diff options
| author | Brian Carlstrom <bdc@google.com> | 2013-01-30 18:26:40 -0800 |
|---|---|---|
| committer | Brian Carlstrom <bdc@google.com> | 2013-02-12 11:49:49 -0800 |
| commit | e1142c149e244797ce73b0e7fad40816e447a817 (patch) | |
| tree | 1b21a376dea5f398b558a6e3d2ed4a73667ba2f7 /bcpkix | |
| parent | 2d8d9ce072842c1c67e912686fd20795c43f221d (diff) | |
| download | android_external_bouncycastle-e1142c149e244797ce73b0e7fad40816e447a817.tar.gz android_external_bouncycastle-e1142c149e244797ce73b0e7fad40816e447a817.tar.bz2 android_external_bouncycastle-e1142c149e244797ce73b0e7fad40816e447a817.zip | |
bouncycastle 1.48 upgrade
Change-Id: Idb04baf42de07b18ddb162e5cd1f98cdadf366f4
Diffstat (limited to 'bcpkix')
18 files changed, 224 insertions, 91 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java index f354bc7..074d3fc 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java @@ -261,7 +261,7 @@ public class AttributeCertificateHolder public Object clone() { - return new AttributeCertificateHolder((ASN1Sequence)holder.toASN1Object()); + return new AttributeCertificateHolder((ASN1Sequence)holder.toASN1Primitive()); } public boolean match(Object obj) diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/CertUtils.java b/bcpkix/src/main/java/org/bouncycastle/cert/CertUtils.java index e3c2079..9e2e488 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/CertUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/CertUtils.java @@ -13,9 +13,10 @@ import java.util.Set; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1GeneralizedTime; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERGeneralizedTime; +import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -199,7 +200,7 @@ class CertUtils return null; } - static Date recoverDate(DERGeneralizedTime time) + static Date recoverDate(ASN1GeneralizedTime time) { try { @@ -210,4 +211,34 @@ class CertUtils throw new IllegalStateException("unable to recover date: " + e.getMessage()); } } + + static boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) + { + if (!id1.getAlgorithm().equals(id2.getAlgorithm())) + { + return false; + } + + if (id1.getParameters() == null) + { + if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + if (id2.getParameters() == null) + { + if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + return id1.getParameters().equals(id2.getParameters()); + } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java index e2ce015..a34b3b3 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java @@ -213,6 +213,16 @@ public class X509AttributeCertificateHolder } /** + * Return the extensions block associated with this certificate if there is one. + * + * @return the extensions block, null otherwise. + */ + public Extensions getExtensions() + { + return extensions; + } + + /** * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the * extensions contained in this holder's attribute certificate. * @@ -305,7 +315,7 @@ public class X509AttributeCertificateHolder { AttributeCertificateInfo acinfo = attrCert.getAcinfo(); - if (!acinfo.getSignature().equals(attrCert.getSignatureAlgorithm())) + if (!CertUtils.isAlgIdEqual(acinfo.getSignature(), attrCert.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java index c6b4d3d..a10f014 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java @@ -100,6 +100,16 @@ public class X509CRLEntryHolder } /** + * Return the extensions block associated with this CRL entry if there is one. + * + * @return the extensions block, null otherwise. + */ + public Extensions getExtensions() + { + return entry.getExtensions(); + } + + /** * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the * extensions contained in this holder's CRL entry. * diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java index 3bb2327..b3723f3 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java @@ -202,6 +202,16 @@ public class X509CRLHolder } /** + * Return the extensions block associated with this CRL if there is one. + * + * @return the extensions block, null otherwise. + */ + public Extensions getExtensions() + { + return extensions; + } + + /** * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the * extensions contained in this holder's CRL. * @@ -256,7 +266,7 @@ public class X509CRLHolder { TBSCertList tbsCRL = x509CRL.getTBSCertList(); - if (!tbsCRL.getSignature().equals(x509CRL.getSignatureAlgorithm())) + if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java index 52d5bcf..1081d93 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java @@ -109,6 +109,16 @@ public class X509CertificateHolder } /** + * Return the extensions block associated with this certificate if there is one. + * + * @return the extensions block, null otherwise. + */ + public Extensions getExtensions() + { + return extensions; + } + + /** * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the * extensions contained in this holder's certificate. * @@ -254,7 +264,7 @@ public class X509CertificateHolder { TBSCertificate tbsCert = x509Certificate.getTBSCertificate(); - if (!tbsCert.getSignature().equals(x509Certificate.getSignatureAlgorithm())) + if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java index 2b2c354..1c79a94 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java @@ -7,6 +7,7 @@ import java.io.OutputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; +import org.bouncycastle.util.Arrays; /** * a