summaryrefslogtreecommitdiffstats
path: root/bcpkix
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2013-12-11 16:35:05 -0800
committerKenny Root <kroot@google.com>2013-12-12 16:48:48 -0800
commit5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96 (patch)
treeba9d9a42f9ed5478b4205c83c13a0e94b55a8c6c /bcpkix
parentc0444a1be12b67cbad8b4858f0d65a0d75db15a9 (diff)
downloadandroid_external_bouncycastle-5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96.tar.gz
android_external_bouncycastle-5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96.tar.bz2
android_external_bouncycastle-5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96.zip
Upgrade to Bouncycastle 1.50
SHA256 sums of source packages: 0be5bb948ec481b3d1f30ee80ef593b298b3782697f9eeee5c74cf270689b520 bcpkix-jdk15on-150.tar.gz 468259c9166fbcf87ad284ae46fae45408cb7cfc9c406862ea75d5b8696f4f2a bcprov-jdk15on-150.tar.gz Change-Id: Id566e9137f85d8328e9f0cb0472ff2f6ae7a71d3
Diffstat (limited to 'bcpkix')
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java282
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java574
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java140
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java121
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java112
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java17
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java12
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java130
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java7
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java70
10 files changed, 116 insertions, 1349 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
index ae71f31..0c52082 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
@@ -3,11 +3,6 @@ package org.bouncycastle.cms;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
@@ -25,15 +20,10 @@ import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
-// BEGIN android-removed
-// import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder;
-// END android-removed
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.NoSuchStoreException;
-import org.bouncycastle.x509.X509Store;
/**
* general class for handling a pkcs7-signature message.
@@ -71,9 +61,7 @@ public class CMSSignedData
ContentInfo contentInfo;
CMSTypedData signedContent;
SignerInformationStore signerInfoStore;
- X509Store attributeStore;
- X509Store certificateStore;
- X509Store crlStore;
+
private Map hashes;
private CMSSignedData(
@@ -268,194 +256,6 @@ public class CMSSignedData
}
/**
- * return a X509Store containing the attribute certificates, if any, contained
- * in this message.
- *
- * @param type type of store to create
- * @param provider name of provider to use
- * @return a store of attribute certificates
- * @exception NoSuchProviderException if the provider requested isn't available.
- * @exception NoSuchStoreException if the store type isn't available.
- * @exception CMSException if a general exception prevents creation of the X509Store
- * @deprecated use base Store returning method
- */
- public X509Store getAttributeCertificates(
- String type,
- String provider)
- throws NoSuchStoreException, NoSuchProviderException, CMSException
- {
- return getAttributeCertificates(type, CMSUtils.getProvider(provider));
- }
-
- /**
- * return a X509Store containing the attribute certificates, if any, contained
- * in this message.
- *
- * @param type type of store to create
- * @param provider provider to use
- * @return a store of attribute certificates
- * @exception NoSuchStoreException if the store type isn't available.
- * @exception CMSException if a general exception prevents creation of the X509Store
- * @deprecated use base Store returning method
- */
- public X509Store getAttributeCertificates(
- String type,
- Provider provider)
- throws NoSuchStoreException, CMSException
- {
- if (attributeStore == null)
- {
- attributeStore = HELPER.createAttributeStore(type, provider, this.getAttributeCertificates());
- }
-
- return attributeStore;
- }
-
- // BEGIN android-removed
- // /**
- // * return a X509Store containing the public key certificates, if any, contained
- // * in this message.
- // *
- // * @param type type of store to create
- // * @param provider name of provider to use
- // * @return a store of public key certificates
- // * @exception NoSuchProviderException if the provider requested isn't available.
- // * @exception NoSuchStoreException if the store type isn't available.
- // * @exception CMSException if a general exception prevents creation of the X509Store
- // * @deprecated use base Store returning method
- // */
- // public X509Store getCertificates(
- // String type,
- // String provider)
- // throws NoSuchStoreException, NoSuchProviderException, CMSException
- // {
- // return getCertificates(type, CMSUtils.getProvider(provider));
- // }
- //
- // /**
- // * return a X509Store containing the public key certificates, if any, contained
- // * in this message.
- // *
- // * @param type type of store to create
- // * @param provider provider to use
- // * @return a store of public key certificates
- // * @exception NoSuchStoreException if the store type isn't available.
- // * @exception CMSException if a general exception prevents creation of the X509Store
- // * @deprecated use base Store returning method
- // */
- // public X509Store getCertificates(
- // String type,
- // Provider provider)
- // throws NoSuchStoreException, CMSException
- // {
- // if (certificateStore == null)
- // {
- // certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates());
- // }
- //
- // return certificateStore;
- // }
- //
- // /**
- // * return a X509Store containing CRLs, if any, contained
- // * in this message.
- // *
- // * @param type type of store to create
- // * @param provider name of provider to use
- // * @return a store of CRLs
- // * @exception NoSuchProviderException if the provider requested isn't available.
- // * @exception NoSuchStoreException if the store type isn't available.
- // * @exception CMSException if a general exception prevents creation of the X509Store
- // * @deprecated use base Store returning method
- // */
- // public X509Store getCRLs(
- // String type,
- // String provider)
- // throws NoSuchStoreException, NoSuchProviderException, CMSException
- // {
- // return getCRLs(type, CMSUtils.getProvider(provider));
- // }
- //
- // /**
- // * return a X509Store containing CRLs, if any, contained
- // * in this message.
- // *
- // * @param type type of store to create
- // * @param provider provider to use
- // * @return a store of CRLs
- // * @exception NoSuchStoreException if the store type isn't available.
- // * @exception CMSException if a general exception prevents creation of the X509Store
- // * @deprecated use base Store returning method
- // */
- // public X509Store getCRLs(
- // String type,
- // Provider provider)
- // throws NoSuchStoreException, CMSException
- // {
- // if (crlStore == null)
- // {
- // crlStore = HELPER.createCRLsStore(type, provider, getCRLs());
- // }
- //
- // return crlStore;
- // }
- //
- // /**
- // * return a CertStore containing the certificates and CRLs associated with
- // * this message.
