diff options
| -rw-r--r-- | MODULE_LICENSE_BSD_LIKE | 0 | ||||
| -rw-r--r-- | NOTICE | 22 | ||||
| -rw-r--r-- | README.android | 51 | ||||
| -rw-r--r-- | bouncycastle.config | 198 | ||||
| -rw-r--r-- | bouncycastle.version | 2 | ||||
| -rwxr-xr-x | import_bouncycastle.sh | 242 | ||||
| -rw-r--r-- | patches/README | 3 | ||||
| -rw-r--r-- | patches/android.patch | 11568 |
8 files changed, 12086 insertions, 0 deletions
diff --git a/MODULE_LICENSE_BSD_LIKE b/MODULE_LICENSE_BSD_LIKE new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/MODULE_LICENSE_BSD_LIKE @@ -0,0 +1,22 @@ +<html> +<body bgcolor=#ffffff> + +Copyright (c) 2000-2006 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) +<p> +Permission is hereby granted, free of charge, to any person obtaining a copy of this software +and associated documentation files (the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: +<p> +The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. +<p> +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR +PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. +</body> +</html> diff --git a/README.android b/README.android new file mode 100644 index 0000000..4e041ed --- /dev/null +++ b/README.android @@ -0,0 +1,51 @@ +Bouncy Castle on the Android platform. +--- + +The code in this directory is based on $BOUNCYCASTLE_VERSION in the +file bouncycastle.version. See patches/README for more information on +how the code differs from $BOUNCYCASTLE_VERSION. + +Porting New Versions of Bouncy Castle. +-- + +The following steps are recommended for porting new Bouncy Castle versions. + +1) Retrieve the appropriate version of the Bouncy Castle source from + www.bouncycastle.org/latest_releases.html (in bcprov-jdk*-*.tar.gz + file). Check the checksum (found at bouncycastle.org/checksums.html) with: + + md5sum bcprov-jdk*-*.tar.gz + sha1sum bcprov-jdk*-*.tar.gz + +2) Update the variables in bouncycastle.config and bouncycastle.version as appropriate. + At the very least you will need to update the bouncycastle.version. + +3) Run: + + ./import_bouncycastle.sh import bcprov-jdk*-*.tar.gz + +4) If there are any errors, then modify bouncycastle.config, bouncycastle.version + and patches in patches/ as appropriate. You might want to use: + + ./import_bouncycastle.sh regenerate patches/*.patch + + Repeat step 3. + +5) Cleanup before building with: + + m -j16 clean-bouncycastle + +6) Build the bouncycastle target from the external/bouncycastle directory with: + + mm -j16 snod && adb sync system + + If there are build errors, then patches/*.mk or bouncycastle.config + may need updating. + +7) Run tests to make sure things are working: + + See external/openssl/README.android for test instructions + +8) Do a full build before checking in: + + m -j16 diff --git a/bouncycastle.config b/bouncycastle.config new file mode 100644 index 0000000..6837933 --- /dev/null +++ b/bouncycastle.config @@ -0,0 +1,198 @@ +# directories +UNNEEDED_SOURCES=" \ +org/bouncycastle/asn1/sec \ +org/bouncycastle/asn1/smime \ +org/bouncycastle/asn1/test \ +org/bouncycastle/bcpg \ +org/bouncycastle/cms \ +org/bouncycastle/crypto/examples \ +org/bouncycastle/crypto/test \ +org/bouncycastle/i18n/filter/test \ +org/bouncycastle/i18n/test \ +org/bouncycastle/jce/examples \ +org/bouncycastle/jce/provider/test \ +org/bouncycastle/mail \ +org/bouncycastle/math \ +org/bouncycastle/mozilla \ +org/bouncycastle/ocsp \ +org/bouncycastle/openpgp \ +org/bouncycastle/openssl/test \ +org/bouncycastle/sasn1 \ +org/bouncycastle/tsp \ +org/bouncycastle/util/encoders/test \ +org/bouncycastle/util/test \ +org/bouncycastle/voms \ +org/bouncycastle/x509/examples \ +" + +# files +UNNEEDED_SOURCES+=" \ +org/bouncycastle/LICENSE.java \ +org/bouncycastle/asn1/cmp/package.html \ +org/bouncycastle/asn1/cms/package.html \ +org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java \ +org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java \ +org/bouncycastle/asn1/cryptopro/GOST28147Parameters.java \ +org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.java \ +org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.java \ +org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.java \ +org/bouncycastle/asn1/cryptopro/package.html \ +org/bouncycastle/asn1/esf/package.html \ +org/bouncycastle/asn1/ess/package.html \ +org/bouncycastle/asn1/icao/package.html \ +org/bouncycastle/asn1/misc/CAST5CBCParameters.java \ +org/bouncycastle/asn1/misc/package.html \ +org/bouncycastle/asn1/mozilla/package.html \ +org/bouncycastle/asn1/nist/NISTNamedCurves.java \ +org/bouncycastle/asn1/nist/package.html \ +org/bouncycastle/asn1/ocsp/package.html \ +org/bouncycastle/asn1/oiw/ElGamalParameter.java \ +org/bouncycastle/asn1/oiw/package.html \ +org/bouncycastle/asn1/package.html \ +org/bouncycastle/asn1/pkcs/package.html \ +org/bouncycastle/asn1/teletrust/package.html \ +org/bouncycastle/asn1/tsp/package.html \ +org/bouncycastle/asn1/util/package.html \ +org/bouncycastle/asn1/x509/package.html \ +org/bouncycastle/asn1/x509/qualified/package.html \ +org/bouncycastle/asn1/x9/KeySpecificInfo.java \ +org/bouncycastle/asn1/x9/OtherInfo.java \ +org/bouncycastle/asn1/x9/X962NamedCurves.java \ +org/bouncycastle/asn1/x9/X962Parameters.java \ +org/bouncycastle/asn1/x9/X9Curve.java \ +org/bouncycastle/asn1/x9/X9ECParameters.java \ +org/bouncycastle/asn1/x9/X9ECPoint.java \ +org/bouncycastle/asn1/x9/X9FieldElement.java \ +org/bouncycastle/asn1/x9/X9FieldID.java \ +org/bouncycastle/asn1/x9/X9IntegerConverter.java \ +org/bouncycastle/asn1/x9/package.html \ +org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java \ +org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java \ +org/bouncycastle/crypto/agreement/package.html \ +org/bouncycastle/crypto/digests/GOST3411Digest.java \ +org/bouncycastle/crypto/digests/MD2Digest.java \ +org/bouncycastle/crypto/digests/RIPEMD128Digest.java \ +org/bouncycastle/crypto/digests/RIPEMD160Digest.java \ +org/bouncycastle/crypto/digests/RIPEMD256Digest.java \ +org/bouncycastle/crypto/digests/RIPEMD320Digest.java \ +org/bouncycastle/crypto/digests/TigerDigest.java \ +org/bouncycastle/crypto/digests/WhirlpoolDigest.java \ +org/bouncycastle/crypto/digests/package.html \ +org/bouncycastle/crypto/encodings/package.html \ +org/bouncycastle/crypto/engines/BlowfishEngine.java \ +org/bouncycastle/crypto/engines/CAST5Engine.java \ +org/bouncycastle/crypto/engines/CAST6Engine.java \ +org/bouncycastle/crypto/engines/CamelliaEngine.java \ +org/bouncycastle/crypto/engines/ElGamalEngine.java \ +org/bouncycastle/crypto/engines/GOST28147Engine.java \ +org/bouncycastle/crypto/engines/IDEAEngine.java \ +org/bouncycastle/crypto/engines/NaccacheSternEngine.java \ +org/bouncycastle/crypto/engines/RC2WrapEngine.java \ +org/bouncycastle/crypto/engines/RC4Engine.java \ +org/bouncycastle/crypto/engines/RC532Engine.java \ +org/bouncycastle/crypto/engines/RC564Engine.java \ +org/bouncycastle/crypto/engines/RC6Engine.java \ +org/bouncycastle/crypto/engines/RijndaelEngine.java \ +org/bouncycastle/crypto/engines/SerpentEngine.java \ +org/bouncycastle/crypto/engines/SkipjackEngine.java \ +org/bouncycastle/crypto/engines/TwofishEngine.java \ +org/bouncycastle/crypto/engines/package.html \ +org/bouncycastle/crypto/generators/ECKeyPairGenerator.java \ +org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java \ +org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java \ +org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java \ +org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java \ +org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java \ +org/bouncycastle/crypto/generators/package.html \ +org/bouncycastle/crypto/io/package.html \ +org/bouncycastle/crypto/macs/GOST28147Mac.java \ +org/bouncycastle/crypto/macs/package.html \ +org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \ +org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \ +org/bouncycastle/crypto/modes/package.html \ +org/bouncycastle/crypto/package.html \ +org/bouncycastle/crypto/paddings/package.html \ +org/bouncycastle/crypto/params/ECDomainParameters.java \ +org/bouncycastle/crypto/params/ECKeyGenerationParameters.java \ +org/bouncycastle/crypto/params/ECKeyParameters.java \ +org/bouncycastle/crypto/params/ECPrivateKeyParameters.java \ +org/bouncycastle/crypto/params/ECPublicKeyParameters.java \ +org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java \ +org/bouncycastle/crypto/params/ElGamalKeyParameters.java \ +org/bouncycastle/crypto/params/ElGamalParameters.java \ +org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.java \ +org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.java \ +org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.java \ +org/bouncycastle/crypto/params/GOST3410KeyParameters.java \ +org/bouncycastle/crypto/params/GOST3410Parameters.java \ +org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.java \ +org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.java \ +org/bouncycastle/crypto/params/GOST3410ValidationParameters.java \ +org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java \ +org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java \ +org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java \ +org/bouncycastle/crypto/params/package.html \ +org/bouncycastle/crypto/signers/ECDSASigner.java \ +org/bouncycastle/crypto/signers/ECGOST3410Signer.java \ +org/bouncycastle/crypto/signers/ECNRSigner.java \ +org/bouncycastle/crypto/signers/GOST3410Signer.java \ +org/bouncycastle/crypto/signers/package.html \ +org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \ +org/bouncycastle/jce/ECNamedCurveTable.java \ +org/bouncycastle/jce/ECPointUtil.java \ +org/bouncycastle/jce/interfaces/ECKey.java \ +org/bouncycastle/jce/interfaces/ECPointEncoder.java \ +org/bouncycastle/jce/interfaces/ECPrivateKey.java \ +org/bouncycastle/jce/interfaces/ECPublicKey.java \ +org/bouncycastle/jce/interfaces/ElGamalKey.java \ +org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java \ +org/bouncycastle/jce/interfaces/ElGamalPublicKey.java \ +org/bouncycastle/jce/interfaces/GOST3410Key.java \ +org/bouncycastle/jce/interfaces/GOST3410Params.java \ +org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java \ +org/bouncycastle/jce/interfaces/GOST3410PublicKey.java \ +org/bouncycastle/jce/interfaces/package.html \ +org/bouncycastle/jce/package.html \ +org/bouncycastle/jce/provider/EC5Util.java \ +org/bouncycastle/jce/provider/ECUtil.java \ +org/bouncycastle/jce/provider/ElGamalUtil.java \ +org/bouncycastle/jce/provider/GOST3410Util.java \ +org/bouncycastle/jce/provider/JCEECDHKeyAgreement.java \ +org/bouncycastle/jce/provider/JCEECPrivateKey.java \ +org/bouncycastle/jce/provider/JCEECPublicKey.java \ +org/bouncycastle/jce/provider/JCEElGamalCipher.java \ +org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \ +org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \ +org/bouncycastle/jce/provider/JDKGOST3410PrivateKey.java \ +org/bouncycastle/jce/provider/JDKGOST3410PublicKey.java \ +org/bouncycastle/jce/provider/JDKGOST3410Signer.java \ +org/bouncycastle/jce/spec/ECKeySpec.java \ +org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java \ +org/bouncycastle/jce/spec/ECNamedCurveSpec.java \ +org/bouncycastle/jce/spec/ECParameterSpec.java \ +org/bouncycastle/jce/spec/ECPrivateKeySpec.java \ +org/bouncycastle/jce/spec/ECPublicKeySpec.java \ +org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java \ +org/bouncycastle/jce/spec/ElGamalKeySpec.java \ +org/bouncycastle/jce/spec/ElGamalParameterSpec.java \ +org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java \ +org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java \ +org/bouncycastle/jce/spec/GOST28147ParameterSpec.java \ +org/bouncycastle/jce/spec/GOST3410ParameterSpec.java \ +org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java \ +org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java \ +org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java \ +org/bouncycastle/jce/spec/package.html \ +org/bouncycastle/openssl/PEMReader.java \ +org/bouncycastle/openssl/PasswordFinder.java \ +org/bouncycastle/openssl/package.html \ +org/bouncycastle/util/encoders/package.html \ +org/bouncycastle/x509/extension/package.html \ +org/bouncycastle/x509/package.html \ +" + +# needed sources to copy in +NEEDED_SOURCES="org" + +# list of patch files to apply in the given order +BOUNCYCASTLE_PATCHES="android.patch" diff --git a/bouncycastle.version b/bouncycastle.version new file mode 100644 index 0000000..d774e57 --- /dev/null +++ b/bouncycastle.version @@ -0,0 +1,2 @@ +BOUNCYCASTLE_JDK=15 +BOUNCYCASTLE_VERSION=134 diff --git a/import_bouncycastle.sh b/import_bouncycastle.sh new file mode 100755 index 0000000..2271dc0 --- /dev/null +++ b/import_bouncycastle.sh @@ -0,0 +1,242 @@ +#!/bin/bash +# +# Copyright (C) 2010 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# This script imports new versions of Bouncy Castle (http://bouncycastle.org) into the +# Android source tree. To run, (1) fetch the appropriate tarball from the Bouncy Castle repository, +# (2) check the checksum, and then (3) run: +# ./import_bouncycastle.sh bcprov-jdk*-*.tar.gz +# +# IMPORTANT: See README.android for additional details. + +# turn on exit on error as well as a warning when it happens +set -e +trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR; + +function die() { + declare -r message=$1 + + echo $message + exit 1 +} + +function usage() { + declare -r message=$1 + + if [ ! "$message" = "" ]; then + echo $message + fi + echo "Usage:" + echo " ./import_bouncycastle.sh import </path/to/bcprov-jdk*-*.tar.gz>" + echo " ./import_bouncycastle.sh regenerate <patch/*.patch>" + echo " ./import_bouncycastle.sh generate <patch/*.patch> </path/to/bcprov-jdk*-*.tar.gz>" + exit 1 +} + +function main() { + if [ ! -d patches ]; then + die "Bouncy Castle patch directory patches/ not found" + fi + + if [ ! -f bouncycastle.version ]; then + die "bouncycastle.version not found" + fi + + source bouncycastle.version + if [ "$BOUNCYCASTLE_JDK" == "" -o "$BOUNCYCASTLE_VERSION" == "" ]; then + die "Invalid bouncycastle.version; see README.android for more information" + fi + + BOUNCYCASTLE_DIR=bcprov-jdk$BOUNCYCASTLE_JDK-$BOUNCYCASTLE_VERSION + BOUNCYCASTLE_DIR_ORIG=$BOUNCYCASTLE_DIR.orig + + if [ ! -f bouncycastle.config ]; then + die "bouncycastle.config not found" + fi + + source bouncycastle.config + if [ "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then + die "Invalid bouncycastle.config; see README.android for more information" + fi + + declare -r command=$1 + shift || usage "No command specified. Try import, regenerate, or generate." + if [ "$command" = "import" ]; then + declare -r tar=$1 + shift || usage "No tar file specified." + import $tar + elif [ "$command" = "regenerate" ]; then + declare -r patch=$1 + shift || usage "No patch file specified." + [ -d $BOUNCYCASTLE_DIR ] || usage "$BOUNCYCASTLE_DIR not found, did you mean to use generate?" + [ -d $BOUNCYCASTLE_DIR_ORIG ] || usage "$BOUNCYCASTLE_DIR_ORIG not found, did you mean to use generate?" + regenerate $patch + elif [ "$command" = "generate" ]; then + declare -r patch=$1 + shift || usage "No patch file specified." + declare -r tar=$1 + shift || usage "No tar file specified." + generate $patch $tar + else + usage "Unknown command specified $command. Try import, regenerate, or generate." + fi +} + +function import() { + declare -r BOUNCYCASTLE_SOURCE=$1 + + untar $BOUNCYCASTLE_SOURCE + applypatches + + cd $BOUNCYCASTLE_DIR + + cp -f LICENSE.html ../NOTICE + touch ../MODULE_LICENSE_BSD_LIKE + + cd .. + + rm -r src + mkdir -p src/main/java/ + for i in $NEEDED_SOURCES; do + echo "Updating $i" + mv $BOUNCYCASTLE_DIR/$i src/main/java/ + done + + # if [ $BOUNCYCASTLE_VERSION -ge 145 ]; then + # # move test directories from src/main/java to src/test/java + # for from in `find src/main/java -name test`; do + # to=`dirname $from | sed s,src/main/java/,src/test/java/,` + # echo "Moving $from to $to" + # mkdir -p $to + # mv $from $to + # done + # fi + + # # move stray test files from src/main/java to src/test/java + # if [ $BOUNCYCASTLE_VERSION -ge 137 ]; then + # mkdir -p src/test/java/org/bouncycastle/util/ + # echo "Moving src/main/java/org/bouncycastle/util tests" + # mv src/main/java/org/bouncycastle/util/*Test*.java src/test/java/org/bouncycastle/util/ + # fi + + cleantar +} + +function regenerate() { + declare -r patch=$1 + + generatepatch $patch +} + +function generate() { + declare -r patch=$1 + declare -r BOUNCYCASTLE_SOURCE=$2 + + untar $BOUNCYCASTLE_SOURCE + applypatches + + # # restore stray test files from src/test/java back to src/main/java + # if [ $BOUNCYCASTLE_VERSION -ge 137 ]; then + # echo "Restoring src/test/java/org/bouncycastle/util" + # mv src/test/java/org/bouncycastle/util/* src/main/java/org/bouncycastle/util/ + # fi + + # # restore test directories from src/test/java back to src/main/java + # if [ $BOUNCYCASTLE_VERSION -ge 145 ]; then + # for from in `find src/test/java -name test`; do + # to=`dirname $from | sed s,src/test/java/,src/main/java/,` + # echo "Restoring $from to $to" + # mkdir -p $to + # mv $from $to + # done + # fi + + for i in $NEEDED_SOURCES; do + echo "Restoring $i" + rm -r $BOUNCYCASTLE_DIR/$i + cp -rf src/main/java/$i $BOUNCYCASTLE_DIR/$i + done + + generatepatch $patch + cleantar +} + +function untar() { + declare -r BOUNCYCASTLE_SOURCE=$1 + + # Remove old source + cleantar + + # Process new source + tar -zxf $BOUNCYCASTLE_SOURCE + mv $BOUNCYCASTLE_DIR $BOUNCYCASTLE_DIR_ORIG + find $BOUNCYCASTLE_DIR_ORIG -type f -print0 | xargs -0 chmod a-w + (cd $BOUNCYCASTLE_DIR_ORIG && unzip -q src.zip) + tar -zxf $BOUNCYCASTLE_SOURCE + (cd $BOUNCYCASTLE_DIR && unzip -q src.zip) + + # Prune unnecessary sources + echo "Removing $UNNEEDED_SOURCES" + (cd $BOUNCYCASTLE_DIR_ORIG && rm -rf $UNNEEDED_SOURCES) + (cd $BOUNCYCASTLE_DIR && rm -r $UNNEEDED_SOURCES) +} + +function cleantar() { + rm -rf $BOUNCYCASTLE_DIR_ORIG + rm -rf $BOUNCYCASTLE_DIR +} + +function applypatches () { + cd $BOUNCYCASTLE_DIR + + # Apply appropriate patches + for i in $BOUNCYCASTLE_PATCHES; do + echo "Applying patch $i" + patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i" + + # make sure no UNNEEDED_SOURCES got into the patch + problem=0 + for s in $UNNEEDED_SOURCES; do + if [ -e $s ]; then + echo Unneeded source $s restored by patch $i + problem=1 + fi + done + if [ $problem = 1 ]; then + exit 1 + fi + done + + # Cleanup patch output + find . -type f -name "*.orig" -print0 | xargs -0 rm -f + + cd .. +} + +function generatepatch() { + declare -r patch=$1 + + # Cleanup stray files before generating patch + find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f + find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f + + rm -f $patch + LC_ALL=C TZ=UTC0 diff -Naur $BOUNCYCASTLE_DIR_ORIG $BOUNCYCASTLE_DIR >> $patch && die "ERROR: No diff for patch $path in file $i" + echo "Generated patch $patch" +} + +main $@ diff --git a/patches/README b/patches/README new file mode 100644 index 0000000..600ecc5 --- /dev/null +++ b/patches/README @@ -0,0 +1,3 @@ +android.patch: + +patch from Bouncy Castle source to Android post-Froyo diff --git a/patches/android.patch b/patches/android.patch new file mode 100644 index 0000000..3a1fca8 --- /dev/null +++ b/patches/android.patch @@ -0,0 +1,11568 @@ +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Collection.java bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Collection.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Collection.java 1969-12-31 16:00:00.000000000 -0800 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Collection.java 2010-04-30 10:57:26.000000000 -0700 +@@ -0,0 +1,298 @@ ++package org.bouncycastle.asn1; ++ ++import java.io.ByteArrayOutputStream; ++import java.io.IOException; ++import java.util.Enumeration; ++import java.util.ConcurrentModificationException; ++ ++// BEGIN android-note ++/* ++ * This is a new class that was synthesized from ASN1Sequence and ++ * ASN1Set, but with extra smarts about efficiently storing its ++ * elements. ++ */ ++// END android-note ++ ++/** ++ * Base class for collection-like <code>DERObject</code>s. Instances ++ * of this class will keep up to four elements directly, resorting to ++ * an external collection only if more elements than that need to be ++ * stored. ++ */ ++public abstract class ASN1Collection ++ extends DERObject ++{ ++ /** >= 0; size of the collection */ ++ private int size; ++ ++ /** null-ok; element #0 */ ++ private DEREncodable obj0; ++ ++ /** null-ok; element #1 */ ++ private DEREncodable obj1; ++ ++ /** null-ok; element #2 */ ++ private DEREncodable obj2; ++ ++ /** null-ok; element #3 */ ++ private DEREncodable obj3; ++ ++ /** null-ok; elements #4 and higher */ ++ private DEREncodable[] rest; ++ ++ /** ++ * Returns the object at the postion indicated by index. ++ * ++ * @param index the index (starting at zero) of the object ++ * @return the object at the postion indicated by index ++ */ ++ public final DEREncodable getObjectAt(int index) { ++ if ((index < 0) || (index >= size)) { ++ throw new IndexOutOfBoundsException(Integer.toString(index)); ++ } ++ ++ switch (index) { ++ case 0: return obj0; ++ case 1: return obj1; ++ case 2: return obj2; ++ case 3: return obj3; ++ default: return rest[index - 4]; ++ } ++ } ++ ++ /** ++ * Returns the number of objects in this instance. ++ * ++ * @return the number of objects in this instance ++ */ ++ public final int size() { ++ return size; ++ } ++ ++ /** {@inheritDoc} */ ++ public final int hashCode() { ++ Enumeration e = this.getObjects(); ++ int hashCode = 0; ++ ++ while (e.hasMoreElements()) { ++ Object o = e.nextElement(); ++ ++ if (o != null) { ++ hashCode ^= o.hashCode(); ++ } ++ } ++ ++ return hashCode; ++ } ++ ++ /** ++ * Adds a new element to this instance. ++ * ++ * @param obj non-null; the instance to add ++ */ ++ protected void addObject(DEREncodable obj) { ++ if (obj == null) { ++ throw new NullPointerException("obj == null"); ++ } ++ ++ int sz = size; ++ ++ switch (sz) { ++ case 0: obj0 = obj; break; ++ case 1: obj1 = obj; break; ++ case 2: obj2 = obj; break; ++ case 3: obj3 = obj; break; ++ case 4: { ++ // Initial allocation of rest. ++ rest = new DEREncodable[5]; ++ rest[0] = obj; ++ break; ++ } ++ default: { ++ int index = sz - 4; ++ if (index >= rest.length) { ++ // Grow rest. ++ DEREncodable[] newRest = new DEREncodable[index * 2 + 10]; ++ System.arraycopy(rest, 0, newRest, 0, rest.length); ++ rest = newRest; ++ } ++ rest[index] = obj; ++ break; ++ } ++ } ++ ++ size++; ++ } ++ ++ /** ++ * Sets the element at a given index (used by {@link #sort}). ++ * ++ * @param obj non-null; the object to set ++ * @param index >= 0; the index ++ */ ++ private void setObjectAt(DEREncodable obj, int index) { ++ switch (index) { ++ case 0: obj0 = obj; break; ++ case 1: obj1 = obj; break; ++ case 2: obj2 = obj; break; ++ case 3: obj3 = obj; break; ++ default: { ++ rest[index - 4] = obj; ++ break; ++ } ++ } ++ } ++ ++ /** ++ * Encodes this instance to the given stream. ++ * ++ * @param out non-null; stream to encode to ++ */ ++ /*package*/ abstract void encode(DEROutputStream out) throws IOException; ++ ++ /** ++ * Gets an enumeration of all the objects in this collection. ++ * ++ * @return non-null; the enumeration ++ */ ++ public final Enumeration getObjects() { ++ return new ASN1CollectionEnumeration(); ++ } ++ ++ /** ++ * Associated enumeration class. ++ */ ++ private class ASN1CollectionEnumeration implements Enumeration { ++ /** original size; used for modification detection */ ++ private final int origSize = size; ++ ++ /** >= 0; current cursor */ ++ private int at = 0; ++ ++ /** {@inheritDoc} */ ++ public boolean hasMoreElements() { ++ if (size != origSize) { ++ throw new ConcurrentModificationException(); ++ } ++ ++ return at < origSize; ++ } ++ ++ /** {@inheritDoc} */ ++ public Object nextElement() { ++ if (size != origSize) { ++ throw new ConcurrentModificationException(); ++ } ++ ++ switch (at++) { ++ case 0: return obj0; ++ case 1: return obj1; ++ case 2: return obj2; ++ case 3: return obj3; ++ default: return rest[at - 5]; ++ } ++ } ++ } ++ ++ /** ++ * Sorts the elements in this instance. ++ */ ++ protected void sort() { ++ if (size <= 1) { ++ return; ++ } ++ ++ boolean swapped = true; ++ ++ // TODO: This is bubble sort. Probably not the best choice. ++ while (swapped) { ++ int index = 0; ++ byte[] a = getEncoded(getObjectAt(0)); ++ ++ swapped = false; ++ ++ while (index != size - 1) { ++ int nextIndex = index + 1; ++ byte[] b = getEncoded(getObjectAt(nextIndex)); ++ ++ if (lessThanOrEqual(a, b)) { ++ a = b; ++ } else { ++ DEREncodable o = getObjectAt(index); ++ ++ setObjectAt(getObjectAt(nextIndex), index); ++ setObjectAt(o, nextIndex); ++ ++ swapped = true; ++ } ++ ++ index++; ++ } ++ } ++ } ++ ++ /** ++ * Returns true if a <= b (arrays are assumed padded with zeros). ++ */ ++ private static boolean lessThanOrEqual(byte[] a, byte[] b) { ++ if (a.length <= b.length) { ++ for (int i = 0; i != a.length; i++) { ++ int l = a[i] & 0xff; ++ int r = b[i] & 0xff; ++ ++ if (r > l) { ++ return true; ++ } else if (l > r) { ++ return false; ++ } ++ } ++ ++ return true; ++ } else { ++ for (int i = 0; i != b.length; i++) { ++ int l = a[i] & 0xff; ++ int r = b[i] & 0xff; ++ ++ if (r > l) { ++ return true; ++ } else if (l > r) { ++ return false; ++ } ++ } ++ ++ return false; ++ } ++ } ++ ++ /** ++ * Gets the encoded form of an object. ++ * ++ * @param obj non-null; object to encode ++ * @return non-null; the encoded form ++ */ ++ private static byte[] getEncoded(DEREncodable obj) { ++ ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++ ASN1OutputStream aOut = new ASN1OutputStream(bOut); ++ ++ try { ++ aOut.writeObject(obj); ++ } catch (IOException e) { ++ throw new IllegalArgumentException( ++ "cannot encode object added to collection"); ++ } ++ ++ return bOut.toByteArray(); ++ } ++ ++ /** {@inheritDoc} */ ++ public final String toString() { ++ StringBuilder sb = new StringBuilder(); ++ sb.append('['); ++ for (int i = 0; i < size; i++) { ++ if (i != 0) sb.append(", "); ++ sb.append(getObjectAt(i)); ++ } ++ sb.append(']'); ++ return sb.toString(); ++ } ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk15-134/org/bouncycastle/asn1/ASN1InputStream.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1InputStream.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/ASN1InputStream.java 2010-04-30 10:57:26.000000000 -0700 +@@ -166,7 +166,9 @@ + switch (tag) + { + case NULL: +- return new DERNull(); ++ // BEGIN android-changed ++ return DERNull.THE_ONE; ++ //END android-changed + case SEQUENCE | CONSTRUCTED: + ASN1InputStream aIn = new ASN1InputStream(bytes); + ASN1EncodableVector v = new ASN1EncodableVector(); +@@ -194,7 +196,9 @@ + + return new DERSet(v, false); + case BOOLEAN: +- return new DERBoolean(bytes); ++ // BEGIN android-changed ++ return DERBoolean.getInstance(bytes); ++ // END android-changed + case INTEGER: + return new DERInteger(bytes); + case ENUMERATED: +@@ -245,7 +249,9 @@ + { + if ((tag & CONSTRUCTED) == 0) + { +- return new DERTaggedObject(false, tagNo, new DERNull()); ++ // BEGIN android-changed ++ return new DERTaggedObject(false, tagNo, DERNull.THE_ONE); ++ // END android-changed + } + else + { +@@ -385,7 +391,9 @@ + switch (tag) + { + case NULL: +- return new BERNull(); ++ // BEGIN android-changed ++ return BERNull.THE_ONE; ++ // END android-changed + case SEQUENCE | CONSTRUCTED: + ASN1EncodableVector v = new ASN1EncodableVector(); + +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Null.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Null.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Null.java 2010-04-30 10:57:26.000000000 -0700 +@@ -8,9 +8,11 @@ + public abstract class ASN1Null + extends DERObject + { +- public ASN1Null() ++ // BEGIN android-changed ++ /*package*/ ASN1Null() + { + } ++ // END android-changed + + public int hashCode() + { +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Sequence.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Sequence.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Sequence.java 2010-04-30 10:57:26.000000000 -0700 +@@ -1,13 +1,23 @@ + package org.bouncycastle.asn1; + +-import java.io.IOException; ++// BEGIN android-removed ++//import java.io.IOException; ++// END android-removed + import java.util.Enumeration; +-import java.util.Vector; ++// BEGIN android-removed ++//import java.util.Vector; ++// END android-removed ++ ++// BEGIN android-note ++// Changed inheritence of class. ++// END android-note + + public abstract class ASN1Sequence +- extends DERObject ++ extends ASN1Collection + { +- private Vector seq = new Vector(); ++ // BEGIN android-removed ++ // private Vector seq = new Vector(); ++ // END android-removed + + /** + * return an ASN1Sequence from the given object. +@@ -86,50 +96,52 @@ + "unknown object in getInstanceFromTagged"); + } + +- public Enumeration getObjects() +- { +- return seq.elements(); +- } +- +- /** +- * return the object at the sequence postion indicated by index. +- * +- * @param index the sequence number (starting at zero) of the object +- * @return the object at the sequence postion indicated by index. +- */ +- public DEREncodable getObjectAt( +- int index) +- { +- return (DEREncodable)seq.elementAt(index); +- } +- +- /** +- * return the number of objects in this sequence. +- * +- * @return the number of objects in this sequence. +- */ +- public int size() +- { +- return seq.size(); +- } +- +- public int hashCode() +- { +- Enumeration e = this.getObjects(); +- int hashCode = 0; +- +- while (e.hasMoreElements()) +- { +- Object o = e.nextElement(); +- +- if (o != null) +- { +- hashCode ^= o.hashCode(); +- } +- } +- +- return hashCode; +- } ++ // BEGIN android-removed ++ //public Enumeration getObjects() ++ //{ ++ // return seq.elements(); ++ //} ++ ++ ///** ++ // * return the object at the sequence postion indicated by index. ++ // * ++ // * @param index the sequence number (starting at zero) of the object ++ // * @return the object at the sequence postion indicated by index. ++ // */ ++ //public DEREncodable getObjectAt( ++ // int index) ++ //{ ++ // return (DEREncodable)seq.elementAt(index); ++ //} ++ ++ ///** ++ // * return the number of objects in this sequence. ++ // * ++ // * @return the number of objects in this sequence. ++ // */ ++ //public int size() ++ //{ ++ // return seq.size(); ++ //} ++ ++ //public int hashCode() ++ //{ ++ // Enumeration e = this.getObjects(); ++ // int hashCode = 0; ++ ++ // while (e.hasMoreElements()) ++ // { ++ // Object o = e.nextElement(); ++ // ++ // if (o != null) ++ // { ++ // hashCode ^= o.hashCode(); ++ // } ++ // } ++ ++ // return hashCode; ++ //} ++ // END android-removed + + public boolean equals( + Object o) +@@ -186,17 +198,19 @@ + return true; + } + +- protected void addObject( +- DEREncodable obj) +- { +- seq.addElement(obj); +- } +- +- abstract void encode(DEROutputStream out) +- throws IOException; +- +- public String toString() +- { +- return seq.toString(); +- } ++ // BEGIN android-removed ++ //protected void addObject( ++ // DEREncodable obj) ++ //{ ++ // seq.addElement(obj); ++ //} ++ ++ //abstract void encode(DEROutputStream out) ++ // throws IOException; ++ ++ //public String toString() ++ //{ ++ // return seq.toString(); ++ //} ++ // END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Set.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/ASN1Set.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/ASN1Set.java 2010-04-30 10:57:26.000000000 -0700 +@@ -1,14 +1,24 @@ + package org.bouncycastle.asn1; + +-import java.io.ByteArrayOutputStream; +-import java.io.IOException; ++// BEGIN android-removed ++//import java.io.ByteArrayOutputStream; ++//import java.io.IOException; ++// END android-removed + import java.util.Enumeration; +-import java.util.Vector; ++// BEGIN android-removed ++//import java.util.Vector; ++// END android-removed; ++ ++// BEGIN android-note ++// Changed inheritence of class. ++// END android-note + + abstract public class ASN1Set +- extends DERObject ++ extends ASN1Collection + { +- protected Vector set = new Vector(); ++ // BEGIN android-removed ++ //protected Vector set = new Vector(); ++ // END android-removed + + /** + * return an ASN1Set from the given object. +@@ -105,45 +115,47 @@ + { + } + +- public Enumeration getObjects() +- { +- return set.elements(); +- } +- +- /** +- * return the object at the set postion indicated by index. +- * +- * @param index the set number (starting at zero) of the object +- * @return the object at the set postion indicated by index. +- */ +- public DEREncodable getObjectAt( +- int index) +- { +- return (DEREncodable)set.elementAt(index); +- } +- +- /** +- * return the number of objects in this set. +- * +- * @return the number of objects in this set. +- */ +- public int size() +- { +- return set.size(); +- } +- +- public int hashCode() +- { +- Enumeration e = this.getObjects(); +- int hashCode = 0; +- +- while (e.hasMoreElements()) +- { +- hashCode ^= e.nextElement().hashCode(); +- } +- +- return hashCode; +- } ++ // BEGIN android-removed ++ //public Enumeration getObjects() ++ //{ ++ // return set.elements(); ++ //} ++ ++ ///** ++ // * return the object at the set postion indicated by index. ++ // * ++ // * @param index the set number (starting at zero) of the object ++ // * @return the object at the set postion indicated by index. ++ // */ ++ //public DEREncodable getObjectAt( ++ // int index) ++ //{ ++ // return (DEREncodable)set.elementAt(index); ++ //} ++ ++ ///** ++ // * return the number of objects in this set. ++ // * ++ // * @return the number of objects in this set. ++ // */ ++ //public int size() ++ //{ ++ // return set.size(); ++ //} ++ ++ //public int hashCode() ++ //{ ++ // Enumeration e = this.getObjects(); ++ // int hashCode = 0; ++ ++ // while (e.hasMoreElements()) ++ // { ++ // hashCode ^= e.nextElement().hashCode(); ++ // } ++ ++ // return hashCode; ++ //} ++ // END android-removed + + public boolean equals( + Object o) +@@ -186,119 +198,121 @@ + return true; + } + +- /** +- * return true if a <= b (arrays are assumed padded with zeros). +- */ +- private boolean lessThanOrEqual( +- byte[] a, +- byte[] b) +- { +- if (a.length <= b.length) +- { +- for (int i = 0; i != a.length; i++) +- { +- int l = a[i] & 0xff; +- int r = b[i] & 0xff; +- +- if (r > l) +- { +- return true; +- } +- else if (l > r) +- { +- return false; +- } +- } +- +- return true; +- } +- else +- { +- for (int i = 0; i != b.length; i++) +- { +- int l = a[i] & 0xff; +- int r = b[i] & 0xff; +- +- if (r > l) +- { +- return true; +- } +- else if (l > r) +- { +- return false; +- } +- } +- +- return false; +- } +- } +- +- private byte[] getEncoded( +- DEREncodable obj) +- { +- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); +- ASN1OutputStream aOut = new ASN1OutputStream(bOut); +- +- try +- { +- aOut.writeObject(obj); +- } +- catch (IOException e) +- { +- throw new IllegalArgumentException("cannot encode object added to SET"); +- } +- +- return bOut.toByteArray(); +- } +- +- protected void sort() +- { +- if (set.size() > 1) +- { +- boolean swapped = true; +- +- while (swapped) +- { +- int index = 0; +- byte[] a = getEncoded((DEREncodable)set.elementAt(0)); +- +- swapped = false; +- +- while (index != set.size() - 1) +- { +- byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1)); +- +- if (lessThanOrEqual(a, b)) +- { +- a = b; +- } +- else +- { +- Object o = set.elementAt(index); +- +- set.setElementAt(set.elementAt(index + 1), index); +- set.setElementAt(o, index + 1); +- +- swapped = true; +- } +- +- index++; +- } +- } +- } +- } +- +- protected void addObject( +- DEREncodable obj) +- { +- set.addElement(obj); +- } +- +- abstract void encode(DEROutputStream out) +- throws IOException; +- +- public String toString() +- { +- return set.toString(); +- } ++ // BEGIN android-removed ++ ///** ++ // * return true if a <= b (arrays are assumed padded with zeros). ++ // */ ++ //private boolean lessThanOrEqual( ++ // byte[] a, ++ // byte[] b) ++ //{ ++ // if (a.length <= b.length) ++ // { ++ // for (int i = 0; i != a.length; i++) ++ // { ++ // int l = a[i] & 0xff; ++ // int r = b[i] & 0xff; ++ // ++ // if (r > l) ++ // { ++ // return true; ++ // } ++ // else if (l > r) ++ // { ++ // return false; ++ // } ++ // } ++ ++ // return true; ++ // } ++ // else ++ // { ++ // for (int i = 0; i != b.length; i++) ++ // { ++ // int l = a[i] & 0xff; ++ // int r = b[i] & 0xff; ++ // ++ // if (r > l) ++ // { ++ // return true; ++ // } ++ // else if (l > r) ++ // { ++ // return false; ++ // } ++ // } ++ ++ // return false; ++ // } ++ //} ++ ++ //private byte[] getEncoded( ++ // DEREncodable obj) ++ //{ ++ // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++ // ASN1OutputStream aOut = new ASN1OutputStream(bOut); ++ ++ // try ++ // { ++ // aOut.writeObject(obj); ++ // } ++ // catch (IOException e) ++ // { ++ // throw new IllegalArgumentException("cannot encode object added to SET"); ++ // } ++ ++ // return bOut.toByteArray(); ++ //} ++ ++ //protected void sort() ++ //{ ++ // if (set.size() > 1) ++ // { ++ // boolean swapped = true; ++ ++ // while (swapped) ++ // { ++ // int index = 0; ++ // byte[] a = getEncoded((DEREncodable)set.elementAt(0)); ++ // ++ // swapped = false; ++ // ++ // while (index != set.size() - 1) ++ // { ++ // byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1)); ++ ++ // if (lessThanOrEqual(a, b)) ++ // { ++ // a = b; ++ // } ++ // else ++ // { ++ // Object o = set.elementAt(index); ++ ++ // set.setElementAt(set.elementAt(index + 1), index); ++ // set.setElementAt(o, index + 1); ++ ++ // swapped = true; ++ // } ++ ++ // index++; ++ // } ++ // } ++ // } ++ //} ++ ++ //protected void addObject( ++ // DEREncodable obj) ++ //{ ++ // set.addElement(obj); ++ //} ++ ++ //abstract void encode(DEROutputStream out) ++ // throws IOException; ++ ++ //public String toString() ++ //{ ++ // return set.toString(); ++ //} ++ // END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/BERNull.java bcprov-jdk15-134/org/bouncycastle/asn1/BERNull.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/BERNull.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/BERNull.java 2010-04-30 10:57:26.000000000 -0700 +@@ -8,9 +8,16 @@ + public class BERNull + extends DERNull + { +- public BERNull() ++ // BEGIN android-added ++ /** non-null; unique instance of this class */ ++ static public final BERNull THE_ONE = new BERNull(); ++ // END android-added ++ ++ // BEGIN android-changed ++ private BERNull() + { + } ++ // END android-changed + + void encode( + DEROutputStream out) +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15-134/org/bouncycastle/asn1/DERBoolean.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERBoolean.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/DERBoolean.java 2010-04-30 10:57:26.000000000 -0700 +@@ -5,7 +5,9 @@ + public class DERBoolean + extends DERObject + { +- byte value; ++ // BEGIN android-changed ++ private final byte value; ++ // END android-changed + + public static final DERBoolean FALSE = new DERBoolean(false); + public static final DERBoolean TRUE = new DERBoolean(true); +@@ -25,7 +27,9 @@ + + if (obj instanceof ASN1OctetString) + { +- return new DERBoolean(((ASN1OctetString)obj).getOctets()); ++ // BEGIN android-changed ++ return getInstance(((ASN1OctetString)obj).getOctets()); ++ // END android-changed + } + + if (obj instanceof ASN1TaggedObject) +@@ -45,6 +49,17 @@ + return (value ? TRUE : FALSE); + } + ++ // BEGIN android-added ++ /** ++ * return a DERBoolean from the passed in array. ++ */ ++ public static DERBoolean getInstance( ++ byte[] octets) ++ { ++ return (octets[0] != 0) ? TRUE : FALSE; ++ } ++ // END android-added ++ + /** + * return a Boolean from a tagged object. + * +@@ -60,18 +75,22 @@ + { + return getInstance(obj.getObject()); + } +- +- public DERBoolean( +- byte[] value) +- { +- this.value = value[0]; +- } + +- public DERBoolean( ++ // BEGIN android-removed ++ //private DERBoolean( ++ // byte[] value) ++ //{ ++ // this.value = value[0]; ++ //} ++ // END android-removed ++ ++ // BEGIN android-changed ++ private DERBoolean( + boolean value) + { + this.value = (value) ? (byte)0xff : (byte)0; + } ++ // END android-changed + + public boolean isTrue() + { +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERInputStream.java bcprov-jdk15-134/org/bouncycastle/asn1/DERInputStream.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERInputStream.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/DERInputStream.java 2010-04-30 10:57:26.000000000 -0700 +@@ -144,7 +144,9 @@ + return new DERConstructedSet(v); + } + case BOOLEAN: +- return new DERBoolean(bytes); ++ // BEGIN android-changed ++ return DERBoolean.getInstance(bytes); ++ // BEGIN android-changed + case INTEGER: + return new DERInteger(bytes); + case ENUMERATED: +@@ -195,7 +197,9 @@ + { + if ((tag & CONSTRUCTED) == 0) + { +- return new DERTaggedObject(false, tag & 0x1f, new DERNull()); ++ // BEGIN android-changed ++ return new DERTaggedObject(false, tag & 0x1f, DERNull.THE_ONE); ++ // END android-changed + } + else + { +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15-134/org/bouncycastle/asn1/DERNull.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERNull.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/DERNull.java 2010-04-30 10:57:26.000000000 -0700 +@@ -8,11 +8,18 @@ + public class DERNull + extends ASN1Null + { +- byte[] zeroBytes = new byte[0]; ++ // BEGIN android-added ++ /** non-null; unique instance of this class */ ++ static public final DERNull THE_ONE = new DERNull(); ++ // END android-added + +- public DERNull() ++ // BEGIN android-changed ++ private static final byte[] zeroBytes = new byte[0]; ++ ++ /*package*/ DERNull() + { + } ++ // END android-changed + + void encode( + DEROutputStream out) +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15-134/org/bouncycastle/asn1/DERObjectIdentifier.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-04-30 10:57:26.000000000 -0700 +@@ -111,7 +111,13 @@ + } + } + +- this.identifier = objId.toString(); ++ // BEGIN android-changed ++ /* ++ * Intern the identifier so there aren't hundreds of duplicates ++ * (in practice). ++ */ ++ this.identifier = objId.toString().intern(); ++ // END android-changed + } + + public DERObjectIdentifier( +@@ -122,7 +128,13 @@ + throw new IllegalArgumentException("string " + identifier + " not an OID"); + } + +- this.identifier = identifier; ++ // BEGIN android-changed ++ /* ++ * Intern the identifier so there aren't hundreds of duplicates ++ * (in practice). ++ */ ++ this.identifier = identifier.intern(); ++ // END android-changed + } + + public String getId() +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15-134/org/bouncycastle/asn1/DERPrintableString.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/DERPrintableString.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/DERPrintableString.java 2010-04-30 10:57:26.000000000 -0700 +@@ -9,7 +9,9 @@ + extends DERObject + implements DERString + { +- String string; ++ // BEGIN android-changed ++ private final String string; ++ // END android-changed + + /** + * return a printable string from the passed in object. +@@ -66,7 +68,9 @@ + cs[i] = (char)(string[i] & 0xff); + } + +- this.string = new String(cs); ++ // BEGIN android-changed ++ this.string = new String(cs).intern(); ++ // END android-changed + } + + /** +@@ -75,7 +79,9 @@ + public DERPrintableString( + String string) + { +- this.string = string; ++ // BEGIN android-changed ++ this.string = string.intern(); ++ // END android-changed + } + + public String getString() +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-jdk15-134/org/bouncycastle/asn1/OrderedTable.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/OrderedTable.java 1969-12-31 16:00:00.000000000 -0800 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/OrderedTable.java 2010-04-30 10:57:26.000000000 -0700 +@@ -0,0 +1,224 @@ ++package org.bouncycastle.asn1; ++ ++import java.util.Enumeration; ++import java.util.ConcurrentModificationException; ++ ++// BEGIN android-note ++/* ++ * This is a new class that was synthesized from the observed ++ * requirement for a lookup table that preserves order. Since in ++ * practice the element count is typically very low, we just use a ++ * flat list rather than doing any hashing / bucketing. ++ */ ++// END android-note ++ ++/** ++ * Ordered lookup table. Instances of this class will keep up to four ++ * key-value pairs directly, resorting to an external collection only ++ * if more elements than that need to be stored. ++ */ ++public final class OrderedTable { ++ /** null-ok; key #0 */ ++ private DERObjectIdentifier key0; ++ ++ /** null-ok; key #1 */ ++ private DERObjectIdentifier key1; ++ ++ /** null-ok; key #2 */ ++ private DERObjectIdentifier key2; ++ ++ /** null-ok; key #3 */ ++ private DERObjectIdentifier key3; ++ ++ /** null-ok; value #0 */ ++ private Object value0; ++ ++ /** null-ok; value #1 */ ++ private Object value1; ++ ++ /** null-ok; value #2 */ ++ private Object value2; ++ ++ /** null-ok; value #3 */ ++ private Object value3; ++ ++ /** ++ * null-ok; array of additional keys and values, alternating ++ * key then value, etc. ++ */ ++ private Object[] rest; ++ ++ /** >= 0; number of elements in the list */ ++ private int size; ++ ++ // Note: Default public constructor. ++ ++ /** ++ * Adds an element. ++ * ++ * @param key non-null; the key ++ * @param value non-null; the value ++ */ ++ public void add(DERObjectIdentifier key, Object value) { ++ if (key == null) { ++ throw new NullPointerException("key == null"); ++ } ++ ++ if (value == null) { ++ throw new NullPointerException("value == null"); ++ } ++ ++ int sz = size; ++ ++ switch (sz) { ++ case 0: { ++ key0 = key; ++ value0 = value; ++ break; ++ } ++ case 1: { ++ key1 = key; ++ value1 = value; ++ break; ++ } ++ case 2: { ++ key2 = key; ++ value2 = value; ++ break; ++ } ++ case 3: { ++ key3 = key; ++ value3 = value; ++ break; ++ } ++ case 4: { ++ // Do initial allocation of rest. ++ rest = new Object[10]; ++ rest[0] = key; ++ rest[1] = value; ++ break; ++ } ++ default: { ++ int index = (sz - 4) * 2; ++ int index1 = index + 1; ++ if (index1 >= rest.length) { ++ // Grow rest. ++ Object[] newRest = new Object[index1 * 2 + 10]; ++ System.arraycopy(rest, 0, newRest, 0, rest.length); ++ rest = newRest; ++ } ++ rest[index] = key; ++ rest[index1] = value; ++ break; ++ } ++ } ++ ++ size = sz + 1; ++ } ++ ++ /** ++ * Gets the number of elements in this instance. ++ */ ++ public int size() { ++ return size; ++ } ++ ++ /** ++ * Look up the given key, returning the associated value if found. ++ * ++ * @param key non-null; the key to look up ++ * @return null-ok; the associated value ++ */ ++ public Object get(DERObjectIdentifier key) { ++ int keyHash = key.hashCode(); ++ int sz = size; ++ ++ for (int i = 0; i < size; i++) { ++ DERObjectIdentifier probe = getKey(i); ++ if ((probe.hashCode() == keyHash) && ++ probe.equals(key)) { ++ return getValue(i); ++ } ++ } ++ ++ return null; ++ } ++ ++ /** ++ * Gets the nth key. ++ * ++ * @param n index ++ * @return non-null; the nth key ++ */ ++ public DERObjectIdentifier getKey(int n) { ++ if ((n < 0) || (n >= size)) { ++ throw new IndexOutOfBoundsException(Integer.toString(n)); ++ } ++ ++ switch (n) { ++ case 0: return key0; ++ case 1: return key1; ++ case 2: return key2; ++ case 3: return key3; ++ default: return (DERObjectIdentifier) rest[(n - 4) * 2]; ++ } ++ } ++ ++ /** ++ * Gets the nth value. ++ * ++ * @param n index ++ * @return non-null; the nth value ++ */ ++ public Object getValue(int n) { ++ if ((n < 0) || (n >= size)) { ++ throw new IndexOutOfBoundsException(Integer.toString(n)); ++ } ++ ++ switch (n) { ++ case 0: return value0; ++ case 1: return value1; ++ case 2: return value2; ++ case 3: return value3; ++ default: return rest[((n - 4) * 2) + 1]; ++ } ++ } ++ ++ /** ++ * Gets an enumeration of the keys, in order. ++ * ++ * @return non-null; an enumeration of the keys ++ */ ++ public Enumeration getKeys() { ++ return new KeyEnumeration(); ++ } ++ ++ /** ++ * Associated enumeration class. ++ */ ++ private class KeyEnumeration implements Enumeration { ++ /** original size; used for modification detection */ ++ private final int origSize = size; ++ ++ /** >= 0; current cursor */ ++ private int at = 0; ++ ++ /** {@inheritDoc} */ ++ public boolean hasMoreElements() { ++ if (size != origSize) { ++ throw new ConcurrentModificationException(); ++ } ++ ++ return at < origSize; ++ } ++ ++ /** {@inheritDoc} */ ++ public Object nextElement() { ++ if (size != origSize) { ++ throw new ConcurrentModificationException(); ++ } ++ ++ return getKey(at++); ++ } ++ } ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java bcprov-jdk15-134/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java 2010-04-30 10:57:26.000000000 -0700 +@@ -11,4 +11,4 @@ + public static final DERObjectIdentifier proofOfSender = PKCSObjectIdentifiers.id_cti_ets_proofOfSender; + public static final DERObjectIdentifier proofOfApproval = PKCSObjectIdentifiers.id_cti_ets_proofOfApproval; + public static final DERObjectIdentifier proofOfCreation = PKCSObjectIdentifiers.id_cti_ets_proofOfCreation; +-} +\ No newline at end of file ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java bcprov-jdk15-134/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java 2010-04-30 10:57:26.000000000 -0700 +@@ -80,4 +80,4 @@ + + return new DERSequence(v); + } +-} +\ No newline at end of file ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/esf/SignerLocation.java bcprov-jdk15-134/org/bouncycastle/asn1/esf/SignerLocation.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/esf/SignerLocation.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/esf/SignerLocation.java 2010-04-30 10:57:26.000000000 -0700 +@@ -143,4 +143,4 @@ + + return new DERSequence(v); + } +-} +\ No newline at end of file ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java bcprov-jdk15-134/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java 2010-04-30 10:57:26.000000000 -0700 +@@ -5,7 +5,7 @@ + public interface GNUObjectIdentifiers + { + public static final DERObjectIdentifier GNU = new DERObjectIdentifier("1.3.6.1.4.1.11591.1"); // GNU Radius +- public static final DERObjectIdentifier GnuPG = new DERObjectIdentifier("1.3.6.1.4.1.11591.2"); // GnuPG (Ägypten) ++ public static final DERObjectIdentifier GnuPG = new DERObjectIdentifier("1.3.6.1.4.1.11591.2"); // GnuPG (Aegypten) + public static final DERObjectIdentifier notation = new DERObjectIdentifier("1.3.6.1.4.1.11591.2.1"); // notation + public static final DERObjectIdentifier pkaAddress = new DERObjectIdentifier("1.3.6.1.4.1.11591.2.1.1"); // pkaAddress + public static final DERObjectIdentifier GnuRadar = new DERObjectIdentifier("1.3.6.1.4.1.11591.3"); // GNU Radar +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/ocsp/CertStatus.java bcprov-jdk15-134/org/bouncycastle/asn1/ocsp/CertStatus.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/ocsp/CertStatus.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/ocsp/CertStatus.java 2010-04-30 10:57:26.000000000 -0700 +@@ -21,7 +21,9 @@ + public CertStatus() + { + tagNo = 0; +- value = new DERNull(); ++ // BEGIN android-changed ++ value = DERNull.THE_ONE; ++ // END android-changed + } + + public CertStatus( +@@ -47,13 +49,17 @@ + switch (choice.getTagNo()) + { + case 0: +- value = new DERNull(); ++ // BEGIN android-changed ++ value = DERNull.THE_ONE; ++ // END android-changed + break; + case 1: + value = RevokedInfo.getInstance(choice, false); + break; + case 2: +- value = new DERNull(); ++ // BEGIN android-changed ++ value = DERNull.THE_ONE; ++ // END android-changed + } + } + +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15-134/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-04-30 10:57:26.000000000 -0700 +@@ -10,7 +10,10 @@ + // + static final String pkcs_1 = "1.2.840.113549.1.1"; + static final DERObjectIdentifier rsaEncryption = new DERObjectIdentifier(pkcs_1 + ".1"); +- static final DERObjectIdentifier md2WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".2"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // static final DERObjectIdentifier md2WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".2"); ++ // END android-removed + static final DERObjectIdentifier md4WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".3"); + static final DERObjectIdentifier md5WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".4"); + static final DERObjectIdentifier sha1WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".5"); +@@ -65,7 +68,10 @@ + // md2 OBJECT IDENTIFIER ::= + // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2} + // +- static final DERObjectIdentifier md2 = new DERObjectIdentifier(digestAlgorithm + ".2"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // static final DERObjectIdentifier md2 = new DERObjectIdentifier(digestAlgorithm + ".2"); ++ // END android-removed + + // + // md4 OBJECT IDENTIFIER ::= +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk15-134/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-04-30 10:57:26.000000000 -0700 +@@ -19,7 +19,9 @@ + private AlgorithmIdentifier maskGenAlgorithm; + private AlgorithmIdentifier pSourceAlgorithm; + +- public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); ++ // BEGIN android-changed ++ public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.THE_ONE); ++ // END android-changed + public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); + public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0])); + +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk15-134/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-04-30 10:57:26.000000000 -0700 +@@ -20,7 +20,9 @@ + private DERInteger saltLength; + private DERInteger trailerField; + +- public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); ++ // BEGIN android-changed ++ public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.THE_ONE); ++ // END android-changed + public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); + public final static DERInteger DEFAULT_SALT_LENGTH = new DERInteger(20); + public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/tsp/MessageImprint.java bcprov-jdk15-134/org/bouncycastle/asn1/tsp/MessageImprint.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/tsp/MessageImprint.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/tsp/MessageImprint.java 2010-04-30 10:57:26.000000000 -0700 +@@ -74,4 +74,4 @@ + + return new DERSequence(v); + } +-} +\ No newline at end of file ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/tsp/TSTInfo.java bcprov-jdk15-134/org/bouncycastle/asn1/tsp/TSTInfo.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/tsp/TSTInfo.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/tsp/TSTInfo.java 2010-04-30 10:57:26.000000000 -0700 +@@ -90,7 +90,9 @@ + genTime = DERGeneralizedTime.getInstance(e.nextElement()); + + // default for ordering +- ordering = new DERBoolean(false); ++ // BEGIN android-changed ++ ordering = DERBoolean.FALSE; ++ // END android-changed + + while (e.hasMoreElements()) + { +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk15-134/org/bouncycastle/asn1/util/ASN1Dump.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/util/ASN1Dump.java 2010-04-30 10:57:26.000000000 -0700 +@@ -52,7 +52,8 @@ + { + Object o = e.nextElement(); + +- if (o == null || o.equals(new DERNull())) ++ // BEGIN android-changed ++ if (o == null || o.equals(DERNull.THE_ONE)) + { + buf.append(tab); + buf.append("NULL"); +@@ -66,6 +67,7 @@ + { + buf.append(_dumpAsString(tab, ((DEREncodable)o).getDERObject())); + } ++ // END android-changed + } + return buf.toString(); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/AttCertIssuer.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-04-30 10:57:26.000000000 -0700 +@@ -45,7 +45,7 @@ + ASN1TaggedObject obj, + boolean explicit) + { +- return getInstance(obj.getObject()); // must be explictly tagged ++ return getInstance(obj.getObject()); // must be explicitly tagged + } + + /** +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/BasicConstraints.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-04-30 10:57:26.000000000 -0700 +@@ -14,7 +14,9 @@ + public class BasicConstraints + extends ASN1Encodable + { +- DERBoolean cA = new DERBoolean(false); ++ // BEGIN android-changed ++ DERBoolean cA = DERBoolean.FALSE; ++ // END android-changed + DERInteger pathLenConstraint = null; + + public static BasicConstraints getInstance( +@@ -68,7 +70,9 @@ + { + if (cA) + { +- this.cA = new DERBoolean(cA); ++ // BEGIN android-changed ++ this.cA = DERBoolean.getInstance(cA); ++ // END android-changed + this.pathLenConstraint = new DERInteger(pathLenConstraint); + } + else +@@ -83,7 +87,9 @@ + { + if (cA) + { +- this.cA = new DERBoolean(true); ++ // BEGIN android-changed ++ this.cA = DERBoolean.TRUE; ++ // END android-changed + } + else + { +@@ -100,7 +106,9 @@ + public BasicConstraints( + int pathLenConstraint) + { +- this.cA = new DERBoolean(true); ++ // BEGIN android-changed ++ this.cA = DERBoolean.TRUE; ++ // END android-changed + this.pathLenConstraint = new DERInteger(pathLenConstraint); + } + +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509Extensions.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509Extensions.java 2010-04-30 10:57:26.000000000 -0700 +@@ -13,6 +13,9 @@ + import org.bouncycastle.asn1.DERObject; + import org.bouncycastle.asn1.DERObjectIdentifier; + import org.bouncycastle.asn1.DERSequence; ++// BEGIN android-added ++import org.bouncycastle.asn1.OrderedTable; ++// END android-added + + public class X509Extensions + extends ASN1Encodable +@@ -152,8 +155,9 @@ + */ + public static final DERObjectIdentifier QCStatements = new DERObjectIdentifier("1.3.6.1.5.5.7.1.3"); + +- private Hashtable extensions = new Hashtable(); +- private Vector ordering = new Vector(); ++ // BEGIN android-changed ++ private OrderedTable table = new OrderedTable(); ++ // END android-changed + + public static X509Extensions getInstance( + ASN1TaggedObject obj, +@@ -197,20 +201,26 @@ + { + ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); + +- if (s.size() == 3) ++ // BEGIN android-changed ++ int sSize = s.size(); ++ DERObjectIdentifier key = (DERObjectIdentifier) s.getObjectAt(0); ++ Object value; ++ ++ if (sSize == 3) + { +- extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)))); ++ value = new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))); + } +- else if (s.size() == 2) ++ else if (sSize == 2) + { +- extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)))); ++ value = new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))); + } + else + { +- throw new IllegalArgumentException("Bad sequence size: " + s.size()); ++ throw new IllegalArgumentException("Bad sequence size: " + sSize); + } + +- ordering.addElement(s.getObjectAt(0)); ++ table.add(key, value); ++ // END android-changed + } + } + +@@ -245,20 +255,14 @@ + e = ordering.elements(); + } + +- while (e.hasMoreElements()) +- { +- this.ordering.addElement(e.nextElement()); +- } +- +- e = this.ordering.elements(); +- ++ // BEGIN android-changed + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = (X509Extension)extensions.get(oid); +- +- this.extensions.put(oid, ext); ++ table.add(oid, ext); + } ++ // END android-changed + } + + /** +@@ -273,23 +277,18 @@ + { + Enumeration e = objectIDs.elements(); + +- while (e.hasMoreElements()) +- { +- this.ordering.addElement(e.nextElement()); +- } +- ++ // BEGIN android-changed + int count = 0; + +- e = this.ordering.elements(); +- + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = (X509Extension)values.elementAt(count); + +- this.extensions.put(oid, ext); ++ table.add(oid, ext); + count++; + } ++ // END android-changed + } + + /** +@@ -297,7 +296,9 @@ + */ + public Enumeration oids() + { +- return ordering.elements(); ++ // BEGIN android-changed ++ return table.getKeys(); ++ // END android-changed + } + + /** +@@ -309,7 +310,9 @@ + public X509Extension getExtension( + DERObjectIdentifier oid) + { +- return (X509Extension)extensions.get(oid); ++ // BEGIN android-changed ++ return (X509Extension)table.get(oid); ++ // END android-changed + } + + /** +@@ -324,42 +327,42 @@ + */ + public DERObject toASN1Object() + { ++ // BEGIN android-changed ++ int size = table.size(); + ASN1EncodableVector vec = new ASN1EncodableVector(); +- Enumeration e = ordering.elements(); + +- while (e.hasMoreElements()) +- { +- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); +- X509Extension ext = (X509Extension)extensions.get(oid); ++ for (int i = 0; i < size; i++) { ++ DERObjectIdentifier oid = table.getKey(i); ++ X509Extension ext = (X509Extension)table.getValue(i); + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(oid); + + if (ext.isCritical()) + { +- v.add(new DERBoolean(true)); ++ v.add(DERBoolean.TRUE); + } + + v.add(ext.getValue()); + + vec.add(new DERSequence(v)); + } +- ++ // END android-changed ++ + return new DERSequence(vec); + } + + public int hashCode() + { +- Enumeration e = extensions.keys(); ++ // BEGIN android-changed ++ int size = table.size(); + int hashCode = 0; + +- while (e.hasMoreElements()) +- { +- Object o = e.nextElement(); +- +- hashCode ^= o.hashCode(); +- hashCode ^= extensions.get(o).hashCode(); ++ for (int i = 0; i < size; i++) { ++ hashCode ^= table.getKey(i).hashCode(); ++ hashCode ^= table.getValue(i).hashCode(); + } ++ // END android-changed + + return hashCode; + } +@@ -374,8 +377,10 @@ + + X509Extensions other = (X509Extensions)o; + +- Enumeration e1 = extensions.keys(); +- Enumeration e2 = other.extensions.keys(); ++ // BEGIN android-changed ++ Enumeration e1 = table.getKeys(); ++ Enumeration e2 = other.table.getKeys(); ++ // END android-changed + + while (e1.hasMoreElements() && e2.hasMoreElements()) + { +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509Name.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509Name.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509Name.java 2010-04-30 10:57:26.000000000 -0700 +@@ -219,8 +219,10 @@ + */ + public static Hashtable DefaultLookUp = SymbolLookUp; + +- private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility +- private static final Boolean FALSE = new Boolean(false); ++ // BEGIN android-removed ++ //private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility ++ //private static final Boolean FALSE = new Boolean(false); ++ // END android-removed + + static + { +@@ -308,9 +310,9 @@ + } + + private X509NameEntryConverter converter = null; +- private Vector ordering = new Vector(); +- private Vector values = new Vector(); +- private Vector added = new Vector(); ++ // BEGIN android-changed ++ private X509NameElementList elems = new X509NameElementList(); ++ // END android-changed + + private ASN1Sequence seq; + +@@ -361,20 +363,29 @@ + + for (int i = 0; i < set.size(); i++) + { ++ // BEGIN android-changed + ASN1Sequence s = (ASN1Sequence)set.getObjectAt(i); + +- ordering.addElement(s.getObjectAt(0)); +- ++ DERObjectIdentifier key = ++ (DERObjectIdentifier) s.getObjectAt(0); + DEREncodable value = s.getObjectAt(1); ++ String valueStr; ++ + if (value instanceof DERString) + { +- values.addElement(((DERString)value).getString()); ++ valueStr = ((DERString)value).getString(); + } + else + { +- values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); ++ valueStr = "#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())); + } +- added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility ++ ++ /* ++ * The added flag set to (i != 0), to allow earlier JDK ++ * compatibility. ++ */ ++ elems.add(key, valueStr, i != 0); ++ // END android-changed + } + } + } +@@ -427,14 +438,23 @@ + Hashtable attributes, + X509DefaultEntryConverter converter) + { ++ // BEGIN android-changed ++ DERObjectIdentifier problem = null; + this.converter = converter; + + if (ordering != null) + { + for (int i = 0; i != ordering.size(); i++) + { +- this.ordering.addElement(ordering.elementAt(i)); +- this.added.addElement(FALSE); ++ DERObjectIdentifier key = ++ (DERObjectIdentifier) ordering.elementAt(i); ++ String value = (String) attributes.get(key); ++ if (value == null) ++ { ++ problem = key; ++ break; ++ } ++ elems.add(key, value); + } + } + else +@@ -443,22 +463,23 @@ + + while (e.hasMoreElements()) + { +- this.ordering.addElement(e.nextElement()); +- this.added.addElement(FALSE); ++ DERObjectIdentifier key = ++ (DERObjectIdentifier) e.nextElement(); ++ String value = (String) attributes.get(key); ++ if (value == null) ++ { ++ problem = key; ++ break; ++ } ++ elems.add(key, value); + } + } + +- for (int i = 0; i != this.ordering.size(); i++) ++ if (problem != null) + { +- DERObjectIdentifier oid = (DERObjectIdentifier)this.ordering.elementAt(i); +- +- if (attributes.get(oid) == null) +- { +- throw new IllegalArgumentException("No attribute for object id - " + oid.getId() + " - passed to distinguished name"); +- } +- +- this.values.addElement(attributes.get(oid)); // copy the hash table ++ throw new IllegalArgumentException("No attribute for object id - " + problem.getId() + " - passed to distinguished name"); + } ++ // END android-changed + } + + /** +@@ -491,9 +512,10 @@ + + for (int i = 0; i < oids.size(); i++) + { +- this.ordering.addElement(oids.elementAt(i)); +- this.values.addElement(values.elementAt(i)); +- this.added.addElement(FALSE); ++ // BEGIN android-changed ++ elems.add((DERObjectIdentifier) oids.elementAt(i), ++ (String) values.elementAt(i)); ++ // END android-changed + } + } + +@@ -620,7 +642,7 @@ + + if (index == -1) + { +- throw new IllegalArgumentException("badly formated directory string"); ++ throw new IllegalArgumentException("badly formatted directory string"); + } + + String name = token.substring(0, index); +@@ -631,9 +653,9 @@ + { + X509NameTokenizer vTok = new X509NameTokenizer(value, '+'); + +- this.ordering.addElement(oid); +- this.values.addElement(vTok.nextToken()); +- this.added.addElement(FALSE); ++ // BEGIN android-changed ++ elems.add(oid, vTok.nextToken()); ++ // END android-changed + + while (vTok.hasMoreTokens()) + { +@@ -642,35 +664,24 @@ + + String nm = sv.substring(0, ndx); + String vl = sv.substring(ndx + 1); +- this.ordering.addElement(decodeOID(nm, lookUp)); +- this.values.addElement(vl); +- this.added.addElement(TRUE); ++ // BEGIN android-changed ++ elems.add(decodeOID(nm, lookUp), vl, true); ++ // END android-changed + } + } + else + { +- this.ordering.addElement(oid); +- this.values.addElement(value); +- this.added.addElement(FALSE); ++ // BEGIN android-changed ++ elems.add(oid, value); ++ // END android-changed + } + } + + if (reverse) + { +- Vector o = new Vector(); +- Vector v = new Vector(); +- Vector a = new Vector(); +- +- for (int i = this.ordering.size() - 1; i >= 0; i--) +- { +- o.addElement(this.ordering.elementAt(i)); +- v.addElement(this.values.elementAt(i)); +- a.addElement(this.added.elementAt(i)); +- } +- +- this.ordering = o; +- this.values = v; +- this.added = a; ++ // BEGIN android-changed ++ elems = elems.reverse(); ++ // END android-changed + } + } + +@@ -679,14 +690,17 @@ + */ + public Vector getOIDs() + { ++ // BEGIN android-changed + Vector v = new Vector(); ++ int size = elems.size(); + +- for (int i = 0; i != ordering.size(); i++) ++ for (int i = 0; i < size; i++) + { +- v.addElement(ordering.elementAt(i)); ++ v.addElement(elems.getKey(i)); + } + + return v; ++ // END android-changed + } + + /** +@@ -695,37 +709,41 @@ + */ + public Vector getValues() + { ++ // BEGIN android-changed + Vector v = new Vector(); ++ int size = elems.size(); + +- for (int i = 0; i != values.size(); i++) ++ for (int i = 0; i < size; i++) + { +- v.addElement(values.elementAt(i)); ++ v.addElement(elems.getValue(i)); + } + + return v; ++ // END android-changed + } + + public DERObject toASN1Object() + { + if (seq == null) + { ++ // BEGIN android-changed + ASN1EncodableVector vec = new ASN1EncodableVector(); + ASN1EncodableVector sVec = new ASN1EncodableVector(); + DERObjectIdentifier lstOid = null; ++ int size = elems.size(); + +- for (int i = 0; i != ordering.size(); i++) ++ for (int i = 0; i != size; i++) + { + ASN1EncodableVector v = new ASN1EncodableVector(); +- DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); ++ DERObjectIdentifier oid = elems.getKey(i); + + v.add(oid); + +- String str = (String)values.elementAt(i); ++ String str = elems.getValue(i); + + v.add(converter.getConvertedValue(oid, str)); +- +- if (lstOid == null +- || ((Boolean)this.added.elementAt(i)).booleanValue()) ++ ++ if (lstOid == null || elems.getAdded(i)) + { + sVec.add(new DERSequence(v)); + } +@@ -743,6 +761,7 @@ + vec.add(new DERSet(sVec)); + + seq = new DERSequence(vec); ++ // END android-changed + } + + return seq; +@@ -770,20 +789,24 @@ + } + + X509Name _oxn = (X509Name)_obj; +- int _orderingSize = ordering.size(); ++ // BEGIN android-changed ++ int _orderingSize = elems.size(); + +- if (_orderingSize != _oxn.ordering.size()) ++ if (_orderingSize != _oxn.elems.size()) + { + return false; + } ++ // END android-changed + + for(int i = 0; i < _orderingSize; i++) + { +- String _oid = ((DERObjectIdentifier)ordering.elementAt(i)).getId(); +- String _val = (String)values.elementAt(i); ++ // BEGIN android-changed ++ String _oid = elems.getKey(i).getId(); ++ String _val = elems.getValue(i); + +- String _oOID = ((DERObjectIdentifier)_oxn.ordering.elementAt(i)).getId(); +- String _oVal = (String)_oxn.values.elementAt(i); ++ String _oOID = _oxn.elems.getKey(i).getId(); ++ String _oVal = _oxn.elems.getValue(i); ++ // BEGIN android-changed + + if (_oid.equals(_oOID)) + { +@@ -875,21 +898,25 @@ + } + + X509Name _oxn = (X509Name)_obj; +- +- int _orderingSize = ordering.size(); + +- if (_orderingSize != _oxn.ordering.size()) ++ // BEGIN android-changed ++ int _orderingSize = elems.size(); ++ ++ if (_orderingSize != _oxn.elems.size()) + { + return false; + } ++ // END android-changed + + boolean[] _indexes = new boolean[_orderingSize]; + + for(int i = 0; i < _orderingSize; i++) + { + boolean _found = false; +- String _oid = ((DERObjectIdentifier)ordering.elementAt(i)).getId(); +- String _val = (String)values.elementAt(i); ++ // BEGIN android-changed ++ String _oid = elems.getKey(i).getId(); ++ String _val = elems.getValue(i); ++ // END android-changed + + for(int j = 0; j < _orderingSize; j++) + { +@@ -897,9 +924,11 @@ + { + continue; + } +- +- String _oOID = ((DERObjectIdentifier)_oxn.ordering.elementAt(j)).getId(); +- String _oVal = (String)_oxn.values.elementAt(j); ++ ++ // BEGIN android-changed ++ String _oOID = elems.getKey(j).getId(); ++ String _oVal = _oxn.elems.getValue(j); ++ // END android-changed + + if (_oid.equals(_oOID)) + { +@@ -1048,7 +1077,8 @@ + + if (reverse) + { +- for (int i = ordering.size() - 1; i >= 0; i--) ++ // BEGIN android-changed ++ for (int i = elems.size() - 1; i >= 0; i--) + { + if (first) + { +@@ -1056,7 +1086,7 @@ + } + else + { +- if (((Boolean)added.elementAt(i + 1)).booleanValue()) ++ if (elems.getAdded(i + 1)) + { + buf.append('+'); + } +@@ -1067,13 +1097,15 @@ + } + + appendValue(buf, oidSymbols, +- (DERObjectIdentifier)ordering.elementAt(i), +- (String)values.elementAt(i)); ++ elems.getKey(i), ++ elems.getValue(i)); + } ++ // END android-changed + } + else + { +- for (int i = 0; i < ordering.size(); i++) ++ // BEGIN android-changed ++ for (int i = 0; i < elems.size(); i++) + { + if (first) + { +@@ -1081,7 +1113,7 @@ + } + else + { +- if (((Boolean)added.elementAt(i)).booleanValue()) ++ if (elems.getAdded(i)) + { + buf.append('+'); + } +@@ -1092,9 +1124,10 @@ + } + + appendValue(buf, oidSymbols, +- (DERObjectIdentifier)ordering.elementAt(i), +- (String)values.elementAt(i)); ++ elems.getKey(i), ++ elems.getValue(i)); + } ++ // END android-changed + } + + return buf.toString(); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509NameElementList.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509NameElementList.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509NameElementList.java 1969-12-31 16:00:00.000000000 -0800 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509NameElementList.java 2010-04-30 10:57:26.000000000 -0700 +@@ -0,0 +1,206 @@ ++package org.bouncycastle.asn1.x509; ++ ++import java.util.ArrayList; ++import java.util.BitSet; ++import org.bouncycastle.asn1.DERObjectIdentifier; ++ ++// BEGIN android-note ++// This class was extracted from X509Name as a way to keep the element ++// list in a more controlled fashion. ++// END android-note ++ ++/** ++ * List of elements of an X509 name. Each element has a key, a value, and ++ * an "added" flag. ++ */ ++public class X509NameElementList { ++ /** null-ok; key #0 */ ++ private DERObjectIdentifier key0; ++ ++ /** null-ok; key #1 */ ++ private DERObjectIdentifier key1; ++ ++ /** null-ok; key #2 */ ++ private DERObjectIdentifier key2; ++ ++ /** null-ok; key #3 */ ++ private DERObjectIdentifier key3; ++ ++ /** null-ok; value #0 */ ++ private String value0; ++ ++ /** null-ok; value #1 */ ++ private String value1; ++ ++ /** null-ok; value #2 */ ++ private String value2; ++ ++ /** null-ok; value #3 */ ++ private String value3; ++ ++ /** ++ * null-ok; array of additional keys and values, alternating ++ * key then value, etc. ++ */ ++ private ArrayList<Object> rest; ++ ++ /** bit vector for all the "added" bits */ ++ private BitSet added = new BitSet(); ++ ++ /** >= 0; number of elements in the list */ ++ private int size; ++ ++ // Note: Default public constructor. ++ ++ /** ++ * Adds an element. The "added" flag is set to false for the element. ++ * ++ * @param key non-null; the key ++ * @param value non-null; the value ++ */ ++ public void add(DERObjectIdentifier key, String value) { ++ add(key, value, false); ++ } ++ ++ /** ++ * Adds an element. ++ * ++ * @param key non-null; the key ++ * @param value non-null; the value ++ * @param added the added bit ++ */ ++ public void add(DERObjectIdentifier key, String value, boolean added) { ++ if (key == null) { ++ throw new NullPointerException("key == null"); ++ } ++ ++ if (value == null) { ++ throw new NullPointerException("value == null"); ++ } ++ ++ int sz = size; ++ ++ switch (sz) { ++ case 0: { ++ key0 = key; ++ value0 = value; ++ break; ++ } ++ case 1: { ++ key1 = key; ++ value1 = value; ++ break; ++ } ++ case 2: { ++ key2 = key; ++ value2 = value; ++ break; ++ } ++ case 3: { ++ key3 = key; ++ value3 = value; ++ break; ++ } ++ case 4: { ++ // Do initial allocation of rest. ++ rest = new ArrayList<Object>(); ++ // Fall through... ++ } ++ default: { ++ rest.add(key); ++ rest.add(value); ++ break; ++ } ++ } ++ ++ if (added) { ++ this.added.set(sz); ++ } ++ ++ size = sz + 1; ++ } ++ ++ /** ++ * Sets the "added" flag on the most recently added element. ++ */ ++ public void setLastAddedFlag() { ++ added.set(size - 1); ++ } ++ ++ /** ++ * Gets the number of elements in this instance. ++ */ ++ public int size() { ++ return size; ++ } ++ ++ /** ++ * Gets the nth key. ++ * ++ * @param n index ++ * @return non-null; the nth key ++ */ ++ public DERObjectIdentifier getKey(int n) { ++ if ((n < 0) || (n >= size)) { ++ throw new IndexOutOfBoundsException(Integer.toString(n)); ++ } ++ ++ switch (n) { ++ case 0: return key0; ++ case 1: return key1; ++ case 2: return key2; ++ case 3: return key3; ++ default: return (DERObjectIdentifier) rest.get((n - 4) * 2); ++ } ++ } ++ ++ /** ++ * Gets the nth value. ++ * ++ * @param n index ++ * @return non-null; the nth value ++ */ ++ public String getValue(int n) { ++ if ((n < 0) || (n >= size)) { ++ throw new IndexOutOfBoundsException(Integer.toString(n)); ++ } ++ ++ switch (n) { ++ case 0: return value0; ++ case 1: return value1; ++ case 2: return value2; ++ case 3: return value3; ++ default: return (String) rest.get(((n - 4) * 2) + 1); ++ } ++ } ++ ++ /** ++ * Gets the nth added flag bit. ++ * ++ * @param n index ++ * @return the nth added flag bit ++ */ ++ public boolean getAdded(int n) { ++ if ((n < 0) || (n >= size)) { ++ throw new IndexOutOfBoundsException(Integer.toString(n)); ++ } ++ ++ return added.get(n); ++ } ++ ++ /** ++ * Constructs and returns a new instance which consists of the ++ * elements of this one in reverse order ++ * ++ * @return non-null; the reversed instance ++ */ ++ public X509NameElementList reverse() { ++ X509NameElementList result = new X509NameElementList(); ++ ++ for (int i = size - 1; i >= 0; i--) { ++ result.add(getKey(i), getValue(i), getAdded(i)); ++ } ++ ++ return result; ++ } ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509NameTokenizer.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-04-30 10:57:26.000000000 -0700 +@@ -66,6 +66,17 @@ + { + if (escaped || quoted) + { ++ // BEGIN android-added ++ // copied from a newer version of BouncyCastle ++ if (c == '#' && buf.charAt(buf.length() - 1) == '=') ++ { ++ buf.append('\\'); ++ } ++ else if (c == '+' && seperator != '+') ++ { ++ buf.append('\\'); ++ } ++ // END android-added + buf.append(c); + escaped = false; + } +@@ -88,4 +99,4 @@ + index = end; + return buf.toString().trim(); + } +-} ++} +\ No newline at end of file +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java bcprov-jdk15-134/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java +--- bcprov-jdk15-134.orig/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java 2010-04-30 10:57:26.000000000 -0700 +@@ -1,49 +1,49 @@ +-package org.bouncycastle.asn1.x509.sigi;
+-
+-import org.bouncycastle.asn1.DERObjectIdentifier;
+-
+-/**
+- * Object Identifiers of SigI specifciation (German Signature Law
+- * Interoperability specification).