holding class for a byte array of data to be processed. @@ -44,7 +45,7 @@ public class CMSProcessableByteArray public Object getContent() { - return bytes.clone(); + return Arrays.clone(bytes); } public ASN1ObjectIdentifier getContentType() diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index 7a8adeb..c976dfe 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -2,6 +2,7 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Provider; @@ -74,7 +75,7 @@ public class CMSSignedData SignedData signedData; ContentInfo contentInfo; - CMSProcessable signedContent; + CMSTypedData signedContent; SignerInformationStore signerInfoStore; X509Store attributeStore; X509Store certificateStore; @@ -144,11 +145,36 @@ public class CMSSignedData } public CMSSignedData( - CMSProcessable signedContent, + final CMSProcessable signedContent, ContentInfo sigData) throws CMSException { - this.signedContent = signedContent; + if (signedContent instanceof CMSTypedData) + { + this.signedContent = (CMSTypedData)signedContent; + } + else + { + this.signedContent = new CMSTypedData() + { + public ASN1ObjectIdentifier getContentType() + { + return signedData.getEncapContentInfo().getContentType(); + } + + public void write(OutputStream out) + throws IOException, CMSException + { + signedContent.write(out); + } + + public Object getContent() + { + return signedContent.getContent(); + } + }; + } + this.contentInfo = sigData; this.signedData = getSignedData(); } @@ -176,7 +202,7 @@ public class CMSSignedData // if (signedData.getEncapContentInfo().getContent() != null) { - this.signedContent = new CMSProcessableByteArray( + this.signedContent = new CMSProcessableByteArray(signedData.getEncapContentInfo().getContentType(), ((ASN1OctetString)(signedData.getEncapContentInfo() .getContent())).getOctets()); } @@ -498,7 +524,7 @@ public class CMSSignedData return signedData.getEncapContentInfo().getContentType().getId(); } - public CMSProcessable getSignedContent() + public CMSTypedData getSignedContent() { return signedContent; } @@ -604,6 +630,7 @@ public class CMSSignedData * @param certsAndCrls the new certificates and CRLs to be used. * @return a new signed data object. * @exception CMSException if there is an error processing the CertStore + * @deprecated use method taking Store arguments. */ public static CMSSignedData replaceCertificatesAndCRLs( CMSSignedData signedData, diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java index d269345..365522d 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java @@ -15,9 +15,9 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.AttributeTable; @@ -168,7 +168,7 @@ public class CMSSignedGenerator return encOID; } - protected Map getBaseParameters(DERObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) + protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) { Map param = new HashMap(); param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java index 192704f..457a97e 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java @@ -17,12 +17,12 @@ import java.util.List; import java.util.Map; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; // BEGIN android-removed // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // END android-removed @@ -47,7 +47,7 @@ class CMSSignedHelper private static final Map digestAlgs = new HashMap(); private static final Map digestAliases = new HashMap(); - private static void addEntries(DERObjectIdentifier alias, String digest, String encryption) + private static void addEntries(ASN1ObjectIdentifier alias, String digest, String encryption) { digestAlgs.put(alias.getId(), digest); encryptionAlgs.put(alias.getId(), encryption); @@ -405,18 +405,18 @@ class CMSSignedHelper { if (algId.getParameters() == null) { - return new AlgorithmIdentifier(algId.getObjectId(), DERNull.INSTANCE); + return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); } return algId; } - void setSigningEncryptionAlgorithmMapping(DERObjectIdentifier oid, String algorithmName) + void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) { encryptionAlgs.put(oid.getId(), algorithmName); } - void setSigningDigestAlgorithmMapping(DERObjectIdentifier oid, String algorithmName) + void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) { digestAlgs.put(oid.getId(), algorithmName); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index 75c6beb..907fcc0 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -28,9 +28,9 @@ import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.X509CertificateStructure; +import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; @@ -69,8 +69,7 @@ class CMSUtils { X509Certificate c = (X509Certificate)it.next(); - certs.add(X509CertificateStructure.getInstance( - ASN1Primitive.fromByteArray(c.getEncoded()))); + certs.add(Certificate.getInstance(ASN1Primitive.fromByteArray(c.getEncoded()))); } return certs; @@ -222,12 +221,12 @@ class CMSUtils return octGen.getOctetOutputStream(); } - static TBSCertificateStructure getTBSCertificateStructure( + static TBSCertificate getTBSCertificateStructure( X509Certificate cert) { try { - return TBSCertificateStructure.getInstance( + return TBSCertificate.getInstance( ASN1Primitive.fromByteArray(cert.getTBSCertificate())); } catch (Exception e) @@ -239,7 +238,7 @@ class CMSUtils static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert) { - TBSCertificateStructure tbsCert = getTBSCertificateStructure(cert); + TBSCertificate tbsCert = getTBSCertificateStructure(cert); return new IssuerAndSerialNumber(tbsCert.getIssuer(), tbsCert.getSerialNumber().getValue()); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java index 965d121..8ba3686 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java @@ -4,7 +4,7 @@ import java.util.Date; import java.util.Hashtable; import java.util.Map; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.Attribute; @@ -63,8 +63,8 @@ public class DefaultSignedAttributeTableGenerator if (!std.containsKey(CMSAttributes.contentType)) { - DERObjectIdentifier contentType = (DERObjectIdentifier) - parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE); + ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance( + parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE)); // contentType will be null if we're trying to generate a counter signature. if (contentType != null) diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java index 06470c3..f5ac174 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java @@ -7,9 +7,9 @@ import java.util.HashMap; import java.util.Map; import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.AttributeTable; @@ -121,6 +121,16 @@ public class SignerInfoGenerator this.sigEncAlgFinder = sigEncAlgFinder; } + public SignerIdentifier getSID() + { + return signerIdentifier; + } + + public ASN1Integer getGeneratedVersion() + { + return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); + } + public boolean hasAssociatedCertificate() { return certHolder != null; @@ -245,7 +255,7 @@ public class SignerInfoGenerator return null; } - private Map getBaseParameters(DERObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) + private Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) { Map param = new HashMap(); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java index 4526a2e..bd9703a 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java @@ -21,7 +21,7 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.Attribute; import org.bouncycastle.asn1.cms.AttributeTable; @@ -41,6 +41,7 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.RawContentVerifier; import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.io.TeeOutputStream; /** * an expanded SignerInfo block from a CMS Signed message @@ -143,7 +144,7 @@ public class SignerInformation */ public String getDigestAlgOID() { - return digestAlgorithm.getObjectId().getId(); + return digestAlgorithm.getAlgorithm().getId(); } /** @@ -179,7 +180,7 @@ public class SignerInformation */ public String getEncryptionAlgOID() { - return encryptionAlgorithm.getObjectId().getId(); + return encryptionAlgorithm.getAlgorithm().getId(); } /** @@ -358,9 +359,21 @@ public class SignerInformation throws CMSException { String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID()); + ContentVerifier contentVerifier; try { + contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm()); + } + catch (OperatorCreationException e) + { + throw new CMSException("can't create content verifier: " + e.getMessage(), e); + } + + try + { + OutputStream sigOut = contentVerifier.getOutputStream(); + if (resultDigest == null) { DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID()); @@ -368,11 +381,34 @@ public class SignerInformation { OutputStream digOut = calc.getOutputStream(); - content.write(digOut); + if (signedAttributeSet == null) + { + if (contentVerifier instanceof RawContentVerifier) + { + content.write(digOut); + } + else + { + OutputStream cOut = new TeeOutputStream(digOut, sigOut); + + content.write(cOut); + + cOut.close(); + } + } + else + { + content.write(digOut); + sigOut.write(this.getEncodedSignedAttributes()); + } digOut.close(); } - else if (signedAttributeSet == null) + else if (signedAttributeSet != null) + { + sigOut.write(this.getEncodedSignedAttributes()); + } + else { // TODO Get rid of this exception and just treat content==null as empty not missing? throw new CMSException("data not encapsulated in signature - use detached constructor."); @@ -380,6 +416,22 @@ public class SignerInformation resultDigest = calc.getDigest(); } + else + { + if (signedAttributeSet == null) + { + if (content != null) + { + content.write(sigOut); + } + } + else + { + sigOut.write(this.getEncodedSignedAttributes()); + } + } + + sigOut.close(); } catch (IOException e) { @@ -408,12 +460,12 @@ public class SignerInformation throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute"); } - if (!(validContentType instanceof DERObjectIdentifier)) + if (!(validContentType instanceof ASN1ObjectIdentifier)) { throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'"); } - DERObjectIdentifier signedContentType = (DERObjectIdentifier)validContentType; + ASN1ObjectIdentifier signedContentType = (ASN1ObjectIdentifier)validContentType; if (!signedContentType.equals(contentType)) { @@ -477,41 +529,22 @@ public class SignerInformation try { - ContentVerifier contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm()); - OutputStream sigOut = contentVerifier.getOutputStream(); - - if (signedAttributeSet == null) + if (signedAttributeSet == null && resultDigest != null) { - if (resultDigest != null) + if (contentVerifier instanceof RawContentVerifier) { - if (contentVerifier instanceof RawContentVerifier) - { - RawContentVerifier rawVerifier = (RawContentVerifier)contentVerifier; - - if (encName.equals("RSA")) - { - DigestInfo digInfo = new DigestInfo(digestAlgorithm, resultDigest); + RawContentVerifier rawVerifier = (RawContentVerifier)contentVerifier; - return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature()); - } + if (encName.equals("RSA")) + { + DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest); - return rawVerifier.verify(resultDigest, this.getSignature()); + return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature()); } - throw new CMSException("verifier unable to process raw signature"); - } - else if (content != null) - { - // TODO Use raw signature of the hash value instead - content.write(sigOut); + return rawVerifier.verify(resultDigest, this.getSignature()); } } - else - { - sigOut.write(this.getEncodedSignedAttributes()); - } - - sigOut.close(); return contentVerifier.verify(this.getSignature()); } @@ -519,10 +552,6 @@ public class SignerInformation { throw new CMSException("can't process mime object to create signature.", e); } - catch (OperatorCreationException e) - { - throw new CMSException("can't create content verifier: " + e.getMessage(), e); - } } /** @@ -764,7 +793,7 @@ public class SignerInformation for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext();) { - sigs.add(((SignerInformation)it.next()).toSignerInfo()); + sigs.add(((SignerInformation)it.next()).toASN1Structure()); } v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs))); diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java index 82a43a0..8e4d2b7 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java @@ -100,13 +100,11 @@ public class DefaultDigestAlgorithmIdentifierFinder if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { - digAlgId = ((RSASSAPSSparams)sigAlgId.getParameters()).getHashAlgorithm(); + digAlgId = RSASSAPSSparams.getInstance(sigAlgId.getParameters()).getHashAlgorithm(); } else { - // BEGIN android-changed digAlgId = new AlgorithmIdentifier((ASN1ObjectIdentifier)digestOids.get(sigAlgId.getAlgorithm()), DERNull.INSTANCE); - // END android-changed } return digAlgId; @@ -114,8 +112,6 @@ public class DefaultDigestAlgorithmIdentifierFinder public AlgorithmIdentifier find(String digAlgName) { - // BEGIN android-changed return new AlgorithmIdentifier((ASN1ObjectIdentifier)digestNameToOids.get(digAlgName), DERNull.INSTANCE); - // END android-changed } -} +}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java index be3567f..b73c5ce 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java @@ -144,31 +144,21 @@ public class DefaultSignatureAlgorithmIdentifierFinder // // explicit params // - // BEGIN android-changed AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); - // END android-changed params.put("SHA1WITHRSAANDMGF1", createPSSParams(sha1AlgId, 20)); // BEGIN android-removed - // // BEGIN android-changed // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); - // // END android-changed // params.put("SHA224WITHRSAANDMGF1", createPSSParams(sha224AlgId, 28)); // END android-removed - // BEGIN android-changed AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); - // END android-changed params.put("SHA256WITHRSAANDMGF1", createPSSParams(sha256AlgId, 32)); - // BEGIN android-changed AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); - // END android-changed params.put("SHA384WITHRSAANDMGF1", createPSSParams(sha384AlgId, 48)); - // BEGIN android-changed AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); - // END android-changed params.put("SHA512WITHRSAANDMGF1", createPSSParams(sha512AlgId, 64)); // @@ -223,9 +213,7 @@ public class DefaultSignatureAlgorithmIdentifierFinder if (pkcs15RsaEncryption.contains(sigOID)) { - // BEGIN android-changed encAlgId = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); - // END android-changed } else { @@ -238,9 +226,7 @@ public class DefaultSignatureAlgorithmIdentifierFinder } else { - // BEGIN android-changed digAlgId = new AlgorithmIdentifier((ASN1ObjectIdentifier)digestOids.get(sigOID), DERNull.INSTANCE); - // END android-changed } return sigAlgId; @@ -259,4 +245,4 @@ public class DefaultSignatureAlgorithmIdentifierFinder { return generate(sigAlgName); } -} +}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java b/bcpkix/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java index 2918b4d..58242b2 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java @@ -5,6 +5,11 @@ public class RuntimeOperatorException { private Throwable cause; + public RuntimeOperatorException(String msg) + { + super(msg); + } + public RuntimeOperatorException(String msg, Throwable cause) { super(msg); diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java index 28221f4..2520f95 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java @@ -79,6 +79,15 @@ class OperatorHelper // END android-removed oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); + oids.put(OIWObjectIdentifiers.idSHA1, "SHA-1"); + oids.put(NISTObjectIdentifiers.id_sha224, "SHA-224"); + oids.put(NISTObjectIdentifiers.id_sha256, "SHA-256"); + oids.put(NISTObjectIdentifiers.id_sha384, "SHA-384"); + oids.put(NISTObjectIdentifiers.id_sha512, "SHA-512"); + oids.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128"); + oids.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160"); + oids.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-256"); + asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWrap"); |