); if (publicKey instanceof ECPublicKey) { @@ -83,8 +84,7 @@ public class Signature } protected void engineInitSign( - PrivateKey privateKey, - SecureRandom random) + PrivateKey privateKey) throws InvalidKeyException { CipherParameters param; @@ -100,9 +100,9 @@ public class Signature digest.reset(); - if (random != null) + if (appRandom != null) { - signer.init(true, new ParametersWithRandom(param, random)); + signer.init(true, new ParametersWithRandom(param, appRandom)); } else { @@ -111,16 +111,18 @@ public class Signature } static public class ecDSA - extends Signature + extends SignatureSpi { public ecDSA() { - super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(new OpenSSLDigest.SHA1(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } static public class ecDSAnone - extends Signature + extends SignatureSpi { public ecDSAnone() { @@ -130,7 +132,7 @@ public class Signature // BEGIN android-removed // static public class ecDSA224 - // extends Signature + // extends SignatureSpi // { // public ecDSA224() // { @@ -140,35 +142,41 @@ public class Signature // END android-removed static public class ecDSA256 - extends Signature + extends SignatureSpi { public ecDSA256() { - super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(new OpenSSLDigest.SHA256(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } static public class ecDSA384 - extends Signature + extends SignatureSpi { public ecDSA384() { - super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(new OpenSSLDigest.SHA384(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } static public class ecDSA512 - extends Signature + extends SignatureSpi { public ecDSA512() { - super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(new OpenSSLDigest.SHA512(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } // BEGIN android-removed // static public class ecDSARipeMD160 - // extends Signature + // extends SignatureSpi // { // public ecDSARipeMD160() // { @@ -177,7 +185,7 @@ public class Signature // } // // static public class ecNR - // extends Signature + // extends SignatureSpi // { // public ecNR() // { @@ -186,7 +194,7 @@ public class Signature // } // // static public class ecNR224 - // extends Signature + // extends SignatureSpi // { // public ecNR224() // { @@ -195,7 +203,7 @@ public class Signature // } // // static public class ecNR256 - // extends Signature + // extends SignatureSpi // { // public ecNR256() // { @@ -204,7 +212,7 @@ public class Signature // } // // static public class ecNR384 - // extends Signature + // extends SignatureSpi // { // public ecNR384() // { @@ -213,7 +221,7 @@ public class Signature // } // // static public class ecNR512 - // extends Signature + // extends SignatureSpi // { // public ecNR512() // { @@ -222,7 +230,7 @@ public class Signature // } // // static public class ecCVCDSA - // extends Signature + // extends SignatureSpi // { // public ecCVCDSA() // { @@ -231,7 +239,7 @@ public class Signature // } // // static public class ecCVCDSA224 - // extends Signature + // extends SignatureSpi // { // public ecCVCDSA224() // { @@ -240,7 +248,7 @@ public class Signature // } // // static public class ecCVCDSA256 - // extends Signature + // extends SignatureSpi // { // public ecCVCDSA256() // { @@ -262,14 +270,14 @@ public class Signature v.add(new DERInteger(r)); v.add(new DERInteger(s)); - return new DERSequence(v).getEncoded(ASN1Encodable.DER); + return new DERSequence(v).getEncoded(ASN1Encoding.DER); } public BigInteger[] decode( byte[] encoding) throws IOException { - ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(encoding); + ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); BigInteger[] sig = new BigInteger[2]; sig[0] = ((DERInteger)s.getObjectAt(0)).getValue(); @@ -341,4 +349,4 @@ public class Signature return sig; } } -} +}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java new file mode 100644 index 0000000..99ac36c --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java @@ -0,0 +1,273 @@ +package org.bouncycastle.jcajce.provider.asymmetric.rsa; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.PSSParameterSpec; + +import javax.crypto.spec.OAEPParameterSpec; +import javax.crypto.spec.PSource; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; +import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.jcajce.provider.util.DigestFactory; + +public abstract class AlgorithmParametersSpi + extends java.security.AlgorithmParametersSpi +{ + protected boolean isASN1FormatString(String format) + { + return format == null || format.equals("ASN.1"); + } + + protected AlgorithmParameterSpec engineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == null) + { + throw new NullPointerException("argument to getParameterSpec must not be null"); + } + + return localEngineGetParameterSpec(paramSpec); + } + + protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException; + + public static class OAEP + extends AlgorithmParametersSpi + { + OAEPParameterSpec currentSpec; + + /** + * Return the PKCS#1 ASN.1 structure RSAES-OAEP-params. + */ + protected byte[] engineGetEncoded() + { + AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( + DigestFactory.getOID(currentSpec.getDigestAlgorithm()), + // BEGIN android-changed + DERNull.INSTANCE); + // END android-changed + MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); + AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_mgf1, + // BEGIN android-changed + new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); + // END android-changed + PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); + AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); + RSAESOAEPparams oaepP = new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, pSourceAlgorithm); + + try + { + return oaepP.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Error encoding OAEPParameters"); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == OAEPParameterSpec.class && currentSpec != null) + { + return currentSpec; + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to OAEP parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof OAEPParameterSpec)) + { + throw new InvalidParameterSpecException("OAEPParameterSpec required to initialise an OAEP algorithm parameters object"); + } + + this.currentSpec = (OAEPParameterSpec)paramSpec; + } + + protected void engineInit( + byte[] params) + throws IOException + { + try + { + RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); + + currentSpec = new OAEPParameterSpec( + oaepP.getHashAlgorithm().getAlgorithm().getId(), + oaepP.getMaskGenAlgorithm().getAlgorithm().getId(), + new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), + new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); + } + catch (ClassCastException e) + { + throw new IOException("Not a valid OAEP Parameter encoding."); + } + catch (ArrayIndexOutOfBoundsException e) + { + throw new IOException("Not a valid OAEP Parameter encoding."); + } + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (format.equalsIgnoreCase("X.509") + || format.equalsIgnoreCase("ASN.1")) + { + engineInit(params); + } + else + { + throw new IOException("Unknown parameter format " + format); + } + } + + protected String engineToString() + { + return "OAEP Parameters"; + } + } + + public static class PSS + extends AlgorithmParametersSpi + { + PSSParameterSpec currentSpec; + + /** + * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params. + */ + protected byte[] engineGetEncoded() + throws IOException + { + PSSParameterSpec pssSpec = currentSpec; + AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( + DigestFactory.getOID(pssSpec.getDigestAlgorithm()), + // BEGIN android-changed + DERNull.INSTANCE); + // END android-changed + MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); + AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_mgf1, + // BEGIN android-changed + new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); + // END android-changed + RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new ASN1Integer(pssSpec.getSaltLength()), new ASN1Integer(pssSpec.getTrailerField())); + + return pssP.getEncoded("DER"); + } + + protected byte[] engineGetEncoded( + String format) + throws IOException + { + if (format.equalsIgnoreCase("X.509") + || format.equalsIgnoreCase("ASN.1")) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == PSSParameterSpec.class && currentSpec != null) + { + return currentSpec; + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof PSSParameterSpec)) + { + throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object"); + } + + this.currentSpec = (PSSParameterSpec)paramSpec; + } + + protected void engineInit( + byte[] params) + throws IOException + { + try + { + RSASSAPSSparams pssP = RSASSAPSSparams.getInstance(params); + + currentSpec = new PSSParameterSpec( + pssP.getHashAlgorithm().getAlgorithm().getId(), + pssP.getMaskGenAlgorithm().getAlgorithm().getId(), + new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), + pssP.getSaltLength().intValue(), + pssP.getTrailerField().intValue()); + } + catch (ClassCastException e) + { + throw new IOException("Not a valid PSS Parameter encoding."); + } + catch (ArrayIndexOutOfBoundsException e) + { + throw new IOException("Not a valid PSS Parameter encoding."); + } + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) + { + engineInit(params); + } + else + { + throw new IOException("Unknown parameter format " + format); + } + } + + protected String engineToString() + { + return "PSS Parameters"; + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java new file mode 100644 index 0000000..b0aa66e --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java @@ -0,0 +1,243 @@ +package org.bouncycastle.jcajce.provider.asymmetric.rsa; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.spec.RSAPrivateCrtKeySpec; + +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.pkcs.RSAPrivateKey; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; + +/** + * A provider representation for a RSA private key, with CRT factors included. + */ +public class BCRSAPrivateCrtKey + extends BCRSAPrivateKey + implements RSAPrivateCrtKey +{ + static final long serialVersionUID = 7834723820638524718L; + + private BigInteger publicExponent; + private BigInteger primeP; + private BigInteger primeQ; + private BigInteger primeExponentP; + private BigInteger primeExponentQ; + private BigInteger crtCoefficient; + + /** + * construct a private key from it's org.bouncycastle.crypto equivalent. + * + * @param key the parameters object representing the private key. + */ + BCRSAPrivateCrtKey( + RSAPrivateCrtKeyParameters key) + { + super(key); + + this.publicExponent = key.getPublicExponent(); + this.primeP = key.getP(); + this.primeQ = key.getQ(); + this.primeExponentP = key.getDP(); + this.primeExponentQ = key.getDQ(); + this.crtCoefficient = key.getQInv(); + } + + /** + * construct a private key from an RSAPrivateCrtKeySpec + * + * @param spec the spec to be used in construction. + */ + BCRSAPrivateCrtKey( + RSAPrivateCrtKeySpec spec) + { + this.modulus = spec.getModulus(); + this.publicExponent = spec.getPublicExponent(); + this.privateExponent = spec.getPrivateExponent(); + this.primeP = spec.getPrimeP(); + this.primeQ = spec.getPrimeQ(); + this.primeExponentP = spec.getPrimeExponentP(); + this.primeExponentQ = spec.getPrimeExponentQ(); + this.crtCoefficient = spec.getCrtCoefficient(); + } + + /** + * construct a private key from another RSAPrivateCrtKey. + * + * @param key the object implementing the RSAPrivateCrtKey interface. + */ + BCRSAPrivateCrtKey( + RSAPrivateCrtKey key) + { + this.modulus = key.getModulus(); + this.publicExponent = key.getPublicExponent(); + this.privateExponent = key.getPrivateExponent(); + this.primeP = key.getPrimeP(); + this.primeQ = key.getPrimeQ(); + this.primeExponentP = key.getPrimeExponentP(); + this.primeExponentQ = key.getPrimeExponentQ(); + this.crtCoefficient = key.getCrtCoefficient(); + } + + /** + * construct an RSA key from a private key info object. + */ + BCRSAPrivateCrtKey( + PrivateKeyInfo info) + throws IOException + { + this(RSAPrivateKey.getInstance(info.parsePrivateKey())); + } + + /** + * construct an RSA key from a ASN.1 RSA private key object. + */ + BCRSAPrivateCrtKey( + RSAPrivateKey key) + { + this.modulus = key.getModulus(); + this.publicExponent = key.getPublicExponent(); + this.privateExponent = key.getPrivateExponent(); + this.primeP = key.getPrime1(); + this.primeQ = key.getPrime2(); + this.primeExponentP = key.getExponent1(); + this.primeExponentQ = key.getExponent2(); + this.crtCoefficient = key.getCoefficient(); + } + + /** + * return the encoding format we produce in getEncoded(). + * + * @return the encoding format we produce in getEncoded(). + */ + public String getFormat() + { + return "PKCS#8"; + } + + /** + * Return a PKCS8 representation of the key. The sequence returned + * represents a full PrivateKeyInfo object. + * + * @return a PKCS8 representation of the key. + */ + public byte[] getEncoded() + { + // BEGIN android-changed + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // END android-changed + } + + /** + * return the public exponent. + * + * @return the public exponent. + */ + public BigInteger getPublicExponent() + { + return publicExponent; + } + + /** + * return the prime P. + * + * @return the prime P. + */ + public BigInteger getPrimeP() + { + return primeP; + } + + /** + * return the prime Q. + * + * @return the prime Q. + */ + public BigInteger getPrimeQ() + { + return primeQ; + } + + /** + * return the prime exponent for P. + * + * @return the prime exponent for P. + */ + public BigInteger getPrimeExponentP() + { + return primeExponentP; + } + + /** + * return the prime exponent for Q. + * + * @return the prime exponent for Q. + */ + public BigInteger getPrimeExponentQ() + { + return primeExponentQ; + } + + /** + * return the CRT coefficient. + * + * @return the CRT coefficient. + */ + public BigInteger getCrtCoefficient() + { + return crtCoefficient; + } + + public int hashCode() + { + return this.getModulus().hashCode() + ^ this.getPublicExponent().hashCode() + ^ this.getPrivateExponent().hashCode(); + } + + public boolean equals(Object o) + { + if (o == this) + { + return true; + } + + if (!(o instanceof RSAPrivateCrtKey)) + { + return false; + } + + RSAPrivateCrtKey key = (RSAPrivateCrtKey)o; + + return this.getModulus().equals(key.getModulus()) + && this.getPublicExponent().equals(key.getPublicExponent()) + && this.getPrivateExponent().equals(key.getPrivateExponent()) + && this.getPrimeP().equals(key.getPrimeP()) + && this.getPrimeQ().equals(key.getPrimeQ()) + && this.getPrimeExponentP().equals(key.getPrimeExponentP()) + && this.getPrimeExponentQ().equals(key.getPrimeExponentQ()) + && this.getCrtCoefficient().equals(key.getCrtCoefficient()); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append("RSA Private CRT Key").append(nl); + buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); + buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); + buf.append(" private exponent: ").append(this.getPrivateExponent().toString(16)).append(nl); + buf.append(" primeP: ").append(this.getPrimeP().toString(16)).append(nl); + buf.append(" primeQ: ").append(this.getPrimeQ().toString(16)).append(nl); + buf.append(" primeExponentP: ").append(this.getPrimeExponentP().toString(16)).append(nl); + buf.append(" primeExponentQ: ").append(this.getPrimeExponentQ().toString(16)).append(nl); + buf.append(" crtCoefficient: ").append(this.getCrtCoefficient().toString(16)).append(nl); + + return buf.toString(); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java new file mode 100644 index 0000000..6643f13 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java @@ -0,0 +1,142 @@ +package org.bouncycastle.jcajce.provider.asymmetric.rsa; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.math.BigInteger; +import java.security.interfaces.RSAPrivateKey; +import java.security.spec.RSAPrivateKeySpec; +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; + +public class BCRSAPrivateKey + implements RSAPrivateKey, PKCS12BagAttributeCarrier +{ + static final long serialVersionUID = 5110188922551353628L; + + private static BigInteger ZERO = BigInteger.valueOf(0); + + protected BigInteger modulus; + protected BigInteger privateExponent; + + private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + protected BCRSAPrivateKey() + { + } + + BCRSAPrivateKey( + RSAKeyParameters key) + { + this.modulus = key.getModulus(); + this.privateExponent = key.getExponent(); + } + + BCRSAPrivateKey( + RSAPrivateKeySpec spec) + { + this.modulus = spec.getModulus(); + this.privateExponent = spec.getPrivateExponent(); + } + + BCRSAPrivateKey( + RSAPrivateKey key) + { + this.modulus = key.getModulus(); + this.privateExponent = key.getPrivateExponent(); + } + + public BigInteger getModulus() + { + return modulus; + } + + public BigInteger getPrivateExponent() + { + return privateExponent; + } + + public String getAlgorithm() + { + return "RSA"; + } + + public String getFormat() + { + return "PKCS#8"; + } + + public byte[] getEncoded() + { + // BEGIN android-changed + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // END android-changed + } + + public boolean equals(Object o) + { + if (!(o instanceof RSAPrivateKey)) + { + return false; + } + + if (o == this) + { + return true; + } + + RSAPrivateKey key = (RSAPrivateKey)o; + + return getModulus().equals(key.getModulus()) + && getPrivateExponent().equals(key.getPrivateExponent()); + } + + public int hashCode() + { + return getModulus().hashCode() ^ getPrivateExponent().hashCode(); + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + DERObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java new file mode 100644 index 0000000..e57da4a --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java @@ -0,0 +1,131 @@ +package org.bouncycastle.jcajce.provider.asymmetric.rsa; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.RSAPublicKeySpec; + +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; + +public class BCRSAPublicKey + implements RSAPublicKey +{ + static final long serialVersionUID = 2675817738516720772L; + + private BigInteger modulus; + private BigInteger publicExponent; + + BCRSAPublicKey( + RSAKeyParameters key) + { + this.modulus = key.getModulus(); + this.publicExponent = key.getExponent(); + } + + BCRSAPublicKey( + RSAPublicKeySpec spec) + { + this.modulus = spec.getModulus(); + this.publicExponent = spec.getPublicExponent(); + } + + BCRSAPublicKey( + RSAPublicKey key) + { + this.modulus = key.getModulus(); + this.publicExponent = key.getPublicExponent(); + } + + BCRSAPublicKey( + SubjectPublicKeyInfo info) + { + try + { + org.bouncycastle.asn1.pkcs.RSAPublicKey pubKey = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(info.parsePublicKey()); + + this.modulus = pubKey.getModulus(); + this.publicExponent = pubKey.getPublicExponent(); + } + catch (IOException e) + { + throw new IllegalArgumentException("invalid info structure in RSA public key"); + } + } + + /** + * return the modulus. + * + * @return the modulus. + */ + public BigInteger getModulus() + { + return modulus; + } + + /** + * return the public exponent. + * + * @return the public exponent. + */ + public BigInteger getPublicExponent() + { + return publicExponent; + } + + public String getAlgorithm() + { + return "RSA"; + } + + public String getFormat() + { + return "X.509"; + } + + public byte[] getEncoded() + { + // BEGIN android-changed + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); + // END android-changed + } + + public int hashCode() + { + return this.getModulus().hashCode() ^ this.getPublicExponent().hashCode(); + } + + public boolean equals(Object o) + { + if (o == this) + { + return true; + } + + if (!(o instanceof RSAPublicKey)) + { + return false; + } + + RSAPublicKey key = (RSAPublicKey)o; + + return getModulus().equals(key.getModulus()) + && getPublicExponent().equals(key.getPublicExponent()); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append("RSA Public Key").append(nl); + buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); + buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); + + return buf.toString(); + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java index 50a0e41..1f53f5a 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.rsa; import java.io.ByteArrayOutputStream; import java.security.AlgorithmParameters; @@ -26,30 +26,36 @@ import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; +// BEGIN android-removed +// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; +// END android-removed import org.bouncycastle.crypto.encodings.OAEPEncoding; import org.bouncycastle.crypto.encodings.PKCS1Encoding; import org.bouncycastle.crypto.engines.RSABlindedEngine; import org.bouncycastle.crypto.params.ParametersWithRandom; +import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi; +import org.bouncycastle.jcajce.provider.util.DigestFactory; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.Strings; -public class JCERSACipher extends WrapCipherSpi +public class CipherSpi + extends BaseCipherSpi { - private AsymmetricBlockCipher cipher; - private AlgorithmParameterSpec paramSpec; - private AlgorithmParameters engineParams; + private AsymmetricBlockCipher cipher; + private AlgorithmParameterSpec paramSpec; + private AlgorithmParameters engineParams; private boolean publicKeyOnly = false; private boolean privateKeyOnly = false; - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - public JCERSACipher( - AsymmetricBlockCipher engine) + public CipherSpi( + AsymmetricBlockCipher engine) { cipher = engine; } - public JCERSACipher( - OAEPParameterSpec pSpec) + public CipherSpi( + OAEPParameterSpec pSpec) { try { @@ -61,10 +67,10 @@ public class JCERSACipher extends WrapCipherSpi } } - public JCERSACipher( - boolean publicKeyOnly, - boolean privateKeyOnly, - AsymmetricBlockCipher engine) + public CipherSpi( + boolean publicKeyOnly, + boolean privateKeyOnly, + AsymmetricBlockCipher engine) { this.publicKeyOnly = publicKeyOnly; this.privateKeyOnly = privateKeyOnly; @@ -72,11 +78,11 @@ public class JCERSACipher extends WrapCipherSpi } private void initFromSpec( - OAEPParameterSpec pSpec) + OAEPParameterSpec pSpec) throws NoSuchPaddingException { - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)pSpec.getMGFParameters(); - Digest digest = JCEDigestUtil.getDigest(mgfParams.getDigestAlgorithm()); + MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)pSpec.getMGFParameters(); + Digest digest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); if (digest == null) { @@ -99,23 +105,18 @@ public class JCERSACipher extends WrapCipherSpi } } - protected byte[] engineGetIV() - { - return null; - } - protected int engineGetKeySize( - Key key) + Key key) { if (key instanceof RSAPrivateKey) { - RSAPrivateKey k = (RSAPrivateKey)key; + RSAPrivateKey k = (RSAPrivateKey)key; return k.getModulus().bitLength(); } else if (key instanceof RSAPublicKey) { - RSAPublicKey k = (RSAPublicKey)key; + RSAPublicKey k = (RSAPublicKey)key; return k.getModulus().bitLength(); } @@ -136,7 +137,7 @@ public class JCERSACipher extends WrapCipherSpi } } - protected AlgorithmParameters engineGetParameters() + protected AlgorithmParameters engineGetParameters() { if (engineParams == null) { @@ -158,7 +159,7 @@ public class JCERSACipher extends WrapCipherSpi } protected void engineSetMode( - String mode) + String mode) throws NoSuchAlgorithmException { String md = Strings.toUpperCase(mode); @@ -185,7 +186,7 @@ public class JCERSACipher extends WrapCipherSpi } protected void engineSetPadding( - String padding) + String padding) throws NoSuchPaddingException { String pad = Strings.toUpperCase(padding); @@ -198,10 +199,12 @@ public class JCERSACipher extends WrapCipherSpi { cipher = new PKCS1Encoding(new RSABlindedEngine()); } - else if (pad.equals("ISO9796-1PADDING")) - { - cipher = new ISO9796d1Encoding(new RSABlindedEngine()); - } + // BEGIN android-removed + // else if (pad.equals("ISO9796-1PADDING")) + // { + // cipher = new ISO9796d1Encoding(new RSABlindedEngine()); + // } + // END android-removed else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) { initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); @@ -214,10 +217,12 @@ public class JCERSACipher extends WrapCipherSpi { initFromSpec(OAEPParameterSpec.DEFAULT); } - else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); - } + // BEGIN android-removed + // else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) + // { + // initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); + // } + // END android-removed else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-256ANDMGF1PADDING")) { initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); @@ -238,18 +243,18 @@ public class JCERSACipher extends WrapCipherSpi protected void engineInit( int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) + Key key, + AlgorithmParameterSpec params, + SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { - CipherParameters param; + CipherParameters param; if (params == null || params instanceof OAEPParameterSpec) { if (key instanceof RSAPublicKey) { - if (privateKeyOnly) + if (privateKeyOnly && opmode == Cipher.ENCRYPT_MODE) { throw new InvalidKeyException( "mode 1 requires RSAPrivateKey"); @@ -259,7 +264,7 @@ public class JCERSACipher extends WrapCipherSpi } else if (key instanceof RSAPrivateKey) { - if (publicKeyOnly) + if (publicKeyOnly && opmode == Cipher.ENCRYPT_MODE) { throw new InvalidKeyException( "mode 2 requires RSAPublicKey"); @@ -274,7 +279,7 @@ public class JCERSACipher extends WrapCipherSpi if (params != null) { - OAEPParameterSpec spec = (OAEPParameterSpec)params; + OAEPParameterSpec spec = (OAEPParameterSpec)params; paramSpec = params; @@ -288,7 +293,7 @@ public class JCERSACipher extends WrapCipherSpi throw new InvalidAlgorithmParameterException("unkown MGF parameters"); } - Digest digest = JCEDigestUtil.getDigest(spec.getDigestAlgorithm()); + Digest digest = DigestFactory.getDigest(spec.getDigestAlgorithm()); if (digest == null) { @@ -296,7 +301,7 @@ public class JCERSACipher extends WrapCipherSpi } MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)spec.getMGFParameters(); - Digest mgfDigest = JCEDigestUtil.getDigest(mgfParams.getDigestAlgorithm()); + Digest mgfDigest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); if (mgfDigest == null) { @@ -340,12 +345,12 @@ public class JCERSACipher extends WrapCipherSpi protected void engineInit( int opmode, - Key key, + Key key, AlgorithmParameters params, - SecureRandom random) + SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { - AlgorithmParameterSpec paramSpec = null; + AlgorithmParameterSpec paramSpec = null; if (params != null) { @@ -365,8 +370,8 @@ public class JCERSACipher extends WrapCipherSpi protected void engineInit( int opmode, - Key key, - SecureRandom random) + Key key, + SecureRandom random) throws InvalidKeyException { try @@ -376,7 +381,7 @@ public class JCERSACipher extends WrapCipherSpi catch (InvalidAlgorithmParameterException e) { // this shouldn't happen - throw new RuntimeException("Eeeek! " + e.toString(), e); + throw new InvalidKeyException("Eeeek! " + e.toString(), e); } } @@ -527,7 +532,7 @@ public class JCERSACipher extends WrapCipherSpi */ static public class NoPadding - extends JCERSACipher + extends CipherSpi { public NoPadding() { @@ -537,7 +542,7 @@ public class JCERSACipher extends WrapCipherSpi // BEGIN android-removed // static public class PKCS1v1_5Padding - // extends JCERSACipher + // extends CipherSpi // { // public PKCS1v1_5Padding() // { @@ -546,7 +551,7 @@ public class JCERSACipher extends WrapCipherSpi // } // // static public class PKCS1v1_5Padding_PrivateOnly - // extends JCERSACipher + // extends CipherSpi // { // public PKCS1v1_5Padding_PrivateOnly() // { @@ -555,7 +560,7 @@ public class JCERSACipher extends WrapCipherSpi // } // // static public class PKCS1v1_5Padding_PublicOnly - // extends JCERSACipher + // extends CipherSpi // { // public PKCS1v1_5Padding_PublicOnly() // { @@ -564,7 +569,7 @@ public class JCERSACipher extends WrapCipherSpi // } // // static public class OAEPPadding - // extends JCERSACipher + // extends CipherSpi // { // public OAEPPadding() // { @@ -573,7 +578,7 @@ public class JCERSACipher extends WrapCipherSpi // } // // static public class ISO9796d1Padding - // extends JCERSACipher + // extends CipherSpi // { // public ISO9796d1Padding() // { diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java index badeac1..96bd2d3 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.rsa; import java.io.IOException; import java.security.AlgorithmParameters; @@ -11,50 +11,51 @@ import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.AlgorithmParameterSpec; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; // BEGIN android-removed // import org.bouncycastle.crypto.digests.MD2Digest; // import org.bouncycastle.crypto.digests.MD4Digest; -// END android-removed -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.NullDigest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.NullDigest; // import org.bouncycastle.crypto.digests.RIPEMD128Digest; // import org.bouncycastle.crypto.digests.RIPEMD160Digest; // import org.bouncycastle.crypto.digests.RIPEMD256Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; // import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; // END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added import org.bouncycastle.crypto.encodings.PKCS1Encoding; import org.bouncycastle.crypto.engines.RSABlindedEngine; -public class JDKDigestSignature +public class DigestSignatureSpi extends SignatureSpi { - private Digest digest; - private AsymmetricBlockCipher cipher; - private AlgorithmIdentifier algId; + private Digest digest; + private AsymmetricBlockCipher cipher; + private AlgorithmIdentifier algId; // care - this constructor is actually used by outside organisations - protected JDKDigestSignature( - Digest digest, - AsymmetricBlockCipher cipher) + protected DigestSignatureSpi( + Digest digest, + AsymmetricBlockCipher cipher) { this.digest = digest; this.cipher = cipher; @@ -62,10 +63,10 @@ public class JDKDigestSignature } // care - this constructor is actually used by outside organisations - protected JDKDigestSignature( - DERObjectIdentifier objId, - Digest digest, - AsymmetricBlockCipher cipher) + protected DigestSignatureSpi( + ASN1ObjectIdentifier objId, + Digest digest, + AsymmetricBlockCipher cipher) { this.digest = digest; this.cipher = cipher; @@ -73,7 +74,7 @@ public class JDKDigestSignature } protected void engineInitVerify( - PublicKey publicKey) + PublicKey publicKey) throws InvalidKeyException { if (!(publicKey instanceof RSAPublicKey)) @@ -81,14 +82,14 @@ public class JDKDigestSignature throw new InvalidKeyException("Supplied key (" + getType(publicKey) + ") is not a RSAPublicKey instance"); } - CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey); + CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey); digest.reset(); cipher.init(false, param); } protected void engineInitSign( - PrivateKey privateKey) + PrivateKey privateKey) throws InvalidKeyException { if (!(privateKey instanceof RSAPrivateKey)) @@ -96,7 +97,7 @@ public class JDKDigestSignature throw new InvalidKeyException("Supplied key (" + getType(privateKey) + ") is not a RSAPrivateKey instance"); } - CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey); + CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey); digest.reset(); @@ -227,8 +228,8 @@ public class JDKDigestSignature * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> */ protected void engineSetParameter( - String param, - Object value) + String param, + Object value) { throw new UnsupportedOperationException("engineSetParameter unsupported"); } @@ -237,7 +238,7 @@ public class JDKDigestSignature * @deprecated */ protected Object engineGetParameter( - String param) + String param) { return null; } @@ -257,117 +258,127 @@ public class JDKDigestSignature return hash; } - DigestInfo dInfo = new DigestInfo(algId, hash); + DigestInfo dInfo = new DigestInfo(algId, hash); - return dInfo.getEncoded(ASN1Encodable.DER); + return dInfo.getEncoded(ASN1Encoding.DER); } - static public class SHA1WithRSAEncryption - extends JDKDigestSignature + static public class SHA1 + extends DigestSignatureSpi { - public SHA1WithRSAEncryption() + public SHA1() { - super(X509ObjectIdentifiers.id_SHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(OIWObjectIdentifiers.idSHA1, new OpenSSLDigest.SHA1(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } // BEGIN android-removed - // static public class SHA224WithRSAEncryption - // extends JDKDigestSignature + // static public class SHA224 + // extends DigestSignatureSpi // { - // public SHA224WithRSAEncryption() + // public SHA224() // { // super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); // } // } // END android-removed - static public class SHA256WithRSAEncryption - extends JDKDigestSignature + static public class SHA256 + extends DigestSignatureSpi { - public SHA256WithRSAEncryption() + public SHA256() { - super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(NISTObjectIdentifiers.id_sha256, new OpenSSLDigest.SHA256(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } - static public class SHA384WithRSAEncryption - extends JDKDigestSignature + static public class SHA384 + extends DigestSignatureSpi { - public SHA384WithRSAEncryption() + public SHA384() { - super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(NISTObjectIdentifiers.id_sha384, new OpenSSLDigest.SHA384(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } - static public class SHA512WithRSAEncryption - extends JDKDigestSignature + static public class SHA512 + extends DigestSignatureSpi { - public SHA512WithRSAEncryption() + public SHA512() { - super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(NISTObjectIdentifiers.id_sha512, new OpenSSLDigest.SHA512(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } // BEGIN android-removed - // static public class MD2WithRSAEncryption - // extends JDKDigestSignature + // static public class MD2 + // extends DigestSignatureSpi // { - // public MD2WithRSAEncryption() + // public MD2() // { // super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); // } // } // - // static public class MD4WithRSAEncryption - // extends JDKDigestSignature + // static public class MD4 + // extends DigestSignatureSpi // { - // public MD4WithRSAEncryption() + // public MD4() // { // super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); // } // } // END android-removed - static public class MD5WithRSAEncryption - extends JDKDigestSignature + static public class MD5 + extends DigestSignatureSpi { - public MD5WithRSAEncryption() + public MD5() { - super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(PKCSObjectIdentifiers.md5, new OpenSSLDigest.MD5(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } // BEGIN android-removed - // static public class RIPEMD160WithRSAEncryption - // extends JDKDigestSignature + // static public class RIPEMD160 + // extends DigestSignatureSpi // { - // public RIPEMD160WithRSAEncryption() + // public RIPEMD160() // { // super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); // } // } // - // static public class RIPEMD128WithRSAEncryption - // extends JDKDigestSignature + // static public class RIPEMD128 + // extends DigestSignatureSpi // { - // public RIPEMD128WithRSAEncryption() + // public RIPEMD128() // { // super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); // } // } // - // static public class RIPEMD256WithRSAEncryption - // extends JDKDigestSignature + // static public class RIPEMD256 + // extends DigestSignatureSpi // { - // public RIPEMD256WithRSAEncryption() + // public RIPEMD256() // { // super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); // } // } // // static public class noneRSA - // extends JDKDigestSignature + // extends DigestSignatureSpi // { // public noneRSA() // { diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java new file mode 100644 index 0000000..d8eb539 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java @@ -0,0 +1,162 @@ +package org.bouncycastle.jcajce.provider.asymmetric.rsa; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPrivateKeySpec; +import java.security.spec.RSAPublicKeySpec; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.pkcs.RSAPrivateKey; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; +import org.bouncycastle.jcajce.provider.asymmetric.util.ExtendedInvalidKeySpecException; + +public class KeyFactorySpi + extends BaseKeyFactorySpi +{ + public KeyFactorySpi() + { + } + + protected KeySpec engineGetKeySpec( + Key key, + Class spec) + throws InvalidKeySpecException + { + if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey) + { + RSAPublicKey k = (RSAPublicKey)key; + + return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent()); + } + else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof java.security.interfaces.RSAPrivateKey) + { + java.security.interfaces.RSAPrivateKey k = (java.security.interfaces.RSAPrivateKey)key; + + return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent()); + } + else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey) + { + RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; + + return new RSAPrivateCrtKeySpec( + k.getModulus(), k.getPublicExponent(), + k.getPrivateExponent(), + k.getPrimeP(), k.getPrimeQ(), + k.getPrimeExponentP(), k.getPrimeExponentQ(), + k.getCrtCoefficient()); + } + + return super.engineGetKeySpec(key, spec); + } + + protected Key engineTranslateKey( + Key key) + throws InvalidKeyException + { + if (key instanceof RSAPublicKey) + { + return new BCRSAPublicKey((RSAPublicKey)key); + } + else if (key instanceof RSAPrivateCrtKey) + { + return new BCRSAPrivateCrtKey((RSAPrivateCrtKey)key); + } + else if (key instanceof java.security.interfaces.RSAPrivateKey) + { + return new BCRSAPrivateKey((java.security.interfaces.RSAPrivateKey)key); + } + + throw new InvalidKeyException("key type unknown"); + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + // + // in case it's just a RSAPrivateKey object... -- openSSL produces these + // + try + { + return new BCRSAPrivateCrtKey( + RSAPrivateKey.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception ex) + { + throw new ExtendedInvalidKeySpecException("unable to process key spec: " + e.toString(), e); + } + } + } + else if (keySpec instanceof RSAPrivateCrtKeySpec) + { + return new BCRSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec); + } + else if (keySpec instanceof RSAPrivateKeySpec) + { + return new BCRSAPrivateKey((RSAPrivateKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof RSAPublicKeySpec) + { + return new BCRSAPublicKey((RSAPublicKeySpec)keySpec); + } + + return super.engineGeneratePublic(keySpec); + } + + public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); + + if (RSAUtil.isRsaOid(algOid)) + { + return new BCRSAPrivateCrtKey(keyInfo); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } + + public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) + throws IOException + { + ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); + + if (RSAUtil.isRsaOid(algOid)) + { + return new BCRSAPublicKey(keyInfo); + } + else + { + throw new IOException("algorithm identifier " + algOid + " in key not recognised"); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java new file mode 100644 index 0000000..c61e7cb --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java @@ -0,0 +1,78 @@ +package org.bouncycastle.jcajce.provider.asymmetric.rsa; + +import java.math.BigInteger; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPair; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.RSAKeyGenParameterSpec; + +import org.bouncycastle.crypto.AsymmetricCipherKeyPair; +import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; +import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; + +public class KeyPairGeneratorSpi + extends java.security.KeyPairGenerator +{ + public KeyPairGeneratorSpi( + String algorithmName) + { + super(algorithmName); + } + + final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001); + final static int defaultTests = 12; + + RSAKeyGenerationParameters param; + RSAKeyPairGenerator engine; + + public KeyPairGeneratorSpi() + { + super("RSA"); + + engine = new RSAKeyPairGenerator(); + param = new RSAKeyGenerationParameters(defaultPublicExponent, + new SecureRandom(), 2048, defaultTests); + engine.init(param); + } + + public void initialize( + int strength, + SecureRandom random) + { + param = new RSAKeyGenerationParameters(defaultPublicExponent, + random, strength, defaultTests); + + engine.init(param); + } + + public void initialize( + AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + if (!(params instanceof RSAKeyGenParameterSpec)) + { + throw new InvalidAlgorithmParameterException("parameter object not a RSAKeyGenParameterSpec"); + } + RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec)params; + + param = new RSAKeyGenerationParameters( + rsaParams.getPublicExponent(), + random, rsaParams.getKeysize(), defaultTests); + + engine.init(param); + } + + public KeyPair generateKeyPair() + { + AsymmetricCipherKeyPair pair = engine.generateKeyPair(); + RSAKeyParameters pub = (RSAKeyParameters)pair.getPublic(); + RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters)pair.getPrivate(); + + return new KeyPair(new BCRSAPublicKey(pub), + new BCRSAPrivateCrtKey(priv)); + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.java index 0d99117..4943a99 100644 --- a/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.java @@ -1,10 +1,10 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.rsa; import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.crypto.params.RSAKeyParameters; @@ -14,38 +14,51 @@ import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; * utility class for converting java.security RSA objects into their * org.bouncycastle.crypto counterparts. */ -class RSAUtil +public class RSAUtil { - static boolean isRsaOid( - DERObjectIdentifier algOid) + public static final ASN1ObjectIdentifier[] rsaOids = { - return algOid.equals(PKCSObjectIdentifiers.rsaEncryption) - || algOid.equals(X509ObjectIdentifiers.id_ea_rsa) - || algOid.equals(PKCSObjectIdentifiers.id_RSASSA_PSS) - || algOid.equals(PKCSObjectIdentifiers.id_RSAES_OAEP); + PKCSObjectIdentifiers.rsaEncryption, + X509ObjectIdentifiers.id_ea_rsa, + PKCSObjectIdentifiers.id_RSAES_OAEP, + PKCSObjectIdentifiers.id_RSASSA_PSS + }; + + public static boolean isRsaOid( + ASN1ObjectIdentifier algOid) + { + for (int i = 0; i != rsaOids.length; i++) + { + if (algOid.equals(rsaOids[i])) + { + return true; + } + } + + return false; } - + static RSAKeyParameters generatePublicKeyParameter( - RSAPublicKey key) + RSAPublicKey key) { return new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); } static RSAKeyParameters generatePrivateKeyParameter( - RSAPrivateKey key) + RSAPrivateKey key) { if (key instanceof RSAPrivateCrtKey) { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; + RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; return new RSAPrivateCrtKeyParameters(k.getModulus(), k.getPublicExponent(), k.getPrivateExponent(), - k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient()); + k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient()); } else { - RSAPrivateKey k = key; + RSAPrivateKey k = key; return new RSAKeyParameters(true, k.getModulus(), k.getPrivateExponent()); } diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java new file mode 100644 index 0000000..fabad43 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java @@ -0,0 +1,220 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import java.security.AlgorithmParameters; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.CipherSpi; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed +import javax.crypto.spec.SecretKeySpec; + +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.crypto.InvalidCipherTextException; +import org.bouncycastle.crypto.Wrapper; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public abstract class BaseCipherSpi + extends CipherSpi +{ + // + // specs we can handle. + // + private Class[] availableSpecs = + { + IvParameterSpec.class, + PBEParameterSpec.class, + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class + // END android-removed + }; + + + protected AlgorithmParameters engineParams = null; + + protected Wrapper wrapEngine = null; + + private int ivSize; + private byte[] iv; + + protected BaseCipherSpi() + { + } + + protected int engineGetBlockSize() + { + return 0; + } + + protected byte[] engineGetIV() + { + return null; + } + + protected int engineGetKeySize( + Key key) + { + return key.getEncoded().length; + } + + protected int engineGetOutputSize( + int inputLen) + { + return -1; + } + + protected AlgorithmParameters engineGetParameters() + { + return null; + } + + protected void engineSetMode( + String mode) + throws NoSuchAlgorithmException + { + throw new NoSuchAlgorithmException("can't support mode " + mode); + } + + protected void engineSetPadding( + String padding) + throws NoSuchPaddingException + { + throw new NoSuchPaddingException("Padding " + padding + " unknown."); + } + + protected byte[] engineWrap( + Key key) + throws IllegalBlockSizeException, InvalidKeyException + { + byte[] encoded = key.getEncoded(); + if (encoded == null) + { + throw new InvalidKeyException("Cannot wrap key, null encoding."); + } + + try + { + if (wrapEngine == null) + { + return engineDoFinal(encoded, 0, encoded.length); + } + else + { + return wrapEngine.wrap(encoded, 0, encoded.length); + } + } + catch (BadPaddingException e) + { + throw new IllegalBlockSizeException(e.getMessage()); + } + } + + protected Key engineUnwrap( + byte[] wrappedKey, + String wrappedKeyAlgorithm, + int wrappedKeyType) + throws InvalidKeyException + { + byte[] encoded; + try + { + if (wrapEngine == null) + { + encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); + } + else + { + encoded = wrapEngine.unwrap(wrappedKey, 0, wrappedKey.length); + } + } + catch (InvalidCipherTextException e) + { + throw new InvalidKeyException(e.getMessage()); + } + catch (BadPaddingException e) + { + throw new InvalidKeyException(e.getMessage()); + } + catch (IllegalBlockSizeException e2) + { + throw new InvalidKeyException(e2.getMessage()); + } + + if (wrappedKeyType == Cipher.SECRET_KEY) + { + return new SecretKeySpec(encoded, wrappedKeyAlgorithm); + } + else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) + { + /* + * The caller doesn't know the algorithm as it is part of + * the encrypted data. + */ + try + { + PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); + + PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); + + if (privKey != null) + { + return privKey; + } + else + { + throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); + } + } + catch (Exception e) + { + throw new InvalidKeyException("Invalid key encoding."); + } + } + else + { + try + { + KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); + + if (wrappedKeyType == Cipher.PUBLIC_KEY) + { + return kf.generatePublic(new X509EncodedKeySpec(encoded)); + } + else if (wrappedKeyType == Cipher.PRIVATE_KEY) + { + return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); + } + } + catch (NoSuchProviderException e) + { + throw new InvalidKeyException("Unknown key type " + e.getMessage()); + } + catch (NoSuchAlgorithmException e) + { + throw new InvalidKeyException("Unknown key type " + e.getMessage()); + } + catch (InvalidKeySpecException e2) + { + throw new InvalidKeyException("Unknown key type " + e2.getMessage()); + } + + throw new InvalidKeyException("Unknown key type " + wrappedKeyType); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java new file mode 100644 index 0000000..e83e0ff --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java @@ -0,0 +1,78 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import java.io.IOException; +import java.security.Key; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; + +public abstract class BaseKeyFactorySpi + extends java.security.KeyFactorySpi + implements AsymmetricKeyInfoConverter +{ + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (IOException e) + { + throw new InvalidKeySpecException("encoded key spec not recognised"); + } + } + else + { + throw new InvalidKeySpecException("key spec not recognised"); + } + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof X509EncodedKeySpec) + { + try + { + return generatePublic(SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec)keySpec).getEncoded())); + } + catch (IOException e) + { + throw new InvalidKeySpecException("encoded key spec not recognised"); + } + } + else + { + throw new InvalidKeySpecException("key spec not recognised"); + } + } + + protected KeySpec engineGetKeySpec( + Key key, + Class spec) + throws InvalidKeySpecException + { + if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) + { + return new PKCS8EncodedKeySpec(key.getEncoded()); + } + else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) + { + return new X509EncodedKeySpec(key.getEncoded()); + } + + throw new InvalidKeySpecException("not implemented yet " + key + " " + spec); + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/DSABase.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.java index b30c11e..463de89 100644 --- a/src/main/java/org/bouncycastle/jce/provider/DSABase.