+- */
+-public final class SigIObjectIdentifiers
+-{
+- private SigIObjectIdentifiers()
+- {
+- }
+-
+- public final static DERObjectIdentifier id_sigi = new DERObjectIdentifier("1.3.36.8");
+-
+- /**
+- * Key purpose IDs for German SigI (Signature Interoperability
+- * Specification)
+- */
+- public final static DERObjectIdentifier id_sigi_kp = new DERObjectIdentifier(id_sigi + ".2");
+-
+- /**
+- * Certificate policy IDs for German SigI (Signature Interoperability
+- * Specification)
+- */
+- public final static DERObjectIdentifier id_sigi_cp = new DERObjectIdentifier(id_sigi + ".1");
+-
+- /**
+- * Other Name IDs for German SigI (Signature Interoperability Specification)
+- */
+- public final static DERObjectIdentifier id_sigi_on = new DERObjectIdentifier(id_sigi + ".4");
+-
+- /**
+- * To be used for for the generation of directory service certificates.
+- */
+- public static final DERObjectIdentifier id_sigi_kp_directoryService = new DERObjectIdentifier(id_sigi_kp + ".1");
+-
+- /**
+- * ID for PersonalData
+- */
+- public static final DERObjectIdentifier id_sigi_on_personalData = new DERObjectIdentifier(id_sigi_on + ".1");
+-
+- /**
+- * Certificate is conform to german signature law.
+- */
+- public static final DERObjectIdentifier id_sigi_cp_sigconform = new DERObjectIdentifier(id_sigi_cp + ".1");
+-
+-}
++package org.bouncycastle.asn1.x509.sigi; ++ ++import org.bouncycastle.asn1.DERObjectIdentifier; ++ ++/** ++ * Object Identifiers of SigI specifciation (German Signature Law ++ * Interoperability specification). ++ */ ++public final class SigIObjectIdentifiers ++{ ++ private SigIObjectIdentifiers() ++ { ++ } ++ ++ public final static DERObjectIdentifier id_sigi = new DERObjectIdentifier("1.3.36.8"); ++ ++ /** ++ * Key purpose IDs for German SigI (Signature Interoperability ++ * Specification) ++ */ ++ public final static DERObjectIdentifier id_sigi_kp = new DERObjectIdentifier(id_sigi + ".2"); ++ ++ /** ++ * Certificate policy IDs for German SigI (Signature Interoperability ++ * Specification) ++ */ ++ public final static DERObjectIdentifier id_sigi_cp = new DERObjectIdentifier(id_sigi + ".1"); ++ ++ /** ++ * Other Name IDs for German SigI (Signature Interoperability Specification) ++ */ ++ public final static DERObjectIdentifier id_sigi_on = new DERObjectIdentifier(id_sigi + ".4"); ++ ++ /** ++ * To be used for for the generation of directory service certificates. ++ */ ++ public static final DERObjectIdentifier id_sigi_kp_directoryService = new DERObjectIdentifier(id_sigi_kp + ".1"); ++ ++ /** ++ * ID for PersonalData ++ */ ++ public static final DERObjectIdentifier id_sigi_on_personalData = new DERObjectIdentifier(id_sigi_on + ".1"); ++ ++ /** ++ * Certificate is conform to german signature law. ++ */ ++ public static final DERObjectIdentifier id_sigi_cp_sigconform = new DERObjectIdentifier(id_sigi_cp + ".1"); ++ ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk15-134/org/bouncycastle/crypto/PBEParametersGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-04-30 10:57:26.000000000 -0700 +@@ -121,7 +121,8 @@ + public static byte[] PKCS12PasswordToBytes( + char[] password) + { +- if (password.length > 0) ++ // BEGIN android-changed ++ if (password != null && password.length > 0) + { + // +1 for extra 2 pad bytes. + byte[] bytes = new byte[(password.length + 1) * 2]; +@@ -138,5 +139,6 @@ + { + return new byte[0]; + } ++ // END android-changed + } + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk15-134/org/bouncycastle/crypto/engines/RC2Engine.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2006-10-02 15:50:16.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/engines/RC2Engine.java 2010-04-30 10:57:26.000000000 -0700 +@@ -313,4 +313,4 @@ + out[outOff + 6] = (byte)x76; + out[outOff + 7] = (byte)(x76 >> 8); + } +-} ++} +\ No newline at end of file +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15-134/org/bouncycastle/crypto/macs/HMac.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/macs/HMac.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/macs/HMac.java 2010-04-30 10:57:26.000000000 -0700 +@@ -32,23 +32,23 @@ + { + blockLengths = new Hashtable(); + +- blockLengths.put("GOST3411", new Integer(32)); ++ blockLengths.put("GOST3411", Integer.valueOf(32)); + +- blockLengths.put("MD2", new Integer(16)); +- blockLengths.put("MD4", new Integer(64)); +- blockLengths.put("MD5", new Integer(64)); +- +- blockLengths.put("RIPEMD128", new Integer(64)); +- blockLengths.put("RIPEMD160", new Integer(64)); +- +- blockLengths.put("SHA-1", new Integer(64)); +- blockLengths.put("SHA-224", new Integer(64)); +- blockLengths.put("SHA-256", new Integer(64)); +- blockLengths.put("SHA-384", new Integer(128)); +- blockLengths.put("SHA-512", new Integer(128)); ++ blockLengths.put("MD2", Integer.valueOf(16)); ++ blockLengths.put("MD4", Integer.valueOf(64)); ++ blockLengths.put("MD5", Integer.valueOf(64)); ++ ++ blockLengths.put("RIPEMD128", Integer.valueOf(64)); ++ blockLengths.put("RIPEMD160", Integer.valueOf(64)); ++ ++ blockLengths.put("SHA-1", Integer.valueOf(64)); ++ blockLengths.put("SHA-224", Integer.valueOf(64)); ++ blockLengths.put("SHA-256", Integer.valueOf(64)); ++ blockLengths.put("SHA-384", Integer.valueOf(128)); ++ blockLengths.put("SHA-512", Integer.valueOf(128)); + +- blockLengths.put("Tiger", new Integer(64)); +- blockLengths.put("Whirlpool", new Integer(64)); ++ blockLengths.put("Tiger", Integer.valueOf(64)); ++ blockLengths.put("Whirlpool", Integer.valueOf(64)); + } + + private static int getByteLength( +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java bcprov-jdk15-134/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java 2010-04-30 10:57:26.000000000 -0700 +@@ -1,289 +1,289 @@ +-package org.bouncycastle.crypto.macs;
+-
+-import org.bouncycastle.crypto.BlockCipher;
+-import org.bouncycastle.crypto.CipherParameters;
+-import org.bouncycastle.crypto.Mac;
+-import org.bouncycastle.crypto.engines.DESEngine;
+-import org.bouncycastle.crypto.modes.CBCBlockCipher;
+-import org.bouncycastle.crypto.paddings.BlockCipherPadding;
+-import org.bouncycastle.crypto.params.KeyParameter;
+-
+-/**
+- * DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
+- *
+- * This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
+- * class must be changed to protected
+- */
+-
+-public class ISO9797Alg3Mac
+- implements Mac
+-{
+- private byte[] mac;
+-
+- private byte[] buf;
+- private int bufOff;
+- private BlockCipher cipher;
+- private BlockCipherPadding padding;
+-
+- private int macSize;
+- private KeyParameter lastKey2;
+- private KeyParameter lastKey3;
+-
+- /**
+- * create a Retail-MAC based on a CBC block cipher. This will produce an
+- * authentication code of the length of the block size of the cipher.
+- *
+- * @param cipher the cipher to be used as the basis of the MAC generation. This must
+- * be DESEngine.
+- */
+- public ISO9797Alg3Mac(
+- BlockCipher cipher)
+- {
+- this(cipher, cipher.getBlockSize() * 8, null);
+- }
+-
+- /**
+- * create a Retail-MAC based on a CBC block cipher. This will produce an
+- * authentication code of the length of the block size of the cipher.
+- *
+- * @param cipher the cipher to be used as the basis of the MAC generation.
+- * @param padding the padding to be used to complete the last block.
+- */
+- public ISO9797Alg3Mac(
+- BlockCipher cipher,
+- BlockCipherPadding padding)
+- {
+- this(cipher, cipher.getBlockSize() * 8, padding);
+- }
+-
+- /**
+- * create a Retail-MAC based on a block cipher with the size of the
+- * MAC been given in bits. This class uses single DES CBC mode as the basis for the
+- * MAC generation.
+- * <p>
+- * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
+- * or 16 bits if being used as a data authenticator (FIPS Publication 113),
+- * and in general should be less than the size of the block cipher as it reduces
+- * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
+- *
+- * @param cipher the cipher to be used as the basis of the MAC generation.
+- * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
+- */
+- public ISO9797Alg3Mac(
+- BlockCipher cipher,
+- int macSizeInBits)
+- {
+- this(cipher, macSizeInBits, null);
+- }
+-
+- /**
+- * create a standard MAC based on a block cipher with the size of the
+- * MAC been given in bits. This class uses single DES CBC mode as the basis for the
+- * MAC generation. The final block is decrypted and then encrypted using the
+- * middle and right part of the key.
+- * <p>
+- * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
+- * or 16 bits if being used as a data authenticator (FIPS Publication 113),
+- * and in general should be less than the size of the block cipher as it reduces
+- * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
+- *
+- * @param cipher the cipher to be used as the basis of the MAC generation.
+- * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
+- * @param padding the padding to be used to complete the last block.
+- */
+- public ISO9797Alg3Mac(
+- BlockCipher cipher,
+- int macSizeInBits,
+- BlockCipherPadding padding)
+- {
+- if ((macSizeInBits % 8) != 0)
+- {
+- throw new IllegalArgumentException("MAC size must be multiple of 8");
+- }
+-
+- if (!(cipher instanceof DESEngine))
+- {
+- throw new IllegalArgumentException("cipher must be instance of DESEngine");
+- }
+-
+- this.cipher = new CBCBlockCipher(cipher);
+- this.padding = padding;
+- this.macSize = macSizeInBits / 8;
+-
+- mac = new byte[cipher.getBlockSize()];
+-
+- buf = new byte[cipher.getBlockSize()];
+- bufOff = 0;
+- }
+-
+- public String getAlgorithmName()
+- {
+- return "ISO9797Alg3";
+- }
+-
+- public void init(CipherParameters params)
+- {
+- reset();
+-
+- if (!(params instanceof KeyParameter))
+- {
+- throw new IllegalArgumentException(
+- "params must be an instance of KeyParameter");
+- }
+-
+- // KeyParameter must contain a double or triple length DES key,
+- // however the underlying cipher is a single DES. The middle and
+- // right key are used only in the final step.
+-
+- KeyParameter kp = (KeyParameter)params;
+- KeyParameter key1;
+- byte[] keyvalue = kp.getKey();
+-
+- if (keyvalue.length == 16)
+- { // Double length DES key
+- key1 = new KeyParameter(keyvalue, 0, 8);
+- this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
+- this.lastKey3 = key1;
+- }
+- else if (keyvalue.length == 24)
+- { // Triple length DES key
+- key1 = new KeyParameter(keyvalue, 0, 8);
+- this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
+- this.lastKey3 = new KeyParameter(keyvalue, 16, 8);
+- }
+- else
+- {
+- throw new IllegalArgumentException(
+- "Key must be either 112 or 168 bit long");
+- }
+-
+- cipher.init(true, key1);
+- }
+-
+- public int getMacSize()
+- {
+- return macSize;
+- }
+-
+- public void update(
+- byte in)
+- {
+- int resultLen = 0;
+-
+- if (bufOff == buf.length)
+- {
+- resultLen = cipher.processBlock(buf, 0, mac, 0);
+- bufOff = 0;
+- }
+-
+- buf[bufOff++] = in;
+- }
+-
+-
+- public void update(
+- byte[] in,
+- int inOff,
+- int len)
+- {
+- if (len < 0)
+- {
+- throw new IllegalArgumentException("Can't have a negative input length!");
+- }
+-
+- int blockSize = cipher.getBlockSize();
+- int resultLen = 0;
+- int gapLen = blockSize - bufOff;
+-
+- if (len > gapLen)
+- {
+- System.arraycopy(in, inOff, buf, bufOff, gapLen);
+-
+- resultLen += cipher.processBlock(buf, 0, mac, 0);
+-
+- bufOff = 0;
+- len -= gapLen;
+- inOff += gapLen;
+-
+- while (len > blockSize)
+- {
+- resultLen += cipher.processBlock(in, inOff, mac, 0);
+-
+- len -= blockSize;
+- inOff += blockSize;
+- }
+- }
+-
+- System.arraycopy(in, inOff, buf, bufOff, len);
+-
+- bufOff += len;
+- }
+-
+- public int doFinal(
+- byte[] out,
+- int outOff)
+- {
+- int blockSize = cipher.getBlockSize();
+-
+- if (padding == null)
+- {
+- //
+- // pad with zeroes
+- //
+- while (bufOff < blockSize)
+- {
+- buf[bufOff] = 0;
+- bufOff++;
+- }
+- }
+- else
+- {
+- if (bufOff == blockSize)
+- {
+- cipher.processBlock(buf, 0, mac, 0);
+- bufOff = 0;
+- }
+-
+- padding.addPadding(buf, bufOff);
+- }
+-
+- cipher.processBlock(buf, 0, mac, 0);
+-
+- // Added to code from base class
+- DESEngine deseng = new DESEngine();
+-
+- deseng.init(false, this.lastKey2);
+- deseng.processBlock(mac, 0, mac, 0);
+-
+- deseng.init(true, this.lastKey3);
+- deseng.processBlock(mac, 0, mac, 0);
+- // ****
+-
+- System.arraycopy(mac, 0, out, outOff, macSize);
+-
+- reset();
+-
+- return macSize;
+- }
+-
+-
+- /**
+- * Reset the mac generator.
+- */
+- public void reset()
+- {
+- /*
+- * clean the buffer.
+- */
+- for (int i = 0; i < buf.length; i++)
+- {
+- buf[i] = 0;
+- }
+-
+- bufOff = 0;
+-
+- /*
+- * reset the underlying cipher.
+- */
+- cipher.reset();
+- }
+-}
++package org.bouncycastle.crypto.macs; ++ ++import org.bouncycastle.crypto.BlockCipher; ++import org.bouncycastle.crypto.CipherParameters; ++import org.bouncycastle.crypto.Mac; ++import org.bouncycastle.crypto.engines.DESEngine; ++import org.bouncycastle.crypto.modes.CBCBlockCipher; ++import org.bouncycastle.crypto.paddings.BlockCipherPadding; ++import org.bouncycastle.crypto.params.KeyParameter; ++ ++/** ++ * DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC) ++ * ++ * This could as well be derived from CBCBlockCipherMac, but then the property mac in the base ++ * class must be changed to protected ++ */ ++ ++public class ISO9797Alg3Mac ++ implements Mac ++{ ++ private byte[] mac; ++ ++ private byte[] buf; ++ private int bufOff; ++ private BlockCipher cipher; ++ private BlockCipherPadding padding; ++ ++ private int macSize; ++ private KeyParameter lastKey2; ++ private KeyParameter lastKey3; ++ ++ /** ++ * create a Retail-MAC based on a CBC block cipher. This will produce an ++ * authentication code of the length of the block size of the cipher. ++ * ++ * @param cipher the cipher to be used as the basis of the MAC generation. This must ++ * be DESEngine. ++ */ ++ public ISO9797Alg3Mac( ++ BlockCipher cipher) ++ { ++ this(cipher, cipher.getBlockSize() * 8, null); ++ } ++ ++ /** ++ * create a Retail-MAC based on a CBC block cipher. This will produce an ++ * authentication code of the length of the block size of the cipher. ++ * ++ * @param cipher the cipher to be used as the basis of the MAC generation. ++ * @param padding the padding to be used to complete the last block. ++ */ ++ public ISO9797Alg3Mac( ++ BlockCipher cipher, ++ BlockCipherPadding padding) ++ { ++ this(cipher, cipher.getBlockSize() * 8, padding); ++ } ++ ++ /** ++ * create a Retail-MAC based on a block cipher with the size of the ++ * MAC been given in bits. This class uses single DES CBC mode as the basis for the ++ * MAC generation. ++ * <p> ++ * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), ++ * or 16 bits if being used as a data authenticator (FIPS Publication 113), ++ * and in general should be less than the size of the block cipher as it reduces ++ * the chance of an exhaustive attack (see Handbook of Applied Cryptography). ++ * ++ * @param cipher the cipher to be used as the basis of the MAC generation. ++ * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. ++ */ ++ public ISO9797Alg3Mac( ++ BlockCipher cipher, ++ int macSizeInBits) ++ { ++ this(cipher, macSizeInBits, null); ++ } ++ ++ /** ++ * create a standard MAC based on a block cipher with the size of the ++ * MAC been given in bits. This class uses single DES CBC mode as the basis for the ++ * MAC generation. The final block is decrypted and then encrypted using the ++ * middle and right part of the key. ++ * <p> ++ * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), ++ * or 16 bits if being used as a data authenticator (FIPS Publication 113), ++ * and in general should be less than the size of the block cipher as it reduces ++ * the chance of an exhaustive attack (see Handbook of Applied Cryptography). ++ * ++ * @param cipher the cipher to be used as the basis of the MAC generation. ++ * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. ++ * @param padding the padding to be used to complete the last block. ++ */ ++ public ISO9797Alg3Mac( ++ BlockCipher cipher, ++ int macSizeInBits, ++ BlockCipherPadding padding) ++ { ++ if ((macSizeInBits % 8) != 0) ++ { ++ throw new IllegalArgumentException("MAC size must be multiple of 8"); ++ } ++ ++ if (!(cipher instanceof DESEngine)) ++ { ++ throw new IllegalArgumentException("cipher must be instance of DESEngine"); ++ } ++ ++ this.cipher = new CBCBlockCipher(cipher); ++ this.padding = padding; ++ this.macSize = macSizeInBits / 8; ++ ++ mac = new byte[cipher.getBlockSize()]; ++ ++ buf = new byte[cipher.getBlockSize()]; ++ bufOff = 0; ++ } ++ ++ public String getAlgorithmName() ++ { ++ return "ISO9797Alg3"; ++ } ++ ++ public void init(CipherParameters params) ++ { ++ reset(); ++ ++ if (!(params instanceof KeyParameter)) ++ { ++ throw new IllegalArgumentException( ++ "params must be an instance of KeyParameter"); ++ } ++ ++ // KeyParameter must contain a double or triple length DES key, ++ // however the underlying cipher is a single DES. The middle and ++ // right key are used only in the final step. ++ ++ KeyParameter kp = (KeyParameter)params; ++ KeyParameter key1; ++ byte[] keyvalue = kp.getKey(); ++ ++ if (keyvalue.length == 16) ++ { // Double length DES key ++ key1 = new KeyParameter(keyvalue, 0, 8); ++ this.lastKey2 = new KeyParameter(keyvalue, 8, 8); ++ this.lastKey3 = key1; ++ } ++ else if (keyvalue.length == 24) ++ { // Triple length DES key ++ key1 = new KeyParameter(keyvalue, 0, 8); ++ this.lastKey2 = new KeyParameter(keyvalue, 8, 8); ++ this.lastKey3 = new KeyParameter(keyvalue, 16, 8); ++ } ++ else ++ { ++ throw new IllegalArgumentException( ++ "Key must be either 112 or 168 bit long"); ++ } ++ ++ cipher.init(true, key1); ++ } ++ ++ public int getMacSize() ++ { ++ return macSize; ++ } ++ ++ public void update( ++ byte in) ++ { ++ int resultLen = 0; ++ ++ if (bufOff == buf.length) ++ { ++ resultLen = cipher.processBlock(buf, 0, mac, 0); ++ bufOff = 0; ++ } ++ ++ buf[bufOff++] = in; ++ } ++ ++ ++ public void update( ++ byte[] in, ++ int inOff, ++ int len) ++ { ++ if (len < 0) ++ { ++ throw new IllegalArgumentException("Can't have a negative input length!"); ++ } ++ ++ int blockSize = cipher.getBlockSize(); ++ int resultLen = 0; ++ int gapLen = blockSize - bufOff; ++ ++ if (len > gapLen) ++ { ++ System.arraycopy(in, inOff, buf, bufOff, gapLen); ++ ++ resultLen += cipher.processBlock(buf, 0, mac, 0); ++ ++ bufOff = 0; ++ len -= gapLen; ++ inOff += gapLen; ++ ++ while (len > blockSize) ++ { ++ resultLen += cipher.processBlock(in, inOff, mac, 0); ++ ++ len -= blockSize; ++ inOff += blockSize; ++ } ++ } ++ ++ System.arraycopy(in, inOff, buf, bufOff, len); ++ ++ bufOff += len; ++ } ++ ++ public int doFinal( ++ byte[] out, ++ int outOff) ++ { ++ int blockSize = cipher.getBlockSize(); ++ ++ if (padding == null) ++ { ++ // ++ // pad with zeroes ++ // ++ while (bufOff < blockSize) ++ { ++ buf[bufOff] = 0; ++ bufOff++; ++ } ++ } ++ else ++ { ++ if (bufOff == blockSize) ++ { ++ cipher.processBlock(buf, 0, mac, 0); ++ bufOff = 0; ++ } ++ ++ padding.addPadding(buf, bufOff); ++ } ++ ++ cipher.processBlock(buf, 0, mac, 0); ++ ++ // Added to code from base class ++ DESEngine deseng = new DESEngine(); ++ ++ deseng.init(false, this.lastKey2); ++ deseng.processBlock(mac, 0, mac, 0); ++ ++ deseng.init(true, this.lastKey3); ++ deseng.processBlock(mac, 0, mac, 0); ++ // **** ++ ++ System.arraycopy(mac, 0, out, outOff, macSize); ++ ++ reset(); ++ ++ return macSize; ++ } ++ ++ ++ /** ++ * Reset the mac generator. ++ */ ++ public void reset() ++ { ++ /* ++ * clean the buffer. ++ */ ++ for (int i = 0; i < buf.length; i++) ++ { ++ buf[i] = 0; ++ } ++ ++ bufOff = 0; ++ ++ /* ++ * reset the underlying cipher. ++ */ ++ cipher.reset(); ++ } ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java bcprov-jdk15-134/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java 2010-04-30 10:57:26.000000000 -0700 +@@ -7,8 +7,10 @@ + import org.bouncycastle.crypto.CryptoException; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.SignerWithRecovery; +-import org.bouncycastle.crypto.digests.RIPEMD128Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD128Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.params.ParametersWithRandom; + import org.bouncycastle.crypto.params.ParametersWithSalt; +@@ -74,14 +76,16 @@ + { + trailer = TRAILER_SHA1; + } +- else if (digest instanceof RIPEMD160Digest) +- { +- trailer = TRAILER_RIPEMD160; +- } +- else if (digest instanceof RIPEMD128Digest) +- { +- trailer = TRAILER_RIPEMD128; +- } ++ // BEGIN android-removed ++ // else if (digest instanceof RIPEMD160Digest) ++ // { ++ // trailer = TRAILER_RIPEMD160; ++ // } ++ // else if (digest instanceof RIPEMD128Digest) ++ // { ++ // trailer = TRAILER_RIPEMD128; ++ // } ++ // END android-removed + else + { + throw new IllegalArgumentException("no valid trailer for digest"); +@@ -374,24 +378,28 @@ + + switch (sigTrail) + { +- case TRAILER_RIPEMD160: +- if (!(digest instanceof RIPEMD160Digest)) +- { +- throw new IllegalStateException("signer should be initialised with RIPEMD160"); +- } +- break; ++ // BEGIN android-removed ++ // case TRAILER_RIPEMD160: ++ // if (!(digest instanceof RIPEMD160Digest)) ++ // { ++ // throw new IllegalStateException("signer should be initialised with RIPEMD160"); ++ // } ++ // break; ++ // END android-removed + case TRAILER_SHA1: + if (!(digest instanceof SHA1Digest)) + { + throw new IllegalStateException("signer should be initialised with SHA1"); + } + break; +- case TRAILER_RIPEMD128: +- if (!(digest instanceof RIPEMD128Digest)) +- { +- throw new IllegalStateException("signer should be initialised with RIPEMD128"); +- } +- break; ++ // BEGIN android-removed ++ // case TRAILER_RIPEMD128: ++ // if (!(digest instanceof RIPEMD128Digest)) ++ // { ++ // throw new IllegalStateException("signer should be initialised with RIPEMD128"); ++ // } ++ // break; ++ // END android-removed + default: + throw new IllegalArgumentException("unrecognised hash in signature"); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/signers/ISO9796d2Signer.java bcprov-jdk15-134/org/bouncycastle/crypto/signers/ISO9796d2Signer.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/signers/ISO9796d2Signer.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/signers/ISO9796d2Signer.java 2010-04-30 10:57:26.000000000 -0700 +@@ -5,8 +5,10 @@ + import org.bouncycastle.crypto.CryptoException; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.SignerWithRecovery; +-import org.bouncycastle.crypto.digests.RIPEMD128Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD128Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.params.RSAKeyParameters; + +@@ -58,14 +60,16 @@ + { + trailer = TRAILER_SHA1; + } +- else if (digest instanceof RIPEMD160Digest) +- { +- trailer = TRAILER_RIPEMD160; +- } +- else if (digest instanceof RIPEMD128Digest) +- { +- trailer = TRAILER_RIPEMD128; +- } ++ // BEGIN android-removed ++ // else if (digest instanceof RIPEMD160Digest) ++ // { ++ // trailer = TRAILER_RIPEMD160; ++ // } ++ // else if (digest instanceof RIPEMD128Digest) ++ // { ++ // trailer = TRAILER_RIPEMD128; ++ // } ++ // END android-removed + else + { + throw new IllegalArgumentException("no valid trailer for digest"); +@@ -336,24 +340,28 @@ + + switch (sigTrail) + { +- case TRAILER_RIPEMD160: +- if (!(digest instanceof RIPEMD160Digest)) +- { +- throw new IllegalStateException("signer should be initialised with RIPEMD160"); +- } +- break; ++ // BEGIN android-removed ++ // case TRAILER_RIPEMD160: ++ // if (!(digest instanceof RIPEMD160Digest)) ++ // { ++ // throw new IllegalStateException("signer should be initialised with RIPEMD160"); ++ // } ++ // break; ++ // END android-removed + case TRAILER_SHA1: + if (!(digest instanceof SHA1Digest)) + { + throw new IllegalStateException("signer should be initialised with SHA1"); + } + break; +- case TRAILER_RIPEMD128: +- if (!(digest instanceof RIPEMD128Digest)) +- { +- throw new IllegalStateException("signer should be initialised with RIPEMD128"); +- } +- break; ++ // BEGIN android-removed ++ // case TRAILER_RIPEMD128: ++ // if (!(digest instanceof RIPEMD128Digest)) ++ // { ++ // throw new IllegalStateException("signer should be initialised with RIPEMD128"); ++ // } ++ // break; ++ // END android-removed + default: + throw new IllegalArgumentException("unrecognised hash in signature"); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15-134/org/bouncycastle/crypto/util/PrivateKeyFactory.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-04-30 10:57:26.000000000 -0700 +@@ -6,28 +6,36 @@ + import org.bouncycastle.asn1.DERInteger; + import org.bouncycastle.asn1.DERObject; + import org.bouncycastle.asn1.DERObjectIdentifier; +-import org.bouncycastle.asn1.oiw.ElGamalParameter; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.oiw.ElGamalParameter; ++// END android-removed + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.DHParameter; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; + import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; +-import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; ++// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.DSAParameter; +-import org.bouncycastle.asn1.x9.X962NamedCurves; +-import org.bouncycastle.asn1.x9.X962Parameters; +-import org.bouncycastle.asn1.x9.X9ECParameters; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.x9.X962NamedCurves; ++// import org.bouncycastle.asn1.x9.X962Parameters; ++// import org.bouncycastle.asn1.x9.X9ECParameters; ++// END android-removed + import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + import org.bouncycastle.crypto.params.AsymmetricKeyParameter; + import org.bouncycastle.crypto.params.DHParameters; + import org.bouncycastle.crypto.params.DHPrivateKeyParameters; + import org.bouncycastle.crypto.params.DSAParameters; + import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; +-import org.bouncycastle.crypto.params.ECDomainParameters; +-import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +-import org.bouncycastle.crypto.params.ElGamalParameters; +-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.ECDomainParameters; ++// import org.bouncycastle.crypto.params.ECPrivateKeyParameters; ++// import org.bouncycastle.crypto.params.ElGamalParameters; ++// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; ++//END android-removed + import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; + + /** +@@ -69,13 +77,15 @@ + + return new DHPrivateKeyParameters(derX.getValue(), new DHParameters(params.getP(), params.getG())); + } +- else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) +- { +- ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); +- DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); +- +- return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG())); +- } ++ // BEGIN android-removed ++ // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) ++ // { ++ // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); ++ // DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); ++ // ++ // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG())); ++ // } ++ // END android-removed + else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) + { + DSAParameter params = new DSAParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); +@@ -83,39 +93,41 @@ + + return new DSAPrivateKeyParameters(derX.getValue(), new DSAParameters(params.getP(), params.getQ(), params.getG())); + } +- else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) +- { +- X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters()); +- ECDomainParameters dParams = null; +- +- if (params.isNamedCurve()) +- { +- DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); +- X9ECParameters ecP = X962NamedCurves.getByOID(oid); +- +- dParams = new ECDomainParameters( +- ecP.getCurve(), +- ecP.getG(), +- ecP.getN(), +- ecP.getH(), +- ecP.getSeed()); +- } +- else +- { +- X9ECParameters ecP = new X9ECParameters( +- (ASN1Sequence)params.getParameters()); +- dParams = new ECDomainParameters( +- ecP.getCurve(), +- ecP.getG(), +- ecP.getN(), +- ecP.getH(), +- ecP.getSeed()); +- } +- +- ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey()); +- +- return new ECPrivateKeyParameters(ec.getKey(), dParams); +- } ++ // BEGIN android-removed ++ // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) ++ // { ++ // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters()); ++ // ECDomainParameters dParams = null; ++ // ++ // if (params.isNamedCurve()) ++ // { ++ // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); ++ // X9ECParameters ecP = X962NamedCurves.getByOID(oid); ++ // ++ // dParams = new ECDomainParameters( ++ // ecP.getCurve(), ++ // ecP.getG(), ++ // ecP.getN(), ++ // ecP.getH(), ++ // ecP.getSeed()); ++ // } ++ // else ++ // { ++ // X9ECParameters ecP = new X9ECParameters( ++ // (ASN1Sequence)params.getParameters()); ++ // dParams = new ECDomainParameters( ++ // ecP.getCurve(), ++ // ecP.getG(), ++ // ecP.getN(), ++ // ecP.getH(), ++ // ecP.getSeed()); ++ // } ++ // ++ // ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey()); ++ // ++ // return new ECPrivateKeyParameters(ec.getKey(), dParams); ++ // } ++ // END android-removed + else + { + throw new RuntimeException("algorithm identifier in key not recognised"); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15-134/org/bouncycastle/crypto/util/PublicKeyFactory.java +--- bcprov-jdk15-134.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-04-30 10:57:26.000000000 -0700 +@@ -9,7 +9,9 @@ + import org.bouncycastle.asn1.DERObject; + import org.bouncycastle.asn1.DERObjectIdentifier; + import org.bouncycastle.asn1.DEROctetString; +-import org.bouncycastle.asn1.oiw.ElGamalParameter; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.oiw.ElGamalParameter; ++// END android-removed + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.DHParameter; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +@@ -18,20 +20,24 @@ + import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; +-import org.bouncycastle.asn1.x9.X962NamedCurves; +-import org.bouncycastle.asn1.x9.X962Parameters; +-import org.bouncycastle.asn1.x9.X9ECParameters; +-import org.bouncycastle.asn1.x9.X9ECPoint; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.x9.X962NamedCurves; ++// import org.bouncycastle.asn1.x9.X962Parameters; ++// import org.bouncycastle.asn1.x9.X9ECParameters; ++// import org.bouncycastle.asn1.x9.X9ECPoint; ++// END android-removed + import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + import org.bouncycastle.crypto.params.AsymmetricKeyParameter; + import org.bouncycastle.crypto.params.DHParameters; + import org.bouncycastle.crypto.params.DHPublicKeyParameters; + import org.bouncycastle.crypto.params.DSAParameters; + import org.bouncycastle.crypto.params.DSAPublicKeyParameters; +-import org.bouncycastle.crypto.params.ECDomainParameters; +-import org.bouncycastle.crypto.params.ECPublicKeyParameters; +-import org.bouncycastle.crypto.params.ElGamalParameters; +-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.ECDomainParameters; ++// import org.bouncycastle.crypto.params.ECPublicKeyParameters; ++// import org.bouncycastle.crypto.params.ElGamalParameters; ++// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; ++// END android-removed + import org.bouncycastle.crypto.params.RSAKeyParameters; + + /** +@@ -68,13 +74,15 @@ + + return new DHPublicKeyParameters(derY.getValue(), new DHParameters(params.getP(), params.getG())); + } +- else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) +- { +- ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); +- DERInteger derY = (DERInteger)keyInfo.getPublicKey(); +- +- return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG())); +- } ++ // BEGIN android-removed ++ // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) ++ // { ++ // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); ++ // DERInteger derY = (DERInteger)keyInfo.getPublicKey(); ++ // ++ // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG())); ++ // } ++ // END android-removed + else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa) + || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) + { +@@ -83,43 +91,45 @@ + + return new DSAPublicKeyParameters(derY.getValue(), new DSAParameters(params.getP(), params.getQ(), params.getG())); + } +- else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) +- { +- X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters()); +- ECDomainParameters dParams = null; +- +- if (params.isNamedCurve()) +- { +- DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); +- X9ECParameters ecP = X962NamedCurves.getByOID(oid); +- +- dParams = new ECDomainParameters( +- ecP.getCurve(), +- ecP.getG(), +- ecP.getN(), +- ecP.getH(), +- ecP.getSeed()); +- } +- else +- { +- X9ECParameters ecP = new X9ECParameters( +- (ASN1Sequence)params.getParameters()); +- dParams = new ECDomainParameters( +- ecP.getCurve(), +- ecP.getG(), +- ecP.getN(), +- ecP.getH(), +- ecP.getSeed()); +- } +- +- DERBitString bits = keyInfo.getPublicKeyData(); +- byte[] data = bits.getBytes(); +- ASN1OctetString key = new DEROctetString(data); +- +- X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key); +- +- return new ECPublicKeyParameters(derQ.getPoint(), dParams); +- } ++ // BEGIN android-removed ++ // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) ++ // { ++ // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters()); ++ // ECDomainParameters dParams = null; ++ // ++ // if (params.isNamedCurve()) ++ // { ++ // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); ++ // X9ECParameters ecP = X962NamedCurves.getByOID(oid); ++ // ++ // dParams = new ECDomainParameters( ++ // ecP.getCurve(), ++ // ecP.getG(), ++ // ecP.getN(), ++ // ecP.getH(), ++ // ecP.getSeed()); ++ // } ++ // else ++ // { ++ // X9ECParameters ecP = new X9ECParameters( ++ // (ASN1Sequence)params.getParameters()); ++ // dParams = new ECDomainParameters( ++ // ecP.getCurve(), ++ // ecP.getG(), ++ // ecP.getN(), ++ // ecP.getH(), ++ // ecP.getSeed()); ++ // } ++ // ++ // DERBitString bits = keyInfo.getPublicKeyData(); ++ // byte[] data = bits.getBytes(); ++ // ASN1OctetString key = new DEROctetString(data); ++ // ++ // X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key); ++ // ++ // return new ECPublicKeyParameters(derQ.getPoint(), dParams); ++ // } ++ // BEGIN android-removed + else + { + throw new RuntimeException("algorithm identifier in key not recognised"); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/i18n/LocalizedMessage.java bcprov-jdk15-134/org/bouncycastle/i18n/LocalizedMessage.java +--- bcprov-jdk15-134.orig/org/bouncycastle/i18n/LocalizedMessage.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/i18n/LocalizedMessage.java 2010-04-30 10:57:26.000000000 -0700 +@@ -63,7 +63,7 @@ + + /** + * Reads the entry <code>id + "." + key</code> from the resource file and returns a +- * formated message for the given Locale and TimeZone. ++ * formatted message for the given Locale and TimeZone. + * @param key second part of the entry id + * @param loc the used {@link Locale} + * @param timezone the used {@link TimeZone} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15-134/org/bouncycastle/jce/PKCS10CertificationRequest.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-04-30 10:57:26.000000000 -0700 +@@ -71,8 +71,11 @@ + + static + { +- algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); +- algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); ++ // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); ++ // END android-removed + algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); + algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); + algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); +@@ -116,7 +119,10 @@ + //oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); + + oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); +- oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); ++ // END android-removed + oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); + oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); + oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/PKCS7SignedData.java bcprov-jdk15-134/org/bouncycastle/jce/PKCS7SignedData.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/PKCS7SignedData.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/PKCS7SignedData.java 2010-04-30 10:57:26.000000000 -0700 +@@ -533,16 +533,18 @@ + + // Add the digestAlgorithm + // ++ // BEGIN android-changed + signerinfo.add(new AlgorithmIdentifier( + new DERObjectIdentifier(digestAlgorithm), +- new DERNull())); ++ DERNull.THE_ONE)); + + // + // Add the digestEncryptionAlgorithm + // + signerinfo.add(new AlgorithmIdentifier( + new DERObjectIdentifier(digestEncryptionAlgorithm), +- new DERNull())); ++ DERNull.THE_ONE)); ++ // END android-changed + + // + // Add the digest +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/X509V1CertificateGenerator.java bcprov-jdk15-134/org/bouncycastle/jce/X509V1CertificateGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/X509V1CertificateGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/X509V1CertificateGenerator.java 2010-04-30 10:57:26.000000000 -0700 +@@ -143,7 +143,9 @@ + throw new IllegalArgumentException("Unknown signature type requested"); + } + +- sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull()); ++ // BEGIN android-changed ++ sigAlgId = new AlgorithmIdentifier(this.sigOID, DERNull.THE_ONE); ++ // END android-changed + + tbsGen.setSignature(sigAlgId); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/X509V3CertificateGenerator.java bcprov-jdk15-134/org/bouncycastle/jce/X509V3CertificateGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/X509V3CertificateGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/X509V3CertificateGenerator.java 2010-04-30 10:57:26.000000000 -0700 +@@ -142,7 +142,9 @@ + throw new IllegalArgumentException("Unknown signature type requested"); + } + +- sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull()); ++ // BEGIN android-changed ++ sigAlgId = new AlgorithmIdentifier(this.sigOID, DERNull.THE_ONE); ++ // END android-changed + + tbsGen.setSignature(sigAlgId); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15-134/org/bouncycastle/jce/provider/BouncyCastleProvider.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-04-30 10:57:26.000000000 -0700 +@@ -73,18 +73,22 @@ + // + put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH"); + put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA"); +- put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410"); +- put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal"); ++ // BEGIN android-removed ++ // put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410"); ++ // put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal"); ++ // END android-removed + put("AlgorithmParameterGenerator.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); + put("AlgorithmParameterGenerator.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); + put("AlgorithmParameterGenerator.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); + put("AlgorithmParameterGenerator.1.3.14.3.2.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); +- put("AlgorithmParameterGenerator.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$IDEA"); +- put("AlgorithmParameterGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$IDEA"); +- put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); +- put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); +- put("AlgorithmParameterGenerator.CAST5", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$CAST5"); +- put("AlgorithmParameterGenerator.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$CAST5"); ++ // BEGIN android-removed ++ // put("AlgorithmParameterGenerator.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$IDEA"); ++ // put("AlgorithmParameterGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$IDEA"); ++ // put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); ++ // put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); ++ // put("AlgorithmParameterGenerator.CAST5", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$CAST5"); ++ // put("AlgorithmParameterGenerator.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$CAST5"); ++ // END android-removed + put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$AES"); + put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.2", "AES"); // these first 3 are wrong, but seem to have got around + put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.22", "AES"); +@@ -92,7 +96,10 @@ + put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.1.2", "AES"); + put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.1.22", "AES"); + put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.1.42", "AES"); +- put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); ++ // BEGIN android-removed ++ // put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); ++ // END android-removed ++ + // + // algorithm parameters + // +@@ -100,16 +107,23 @@ + put("AlgorithmParameters.PSS", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PSS"); + put("AlgorithmParameters.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DH"); + put("AlgorithmParameters.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DSA"); +- put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal"); ++ // BEGIN android-removed ++ // put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal"); ++ // END android-removed + put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); + put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); +- put("AlgorithmParameters.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); +- put("AlgorithmParameters.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); +- put("AlgorithmParameters.CAST5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$CAST5AlgorithmParameters"); +- put("AlgorithmParameters.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$CAST5AlgorithmParameters"); +- put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410"); +- put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); ++ // BEGIN android-removed ++ // double entry ++ // put("AlgorithmParameters.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // END android-removed ++ // BEGIN android-removed ++ // put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); ++ // put("AlgorithmParameters.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); ++ // put("AlgorithmParameters.CAST5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$CAST5AlgorithmParameters"); ++ // put("AlgorithmParameters.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$CAST5AlgorithmParameters"); ++ // put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410"); ++ // put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); ++ // END android-removed + put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); + put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); + put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); +@@ -160,18 +174,22 @@ + put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); + put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); + +- put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); +- put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); +- put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); +- put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); +- put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); +- ++ // BEGIN android-removed ++ // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); ++ // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); ++ // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); ++ // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); ++ // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); ++ // END android-removed ++ + // + // key agreement + // + put("KeyAgreement.DH", "org.bouncycastle.jce.provider.JCEDHKeyAgreement"); +- put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.JCEECDHKeyAgreement$DH"); +- put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.JCEECDHKeyAgreement$DHC"); ++ // BEGIN android-removed ++ // put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.JCEECDHKeyAgreement$DH"); ++ // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.JCEECDHKeyAgreement$DHC"); ++ // END android-removed + + // + // cipher engines +@@ -182,22 +200,25 @@ + put("Cipher.1.3.14.3.2.7", "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC"); + put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap"); + put("Cipher.1.2.840.113549.1.9.16.3.6", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap"); +- put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack"); +- put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish"); +- put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish"); +- put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2"); +- put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); +- put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); +- put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4"); +- put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); +- put("Alg.Alias.Cipher.ARCFOUR", "ARC4"); +- put("Alg.Alias.Cipher.RC4", "ARC4"); +- put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5"); +- put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC"); +- put("Alg.Alias.Cipher.RC5-32", "RC5"); +- put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564"); +- put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6"); +- put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael"); ++ // BEGIN android-removed ++ // put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack"); ++ // put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish"); ++ // put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish"); ++ // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2"); ++ // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); ++ // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); ++ // put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4"); ++ // put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); ++ // put("Alg.Alias.Cipher.ARCFOUR", "ARC4"); ++ // put("Alg.Alias.Cipher.RC4", "ARC4"); ++ // put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5"); ++ // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC"); ++ // put("Alg.Alias.Cipher.RC5-32", "RC5"); ++ // put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564"); ++ // put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6"); ++ // AES uses some functionality from Rijdael perhaps ... ++ // put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael"); ++ // END android-removed + put("Cipher.AES", "org.bouncycastle.jce.provider.JCEBlockCipher$AES"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.2", "AES"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.22", "AES"); +@@ -219,51 +240,53 @@ + put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); + put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); + +- put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent"); +- put("Cipher.CAMELLIA", "org.bouncycastle.jce.provider.JCEBlockCipher$Camellia"); +- put("Cipher.CAST5", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST5"); +- put("Cipher.