- // *
- // * @exception NoSuchProviderException if the provider requested isn't available.
- // * @exception NoSuchAlgorithmException if the cert store isn't available.
- // * @exception CMSException if a general exception prevents creation of the CertStore
- // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder
- // */
- // public CertStore getCertificatesAndCRLs(
- // String type,
- // String provider)
- // throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- // {
- // return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider));
- // }
- //
- // /**
- // * return a CertStore containing the certificates and CRLs associated with
- // * this message.
- // *
- // * @exception NoSuchAlgorithmException if the cert store isn't available.
- // * @exception CMSException if a general exception prevents creation of the CertStore
- // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder
- // */
- // public CertStore getCertificatesAndCRLs(
- // String type,
- // Provider provider)
- // throws NoSuchAlgorithmException, CMSException
- // {
- // try
- // {
- // JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type);
- //
- // if (provider != null)
- // {
- // certStoreBuilder.setProvider(provider);
- // }
- //
- // certStoreBuilder.addCertificates(this.getCertificates());
- // certStoreBuilder.addCRLs(this.getCRLs());
- //
- // return certStoreBuilder.build();
- // }
- // catch (NoSuchAlgorithmException e)
- // {
- // throw e;
- // }
- // catch (Exception e)
- // {
- // throw new CMSException("exception creating CertStore: " + e.getMessage(), e);
- // }
- // }
- // END android-removed
-
- /**
* Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.
*
* @return a Store of X509CertificateHolder objects.
@@ -518,15 +318,6 @@ public class CMSSignedData
/**
* return the ContentInfo
- * @deprecated use toASN1Structure()
- */
- public ContentInfo getContentInfo()
- {
- return contentInfo;
- }
-
- /**
- * return the ContentInfo
*/
public ContentInfo toASN1Structure()
{
@@ -680,77 +471,6 @@ public class CMSSignedData
/**
* Replace the certificate and CRL information associated with this
* CMSSignedData object with the new one passed in.
- *
- * @param signedData the signed data object to be used as a base.
- * @param certsAndCrls the new certificates and CRLs to be used.
- * @return a new signed data object.
- * @exception CMSException if there is an error processing the CertStore
- * @deprecated use method taking Store arguments.
- */
- public static CMSSignedData replaceCertificatesAndCRLs(
- CMSSignedData signedData,
- CertStore certsAndCrls)
- throws CMSException
- {
- //
- // copy
- //
- CMSSignedData cms = new CMSSignedData(signedData);
-
- //
- // replace the certs and crls in the SignedData object
- //
- ASN1Set certs = null;
- ASN1Set crls = null;
-
- try
- {
- ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls));
-
- if (set.size() != 0)
- {
- certs = set;
- }
- }
- catch (CertStoreException e)
- {
- throw new CMSException("error getting certs from certStore", e);
- }
-
- try
- {
- ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls));
-
- if (set.size() != 0)
- {
- crls = set;
- }
- }
- catch (CertStoreException e)
- {
- throw new CMSException("error getting crls from certStore", e);
- }
-
- //
- // replace the CMS structure.
- //
- cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(),
- signedData.signedData.getEncapContentInfo(),
- certs,
- crls,
- signedData.signedData.getSignerInfos());
-
- //
- // replace the contentInfo with the new one
- //
- cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
-
- return cms;
- }
-
- /**
- * Replace the certificate and CRL information associated with this
- * CMSSignedData object with the new one passed in.
*
* @param signedData the signed data object to be used as a base.
* @param certificates the new certificates to be used.
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
index 9692e15..eea8a1a 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
@@ -3,13 +3,6 @@ package org.bouncycastle.cms;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -20,16 +13,10 @@ import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
/**
* general class for generating a pkcs7-signature message.
@@ -62,80 +49,6 @@ public class CMSSignedDataGenerator
{
private List signerInfs = new ArrayList();
- private class SignerInf
- {
- final PrivateKey key;
- final Object signerIdentifier;
- final String digestOID;
- final String encOID;
- final CMSAttributeTableGenerator sAttr;
- final CMSAttributeTableGenerator unsAttr;
- final AttributeTable baseSignedTable;
-
- SignerInf(
- PrivateKey key,
- Object signerIdentifier,
- String digestOID,
- String encOID,
- CMSAttributeTableGenerator sAttr,
- CMSAttributeTableGenerator unsAttr,
- AttributeTable baseSignedTable)
- {
- this.key = key;
- this.signerIdentifier = signerIdentifier;
- this.digestOID = digestOID;
- this.encOID = encOID;
- this.sAttr = sAttr;
- this.unsAttr = unsAttr;
- this.baseSignedTable = baseSignedTable;
- }
-
- SignerInfoGenerator toSignerInfoGenerator(
- SecureRandom random,
- Provider sigProvider,
- boolean addDefaultAttributes)
- throws IOException, CertificateEncodingException, CMSException, OperatorCreationException, NoSuchAlgorithmException
- {
- String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
- String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID);
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
-
- if (addDefaultAttributes)
- {
- builder.setSignedAttributeGenerator(sAttr);
- }
- builder.setDirectSignature(!addDefaultAttributes);
-
- builder.setUnsignedAttributeGenerator(unsAttr);
-
- JcaContentSignerBuilder signerBuilder;
-
- try
- {
- signerBuilder = new JcaContentSignerBuilder(signatureName).setSecureRandom(random);
- }
- catch (IllegalArgumentException e)
- {
- throw new NoSuchAlgorithmException(e.getMessage());
- }
-
- if (sigProvider != null)
- {
- signerBuilder.setProvider(sigProvider);
- }
-
- ContentSigner contentSigner = signerBuilder.build(key);
- if (signerIdentifier instanceof X509Certificate)
- {
- return builder.build(contentSigner, (X509Certificate)signerIdentifier);
- }
- else
- {
- return builder.build(contentSigner, (byte[])signerIdentifier);
- }
- }
- }
/**
* base constructor
*/
@@ -144,463 +57,24 @@ public class CMSSignedDataGenerator
}
/**
- * constructor allowing specific source of randomness
- * @param rand instance of SecureRandom to use
- * @deprecated rand ignored in new API, use base constructor.