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.java @@ -1,10 +1,8 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.math.BigInteger; import java.security.SignatureException; import java.security.SignatureSpi; -import java.security.PrivateKey; -import java.security.InvalidKeyException; import java.security.spec.AlgorithmParameterSpec; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -16,7 +14,7 @@ public abstract class DSABase extends SignatureSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers { - protected Digest digest; + protected Digest digest; protected DSA signer; protected DSAEncoder encoder; @@ -30,13 +28,6 @@ public abstract class DSABase this.encoder = encoder; } - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - engineInitSign(privateKey, null); - } - protected void engineUpdate( byte b) throws SignatureException diff --git a/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.java index e0dc92b..4ea0ff9 100644 --- a/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.java @@ -1,7 +1,7 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.util; -import java.math.BigInteger; import java.io.IOException; +import java.math.BigInteger; public interface DSAEncoder { diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.java new file mode 100644 index 0000000..7945639 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.java @@ -0,0 +1,21 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import java.security.spec.InvalidKeySpecException; + +public class ExtendedInvalidKeySpecException + extends InvalidKeySpecException +{ + private Throwable cause; + + public ExtendedInvalidKeySpecException(String msg, Throwable cause) + { + super(msg); + + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.java new file mode 100644 index 0000000..4dff91a --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.java @@ -0,0 +1,72 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + +public class KeyUtil +{ + public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, ASN1Encodable keyData) + { + try + { + return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); + } + catch (Exception e) + { + return null; + } + } + + public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, byte[] keyData) + { + try + { + return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); + } + catch (Exception e) + { + return null; + } + } + + public static byte[] getEncodedSubjectPublicKeyInfo(SubjectPublicKeyInfo info) + { + try + { + return info.getEncoded(ASN1Encoding.DER); + } + catch (Exception e) + { + return null; + } + } + + public static byte[] getEncodedPrivateKeyInfo(AlgorithmIdentifier algId, ASN1Encodable privKey) + { + try + { + PrivateKeyInfo info = new PrivateKeyInfo(algId, privKey.toASN1Primitive()); + + return getEncodedPrivateKeyInfo(info); + } + catch (Exception e) + { + return null; + } + } + + public static byte[] getEncodedPrivateKeyInfo(PrivateKeyInfo info) + { + try + { + return info.getEncoded(ASN1Encoding.DER); + } + catch (Exception e) + { + return null; + } + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java index 984283f..06ccd66 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java @@ -1,20 +1,21 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.util; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1InputStream; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; -import java.io.ObjectOutputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -class PKCS12BagAttributeCarrierImpl +public class PKCS12BagAttributeCarrierImpl implements PKCS12BagAttributeCarrier { private Hashtable pkcs12Attributes; @@ -32,8 +33,8 @@ class PKCS12BagAttributeCarrierImpl } public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) { if (pkcs12Attributes.containsKey(oid)) { // preserve original ordering @@ -46,10 +47,10 @@ class PKCS12BagAttributeCarrierImpl } } - public DEREncodable getBagAttribute( + public ASN1Encodable getBagAttribute( DERObjectIdentifier oid) { - return (DEREncodable)pkcs12Attributes.get(oid); + return (ASN1Encodable)pkcs12Attributes.get(oid); } public Enumeration getBagAttributeKeys() @@ -92,7 +93,7 @@ class PKCS12BagAttributeCarrierImpl DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); aOut.writeObject(oid); - aOut.writeObject(pkcs12Attributes.get(oid)); + aOut.writeObject((ASN1Encodable)pkcs12Attributes.get(oid)); } out.writeObject(bOut.toByteArray()); @@ -113,9 +114,9 @@ class PKCS12BagAttributeCarrierImpl { ASN1InputStream aIn = new ASN1InputStream((byte[])obj); - DERObjectIdentifier oid; + ASN1ObjectIdentifier oid; - while ((oid = (DERObjectIdentifier)aIn.readObject()) != null) + while ((oid = (ASN1ObjectIdentifier)aIn.readObject()) != null) { this.setBagAttribute(oid, aIn.readObject()); } diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java index 45eab83..33f3db7 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java @@ -1,14 +1,4 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.X509CertificateStructure; +package org.bouncycastle.jcajce.provider.asymmetric.x509; import java.io.IOException; import java.io.InputStream; @@ -16,7 +6,6 @@ import java.io.PushbackInputStream; import java.security.cert.CRL; import java.security.cert.CRLException; import java.security.cert.CertPath; -import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactorySpi; import java.security.cert.CertificateParsingException; @@ -26,6 +15,18 @@ import java.util.Collection; import java.util.Iterator; import java.util.List; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.SignedData; +import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.X509CertificateStructure; +import org.bouncycastle.jce.provider.X509CRLObject; +import org.bouncycastle.jce.provider.X509CertificateObject; + /** * class for dealing with X509 certificates. * <p> @@ -33,33 +34,33 @@ import java.util.List; * base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7 * objects. */ -public class JDKX509CertificateFactory +public class CertificateFactory extends CertificateFactorySpi { private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE"); private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL"); - private ASN1Set sData = null; + private ASN1Set sData = null; private int sDataObjectCount = 0; - private InputStream currentStream = null; + private InputStream currentStream = null; - private ASN1Set sCrlData = null; + private ASN1Set sCrlData = null; private int sCrlDataObjectCount = 0; - private InputStream currentCrlStream = null; + private InputStream currentCrlStream = null; - private Certificate readDERCertificate( + private java.security.cert.Certificate readDERCertificate( ASN1InputStream dIn) throws IOException, CertificateParsingException { - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) + && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); + sData = SignedData.getInstance(ASN1Sequence.getInstance( + (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); return getCertificate(); } @@ -69,7 +70,7 @@ public class JDKX509CertificateFactory X509CertificateStructure.getInstance(seq)); } - private Certificate getCertificate() + private java.security.cert.Certificate getCertificate() throws CertificateParsingException { if (sData != null) @@ -89,8 +90,8 @@ public class JDKX509CertificateFactory return null; } - private Certificate readPEMCertificate( - InputStream in) + private java.security.cert.Certificate readPEMCertificate( + InputStream in) throws IOException, CertificateParsingException { ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in); @@ -111,7 +112,7 @@ public class JDKX509CertificateFactory } private CRL readPEMCRL( - InputStream in) + InputStream in) throws IOException, CRLException { ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in); @@ -126,18 +127,18 @@ public class JDKX509CertificateFactory } private CRL readDERCRL( - ASN1InputStream aIn) + ASN1InputStream aIn) throws IOException, CRLException { - ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); + ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) + && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) { - sCrlData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs(); + sCrlData = SignedData.getInstance(ASN1Sequence.getInstance( + (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs(); return getCRL(); } @@ -157,15 +158,15 @@ public class JDKX509CertificateFactory return createCRL( CertificateList.getInstance( - sCrlData.getObjectAt(sCrlDataObjectCount++))); + sCrlData.getObjectAt(sCrlDataObjectCount++))); } /** * Generates a certificate object and initializes it with the data * read from the input stream inStream. */ - public Certificate engineGenerateCertificate( - InputStream in) + public java.security.cert.Certificate engineGenerateCertificate( + InputStream in) throws CertificateException { if (currentStream == null) @@ -197,8 +198,6 @@ public class JDKX509CertificateFactory } } - int limit = ProviderUtil.getReadLimit(in); - PushbackInputStream pis = new PushbackInputStream(in); int tag = pis.read(); @@ -215,12 +214,12 @@ public class JDKX509CertificateFactory } else { - return readDERCertificate(new ASN1InputStream(pis, limit)); + return readDERCertificate(new ASN1InputStream(pis)); } } catch (Exception e) { - throw new CertificateException(e); + throw new ExCertificateException(e); } } @@ -229,11 +228,11 @@ public class JDKX509CertificateFactory * read from the given input stream inStream. */ public Collection engineGenerateCertificates( - InputStream inStream) + InputStream inStream) throws CertificateException { - Certificate cert; - List certs = new ArrayList(); + java.security.cert.Certificate cert; + List certs = new ArrayList(); while ((cert = engineGenerateCertificate(inStream)) != null) { @@ -248,7 +247,7 @@ public class JDKX509CertificateFactory * it with the data read from the input stream inStream. */ public CRL engineGenerateCRL( - InputStream inStream) + InputStream inStream) throws CRLException { if (currentCrlStream == null) @@ -280,8 +279,6 @@ public class JDKX509CertificateFactory } } - int limit = ProviderUtil.getReadLimit(inStream); - PushbackInputStream pis = new PushbackInputStream(inStream); int tag = pis.read(); @@ -298,7 +295,7 @@ public class JDKX509CertificateFactory } else { // lazy evaluate to help processing of large CRLs - return readDERCRL(new ASN1InputStream(pis, limit, true)); + return readDERCRL(new ASN1InputStream(pis, true)); } } catch (CRLException e) @@ -321,11 +318,11 @@ public class JDKX509CertificateFactory * and the contents are ignored. */ public Collection engineGenerateCRLs( - InputStream inStream) + InputStream inStream) throws CRLException { - CRL crl; - List crls = new ArrayList(); + CRL crl; + List crls = new ArrayList(); while ((crl = engineGenerateCRL(inStream)) != null) { @@ -337,7 +334,7 @@ public class JDKX509CertificateFactory public Iterator engineGetCertPathEncodings() { - return PKIXCertPath.certPathEncodings.iterator(); + return null; // TODO: PKIXCertPath.certPathEncodings.iterator(); } public CertPath engineGenerateCertPath( @@ -374,4 +371,27 @@ public class JDKX509CertificateFactory } return new PKIXCertPath(certificates); } + + private class ExCertificateException + extends CertificateException + { + private Throwable cause; + + public ExCertificateException(Throwable cause) + { + this.cause = cause; + } + + public ExCertificateException(String msg, Throwable cause) + { + super(msg); + + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } + } } diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.java new file mode 100644 index 0000000..a4c701d --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.java @@ -0,0 +1,95 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactorySpi; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public class KeyFactory + extends KeyFactorySpi +{ + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + PrivateKeyInfo info = PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded()); + PrivateKey key = BouncyCastleProvider.getPrivateKey(info); + + if (key != null) + { + return key; + } + + throw new InvalidKeySpecException("no factory found for OID: " + info.getPrivateKeyAlgorithm().getAlgorithm()); + } + catch (Exception e) + { + throw new InvalidKeySpecException(e.toString()); + } + } + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof X509EncodedKeySpec) + { + try + { + SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec)keySpec).getEncoded()); + PublicKey key = BouncyCastleProvider.getPublicKey(info); + + if (key != null) + { + return key; + } + + throw new InvalidKeySpecException("no factory found for OID: " + info.getAlgorithm().getAlgorithm()); + } + catch (Exception e) + { + throw new InvalidKeySpecException(e.toString()); + } + } + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } + + protected KeySpec engineGetKeySpec(Key key, Class keySpec) + throws InvalidKeySpecException + { + if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) + { + return new PKCS8EncodedKeySpec(key.getEncoded()); + } + else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) + { + return new X509EncodedKeySpec(key.getEncoded()); + } + + throw new InvalidKeySpecException("not implemented yet " + key + " " + keySpec); + } + + protected Key engineTranslateKey(Key key) + throws InvalidKeyException + { + throw new InvalidKeyException("not implemented yet " + key); + } +}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java new file mode 100644 index 0000000..8699c3c --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java @@ -0,0 +1,93 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.io.InputStream; + +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.util.encoders.Base64; + +public class PEMUtil +{ + private final String _header1; + private final String _header2; + private final String _footer1; + private final String _footer2; + + PEMUtil( + String type) + { + _header1 = "-----BEGIN " + type + "-----"; + _header2 = "-----BEGIN X509 " + type + "-----"; + _footer1 = "-----END " + type + "-----"; + _footer2 = "-----END X509 " + type + "-----"; + } + + private String readLine( + InputStream in) + throws IOException + { + int c; + StringBuffer l = new StringBuffer(); + + do + { + while (((c = in.read()) != '\r') && c != '\n' && (c >= 0)) + { + if (c == '\r') + { + continue; + } + + l.append((char)c); + } + } + while (c >= 0 && l.length() == 0); + + if (c < 0) + { + return null; + } + + return l.toString(); + } + + ASN1Sequence readPEMObject( + InputStream in) + throws IOException + { + String line; + StringBuffer pemBuf = new StringBuffer(); + + while ((line = readLine(in)) != null) + { + if (line.startsWith(_header1) || line.startsWith(_header2)) + { + break; + } + } + + while ((line = readLine(in)) != null) + { + if (line.startsWith(_footer1) || line.startsWith(_footer2)) + { + break; + } + + pemBuf.append(line); + } + + if (pemBuf.length() != 0) + { + try + { + return ASN1Sequence.getInstance(Base64.decode(pemBuf.toString())); + } + catch (Exception e) + { + throw new IOException("malformed PEM data encountered"); + } + } + + return null; + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java index af4b8ab..e13412d 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.asymmetric.x509; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; @@ -24,17 +24,20 @@ import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.pkcs.ContentInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.SignedData; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.util.io.pem.PemObject; // BEGIN android-removed -// import org.bouncycastle.openssl.PEMWriter; +// import org.bouncycastle.util.io.pem.PemWriter; // END android-removed /** @@ -68,7 +71,7 @@ public class PKIXCertPath return certs; } - X500Principal issuer = ((X509Certificate)certs.get(0)).getIssuerX500Principal(); + X500Principal issuer = ((X509Certificate)certs.get(0)).getIssuerX500Principal(); boolean okay = true; for (int i = 1; i != certs.size(); i++) @@ -92,15 +95,15 @@ public class PKIXCertPath } // find end-entity cert - List retList = new ArrayList(certs.size()); - List orig = new ArrayList(certs); + List retList = new ArrayList(certs.size()); + List orig = new ArrayList(certs); for (int i = 0; i < certs.size(); i++) { X509Certificate cert = (X509Certificate)certs.get(i); boolean found = false; - X500Principal subject = cert.getSubjectX500Principal(); + X500Principal subject = cert.getSubjectX500Principal(); for (int j = 0; j != certs.size(); j++) { @@ -172,7 +175,7 @@ public class PKIXCertPath if (encoding.equalsIgnoreCase("PkiPath")) { ASN1InputStream derInStream = new ASN1InputStream(inStream); - DERObject derObject = derInStream.readObject(); + ASN1Primitive derObject = derInStream.readObject(); if (!(derObject instanceof ASN1Sequence)) { throw new CertificateException("input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath"); @@ -183,7 +186,7 @@ public class PKIXCertPath while (e.hasMoreElements()) { ASN1Encodable element = (ASN1Encodable)e.nextElement(); - byte[] encoded = element.getEncoded(ASN1Encodable.DER); + byte[] encoded = element.toASN1Primitive().getEncoded(ASN1Encoding.DER); certificates.add(0, certFactory.generateCertificate( new ByteArrayInputStream(encoded))); } @@ -204,13 +207,13 @@ public class PKIXCertPath throw new CertificateException("unsupported encoding: " + encoding); } } - catch (IOException ex) + catch (IOException ex) { - throw new CertificateException("IOException throw while decoding CertPath:\n" + ex.toString()); + throw new CertificateException("IOException throw while decoding CertPath:\n" + ex.toString()); } - catch (NoSuchProviderException ex) + catch (NoSuchProviderException ex) { - throw new CertificateException("BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString()); + throw new CertificateException("BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString()); } this.certificates = sortCerts(certificates); @@ -234,7 +237,7 @@ public class PKIXCertPath * the default encoding. * * @return the encoded bytes - * @exception CertificateEncodingException if an encoding error occurs + * @exception java.security.cert.CertificateEncodingException if an encoding error occurs **/ public byte[] getEncoded() throws CertificateEncodingException @@ -257,7 +260,7 @@ public class PKIXCertPath * * @param encoding the name of the encoding to use * @return the encoded bytes - * @exception CertificateEncodingException if an encoding error + * @exception java.security.cert.CertificateEncodingException if an encoding error * occurs or the encoding requested is not supported * **/ @@ -286,11 +289,11 @@ public class PKIXCertPath v.add(toASN1Object((X509Certificate)certificates.get(i))); } - SignedData sd = new SignedData( - new DERInteger(1), + SignedData sd = new SignedData( + new ASN1Integer(1), new DERSet(), encInfo, - new DERSet(v), + new DERSet(v), null, new DERSet()); @@ -301,15 +304,15 @@ public class PKIXCertPath // else if (encoding.equalsIgnoreCase("PEM")) // { // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - // PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); + // PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); // // try // { // for (int i = 0; i != certificates.size(); i++) // { - // pWrt.writeObject(certificates.get(i)); + // pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); // } - // + // // pWrt.close(); // } // catch (Exception e) @@ -344,7 +347,7 @@ public class PKIXCertPath * * @return the DERObject **/ - private DERObject toASN1Object( + private ASN1Primitive toASN1Object( X509Certificate cert) throws CertificateEncodingException { @@ -358,12 +361,12 @@ public class PKIXCertPath } } - private byte[] toDEREncoded(ASN1Encodable obj) + private byte[] toDEREncoded(ASN1Encodable obj) throws CertificateEncodingException { try { - return obj.getEncoded(ASN1Encodable.DER); + return obj.toASN1Primitive().getEncoded(ASN1Encoding.DER); } catch (IOException e) { diff --git a/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java new file mode 100644 index 0000000..692b0d7 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -0,0 +1,41 @@ +package org.bouncycastle.jcajce.provider.config; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; + +/** + * Implemented by the BC provider. This allows setting of hidden parameters, + * such as the ImplicitCA parameters from X.962, if used. + */ +public interface ConfigurableProvider +{ + /** + * Elliptic Curve CA parameters - thread local version + */ + static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; + + /** + * Elliptic Curve CA parameters - thread local version + */ + static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; + + /** + * Diffie-Hellman Default Parameters - thread local version + */ + static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; + + /** + * Diffie-Hellman Default Parameters - VM wide version + */ + static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; + + void setParameter(String parameterName, Object parameter); + + void addAlgorithm(String key, String value); + + boolean hasAlgorithm(String type, String name); + + void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter); + + AsymmetricKeyInfoConverter getConverter(ASN1ObjectIdentifier oid); +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfiguration.java b/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfiguration.java new file mode 100644 index 0000000..2b7efe9 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfiguration.java @@ -0,0 +1,12 @@ +package org.bouncycastle.jcajce.provider.config; + +import javax.crypto.spec.DHParameterSpec; + +import org.bouncycastle.jce.spec.ECParameterSpec; + +public interface ProviderConfiguration +{ + ECParameterSpec getEcImplicitlyCa(); + + DHParameterSpec getDHDefaultParameters(); +} diff --git a/src/main/java/org/bouncycastle/jce/ProviderConfigurationPermission.java b/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.java index dba4db0..b21afc5 100644 --- a/src/main/java/org/bouncycastle/jce/ProviderConfigurationPermission.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.java @@ -1,11 +1,11 @@ -package org.bouncycastle.jce; - -import org.bouncycastle.util.Strings; +package org.bouncycastle.jcajce.provider.config; import java.security.BasicPermission; import java.security.Permission; import java.util.StringTokenizer; +import org.bouncycastle.util.Strings; + /** * A permission class to define what can be done with the ConfigurableProvider interface. * <p> @@ -28,12 +28,17 @@ public class ProviderConfigurationPermission extends BasicPermission { private static final int THREAD_LOCAL_EC_IMPLICITLY_CA = 0x01; - private static final int EC_IMPLICITLY_CA = 0x02; - private static final int ALL = THREAD_LOCAL_EC_IMPLICITLY_CA | EC_IMPLICITLY_CA; + private static final int THREAD_LOCAL_DH_DEFAULT_PARAMS = 0x04; + private static final int DH_DEFAULT_PARAMS = 0x08; + + private static final int ALL = THREAD_LOCAL_EC_IMPLICITLY_CA | EC_IMPLICITLY_CA | THREAD_LOCAL_DH_DEFAULT_PARAMS | DH_DEFAULT_PARAMS; private static final String THREAD_LOCAL_EC_IMPLICITLY_CA_STR = "threadlocalecimplicitlyca"; private static final String EC_IMPLICITLY_CA_STR = "ecimplicitlyca"; + private static final String THREAD_LOCAL_DH_DEFAULT_PARAMS_STR = "threadlocaldhdefaultparams"; + private static final String DH_DEFAULT_PARAMS_STR = "dhdefaultparams"; + private static final String ALL_STR = "all"; private final String actions; @@ -71,6 +76,14 @@ public class ProviderConfigurationPermission { mask |= EC_IMPLICITLY_CA; } + else if (s.equals(THREAD_LOCAL_DH_DEFAULT_PARAMS_STR)) + { + mask |= THREAD_LOCAL_DH_DEFAULT_PARAMS; + } + else if (s.equals(DH_DEFAULT_PARAMS_STR)) + { + mask |= DH_DEFAULT_PARAMS; + } else if (s.equals(ALL_STR)) { mask |= ALL; diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/BCMessageDigest.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/BCMessageDigest.java new file mode 100644 index 0000000..3c5b78d --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/BCMessageDigest.java @@ -0,0 +1,47 @@ +package org.bouncycastle.jcajce.provider.digest; + +import java.security.MessageDigest; + +import org.bouncycastle.crypto.Digest; + +public class BCMessageDigest + extends MessageDigest +{ + protected Digest digest; + + protected BCMessageDigest( + Digest digest) + { + super(digest.getAlgorithmName()); + + this.digest = digest; + } + + public void engineReset() + { + digest.reset(); + } + + public void engineUpdate( + byte input) + { + digest.update(input); + } + + public void engineUpdate( + byte[] input, + int offset, + int len) + { + digest.update(input, offset, len); + } + + public byte[] engineDigest() + { + byte[] digestBytes = new byte[digest.getDigestSize()]; + + digest.doFinal(digestBytes, 0); + + return digestBytes; + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.java new file mode 100644 index 0000000..2325f59 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.java @@ -0,0 +1,36 @@ +package org.bouncycastle.jcajce.provider.digest; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +abstract class DigestAlgorithmProvider + extends AlgorithmProvider +{ + protected void addHMACAlgorithm( + ConfigurableProvider provider, + String algorithm, + String algorithmClassName, + String keyGeneratorClassName) + { + String mainName = "HMAC" + algorithm; + + provider.addAlgorithm("Mac." + mainName, algorithmClassName); + provider.addAlgorithm("Alg.Alias.Mac.HMAC-" + algorithm, mainName); + provider.addAlgorithm("Alg.Alias.Mac.HMAC/" + algorithm, mainName); + provider.addAlgorithm("KeyGenerator." + mainName, keyGeneratorClassName); + provider.addAlgorithm("Alg.Alias.KeyGenerator.HMAC-" + algorithm, mainName); + provider.addAlgorithm("Alg.Alias.KeyGenerator.HMAC/" + algorithm, mainName); + } + + protected void addHMACAlias( + ConfigurableProvider provider, + String algorithm, + ASN1ObjectIdentifier oid) + { + String mainName = "HMAC" + algorithm; + + provider.addAlgorithm("Alg.Alias.Mac." + oid, mainName); + provider.addAlgorithm("Alg.Alias.KeyGenerator." + oid, mainName); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java new file mode 100644 index 0000000..6834e3c --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java @@ -0,0 +1,72 @@ +package org.bouncycastle.jcajce.provider.digest; + +import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.digests.MD5Digest; +import org.bouncycastle.crypto.macs.HMac; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jce.provider.JCEMac; + +public class MD5 +{ + /** + * MD5 HMac + */ + public static class HashMac + extends JCEMac + { + public HashMac() + { + super(new HMac(new MD5Digest())); + } + } + + public static class KeyGenerator + extends BaseKeyGenerator + { + public KeyGenerator() + { + super("HMACMD5", 128, new CipherKeyGenerator()); + } + } + + static public class Digest + extends BCMessageDigest + implements Cloneable + { + public Digest() + { + super(new MD5Digest()); + } + + public Object clone() + throws CloneNotSupportedException + { + Digest d = (Digest)super.clone(); + d.digest = new MD5Digest((MD5Digest)digest); + + return d; + } + } + + public static class Mappings + extends DigestAlgorithmProvider + { + private static final String PREFIX = MD5.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("MessageDigest.MD5", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); + + addHMACAlgorithm(provider, "MD5", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "MD5", IANAObjectIdentifiers.hmacMD5); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java new file mode 100644 index 0000000..2a9eceb --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java @@ -0,0 +1,76 @@ +package org.bouncycastle.jcajce.provider.digest; + +import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.crypto.macs.HMac; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jce.provider.JCEMac; + +public class SHA1 +{ + static public class Digest + extends BCMessageDigest + implements Cloneable + { + public Digest() + { + super(new SHA1Digest()); + } + + public Object clone() + throws CloneNotSupportedException + { + Digest d = (Digest)super.clone(); + d.digest = new SHA1Digest((SHA1Digest)digest); + + return d; + } + } + + /** + * SHA1 HMac + */ + public static class HashMac + extends JCEMac + { + public HashMac() + { + super(new HMac(new SHA1Digest())); + } + } + + public static class KeyGenerator + extends BaseKeyGenerator + { + public KeyGenerator() + { + super("HMACSHA1", 160, new CipherKeyGenerator()); + } + } + + public static class Mappings + extends DigestAlgorithmProvider + { + private static final String PREFIX = SHA1.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("MessageDigest.SHA-1", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA1", "SHA-1"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA", "SHA-1"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); + + addHMACAlgorithm(provider, "SHA1", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); + addHMACAlias(provider, "SHA1", IANAObjectIdentifiers.hmacSHA1); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java new file mode 100644 index 0000000..4e25c39 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -0,0 +1,73 @@ +package org.bouncycastle.jcajce.provider.digest; + +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.digests.SHA256Digest; +import org.bouncycastle.crypto.macs.HMac; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jce.provider.JCEMac; + +public class SHA256 +{ + static public class Digest + extends BCMessageDigest + implements Cloneable + { + public Digest() + { + super(new SHA256Digest()); + } + + public Object clone() + throws CloneNotSupportedException + { + Digest d = (Digest)super.clone(); + d.digest = new SHA256Digest((SHA256Digest)digest); + + return d; + } + } + + public static class HashMac + extends JCEMac + { + public HashMac() + { + super(new HMac(new SHA256Digest())); + } + } + + /** + * HMACSHA256 + */ + public static class KeyGenerator + extends BaseKeyGenerator + { + public KeyGenerator() + { + super("HMACSHA256", 256, new CipherKeyGenerator()); + } + } + + public static class Mappings + extends DigestAlgorithmProvider + { + private static final String PREFIX = SHA256.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("MessageDigest.SHA-256", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); + + addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java new file mode 100644 index 0000000..c724310 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -0,0 +1,73 @@ +package org.bouncycastle.jcajce.provider.digest; + +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.digests.SHA384Digest; +import org.bouncycastle.crypto.macs.HMac; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jce.provider.JCEMac; + +public class SHA384 +{ + static public class Digest + extends BCMessageDigest + implements Cloneable + { + public Digest() + { + super(new SHA384Digest()); + } + + public Object clone() + throws CloneNotSupportedException + { + Digest d = (Digest)super.clone(); + d.digest = new SHA384Digest((SHA384Digest)digest); + + return d; + } + } + + public static class HashMac + extends JCEMac + { + public HashMac() + { + super(new HMac(new SHA384Digest())); + } + } + + /** + * HMACSHA384 + */ + public static class KeyGenerator + extends BaseKeyGenerator + { + public KeyGenerator() + { + super("HMACSHA384", 384, new CipherKeyGenerator()); + } + } + + public static class Mappings + extends DigestAlgorithmProvider + { + private static final String PREFIX = SHA384.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); + + addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java new file mode 100644 index 0000000..cae9e7b --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -0,0 +1,74 @@ +package org.bouncycastle.jcajce.provider.digest; + +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.digests.SHA512Digest; +import org.bouncycastle.crypto.macs.HMac; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jce.provider.JCEMac; + +public class SHA512 +{ + static public class Digest + extends BCMessageDigest + implements Cloneable + { + public Digest() + { + super(new SHA512Digest()); + } + + public Object clone() + throws CloneNotSupportedException + { + Digest d = (Digest)super.clone(); + d.digest = new SHA512Digest((SHA512Digest)digest); + + return d; + } + } + + public static class HashMac + extends JCEMac + { + public HashMac() + { + super(new HMac(new SHA512Digest())); + } + } + + /** + * HMACSHA512 + */ + public static class KeyGenerator + extends BaseKeyGenerator + { + public KeyGenerator() + { + super("HMACSHA512", 512, new CipherKeyGenerator()); + } + } + + public static class Mappings + extends DigestAlgorithmProvider + { + private static final String PREFIX = SHA512.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("MessageDigest.SHA-512", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); + + addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + } + } + +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java new file mode 100644 index 0000000..1e12ee3 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -0,0 +1,295 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +// BEGIN android-removed +// import java.security.AlgorithmParameters; +// import java.security.InvalidAlgorithmParameterException; +// END android-removed +import java.security.SecureRandom; +// BEGIN android-removed +// import java.security.spec.AlgorithmParameterSpec; +// +// import javax.crypto.spec.IvParameterSpec; +// END android-removed + +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.crypto.BufferedBlockCipher; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.engines.AESFastEngine; +import org.bouncycastle.crypto.engines.AESWrapEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// import org.bouncycastle.crypto.macs.CMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.crypto.modes.CFBBlockCipher; +import org.bouncycastle.crypto.modes.OFBBlockCipher; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +// BEGIN android-removed +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// END android-removed + +public final class AES +{ + private AES() + { + } + + public static class ECB + extends BaseBlockCipher + { + public ECB() + { + super(new AESFastEngine()); + } + } + + public static class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new AESFastEngine()), 128); + } + } + + static public class CFB + extends BaseBlockCipher + { + public CFB() + { + super(new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 128)), 128); + } + } + + static public class OFB + extends BaseBlockCipher + { + public OFB() + { + super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128); + } + } + + // BEGIN android-removed + // public static class AESCMAC + // extends BaseMac + // { + // public AESCMAC() + // { + // super(new CMac(new AESFastEngine())); + // } + // } + // END android-removed + + static public class Wrap + extends BaseWrapCipher + { + public Wrap() + { + super(new AESWrapEngine()); + } + } + + // BEGIN android-removed + // public static class RFC3211Wrap + // extends BaseWrapCipher + // { + // public RFC3211Wrap() + // { + // super(new RFC3211WrapEngine(new AESFastEngine()), 16); + // } + // } + // END android-removed + + public static class KeyGen + extends BaseKeyGenerator + { + public KeyGen() + { + this(192); + } + + public KeyGen(int keySize) + { + super("AES", keySize, new CipherKeyGenerator()); + } + } + + // BEGIN android-removed + // public static class KeyGen128 + // extends KeyGen + // { + // public KeyGen128() + // { + // super(128); + // } + // } + // + // public static class KeyGen192 + // extends KeyGen + // { + // public KeyGen192() + // { + // super(192); + // } + // } + // + // public static class KeyGen256 + // extends KeyGen + // { + // public KeyGen256() + // { + // super(256); + // } + // } + // + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // byte[] iv = new byte[16]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // AlgorithmParameters params; + // + // try + // { + // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // + // return params; + // } + // } + // END android-removed + + public static class AlgParams + extends IvAlgorithmParameters + { + protected String engineToString() + { + return "AES IV"; + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = AES.class.getName(); + + /** + * These three got introduced in some messages as a result of a typo in an + * early document. We don't produce anything using these OID values, but we'll + * read them. + */ + private static final String wrongAES128 = "2.16.840.1.101.3.4.2"; + private static final String wrongAES192 = "2.16.840.1.101.3.4.22"; + private static final String wrongAES256 = "2.16.840.1.101.3.4.42"; + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.AES", PREFIX + "$AlgParams"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + // END android-removed + + provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); + // END android-removed + provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); + // END android-removed + + provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); + // BEGIN android-removed + // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); + // + // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); + // END android-removed + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java new file mode 100644 index 0000000..1bbdae7 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java @@ -0,0 +1,58 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.engines.RC4Engine; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +public final class ARC4 +{ + private ARC4() + { + } + + public static class Base + extends BaseStreamCipher + { + public Base() + { + super(new RC4Engine(), 0); + } + } + + public static class KeyGen + extends BaseKeyGenerator + { + public KeyGen() + { + // BEGIN android-changed + super("ARC4", 128, new CipherKeyGenerator()); + // END android-changed + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = ARC4.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + + provider.addAlgorithm("Cipher.ARC4", PREFIX + "$Base"); + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("Alg.Alias.Cipher.ARCFOUR", "ARC4"); + provider.addAlgorithm("Alg.Alias.Cipher.RC4", "ARC4"); + provider.addAlgorithm("KeyGenerator.ARC4", PREFIX + "$KeyGen"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.RC4", "ARC4"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); + + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java new file mode 100644 index 0000000..0e37487 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java @@ -0,0 +1,77 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.engines.BlowfishEngine; +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +public final class Blowfish +{ + private Blowfish() + { + } + + public static class ECB + extends BaseBlockCipher + { + public ECB() + { + super(new BlowfishEngine()); + } + } + + public static class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new BlowfishEngine()), 64); + } + } + + public static class KeyGen + extends BaseKeyGenerator + { + public KeyGen() + { + super("Blowfish", 128, new CipherKeyGenerator()); + } + } + + public static class AlgParams + extends IvAlgorithmParameters + { + protected String engineToString() + { + return "Blowfish IV"; + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = Blowfish.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + + provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); + // END android-removed + provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); + provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); + + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java new file mode 100644 index 0000000..3ba874c --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java @@ -0,0 +1,316 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.spec.DESKeySpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.crypto.KeyGenerationParameters; +import org.bouncycastle.crypto.engines.DESEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// END android-removed +import org.bouncycastle.crypto.generators.DESKeyGenerator; +import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.CMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public final class DES +{ + private DES() + { + } + + static public class ECB + extends BaseBlockCipher + { + public ECB() + { + super(new DESEngine()); + } + } + + // BEGIN android-removed + // static public class CBC + // extends BaseBlockCipher + // { + // public CBC() + // { + // super(new CBCBlockCipher(new DESEngine()), 64); + // } + // } + // + // /** + // * DES CFB8 + // */ + // public static class DESCFB8 + // extends BaseMac + // { + // public DESCFB8() + // { + // super(new CFBBlockCipherMac(new DESEngine())); + // } + // } + // + // /** + // * DES64 + // */ + // public static class DES64 + // extends BaseMac + // { + // public DES64() + // { + // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // } + // } + // + // /** + // * DES64with7816-4Padding + // */ + // public static class DES64with7816d4 + // extends BaseMac + // { + // public DES64with7816d4() + // { + // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); + // } + // } + // + // public static class CBCMAC + // extends BaseMac + // { + // public CBCMAC() + // { + // super(new CBCBlockCipherMac(new DESEngine())); + // } + // } + // + // static public class CMAC + // extends BaseMac + // { + // public CMAC() + // { + // super(new CMac(new DESEngine())); + // } + // } + // + // public static class RFC3211 + // extends BaseWrapCipher + // { + // public RFC3211() + // { + // super(new RFC3211WrapEngine(new DESEngine()), 8); + // } + // } + // + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // AlgorithmParameters params; + // + // try + // { + // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // + // return params; + // } + // } + // END android-removed + + /** + * DES - the default for this is to generate a key in + * a-b-a format that's 24 bytes long but has 16 bytes of + * key material (the first 8 bytes is repeated as the last + * 8 bytes). If you give it a size, you'll get just what you + * asked for. + */ + public static class KeyGenerator + extends BaseKeyGenerator + { + public KeyGenerator() + { + super("DES", 64, new DESKeyGenerator()); + } + + protected void engineInit( + int keySize, + SecureRandom random) + { + super.engineInit(keySize, random); + } + + protected SecretKey engineGenerateKey() + { + if (uninitialised) + { + engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); + uninitialised = false; + } + + return new SecretKeySpec(engine.generateKey(), algName); + } + } + + static public class KeyFactory + extends BaseSecretKeyFactory + { + public KeyFactory() + { + super("DES", null); + } + + protected KeySpec engineGetKeySpec( + SecretKey key, + Class keySpec) + throws InvalidKeySpecException + { + if (keySpec == null) + { + throw new InvalidKeySpecException("keySpec parameter is null"); + } + if (key == null) + { + throw new InvalidKeySpecException("key parameter is null"); + } + + if (SecretKeySpec.class.isAssignableFrom(keySpec)) + { + return new SecretKeySpec(key.getEncoded(), algName); + } + else if (DESKeySpec.class.isAssignableFrom(keySpec)) + { + byte[] bytes = key.getEncoded(); + + try + { + return new DESKeySpec(bytes); + } + catch (Exception e) + { + throw new InvalidKeySpecException(e.toString()); + } + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DESKeySpec) + { + DESKeySpec desKeySpec = (DESKeySpec)keySpec; + return new SecretKeySpec(desKeySpec.getKey(), "DES"); + } + + return super.engineGenerateSecret(keySpec); + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = DES.class.getName(); + private static final String PACKAGE = "org.bouncycastle.jcajce.provider.symmetric"; // JDK 1.2 + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + + provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); + // + // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); + // + // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); + // END android-removed + + provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); + + provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); + // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); + // + // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); + // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); + // + // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); + // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); + // + // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // END android-removed + + provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); + + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); + // END android-removed + } + + private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) + { + provider.addAlgorithm("Alg.Alias.KeyGenerator." + oid.getId(), name); + provider.addAlgorithm("Alg.Alias.KeyFactory." + oid.getId(), name); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java new file mode 100644 index 0000000..8e719d6 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java @@ -0,0 +1,423 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +// BEGIN android-removed +// import java.security.AlgorithmParameters; +// import java.security.InvalidAlgorithmParameterException; +// END android-removed +import java.security.SecureRandom; +// BEGIN android-removed +// import java.security.spec.AlgorithmParameterSpec; +// END android-removed +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.spec.DESedeKeySpec; +// BEGIN android-removed +// import javax.crypto.spec.IvParameterSpec; +// END android-removed +import javax.crypto.spec.SecretKeySpec; + +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.KeyGenerationParameters; +import org.bouncycastle.crypto.engines.DESedeEngine; +import org.bouncycastle.crypto.engines.DESedeWrapEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// END android-removed +import org.bouncycastle.crypto.generators.DESedeKeyGenerator; +import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.CMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public final class DESede +{ + private DESede() + { + } + + static public class ECB + extends BaseBlockCipher + { + public ECB() + { + super(new DESedeEngine()); + } + } + + static public class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new DESedeEngine()), 64); + } + } + + // BEGIN android-removed + // /** + // * DESede CFB8 + // */ + // public static class DESedeCFB8 + // extends BaseMac + // { + // public DESedeCFB8() + // { + // super(new CFBBlockCipherMac(new DESedeEngine())); + // } + // } + // END android-removed + + /** + * DESede64 + */ + public static class DESede64 + extends BaseMac + { + public DESede64() + { + super(new CBCBlockCipherMac(new DESedeEngine(), 64)); + } + } + + /** + * DESede64with7816-4Padding + */ + public static class DESede64with7816d4 + extends BaseMac + { + public DESede64with7816d4() + { + super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding())); + } + } + + public static class CBCMAC + extends BaseMac + { + public CBCMAC() + { + super(new CBCBlockCipherMac(new DESedeEngine())); + } + } + + // BEGIN android-removed + // static public class CMAC + // extends BaseMac + // { + // public CMAC() + // { + // super(new CMac(new DESedeEngine())); + // } + // } + // END android-removed + + public static class Wrap + extends BaseWrapCipher + { + public Wrap() + { + super(new DESedeWrapEngine()); + } + } + + // BEGIN android-removed + // public static class RFC3211 + // extends BaseWrapCipher + // { + // public RFC3211() + // { + // super(new RFC3211WrapEngine(new DESedeEngine()), 8); + // } + // } + // END android-removed + + /** + * DESede - the default for this is to generate a key in + * a-b-a format that's 24 bytes long but has 16 bytes of + * key material (the first 8 bytes is repeated as the last + * 8 bytes). If you give it a size, you'll get just what you + * asked for. + */ + public static class KeyGenerator + extends BaseKeyGenerator + { + private boolean keySizeSet = false; + + public KeyGenerator() + { + super("DESede", 192, new DESedeKeyGenerator()); + } + + protected void engineInit( + int keySize, + SecureRandom random) + { + super.engineInit(keySize, random); + keySizeSet = true; + } + + protected SecretKey engineGenerateKey() + { + if (uninitialised) + { + engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); + uninitialised = false; + } + + // + // if no key size has been defined generate a 24 byte key in + // the a-b-a format + // + if (!keySizeSet) + { + byte[] k = engine.generateKey(); + + System.arraycopy(k, 0, k, 16, 8); + + return new SecretKeySpec(k, algName); + } + else + { + return new SecretKeySpec(engine.generateKey(), algName); + } + } + } + + /** + * generate a desEDE key in the a-b-c format. + */ + public static class KeyGenerator3 + extends BaseKeyGenerator + { + public KeyGenerator3() + { + super("DESede3", 192, new DESedeKeyGenerator()); + } + } + + /** + * PBEWithSHAAnd3-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES3Key + extends BaseBlockCipher + { + public PBEWithSHAAndDES3Key() + { + super(new CBCBlockCipher(new DESedeEngine())); + } + } + + /** + * PBEWithSHAAnd2-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES2Key + extends BaseBlockCipher + { + public PBEWithSHAAndDES2Key() + { + super(new CBCBlockCipher(new DESedeEngine())); + } + } + + // BEGIN android-removed + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // AlgorithmParameters params; + // + // try + // { + // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // + // return params; + // } + // } + // END android-removed + + static public class KeyFactory + extends BaseSecretKeyFactory + { + public KeyFactory() + { + super("DESede", null); + } + + protected KeySpec engineGetKeySpec( + SecretKey key, + Class keySpec) + throws InvalidKeySpecException + { + if (keySpec == null) + { + throw new InvalidKeySpecException("keySpec parameter is null"); + } + if (key == null) + { + throw new InvalidKeySpecException("key parameter is null"); + } + + if (SecretKeySpec.class.isAssignableFrom(keySpec)) + { + return new SecretKeySpec(key.getEncoded(), algName); + } + else if (DESedeKeySpec.class.isAssignableFrom(keySpec)) + { + byte[] bytes = key.getEncoded(); + + try + { + if (bytes.length == 16) + { + byte[] longKey = new byte[24]; + + System.arraycopy(bytes, 0, longKey, 0, 16); + System.arraycopy(bytes, 0, longKey, 16, 8); + + return new DESedeKeySpec(longKey); + } + else + { + return new DESedeKeySpec(bytes); + } + } + catch (Exception e) + { + throw new InvalidKeySpecException(e.toString()); + } + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DESedeKeySpec) + { + DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec; + return new SecretKeySpec(desKeySpec.getKey(), "DESede"); + } + + return super.engineGenerateSecret(keySpec); + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = DESede.class.getName(); + private static final String PACKAGE = "org.bouncycastle.jcajce.provider.symmetric"; // JDK 1.2 + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); + // END android-removed + provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); + // BEGIN android-changed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); + // END android-changed + // BEGIN android-removed + // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); + // END android-removed + + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) + { + provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); + // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); + // END android-removed + provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); + // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + } + + provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); + // BEGIN android-removed + // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); + // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); + // END android-removed + + provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); + // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); + // + // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); + // + // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); + // + // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // END android-removed + + provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + // END android-removed + } + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index 13b5230..7f5d3c9 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.symmetric.util; import javax.crypto.interfaces.PBEKey; import javax.crypto.spec.PBEKeySpec; @@ -9,7 +9,7 @@ import org.bouncycastle.crypto.PBEParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; -public class JCEPBEKey +public class BCPBEKey implements PBEKey { String algorithm; @@ -25,15 +25,15 @@ public class JCEPBEKey /** * @param param */ - public JCEPBEKey( - String algorithm, + public BCPBEKey( + String algorithm, DERObjectIdentifier oid, - int type, - int digest, - int keySize, - int ivSize, - PBEKeySpec pbeKeySpec, - CipherParameters param) + int type, + int digest, + int keySize, + int ivSize, + PBEKeySpec pbeKeySpec, + CipherParameters param) { this.algorithm = algorithm; this.oid = oid; @@ -100,12 +100,12 @@ public class JCEPBEKey return keySize; } - int getIvSize() + public int getIvSize() { return ivSize; } - CipherParameters getParam() + public CipherParameters getParam() { return param; } @@ -139,7 +139,7 @@ public class JCEPBEKey return oid; } - void setTryWrongPKCS12Zero(boolean tryWrong) + public void setTryWrongPKCS12Zero(boolean tryWrong) { this.tryWrong = tryWrong; } diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java new file mode 100644 index 0000000..63d6548 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java @@ -0,0 +1,19 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.security.AlgorithmParameterGeneratorSpi; +import java.security.SecureRandom; + +public abstract class BaseAlgorithmParameterGenerator + extends AlgorithmParameterGeneratorSpi +{ + protected SecureRandom random; + protected int strength = 1024; + + protected void engineInit( + int strength, + SecureRandom random) + { + this.strength = strength; + this.random = random; + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java new file mode 100644 index 0000000..8231ad8 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java @@ -0,0 +1,385 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.io.IOException; +import java.security.AlgorithmParametersSpi; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// END android-removed + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; +import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; +// BEGIN android-removed +// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +// END android-removed +import org.bouncycastle.util.Arrays; + +public abstract class BaseAlgorithmParameters + extends AlgorithmParametersSpi +{ + protected boolean isASN1FormatString(String format) + { + return format == null || format.equals("ASN.1"); + } + + protected AlgorithmParameterSpec engineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == null) + { + throw new NullPointerException("argument to getParameterSpec must not be null"); + } + + return localEngineGetParameterSpec(paramSpec); + } + + protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException; + + // BEGIN android-removed + // public static class RC2AlgorithmParameters + // extends BaseAlgorithmParameters + // { + // private static final short[] table = { + // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + // }; + // + // private static final short[] ekb = { + // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, + // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, + // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, + // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, + // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, + // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, + // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, + // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, + // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, + // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, + // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, + // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, + // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, + // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, + // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, + // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + // }; + // + // private byte[] iv; + // private int parameterVersion = 58; + // + // protected byte[] engineGetEncoded() + // { + // return Arrays.clone(iv); + // } + // + // protected byte[] engineGetEncoded( + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // if (parameterVersion == -1) + // { + // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); + // } + // else + // { + // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); + // } + // } + // + // if (format.equals("RAW")) + // { + // return engineGetEncoded(); + // } + // + // return null; + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( + // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == RC2ParameterSpec.class) + // { + // if (parameterVersion != -1) + // { + // if (parameterVersion < 256) + // { + // return new RC2ParameterSpec(ekb[parameterVersion], iv); + // } + // else + // { + // return new RC2ParameterSpec(parameterVersion, iv); + // } + // } + // } + // + // if (paramSpec == IvParameterSpec.class) + // { + // return new IvParameterSpec(iv); + // } + // + // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); + // } + // + // protected void engineInit( + // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec instanceof IvParameterSpec) + // { + // this.iv = ((IvParameterSpec)paramSpec).getIV(); + // } + // else if (paramSpec instanceof RC2ParameterSpec) + // { + // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); + // if (effKeyBits != -1) + // { + // if (effKeyBits < 256) + // { + // parameterVersion = table[effKeyBits]; + // } + // else + // { + // parameterVersion = effKeyBits; + // } + // } + // + // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); + // } + // else + // { + // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); + // } + // } + // + // protected void engineInit( + // byte[] params) + // throws IOException + // { + // this.iv = Arrays.clone(params); + // } + // + // protected void engineInit( + // byte[] params, + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); + // + // if (p.getRC2ParameterVersion() != null) + // { + // parameterVersion = p.getRC2ParameterVersion().intValue(); + // } + // + // iv = p.getIV(); + // + // return; + // } + // + // if (format.equals("RAW")) + // { + // engineInit(params); + // return; + // } + // + // throw new IOException("Unknown parameters format in IV parameters object"); + // } + // + // protected String engineToString() + // { + // return "RC2 Parameters"; + // } + // } + // END android-removed + + public static class PBKDF2 + extends BaseAlgorithmParameters + { + PBKDF2Params params; + + protected byte[] engineGetEncoded() + { + try + { + return params.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Oooops! " + e.toString()); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (this.isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == PBEParameterSpec.class) + { + return new PBEParameterSpec(params.getSalt(), + params.getIterationCount().intValue()); + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof PBEParameterSpec)) + { + throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); + } + + PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; + + this.params = new PBKDF2Params(pbeSpec.getSalt(), + pbeSpec.getIterationCount()); + } + + protected void engineInit( + byte[] params) + throws IOException + { + this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (this.isASN1FormatString(format)) + { + engineInit(params); + return; + } + + throw new IOException("Unknown parameters format in PWRIKEK parameters object"); + } + + protected String engineToString() + { + return "PBKDF2 Parameters"; + } + } + + public static class PKCS12PBE + extends BaseAlgorithmParameters + { + PKCS12PBEParams params; + + protected byte[] engineGetEncoded() + { + try + { + return params.