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST5CBC"); +- put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6"); +- put("Cipher.IDEA", "org.bouncycastle.jce.provider.JCEBlockCipher$IDEA"); +- put("Cipher.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$IDEACBC"); ++ // BEGIN android-removed ++ // put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent"); ++ // put("Cipher.CAMELLIA", "org.bouncycastle.jce.provider.JCEBlockCipher$Camellia"); ++ // put("Cipher.CAST5", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST5"); ++ // put("Cipher.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST5CBC"); ++ // put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6"); ++ // put("Cipher.IDEA", "org.bouncycastle.jce.provider.JCEBlockCipher$IDEA"); ++ // put("Cipher.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$IDEACBC"); ++ // END android-removed + put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); +- +- put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147"); +- put("Alg.Alias.Cipher.GOST", "GOST28147"); +- put("Alg.Alias.Cipher.GOST-28147", "GOST28147"); +- +- put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc"); +- +-/* +- put("Cipher.DES/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DES_CFB8"); +- put("Cipher.DESEDE/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DESede_CFB8"); +- put("Cipher.SKIPJACK/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Skipjack_CFB8"); +- put("Cipher.BLOWFISH/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Blowfish_CFB8"); +- put("Cipher.TWOFISH/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Twofish_CFB8"); +- put("Cipher.IDEA/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$IDEA_CFB8"); +- +- put("Alg.Alias.Cipher.DES/CFB8/NOPADDING", "DES/CFB8"); +- put("Alg.Alias.Cipher.DESEDE/CFB8/NOPADDING", "DESEDE/CFB8"); +- put("Alg.Alias.Cipher.SKIPJACK/CFB8/NOPADDING", "SKIPJACK/CFB8"); +- put("Alg.Alias.Cipher.BLOWFISH/CFB8/NOPADDING", "Blowfish/CFB8"); +- put("Alg.Alias.Cipher.TWOFISH/CFB8/NOPADDING", "Twofish/CFB8"); +- put("Alg.Alias.Cipher.IDEA/CFB8/NOPADDING", "IDEA/CFB8"); +- +- put("Cipher.DES/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DES_OFB8"); +- put("Cipher.DESEDE/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DESede_OFB8"); +- put("Cipher.SKIPJACK/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Skipjack_OFB8"); +- put("Cipher.BLOWFISH/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Blowfish_OFB8"); +- put("Cipher.TWOFISH/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Twofish_OFB8"); +- put("Cipher.IDEA/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$IDEA_OFB8"); +- +- put("Alg.Alias.Cipher.DES/OFB8/NOPADDING", "DES/OFB8"); +- put("Alg.Alias.Cipher.DESEDE/OFB8/NOPADDING", "DESEDE/OFB8"); +- put("Alg.Alias.Cipher.SKIPJACK/OFB8/NOPADDING", "SKIPJACK/OFB8"); +- put("Alg.Alias.Cipher.BLOWFISH/OFB8/NOPADDING", "BLOWFISH/OFB8"); +- put("Alg.Alias.Cipher.TWOFISH/OFB8/NOPADDING", "TWOFISH/OFB8"); +- put("Alg.Alias.Cipher.IDEA/OFB8/NOPADDING", "IDEA/OFB8"); +-*/ + ++ // BEGIN android-removed ++ // put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147"); ++ // put("Alg.Alias.Cipher.GOST", "GOST28147"); ++ // put("Alg.Alias.Cipher.GOST-28147", "GOST28147"); ++ ++ // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc"); ++ ++ // put("Cipher.DES/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DES_CFB8"); ++ // put("Cipher.DESEDE/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DESede_CFB8"); ++ // put("Cipher.SKIPJACK/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Skipjack_CFB8"); ++ // put("Cipher.BLOWFISH/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Blowfish_CFB8"); ++ // put("Cipher.TWOFISH/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Twofish_CFB8"); ++ // put("Cipher.IDEA/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$IDEA_CFB8"); ++ ++ // put("Alg.Alias.Cipher.DES/CFB8/NOPADDING", "DES/CFB8"); ++ // put("Alg.Alias.Cipher.DESEDE/CFB8/NOPADDING", "DESEDE/CFB8"); ++ // put("Alg.Alias.Cipher.SKIPJACK/CFB8/NOPADDING", "SKIPJACK/CFB8"); ++ // put("Alg.Alias.Cipher.BLOWFISH/CFB8/NOPADDING", "Blowfish/CFB8"); ++ // put("Alg.Alias.Cipher.TWOFISH/CFB8/NOPADDING", "Twofish/CFB8"); ++ // put("Alg.Alias.Cipher.IDEA/CFB8/NOPADDING", "IDEA/CFB8"); ++ ++ // put("Cipher.DES/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DES_OFB8"); ++ // put("Cipher.DESEDE/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DESede_OFB8"); ++ // put("Cipher.SKIPJACK/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Skipjack_OFB8"); ++ // put("Cipher.BLOWFISH/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Blowfish_OFB8"); ++ // put("Cipher.TWOFISH/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Twofish_OFB8"); ++ // put("Cipher.IDEA/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$IDEA_OFB8"); ++ ++ // put("Alg.Alias.Cipher.DES/OFB8/NOPADDING", "DES/OFB8"); ++ // put("Alg.Alias.Cipher.DESEDE/OFB8/NOPADDING", "DESEDE/OFB8"); ++ // put("Alg.Alias.Cipher.SKIPJACK/OFB8/NOPADDING", "SKIPJACK/OFB8"); ++ // put("Alg.Alias.Cipher.BLOWFISH/OFB8/NOPADDING", "BLOWFISH/OFB8"); ++ // put("Alg.Alias.Cipher.TWOFISH/OFB8/NOPADDING", "TWOFISH/OFB8"); ++ // put("Alg.Alias.Cipher.IDEA/OFB8/NOPADDING", "IDEA/OFB8"); ++ // END android-removed ++ + put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); + put("Cipher.RSA/RAW", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); + put("Cipher.RSA/PKCS1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); +@@ -275,12 +298,16 @@ + put("Cipher.1.2.840.113549.1.1.7", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); + put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding"); + +- put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); +- put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); ++ // BEGIN android-removed ++ // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); ++ // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); ++ // END android-removed + put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); + put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); +- put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding"); +- put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding"); ++ // BEGIN android-removed ++ // put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding"); ++ // put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding"); ++ // END android-removed + + put("Alg.Alias.Cipher.RSA//RAW", "RSA"); + put("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); +@@ -288,25 +315,33 @@ + put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); + put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); + +- put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); +- put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); +- put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); ++ // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); ++ // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); ++ // END android-removed + + put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); + put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); + put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); + put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); +- put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); ++ // BEGIN android-removed ++ // put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); ++ // END android-removed + put("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES3Key"); + put("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key"); + put("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key"); + put("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES2Key"); + put("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key"); +- put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); ++ // BEGIN android-removed ++ // put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); ++ // END android-removed + put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); +- put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); +- put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); ++ // BEGIN android-removed ++ // put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); ++ // put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); ++ // END android-removed + + put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); + put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); +@@ -314,10 +349,14 @@ + + put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); +- put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "Cipher.PBEWITHSHAAND128BITRC2-CBC"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "Cipher.PBEWITHSHAAND128BITRC2-CBC"); ++ // END android-removed + put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "Cipher.PBEWITHSHAAND40BITRC2-CBC"); +- put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4"); +- put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4"); ++ // put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4"); ++ // END android-removed + + put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); + put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); +@@ -339,15 +378,19 @@ + put("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); + put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); + +- put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); +- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); +- put("Cipher.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndIDEA"); +- +- put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); +- put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); ++ // BEGIN android-removed ++ // put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); ++ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); ++ // put("Cipher.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndIDEA"); ++ // ++ // put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); ++ // put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); ++ // END android-removed + put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); +- put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); ++ // END android-removed + put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + put("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + // +@@ -358,19 +401,21 @@ + put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede"); + put("KeyGenerator.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3"); + put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede"); +- put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack"); +- put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish"); +- put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish"); +- put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); +- put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); +- put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4"); +- put("Alg.Alias.KeyGenerator.ARC4", "RC4"); +- put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4"); +- put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5"); +- put("Alg.Alias.KeyGenerator.RC5-32", "RC5"); +- put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564"); +- put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6"); +- put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael"); ++ // BEGIN android-removed ++ // put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack"); ++ // put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish"); ++ // put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish"); ++ // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); ++ // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); ++ // put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4"); ++ // put("Alg.Alias.KeyGenerator.ARC4", "RC4"); ++ // put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4"); ++ // put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5"); ++ // put("Alg.Alias.KeyGenerator.RC5-32", "RC5"); ++ // put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564"); ++ // put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6"); ++ // put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael"); ++ // END android-removed + put("KeyGenerator.AES", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES"); + put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); + put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); +@@ -391,18 +436,20 @@ + put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); + put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); + put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); +- put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent"); +- put("KeyGenerator.CAMELLIA", "org.bouncycastle.jce.provider.JCEKeyGenerator$Camellia"); +- put("KeyGenerator.CAST5", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST5"); +- put("KeyGenerator.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST5"); +- put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6"); +- put("KeyGenerator.IDEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$IDEA"); +- put("KeyGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$IDEA"); +- +- put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147"); +- put("Alg.Alias.KeyGenerator.GOST", "GOST28147"); +- put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); +- put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147"); ++ // BEGIN android-removed ++ // put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent"); ++ // put("KeyGenerator.CAMELLIA", "org.bouncycastle.jce.provider.JCEKeyGenerator$Camellia"); ++ // put("KeyGenerator.CAST5", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST5"); ++ // put("KeyGenerator.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST5"); ++ // put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6"); ++ // put("KeyGenerator.IDEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$IDEA"); ++ // put("KeyGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$IDEA"); ++ ++ // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147"); ++ // put("Alg.Alias.KeyGenerator.GOST", "GOST28147"); ++ // put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); ++ // put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147"); ++ // END android-removed + + // + // key pair generators. +@@ -410,21 +457,25 @@ + put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA"); + put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH"); + put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA"); +- put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal"); +- put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC"); +- put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDSA"); +- put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDH"); +- put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDHC"); +- put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDH"); ++ // BEGIN android-removed ++ // put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal"); ++ // put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC"); ++ // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDSA"); ++ // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDH"); ++ // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDHC"); ++ // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDH"); ++ // END android-removed + put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); + +- put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410"); +- put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); +- put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); +- +- put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECGOST3410"); +- put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); +- put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); ++ // BEGIN android-removed ++ // put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410"); ++ // put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); ++ // put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); ++ ++ // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECGOST3410"); ++ // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); ++ // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); ++ // END android-removed + + + // +@@ -433,26 +484,31 @@ + put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA"); + put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH"); + put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA"); +- put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); +- put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); +- put("KeyFactory.EC", "org.bouncycastle.jce.provider.JDKKeyFactory$EC"); +- put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDSA"); +- put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDH"); +- put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDHC"); ++ // BEGIN android-removed ++ // put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); ++ // put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); ++ // put("KeyFactory.EC", "org.bouncycastle.jce.provider.JDKKeyFactory$EC"); ++ // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDSA"); ++ // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDH"); ++ // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDHC"); ++ // END android-removed + put("KeyFactory.X.509", "org.bouncycastle.jce.provider.JDKKeyFactory$X509"); + + put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); + put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); +- put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC"); ++ // BEGIN android-removed ++ // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC"); + +- put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410"); +- put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); +- put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); +- put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); +- put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$ECGOST3410"); +- put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); +- put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); +- put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); ++ ++ // put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410"); ++ // put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); ++ // put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); ++ // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); ++ // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$ECGOST3410"); ++ // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); ++ // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); ++ // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); ++ // END android-removed + + // + // Algorithm parameters +@@ -461,15 +517,17 @@ + put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.7", "DES"); + put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); + put("AlgorithmParameters.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); +- put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); +- put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); +- put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); +- put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // BEGIN android-removed ++ // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); ++ // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); ++ // put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); ++ // put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); ++ // END android-removed + put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); + put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.2", "AES"); + put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.22", "AES"); +@@ -490,15 +548,21 @@ + put("SecretKeyFactory.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndRC2"); + put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key"); + put("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES2Key"); +- put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4"); +- put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4"); +- put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); ++ // BEGIN android-removed ++ // put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4"); ++ // put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4"); ++ // put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); ++ // BEGIN android-removed + put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); +- put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); +- put("SecretKeyFactory.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndIDEA"); +- put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); ++ // END android-removed ++ // put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); ++ // put("SecretKeyFactory.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndIDEA"); ++ // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); ++ // END android-removed + put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); +- put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); ++ // BEGIN android-removed ++ // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); ++ // END android-removed + + put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); + put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); +@@ -511,14 +575,19 @@ + put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); +- put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); ++ // BEGIN android-removed ++ // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); + +- put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); +- put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); ++ // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); ++ // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); ++ // END android-removed + put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); +- put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); +- put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); ++ // BEGIN android-removed ++ // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); ++ // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); ++ // END android-removed + put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); ++ + put("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); + put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA1"); + put("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); +@@ -577,34 +646,36 @@ + put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); + put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); + +- put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack"); +- put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC"); +- put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8"); +- put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8"); +- +- put("Mac.IDEAMAC", "org.bouncycastle.jce.provider.JCEMac$IDEA"); +- put("Alg.Alias.Mac.IDEA", "IDEAMAC"); +- put("Mac.IDEAMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$IDEACFB8"); +- put("Alg.Alias.Mac.IDEA/CFB8", "IDEAMAC/CFB8"); +- +- put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2"); +- put("Alg.Alias.Mac.RC2", "RC2MAC"); +- put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8"); +- put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); +- +- put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5"); +- put("Alg.Alias.Mac.RC5", "RC5MAC"); +- put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8"); +- put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8"); +- +- put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147"); +- +- put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); +- +- put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); +- +- addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC"); +- addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC"); ++ // BEGIN android-removed ++ // put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack"); ++ // put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC"); ++ // put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8"); ++ // put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8"); ++ // ++ // put("Mac.IDEAMAC", "org.bouncycastle.jce.provider.JCEMac$IDEA"); ++ // put("Alg.Alias.Mac.IDEA", "IDEAMAC"); ++ // put("Mac.IDEAMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$IDEACFB8"); ++ // put("Alg.Alias.Mac.IDEA/CFB8", "IDEAMAC/CFB8"); ++ // ++ // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2"); ++ // put("Alg.Alias.Mac.RC2", "RC2MAC"); ++ // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8"); ++ // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); ++ // ++ // put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5"); ++ // put("Alg.Alias.Mac.RC5", "RC5MAC"); ++ // put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8"); ++ // put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8"); ++ // ++ // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147"); ++ // ++ // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); ++ // ++ // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); ++ // ++ // addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC"); ++ // addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC"); ++ // END android-removed + addHMACAlgorithm("MD5", "org.bouncycastle.jce.provider.JCEMac$MD5", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD5HMAC"); + addHMACAlias("MD5", IANAObjectIdentifiers.hmacMD5); + +@@ -620,16 +691,20 @@ + addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512"); + addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + +- addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC"); +- addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC"); +- addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); +- +- addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER"); +- addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER); ++ // BEGIN android-removed ++ //addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC"); ++ //addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC"); ++ //addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); ++ ++ // addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER"); ++ // addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER); ++ // END android-removed + + put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); + put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); +- put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); ++ // BEGIN android-removed ++ // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); ++ // END android-removed + put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); + } + +@@ -663,16 +738,18 @@ + // + private void addMessageDigestAlgorithms() + { +- put("MessageDigest.SHA-1", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA1"); +- put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); +- put("Alg.Alias.MessageDigest.SHA", "SHA-1"); +- put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); +- put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224"); +- put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); +- put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); +- put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256"); +- put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); +- put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); ++ // BEGIN android-removed ++ // put("MessageDigest.SHA-1", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA1"); ++ // put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); ++ // put("Alg.Alias.MessageDigest.SHA", "SHA-1"); ++ // put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); ++ // put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224"); ++ // put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); ++ // put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); ++ // put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256"); ++ // put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); ++ // put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); ++ // END android-removed + put("MessageDigest.SHA-384", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA384"); + put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); + put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); +@@ -680,27 +757,29 @@ + put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); + put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); + +- put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2"); +- put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); +- put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4"); +- put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); +- put("MessageDigest.MD5", "org.bouncycastle.jce.provider.JDKMessageDigest$MD5"); +- put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); +- put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128"); +- put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); +- put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160"); +- put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); +- put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256"); +- put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); +- put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320"); +- put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger"); +- +- put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool"); +- +- put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411"); +- put("Alg.Alias.MessageDigest.GOST", "GOST3411"); +- put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); +- put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); ++ // BEGIN android-removed ++ // put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2"); ++ // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); ++ // put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4"); ++ // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); ++ // put("MessageDigest.MD5", "org.bouncycastle.jce.provider.JDKMessageDigest$MD5"); ++ // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); ++ // put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128"); ++ // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); ++ // put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160"); ++ // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); ++ // put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256"); ++ // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); ++ // put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320"); ++ // put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger"); ++ ++ // put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool"); ++ ++ // put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411"); ++ // put("Alg.Alias.MessageDigest.GOST", "GOST3411"); ++ // put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); ++ // put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); ++ // END android-removed + } + + // +@@ -708,7 +787,10 @@ + // + private void addSignatureAlgorithms() + { +- put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption"); ++ // END android-removed + put("Signature.MD4WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption"); + put("Signature.MD5WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD5WithRSAEncryption"); + put("Signature.SHA1WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption"); +@@ -716,20 +798,26 @@ + put("Signature.SHA256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA256WithRSAEncryption"); + put("Signature.SHA384WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA384WithRSAEncryption"); + put("Signature.SHA512WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA512WithRSAEncryption"); +- put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption"); +- put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption"); +- put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption"); ++ // BEGIN android-removed ++ // put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption"); ++ // put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption"); ++ // put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption"); ++ // END android-removed + put("Signature.DSA", "org.bouncycastle.jce.provider.JDKDSASigner$stdDSA"); + put("Signature.NONEWITHDSA", "org.bouncycastle.jce.provider.JDKDSASigner$noneDSA"); +- put("Signature.ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA"); +- put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR"); +- put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR224"); +- put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR256"); +- put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR384"); +- put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR512"); ++ // BEGIN android-removed ++ // put("Signature.ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA"); ++ // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR"); ++ // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR224"); ++ // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR256"); ++ // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR384"); ++ // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR512"); ++ // END android-removed + put("Signature.SHA1withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$SHA1WithRSAEncryption"); + put("Signature.MD5withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$MD5WithRSAEncryption"); +- put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption"); ++ // BEGIN android-removed ++ // put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption"); ++ // END android-removed + + put("Signature.RSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); + put("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); +@@ -747,7 +835,10 @@ + put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); + put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); + +- put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption"); ++ // END android-removed + put("Alg.Alias.Signature.MD4withRSAEncryption", "MD4WithRSAEncryption"); + put("Alg.Alias.Signature.MD5withRSAEncryption", "MD5WithRSAEncryption"); + put("Alg.Alias.Signature.SHA1withRSAEncryption", "SHA1WithRSAEncryption"); +@@ -765,12 +856,14 @@ + put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption"); + put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption"); + +- put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption"); +- +- put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption"); +- put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption"); +- put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption"); +- put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption"); ++ // put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption"); ++ // put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption"); ++ // put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption"); ++ // END android-removed + put("Alg.Alias.Signature.MD5WithRSA", "MD5WithRSAEncryption"); + put("Alg.Alias.Signature.MD5withRSA", "MD5WithRSAEncryption"); + put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSAEncryption"); +@@ -799,43 +892,54 @@ + put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSAEncryption"); + put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSAEncryption"); + put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption"); +- put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption"); ++ // put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption"); ++ // put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption"); ++ // END android-removed + put("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WithRSAEncryption"); + +- put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption"); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption"); ++ // END android-removed + put("Alg.Alias.Signature.MD5WITHRSAENCRYPTION", "MD5WithRSAEncryption"); + put("Alg.Alias.Signature.SHA1WITHRSAENCRYPTION", "SHA1WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption"); ++ // END android-removed + + put("Alg.Alias.Signature.MD5WITHRSA", "MD5WithRSAEncryption"); + put("Alg.Alias.Signature.SHA1WITHRSA", "SHA1WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); ++ // END android-removed + put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption"); +- put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); + +- put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); +- put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); +- put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA"); +- put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA"); +- put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); +- put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); +- put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); +- +- addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); +- addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); +- addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); +- addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); ++ // put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); ++ // put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); ++ // put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA"); ++ // put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA"); ++ // put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); ++ // put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); ++ // put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); ++ ++ // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); ++ // addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); ++ // addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); ++ // END android-removed + + put("Alg.Alias.Signature.SHA/DSA", "DSA"); + put("Alg.Alias.Signature.SHA1withDSA", "DSA"); +@@ -849,41 +953,45 @@ + put("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); + put("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); + put("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); +- put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); ++ // BEGIN android-removed ++ // put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); + +- put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410"); +- put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); +- put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); +- put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410"); +- put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410"); +- put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410"); +- put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); +- +- put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410"); +- put("Alg.Alias.Signature.GOST-3410", "GOST3410"); +- put("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); +- put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); +- put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); +- put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); +- put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); ++ // put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410"); ++ // put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); ++ // put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); ++ // put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410"); ++ // put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410"); ++ // put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410"); ++ // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); ++ ++ // put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410"); ++ // put("Alg.Alias.Signature.GOST-3410", "GOST3410"); ++ // put("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); ++ // put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); ++ // put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); ++ // put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); ++ // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); ++ // END android-removed + } + +- private void addSignatureAlgorithm( +- String digest, +- String algorithm, +- String className, +- DERObjectIdentifier oid) +- { +- String mainName = digest + "WITH" + algorithm; +- String jdk11Variation1 = digest + "with" + algorithm; +- String jdk11Variation2 = digest + "With" + algorithm; +- String alias = digest + "/" + algorithm; +- +- put("Signature." + mainName, className); +- put("Alg.Alias.Signature." + jdk11Variation1, mainName); +- put("Alg.Alias.Signature." + jdk11Variation2, mainName); +- put("Alg.Alias.Signature." + alias, mainName); +- put("Alg.Alias.Signature." + oid, mainName); +- put("Alg.Alias.Signature.OID." + oid, mainName); +- } ++ // BEGIN android-removed ++ // private void addSignatureAlgorithm( ++ // String digest, ++ // String algorithm, ++ // String className, ++ // DERObjectIdentifier oid) ++ // { ++ // String mainName = digest + "WITH" + algorithm; ++ // String jdk11Variation1 = digest + "with" + algorithm; ++ // String jdk11Variation2 = digest + "With" + algorithm; ++ // String alias = digest + "/" + algorithm; ++ ++ // put("Signature." + mainName, className); ++ // put("Alg.Alias.Signature." + jdk11Variation1, mainName); ++ // put("Alg.Alias.Signature." + jdk11Variation2, mainName); ++ // put("Alg.Alias.Signature." + alias, mainName); ++ // put("Alg.Alias.Signature." + oid, mainName); ++ // put("Alg.Alias.Signature.OID." + oid, mainName); ++ // } ++ // END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java bcprov-jdk15-134/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java 2010-04-30 10:57:26.000000000 -0700 +@@ -30,7 +30,9 @@ + import org.bouncycastle.crypto.InvalidCipherTextException; + import org.bouncycastle.crypto.engines.DESEngine; + import org.bouncycastle.crypto.engines.DESedeEngine; +-import org.bouncycastle.crypto.engines.TwofishEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.TwofishEngine; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.CTSBlockCipher; +@@ -609,12 +611,14 @@ + /** + * OldPBEWithSHAAndTwofish-CBC + */ +- static public class OldPBEWithSHAAndTwofish +- extends BrokenJCEBlockCipher +- { +- public OldPBEWithSHAAndTwofish() +- { +- super(new CBCBlockCipher(new TwofishEngine()), OLD_PKCS12, SHA1, 256, 128); +- } +- } ++// BEGIN android-removed ++// static public class OldPBEWithSHAAndTwofish ++// extends BrokenJCEBlockCipher ++// { ++// public OldPBEWithSHAAndTwofish() ++// { ++// super(new CBCBlockCipher(new TwofishEngine()), OLD_PKCS12, SHA1, 256, 128); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/BrokenPBE.java bcprov-jdk15-134/org/bouncycastle/jce/provider/BrokenPBE.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/BrokenPBE.