- */
- public CMSSignedDataGenerator(
- SecureRandom rand)
- {
- super(rand);
- }
-
- /**
- * add a signer - no attributes other than the default ones will be
- * provided here.
- *
- * @param key signing key to use
- * @param cert certificate containing corresponding public key
- * @param digestOID digest algorithm OID
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- X509Certificate cert,
- String digestOID)
- throws IllegalArgumentException
- {
- addSigner(key, cert, getEncOID(key, digestOID), digestOID);
- }
-
- /**
- * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
- * provided here.
- *
- * @param key signing key to use
- * @param cert certificate containing corresponding public key
- * @param encryptionOID digest encryption algorithm OID
- * @param digestOID digest algorithm OID
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- X509Certificate cert,
- String encryptionOID,
- String digestOID)
- throws IllegalArgumentException
- {
- doAddSigner(key, cert, encryptionOID, digestOID,
- new DefaultSignedAttributeTableGenerator(), null, null);
- }
-
- /**
- * add a signer - no attributes other than the default ones will be
- * provided here.
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- byte[] subjectKeyID,
- String digestOID)
- throws IllegalArgumentException
- {
- addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID);
- }
-
- /**
- * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
- * provided here.
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- byte[] subjectKeyID,
- String encryptionOID,
- String digestOID)
- throws IllegalArgumentException
- {
- doAddSigner(key, subjectKeyID, encryptionOID, digestOID,
- new DefaultSignedAttributeTableGenerator(), null, null);
- }
-
- /**
- * add a signer with extra signed/unsigned attributes.
+ * Generate a CMS Signed Data object carrying a detached CMS signature.
*
- * @param key signing key to use
- * @param cert certificate containing corresponding public key
- * @param digestOID digest algorithm OID
- * @param signedAttr table of attributes to be included in signature
- * @param unsignedAttr table of attributes to be included as unsigned
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- X509Certificate cert,
- String digestOID,
- AttributeTable signedAttr,
- AttributeTable unsignedAttr)
- throws IllegalArgumentException
- {
- addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttr, unsignedAttr);
- }
-
- /**
- * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
- *
- * @param key signing key to use
- * @param cert certificate containing corresponding public key
- * @param encryptionOID digest encryption algorithm OID
- * @param digestOID digest algorithm OID
- * @param signedAttr table of attributes to be included in signature
- * @param unsignedAttr table of attributes to be included as unsigned
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- X509Certificate cert,
- String encryptionOID,
- String digestOID,
- AttributeTable signedAttr,
- AttributeTable unsignedAttr)
- throws IllegalArgumentException
- {
- doAddSigner(key, cert, encryptionOID, digestOID,
- new DefaultSignedAttributeTableGenerator(signedAttr),
- new SimpleAttributeTableGenerator(unsignedAttr), signedAttr);
- }
-
- /**
- * add a signer with extra signed/unsigned attributes.
- *
- * @param key signing key to use
- * @param subjectKeyID subjectKeyID of corresponding public key
- * @param digestOID digest algorithm OID
- * @param signedAttr table of attributes to be included in signature
- * @param unsignedAttr table of attributes to be included as unsigned
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- byte[] subjectKeyID,
- String digestOID,
- AttributeTable signedAttr,
- AttributeTable unsignedAttr)
- throws IllegalArgumentException
- {
- addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttr,
- unsignedAttr);
- }
-
- /**
- * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
- *
- * @param key signing key to use
- * @param subjectKeyID subjectKeyID of corresponding public key
- * @param encryptionOID digest encryption algorithm OID
- * @param digestOID digest algorithm OID
- * @param signedAttr table of attributes to be included in signature
- * @param unsignedAttr table of attributes to be included as unsigned
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- byte[] subjectKeyID,
- String encryptionOID,
- String digestOID,
- AttributeTable signedAttr,
- AttributeTable unsignedAttr)
- throws IllegalArgumentException
- {
- doAddSigner(key, subjectKeyID, encryptionOID, digestOID,
- new DefaultSignedAttributeTableGenerator(signedAttr),
- new SimpleAttributeTableGenerator(unsignedAttr), signedAttr);
- }
-
- /**
- * add a signer with extra signed/unsigned attributes based on generators.
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- X509Certificate cert,
- String digestOID,
- CMSAttributeTableGenerator signedAttrGen,
- CMSAttributeTableGenerator unsignedAttrGen)
- throws IllegalArgumentException
- {
- addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttrGen, unsignedAttrGen);
- }
-
- /**
- * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators.
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- X509Certificate cert,
- String encryptionOID,
- String digestOID,
- CMSAttributeTableGenerator signedAttrGen,
- CMSAttributeTableGenerator unsignedAttrGen)
- throws IllegalArgumentException
- {
- doAddSigner(key, cert, encryptionOID, digestOID, signedAttrGen,
- unsignedAttrGen, null);
- }
-
- /**
- * add a signer with extra signed/unsigned attributes based on generators.
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- byte[] subjectKeyID,
- String digestOID,
- CMSAttributeTableGenerator signedAttrGen,
- CMSAttributeTableGenerator unsignedAttrGen)
- throws IllegalArgumentException
- {
- addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttrGen,
- unsignedAttrGen);
- }
-
- /**
- * add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators.