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Oooops! " + e.toString()); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (this.isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == PBEParameterSpec.class) + { + return new PBEParameterSpec(params.getIV(), + params.getIterations().intValue()); + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof PBEParameterSpec)) + { + throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); + } + + PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; + + this.params = new PKCS12PBEParams(pbeSpec.getSalt(), + pbeSpec.getIterationCount()); + } + + protected void engineInit( + byte[] params) + throws IOException + { + this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (this.isASN1FormatString(format)) + { + engineInit(params); + return; + } + + throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); + } + + protected String engineToString() + { + return "PKCS12 PBE Parameters"; + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java new file mode 100644 index 0000000..ce54655 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -0,0 +1,921 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.InvalidParameterException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed + +import org.bouncycastle.crypto.BufferedBlockCipher; +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.InvalidCipherTextException; +import org.bouncycastle.crypto.modes.AEADBlockCipher; +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.crypto.modes.CCMBlockCipher; +import org.bouncycastle.crypto.modes.CFBBlockCipher; +import org.bouncycastle.crypto.modes.CTSBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.EAXBlockCipher; +// END android-removed +import org.bouncycastle.crypto.modes.GCMBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// END android-removed +import org.bouncycastle.crypto.modes.OFBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; +// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; +// END android-removed +import org.bouncycastle.crypto.modes.SICBlockCipher; +import org.bouncycastle.crypto.paddings.BlockCipherPadding; +import org.bouncycastle.crypto.paddings.ISO10126d2Padding; +import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; +import org.bouncycastle.crypto.paddings.TBCPadding; +import org.bouncycastle.crypto.paddings.X923Padding; +import org.bouncycastle.crypto.paddings.ZeroBytePadding; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.crypto.params.ParametersWithRandom; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.ParametersWithSBox; +// END android-removed +import org.bouncycastle.crypto.params.RC2Parameters; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.RC5Parameters; +// END android-removed +import org.bouncycastle.jce.provider.BouncyCastleProvider; +// BEGIN android-removed +// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// END android-removed +import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; +import org.bouncycastle.util.Strings; + +public class BaseBlockCipher + extends BaseWrapCipher + implements PBE +{ + // + // specs we can handle. + // + private Class[] availableSpecs = + { + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class, + // END android-removed + IvParameterSpec.class, + PBEParameterSpec.class, + // BEGIN android-removed + // GOST28147ParameterSpec.class + // END android-removed + }; + + private org.bouncycastle.crypto.BlockCipher baseEngine; + private GenericBlockCipher cipher; + private ParametersWithIV ivParam; + + private int ivLength = 0; + + private boolean padded; + + private PBEParameterSpec pbeSpec = null; + private String pbeAlgorithm = null; + + private String modeName = null; + + protected BaseBlockCipher( + org.bouncycastle.crypto.BlockCipher engine) + { + baseEngine = engine; + + cipher = new BufferedGenericBlockCipher(engine); + } + + protected BaseBlockCipher( + org.bouncycastle.crypto.BlockCipher engine, + int ivLength) + { + baseEngine = engine; + + this.cipher = new BufferedGenericBlockCipher(engine); + this.ivLength = ivLength / 8; + } + + protected BaseBlockCipher( + BufferedBlockCipher engine, + int ivLength) + { + baseEngine = engine.getUnderlyingCipher(); + + this.cipher = new BufferedGenericBlockCipher(engine); + this.ivLength = ivLength / 8; + } + + protected int engineGetBlockSize() + { + return baseEngine.getBlockSize(); + } + + protected byte[] engineGetIV() + { + return (ivParam != null) ? ivParam.getIV() : null; + } + + protected int engineGetKeySize( + Key key) + { + return key.getEncoded().length * 8; + } + + protected int engineGetOutputSize( + int inputLen) + { + return cipher.getOutputSize(inputLen); + } + + protected AlgorithmParameters engineGetParameters() + { + if (engineParams == null) + { + if (pbeSpec != null) + { + try + { + engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); + engineParams.init(pbeSpec); + } + catch (Exception e) + { + return null; + } + } + else if (ivParam != null) + { + String name = cipher.getUnderlyingCipher().getAlgorithmName(); + + if (name.indexOf('/') >= 0) + { + name = name.substring(0, name.indexOf('/')); + } + + try + { + engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); + engineParams.init(ivParam.getIV()); + } + catch (Exception e) + { + throw new RuntimeException(e.toString()); + } + } + } + + return engineParams; + } + + protected void engineSetMode( + String mode) + throws NoSuchAlgorithmException + { + modeName = Strings.toUpperCase(mode); + + if (modeName.equals("ECB")) + { + ivLength = 0; + cipher = new BufferedGenericBlockCipher(baseEngine); + } + else if (modeName.equals("CBC")) + { + ivLength = baseEngine.getBlockSize(); + cipher = new BufferedGenericBlockCipher( + new CBCBlockCipher(baseEngine)); + } + else if (modeName.startsWith("OFB")) + { + ivLength = baseEngine.getBlockSize(); + if (modeName.length() != 3) + { + int wordSize = Integer.parseInt(modeName.substring(3)); + + cipher = new BufferedGenericBlockCipher( + new OFBBlockCipher(baseEngine, wordSize)); + } + else + { + cipher = new BufferedGenericBlockCipher( + new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); + } + } + else if (modeName.startsWith("CFB")) + { + ivLength = baseEngine.getBlockSize(); + if (modeName.length() != 3) + { + int wordSize = Integer.parseInt(modeName.substring(3)); + + cipher = new BufferedGenericBlockCipher( + new CFBBlockCipher(baseEngine, wordSize)); + } + else + { + cipher = new BufferedGenericBlockCipher( + new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); + } + } + // BEGIN android-removed + // else if (modeName.startsWith("PGP")) + // { + // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); + + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher( + // new PGPCFBBlockCipher(baseEngine, inlineIV)); + // } + // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) + // { + // ivLength = 0; + // cipher = new BufferedGenericBlockCipher( + // new OpenPGPCFBBlockCipher(baseEngine)); + // } + // END android-removed + else if (modeName.startsWith("SIC")) + { + ivLength = baseEngine.getBlockSize(); + if (ivLength < 16) + { + throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); + } + cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + new SICBlockCipher(baseEngine))); + } + else if (modeName.startsWith("CTR")) + { + ivLength = baseEngine.getBlockSize(); + cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + new SICBlockCipher(baseEngine))); + } + // BEGIN android-removed + // else if (modeName.startsWith("GOFB")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + // new GOFBBlockCipher(baseEngine))); + // } + // END android-removed + else if (modeName.startsWith("CTS")) + { + ivLength = baseEngine.getBlockSize(); + cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine))); + } + else if (modeName.startsWith("CCM")) + { + ivLength = baseEngine.getBlockSize(); + cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); + } + // BEGIN android-removed + // else if (modeName.startsWith("EAX")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); + // } + // END android-removed + else if (modeName.startsWith("GCM")) + { + ivLength = baseEngine.getBlockSize(); + cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine)); + } + else + { + throw new NoSuchAlgorithmException("can't support mode " + mode); + } + } + + protected void engineSetPadding( + String padding) + throws NoSuchPaddingException + { + String paddingName = Strings.toUpperCase(padding); + + if (paddingName.equals("NOPADDING")) + { + if (cipher.wrapOnNoPadding()) + { + cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(cipher.getUnderlyingCipher())); + } + } + else if (paddingName.equals("WITHCTS")) + { + cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(cipher.getUnderlyingCipher())); + } + else + { + padded = true; + + if (isAEADModeName(modeName)) + { + throw new NoSuchPaddingException("Only NoPadding can be used with AEAD modes."); + } + else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) + { + cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher()); + } + else if (paddingName.equals("ZEROBYTEPADDING")) + { + cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding()); + } + else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING")) + { + cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding()); + } + else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING")) + { + cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new X923Padding()); + } + else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING")) + { + cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding()); + } + else if (paddingName.equals("TBCPADDING")) + { + cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding()); + } + else + { + throw new NoSuchPaddingException("Padding " + padding + " unknown."); + } + } + } + + protected void engineInit( + int opmode, + Key key, + AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidKeyException, InvalidAlgorithmParameterException + { + CipherParameters param; + + this.pbeSpec = null; + this.pbeAlgorithm = null; + this.engineParams = null; + + // + // basic key check + // + if (!(key instanceof SecretKey)) + { + throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); + } + + // + // for RC5-64 we must have some default parameters + // + if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) + { + throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); + } + + // + // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). + // + if (key instanceof BCPBEKey) + { + BCPBEKey k = (BCPBEKey)key; + + if (k.getOID() != null) + { + pbeAlgorithm = k.getOID().getId(); + } + else + { + pbeAlgorithm = k.getAlgorithm(); + } + + if (k.getParam() != null) + { + param = k.getParam(); + pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); + } + else if (params instanceof PBEParameterSpec) + { + pbeSpec = (PBEParameterSpec)params; + param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); + } + else + { + throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); + } + + if (param instanceof ParametersWithIV) + { + ivParam = (ParametersWithIV)param; + } + } + else if (params == null) + { + param = new KeyParameter(key.getEncoded()); + } + else if (params instanceof IvParameterSpec) + { + if (ivLength != 0) + { + IvParameterSpec p = (IvParameterSpec)params; + + if (p.getIV().length != ivLength && !isAEADModeName(modeName)) + { + throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); + } + + if (key instanceof RepeatedSecretKeySpec) + { + param = new ParametersWithIV(null, p.getIV()); + ivParam = (ParametersWithIV)param; + } + else + { + param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); + ivParam = (ParametersWithIV)param; + } + } + else + { + if (modeName != null && modeName.equals("ECB")) + { + throw new InvalidAlgorithmParameterException("ECB mode does not use an IV"); + } + + param = new KeyParameter(key.getEncoded()); + } + } + // BEGIN android-removed + // else if (params instanceof GOST28147ParameterSpec) + // { + // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; + // + // param = new ParametersWithSBox( + // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); + // + // if (gost28147Param.getIV() != null && ivLength != 0) + // { + // param = new ParametersWithIV(param, gost28147Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // else if (params instanceof RC2ParameterSpec) + // { + // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; + // + // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); + // + // if (rc2Param.getIV() != null && ivLength != 0) + // { + // param = new ParametersWithIV(param, rc2Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // else if (params instanceof RC5ParameterSpec) + // { + // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; + // + // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); + // if (baseEngine.getAlgorithmName().startsWith("RC5")) + // { + // if (baseEngine.getAlgorithmName().equals("RC5-32")) + // { + // if (rc5Param.getWordSize() != 32) + // { + // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); + // } + // } + // else if (baseEngine.getAlgorithmName().equals("RC5-64")) + // { + // if (rc5Param.getWordSize() != 64) + // { + // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); + // } + // } + // } + // else + // { + // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); + // } + // if ((rc5Param.getIV() != null) && (ivLength != 0)) + // { + // param = new ParametersWithIV(param, rc5Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // END android-removed + else + { + throw new InvalidAlgorithmParameterException("unknown parameter type."); + } + + if ((ivLength != 0) && !(param instanceof ParametersWithIV)) + { + SecureRandom ivRandom = random; + + if (ivRandom == null) + { + ivRandom = new SecureRandom(); + } + + if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) + { + byte[] iv = new byte[ivLength]; + + ivRandom.nextBytes(iv); + param = new ParametersWithIV(param, iv); + ivParam = (ParametersWithIV)param; + } + else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) + { + throw new InvalidAlgorithmParameterException("no IV set when one expected"); + } + } + + if (random != null && padded) + { + param = new ParametersWithRandom(param, random); + } + + try + { + switch (opmode) + { + case Cipher.ENCRYPT_MODE: + case Cipher.WRAP_MODE: + cipher.init(true, param); + break; + case Cipher.DECRYPT_MODE: + case Cipher.UNWRAP_MODE: + cipher.init(false, param); + break; + default: + throw new InvalidParameterException("unknown opmode " + opmode + " passed"); + } + } + catch (Exception e) + { + throw new InvalidKeyException(e.getMessage()); + } + } + + protected void engineInit( + int opmode, + Key key, + AlgorithmParameters params, + SecureRandom random) + throws InvalidKeyException, InvalidAlgorithmParameterException + { + AlgorithmParameterSpec paramSpec = null; + + if (params != null) + { + for (int i = 0; i != availableSpecs.length; i++) + { + try + { + paramSpec = params.getParameterSpec(availableSpecs[i]); + break; + } + catch (Exception e) + { + // try again if possible + } + } + + if (paramSpec == null) + { + throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); + } + } + + engineInit(opmode, key, paramSpec, random); + + engineParams = params; + } + + protected void engineInit( + int opmode, + Key key, + SecureRandom random) + throws InvalidKeyException + { + try + { + engineInit(opmode, key, (AlgorithmParameterSpec)null, random); + } + catch (InvalidAlgorithmParameterException e) + { + throw new InvalidKeyException(e.getMessage()); + } + } + + protected byte[] engineUpdate( + byte[] input, + int inputOffset, + int inputLen) + { + int length = cipher.getUpdateOutputSize(inputLen); + + if (length > 0) + { + byte[] out = new byte[length]; + + int len = cipher.processBytes(input, inputOffset, inputLen, out, 0); + + if (len == 0) + { + return null; + } + else if (len != out.length) + { + byte[] tmp = new byte[len]; + + System.arraycopy(out, 0, tmp, 0, len); + + return tmp; + } + + return out; + } + + cipher.processBytes(input, inputOffset, inputLen, null, 0); + + return null; + } + + protected int engineUpdate( + byte[] input, + int inputOffset, + int inputLen, + byte[] output, + int outputOffset) + throws ShortBufferException + { + try + { + return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + } + catch (DataLengthException e) + { + throw new ShortBufferException(e.getMessage()); + } + } + + protected byte[] engineDoFinal( + byte[] input, + int inputOffset, + int inputLen) + throws IllegalBlockSizeException, BadPaddingException + { + int len = 0; + byte[] tmp = new byte[engineGetOutputSize(inputLen)]; + + if (inputLen != 0) + { + len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); + } + + try + { + len += cipher.doFinal(tmp, len); + } + catch (DataLengthException e) + { + throw new IllegalBlockSizeException(e.getMessage()); + } + catch (InvalidCipherTextException e) + { + throw new BadPaddingException(e.getMessage()); + } + + if (len == tmp.length) + { + return tmp; + } + + byte[] out = new byte[len]; + + System.arraycopy(tmp, 0, out, 0, len); + + return out; + } + + protected int engineDoFinal( + byte[] input, + int inputOffset, + int inputLen, + byte[] output, + int outputOffset) + throws IllegalBlockSizeException, BadPaddingException, ShortBufferException + { + // BEGIN android-note + // added ShortBufferException to the throws statement + // END android-note + int len = 0; + + // BEGIN android-added + int outputLen = cipher.getOutputSize(inputLen); + + if (outputLen + outputOffset > output.length) { + throw new ShortBufferException("need at least " + outputLen + " bytes"); + } + // BEGIN android-added + if (inputLen != 0) + { + len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + } + + try + { + return (len + cipher.doFinal(output, outputOffset + len)); + } + catch (DataLengthException e) + { + throw new IllegalBlockSizeException(e.getMessage()); + } + catch (InvalidCipherTextException e) + { + throw new BadPaddingException(e.getMessage()); + } + } + + private boolean isAEADModeName( + String modeName) + { + return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); + } + + /* + * The ciphers that inherit from us. + */ + + static private interface GenericBlockCipher + { + public void init(boolean forEncryption, CipherParameters params) + throws IllegalArgumentException; + + public boolean wrapOnNoPadding(); + + public String getAlgorithmName(); + + public org.bouncycastle.crypto.BlockCipher getUnderlyingCipher(); + + public int getOutputSize(int len); + + public int getUpdateOutputSize(int len); + + public int processByte(byte in, byte[] out, int outOff) + throws DataLengthException; + + public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) + throws DataLengthException; + + public int doFinal(byte[] out, int outOff) + throws IllegalStateException, InvalidCipherTextException; + } + + private static class BufferedGenericBlockCipher + implements GenericBlockCipher + { + private BufferedBlockCipher cipher; + + BufferedGenericBlockCipher(BufferedBlockCipher cipher) + { + this.cipher = cipher; + } + + BufferedGenericBlockCipher(org.bouncycastle.crypto.BlockCipher cipher) + { + this.cipher = new PaddedBufferedBlockCipher(cipher); + } + + BufferedGenericBlockCipher(org.bouncycastle.crypto.BlockCipher cipher, BlockCipherPadding padding) + { + this.cipher = new PaddedBufferedBlockCipher(cipher, padding); + } + + public void init(boolean forEncryption, CipherParameters params) + throws IllegalArgumentException + { + cipher.init(forEncryption, params); + } + + public boolean wrapOnNoPadding() + { + return !(cipher instanceof CTSBlockCipher); + } + + public String getAlgorithmName() + { + return cipher.getUnderlyingCipher().getAlgorithmName(); + } + + public org.bouncycastle.crypto.BlockCipher getUnderlyingCipher() + { + return cipher.getUnderlyingCipher(); + } + + public int getOutputSize(int len) + { + return cipher.getOutputSize(len); + } + + public int getUpdateOutputSize(int len) + { + return cipher.getUpdateOutputSize(len); + } + + public int processByte(byte in, byte[] out, int outOff) throws DataLengthException + { + return cipher.processByte(in, out, outOff); + } + + public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException + { + return cipher.processBytes(in, inOff, len, out, outOff); + } + + public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException + { + return cipher.doFinal(out, outOff); + } + } + + private static class AEADGenericBlockCipher + implements GenericBlockCipher + { + private AEADBlockCipher cipher; + + AEADGenericBlockCipher(AEADBlockCipher cipher) + { + this.cipher = cipher; + } + + public void init(boolean forEncryption, CipherParameters params) + throws IllegalArgumentException + { + cipher.init(forEncryption, params); + } + + public String getAlgorithmName() + { + return cipher.getUnderlyingCipher().getAlgorithmName(); + } + + public boolean wrapOnNoPadding() + { + return false; + } + + public org.bouncycastle.crypto.BlockCipher getUnderlyingCipher() + { + return cipher.getUnderlyingCipher(); + } + + public int getOutputSize(int len) + { + return cipher.getOutputSize(len); + } + + public int getUpdateOutputSize(int len) + { + return cipher.getUpdateOutputSize(len); + } + + public int processByte(byte in, byte[] out, int outOff) throws DataLengthException + { + return cipher.processByte(in, out, outOff); + } + + public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException + { + return cipher.processBytes(in, inOff, len, out, outOff); + } + + public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException + { + return cipher.doFinal(out, outOff); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java new file mode 100644 index 0000000..0e190d3 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java @@ -0,0 +1,83 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; + +import javax.crypto.KeyGeneratorSpi; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; + +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.KeyGenerationParameters; + +public class BaseKeyGenerator + extends KeyGeneratorSpi +{ + protected String algName; + protected int keySize; + protected int defaultKeySize; + protected CipherKeyGenerator engine; + + protected boolean uninitialised = true; + + protected BaseKeyGenerator( + String algName, + int defaultKeySize, + CipherKeyGenerator engine) + { + this.algName = algName; + this.keySize = this.defaultKeySize = defaultKeySize; + this.engine = engine; + } + + protected void engineInit( + AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new InvalidAlgorithmParameterException("Not Implemented"); + } + + protected void engineInit( + SecureRandom random) + { + if (random != null) + { + engine.init(new KeyGenerationParameters(random, defaultKeySize)); + uninitialised = false; + } + } + + protected void engineInit( + int keySize, + SecureRandom random) + { + try + { + // BEGIN android-added + if (random == null) { + random = new SecureRandom(); + } + // END android-added + engine.init(new KeyGenerationParameters(random, keySize)); + uninitialised = false; + } + catch (IllegalArgumentException e) + { + throw new InvalidParameterException(e.getMessage()); + } + } + + protected SecretKey engineGenerateKey() + { + if (uninitialised) + { + engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); + uninitialised = false; + } + + return new SecretKeySpec(engine.generateKey(), algName); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java new file mode 100644 index 0000000..55c768f --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java @@ -0,0 +1,463 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.spec.AlgorithmParameterSpec; + +import javax.crypto.MacSpi; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEParameterSpec; + +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.Mac; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD4Digest; +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// import org.bouncycastle.crypto.digests.TigerDigest; +// END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added +import org.bouncycastle.crypto.engines.DESEngine; +import org.bouncycastle.crypto.engines.RC2Engine; +import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.GOST28147Mac; +// END android-removed +import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed +import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; + +public class BaseMac + extends MacSpi implements PBE +{ + private Mac macEngine; + + private int pbeType = PKCS12; + private int pbeHash = SHA1; + private int keySize = 160; + + protected BaseMac( + Mac macEngine) + { + this.macEngine = macEngine; + } + + protected BaseMac( + Mac macEngine, + int pbeType, + int pbeHash, + int keySize) + { + this.macEngine = macEngine; + this.pbeType = pbeType; + this.pbeHash = pbeHash; + this.keySize = keySize; + } + + protected void engineInit( + Key key, + AlgorithmParameterSpec params) + throws InvalidKeyException, InvalidAlgorithmParameterException + { + CipherParameters param; + + if (key == null) + { + throw new InvalidKeyException("key is null"); + } + + if (key instanceof BCPBEKey) + { + BCPBEKey k = (BCPBEKey)key; + + if (k.getParam() != null) + { + param = k.getParam(); + } + else if (params instanceof PBEParameterSpec) + { + param = PBE.Util.makePBEMacParameters(k, params); + } + else + { + throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); + } + } + else if (params instanceof IvParameterSpec) + { + param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); + } + else if (params == null) + { + param = new KeyParameter(key.getEncoded()); + } + else + { + throw new InvalidAlgorithmParameterException("unknown parameter type."); + } + + macEngine.init(param); + } + + protected int engineGetMacLength() + { + return macEngine.getMacSize(); + } + + protected void engineReset() + { + macEngine.reset(); + } + + protected void engineUpdate( + byte input) + { + macEngine.update(input); + } + + protected void engineUpdate( + byte[] input, + int offset, + int len) + { + macEngine.update(input, offset, len); + } + + protected byte[] engineDoFinal() + { + byte[] out = new byte[engineGetMacLength()]; + + macEngine.doFinal(out, 0); + + return out; + } + + /** + * the classes that extend directly off us. + */ + + /** + * DES + */ + public static class DES + extends BaseMac + { + public DES() + { + super(new CBCBlockCipherMac(new DESEngine())); + } + } + + /** + * DES 64 bit MAC + */ + public static class DES64 + extends BaseMac + { + public DES64() + { + super(new CBCBlockCipherMac(new DESEngine(), 64)); + } + } + + /** + * RC2 + */ + public static class RC2 + extends BaseMac + { + public RC2() + { + super(new CBCBlockCipherMac(new RC2Engine())); + } + } + + // BEGIN android-removed + // /** + // * GOST28147 + // */ + // public static class GOST28147 + // extends BaseMac + // { + // public GOST28147() + // { + // super(new GOST28147Mac()); + // } + // } + // + // + // + // /** + // * DES + // */ + // public static class DESCFB8 + // extends BaseMac + // { + // public DESCFB8() + // { + // super(new CFBBlockCipherMac(new DESEngine())); + // } + // } + // + // /** + // * RC2CFB8 + // */ + // public static class RC2CFB8 + // extends BaseMac + // { + // public RC2CFB8() + // { + // super(new CFBBlockCipherMac(new RC2Engine())); + // } + // } + // + // /** + // * DES9797Alg3with7816-4Padding + // */ + // public static class DES9797Alg3with7816d4 + // extends BaseMac + // { + // public DES9797Alg3with7816d4() + // { + // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); + // } + // } + // + // /** + // * DES9797Alg3 + // */ + // public static class DES9797Alg3 + // extends BaseMac + // { + // public DES9797Alg3() + // { + // super(new ISO9797Alg3Mac(new DESEngine())); + // } + // } + // + // /** + // * MD2 HMac + // */ + // public static class MD2 + // extends BaseMac + // { + // public MD2() + // { + // super(new HMac(new MD2Digest())); + // } + // } + // + // /** + // * MD4 HMac + // */ + // public static class MD4 + // extends BaseMac + // { + // public MD4() + // { + // super(new HMac(new MD4Digest())); + // } + // } + // END android-removed + + /** + * MD5 HMac + */ + public static class MD5 + extends BaseMac + { + public MD5() + { + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.MD5())); + // END android-changed + } + } + + /** + * SHA1 HMac + */ + public static class SHA1 + extends BaseMac + { + public SHA1() + { + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA1())); + // END android-changed + } + } + + // BEGIN android-removed + // /** + // * SHA-224 HMac + // */ + // public static class SHA224 + // extends BaseMac + // { + // public SHA224() + // { + // super(new HMac(new SHA224Digest())); + // } + // } + // END android-removed + + /** + * SHA-256 HMac + */ + public static class SHA256 + extends BaseMac + { + public SHA256() + { + super(new HMac(new OpenSSLDigest.SHA256())); + } + } + + /** + * SHA-384 HMac + */ + public static class SHA384 + extends BaseMac + { + public SHA384() + { + super(new HMac(new OpenSSLDigest.SHA384())); + } + } + + // BEGIN android-removed + // public static class OldSHA384 + // extends BaseMac + // { + // public OldSHA384() + // { + // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed + + /** + * SHA-512 HMac + */ + public static class SHA512 + extends BaseMac + { + public SHA512() + { + super(new HMac(new OpenSSLDigest.SHA512())); + } + } + + // BEGIN android-removed + // /** + // * SHA-512 HMac + // */ + // public static class OldSHA512 + // extends BaseMac + // { + // public OldSHA512() + // { + // super(new OldHMac(new SHA512Digest())); + // } + // } + // + // /** + // * RIPEMD128 HMac + // */ + // public static class RIPEMD128 + // extends BaseMac + // { + // public RIPEMD128() + // { + // super(new HMac(new RIPEMD128Digest())); + // } + // } + // + // /** + // * RIPEMD160 HMac + // */ + // public static class RIPEMD160 + // extends BaseMac + // { + // public RIPEMD160() + // { + // super(new HMac(new RIPEMD160Digest())); + // } + // } + // + // /** + // * Tiger HMac + // */ + // public static class Tiger + // extends BaseMac + // { + // public Tiger() + // { + // super(new HMac(new TigerDigest())); + // } + // } + // + // // + // // PKCS12 states that the same algorithm should be used + // // for the key generation as is used in the HMAC, so that + // // is what we do here. + // // + // + // /** + // * PBEWithHmacRIPEMD160 + // */ + // public static class PBEWithRIPEMD160 + // extends BaseMac + // { + // public PBEWithRIPEMD160() + // { + // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); + // } + // } + // END android-removed + + /** + * PBEWithHmacSHA + */ + public static class PBEWithSHA + extends BaseMac + { + public PBEWithSHA() + { + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA1()), PKCS12, SHA1, 160); + // END android-changed + } + } + + // BEGIN android-removed + // /** + // * PBEWithHmacTiger + // */ + // public static class PBEWithTiger + // extends BaseMac + // { + // public PBEWithTiger() + // { + // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); + // } + // } + // END android-removed +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java new file mode 100644 index 0000000..23e7b19 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java @@ -0,0 +1,196 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.lang.reflect.Constructor; +import java.security.InvalidKeyException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactorySpi; +import javax.crypto.spec.DESKeySpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.params.DESParameters; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; + +public class BaseSecretKeyFactory + extends SecretKeyFactorySpi + implements PBE +{ + protected String algName; + protected DERObjectIdentifier algOid; + + protected BaseSecretKeyFactory( + String algName, + DERObjectIdentifier algOid) + { + this.algName = algName; + this.algOid = algOid; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof SecretKeySpec) + { + return (SecretKey)keySpec; + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + + protected KeySpec engineGetKeySpec( + SecretKey key, + Class keySpec) + throws InvalidKeySpecException + { + if (keySpec == null) + { + throw new InvalidKeySpecException("keySpec parameter is null"); + } + if (key == null) + { + throw new InvalidKeySpecException("key parameter is null"); + } + + if (SecretKeySpec.class.isAssignableFrom(keySpec)) + { + return new SecretKeySpec(key.getEncoded(), algName); + } + + try + { + Class[] parameters = { byte[].class }; + + Constructor c = keySpec.getConstructor(parameters); + Object[] p = new Object[1]; + + p[0] = key.getEncoded(); + + return (KeySpec)c.newInstance(p); + } + catch (Exception e) + { + throw new InvalidKeySpecException(e.toString()); + } + } + + protected SecretKey engineTranslateKey( + SecretKey key) + throws InvalidKeyException + { + if (key == null) + { + throw new InvalidKeyException("key parameter is null"); + } + + if (!key.getAlgorithm().equalsIgnoreCase(algName)) + { + throw new InvalidKeyException("Key not of type " + algName + "."); + } + + return new SecretKeySpec(key.getEncoded(), algName); + } + + /* + * classes that inherit from us + */ + + + + static public class DESPBEKeyFactory + extends BaseSecretKeyFactory + { + private boolean forCipher; + private int scheme; + private int digest; + private int keySize; + private int ivSize; + + public DESPBEKeyFactory( + String algorithm, + DERObjectIdentifier oid, + boolean forCipher, + int scheme, + int digest, + int keySize, + int ivSize) + { + super(algorithm, oid); + + this.forCipher = forCipher; + this.scheme = scheme; + this.digest = digest; + this.keySize = keySize; + this.ivSize = ivSize; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + CipherParameters param; + + if (pbeSpec.getSalt() == null) + { + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + } + + if (forCipher) + { + param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); + } + else + { + param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + } + + KeyParameter kParam; + if (param instanceof ParametersWithIV) + { + kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); + } + else + { + kParam = (KeyParameter)param; + } + + DESParameters.setOddParity(kParam.getKey()); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + static public class DES + extends BaseSecretKeyFactory + { + public DES() + { + super("DES", null); + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof DESKeySpec) + { + DESKeySpec desKeySpec = (DESKeySpec)keySpec; + return new SecretKeySpec(desKeySpec.getKey(), "DES"); + } + + return super.engineGenerateSecret(keySpec); + } + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java new file mode 100644 index 0000000..2031929 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java @@ -0,0 +1,366 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; + +import javax.crypto.Cipher; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed + +import org.bouncycastle.crypto.BlockCipher; +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.StreamBlockCipher; +import org.bouncycastle.crypto.StreamCipher; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +public class BaseStreamCipher + extends BaseWrapCipher + implements PBE +{ + // + // specs we can handle. + // + private Class[] availableSpecs = + { + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class, + // END android-removed + IvParameterSpec.class, + PBEParameterSpec.class + }; + + private StreamCipher cipher; + private ParametersWithIV ivParam; + + private int ivLength = 0; + + private PBEParameterSpec pbeSpec = null; + private String pbeAlgorithm = null; + + protected BaseStreamCipher( + StreamCipher engine, + int ivLength) + { + cipher = engine; + this.ivLength = ivLength; + } + + protected BaseStreamCipher( + BlockCipher engine, + int ivLength) + { + this.ivLength = ivLength; + + cipher = new StreamBlockCipher(engine); + } + + protected int engineGetBlockSize() + { + return 0; + } + + protected byte[] engineGetIV() + { + return (ivParam != null) ? ivParam.getIV() : null; + } + + protected int engineGetKeySize( + Key key) + { + return key.getEncoded().length * 8; + } + + protected int engineGetOutputSize( + int inputLen) + { + return inputLen; + } + + protected AlgorithmParameters engineGetParameters() + { + if (engineParams == null) + { + if (pbeSpec != null) + { + try + { + AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); + engineParams.init(pbeSpec); + + return engineParams; + } + catch (Exception e) + { + return null; + } + } + } + + return engineParams; + } + + /** + * should never be called. + */ + protected void engineSetMode( + String mode) + { + if (!mode.equalsIgnoreCase("ECB")) + { + throw new IllegalArgumentException("can't support mode " + mode); + } + } + + /** + * should never be called. + */ + protected void engineSetPadding( + String padding) + throws NoSuchPaddingException + { + if (!padding.equalsIgnoreCase("NoPadding")) + { + throw new NoSuchPaddingException("Padding " + padding + " unknown."); + } + } + + protected void engineInit( + int opmode, + Key key, + AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidKeyException, InvalidAlgorithmParameterException + { + CipherParameters param; + + this.pbeSpec = null; + this.pbeAlgorithm = null; + + this.engineParams = null; + + // + // basic key check + // + if (!(key instanceof SecretKey)) + { + throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); + } + + if (key instanceof BCPBEKey) + { + BCPBEKey k = (BCPBEKey)key; + + if (k.getOID() != null) + { + pbeAlgorithm = k.getOID().getId(); + } + else + { + pbeAlgorithm = k.getAlgorithm(); + } + + if (k.getParam() != null) + { + param = k.getParam(); + pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); + } + else if (params instanceof PBEParameterSpec) + { + param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName()); + pbeSpec = (PBEParameterSpec)params; + } + else + { + throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); + } + + if (k.getIvSize() != 0) + { + ivParam = (ParametersWithIV)param; + } + } + else if (params == null) + { + param = new KeyParameter(key.getEncoded()); + } + else if (params instanceof IvParameterSpec) + { + param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); + ivParam = (ParametersWithIV)param; + } + else + { + throw new IllegalArgumentException("unknown parameter type."); + } + + if ((ivLength != 0) && !(param instanceof ParametersWithIV)) + { + SecureRandom ivRandom = random; + + if (ivRandom == null) + { + ivRandom = new SecureRandom(); + } + + if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) + { + byte[] iv = new byte[ivLength]; + + ivRandom.nextBytes(iv); + param = new ParametersWithIV(param, iv); + ivParam = (ParametersWithIV)param; + } + else + { + throw new InvalidAlgorithmParameterException("no IV set when one expected"); + } + } + + switch (opmode) + { + case Cipher.ENCRYPT_MODE: + case Cipher.WRAP_MODE: + cipher.init(true, param); + break; + case Cipher.DECRYPT_MODE: + case Cipher.UNWRAP_MODE: + cipher.init(false, param); + break; + default: + System.out.println("eeek!"); + } + } + + protected void engineInit( + int opmode, + Key key, + AlgorithmParameters params, + SecureRandom random) + throws InvalidKeyException, InvalidAlgorithmParameterException + { + AlgorithmParameterSpec paramSpec = null; + + if (params != null) + { + for (int i = 0; i != availableSpecs.length; i++) + { + try + { + paramSpec = params.getParameterSpec(availableSpecs[i]); + break; + } + catch (Exception e) + { + continue; + } + } + + if (paramSpec == null) + { + throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); + } + } + + engineInit(opmode, key, paramSpec, random); + engineParams = params; + } + + protected void engineInit( + int opmode, + Key key, + SecureRandom random) + throws InvalidKeyException + { + try + { + engineInit(opmode, key, (AlgorithmParameterSpec)null, random); + } + catch (InvalidAlgorithmParameterException e) + { + throw new InvalidKeyException(e.getMessage()); + } + } + + protected byte[] engineUpdate( + byte[] input, + int inputOffset, + int inputLen) + { + byte[] out = new byte[inputLen]; + + cipher.processBytes(input, inputOffset, inputLen, out, 0); + + return out; + } + + protected int engineUpdate( + byte[] input, + int inputOffset, + int inputLen, + byte[] output, + int outputOffset) + throws ShortBufferException + { + try + { + cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + + return inputLen; + } + catch (DataLengthException e) + { + throw new ShortBufferException(e.getMessage()); + } + } + + protected byte[] engineDoFinal( + byte[] input, + int inputOffset, + int inputLen) + { + if (inputLen != 0) + { + byte[] out = engineUpdate(input, inputOffset, inputLen); + + cipher.reset(); + + return out; + } + + cipher.reset(); + + return new byte[0]; + } + + protected int engineDoFinal( + byte[] input, + int inputOffset, + int inputLen, + byte[] output, + int outputOffset) + { + if (inputLen != 0) + { + cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + } + + cipher.reset(); + + return inputLen; + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java index 1a5808b..2800a7f 100644 --- a/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.symmetric.util; import java.security.AlgorithmParameters; import java.security.InvalidAlgorithmParameterException; @@ -28,23 +28,16 @@ import javax.crypto.spec.PBEParameterSpec; // END android-removed import javax.crypto.spec.SecretKeySpec; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.Wrapper; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RC2WrapEngine; -// END android-removed import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.jce.provider.BouncyCastleProvider; -public abstract class WrapCipherSpi extends CipherSpi +public abstract class BaseWrapCipher + extends CipherSpi implements PBE { // @@ -72,19 +65,19 @@ public abstract class WrapCipherSpi extends CipherSpi private int ivSize; private byte[] iv; - protected WrapCipherSpi() + protected BaseWrapCipher() { } - protected WrapCipherSpi( + protected BaseWrapCipher( Wrapper wrapEngine) { this(wrapEngine, 0); } - protected WrapCipherSpi( + protected BaseWrapCipher( Wrapper wrapEngine, - int ivSize) + int ivSize) { this.wrapEngine = wrapEngine; this.ivSize = ivSize; @@ -140,10 +133,10 @@ public abstract class WrapCipherSpi extends CipherSpi { CipherParameters param; - if (key instanceof JCEPBEKey) + if (key instanceof BCPBEKey) { - JCEPBEKey k = (JCEPBEKey)key; - + BCPBEKey k = (BCPBEKey)key; + if (params instanceof PBEParameterSpec) { param = PBE.Util.makePBEParameters(k, params, wrapEngine.getAlgorithmName()); @@ -162,7 +155,7 @@ public abstract class WrapCipherSpi extends CipherSpi param = new KeyParameter(key.getEncoded()); } - if (params instanceof javax.crypto.spec.IvParameterSpec) + if (params instanceof IvParameterSpec) { IvParameterSpec iv = (IvParameterSpec) params; param = new ParametersWithIV(param, iv.getIV()); @@ -285,7 +278,7 @@ public abstract class WrapCipherSpi extends CipherSpi protected byte[] engineWrap( Key key) - throws IllegalBlockSizeException, java.security.InvalidKeyException + throws IllegalBlockSizeException, InvalidKeyException { byte[] encoded = key.getEncoded(); if (encoded == null) @@ -353,52 +346,28 @@ public abstract class WrapCipherSpi extends CipherSpi else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) { /* - * The caller doesnt know the algorithm as it is part of - * the encrypted data. - */ - ASN1InputStream bIn = new ASN1InputStream(encoded); - PrivateKey privKey; - + * The caller doesn't know the algorithm as it is part of + * the encrypted data. + */ try { - ASN1Sequence s = (ASN1Sequence)bIn.readObject(); - PrivateKeyInfo in = new PrivateKeyInfo(s); + PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - DERObjectIdentifier oid = in.getAlgorithmId().getObjectId(); + PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - { - privKey = new JCEECPrivateKey(in); - } - // BEGIN android-removed - // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - // { - // privKey = new JDKGOST3410PrivateKey(in); - // } - // END android-removed - else if (oid.equals(X9ObjectIdentifiers.id_dsa)) - { - privKey = new JDKDSAPrivateKey(in); - } - else if (oid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) + if (privKey != null) { - privKey = new JCEDHPrivateKey(in); + return privKey; } - else if (oid.equals(X9ObjectIdentifiers.dhpublicnumber)) + else { - privKey = new JCEDHPrivateKey(in); - } - else // the old standby! - { - privKey = new JCERSAPrivateCrtKey(in); + throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); } } catch (Exception e) { throw new InvalidKeyException("Invalid key encoding."); } - - return privKey; } else { @@ -434,18 +403,4 @@ public abstract class WrapCipherSpi extends CipherSpi } } - // - // classes that inherit directly from us - // - - // BEGIN android-removed - // public static class RC2Wrap - // extends WrapCipherSpi - // { - // public RC2Wrap() - // { - // super(new RC2WrapEngine()); - // } - // } - // END android-removed } diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.java new file mode 100644 index 0000000..b5a9552 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.java @@ -0,0 +1,118 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.IvParameterSpec; + +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.util.Arrays; + +public class IvAlgorithmParameters + extends BaseAlgorithmParameters +{ + private byte[] iv; + + protected byte[] engineGetEncoded() + throws IOException + { + return engineGetEncoded("ASN.1"); + } + + protected byte[] engineGetEncoded( + String format) + throws IOException + { + if (isASN1FormatString(format)) + { + return new DEROctetString(engineGetEncoded("RAW")).getEncoded(); + } + + if (format.equals("RAW")) + { + return Arrays.clone(iv); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == IvParameterSpec.class) + { + return new IvParameterSpec(iv); + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof IvParameterSpec)) + { + throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); + } + + this.iv = ((IvParameterSpec)paramSpec).getIV(); + } + + protected void engineInit( + byte[] params) + throws IOException + { + // + // check that we don't have a DER encoded octet string + // + if ((params.length % 8) != 0 + && params[0] == 0x04 && params[1] == params.length - 2) + { + ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(params); + + params = oct.getOctets(); + } + + this.iv = Arrays.clone(params); + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (isASN1FormatString(format)) + { + try + { + ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(params); + + engineInit(oct.getOctets()); + } + catch (Exception e) + { + throw new IOException("Exception decoding: " + e); + } + + return; + } + + if (format.equals("RAW")) + { + engineInit(params); + return; + } + + throw new IOException("Unknown parameters format in IV parameters object"); + } + + protected String engineToString() + { + return "IV Parameters"; + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/PBE.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index e06a27c..cb2cfd7 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PBE.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.symmetric.util; import java.security.spec.AlgorithmParameterSpec; @@ -9,16 +9,15 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.PBEParametersGenerator; // BEGIN android-removed // import org.bouncycastle.crypto.digests.MD2Digest; -// END android-removed -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD5Digest; // import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; // import org.bouncycastle.crypto.digests.TigerDigest; // END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; @@ -34,10 +33,14 @@ public interface PBE // static final int MD5 = 0; static final int SHA1 = 1; - static final int RIPEMD160 = 2; - static final int TIGER = 3; + // BEGIN android-removed + // static final int RIPEMD160 = 2; + // static final int TIGER = 3; + // END android-removed static final int SHA256 = 4; - static final int MD2 = 5; + // BEGIN android-removed + // static final int MD2 = 5; + // END android-removed static final int PKCS5S1 = 0; static final int PKCS5S2 = 1; @@ -65,10 +68,14 @@ public interface PBE // break; // END android-removed case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); + // BEGIN android-changed + generator = new PKCS5S1ParametersGenerator(new OpenSSLDigest.MD5()); + // END android-changed break; case SHA1: - generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); + // BEGIN android-changed + generator = new PKCS5S1ParametersGenerator(new OpenSSLDigest.SHA1()); + // END android-changed break; default: throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); @@ -88,10 +95,14 @@ public interface PBE // break; // END android-removed case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(new OpenSSLDigest.MD5()); + // END android-changed break; case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1()); + // END android-changed break; // BEGIN android-removed // case RIPEMD160: @@ -102,7 +113,9 @@ public interface PBE // break; // END android-removed case SHA256: - generator = new PKCS12ParametersGenerator(new SHA256Digest()); + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA256()); + // END android-changed break; default: throw new IllegalStateException("unknown digest scheme for PBE encryption."); @@ -120,10 +133,10 @@ public interface PBE * construct a key and iv (if necessary) suitable for use with a * Cipher. */ - static CipherParameters makePBEParameters( - JCEPBEKey pbeKey, - AlgorithmParameterSpec spec, - String targetAlgorithm) + public static CipherParameters makePBEParameters( + BCPBEKey pbeKey, + AlgorithmParameterSpec spec, + String targetAlgorithm) { if ((spec == null) || !(spec instanceof PBEParameterSpec)) { @@ -180,9 +193,9 @@ public interface PBE * key size is chosen according the MAC size, or the hashing algorithm, * whichever is greater. */ - static CipherParameters makePBEMacParameters( - JCEPBEKey pbeKey, - AlgorithmParameterSpec spec) + public static CipherParameters makePBEMacParameters( + BCPBEKey pbeKey, + AlgorithmParameterSpec spec) { if ((spec == null) || !(spec instanceof PBEParameterSpec)) { @@ -215,12 +228,12 @@ public interface PBE * construct a key and iv (if necessary) suitable for use with a * Cipher. */ - static CipherParameters makePBEParameters( - PBEKeySpec keySpec, - int type, - int hash, - int keySize, - int ivSize) + public static CipherParameters makePBEParameters( + PBEKeySpec keySpec, + int type, + int hash, + int keySize, + int ivSize) { PBEParametersGenerator generator = makePBEGenerator(type, hash); byte[] key; @@ -259,11 +272,11 @@ public interface PBE * key size is chosen according the MAC size, or the hashing algorithm, * whichever is greater. */ - static CipherParameters makePBEMacParameters( - PBEKeySpec keySpec, - int type, - int hash, - int keySize) + public static CipherParameters makePBEMacParameters( + PBEKeySpec keySpec, + int type, + int hash, + int keySize) { PBEParametersGenerator generator = makePBEGenerator(type, hash); byte[] key; diff --git a/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.java b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.java new file mode 100644 index 0000000..f00ad36 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.java @@ -0,0 +1,68 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.spec.PBEKeySpec; + +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.crypto.CipherParameters; + +public class PBESecretKeyFactory + extends BaseSecretKeyFactory + implements PBE +{ + private boolean forCipher; + private int scheme; + private int digest; + private int keySize; + private int ivSize; + + public PBESecretKeyFactory( + String algorithm, + DERObjectIdentifier oid, + boolean forCipher, + int scheme, + int digest, + int keySize, + int ivSize) + { + super(algorithm, oid); + + this.forCipher = forCipher; + this.scheme = scheme; + this.digest = digest; + this.keySize = keySize; + this.ivSize = ivSize; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + CipherParameters param; + + if (pbeSpec.getSalt() == null) + { + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + } + + if (forCipher) + { + param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); + } + else + { + param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + } + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/util/AlgorithmProvider.java b/src/main/java/org/bouncycastle/jcajce/provider/util/AlgorithmProvider.java new file mode 100644 index 0000000..50fe939 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/util/AlgorithmProvider.java @@ -0,0 +1,8 @@ +package org.bouncycastle.jcajce.provider.util; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + +public abstract class AlgorithmProvider +{ + public abstract void configure(ConfigurableProvider provider); +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java b/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java new file mode 100644 index 0000000..c401084 --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java @@ -0,0 +1,42 @@ +package org.bouncycastle.jcajce.provider.util; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + +public abstract class AsymmetricAlgorithmProvider + extends AlgorithmProvider +{ + protected void addSignatureAlgorithm( + ConfigurableProvider provider, + String digest, + String algorithm, + String className, + ASN1ObjectIdentifier oid) + { + String mainName = digest + "WITH" + algorithm; + String jdk11Variation1 = digest + "with" + algorithm; + String jdk11Variation2 = digest + "With" + algorithm; + String alias = digest + "/" + algorithm; + + provider.addAlgorithm("Signature." + mainName, className); + provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation1, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation2, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + alias, mainName); + provider.addAlgorithm("Alg.Alias.Signature." + oid, mainName); + provider.addAlgorithm("Alg.Alias.Signature.OID." + oid, mainName); + } + + protected void registerOid(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name, AsymmetricKeyInfoConverter keyFactory) + { + provider.addAlgorithm("Alg.Alias.KeyFactory." + oid, name); + provider.addAlgorithm("Alg.Alias.KeyPairGenerator." + oid, name); + + provider.addKeyInfoConverter(oid, keyFactory); + } + + protected void registerOidAlgorithmParameters(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) + { + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + oid, name); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + oid, name); + } +} diff --git a/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.java b/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.java new file mode 100644 index 0000000..e2f4e4a --- /dev/null +++ b/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.java @@ -0,0 +1,17 @@ +package org.bouncycastle.jcajce.provider.util; + +import java.io.IOException; +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + +public interface AsymmetricKeyInfoConverter +{ + PrivateKey generatePrivate(PrivateKeyInfo keyInfo) + throws IOException; + + PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) + throws IOException; +} diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java b/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java index 8f30b25..c56f192 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java +++ b/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java @@ -1,26 +1,29 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.util; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; // BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; // import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; // END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added import org.bouncycastle.util.Strings; -class JCEDigestUtil +public class DigestFactory { private static Set md5 = new HashSet(); private static Set sha1 = new HashSet(); @@ -86,18 +89,22 @@ class JCEDigestUtil oids.put(NISTObjectIdentifiers.id_sha512.getId(), NISTObjectIdentifiers.id_sha512); } - static Digest getDigest( + public static Digest getDigest( String digestName) { digestName = Strings.toUpperCase(digestName); if (sha1.contains(digestName)) { - return new SHA1Digest(); + // BEGIN android-changed + return new OpenSSLDigest.SHA1(); + // END android-changed } if (md5.contains(digestName)) { - return new MD5Digest(); + // BEGIN android-changed + return new OpenSSLDigest.MD5(); + // END android-changed } // BEGIN android-removed // if (sha224.contains(digestName)) @@ -107,21 +114,27 @@ class JCEDigestUtil // END android-removed if (sha256.contains(digestName)) { - return new SHA256Digest(); + // BEGIN android-changed + return new OpenSSLDigest.SHA256(); + // END android-changed } if (sha384.contains(digestName)) { - return new SHA384Digest(); + // BEGIN android-changed + return new OpenSSLDigest.SHA384(); + // END android-changed } if (sha512.contains(digestName)) { - return new SHA512Digest(); + // BEGIN android-changed + return new OpenSSLDigest.SHA512(); + // END android-changed } return null; } - static boolean isSameDigest( + public static boolean isSameDigest( String digest1, String digest2) { @@ -135,9 +148,9 @@ class JCEDigestUtil || (md5.contains(digest1) && md5.contains(digest2)); } - static DERObjectIdentifier getOID( + public static ASN1ObjectIdentifier getOID( String digestName) { - return (DERObjectIdentifier)oids.get(digestName); + return (ASN1ObjectIdentifier)oids.get(digestName); } } diff --git a/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java index 5c0fe7d..b56351b 100644 --- a/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java +++ b/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java @@ -1,6 +1,9 @@ package org.bouncycastle.jce; -import org.bouncycastle.asn1.DERObjectIdentifier; +import java.util.Enumeration; +import java.util.Vector; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.sec.SECNamedCurves; // BEGIN android-removed @@ -10,9 +13,6 @@ import org.bouncycastle.asn1.x9.X962NamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import java.util.Enumeration; -import java.util.Vector; - /** * a table of locally supported named curves. */ @@ -33,7 +33,7 @@ public class ECNamedCurveTable { try { - ecP = X962NamedCurves.getByOID(new DERObjectIdentifier(name)); + ecP = X962NamedCurves.getByOID(new ASN1ObjectIdentifier(name)); } catch (IllegalArgumentException e) { @@ -48,7 +48,7 @@ public class ECNamedCurveTable { try { - ecP = SECNamedCurves.getByOID(new DERObjectIdentifier(name)); + ecP = SECNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); } catch (IllegalArgumentException e) { @@ -65,7 +65,7 @@ public class ECNamedCurveTable // { // try // { - // ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name)); + // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); // } // catch (IllegalArgumentException e) // { diff --git a/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java index ad1cfb2..88ac2b1 100644 --- a/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java +++ b/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java @@ -21,13 +21,13 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; @@ -37,7 +37,9 @@ import org.bouncycastle.asn1.pkcs.CertificationRequest; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Name; @@ -68,6 +70,7 @@ import org.bouncycastle.util.Strings; * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) * } * </pre> + * @deprecated use classes in org.bouncycastle.pkcs. */ public class PKCS10CertificationRequest extends CertificationRequest @@ -241,8 +244,8 @@ public class PKCS10CertificationRequest return new RSASSAPSSparams( hashAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), - new DERInteger(saltSize), - new DERInteger(1)); + new ASN1Integer(saltSize), + new ASN1Integer(1)); } private static ASN1Sequence toDERSequence( @@ -379,7 +382,7 @@ public class PKCS10CertificationRequest } else if (params.containsKey(algorithmName)) { - this.sigAlgId = new AlgorithmIdentifier(sigOID, (DEREncodable)params.get(algorithmName)); + this.sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable)params.get(algorithmName)); } else { @@ -388,7 +391,7 @@ public class PKCS10CertificationRequest try { - ASN1Sequence seq = (ASN1Sequence)ASN1Object.fromByteArray(key.getEncoded()); + ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(key.getEncoded()); this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo(seq), attributes); } catch (IOException e) @@ -410,7 +413,7 @@ public class PKCS10CertificationRequest try { - sig.update(reqInfo.getEncoded(ASN1Encodable.DER)); + sig.update(reqInfo.getEncoded(ASN1Encoding.DER)); } catch (Exception e) { @@ -553,7 +556,7 @@ public class PKCS10CertificationRequest try { - sig.update(reqInfo.getEncoded(ASN1Encodable.DER)); + sig.update(reqInfo.getEncoded(ASN1Encoding.DER)); } catch (Exception e) { @@ -570,7 +573,7 @@ public class PKCS10CertificationRequest { try { - return this.getEncoded(ASN1Encodable.DER); + return this.getEncoded(ASN1Encoding.DER); } catch (IOException e) { @@ -580,7 +583,7 @@ public class PKCS10CertificationRequest private void setSignatureParameters( Signature signature, - DEREncodable params) + ASN1Encodable params) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (params != null && !DERNull.INSTANCE.equals(params)) @@ -589,7 +592,7 @@ public class PKCS10CertificationRequest try { - sigParams.init(params.getDERObject().getDEREncoded()); + sigParams.init(params.toASN1Primitive().getEncoded(ASN1Encoding.DER)); } catch (IOException e) { @@ -613,7 +616,7 @@ public class PKCS10CertificationRequest static String getSignatureName( AlgorithmIdentifier sigAlgId) { - DEREncodable params = sigAlgId.getParameters(); + ASN1Encodable params = sigAlgId.getParameters(); if (params != null && !DERNull.INSTANCE.equals(params)) { diff --git a/src/main/java/org/bouncycastle/jce/PrincipalUtil.java b/src/main/java/org/bouncycastle/jce/PrincipalUtil.java index 6ccf1e4..4bf65a0 100644 --- a/src/main/java/org/bouncycastle/jce/PrincipalUtil.java +++ b/src/main/java/org/bouncycastle/jce/PrincipalUtil.java @@ -1,10 +1,15 @@ package org.bouncycastle.jce; -import java.io.