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/BrokenPBE.java 2010-04-30 10:57:26.000000000 -0700 +@@ -8,7 +8,9 @@ + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.PBEParametersGenerator; + import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; +@@ -59,11 +61,13 @@ + u = 160 / 8; + v = 512 / 8; + } +- else if (digest instanceof RIPEMD160Digest) +- { +- u = 160 / 8; +- v = 512 / 8; +- } ++ // BEGIN android-removed ++ // else if (digest instanceof RIPEMD160Digest) ++ // { ++ // u = 160 / 8; ++ // v = 512 / 8; ++ // } ++ // END android-removed + else + { + throw new IllegalArgumentException("Digest " + digest.getAlgorithmName() + " unsupported"); +@@ -317,9 +321,11 @@ + case SHA1: + generator = new OldPKCS12ParametersGenerator(new SHA1Digest()); + break; +- case RIPEMD160: +- generator = new OldPKCS12ParametersGenerator(new RIPEMD160Digest()); +- break; ++ // BEGIN android-removed ++ // case RIPEMD160: ++ // generator = new OldPKCS12ParametersGenerator(new RIPEMD160Digest()); ++ // break; ++ // END android-removed + default: + throw new IllegalStateException("unknown digest scheme for PBE encryption."); + } +@@ -334,9 +340,11 @@ + case SHA1: + generator = new PKCS12ParametersGenerator(new SHA1Digest()); + break; +- case RIPEMD160: +- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); +- break; ++ // BEGIN android-removed ++ // case RIPEMD160: ++ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); ++ // break; ++ // END android-removed + default: + throw new IllegalStateException("unknown digest scheme for PBE encryption."); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15-134/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-04-30 10:57:26.000000000 -0700 +@@ -17,6 +17,7 @@ + import java.security.cert.X509CertSelector; + import java.security.cert.X509Certificate; + import java.util.ArrayList; ++import java.util.Arrays; + import java.util.Collection; + import java.util.Date; + import java.util.Enumeration; +@@ -77,12 +78,13 @@ + "privilegeWithdrawn", + "aACompromise" }; + ++// BEGIN android-changed + /** + * Search the given Set of TrustAnchor's for one that is the + * issuer of the given X509 certificate. + * + * @param cert the X509 certificate +- * @param trustAnchors a Set of TrustAnchor's ++ * @param params with trust anchors + * + * @return the <code>TrustAnchor</code> object if found or + * <code>null</code> if not. +@@ -92,15 +94,20 @@ + * has thrown an exception. This Exception can be obtainted with + * <code>getCause()</code> method. + **/ +- protected static final TrustAnchor findTrustAnchor( +- X509Certificate cert, +- CertPath certPath, +- int index, +- Set trustAnchors) +- throws CertPathValidatorException +- { +- Iterator iter = trustAnchors.iterator(); +- TrustAnchor trust = null; ++ static final TrustAnchor findTrustAnchor( ++ X509Certificate cert, ++ CertPath certPath, ++ int index, ++ PKIXParameters params) ++ throws CertPathValidatorException { ++ // If we have a trust anchor index, use it. ++ if (params instanceof IndexedPKIXParameters) { ++ IndexedPKIXParameters indexed = (IndexedPKIXParameters) params; ++ return indexed.findTrustAnchor(cert, certPath, index); ++ } ++ ++ Iterator iter = params.getTrustAnchors().iterator(); ++ TrustAnchor found = null; + PublicKey trustPublicKey = null; + Exception invalidKeyEx = null; + +@@ -115,44 +122,63 @@ + throw new CertPathValidatorException(ex); + } + +- while (iter.hasNext() && trust == null) +- { +- trust = (TrustAnchor) iter.next(); +- if (trust.getTrustedCert() != null) +- { +- if (certSelectX509.match(trust.getTrustedCert())) ++ byte[] certBytes = null; ++ try { ++ certBytes = cert.getEncoded(); ++ } catch (Exception e) { ++ // ignore, just continue ++ } ++ while (iter.hasNext() && found == null) ++ { ++ found = (TrustAnchor) iter.next(); ++ X509Certificate foundCert = found.getTrustedCert(); ++ if (foundCert != null) ++ { ++ // If the trust anchor is identical to the certificate we're ++ // done. Just return the anchor. ++ // There is similar code in PKIXCertPathValidatorSpi. ++ try { ++ byte[] foundBytes = foundCert.getEncoded(); ++ if (certBytes != null && Arrays.equals(foundBytes, ++ certBytes)) { ++ return found; ++ } ++ } catch (Exception e) { ++ // ignore, continue and verify the certificate ++ } ++ if (certSelectX509.match(foundCert)) + { +- trustPublicKey = trust.getTrustedCert().getPublicKey(); ++ trustPublicKey = foundCert.getPublicKey(); + } + else + { +- trust = null; ++ found = null; + } + } +- else if (trust.getCAName() != null +- && trust.getCAPublicKey() != null) ++ else if (found.getCAName() != null ++ && found.getCAPublicKey() != null) + { + try + { + X500Principal certIssuer = getEncodedIssuerPrincipal(cert); +- X500Principal caName = new X500Principal(trust.getCAName()); ++ X500Principal caName = new X500Principal(found.getCAName()); + if (certIssuer.equals(caName)) + { +- trustPublicKey = trust.getCAPublicKey(); ++ trustPublicKey = found.getCAPublicKey(); + } + else + { +- trust = null; ++ found = null; + } + } + catch (IllegalArgumentException ex) + { +- trust = null; ++ found = null; + } + } + else + { +- trust = null; ++ found = null; + } + + if (trustPublicKey != null) +@@ -164,18 +190,19 @@ + catch (Exception ex) + { + invalidKeyEx = ex; +- trust = null; ++ found = null; + } + } + } + +- if (trust == null && invalidKeyEx != null) ++ if (found == null && invalidKeyEx != null) + { + throw new CertPathValidatorException("TrustAnchor found but certificate validation failed.", invalidKeyEx, certPath, index); + } + +- return trust; ++ return found; + } ++// END android-changed + + protected static X500Principal getEncodedIssuerPrincipal(X509Certificate cert) + { +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/IndexedPKIXParameters.java bcprov-jdk15-134/org/bouncycastle/jce/provider/IndexedPKIXParameters.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/IndexedPKIXParameters.java 1969-12-31 16:00:00.000000000 -0800 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/IndexedPKIXParameters.java 2010-04-30 10:57:26.000000000 -0700 +@@ -0,0 +1,159 @@ ++/* ++ * Copyright (C) 2009 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++package org.bouncycastle.jce.provider; ++ ++import javax.security.auth.x500.X500Principal; ++ ++import java.security.cert.CertPath; ++import java.security.cert.CertPathValidatorException; ++import java.security.cert.CertificateEncodingException; ++import java.security.cert.PKIXParameters; ++import java.security.cert.TrustAnchor; ++import java.security.cert.X509Certificate; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.KeyStoreException; ++import java.util.ArrayList; ++import java.util.Arrays; ++import java.util.HashMap; ++import java.util.List; ++import java.util.Map; ++import java.util.Set; ++import java.util.logging.Logger; ++import java.util.logging.Level; ++ ++/** ++ * Indexes trust anchors so they can be found in O(1) time instead of O(N). ++ */ ++public class IndexedPKIXParameters extends PKIXParameters { ++ ++ final Map<Bytes, TrustAnchor> encodings ++ = new HashMap<Bytes, TrustAnchor>(); ++ final Map<X500Principal, TrustAnchor> bySubject ++ = new HashMap<X500Principal, TrustAnchor>(); ++ final Map<X500Principal, List<TrustAnchor>> byCA ++ = new HashMap<X500Principal, List<TrustAnchor>>(); ++ ++ public IndexedPKIXParameters(Set<TrustAnchor> anchors) ++ throws KeyStoreException, InvalidAlgorithmParameterException, ++ CertificateEncodingException { ++ super(anchors); ++ ++ for (TrustAnchor anchor : anchors) { ++ X509Certificate cert = anchor.getTrustedCert(); ++ ++ Bytes encoded = new Bytes(cert.getEncoded()); ++ encodings.put(encoded, anchor); ++ ++ X500Principal subject = cert.getSubjectX500Principal(); ++ if (bySubject.put(subject, anchor) != null) { ++ // TODO: Should we allow this? ++ throw new KeyStoreException("Two certs have the same subject: " ++ + subject); ++ } ++ ++ X500Principal ca = anchor.getCA(); ++ List<TrustAnchor> caAnchors = byCA.get(ca); ++ if (caAnchors == null) { ++ caAnchors = new ArrayList<TrustAnchor>(); ++ byCA.put(ca, caAnchors); ++ } ++ caAnchors.add(anchor); ++ } ++ } ++ ++ TrustAnchor findTrustAnchor(X509Certificate cert, CertPath certPath, ++ int index) throws CertPathValidatorException { ++ // Mimic the alg in CertPathValidatorUtilities.findTrustAnchor(). ++ Exception verificationException = null; ++ X500Principal issuer = cert.getIssuerX500Principal(); ++ ++ List<TrustAnchor> anchors = byCA.get(issuer); ++ if (anchors != null) { ++ for (TrustAnchor caAnchor : anchors) { ++ try { ++ cert.verify(caAnchor.getCAPublicKey()); ++ return caAnchor; ++ } catch (Exception e) { ++ verificationException = e; ++ } ++ } ++ } ++ ++ TrustAnchor anchor = bySubject.get(issuer); ++ if (anchor != null) { ++ try { ++ cert.verify(anchor.getTrustedCert().getPublicKey()); ++ return anchor; ++ } catch (Exception e) { ++ verificationException = e; ++ } ++ } ++ ++ try { ++ Bytes encoded = new Bytes(cert.getEncoded()); ++ anchor = encodings.get(encoded); ++ if (anchor != null) { ++ return anchor; ++ } ++ } catch (Exception e) { ++ Logger.getLogger(IndexedPKIXParameters.class.getName()).log( ++ Level.WARNING, "Error encoding cert.", e); ++ } ++ ++ // Throw last verification exception. ++ if (verificationException != null) { ++ throw new CertPathValidatorException("TrustAnchor found but" ++ + " certificate verification failed.", ++ verificationException, certPath, index); ++ } ++ ++ return null; ++ } ++ ++ /** ++ * Returns true if the given certificate is found in the trusted key ++ * store. ++ */ ++ public boolean isDirectlyTrusted(X509Certificate cert) { ++ try { ++ Bytes encoded = new Bytes(cert.getEncoded()); ++ return encodings.containsKey(encoded); ++ } catch (Exception e) { ++ Logger.getLogger(IndexedPKIXParameters.class.getName()).log( ++ Level.WARNING, "Error encoding cert.", e); ++ return false; ++ } ++ } ++ ++ /** ++ * Wraps a byte[] and adds equals() and hashCode() support. ++ */ ++ static class Bytes { ++ final byte[] bytes; ++ final int hash; ++ Bytes(byte[] bytes) { ++ this.bytes = bytes; ++ this.hash = Arrays.hashCode(bytes); ++ } ++ @Override public int hashCode() { ++ return hash; ++ } ++ @Override public boolean equals(Object o) { ++ return Arrays.equals(bytes, ((Bytes) o).bytes); ++ } ++ } ++} +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEBlockCipher.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-04-30 10:57:26.000000000 -0700 +@@ -31,8 +31,10 @@ + import org.bouncycastle.crypto.modes.CTSBlockCipher; + import org.bouncycastle.crypto.modes.GOFBBlockCipher; + import org.bouncycastle.crypto.modes.OFBBlockCipher; +-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; +-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; ++// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.SICBlockCipher; + import org.bouncycastle.crypto.paddings.ISO10126d2Padding; + import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +@@ -46,7 +48,9 @@ + import org.bouncycastle.crypto.params.ParametersWithSBox; + import org.bouncycastle.crypto.params.RC2Parameters; + import org.bouncycastle.crypto.params.RC5Parameters; +-import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// BEGIN android-removed ++// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// END android-removed + import org.bouncycastle.util.Strings; + + public class JCEBlockCipher extends WrapCipherSpi +@@ -61,7 +65,7 @@ + RC5ParameterSpec.class, + IvParameterSpec.class, + PBEParameterSpec.class, +- GOST28147ParameterSpec.class ++ //GOST28147ParameterSpec.class + }; + + private BlockCipher baseEngine; +@@ -206,27 +210,29 @@ + new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); + } + } +- else if (modeName.startsWith("PGP")) +- { +- if (modeName.equalsIgnoreCase("PGPCFBwithIV")) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new PaddedBufferedBlockCipher( +- new PGPCFBBlockCipher(baseEngine, true)); +- } +- else +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new PaddedBufferedBlockCipher( +- new PGPCFBBlockCipher(baseEngine, false)); +- } +- } +- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) +- { +- ivLength = 0; +- cipher = new PaddedBufferedBlockCipher( +- new OpenPGPCFBBlockCipher(baseEngine)); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("PGP")) ++ // { ++ // if (modeName.equalsIgnoreCase("PGPCFBwithIV")) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new PaddedBufferedBlockCipher( ++ // new PGPCFBBlockCipher(baseEngine, true)); ++ // } ++ // else ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new PaddedBufferedBlockCipher( ++ // new PGPCFBBlockCipher(baseEngine, false)); ++ // } ++ // } ++ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) ++ // { ++ // ivLength = 0; ++ // cipher = new PaddedBufferedBlockCipher( ++ // new OpenPGPCFBBlockCipher(baseEngine)); ++ // } ++ // END android-removed + else if (modeName.startsWith("SIC")) + { + ivLength = baseEngine.getBlockSize(); +@@ -403,19 +409,21 @@ + param = new KeyParameter(key.getEncoded()); + } + } +- else if (params instanceof GOST28147ParameterSpec) +- { +- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; +- +- param = new ParametersWithSBox( +- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); +- +- if (gost28147Param.getIV() != null && ivLength != 0) +- { +- param = new ParametersWithIV(param, gost28147Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } +- } ++ // BEGIN android-removed ++ // else if (params instanceof GOST28147ParameterSpec) ++ // { ++ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; ++ // ++ // param = new ParametersWithSBox( ++ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); ++ // ++ // if (gost28147Param.getIV() != null && ivLength != 0) ++ // { ++ // param = new ParametersWithIV(param, gost28147Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // END android-removed + else if (params instanceof RC2ParameterSpec) + { + RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; +@@ -658,10 +666,21 @@ + int inputLen, + byte[] output, + int outputOffset) +- throws IllegalBlockSizeException, BadPaddingException ++ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException + { ++ // BEGIN android-note ++ // added ShortBufferException to the throws statement ++ // END android-note + int len = 0; + ++ // BEGIN android-added ++ int outputLen = cipher.getOutputSize(inputLen); ++ ++ if (outputLen + outputOffset > output.length) { ++ throw new ShortBufferException("need at least " + outputLen + " bytes"); ++ } ++ // BEGIN android-added ++ + if (inputLen != 0) + { + len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); +@@ -736,119 +755,25 @@ + /** + * GOST28147 + */ +- static public class GOST28147 +- extends JCEBlockCipher +- { +- public GOST28147() +- { +- super(new GOST28147Engine()); +- } +- } +- +- static public class GOST28147cbc +- extends JCEBlockCipher +- { +- public GOST28147cbc() +- { +- super(new CBCBlockCipher(new GOST28147Engine()), 64); +- } +- } +- +- /** +- * SKIPJACK +- */ +- static public class Skipjack +- extends JCEBlockCipher +- { +- public Skipjack() +- { +- super(new SkipjackEngine()); +- } +- } +- +- /** +- * Blowfish +- */ +- static public class Blowfish +- extends JCEBlockCipher +- { +- public Blowfish() +- { +- super(new BlowfishEngine()); +- } +- } +- +- /** +- * Twofish +- */ +- static public class Twofish +- extends JCEBlockCipher +- { +- public Twofish() +- { +- super(new TwofishEngine()); +- } +- } +- +- /** +- * RC2 +- */ +- static public class RC2 +- extends JCEBlockCipher +- { +- public RC2() +- { +- super(new RC2Engine()); +- } +- } +- +- /** +- * RC2CBC +- */ +- static public class RC2CBC +- extends JCEBlockCipher +- { +- public RC2CBC() +- { +- super(new CBCBlockCipher(new RC2Engine()), 64); +- } +- } +- +- /** +- * RC5 +- */ +- static public class RC5 +- extends JCEBlockCipher +- { +- public RC5() +- { +- super(new RC532Engine()); +- } +- } +- +- /** +- * RC564 +- */ +- static public class RC564 +- extends JCEBlockCipher +- { +- public RC564() +- { +- super(new RC564Engine()); +- } +- } +- +- /** +- * RC6 +- */ +- static public class RC6 +- extends JCEBlockCipher +- { +- public RC6() +- { +- super(new RC6Engine()); +- } +- } ++ // BEGIN android-removed ++ // static public class GOST28147 ++ // extends JCEBlockCipher ++ // { ++ // public GOST28147() ++ // { ++ // super(new GOST28147Engine()); ++ // } ++ // } ++ // ++ // static public class GOST28147cbc ++ // extends JCEBlockCipher ++ // { ++ // public GOST28147cbc() ++ // { ++ // super(new CBCBlockCipher(new GOST28147Engine()), 64); ++ // } ++ // } ++ // END android-removed + + /** + * AES +@@ -897,102 +822,62 @@ + super(new OFBBlockCipher(new AESFastEngine(), 128), 128); + } + } +- +- /** +- * Rijndael +- */ +- static public class Rijndael +- extends JCEBlockCipher +- { +- public Rijndael() +- { +- super(new RijndaelEngine()); +- } +- } +- +- /** +- * Serpent +- */ +- static public class Serpent +- extends JCEBlockCipher +- { +- public Serpent() +- { +- super(new SerpentEngine()); +- } +- } + + /** + * Camellia + */ +- static public class Camellia +- extends JCEBlockCipher +- { +- public Camellia() +- { +- super(new CamelliaEngine()); +- } +- } ++ // BEGIN android-removed ++ // static public class Camellia ++ // extends JCEBlockCipher ++ // { ++ // public Camellia() ++ // { ++ // super(new CamelliaEngine()); ++ // } ++ // } ++ // END android-removed + + /** + * CAST5 + */ +- static public class CAST5 +- extends JCEBlockCipher +- { +- public CAST5() +- { +- super(new CAST5Engine()); +- } +- } ++ // BEGIN android-removed ++ // static public class CAST5 ++ // extends JCEBlockCipher ++ // { ++ // public CAST5() ++ // { ++ // super(new CAST5Engine()); ++ // } ++ // } ++ // END android-removed + + /** + * CAST5 CBC + */ +- static public class CAST5CBC +- extends JCEBlockCipher +- { +- public CAST5CBC() +- { +- super(new CBCBlockCipher(new CAST5Engine()), 64); +- } +- } ++ // BEGIN android-removed ++ // static public class CAST5CBC ++ // extends JCEBlockCipher ++ // { ++ // public CAST5CBC() ++ // { ++ // super(new CBCBlockCipher(new CAST5Engine()), 64); ++ // } ++ // } ++ // END android-removed + + /** + * CAST6 + */ +- static public class CAST6 +- extends JCEBlockCipher +- { +- public CAST6() +- { +- super(new CAST6Engine()); +- } +- } +- +- /** +- * IDEA +- */ +- static public class IDEA +- extends JCEBlockCipher +- { +- public IDEA() +- { +- super(new IDEAEngine()); +- } +- } +- +- /** +- * IDEA CBC +- */ +- static public class IDEACBC +- extends JCEBlockCipher +- { +- public IDEACBC() +- { +- super(new CBCBlockCipher(new IDEAEngine()), 64); +- } +- } ++ // BEGIN android-removed ++ // static public class CAST6 ++ // extends JCEBlockCipher ++ // { ++ // public CAST6() ++ // { ++ // super(new CAST6Engine()); ++ // } ++ // } ++ // BEGIN android-removed + + /** + * PBEWithMD5AndDES +@@ -1031,18 +916,6 @@ + } + + /** +- * PBEWithSHA1AndRC2 +- */ +- static public class PBEWithSHA1AndRC2 +- extends JCEBlockCipher +- { +- public PBEWithSHA1AndRC2() +- { +- super(new CBCBlockCipher(new RC2Engine())); +- } +- } +- +- /** + * PBEWithSHAAnd3-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES3Key +@@ -1065,21 +938,21 @@ + super(new CBCBlockCipher(new DESedeEngine())); + } + } +- ++ + /** +- * PBEWithSHAAnd128BitRC2-CBC ++ * PBEWithAES-CBC + */ +- static public class PBEWithSHAAnd128BitRC2 ++ static public class PBEWithAESCBC + extends JCEBlockCipher + { +- public PBEWithSHAAnd128BitRC2() ++ public PBEWithAESCBC() + { +- super(new CBCBlockCipher(new RC2Engine())); ++ super(new CBCBlockCipher(new AESFastEngine())); + } + } +- ++ + /** +- * PBEWithSHAAnd40BitRC2-CBC ++ * PBEWITHSHAAND40BITRC2-CBC + */ + static public class PBEWithSHAAnd40BitRC2 + extends JCEBlockCipher +@@ -1089,40 +962,4 @@ + super(new CBCBlockCipher(new RC2Engine())); + } + } +- +- /** +- * PBEWithSHAAndTwofish-CBC +- */ +- static public class PBEWithSHAAndTwofish +- extends JCEBlockCipher +- { +- public PBEWithSHAAndTwofish() +- { +- super(new CBCBlockCipher(new TwofishEngine())); +- } +- } +- +- /** +- * PBEWithSHAAndIDEA-CBC +- */ +- static public class PBEWithSHAAndIDEA +- extends JCEBlockCipher +- { +- public PBEWithSHAAndIDEA() +- { +- super(new CBCBlockCipher(new IDEAEngine())); +- } +- } +- +- /** +- * PBEWithAES-CBC +- */ +- static public class PBEWithAESCBC +- extends JCEBlockCipher +- { +- public PBEWithAESCBC() +- { +- super(new CBCBlockCipher(new AESFastEngine())); +- } +- } + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEIESCipher.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEIESCipher.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEIESCipher.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEIESCipher.java 2010-04-30 10:57:26.000000000 -0700 +@@ -17,14 +17,18 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.InvalidCipherTextException; + import org.bouncycastle.crypto.agreement.DHBasicAgreement; +-import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.engines.IESEngine; + import org.bouncycastle.crypto.generators.KDF2BytesGenerator; + import org.bouncycastle.crypto.macs.HMac; + import org.bouncycastle.crypto.params.IESParameters; +-import org.bouncycastle.jce.interfaces.ECPrivateKey; +-import org.bouncycastle.jce.interfaces.ECPublicKey; ++// BEGIN android-removed ++// import org.bouncycastle.jce.interfaces.ECPrivateKey; ++// import org.bouncycastle.jce.interfaces.ECPublicKey; ++// END android-removed + import org.bouncycastle.jce.interfaces.IESKey; + import org.bouncycastle.jce.spec.IESParameterSpec; + +@@ -71,12 +75,14 @@ + + return k.getX().bitLength(); + } +- else if (ieKey.getPrivate() instanceof ECPrivateKey) +- { +- ECPrivateKey k = (ECPrivateKey)ieKey.getPrivate(); +- +- return k.getD().bitLength(); +- } ++ // BEGIN android-removed ++ // else if (ieKey.getPrivate() instanceof ECPrivateKey) ++ // { ++ // ECPrivateKey k = (ECPrivateKey)ieKey.getPrivate(); ++ // ++ // return k.getD().bitLength(); ++ // } ++ // END android-removed + + throw new IllegalArgumentException("not an IE key!"); + } +@@ -175,16 +181,20 @@ + CipherParameters pubKey; + CipherParameters privKey; + +- if (ieKey.getPublic() instanceof ECPublicKey) +- { +- pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic()); +- privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate()); +- } +- else +- { ++ // BEGIN android-removed ++ // if (ieKey.getPublic() instanceof ECPublicKey) ++ // { ++ // pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic()); ++ // privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate()); ++ // } ++ // else ++ // { ++ // END android-removed + pubKey = DHUtil.generatePublicKeyParameter(ieKey.getPublic()); + privKey = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate()); +- } ++ // BEGIN android-removed ++ // } ++ // END android-removed + + this.engineParams = (IESParameterSpec)params; + +@@ -344,17 +354,19 @@ + /** + * classes that inherit from us. + */ +- static public class BrokenECIES +- extends JCEIESCipher +- { +- public BrokenECIES() +- { +- super(new IESEngine( +- new ECDHBasicAgreement(), +- new BrokenKDF2BytesGenerator(new SHA1Digest()), +- new HMac(new SHA1Digest()))); +- } +- } ++// BEGIN android-removed ++// static public class BrokenECIES ++// extends JCEIESCipher ++// { ++// public BrokenECIES() ++// { ++// super(new IESEngine( ++// new ECDHBasicAgreement(), ++// new BrokenKDF2BytesGenerator(new SHA1Digest()), ++// new HMac(new SHA1Digest()))); ++// } ++// } ++// END android-removed + + static public class BrokenIES + extends JCEIESCipher +@@ -368,17 +380,19 @@ + } + } + +- static public class ECIES +- extends JCEIESCipher +- { +- public ECIES() +- { +- super(new IESEngine( +- new ECDHBasicAgreement(), +- new KDF2BytesGenerator(new SHA1Digest()), +- new HMac(new SHA1Digest()))); +- } +- } ++// BEGIN android-removed ++// static public class ECIES ++// extends JCEIESCipher ++// { ++// public ECIES() ++// { ++// super(new IESEngine( ++// new ECDHBasicAgreement(), ++// new KDF2BytesGenerator(new SHA1Digest()), ++// new HMac(new SHA1Digest()))); ++// } ++// } ++// END android-removed + + static public class IES + extends JCEIESCipher +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEKeyGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-04-30 10:57:26.000000000 -0700 +@@ -402,17 +402,19 @@ + + // HMAC Related secret keys.. + +- /** +- * MD2HMAC +- */ +- public static class MD2HMAC +- extends JCEKeyGenerator +- { +- public MD2HMAC() +- { +- super("HMACMD2", 128, new CipherKeyGenerator()); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * MD2HMAC ++ // */ ++ // public static class MD2HMAC ++ // extends JCEKeyGenerator ++ // { ++ // public MD2HMAC() ++ // { ++ // super("HMACMD2", 128, new CipherKeyGenerator()); ++ // } ++ // } ++ // END android-removed + + + /** +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEMac.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEMac.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEMac.java 2010-04-30 10:57:26.000000000 -0700 +@@ -14,13 +14,17 @@ + import org.bouncycastle.crypto.digests.*; + import org.bouncycastle.crypto.engines.DESEngine; + import org.bouncycastle.crypto.engines.DESedeEngine; +-import org.bouncycastle.crypto.engines.IDEAEngine; +-import org.bouncycastle.crypto.engines.RC2Engine; +-import org.bouncycastle.crypto.engines.RC532Engine; +-import org.bouncycastle.crypto.engines.SkipjackEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.IDEAEngine; ++// import org.bouncycastle.crypto.engines.RC2Engine; ++// import org.bouncycastle.crypto.engines.RC532Engine; ++// import org.bouncycastle.crypto.engines.SkipjackEngine; ++// END android-removed + import org.bouncycastle.crypto.macs.CBCBlockCipherMac; + import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +-import org.bouncycastle.crypto.macs.GOST28147Mac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.GOST28147Mac; ++// END android-removed + import org.bouncycastle.crypto.macs.HMac; + import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; + import org.bouncycastle.crypto.macs.OldHMac; +@@ -163,62 +167,72 @@ + /** + * SKIPJACK + */ +- public static class Skipjack +- extends JCEMac +- { +- public Skipjack() +- { +- super(new CBCBlockCipherMac(new SkipjackEngine())); +- } +- } ++ // BEGIN android-removed ++ // public static class Skipjack ++ // extends JCEMac ++ // { ++ // public Skipjack() ++ // { ++ // super(new CBCBlockCipherMac(new SkipjackEngine())); ++ // } ++ // } ++ // END android-removed + + /** + * IDEA + */ +- public static class IDEA +- extends JCEMac +- { +- public IDEA() +- { +- super(new CBCBlockCipherMac(new IDEAEngine())); +- } +- } ++ // BEGIN android-removed ++ // public static class IDEA ++ // extends JCEMac ++ // { ++ // public IDEA() ++ // { ++ // super(new CBCBlockCipherMac(new IDEAEngine())); ++ // } ++ // } ++ // END android-removed + + /** + * RC2 + */ +- public static class RC2 +- extends JCEMac +- { +- public RC2() +- { +- super(new CBCBlockCipherMac(new RC2Engine())); +- } +- } ++ // BEGIN android-removed ++ // public static class RC2 ++ // extends JCEMac ++ // { ++ // public RC2() ++ // { ++ // super(new CBCBlockCipherMac(new RC2Engine())); ++ // } ++ // } ++ // END android-removed + + /** + * RC5 + */ +- public static class RC5 +- extends JCEMac +- { +- public RC5() +- { +- super(new CBCBlockCipherMac(new RC532Engine())); +- } +- } ++ // BEGIN android-removed ++ // public static class RC5 ++ // extends JCEMac ++ // { ++ // public RC5() ++ // { ++ // super(new CBCBlockCipherMac(new RC532Engine())); ++ // } ++ // } ++ // END android-removed + + /** + * GOST28147 + */ +- public static class GOST28147 +- extends JCEMac +- { +- public GOST28147() +- { +- super(new GOST28147Mac()); +- } +- } ++ // BEGIN android-removed ++ // public static class GOST28147 ++ // extends JCEMac ++ // { ++ // public GOST28147() ++ // { ++ // super(new GOST28147Mac()); ++ // } ++ // } ++ // END android-removed + + /** + * DES +@@ -247,50 +261,58 @@ + /** + * SKIPJACK + */ +- public static class SkipjackCFB8 +- extends JCEMac +- { +- public SkipjackCFB8() +- { +- super(new CFBBlockCipherMac(new SkipjackEngine())); +- } +- } ++ // BEGIN android-removed ++ // public static class SkipjackCFB8 ++ // extends JCEMac ++ // { ++ // public SkipjackCFB8() ++ // { ++ // super(new CFBBlockCipherMac(new SkipjackEngine())); ++ // } ++ // } ++ // END android-removed + + /** + * IDEACFB8 + */ +- public static class IDEACFB8 +- extends JCEMac +- { +- public IDEACFB8() +- { +- super(new CFBBlockCipherMac(new IDEAEngine())); +- } +- } ++ // BEGIN android-removed ++ // public static class IDEACFB8 ++ // extends JCEMac ++ // { ++ // public IDEACFB8() ++ // { ++ // super(new CFBBlockCipherMac(new IDEAEngine())); ++ // } ++ // } ++ // END android-removed + + /** + * RC2CFB8 + */ +- public static class RC2CFB8 +- extends JCEMac +- { +- public RC2CFB8() +- { +- super(new CFBBlockCipherMac(new RC2Engine())); +- } +- } ++ // BEGIN android-removed ++ // public static class RC2CFB8 ++ // extends JCEMac ++ // { ++ // public RC2CFB8() ++ // { ++ // super(new CFBBlockCipherMac(new RC2Engine())); ++ // } ++ // } ++ // END android-removed + + /** + * RC5CFB8 + */ +- public static class RC5CFB8 +- extends JCEMac +- { +- public RC5CFB8() +- { +- super(new CFBBlockCipherMac(new RC532Engine())); +- } +- } ++ // BEGIN android-removed ++ // public static class RC5CFB8 ++ // extends JCEMac ++ // { ++ // public RC5CFB8() ++ // { ++ // super(new CFBBlockCipherMac(new RC532Engine())); ++ // } ++ // } ++ // END android-removed + + + /** +@@ -320,26 +342,30 @@ + /** + * MD2 HMac + */ +- public static class MD2 +- extends JCEMac +- { +- public MD2() +- { +- super(new HMac(new MD2Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class MD2 ++ // extends JCEMac ++ // { ++ // public MD2() ++ // { ++ // super(new HMac(new MD2Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * MD4 HMac + */ +- public static class MD4 +- extends JCEMac +- { +- public MD4() +- { +- super(new HMac(new MD4Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class MD4 ++ // extends JCEMac ++ // { ++ // public MD4() ++ // { ++ // super(new HMac(new MD4Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * MD5 HMac +@@ -434,59 +460,61 @@ + } + } + +- /** +- * RIPEMD128 HMac +- */ +- public static class RIPEMD128 +- extends JCEMac +- { +- public RIPEMD128() +- { +- super(new HMac(new RIPEMD128Digest())); +- } +- } +- +- /** +- * RIPEMD160 HMac +- */ +- public static class RIPEMD160 +- extends JCEMac +- { +- public RIPEMD160() +- { +- super(new HMac(new RIPEMD160Digest())); +- } +- } +- +- /** +- * Tiger HMac +- */ +- public static class Tiger +- extends JCEMac +- { +- public Tiger() +- { +- super(new HMac(new TigerDigest())); +- } +- } +- +- // +- // PKCS12 states that the same algorithm should be used +- // for the key generation as is used in the HMAC, so that +- // is what we do here. +- // +- +- /** +- * PBEWithHmacRIPEMD160 +- */ +- public static class PBEWithRIPEMD160 +- extends JCEMac +- { +- public PBEWithRIPEMD160() +- { +- super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); +- } +- } ++// BEGIN android-removed ++// /** ++// * RIPEMD128 HMac ++// */ ++// public static class RIPEMD128 ++// extends JCEMac ++// { ++// public RIPEMD128() ++// { ++// super(new HMac(new RIPEMD128Digest())); ++// } ++// } ++// ++// /** ++// * RIPEMD160 HMac ++// */ ++// public static class RIPEMD160 ++// extends JCEMac ++// { ++// public RIPEMD160() ++// { ++// super(new HMac(new RIPEMD160Digest())); ++// } ++// } ++// ++// /** ++// * Tiger HMac ++// */ ++// public static class Tiger ++// extends JCEMac ++// { ++// public Tiger() ++// { ++// super(new HMac(new TigerDigest())); ++// } ++// } ++// ++// // ++// // PKCS12 states that the same algorithm should be used ++// // for the key generation as is used in the HMAC, so that ++// // is what we do here. ++// // ++// ++// /** ++// * PBEWithHmacRIPEMD160 ++// */ ++// public static class PBEWithRIPEMD160 ++// extends JCEMac ++// { ++// public PBEWithRIPEMD160() ++// { ++// super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); ++// } ++// } ++// END android-removed + + /** + * PBEWithHmacSHA +@@ -503,12 +531,14 @@ + /** + * PBEWithHmacTiger + */ +- public static class PBEWithTiger +- extends JCEMac +- { +- public PBEWithTiger() +- { +- super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); +- } +- } ++// BEGIN android-removed ++// public static class PBEWithTiger ++// extends JCEMac ++// { ++// public PBEWithTiger() ++// { ++// super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-04-30 10:57:26.000000000 -0700 +@@ -126,7 +126,9 @@ + */ + public byte[] getEncoded() + { +- PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject()); ++ // BEGIN android-changed ++ PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.THE_ONE), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject()); ++ // END android-changed + + return info.getDEREncoded(); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCERSAPublicKey.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-04-30 10:57:26.000000000 -0700 +@@ -90,7 +90,9 @@ + + public byte[] getEncoded() + { +- SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject()); ++ // BEGIN android-changed ++ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.THE_ONE), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject()); ++ // END android-changed + + return info.getDEREncoded(); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-04-30 10:57:26.000000000 -0700 +@@ -392,18 +392,19 @@ + super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); + } + } +- +- /** +- * PBEWithSHAAnd128BitRC2-CBC +- */ +- static public class PBEWithSHAAnd128BitRC2 +- extends PBEKeyFactory +- { +- public PBEWithSHAAnd128BitRC2() +- { +- super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); +- } +- } ++// BEGIN android-removed ++// /** ++// * PBEWithSHAAnd128BitRC2-CBC ++// */ ++// static public class PBEWithSHAAnd128BitRC2 ++// extends PBEKeyFactory ++// { ++// public PBEWithSHAAnd128BitRC2() ++// { ++// super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); ++// } ++// } ++// END android-removed + + /** + * PBEWithSHAAnd40BitRC2-CBC +@@ -417,65 +418,67 @@ + } + } + +- /** +- * PBEWithSHAAndTwofish-CBC +- */ +- static public class PBEWithSHAAndTwofish +- extends PBEKeyFactory +- { +- public PBEWithSHAAndTwofish() +- { +- super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); +- } +- } +- +- /** +- * PBEWithSHAAndIDEA-CBC +- */ +- static public class PBEWithSHAAndIDEA +- extends PBEKeyFactory +- { +- public PBEWithSHAAndIDEA() +- { +- super("PBEwithSHAandIDEA-CBC", null, true, PKCS12, SHA1, 128, 64); +- } +- } +- +- /** +- * PBEWithSHAAnd128BitRC4 +- */ +- static public class PBEWithSHAAnd128BitRC4 +- extends PBEKeyFactory +- { +- public PBEWithSHAAnd128BitRC4() +- { +- super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); +- } +- } +- +- /** +- * PBEWithSHAAnd40BitRC4 +- */ +- static public class PBEWithSHAAnd40BitRC4 +- extends PBEKeyFactory +- { +- public PBEWithSHAAnd40BitRC4() +- { +- super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); +- } +- } +- +- /** +- * PBEWithHmacRIPEMD160 +- */ +- public static class PBEWithRIPEMD160 +- extends PBEKeyFactory +- { +- public PBEWithRIPEMD160() +- { +- super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); +- } +- } ++// BEGIN android-removed ++// /** ++// * PBEWithSHAAndTwofish-CBC ++// */ ++// static public class PBEWithSHAAndTwofish ++// extends PBEKeyFactory ++// { ++// public PBEWithSHAAndTwofish() ++// { ++// super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); ++// } ++// } ++// ++// /** ++// * PBEWithSHAAndIDEA-CBC ++// */ ++// static public class PBEWithSHAAndIDEA ++// extends PBEKeyFactory ++// { ++// public PBEWithSHAAndIDEA() ++// { ++// super("PBEwithSHAandIDEA-CBC", null, true, PKCS12, SHA1, 128, 64); ++// } ++// } ++// ++// /** ++// * PBEWithSHAAnd128BitRC4 ++// */ ++// static public class PBEWithSHAAnd128BitRC4 ++// extends PBEKeyFactory ++// { ++// public PBEWithSHAAnd128BitRC4() ++// { ++// super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); ++// } ++// } ++// ++// /** ++// * PBEWithSHAAnd40BitRC4 ++// */ ++// static public class PBEWithSHAAnd40BitRC4 ++// extends PBEKeyFactory ++// { ++// public PBEWithSHAAnd40BitRC4() ++// { ++// super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); ++// } ++// } ++// ++// /** ++// * PBEWithHmacRIPEMD160 ++// */ ++// public static class PBEWithRIPEMD160 ++// extends PBEKeyFactory ++// { ++// public PBEWithRIPEMD160() ++// { ++// super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); ++// } ++// } ++// END android-removed + + /** + * PBEWithHmacSHA +@@ -489,17 +492,19 @@ + } + } + +- /** +- * PBEWithHmacTiger +- */ +- public static class PBEWithTiger +- extends PBEKeyFactory +- { +- public PBEWithTiger() +- { +- super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); +- } +- } ++// BEGIN android-removed ++// /** ++// * PBEWithHmacTiger ++// */ ++// public static class PBEWithTiger ++// extends PBEKeyFactory ++// { ++// public PBEWithTiger() ++// { ++// super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); ++// } ++// } ++// END android-removed + + /** + * PBEWithSHA1And128BitAES-BC +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEStreamCipher.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-04-30 10:57:26.000000000 -0700 +@@ -21,13 +21,17 @@ + import org.bouncycastle.crypto.DataLengthException; + import org.bouncycastle.crypto.StreamBlockCipher; + import org.bouncycastle.crypto.StreamCipher; +-import org.bouncycastle.crypto.engines.BlowfishEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.BlowfishEngine; ++// END android-removed + import org.bouncycastle.crypto.engines.DESEngine; + import org.bouncycastle.crypto.engines.DESedeEngine; +-import org.bouncycastle.crypto.engines.IDEAEngine; +-import org.bouncycastle.crypto.engines.RC4Engine; +-import org.bouncycastle.crypto.engines.SkipjackEngine; +-import org.bouncycastle.crypto.engines.TwofishEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.IDEAEngine; ++// import org.bouncycastle.crypto.engines.RC4Engine; ++// import org.bouncycastle.crypto.engines.SkipjackEngine; ++// import org.bouncycastle.crypto.engines.TwofishEngine; ++// END android-removed + import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.OFBBlockCipher; + import org.bouncycastle.crypto.params.KeyParameter; +@@ -393,53 +397,55 @@ + } + } + +- /** +- * SKIPJACK +- */ +- static public class Skipjack_CFB8 +- extends JCEStreamCipher +- { +- public Skipjack_CFB8() +- { +- super(new CFBBlockCipher(new SkipjackEngine(), 8), 64); +- } +- } +- +- /** +- * Blowfish +- */ +- static public class Blowfish_CFB8 +- extends JCEStreamCipher +- { +- public Blowfish_CFB8() +- { +- super(new CFBBlockCipher(new BlowfishEngine(), 8), 64); +- } +- } +- +- /** +- * Twofish +- */ +- static public class Twofish_CFB8 +- extends JCEStreamCipher +- { +- public Twofish_CFB8() +- { +- super(new CFBBlockCipher(new TwofishEngine(), 8), 128); +- } +- } +- +- /** +- * IDEA +- */ +- static public class IDEA_CFB8 +- extends JCEStreamCipher +- { +- public IDEA_CFB8() +- { +- super(new CFBBlockCipher(new IDEAEngine(), 8), 64); +- } +- } ++// BEGIN android-removed ++// /** ++// * SKIPJACK ++// */ ++// static public class Skipjack_CFB8 ++// extends JCEStreamCipher ++// { ++// public Skipjack_CFB8() ++// { ++// super(new CFBBlockCipher(new SkipjackEngine(), 8), 64); ++// } ++// } ++// ++// /** ++// * Blowfish ++// */ ++// static public class Blowfish_CFB8 ++// extends JCEStreamCipher ++// { ++// public Blowfish_CFB8() ++// { ++// super(new CFBBlockCipher(new BlowfishEngine(), 8), 64); ++// } ++// } ++// ++// /** ++// * Twofish ++// */ ++// static public class Twofish_CFB8 ++// extends JCEStreamCipher ++// { ++// public Twofish_CFB8() ++// { ++// super(new CFBBlockCipher(new TwofishEngine(), 8), 128); ++// } ++// } ++// ++// /** ++// * IDEA ++// */ ++// static public class IDEA_CFB8 ++// extends JCEStreamCipher ++// { ++// public IDEA_CFB8() ++// { ++// super(new CFBBlockCipher(new IDEAEngine(), 8), 64); ++// } ++// } ++// END android-removed + + /** + * DES +@@ -465,87 +471,89 @@ + } + } + +- /** +- * SKIPJACK +- */ +- static public class Skipjack_OFB8 +- extends JCEStreamCipher +- { +- public Skipjack_OFB8() +- { +- super(new OFBBlockCipher(new SkipjackEngine(), 8), 64); +- } +- } +- +- /** +- * Blowfish +- */ +- static public class Blowfish_OFB8 +- extends JCEStreamCipher +- { +- public Blowfish_OFB8() +- { +- super(new OFBBlockCipher(new BlowfishEngine(), 8), 64); +- } +- } +- +- /** +- * Twofish +- */ +- static public class Twofish_OFB8 +- extends JCEStreamCipher +- { +- public Twofish_OFB8() +- { +- super(new OFBBlockCipher(new TwofishEngine(), 8), 128); +- } +- } +- +- /** +- * IDEA +- */ +- static public class IDEA_OFB8 +- extends JCEStreamCipher +- { +- public IDEA_OFB8() +- { +- super(new OFBBlockCipher(new IDEAEngine(), 8), 64); +- } +- } +- +- /** +- * RC4 +- */ +- static public class RC4 +- extends JCEStreamCipher +- { +- public RC4() +- { +- super(new RC4Engine()); +- } +- } +- +- /** +- * PBEWithSHAAnd128BitRC4 +- */ +- static public class PBEWithSHAAnd128BitRC4 +- extends JCEStreamCipher +- { +- public PBEWithSHAAnd128BitRC4() +- { +- super(new RC4Engine()); +- } +- } +- +- /** +- * PBEWithSHAAnd40BitRC4 +- */ +- static public class PBEWithSHAAnd40BitRC4 +- extends JCEStreamCipher +- { +- public PBEWithSHAAnd40BitRC4() +- { +- super(new RC4Engine()); +- } +- } ++// BEGIN android-removed ++// /** ++// * SKIPJACK ++// */ ++// static public class Skipjack_OFB8 ++// extends JCEStreamCipher ++// { ++// public Skipjack_OFB8() ++// { ++// super(new OFBBlockCipher(new SkipjackEngine(), 8), 64); ++// } ++// } ++// ++// /** ++// * Blowfish ++// */ ++// static public class Blowfish_OFB8 ++// extends JCEStreamCipher ++// { ++// public Blowfish_OFB8() ++// { ++// super(new OFBBlockCipher(new BlowfishEngine(), 8), 64); ++// } ++// } ++// ++// /** ++// * Twofish ++// */ ++// static public class Twofish_OFB8 ++// extends JCEStreamCipher ++// { ++// public Twofish_OFB8() ++// { ++// super(new OFBBlockCipher(new TwofishEngine(), 8), 128); ++// } ++// } ++// ++// /** ++// * IDEA ++// */ ++// static public class IDEA_OFB8 ++// extends JCEStreamCipher ++// { ++// public IDEA_OFB8() ++// { ++// super(new OFBBlockCipher(new IDEAEngine(), 8), 64); ++// } ++// } ++// ++// /** ++// * RC4 ++// */ ++// static public class RC4 ++// extends JCEStreamCipher ++// { ++// public RC4() ++// { ++// super(new RC4Engine()); ++// } ++// } ++// ++// /** ++// * PBEWithSHAAnd128BitRC4 ++// */ ++// static public class PBEWithSHAAnd128BitRC4 ++// extends JCEStreamCipher ++// { ++// public PBEWithSHAAnd128BitRC4() ++// { ++// super(new RC4Engine()); ++// } ++// } ++// ++// /** ++// * PBEWithSHAAnd40BitRC4 ++// */ ++// static public class PBEWithSHAAnd40BitRC4 ++// extends JCEStreamCipher ++// { ++// public PBEWithSHAAnd40BitRC4() ++// { ++// super(new RC4Engine()); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-04-30 10:57:26.000000000 -0700 +@@ -14,14 +14,18 @@ + + import org.bouncycastle.crypto.generators.DHParametersGenerator; + import org.bouncycastle.crypto.generators.DSAParametersGenerator; +-import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; +-import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; ++// import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; ++// END android-removed + import org.bouncycastle.crypto.params.DHParameters; + import org.bouncycastle.crypto.params.DSAParameters; +-import org.bouncycastle.crypto.params.ElGamalParameters; +-import org.bouncycastle.crypto.params.GOST3410Parameters; +-import org.bouncycastle.jce.spec.GOST3410ParameterSpec; +-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.ElGamalParameters; ++// import org.bouncycastle.crypto.params.GOST3410Parameters; ++// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; ++// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; ++// END android-removed + + public abstract class JDKAlgorithmParameterGenerator + extends AlgorithmParameterGeneratorSpi +@@ -131,99 +135,101 @@ + } + } + +- public static class GOST3410 +- extends JDKAlgorithmParameterGenerator +- { +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); +- } +- +- protected AlgorithmParameters engineGenerateParameters() +- { +- GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); +- +- if (random != null) +- { +- pGen.init(strength, 2, random); +- } +- else +- { +- pGen.init(strength, 2, new SecureRandom()); +- } +- +- GOST3410Parameters p = pGen.generateParameters(); +- +- AlgorithmParameters params; +- +- try +- { +- params = AlgorithmParameters.getInstance("GOST3410", "BC"); +- params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- +- return params; +- } +- } +- +- public static class ElGamal +- extends JDKAlgorithmParameterGenerator +- { +- private int l = 0; +- +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- if (!(genParamSpec instanceof DHGenParameterSpec)) +- { +- throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); +- } +- DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; +- +- this.strength = spec.getPrimeSize(); +- this.l = spec.getExponentSize(); +- this.random = random; +- } +- +- protected AlgorithmParameters engineGenerateParameters() +- { +- ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); +- +- if (random != null) +- { +- pGen.init(strength, 20, random); +- } +- else +- { +- pGen.init(strength, 20, new SecureRandom()); +- } +- +- ElGamalParameters p = pGen.generateParameters(); +- +- AlgorithmParameters params; +- +- try +- { +- params = AlgorithmParameters.getInstance("ElGamal", "BC"); +- params.init(new DHParameterSpec(p.getP(), p.getG(), l)); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- +- return params; +- } +- } ++// BEGIN android-removed ++// public static class GOST3410 ++// extends JDKAlgorithmParameterGenerator ++// { ++// protected void engineInit( ++// AlgorithmParameterSpec genParamSpec, ++// SecureRandom random) ++// throws InvalidAlgorithmParameterException ++// { ++// throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); ++// } ++// ++// protected AlgorithmParameters engineGenerateParameters() ++// { ++// GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); ++// ++// if (random != null) ++// { ++// pGen.init(strength, 2, random); ++// } ++// else ++// { ++// pGen.init(strength, 2, new SecureRandom()); ++// } ++// ++// GOST3410Parameters p = pGen.generateParameters(); ++// ++// AlgorithmParameters params; ++// ++// try ++// { ++// params = AlgorithmParameters.getInstance("GOST3410", "BC"); ++// params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); ++// } ++// catch (Exception e) ++// { ++// throw new RuntimeException(e.getMessage()); ++// } ++// ++// return params; ++// } ++// } ++// ++// public static class ElGamal ++// extends JDKAlgorithmParameterGenerator ++// { ++// private int l = 0; ++// ++// protected void engineInit( ++// AlgorithmParameterSpec genParamSpec, ++// SecureRandom random) ++// throws InvalidAlgorithmParameterException ++// { ++// if (!(genParamSpec instanceof DHGenParameterSpec)) ++// { ++// throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); ++// } ++// DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; ++// ++// this.strength = spec.getPrimeSize(); ++// this.l = spec.getExponentSize(); ++// this.random = random; ++// } ++// ++// protected AlgorithmParameters engineGenerateParameters() ++// { ++// ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); ++// ++// if (random != null) ++// { ++// pGen.init(strength, 20, random); ++// } ++// else ++// { ++// pGen.init(strength, 20, new SecureRandom()); ++// } ++// ++// ElGamalParameters p = pGen.generateParameters(); ++// ++// AlgorithmParameters params; ++// ++// try ++// { ++// params = AlgorithmParameters.getInstance("ElGamal", "BC"); ++// params.init(new DHParameterSpec(p.getP(), p.getG(), l)); ++// } ++// catch (Exception e) ++// { ++// throw new RuntimeException(e.getMessage()); ++// } ++// ++// return params; ++// } ++// } ++// END android-removed + + public static class DES + extends JDKAlgorithmParameterGenerator +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-04-30 10:57:26.000000000 -0700 +@@ -26,10 +26,14 @@ + import org.bouncycastle.asn1.DEROctetString; + import org.bouncycastle.asn1.DEROutputStream; + import org.bouncycastle.asn1.DERSequence; +-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; +-import org.bouncycastle.asn1.misc.CAST5CBCParameters; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; ++// import org.bouncycastle.asn1.misc.CAST5CBCParameters; ++// END android-removed + import org.bouncycastle.asn1.misc.IDEACBCPar; +-import org.bouncycastle.asn1.oiw.ElGamalParameter; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.oiw.ElGamalParameter; ++// END android-removed + import org.bouncycastle.asn1.pkcs.DHParameter; + import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +@@ -38,9 +42,11 @@ + import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.DSAParameter; +-import org.bouncycastle.jce.spec.ElGamalParameterSpec; +-import org.bouncycastle.jce.spec.GOST3410ParameterSpec; +-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; ++// BEGIN android-removed ++// import org.bouncycastle.jce.spec.ElGamalParameterSpec; ++// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; ++// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; ++// END android-removed + import org.bouncycastle.jce.spec.IESParameterSpec; + + public abstract class JDKAlgorithmParameters +@@ -163,373 +169,379 @@ + } + } + +- public static class IDEAAlgorithmParameters +- extends JDKAlgorithmParameters +- { +- private byte[] iv; +- +- protected byte[] engineGetEncoded() +- throws IOException +- { +- return engineGetEncoded("ASN.1"); +- } +- +- protected byte[] engineGetEncoded( +- String format) +- throws IOException +- { +- if (format == null) +- { +- return engineGetEncoded("ASN.1"); +- } +- +- if (format.equals("RAW")) +- { +- byte[] tmp = new byte[iv.length]; +- +- System.arraycopy(iv, 0, tmp, 0, iv.length); +- return tmp; +- } +- else if (format.equals("ASN.1")) +- { +- return new IDEACBCPar(engineGetEncoded("RAW")).getEncoded(); +- } +- +- return null; +- } +- +- protected AlgorithmParameterSpec engineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec == IvParameterSpec.class) +- { +- return new IvParameterSpec(iv); +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); +- } +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (!(paramSpec instanceof IvParameterSpec)) +- { +- throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); +- } +- +- this.iv = ((IvParameterSpec)paramSpec).getIV(); +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- this.iv = new byte[params.length]; +- +- System.arraycopy(params, 0, iv, 0, iv.length); +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (format.equals("RAW")) +- { +- engineInit(params); +- return; +- } +- else if (format.equals("ASN.1")) +- { +- ASN1InputStream aIn = new ASN1InputStream(params); +- IDEACBCPar oct = new IDEACBCPar((ASN1Sequence)aIn.readObject()); +- +- engineInit(oct.getIV()); +- return; +- } +- +- throw new IOException("Unknown parameters format in IV parameters object"); +- } +- +- protected String engineToString() +- { +- return "IDEA Parameters"; +- } +- } +- +- public static class RC2AlgorithmParameters +- extends JDKAlgorithmParameters +- { +- private short[] table = { +- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, +- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, +- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, +- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, +- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, +- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, +- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, +- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, +- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, +- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, +- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, +- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, +- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, +- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, +- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, +- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab +- }; +- +- private short[] ekb = { +- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, +- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, +- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, +- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, +- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, +- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, +- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, +- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, +- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, +- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, +- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, +- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, +- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, +- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, +- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, +- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd +- }; +- +- private byte[] iv; +- private int parameterVersion = 58; +- +- protected byte[] engineGetEncoded() +- { +- byte[] tmp = new byte[iv.length]; +- +- System.arraycopy(iv, 0, tmp, 0, iv.length); +- return tmp; +- } +- +- protected byte[] engineGetEncoded( +- String format) +- throws IOException +- { +- if (format.equals("RAW")) +- { +- return engineGetEncoded(); +- } +- else if (format.equals("ASN.1")) +- { +- if (parameterVersion == -1) +- { +- return new RC2CBCParameter(engineGetEncoded()).getEncoded(); +- } +- else +- { +- return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); +- } +- } +- +- return null; +- } +- +- protected AlgorithmParameterSpec engineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec == RC2ParameterSpec.class) +- { +- if (parameterVersion != -1) +- { +- if (parameterVersion < 256) +- { +- return new RC2ParameterSpec(ekb[parameterVersion], iv); +- } +- else +- { +- return new RC2ParameterSpec(parameterVersion, iv); +- } +- } +- } +- +- if (paramSpec == IvParameterSpec.class) +- { +- return new IvParameterSpec(iv); +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); +- } +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec instanceof IvParameterSpec) +- { +- this.iv = ((IvParameterSpec)paramSpec).getIV(); +- } +- else if (paramSpec instanceof RC2ParameterSpec) +- { +- int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); +- if (effKeyBits != -1) +- { +- if (effKeyBits < 256) +- { +- parameterVersion = table[effKeyBits]; +- } +- else +- { +- parameterVersion = effKeyBits; +- } +- } +- +- this.iv = ((RC2ParameterSpec)paramSpec).getIV(); +- } +- else +- { +- throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); +- } +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- this.iv = new byte[params.length]; +- +- System.arraycopy(params, 0, iv, 0, iv.length); +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (format.equals("RAW")) +- { +- engineInit(params); +- return; +- } +- else if (format.equals("ASN.1")) +- { +- ASN1InputStream aIn = new ASN1InputStream(params); +- RC2CBCParameter p = RC2CBCParameter.getInstance(aIn.readObject()); +- +- if (p.getRC2ParameterVersion() != null) +- { +- parameterVersion = p.getRC2ParameterVersion().intValue(); +- } +- +- iv = p.getIV(); +- +- return; +- } +- +- throw new IOException("Unknown parameters format in IV parameters object"); +- } +- +- protected String engineToString() +- { +- return "RC2 Parameters"; +- } +- } +- +- public static class CAST5AlgorithmParameters +- extends JDKAlgorithmParameters +- { +- private byte[] iv; +- private int keyLength = 128; +- +- protected byte[] engineGetEncoded() +- { +- byte[] tmp = new byte[iv.length]; +- +- System.arraycopy(iv, 0, tmp, 0, iv.length); +- return tmp; +- } +- +- protected byte[] engineGetEncoded( +- String format) +- throws IOException +- { +- if (format.equals("RAW")) +- { +- return engineGetEncoded(); +- } +- else if (format.equals("ASN.1")) +- { +- return new CAST5CBCParameters(engineGetEncoded(), keyLength).getEncoded(); +- } +- +- return null; +- } +- +- protected AlgorithmParameterSpec engineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec == IvParameterSpec.class) +- { +- return new IvParameterSpec(iv); +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to CAST5 parameters object."); +- } +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec instanceof IvParameterSpec) +- { +- this.iv = ((IvParameterSpec)paramSpec).getIV(); +- } +- else +- { +- throw new InvalidParameterSpecException("IvParameterSpec required to initialise a CAST5 parameters algorithm parameters object"); +- } +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- this.iv = new byte[params.length]; +- +- System.arraycopy(params, 0, iv, 0, iv.length); +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (format.equals("RAW")) +- { +- engineInit(params); +- return; +- } +- else if (format.equals("ASN.1")) +- { +- ASN1InputStream aIn = new ASN1InputStream(params); +- CAST5CBCParameters p = CAST5CBCParameters.getInstance(aIn.readObject()); +- +- keyLength = p.getKeyLength(); +- +- iv = p.getIV(); +- +- return; +- } +- +- throw new IOException("Unknown parameters format in IV parameters object"); +- } +- +- protected String engineToString() +- { +- return "CAST5 Parameters"; +- } +- } ++// BEGIN android-removed ++// public static class IDEAAlgorithmParameters ++// extends JDKAlgorithmParameters ++// { ++// private byte[] iv; ++// ++// protected byte[] engineGetEncoded() ++// throws IOException ++// { ++// return engineGetEncoded("ASN.1"); ++// } ++// ++// protected byte[] engineGetEncoded( ++// String format) ++// throws IOException ++// { ++// if (format == null) ++// { ++// return engineGetEncoded("ASN.1"); ++// } ++// ++// if (format.equals("RAW")) ++// { ++// byte[] tmp = new byte[iv.length]; ++// ++// System.arraycopy(iv, 0, tmp, 0, iv.length); ++// return tmp; ++// } ++// else if (format.equals("ASN.1")) ++// { ++// return new IDEACBCPar(engineGetEncoded("RAW")).getEncoded(); ++// } ++// ++// return null; ++// } ++// ++// protected AlgorithmParameterSpec engineGetParameterSpec( ++// Class paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec == IvParameterSpec.class) ++// { ++// return new IvParameterSpec(iv); ++// } ++// ++// throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); ++// } ++// ++// protected void engineInit( ++// AlgorithmParameterSpec paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (!(paramSpec instanceof IvParameterSpec)) ++// { ++// throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); ++// } ++// ++// this.iv = ((IvParameterSpec)paramSpec).getIV(); ++// } ++// ++// protected void engineInit( ++// byte[] params) ++// throws IOException ++// { ++// this.iv = new byte[params.length]; ++// ++// System.arraycopy(params, 0, iv, 0, iv.length); ++// } ++// ++// protected void engineInit( ++// byte[] params, ++// String format) ++// throws IOException ++// { ++// if (format.equals("RAW")) ++// { ++// engineInit(params); ++// return; ++// } ++// else if (format.equals("ASN.1")) ++// { ++// ASN1InputStream aIn = new ASN1InputStream(params); ++// IDEACBCPar oct = new IDEACBCPar((ASN1Sequence)aIn.readObject()); ++// ++// engineInit(oct.getIV()); ++// return; ++// } ++// ++// throw new IOException("Unknown parameters format in IV parameters object"); ++// } ++// ++// protected String engineToString() ++// { ++// return "IDEA Parameters"; ++// } ++// } ++// ++// public static class RC2AlgorithmParameters ++// extends JDKAlgorithmParameters ++// { ++// private short[] table = { ++// 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, ++// 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, ++// 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, ++// 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, ++// 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, ++// 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, ++// 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, ++// 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, ++// 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, ++// 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, ++// 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, ++// 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, ++// 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, ++// 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, ++// 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, ++// 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab ++// }; ++// ++// private short[] ekb = { ++// 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, ++// 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, ++// 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, ++// 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, ++// 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, ++// 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, ++// 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, ++// 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, ++// 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, ++// 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, ++// 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, ++// 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, ++// 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, ++// 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, ++// 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, ++// 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd ++// }; ++// ++// private byte[] iv; ++// private int parameterVersion = 58; ++// ++// protected byte[] engineGetEncoded() ++// { ++// byte[] tmp = new byte[iv.length]; ++// ++// System.arraycopy(iv, 0, tmp, 0, iv.length); ++// return tmp; ++// } ++// ++// protected byte[] engineGetEncoded( ++// String format) ++// throws IOException ++// { ++// if (format.equals("RAW")) ++// { ++// return engineGetEncoded(); ++// } ++// else if (format.equals("ASN.1")) ++// { ++// if (parameterVersion == -1) ++// { ++// return new RC2CBCParameter(engineGetEncoded()).getEncoded(); ++// } ++// else ++// { ++// return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); ++// } ++// } ++// ++// return null; ++// } ++// ++// protected AlgorithmParameterSpec engineGetParameterSpec( ++// Class paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec == RC2ParameterSpec.class) ++// { ++// if (parameterVersion != -1) ++// { ++// if (parameterVersion < 256) ++// { ++// return new RC2ParameterSpec(ekb[parameterVersion], iv); ++// } ++// else ++// { ++// return new RC2ParameterSpec(parameterVersion, iv); ++// } ++// } ++// } ++// ++// if (paramSpec == IvParameterSpec.class) ++// { ++// return new IvParameterSpec(iv); ++// } ++// ++// throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); ++// } ++// ++// protected void engineInit( ++// AlgorithmParameterSpec paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec instanceof IvParameterSpec) ++// { ++// this.iv = ((IvParameterSpec)paramSpec).getIV(); ++// } ++// else if (paramSpec instanceof RC2ParameterSpec) ++// { ++// int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); ++// if (effKeyBits != -1) ++// { ++// if (effKeyBits < 256) ++// { ++// parameterVersion = table[effKeyBits]; ++// } ++// else ++// { ++// parameterVersion = effKeyBits; ++// } ++// } ++// ++// this.iv = ((RC2ParameterSpec)paramSpec).getIV(); ++// } ++// else ++// { ++// throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); ++// } ++// } ++// ++// protected void engineInit( ++// byte[] params) ++// throws IOException ++// { ++// this.iv = new byte[params.length]; ++// ++// System.arraycopy(params, 0, iv, 0, iv.length); ++// } ++// ++// protected void engineInit( ++// byte[] params, ++// String format) ++// throws IOException ++// { ++// if (format.equals("RAW")) ++// { ++// engineInit(params); ++// return; ++// } ++// else if (format.equals("ASN.1")) ++// { ++// ASN1InputStream aIn = new ASN1InputStream(params); ++// RC2CBCParameter p = RC2CBCParameter.getInstance(aIn.readObject()); ++// ++// if (p.getRC2ParameterVersion() != null) ++// { ++// parameterVersion = p.getRC2ParameterVersion().intValue(); ++// } ++// ++// iv = p.getIV(); ++// ++// return; ++// } ++// ++// throw new IOException("Unknown parameters format in IV parameters object"); ++// } ++// ++// protected String engineToString() ++// { ++// return "RC2 Parameters"; ++// } ++// } ++// ++// public static class CAST5AlgorithmParameters ++// extends JDKAlgorithmParameters ++// { ++// private byte[] iv; ++// private int keyLength = 128; ++// ++// protected byte[] engineGetEncoded() ++// { ++// byte[] tmp = new byte[iv.length]; ++// ++// System.arraycopy(iv, 0, tmp, 0, iv.length); ++// return tmp; ++// } ++// ++// protected byte[] engineGetEncoded( ++// String format) ++// throws IOException ++// { ++// if (format.equals("RAW")) ++// { ++// return engineGetEncoded(); ++// } ++// // BEGIN android-removed ++// // else if (format.equals("ASN.1")) ++// // { ++// // return new CAST5CBCParameters(engineGetEncoded(), keyLength).getEncoded(); ++// // } ++// // END android-removed ++// ++// return null; ++// } ++// ++// protected AlgorithmParameterSpec engineGetParameterSpec( ++// Class paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec == IvParameterSpec.class) ++// { ++// return new IvParameterSpec(iv); ++// } ++// ++// throw new InvalidParameterSpecException("unknown parameter spec passed to CAST5 parameters object."); ++// } ++// ++// protected void engineInit( ++// AlgorithmParameterSpec paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec instanceof IvParameterSpec) ++// { ++// this.iv = ((IvParameterSpec)paramSpec).getIV(); ++// } ++// else ++// { ++// throw new InvalidParameterSpecException("IvParameterSpec required to initialise a CAST5 parameters algorithm parameters object"); ++// } ++// } ++// ++// protected void engineInit( ++// byte[] params) ++// throws IOException ++// { ++// this.iv = new byte[params.length]; ++// ++// System.arraycopy(params, 0, iv, 0, iv.length); ++// } ++// ++// protected void engineInit( ++// byte[] params, ++// String format) ++// throws IOException ++// { ++// if (format.equals("RAW")) ++// { ++// engineInit(params); ++// return; ++// } ++// // BEGIN android-removed ++// // else if (format.equals("ASN.1")) ++// // { ++// // ASN1InputStream aIn = new ASN1InputStream(params); ++// // CAST5CBCParameters p = CAST5CBCParameters.getInstance(aIn.readObject()); ++// // ++// // keyLength = p.getKeyLength(); ++// // ++// // iv = p.getIV(); ++// // ++// // return; ++// // } ++// // END android-removed ++// ++// throw new IOException("Unknown parameters format in IV parameters object"); ++// } ++// ++// protected String engineToString() ++// { ++// return "CAST5 Parameters"; ++// } ++// } ++// END android-removed + + public static class PKCS12PBE + extends JDKAlgorithmParameters +@@ -856,245 +868,247 @@ + } + } + +- public static class GOST3410 +- extends JDKAlgorithmParameters +- { +- GOST3410ParameterSpec currentSpec; +- +- /** +- * Return the X.509 ASN.1 structure GOST3410Parameter. +- * <p> +- * <pre> +- * GOST3410Parameter ::= SEQUENCE { +- * prime INTEGER, -- p +- * subprime INTEGER, -- q +- * base INTEGER, -- a} +- * </pre> +- */ +- protected byte[] engineGetEncoded() +- { +- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); +- DEROutputStream dOut = new DEROutputStream(bOut); +- GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID())); +- +- try +- { +- dOut.writeObject(gost3410P); +- dOut.close(); +- } +- catch (IOException e) +- { +- throw new RuntimeException("Error encoding GOST3410Parameters"); +- } +- +- return bOut.toByteArray(); +- } +- +- protected byte[] engineGetEncoded( +- String format) +- { +- if (format.equalsIgnoreCase("X.509") +- || format.equalsIgnoreCase("ASN.1")) +- { +- return engineGetEncoded(); +- } +- +- return null; +- } +- +- protected AlgorithmParameterSpec engineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) +- { +- return currentSpec; +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); +- } +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (!(paramSpec instanceof GOST3410ParameterSpec)) +- { +- throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); +- } +- +- this.currentSpec = (GOST3410ParameterSpec)paramSpec; +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- ASN1InputStream dIn = new ASN1InputStream(params); +- +- try +- { +- GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters((ASN1Sequence)dIn.readObject()); +- +- currentSpec = new GOST3410ParameterSpec(gost3410P.getPublicKeyParamSet().getId(), gost3410P.getDigestParamSet().getId(), gost3410P.getEncryptionParamSet().getId()); +- } +- catch (ClassCastException e) +- { +- throw new IOException("Not a valid GOST3410 Parameter encoding."); +- } +- catch (ArrayIndexOutOfBoundsException e) +- { +- throw new IOException("Not a valid GOST3410 Parameter encoding."); +- } +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (format.equalsIgnoreCase("X.509") +- || format.equalsIgnoreCase("ASN.1")) +- { +- engineInit(params); +- } +- else +- { +- throw new IOException("Unknown parameter format " + format); +- } +- } +- +- protected String engineToString() +- { +- return "GOST3410 Parameters"; +- } +- } +- +- public static class ElGamal +- extends JDKAlgorithmParameters +- { +- ElGamalParameterSpec currentSpec; +- +- /** +- * Return the X.509 ASN.1 structure ElGamalParameter. +- * <p> +- * <pre> +- * ElGamalParameter ::= SEQUENCE { +- * prime INTEGER, -- p +- * base INTEGER, -- g} +- * </pre> +- */ +- protected byte[] engineGetEncoded() +- { +- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); +- DEROutputStream dOut = new DEROutputStream(bOut); +- ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); +- +- try +- { +- dOut.writeObject(elP); +- dOut.close(); +- } +- catch (IOException e) +- { +- throw new RuntimeException("Error encoding ElGamalParameters"); +- } +- +- return bOut.toByteArray(); +- } +- +- protected byte[] engineGetEncoded( +- String format) +- { +- if (format.equalsIgnoreCase("X.509") +- || format.equalsIgnoreCase("ASN.1")) +- { +- return engineGetEncoded(); +- } +- +- return null; +- } +- +- protected AlgorithmParameterSpec engineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec == ElGamalParameterSpec.class) +- { +- return currentSpec; +- } +- else if (paramSpec == DHParameterSpec.class) +- { +- return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); +- } +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) +- { +- throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); +- } +- +- if (paramSpec instanceof ElGamalParameterSpec) +- { +- this.currentSpec = (ElGamalParameterSpec)paramSpec; +- } +- else +- { +- DHParameterSpec s = (DHParameterSpec)paramSpec; +- +- this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); +- } +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- ASN1InputStream aIn = new ASN1InputStream(params); +- +- try +- { +- ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)aIn.readObject()); +- +- currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); +- } +- catch (ClassCastException e) +- { +- throw new IOException("Not a valid ElGamal Parameter encoding."); +- } +- catch (ArrayIndexOutOfBoundsException e) +- { +- throw new IOException("Not a valid ElGamal Parameter encoding."); +- } +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (format.equalsIgnoreCase("X.509") +- || format.equalsIgnoreCase("ASN.1")) +- { +- engineInit(params); +- } +- else +- { +- throw new IOException("Unknown parameter format " + format); +- } +- } +- +- protected String engineToString() +- { +- return "ElGamal Parameters"; +- } +- } ++// BEGIN android-removed ++// public static class GOST3410 ++// extends JDKAlgorithmParameters ++// { ++// GOST3410ParameterSpec currentSpec; ++// ++// /** ++// * Return the X.509 ASN.1 structure GOST3410Parameter. ++// * <p> ++// * <pre> ++// * GOST3410Parameter ::= SEQUENCE { ++// * prime INTEGER, -- p ++// * subprime INTEGER, -- q ++// * base INTEGER, -- a} ++// * </pre> ++// */ ++// protected byte[] engineGetEncoded() ++// { ++// ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++// DEROutputStream dOut = new DEROutputStream(bOut); ++// GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID())); ++// ++// try ++// { ++// dOut.writeObject(gost3410P); ++// dOut.close(); ++// } ++// catch (IOException e) ++// { ++// throw new RuntimeException("Error encoding GOST3410Parameters"); ++// } ++// ++// return bOut.toByteArray(); ++// } ++// ++// protected byte[] engineGetEncoded( ++// String format) ++// { ++// if (format.equalsIgnoreCase("X.509") ++// || format.equalsIgnoreCase("ASN.1")) ++// { ++// return engineGetEncoded(); ++// } ++// ++// return null; ++// } ++// ++// protected AlgorithmParameterSpec engineGetParameterSpec( ++// Class paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) ++// { ++// return currentSpec; ++// } ++// ++// throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); ++// } ++// ++// protected void engineInit( ++// AlgorithmParameterSpec paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (!(paramSpec instanceof GOST3410ParameterSpec)) ++// { ++// throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); ++// } ++// ++// this.currentSpec = (GOST3410ParameterSpec)paramSpec; ++// } ++// ++// protected void engineInit( ++// byte[] params) ++// throws IOException ++// { ++// ASN1InputStream dIn = new ASN1InputStream(params); ++// ++// try ++// { ++// GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters((ASN1Sequence)dIn.readObject()); ++// ++// currentSpec = new GOST3410ParameterSpec(gost3410P.getPublicKeyParamSet().getId(), gost3410P.getDigestParamSet().getId(), gost3410P.getEncryptionParamSet().getId()); ++// } ++// catch (ClassCastException e) ++// { ++// throw new IOException("Not a valid GOST3410 Parameter encoding."); ++// } ++// catch (ArrayIndexOutOfBoundsException e) ++// { ++// throw new IOException("Not a valid GOST3410 Parameter encoding."); ++// } ++// } ++// ++// protected void engineInit( ++// byte[] params, ++// String format) ++// throws IOException ++// { ++// if (format.equalsIgnoreCase("X.509") ++// || format.equalsIgnoreCase("ASN.1")) ++// { ++// engineInit(params); ++// } ++// else ++// { ++// throw new IOException("Unknown parameter format " + format); ++// } ++// } ++// ++// protected String engineToString() ++// { ++// return "GOST3410 Parameters"; ++// } ++// } ++// ++// public static class ElGamal ++// extends JDKAlgorithmParameters ++// { ++// ElGamalParameterSpec currentSpec; ++// ++// /** ++// * Return the X.509 ASN.1 structure ElGamalParameter. ++// * <p> ++// * <pre> ++// * ElGamalParameter ::= SEQUENCE { ++// * prime INTEGER, -- p ++// * base INTEGER, -- g} ++// * </pre> ++// */ ++// protected byte[] engineGetEncoded() ++// { ++// ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++// DEROutputStream dOut = new DEROutputStream(bOut); ++// ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); ++// ++// try ++// { ++// dOut.writeObject(elP); ++// dOut.close(); ++// } ++// catch (IOException e) ++// { ++// throw new RuntimeException("Error encoding ElGamalParameters"); ++// } ++// ++// return bOut.toByteArray(); ++// } ++// ++// protected byte[] engineGetEncoded( ++// String format) ++// { ++// if (format.equalsIgnoreCase("X.509") ++// || format.equalsIgnoreCase("ASN.1")) ++// { ++// return engineGetEncoded(); ++// } ++// ++// return null; ++// } ++// ++// protected AlgorithmParameterSpec engineGetParameterSpec( ++// Class paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (paramSpec == ElGamalParameterSpec.class) ++// { ++// return currentSpec; ++// } ++// else if (paramSpec == DHParameterSpec.class) ++// { ++// return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); ++// } ++// ++// throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); ++// } ++// ++// protected void engineInit( ++// AlgorithmParameterSpec paramSpec) ++// throws InvalidParameterSpecException ++// { ++// if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) ++// { ++// throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); ++// } ++// ++// if (paramSpec instanceof ElGamalParameterSpec) ++// { ++// this.currentSpec = (ElGamalParameterSpec)paramSpec; ++// } ++// else ++// { ++// DHParameterSpec s = (DHParameterSpec)paramSpec; ++// ++// this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); ++// } ++// } ++// ++// protected void engineInit( ++// byte[] params) ++// throws IOException ++// { ++// ASN1InputStream aIn = new ASN1InputStream(params); ++// ++// try ++// { ++// ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)aIn.readObject()); ++// ++// currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); ++// } ++// catch (ClassCastException e) ++// { ++// throw new IOException("Not a valid ElGamal Parameter encoding."); ++// } ++// catch (ArrayIndexOutOfBoundsException e) ++// { ++// throw new IOException("Not a valid ElGamal Parameter encoding."); ++// } ++// } ++// ++// protected void engineInit( ++// byte[] params, ++// String format) ++// throws IOException ++// { ++// if (format.equalsIgnoreCase("X.509") ++// || format.equalsIgnoreCase("ASN.1")) ++// { ++// engineInit(params); ++// } ++// else ++// { ++// throw new IOException("Unknown parameter format " + format); ++// } ++// } ++// ++// protected String engineToString() ++// { ++// return "ElGamal Parameters"; ++// } ++// } ++// END android-removed + + public static class IES + extends JDKAlgorithmParameters +@@ -1224,13 +1238,15 @@ + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); ++ // BEGIN android-changed + AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( + JCEDigestUtil.getOID(currentSpec.getDigestAlgorithm()), +- new DERNull()); ++ DERNull.THE_ONE); + MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); + AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_mgf1, +- new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); ++ new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.THE_ONE)); ++ // END android-changed + PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); + AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); +@@ -1345,13 +1361,15 @@ + throws IOException + { + PSSParameterSpec pssSpec = (PSSParameterSpec)currentSpec; ++ // BEGIN android-changed + AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( + JCEDigestUtil.getOID(pssSpec.getDigestAlgorithm()), +- new DERNull()); ++ DERNull.THE_ONE); + MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); + AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( + PKCSObjectIdentifiers.id_mgf1, +- new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); ++ new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.THE_ONE)); ++ // END android-changed + RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new DERInteger(pssSpec.getSaltLength()), new DERInteger(pssSpec.getTrailerField())); + + return pssP.getEncoded("DER"); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKDSASigner.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-04-30 10:57:26.000000000 -0700 +@@ -30,11 +30,13 @@ + import org.bouncycastle.crypto.digests.SHA512Digest; + import org.bouncycastle.crypto.params.ParametersWithRandom; + import org.bouncycastle.crypto.signers.DSASigner; +-import org.bouncycastle.crypto.signers.ECDSASigner; +-import org.bouncycastle.crypto.signers.ECNRSigner; +-import org.bouncycastle.jce.interfaces.ECKey; +-import org.bouncycastle.jce.interfaces.ECPublicKey; +-import org.bouncycastle.jce.interfaces.GOST3410Key; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.signers.ECDSASigner; ++// import org.bouncycastle.crypto.signers.ECNRSigner; ++// import org.bouncycastle.jce.interfaces.ECKey; ++// import org.bouncycastle.jce.interfaces.ECPublicKey; ++// import org.bouncycastle.jce.interfaces.GOST3410Key; ++// END android-removed + + public class JDKDSASigner + extends Signature implements PKCSObjectIdentifiers, X509ObjectIdentifiers +@@ -60,15 +62,20 @@ + { + CipherParameters param = null; + +- if (publicKey instanceof ECPublicKey) +- { +- param = ECUtil.generatePublicKeyParameter(publicKey); +- } +- else if (publicKey instanceof GOST3410Key) +- { +- param = GOST3410Util.generatePublicKeyParameter(publicKey); +- } +- else if (publicKey instanceof DSAKey) ++ // BEGIN android-removed ++ // if (publicKey instanceof ECPublicKey) ++ // { ++ // param = ECUtil.generatePublicKeyParameter(publicKey); ++ // } ++ // else if (publicKey instanceof GOST3410Key) ++ // { ++ // param = GOST3410Util.generatePublicKeyParameter(publicKey); ++ // } ++ // else if (publicKey instanceof DSAKey) ++ // END android-removed ++ // BEGIN android-added ++ if (publicKey instanceof DSAKey) ++ // END android-added + { + param = DSAUtil.generatePublicKeyParameter(publicKey); + } +@@ -80,11 +87,16 @@ + + publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes); + +- if (publicKey instanceof ECPublicKey) +- { +- param = ECUtil.generatePublicKeyParameter(publicKey); +- } +- else if (publicKey instanceof DSAKey) ++ // BEGIN android-removed ++ // if (publicKey instanceof ECPublicKey) ++ // { ++ // param = ECUtil.generatePublicKeyParameter(publicKey); ++ // } ++ // else if (publicKey instanceof DSAKey) ++ // END android-removed ++ // BEGIN android-added ++ if (publicKey instanceof DSAKey) ++ // END android-added + { + param = DSAUtil.generatePublicKeyParameter(publicKey); + } +@@ -118,18 +130,22 @@ + { + CipherParameters param = null; + +- if (privateKey instanceof ECKey) +- { +- param = ECUtil.generatePrivateKeyParameter(privateKey); +- } +- else if (privateKey instanceof GOST3410Key) +- { +- param = GOST3410Util.generatePrivateKeyParameter(privateKey); +- } +- else +- { ++ // BEGIN android-removed ++ // if (privateKey instanceof ECKey) ++ // { ++ // param = ECUtil.generatePrivateKeyParameter(privateKey); ++ // } ++ // else if (privateKey instanceof GOST3410Key) ++ // { ++ // param = GOST3410Util.generatePrivateKeyParameter(privateKey); ++ // } ++ // else ++ // { ++ // END android-removed + param = DSAUtil.generatePrivateKeyParameter(privateKey); +- } ++ // BEGIN android-removed ++ // } ++ // END android-removed + + digest.reset(); + +@@ -275,96 +291,98 @@ + } + } + +- static public class ecDSA +- extends JDKDSASigner +- { +- public ecDSA() +- { +- super("SHA1withECDSA", new SHA1Digest(), new ECDSASigner()); +- } +- } +- +- static public class ecDSA224 +- extends JDKDSASigner +- { +- public ecDSA224() +- { +- super("SHA224withECDSA", new SHA224Digest(), new ECDSASigner()); +- } +- } +- +- static public class ecDSA256 +- extends JDKDSASigner +- { +- public ecDSA256() +- { +- super("SHA256withECDSA", new SHA256Digest(), new ECDSASigner()); +- } +- } +- +- static public class ecDSA384 +- extends JDKDSASigner +- { +- public ecDSA384() +- { +- super("SHA384withECDSA", new SHA384Digest(), new ECDSASigner()); +- } +- } +- +- static public class ecDSA512 +- extends JDKDSASigner +- { +- public ecDSA512() +- { +- super("SHA512withECDSA", new SHA512Digest(), new ECDSASigner()); +- } +- } +- +- +- static public class ecNR +- extends JDKDSASigner +- { +- public ecNR() +- { +- super("SHA1withECNR", new SHA1Digest(), new ECNRSigner()); +- } +- } +- +- static public class ecNR224 +- extends JDKDSASigner +- { +- public ecNR224() +- { +- super("SHA224withECNR", new SHA224Digest(), new ECNRSigner()); +- } +- } +- +- static public class ecNR256 +- extends JDKDSASigner +- { +- public ecNR256() +- { +- super("SHA256withECNR", new SHA256Digest(), new ECNRSigner()); +- } +- } +- +- static public class ecNR384 +- extends JDKDSASigner +- { +- public ecNR384() +- { +- super("SHA384withECNR", new SHA384Digest(), new ECNRSigner()); +- } +- } +- +- static public class ecNR512 +- extends JDKDSASigner +- { +- public ecNR512() +- { +- super("SHA512withECNR", new SHA512Digest(), new ECNRSigner()); +- } +- } ++// BEGIN android-removed ++// static public class ecDSA ++// extends JDKDSASigner ++// { ++// public ecDSA() ++// { ++// super("SHA1withECDSA", new SHA1Digest(), new ECDSASigner()); ++// } ++// } ++// ++// static public class ecDSA224 ++// extends JDKDSASigner ++// { ++// public ecDSA224() ++// { ++// super("SHA224withECDSA", new SHA224Digest(), new ECDSASigner()); ++// } ++// } ++// ++// static public class ecDSA256 ++// extends JDKDSASigner ++// { ++// public ecDSA256() ++// { ++// super("SHA256withECDSA", new SHA256Digest(), new ECDSASigner()); ++// } ++// } ++// ++// static public class ecDSA384 ++// extends JDKDSASigner ++// { ++// public ecDSA384() ++// { ++// super("SHA384withECDSA", new SHA384Digest(), new ECDSASigner()); ++// } ++// } ++// ++// static public class ecDSA512 ++// extends JDKDSASigner ++// { ++// public ecDSA512() ++// { ++// super("SHA512withECDSA", new SHA512Digest(), new ECDSASigner()); ++// } ++// } ++// ++// ++// static public class ecNR ++// extends JDKDSASigner ++// { ++// public ecNR() ++// { ++// super("SHA1withECNR", new SHA1Digest(), new ECNRSigner()); ++// } ++// } ++// ++// static public class ecNR224 ++// extends JDKDSASigner ++// { ++// public ecNR224() ++// { ++// super("SHA224withECNR", new SHA224Digest(), new ECNRSigner()); ++// } ++// } ++// ++// static public class ecNR256 ++// extends JDKDSASigner ++// { ++// public ecNR256() ++// { ++// super("SHA256withECNR", new SHA256Digest(), new ECNRSigner()); ++// } ++// } ++// ++// static public class ecNR384 ++// extends JDKDSASigner ++// { ++// public ecNR384() ++// { ++// super("SHA384withECNR", new SHA384Digest(), new ECNRSigner()); ++// } ++// } ++// ++// static public class ecNR512 ++// extends JDKDSASigner ++// { ++// public ecNR512() ++// { ++// super("SHA512withECNR", new SHA512Digest(), new ECNRSigner()); ++// } ++// } ++// END android-removed + + private static class NullDigest + implements Digest +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKDigestSignature.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-04-30 10:57:26.000000000 -0700 +@@ -21,12 +21,16 @@ + import org.bouncycastle.crypto.AsymmetricBlockCipher; + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.MD2Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.MD2Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.MD4Digest; + import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD128Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.RIPEMD256Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD128Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD256Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.digests.SHA224Digest; + import org.bouncycastle.crypto.digests.SHA256Digest; +@@ -52,7 +56,7 @@ + + this.digest = digest; + this.cipher = cipher; +- this.algId = new AlgorithmIdentifier(objId, null); ++ this.algId = new AlgorithmIdentifier(objId); + } + + protected void engineInitVerify( +@@ -168,13 +172,13 @@ + } + } + } +- else if (sig.length == expected.length - 2) // NULL left out ++ else if (expected.length == sig.length - 2) // NULL left out + { + int sigOffset = sig.length - hash.length - 2; + int expectedOffset = expected.length - hash.length - 2; + +- expected[1] -= 2; // adjust lengths +- expected[3] -= 2; ++ sig[1] -= 2; // adjust lengths ++ sig[3] -= 2; + + for (int i = 0; i < hash.length; i++) + { +@@ -184,7 +188,7 @@ + } + } + +- for (int i = 0; i < sigOffset; i++) ++ for (int i = 0; i < expectedOffset; i++) + { + if (sig[i] != expected[i]) // check header less NULL + { +@@ -278,15 +282,17 @@ + super("SHA512withRSA", NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSAEngine())); + } + } +- +- static public class MD2WithRSAEncryption +- extends JDKDigestSignature +- { +- public MD2WithRSAEncryption() +- { +- super("MD2withRSA", md2, new MD2Digest(), new PKCS1Encoding(new RSAEngine())); +- } +- } ++ ++ // BEGIN android-removed ++ // static public class MD2WithRSAEncryption ++ // extends JDKDigestSignature ++ // { ++ // public MD2WithRSAEncryption() ++ // { ++ // super("MD2withRSA", md2, new MD2Digest(), new PKCS1Encoding(new RSAEngine())); ++ // } ++ // } ++ // END android-removed + + static public class MD4WithRSAEncryption + extends JDKDigestSignature +@@ -306,30 +312,32 @@ + } + } + +- static public class RIPEMD160WithRSAEncryption +- extends JDKDigestSignature +- { +- public RIPEMD160WithRSAEncryption() +- { +- super("RIPEMD160withRSA", TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSAEngine())); +- } +- } +- +- static public class RIPEMD128WithRSAEncryption +- extends JDKDigestSignature +- { +- public RIPEMD128WithRSAEncryption() +- { +- super("RIPEMD128withRSA", TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSAEngine())); +- } +- } +- +- static public class RIPEMD256WithRSAEncryption +- extends JDKDigestSignature +- { +- public RIPEMD256WithRSAEncryption() +- { +- super("RIPEMD256withRSA", TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSAEngine())); +- } +- } ++// BEGIN android-removed ++// static public class RIPEMD160WithRSAEncryption ++// extends JDKDigestSignature ++// { ++// public RIPEMD160WithRSAEncryption() ++// { ++// super("RIPEMD160withRSA", TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSAEngine())); ++// } ++// } ++// ++// static public class RIPEMD128WithRSAEncryption ++// extends JDKDigestSignature ++// { ++// public RIPEMD128WithRSAEncryption() ++// { ++// super("RIPEMD128withRSA", TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSAEngine())); ++// } ++// } ++// ++// static public class RIPEMD256WithRSAEncryption ++// extends JDKDigestSignature ++// { ++// public RIPEMD256WithRSAEncryption() ++// { ++// super("RIPEMD256withRSA", TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSAEngine())); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKISOSignature.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKISOSignature.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKISOSignature.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKISOSignature.java 2010-04-30 10:57:26.000000000 -0700 +@@ -13,7 +13,9 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.engines.RSAEngine; + import org.bouncycastle.crypto.signers.ISO9796d2Signer; +@@ -134,12 +136,14 @@ + } + } + +- static public class RIPEMD160WithRSAEncryption +- extends JDKISOSignature +- { +- public RIPEMD160WithRSAEncryption() +- { +- super("RIPEMD160withRSA/ISO9796-2", new RIPEMD160Digest(), new RSAEngine()); +- } +- } ++// BEGIN android-removed ++// static public class RIPEMD160WithRSAEncryption ++// extends JDKISOSignature ++// { ++// public RIPEMD160WithRSAEncryption() ++// { ++// super("RIPEMD160withRSA/ISO9796-2", new RIPEMD160Digest(), new RSAEngine()); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKKeyFactory.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-04-30 10:57:26.000000000 -0700 +@@ -37,14 +37,16 @@ + import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +-import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; +-import org.bouncycastle.jce.interfaces.ElGamalPublicKey; +-import org.bouncycastle.jce.spec.ECPrivateKeySpec; +-import org.bouncycastle.jce.spec.ECPublicKeySpec; +-import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; +-import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; +-import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; +-import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; ++// BEGIN android-removed ++// import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; ++// import org.bouncycastle.jce.interfaces.ElGamalPublicKey; ++// import org.bouncycastle.jce.spec.ECPrivateKeySpec; ++// import org.bouncycastle.jce.spec.ECPublicKeySpec; ++// import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; ++// import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; ++// import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; ++// import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; ++// END android-removed + + public abstract class JDKKeyFactory + extends KeyFactorySpi +@@ -125,25 +127,33 @@ + } + else if (key instanceof DHPublicKey) + { +- if (elGamalFactory) +- { +- return new JCEElGamalPublicKey((DHPublicKey)key); +- } +- else +- { ++ // BEGIN android-removed ++ // if (elGamalFactory) ++ // { ++ // return new JCEElGamalPublicKey((DHPublicKey)key); ++ // } ++ // else ++ // { ++ // END android-removed + return new JCEDHPublicKey((DHPublicKey)key); +- } ++ // BEGIN android-removed ++ // } ++ // END android-removed + } + else if (key instanceof DHPrivateKey) + { +- if (elGamalFactory) +- { +- return new JCEElGamalPrivateKey((DHPrivateKey)key); +- } +- else +- { ++ // BEGIN android-removed ++ // if (elGamalFactory) ++ // { ++ // return new JCEElGamalPrivateKey((DHPrivateKey)key); ++ // } ++ // else ++ // { ++ // END android-removed + return new JCEDHPrivateKey((DHPrivateKey)key); +- } ++ // BEGIN android-removed ++ // } ++ // END android-removed + } + else if (key instanceof DSAPublicKey) + { +@@ -153,14 +163,16 @@ + { + return new JDKDSAPrivateKey((DSAPrivateKey)key); + } +- else if (key instanceof ElGamalPublicKey) +- { +- return new JCEElGamalPublicKey((ElGamalPublicKey)key); +- } +- else if (key instanceof ElGamalPrivateKey) +- { +- return new JCEElGamalPrivateKey((ElGamalPrivateKey)key); +- } ++ // BEGIN android-removed ++ // else if (key instanceof ElGamalPublicKey) ++ // { ++ // return new JCEElGamalPublicKey((ElGamalPublicKey)key); ++ // } ++ // else if (key instanceof ElGamalPrivateKey) ++ // { ++ // return new JCEElGamalPrivateKey((ElGamalPrivateKey)key); ++ // } ++ // END android-removed + + throw new InvalidKeyException("key type unknown"); + } +@@ -196,10 +208,12 @@ + { + return new JCEDHPublicKey(info); + } +- else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) +- { +- return new JCEElGamalPublicKey(info); +- } ++ // BEGIN android-removed ++ // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) ++ // { ++ // return new JCEElGamalPublicKey(info); ++ // } ++ // END android-removed + else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) + { + return new JDKDSAPublicKey(info); +@@ -208,18 +222,19 @@ + { + return new JDKDSAPublicKey(info); + } +- else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) +- { +- return new JCEECPublicKey(info); +- } +- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) +- { +- return new JDKGOST3410PublicKey(info); +- } +- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) +- { +- return new JCEECPublicKey(info); +- } ++ // BEGIN android-removed ++ // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) ++ // { ++ // return new JCEECPublicKey(info); ++ // } ++ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) ++ // { ++ // return new JDKGOST3410PublicKey(info); ++ // } ++ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) ++ // { ++ // return new JCEECPublicKey(info); ++ // } + else + { + throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); +@@ -253,26 +268,30 @@ + { + return new JCEDHPrivateKey(info); + } +- else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) +- { +- return new JCEElGamalPrivateKey(info); +- } ++ // BEGIN android-removed ++ // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) ++ // { ++ // return new JCEElGamalPrivateKey(info); ++ // } ++ // END android-removed + else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) + { + return new JDKDSAPrivateKey(info); + } +- else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) +- { +- return new JCEECPrivateKey(info); +- } +- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) +- { +- return new JDKGOST3410PrivateKey(info); +- } +- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) +- { +- return new JCEECPrivateKey(info); +- } ++ // BEGIN android-removed ++ // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) ++ // { ++ // return new JCEECPrivateKey(info); ++ // } ++ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) ++ // { ++ // return new JDKGOST3410PrivateKey(info); ++ // } ++ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) ++ // { ++ // return new JCEECPrivateKey(info); ++ // } ++ // END android-removed + else + { + throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); +@@ -486,10 +505,12 @@ + throw new InvalidKeySpecException(e.toString()); + } + } +- else if (keySpec instanceof GOST3410PrivateKeySpec) +- { +- return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); +- } ++ // BEGIN android-removed ++ // else if (keySpec instanceof GOST3410PrivateKeySpec) ++ // { ++ // return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); ++ // } ++ // END android-removed + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } +@@ -510,10 +531,12 @@ + throw new InvalidKeySpecException(e.toString()); + } + } +- else if (keySpec instanceof GOST3410PublicKeySpec) +- { +- return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); +- } ++ // BEGIN android-removed ++ // else if (keySpec instanceof GOST3410PublicKeySpec) ++ // { ++ // return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); ++ // } ++ // END android-removed + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } +@@ -543,14 +566,16 @@ + throw new InvalidKeySpecException(e.toString()); + } + } +- else if (keySpec instanceof ElGamalPrivateKeySpec) +- { +- return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); +- } +- else if (keySpec instanceof DHPrivateKeySpec) +- { +- return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec); +- } ++ // BEGIN android-removed ++ // else if (keySpec instanceof ElGamalPrivateKeySpec) ++ // { ++ // return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); ++ // } ++ // else if (keySpec instanceof DHPrivateKeySpec) ++ // { ++ // return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec); ++ // } ++ // END android-removed + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } +@@ -571,14 +596,16 @@ + throw new InvalidKeySpecException(e.toString()); + } + } +- else if (keySpec instanceof ElGamalPublicKeySpec) +- { +- return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec); +- } +- else if (keySpec instanceof DHPublicKeySpec) +- { +- return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec); +- } ++ // BEGIN android-removed ++ // else if (keySpec instanceof ElGamalPublicKeySpec) ++ // { ++ // return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec); ++ // } ++ // else if (keySpec instanceof DHPublicKeySpec) ++ // { ++ // return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec); ++ // } ++ // END android-removed + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } +@@ -669,14 +696,16 @@ + throw new InvalidKeySpecException(e.toString()); + } + } +- else if (keySpec instanceof ECPrivateKeySpec) +- { +- return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec); +- } +- else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) +- { +- return new JCEECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec); +- } ++ // BEGIN android-removed ++ // else if (keySpec instanceof ECPrivateKeySpec) ++ // { ++ // return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec); ++ // } ++ // else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) ++ // { ++ // return new JCEECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec); ++ // } ++ // END android-removed + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } +@@ -697,14 +726,16 @@ + throw new InvalidKeySpecException(e.toString()); + } + } +- else if (keySpec instanceof ECPublicKeySpec) +- { +- return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec); +- } +- else if (keySpec instanceof java.security.spec.ECPublicKeySpec) +- { +- return new JCEECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec); +- } ++ // BEGIN android-removed ++ // else if (keySpec instanceof ECPublicKeySpec) ++ // { ++ // return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec); ++ // } ++ // else if (keySpec instanceof java.security.spec.ECPublicKeySpec) ++ // { ++ // return new JCEECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec); ++ // } ++ // END android-removed + + throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-05-17 00:17:35.000000000 -0700 +@@ -18,31 +18,37 @@ + import javax.crypto.spec.DHParameterSpec; + + import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +-import org.bouncycastle.asn1.nist.NISTNamedCurves; +-import org.bouncycastle.asn1.sec.SECNamedCurves; +-import org.bouncycastle.asn1.x9.X962NamedCurves; +-import org.bouncycastle.asn1.x9.X9ECParameters; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// import org.bouncycastle.asn1.nist.NISTNamedCurves; ++// import org.bouncycastle.asn1.sec.SECNamedCurves; ++// import org.bouncycastle.asn1.x9.X962NamedCurves; ++// import org.bouncycastle.asn1.x9.X9ECParameters; ++// END android-removed + import org.bouncycastle.crypto.AsymmetricCipherKeyPair; + import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator; + import org.bouncycastle.crypto.generators.DHParametersGenerator; + import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; + import org.bouncycastle.crypto.generators.DSAParametersGenerator; +-import org.bouncycastle.crypto.generators.ECKeyPairGenerator; +-import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; +-import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; +-import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.generators.ECKeyPairGenerator; ++// import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; ++// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; ++// import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; ++// END android-removed + import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; + import org.bouncycastle.crypto.params.*; +-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; +-import org.bouncycastle.jce.spec.ECNamedCurveSpec; +-import org.bouncycastle.jce.spec.ECParameterSpec; +-import org.bouncycastle.jce.spec.ElGamalParameterSpec; +-import org.bouncycastle.jce.spec.GOST3410ParameterSpec; +-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; +-import org.bouncycastle.math.ec.ECCurve; +-import org.bouncycastle.math.ec.ECFieldElement; +-import org.bouncycastle.math.ec.ECPoint; ++// BEGIN android-removed ++// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; ++// import org.bouncycastle.jce.spec.ECNamedCurveSpec; ++// import org.bouncycastle.jce.spec.ECParameterSpec; ++// import org.bouncycastle.jce.spec.ElGamalParameterSpec; ++// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; ++// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; ++// import org.bouncycastle.math.ec.ECCurve; ++// import org.bouncycastle.math.ec.ECFieldElement; ++// import org.bouncycastle.math.ec.ECPoint; ++// END android-removed + + public abstract class JDKKeyPairGenerator + extends KeyPairGenerator +@@ -237,377 +243,379 @@ + } + } + +- public static class ElGamal +- extends JDKKeyPairGenerator +- { +- ElGamalKeyGenerationParameters param; +- ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); +- int strength = 1024; +- int certainty = 20; +- SecureRandom random = new SecureRandom(); +- boolean initialised = false; +- +- public ElGamal() +- { +- super("ElGamal"); +- } +- +- public void initialize( +- int strength, +- SecureRandom random) +- { +- this.strength = strength; +- this.random = random; +- } +- +- public void initialize( +- AlgorithmParameterSpec params, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) +- { +- throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); +- } +- +- if (params instanceof ElGamalParameterSpec) +- { +- ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; +- +- param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); +- } +- else +- { +- DHParameterSpec dhParams = (DHParameterSpec)params; +- +- param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG())); +- } +- +- engine.init(param); +- initialised = true; +- } +- +- public KeyPair generateKeyPair() +- { +- if (!initialised) +- { +- ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); +- +- pGen.init(strength, certainty, random); +- param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); +- engine.init(param); +- initialised = true; +- } +- +- AsymmetricCipherKeyPair pair = engine.generateKeyPair(); +- ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); +- ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); +- +- return new KeyPair(new JCEElGamalPublicKey(pub), +- new JCEElGamalPrivateKey(priv)); +- } +- } +- +- public static class GOST3410 +- extends JDKKeyPairGenerator +- { +- GOST3410KeyGenerationParameters param; +- GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); +- GOST3410ParameterSpec gost3410Params; +- int strength = 1024; +- SecureRandom random = null; +- boolean initialised = false; +- +- public GOST3410() +- { +- super("GOST3410"); +- } +- +- public void initialize( +- int strength, +- SecureRandom random) +- { +- this.strength = strength; +- this.random = random; +- } +- +- private void init( +- GOST3410ParameterSpec gParams, +- SecureRandom random) +- { +- GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); +- +- param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); +- +- engine.init(param); +- +- initialised = true; +- gost3410Params = gParams; +- } +- +- public void initialize( +- AlgorithmParameterSpec params, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- if (!(params instanceof GOST3410ParameterSpec)) +- { +- throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); +- } +- +- init((GOST3410ParameterSpec)params, random); +- } +- +- public KeyPair generateKeyPair() +- { +- if (!initialised) +- { +- init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); +- } +- +- AsymmetricCipherKeyPair pair = engine.generateKeyPair(); +- GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); +- GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); +- +- return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params)); +- } +- } +- +- public static class EC +- extends JDKKeyPairGenerator +- { +- ECKeyGenerationParameters param; +- ECKeyPairGenerator engine = new ECKeyPairGenerator(); +- Object ecParams = null; +- int strength = 239; +- int certainty = 50; +- SecureRandom random = new SecureRandom(); +- boolean initialised = false; +- String algorithm; +- +- static private Hashtable ecParameters; +- +- static { +- ecParameters = new Hashtable(); +- +- ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); +- ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1")); +- ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); +- } +- +- public EC() +- { +- super("EC"); +- this.algorithm = "EC"; +- } +- +- public EC( +- String algorithm) +- { +- super(algorithm); +- this.algorithm = algorithm; +- } +- +- public void initialize( +- int strength, +- SecureRandom random) +- { +- this.strength = strength; +- this.random = random; +- this.ecParams = (ECGenParameterSpec)ecParameters.get(new Integer(strength)); +- +- if (ecParams != null) +- { +- try +- { +- initialize((ECGenParameterSpec)ecParams, random); +- } +- catch (InvalidAlgorithmParameterException e) +- { +- throw new InvalidParameterException("key size not configurable."); +- } +- } +- else +- { +- throw new InvalidParameterException("unknown key size."); +- } +- } +- +- public void initialize( +- AlgorithmParameterSpec params, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- if (params instanceof ECParameterSpec) +- { +- ECParameterSpec p = (ECParameterSpec)params; +- this.ecParams = params; +- +- param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); +- +- engine.init(param); +- initialised = true; +- } +- else if (params instanceof java.security.spec.ECParameterSpec) +- { +- java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params; +- this.ecParams = params; +- +- ECCurve curve; +- ECPoint g; +- ECField field = p.getCurve().getField(); +- +- if (field instanceof ECFieldFp) +- { +- curve = new ECCurve.Fp(((ECFieldFp)p.getCurve().getField()).getP(), p.getCurve().getA(), p.getCurve().getB()); +- g = new ECPoint.Fp(curve, new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineX()), new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineY())); +- } +- else +- { +- ECFieldF2m fieldF2m = (ECFieldF2m)field; +- int m = fieldF2m.getM(); +- int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); +- curve = new ECCurve.F2m(m, ks[0], ks[1], ks[2], p.getCurve().getA(), p.getCurve().getB()); +- g = new ECPoint.F2m(curve, new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineX()), new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineY()), false); +- } +- param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); +- +- engine.init(param); +- initialised = true; +- } +- else if (params instanceof ECGenParameterSpec) +- { +- if (this.algorithm.equals("ECGOST3410")) +- { +- ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(((ECGenParameterSpec)params).getName()); +- if (ecP == null) +- { +- throw new InvalidAlgorithmParameterException("unknown curve name: " + ((ECGenParameterSpec)params).getName()); +- } +- +- this.ecParams = new ECNamedCurveParameterSpec( +- ((ECGenParameterSpec)params).getName(), +- ecP.getCurve(), +- ecP.getG(), +- ecP.getN(), +- ecP.getH(), +- ecP.getSeed()); +- } +- else +- { +- X9ECParameters ecP = X962NamedCurves.getByName(((ECGenParameterSpec)params).getName()); +- if (ecP == null) +- { +- ecP = SECNamedCurves.getByName(((ECGenParameterSpec)params).getName()); +- if (ecP == null) +- { +- ecP = NISTNamedCurves.getByName(((ECGenParameterSpec)params).getName()); +- } +- if (ecP == null) +- { +- throw new InvalidAlgorithmParameterException("unknown curve name: " + ((ECGenParameterSpec)params).getName()); +- } +- } +- +- this.ecParams = new ECNamedCurveSpec( +- ((ECGenParameterSpec)params).getName(), +- ecP.getCurve(), +- ecP.getG(), +- ecP.getN(), +- ecP.getH(), +- ecP.getSeed()); +- } +- +- java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; +- ECCurve curve; +- ECPoint g; +- ECField field = p.getCurve().getField(); +- +- if (field instanceof ECFieldFp) +- { +- curve = new ECCurve.Fp(((ECFieldFp)p.getCurve().getField()).getP(), p.getCurve().getA(), p.getCurve().getB()); +- g = new ECPoint.Fp(curve, new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineX()), new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineY())); +- } +- else +- { +- ECFieldF2m fieldF2m = (ECFieldF2m)field; +- int m = fieldF2m.getM(); +- int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); +- curve = new ECCurve.F2m(m, ks[0], ks[1], ks[2], p.getCurve().getA(), p.getCurve().getB()); +- g = new ECPoint.F2m(curve, new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineX()), new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineY()), false); +- } +- +- param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); +- +- engine.init(param); +- initialised = true; +- } +- else +- { +- throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec"); +- } +- } +- +- public KeyPair generateKeyPair() +- { +- if (!initialised) +- { +- throw new IllegalStateException("EC Key Pair Generator not initialised"); +- } +- +- AsymmetricCipherKeyPair pair = engine.generateKeyPair(); +- ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic(); +- ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate(); +- +- if (ecParams instanceof ECParameterSpec) +- { +- ECParameterSpec p = (ECParameterSpec)ecParams; +- +- return new KeyPair(new JCEECPublicKey(algorithm, pub, p), +- new JCEECPrivateKey(algorithm, priv, p)); +- } +- else +- { +- java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; +- +- return new KeyPair(new JCEECPublicKey(algorithm, pub, p), new JCEECPrivateKey(algorithm, priv, p)); +- } +- } +- } +- +- public static class ECDSA +- extends EC +- { +- public ECDSA() +- { +- super("ECDSA"); +- } +- } +- +- public static class ECGOST3410 +- extends EC +- { +- public ECGOST3410() +- { +- super("ECGOST3410"); +- } +- } +- +- public static class ECDH +- extends EC +- { +- public ECDH() +- { +- super("ECDH"); +- } +- } +- +- public static class ECDHC +- extends EC +- { +- public ECDHC() +- { +- super("ECDHC"); +- } +- } ++// BEGIN android-removed ++// public static class ElGamal ++// extends JDKKeyPairGenerator ++// { ++// ElGamalKeyGenerationParameters param; ++// ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); ++// int strength = 1024; ++// int certainty = 20; ++// SecureRandom random = new SecureRandom(); ++// boolean initialised = false; ++// ++// public ElGamal() ++// { ++// super("ElGamal"); ++// } ++// ++// public void initialize( ++// int strength, ++// SecureRandom random) ++// { ++// this.strength = strength; ++// this.random = random; ++// } ++// ++// public void initialize( ++// AlgorithmParameterSpec params, ++// SecureRandom random) ++// throws InvalidAlgorithmParameterException ++// { ++// if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) ++// { ++// throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); ++// } ++// ++// if (params instanceof ElGamalParameterSpec) ++// { ++// ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; ++// ++// param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); ++// } ++// else ++// { ++// DHParameterSpec dhParams = (DHParameterSpec)params; ++// ++// param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG())); ++// } ++// ++// engine.init(param); ++// initialised = true; ++// } ++// ++// public KeyPair generateKeyPair() ++// { ++// if (!initialised) ++// { ++// ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); ++// ++// pGen.init(strength, certainty, random); ++// param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); ++// engine.init(param); ++// initialised = true; ++// } ++// ++// AsymmetricCipherKeyPair pair = engine.generateKeyPair(); ++// ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); ++// ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); ++// ++// return new KeyPair(new JCEElGamalPublicKey(pub), ++// new JCEElGamalPrivateKey(priv)); ++// } ++// } ++// ++// public static class GOST3410 ++// extends JDKKeyPairGenerator ++// { ++// GOST3410KeyGenerationParameters param; ++// GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); ++// GOST3410ParameterSpec gost3410Params; ++// int strength = 1024; ++// SecureRandom random = null; ++// boolean initialised = false; ++// ++// public GOST3410() ++// { ++// super("GOST3410"); ++// } ++// ++// public void initialize( ++// int strength, ++// SecureRandom random) ++// { ++// this.strength = strength; ++// this.random = random; ++// } ++// ++// private void init( ++// GOST3410ParameterSpec gParams, ++// SecureRandom random) ++// { ++// GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); ++// ++// param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); ++// ++// engine.init(param); ++// ++// initialised = true; ++// gost3410Params = gParams; ++// } ++// ++// public void initialize( ++// AlgorithmParameterSpec params, ++// SecureRandom random) ++// throws InvalidAlgorithmParameterException ++// { ++// if (!(params instanceof GOST3410ParameterSpec)) ++// { ++// throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); ++// } ++// ++// init((GOST3410ParameterSpec)params, random); ++// } ++// ++// public KeyPair generateKeyPair() ++// { ++// if (!initialised) ++// { ++// init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); ++// } ++// ++// AsymmetricCipherKeyPair pair = engine.generateKeyPair(); ++// GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); ++// GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); ++// ++// return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params)); ++// } ++// } ++// ++// public static class EC ++// extends JDKKeyPairGenerator ++// { ++// ECKeyGenerationParameters param; ++// ECKeyPairGenerator engine = new ECKeyPairGenerator(); ++// Object ecParams = null; ++// int strength = 239; ++// int certainty = 50; ++// SecureRandom random = new SecureRandom(); ++// boolean initialised = false; ++// String algorithm; ++// ++// static private Hashtable ecParameters; ++// ++// static { ++// ecParameters = new Hashtable(); ++// ++// ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); ++// ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1")); ++// ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); ++// } ++// ++// public EC() ++// { ++// super("EC"); ++// this.algorithm = "EC"; ++// } ++// ++// public EC( ++// String algorithm) ++// { ++// super(algorithm); ++// this.algorithm = algorithm; ++// } ++// ++// public void initialize( ++// int strength, ++// SecureRandom random) ++// { ++// this.strength = strength; ++// this.random = random; ++// this.ecParams = (ECGenParameterSpec)ecParameters.get(Integer.valueOf(strength)); ++// ++// if (ecParams != null) ++// { ++// try ++// { ++// initialize((ECGenParameterSpec)ecParams, random); ++// } ++// catch (InvalidAlgorithmParameterException e) ++// { ++// throw new InvalidParameterException("key size not configurable."); ++// } ++// } ++// else ++// { ++// throw new InvalidParameterException("unknown key size."); ++// } ++// } ++// ++// public void initialize( ++// AlgorithmParameterSpec params, ++// SecureRandom random) ++// throws InvalidAlgorithmParameterException ++// { ++// if (params instanceof ECParameterSpec) ++// { ++// ECParameterSpec p = (ECParameterSpec)params; ++// this.ecParams = params; ++// ++// param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); ++// ++// engine.init(param); ++// initialised = true; ++// } ++// else if (params instanceof java.security.spec.ECParameterSpec) ++// { ++// java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params; ++// this.ecParams = params; ++// ++// ECCurve curve; ++// ECPoint g; ++// ECField field = p.getCurve().getField(); ++// ++// if (field instanceof ECFieldFp) ++// { ++// curve = new ECCurve.Fp(((ECFieldFp)p.getCurve().getField()).getP(), p.getCurve().getA(), p.getCurve().getB()); ++// g = new ECPoint.Fp(curve, new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineX()), new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineY())); ++// } ++// else ++// { ++// ECFieldF2m fieldF2m = (ECFieldF2m)field; ++// int m = fieldF2m.getM(); ++// int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); ++// curve = new ECCurve.F2m(m, ks[0], ks[1], ks[2], p.getCurve().getA(), p.getCurve().getB()); ++// g = new ECPoint.F2m(curve, new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineX()), new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineY()), false); ++// } ++// param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); ++// ++// engine.init(param); ++// initialised = true; ++// } ++// else if (params instanceof ECGenParameterSpec) ++// { ++// if (this.algorithm.equals("ECGOST3410")) ++// { ++// ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(((ECGenParameterSpec)params).getName()); ++// if (ecP == null) ++// { ++// throw new InvalidAlgorithmParameterException("unknown curve name: " + ((ECGenParameterSpec)params).getName()); ++// } ++// ++// this.ecParams = new ECNamedCurveParameterSpec( ++// ((ECGenParameterSpec)params).getName(), ++// ecP.getCurve(), ++// ecP.getG(), ++// ecP.getN(), ++// ecP.getH(), ++// ecP.getSeed()); ++// } ++// else ++// { ++// X9ECParameters ecP = X962NamedCurves.getByName(((ECGenParameterSpec)params).getName()); ++// if (ecP == null) ++// { ++// ecP = SECNamedCurves.getByName(((ECGenParameterSpec)params).getName()); ++// if (ecP == null) ++// { ++// ecP = NISTNamedCurves.getByName(((ECGenParameterSpec)params).getName()); ++// } ++// if (ecP == null) ++// { ++// throw new InvalidAlgorithmParameterException("unknown curve name: " + ((ECGenParameterSpec)params).getName()); ++// } ++// } ++// ++// this.ecParams = new ECNamedCurveSpec( ++// ((ECGenParameterSpec)params).getName(), ++// ecP.getCurve(), ++// ecP.getG(), ++// ecP.getN(), ++// ecP.getH(), ++// ecP.getSeed()); ++// } ++// ++// java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; ++// ECCurve curve; ++// ECPoint g; ++// ECField field = p.getCurve().getField(); ++// ++// if (field instanceof ECFieldFp) ++// { ++// curve = new ECCurve.Fp(((ECFieldFp)p.getCurve().getField()).getP(), p.getCurve().getA(), p.getCurve().getB()); ++// g = new ECPoint.Fp(curve, new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineX()), new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineY())); ++// } ++// else ++// { ++// ECFieldF2m fieldF2m = (ECFieldF2m)field; ++// int m = fieldF2m.getM(); ++// int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); ++// curve = new ECCurve.F2m(m, ks[0], ks[1], ks[2], p.getCurve().getA(), p.getCurve().getB()); ++// g = new ECPoint.F2m(curve, new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineX()), new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineY()), false); ++// } ++// ++// param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); ++// ++// engine.init(param); ++// initialised = true; ++// } ++// else ++// { ++// throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec"); ++// } ++// } ++// ++// public KeyPair generateKeyPair() ++// { ++// if (!initialised) ++// { ++// throw new IllegalStateException("EC Key Pair Generator not initialised"); ++// } ++// ++// AsymmetricCipherKeyPair pair = engine.generateKeyPair(); ++// ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic(); ++// ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate(); ++// ++// if (ecParams instanceof ECParameterSpec) ++// { ++// ECParameterSpec p = (ECParameterSpec)ecParams; ++// ++// return new KeyPair(new JCEECPublicKey(algorithm, pub, p), ++// new JCEECPrivateKey(algorithm, priv, p)); ++// } ++// else ++// { ++// java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; ++// ++// return new KeyPair(new JCEECPublicKey(algorithm, pub, p), new JCEECPrivateKey(algorithm, priv, p)); ++// } ++// } ++// } ++// ++// public static class ECDSA ++// extends EC ++// { ++// public ECDSA() ++// { ++// super("ECDSA"); ++// } ++// } ++// ++// public static class ECGOST3410 ++// extends EC ++// { ++// public ECGOST3410() ++// { ++// super("ECGOST3410"); ++// } ++// } ++// ++// public static class ECDH ++// extends EC ++// { ++// public ECDH() ++// { ++// super("ECDH"); ++// } ++// } ++// ++// public static class ECDHC ++// extends EC ++// { ++// public ECDHC() ++// { ++// super("ECDHC"); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKKeyStore.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-05-25 13:47:02.000000000 -0700 +@@ -27,9 +27,15 @@ + import javax.crypto.spec.PBEParameterSpec; + import javax.crypto.spec.SecretKeySpec; + ++// BEGIN android-added ++import org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigest; ++ ++// END android-added + import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.PBEParametersGenerator; +-import org.bouncycastle.crypto.digests.SHA1Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// END android-removed + import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; + import org.bouncycastle.crypto.io.DigestInputStream; + import org.bouncycastle.crypto.io.DigestOutputStream; +@@ -840,9 +846,16 @@ + + int iterationCount = dIn.readInt(); + +- HMac hMac = new HMac(new SHA1Digest()); ++// BEGIN android-removed ++// HMac hMac = new HMac(new SHA1Digest()); ++// MacInputStream mIn = new MacInputStream(dIn, hMac); ++// PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); ++// END android-removed ++// BEGIN android-added ++ HMac hMac = new HMac(OpenSSLMessageDigest.getInstance("SHA-1")); + MacInputStream mIn = new MacInputStream(dIn, hMac); +- PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); ++ PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(OpenSSLMessageDigest.getInstance("SHA-1")); ++// END android-added + byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); + + pbeGen.init(passKey, salt, iterationCount); +@@ -891,9 +904,16 @@ + dOut.write(salt); + dOut.writeInt(iterationCount); + +- HMac hMac = new HMac(new SHA1Digest()); ++// BEGIN android-removed ++// HMac hMac = new HMac(new SHA1Digest()); ++// MacOutputStream mOut = new MacOutputStream(dOut, hMac); ++// PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); ++// END android-removed ++// BEGIN android-added ++ HMac hMac = new HMac(OpenSSLMessageDigest.getInstance("SHA-1")); + MacOutputStream mOut = new MacOutputStream(dOut, hMac); +- PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); ++ PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(OpenSSLMessageDigest.getInstance("SHA-1")); ++// END android-added + byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); + + pbeGen.init(passKey, salt, iterationCount); +@@ -979,9 +999,14 @@ + } + + CipherInputStream cIn = new CipherInputStream(dIn, cipher); +- +- DigestInputStream dgIn = new DigestInputStream(cIn, new SHA1Digest()); +- ++ ++// BEGIN android-removed ++// DigestInputStream dgIn = new DigestInputStream(cIn, new SHA1Digest()); ++// END android-removed ++// BEGIN android-added ++ DigestInputStream dgIn = new DigestInputStream(cIn, OpenSSLMessageDigest.getInstance("SHA-1")); ++// END android-added ++ + this.loadStore(dgIn); + + Digest dig = dgIn.getDigest(); +@@ -1022,8 +1047,12 @@ + cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); + + CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); +- DigestOutputStream dgOut = new DigestOutputStream(cOut, new SHA1Digest()); +- ++// BEGIN android-removed ++// DigestOutputStream dgOut = new DigestOutputStream(cOut, new SHA1Digest()); ++// END android-removed ++// BEGIN android-added ++ DigestOutputStream dgOut = new DigestOutputStream(cOut, OpenSSLMessageDigest.getInstance("SHA-1")); ++//END android-added + this.saveStore(dgOut); + + Digest dig = dgOut.getDigest(); +@@ -1035,5 +1064,5 @@ + + cOut.close(); + } +- } ++ } + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKMessageDigest.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-04-30 10:57:26.000000000 -0700 +@@ -144,43 +144,45 @@ + } + } + +- static public class MD2 +- extends JDKMessageDigest +- implements Cloneable +- { +- public MD2() +- { +- super(new MD2Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- MD2 d = (MD2)super.clone(); +- d.digest = new MD2Digest((MD2Digest)digest); +- +- return d; +- } +- } +- +- static public class MD4 +- extends JDKMessageDigest +- implements Cloneable +- { +- public MD4() +- { +- super(new MD4Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- MD4 d = (MD4)super.clone(); +- d.digest = new MD4Digest((MD4Digest)digest); +- +- return d; +- } +- } ++// BEGIN android-removed ++// static public class MD2 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public MD2() ++// { ++// super(new MD2Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// MD2 d = (MD2)super.clone(); ++// d.digest = new MD2Digest((MD2Digest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class MD4 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public MD4() ++// { ++// super(new MD4Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// MD4 d = (MD4)super.clone(); ++// d.digest = new MD4Digest((MD4Digest)digest); ++// ++// return d; ++// } ++// } ++// END android-removed + + static public class MD5 + extends JDKMessageDigest +@@ -201,136 +203,138 @@ + } + } + +- static public class RIPEMD128 +- extends JDKMessageDigest +- implements Cloneable +- { +- public RIPEMD128() +- { +- super(new RIPEMD128Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- RIPEMD128 d = (RIPEMD128)super.clone(); +- d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); +- +- return d; +- } +- } +- +- static public class RIPEMD160 +- extends JDKMessageDigest +- implements Cloneable +- { +- public RIPEMD160() +- { +- super(new RIPEMD160Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- RIPEMD160 d = (RIPEMD160)super.clone(); +- d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); +- +- return d; +- } +- } +- +- static public class RIPEMD256 +- extends JDKMessageDigest +- implements Cloneable +- { +- public RIPEMD256() +- { +- super(new RIPEMD256Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- RIPEMD256 d = (RIPEMD256)super.clone(); +- d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); +- +- return d; +- } +- } +- +- static public class RIPEMD320 +- extends JDKMessageDigest +- implements Cloneable +- { +- public RIPEMD320() +- { +- super(new RIPEMD320Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- RIPEMD320 d = (RIPEMD320)super.clone(); +- d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); +- +- return d; +- } +- } +- +- static public class Tiger +- extends JDKMessageDigest +- implements Cloneable +- { +- public Tiger() +- { +- super(new TigerDigest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- Tiger d = (Tiger)super.clone(); +- d.digest = new TigerDigest((TigerDigest)digest); +- +- return d; +- } +- } +- +- static public class GOST3411 +- extends JDKMessageDigest +- implements Cloneable +- { +- public GOST3411() +- { +- super(new GOST3411Digest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- GOST3411 d = (GOST3411)super.clone(); +- d.digest = new GOST3411Digest((GOST3411Digest)digest); +- +- return d; +- } +- } +- +- static public class Whirlpool +- extends JDKMessageDigest +- implements Cloneable +- { +- public Whirlpool() +- { +- super(new WhirlpoolDigest()); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- Whirlpool d = (Whirlpool)super.clone(); +- d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); +- +- return d; +- } +- } ++// BEGIN android-removed ++// static public class RIPEMD128 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public RIPEMD128() ++// { ++// super(new RIPEMD128Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// RIPEMD128 d = (RIPEMD128)super.clone(); ++// d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class RIPEMD160 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public RIPEMD160() ++// { ++// super(new RIPEMD160Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// RIPEMD160 d = (RIPEMD160)super.clone(); ++// d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class RIPEMD256 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public RIPEMD256() ++// { ++// super(new RIPEMD256Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// RIPEMD256 d = (RIPEMD256)super.clone(); ++// d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class RIPEMD320 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public RIPEMD320() ++// { ++// super(new RIPEMD320Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// RIPEMD320 d = (RIPEMD320)super.clone(); ++// d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class Tiger ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public Tiger() ++// { ++// super(new TigerDigest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// Tiger d = (Tiger)super.clone(); ++// d.digest = new TigerDigest((TigerDigest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class GOST3411 ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public GOST3411() ++// { ++// super(new GOST3411Digest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// GOST3411 d = (GOST3411)super.clone(); ++// d.digest = new GOST3411Digest((GOST3411Digest)digest); ++// ++// return d; ++// } ++// } ++// ++// static public class Whirlpool ++// extends JDKMessageDigest ++// implements Cloneable ++// { ++// public Whirlpool() ++// { ++// super(new WhirlpoolDigest()); ++// } ++// ++// public Object clone() ++// throws CloneNotSupportedException ++// { ++// Whirlpool d = (Whirlpool)super.clone(); ++// d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); ++// ++// return d; ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-04-30 10:57:26.000000000 -0700 +@@ -1471,7 +1471,9 @@ + + byte[] res = mac.doFinal(); + +- AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, new DERNull()); ++ // BEGIN android-changed ++ AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.THE_ONE); ++ // END android-changed + DigestInfo dInfo = new DigestInfo(algId, res); + + mData = new MacData(dInfo, mSalt, itCount); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk15-134/org/bouncycastle/jce/provider/PBE.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/PBE.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/PBE.java 2010-04-30 10:57:26.000000000 -0700 +@@ -8,10 +8,14 @@ + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.PBEParametersGenerator; + import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// END android-removed + import org.bouncycastle.crypto.digests.SHA1Digest; + import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.TigerDigest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.TigerDigest; ++// END android-removed + import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; +@@ -75,12 +79,14 @@ + case SHA1: + generator = new PKCS12ParametersGenerator(new SHA1Digest()); + break; +- case RIPEMD160: +- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); +- break; +- case TIGER: +- generator = new PKCS12ParametersGenerator(new TigerDigest()); +- break; ++ // BEGIN android-removed ++ // case RIPEMD160: ++ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); ++ // break; ++ // case TIGER: ++ // generator = new PKCS12ParametersGenerator(new TigerDigest()); ++ // break; ++ // END android-removed + case SHA256: + generator = new PKCS12ParametersGenerator(new SHA256Digest()); + break; +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk15-134/org/bouncycastle/jce/provider/PKIXCertPath.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-04-30 10:57:26.000000000 -0700 +@@ -34,7 +34,9 @@ + import org.bouncycastle.asn1.pkcs.ContentInfo; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.SignedData; +-import org.bouncycastle.openssl.PEMWriter; ++// BEGIN android-removed ++// import org.bouncycastle.openssl.PEMWriter; ++// END android-removed + + /** + * CertPath implementation for X.509 certificates. +@@ -307,27 +309,29 @@ + return toDEREncoded(new ContentInfo( + PKCSObjectIdentifiers.signedData, sd)); + } +- else if (encoding.equalsIgnoreCase("PEM")) +- { +- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); +- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); +- +- try +- { +- for (int i = 0; i != certificates.size(); i++) +- { +- pWrt.writeObject(certificates.get(i)); +- } +- +- pWrt.close(); +- } +- catch (Exception e) +- { +- throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); +- } +- +- return bOut.toByteArray(); +- } ++ // BEGIN android-removed ++ // else if (encoding.equalsIgnoreCase("PEM")) ++ // { ++ // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++ // PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); ++ // ++ // try ++ // { ++ // for (int i = 0; i != certificates.size(); i++) ++ // { ++ // pWrt.writeObject(certificates.get(i)); ++ // } ++ // ++ // pWrt.close(); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); ++ // } ++ // ++ // return bOut.toByteArray(); ++ // } ++ // END android-removed + else + { + throw new CertificateEncodingException("unsupported encoding: " + encoding); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15-134/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-04-30 10:57:26.000000000 -0700 +@@ -21,6 +21,7 @@ + import java.security.cert.X509CRLSelector; + import java.security.cert.X509Certificate; + import java.util.ArrayList; ++import java.util.Arrays; + import java.util.Date; + import java.util.Enumeration; + import java.util.HashMap; +@@ -136,7 +137,12 @@ + // + // (d) + // +- TrustAnchor trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate)certs.get(certs.size() - 1), certPath, certs.size() - 1, paramsPKIX.getTrustAnchors()); ++ X509Certificate lastCert = (X509Certificate)certs.get(certs.size() - 1); ++ ++// BEGIN android-changed ++ TrustAnchor trust = CertPathValidatorUtilities.findTrustAnchor(lastCert, ++ certPath, certs.size() - 1, paramsPKIX); ++// END android-changed + + if (trust == null) + { +@@ -150,10 +156,6 @@ + Iterator certIter; + int index = 0; + int i; +- //Certificate for each interation of the validation loop +- //Signature information for each iteration of the validation loop +- Set subTreeContraints = new HashSet(); +- Set subTreeExcludes = new HashSet(); + + // + // 6.1.2 - setup +@@ -240,12 +242,22 @@ + X500Principal workingIssuerName; + + X509Certificate sign = trust.getTrustedCert(); ++ boolean trustAnchorInChain = false; + try + { + if (sign != null) + { + workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); + workingPublicKey = sign.getPublicKey(); ++ ++ // There is similar code in CertPathValidatorUtilities. ++ try { ++ byte[] trustBytes = sign.getEncoded(); ++ byte[] certBytes = lastCert.getEncoded(); ++ trustAnchorInChain = Arrays.equals(trustBytes, certBytes); ++ } catch(Exception e) { ++ // ignore, continue with trustAnchorInChain being false ++ } + } + else + { +@@ -261,7 +273,7 @@ + AlgorithmIdentifier workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey); + DERObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getObjectId(); + DEREncodable workingPublicKeyParameters = workingAlgId.getParameters(); +- ++ + // + // (k) + // +@@ -320,7 +332,10 @@ + { + // (a) (1) + // +- cert.verify(workingPublicKey, "BC"); ++ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate ++ { ++ cert.verify(workingPublicKey, "BC"); ++ } + } + catch (GeneralSecurityException e) + { +@@ -602,12 +617,15 @@ + // 6.1.4 + // + +- if (i != n) ++ if (i != n) // if not at the end-entity certificate + { + if (cert != null && cert.getVersion() == 1) + { +- throw new CertPathValidatorException( +- "Version 1 certs can't be used as CA ones"); ++ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate ++ { ++ throw new CertPathValidatorException( ++ "Version 1 certs can't be used as intermediate certificates"); ++ } + } + + // +@@ -925,7 +943,10 @@ + } + else + { +- throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints"); ++ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate ++ { ++ throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints"); ++ } + } + + // +@@ -974,39 +995,42 @@ + // + // (o) + // +- Set criticalExtensions = new HashSet(cert.getCriticalExtensionOIDs()); +- // these extensions are handle by the algorithem +- criticalExtensions.remove(KEY_USAGE); +- criticalExtensions.remove(CERTIFICATE_POLICIES); +- criticalExtensions.remove(POLICY_MAPPINGS); +- criticalExtensions.remove(INHIBIT_ANY_POLICY); +- criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); +- criticalExtensions.remove(DELTA_CRL_INDICATOR); +- criticalExtensions.remove(POLICY_CONSTRAINTS); +- criticalExtensions.remove(BASIC_CONSTRAINTS); +- criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); +- criticalExtensions.remove(NAME_CONSTRAINTS); +- +- tmpIter = pathCheckers.iterator(); +- while (tmpIter.hasNext()) ++ if (cert.getCriticalExtensionOIDs() != null) + { +- try ++ Set criticalExtensions = new HashSet(cert.getCriticalExtensionOIDs()); ++ // these extensions are handle by the algorithem ++ criticalExtensions.remove(KEY_USAGE); ++ criticalExtensions.remove(CERTIFICATE_POLICIES); ++ criticalExtensions.remove(POLICY_MAPPINGS); ++ criticalExtensions.remove(INHIBIT_ANY_POLICY); ++ criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); ++ criticalExtensions.remove(DELTA_CRL_INDICATOR); ++ criticalExtensions.remove(POLICY_CONSTRAINTS); ++ criticalExtensions.remove(BASIC_CONSTRAINTS); ++ criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); ++ criticalExtensions.remove(NAME_CONSTRAINTS); ++ ++ tmpIter = pathCheckers.iterator(); ++ while (tmpIter.hasNext()) + { +- ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); ++ try ++ { ++ ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); ++ } ++ catch (CertPathValidatorException e) ++ { ++ throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index); ++ } + } +- catch (CertPathValidatorException e) ++ if (!criticalExtensions.isEmpty()) + { +- throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index); ++ throw new CertPathValidatorException( ++ "Certificate has unsupported critical extension", null, certPath, index); + } + } +- if (!criticalExtensions.isEmpty()) +- { +- throw new CertPathValidatorException( +- "Certificate has unsupported critical extension", null, certPath, index); +- } + } + +- // set signing certificate for next round ++ // set signing certificate for next round + sign = cert; + workingPublicKey = sign.getPublicKey(); + try +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk15-134/org/bouncycastle/jce/provider/WrapCipherSpi.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-04-30 10:57:26.000000000 -0700 +@@ -38,7 +38,9 @@ + import org.bouncycastle.crypto.Wrapper; + import org.bouncycastle.crypto.engines.AESWrapEngine; + import org.bouncycastle.crypto.engines.DESedeWrapEngine; +-import org.bouncycastle.crypto.engines.RC2WrapEngine; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.RC2WrapEngine; ++// END android-removed + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; + +@@ -248,16 +250,19 @@ + return null; + } + ++ // BEGIN android-changed ++ // added ShortBufferException to throws statement + protected int engineDoFinal( + byte[] input, + int inputOffset, + int inputLen, + byte[] output, + int outputOffset) +- throws IllegalBlockSizeException, BadPaddingException ++ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException + { + return 0; + } ++ // END android-changed + + protected byte[] engineWrap( + Key key) +@@ -290,8 +295,11 @@ + byte[] wrappedKey, + String wrappedKeyAlgorithm, + int wrappedKeyType) +- throws InvalidKeyException ++ throws InvalidKeyException, NoSuchAlgorithmException + { ++ // BEGIN android-note ++ // added ShortBufferException to throws statement ++ // END android-note + byte[] encoded = null; + try + { +@@ -337,15 +345,20 @@ + + DERObjectIdentifier oid = in.getAlgorithmId().getObjectId(); + +- if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey)) +- { +- privKey = new JCEECPrivateKey(in); +- } +- else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94)) +- { +- privKey = new JDKGOST3410PrivateKey(in); +- } +- else if (oid.equals(X9ObjectIdentifiers.id_dsa)) ++ // BEGIN android-removed ++ // if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey)) ++ // { ++ // privKey = new JCEECPrivateKey(in); ++ // } ++ // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94)) ++ // { ++ // privKey = new JDKGOST3410PrivateKey(in); ++ // } ++ // else if (oid.equals(X9ObjectIdentifiers.id_dsa)) ++ // END android-removed ++ // BEGIN android-added ++ if (oid.equals(X9ObjectIdentifiers.id_dsa)) ++ // END android-added + { + privKey = new JDKDSAPrivateKey(in); + } +@@ -388,10 +401,12 @@ + { + throw new InvalidKeyException("Unknown key type " + e.getMessage()); + } +- catch (NoSuchAlgorithmException e) +- { +- throw new InvalidKeyException("Unknown key type " + e.getMessage()); +- } ++ // BEGIN android-removed ++ // catch (NoSuchAlgorithmException e) ++ // { ++ // throw new InvalidKeyException("Unknown key type " + e.getMessage()); ++ // } ++ // END android-removed + catch (InvalidKeySpecException e2) + { + throw new InvalidKeyException("Unknown key type " + e2.getMessage()); +@@ -422,12 +437,14 @@ + } + } + +- public static class RC2Wrap +- extends WrapCipherSpi +- { +- public RC2Wrap() +- { +- super(new RC2WrapEngine()); +- } +- } ++// BEGIN android-removed ++// public static class RC2Wrap ++// extends WrapCipherSpi ++// { ++// public RC2Wrap() ++// { ++// super(new RC2WrapEngine()); ++// } ++// } ++// END android-removed + } +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15-134/org/bouncycastle/jce/provider/X509CertificateObject.