- * @deprecated use addSignerInfoGenerator
- */
- public void addSigner(
- PrivateKey key,
- byte[] subjectKeyID,
- String encryptionOID,
- String digestOID,
- CMSAttributeTableGenerator signedAttrGen,
- CMSAttributeTableGenerator unsignedAttrGen)
- throws IllegalArgumentException
- {
- doAddSigner(key, subjectKeyID, encryptionOID, digestOID,
- signedAttrGen, unsignedAttrGen, null);
- }
-
- private void doAddSigner(
- PrivateKey key,
- Object signerIdentifier,
- String encryptionOID,
- String digestOID,
- CMSAttributeTableGenerator signedAttrGen,
- CMSAttributeTableGenerator unsignedAttrGen,
- AttributeTable baseSignedTable)
- throws IllegalArgumentException
- {
- signerInfs.add(new SignerInf(key, signerIdentifier, digestOID, encryptionOID,
- signedAttrGen, unsignedAttrGen, baseSignedTable));
- }
-
- /**
- * generate a signed object that for a CMS Signed Data
- * object using the given provider.
- * @deprecated use generate() method not taking provider.
+ * @param content the content to be signed.
*/
public CMSSignedData generate(
- CMSProcessable content,
- String sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- return generate(content, CMSUtils.getProvider(sigProvider));
- }
-
- /**
- * generate a signed object that for a CMS Signed Data
- * object using the given provider.
- * @deprecated use generate() method not taking provider.
- */
- public CMSSignedData generate(
- CMSProcessable content,
- Provider sigProvider)
- throws NoSuchAlgorithmException, CMSException
- {
- return generate(content, false, sigProvider);
- }
-
- /**
- * generate a signed object that for a CMS Signed Data
- * object using the given provider - if encapsulate is true a copy
- * of the message will be included in the signature. The content type
- * is set according to the OID represented by the string signedContentType.
- * @deprecated use generate(CMSTypedData, boolean)
- */
- public CMSSignedData generate(
- String eContentType,
- CMSProcessable content,
- boolean encapsulate,
- String sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider),
- true);
- }
-
- /**
- * generate a signed object that for a CMS Signed Data
- * object using the given provider - if encapsulate is true a copy
- * of the message will be included in the signature. The content type
- * is set according to the OID represented by the string signedContentType.
- * @deprecated use generate(CMSTypedData, boolean)
- */
- public CMSSignedData generate(
- String eContentType,
- CMSProcessable content,
- boolean encapsulate,
- Provider sigProvider)
- throws NoSuchAlgorithmException, CMSException
- {
- return generate(eContentType, content, encapsulate, sigProvider, true);
- }
-
- /**
- * Similar method to the other generate methods. The additional argument
- * addDefaultAttributes indicates whether or not a default set of signed attributes
- * need to be added automatically. If the argument is set to false, no
- * attributes will get added at all.
- * @deprecated use generate(CMSTypedData, boolean)
- */
- public CMSSignedData generate(
- String eContentType,
- CMSProcessable content,
- boolean encapsulate,
- String sigProvider,
- boolean addDefaultAttributes)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider),
- addDefaultAttributes);
- }
-
- /**
- * Similar method to the other generate methods. The additional argument
- * addDefaultAttributes indicates whether or not a default set of signed attributes
- * need to be added automatically. If the argument is set to false, no
- * attributes will get added at all.
- * @deprecated use setDirectSignature() on SignerInformationGenerator.
- */
- public CMSSignedData generate(
- String eContentType,
- final CMSProcessable content,
- boolean encapsulate,
- Provider sigProvider,
- boolean addDefaultAttributes)
- throws NoSuchAlgorithmException, CMSException
- {
- boolean isCounterSignature = (eContentType == null);
-
- final ASN1ObjectIdentifier contentTypeOID = isCounterSignature
- ? null
- : new ASN1ObjectIdentifier(eContentType);
-
- for (Iterator it = signerInfs.iterator(); it.hasNext();)
- {
- SignerInf signer = (SignerInf)it.next();
-
- try
- {
- signerGens.add(signer.toSignerInfoGenerator(rand, sigProvider,
- addDefaultAttributes));
- }
- catch (OperatorCreationException e)
- {
- throw new CMSException("exception creating signerInf", e);
- }
- catch (IOException e)
- {
- throw new CMSException("exception encoding attributes", e);
- }
- catch (CertificateEncodingException e)
- {
- throw new CMSException("error creating sid.", e);
- }
- }
-
- signerInfs.clear();
-
- if (content != null)
- {
- return generate(new CMSTypedData()
- {
- public ASN1ObjectIdentifier getContentType()
- {
- return contentTypeOID;
- }
-
- public void write(OutputStream out)
- throws IOException, CMSException
- {
- content.write(out);
- }
-
- public Object getContent()
- {
- return content.getContent();
- }
- }, encapsulate);
- }
- else
- {
- return generate(new CMSAbsentContent(contentTypeOID), encapsulate);
- }
- }
-
- /**
- * generate a signed object that for a CMS Signed Data
- * object using the given provider - if encapsulate is true a copy
- * of the message will be included in the signature with the
- * default content type "data".
- * @deprecated use generate(CMSTypedData, boolean)
- */
- public CMSSignedData generate(
- CMSProcessable content,
- boolean encapsulate,
- String sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- if (content instanceof CMSTypedData)
- {
- return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider);
- }
- else
- {
- return this.generate(DATA, content, encapsulate, sigProvider);
- }
- }
-
- /**
- * generate a signed object that for a CMS Signed Data
- * object using the given provider - if encapsulate is true a copy
- * of the message will be included in the signature with the
- * default content type "data".
- * @deprecated use generate(CMSTypedData, boolean)
- */
- public CMSSignedData generate(
- CMSProcessable content,
- boolean encapsulate,
- Provider sigProvider)
- throws NoSuchAlgorithmException, CMSException
- {
- if (content instanceof CMSTypedData)
- {
- return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider);
- }
- else
- {
- return this.generate(DATA, content, encapsulate, sigProvider);
- }
- }
-
- public CMSSignedData generate(
CMSTypedData content)
throws CMSException
{
return generate(content, false);
}
+ /**
+ * Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have encapsulated data, depending on the value
+ * of the encapsulated parameter.