*; -import java.security.cert.*; +import java.io.IOException; +import java.security.cert.CRLException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509CRL; +import java.security.cert.X509Certificate; -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.asn1.x509.TBSCertificateStructure; +import org.bouncycastle.asn1.x509.X509Name; /** * a utility class that will extract X509Principal objects from X.509 certificates. @@ -25,9 +30,9 @@ public class PrincipalUtil try { TBSCertificateStructure tbsCert = TBSCertificateStructure.getInstance( - ASN1Object.fromByteArray(cert.getTBSCertificate())); + ASN1Primitive.fromByteArray(cert.getTBSCertificate())); - return new X509Principal(tbsCert.getIssuer()); + return new X509Principal(X509Name.getInstance(tbsCert.getIssuer())); } catch (IOException e) { @@ -45,8 +50,8 @@ public class PrincipalUtil try { TBSCertificateStructure tbsCert = TBSCertificateStructure.getInstance( - ASN1Object.fromByteArray(cert.getTBSCertificate())); - return new X509Principal(tbsCert.getSubject()); + ASN1Primitive.fromByteArray(cert.getTBSCertificate())); + return new X509Principal(X509Name.getInstance(tbsCert.getSubject())); } catch (IOException e) { @@ -64,9 +69,9 @@ public class PrincipalUtil try { TBSCertList tbsCertList = TBSCertList.getInstance( - ASN1Object.fromByteArray(crl.getTBSCertList())); + ASN1Primitive.fromByteArray(crl.getTBSCertList())); - return new X509Principal(tbsCertList.getIssuer()); + return new X509Principal(X509Name.getInstance(tbsCertList.getIssuer())); } catch (IOException e) { diff --git a/src/main/java/org/bouncycastle/jce/X509Principal.java b/src/main/java/org/bouncycastle/jce/X509Principal.java index 9cc5538..efa0f66 100644 --- a/src/main/java/org/bouncycastle/jce/X509Principal.java +++ b/src/main/java/org/bouncycastle/jce/X509Principal.java @@ -5,9 +5,10 @@ import java.security.Principal; import java.util.Hashtable; import java.util.Vector; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.X509Name; /** @@ -53,7 +54,16 @@ public class X509Principal public X509Principal( X509Name name) { - super((ASN1Sequence)name.getDERObject()); + super((ASN1Sequence)name.toASN1Primitive()); + } + + /** + * Constructor from an X509Name object. + */ + public X509Principal( + X500Name name) + { + super((ASN1Sequence)name.toASN1Primitive()); } /** @@ -144,7 +154,7 @@ public class X509Principal { try { - return this.getEncoded(ASN1Encodable.DER); + return this.getEncoded(ASN1Encoding.DER); } catch (IOException e) { diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java b/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java deleted file mode 100644 index 5aa2d9c..0000000 --- a/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -/** - * Implemented by the BC provider. This allows setting of hidden parameters, - * such as the ImplicitCA parameters from X.962, if used. - */ -public interface ConfigurableProvider -{ - static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; - static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; - - void setParameter(String parameterName, Object parameter); -} diff --git a/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java b/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java index f27652e..cbc9f44 100644 --- a/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java +++ b/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java @@ -2,7 +2,8 @@ package org.bouncycastle.jce.interfaces; import java.util.Enumeration; -import org.bouncycastle.asn1.DEREncodable; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERObjectIdentifier; /** @@ -11,10 +12,10 @@ import org.bouncycastle.asn1.DERObjectIdentifier; public interface PKCS12BagAttributeCarrier { void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute); + ASN1ObjectIdentifier oid, + ASN1Encodable attribute); - DEREncodable getBagAttribute( + ASN1Encodable getBagAttribute( DERObjectIdentifier oid); Enumeration getBagAttributeKeys(); diff --git a/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java index 5179298..4bfb9d9 100644 --- a/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ b/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java @@ -15,13 +15,14 @@ import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -42,7 +43,7 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; * **/ public class NetscapeCertRequest - extends ASN1Encodable + extends ASN1Object { AlgorithmIdentifier sigAlg; AlgorithmIdentifier keyAlg; @@ -217,7 +218,7 @@ public class NetscapeCertRequest SignatureException, NoSuchProviderException, InvalidKeySpecException { - Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(), + Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), "BC"); if (rand != null) @@ -236,7 +237,7 @@ public class NetscapeCertRequest try { - sig.update(new DERSequence(pkac).getEncoded(ASN1Encodable.DER)); + sig.update(new DERSequence(pkac).getEncoded(ASN1Encoding.DER)); } catch (IOException ioe) { @@ -246,12 +247,12 @@ public class NetscapeCertRequest sigBits = sig.sign(); } - private DERObject getKeySpec() throws NoSuchAlgorithmException, + private ASN1Primitive getKeySpec() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); - DERObject obj = null; + ASN1Primitive obj = null; try { @@ -270,7 +271,7 @@ public class NetscapeCertRequest return obj; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { ASN1EncodableVector spkac = new ASN1EncodableVector(); ASN1EncodableVector pkac = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index f712938..5ed4df9 100644 --- a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -1,20 +1,23 @@ package org.bouncycastle.jce.provider; +import java.io.IOException; import java.security.AccessController; +import java.security.PrivateKey; import java.security.PrivilegedAction; import java.security.Provider; -import java.util.Iterator; +import java.security.PublicKey; +import java.util.HashMap; import java.util.Map; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.bc.BCObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.jce.interfaces.ConfigurableProvider; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; /** * To add the provider at runtime use: @@ -43,36 +46,67 @@ import org.bouncycastle.jce.interfaces.ConfigurableProvider; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.46"; + private static String info = "BouncyCastle Security Provider v1.47"; // BEGIN android-changed // this constant should be final public static final String PROVIDER_NAME = "BC"; // END android-changed + public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); + + + private static final Map keyInfoConverters = new HashMap(); + /* * Configurable symmetric ciphers */ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.symmetric."; + private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; private static final String[] SYMMETRIC_CIPHERS = { // BEGIN android-removed - // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", - // "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", + // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" // END android-removed // BEGIN android-added - "AES", "ARC4", "Blowfish", "DESede", + "AES", "ARC4", "Blowfish", "DES", "DESede", // END android-added - }; - /* + /* * Configurable asymmetric ciphers */ - private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.asymmetric."; + private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; + + // this one is required for GNU class path - it needs to be loaded first as the + // later ones configure it. + private static final String[] ASYMMETRIC_GENERIC = + { + "X509" + }; + private static final String[] ASYMMETRIC_CIPHERS = { - "EC" + // BEGIN android-removed + // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal" + // END android-removed + // BEGIN android-added + "DSA", "DH", "EC", "RSA", + // END android-added + }; + + /* + * Configurable digests + */ + private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; + private static final String[] DIGESTS = + { + // BEGIN android-removed + // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool" + // END android-removed + // BEGIN android-added + "MD5", "SHA1", "SHA256", "SHA384", "SHA512", + // END android-added }; /** @@ -82,7 +116,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.46, info); + super(PROVIDER_NAME, 1.47, info); AccessController.doPrivileged(new PrivilegedAction() { @@ -96,7 +130,12 @@ public final class BouncyCastleProvider extends Provider private void setup() { + loadAlgorithms(DIGEST_PACKAGE, DIGESTS); + loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS); + + loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_GENERIC); + loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); // BEGIN android-removed @@ -153,56 +192,18 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); // - // certificate factories. - // - put("CertificateFactory.X.509", "org.bouncycastle.jce.provider.JDKX509CertificateFactory"); - put("Alg.Alias.CertificateFactory.X509", "X.509"); - - // - // algorithm parameter generators - // - put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH"); - put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA"); - // BEGIN android-removed - // put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410"); - // put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal"); - // put("AlgorithmParameterGenerator.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - // put("AlgorithmParameterGenerator.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - // put("AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - // put("AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - // put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); - // put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); - // END android-removed - - put("Alg.Alias.AlgorithmParameterGenerator.DIFFIEHELLMAN", "DH"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); - // END android-removed - // // algorithm parameters // - put("AlgorithmParameters.OAEP", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$OAEP"); - // BEGIN android-removed - // put("AlgorithmParameters.PSS", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PSS"); - // END android-removed - put("AlgorithmParameters.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DH"); - put("Alg.Alias.AlgorithmParameters.DIFFIEHELLMAN", "DH"); - put("AlgorithmParameters.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DSA"); // BEGIN android-removed - // put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal"); // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); // END android-removed put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - // BEGIN android-changed - // redundant with below - // put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESede"); - // END android-changed + // BEGIN android-removed // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); - // - // put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410"); - // put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); // END android-removed + + put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); // BEGIN android-removed // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); @@ -225,7 +226,9 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + // BEGIN android-removed + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + // END android-removed put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); @@ -233,7 +236,7 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); - + put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); @@ -241,27 +244,6 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); - - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); - // put("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); - // put("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); - // put("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); @@ -289,64 +271,19 @@ public final class BouncyCastleProvider extends Provider // // key agreement // - put("KeyAgreement.DH", "org.bouncycastle.jce.provider.JCEDHKeyAgreement"); - put("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH"); + // // cipher engines // - put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES"); - // BEGIN android-removed - // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC"); - // - // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2"); - // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); - // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); - // - // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC"); - // END android-removed - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - // BEGIN android-removed - // put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147"); - // put("Alg.Alias.Cipher.GOST", "GOST28147"); - // put("Alg.Alias.Cipher.GOST-28147", "GOST28147"); - // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc"); - // END android-removed - put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); - // BEGIN android-changed - put("Alg.Alias.Cipher.RSA/RAW", "RSA"); - // END android-changed // BEGIN android-removed - // put("Cipher.RSA/PKCS1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); - // put("Cipher.1.2.840.113549.1.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); - // put("Cipher.2.5.8.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); - // put("Cipher.RSA/1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PrivateOnly"); - // put("Cipher.RSA/2", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PublicOnly"); - // put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); - // put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); - // put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding"); - // // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); - // put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding"); - // put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding"); - // END android-removed - - put("Alg.Alias.Cipher.RSA//RAW", "RSA"); - put("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); - // BEGIN android-removed - // put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); - // put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); - // put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); - // - // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); - // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); - // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); // END android-removed put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); @@ -359,28 +296,17 @@ public final class BouncyCastleProvider extends Provider // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); // END android-removed put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - put("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES3Key"); - // BEGIN android-removed - // put("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key"); - // put("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key"); - // END android-removed - put("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES2Key"); - // BEGIN android-removed - // put("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key"); - // END android-removed + put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); - // BEGIN android-changed - put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); - // END android-changed put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); @@ -388,7 +314,7 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - + put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); @@ -423,94 +349,38 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + // // key generators. // - put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES"); - put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES"); - // BEGIN android-removed - // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); - // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); - // - // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147"); - // put("Alg.Alias.KeyGenerator.GOST", "GOST28147"); - // put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); - // put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147"); - // END android-removed // // key pair generators. // - put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA"); - put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH"); - put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA"); - // BEGIN android-removed - // put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal"); - // END android-removed - put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); - put("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH"); - - // BEGIN android-removed - // put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410"); - // put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); - // put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); - // END android-removed + // // key factories // - put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA"); - put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH"); - put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA"); - // BEGIN android-removed - // put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); - // put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); - // - // put("KeyFactory.X.509", "org.bouncycastle.jce.provider.JDKKeyFactory$X509"); - // END android-removed - - put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); - put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); - put("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH"); - // BEGIN android-removed - // put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410"); - // put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); - // put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); - // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); - // END android-removed + // // Algorithm parameters // - put("AlgorithmParameters.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - put("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); - put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // BEGIN android-changed - put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); - // END android-changed - // BEGIN android-removed - // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); - // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); - // END android-removed - + // // secret key factories. // - put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES"); // BEGIN android-removed // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); - // END android-removed - - // BEGIN android-removed + // // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); // END android-removed @@ -554,9 +424,7 @@ public final class BouncyCastleProvider extends Provider // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); - // END android-removed - - // BEGIN android-removed + // // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); // END android-removed @@ -611,10 +479,6 @@ public final class BouncyCastleProvider extends Provider addMacAlgorithms(); - addMessageDigestAlgorithms(); - - addSignatureAlgorithms(); - // Certification Path API // BEGIN android-removed // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); @@ -662,10 +526,11 @@ public final class BouncyCastleProvider extends Provider { try { - addMappings((Map)clazz.newInstance()); + ((AlgorithmProvider)clazz.newInstance()).configure(this); } catch (Exception e) { // this should never ever happen!! +e.printStackTrace(); throw new InternalError("cannot create instance of " + packageName + names[i] + "$Mappings : " + e); } @@ -673,32 +538,13 @@ public final class BouncyCastleProvider extends Provider } } - private void addMappings(Map mappings) - { - // can't use putAll due to JDK 1.1 - for (Iterator it = mappings.keySet().iterator(); it.hasNext();) - { - Object key = it.next(); - - if (containsKey(key)) - { - throw new IllegalStateException("duplicate provider key (" + key + ") found in " + mappings.getClass().getName()); - } - put(key, mappings.get(key)); - } - } - // // macs // private void addMacAlgorithms() { + // BEGIN android-removed - // put("Mac.DESMAC", "org.bouncycastle.jce.provider.JCEMac$DES"); - // put("Alg.Alias.Mac.DES", "DESMAC"); - // put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8"); - // put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); - // // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); // @@ -707,46 +553,9 @@ public final class BouncyCastleProvider extends Provider // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); // - // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2"); - // put("Alg.Alias.Mac.RC2", "RC2MAC"); - // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8"); - // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); - // - // - // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147"); - // put("Alg.Alias.Mac.GOST28147", "GOST28147MAC"); - // // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); // // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); - // - // addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC"); - // addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC"); - // END android-removed - addHMACAlgorithm("MD5", "org.bouncycastle.jce.provider.JCEMac$MD5", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD5HMAC"); - addHMACAlias("MD5", IANAObjectIdentifiers.hmacMD5); - - addHMACAlgorithm("SHA1", "org.bouncycastle.jce.provider.JCEMac$SHA1", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA1"); - addHMACAlias("SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); - addHMACAlias("SHA1", IANAObjectIdentifiers.hmacSHA1); - // BEGIN android-removed - // addHMACAlgorithm("SHA224", "org.bouncycastle.jce.provider.JCEMac$SHA224", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA224"); - // addHMACAlias("SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); - // END android-removed - addHMACAlgorithm("SHA256", "org.bouncycastle.jce.provider.JCEMac$SHA256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA256"); - addHMACAlias("SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); - addHMACAlgorithm("SHA384", "org.bouncycastle.jce.provider.JCEMac$SHA384", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA384"); - addHMACAlias("SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); - addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512"); - addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); - - // BEGIN android-removed - // addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC"); - // addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC"); - // addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); - // - // addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER"); - // addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER); // END android-removed put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); @@ -757,304 +566,63 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); } - private void addHMACAlgorithm( - String algorithm, - String algorithmClassName, - String keyGeneratorClassName) - { - String mainName = "HMAC" + algorithm; - - put("Mac." + mainName, algorithmClassName); - put("Alg.Alias.Mac.HMAC-" + algorithm, mainName); - put("Alg.Alias.Mac.HMAC/" + algorithm, mainName); - put("KeyGenerator." + mainName, keyGeneratorClassName); - put("Alg.Alias.KeyGenerator.HMAC-" + algorithm, mainName); - put("Alg.Alias.KeyGenerator.HMAC/" + algorithm, mainName); - } - private void addHMACAlias( - String algorithm, - DERObjectIdentifier oid) + public void setParameter(String parameterName, Object parameter) { - String mainName = "HMAC" + algorithm; - - put("Alg.Alias.Mac." + oid, mainName); - put("Alg.Alias.KeyGenerator." + oid, mainName); + synchronized (CONFIGURATION) + { + ((BouncyCastleProviderConfiguration)CONFIGURATION).setParameter(parameterName, parameter); + } } - // - // message digests - // - private void addMessageDigestAlgorithms() + public boolean hasAlgorithm(String type, String name) { - put("MessageDigest.SHA-1", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA1"); - put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); - put("Alg.Alias.MessageDigest.SHA", "SHA-1"); - put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); - // BEGIN android-removed - // put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224"); - // put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); - // put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); - // END android-removed - put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256"); - put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); - put("MessageDigest.SHA-384", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA384"); - put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); - put("MessageDigest.SHA-512", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA512"); - put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); - - // BEGIN android-removed - // put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2"); - // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); - // put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4"); - // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); - // END android-removed - put("MessageDigest.MD5", "org.bouncycastle.jce.provider.JDKMessageDigest$MD5"); - put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); - // BEGIN android-removed - // put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128"); - // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); - // put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160"); - // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); - // put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256"); - // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); - // put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320"); - // put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger"); - - // put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool"); - - // put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411"); - // put("Alg.Alias.MessageDigest.GOST", "GOST3411"); - // put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); - // put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); - // END android-removed + return containsKey(type + "." + name) || containsKey("Alg.Alias." + type + "." + name); } - - // - // signature algorithms. - // - private void addSignatureAlgorithms() - { - // BEGIN android-removed - // Dropping MD2 - // put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption"); - // put("Signature.MD4WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption"); - // END android-removed - put("Signature.MD5WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD5WithRSAEncryption"); - put("Signature.SHA1WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Signature.SHA224WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA224WithRSAEncryption"); - // END android-removed - put("Signature.SHA256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA256WithRSAEncryption"); - put("Signature.SHA384WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA384WithRSAEncryption"); - put("Signature.SHA512WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA512WithRSAEncryption"); - // BEGIN android-removed - // put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption"); - // put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption"); - // put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption"); - // END android-removed - // BEGIN android-changed - put("Signature.SHA1withDSA", "org.bouncycastle.jce.provider.JDKDSASigner$stdDSA"); - // END android-changed - put("Signature.NONEWITHDSA", "org.bouncycastle.jce.provider.JDKDSASigner$noneDSA"); - // BEGIN android-removed - // put("Signature.SHA1withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$SHA1WithRSAEncryption"); - // put("Signature.MD5withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$MD5WithRSAEncryption"); - // put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption"); - // - // put("Signature.RSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); - // put("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); - // put("Signature.SHA1withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA1withRSA"); - // put("Signature.SHA224withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA224withRSA"); - // put("Signature.SHA256withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA256withRSA"); - // put("Signature.SHA384withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA384withRSA"); - // put("Signature.SHA512withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA512withRSA"); - // - // put("Signature.RSA", "org.bouncycastle.jce.provider.JDKDigestSignature$noneRSA"); - // put("Signature.RAWRSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$nonePSS"); - // END android-removed - - put("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); - - // BEGIN android-removed - // put("Alg.Alias.Signature.RAWRSA", "RSA"); - // put("Alg.Alias.Signature.NONEWITHRSA", "RSA"); - // put("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); - // put("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); - // put("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); - // - // put("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); - // - // put("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); - // put("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); - // put("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); - // put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); - // put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); - // - // put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD4withRSAEncryption", "MD4WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.MD5withRSAEncryption", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1withRSAEncryption", "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.SHA224withRSAEncryption", "SHA224WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512withRSAEncryption", "SHA512WithRSAEncryption"); + public void addAlgorithm(String key, String value) + { + if (containsKey(key)) + { + throw new IllegalStateException("duplicate provider key (" + key + ") found"); + } - put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSAEncryption"); + put(key, value); + } - put("Alg.Alias.Signature.SHA256WITHRSAENCRYPTION", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption"); + public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter) + { + keyInfoConverters.put(oid, keyInfoConverter); + } - // BEGIN android-removed - // Dropping MD2 - // put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.MD5WithRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD5withRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.MD4WithRSA", "MD4WithRSAEncryption"); - // put("Alg.Alias.Signature.MD4withRSA", "MD4WithRSAEncryption"); - // put("Alg.Alias.Signature.MD4/RSA", "MD4WithRSAEncryption"); - // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.SHA1WithRSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1withRSA", "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.SHA224WithRSA", "SHA224WithRSAEncryption"); - // put("Alg.Alias.Signature.SHA224withRSA", "SHA224WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.SHA256WithRSA", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA256withRSA", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WithRSA", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384withRSA", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WithRSA", "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512withRSA", "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption"); - // put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WithRSAEncryption"); - - // BEGIN android-removed - // put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.MD5WITHRSAENCRYPTION", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WITHRSAENCRYPTION", "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption"); - // END android-removed + public AsymmetricKeyInfoConverter getConverter(ASN1ObjectIdentifier oid) + { + return (AsymmetricKeyInfoConverter)keyInfoConverters.get(oid); + } - put("Alg.Alias.Signature.MD5WITHRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WITHRSA", "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); - // END android-removed + public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) + throws IOException + { + AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(publicKeyInfo.getAlgorithm().getAlgorithm()); - // BEGIN android-removed - // addSignatureAlgorithm("SHA224", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); - // addSignatureAlgorithm("SHA256", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); - // addSignatureAlgorithm("SHA384", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); - // addSignatureAlgorithm("SHA512", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); - // END android-removed + if (converter == null) + { + return null; + } - // BEGIN android-changed - put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); - put("Alg.Alias.Signature.DSA", "SHA1withDSA"); - put("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); - put("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA"); - put("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); - put("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); - put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); - put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); - // END android-changed - // BEGIN android-removed - // put("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); - // put("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); - // put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); - // - // put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410"); - // put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410"); - // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); - // - // put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410"); - // put("Alg.Alias.Signature.GOST-3410", "GOST3410"); - // put("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); - // put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); - // put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); - // put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); - // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); - // END android-removed + return converter.generatePublic(publicKeyInfo); } - // BEGIN android-removed - // private void addSignatureAlgorithm( - // String digest, - // String algorithm, - // String className, - // DERObjectIdentifier oid) - // { - // String mainName = digest + "WITH" + algorithm; - // String jdk11Variation1 = digest + "with" + algorithm; - // String jdk11Variation2 = digest + "With" + algorithm; - // String alias = digest + "/" + algorithm; - // - // put("Signature." + mainName, className); - // put("Alg.Alias.Signature." + jdk11Variation1, mainName); - // put("Alg.Alias.Signature." + jdk11Variation2, mainName); - // put("Alg.Alias.Signature." + alias, mainName); - // put("Alg.Alias.Signature." + oid, mainName); - // put("Alg.Alias.Signature.OID." + oid, mainName); - // } - // END android-removed - - public void setParameter(String parameterName, Object parameter) + public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) + throws IOException { - ProviderUtil.setParameter(parameterName, parameter); + AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); + + if (converter == null) + { + return null; + } + + return converter.generatePrivate(privateKeyInfo); } } diff --git a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java new file mode 100644 index 0000000..b370ea9 --- /dev/null +++ b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java @@ -0,0 +1,146 @@ +package org.bouncycastle.jce.provider; + +import java.security.Permission; + +import javax.crypto.spec.DHParameterSpec; + +import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; +import org.bouncycastle.jcajce.provider.config.ProviderConfigurationPermission; +import org.bouncycastle.jce.spec.ECParameterSpec; + +class BouncyCastleProviderConfiguration + implements ProviderConfiguration +{ + private static Permission BC_EC_LOCAL_PERMISSION = new ProviderConfigurationPermission( + BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA); + private static Permission BC_EC_PERMISSION = new ProviderConfigurationPermission( + BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.EC_IMPLICITLY_CA); + private static Permission BC_DH_LOCAL_PERMISSION = new ProviderConfigurationPermission( + BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_DH_DEFAULT_PARAMS); + private static Permission BC_DH_PERMISSION = new ProviderConfigurationPermission( + BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.DH_DEFAULT_PARAMS); + + private ThreadLocal ecThreadSpec = new ThreadLocal(); + private ThreadLocal dhThreadSpec = new ThreadLocal(); + + private volatile ECParameterSpec ecImplicitCaParams; + private volatile DHParameterSpec dhDefaultParams; + + void setParameter(String parameterName, Object parameter) + { + SecurityManager securityManager = System.getSecurityManager(); + + if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA)) + { + ECParameterSpec curveSpec; + + if (securityManager != null) + { + securityManager.checkPermission(BC_EC_LOCAL_PERMISSION); + } + + if (parameter instanceof ECParameterSpec || parameter == null) + { + curveSpec = (ECParameterSpec)parameter; + } + else // assume java.security.spec + { + curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false); + } + + if (curveSpec == null) + { + ecThreadSpec.remove(); + } + else + { + ecThreadSpec.set(curveSpec); + } + } + else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA)) + { + if (securityManager != null) + { + securityManager.checkPermission(BC_EC_PERMISSION); + } + + if (parameter instanceof ECParameterSpec || parameter == null) + { + ecImplicitCaParams = (ECParameterSpec)parameter; + } + else // assume java.security.spec + { + ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false); + } + } + else if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_DH_DEFAULT_PARAMS)) + { + DHParameterSpec dhSpec; + + if (securityManager != null) + { + securityManager.checkPermission(BC_DH_LOCAL_PERMISSION); + } + + if (parameter instanceof DHParameterSpec || parameter == null) + { + dhSpec = (DHParameterSpec)parameter; + } + else + { + throw new IllegalArgumentException("not a valid DHParameterSpec"); + } + + if (dhSpec == null) + { + dhThreadSpec.remove(); + } + else + { + dhThreadSpec.set(dhSpec); + } + } + else if (parameterName.equals(ConfigurableProvider.DH_DEFAULT_PARAMS)) + { + if (securityManager != null) + { + securityManager.checkPermission(BC_DH_PERMISSION); + } + + if (parameter instanceof DHParameterSpec || parameter == null) + { + dhDefaultParams = (DHParameterSpec)parameter; + } + else + { + throw new IllegalArgumentException("not a valid DHParameterSpec"); + } + } + } + + public ECParameterSpec getEcImplicitlyCa() + { + ECParameterSpec spec = (ECParameterSpec)ecThreadSpec.get(); + + if (spec != null) + { + return spec; + } + + return ecImplicitCaParams; + } + + public DHParameterSpec getDHDefaultParameters() + { + DHParameterSpec spec = (DHParameterSpec)dhThreadSpec.get(); + + if (spec != null) + { + return spec; + } + + return dhDefaultParams; + } +} diff --git a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java index f9dbe89..f8f6cb4 100644 --- a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +++ b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java @@ -6,6 +6,7 @@ import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.KeyFactory; import java.security.PublicKey; +import java.security.cert.CRLException; import java.security.cert.CertPath; import java.security.cert.CertPathValidatorException; import java.security.cert.CertStore; @@ -16,6 +17,7 @@ import java.security.cert.PKIXParameters; import java.security.cert.PolicyQualifierInfo; import java.security.cert.TrustAnchor; import java.security.cert.X509CRL; +import java.security.cert.X509CRLEntry; import java.security.cert.X509CRLSelector; import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; @@ -24,7 +26,6 @@ import java.security.interfaces.DSAPublicKey; import java.security.spec.DSAPublicKeySpec; import java.text.ParseException; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collection; import java.util.Date; import java.util.Enumeration; @@ -36,29 +37,29 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREnumerated; import org.bouncycastle.asn1.DERGeneralizedTime; import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.CRLNumber; import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.CertificateList; import org.bouncycastle.asn1.x509.DistributionPoint; import org.bouncycastle.asn1.x509.DistributionPointName; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.PolicyInformation; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; // BEGIN android-removed // import org.bouncycastle.jce.X509LDAPCertStoreParameters; @@ -95,16 +96,16 @@ public class CertPathValidatorUtilities protected static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); protected static final String ANY_POLICY = "2.5.29.32.0"; - + protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - + /* - * key usage bits - */ - protected static final int KEY_CERT_SIGN = 5; - protected static final int CRL_SIGN = 6; + * key usage bits + */ + protected static final int KEY_CERT_SIGN = 5; + protected static final int CRL_SIGN = 6; - protected static final String[] crlReasons = new String[] { + protected static final String[] crlReasons = new String[]{ "unspecified", "keyCompromise", "cACompromise", @@ -115,53 +116,47 @@ public class CertPathValidatorUtilities "unknown", "removeFromCRL", "privilegeWithdrawn", - "aACompromise" }; - + "aACompromise"}; + /** * Search the given Set of TrustAnchor's for one that is the * issuer of the given X509 certificate. Uses the default provider * for signature verification. * - * @param cert the X509 certificate + * @param cert the X509 certificate * @param trustAnchors a Set of TrustAnchor's - * * @return the <code>TrustAnchor</code> object if found or - * <code>null</code> if not. - * - * @exception AnnotatedException - * if a TrustAnchor was found but the signature verification - * on the given certificate has thrown an exception. + * <code>null</code> if not. + * @throws AnnotatedException if a TrustAnchor was found but the signature verification + * on the given certificate has thrown an exception. */ protected static TrustAnchor findTrustAnchor( X509Certificate cert, - Set trustAnchors) - throws AnnotatedException + Set trustAnchors) + throws AnnotatedException { return findTrustAnchor(cert, trustAnchors, null); } - + /** * Search the given Set of TrustAnchor's for one that is the * issuer of the given X509 certificate. Uses the specified * provider for signature verification, or the default provider * if null. * - * @param cert the X509 certificate + * @param cert the X509 certificate * @param trustAnchors a Set of TrustAnchor's - * @param sigProvider the provider to use for signature verification - * + * @param sigProvider the provider to use for signature verification * @return the <code>TrustAnchor</code> object if found or - * <code>null</code> if not. - * - * @exception AnnotatedException - * if a TrustAnchor was found but the signature verification - * on the given certificate has thrown an exception. + * <code>null</code> if not. + * @throws AnnotatedException if a TrustAnchor was found but the signature verification + * on the given certificate has thrown an exception. */ protected static TrustAnchor findTrustAnchor( X509Certificate cert, - Set trustAnchors, - String sigProvider) - throws AnnotatedException + Set trustAnchors, + String sigProvider) + throws AnnotatedException { TrustAnchor trust = null; PublicKey trustPublicKey = null; @@ -182,7 +177,7 @@ public class CertPathValidatorUtilities Iterator iter = trustAnchors.iterator(); while (iter.hasNext() && trust == null) { - trust = (TrustAnchor) iter.next(); + trust = (TrustAnchor)iter.next(); if (trust.getTrustedCert() != null) { if (certSelectX509.match(trust.getTrustedCert())) @@ -195,7 +190,7 @@ public class CertPathValidatorUtilities } } else if (trust.getCAName() != null - && trust.getCAPublicKey() != null) + && trust.getCAPublicKey() != null) { try { @@ -229,6 +224,7 @@ public class CertPathValidatorUtilities { invalidKeyEx = ex; trust = null; + trustPublicKey = null; } } } @@ -242,9 +238,9 @@ public class CertPathValidatorUtilities } protected static void addAdditionalStoresFromAltNames( - X509Certificate cert, - ExtendedPKIXParameters pkixParams) - throws CertificateParsingException + X509Certificate cert, + ExtendedPKIXParameters pkixParams) + throws CertificateParsingException { // if in the IssuerAltName extension an URI // is given, add an additinal X.509 store @@ -254,20 +250,22 @@ public class CertPathValidatorUtilities while (it.hasNext()) { // look for URI - List list = (List) it.next(); + List list = (List)it.next(); // BEGIN android-changed if (list.get(0).equals(Integer.valueOf(GeneralName.uniformResourceIdentifier))) // END android-changed { // found - String temp = (String) list.get(1); + String temp = (String)list.get(1); CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams); } } } } + /** * Returns the issuer of an attribute certificate or certificate. + * * @param cert The attribute certificate or certificate. * @return The issuer as <code>X500Principal</code>. */ @@ -300,29 +298,26 @@ public class CertPathValidatorUtilities { return cert.getSubjectX500Principal(); } - + protected static boolean isSelfIssued(X509Certificate cert) { return cert.getSubjectDN().equals(cert.getIssuerDN()); } - - + + /** * Extract the value of the given extension, if it exists. - * - * @param ext - * The extension object. - * @param oid - * The object identifier to obtain. - * @throws AnnotatedException - * if the extension cannot be read. + * + * @param ext The extension object. + * @param oid The object identifier to obtain. + * @throws AnnotatedException if the extension cannot be read. */ - protected static DERObject getExtensionValue( - java.security.cert.X509Extension ext, - String oid) + protected static ASN1Primitive getExtensionValue( + java.security.cert.X509Extension ext, + String oid) throws AnnotatedException { - byte[] bytes = ext.getExtensionValue(oid); + byte[] bytes = ext.getExtensionValue(oid); if (bytes == null) { return null; @@ -330,11 +325,11 @@ public class CertPathValidatorUtilities return getObject(oid, bytes); } - - private static DERObject getObject( - String oid, - byte[] ext) - throws AnnotatedException + + private static ASN1Primitive getObject( + String oid, + byte[] ext) + throws AnnotatedException { try { @@ -349,19 +344,19 @@ public class CertPathValidatorUtilities throw new AnnotatedException("exception processing extension " + oid, e); } } - + protected static X500Principal getIssuerPrincipal(X509CRL crl) { return crl.getIssuerX500Principal(); } - + protected static AlgorithmIdentifier getAlgorithmIdentifier( PublicKey key) throws CertPathValidatorException { try { - ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); + ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); @@ -372,55 +367,55 @@ public class CertPathValidatorUtilities throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e); } } - + // crl checking // // policy checking // - - protected static final Set getQualifierSet(ASN1Sequence qualifiers) + + protected static final Set getQualifierSet(ASN1Sequence qualifiers) throws CertPathValidatorException { - Set pq = new HashSet(); - + Set pq = new HashSet(); + if (qualifiers == null) { return pq; } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - + + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + Enumeration e = qualifiers.getObjects(); - + while (e.hasMoreElements()) { try { - aOut.writeObject(e.nextElement()); - + aOut.writeObject((ASN1Encodable)e.nextElement()); + pq.add(new PolicyQualifierInfo(bOut.toByteArray())); } catch (IOException ex) { throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", ex); } - + bOut.reset(); } - + return pq; } - + protected static PKIXPolicyNode removePolicyNode( - PKIXPolicyNode validPolicyTree, - List [] policyNodes, + PKIXPolicyNode validPolicyTree, + List[] policyNodes, PKIXPolicyNode _node) { PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent(); - + if (validPolicyTree == null) { return null; @@ -443,10 +438,10 @@ public class CertPathValidatorUtilities return validPolicyTree; } } - + private static void removePolicyNodeRecurse( - List [] policyNodes, - PKIXPolicyNode _node) + List[] policyNodes, + PKIXPolicyNode _node) { policyNodes[_node.getDepth()].remove(_node); @@ -460,50 +455,50 @@ public class CertPathValidatorUtilities } } } - - + + protected static boolean processCertD1i( - int index, - List [] policyNodes, + int index, + List[] policyNodes, DERObjectIdentifier pOid, - Set pq) + Set pq) { - List policyNodeVec = policyNodes[index - 1]; + List policyNodeVec = policyNodes[index - 1]; for (int j = 0; j < policyNodeVec.size(); j++) { PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j); - Set expectedPolicies = node.getExpectedPolicies(); - + Set expectedPolicies = node.getExpectedPolicies(); + if (expectedPolicies.contains(pOid.getId())) { Set childExpectedPolicies = new HashSet(); childExpectedPolicies.add(pOid.getId()); - + PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(), - index, - childExpectedPolicies, - node, - pq, - pOid.getId(), - false); + index, + childExpectedPolicies, + node, + pq, + pOid.getId(), + false); node.addChild(child); policyNodes[index].add(child); - + return true; } } - + return false; } protected static void processCertD1ii( - int index, - List [] policyNodes, + int index, + List[] policyNodes, DERObjectIdentifier _poid, Set _pq) { - List policyNodeVec = policyNodes[index - 1]; + List policyNodeVec = policyNodes[index - 1]; for (int j = 0; j < policyNodeVec.size(); j++) { @@ -513,28 +508,29 @@ public class CertPathValidatorUtilities { Set _childExpectedPolicies = new HashSet(); _childExpectedPolicies.add(_poid.getId()); - + PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(), - index, - _childExpectedPolicies, - _node, - _pq, - _poid.getId(), - false); + index, + _childExpectedPolicies, + _node, + _pq, + _poid.getId(), + false); _node.addChild(_child); policyNodes[index].add(_child); return; } } } - + protected static void prepareNextCertB1( - int i, - List[] policyNodes, - String id_p, - Map m_idp, - X509Certificate cert - ) throws AnnotatedException,CertPathValidatorException + int i, + List[] policyNodes, + String id_p, + Map m_idp, + X509Certificate cert + ) + throws AnnotatedException, CertPathValidatorException { boolean idp_found = false; Iterator nodes_i = policyNodes[i].iterator(); @@ -565,9 +561,7 @@ public class CertPathValidatorUtilities } catch (Exception e) { - throw - - new AnnotatedException("Certificate policies cannot be decoded.", e); + throw new AnnotatedException("Certificate policies cannot be decoded.", e); } Enumeration e = policies.getObjects(); while (e.hasMoreElements()) @@ -586,12 +580,12 @@ public class CertPathValidatorUtilities { try { - pq = getQualifierSet(pinfo.getPolicyQualifiers()); + pq = getQualifierSet(pinfo.getPolicyQualifiers()); } catch (CertPathValidatorException ex) { throw new ExtCertPathValidatorException( - "Policy qualifier info set could not be built.", ex); + "Policy qualifier info set could not be built.", ex); } break; } @@ -606,9 +600,9 @@ public class CertPathValidatorUtilities if (ANY_POLICY.equals(p_node.getValidPolicy())) { PKIXPolicyNode c_node = new PKIXPolicyNode( - new ArrayList(), i, - (Set)m_idp.get(id_p), - p_node, pq, id_p, ci); + new ArrayList(), i, + (Set)m_idp.get(id_p), + p_node, pq, id_p, ci); p_node.addChild(c_node); policyNodes[i].add(c_node); } @@ -617,12 +611,12 @@ public class CertPathValidatorUtilities } } } - + protected static PKIXPolicyNode prepareNextCertB2( - int i, - List[] policyNodes, - String id_p, - PKIXPolicyNode validPolicyTree) + int i, + List[] policyNodes, + String id_p, + PKIXPolicyNode validPolicyTree) { Iterator nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) @@ -653,15 +647,15 @@ public class CertPathValidatorUtilities } return validPolicyTree; } - + protected static boolean isAnyPolicy( Set policySet) { return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty(); } - + protected static void addAdditionalStoreFromLocation(String location, - ExtendedPKIXParameters pkixParams) + ExtendedPKIXParameters pkixParams) { if (pkixParams.isAdditionalLocationsEnabled()) { @@ -715,16 +709,16 @@ public class CertPathValidatorUtilities * in the X509Store's that are matching the certSelect criteriums. * * @param certSelect a {@link Selector} object that will be used to select - * the certificates + * the certificates * @param certStores a List containing only {@link X509Store} objects. These - * are used to search for certificates. - * + * are used to search for certificates. * @return a Collection of all found {@link X509Certificate} or * {@link org.bouncycastle.x509.X509AttributeCertificate} objects. * May be empty but never <code>null</code>. */ protected static Collection findCertificates(X509CertStoreSelector certSelect, - List certStores) throws AnnotatedException + List certStores) + throws AnnotatedException { Set certs = new HashSet(); Iterator iter = certStores.iterator(); @@ -742,10 +736,8 @@ public class CertPathValidatorUtilities } catch (StoreException e) { - throw - - new AnnotatedException( - "Problem while picking certificates from X.509 store.", e); + throw new AnnotatedException( + "Problem while picking certificates from X.509 store.", e); } } else @@ -770,7 +762,7 @@ public class CertPathValidatorUtilities // BEGIN android-removed // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, // List certStores) - // throws AnnotatedException + // throws AnnotatedException // { // Set certs = new HashSet(); // Iterator iter = certStores.iterator(); @@ -788,9 +780,7 @@ public class CertPathValidatorUtilities // } // catch (StoreException e) // { - // throw - // - // new AnnotatedException( + // throw new AnnotatedException( // "Problem while picking certificates from X.509 store.", e); // } // } @@ -847,17 +837,17 @@ public class CertPathValidatorUtilities * Add the CRL issuers from the cRLIssuer field of the distribution point or * from the certificate if not given to the issuer criterion of the * <code>selector</code>. - * <p> + * <p/> * The <code>issuerPrincipals</code> are a collection with a single * <code>X500Principal</code> for <code>X509Certificate</code>s. For * {@link X509AttributeCertificate}s the issuer may contain more than one * <code>X500Principal</code>. * - * @param dp The distribution point. + * @param dp The distribution point. * @param issuerPrincipals The issuers of the certificate or attribute - * certificate which contains the distribution point. - * @param selector The CRL selector. - * @param pkixParams The PKIX parameters containing the cert stores. + * certificate which contains the distribution point. + * @param selector The CRL selector. + * @param pkixParams The PKIX parameters containing the cert stores. * @throws AnnotatedException if an exception occurs while processing. * @throws ClassCastException if <code>issuerPrincipals</code> does not * contain only <code>X500Principal</code>s. @@ -882,7 +872,7 @@ public class CertPathValidatorUtilities try { issuers.add(new X500Principal(genNames[j].getName() - .getDERObject().getEncoded())); + .toASN1Primitive().getEncoded())); } catch (IOException e) { @@ -905,7 +895,7 @@ public class CertPathValidatorUtilities "CRL issuer is omitted from distribution point but no distributionPoint field present."); } // add and check issuer principals - for (Iterator it=issuerPrincipals.iterator(); it.hasNext();) + for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); ) { issuers.add((X500Principal)it.next()); } @@ -924,7 +914,7 @@ public class CertPathValidatorUtilities // throw new AnnotatedException( // "nameRelativeToCRLIssuer field is given but more than