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-04-30 10:57:26.000000000 -0700 +@@ -41,6 +41,9 @@ + import org.bouncycastle.asn1.DERInteger; + import org.bouncycastle.asn1.DERObjectIdentifier; + import org.bouncycastle.asn1.DEROutputStream; ++// BEGIN android-added ++import org.bouncycastle.asn1.OrderedTable; ++// END android-added + import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; + import org.bouncycastle.asn1.misc.NetscapeCertType; + import org.bouncycastle.asn1.misc.NetscapeRevocationURL; +@@ -61,8 +64,9 @@ + implements PKCS12BagAttributeCarrier + { + private X509CertificateStructure c; +- private Hashtable pkcs12Attributes = new Hashtable(); +- private Vector pkcs12Ordering = new Vector(); ++ // BEGIN android-changed ++ private OrderedTable pkcs12 = new OrderedTable(); ++ // END android-changed + + public X509CertificateObject( + X509CertificateStructure c) +@@ -538,23 +542,25 @@ + return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo()); + } + ++// BEGIN android-changed ++ private ByteArrayOutputStream encodedOut; + public byte[] getEncoded() +- throws CertificateEncodingException +- { +- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); +- DEROutputStream dOut = new DEROutputStream(bOut); +- +- try +- { +- dOut.writeObject(c); +- +- return bOut.toByteArray(); +- } +- catch (IOException e) +- { +- throw new CertificateEncodingException(e.toString()); ++ throws CertificateEncodingException { ++ synchronized (this) { ++ if (encodedOut == null) { ++ ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ++ DEROutputStream dOut = new DEROutputStream(bOut); ++ try { ++ dOut.writeObject(c); ++ encodedOut = bOut; ++ } catch (IOException e) { ++ throw new CertificateEncodingException(e.toString()); ++ } ++ } + } ++ return encodedOut.toByteArray(); + } ++// END android-changed + + public boolean equals( + Object o) +@@ -593,19 +599,24 @@ + DERObjectIdentifier oid, + DEREncodable attribute) + { +- pkcs12Attributes.put(oid, attribute); +- pkcs12Ordering.addElement(oid); ++ // BEGIN android-changed ++ pkcs12.add(oid, attribute); ++ // END android-changed + } + + public DEREncodable getBagAttribute( + DERObjectIdentifier oid) + { +- return (DEREncodable)pkcs12Attributes.get(oid); ++ // BEGIN android-changed ++ return (DEREncodable)pkcs12.get(oid); ++ // END android-changed + } + + public Enumeration getBagAttributeKeys() + { +- return pkcs12Ordering.elements(); ++ // BEGIN android-changed ++ return pkcs12.getKeys(); ++ // END android-changed + } + + public String toString() +@@ -711,7 +722,7 @@ + { + Signature signature = null; + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); +- ++ + try + { + signature = Signature.getInstance(sigName, "BC"); +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15-134/org/bouncycastle/jce/provider/X509SignatureUtil.java +--- bcprov-jdk15-134.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-04-30 10:57:26.000000000 -0700 +@@ -25,7 +25,9 @@ + + class X509SignatureUtil + { +- private static final ASN1Null derNull = new DERNull(); ++ // BEGIN android-changed ++ private static final ASN1Null derNull = DERNull.THE_ONE; ++ // END android-changed + + static void setSignatureParameters( + Signature signature, +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/x509/CertPathReviewerMessages_de.properties bcprov-jdk15-134/org/bouncycastle/x509/CertPathReviewerMessages_de.properties +--- bcprov-jdk15-134.orig/org/bouncycastle/x509/CertPathReviewerMessages_de.properties 2006-10-02 15:50:14.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/x509/CertPathReviewerMessages_de.properties 1969-12-31 16:00:00.000000000 -0800 +@@ -1,563 +0,0 @@ +- +-## constructor exceptions +- +-# cert path is empty +-CertPathReviewer.emptyCertPath.title = CertPath is empty +-CertPathReviewer.emptyCertPath.text = PKIXCertPathReviewer: the CertPath is empty. +-CertPathReviewer.emptyCertPath.summary = PKIXCertPathReviewer: the CertPath is empty. +-CertPathReviewer.emptyCertPath.details = PKIXCertPathReviewer: the CertPath is empty. +- +-## name constraints processing errors +- +-# cert DN is not in the permitted tree +-# {0} DN as String +-CertPathReviewer.notPermittedDN.title = Name constraint error: certificate DN is not permitted +-CertPathReviewer.notPermittedDN.text = Name constraint error: the certificate DN {0} is not permitted. +-CertPathReviewer.notPermittedDN.summary = Name constraint error: certificate DN is not permitted. +-CertPathReviewer.notPermittedDN.details = Name constraint checking error. The certificate DN {0} is not in the permitted set of DNs. +- +-# cert DN is in the excluded tree +-# {0} DN as String +-CertPathReviewer.excludedDN.title = Name constraint error: certificate DN is excluded +-CertPathReviewer.excludedDN.text = Name constraint error: The certificate DN {0} is excluded. +-CertPathReviewer.excludedDN.summary = Name constraint error: certificate DN is excluded. +-CertPathReviewer.excludedDN.details = Name constraint checking error. The certificate DN {0} is inside of the excluded set of DNs. +- +-# cert email is not in the permitted tree +-# {0} email address as String +-CertPathReviewer.notPermittedEmail.title = Name constraint error: not permitted email address +-CertPathReviewer.notPermittedEmail.text = Name constraint error: certificate contains the not permitted email address {0}. +-CertPathReviewer.notPermittedEmail.summary = Name constraint error: not permitted email address. +-CertPathReviewer.notPermittedEmail.details = Name constraint checking error. The certificate contains the email address {0} which is not in the permitted set of email addresses. +- +-# cert email is in the excluded tree +-# {0} email as String +-CertPathReviewer.excludedEmail.title = Name constraint error: excluded email address +-CertPathReviewer.excludedEmail.text = Name constraint error: certificate contains the excluded email address {0}. +-CertPathReviewer.excludedEmail.summary = Name constraint error: excluded email address. +-CertPathReviewer.excludedEmail.details = Name constraint checking error. The certificate contains the email address {0} which is in the excluded set of email addresses. +- +-# cert IP is not in the permitted tree +-# {0} ip address as String +-CertPathReviewer.notPermittedIP.title = Name constraint error: not permitted IP address +-CertPathReviewer.notPermittedIP.text = Name constraint error: certificate contains the not permitted IP address {0}. +-CertPathReviewer.notPermittedIP.summary = Name constraint error: not permitted IP address. +-CertPathReviewer.notPermittedIP.details = Name constraint checking error. The certificate contains the IP address {0} which is not in the permitted set of IP addresses. +- +-# cert ip is in the excluded tree +-# {0} ip address as String +-CertPathReviewer.excludedIP.title = Name constraint error: excluded IP address +-CertPathReviewer.excludedIP.text = Name constraint error: certificate contains the excluded IP address {0}. +-CertPathReviewer.excludedIP.summary = Name constraint error: excluded IP address. +-CertPathReviewer.excludedIP.details = Name constraint checking error. The certificate contains the IP address {0} which is in the excluded set of IP addresses. +- +-# error processing the name constraints extension +-CertPathReviewer.ncExtError.title = Name constraint checking failed +-CertPathReviewer.ncExtError.text = Name constraint checking failed: there was an error processing the name constraints extension of the certificate. +-CertPathReviewer.ncExtError.summary = Error processing the name constraints extension. +-CertPathReviewer.ncExtError.details = Name constraint checking failed: there was an error processing the name constraints extension of the certificate. +- +-# error processing the subject alternative name extension +-CertPathReviewer.subjAltNameExtError.title = Name constraint checking failed +-CertPathReviewer.subjAltNameExtError.text = Name constraint checking failed: there was an error processing the subject alernative name extension of the certificate. +-CertPathReviewer.subjAltNameExtError.summary = Error processing the subject alternative name extension. +-CertPathReviewer.subjAltNameExtError.details = Name constraint checking failed: there was an error processing the subject alternative name extension of the certificate. +- +-# exception extracting subject name when checking subtrees +-# {0} subject Principal +-CertPathReviewer.ncSubjectNameError.title = Name constraint checking failed +-CertPathReviewer.ncSubjectNameError.text = Name constraint checking failed: there was an exception extracting the DN from the certificate. +-CertPathReviewer.ncSubjectNameError.summary = Name constraint checking failed: exception extracting the DN. +-CertPathReviewer.ncSubjectNameError.details = Name constraint checking failed: there was an exception extracting the DN from the certificate. +- +- +-## path length errors +- +-# max path length extended +-CertPathReviewer.pathLenghtExtended.title = Maximum path length extended +-CertPathReviewer.pathLenghtExtended.text = Certificate path invalid: Maximum path length extended. +-CertPathReviewer.pathLenghtExtended.summary = Certificate path invalid: Maximum path length extended. +-CertPathReviewer.pathLenghtExtended.details = Certificate path invalid: Maximum path length extended. +- +-# error reading length constraint from basic constraint extension +-CertPathReviewer.processLengthConstError.title = Path length checking failed +-CertPathReviewer.processLengthConstError.text = Path length checking failed: there was an error processing the basic constraint extension of the certificate. +-CertPathReviewer.processLengthConstError.summary = Error processing the subject alternative name extension. +-CertPathReviewer.processLengthConstError.details = Path length checking failed: there was an error processing the basic constraint extension of the certificate. +- +- +-## path length notifications +- +-# total path length as defined in rfc 3280 +-# {0} the path length as Integer +-CertPathReviewer.totalPathLength.title = Total path length +-CertPathReviewer.totalPathLength.text = The total path length without self-signed certificates is {0}. +-CertPathReviewer.totalPathLength.summary = The total path length without self-signed certificates is {0}. +-CertPathReviewer.totalPathLength.details = The total path length without self-signed certificates, as defined in RFC 3280, is {0}. +- +- +-## critical extensions errors +- +-# one unknown critical extension +-# {0} extension as String +-CertPathReviewer.unknownCriticalExt.title = Unknown critical extension +-CertPathReviewer.unknownCriticalExt.text = The certificate contains the unknown critical extension {0}. +-CertPathReviewer.unknownCriticalExt.summary = Unknown critical extension: {0}. +-CertPathReviewer.unknownCriticalExt.details = The certificate contains the unknown critical extension with the OID {0}. +- +-# more unknown critical extensions +-# {0} extensions as Set of Strings +-CertPathReviewer.unknownCriticalExts.title = Unknown critical extensions +-CertPathReviewer.unknownCriticalExts.text = The certificate contains two or more unknown critical extensions: {0}. +-CertPathReviewer.unknownCriticalExts.summary = Unknown critical extensions: {0}. +-CertPathReviewer.unknownCriticalExts.details = The certificate contains two or more unknown critical extensions with the OIDs: {0}. +- +-# error processing critical extension +-# {0} the message of the underlying exception +-# {1} the underlying exception +-CertPathReviewer.criticalExtensionError.title = Error processing a critical extension +-CertPathReviewer.criticalExtensionError.text = Error processing a critical extension. Cause: {0}. +-CertPathReviewer.criticalExtensionError.summary = Error processing a critical extension. Cause: {0}. +-CertPathReviewer.criticalExtensionError.details = Error processing a critical extension. Cause: {0}. +- +-# error initializing the certpath checkers +-# {0} the message of the underlying exception +-# {1} the underlying exception +-CertPathReviewer.certPathCheckerError.title = Checking critical extensions failed +-CertPathReviewer.certPathCheckerError.text = Checking critical extensions failed: there was an error initializing a CertPathChecker. +-CertPathReviewer.certPathCheckerError.summary = Checking critical extensions failed: error initializing a CertPathChecker +-CertPathReviewer.certPathCheckerError.details = Checking critical extensions failed: there was an error initializing a CertPathChecker. Cause: {0} +- +- +-## check signature errors +- +-# trustanchor found, but certificate validation failed +-CertPathReviewer.trustButInvalidCert.title = TrustAnchor found, but certificate invalid +-CertPathReviewer.trustButInvalidCert.text = A TrustAnchor was found but the certificate validation failed. +-CertPathReviewer.trustButInvalidCert.summary = TrustAnchor found but certificate validation failed. +-CertPathReviewer.trustButInvalidCert.details = A TrustAnchor was found but the certificate validation failed. +- +-# trustanchor - cannot extract issuer +-CertPathReviewer.trustAnchorIssuerError.title = Finding TrustAnchor failed +-CertPathReviewer.trustAnchorIssuerError.text = Finding TrustAnchor failed: cannot extract issuer from certificate. +-CertPathReviewer.trustAnchorIssuerError.summary = Finding TrustAnchor failed: cannot extract issuer from certificate. +-CertPathReviewer.trustAnchorIssuerError.details = Finding TrustAnchor failed: cannot extract issuer from certificate. +- +-# no trustanchor was found for the certificate path +-# {0} issuer of the root certificate of the path +-# {1} number of trusted root certificates (trustanchors) provided +-CertPathReviewer.noTrustAnchorFound.title = No trusted root certificate found +-CertPathReviewer.noTrustAnchorFound.text = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "{0}". +-CertPathReviewer.noTrustAnchorFound.summary = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. +-CertPathReviewer.noTrustAnchorFound.details = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "{0}". The trusted-root-certificate store contains {1} CA(s). +- +-# conflicting trust anchors +-# {0} number of trustanchors found (Integer) +-# {1} the ca name +-CertPathReviewer.conflictingTrustAnchors.title = Corrupt trust root store +-CertPathReviewer.conflictingTrustAnchors.text = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key. +-CertPathReviewer.conflictingTrustAnchors.summary = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key. +-CertPathReviewer.conflictingTrustAnchors.details = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key. +- +-# trustanchor DN is invalid +-# {0} DN of the Trustanchor +-CertPathReviewer.trustDNInvalid.title = DN of TrustAnchor is improperly specified +-CertPathReviewer.trustDNInvalid.text = The DN of the TrustAnchor is improperly specified: {0}. +-CertPathReviewer.trustDNInvalid.summary = The DN of the TrustAnchor is improperly specified. +-CertPathReviewer.trustDNInvalid.details = The DN of the TrustAnchor is improperly specified: {0}. It's not a valid X.500 name. See RFC 1779 or RFC 2253. +- +-# trustanchor public key algorithm error +-CertPathReviewer.trustPubKeyError.title = Error processing public key of the trust anchor +-CertPathReviewer.trustPubKeyError.text = Error processing public key of the trust anchor. +-CertPathReviewer.trustPubKeyError.summary = Error processing public key of the trust anchor. +-CertPathReviewer.trustPubKeyError.details = Error processing public key of the trust anchor. Could not extract the AlorithmIdentifier for the key. +- +-# can not verifiy signature: issuer public key unknown +-CertPathReviewer.NoIssuerPublicKey.title = Can not verify the certificate signature +-CertPathReviewer.NoIssuerPublicKey.text = Can not verify the certificate signature: Issuer public key is unknown. +-CertPathReviewer.NoIssuerPublicKey.summary = Can not verify the certificate signature: Issuer public key is unknown. +-CertPathReviewer.NoIssuerPublicKey.details = Can not verify the certificate signature: Issuer public key is unknown. +- +-# signature can not be verified +-# {0} message of the underlying exception (english) +-# {1} the underlying exception +-CertPathReviewer.signatureNotVerified.title = Certificate signature invalid +-CertPathReviewer.signatureNotVerified.text = The certificate signature is invalid. +-CertPathReviewer.signatureNotVerified.summary = The certificate signature is invalid. +-CertPathReviewer.signatureNotVerified.details = The certificate signature is invalid. Cause: {0} +- +-# certificate expired +-# {0} the date the certificate expired +-CertPathReviewer.certificateExpired.title = Certificate is expired +-CertPathReviewer.certificateExpired.text = Could not validate the certificate. Certificate expired on {0,date} {0,time,full}. +-CertPathReviewer.certificateExpired.summary = Certificate expired on {0,date} {0,time,full}. +-CertPathReviewer.certificateExpired.details = Could not validate the certificate. Certificate expired on {0,date} {0,time,full}. +- +-# certificate not yet valid +-# {0} the date from which on the certificate is valid +-CertPathReviewer.certificateNotYetValid.title = Certificate is not yet valid +-CertPathReviewer.certificateNotYetValid.text = Could not validate the certificate. Certificate is not valid untill {0,date} {0,time,full}. +-CertPathReviewer.certificateNotYetValid.summary = Certificate is not valid untill {0,date} {0,time,full}. +-CertPathReviewer.certificateNotYetValid.details = Could not validate the certificate. Certificate is not valid untill {0,date} {0,time,full}. +- +-# certificate invalid issuer DN +-# {0} expected issuer DN as String +-# {1} found issuer DN as String +-CertPathReviewer.certWrongIssuer.title = Issuer of certificate not valid +-CertPathReviewer.certWrongIssuer.text = Issuer of certificate is not valid. Expected {0}, but found {1}. +-CertPathReviewer.certWrongIssuer.summary = Issuer of certificate is not valid. +-CertPathReviewer.certWrongIssuer.details = Issuer of certificate is not valid. Expected {0}, but found {1}. +- +-# intermediate certificate is no ca cert +-CertPathReviewer.noCACert.title = Certificate is no CA certificate +-CertPathReviewer.noCACert.text = Intermediate certificate is no CA certificate. +-CertPathReviewer.noCACert.summary = The certificate is no CA certificate. +-CertPathReviewer.noCACert.details = The certificate is no CA certificate but used as one. +- +-# cert laks basic constraints +-CertPathReviewer.noBasicConstraints.title = Certificate has no basic constraints +-CertPathReviewer.noBasicConstraints.text = Intermediate certificate has no basic constraints. +-CertPathReviewer.noBasicConstraints.summary = Intermediate certificate has no basic constraints. +-CertPathReviewer.noBasicConstraints.details = Intermediate certificate has no basic constraints. +- +-# error processing basic constraints +-CertPathReviewer.errorProcesingBC.title = Error processing the basic constraints extension +-CertPathReviewer.errorProcesingBC.text = There was an error while processing the basic constraints extension of this certificate. +-CertPathReviewer.errorProcesingBC.summary = Error processing the basic constraints extension. +-CertPathReviewer.errorProcesingBC.details = There was an error while processing the basic constraints extension of this certificate. +- +-# certificate not usable for signing certs +-CertPathReviewer.noCertSign.title = Key not usable for signing certificates +-CertPathReviewer.noCertSign.text = The key usage constraint does not allow the use of this certificate key for signing certificates. +-CertPathReviewer.noCertSign.summary = The certificate key can not be used for signing certificates. +-CertPathReviewer.noCertSign.details = The key usage constraint does not allow the use of this certificate key for signing certificates. +- +-# error processing public key +-CertPathReviewer.pubKeyError.title = Error processing public key +-CertPathReviewer.pubKeyError.text = Error processing public key of the certificate. +-CertPathReviewer.pubKeyError.summary = Error processing public key of the certificate. +-CertPathReviewer.pubKeyError.details = Error processing public key of the certificate. Could not extract the AlorithmIdentifier for the key. +- +- +-## check signatures notifications +- +-# certificate path validation date +-# {0} date for which the cert path is validated +-# {1} current date +-CertPathReviewer.certPathValidDate.title = Certificate path validation date +-CertPathReviewer.certPathValidDate.text = Der Zertifikatspfad wurde am {0,date} {0,time,full} angewendet. Er wurde am {1,date} {1,time,full} validiert. +-CertPathReviewer.certPathValidDate.summary = The certificate path was validated for {0,date} {0,time,full}. It was validated at {1,date} {1,time,full}. +-CertPathReviewer.certPathValidDate.details = The certificate path was validated for {0,date} {0,time,full}. It was validated at {1,date} {1,time,full}. +- +- +-## check policy errors +- +-# error processing certificate policy extension +-CertPathReviewer.policyExtError.title = Policy checking failed +-CertPathReviewer.policyExtError.text = Policy checking failed: there was an error processing the certificate policy extension. +-CertPathReviewer.policyExtError.summary = Error processing the certificate policy extension. +-CertPathReviewer.policyExtError.details = Policy checking failed: there was an error processing the certificate policy extension. +- +-# error processing policy constraints extension +-CertPathReviewer.policyConstExtError.title = Policy checking failed +-CertPathReviewer.policyConstExtError.text = Policy checking failed: there was an error processing the policy constraints extension. +-CertPathReviewer.policyConstExtError.summary = Error processing the policy constraints extension. +-CertPathReviewer.policyConstExtError.details = Policy checking failed: there was an error processing the policy constraints extension. +- +-# error processing policy mapping extension +-CertPathReviewer.policyMapExtError.title = Policy checking failed +-CertPathReviewer.policyMapExtError.text = Policy checking failed: there was an error processing the policy mapping extension. +-CertPathReviewer.policyMapExtError.summary = Error processing the policy mapping extension. +-CertPathReviewer.policyMapExtError.details = Policy checking failed: there was an error processing the policy mapping extension. +- +-# error processing inhibit any policy extension +-CertPathReviewer.policyInhibitExtError.title = Policy checking failed +-CertPathReviewer.policyInhibitExtError.text = Policy checking failed: there was an error processing the policy mapping extension. +-CertPathReviewer.policyInhibitExtError.summary = Error processing the inhibit any policy extension. +-CertPathReviewer.policyInhibitExtError.details = Policy checking failed: there was an error processing the policy mapping extension. +- +-# error building qualifier set +-CertPathReviewer.policyQualifierError.title = Policy checking failed +-CertPathReviewer.policyQualifierError.text = Policy checking failed: error building the policy qualifier set. +-CertPathReviewer.policyQualifierError.summary = Policy checking failed: error building the policy qualifier set. +-CertPathReviewer.policyQualifierError.details = Policy checking failed: error building the policy qualifier set. +- +-# no valid policy tree - explicit policy required +-CertPathReviewer.noValidPolicyTree.title = Policy checking failed +-CertPathReviewer.noValidPolicyTree.text = Policy checking failed: no valid policy tree found when one expected. +-CertPathReviewer.noValidPolicyTree.summary = Policy checking failed: no valid policy tree found when one expected. +-CertPathReviewer.noValidPolicyTree.details = Policy checking failed: no valid policy tree found when one expected. +- +-# expicit policy requested, but no policy available +-CertPathReviewer.explicitPolicy.title = Policy checking failed +-CertPathReviewer.explicitPolicy.text = Policy checking failed: explicit policy requested but no policy available. +-CertPathReviewer.explicitPolicy.summary = Policy checking failed: explicit policy requested but no policy available. +-CertPathReviewer.explicitPolicy.details = Policy checking failed: explicit policy requested but no policy available. +- +-# path processing failed on policy +-CertPathReviewer.invalidPolicy.title = Path processing failed on policy +-CertPathReviewer.invalidPolicy.text = Path processing failed on policy. +-CertPathReviewer.invalidPolicy.summary = Path processing failed on policy. +-CertPathReviewer.invalidPolicy.details = Path processing failed on policy. +- +-# invalid policy mapping +-CertPathReviewer.invalidPolicyMapping.title = Invalid policy mapping +-CertPathReviewer.invalidPolicyMapping.text = Certificate contains an invalid policy mapping. +-CertPathReviewer.invalidPolicyMapping.summary = Certificate contains an invalid policy mapping. +-CertPathReviewer.invalidPolicyMapping.details = Certificate contains a policy mapping including the value any policy which is invalid. +- +-## check CRL notifications +- +-# found local valid CRL +-# {0} thisUpdate of the CRL +-# {1} nextUpdate of the CRL +-CertPathReviewer.localValidCRL.title = Found valid local CRL +-CertPathReviewer.localValidCRL.text = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}. +-CertPathReviewer.localValidCRL.summary = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}. +-CertPathReviewer.localValidCRL.details = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}. +- +- +-# found matching CRL, but not valid +-# {0} thisUpdate of the CRL +-# {1} nextUpdate of the CRL +-CertPathReviewer.localInvalidCRL.title = Local CRL outdated +-CertPathReviewer.localInvalidCRL.text = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}. +-CertPathReviewer.localInvalidCRL.summary = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}. +-CertPathReviewer.localInvalidCRL.details = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}. +- +-# found a valid crl at crl distribution point +-# {0} thisUpdate of the CRL +-# {1} nextUpdate of the CRL +-# {2} the url of the distribution point +-CertPathReviewer.onlineValidCRL.title = Found valid CRL at CRL distribution point +-CertPathReviewer.onlineValidCRL.text = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}. +-CertPathReviewer.onlineValidCRL.summary = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}. +-CertPathReviewer.onlineValidCRL.details = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}. +- +-# found an invalid CRL at crl distribution point +-# {0} thisUpdate of the CRL +-# {1} nextUpdate of the CRL +-# {2} the url of the distribution point +-CertPathReviewer.onlineInvalidCRL.title = Outdated CRL at CRL distribution point +-CertPathReviewer.onlineInvalidCRL.text = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}. +-CertPathReviewer.onlineInvalidCRL.summary = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}. +-CertPathReviewer.onlineInvalidCRL.details = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}. +- +-# Certificate not revoked +-CertPathReviewer.notRevoked.title = Certificate not revoked +-CertPathReviewer.notRevoked.text = The certificate was not revoked. +-CertPathReviewer.notRevoked.summary = The certificate was not revoked. +-CertPathReviewer.notRevoked.details = The certificate was not revoked. +- +-# CRL found: certificate was revoked, but after the validationDate +-# {0} the date the certificate was revoked +-# {1} the reason for revoking the certificate +-CertPathReviewer.revokedAfterValidation.title = Certificate was revoked after the validation date +-CertPathReviewer.revokedAfterValidation.text = The certificate was revoked after the validation date at {0,date} {0,time,full}. Reason: {1}. +-CertPathReviewer.revokedAfterValidation.summary = The certificate was revoked after the validation date at {0,date} {0,time,full}. +-CertPathReviewer.revokedAfterValidation.details = The certificate was revoked after the validation date at {0,date} {0,time,full}. Reason: {1}. +- +-# updated crl available +-# {0} date since when the update is available +-CertPathReviewer.crlUpdateAvailable.title = CRL update available +-CertPathReviewer.crlUpdateAvailable.text = An update for the CRL of this certificate is available since {0,date} {0,time,full}. +-CertPathReviewer.crlUpdateAvailable.summary = An update for the CRL of this certificate is available since {0,date} {0,time,full}. +-CertPathReviewer.crlUpdateAvailable.details = An update for the CRL of this certificate is available since {0,date} {0,time,full}. +- +-# crl distribution point url +-# {0} the crl distribution point url as String +-CertPathReviewer.crlDistPoint.title = CRL distribution point +-CertPathReviewer.crlDistPoint.text = A CRL can be obtained from: {0}. +-CertPathReviewer.crlDistPoint.summary = A CRL can be obtained from: {0}. +-CertPathReviewer.crlDistPoint.details = A CRL can be obtained from: {0}. +- +-# ocsp location +-# {0} the url on which the ocsp service can be found +-CertPathReviewer.ocspLocation.title = OCSP responder location +-CertPathReviewer.ocspLocation.text = OCSP responder location: {0}. +-CertPathReviewer.ocspLocation.summary = OCSP responder location: {0}. +-CertPathReviewer.ocspLocation.details = OCSP responder location: {0}. +- +-# unable to get crl from crl distribution point +-# {0} the url of the distribution point +-# {1} the message of the occured exception +-# {2} the occured exception +-CertPathReviewer.loadCrlDistPointError.title = Cannot load CRL from CRL distribution point +-CertPathReviewer.loadCrlDistPointError.text = Unable to load a CRL from: {0}. An Exception occured. +-CertPathReviewer.loadCrlDistPointError.summary = Unable to load a CRL from: {0}. An Exception occured. +-CertPathReviewer.loadCrlDistPointError.details = Unable to load a CRL from: {0}. An Exception occured: Cause: {1}. +- +-# no crl found in certstores +-# {0} the issuers which we searched for +-# {1} list of crl issuer names that are found in the certstores +-# {2} number of crls in the certstores +-CertPathReviewer.noCrlInCertstore.title = No matching CRL found in local certstores +-CertPathReviewer.noCrlInCertstore.text = No matching CRL was found in the provided local certstore. +-CertPathReviewer.noCrlInCertstore.summary = No matching CRL was found in the provided local certstore. +-CertPathReviewer.noCrlInCertstore.details = No matching CRL was found in the provided local certstore. \ +-No CRL was found for the selector "{0}". The {2} CRL(s) in the certstores are from "{1}". +- +- +-## check CRL exceptions +- +-# cannot extract issuer from certificate +-CertPathReviewer.crlIssuerException.title = CRL checking failed +-CertPathReviewer.crlIssuerException.text = CRL checking failed: cannot extract issuer from certificate. +-CertPathReviewer.crlIssuerException.summary = CRL checking failed: cannot extract issuer from certificate. +-CertPathReviewer.crlIssuerException.details = CRL checking failed: cannot extract issuer from certificate. +- +-# cannot extract crls +-# {0} message from the underlying exception +-# {1} the underlying exception +-CertPathReviewer.crlExtractionError.title = CRL checking failed +-CertPathReviewer.crlExtractionError.text = CRL checking failed: Cannot extract CRL from CertStore. +-CertPathReviewer.crlExtractionError.summary = CRL checking failed: Cannot extract CRL from CertStore. +-CertPathReviewer.crlExtractionError.details = CRL checking failed: Cannot extract CRL from CertStore. Cause: {0}. +- +-# Issuer certificate key usage extension does not permit crl signing +-CertPathReviewer.noCrlSigningPermited.title = CRL checking failed +-CertPathReviewer.noCrlSigningPermited.text = CRL checking failed: issuer certificate does not permit CRL signing. +-CertPathReviewer.noCrlSigningPermited.summary = CRL checking failed: issuer certificate does not permit CRL signing. +-CertPathReviewer.noCrlSigningPermited.details = CRL checking failed: issuer certificate does not permit CRL signing. +- +-# can not verify crl: issuer public key unknown +-CertPathReviewer.crlNoIssuerPublicKey.title = CRL checking failed +-CertPathReviewer.crlNoIssuerPublicKey.text = CRL checking failed: Can not verify the CRL: Issuer public key is unknown. +-CertPathReviewer.crlNoIssuerPublicKey.summary = CRL checking failed: Can not verify the CRL: Issuer public key is unknown. +-CertPathReviewer.crlNoIssuerPublicKey.details = CRL checking failed: Can not verify the CRL: Issuer public key is unknown. +- +-# crl verification failed +-CertPathReviewer.crlVerifyFailed.title = CRL checking failed +-CertPathReviewer.crlVerifyFailed.text = CRL checking failed: CRL signature is invalid. +-CertPathReviewer.crlVerifyFailed.summary = CRL checking failed: CRL signature is invalid. +-CertPathReviewer.crlVerifyFailed.details = CRL checking failed: CRL signature is invalid. +- +-# no valid CRL found +-CertPathReviewer.noValidCrlFound.title = CRL checking failed +-CertPathReviewer.noValidCrlFound.text = CRL checking failed: no valid CRL found. +-CertPathReviewer.noValidCrlFound.summary = CRL checking failed: no valid CRL found. +-CertPathReviewer.noValidCrlFound.details = CRL checking failed: no valid CRL found. +- +-# No base CRL for delta CRL +-CertPathReviewer.noBaseCRL.title = CRL checking failed +-CertPathReviewer.noBaseCRL.text = CRL checking failed: no base CRL found for delta CRL. +-CertPathReviewer.noBaseCRL.summary = CRL checking failed: no base CRL found for delta CRL. +-CertPathReviewer.noBaseCRL.details = CRL checking failed: no base CRL found for delta CRL. +- +-# certificate revoked +-# {0} the date the certificate was revoked +-# {1} the reason for revoking the certificate +-CertPathReviewer.certRevoked.title = Certificate was revoked +-CertPathReviewer.certRevoked.text = The certificate is invalid, because it was revoked at {0,date} {0,time,full}. Reason: {1}. +-CertPathReviewer.certRevoked.summary = The certificate is invalid, because it was revoked at {0,date} {0,time,full}. +-CertPathReviewer.certRevoked.details = The certificate is invalid, because it was revoked at {0,date} {0,time,full}. Reason: {1}. +- +-# error processing issuing distribution point extension +-CertPathReviewer.distrPtExtError.title = CRL checking failed +-CertPathReviewer.distrPtExtError.text = CRL checking failed: there was an error processing the issuing distribution point extension. +-CertPathReviewer.distrPtExtError.summary = Error processing the issuing distribution point extension. +-CertPathReviewer.distrPtExtError.details = CRL checking failed: there was an error processing the issuing distribution point extension. +- +-# error processing crl distribution points extension +-CertPathReviewer.crlDistPtExtError.title = CRL checking failed +-CertPathReviewer.crlDistPtExtError.text = CRL checking failed: there was an error processing the crl distribution points extension. +-CertPathReviewer.crlDistPtExtError.summary = Error processing the crl distribution points extension. +-CertPathReviewer.crlDistPtExtError.details = CRL checking failed: there was an error processing the crl distribution points extension. +- +-# error processing the authority info access extension +-CertPathReviewer.crlAuthInfoAccError.title = CRL checking failed +-CertPathReviewer.crlAuthInfoAccError.text = CRL checking failed: there was an error processing the authority info access extension. +-CertPathReviewer.crlAuthInfoAccError.summary = Error processing the authority info access extension. +-CertPathReviewer.crlAuthInfoAccError.details = CRL checking failed: there was an error processing the authority info access extension. +- +-# error processing delta crl indicator extension +-CertPathReviewer.deltaCrlExtError.title = CRL checking failed +-CertPathReviewer.deltaCrlExtError.text = CRL checking failed: there was an error processing the delta CRL indicator extension. +-CertPathReviewer.deltaCrlExtError.summary = Error processing the delta CRL indicator extension. +-CertPathReviewer.deltaCrlExtError.details = CRL checking failed: there was an error processing the delta CRL indicator extension. +- +-# error porcessing crl number extension +-CertPathReviewer.crlNbrExtError.title = CRL checking failed +-CertPathReviewer.crlNbrExtError.text = CRL checking failed: there was an error processing the CRL number extension. +-CertPathReviewer.crlNbrExtError.summary = Error processing the CRL number extension. +-CertPathReviewer.crlNbrExtError.details = CRL checking failed: there was an error processing the CRL number extension. +- +-# error processing crl reason code extension +-CertPathReviewer.crlReasonExtError.title = CRL checking failed +-CertPathReviewer.crlReasonExtError.text = CRL checking failed: there was an error processing the CRL reason code extension. +-CertPathReviewer.crlReasonExtError.summary = Error processing the CRL reason code extension. +-CertPathReviewer.crlReasonExtError.details = CRL checking failed: there was an error processing the CRL reason code extension. +- +-# error processing basic constraints extension +-CertPathReviewer.crlBCExtError.title = CRL checking failed +-CertPathReviewer.crlBCExtError.text = CRL checking failed: there was an error processing the basic constraints extension. +-CertPathReviewer.crlBCExtError.summary = Error processing the basic constraints extension. +-CertPathReviewer.crlBCExtError.details = CRL checking failed: there was an error processing the basic constraints extension. +- +-# CA Cert CRL only contains user certificates +-CertPathReviewer.crlOnlyUserCert.title = CRL checking failed +-CertPathReviewer.crlOnlyUserCert.text = CRL checking failed: CRL only contains user certificates. +-CertPathReviewer.crlOnlyUserCert.summary = CRL checking failed: CRL only contains user certificates. +-CertPathReviewer.crlOnlyUserCert.details = CRL checking failed: CRL for CA certificate only contains user certificates. +- +-# End CRL only contains CA certificates +-CertPathReviewer.crlOnlyCaCert.title = CRL checking failed +-CertPathReviewer.crlOnlyCaCert.text = CRL checking failed: CRL only contains CA certificates. +-CertPathReviewer.crlOnlyCaCert.summary = CRL checking failed: CRL only contains CA certificates. +-CertPathReviewer.crlOnlyCaCert.details = CRL checking failed: CRL for end certificate only contains CA certificates. +- +-# onlyContainsAttributeCerts boolean is asserted +-CertPathReviewer.crlOnlyAttrCert.title = CRL checking failed +-CertPathReviewer.crlOnlyAttrCert.text = CRL checking failed: CRL only contains attribute certificates. +-CertPathReviewer.crlOnlyAttrCert.summary = CRL checking failed: CRL only contains attribute certificates. +-CertPathReviewer.crlOnlyAttrCert.details = CRL checking failed: CRL only contains attribute certificates. +- +- +-## QcStatement notifications +- +-# unkown statement +-# {0} statement OID +-# {1} statement as ANS1Sequence +-CertPathReviewer.QcUnknownStatement.title = Unknown statement in QcStatement extension +-CertPathReviewer.QcUnknownStatement.text = Unknown statement in QcStatement extension: OID = {0} +-CertPathReviewer.QcUnknownStatement.summary = Unknown statement in QcStatement extension: OID = {0} +-CertPathReviewer.QcUnknownStatement.details = Unknown statement in QcStatement extension: OID = {0}, statement = {1} +- +-# QcLimitValue Alpha currency code +-# {0} currency code +-# {1} limit value +-# {2} monetary value as MonetaryValue +-CertPathReviewer.QcLimitValueAlpha.title = Transaction Value Limit +-CertPathReviewer.QcLimitValueAlpha.text = This certificate has a limit for the transaction value: {1,number,currency} {0}. +-CertPathReviewer.QcLimitValueAlpha.summary = Transaction value limit: {1,number,currency} {0}. +-CertPathReviewer.QcLimitValueAlpha.details = This certificate has a limitation on the value of transaction for which this certificate can be used to the specified amount, according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. The limit for this certificate is {1,number,currency} {0}. +- +-# QcLimitValue Numeric currency code +-# {0} currency code +-# {1} limit value +-# {2} monetary value as MonetaryValue +-CertPathReviewer.QcLimitValueNum.title = Transaction Value Limit +-CertPathReviewer.QcLimitValueNum.text = This certificate has a limit for the transaction value: {1,number,currency} of currency {0} (See RFC 4217 for currency codes). +-CertPathReviewer.QcLimitValueNum.summary = Transaction value limit: {1,number,currency} of currency {0} (See RFC 4217 for currency codes). +-CertPathReviewer.QcLimitValueNum.details = This certificate has a limitation on the value of transaction for which this certificate can be used to the specified amount, according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. The limit for this certificate is {1,number,currency} of currency {0} (See RFC 4217 for currency codes). +- +-# QcSSCD +-CertPathReviewer.QcSSCD.title = QcSSCD Statement +-CertPathReviewer.QcSSCD.text = The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. +-CertPathReviewer.QcSSCD.summary = The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. +-CertPathReviewer.QcSSCD.details = The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. +- +-# QcEuCompliance +-CertPathReviewer.QcEuCompliance.title = Qualified Certificate +-CertPathReviewer.QcEuCompliance.text = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. +-CertPathReviewer.QcEuCompliance.summary = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. +-CertPathReviewer.QcEuCompliance.details = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. +- +-## QcStatement errors +- +-# error processing the QcStatement extension +-CertPathReviewer.QcStatementExtError.title = Error processing the qc statements extension +-CertPathReviewer.QcStatementExtError.text = Error processing the qc statements extension. +-CertPathReviewer.QcStatementExtError.summary = Error processing the qc statements extension. +-CertPathReviewer.QcStatementExtError.details = Error processing the qc statements extension. +- +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/x509/PKIXCertPathReviewer.java bcprov-jdk15-134/org/bouncycastle/x509/PKIXCertPathReviewer.java +--- bcprov-jdk15-134.orig/org/bouncycastle/x509/PKIXCertPathReviewer.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/x509/PKIXCertPathReviewer.java 2010-04-30 10:57:26.000000000 -0700 +@@ -662,7 +662,7 @@ + } + + ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.totalPathLength", +- new Object[] {new Integer(totalPathLength)}); ++ new Object[] {Integer.valueOf(totalPathLength)}); + + addNotification(msg); + } +@@ -697,7 +697,7 @@ + // conflicting trust anchors + ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, + "CertPathReviewer.conflictingTrustAnchors", +- new Object[] {new Integer(trustColl.size()), ++ new Object[] {Integer.valueOf(trustColl.size()), + new UntrustedInput(cert.getIssuerX500Principal())}); + addError(msg); + } +@@ -706,7 +706,7 @@ + ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, + "CertPathReviewer.noTrustAnchorFound", + new Object[] {new UntrustedInput(cert.getIssuerX500Principal()), +- new Integer(pkixParams.getTrustAnchors().size())}); ++ Integer.valueOf(pkixParams.getTrustAnchors().size())}); + addError(msg); + } + else +@@ -1883,7 +1883,7 @@ + else + { + msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueNum", +- new Object[] {new Integer(limit.getCurrency().getNumeric()), ++ new Object[] {Integer.valueOf(limit.getCurrency().getNumeric()), + new Double(value), + limit}); + } +@@ -1978,7 +1978,7 @@ + "CertPathReviewer.noCrlInCertstore", + new Object[] {new UntrustedInput(crlselect.getIssuers()), + new UntrustedInput(nonMatchingCrlNames), +- new Integer(numbOfCrls)}); ++ Integer.valueOf(numbOfCrls)}); + addNotification(msg,index); + } + +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15-134/org/bouncycastle/x509/X509Util.java +--- bcprov-jdk15-134.orig/org/bouncycastle/x509/X509Util.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/x509/X509Util.java 2010-05-17 00:01:13.000000000 -0700 +@@ -93,7 +93,9 @@ + } + else + { +- return new AlgorithmIdentifier(sigOid, new DERNull()); ++ // BEGIN android-changed ++ return new AlgorithmIdentifier(sigOid, DERNull.THE_ONE); ++ // END android-changed + } + } + +diff -Nuar bcprov-jdk15-134.orig/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java bcprov-jdk15-134/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java +--- bcprov-jdk15-134.orig/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java 2010-06-02 10:48:32.000000000 -0700 ++++ bcprov-jdk15-134/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java 2010-04-30 10:57:26.000000000 -0700 +@@ -120,7 +120,9 @@ + throw new IllegalArgumentException("Unknown signature type requested"); + } + +- sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull()); ++ // BEGIN android-changed ++ sigAlgId = new AlgorithmIdentifier(this.sigOID, DERNull.THE_ONE); ++ // END android-changed + + acInfoGen.setSignature(sigAlgId); + } |