+ *
+ * @param content the content to be signed.
+ * @param encapsulate true if the content should be encapsulated in the signature, false otherwise.
+ */
public CMSSignedData generate(
// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content,
@@ -747,36 +221,6 @@ public class CMSSignedDataGenerator
* the passed in SignerInformation object.
*
* @param signer the signer to be countersigned
- * @param sigProvider the provider to be used for counter signing.
- * @return a store containing the signers.
- * @deprecated use generateCounterSigners(SignerInformation)
- */
- public SignerInformationStore generateCounterSigners(SignerInformation signer, Provider sigProvider)
- throws NoSuchAlgorithmException, CMSException
- {
- return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, sigProvider).getSignerInfos();
- }
-
- /**
- * generate a set of one or more SignerInformation objects representing counter signatures on
- * the passed in SignerInformation object.
- *
- * @param signer the signer to be countersigned
- * @param sigProvider the provider to be used for counter signing.
- * @return a store containing the signers.
- * @deprecated use generateCounterSigners(SignerInformation)
- */
- public SignerInformationStore generateCounterSigners(SignerInformation signer, String sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, CMSUtils.getProvider(sigProvider)).getSignerInfos();
- }
-
- /**
- * generate a set of one or more SignerInformation objects representing counter signatures on
- * the passed in SignerInformation object.
- *
- * @param signer the signer to be countersigned
* @return a store containing the signers.
*/
public SignerInformationStore generateCounterSigners(SignerInformation signer)
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
index da6b4d5..f180c09 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
@@ -1,12 +1,5 @@
package org.bouncycastle.cms;
-import java.io.IOException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -17,11 +10,7 @@ import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
// BEGIN android-removed
// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
@@ -32,18 +21,12 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
-// BEGIN android-removed
-// import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
-// END android-removed
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509Store;
public class CMSSignedGenerator
{
@@ -106,64 +89,11 @@ public class CMSSignedGenerator
protected List signerGens = new ArrayList();
protected Map digests = new HashMap();
- protected final SecureRandom rand;
-
/**
* base constructor
*/
protected CMSSignedGenerator()
{
- this(new SecureRandom());
- }
-
- /**
- * constructor allowing specific source of randomness
- * @param rand instance of SecureRandom to use
- */
- protected CMSSignedGenerator(
- SecureRandom rand)
- {
- this.rand = rand;
- }
-
- protected String getEncOID(
- PrivateKey key,
- String digestOID)
- {
- String encOID = null;
-
- if (key instanceof RSAPrivateKey || "RSA".equalsIgnoreCase(key.getAlgorithm()))
- {
- encOID = ENCRYPTION_RSA;
- }
- else if (key instanceof DSAPrivateKey || "DSA".equalsIgnoreCase(key.getAlgorithm()))
- {
- encOID = ENCRYPTION_DSA;
- if (!digestOID.equals(DIGEST_SHA1))
- {
- throw new IllegalArgumentException("can't mix DSA with anything but SHA1");
- }
- }
- else if ("ECDSA".equalsIgnoreCase(key.getAlgorithm()) || "EC".equalsIgnoreCase(key.getAlgorithm()))
- {
- encOID = (String)EC_ALGORITHMS.get(digestOID);
- if (encOID == null)
- {
- throw new IllegalArgumentException("can't mix ECDSA with anything but SHA family digests");
- }
- }
- // BEGIN android-removed
- // else if (key instanceof GOST3410PrivateKey || "GOST3410".equalsIgnoreCase(key.getAlgorithm()))
- // {
- // encOID = ENCRYPTION_GOST3410;
- // }
- // else if ("ECGOST3410".equalsIgnoreCase(key.getAlgorithm()))
- // {
- // encOID = ENCRYPTION_ECGOST3410;
- // }
- // END android-removed
-
- return encOID;
}
protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash)
@@ -175,36 +105,6 @@ public class CMSSignedGenerator
return param;
}
- protected ASN1Set getAttributeSet(
- AttributeTable attr)
- {
- if (attr != null)
- {
- return new DERSet(attr.toASN1EncodableVector());
- }
-
- return null;
- }
-
- /**
- * add the certificates and CRLs contained in the given CertStore
- * to the pool that will be included in the encoded signature block.
- * <p>
- * Note: this assumes the CertStore will support null in the get
- * methods.
- * @param certStore CertStore containing the public key certificates and CRLs
- * @throws java.security.cert.CertStoreException if an issue occurs processing the CertStore
- * @throws CMSException if an issue occurse transforming data from the CertStore into the message
- * @deprecated use addCertificates and addCRLs
- */
- public void addCertificatesAndCRLs(
- CertStore certStore)
- throws CertStoreException, CMSException
- {
- certs.addAll(CMSUtils.getCertificatesFromStore(certStore));
- crls.addAll(CMSUtils.getCRLsFromStore(certStore));
- }
-
/**
* Add a certificate to the certificate set to be included with the generated SignedData message.
*
@@ -309,40 +209,7 @@ public class CMSSignedGenerator
// END android-removed
/**
- * Add the attribute certificates contained in the passed in store to the
- * generator.
- *
- * @param store a store of Version 2 attribute certificates
- * @throws CMSException if an error occurse processing the store.
- * @deprecated use basic Store method
- */
- public void addAttributeCertificates(
- X509Store store)
- throws CMSException
- {
- try
- {
- for (Iterator it = store.getMatches(null).iterator(); it.hasNext();)
- {
- X509AttributeCertificate attrCert = (X509AttributeCertificate)it.next();
-
- certs.add(new DERTaggedObject(false, 2,
- AttributeCertificate.getInstance(ASN1Primitive.fromByteArray(attrCert.getEncoded()))));
- }
- }
- catch (IllegalArgumentException e)
- {
- throw new CMSException("error processing attribute certs", e);
- }
- catch (IOException e)
- {
- throw new CMSException("error processing attribute certs", e);
- }
- }
-
-
- /**
- * Add a store of precalculated signers to the generator.