one CRL issuer is given."); // } -// DEREncodable relName = dp.getDistributionPoint().getName(); +// ASN1Encodable relName = dp.getDistributionPoint().getName(); // Iterator it = issuers.iterator(); // List issuersTemp = new ArrayList(issuers.size()); // while (it.hasNext()) @@ -944,7 +934,7 @@ public class CertPathValidatorUtilities // ASN1EncodableVector v = new ASN1EncodableVector(); // while (e.hasMoreElements()) // { -// v.add((DEREncodable) e.nextElement()); +// v.add((ASN1Encodable) e.nextElement()); // } // v.add(relName); // issuersTemp.add(new X500Principal(new DERSequence(v) @@ -970,97 +960,126 @@ public class CertPathValidatorUtilities } private static BigInteger getSerialNumber( - Object cert) + Object cert) { if (cert instanceof X509Certificate) { - return ((X509Certificate) cert).getSerialNumber(); + return ((X509Certificate)cert).getSerialNumber(); } else { - return ((X509AttributeCertificate) cert).getSerialNumber(); + return ((X509AttributeCertificate)cert).getSerialNumber(); } } - + protected static void getCertStatus( - Date validDate, - X509CRL crl, - Object cert, - CertStatus certStatus) + Date validDate, + X509CRL crl, + Object cert, + CertStatus certStatus) throws AnnotatedException { - // use BC X509CRLObject so that indirect CRLs are supported - X509CRLObject bcCRL = null; + X509CRLEntry crl_entry = null; + + boolean isIndirect; try { - bcCRL = new X509CRLObject(new CertificateList((ASN1Sequence) ASN1Sequence.fromByteArray(crl.getEncoded()))); + isIndirect = X509CRLObject.isIndirectCRL(crl); } - catch (Exception exception) + catch (CRLException exception) { - throw new AnnotatedException("Bouncy Castle X509CRLObject could not be created.", exception); + throw new AnnotatedException("Failed check for indirect CRL.", exception); } - // use BC X509CRLEntryObject, so that getCertificateIssuer() is - // supported. - X509CRLEntryObject crl_entry = (X509CRLEntryObject) bcCRL.getRevokedCertificate(getSerialNumber(cert)); - if (crl_entry != null - && (getEncodedIssuerPrincipal(cert).equals(crl_entry.getCertificateIssuer()) || getEncodedIssuerPrincipal(cert) - .equals(getIssuerPrincipal(crl)))) + + if (isIndirect) { - DEREnumerated reasonCode = null; - if (crl_entry.hasExtensions()) + crl_entry = crl.getRevokedCertificate(getSerialNumber(cert)); + + if (crl_entry == null) { - try - { - reasonCode = DEREnumerated - .getInstance(CertPathValidatorUtilities - .getExtensionValue(crl_entry, - X509Extensions.ReasonCode.getId())); - } - catch (Exception e) - { - new AnnotatedException( - "Reason code CRL entry extension could not be decoded.", - e); - } + return; } - // for reason keyCompromise, caCompromise, aACompromise or - // unspecified - if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) - || reasonCode == null - || reasonCode.getValue().intValue() == 0 - || reasonCode.getValue().intValue() == 1 - || reasonCode.getValue().intValue() == 2 - || reasonCode.getValue().intValue() == 8) + X500Principal certIssuer = crl_entry.getCertificateIssuer(); + + if (certIssuer == null) { + certIssuer = getIssuerPrincipal(crl); + } - // (i) or (j) (1) - if (reasonCode != null) - { - certStatus.setCertStatus(reasonCode.getValue().intValue()); - } - // (i) or (j) (2) - else - { - certStatus.setCertStatus(CRLReason.unspecified); - } - certStatus.setRevocationDate(crl_entry.getRevocationDate()); + if (!getEncodedIssuerPrincipal(cert).equals(certIssuer)) + { + return; + } + } + else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl))) + { + return; // not for our issuer, ignore + } + else + { + crl_entry = crl.getRevokedCertificate(getSerialNumber(cert)); + + if (crl_entry == null) + { + return; + } + } + + DEREnumerated reasonCode = null; + if (crl_entry.hasExtensions()) + { + try + { + reasonCode = DEREnumerated + .getInstance(CertPathValidatorUtilities + .getExtensionValue(crl_entry, + X509Extension.reasonCode.getId())); + } + catch (Exception e) + { + throw new AnnotatedException( + "Reason code CRL entry extension could not be decoded.", + e); } } + + // for reason keyCompromise, caCompromise, aACompromise or + // unspecified + if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) + || reasonCode == null + || reasonCode.getValue().intValue() == 0 + || reasonCode.getValue().intValue() == 1 + || reasonCode.getValue().intValue() == 2 + || reasonCode.getValue().intValue() == 8) + { + + // (i) or (j) (1) + if (reasonCode != null) + { + certStatus.setCertStatus(reasonCode.getValue().intValue()); + } + // (i) or (j) (2) + else + { + certStatus.setCertStatus(CRLReason.unspecified); + } + certStatus.setRevocationDate(crl_entry.getRevocationDate()); + } } /** * Fetches delta CRLs according to RFC 3280 section 5.2.4. * * @param currentDate The date for which the delta CRLs must be valid. - * @param paramsPKIX The extended PKIX parameters. + * @param paramsPKIX The extended PKIX parameters. * @param completeCRL The complete CRL the delta CRL is for. * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs. * @throws AnnotatedException if an exception occurs while picking the delta - * CRLs. + * CRLs. */ protected static Set getDeltaCRLs(Date currentDate, - ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL) + ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL) throws AnnotatedException { @@ -1074,17 +1093,17 @@ public class CertPathValidatorUtilities } catch (IOException e) { - new AnnotatedException("Cannot extract issuer from CRL.", e); + throw new AnnotatedException("Cannot extract issuer from CRL.", e); } BigInteger completeCRLNumber = null; try { - DERObject derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL, - CRL_NUMBER); + ASN1Primitive derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL, + CRL_NUMBER); if (derObject != null) { - completeCRLNumber = CRLNumber.getInstance(derObject).getPositiveValue(); + completeCRLNumber = ASN1Integer.getInstance(derObject).getPositiveValue(); } } catch (Exception e) @@ -1122,10 +1141,10 @@ public class CertPathValidatorUtilities Set result = new HashSet(); - for (Iterator it = temp.iterator(); it.hasNext();) + for (Iterator it = temp.iterator(); it.hasNext(); ) { X509CRL crl = (X509CRL)it.next(); - + if (isDeltaCRL(crl)) { result.add(crl); @@ -1139,25 +1158,30 @@ public class CertPathValidatorUtilities { Set critical = crl.getCriticalExtensionOIDs(); + if (critical == null) + { + return false; + } + return critical.contains(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); } /** * Fetches complete CRLs according to RFC 3280. * - * @param dp The distribution point for which the complete CRL - * @param cert The <code>X509Certificate</code> or - * {@link org.bouncycastle.x509.X509AttributeCertificate} for - * which the CRL should be searched. + * @param dp The distribution point for which the complete CRL + * @param cert The <code>X509Certificate</code> or + * {@link org.bouncycastle.x509.X509AttributeCertificate} for + * which the CRL should be searched. * @param currentDate The date for which the delta CRLs must be valid. - * @param paramsPKIX The extended PKIX parameters. + * @param paramsPKIX The extended PKIX parameters. * @return A <code>Set</code> of <code>X509CRL</code>s with complete * CRLs. * @throws AnnotatedException if an exception occurs while picking the CRLs - * or no CRLs are found. + * or no CRLs are found. */ protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, - Date currentDate, ExtendedPKIXParameters paramsPKIX) + Date currentDate, ExtendedPKIXParameters paramsPKIX) throws AnnotatedException { X509CRLStoreSelector crlselect = new X509CRLStoreSelector(); @@ -1177,7 +1201,7 @@ public class CertPathValidatorUtilities } catch (AnnotatedException e) { - new AnnotatedException( + throw new AnnotatedException( "Could not get issuer information from distribution point.", e); } if (cert instanceof X509Certificate) @@ -1190,7 +1214,6 @@ public class CertPathValidatorUtilities } - crlselect.setCompleteCRLEnabled(true); Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate); @@ -1235,7 +1258,7 @@ public class CertPathValidatorUtilities byte[] extBytes = ((X509Certificate)certPath.getCertificates().get(index - 1)).getExtensionValue(ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen.getId()); if (extBytes != null) { - dateOfCertgen = DERGeneralizedTime.getInstance(ASN1Object.fromByteArray(extBytes)); + dateOfCertgen = DERGeneralizedTime.getInstance(ASN1Primitive.fromByteArray(extBytes)); } } catch (IOException e) @@ -1261,12 +1284,12 @@ public class CertPathValidatorUtilities e); } } - return ((X509Certificate) certPath.getCertificates().get( + return ((X509Certificate)certPath.getCertificates().get( index - 1)).getNotBefore(); } else { - return ((X509Certificate) certPath.getCertificates().get( + return ((X509Certificate)certPath.getCertificates().get( index - 1)).getNotBefore(); } } @@ -1290,10 +1313,10 @@ public class CertPathValidatorUtilities * returns the public key. If the DSA key already contains DSA parameters * the key is also only returned. * </p> - * + * * @param certs The certification path. * @param index The index of the certificate which contains the public key - * which should be extended with DSA parameters. + * which should be extended with DSA parameters. * @return The public key of the certificate in list position * <code>index</code> extended with DSA parameters if applicable. * @throws AnnotatedException if DSA parameters cannot be inherited. @@ -1301,13 +1324,13 @@ public class CertPathValidatorUtilities protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException { - Certificate cert = (Certificate) certs.get(index); + Certificate cert = (Certificate)certs.get(index); PublicKey pubKey = cert.getPublicKey(); if (!(pubKey instanceof DSAPublicKey)) { return pubKey; } - DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey; + DSAPublicKey dsaPubKey = (DSAPublicKey)pubKey; if (dsaPubKey.getParams() != null) { return dsaPubKey; @@ -1321,7 +1344,7 @@ public class CertPathValidatorUtilities throw new CertPathValidatorException( "DSA parameters cannot be inherited from previous certificate."); } - DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey; + DSAPublicKey prevDSAPubKey = (DSAPublicKey)pubKey; if (prevDSAPubKey.getParams() == null) { continue; @@ -1341,23 +1364,20 @@ public class CertPathValidatorUtilities } throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate."); } - + /** * Find the issuer certificates of a given certificate. - * - * @param cert - * The certificate for which an issuer should be found. + * + * @param cert The certificate for which an issuer should be found. * @param pkixParams * @return A <code>Collection</code> object containing the issuer * <code>X509Certificate</code>s. Never <code>null</code>. - * - * @exception AnnotatedException - * if an error occurs. + * @throws AnnotatedException if an error occurs. */ protected static Collection findIssuerCerts( X509Certificate cert, ExtendedPKIXBuilderParameters pkixParams) - throws AnnotatedException + throws AnnotatedException { X509CertStoreSelector certSelect = new X509CertStoreSelector(); Set certs = new HashSet(); @@ -1368,7 +1388,7 @@ public class CertPathValidatorUtilities catch (IOException ex) { throw new AnnotatedException( - "Subject criteria for certificate selector to find issuer certificate could not be set.", ex); + "Subject criteria for certificate selector to find issuer certificate could not be set.", ex); } Iterator iter; @@ -1391,7 +1411,7 @@ public class CertPathValidatorUtilities X509Certificate issuer = null; while (iter.hasNext()) { - issuer = (X509Certificate) iter.next(); + issuer = (X509Certificate)iter.next(); // issuer cannot be verified because possible DSA inheritance // parameters are missing certs.add(issuer); @@ -1400,8 +1420,8 @@ public class CertPathValidatorUtilities } protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey, - String sigProvider) - throws GeneralSecurityException + String sigProvider) + throws GeneralSecurityException { if (sigProvider == null) { diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java index 1b48aec..2205a26 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java @@ -11,6 +11,7 @@ import java.security.spec.AlgorithmParameterSpec; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; +import javax.crypto.CipherSpi; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; @@ -29,7 +30,6 @@ import org.bouncycastle.crypto.DataLengthException; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.engines.AESFastEngine; import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; // BEGIN android-removed // import org.bouncycastle.crypto.engines.GOST28147Engine; // END android-removed @@ -44,7 +44,9 @@ import org.bouncycastle.crypto.modes.CTSBlockCipher; // import org.bouncycastle.crypto.modes.EAXBlockCipher; // END android-removed import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; // BEGIN android-removed // import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; @@ -65,11 +67,17 @@ import org.bouncycastle.crypto.params.ParametersWithRandom; // import org.bouncycastle.crypto.params.ParametersWithSBox; // import org.bouncycastle.crypto.params.RC2Parameters; // import org.bouncycastle.crypto.params.RC5Parameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; +// BEGIN android-removed // import org.bouncycastle.jce.spec.GOST28147ParameterSpec; // END android-removed +import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; import org.bouncycastle.util.Strings; -public class JCEBlockCipher extends WrapCipherSpi +public class JCEBlockCipher + extends CipherSpi implements PBE { // @@ -101,6 +109,8 @@ public class JCEBlockCipher extends WrapCipherSpi private String modeName = null; + private AlgorithmParameters engineParams; + protected JCEBlockCipher( BlockCipher engine) { @@ -272,12 +282,14 @@ public class JCEBlockCipher extends WrapCipherSpi cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( new SICBlockCipher(baseEngine))); } - else if (modeName.startsWith("GOFB")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new GOFBBlockCipher(baseEngine))); - } + // BEGIN android-removed + // else if (modeName.startsWith("GOFB")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + // new GOFBBlockCipher(baseEngine))); + // } + // END android-removed else if (modeName.startsWith("CTS")) { ivLength = baseEngine.getBlockSize(); @@ -396,9 +408,9 @@ public class JCEBlockCipher extends WrapCipherSpi // // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). // - if (key instanceof JCEPBEKey) + if (key instanceof BCPBEKey) { - JCEPBEKey k = (JCEPBEKey)key; + BCPBEKey k = (BCPBEKey)key; if (k.getOID() != null) { @@ -444,8 +456,16 @@ public class JCEBlockCipher extends WrapCipherSpi throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); } - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); - ivParam = (ParametersWithIV)param; + if (key instanceof RepeatedSecretKeySpec) + { + param = new ParametersWithIV(null, p.getIV()); + ivParam = (ParametersWithIV)param; + } + else + { + param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); + ivParam = (ParametersWithIV)param; + } } else { @@ -857,7 +877,7 @@ public class JCEBlockCipher extends WrapCipherSpi super(new CBCBlockCipher(new RC2Engine())); } } - + /** * PBEWithSHA1AndDES */ @@ -882,30 +902,8 @@ public class JCEBlockCipher extends WrapCipherSpi } } - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends JCEBlockCipher - { - public PBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine())); - } - } - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends JCEBlockCipher - { - public PBEWithSHAAndDES2Key() - { - super(new CBCBlockCipher(new DESedeEngine())); - } - } - + /** * PBEWithSHAAnd128BitRC2-CBC */ @@ -929,7 +927,7 @@ public class JCEBlockCipher extends WrapCipherSpi super(new CBCBlockCipher(new RC2Engine())); } } - + /** * PBEWithSHAAndTwofish-CBC */ @@ -941,7 +939,7 @@ public class JCEBlockCipher extends WrapCipherSpi super(new CBCBlockCipher(new TwofishEngine())); } } - + /** * PBEWithAES-CBC */ diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java index fc38481..46295c5 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java @@ -10,8 +10,10 @@ import javax.crypto.interfaces.DHPrivateKey; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPrivateKeySpec; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.pkcs.DHParameter; @@ -21,6 +23,7 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.DHDomainParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.DHPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; public class JCEDHPrivateKey @@ -55,17 +58,18 @@ public class JCEDHPrivateKey JCEDHPrivateKey( PrivateKeyInfo info) + throws IOException { ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)info.getPrivateKey(); - DERObjectIdentifier id = info.getAlgorithmId().getObjectId(); + DERInteger derX = DERInteger.getInstance(info.parsePrivateKey()); + DERObjectIdentifier id = info.getAlgorithmId().getAlgorithm(); this.info = info; this.x = derX.getValue(); if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement)) { - DHParameter params = new DHParameter(seq); + DHParameter params = DHParameter.getInstance(seq); if (params.getL() != null) { @@ -118,14 +122,21 @@ public class JCEDHPrivateKey */ public byte[] getEncoded() { - if (info != null) + try { - return info.getDEREncoded(); - } - - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(getX())); + if (info != null) + { + return info.getEncoded(ASN1Encoding.DER); + } - return info.getDEREncoded(); + PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new DERInteger(getX())); + + return info.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } } public DHParameterSpec getParams() @@ -158,13 +169,13 @@ public class JCEDHPrivateKey } public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) { attrCarrier.setBagAttribute(oid, attribute); } - public DEREncodable getBagAttribute( + public ASN1Encodable getBagAttribute( DERObjectIdentifier oid) { return attrCarrier.getBagAttribute(oid); diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java index 942e3bf..6ff1e08 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java @@ -19,6 +19,7 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.DHDomainParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.DHPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; public class JCEDHPublicKey implements DHPublicKey @@ -66,7 +67,7 @@ public class JCEDHPublicKey DERInteger derY; try { - derY = (DERInteger)info.getPublicKey(); + derY = (DERInteger)info.parsePublicKey(); } catch (IOException e) { @@ -76,12 +77,12 @@ public class JCEDHPublicKey this.y = derY.getValue(); ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters()); - DERObjectIdentifier id = info.getAlgorithmId().getObjectId(); + DERObjectIdentifier id = info.getAlgorithmId().getAlgorithm(); // we need the PKCS check to handle older keys marked with the X9 oid. if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq)) { - DHParameter params = new DHParameter(seq); + DHParameter params = DHParameter.getInstance(seq); if (params.getL() != null) { @@ -118,12 +119,10 @@ public class JCEDHPublicKey { if (info != null) { - return info.getDEREncoded(); + return KeyUtil.getEncodedSubjectPublicKeyInfo(info); } - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y)); - - return info.getDEREncoded(); + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new DERInteger(y)); } public DHParameterSpec getParams() diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java index 3b3f318..97455bd 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java @@ -11,13 +11,14 @@ import java.security.spec.ECPrivateKeySpec; import java.security.spec.EllipticCurve; import java.util.Enumeration; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // BEGIN android-removed @@ -32,10 +33,11 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil; import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.math.ec.ECCurve; @@ -188,17 +190,19 @@ public class JCEECPrivateKey JCEECPrivateKey( PrivateKeyInfo info) + throws IOException { populateFromPrivKeyInfo(info); } private void populateFromPrivKeyInfo(PrivateKeyInfo info) + throws IOException { - X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters()); + X962Parameters params = new X962Parameters((ASN1Primitive)info.getPrivateKeyAlgorithm().getParameters()); if (params.isNamedCurve()) { - DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); // BEGIN android-removed @@ -237,7 +241,7 @@ public class JCEECPrivateKey } else { - X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters()); + X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); this.ecSpec = new ECParameterSpec( @@ -249,15 +253,16 @@ public class JCEECPrivateKey ecP.getH().intValue()); } - if (info.getPrivateKey() instanceof DERInteger) + ASN1Encodable privKey = info.parsePrivateKey(); + if (privKey instanceof DERInteger) { - DERInteger derD = (DERInteger)info.getPrivateKey(); + DERInteger derD = DERInteger.getInstance(privKey); this.d = derD.getValue(); } else { - ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)info.getPrivateKey()); + ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)privKey); this.d = ec.getKey(); this.publicKey = ec.getPublicKey(); @@ -328,19 +333,26 @@ public class JCEECPrivateKey keyStructure = new ECPrivateKeyStructure(this.getS(), params); } - // BEGIN android-removed - // if (algorithm.equals("ECGOST3410")) - // { - // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject()); - // } - // else - // END android-removed + try { + // BEGIN android-removed + // if (algorithm.equals("ECGOST3410")) + // { + // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + // } + // else + // END android-removed + { - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject()); - } + info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + } - return info.getDEREncoded(); + return info.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } } public ECParameterSpec getParams() @@ -365,7 +377,7 @@ public class JCEECPrivateKey return EC5Util.convertSpec(ecSpec, withCompression); } - return ProviderUtil.getEcImplicitlyCa(); + return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); } public BigInteger getS() @@ -379,13 +391,13 @@ public class JCEECPrivateKey } public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) { attrCarrier.setBagAttribute(oid, attribute); } - public DEREncodable getBagAttribute( + public ASN1Encodable getBagAttribute( DERObjectIdentifier oid) { return attrCarrier.getBagAttribute(oid); @@ -434,7 +446,7 @@ public class JCEECPrivateKey { try { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(pub.getEncoded())); + SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); return info.getPublicKeyData(); } @@ -450,7 +462,7 @@ public class JCEECPrivateKey { byte[] enc = (byte[])in.readObject(); - populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(enc))); + populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); this.algorithm = (String)in.readObject(); this.withCompression = in.readBoolean(); diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java index 00277ac..d1462d5 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java @@ -11,13 +11,12 @@ import java.security.spec.ECPublicKeySpec; import java.security.spec.EllipticCurve; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // BEGIN android-removed @@ -33,12 +32,13 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; // BEGIN android-removed // import org.bouncycastle.jce.ECGOST3410NamedCurveTable; // END android-removed import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil; // BEGIN android-removed // import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; // END android-removed @@ -96,7 +96,7 @@ public class JCEECPublicKey { if (q.getCurve() == null) { - org.bouncycastle.jce.spec.ECParameterSpec s = ProviderUtil.getEcImplicitlyCa(); + org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false); } @@ -198,7 +198,7 @@ public class JCEECPublicKey // // try // { - // key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes()); + // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); // } // catch (IOException ex) // { @@ -240,13 +240,13 @@ public class JCEECPublicKey // else // END android-removed { - X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters()); + X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); ECCurve curve; EllipticCurve ellipticCurve; if (params.isNamedCurve()) { - DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); curve = ecP.getCurve(); @@ -264,11 +264,11 @@ public class JCEECPublicKey else if (params.isImplicitlyCA()) { ecSpec = null; - curve = ProviderUtil.getEcImplicitlyCa().getCurve(); + curve = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve(); } else { - X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters()); + X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); curve = ecP.getCurve(); ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); @@ -298,7 +298,7 @@ public class JCEECPublicKey { try { - key = (ASN1OctetString) ASN1Object.fromByteArray(data); + key = (ASN1OctetString) ASN1Primitive.fromByteArray(data); } catch (IOException ex) { @@ -364,17 +364,17 @@ public class JCEECPublicKey // extractBytes(encKey, 0, bX); // extractBytes(encKey, 32, bY); // - // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey)); + // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); // } // else // END android-removed { if (ecSpec instanceof ECNamedCurveSpec) { - DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); + ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); if (curveOid == null) { - curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); + curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); } params = new X962Parameters(curveOid); } @@ -398,12 +398,12 @@ public class JCEECPublicKey ECCurve curve = this.engineGetQ().getCurve(); ASN1OctetString p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).getDERObject(); + new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).toASN1Primitive(); - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets()); + info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); } - return info.getDEREncoded(); + return KeyUtil.getEncodedSubjectPublicKeyInfo(info); } private void extractBytes(byte[] encKey, int offSet, BigInteger bI) @@ -471,7 +471,7 @@ public class JCEECPublicKey return EC5Util.convertSpec(ecSpec, withCompression); } - return ProviderUtil.getEcImplicitlyCa(); + return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); } public String toString() @@ -515,7 +515,7 @@ public class JCEECPublicKey { byte[] enc = (byte[])in.readObject(); - populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(enc))); + populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); this.algorithm = (String)in.readObject(); this.withCompression = in.readBoolean(); diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java deleted file mode 100644 index 6373557..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java +++ /dev/null @@ -1,269 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyGeneratorSpi; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.generators.DESKeyGenerator; - -public class JCEKeyGenerator - extends KeyGeneratorSpi -{ - protected String algName; - protected int keySize; - protected int defaultKeySize; - protected CipherKeyGenerator engine; - - protected boolean uninitialised = true; - - protected JCEKeyGenerator( - String algName, - int defaultKeySize, - CipherKeyGenerator engine) - { - this.algName = algName; - this.keySize = this.defaultKeySize = defaultKeySize; - this.engine = engine; - } - - protected void engineInit( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("Not Implemented"); - } - - protected void engineInit( - SecureRandom random) - { - if (random != null) - { - engine.init(new KeyGenerationParameters(random, defaultKeySize)); - uninitialised = false; - } - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - try - { - // BEGIN android-added - if (random == null) { - random = new SecureRandom(); - } - // END android-added - engine.init(new KeyGenerationParameters(random, keySize)); - uninitialised = false; - } - catch (IllegalArgumentException e) - { - throw new InvalidParameterException(e.getMessage()); - } - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); - uninitialised = false; - } - - return new SecretKeySpec(engine.generateKey(), algName); - } - - /** - * the generators that are defined directly off us. - */ - - /** - * DES - */ - public static class DES - extends JCEKeyGenerator - { - public DES() - { - super("DES", 64, new DESKeyGenerator()); - } - } - - // BEGIN android-removed - // /** - // * RC2 - // */ - // public static class RC2 - // extends JCEKeyGenerator - // { - // public RC2() - // { - // super("RC2", 128, new CipherKeyGenerator()); - // } - // } - // - // /** - // * GOST28147 - // */ - // public static class GOST28147 - // extends JCEKeyGenerator - // { - // public GOST28147() - // { - // super("GOST28147", 256, new CipherKeyGenerator()); - // } - // } - // END android-removed - - // HMAC Related secret keys.. - - // BEGIN android-removed - // /** - // * MD2HMAC - // */ - // public static class MD2HMAC - // extends JCEKeyGenerator - // { - // public MD2HMAC() - // { - // super("HMACMD2", 128, new CipherKeyGenerator()); - // } - // } - // - // - // /** - // * MD4HMAC - // */ - // public static class MD4HMAC - // extends JCEKeyGenerator - // { - // public MD4HMAC() - // { - // super("HMACMD4", 128, new CipherKeyGenerator()); - // } - // } - // END android-removed - - /** - * MD5HMAC - */ - public static class MD5HMAC - extends JCEKeyGenerator - { - public MD5HMAC() - { - super("HMACMD5", 128, new CipherKeyGenerator()); - } - } - - - // /** - // * RIPE128HMAC - // */ - // public static class RIPEMD128HMAC - // extends JCEKeyGenerator - // { - // public RIPEMD128HMAC() - // { - // super("HMACRIPEMD128", 128, new CipherKeyGenerator()); - // } - // } - - // /** - // * RIPE160HMAC - // */ - // public static class RIPEMD160HMAC - // extends JCEKeyGenerator - // { - // public RIPEMD160HMAC() - // { - // super("HMACRIPEMD160", 160, new CipherKeyGenerator()); - // } - // } - - - /** - * HMACSHA1 - */ - public static class HMACSHA1 - extends JCEKeyGenerator - { - public HMACSHA1() - { - super("HMACSHA1", 160, new CipherKeyGenerator()); - } - } - - // BEGIN android-removed - // /** - // * HMACSHA224 - // */ - // public static class HMACSHA224 - // extends JCEKeyGenerator - // { - // public HMACSHA224() - // { - // super("HMACSHA224", 224, new CipherKeyGenerator()); - // } - // } - // END android-removed - - /** - * HMACSHA256 - */ - public static class HMACSHA256 - extends JCEKeyGenerator - { - public HMACSHA256() - { - super("HMACSHA256", 256, new CipherKeyGenerator()); - } - } - - /** - * HMACSHA384 - */ - public static class HMACSHA384 - extends JCEKeyGenerator - { - public HMACSHA384() - { - super("HMACSHA384", 384, new CipherKeyGenerator()); - } - } - - /** - * HMACSHA512 - */ - public static class HMACSHA512 - extends JCEKeyGenerator - { - public HMACSHA512() - { - super("HMACSHA512", 512, new CipherKeyGenerator()); - } - } - - // BEGIN android-removed - // /** - // * HMACTIGER - // */ - // public static class HMACTIGER - // extends JCEKeyGenerator - // { - // public HMACTIGER() - // { - // super("HMACTIGER", 192, new CipherKeyGenerator()); - // } - // } - // END android-removed -} diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/src/main/java/org/bouncycastle/jce/provider/JCEMac.java index cf876f5..8d6249d 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEMac.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEMac.java @@ -14,22 +14,19 @@ import org.bouncycastle.crypto.Mac; // BEGIN android-removed // import org.bouncycastle.crypto.digests.MD2Digest; // import org.bouncycastle.crypto.digests.MD4Digest; -// END android-removed -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD5Digest; // import org.bouncycastle.crypto.digests.RIPEMD128Digest; // import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; // import org.bouncycastle.crypto.digests.SHA224Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; // import org.bouncycastle.crypto.digests.TigerDigest; // END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.OpenSSLDigest; +// END android-added import org.bouncycastle.crypto.engines.DESEngine; // BEGIN android-removed // import org.bouncycastle.crypto.engines.RC2Engine; @@ -37,7 +34,6 @@ import org.bouncycastle.crypto.engines.DESEngine; import org.bouncycastle.crypto.macs.CBCBlockCipherMac; // BEGIN android-removed // import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// import org.bouncycastle.crypto.macs.GOST28147Mac; // END android-removed import org.bouncycastle.crypto.macs.HMac; // BEGIN android-removed @@ -47,6 +43,8 @@ import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; public class JCEMac extends MacSpi implements PBE @@ -87,9 +85,9 @@ public class JCEMac throw new InvalidKeyException("key is null"); } - if (key instanceof JCEPBEKey) + if (key instanceof BCPBEKey) { - JCEPBEKey k = (JCEPBEKey)key; + BCPBEKey k = (BCPBEKey)key; if (k.getParam() != null) { @@ -171,31 +169,32 @@ public class JCEMac // } // // /** - // * RC2 + // * DES 64 bit MAC // */ - // public static class RC2 + // public static class DES64 // extends JCEMac // { - // public RC2() + // public DES64() // { - // super(new CBCBlockCipherMac(new RC2Engine())); + // super(new CBCBlockCipherMac(new DESEngine(), 64)); // } // } // // /** - // * GOST28147 + // * RC2 // */ - // public static class GOST28147 + // public static class RC2 // extends JCEMac // { - // public GOST28147() + // public RC2() // { - // super(new GOST28147Mac()); + // super(new CBCBlockCipherMac(new RC2Engine())); // } // } // // // + // // /** // * DES // */ @@ -211,14 +210,7 @@ public class JCEMac // /** // * RC2CFB8 // */ - // public static class RC2CFB8 - // extends JCEMac - // { - // public RC2CFB8() - // { - // super(new CFBBlockCipherMac(new RC2Engine())); - // } - // } + // // // /** // * DES9797Alg3with7816-4Padding @@ -277,10 +269,12 @@ public class JCEMac { public MD5() { - super(new HMac(new MD5Digest())); + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.MD5())); + // END android-changed } } - + /** * SHA1 HMac */ @@ -289,10 +283,12 @@ public class JCEMac { public SHA1() { - super(new HMac(new SHA1Digest())); + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA1())); + // END android-changed } } - + // BEGIN android-removed // /** // * SHA-224 HMac @@ -315,10 +311,12 @@ public class JCEMac { public SHA256() { - super(new HMac(new SHA256Digest())); + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA256())); + // END android-changed } } - + /** * SHA-384 HMac */ @@ -327,10 +325,12 @@ public class JCEMac { public SHA384() { - super(new HMac(new SHA384Digest())); + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA384())); + // END android-changed } } - + // BEGIN android-removed // public static class OldSHA384 // extends JCEMac @@ -350,9 +350,12 @@ public class JCEMac { public SHA512() { - super(new HMac(new SHA512Digest())); + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA512())); + // END android-changed } } + // BEGIN android-removed // /** @@ -421,7 +424,7 @@ public class JCEMac // } // } // END android-removed - + /** * PBEWithHmacSHA */ @@ -430,10 +433,12 @@ public class JCEMac { public PBEWithSHA() { - super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); + // BEGIN android-changed + super(new HMac(new OpenSSLDigest.SHA1()), PKCS12, SHA1, 160); + // END android-changed } } - + // BEGIN android-removed // /** // * PBEWithHmacTiger diff --git a/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java b/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java index c7e2794..c4c5b61 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java @@ -1,16 +1,17 @@ package org.bouncycastle.jce.provider; -import org.bouncycastle.asn1.ASN1Sequence; +import java.io.IOException; +import java.math.BigInteger; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.spec.RSAPrivateCrtKeySpec; + import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; +import org.bouncycastle.asn1.pkcs.RSAPrivateKey; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.spec.RSAPrivateCrtKeySpec; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; /** * A provider representation for a RSA private key, with CRT factors included. @@ -87,15 +88,16 @@ public class JCERSAPrivateCrtKey */ JCERSAPrivateCrtKey( PrivateKeyInfo info) + throws IOException { - this(new RSAPrivateKeyStructure((ASN1Sequence)info.getPrivateKey())); + this(org.bouncycastle.asn1.pkcs.RSAPrivateKey.getInstance(info.parsePrivateKey())); } /** * construct an RSA key from a ASN.1 RSA private key object. */ JCERSAPrivateCrtKey( - RSAPrivateKeyStructure key) + RSAPrivateKey key) { this.modulus = key.getModulus(); this.publicExponent = key.getPublicExponent(); @@ -126,10 +128,8 @@ public class JCERSAPrivateCrtKey public byte[] getEncoded() { // BEGIN android-changed - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject()); + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); // END android-changed - - return info.getDEREncoded(); } /** diff --git a/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java index bbead9f..6277415 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java @@ -1,15 +1,5 @@ package org.bouncycastle.jce.provider; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; @@ -18,6 +8,17 @@ import java.security.interfaces.RSAPrivateKey; import java.security.spec.RSAPrivateKeySpec; import java.util.Enumeration; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; + public class JCERSAPrivateKey implements RSAPrivateKey, PKCS12BagAttributeCarrier { @@ -28,7 +29,7 @@ public class JCERSAPrivateKey protected BigInteger modulus; protected BigInteger privateExponent; - private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); + private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); protected JCERSAPrivateKey() { @@ -78,10 +79,8 @@ public class JCERSAPrivateKey public byte[] getEncoded() { // BEGIN android-changed - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKeyStructure(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO).getDERObject()); + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); // END android-changed - - return info.getDEREncoded(); } public boolean equals(Object o) @@ -108,13 +107,13 @@ public class JCERSAPrivateKey } public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) { attrCarrier.setBagAttribute(oid, attribute); } - public DEREncodable getBagAttribute( + public ASN1Encodable getBagAttribute( DERObjectIdentifier oid) { return attrCarrier.getBagAttribute(oid); diff --git a/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java index ea601ed..8d74351 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java @@ -1,5 +1,10 @@ package org.bouncycastle.jce.provider; +import java.io.IOException; +import java.math.BigInteger; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.RSAPublicKeySpec; + import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -7,11 +12,7 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.crypto.params.RSAKeyParameters; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.RSAPublicKeySpec; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; public class JCERSAPublicKey implements RSAPublicKey @@ -47,7 +48,7 @@ public class JCERSAPublicKey { try { - RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.getPublicKey()); + RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.parsePublicKey()); this.modulus = pubKey.getModulus(); this.publicExponent = pubKey.getPublicExponent(); @@ -91,10 +92,8 @@ public class JCERSAPublicKey public byte[] getEncoded() { // BEGIN android-changed - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject()); + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); // END android-changed - - return info.getDEREncoded(); } public int hashCode() diff --git a/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java index 51f8e38..7d70734 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java @@ -17,6 +17,8 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.params.DESParameters; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; public class JCESecretKeyFactory extends SecretKeyFactorySpi @@ -140,7 +142,7 @@ public class JCESecretKeyFactory if (pbeSpec.getSalt() == null) { - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); } if (forCipher) @@ -152,7 +154,7 @@ public class JCESecretKeyFactory param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); } - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); } throw new InvalidKeySpecException("Invalid KeySpec"); @@ -197,7 +199,7 @@ public class JCESecretKeyFactory if (pbeSpec.getSalt() == null) { - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); } if (forCipher) @@ -221,7 +223,7 @@ public class JCESecretKeyFactory DESParameters.setOddParity(kParam.getKey()); - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); } throw new InvalidKeySpecException("Invalid KeySpec"); @@ -368,7 +370,7 @@ public class JCESecretKeyFactory { public PBEWithSHAAnd40BitRC2() { - super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbewithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); + super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); } } @@ -600,7 +602,7 @@ public class JCESecretKeyFactory int ivSize = -1; CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); } throw new InvalidKeySpecException("Invalid KeySpec"); diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java index b88ccae..16a14ec 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java +++ b/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java @@ -8,6 +8,7 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import javax.crypto.Cipher; +import javax.crypto.CipherSpi; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.ShortBufferException; @@ -37,9 +38,12 @@ import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; public class JCEStreamCipher - extends WrapCipherSpi implements PBE + extends CipherSpi + implements PBE { // // specs we can handle. @@ -62,6 +66,8 @@ public class JCEStreamCipher private PBEParameterSpec pbeSpec = null; private String pbeAlgorithm = null; + private AlgorithmParameters engineParams; + protected JCEStreamCipher( StreamCipher engine, int ivLength) @@ -171,9 +177,9 @@ public class JCEStreamCipher throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); } - if (key instanceof JCEPBEKey) + if (key instanceof BCPBEKey) { - JCEPBEKey k = (JCEPBEKey)key; + BCPBEKey k = (BCPBEKey)key; if (k.getOID() != null) { @@ -511,7 +517,7 @@ public class JCEStreamCipher super(new RC4Engine(), 0); } } - + /** * PBEWithSHAAnd40BitRC4 */ diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java deleted file mode 100644 index b61acfa..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java +++ /dev/null @@ -1,348 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameterGeneratorSpi; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; - -import javax.crypto.spec.DHGenParameterSpec; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.IvParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// END android-removed - -import org.bouncycastle.crypto.generators.DHParametersGenerator; -import org.bouncycastle.crypto.generators.DSAParametersGenerator; -// BEGIN android-removed -// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -// import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; -// END android-removed -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DSAParameters; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ElGamalParameters; -// import org.bouncycastle.crypto.params.GOST3410Parameters; -// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -// END android-removed - -public abstract class JDKAlgorithmParameterGenerator - extends AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - - protected void engineInit( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public static class DH - extends JDKAlgorithmParameterGenerator - { - private int l = 0; - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(genParamSpec instanceof DHGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); - } - DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; - - this.strength = spec.getPrimeSize(); - this.l = spec.getExponentSize(); - this.random = random; - } - - protected AlgorithmParameters engineGenerateParameters() - { - DHParametersGenerator pGen = new DHParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 20, random); - } - else - { - pGen.init(strength, 20, new SecureRandom()); - } - - DHParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME); - params.init(new DHParameterSpec(p.getP(), p.getG(), l)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class DSA - extends JDKAlgorithmParameterGenerator - { - protected void engineInit( - int strength, - SecureRandom random) - { - if (strength < 512 || strength > 1024 || strength % 64 != 0) - { - throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); - } - - this.strength = strength; - this.random = random; - } - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DSA parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - DSAParametersGenerator pGen = new DSAParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 20, random); - } - else - { - pGen.init(strength, 20, new SecureRandom()); - } - - DSAParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME); - params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG())); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - // BEGIN android-removed - // public static class GOST3410 - // extends JDKAlgorithmParameterGenerator - // { - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); - // - // if (random != null) - // { - // pGen.init(strength, 2, random); - // } - // else - // { - // pGen.init(strength, 2, new SecureRandom()); - // } - // - // GOST3410Parameters p = pGen.generateParameters(); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } - // - // public static class ElGamal - // extends JDKAlgorithmParameterGenerator - // { - // private int l = 0; - // - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // if (!(genParamSpec instanceof DHGenParameterSpec)) - // { - // throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); - // } - // DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; - // - // this.strength = spec.getPrimeSize(); - // this.l = spec.getExponentSize(); - // this.random = random; - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); - // - // if (random != null) - // { - // pGen.init(strength, 20, random); - // } - // else - // { - // pGen.init(strength, 20, new SecureRandom()); - // } - // - // ElGamalParameters p = pGen.generateParameters(); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new DHParameterSpec(p.getP(), p.getG(), l)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } - // - // public static class DES - // extends JDKAlgorithmParameterGenerator - // { - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // byte[] iv = new byte[8]; - // - // if (random == null) - // { - // random = new SecureRandom(); - // } - // - // random.nextBytes(iv); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new IvParameterSpec(iv)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } - // - // public static class RC2 - // extends JDKAlgorithmParameterGenerator - // { - // RC2ParameterSpec spec = null; - // - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // if (genParamSpec instanceof RC2ParameterSpec) - // { - // spec = (RC2ParameterSpec)genParamSpec; - // return; - // } - // - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // AlgorithmParameters params; - // - // if (spec == null) - // { - // byte[] iv = new byte[8]; - // - // if (random == null) - // { - // random = new SecureRandom(); - // } - // - // random.nextBytes(iv); - // - // try - // { - // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new IvParameterSpec(iv)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // } - // else - // { - // try - // { - // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); - // params.init(spec); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // } - // - // return params; - // } - // } - // END android-removed -} diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java index af88443..9a8cf9b 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +++ b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java @@ -1,53 +1,25 @@ package org.bouncycastle.jce.provider; -import org.bouncycastle.asn1.ASN1Encodable; +import java.io.IOException; +import java.security.AlgorithmParametersSpi; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.PBEParameterSpec; + import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -// import org.bouncycastle.asn1.oiw.ElGamalParameter; -// END android-removed -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -// END android-removed -import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; +import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; // BEGIN android-removed -// import org.bouncycastle.jce.spec.ElGamalParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; // import org.bouncycastle.jce.spec.IESParameterSpec; // END android-removed -import org.bouncycastle.util.Arrays; - -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.PSource; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// END android-removed -import java.io.IOException; -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.PSSParameterSpec; public abstract class JDKAlgorithmParameters extends AlgorithmParametersSpi @@ -72,286 +44,6 @@ public abstract class JDKAlgorithmParameters protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException; - public static class IVAlgorithmParameters - extends JDKAlgorithmParameters - { - private byte[] iv; - - protected byte[] engineGetEncoded() - throws IOException - { - return engineGetEncoded("ASN.1"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - return new DEROctetString(engineGetEncoded("RAW")).getEncoded(); - } - - if (format.equals("RAW")) - { - return Arrays.clone(iv); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IvParameterSpec)) - { - throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); - } - - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - - protected void engineInit( - byte[] params) - throws IOException - { - // - // check that we don't have a DER encoded octet string - // - if ((params.length % 8) != 0 - && params[0] == 0x04 && params[1] == params.length - 2) - { - ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(params); - - params = oct.getOctets(); - } - - this.iv = Arrays.clone(params); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - try - { - ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(params); - - engineInit(oct.getOctets()); - } - catch (Exception e) - { - throw new IOException("Exception decoding: " + e); - } - - return; - } - - if (format.equals("RAW")) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "IV Parameters"; - } - } - - // BEGIN android-removed - // public static class RC2AlgorithmParameters - // extends JDKAlgorithmParameters - // { - // private static final short[] table = { - // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - // }; - // - // private static final short[] ekb = { - // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - // }; - // - // private byte[] iv; - // private int parameterVersion = 58; - // - // protected byte[] engineGetEncoded() - // { - // return Arrays.clone(iv); - // } - // - // protected byte[] engineGetEncoded( - // String format) - // throws IOException - // { - // if (isASN1FormatString(format)) - // { - // if (parameterVersion == -1) - // { - // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); - // } - // else - // { - // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); - // } - // } - // - // if (format.equals("RAW")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == RC2ParameterSpec.class) - // { - // if (parameterVersion != -1) - // { - // if (parameterVersion < 256) - // { - // return new RC2ParameterSpec(ekb[parameterVersion], iv); - // } - // else - // { - // return new RC2ParameterSpec(parameterVersion, iv); - // } - // } - // } - // - // if (paramSpec == IvParameterSpec.class) - // { - // return new IvParameterSpec(iv); - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec instanceof IvParameterSpec) - // { - // this.iv = ((IvParameterSpec)paramSpec).getIV(); - // } - // else if (paramSpec instanceof RC2ParameterSpec) - // { - // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - // if (effKeyBits != -1) - // { - // if (effKeyBits < 256) - // { - // parameterVersion = table[effKeyBits]; - // } - // else - // { - // parameterVersion = effKeyBits; - // } - // } - // - // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); - // } - // else - // { - // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); - // } - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // this.iv = Arrays.clone(params); - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format)) - // { - // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Object.fromByteArray(params)); - // - // if (p.getRC2ParameterVersion() != null) - // { - // parameterVersion = p.getRC2ParameterVersion().intValue(); - // } - // - // iv = p.getIV(); - // - // return; - // } - // - // if (format.equals("RAW")) - // { - // engineInit(params); - // return; - // } - // - // throw new IOException("Unknown parameters format in IV parameters object"); - // } - // - // protected String engineToString() - // { - // return "RC2 Parameters"; - // } - // } - // END android-removed - public static class PBKDF2 extends JDKAlgorithmParameters { @@ -361,7 +53,7 @@ public abstract class JDKAlgorithmParameters { try { - return params.getEncoded(ASN1Encodable.DER); + return params.getEncoded(ASN1Encoding.DER); } catch (IOException e) { @@ -412,7 +104,7 @@ public abstract class JDKAlgorithmParameters byte[] params) throws IOException { - this.params = PBKDF2Params.getInstance(ASN1Object.fromByteArray(params)); + this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); } protected void engineInit( @@ -439,19 +131,19 @@ public abstract class JDKAlgorithmParameters extends JDKAlgorithmParameters { PKCS12PBEParams params; - + protected byte[] engineGetEncoded() { try { - return params.getEncoded(ASN1Encodable.DER); + return params.getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException("Oooops! " + e.toString()); } } - + protected byte[] engineGetEncoded( String format) { @@ -459,10 +151,10 @@ public abstract class JDKAlgorithmParameters { return engineGetEncoded(); } - + return null; } - + protected AlgorithmParameterSpec localEngineGetParameterSpec( Class paramSpec) throws InvalidParameterSpecException @@ -472,10 +164,10 @@ public abstract class JDKAlgorithmParameters return new PBEParameterSpec(params.getIV(), params.getIterations().intValue()); } - + throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); } - + protected void engineInit( AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException @@ -484,129 +176,18 @@ public abstract class JDKAlgorithmParameters { throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); } - + PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - + this.params = new PKCS12PBEParams(pbeSpec.getSalt(), pbeSpec.getIterationCount()); } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Object.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } - - public static class DH - extends JDKAlgorithmParameters - { - DHParameterSpec currentSpec; - - /** - * Return the PKCS#3 ASN.1 structure DHParameter. - * <p> - * <pre> - * DHParameter ::= SEQUENCE { - * prime INTEGER, -- p - * base INTEGER, -- g - * privateValueLength INTEGER OPTIONAL} - * </pre> - */ - protected byte[] engineGetEncoded() - { - DHParameter dhP = new DHParameter(currentSpec.getP(), currentSpec.getG(), currentSpec.getL()); - - try - { - return dhP.getEncoded(ASN1Encodable.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding DHParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == DHParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to DH parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof DHParameterSpec)) - { - throw new InvalidParameterSpecException("DHParameterSpec required to initialise a Diffie-Hellman algorithm parameters object"); - } - - this.currentSpec = (DHParameterSpec)paramSpec; - } protected void engineInit( byte[] params) throws IOException { - try - { - DHParameter dhP = new DHParameter((ASN1Sequence)ASN1Object.fromByteArray(params)); - - if (dhP.getL() != null) - { - currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG(), dhP.getL().intValue()); - } - else - { - currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG()); - } - } - catch (ClassCastException e) - { - throw new IOException("Not a valid DH Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid DH Parameter encoding."); - } + this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); } protected void engineInit( @@ -617,348 +198,19 @@ public abstract class JDKAlgorithmParameters if (isASN1FormatString(format)) { engineInit(params); + return; } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "Diffie-Hellman Parameters"; - } - } - - public static class DSA - extends JDKAlgorithmParameters - { - DSAParameterSpec currentSpec; - - /** - * Return the X.509 ASN.1 structure DSAParameter. - * <p> - * <pre> - * DSAParameter ::= SEQUENCE { - * prime INTEGER, -- p - * subprime INTEGER, -- q - * base INTEGER, -- g} - * </pre> - */ - protected byte[] engineGetEncoded() - { - DSAParameter dsaP = new DSAParameter(currentSpec.getP(), currentSpec.getQ(), currentSpec.getG()); - - try - { - return dsaP.getEncoded(ASN1Encodable.