+ * Add a store of pre-calculated signers to the generator.
*
* @param signerStore store of signers
*/
@@ -357,6 +224,11 @@ public class CMSSignedGenerator
}
}
+ /**
+ * Add a generator for a particular signer to this CMS SignedData generator.
+ *
+ * @param infoGen the generator representing the particular signer.
+ */
public void addSignerInfoGenerator(SignerInfoGenerator infoGen)
{
signerGens.add(infoGen);
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
index dfc8dc5..11a927c 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
@@ -1,14 +1,8 @@
package org.bouncycastle.cms;
-import java.io.IOException;
-import java.security.Provider;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
import java.util.ArrayList;
-import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -37,16 +31,8 @@ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
-// BEGIN android-removed
-// import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
-// import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-// END android-removed
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.NoSuchStoreException;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509Store;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
class CMSSignedHelper
{
@@ -137,23 +123,7 @@ class CMSSignedHelper
digestAliases.put("SHA384", new String[] { "SHA-384" });
digestAliases.put("SHA512", new String[] { "SHA-512" });
}
-
- /**
- * Return the digest algorithm using one of the standard JCA string
- * representations rather than the algorithm identifier (if possible).
- */
- String getDigestAlgName(
- String digestAlgOID)
- {
- String algName = (String)digestAlgs.get(digestAlgOID);
- if (algName != null)
- {
- return algName;
- }
-
- return digestAlgOID;
- }
/**
* Return the digest encryption algorithm using one of the standard
@@ -173,97 +143,6 @@ class CMSSignedHelper
return encryptionAlgOID;
}
- X509Store createAttributeStore(
- String type,
- Provider provider,
- Store certStore)
- throws NoSuchStoreException, CMSException
- {
- try
- {
- Collection certHldrs = certStore.getMatches(null);
- List certs = new ArrayList(certHldrs.size());
-
- for (Iterator it = certHldrs.iterator(); it.hasNext();)
- {
- certs.add(new X509V2AttributeCertificate(((X509AttributeCertificateHolder)it.next()).getEncoded()));
- }
-
- return X509Store.getInstance(
- "AttributeCertificate/" +type, new X509CollectionStoreParameters(certs), provider);
- }
- catch (IllegalArgumentException e)
- {
- throw new CMSException("can't setup the X509Store", e);
- }
- catch (IOException e)
- {
- throw new CMSException("can't setup the X509Store", e);
- }
- }
-
- // BEGIN android-removed
- // X509Store createCertificateStore(
- // String type,
- // Provider provider,
- // Store certStore)
- // throws NoSuchStoreException, CMSException
- // {
- // try
- // {
- // JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider);
- // Collection certHldrs = certStore.getMatches(null);
- // List certs = new ArrayList(certHldrs.size());
- //
- // for (Iterator it = certHldrs.iterator(); it.hasNext();)
- // {
- // certs.add(converter.getCertificate((X509CertificateHolder)it.next()));
- // }
- //
- // return X509Store.getInstance(
- // "Certificate/" +type, new X509CollectionStoreParameters(certs), provider);
- // }
- // catch (IllegalArgumentException e)
- // {
- // throw new CMSException("can't setup the X509Store", e);
- // }
- // catch (CertificateException e)
- // {
- // throw new CMSException("can't setup the X509Store", e);
- // }
- // }
- //
- // X509Store createCRLsStore(
- // String type,
- // Provider provider,
- // Store crlStore)
- // throws NoSuchStoreException, CMSException
- // {
- // try
- // {
- // JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider);
- // Collection crlHldrs = crlStore.getMatches(null);
- // List crls = new ArrayList(crlHldrs.size());
- //
- // for (Iterator it = crlHldrs.iterator(); it.hasNext();)
- // {
- // crls.add(converter.getCRL((X509CRLHolder)it.next()));
- // }
- //
- // return X509Store.getInstance(
- // "CRL/" +type, new X509CollectionStoreParameters(crls), provider);
- // }
- // catch (IllegalArgumentException e)
- // {
- // throw new CMSException("can't setup the X509Store", e);
- // }
- // catch (CRLException e)
- // {
- // throw new CMSException("can't setup the X509Store", e);
- // }
- // }
- // END android-removed
-
AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId)
{
if (algId.getParameters() == null)
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
index ccfab32..d6126b6 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
@@ -3,15 +3,6 @@ package org.bouncycastle.cms;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.cert.CRLException;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
@@ -21,7 +12,6 @@ import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetStringGenerator;
import org.bouncycastle.asn1.BERSet;
@@ -29,15 +19,11 @@ import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
// BEGIN android-removed
// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
// import org.bouncycastle.asn1.ocsp.OCSPResponse;
// import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
// END android-removed
-import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
@@ -65,36 +51,6 @@ class CMSUtils
return readContentInfo(new ASN1InputStream(input));
}
- static List getCertificatesFromStore(CertStore certStore)
- throws CertStoreException, CMSException
- {
- List certs = new ArrayList();
-
- try
- {
- for (Iterator it = certStore.getCertificates(null).iterator(); it.hasNext();)
- {
- X509Certificate c = (X509Certificate)it.next();
-
- certs.add(Certificate.getInstance(ASN1Primitive.fromByteArray(c.getEncoded())));
- }
-
- return certs;
- }
- catch (IllegalArgumentException e)
- {
- throw new CMSException("error processing certs", e);
- }
- catch (IOException e)
- {
- throw new CMSException("error processing certs", e);
- }
- catch (CertificateEncodingException e)
- {
- throw new CMSException("error encoding certs", e);
- }
- }
-
static List getCertificatesFromStore(Store certStore)
throws CMSException
{
@@ -139,35 +95,6 @@ class CMSUtils
}
}
- static List getCRLsFromStore(CertStore certStore)
- throws CertStoreException, CMSException
- {
- List crls = new ArrayList();
-
- try
- {
- for (Iterator it = certStore.getCRLs(null).iterator(); it.hasNext();)
- {
- X509CRL c = (X509CRL)it.next();
-
- crls.add(CertificateList.getInstance(ASN1Primitive.fromByteArray(c.getEncoded())));
- }
-
- return crls;
- }
- catch (IllegalArgumentException e)
- {
- throw new CMSException("error processing crls", e);
- }
- catch (IOException e)
- {
- throw new CMSException("error processing crls", e);
- }
- catch (CRLException e)
- {
- throw new CMSException("error encoding crls", e);
- }
- }
static List getCRLsFromStore(Store crlStore)
throws CMSException
@@ -254,27 +181,6 @@ class CMSUtils
return octGen.getOctetOutputStream();
}
- static TBSCertificate getTBSCertificateStructure(
- X509Certificate cert)
- {
- try
- {
- return TBSCertificate.getInstance(
- ASN1Primitive.fromByteArray(cert.getTBSCertificate()));
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException(
- "can't extract TBS structure from this cert");
- }
- }
-
- static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert)
- {
- TBSCertificate tbsCert = getTBSCertificateStructure(cert);
- return new IssuerAndSerialNumber(tbsCert.getIssuer(), tbsCert.getSerialNumber().getValue());
- }
-
private static ContentInfo readContentInfo(
ASN1InputStream in)
throws CMSException
@@ -312,24 +218,6 @@ class CMSUtils
return Streams.readAllLimited(in, limit);
}
- public static Provider getProvider(String providerName)
- throws NoSuchProviderException
- {
- if (providerName != null)
- {
- Provider prov = Security.getProvider(providerName);
-
- if (prov != null)
- {
- return prov;
- }
-
- throw new NoSuchProviderException("provider " + providerName + " not found.");
- }
-
- return null;
- }
-
static InputStream attachDigestsToInputStream(Collection digests, InputStream s)
{
InputStream result = s;
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java
index 8ba3686..837edd8 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java
@@ -1,6 +1,7 @@
package org.bouncycastle.cms;
import java.util.Date;
+import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Map;
@@ -59,7 +60,7 @@ public class DefaultSignedAttributeTableGenerator
protected Hashtable createStandardAttributeTable(
Map parameters)
{
- Hashtable std = (Hashtable)table.clone();
+ Hashtable std = copyHashTable(table);
if (!std.containsKey(CMSAttributes.contentType))
{
@@ -103,4 +104,18 @@ public class DefaultSignedAttributeTableGenerator
{
return new AttributeTable(createStandardAttributeTable(parameters));
}
+
+ private static Hashtable copyHashTable(Hashtable paramsMap)
+ {
+ Hashtable newTable = new Hashtable();
+
+ Enumeration keys = paramsMap.keys();
+ while (keys.hasMoreElements())
+ {
+ Object key = keys.nextElement();
+ newTable.put(key, paramsMap.get(key));
+ }
+
+ return newTable;
+ }
}
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
index e378629..f264729 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
@@ -7,7 +7,6 @@ import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
@@ -23,6 +22,7 @@ import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.TeeOutputStream;
public class SignerInfoGenerator
@@ -126,9 +126,9 @@ public class SignerInfoGenerator
return signerIdentifier;
}
- public ASN1Integer getGeneratedVersion()
+ public int getGeneratedVersion()
{
- return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1);
+ return signerIdentifier.isTagged() ? 3 : 1;
}
public boolean hasAssociatedCertificate()
@@ -221,7 +221,7 @@ public class SignerInfoGenerator
if (unsAttrGen != null)
{
Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest);
- parameters.put(CMSAttributeTableGenerator.SIGNATURE, sigBytes.clone());
+ parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes));
AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
@@ -265,7 +265,7 @@ public class SignerInfoGenerator
}
param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId);
- param.put(CMSAttributeTableGenerator.DIGEST, hash.clone());
+ param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash));
return param;
}
@@ -273,7 +273,7 @@ public class SignerInfoGenerator
{
if (calculatedDigest != null)
{
- return (byte[])calculatedDigest.clone();
+ return Arrays.clone(calculatedDigest);
}
return null;
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java
index bd9703a..7e178d6 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java
@@ -2,13 +2,6 @@ package org.bouncycastle.cms;
import java.io.IOException;
import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
@@ -33,13 +26,10 @@ import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.RawContentVerifier;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.TeeOutputStream;
@@ -172,7 +162,7 @@ public class SignerInformation
throw new IllegalStateException("method can only be called after verify.");
}
- return (byte[])resultDigest.clone();
+ return Arrays.clone(resultDigest);
}
/**
@@ -232,7 +222,7 @@ public class SignerInformation
*/
public byte[] getSignature()
{
- return (byte[])signature.clone();
+ return Arrays.clone(signature);
}
/**
@@ -318,42 +308,6 @@ public class SignerInformation
return null;
}
- /**
- * @deprecated
- */
- private boolean doVerify(
- PublicKey key,
- Provider sigProvider)
- throws CMSException, NoSuchAlgorithmException
- {
- try
- {
- SignerInformationVerifier verifier;
-
- if (sigProvider != null)
- {
- if (!sigProvider.getName().equalsIgnoreCase("BC"))
- {
- verifier = new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build()).setProvider(sigProvider).build(key);
- }
- else
- {
- verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(sigProvider).build(key);
- }
- }
- else
- {
- verifier = new JcaSimpleSignerInfoVerifierBuilder().build(key);
- }
-
- return doVerify(verifier);
- }
- catch (OperatorCreationException e)
- {
- throw new CMSException("unable to create verifier: " + e.getMessage(), e);
- }
- }
-
private boolean doVerify(
SignerInformationVerifier verifier)
throws CMSException
@@ -555,75 +509,6 @@ public class SignerInformation
}
/**
- * verify that the given public key successfully handles and confirms the
- * signature associated with this signer.