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding DSAParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == DSAParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to DSA parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof DSAParameterSpec)) - { - throw new InvalidParameterSpecException("DSAParameterSpec required to initialise a DSA algorithm parameters object"); - } - - this.currentSpec = (DSAParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - DSAParameter dsaP = new DSAParameter((ASN1Sequence)ASN1Object.fromByteArray(params)); - - currentSpec = new DSAParameterSpec(dsaP.getP(), dsaP.getQ(), dsaP.getG()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid DSA Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid DSA Parameter encoding."); - } - } - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } + throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); } protected String engineToString() { - return "DSA Parameters"; + return "PKCS12 PBE Parameters"; } } - - // BEGIN android-removed - // public static class GOST3410 - // extends JDKAlgorithmParameters - // { - // GOST3410ParameterSpec currentSpec; - // - // /** - // * Return the X.509 ASN.1 structure GOST3410Parameter. - // * <p> - // * <pre> - // * GOST3410Parameter ::= SEQUENCE { - // * prime INTEGER, -- p - // * subprime INTEGER, -- q - // * base INTEGER, -- a} - // * </pre> - // */ - // protected byte[] engineGetEncoded() - // { - // GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID())); - // - // try - // { - // return gost3410P.getEncoded(ASN1Encodable.DER); - // } - // catch (IOException e) - // { - // throw new RuntimeException("Error encoding GOST3410Parameters"); - // } - // } - // - // protected byte[] engineGetEncoded( - // String format) - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) - // { - // return currentSpec; - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (!(paramSpec instanceof GOST3410ParameterSpec)) - // { - // throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); - // } - // - // this.currentSpec = (GOST3410ParameterSpec)paramSpec; - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // try - // { - // ASN1Sequence seq = (ASN1Sequence) ASN1Object.fromByteArray(params); - // - // this.currentSpec = GOST3410ParameterSpec.fromPublicKeyAlg( - // new GOST3410PublicKeyAlgParameters(seq)); - // } - // catch (ClassCastException e) - // { - // throw new IOException("Not a valid GOST3410 Parameter encoding."); - // } - // catch (ArrayIndexOutOfBoundsException e) - // { - // throw new IOException("Not a valid GOST3410 Parameter encoding."); - // } - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // engineInit(params); - // } - // else - // { - // throw new IOException("Unknown parameter format " + format); - // } - // } - // - // protected String engineToString() - // { - // return "GOST3410 Parameters"; - // } - // } - // public static class ElGamal - // extends JDKAlgorithmParameters - // { - // ElGamalParameterSpec currentSpec; - // - // /** - // * Return the X.509 ASN.1 structure ElGamalParameter. - // * <p> - // * <pre> - // * ElGamalParameter ::= SEQUENCE { - // * prime INTEGER, -- p - // * base INTEGER, -- g} - // * </pre> - // */ - // protected byte[] engineGetEncoded() - // { - // ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); - // - // try - // { - // return elP.getEncoded(ASN1Encodable.DER); - // } - // catch (IOException e) - // { - // throw new RuntimeException("Error encoding ElGamalParameters"); - // } - // } - // - // protected byte[] engineGetEncoded( - // String format) - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == ElGamalParameterSpec.class) - // { - // return currentSpec; - // } - // else if (paramSpec == DHParameterSpec.class) - // { - // return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) - // { - // throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); - // } - // - // if (paramSpec instanceof ElGamalParameterSpec) - // { - // this.currentSpec = (ElGamalParameterSpec)paramSpec; - // } - // else - // { - // DHParameterSpec s = (DHParameterSpec)paramSpec; - // - // this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); - // } - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // try - // { - // ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)ASN1Object.fromByteArray(params)); - // - // currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); - // } - // catch (ClassCastException e) - // { - // throw new IOException("Not a valid ElGamal Parameter encoding."); - // } - // catch (ArrayIndexOutOfBoundsException e) - // { - // throw new IOException("Not a valid ElGamal Parameter encoding."); - // } - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // engineInit(params); - // } - // else - // { - // throw new IOException("Unknown parameter format " + format); - // } - // } - // - // protected String engineToString() - // { - // return "ElGamal Parameters"; - // } - // } - // + // BEGIN android-removed // public static class IES // extends JDKAlgorithmParameters // { @@ -978,7 +230,7 @@ public abstract class JDKAlgorithmParameters // v.add(new DEROctetString(currentSpec.getEncodingV())); // v.add(new DERInteger(currentSpec.getMacKeySize())); // - // return new DERSequence(v).getEncoded(ASN1Encodable.DER); + // return new DERSequence(v).getEncoded(ASN1Encoding.DER); // } // catch (IOException e) // { @@ -1027,7 +279,7 @@ public abstract class JDKAlgorithmParameters // { // try // { - // ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(params); + // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); // // this.currentSpec = new IESParameterSpec( // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), @@ -1065,234 +317,4 @@ public abstract class JDKAlgorithmParameters // } // } // END android-removed - - public static class OAEP - extends JDKAlgorithmParameters - { - OAEPParameterSpec currentSpec; - - /** - * Return the PKCS#1 ASN.1 structure RSAES-OAEP-params. - */ - protected byte[] engineGetEncoded() - { - AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - JCEDigestUtil.getOID(currentSpec.getDigestAlgorithm()), - // BEGIN android-changed - DERNull.INSTANCE); - // END android-changed - MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); - AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_mgf1, - // BEGIN android-changed - new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); - // END android-changed - PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); - AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); - RSAESOAEPparams oaepP = new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, pSourceAlgorithm); - - try - { - return oaepP.getEncoded(ASN1Encodable.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding OAEPParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == OAEPParameterSpec.class && currentSpec != null) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to OAEP parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof OAEPParameterSpec)) - { - throw new InvalidParameterSpecException("OAEPParameterSpec required to initialise an OAEP algorithm parameters object"); - } - - this.currentSpec = (OAEPParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - RSAESOAEPparams oaepP = new RSAESOAEPparams((ASN1Sequence)ASN1Object.fromByteArray(params)); - - currentSpec = new OAEPParameterSpec( - oaepP.getHashAlgorithm().getObjectId().getId(), - oaepP.getMaskGenAlgorithm().getObjectId().getId(), - new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()), - new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid OAEP Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid OAEP Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "OAEP Parameters"; - } - } - - // BEGIN android-removed - // public static class PSS - // extends JDKAlgorithmParameters - // { - // PSSParameterSpec currentSpec; - // - // /** - // * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params. - // */ - // protected byte[] engineGetEncoded() - // throws IOException - // { - // PSSParameterSpec pssSpec = currentSpec; - // AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - // JCEDigestUtil.getOID(pssSpec.getDigestAlgorithm()), - // // BEGIN android-changed - // DERNull.INSTANCE); - // // END android-changed - // MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); - // AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - // PKCSObjectIdentifiers.id_mgf1, - // // BEGIN android-changed - // new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); - // // END android-changed - // RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new DERInteger(pssSpec.getSaltLength()), new DERInteger(pssSpec.getTrailerField())); - // - // return pssP.getEncoded("DER"); - // } - // - // protected byte[] engineGetEncoded( - // String format) - // throws IOException - // { - // if (format.equalsIgnoreCase("X.509") - // || format.equalsIgnoreCase("ASN.1")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == PSSParameterSpec.class && currentSpec != null) - // { - // return currentSpec; - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (!(paramSpec instanceof PSSParameterSpec)) - // { - // throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object"); - // } - // - // this.currentSpec = (PSSParameterSpec)paramSpec; - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // try - // { - // RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)ASN1Object.fromByteArray(params)); - // - // currentSpec = new PSSParameterSpec( - // pssP.getHashAlgorithm().getObjectId().getId(), - // pssP.getMaskGenAlgorithm().getObjectId().getId(), - // new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()), - // pssP.getSaltLength().getValue().intValue(), - // pssP.getTrailerField().getValue().intValue()); - // } - // catch (ClassCastException e) - // { - // throw new IOException("Not a valid PSS Parameter encoding."); - // } - // catch (ArrayIndexOutOfBoundsException e) - // { - // throw new IOException("Not a valid PSS Parameter encoding."); - // } - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // engineInit(params); - // } - // else - // { - // throw new IOException("Unknown parameter format " + format); - // } - // } - // - // protected String engineToString() - // { - // return "PSS Parameters"; - // } - // } - // END android-removed } diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java index 5d016d0..379120e 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java @@ -1,16 +1,5 @@ package org.bouncycastle.jce.provider; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; @@ -21,6 +10,21 @@ import java.security.spec.DSAParameterSpec; import java.security.spec.DSAPrivateKeySpec; import java.util.Enumeration; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.DSAParameter; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; + public class JDKDSAPrivateKey implements DSAPrivateKey, PKCS12BagAttributeCarrier { @@ -51,9 +55,10 @@ public class JDKDSAPrivateKey JDKDSAPrivateKey( PrivateKeyInfo info) + throws IOException { DSAParameter params = new DSAParameter((ASN1Sequence)info.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)info.getPrivateKey(); + DERInteger derX = ASN1Integer.getInstance(info.parsePrivateKey()); this.x = derX.getValue(); this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); @@ -89,9 +94,16 @@ public class JDKDSAPrivateKey */ public byte[] getEncoded() { - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).getDERObject()), new DERInteger(getX())); + try + { + PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new DERInteger(getX())); - return info.getDEREncoded(); + return info.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } } public DSAParams getParams() @@ -127,13 +139,13 @@ public class JDKDSAPrivateKey } public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) { attrCarrier.setBagAttribute(oid, attribute); } - public DEREncodable getBagAttribute( + public ASN1Encodable getBagAttribute( DERObjectIdentifier oid) { return attrCarrier.getBagAttribute(oid); diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java index 392f532..16a964d 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java +++ b/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java @@ -1,15 +1,5 @@ package org.bouncycastle.jce.provider; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; @@ -19,6 +9,17 @@ import java.security.interfaces.DSAPublicKey; import java.security.spec.DSAParameterSpec; import java.security.spec.DSAPublicKeySpec; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.DSAParameter; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.crypto.params.DSAPublicKeyParameters; + public class JDKDSAPublicKey implements DSAPublicKey { @@ -64,7 +65,7 @@ public class JDKDSAPublicKey try { - derY = (DERInteger)info.getPublicKey(); + derY = (DERInteger)info.parsePublicKey(); } catch (IOException e) { @@ -81,7 +82,7 @@ public class JDKDSAPublicKey } } - private boolean isNotNull(DEREncodable parameters) + private boolean isNotNull(ASN1Encodable parameters) { return parameters != null && !DERNull.INSTANCE.equals(parameters); } @@ -98,12 +99,19 @@ public class JDKDSAPublicKey public byte[] getEncoded() { - if (dsaSpec == null) + try { - return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new DERInteger(y)).getDEREncoded(); - } + if (dsaSpec == null) + { + return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new DERInteger(y)).getEncoded(ASN1Encoding.DER); + } - return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).getDERObject()), new DERInteger(y)).getDEREncoded(); + return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new DERInteger(y)).getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } } public DSAParams getParams() diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java deleted file mode 100644 index 3ed5821..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java +++ /dev/null @@ -1,570 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactorySpi; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.DSAPrivateKeySpec; -import java.security.spec.DSAPublicKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHPrivateKeySpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -// import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -// import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; -// import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; -// import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; -// END android-removed - -public abstract class JDKKeyFactory - extends KeyFactorySpi -{ - // BEGIN android-removed - // protected boolean elGamalFactory = false; - // END android-removed - - public JDKKeyFactory() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey) - { - RSAPublicKey k = (RSAPublicKey)key; - - return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent()); - } - else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof RSAPrivateKey) - { - RSAPrivateKey k = (RSAPrivateKey)key; - - return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent()); - } - else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey) - { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; - - return new RSAPrivateCrtKeySpec( - k.getModulus(), k.getPublicExponent(), - k.getPrivateExponent(), - k.getPrimeP(), k.getPrimeQ(), - k.getPrimeExponentP(), k.getPrimeExponentQ(), - k.getCrtCoefficient()); - } - else if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG()); - } - else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); - } - // BEGIN android-added - else if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey) - { - DSAPublicKey k = (DSAPublicKey)key; - - return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); - } - else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof DSAPrivateKey) - { - DSAPrivateKey k = (DSAPrivateKey)key; - - return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); - } - // END android-added - - throw new RuntimeException("not implemented yet " + key + " " + spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof RSAPublicKey) - { - return new JCERSAPublicKey((RSAPublicKey)key); - } - else if (key instanceof RSAPrivateCrtKey) - { - return new JCERSAPrivateCrtKey((RSAPrivateCrtKey)key); - } - else if (key instanceof RSAPrivateKey) - { - return new JCERSAPrivateKey((RSAPrivateKey)key); - } - else if (key instanceof DHPublicKey) - { - // BEGIN android-removed - // if (elGamalFactory) - // { - // return new JCEElGamalPublicKey((DHPublicKey)key); - // } - // else - // { - // END android-removed - return new JCEDHPublicKey((DHPublicKey)key); - // BEGIN android-removed - // } - // END android-removed - } - else if (key instanceof DHPrivateKey) - { - // BEGIN android-removed - // if (elGamalFactory) - // { - // return new JCEElGamalPrivateKey((DHPrivateKey)key); - // } - // else - // { - // END android-removed - return new JCEDHPrivateKey((DHPrivateKey)key); - // BEGIN android-removed - // } - // END android-removed - } - else if (key instanceof DSAPublicKey) - { - return new JDKDSAPublicKey((DSAPublicKey)key); - } - else if (key instanceof DSAPrivateKey) - { - return new JDKDSAPrivateKey((DSAPrivateKey)key); - } - // BEGIN android-removed - // else if (key instanceof ElGamalPublicKey) - // { - // return new JCEElGamalPublicKey((ElGamalPublicKey)key); - // } - // else if (key instanceof ElGamalPrivateKey) - // { - // return new JCEElGamalPrivateKey((ElGamalPrivateKey)key); - // } - // END android-removed - - throw new InvalidKeyException("key type unknown"); - } - - /** - * create a public key from the given DER encoded input stream. - */ - public static PublicKey createPublicKeyFromDERStream( - byte[] in) - throws IOException - { - return createPublicKeyFromPublicKeyInfo( - new SubjectPublicKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(in))); - } - - /** - * create a public key from the given public key info object. - */ - static PublicKey createPublicKeyFromPublicKeyInfo( - SubjectPublicKeyInfo info) - { - DERObjectIdentifier algOid = info.getAlgorithmId().getObjectId(); - - if (RSAUtil.isRsaOid(algOid)) - { - return new JCERSAPublicKey(info); - } - else if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new JCEDHPublicKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new JCEDHPublicKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) - // { - // return new JCEElGamalPublicKey(info); - // } - // END android-removed - else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) - { - return new JDKDSAPublicKey(info); - } - else if (algOid.equals(OIWObjectIdentifiers.dsaWithSHA1)) - { - return new JDKDSAPublicKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - { - return new JCEECPublicKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - // { - // return new JDKGOST3410PublicKey(info); - // } - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) - // { - // return new JCEECPublicKey(info); - // } - else - { - throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - /** - * create a private key from the given DER encoded input stream. - */ - protected static PrivateKey createPrivateKeyFromDERStream( - byte[] in) - throws IOException - { - return createPrivateKeyFromPrivateKeyInfo( - new PrivateKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(in))); - } - - /** - * create a private key from the given public key info object. - */ - static PrivateKey createPrivateKeyFromPrivateKeyInfo( - PrivateKeyInfo info) - { - DERObjectIdentifier algOid = info.getAlgorithmId().getObjectId(); - - if (RSAUtil.isRsaOid(algOid)) - { - return new JCERSAPrivateCrtKey(info); - } - else if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new JCEDHPrivateKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new JCEDHPrivateKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) - // { - // return new JCEElGamalPrivateKey(info); - // } - // END android-removed - else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) - { - return new JDKDSAPrivateKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - { - return new JCEECPrivateKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - // { - // return new JDKGOST3410PrivateKey(info); - // } - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) - // { - // return new JCEECPrivateKey(info); - // } - // END android-removed - else - { - throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public static class RSA - extends JDKKeyFactory - { - public RSA() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - // - // in case it's just a RSAPrivateKey object... - // - try - { - return new JCERSAPrivateCrtKey( - new RSAPrivateKeyStructure( - (ASN1Sequence) ASN1Object.fromByteArray(((PKCS8EncodedKeySpec)keySpec).getEncoded()))); - } - catch (Exception ex) - { - throw new InvalidKeySpecException(ex.toString()); - } - } - } - else if (keySpec instanceof RSAPrivateCrtKeySpec) - { - return new JCERSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec); - } - else if (keySpec instanceof RSAPrivateKeySpec) - { - return new JCERSAPrivateKey((RSAPrivateKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof RSAPublicKeySpec) - { - return new JCERSAPublicKey((RSAPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - } - - public static class DH - extends JDKKeyFactory - { - public DH() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DHPrivateKeySpec) - { - return new JCEDHPrivateKey((DHPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DHPublicKeySpec) - { - return new JCEDHPublicKey((DHPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - } - - public static class DSA - extends JDKKeyFactory - { - public DSA() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DSAPrivateKeySpec) - { - return new JDKDSAPrivateKey((DSAPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DSAPublicKeySpec) - { - return new JDKDSAPublicKey((DSAPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - } - - // BEGIN android-removed - // public static class GOST3410 - // extends JDKKeyFactory - // { - // public GOST3410() - // { - // } - // - // protected PrivateKey engineGeneratePrivate( - // KeySpec keySpec) - // throws InvalidKeySpecException - // { - // if (keySpec instanceof GOST3410PrivateKeySpec) - // { - // return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); - // } - // - // return super.engineGeneratePrivate(keySpec); - // } - // - // protected PublicKey engineGeneratePublic( - // KeySpec keySpec) - // throws InvalidKeySpecException - // { - // if (keySpec instanceof GOST3410PublicKeySpec) - // { - // return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); - // } - // - // return super.engineGeneratePublic(keySpec); - // } - // } - - // public static class ElGamal - // extends JDKKeyFactory - // { - // public ElGamal() - // { - // elGamalFactory = true; - // } - // - // protected PrivateKey engineGeneratePrivate( - // KeySpec keySpec) - // throws InvalidKeySpecException - // { - // if (keySpec instanceof ElGamalPrivateKeySpec) - // { - // return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); - // } - // else if (keySpec instanceof DHPrivateKeySpec) - // { - // return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec); - // } - // - // return super.engineGeneratePrivate(keySpec); - // } - // - // protected PublicKey engineGeneratePublic( - // KeySpec keySpec) - // throws InvalidKeySpecException - // { - // if (keySpec instanceof ElGamalPublicKeySpec) - // { - // return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec); - // } - // else if (keySpec instanceof DHPublicKeySpec) - // { - // return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec); - // } - // - // return super.engineGeneratePublic(keySpec); - // } - // } - // - // - // - // /** - // * This isn't really correct, however the class path project API seems to think such - // * a key factory will exist. - // */ - // public static class X509 - // extends JDKKeyFactory - // { - // public X509() - // { - // } - // } - // END android-removed -} diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java deleted file mode 100644 index e0f4246..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java +++ /dev/null @@ -1,410 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator; -import org.bouncycastle.crypto.generators.DHParametersGenerator; -import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; -import org.bouncycastle.crypto.generators.DSAParametersGenerator; -// BEGIN android-removed -// import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; -// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -// import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; -// END android-removed -import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; -import org.bouncycastle.crypto.params.DHKeyGenerationParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.crypto.params.DSAKeyGenerationParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters; -// import org.bouncycastle.crypto.params.ElGamalParameters; -// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -// import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters; -// import org.bouncycastle.crypto.params.GOST3410Parameters; -// import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters; -// import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters; -// END android-removed -import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.ElGamalParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -// END android-removed - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; -import java.security.spec.RSAKeyGenParameterSpec; -import java.util.Hashtable; - -import javax.crypto.spec.DHParameterSpec; - -public abstract class JDKKeyPairGenerator - extends KeyPairGenerator -{ - public JDKKeyPairGenerator( - String algorithmName) - { - super(algorithmName); - } - - public abstract void initialize(int strength, SecureRandom random); - - public abstract KeyPair generateKeyPair(); - - public static class RSA - extends JDKKeyPairGenerator - { - final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001); - final static int defaultTests = 12; - - RSAKeyGenerationParameters param; - RSAKeyPairGenerator engine; - - public RSA() - { - super("RSA"); - - engine = new RSAKeyPairGenerator(); - param = new RSAKeyGenerationParameters(defaultPublicExponent, - new SecureRandom(), 2048, defaultTests); - engine.init(param); - } - - public void initialize( - int strength, - SecureRandom random) - { - param = new RSAKeyGenerationParameters(defaultPublicExponent, - random, strength, defaultTests); - - engine.init(param); - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof RSAKeyGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a RSAKeyGenParameterSpec"); - } - RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec)params; - - param = new RSAKeyGenerationParameters( - rsaParams.getPublicExponent(), - random, rsaParams.getKeysize(), defaultTests); - - engine.init(param); - } - - public KeyPair generateKeyPair() - { - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - RSAKeyParameters pub = (RSAKeyParameters)pair.getPublic(); - RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters)pair.getPrivate(); - - return new KeyPair(new JCERSAPublicKey(pub), - new JCERSAPrivateCrtKey(priv)); - } - } - - public static class DH - extends JDKKeyPairGenerator - { - private static Hashtable params = new Hashtable(); - - DHKeyGenerationParameters param; - DHBasicKeyPairGenerator engine = new DHBasicKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public DH() - { - super("DH"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof DHParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec"); - } - DHParameterSpec dhParams = (DHParameterSpec)params; - - param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - // BEGIN android-changed - Integer paramStrength = Integer.valueOf(strength); - // END android-changed - - if (params.containsKey(paramStrength)) - { - param = (DHKeyGenerationParameters)params.get(paramStrength); - } - else - { - DHParametersGenerator pGen = new DHParametersGenerator(); - - pGen.init(strength, certainty, random); - - param = new DHKeyGenerationParameters(random, pGen.generateParameters()); - - params.put(paramStrength, param); - } - - engine.init(param); - - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - DHPublicKeyParameters pub = (DHPublicKeyParameters)pair.getPublic(); - DHPrivateKeyParameters priv = (DHPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new JCEDHPublicKey(pub), - new JCEDHPrivateKey(priv)); - } - } - - public static class DSA - extends JDKKeyPairGenerator - { - DSAKeyGenerationParameters param; - DSAKeyPairGenerator engine = new DSAKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public DSA() - { - super("DSA"); - } - - public void initialize( - int strength, - SecureRandom random) - { - if (strength < 512 || strength > 1024 || strength % 64 != 0) - { - throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); - } - - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof DSAParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DSAParameterSpec"); - } - DSAParameterSpec dsaParams = (DSAParameterSpec)params; - - param = new DSAKeyGenerationParameters(random, new DSAParameters(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - DSAParametersGenerator pGen = new DSAParametersGenerator(); - - pGen.init(strength, certainty, random); - param = new DSAKeyGenerationParameters(random, pGen.generateParameters()); - engine.init(param); - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - DSAPublicKeyParameters pub = (DSAPublicKeyParameters)pair.getPublic(); - DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new JDKDSAPublicKey(pub), - new JDKDSAPrivateKey(priv)); - } - } - - // BEGIN android-removed - // public static class ElGamal - // extends JDKKeyPairGenerator - // { - // ElGamalKeyGenerationParameters param; - // ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); - // int strength = 1024; - // int certainty = 20; - // SecureRandom random = new SecureRandom(); - // boolean initialised = false; - // - // public ElGamal() - // { - // super("ElGamal"); - // } - // - // public void initialize( - // int strength, - // SecureRandom random) - // { - // this.strength = strength; - // this.random = random; - // } - // - // public void initialize( - // AlgorithmParameterSpec params, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) - // { - // throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); - // } - // - // if (params instanceof ElGamalParameterSpec) - // { - // ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; - - // param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); - // } - // else - // { - // DHParameterSpec dhParams = (DHParameterSpec)params; - // - // param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG(), dhParams.getL())); - // } - // - // engine.init(param); - // initialised = true; - // } - // - // public KeyPair generateKeyPair() - // { - // if (!initialised) - // { - // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); - // - // pGen.init(strength, certainty, random); - // param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); - // engine.init(param); - // initialised = true; - // } - // - // AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - // ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); - // ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); - // - // return new KeyPair(new JCEElGamalPublicKey(pub), - // new JCEElGamalPrivateKey(priv)); - // } - // } - // END android-removed - - // BEGIN android-removed - // public static class GOST3410 - // extends JDKKeyPairGenerator - // { - // GOST3410KeyGenerationParameters param; - // GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); - // GOST3410ParameterSpec gost3410Params; - // int strength = 1024; - // SecureRandom random = null; - // boolean initialised = false; - // - // public GOST3410() - // { - // super("GOST3410"); - // } - // - // public void initialize( - // int strength, - // SecureRandom random) - // { - // this.strength = strength; - // this.random = random; - // } - // - // private void init( - // GOST3410ParameterSpec gParams, - // SecureRandom random) - // { - // GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); - // - // param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); - // - // engine.init(param); - // - // initialised = true; - // gost3410Params = gParams; - // } - // - // public void initialize( - // AlgorithmParameterSpec params, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // if (!(params instanceof GOST3410ParameterSpec)) - // { - // throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); - // } - // - // init((GOST3410ParameterSpec)params, random); - // } - // - // public KeyPair generateKeyPair() - // { - // if (!initialised) - // { - // init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); - // } - // - // AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - // GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); - // GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); - // - // return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params)); - // } - // } - // END android-removed -} diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java index 1c68095..cac736d 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java +++ b/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java @@ -54,12 +54,13 @@ import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jce.interfaces.BCKeyStore; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.Streams; +import org.bouncycastle.util.io.TeeOutputStream; public class JDKKeyStore extends KeyStoreSpi implements BCKeyStore { - private static final int STORE_VERSION = 1; + private static final int STORE_VERSION = 2; private static final int STORE_SALT_SIZE = 20; private static final String STORE_CIPHER = "PBEWithSHAAndTwofish-CBC"; @@ -447,7 +448,6 @@ public class JDKKeyStore } catch (Exception e) { - throw new IOException("Exception creating key: " + e.toString()); } } @@ -807,13 +807,19 @@ public class JDKKeyStore if (version != STORE_VERSION) { - if (version != 0) + if (version != 0 && version != 1) { throw new IOException("Wrong version of key store."); } } - byte[] salt = new byte[dIn.readInt()]; + int saltLength = dIn.readInt(); + if (saltLength <= 0) + { + throw new IOException("Invalid salt detected"); + } + + byte[] salt = new byte[saltLength]; dIn.readFully(salt); @@ -833,7 +839,18 @@ public class JDKKeyStore PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1()); // END android-changed pbeGen.init(passKey, salt, iterationCount); - CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize()); + + CipherParameters macParams; + + if (version != 2) + { + macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize()); + } + else + { + macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8); + } + Arrays.fill(passKey, (byte)0); hMac.init(macParams); @@ -884,21 +901,21 @@ public class JDKKeyStore // BEGIN android-changed HMac hMac = new HMac(new OpenSSLDigest.SHA1()); - MacOutputStream mOut = new MacOutputStream(dOut, hMac); + MacOutputStream mOut = new MacOutputStream(hMac); PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1()); // END android-changed byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); for (int i = 0; i != passKey.length; i++) { passKey[i] = 0; } - saveStore(mOut); + saveStore(new TeeOutputStream(dOut, mOut)); byte[] mac = new byte[hMac.getMacSize()]; @@ -911,7 +928,7 @@ public class JDKKeyStore /** * the BouncyCastle store. This wont work with the key tool as the - * store is stored encrypteed on disk, so the password is mandatory, + * store is stored encrypted on disk, so the password is mandatory, * however if you hard drive is in a bad part of town and you absolutely, * positively, don't want nobody peeking at your things, this is the * one to use, no problem! After all in a Bouncy Castle nothing can @@ -939,7 +956,7 @@ public class JDKKeyStore if (version != STORE_VERSION) { - if (version != 0) + if (version != 0 && version != 1) { throw new IOException("Wrong version of key store."); } @@ -996,8 +1013,7 @@ public class JDKKeyStore throw new IOException("KeyStore integrity check failed."); } } - - + public void engineStore(OutputStream stream, char[] password) throws IOException { @@ -1017,18 +1033,16 @@ public class JDKKeyStore CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); // BEGIN android-changed - DigestOutputStream dgOut = new DigestOutputStream(cOut, new OpenSSLDigest.SHA1()); + DigestOutputStream dgOut = new DigestOutputStream(new OpenSSLDigest.SHA1()); // END android-changed - this.saveStore(dgOut); - Digest dig = dgOut.getDigest(); - byte[] hash = new byte[dig.getDigestSize()]; + this.saveStore(new TeeOutputStream(cOut, dgOut)); - dig.doFinal(hash, 0); - - cOut.write(hash); + byte[] dig = dgOut.getDigest(); + + cOut.write(dig); cOut.close(); } - } + } } diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java b/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java deleted file mode 100644 index 0accdc4..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java +++ /dev/null @@ -1,342 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.MessageDigest; - -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.*; - -public class JDKMessageDigest - extends MessageDigest -{ - Digest digest; - - protected JDKMessageDigest( - Digest digest) - { - super(digest.getAlgorithmName()); - - this.digest = digest; - } - - public void engineReset() - { - digest.reset(); - } - - public void engineUpdate( - byte input) - { - digest.update(input); - } - - public void engineUpdate( - byte[] input, - int offset, - int len) - { - digest.update(input, offset, len); - } - - public byte[] engineDigest() - { - byte[] digestBytes = new byte[digest.getDigestSize()]; - - digest.doFinal(digestBytes, 0); - - return digestBytes; - } - - /** - * classes that extend directly off us. - */ - static public class SHA1 - extends JDKMessageDigest - implements Cloneable - { - public SHA1() - { - super(new SHA1Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA1 d = (SHA1)super.clone(); - d.digest = new SHA1Digest((SHA1Digest)digest); - - return d; - } - } - - // BEGIN android-removed - // static public class SHA224 - // extends JDKMessageDigest - // implements Cloneable - // { - // public SHA224() - // { - // super(new SHA224Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // SHA224 d = (SHA224)super.clone(); - // d.digest = new SHA224Digest((SHA224Digest)digest); - // - // return d; - // } - // } - // END android-removed - - static public class SHA256 - extends JDKMessageDigest - implements Cloneable - { - public SHA256() - { - super(new SHA256Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA256 d = (SHA256)super.clone(); - d.digest = new SHA256Digest((SHA256Digest)digest); - - return d; - } - } - - static public class SHA384 - extends JDKMessageDigest - implements Cloneable - { - public SHA384() - { - super(new SHA384Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA384 d = (SHA384)super.clone(); - d.digest = new SHA384Digest((SHA384Digest)digest); - - return d; - } - } - - static public class SHA512 - extends JDKMessageDigest - implements Cloneable - { - public SHA512() - { - super(new SHA512Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA512 d = (SHA512)super.clone(); - d.digest = new SHA512Digest((SHA512Digest)digest); - - return d; - } - } - - // BEGIN android-removed - // static public class MD2 - // extends JDKMessageDigest - // implements Cloneable - // { - // public MD2() - // { - // super(new MD2Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // MD2 d = (MD2)super.clone(); - // d.digest = new MD2Digest((MD2Digest)digest); - // - // return d; - // } - // } - // - // static public class MD4 - // extends JDKMessageDigest - // implements Cloneable - // { - // public MD4() - // { - // super(new MD4Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // MD4 d = (MD4)super.clone(); - // d.digest = new MD4Digest((MD4Digest)digest); - // - // return d; - // } - // } - // END android-removed - - static public class MD5 - extends JDKMessageDigest - implements Cloneable - { - public MD5() - { - super(new MD5Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - MD5 d = (MD5)super.clone(); - d.digest = new MD5Digest((MD5Digest)digest); - - return d; - } - } - - // BEGIN android-removed - // static public class RIPEMD128 - // extends JDKMessageDigest - // implements Cloneable - // { - // public RIPEMD128() - // { - // super(new RIPEMD128Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // RIPEMD128 d = (RIPEMD128)super.clone(); - // d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); - // - // return d; - // } - // } - // - // static public class RIPEMD160 - // extends JDKMessageDigest - // implements Cloneable - // { - // public RIPEMD160() - // { - // super(new RIPEMD160Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // RIPEMD160 d = (RIPEMD160)super.clone(); - // d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); - // - // return d; - // } - // } - // - // static public class RIPEMD256 - // extends JDKMessageDigest - // implements Cloneable - // { - // public RIPEMD256() - // { - // super(new RIPEMD256Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // RIPEMD256 d = (RIPEMD256)super.clone(); - // d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); - // - // return d; - // } - // } - // - // static public class RIPEMD320 - // extends JDKMessageDigest - // implements Cloneable - // { - // public RIPEMD320() - // { - // super(new RIPEMD320Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // RIPEMD320 d = (RIPEMD320)super.clone(); - // d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); - // - // return d; - // } - // } - // - // static public class Tiger - // extends JDKMessageDigest - // implements Cloneable - // { - // public Tiger() - // { - // super(new TigerDigest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // Tiger d = (Tiger)super.clone(); - // d.digest = new TigerDigest((TigerDigest)digest); - // - // return d; - // } - // } - // - // static public class GOST3411 - // extends JDKMessageDigest - // implements Cloneable - // { - // public GOST3411() - // { - // super(new GOST3411Digest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // GOST3411 d = (GOST3411)super.clone(); - // d.digest = new GOST3411Digest((GOST3411Digest)digest); - // - // return d; - // } - // } - // - // static public class Whirlpool - // extends JDKMessageDigest - // implements Cloneable - // { - // public Whirlpool() - // { - // super(new WhirlpoolDigest()); - // } - // - // public Object clone() - // throws CloneNotSupportedException - // { - // Whirlpool d = (Whirlpool)super.clone(); - // d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); - // - // return d; - // } - // } - // END android-removed -} diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java index 9707b05..2d9f683 100644 --- a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +++ b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java @@ -8,6 +8,8 @@ import java.io.InputStream; import java.io.OutputStream; import java.security.Key; import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; import java.security.KeyStoreException; import java.security.KeyStoreSpi; import java.security.NoSuchAlgorithmException; @@ -17,8 +19,6 @@ import java.security.Provider; import java.security.PublicKey; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStore.ProtectionParameter; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -36,19 +36,19 @@ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BERConstructedOctetString; import org.bouncycastle.asn1.BEROutputStream; import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; @@ -70,6 +70,7 @@ import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jce.interfaces.BCKeyStore; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; import org.bouncycastle.util.Arrays; @@ -111,8 +112,8 @@ public class JDKPKCS12KeyStore // use of final causes problems with JDK 1.2 compiler private CertificateFactory certFact; - private DERObjectIdentifier keyAlgorithm; - private DERObjectIdentifier certAlgorithm; + private ASN1ObjectIdentifier keyAlgorithm; + private ASN1ObjectIdentifier certAlgorithm; private class CertId { @@ -156,8 +157,8 @@ public class JDKPKCS12KeyStore public JDKPKCS12KeyStore( Provider provider, - DERObjectIdentifier keyAlgorithm, - DERObjectIdentifier certAlgorithm) + ASN1ObjectIdentifier keyAlgorithm, + ASN1ObjectIdentifier certAlgorithm) { this.keyAlgorithm = keyAlgorithm; this.certAlgorithm = certAlgorithm; @@ -185,7 +186,7 @@ public class JDKPKCS12KeyStore try { SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence) ASN1Object.fromByteArray(pubKey.getEncoded())); + (ASN1Sequence) ASN1Primitive.fromByteArray(pubKey.getEncoded())); return new SubjectKeyIdentifier(info); } @@ -369,7 +370,7 @@ public class JDKPKCS12KeyStore byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); aIn = new ASN1InputStream(authBytes); - AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence)aIn.readObject()); + AuthorityKeyIdentifier id = AuthorityKeyIdentifier.getInstance((ASN1Sequence)aIn.readObject()); if (id.getKeyIdentifier() != null) { nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); @@ -567,8 +568,8 @@ public class JDKPKCS12KeyStore boolean wrongPKCS12Zero) throws IOException { - String algorithm = algId.getObjectId().getId(); - PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); + String algorithm = algId.getAlgorithm().getId(); + PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); PBEKeySpec pbeSpec = new PBEKeySpec(password); PrivateKey out; @@ -583,7 +584,7 @@ public class JDKPKCS12KeyStore SecretKey k = keyFact.generateSecret(pbeSpec); - ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); + ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); Cipher cipher = Cipher.getInstance(algorithm, bcProvider); @@ -640,8 +641,8 @@ public class JDKPKCS12KeyStore byte[] data) throws IOException { - String algorithm = algId.getObjectId().getId(); - PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); + String algorithm = algId.getAlgorithm().getId(); + PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); PBEKeySpec pbeSpec = new PBEKeySpec(password); try @@ -650,7 +651,7 @@ public class JDKPKCS12KeyStore PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); - JCEPBEKey key = (JCEPBEKey) keyFact.generateSecret(pbeSpec); + BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPKCS12Zero); @@ -695,7 +696,7 @@ public class JDKPKCS12KeyStore ASN1InputStream bIn = new ASN1InputStream(bufIn); ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); - Pfx bag = new Pfx(obj); + Pfx bag = Pfx.getInstance(obj); ContentInfo info = bag.getAuthSafe(); Vector chain = new Vector(); boolean unmarkedKey = false; @@ -751,7 +752,7 @@ public class JDKPKCS12KeyStore { bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); - AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject()); + AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); ContentInfo[] c = authSafe.getContentInfo(); for (int i = 0; i != c.length; i++) @@ -763,10 +764,10 @@ public class JDKPKCS12KeyStore for (int j = 0; j != seq.size(); j++) { - SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); + SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue()); + org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // @@ -782,19 +783,19 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - DERObject attr = null; + ASN1Primitive attr = null; if (attrSet.size() > 0) { - attr = (DERObject)attrSet.getObjectAt(0); + attr = (ASN1Primitive)attrSet.getObjectAt(0); - DEREncodable existing = bagAttr.getBagAttribute(aOid); + ASN1Encodable existing = bagAttr.getBagAttribute(aOid); if (existing != null) { // OK, but the value has to be the same - if (!existing.getDERObject().equals(attr)) + if (!existing.toASN1Primitive().equals(attr)) { throw new IOException( "attempt to add existing attribute with different value"); @@ -850,14 +851,14 @@ public class JDKPKCS12KeyStore } else if (c[i].getContentType().equals(encryptedData)) { - EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent()); + EncryptedData d = EncryptedData.getInstance(c[i].getContent()); byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), password, wrongPKCS12Zero, d.getContent().getOctets()); - ASN1Sequence seq = (ASN1Sequence) ASN1Object.fromByteArray(octets); + ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(octets); for (int j = 0; j != seq.size(); j++) { - SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); + SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); if (b.getBagId().equals(certBag)) { @@ -865,7 +866,7 @@ public class JDKPKCS12KeyStore } else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue()); + org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // @@ -879,19 +880,19 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet= (ASN1Set)sq.getObjectAt(1); - DERObject attr = null; + ASN1Primitive attr = null; if (attrSet.size() > 0) { - attr = (DERObject)attrSet.getObjectAt(0); + attr = (ASN1Primitive)attrSet.getObjectAt(0); - DEREncodable existing = bagAttr.getBagAttribute(aOid); + ASN1Encodable existing = bagAttr.getBagAttribute(aOid); if (existing != null) { // OK, but the value has to be the same - if (!existing.getDERObject().equals(attr)) + if (!existing.toASN1Primitive().equals(attr)) { throw new IOException( "attempt to add existing attribute with different value"); @@ -927,8 +928,8 @@ public class JDKPKCS12KeyStore } else if (b.getBagId().equals(keyBag)) { - org.bouncycastle.asn1.pkcs.PrivateKeyInfo pIn = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = JDKKeyFactory.createPrivateKeyFromPrivateKeyInfo(pIn); + org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); + PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); // // set the attributes on the key @@ -941,19 +942,19 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - DERObject attr = null; + ASN1Primitive attr = null; if (attrSet.size() > 0) { - attr = (DERObject)attrSet.getObjectAt(0); + attr = (ASN1Primitive)attrSet.getObjectAt(0); - DEREncodable existing = bagAttr.getBagAttribute(aOid); + ASN1Encodable existing = bagAttr.getBagAttribute(aOid); if (existing != null) { // OK, but the value has to be the same - if (!existing.getDERObject().equals(attr)) + if (!existing.toASN1Primitive().equals(attr)) { throw new IOException( "attempt to add existing attribute with different value"); @@ -1009,7 +1010,7 @@ public class JDKPKCS12KeyStore for (int i = 0; i != chain.size(); i++) { SafeBag b = (SafeBag)chain.elementAt(i); - CertBag cb = new CertBag((ASN1Sequence)b.getBagValue()); + CertBag cb = CertBag.getInstance(b.getBagValue()); if (!cb.getCertId().equals(x509Certificate)) { @@ -1041,19 +1042,19 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier oid = (DERObjectIdentifier)sq.getObjectAt(0); - DERObject attr = (DERObject)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); PKCS12BagAttributeCarrier bagAttr = null; if (cert instanceof PKCS12BagAttributeCarrier) { bagAttr = (PKCS12BagAttributeCarrier)cert; - DEREncodable existing = bagAttr.getBagAttribute(oid); + ASN1Encodable existing = bagAttr.getBagAttribute(oid); if (existing != null) { // OK, but the value has to be the same - if (!existing.getDERObject().equals(attr)) + if (!existing.toASN1Primitive().equals(attr)) { throw new IOException( "attempt to add existing attribute with different value"); @@ -1174,7 +1175,7 @@ public class JDKPKCS12KeyStore PrivateKey privKey = (PrivateKey)keys.get(name); PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); - AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.getDERObject()); + AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); boolean attrSet = false; ASN1EncodableVector kName = new ASN1EncodableVector(); @@ -1205,7 +1206,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); ASN1EncodableVector kSeq = new ASN1EncodableVector(); kSeq.add(oid); @@ -1238,11 +1239,11 @@ public class JDKPKCS12KeyStore kName.add(new DERSequence(kSeq)); } - SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.getDERObject(), new DERSet(kName)); + SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); keyS.add(kBag); } - byte[] keySEncoded = new DERSequence(keyS).getDEREncoded(); + byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); BERConstructedOctetString keyString = new BERConstructedOctetString(keySEncoded); // @@ -1254,7 +1255,7 @@ public class JDKPKCS12KeyStore ASN1EncodableVector certSeq = new ASN1EncodableVector(); PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); - AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.getDERObject()); + AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); Hashtable doneCerts = new Hashtable(); Enumeration cs = keys.keys(); @@ -1294,7 +1295,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(oid); @@ -1321,7 +1322,7 @@ public class JDKPKCS12KeyStore fName.add(new DERSequence(fSeq)); } - SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); + SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); certSeq.add(sBag); @@ -1368,7 +1369,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. @@ -1399,7 +1400,7 @@ public class JDKPKCS12KeyStore fName.add(new DERSequence(fSeq)); } - SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); + SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); certSeq.add(sBag); @@ -1436,7 +1437,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. @@ -1455,7 +1456,7 @@ public class JDKPKCS12KeyStore } } - SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); + SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); certSeq.add(sBag); } @@ -1465,14 +1466,14 @@ public class JDKPKCS12KeyStore } } - byte[] certSeqEncoded = new DERSequence(certSeq).getDEREncoded(); + byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); EncryptedData cInfo = new EncryptedData(data, cAlgId, new BERConstructedOctetString(certBytes)); ContentInfo[] info = new ContentInfo[] { new ContentInfo(data, keyString), - new ContentInfo(encryptedData, cInfo.getDERObject()) + new ContentInfo(encryptedData, cInfo.toASN1Primitive()) }; AuthenticatedSafe auth = new AuthenticatedSafe(info); @@ -1540,7 +1541,7 @@ public class JDKPKCS12KeyStore } private static byte[] calculatePbeMac( - DERObjectIdentifier oid, + ASN1ObjectIdentifier oid, byte[] salt, int itCount, char[] password, @@ -1551,7 +1552,7 @@ public class JDKPKCS12KeyStore SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); PBEKeySpec pbeSpec = new PBEKeySpec(password); - JCEPBEKey key = (JCEPBEKey) keyFact.generateSecret(pbeSpec); + BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPkcs12Zero); Mac mac = Mac.getInstance(oid.getId(), bcProvider); @@ -1565,7 +1566,7 @@ public class JDKPKCS12KeyStore { public BCPKCS12KeyStore() { - super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC); + super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); } } @@ -1584,7 +1585,7 @@ public class JDKPKCS12KeyStore // { // public DefPKCS12KeyStore() // { - // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC); + // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); // } // } // @@ -1605,7 +1606,9 @@ public class JDKPKCS12KeyStore public void put(String key, Object value) { + // BEGIN android-changed String lower = (key == null) ? null : Strings.toLowerCase(key); + // END android-changed String k = (String)keys.get(lower); if (k != null) { diff --git a/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java b/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java index 6f33cfe..04718ef 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java +++ b/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java @@ -1,13 +1,13 @@ package org.bouncycastle.jce.provider; +import java.io.IOException; +import java.io.InputStream; + import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.util.encoders.Base64; -import java.io.IOException; -import java.io.InputStream; - public class PEMUtil { private final String _header1; @@ -80,7 +80,7 @@ public class PEMUtil if (pemBuf.length() != 0) { - DERObject o = new ASN1InputStream(Base64.decode(pemBuf.toString())).readObject(); + ASN1Primitive o = new ASN1InputStream(Base64.decode(pemBuf.toString())).readObject(); if (!(o instanceof ASN1Sequence)) { throw new IOException("malformed PEM data encountered"); diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 6f59ffc..af764f3 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -16,7 +16,6 @@ import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.Arrays; import java.util.HashSet; import java.util.Iterator; import java.util.List; @@ -24,7 +23,7 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; -import org.bouncycastle.asn1.DEREncodable; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.jce.exception.ExtCertPathValidatorException; @@ -242,7 +241,7 @@ public class PKIXCertPathValidatorSpi "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1); } DERObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - DEREncodable workingPublicKeyParameters = workingAlgId.getParameters(); + ASN1Encodable workingPublicKeyParameters = workingAlgId.getParameters(); // // (k) diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java b/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java index 0af311f..ddf7462 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java +++ b/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java @@ -1,13 +1,5 @@ package org.bouncycastle.jce.provider; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralSubtree; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Strings; - import java.util.Collection; import java.util.Collections; import java.util.Enumeration; @@ -17,6 +9,14 @@ import java.util.Iterator; import java.util.Map; import java.util.Set; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralSubtree; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; + public class PKIXNameConstraintValidator { private Set excludedSubtreesDN = new HashSet(); @@ -136,7 +136,7 @@ public class PKIXNameConstraintValidator for (Iterator it = dns.iterator(); it.hasNext();) { ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it - .next()).getBase().getName().getDERObject()); + .next()).getBase().getName().toASN1Primitive()); if (permitted == null) { if (dn != null) @@ -1470,7 +1470,7 @@ public class PKIXNameConstraintValidator break; case 4: checkPermittedDN(ASN1Sequence.getInstance(name.getName() - .getDERObject())); + .toASN1Primitive())); break; case 6: checkPermittedURI(permittedSubtreesURI, DERIA5String.getInstance( @@ -1505,7 +1505,7 @@ public class PKIXNameConstraintValidator break; case 4: checkExcludedDN(ASN1Sequence.getInstance(name.getName() - .getDERObject())); + .toASN1Primitive())); break; case 6: checkExcludedURI(excludedSubtreesURI, DERIA5String.getInstance( @@ -1620,7 +1620,7 @@ public class PKIXNameConstraintValidator break; case 4: excludedSubtreesDN = unionDN(excludedSubtreesDN, - (ASN1Sequence)base.getName().getDERObject()); + (ASN1Sequence)base.getName().toASN1Primitive()); break; case 6: excludedSubtreesURI = unionURI(excludedSubtreesURI, diff --git a/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java b/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java deleted file mode 100644 index 6060ad4..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java +++ /dev/null @@ -1,101 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.Permission; - -import org.bouncycastle.jce.ProviderConfigurationPermission; -import org.bouncycastle.jce.interfaces.ConfigurableProvider; -import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jce.spec.ECParameterSpec; - -public class ProviderUtil -{ - private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory(); - - private static Permission BC_EC_LOCAL_PERMISSION = new ProviderConfigurationPermission( - BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA); - private static Permission BC_EC_PERMISSION = new ProviderConfigurationPermission( - BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.EC_IMPLICITLY_CA); - - private static ThreadLocal threadSpec = new ThreadLocal(); - private static volatile ECParameterSpec ecImplicitCaParams; - - static void setParameter(String parameterName, Object parameter) - { - SecurityManager securityManager = System.getSecurityManager(); - - if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA)) - { - ECParameterSpec curveSpec; - - if (securityManager != null) - { - securityManager.checkPermission(BC_EC_LOCAL_PERMISSION); - } - - if (parameter instanceof ECParameterSpec || parameter == null) - { - curveSpec = (ECParameterSpec)parameter; - } - else // assume java.security.spec - { - curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false); - } - - if (curveSpec == null) - { - threadSpec.remove(); - } - else - { - threadSpec.set(curveSpec); - } - } - else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA)) - { - if (securityManager != null) - { - securityManager.checkPermission(BC_EC_PERMISSION); - } - - if (parameter instanceof ECParameterSpec || parameter == null) - { - ecImplicitCaParams = (ECParameterSpec)parameter; - } - else // assume java.security.spec - { - ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false); - } - } - } - - public static ECParameterSpec getEcImplicitlyCa() - { - ECParameterSpec spec = (ECParameterSpec)threadSpec.get(); - - if (spec != null) - { - return spec; - } - - return ecImplicitCaParams; - } - - static int getReadLimit(InputStream in) - throws IOException - { - if (in instanceof ByteArrayInputStream) - { - return in.available(); - } - - if (MAX_MEMORY > Integer.MAX_VALUE) - { - return Integer.MAX_VALUE; - } - - return (int)MAX_MEMORY; - } -} diff --git a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java index ef3baaa..7357894 100644 --- a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java +++ b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java @@ -28,13 +28,13 @@ import java.util.Vector; import javax.security.auth.x500.X500Principal; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.BasicConstraints; @@ -136,7 +136,7 @@ public class RFC3280CertPathUtilities .getEncoded())).getObjects(); while (e.hasMoreElements()) { - vec.add((DEREncodable)e.nextElement()); + vec.add((ASN1Encodable)e.nextElement()); } } catch (IOException e) @@ -179,11 +179,11 @@ public class RFC3280CertPathUtilities } for (int j = 0; j < genNames.length; j++) { - Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects(); + Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().toASN1Primitive()).getObjects(); ASN1EncodableVector vec = new ASN1EncodableVector(); while (e.hasMoreElements()) { - vec.add((DEREncodable)e.nextElement()); + vec.add((ASN1Encodable)e.nextElement()); } vec.add(dpName.getName()); genNames[j] = new GeneralName(new X509Name(new DERSequence(vec))); @@ -285,7 +285,7 @@ public class RFC3280CertPathUtilities X509CRL crl) throws AnnotatedException { - DERObject idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT); + ASN1Primitive idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT); boolean isIndirect = false; if (idp != null) { @@ -306,7 +306,7 @@ public class RFC3280CertPathUtilities { try { - if (Arrays.areEqual(genNames[j].getName().getDERObject().getEncoded(), issuerBytes)) + if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) { matchIssuer = true; } @@ -359,8 +359,7 @@ public class RFC3280CertPathUtilities // (d) (1) if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null) { - return new ReasonsMask(dp.getReasons().intValue()).intersect(new ReasonsMask(idp.getOnlySomeReasons() - .intValue())); + return new ReasonsMask(dp.getReasons()).intersect(new ReasonsMask(idp.getOnlySomeReasons())); } // (d) (4) if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null) @@ -370,9 +369,9 @@ public class RFC3280CertPathUtilities // (d) (2) and (d)(3) return (dp.getReasons() == null ? ReasonsMask.allReasons - : new ReasonsMask(dp.getReasons().intValue())).intersect(idp == null + : new ReasonsMask(dp.getReasons())).intersect(idp == null ? ReasonsMask.allReasons - : new ReasonsMask(idp.getOnlySomeReasons().intValue())); + : new ReasonsMask(idp.getOnlySomeReasons())); } @@ -787,7 +786,7 @@ public class RFC3280CertPathUtilities } // (c) (3) - DERObject completeKeyIdentifier = null; + ASN1Primitive completeKeyIdentifier = null; try { completeKeyIdentifier = CertPathValidatorUtilities.getExtensionValue( @@ -799,7 +798,7 @@ public class RFC3280CertPathUtilities "Authority key identifier extension could not be extracted from complete CRL.", e); } - DERObject deltaKeyIdentifier = null; + ASN1Primitive deltaKeyIdentifier = null; try { deltaKeyIdentifier = CertPathValidatorUtilities.getExtensionValue( @@ -1656,7 +1655,7 @@ public class RFC3280CertPathUtilities RFC3280CertPathUtilities.NAME_CONSTRAINTS)); if (ncSeq != null) { - nc = new NameConstraints(ncSeq); + nc = NameConstraints.getInstance(ncSeq); } } catch (Exception e) @@ -1975,7 +1974,7 @@ public class RFC3280CertPathUtilities * omitted and a distribution point name of the certificate * issuer. */ - DERObject issuer = null; + ASN1Primitive issuer = null; try { issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()) diff --git a/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java b/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java index aeb4892..04f5a06 100644 --- a/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java +++ b/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java @@ -15,7 +15,12 @@ class ReasonsMask * * @param reasons The reasons. */ - ReasonsMask(int reasons) + ReasonsMask(ReasonFlags reasons) + { + _reasons = reasons.intValue(); + } + + private ReasonsMask(int reasons) { _reasons = reasons; } diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java index 1a073e0..da7ee11 100644 --- a/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java +++ b/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java @@ -11,18 +11,19 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.TBSCertList; import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.x509.extension.X509ExtensionUtil; /** @@ -35,17 +36,14 @@ public class X509CRLEntryObject extends X509CRLEntry { private TBSCertList.CRLEntry c; - private boolean isIndirect; - - private X500Principal previousCertificateIssuer; - private X500Principal certificateIssuer; + private X500Name certificateIssuer; private int hashValue; private boolean isHashValueSet; public X509CRLEntryObject(TBSCertList.CRLEntry c) { this.c = c; - this.certificateIssuer = loadCertificateIssuer(); + this.certificateIssuer = null; } /** @@ -68,17 +66,15 @@ public class X509CRLEntryObject extends X509CRLEntry public X509CRLEntryObject( TBSCertList.CRLEntry c, boolean isIndirect, - X500Principal previousCertificateIssuer) + X500Name previousCertificateIssuer) { this.c = c; - this.isIndirect = isIndirect; - this.previousCertificateIssuer = previousCertificateIssuer; - this.certificateIssuer = loadCertificateIssuer(); + this.certificateIssuer = loadCertificateIssuer(isIndirect, previousCertificateIssuer); } /** * Will return true if any extensions are present and marked as critical as - * we currently dont handle any extensions! + * we currently don't handle any extensions! */ public boolean hasUnsupportedCriticalExtension() { @@ -87,14 +83,14 @@ public class X509CRLEntryObject extends X509CRLEntry return extns != null && !extns.isEmpty(); } - private X500Principal loadCertificateIssuer() + private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) { if (!isIndirect) { return null; } - byte[] ext = getExtensionValue(X509Extensions.CertificateIssuer.getId()); + byte[] ext = getExtensionValue(X509Extension.certificateIssuer.getId()); if (ext == null) { return previousCertificateIssuer; @@ -108,7 +104,7 @@ public class X509CRLEntryObject extends X509CRLEntry { if (names[i].getTagNo() == GeneralName.directoryName) { - return new X500Principal(names[i].getName().getDERObject().getDEREncoded()); + return X500Name.getInstance(names[i].getName()); } } return null; @@ -121,12 +117,23 @@ public class X509CRLEntryObject extends X509CRLEntry public X500Principal getCertificateIssuer() { - return certificateIssuer; + if (certificateIssuer == null) + { + return null; + } + try + { + return new X500Principal(certificateIssuer.getEncoded()); + } + catch (IOException e) + { + return null; + } } private Set getExtensionOIDs(boolean critical) { - X509Extensions extensions = c.getExtensions(); + Extensions extensions = c.getExtensions(); if (extensions != null) { @@ -135,8 +142,8 @@ public class X509CRLEntryObject extends X509CRLEntry while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); - X509Extension ext = extensions.getExtension(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { @@ -162,17 +169,17 @@ public class X509CRLEntryObject extends X509CRLEntry public byte[] getExtensionValue(String oid) { - X509Extensions exts = c.getExtensions(); + Extensions exts = c.getExtensions(); if (exts != null) { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { - return ext.getValue().getEncoded(); + return ext.getExtnValue().getEncoded(); } catch (Exception e) { @@ -204,7 +211,7 @@ public class X509CRLEntryObject extends X509CRLEntry { try { - return c.getEncoded(ASN1Encodable.DER); + return c.getEncoded(ASN1Encoding.DER); } catch (IOException e) { @@ -236,7 +243,7 @@ public class X509CRLEntryObject extends X509CRLEntry buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); - X509Extensions extensions = c.getExtensions(); + Extensions extensions = c.getExtensions(); if (extensions != null) { @@ -247,22 +254,22 @@ public class X509CRLEntryObject extends X509CRLEntry while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - if (ext.getValue() != null) + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + if (ext.getExtnValue() != null) { - byte[] octs = ext.getValue().getOctets(); + byte[] octs = ext.getExtnValue().getOctets(); ASN1InputStream dIn = new ASN1InputStream(octs); buf.append(" critical(").append(ext.isCritical()).append(") "); try { - if (oid.equals(X509Extensions.ReasonCode)) + if (oid.equals(X509Extension.reasonCode)) { - buf.append(new CRLReason(DEREnumerated.getInstance(dIn.readObject()))).append(nl); + buf.append(CRLReason.getInstance(DEREnumerated.getInstance(dIn.readObject()))).append(nl); } - else if (oid.equals(X509Extensions.CertificateIssuer)) + else if (oid.equals(X509Extension.certificateIssuer)) { - buf.append("Certificate issuer: ").append(new GeneralNames((ASN1Sequence)dIn.readObject())).append(nl); + buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl); } else { diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java index 956c58b..4c87114 100644 --- a/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java +++ b/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java @@ -1,6 +1,5 @@ package org.bouncycastle.jce.provider; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -12,6 +11,7 @@ import java.security.Signature; import java.security.SignatureException; import java.security.cert.CRLException; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509CRL; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; @@ -25,19 +25,20 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.CRLDistPoint; import org.bouncycastle.asn1.x509.CRLNumber; import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.IssuingDistributionPoint; import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.x509.extension.X509ExtensionUtil; @@ -59,6 +60,22 @@ public class X509CRLObject private byte[] sigAlgParams; private boolean isIndirect; + static boolean isIndirectCRL(X509CRL crl) + throws CRLException + { + try + { + byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); + return idp != null + && IssuingDistributionPoint.getInstance(X509ExtensionUtil.fromExtensionValue(idp)).isIndirectCRL(); + } + catch (Exception e) + { + throw new ExtCRLException( + "Exception reading IssuingDistributionPoint", e); + } + } + public X509CRLObject( CertificateList c) throws CRLException @@ -71,14 +88,14 @@ public class X509CRLObject if (c.getSignatureAlgorithm().getParameters() != null) { - this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).getDEREncoded(); + this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); } else { this.sigAlgParams = null; } - this.isIndirect = isIndirectCRL(); + this.isIndirect = isIndirectCRL(this); } catch (Exception e) { @@ -109,7 +126,7 @@ public class X509CRLObject { if (this.getVersion() == 2) { - X509Extensions extensions = c.getTBSCertList().getExtensions(); + Extensions extensions = c.getTBSCertList().getExtensions(); if (extensions != null) { @@ -118,8 +135,8 @@ public class X509CRLObject while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { @@ -146,17 +163,17 @@ public class X509CRLObject public byte[] getExtensionValue(String oid) { - X509Extensions exts = c.getTBSCertList().getExtensions(); + Extensions exts = c.getTBSCertList().getExtensions(); if (exts != null) { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { - return ext.getValue().getEncoded(); + return ext.getExtnValue().getEncoded(); } catch (Exception e) { @@ -173,7 +190,7 @@ public class X509CRLObject { try { - return c.getEncoded(ASN1Encodable.DER); + return c.getEncoded(ASN1Encoding.DER); } catch (IOException e) { @@ -197,10 +214,20 @@ public class X509CRLObject throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } - Signature sig = Signature.getInstance(getSigAlgName(), sigProvider); + Signature sig; + + if (sigProvider != null) + { + sig = Signature.getInstance(getSigAlgName(), sigProvider); + } + else + { + sig = Signature.getInstance(getSigAlgName()); + } sig.initVerify(key); sig.update(this.getTBSCertList()); + if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); @@ -209,24 +236,19 @@ public class X509CRLObject public int getVersion() { - return c.getVersion(); + return c.getVersionNumber(); } public Principal getIssuerDN() { - return new X509Principal(c.getIssuer()); + return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); } public X500Principal getIssuerX500Principal() { try { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getIssuer()); - - return new X500Principal(bOut.toByteArray()); + return new X500Principal(c.getIssuer().getEncoded()); } catch (IOException e) { @@ -254,13 +276,21 @@ public class X509CRLObject Set entrySet = new HashSet(); Enumeration certs = c.getRevokedCertificateEnumeration(); - X500Principal previousCertificateIssuer = getIssuerX500Principal(); + X500Name previousCertificateIssuer = null; // the issuer while (certs.hasMoreElements()) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); entrySet.add(crlEntry); - previousCertificateIssuer = crlEntry.getCertificateIssuer(); + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } } return entrySet; @@ -270,18 +300,25 @@ public class X509CRLObject { Enumeration certs = c.getRevokedCertificateEnumeration(); - X500Principal previousCertificateIssuer = getIssuerX500Principal(); + X500Name previousCertificateIssuer = null; // the issuer while (certs.hasMoreElements()) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); - X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); if (serialNumber.equals(entry.getUserCertificate().getValue())) { - return crlEntry; + return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); } - previousCertificateIssuer = crlEntry.getCertificateIssuer(); + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } } return null; @@ -324,7 +361,7 @@ public class X509CRLObject public String getSigAlgOID() { - return c.getSignatureAlgorithm().getObjectId().getId(); + return c.getSignatureAlgorithm().getAlgorithm().getId(); } public byte[] getSigAlgParams() @@ -380,7 +417,7 @@ public class X509CRLObject } } - X509Extensions extensions = c.getTBSCertList().getExtensions(); + Extensions extensions = c.getTBSCertList().getExtensions(); if (extensions != null) { @@ -393,25 +430,25 @@ public class X509CRLObject while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); - X509Extension ext = extensions.getExtension(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); - if (ext.getValue() != null) + if (ext.getExtnValue() != null) { - byte[] octs = ext.getValue().getOctets(); + byte[] octs = ext.getExtnValue().getOctets(); ASN1InputStream dIn = new ASN1InputStream(octs); buf.append(" critical(").append( ext.isCritical()).append(") "); try { - if (oid.equals(X509Extensions.CRLNumber)) + if (oid.equals(Extension.cRLNumber)) { buf.append( new CRLNumber(DERInteger.getInstance( dIn.readObject()).getPositiveValue())) .append(nl); } - else if (oid.equals(X509Extensions.DeltaCRLIndicator)) + else if (oid.equals(Extension.deltaCRLIndicator)) { buf.append( "Base CRL: " @@ -420,24 +457,21 @@ public class X509CRLObject .append(nl); } else if (oid - .equals(X509Extensions.IssuingDistributionPoint)) + .equals(Extension.issuingDistributionPoint)) { buf.append( - new IssuingDistributionPoint((ASN1Sequence) dIn - .readObject())).append(nl); + IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); } else if (oid - .equals(X509Extensions.CRLDistributionPoints)) + .equals(Extension.cRLDistributionPoints)) { buf.append( - new CRLDistPoint((ASN1Sequence) dIn - .readObject())).append(nl); + CRLDistPoint.getInstance(dIn.readObject())).append(nl); } - else if (oid.equals(X509Extensions.FreshestCRL)) + else if (oid.equals(Extension.freshestCRL)) { buf.append( - new CRLDistPoint((ASN1Sequence) dIn - .readObject())).append(nl); + CRLDistPoint.getInstance(dIn.readObject())).append(nl); } else { @@ -488,14 +522,49 @@ public class X509CRLObject TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + X500Name caName = c.getIssuer(); + if (certs != null) { BigInteger serial = ((X509Certificate)cert).getSerialNumber(); for (int i = 0; i < certs.length; i++) { + if (isIndirect && certs[i].hasExtensions()) + { + Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + if (certs[i].getUserCertificate().getValue().equals(serial)) { + X500Name issuer; + + if (cert instanceof X509Certificate) + { + issuer = X500Name.getInstance(((X509Certificate)cert).getIssuerX500Principal().getEncoded()); + } + else + { + try + { + issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); + } + catch (CertificateEncodingException e) + { + throw new RuntimeException("Cannot process certificate"); + } + } + + if (!caName.equals(issuer)) + { + return false; + } + return true; } } @@ -503,28 +572,5 @@ public class X509CRLObject return false; } - - private boolean isIndirectCRL() - throws CRLException - { - byte[] idp = getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); - boolean isIndirect = false; - try - { - if (idp != null) - { - isIndirect = IssuingDistributionPoint.getInstance( - X509ExtensionUtil.fromExtensionValue(idp)) - .isIndirectCRL(); - } - } - catch (Exception e) - { - throw new ExtCRLException( - "Exception reading IssuingDistributionPoint", e); - } - - return isIndirect; - } } diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java index d52386a..e529836 100644 --- a/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java +++ b/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java @@ -30,12 +30,13 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; @@ -44,12 +45,14 @@ import org.bouncycastle.asn1.misc.NetscapeCertType; import org.bouncycastle.asn1.misc.NetscapeRevocationURL; import org.bouncycastle.asn1.misc.VerisignCzagExtension; import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.X509CertificateStructure; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; import org.bouncycastle.util.Arrays; @@ -79,7 +82,7 @@ public class X509CertificateObject if (bytes != null) { - basicConstraints = BasicConstraints.getInstance(ASN1Object.fromByteArray(bytes)); + basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(bytes)); } } catch (Exception e) @@ -92,7 +95,7 @@ public class X509CertificateObject byte[] bytes = this.getExtensionBytes("2.5.29.15"); if (bytes != null) { - DERBitString bits = DERBitString.getInstance(ASN1Object.fromByteArray(bytes)); + DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); bytes = bits.getBytes(); int length = (bytes.length * 8) - bits.getPadBits(); @@ -148,7 +151,14 @@ public class X509CertificateObject public Principal getIssuerDN() { - return new X509Principal(c.getIssuer()); + try + { + return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); + } + catch (IOException e) + { + return null; + } } public X500Principal getIssuerX500Principal() @@ -170,7 +180,7 @@ public class X509CertificateObject public Principal getSubjectDN() { - return new X509Principal(c.getSubject()); + return new X509Principal(X500Name.getInstance(c.getSubject().toASN1Primitive())); } public X500Principal getSubjectX500Principal() @@ -205,7 +215,7 @@ public class X509CertificateObject { try { - return c.getTBSCertificate().getEncoded(ASN1Encodable.DER); + return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); } catch (IOException e) { @@ -268,7 +278,14 @@ public class X509CertificateObject { if (c.getSignatureAlgorithm().getParameters() != null) { - return c.getSignatureAlgorithm().getParameters().getDERObject().getDEREncoded(); + try + { + return c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } } else { @@ -517,7 +534,14 @@ public class X509CertificateObject public PublicKey getPublicKey() { - return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo()); + try + { + return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); + } + catch (IOException e) + { + return null; // should never happen... + } } // BEGIN android-changed @@ -530,7 +554,7 @@ public class X509CertificateObject { // BEGIN android-changed if (encoded == null) { - encoded = c.getEncoded(ASN1Encodable.DER); + encoded = c.getEncoded(ASN1Encoding.DER); } return encoded; // END android-changed @@ -599,13 +623,13 @@ public class X509CertificateObject } public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) { attrCarrier.setBagAttribute(oid, attribute); } - public DEREncodable getBagAttribute( + public ASN1Encodable getBagAttribute( DERObjectIdentifier oid) { return attrCarrier.getBagAttribute(oid); @@ -668,11 +692,11 @@ public class X509CertificateObject buf.append(" critical(").append(ext.isCritical()).append(") "); try { - if (oid.equals(X509Extensions.BasicConstraints)) + if (oid.equals(X509Extension.basicConstraints)) { - buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject())).append(nl); + buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); } - else if (oid.equals(X509Extensions.KeyUsage)) + else if (oid.equals(X509Extension.keyUsage)) { buf.append(new KeyUsage((DERBitString)dIn.readObject())).append(nl); } @@ -719,7 +743,7 @@ public class X509CertificateObject { Signature signature; String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - + try { signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); @@ -755,7 +779,7 @@ public class X509CertificateObject throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } - DEREncodable params = c.getSignatureAlgorithm().getParameters(); + ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); @@ -766,7 +790,7 @@ public class X509CertificateObject if (!signature.verify(this.getSignature())) { - throw new InvalidKeyException("Public key presented not for certificate signature"); + throw new SignatureException("certificate does not verify with supplied key"); } } diff --git a/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java index f55383e..71a4583 100644 --- a/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java +++ b/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java @@ -1,8 +1,17 @@ package org.bouncycastle.jce.provider; +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.PSSParameterSpec; + +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Null; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; @@ -14,15 +23,6 @@ import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.PSSParameterSpec; - class X509SignatureUtil { // BEGIN android-changed @@ -31,7 +31,7 @@ class X509SignatureUtil static void setSignatureParameters( Signature signature, - DEREncodable params) + ASN1Encodable params) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (params != null && !derNull.equals(params)) @@ -40,7 +40,7 @@ class X509SignatureUtil try { - sigParams.init(params.getDERObject().getDEREncoded()); + sigParams.init(params.toASN1Primitive().getEncoded()); } catch (IOException e) { @@ -64,7 +64,7 @@ class X509SignatureUtil static String getSignatureName( AlgorithmIdentifier sigAlgId) { - DEREncodable params = sigAlgId.getParameters(); + ASN1Encodable params = sigAlgId.getParameters(); if (params != null && !derNull.equals(params)) { diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java deleted file mode 100644 index 5d873f9..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java +++ /dev/null @@ -1,117 +0,0 @@ -package org.bouncycastle.jce.provider.asymmetric; - -import java.util.HashMap; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; -// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -// END android-removed -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -public class EC -{ - public static class Mappings - extends HashMap - { - public Mappings() - { - put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH"); - // BEGIN android-removed - // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC"); - // put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV"); - // put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF"); - // put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF"); - // END android-removed - - put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC"); - // BEGIN android-removed - // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA"); - // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH"); - // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC"); - // put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV"); - // END android-removed - put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC"); - // TODO Should this be an alias for ECDH? - put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); - // BEGIN android-removed - // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV"); - // - // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410"); - // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); - // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); - // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); - // END android-removed - - put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC"); - // BEGIN android-removed - // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA"); - // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH"); - // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC"); - // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH"); - // put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV"); - // END android-removed - // TODO Should this be an alias for ECDH? - put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); - // BEGIN android-removed - // put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV"); - // - // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410"); - // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); - // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); - // END android-removed - - put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA"); - put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone"); - - put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); - put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); - put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA"); - put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA"); - put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); - put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); - put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); - // BEGIN android-removed - // put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); - // - // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); - // END android-removed - addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); - addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); - addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); - // BEGIN android-removed - // addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); - // - // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR"); - // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224"); - // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256"); - // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384"); - // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512"); - // - // addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); - // addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); - // addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); - // END android-removed - } - - private void addSignatureAlgorithm( - String digest, - String algorithm, - String className, - DERObjectIdentifier oid) - { - String mainName = digest + "WITH" + algorithm; - String jdk11Variation1 = digest + "with" + algorithm; - String jdk11Variation2 = digest + "With" + algorithm; - String alias = digest + "/" + algorithm; - - put("Signature." + mainName, className); - put("Alg.Alias.Signature." + jdk11Variation1, mainName); - put("Alg.Alias.Signature." + jdk11Variation2, mainName); - put("Alg.Alias.Signature." + alias, mainName); - put("Alg.Alias.Signature." + oid, mainName); - put("Alg.Alias.Signature.OID." + oid, mainName); - } - } -} diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java deleted file mode 100644 index 630d2c7..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java +++ /dev/null @@ -1,208 +0,0 @@ -package org.bouncycastle.jce.provider.asymmetric.ec; - -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.jce.provider.JCEECPrivateKey; -import org.bouncycastle.jce.provider.JCEECPublicKey; -import org.bouncycastle.jce.provider.JDKKeyFactory; -import org.bouncycastle.jce.provider.ProviderUtil; -import org.bouncycastle.jce.spec.ECPrivateKeySpec; -import org.bouncycastle.jce.spec.ECPublicKeySpec; -import org.bouncycastle.jce.spec.ECParameterSpec; - -public class KeyFactory - extends JDKKeyFactory -{ - String algorithm; - - KeyFactory( - String algorithm) - { - this.algorithm = algorithm; - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof ECPublicKey) - { - return new JCEECPublicKey((ECPublicKey)key); - } - else if (key instanceof ECPrivateKey) - { - return new JCEECPrivateKey((ECPrivateKey)key); - } - - throw new InvalidKeyException("key type unknown"); - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = ProviderUtil.getEcImplicitlyCa(); - - return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = ProviderUtil.getEcImplicitlyCa(); - - return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - - throw new RuntimeException("not implemented yet " + key + " " + spec); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - JCEECPrivateKey key = (JCEECPrivateKey)JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - - return new JCEECPrivateKey(algorithm, key); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof ECPrivateKeySpec) - { - return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec); - } - else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) - { - return new JCEECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - JCEECPublicKey key = (JCEECPublicKey)JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - - return new JCEECPublicKey(algorithm, key); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof ECPublicKeySpec) - { - return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec); - } - else if (keySpec instanceof java.security.spec.ECPublicKeySpec) - { - return new JCEECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - public static class EC - extends KeyFactory - { - public EC() - { - super("EC"); - } - } - - public static class ECDSA - extends KeyFactory - { - public ECDSA() - { - super("ECDSA"); - } - } - - public static class ECGOST3410 - extends KeyFactory - { - public ECGOST3410() - { - super("ECGOST3410"); - } - } - - public static class ECDH - extends KeyFactory - { - public ECDH() - { - super("ECDH"); - } - } - - public static class ECDHC - extends KeyFactory - { - public ECDHC() - { - super("ECDHC"); - } - } - - public static class ECMQV - extends KeyFactory - { - public ECMQV() - { - super("ECMQV"); - } - } -}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java deleted file mode 100644 index 6076ee5..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java +++ /dev/null @@ -1,278 +0,0 @@ -package org.bouncycastle.jce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.util.HashMap; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.engines.AESWrapEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -// import org.bouncycastle.crypto.macs.CMac; -// END android-removed -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.provider.JCEBlockCipher; -import org.bouncycastle.jce.provider.JCEKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; -import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator; -import org.bouncycastle.jce.provider.JDKAlgorithmParameters; -import org.bouncycastle.jce.provider.WrapCipherSpi; - -public final class AES -{ - private AES() - { - } - - public static class ECB - extends JCEBlockCipher - { - public ECB() - { - super(new AESFastEngine()); - } - } - - // BEGIN android-removed - // public static class CBC - // extends JCEBlockCipher - // { - // public CBC() - // { - // super(new CBCBlockCipher(new AESFastEngine()), 128); - // } - // } - // - // static public class CFB - // extends JCEBlockCipher - // { - // public CFB() - // { - // super(new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 128)), 128); - // } - // } - // - // static public class OFB - // extends JCEBlockCipher - // { - // public OFB() - // { - // super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128); - // } - // } - // - // public static class AESCMAC - // extends JCEMac - // { - // public AESCMAC() - // { - // super(new CMac(new AESFastEngine())); - // } - // } - // END android-removed - - static public class Wrap - extends WrapCipherSpi - { - public Wrap() - { - super(new AESWrapEngine()); - } - } - - // BEGIN android-removed - // public static class RFC3211Wrap - // extends WrapCipherSpi - // { - // public RFC3211Wrap() - // { - // super(new RFC3211WrapEngine(new AESFastEngine()), 16); - // } - // } - // END android-removed - - public static class KeyGen - extends JCEKeyGenerator - { - public KeyGen() - { - this(192); - } - - public KeyGen(int keySize) - { - super("AES", keySize, new CipherKeyGenerator()); - } - } - - // BEGIN android-removed - // public static class KeyGen128 - // extends KeyGen - // { - // public KeyGen128() - // { - // super(128); - // } - // } - // - // public static class KeyGen192 - // extends KeyGen - // { - // public KeyGen192() - // { - // super(192); - // } - // } - // - // public static class KeyGen256 - // extends KeyGen - // { - // public KeyGen256() - // { - // super(256); - // } - // } - // - // public static class AlgParamGen - // extends JDKAlgorithmParameterGenerator - // { - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // byte[] iv = new byte[16]; - // - // if (random == null) - // { - // random = new SecureRandom(); - // } - // - // random.nextBytes(iv); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new IvParameterSpec(iv)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } - // END android-removed - - public static class AlgParams - extends JDKAlgorithmParameters.IVAlgorithmParameters - { - protected String engineToString() - { - return "AES IV"; - } - } - - public static class Mappings - extends HashMap - { - /** - * These three got introduced in some messages as a result of a typo in an - * early document. We don't produce anything using these OID values, but we'll - * read them. - */ - private static final String wrongAES128 = "2.16.840.1.101.3.4.2"; - private static final String wrongAES192 = "2.16.840.1.101.3.4.22"; - private static final String wrongAES256 = "2.16.840.1.101.3.4.42"; - - public Mappings() - { - put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParams"); - put("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES"); - put("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES"); - put("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES"); - put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); - put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - - // BEGIN android-removed - // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen"); - // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); - // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); - // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); - // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); - // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - // END android-removed - - put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB"); - put("Alg.Alias.Cipher." + wrongAES128, "AES"); - put("Alg.Alias.Cipher." + wrongAES192, "AES"); - put("Alg.Alias.Cipher." + wrongAES256, "AES"); - // BEGIN android-removed - // put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); - // put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); - // put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC"); - // put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); - // put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB"); - // END android-removed - put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); - // BEGIN android-removed - // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap"); - // END android-removed - - put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen"); - // BEGIN android-removed - // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); - // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); - // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); - // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192"); - // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256"); - // - // put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC"); - // END android-removed - } - } -} diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java deleted file mode 100644 index 1206f6c..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.jce.provider.symmetric; - -import java.util.HashMap; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.RC4Engine; -import org.bouncycastle.jce.provider.JCEKeyGenerator; -import org.bouncycastle.jce.provider.JCEStreamCipher; - -public final class ARC4 -{ - private ARC4() - { - } - - public static class Base - extends JCEStreamCipher - { - public Base() - { - super(new RC4Engine(), 0); - } - } - - public static class KeyGen - extends JCEKeyGenerator - { - public KeyGen() - { - // BEGIN android-changed - super("ARC4", 128, new CipherKeyGenerator()); - // END android-changed - } - } - - public static class Mappings - extends HashMap - { - public Mappings() - { - put("Cipher.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$Base"); - put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); - put("Alg.Alias.Cipher.ARCFOUR", "ARC4"); - put("Alg.Alias.Cipher.RC4", "ARC4"); - put("KeyGenerator.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$KeyGen"); - put("Alg.Alias.KeyGenerator.RC4", "ARC4"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); - } - } -} diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java deleted file mode 100644 index b1a8b72..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.jce.provider.symmetric; - -import java.util.HashMap; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.BlowfishEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jce.provider.JCEBlockCipher; -import org.bouncycastle.jce.provider.JCEKeyGenerator; -import org.bouncycastle.jce.provider.JDKAlgorithmParameters; - -public final class Blowfish -{ - private Blowfish() - { - } - - public static class ECB - extends JCEBlockCipher - { - public ECB() - { - super(new BlowfishEngine()); - } - } - - public static class CBC - extends JCEBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new BlowfishEngine()), 64); - } - } - - public static class KeyGen - extends JCEKeyGenerator - { - public KeyGen() - { - super("Blowfish", 128, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends JDKAlgorithmParameters.IVAlgorithmParameters - { - protected String engineToString() - { - return "Blowfish IV"; - } - } - - public static class Mappings - extends HashMap - { - public Mappings() - { - put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB"); - // BEGIN android-removed - // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC"); - // END android-removed - put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen"); - put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); - put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams"); - put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); - } - } -} diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java deleted file mode 100644 index ec35f61..0000000 --- a/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java +++ /dev/null @@ -1,313 +0,0 @@ -package org.bouncycastle.jce.provider.symmetric; - -import java.security.SecureRandom; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.util.HashMap; - -import javax.crypto.SecretKey; -import javax.crypto.spec.DESedeKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.DESedeWrapEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -// END android-removed -import org.bouncycastle.crypto.generators.DESedeKeyGenerator; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// import org.bouncycastle.crypto.macs.CMac; -// END android-removed -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.jce.provider.JCEBlockCipher; -import org.bouncycastle.jce.provider.JCEKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; -import org.bouncycastle.jce.provider.JCESecretKeyFactory; -import org.bouncycastle.jce.provider.WrapCipherSpi; - -public final class DESede -{ - private DESede() - { - } - - static public class ECB - extends JCEBlockCipher - { - public ECB() - { - super(new DESedeEngine()); - } - } - - static public class CBC - extends JCEBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new DESedeEngine()), 64); - } - } - - // BEGIN android-removed - // /** - // * DESede CFB8 - // */ - // public static class DESedeCFB8 - // extends JCEMac - // { - // public DESedeCFB8() - // { - // super(new CFBBlockCipherMac(new DESedeEngine())); - // } - // } - // END android-removed - - /** - * DESede64 - */ - public static class DESede64 - extends JCEMac - { - public DESede64() - { - super(new CBCBlockCipherMac(new DESedeEngine(), 64)); - } - } - - /** - * DESede64with7816-4Padding - */ - public static class DESede64with7816d4 - extends JCEMac - { - public DESede64with7816d4() - { - super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding())); - } - } - - public static class CBCMAC - extends JCEMac - { - public CBCMAC() - { - super(new CBCBlockCipherMac(new DESedeEngine())); - } - } - - // BEGIN android-removed - // static public class CMAC - // extends JCEMac - // { - // public CMAC() - // { - // super(new CMac(new DESedeEngine())); - // } - // } - // END android-removed - - public static class Wrap - extends WrapCipherSpi - { - public Wrap() - { - super(new DESedeWrapEngine()); - } - } - - // BEGIN android-removed - // public static class RFC3211 - // extends WrapCipherSpi - // { - // public RFC3211() - // { - // super(new RFC3211WrapEngine(new DESedeEngine()), 8); - // } - // } - // END android-removed - - /** - * DESede - the default for this is to generate a key in - * a-b-a format that's 24 bytes long but has 16 bytes of - * key material (the first 8 bytes is repeated as the last - * 8 bytes). If you give it a size, you'll get just what you - * asked for. - */ - public static class KeyGenerator - extends JCEKeyGenerator - { - private boolean keySizeSet = false; - - public KeyGenerator() - { - super("DESede", 192, new DESedeKeyGenerator()); - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - super.engineInit(keySize, random); - keySizeSet = true; - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); - uninitialised = false; - } - - // - // if no key size has been defined generate a 24 byte key in - // the a-b-a format - // - if (!keySizeSet) - { - byte[] k = engine.generateKey(); - - System.arraycopy(k, 0, k, 16, 8); - - return new SecretKeySpec(k, algName); - } - else - { - return new SecretKeySpec(engine.generateKey(), algName); - } - } - } - - /** - * generate a desEDE key in the a-b-c format. - */ - public static class KeyGenerator3 - extends JCEKeyGenerator - { - public KeyGenerator3() - { - super("DESede3", 192, new DESedeKeyGenerator()); - } - } - - static public class KeyFactory - extends JCESecretKeyFactory - { - public KeyFactory() - { - super("DESede", null); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - else if (DESedeKeySpec.class.isAssignableFrom(keySpec)) - { - byte[] bytes = key.getEncoded(); - - try - { - if (bytes.length == 16) - { - byte[] longKey = new byte[24]; - - System.arraycopy(bytes, 0, longKey, 0, 16); - System.arraycopy(bytes, 0, longKey, 16, 8); - - return new DESedeKeySpec(longKey); - } - else - { - return new DESedeKeySpec(bytes); - } - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESedeKeySpec) - { - DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DESede"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - public static class Mappings - extends HashMap - { - public Mappings() - { - put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB"); - // BEGIN android-removed - // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC"); - // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC"); - // END android-removed - put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap"); - // BEGIN android-changed - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); - // END android-changed - // BEGIN android-removed - // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211"); - // END android-removed - - put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator"); - // BEGIN android-removed - // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3"); - // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator"); - // END android-removed - - put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory"); - - // BEGIN android-removed - // put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC"); - // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC"); - // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); - // - // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8"); - // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); - // - // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64"); - // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); - // - // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4"); - // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - // END android-removed - } - } -} diff --git a/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.java new file mode 100644 index 0000000..a5dd319 --- /dev/null +++ b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.java @@ -0,0 +1,28 @@ +package org.bouncycastle.jce.spec; + +import java.security.spec.AlgorithmParameterSpec; + +/** + * Named curve generation spec + * <p> + * If you are using JDK 1.5 you should be looking at ECGenParameterSpec. + */ +public class ECNamedCurveGenParameterSpec + implements AlgorithmParameterSpec +{ + private String name; + + public ECNamedCurveGenParameterSpec( + String name) + { + this.name = name; + } + + /** + * return the name of the curve the EC domain parameters belong to. + */ + public String getName() + { + return name; + } +} diff --git a/src/main/java/org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java new file mode 100644 index 0000000..2a7ceb5 --- /dev/null +++ b/src/main/java/org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java @@ -0,0 +1,34 @@ +package org.bouncycastle.jce.spec; + + +import javax.crypto.SecretKey; + +/** + * A simple object to indicate that a symmetric cipher should reuse the + * last key provided. + */ +public class RepeatedSecretKeySpec + implements SecretKey +{ + private String algorithm; + + public RepeatedSecretKeySpec(String algorithm) + { + this.algorithm = algorithm; + } + + public String getAlgorithm() + { + return algorithm; + } + + public String getFormat() + { + return null; + } + + public byte[] getEncoded() + { + return null; + } +} diff --git a/src/main/java/org/bouncycastle/openssl/EncryptionException.java b/src/main/java/org/bouncycastle/openssl/EncryptionException.java deleted file mode 100644 index b839568..0000000 --- a/src/main/java/org/bouncycastle/openssl/EncryptionException.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.IOException; - -public class EncryptionException - extends IOException -{ - private Throwable cause; - - public EncryptionException(String msg) - { - super(msg); - } - - public EncryptionException(String msg, Throwable ex) - { - super(msg); - this.cause = ex; - } - - public Throwable getCause() - { - return cause; - } -}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java b/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java deleted file mode 100644 index 5793007..0000000 --- a/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java +++ /dev/null @@ -1,335 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.Key; -import java.security.KeyPair; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Security; -import java.security.cert.CRLException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; -import java.util.ArrayList; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.jce.PKCS10CertificationRequest; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; -import org.bouncycastle.util.io.pem.PemGenerationException; -import org.bouncycastle.util.io.pem.PemHeader; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemObjectGenerator; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509V2AttributeCertificate; - -/** - * PEM generator for the original set of PEM objects used in Open SSL. - */ -public class MiscPEMGenerator - implements PemObjectGenerator -{ - private Object obj; - private String algorithm; - private char[] password; - private SecureRandom random; - private Provider provider; - - public MiscPEMGenerator(Object o) - { - this.obj = o; - } - - public MiscPEMGenerator( - Object obj, - String algorithm, - char[] password, - SecureRandom random, - Provider provider) - { - this.obj = obj; - this.algorithm = algorithm; - this.password = password; - this.random = random; - this.provider = provider; - } - - public MiscPEMGenerator( - Object obj, - String algorithm, - char[] password, - SecureRandom random, - String provider) - throws NoSuchProviderException - { - this.obj = obj; - this.algorithm = algorithm; - this.password = password; - this.random = random; - - if (provider != null) - { - this.provider = Security.getProvider(provider); - if (this.provider == null) - { - throw new NoSuchProviderException("cannot find provider: " + provider); - } - } - } - - private PemObject createPemObject(Object o) - throws IOException - { - String type; - byte[] encoding; - - if (o instanceof PemObject) - { - return (PemObject)o; - } - if (o instanceof PemObjectGenerator) - { - return ((PemObjectGenerator)o).generate(); - } - if (o instanceof X509Certificate) - { - type = "CERTIFICATE"; - try - { - encoding = ((X509Certificate)o).getEncoded(); - } - catch (CertificateEncodingException e) - { - throw new PemGenerationException("Cannot encode object: " + e.toString()); - } - } - else if (o instanceof X509CRL) - { - type = "X509 CRL"; - try - { - encoding = ((X509CRL)o).getEncoded(); - } - catch (CRLException e) - { - throw new PemGenerationException("Cannot encode object: " + e.toString()); - } - } - else if (o instanceof KeyPair) - { - return createPemObject(((KeyPair)o).getPrivate()); - } - else if (o instanceof PrivateKey) - { - PrivateKeyInfo info = new PrivateKeyInfo( - (ASN1Sequence) ASN1Object.fromByteArray(((Key)o).getEncoded())); - - if (o instanceof RSAPrivateKey) - { - type = "RSA PRIVATE KEY"; - - encoding = info.getPrivateKey().getEncoded(); - } - else if (o instanceof DSAPrivateKey) - { - type = "DSA PRIVATE KEY"; - - DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters()); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(new DERInteger(p.getP())); - v.add(new DERInteger(p.getQ())); - v.add(new DERInteger(p.getG())); - - BigInteger x = ((DSAPrivateKey)o).getX(); - BigInteger y = p.getG().modPow(x, p.getP()); - - v.add(new DERInteger(y)); - v.add(new DERInteger(x)); - - encoding = new DERSequence(v).getEncoded(); - } - else if (((PrivateKey)o).getAlgorithm().equals("ECDSA")) - { - type = "EC PRIVATE KEY"; - - encoding = info.getPrivateKey().getEncoded(); - } - else - { - throw new IOException("Cannot identify private key"); - } - } - else if (o instanceof PublicKey) - { - type = "PUBLIC KEY"; - - encoding = ((PublicKey)o).getEncoded(); - } - else if (o instanceof X509AttributeCertificate) - { - type = "ATTRIBUTE CERTIFICATE"; - encoding = ((X509V2AttributeCertificate)o).getEncoded(); - } - else if (o instanceof PKCS10CertificationRequest) - { - type = "CERTIFICATE REQUEST"; - encoding = ((PKCS10CertificationRequest)o).getEncoded(); - } - else if (o instanceof ContentInfo) - { - type = "PKCS7"; - encoding = ((ContentInfo)o).getEncoded(); - } - else - { - throw new PemGenerationException("unknown object passed - can't encode."); - } - - return new PemObject(type, encoding); - } - - private String getHexEncoded(byte[] bytes) - throws IOException - { - bytes = Hex.encode(bytes); - - char[] chars = new char[bytes.length]; - - for (int i = 0; i != bytes.length; i++) - { - chars[i] = (char)bytes[i]; - } - - return new String(chars); - } - - private PemObject createPemObject( - Object obj, - String algorithm, - char[] password, - SecureRandom random) - throws IOException - { - if (obj instanceof KeyPair) - { - return createPemObject(((KeyPair)obj).getPrivate(), algorithm, password, random); - } - - String type = null; - byte[] keyData = null; - - if (obj instanceof RSAPrivateCrtKey) - { - type = "RSA PRIVATE KEY"; - - RSAPrivateCrtKey k = (RSAPrivateCrtKey)obj; - - RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure( - k.getModulus(), - k.getPublicExponent(), - k.getPrivateExponent(), - k.getPrimeP(), - k.getPrimeQ(), - k.getPrimeExponentP(), - k.getPrimeExponentQ(), - k.getCrtCoefficient()); - - // convert to bytearray - keyData = keyStruct.getEncoded(); - } - else if (obj instanceof DSAPrivateKey) - { - type = "DSA PRIVATE KEY"; - - DSAPrivateKey k = (DSAPrivateKey)obj; - DSAParams p = k.getParams(); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(new DERInteger(p.getP())); - v.add(new DERInteger(p.getQ())); - v.add(new DERInteger(p.getG())); - - BigInteger x = k.getX(); - BigInteger y = p.getG().modPow(x, p.getP()); - - v.add(new DERInteger(y)); - v.add(new DERInteger(x)); - - keyData = new DERSequence(v).getEncoded(); - } - else if (obj instanceof PrivateKey && "ECDSA".equals(((PrivateKey)obj).getAlgorithm())) - { - type = "EC PRIVATE KEY"; - - PrivateKeyInfo privInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(((PrivateKey)obj).getEncoded())); - - keyData = privInfo.getPrivateKey().getEncoded(); - } - - if (type == null || keyData == null) - { - // TODO Support other types? - throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName()); - } - - String dekAlgName = Strings.toUpperCase(algorithm); - - // Note: For backward compatibility - if (dekAlgName.equals("DESEDE")) - { - dekAlgName = "DES-EDE3-CBC"; - } - - int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8; - - byte[] iv = new byte[ivLength]; - random.nextBytes(iv); - - byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv); - - List headers = new ArrayList(2); - - headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED")); - headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv))); - - return new PemObject(type, headers, encData); - } - - public PemObject generate() - throws PemGenerationException - { - try - { - if (algorithm != null) - { - return createPemObject(obj, algorithm, password, random); - } - - return createPemObject(obj); - } - catch (IOException e) - { - throw new PemGenerationException("encoding exception: " + e.getMessage(), e); - } - } -} diff --git a/src/main/java/org/bouncycastle/openssl/PEMException.java b/src/main/java/org/bouncycastle/openssl/PEMException.java deleted file mode 100644 index 3753aec..0000000 --- a/src/main/java/org/bouncycastle/openssl/PEMException.