- * @deprecated use verify(ContentVerifierProvider)
- */
- public boolean verify(
- PublicKey key,
- String sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- return verify(key, CMSUtils.getProvider(sigProvider));
- }
-
- /**
- * verify that the given public key successfully handles and confirms the
- * signature associated with this signer
- * @deprecated use verify(ContentVerifierProvider)
- */
- public boolean verify(
- PublicKey key,
- Provider sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- // Optional, but still need to validate if present
- getSigningTime();
-
- return doVerify(key, sigProvider);
- }
-
- /**
- * verify that the given certificate successfully handles and confirms
- * the signature associated with this signer and, if a signingTime
- * attribute is available, that the certificate was valid at the time the
- * signature was generated.
- * @deprecated use verify(ContentVerifierProvider)
- */
- public boolean verify(
- X509Certificate cert,
- String sigProvider)
- throws NoSuchAlgorithmException, NoSuchProviderException,
- CertificateExpiredException, CertificateNotYetValidException,
- CMSException
- {
- return verify(cert, CMSUtils.getProvider(sigProvider));
- }
-
- /**
- * verify that the given certificate successfully handles and confirms
- * the signature associated with this signer and, if a signingTime
- * attribute is available, that the certificate was valid at the time the
- * signature was generated.
- * @deprecated use verify(ContentVerifierProvider)
- */
- public boolean verify(
- X509Certificate cert,
- Provider sigProvider)
- throws NoSuchAlgorithmException,
- CertificateExpiredException, CertificateNotYetValidException,
- CMSException
- {
- Time signingTime = getSigningTime();
- if (signingTime != null)
- {
- cert.checkValidity(signingTime.getDate());
- }
-
- return doVerify(cert.getPublicKey(), sigProvider);
- }
-
- /**
* Verify that the given verifier can successfully verify the signature on
* this SignerInformation object.
*
@@ -654,17 +539,6 @@ public class SignerInformation
}
/**
- * Return the base ASN.1 CMS structure that this object contains.
- *
- * @return an object containing a CMS SignerInfo structure.
- * @deprecated use toASN1Structure()
- */
- public SignerInfo toSignerInfo()
- {
- return info;
- }
-
- /**
* Return the underlying ASN.1 object defining this SignerInformation object.
*
* @return a SignerInfo.
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
index 56c3771..87a6699 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
@@ -12,6 +12,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jcajce.DefaultJcaJceHelper;
@@ -144,6 +145,12 @@ public class JcaContentVerifierProviderBuilder
};
}
+ public ContentVerifierProvider build(SubjectPublicKeyInfo publicKey)
+ throws OperatorCreationException
+ {
+ return this.build(helper.convertPublicKey(publicKey));
+ }
+
private SignatureOutputStream createSignatureStream(AlgorithmIdentifier algorithm, PublicKey publicKey)
throws OperatorCreationException
{
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
index 9a8ac54..74c1b28 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
@@ -4,14 +4,18 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
import java.security.spec.PSSParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
@@ -31,9 +35,11 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jcajce.JcaJceHelper;
+import org.bouncycastle.jcajce.JcaJceUtils;
import org.bouncycastle.operator.OperatorCreationException;
class OperatorHelper
@@ -187,6 +193,41 @@ class OperatorHelper
}
}
+ AlgorithmParameters createAlgorithmParameters(AlgorithmIdentifier cipherAlgId)
+ throws OperatorCreationException
+ {
+ AlgorithmParameters parameters;
+
+ if (cipherAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption))
+ {
+ return null;
+ }
+
+ try
+ {
+ parameters = helper.createAlgorithmParameters(cipherAlgId.getAlgorithm().getId());
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ return null; // There's a good chance there aren't any!
+ }
+ catch (NoSuchProviderException e)
+ {
+ throw new OperatorCreationException("cannot create algorithm parameters: " + e.getMessage(), e);
+ }
+
+ try
+ {
+ parameters.init(cipherAlgId.getParameters().toASN1Primitive().getEncoded());
+ }
+ catch (IOException e)
+ {
+ throw new OperatorCreationException("cannot initialise algorithm parameters: " + e.getMessage(), e);
+ }
+
+ return parameters;
+ }
+
MessageDigest createDigest(AlgorithmIdentifier digAlgId)
throws GeneralSecurityException
{
@@ -264,7 +305,7 @@ class OperatorHelper
{
AlgorithmParameters params = helper.createAlgorithmParameters(algName);
- params.init(algorithm.getParameters().toASN1Primitive().getEncoded(), "ASN.1");
+ JcaJceUtils.loadParameters(params, algorithm.getParameters());
PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class);
sig.setParameter(spec);
@@ -375,6 +416,33 @@ class OperatorHelper
}
}
+ public PublicKey convertPublicKey(SubjectPublicKeyInfo publicKeyInfo)
+ throws OperatorCreationException
+ {
+ try
+ {
+ KeyFactory keyFact = helper.createKeyFactory(publicKeyInfo.getAlgorithm().getAlgorithm().getId());
+
+ return keyFact.generatePublic(new X509EncodedKeySpec(publicKeyInfo.getEncoded()));
+ }
+ catch (IOException e)
+ {
+ throw new OperatorCreationException("cannot get encoded form of key: " + e.getMessage(), e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e);
+ }
+ catch (NoSuchProviderException e)
+ {
+ throw new OperatorCreationException("cannot find factory provider: " + e.getMessage(), e);
+ }
+ catch (InvalidKeySpecException e)
+ {
+ throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e);
+ }
+ }
+
// TODO: put somewhere public so cause easily accessed
private static class OpCertificateException
extends CertificateException
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 08:59:22 +0000