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.IOException; - -public class PEMException - extends IOException -{ - Exception underlying; - - public PEMException( - String message) - { - super(message); - } - - public PEMException( - String message, - Exception underlying) - { - super(message); - this.underlying = underlying; - } - - public Exception getUnderlyingException() - { - return underlying; - } - - - public Throwable getCause() - { - return underlying; - } -} diff --git a/src/main/java/org/bouncycastle/openssl/PEMReader.java b/src/main/java/org/bouncycastle/openssl/PEMReader.java deleted file mode 100644 index 92bf8f9..0000000 --- a/src/main/java/org/bouncycastle/openssl/PEMReader.java +++ /dev/null @@ -1,804 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.Reader; -import java.security.AlgorithmParameters; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.cert.CertificateFactory; -import java.security.spec.DSAPrivateKeySpec; -import java.security.spec.DSAPublicKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.StringTokenizer; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.EncryptionScheme; -import org.bouncycastle.asn1.pkcs.KeyDerivationFunc; -import org.bouncycastle.asn1.pkcs.PBEParameter; -import org.bouncycastle.asn1.pkcs.PBES2Parameters; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jce.ECNamedCurveTable; -import org.bouncycastle.jce.PKCS10CertificationRequest; -import org.bouncycastle.util.encoders.Hex; -import org.bouncycastle.util.io.pem.PemHeader; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemObjectParser; -import org.bouncycastle.util.io.pem.PemReader; -import org.bouncycastle.x509.X509V2AttributeCertificate; - -/** - * Class for reading OpenSSL PEM encoded streams containing - * X509 certificates, PKCS8 encoded keys and PKCS7 objects. - * <p> - * In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and - * Certificates will be returned using the appropriate java.security type (KeyPair, PublicKey, X509Certificate, - * or X509CRL). In the case of a Certificate Request a PKCS10CertificationRequest will be returned. - * </p> - */ -public class PEMReader - extends PemReader -{ - private final Map parsers = new HashMap(); - - private PasswordFinder pFinder; - - - /** - * Create a new PEMReader - * - * @param reader the Reader - */ - public PEMReader( - Reader reader) - { - this(reader, null, "BC"); - } - - /** - * Create a new PEMReader with a password finder - * - * @param reader the Reader - * @param pFinder the password finder - */ - public PEMReader( - Reader reader, - PasswordFinder pFinder) - { - this(reader, pFinder, "BC"); - } - - /** - * Create a new PEMReader with a password finder - * - * @param reader the Reader - * @param pFinder the password finder - * @param provider the cryptography provider to use - */ - public PEMReader( - Reader reader, - PasswordFinder pFinder, - String provider) - { - this(reader, pFinder, provider, provider); - } - - /** - * Create a new PEMReader with a password finder and differing providers for secret and public key - * operations. - * - * @param reader the Reader - * @param pFinder the password finder - * @param symProvider provider to use for symmetric operations - * @param asymProvider provider to use for asymmetric (public/private key) operations - */ - public PEMReader( - Reader reader, - PasswordFinder pFinder, - String symProvider, - String asymProvider) - { - super(reader); - - this.pFinder = pFinder; - - parsers.put("CERTIFICATE REQUEST", new PKCS10CertificationRequestParser()); - parsers.put("NEW CERTIFICATE REQUEST", new PKCS10CertificationRequestParser()); - parsers.put("CERTIFICATE", new X509CertificateParser(asymProvider)); - parsers.put("X509 CERTIFICATE", new X509CertificateParser(asymProvider)); - parsers.put("X509 CRL", new X509CRLParser(asymProvider)); - parsers.put("PKCS7", new PKCS7Parser()); - parsers.put("ATTRIBUTE CERTIFICATE", new X509AttributeCertificateParser()); - parsers.put("EC PARAMETERS", new ECNamedCurveSpecParser()); - parsers.put("PUBLIC KEY", new PublicKeyParser(asymProvider)); - parsers.put("RSA PUBLIC KEY", new RSAPublicKeyParser(asymProvider)); - parsers.put("RSA PRIVATE KEY", new RSAKeyPairParser(asymProvider)); - parsers.put("DSA PRIVATE KEY", new DSAKeyPairParser(asymProvider)); - parsers.put("EC PRIVATE KEY", new ECDSAKeyPairParser(asymProvider)); - parsers.put("ENCRYPTED PRIVATE KEY", new EncryptedPrivateKeyParser(symProvider, asymProvider)); - parsers.put("PRIVATE KEY", new PrivateKeyParser(asymProvider)); - } - - public Object readObject() - throws IOException - { - PemObject obj = readPemObject(); - - if (obj != null) - { - String type = obj.getType(); - if (parsers.containsKey(type)) - { - return ((PemObjectParser)parsers.get(type)).parseObject(obj); - } - else - { - throw new IOException("unrecognised object: " + type); - } - } - - return null; - } - - private abstract class KeyPairParser - implements PemObjectParser - { - protected String provider; - - public KeyPairParser(String provider) - { - this.provider = provider; - } - - /** - * Read a Key Pair - */ - protected ASN1Sequence readKeyPair( - PemObject obj) - throws IOException - { - boolean isEncrypted = false; - String dekInfo = null; - List headers = obj.getHeaders(); - - for (Iterator it = headers.iterator(); it.hasNext();) - { - PemHeader hdr = (PemHeader)it.next(); - - if (hdr.getName().equals("Proc-Type") && hdr.getValue().equals("4,ENCRYPTED")) - { - isEncrypted = true; - } - else if (hdr.getName().equals("DEK-Info")) - { - dekInfo = hdr.getValue(); - } - } - - // - // extract the key - // - byte[] keyBytes = obj.getContent(); - - if (isEncrypted) - { - if (pFinder == null) - { - throw new PasswordException("No password finder specified, but a password is required"); - } - - char[] password = pFinder.getPassword(); - - if (password == null) - { - throw new PasswordException("Password is null, but a password is required"); - } - - StringTokenizer tknz = new StringTokenizer(dekInfo, ","); - String dekAlgName = tknz.nextToken(); - byte[] iv = Hex.decode(tknz.nextToken()); - - keyBytes = PEMUtilities.crypt(false, provider, keyBytes, password, dekAlgName, iv); - } - - try - { - return (ASN1Sequence)ASN1Object.fromByteArray(keyBytes); - } - catch (IOException e) - { - if (isEncrypted) - { - throw new PEMException("exception decoding - please check password and data.", e); - } - else - { - throw new PEMException(e.getMessage(), e); - } - } - catch (ClassCastException e) - { - if (isEncrypted) - { - throw new PEMException("exception decoding - please check password and data.", e); - } - else - { - throw new PEMException(e.getMessage(), e); - } - } - } - } - - private class DSAKeyPairParser - extends KeyPairParser - { - public DSAKeyPairParser(String provider) - { - super(provider); - } - - public Object parseObject(PemObject obj) - throws IOException - { - try - { - ASN1Sequence seq = readKeyPair(obj); - - if (seq.size() != 6) - { - throw new PEMException("malformed sequence in DSA private key"); - } - - // DERInteger v = (DERInteger)seq.getObjectAt(0); - DERInteger p = (DERInteger)seq.getObjectAt(1); - DERInteger q = (DERInteger)seq.getObjectAt(2); - DERInteger g = (DERInteger)seq.getObjectAt(3); - DERInteger y = (DERInteger)seq.getObjectAt(4); - DERInteger x = (DERInteger)seq.getObjectAt(5); - - DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec( - x.getValue(), p.getValue(), - q.getValue(), g.getValue()); - DSAPublicKeySpec pubSpec = new DSAPublicKeySpec( - y.getValue(), p.getValue(), - q.getValue(), g.getValue()); - - KeyFactory fact = KeyFactory.getInstance("DSA", provider); - - return new KeyPair( - fact.generatePublic(pubSpec), - fact.generatePrivate(privSpec)); - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new PEMException( - "problem creating DSA private key: " + e.toString(), e); - } - } - } - - private class ECDSAKeyPairParser - extends KeyPairParser - { - public ECDSAKeyPairParser(String provider) - { - super(provider); - } - - public Object parseObject(PemObject obj) - throws IOException - { - try - { - ASN1Sequence seq = readKeyPair(obj); - - ECPrivateKeyStructure pKey = new ECPrivateKeyStructure(seq); - AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters()); - PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey.getDERObject()); - SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes()); - - PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded()); - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded()); - - - KeyFactory fact = KeyFactory.getInstance("ECDSA", provider); - - - return new KeyPair( - fact.generatePublic(pubSpec), - fact.generatePrivate(privSpec)); - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new PEMException( - "problem creating EC private key: " + e.toString(), e); - } - } - } - - private class RSAKeyPairParser - extends KeyPairParser - { - public RSAKeyPairParser(String provider) - { - super(provider); - } - - public Object parseObject(PemObject obj) - throws IOException - { - try - { - ASN1Sequence seq = readKeyPair(obj); - - if (seq.size() != 9) - { - throw new PEMException("malformed sequence in RSA private key"); - } - - // DERInteger v = (DERInteger)seq.getObjectAt(0); - DERInteger mod = (DERInteger)seq.getObjectAt(1); - DERInteger pubExp = (DERInteger)seq.getObjectAt(2); - DERInteger privExp = (DERInteger)seq.getObjectAt(3); - DERInteger p1 = (DERInteger)seq.getObjectAt(4); - DERInteger p2 = (DERInteger)seq.getObjectAt(5); - DERInteger exp1 = (DERInteger)seq.getObjectAt(6); - DERInteger exp2 = (DERInteger)seq.getObjectAt(7); - DERInteger crtCoef = (DERInteger)seq.getObjectAt(8); - - RSAPublicKeySpec pubSpec = new RSAPublicKeySpec( - mod.getValue(), pubExp.getValue()); - RSAPrivateCrtKeySpec privSpec = new RSAPrivateCrtKeySpec( - mod.getValue(), pubExp.getValue(), privExp.getValue(), - p1.getValue(), p2.getValue(), - exp1.getValue(), exp2.getValue(), - crtCoef.getValue()); - - - KeyFactory fact = KeyFactory.getInstance("RSA", provider); - - - return new KeyPair( - fact.generatePublic(pubSpec), - fact.generatePrivate(privSpec)); - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new PEMException( - "problem creating RSA private key: " + e.toString(), e); - } - } - } - - private class PublicKeyParser - implements PemObjectParser - { - private String provider; - - public PublicKeyParser(String provider) - { - this.provider = provider; - } - - public Object parseObject(PemObject obj) - throws IOException - { - KeySpec keySpec = new X509EncodedKeySpec(obj.getContent()); - String[] algorithms = {"DSA", "RSA"}; - for (int i = 0; i < algorithms.length; i++) - { - try - { - KeyFactory keyFact = KeyFactory.getInstance(algorithms[i], provider); - PublicKey pubKey = keyFact.generatePublic(keySpec); - - return pubKey; - } - catch (NoSuchAlgorithmException e) - { - // ignore - } - catch (InvalidKeySpecException e) - { - // ignore - } - catch (NoSuchProviderException e) - { - throw new RuntimeException("can't find provider " + provider); - } - } - - return null; - } - } - - private class RSAPublicKeyParser - implements PemObjectParser - { - private String provider; - - public RSAPublicKeyParser(String provider) - { - this.provider = provider; - } - - public Object parseObject(PemObject obj) - throws IOException - { - try - { - ASN1InputStream ais = new ASN1InputStream(obj.getContent()); - Object asnObject = ais.readObject(); - ASN1Sequence sequence = (ASN1Sequence)asnObject; - RSAPublicKeyStructure rsaPubStructure = new RSAPublicKeyStructure(sequence); - RSAPublicKeySpec keySpec = new RSAPublicKeySpec( - rsaPubStructure.getModulus(), - rsaPubStructure.getPublicExponent()); - - - KeyFactory keyFact = KeyFactory.getInstance("RSA", provider); - - return keyFact.generatePublic(keySpec); - } - catch (IOException e) - { - throw e; - } - catch (NoSuchProviderException e) - { - throw new IOException("can't find provider " + provider); - } - catch (Exception e) - { - throw new PEMException("problem extracting key: " + e.toString(), e); - } - } - } - - private class X509CertificateParser - implements PemObjectParser - { - private String provider; - - public X509CertificateParser(String provider) - { - this.provider = provider; - } - - /** - * Reads in a X509Certificate. - * - * @return the X509Certificate - * @throws IOException if an I/O error occured - */ - public Object parseObject(PemObject obj) - throws IOException - { - ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent()); - - try - { - CertificateFactory certFact - = CertificateFactory.getInstance("X.509", provider); - - return certFact.generateCertificate(bIn); - } - catch (Exception e) - { - throw new PEMException("problem parsing cert: " + e.toString(), e); - } - } - } - - private class X509CRLParser - implements PemObjectParser - { - private String provider; - - public X509CRLParser(String provider) - { - this.provider = provider; - } - - /** - * Reads in a X509CRL. - * - * @return the X509Certificate - * @throws IOException if an I/O error occured - */ - public Object parseObject(PemObject obj) - throws IOException - { - ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent()); - - try - { - CertificateFactory certFact - = CertificateFactory.getInstance("X.509", provider); - - return certFact.generateCRL(bIn); - } - catch (Exception e) - { - throw new PEMException("problem parsing cert: " + e.toString(), e); - } - } - } - - private class PKCS10CertificationRequestParser - implements PemObjectParser - { - /** - * Reads in a PKCS10 certification request. - * - * @return the certificate request. - * @throws IOException if an I/O error occured - */ - public Object parseObject(PemObject obj) - throws IOException - { - try - { - return new PKCS10CertificationRequest(obj.getContent()); - } - catch (Exception e) - { - throw new PEMException("problem parsing certrequest: " + e.toString(), e); - } - } - } - - private class PKCS7Parser - implements PemObjectParser - { - /** - * Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS - * API. - * - * @return the X509Certificate - * @throws IOException if an I/O error occured - */ - public Object parseObject(PemObject obj) - throws IOException - { - try - { - ASN1InputStream aIn = new ASN1InputStream(obj.getContent()); - - return ContentInfo.getInstance(aIn.readObject()); - } - catch (Exception e) - { - throw new PEMException("problem parsing PKCS7 object: " + e.toString(), e); - } - } - } - - private class X509AttributeCertificateParser - implements PemObjectParser - { - public Object parseObject(PemObject obj) - throws IOException - { - return new X509V2AttributeCertificate(obj.getContent()); - } - } - - private class ECNamedCurveSpecParser - implements PemObjectParser - { - public Object parseObject(PemObject obj) - throws IOException - { - try - { - DERObjectIdentifier oid = (DERObjectIdentifier)ASN1Object.fromByteArray(obj.getContent()); - - Object params = ECNamedCurveTable.getParameterSpec(oid.getId()); - - if (params == null) - { - throw new IOException("object ID not found in EC curve table"); - } - - return params; - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new PEMException("exception extracting EC named curve: " + e.toString()); - } - } - } - - private class EncryptedPrivateKeyParser - implements PemObjectParser - { - private String symProvider; - private String asymProvider; - - public EncryptedPrivateKeyParser(String symProvider, String asymProvider) - { - this.symProvider = symProvider; - this.asymProvider = asymProvider; - } - - /** - * Reads in a X509CRL. - * - * @return the X509Certificate - * @throws IOException if an I/O error occured - */ - public Object parseObject(PemObject obj) - throws IOException - { - try - { - EncryptedPrivateKeyInfo info = EncryptedPrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent())); - AlgorithmIdentifier algId = info.getEncryptionAlgorithm(); - - if (pFinder == null) - { - throw new PEMException("no PasswordFinder specified"); - } - - if (PEMUtilities.isPKCS5Scheme2(algId.getAlgorithm())) - { - PBES2Parameters params = PBES2Parameters.getInstance(algId.getParameters()); - KeyDerivationFunc func = params.getKeyDerivationFunc(); - EncryptionScheme scheme = params.getEncryptionScheme(); - PBKDF2Params defParams = (PBKDF2Params)func.getParameters(); - - int iterationCount = defParams.getIterationCount().intValue(); - byte[] salt = defParams.getSalt(); - - String algorithm = scheme.getAlgorithm().getId(); - - SecretKey key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(algorithm, pFinder.getPassword(), salt, iterationCount); - - Cipher cipher = Cipher.getInstance(algorithm, symProvider); - AlgorithmParameters algParams = AlgorithmParameters.getInstance(algorithm, symProvider); - - algParams.init(scheme.getParameters().getDERObject().getEncoded()); - - cipher.init(Cipher.DECRYPT_MODE, key, algParams); - - PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData()))); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded()); - - KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider); - - return keyFact.generatePrivate(keySpec); - } - else if (PEMUtilities.isPKCS12(algId.getAlgorithm())) - { - PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters()); - String algorithm = algId.getAlgorithm().getId(); - PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword()); - - SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider); - PBEParameterSpec defParams = new PBEParameterSpec(params.getIV(), params.getIterations().intValue()); - - Cipher cipher = Cipher.getInstance(algorithm, symProvider); - - cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams); - - PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData()))); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded()); - - KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider); - - return keyFact.generatePrivate(keySpec); - } - else if (PEMUtilities.isPKCS5Scheme1(algId.getAlgorithm())) - { - PBEParameter params = PBEParameter.getInstance(algId.getParameters()); - String algorithm = algId.getAlgorithm().getId(); - PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword()); - - SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider); - PBEParameterSpec defParams = new PBEParameterSpec(params.getSalt(), params.getIterationCount().intValue()); - - Cipher cipher = Cipher.getInstance(algorithm, symProvider); - - cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams); - - PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData()))); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded()); - - KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider); - - return keyFact.generatePrivate(keySpec); - } - else - { - throw new PEMException("Unknown algorithm: " + algId.getAlgorithm()); - } - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new PEMException("problem parsing ENCRYPTED PRIVATE KEY: " + e.toString(), e); - } - } - } - - private class PrivateKeyParser - implements PemObjectParser - { - private String provider; - - public PrivateKeyParser(String provider) - { - this.provider = provider; - } - - public Object parseObject(PemObject obj) - throws IOException - { - try - { - PrivateKeyInfo info = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent())); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(obj.getContent()); - - KeyFactory keyFact = KeyFactory.getInstance(info.getAlgorithmId().getAlgorithm().getId(), provider); - - return keyFact.generatePrivate(keySpec); - } - catch (Exception e) - { - throw new PEMException("problem parsing PRIVATE KEY: " + e.toString(), e); - } - } - } -} diff --git a/src/main/java/org/bouncycastle/openssl/PEMUtilities.java b/src/main/java/org/bouncycastle/openssl/PEMUtilities.java deleted file mode 100644 index c955e4d..0000000 --- a/src/main/java/org/bouncycastle/openssl/PEMUtilities.java +++ /dev/null @@ -1,280 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.IOException; -import java.security.Key; -import java.security.Provider; -import java.security.Security; -import java.security.spec.AlgorithmParameterSpec; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; - -final class PEMUtilities -{ - private static final Map KEYSIZES = new HashMap(); - private static final Set PKCS5_SCHEME_1 = new HashSet(); - private static final Set PKCS5_SCHEME_2 = new HashSet(); - - static - { - PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC); - PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC); - PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC); - PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC); - PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC); - PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC); - - PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.id_PBES2); - PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.des_EDE3_CBC); - PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes128_CBC); - PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC); - PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC); - - // BEGIN android-changed - KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integer.valueOf(192)); - KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), Integer.valueOf(128)); - KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), Integer.valueOf(192)); - KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), Integer.valueOf(256)); - // END android-changed - } - - static int getKeySize(String algorithm) - { - if (!KEYSIZES.containsKey(algorithm)) - { - throw new IllegalStateException("no key size for algorithm: " + algorithm); - } - - return ((Integer)KEYSIZES.get(algorithm)).intValue(); - } - - static boolean isPKCS5Scheme1(DERObjectIdentifier algOid) - { - return PKCS5_SCHEME_1.contains(algOid); - } - - static boolean isPKCS5Scheme2(DERObjectIdentifier algOid) - { - return PKCS5_SCHEME_2.contains(algOid); - } - - static boolean isPKCS12(DERObjectIdentifier algOid) - { - return algOid.getId().startsWith(PKCSObjectIdentifiers.pkcs_12PbeIds.getId()); - } - - static SecretKey generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount) - { - PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(); - - generator.init( - PBEParametersGenerator.PKCS5PasswordToBytes(password), - salt, - iterationCount); - - return new SecretKeySpec(((KeyParameter)generator.generateDerivedParameters(PEMUtilities.getKeySize(algorithm))).getKey(), algorithm); - } - - static byte[] crypt( - boolean encrypt, - String provider, - byte[] bytes, - char[] password, - String dekAlgName, - byte[] iv) - throws IOException - { - Provider prov = null; - if (provider != null) - { - prov = Security.getProvider(provider); - if (prov == null) - { - throw new EncryptionException("cannot find provider: " + provider); - } - } - - return crypt(encrypt, prov, bytes, password, dekAlgName, iv); - } - - static byte[] crypt( - boolean encrypt, - Provider provider, - byte[] bytes, - char[] password, - String dekAlgName, - byte[] iv) - throws IOException - { - AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv); - String alg; - String blockMode = "CBC"; - String padding = "PKCS5Padding"; - Key sKey; - - // Figure out block mode and padding. - if (dekAlgName.endsWith("-CFB")) - { - blockMode = "CFB"; - padding = "NoPadding"; - } - if (dekAlgName.endsWith("-ECB") || - "DES-EDE".equals(dekAlgName) || - "DES-EDE3".equals(dekAlgName)) - { - // ECB is actually the default (though seldom used) when OpenSSL - // uses DES-EDE (des2) or DES-EDE3 (des3). - blockMode = "ECB"; - paramSpec = null; - } - if (dekAlgName.endsWith("-OFB")) - { - blockMode = "OFB"; - padding = "NoPadding"; - } - - - // Figure out algorithm and key size. - if (dekAlgName.startsWith("DES-EDE")) - { - alg = "DESede"; - // "DES-EDE" is actually des2 in OpenSSL-speak! - // "DES-EDE3" is des3. - boolean des2 = !dekAlgName.startsWith("DES-EDE3"); - sKey = getKey(password, alg, 24, iv, des2); - } - else if (dekAlgName.startsWith("DES-")) - { - alg = "DES"; - sKey = getKey(password, alg, 8, iv); - } - else if (dekAlgName.startsWith("BF-")) - { - alg = "Blowfish"; - sKey = getKey(password, alg, 16, iv); - } - else if (dekAlgName.startsWith("RC2-")) - { - alg = "RC2"; - int keyBits = 128; - if (dekAlgName.startsWith("RC2-40-")) - { - keyBits = 40; - } - else if (dekAlgName.startsWith("RC2-64-")) - { - keyBits = 64; - } - sKey = getKey(password, alg, keyBits / 8, iv); - if (paramSpec == null) // ECB block mode - { - paramSpec = new RC2ParameterSpec(keyBits); - } - else - { - paramSpec = new RC2ParameterSpec(keyBits, iv); - } - } - else if (dekAlgName.startsWith("AES-")) - { - alg = "AES"; - byte[] salt = iv; - if (salt.length > 8) - { - salt = new byte[8]; - System.arraycopy(iv, 0, salt, 0, 8); - } - - int keyBits; - if (dekAlgName.startsWith("AES-128-")) - { - keyBits = 128; - } - else if (dekAlgName.startsWith("AES-192-")) - { - keyBits = 192; - } - else if (dekAlgName.startsWith("AES-256-")) - { - keyBits = 256; - } - else - { - throw new EncryptionException("unknown AES encryption with private key"); - } - sKey = getKey(password, "AES", keyBits / 8, salt); - } - else - { - throw new EncryptionException("unknown encryption with private key"); - } - - String transformation = alg + "/" + blockMode + "/" + padding; - - try - { - Cipher c = Cipher.getInstance(transformation, provider); - int mode = encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE; - - if (paramSpec == null) // ECB block mode - { - c.init(mode, sKey); - } - else - { - c.init(mode, sKey, paramSpec); - } - return c.doFinal(bytes); - } - catch (Exception e) - { - throw new EncryptionException("exception using cipher - please check password and data.", e); - } - } - - private static SecretKey getKey( - char[] password, - String algorithm, - int keyLength, - byte[] salt) - { - return getKey(password, algorithm, keyLength, salt, false); - } - - private static SecretKey getKey( - char[] password, - String algorithm, - int keyLength, - byte[] salt, - boolean des2) - { - OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); - - pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt); - - KeyParameter keyParam; - keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8); - byte[] key = keyParam.getKey(); - if (des2 && key.length >= 24) - { - // For DES2, we must copy first 8 bytes into the last 8 bytes. - System.arraycopy(key, 0, key, 16, 8); - } - return new javax.crypto.spec.SecretKeySpec(key, algorithm); - } -} diff --git a/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/src/main/java/org/bouncycastle/openssl/PEMWriter.java deleted file mode 100644 index 834252f..0000000 --- a/src/main/java/org/bouncycastle/openssl/PEMWriter.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.IOException; -import java.io.Writer; -import java.security.NoSuchProviderException; -import java.security.SecureRandom; - -import org.bouncycastle.util.io.pem.PemGenerationException; -import org.bouncycastle.util.io.pem.PemObjectGenerator; -import org.bouncycastle.util.io.pem.PemWriter; - -/** - * General purpose writer for OpenSSL PEM objects. - */ -public class PEMWriter - extends PemWriter -{ - private String provider; - - /** - * Base constructor. - * - * @param out output stream to use. - */ - public PEMWriter(Writer out) - { - this(out, "BC"); - } - - public PEMWriter( - Writer out, - String provider) - { - super(out); - - this.provider = provider; - } - - public void writeObject( - Object obj) - throws IOException - { - try - { - super.writeObject(new MiscPEMGenerator(obj)); - } - catch (PemGenerationException e) - { - if (e.getCause() instanceof IOException) - { - throw (IOException)e.getCause(); - } - - throw e; - } - } - - public void writeObject( - PemObjectGenerator obj) - throws IOException - { - super.writeObject(obj); - } - - public void writeObject( - Object obj, - String algorithm, - char[] password, - SecureRandom random) - throws IOException - { - try - { - super.writeObject(new MiscPEMGenerator(obj, algorithm, password, random, provider)); - } - catch (NoSuchProviderException e) - { - throw new EncryptionException(e.getMessage(), e); - } - } -} diff --git a/src/main/java/org/bouncycastle/openssl/PasswordException.java b/src/main/java/org/bouncycastle/openssl/PasswordException.java deleted file mode 100644 index c2b8ccd..0000000 --- a/src/main/java/org/bouncycastle/openssl/PasswordException.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.IOException; - -public class PasswordException - extends IOException -{ - public PasswordException(String msg) - { - super(msg); - } -} diff --git a/src/main/java/org/bouncycastle/openssl/PasswordFinder.java b/src/main/java/org/bouncycastle/openssl/PasswordFinder.java deleted file mode 100644 index fb89cf0..0000000 --- a/src/main/java/org/bouncycastle/openssl/PasswordFinder.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.openssl; - -/** - * call back to allow a password to be fetched when one is requested. - */ -public interface PasswordFinder -{ - public char[] getPassword(); -} diff --git a/src/main/java/org/bouncycastle/util/Arrays.java b/src/main/java/org/bouncycastle/util/Arrays.java index 9d6a43b..4564b68 100644 --- a/src/main/java/org/bouncycastle/util/Arrays.java +++ b/src/main/java/org/bouncycastle/util/Arrays.java @@ -1,5 +1,7 @@ package org.bouncycastle.util; +import java.math.BigInteger; + /** * General array utilities. */ @@ -167,6 +169,66 @@ public final class Arrays return true; } + public static boolean areEqual( + long[] a, + long[] b) + { + if (a == b) + { + return true; + } + + if (a == null || b == null) + { + return false; + } + + if (a.length != b.length) + { + return false; + } + + for (int i = 0; i != a.length; i++) + { + if (a[i] != b[i]) + { + return false; + } + } + + return true; + } + + public static boolean areEqual( + BigInteger[] a, + BigInteger[] b) + { + if (a == b) + { + return true; + } + + if (a == null || b == null) + { + return false; + } + + if (a.length != b.length) + { + return false; + } + + for (int i = 0; i != a.length; i++) + { + if (!a[i].equals(b[i])) + { + return false; + } + } + + return true; + } + public static void fill( byte[] array, byte value) @@ -197,6 +259,16 @@ public final class Arrays } } + public static void fill( + int[] array, + int value) + { + for (int i = 0; i < array.length; i++) + { + array[i] = value; + } + } + public static int hashCode(byte[] data) { if (data == null) @@ -216,6 +288,63 @@ public final class Arrays return hc; } + public static int hashCode(char[] data) + { + if (data == null) + { + return 0; + } + + int i = data.length; + int hc = i + 1; + + while (--i >= 0) + { + hc *= 257; + hc ^= data[i]; + } + + return hc; + } + + public static int hashCode(int[] data) + { + if (data == null) + { + return 0; + } + + int i = data.length; + int hc = i + 1; + + while (--i >= 0) + { + hc *= 257; + hc ^= data[i]; + } + + return hc; + } + + public static int hashCode(BigInteger[] data) + { + if (data == null) + { + return 0; + } + + int i = data.length; + int hc = i + 1; + + while (--i >= 0) + { + hc *= 257; + hc ^= data[i].hashCode(); + } + + return hc; + } + public static byte[] clone(byte[] data) { if (data == null) @@ -241,4 +370,163 @@ public final class Arrays return copy; } + + public static BigInteger[] clone(BigInteger[] data) + { + if (data == null) + { + return null; + } + BigInteger[] copy = new BigInteger[data.length]; + + System.arraycopy(data, 0, copy, 0, data.length); + + return copy; + } + + public static byte[] copyOf(byte[] data, int newLength) + { + byte[] tmp = new byte[newLength]; + + if (newLength < data.length) + { + System.arraycopy(data, 0, tmp, 0, newLength); + } + else + { + System.arraycopy(data, 0, tmp, 0, data.length); + } + + return tmp; + } + + public static int[] copyOf(int[] data, int newLength) + { + int[] tmp = new int[newLength]; + + if (newLength < data.length) + { + System.arraycopy(data, 0, tmp, 0, newLength); + } + else + { + System.arraycopy(data, 0, tmp, 0, data.length); + } + + return tmp; + } + + public static long[] copyOf(long[] data, int newLength) + { + long[] tmp = new long[newLength]; + + if (newLength < data.length) + { + System.arraycopy(data, 0, tmp, 0, newLength); + } + else + { + System.arraycopy(data, 0, tmp, 0, data.length); + } + + return tmp; + } + + public static BigInteger[] copyOf(BigInteger[] data, int newLength) + { + BigInteger[] tmp = new BigInteger[newLength]; + + if (newLength < data.length) + { + System.arraycopy(data, 0, tmp, 0, newLength); + } + else + { + System.arraycopy(data, 0, tmp, 0, data.length); + } + + return tmp; + } + + public static byte[] copyOfRange(byte[] data, int from, int to) + { + int newLength = getLength(from, to); + + byte[] tmp = new byte[newLength]; + + if (data.length - from < newLength) + { + System.arraycopy(data, from, tmp, 0, data.length - from); + } + else + { + System.arraycopy(data, from, tmp, 0, newLength); + } + + return tmp; + } + + public static int[] copyOfRange(int[] data, int from, int to) + { + int newLength = getLength(from, to); + + int[] tmp = new int[newLength]; + + if (data.length - from < newLength) + { + System.arraycopy(data, from, tmp, 0, data.length - from); + } + else + { + System.arraycopy(data, from, tmp, 0, newLength); + } + + return tmp; + } + + public static long[] copyOfRange(long[] data, int from, int to) + { + int newLength = getLength(from, to); + + long[] tmp = new long[newLength]; + + if (data.length - from < newLength) + { + System.arraycopy(data, from, tmp, 0, data.length - from); + } + else + { + System.arraycopy(data, from, tmp, 0, newLength); + } + + return tmp; + } + + public static BigInteger[] copyOfRange(BigInteger[] data, int from, int to) + { + int newLength = getLength(from, to); + + BigInteger[] tmp = new BigInteger[newLength]; + + if (data.length - from < newLength) + { + System.arraycopy(data, from, tmp, 0, data.length - from); + } + else + { + System.arraycopy(data, from, tmp, 0, newLength); + } + + return tmp; + } + + private static int getLength(int from, int to) + { + int newLength = to - from; + if (newLength < 0) + { + throw new IllegalArgumentException(from + " > " + to); + } + return newLength; + } } diff --git a/src/main/java/org/bouncycastle/util/Strings.java b/src/main/java/org/bouncycastle/util/Strings.java index 0c081f7..7f67404 100644 --- a/src/main/java/org/bouncycastle/util/Strings.java +++ b/src/main/java/org/bouncycastle/util/Strings.java @@ -1,6 +1,8 @@ package org.bouncycastle.util; import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStream; import java.util.Vector; public final class Strings @@ -88,6 +90,22 @@ public final class Strings public static byte[] toUTF8ByteArray(char[] string) { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + try + { + toUTF8ByteArray(string, bOut); + } + catch (IOException e) + { + throw new IllegalStateException("cannot encode string to byte array!"); + } + + return bOut.toByteArray(); + } + + public static void toUTF8ByteArray(char[] string, OutputStream sOut) + throws IOException + { char[] c = string; int i = 0; @@ -97,12 +115,12 @@ public final class Strings if (ch < 0x0080) { - bOut.write(ch); + sOut.write(ch); } else if (ch < 0x0800) { - bOut.write(0xc0 | (ch >> 6)); - bOut.write(0x80 | (ch & 0x3f)); + sOut.write(0xc0 | (ch >> 6)); + sOut.write(0x80 | (ch & 0x3f)); } // surrogate pair else if (ch >= 0xD800 && ch <= 0xDFFF) @@ -123,24 +141,22 @@ public final class Strings throw new IllegalStateException("invalid UTF-16 codepoint"); } int codePoint = (((W1 & 0x03FF) << 10) | (W2 & 0x03FF)) + 0x10000; - bOut.write(0xf0 | (codePoint >> 18)); - bOut.write(0x80 | ((codePoint >> 12) & 0x3F)); - bOut.write(0x80 | ((codePoint >> 6) & 0x3F)); - bOut.write(0x80 | (codePoint & 0x3F)); + sOut.write(0xf0 | (codePoint >> 18)); + sOut.write(0x80 | ((codePoint >> 12) & 0x3F)); + sOut.write(0x80 | ((codePoint >> 6) & 0x3F)); + sOut.write(0x80 | (codePoint & 0x3F)); } else { - bOut.write(0xe0 | (ch >> 12)); - bOut.write(0x80 | ((ch >> 6) & 0x3F)); - bOut.write(0x80 | (ch & 0x3F)); + sOut.write(0xe0 | (ch >> 12)); + sOut.write(0x80 | ((ch >> 6) & 0x3F)); + sOut.write(0x80 | (ch & 0x3F)); } i++; } - - return bOut.toByteArray(); } - + /** * A locale independent version of toUpperCase. * @@ -225,6 +241,35 @@ public final class Strings return bytes; } + /** + * Convert an array of 8 bit characters into a string. + * + * @param bytes 8 bit characters. + * @return resulting String. + */ + public static String fromByteArray(byte[] bytes) + { + return new String(asCharArray(bytes)); + } + + /** + * Do a simple conversion of an array of 8 bit characters into a string. + * + * @param bytes 8 bit characters. + * @return resulting String. + */ + public static char[] asCharArray(byte[] bytes) + { + char[] chars = new char[bytes.length]; + + for (int i = 0; i != chars.length; i++) + { + chars[i] = (char)(bytes[i] & 0xff); + } + + return chars; + } + public static String[] split(String input, char delimiter) { Vector v = new Vector(); diff --git a/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java b/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java new file mode 100644 index 0000000..a4919cd --- /dev/null +++ b/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java @@ -0,0 +1,52 @@ +package org.bouncycastle.util.io; + +import java.io.IOException; +import java.io.OutputStream; + +public class TeeOutputStream + extends OutputStream +{ + private OutputStream output1; + private OutputStream output2; + + public TeeOutputStream(OutputStream output1, OutputStream output2) + { + this.output1 = output1; + this.output2 = output2; + } + + public void write(byte[] buf) + throws IOException + { + this.output1.write(buf); + this.output2.write(buf); + } + + public void write(byte[] buf, int off, int len) + throws IOException + { + this.output1.write(buf, off, len); + this.output2.write(buf, off, len); + } + + public void write(int b) + throws IOException + { + this.output1.write(b); + this.output2.write(b); + } + + public void flush() + throws IOException + { + this.output1.flush(); + this.output2.flush(); + } + + public void close() + throws IOException + { + this.output1.close(); + this.output2.close(); + } +}
\ No newline at end of file diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemReader.java b/src/main/java/org/bouncycastle/util/io/pem/PemReader.java index 28f777d..7664725 100644 --- a/src/main/java/org/bouncycastle/util/io/pem/PemReader.java +++ b/src/main/java/org/bouncycastle/util/io/pem/PemReader.java @@ -24,7 +24,12 @@ public class PemReader { String line = readLine(); - if (line != null && line.startsWith(BEGIN)) + while (line != null && !line.startsWith(BEGIN)) + { + line = readLine(); + } + + if (line != null) { line = line.substring(BEGIN.length()); int index = line.indexOf('-'); diff --git a/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java b/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java index 2290484..b00cd1d 100644 --- a/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java +++ b/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java @@ -15,8 +15,9 @@ import java.util.List; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.GeneralName; @@ -60,8 +61,8 @@ public class AttributeCertificateHolder BigInteger serialNumber) { holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial( - new GeneralNames(new DERSequence(new GeneralName(issuerName))), - new DERInteger(serialNumber))); + GeneralNames.getInstance(new DERSequence(new GeneralName(issuerName))), + new ASN1Integer(serialNumber))); } public AttributeCertificateHolder(X500Principal issuerName, @@ -85,7 +86,7 @@ public class AttributeCertificateHolder } holder = new Holder(new IssuerSerial(generateGeneralNames(name), - new DERInteger(cert.getSerialNumber()))); + new ASN1Integer(cert.getSerialNumber()))); } public AttributeCertificateHolder(X509Principal principal) @@ -125,7 +126,7 @@ public class AttributeCertificateHolder String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) { holder = new Holder(new ObjectDigestInfo(digestedObjectType, - otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays + new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(digestAlgorithm), Arrays .clone(objectDigest))); } @@ -200,7 +201,7 @@ public class AttributeCertificateHolder private GeneralNames generateGeneralNames(X509Principal principal) { - return new GeneralNames(new DERSequence(new GeneralName(principal))); + return GeneralNames.getInstance(new DERSequence(new GeneralName(principal))); } private boolean matchesDN(X509Principal subject, GeneralNames targets) @@ -215,7 +216,7 @@ public class AttributeCertificateHolder { try { - if (new X509Principal(((ASN1Encodable)gn.getName()) + if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive() .getEncoded()).equals(subject)) { return true; @@ -241,7 +242,7 @@ public class AttributeCertificateHolder try { l.add(new X500Principal( - ((ASN1Encodable)names[i].getName()).getEncoded())); + ((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); } catch (IOException e) { diff --git a/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java b/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java index 0c88b3f..3a34208 100644 --- a/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java +++ b/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java @@ -46,7 +46,7 @@ public class AttributeCertificateIssuer public AttributeCertificateIssuer(X509Principal principal) { - form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal)))); + form = new V2Form(GeneralNames.getInstance(new DERSequence(new GeneralName(principal)))); } private Object[] getNames() @@ -73,7 +73,7 @@ public class AttributeCertificateIssuer try { l.add(new X500Principal( - ((ASN1Encodable)names[i].getName()).getEncoded())); + ((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); } catch (IOException e) { @@ -119,7 +119,7 @@ public class AttributeCertificateIssuer { try { - if (new X500Principal(((ASN1Encodable)gn.getName()).getEncoded()).equals(subject)) + if (new X500Principal(((ASN1Encodable)gn.getName()).toASN1Primitive().getEncoded()).equals(subject)) { return true; } diff --git a/src/main/java/org/bouncycastle/x509/X509Attribute.java b/src/main/java/org/bouncycastle/x509/X509Attribute.java index f4c65ab..95da292 100644 --- a/src/main/java/org/bouncycastle/x509/X509Attribute.java +++ b/src/main/java/org/bouncycastle/x509/X509Attribute.java @@ -2,9 +2,10 @@ package org.bouncycastle.x509; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.x509.Attribute; @@ -12,7 +13,7 @@ import org.bouncycastle.asn1.x509.Attribute; * Class for carrying the values in an X.509 Attribute. */ public class X509Attribute - extends ASN1Encodable + extends ASN1Object { Attribute attr; @@ -36,7 +37,7 @@ public class X509Attribute String oid, ASN1Encodable value) { - this.attr = new Attribute(new DERObjectIdentifier(oid), new DERSet(value)); + this.attr = new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(value)); } /** @@ -50,7 +51,7 @@ public class X509Attribute String oid, ASN1EncodableVector value) { - this.attr = new Attribute(new DERObjectIdentifier(oid), new DERSet(value)); + this.attr = new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(value)); } public String getOID() @@ -71,8 +72,8 @@ public class X509Attribute return values; } - public DERObject toASN1Object() + public ASN1Primitive toASN1Primitive() { - return attr.toASN1Object(); + return attr.toASN1Primitive(); } } diff --git a/src/main/java/org/bouncycastle/x509/X509Util.java b/src/main/java/org/bouncycastle/x509/X509Util.java index 9ea50b4..202bd4b 100644 --- a/src/main/java/org/bouncycastle/x509/X509Util.java +++ b/src/main/java/org/bouncycastle/x509/X509Util.java @@ -21,8 +21,8 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; @@ -30,7 +30,9 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jce.X509Principal; @@ -164,8 +166,8 @@ class X509Util return new RSASSAPSSparams( hashAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), - new DERInteger(saltSize), - new DERInteger(1)); + new ASN1Integer(saltSize), + new ASN1Integer(1)); } static DERObjectIdentifier getAlgorithmOID( @@ -194,7 +196,7 @@ class X509Util if (params.containsKey(algorithmName)) { - return new AlgorithmIdentifier(sigOid, (DEREncodable)params.get(algorithmName)); + return new AlgorithmIdentifier(sigOid, (ASN1Encodable)params.get(algorithmName)); } else { @@ -265,7 +267,7 @@ class X509Util sig.initSign(key); } - sig.update(object.getEncoded(ASN1Encodable.DER)); + sig.update(object.toASN1Primitive().getEncoded(ASN1Encoding.DER)); return sig.sign(); } @@ -297,7 +299,7 @@ class X509Util sig.initSign(key); } - sig.update(object.getEncoded(ASN1Encodable.DER)); + sig.update(object.toASN1Primitive().getEncoded(ASN1Encoding.DER)); return sig.sign(); } diff --git a/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java index 5e99e76..5703dc8 100644 --- a/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java +++ b/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java @@ -21,14 +21,14 @@ import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; +import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; import org.bouncycastle.asn1.x509.X509CertificateStructure; @@ -71,7 +71,7 @@ public class X509V1CertificateGenerator throw new IllegalArgumentException("serial number must be a positive integer"); } - tbsGen.setSerialNumber(new DERInteger(serialNumber)); + tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); } /** @@ -292,7 +292,7 @@ public class X509V1CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); + TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); byte[] signature; try @@ -331,7 +331,7 @@ public class X509V1CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); + TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); byte[] signature; try @@ -346,7 +346,7 @@ public class X509V1CertificateGenerator return generateJcaObject(tbsCert, signature); } - private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature) + private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java b/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java index 4d40dd9..14db8ea 100644 --- a/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java +++ b/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java @@ -22,13 +22,14 @@ import java.util.List; import java.util.Set; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.util.Arrays; /** @@ -206,17 +207,17 @@ public class X509V2AttributeCertificate public byte[] getExtensionValue(String oid) { - X509Extensions extensions = cert.getAcinfo().getExtensions(); + Extensions extensions = cert.getAcinfo().getExtensions(); if (extensions != null) { - X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid)); + Extension ext = extensions.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { - return ext.getValue().getEncoded(ASN1Encodable.DER); + return ext.getExtnValue().getEncoded(ASN1Encoding.DER); } catch (Exception e) { @@ -231,7 +232,7 @@ public class X509V2AttributeCertificate private Set getExtensionOIDs( boolean critical) { - X509Extensions extensions = cert.getAcinfo().getExtensions(); + Extensions extensions = cert.getAcinfo().getExtensions(); if (extensions != null) { @@ -240,8 +241,8 @@ public class X509V2AttributeCertificate while (e.hasMoreElements()) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); if (ext.isCritical() == critical) { diff --git a/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java index 1ac395c..870ba4f 100644 --- a/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java +++ b/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java @@ -21,14 +21,14 @@ import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; +import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; import org.bouncycastle.asn1.x509.X509CertificateStructure; @@ -76,7 +76,7 @@ public class X509V3CertificateGenerator throw new IllegalArgumentException("serial number must be a positive integer"); } - tbsGen.setSerialNumber(new DERInteger(serialNumber)); + tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); } /** @@ -226,7 +226,7 @@ public class X509V3CertificateGenerator public void addExtension( String oid, boolean critical, - DEREncodable value) + ASN1Encodable value) { this.addExtension(new DERObjectIdentifier(oid), critical, value); } @@ -237,9 +237,9 @@ public class X509V3CertificateGenerator public void addExtension( DERObjectIdentifier oid, boolean critical, - DEREncodable value) + ASN1Encodable value) { - extGenerator.addExtension(oid, critical, value); + extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); } /** @@ -263,7 +263,7 @@ public class X509V3CertificateGenerator boolean critical, byte[] value) { - extGenerator.addExtension(oid, critical, value); + extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); } /** @@ -426,7 +426,7 @@ public class X509V3CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = generateTbsCert(); + TBSCertificate tbsCert = generateTbsCert(); byte[] signature; try @@ -471,7 +471,7 @@ public class X509V3CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = generateTbsCert(); + TBSCertificate tbsCert = generateTbsCert(); byte[] signature; try @@ -493,7 +493,7 @@ public class X509V3CertificateGenerator } } - private TBSCertificateStructure generateTbsCert() + private TBSCertificate generateTbsCert() { if (!extGenerator.isEmpty()) { @@ -503,7 +503,7 @@ public class X509V3CertificateGenerator return tbsGen.generateTBSCertificate(); } - private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature) + private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateParsingException { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java b/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java index 8de75d2..2164d1f 100644 --- a/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java +++ b/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java @@ -10,6 +10,7 @@ import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; +import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -19,6 +20,7 @@ import org.bouncycastle.jce.PrincipalUtil; /** * A high level authority key identifier. + * @deprecated use JcaX509ExtensionUtils and AuthorityKeyIdentifier.getInstance() */ public class AuthorityKeyIdentifierStructure extends AuthorityKeyIdentifier @@ -40,6 +42,7 @@ public class AuthorityKeyIdentifierStructure * Constructor which will take an extension * * @param extension a X509Extension object containing an AuthorityKeyIdentifier. + * @deprecated use constructor that takes Extension */ public AuthorityKeyIdentifierStructure( X509Extension extension) @@ -47,6 +50,17 @@ public class AuthorityKeyIdentifierStructure super((ASN1Sequence)extension.getParsedValue()); } + /** + * Constructor which will take an extension + * + * @param extension a X509Extension object containing an AuthorityKeyIdentifier. + */ + public AuthorityKeyIdentifierStructure( + Extension extension) + { + super((ASN1Sequence)extension.getParsedValue()); + } + private static ASN1Sequence fromCertificate( X509Certificate certificate) throws CertificateParsingException diff --git a/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java b/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java index 8f54c6e..2c7afd3 100644 --- a/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java +++ b/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java @@ -10,6 +10,7 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; /** * A high level subject key identifier. + * @deprecated use JcaX509ExtensionUtils andSubjectKeyIdentifier.getInstance() */ public class SubjectKeyIdentifierStructure extends SubjectKeyIdentifier diff --git a/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java b/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java index 0acb666..048f31b 100644 --- a/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java +++ b/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java @@ -9,32 +9,32 @@ import java.util.Collections; import java.util.Enumeration; import java.util.List; -import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; +import org.bouncycastle.asn1.x509.X509Extension; public class X509ExtensionUtil { - public static ASN1Object fromExtensionValue( + public static ASN1Primitive fromExtensionValue( byte[] encodedValue) throws IOException { - ASN1OctetString octs = (ASN1OctetString)ASN1Object.fromByteArray(encodedValue); + ASN1OctetString octs = (ASN1OctetString)ASN1Primitive.fromByteArray(encodedValue); - return ASN1Object.fromByteArray(octs.getOctets()); + return ASN1Primitive.fromByteArray(octs.getOctets()); } public static Collection getIssuerAlternativeNames(X509Certificate cert) throws CertificateParsingException { - byte[] extVal = cert.getExtensionValue(X509Extensions.IssuerAlternativeName.getId()); + byte[] extVal = cert.getExtensionValue(X509Extension.issuerAlternativeName.getId()); return getAlternativeNames(extVal); } @@ -42,7 +42,7 @@ public class X509ExtensionUtil public static Collection getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException { - byte[] extVal = cert.getExtensionValue(X509Extensions.SubjectAlternativeName.getId()); + byte[] extVal = cert.getExtensionValue(X509Extension.subjectAlternativeName.getId()); return getAlternativeNames(extVal); } @@ -70,10 +70,10 @@ public class X509ExtensionUtil case GeneralName.ediPartyName: case GeneralName.x400Address: case GeneralName.otherName: - list.add(genName.getName().getDERObject()); + list.add(genName.getName().toASN1Primitive()); break; case GeneralName.directoryName: - list.add(X509Name.getInstance(genName.getName()).toString()); + list.add(X500Name.getInstance(genName.getName()).toString()); break; case GeneralName.dNSName: case GeneralName.rfc822Name: @@ -81,7 +81,7 @@ public class X509ExtensionUtil list.add(((ASN1String)genName.getName()).getString()); break; case GeneralName.registeredID: - list.add(DERObjectIdentifier.getInstance(genName.getName()).getId()); + list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); break; case GeneralName.iPAddress: list.add(DEROctetString.getInstance(genName.getName()).getOctets()); |